From patchwork Sat Nov 28 12:11:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christopher Baines X-Patchwork-Id: 25407 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id EA62227BBF9; Sat, 28 Nov 2020 12:12:15 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,UNPARSEABLE_RELAY autolearn=unavailable autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 8960427BBF8 for ; Sat, 28 Nov 2020 12:12:15 +0000 (GMT) Received: from localhost ([::1]:56048 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kiz5K-0000PU-NW for patchwork@mira.cbaines.net; Sat, 28 Nov 2020 07:12:14 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:49284) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kiz59-0000D7-A4 for guix-patches@gnu.org; Sat, 28 Nov 2020 07:12:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:35510) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kiz59-0002uK-2p for guix-patches@gnu.org; Sat, 28 Nov 2020 07:12:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kiz58-0001C5-T8 for guix-patches@gnu.org; Sat, 28 Nov 2020 07:12:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#44922] [PATCH 2/6] monitoring: Add user and group for the Prometheus node exporter. Resent-From: Christopher Baines Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 28 Nov 2020 12:12:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 44922 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 44922@debbugs.gnu.org Received: via spool by 44922-submit@debbugs.gnu.org id=B44922.16065655204547 (code B ref 44922); Sat, 28 Nov 2020 12:12:02 +0000 Received: (at 44922) by debbugs.gnu.org; 28 Nov 2020 12:12:00 +0000 Received: from localhost ([127.0.0.1]:47047 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kiz56-0001BG-KK for submit@debbugs.gnu.org; Sat, 28 Nov 2020 07:12:00 -0500 Received: from mira.cbaines.net ([212.71.252.8]:41126) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kiz51-0001AU-RU for 44922@debbugs.gnu.org; Sat, 28 Nov 2020 07:11:56 -0500 Received: from localhost (188.28.112.52.threembb.co.uk [188.28.112.52]) by mira.cbaines.net (Postfix) with ESMTPSA id 078AA27BBF9 for <44922@debbugs.gnu.org>; Sat, 28 Nov 2020 12:11:54 +0000 (GMT) Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id e7d35e11 for <44922@debbugs.gnu.org>; Sat, 28 Nov 2020 12:11:49 +0000 (UTC) From: Christopher Baines Date: Sat, 28 Nov 2020 12:11:45 +0000 Message-Id: <20201128121149.18639-2-mail@cbaines.net> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201128121149.18639-1-mail@cbaines.net> References: <87zh31u1q0.fsf@cbaines.net> <20201128121149.18639-1-mail@cbaines.net> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches So it doesn't run as root, and because this will help with the textfile exporter. * gnu/services/monitoring.scm (%prometheus-node-exporter-accounts): New variable. (prometheus-node-exporter-shepherd-service): Use the relevant user and group. (prometheus-node-exporter-service-type): Extend the account service type. --- gnu/services/monitoring.scm | 39 ++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index 92df52b5ae..d0934e7f27 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -128,18 +128,33 @@ HTTP.") (web-listen-address prometheus-node-exporter-web-listen-address (default ":9100"))) +(define %prometheus-node-exporter-accounts + (list (user-account + (name "prometheus-node-exporter") + (group "prometheus-node-exporter") + (system? #t) + (comment "Prometheus node exporter daemon user") + (home-directory "/var/empty") + (shell (file-append shadow "/sbin/nologin"))) + (user-group + (name "prometheus-node-exporter") + (system? #t)))) + (define prometheus-node-exporter-shepherd-service (match-lambda (( $ package web-listen-address) - (shepherd-service - (documentation "Prometheus node exporter.") - (provision '(prometheus-node-exporter)) - (requirement '(networking)) - (start #~(make-forkexec-constructor - (list #$(file-append package "/bin/node_exporter") - "--web.listen-address" #$web-listen-address))) - (stop #~(make-kill-destructor)))))) + (list + (shepherd-service + (documentation "Prometheus node exporter.") + (provision '(prometheus-node-exporter)) + (requirement '(networking)) + (start #~(make-forkexec-constructor + (list #$(file-append package "/bin/node_exporter") + "--web.listen-address" #$web-listen-address) + #:user "prometheus-node-exporter" + #:group "prometheus-node-exporter")) + (stop #~(make-kill-destructor))))))) (define prometheus-node-exporter-service-type (service-type @@ -148,9 +163,11 @@ HTTP.") "Run @command{node_exporter} to serve hardware and OS metrics to Prometheus.") (extensions - (list (service-extension - shepherd-root-service-type - (compose list prometheus-node-exporter-shepherd-service)))) + (list + (service-extension account-service-type + (const %prometheus-node-exporter-accounts)) + (service-extension shepherd-root-service-type + prometheus-node-exporter-shepherd-service))) (default-value (prometheus-node-exporter-configuration))))