MAAS

Merge ~troyanov/maas:fix-agent-httpproxy-sock-permissions into maas:master

  1. Git
  2. lp:~troyanov/maas
  3. fix-agent-httpproxy-sock-permissions
  4. Merge into master
Proposed by Anton Troyanov
Status: Merged
Approved by: Anton Troyanov
Approved revision: 45cae26b11adab7954cab9c747cc8a1184a030a9
Merge reported by: MAAS Lander
Merged at revision: not available
Proposed branch: ~troyanov/maas:fix-agent-httpproxy-sock-permissions
Merge into: maas:master
Diff against target: 28 lines (+7/-0)
2 files modified
debian/extras/nginx.conf (+2/-0)
src/maasagent/internal/httpproxy/service.go (+5/-0)
Reviewer Review Type Date Requested Status
MAAS Lander Approve
Adam Collard (community) Approve
Review via email: mp+461134@code.launchpad.net

Commit message

fix: set 660 permissions on httpproxy.sock

NGINX workers are running as nobody:maas

To post a comment you must log in.
Revision history for this message
Adam Collard (adam-collard) :
review: Approve
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b fix-agent-httpproxy-sock-permissions lp:~troyanov/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: FAILED
LOG: http://maas-ci.internal:8080/job/maas-tester/4721/console
COMMIT: 13b083be39cc6aa005ad1b56597e7f8e64acf37c

review: Needs Fixing
Revision history for this message
MAAS Lander (maas-lander) wrote :

UNIT TESTS
-b fix-agent-httpproxy-sock-permissions lp:~troyanov/maas/+git/maas into -b master lp:~maas-committers/maas

STATUS: SUCCESS
COMMIT: c9015fa2f869517798c3d3975e0a45c71b7fa2c1

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/extras/nginx.conf b/debian/extras/nginx.conf
index 8c5787d..ab279e2 100644
--- a/debian/extras/nginx.conf
+++ b/debian/extras/nginx.conf
@@ -1,6 +1,8 @@
1pid /run/maas-http.pid;1pid /run/maas-http.pid;
2worker_processes auto;2worker_processes auto;
33
4user nobody maas;
5
4error_log /var/log/maas/http/error.log;6error_log /var/log/maas/http/error.log;
57
6events {8events {
diff --git a/src/maasagent/internal/httpproxy/service.go b/src/maasagent/internal/httpproxy/service.go
index c9bb1eb..94e4172 100644
--- a/src/maasagent/internal/httpproxy/service.go
+++ b/src/maasagent/internal/httpproxy/service.go
@@ -127,6 +127,11 @@ func (s *HTTPProxyService) Configure(ctx tworkflow.Context, systemID string) err
127 return err127 return err
128 }128 }
129129
130 //nolint:gosec // we know what we are doing here and we need 0660
131 if err := os.Chmod(s.socketPath, 0660); err != nil {
132 return err
133 }
134
130 // XXX: While httpproxy-service service is consumed through socket via NGINX135 // XXX: While httpproxy-service service is consumed through socket via NGINX
131 // there is nothing bad about not setting the timeout on the listener/server/136 // there is nothing bad about not setting the timeout on the listener/server/
132137

Subscribers

People subscribed via source and target branches