Set uid and gid for server user/group

ansible-middleware · Mar 21, 2022 · ba1bb06 · ba1bb06
1 parent c702899
commit ba1bb06
Show file tree

Hide file tree

Showing 6 changed files with 49 additions and 0 deletions.
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -4,7 +4,39 @@
   vars:
     tomcat_listen_http_bind_address: 127.0.0.1
     tomcat_listen_http_port: 8080
+    tomcat_user: tomcat
+    tomcat_uid: 53
+    tomcat_group: tomcat
+    tomcat_gid: 53
   tasks:
+    - name: "Check that user account {{ tomcat_user }} was properly created"
+      user:
+        name: "{{ tomcat_user }}"
+        uid: "{{ tomcat_uid }}"
+      register: tomcat_account_check
+
+    - name: "Fail if user account has been changed"
+      assert:
+        that:
+          - tomcat_account_check is defined
+          - not tomcat_account_check.changed
+        quiet: true
+        fail_msg: "User account {{ tomcat_user }} has not been properly configured."
+
+    - name: "Check that group account was properly created"
+      group:
+        name: "{{ tomcat_group }}"
+        gid: "{{ tomcat_gid }}"
+      register: tomcat_group_check
+
+    - name: "Fail if group has been updated"
+      assert:
+        that:
+          - tomcat_group_check is defined
+          - not tomcat_group_check.changed
+        quiet: true
+        fail_msg: "Group {{ tomcat_group }} has not been properly configured."
+
     - name: Populate service facts
       ansible.builtin.service_facts:
 

diff --git a/roles/jws/README.md b/roles/jws/README.md
@@ -22,7 +22,9 @@ Role Defaults
 |`jws_rhn_server_zipfile_url`| Customer Portal URL for installation archive | `https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=90341` |
 |`jws_native_zipfile_url`| Customer Portal URL for installation archive, native variant | `https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=90361` |
 |`tomcat_user`| posix user account for service | `tomcat` |
+|`tomcat_uid`| posix UID user account for service | `tomcat` |
 |`tomcat_group`| posix group for service | `tomcat` |
+|`tomcat_gid`| posix GID user account for service | `tomcat` |
 |`tomcat_home`| Target installation directory | `/opt/jws-5.4/tomcat` |
 |`tomcat_catalina_base`| Tomcat catalina base env variable | `{{ lookup('env','CATALINA_BASE') }}` |
 |`tomcat_conf_properties`| Path for tomcat configuration | `./conf/catalina.properties` |

diff --git a/roles/jws/defaults/main.yml b/roles/jws/defaults/main.yml
@@ -5,7 +5,10 @@ tomcat_rpm: 'jws5'
 jws_rhn_server_zipfile_url: https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=90341
 jws_native_zipfile_url: https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=90361
 tomcat_user: 'tomcat'
+tomcat_uid: 53
 tomcat_group: 'tomcat'
+tomcat_gid: 53
+
 tomcat_home: '/opt/jws-5.4/tomcat'
 tomcat_catalina_base: "{{ lookup('env','CATALINA_BASE') }}"
 tomcat_conf_properties: './conf/catalina.properties'

diff --git a/roles/jws/meta/argument_specs.yml b/roles/jws/meta/argument_specs.yml
@@ -32,11 +32,19 @@ argument_specs:
                 default: "tomcat"
                 description: "posix user account for service"
                 type: "str"
+            tomcat_uid:
+                default: "53"
+                description: "posix user UID for service"
+                type: "int"
             tomcat_group:
                 # line 8 of jws/defaults/main.yml
                 default: "tomcat"
                 description: "posix group for service"
                 type: "str"
+            tomcat_gid:
+                default: "53"
+                description: "posix group GID for service"
+                type: "int"
             tomcat_home:
                 # line 9 of jws/defaults/main.yml
                 default: "/opt/jws-5.4/tomcat"

diff --git a/roles/jws/tasks/main.yml b/roles/jws/tasks/main.yml
@@ -20,10 +20,12 @@
     - name: "Create group: {{ tomcat.group }}"
       group:
         name: "{{ tomcat.group }}"
+        gid: "{{ tomcat.gid }}"
 
     - name: "Create user for tomcat: {{ tomcat.user }}"
       user:
         name: "{{ tomcat.user }}"
+        uid: "{{ tomcat.uid }}"
         groups: "{{ tomcat.group }}"
         comment: "User for Apache Tomcat"
 

diff --git a/roles/jws/vars/main.yml b/roles/jws/vars/main.yml
@@ -10,7 +10,9 @@ tomcat:
     username: "{{ rhn_username | default('') }}"
     password: "{{ rhn_password | default('') }}"
   user: "{{ tomcat_user }}"
+  uid: "{{ tomcat_uid }}"
   group: "{{ tomcat_group }}"
+  gid: "{{ tomcat_gid }}"
   home: "{{ tomcat_home }}"
   base: "{{ tomcat_catalina_base }}"
   conf: