diff --git a/README.md b/README.md index 3765a4f..11ae99a 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,8 @@ Set up (the latest version of) [RStudio Connect](https://www.rstudio.com/product * `rstudio_connect_config`: A map of maps containing RStudio Connect configuration. Gets converted into Golang's configuration file (GCFG) and is writted on down to `rstudio-connect.gcfg`. See [default](./defaults/main.yml) for an example. * `rstudio_connect_config_override` [default: `""`]: If you know what you're doing, you can override whole `rstudio-connect.gcfg` config. * `rstudio_connect_license`: If specified, RStudio Connect will attempt to activate the supplied license key. +* `rstudio_connect_user_id` [default: undefined]: Set user id of `rstudio-connect` user to the provided value after Connect installation. Helps with keeping a consistent UID. +* `rstudio_connect_group_id` [default: undefined]: Set group id of `rstudio-connect` user to the provided value after Connect installation. Helps with keeping a consistent GID. * `rstudio_connect_python_executables` [default: `[]`]: List of paths to Python executables (e.g. `[/opt/python/3.10.6/bin/python3]`). * `python_versions` [default: `[]`]: List of Python versions, which were installed with [ansible-python-install role](https://github.com/Appsilon/ansible-python-install) (e.g. `[3.10.6, 3.7.8]`). Role will append Python executables information to the RStudio Connect configuration (using pattern: `/opt/python/x.x.x/bin/python3`). diff --git a/defaults/main.yml b/defaults/main.yml index e9c5705..d8c5690 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -14,6 +14,9 @@ rstudio_connect_sso_saml_metadata_content_b64_encoded: "" rstudio_encryption_key: "" rstudio_connect_encryption_key_location: "/var/lib/rstudio-connect/db/secret.key" +# rstudio_connect_user_id: 933 +# rstudio_connect_group_id: 933 + rstudio_connect_config: HTTP: Listen: :{{ rstudio_connect_www_port }} diff --git a/tasks/main.yml b/tasks/main.yml index a49d85b..6f55f9f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -37,6 +37,24 @@ tags: - rstudio-connect-configure-environment-file +- name: Get rstudio-connect user info + ansible.builtin.getent: + database: passwd + key: "rstudio-connect" + +- name: Extract UID and GID + ansible.builtin.set_fact: + connect_uid: "{{ getent_passwd['rstudio-connect'][1] }}" + connect_gid: "{{ getent_passwd['rstudio-connect'][2] }}" + +- name: Include user tasks + ansible.builtin.include_tasks: user.yml + when: > + (rstudio_connect_user_id is defined and rstudio_connect_user_id != (connect_uid | int)) + or (rstudio_connect_group_id is defined and rstudio_connect_group_id != (connect_gid | int)) + tags: + - rstudio-connect-configure-user + - name: Include license tasks ansible.builtin.include_tasks: license.yml tags: diff --git a/tasks/user.yml b/tasks/user.yml new file mode 100644 index 0000000..3ca648a --- /dev/null +++ b/tasks/user.yml @@ -0,0 +1,26 @@ +--- +- name: User | Stop rstudio-connect + ansible.builtin.service: + name: rstudio-connect + state: stopped + +- name: User | Change UID + ansible.builtin.user: + name: "{{ rstudio_connect_user }}" + uid: "{{ rstudio_connect_user_id }}" + when: + - rstudio_connect_user_id is defined + - rstudio_connect_user_id > 0 + +- name: User | Change GID + ansible.builtin.group: + name: "{{ rstudio_connect_user }}" + gid: "{{ rstudio_connect_group_id }}" + when: + - rstudio_connect_group_id is defined + - rstudio_connect_group_id > 0 + +- name: User | Start rstudio-connect + ansible.builtin.service: + name: rstudio-connect + state: started diff --git a/tests/tasks/verify-common.yml b/tests/tasks/verify-common.yml index 71dacef..5000091 100644 --- a/tests/tasks/verify-common.yml +++ b/tests/tasks/verify-common.yml @@ -6,3 +6,25 @@ status_code: - 200 - 402 + +- name: Verify (Common) | Get rstudio-connect user info + ansible.builtin.getent: + database: passwd + key: "rstudio-connect" + +- name: Verify (Common) | Extract UID and GID + ansible.builtin.set_fact: + connect_uid: "{{ getent_passwd['rstudio-connect'][1] }}" + connect_gid: "{{ getent_passwd['rstudio-connect'][2] }}" + +- name: Verify (Common) | Check UID + ansible.builtin.assert: + that: + - (connect_uid | int) == 933 + fail_msg: "UID is not valid. UID from passwd {{ connect_uid }}" + +- name: Verify (Common) | Check GID + ansible.builtin.assert: + that: + - (connect_gid | int) == 944 + fail_msg: "GID is not valid. GID from passwd {{ connect_gid }}" diff --git a/vars/main.yml b/vars/main.yml index eb3f8f9..1ed0f8d 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -8,3 +8,4 @@ rstudio_connect_machine_map: i386: i386 x86_64: amd64 amd64: amd64 +rstudio_connect_user: "rstudio-connect"