introduce sysrepo group for sysrepo-related processes
Sysrepo made some changes to file permissions and because of that
rousette began to fail because of insufficient permissions to open
sysrepo shm files.
It started to become tricky to manage all the stuff we decided to go
with what their README says [1], i.e., compile sysrepo with flags that
make sysrepo to create files with a specified group (sysrepo) and with
default umask (0007).
This is done via patches to our buildroot tree.
All sysrepo-related services then must run under sysrepo group so they
have access to sysrepo internal files.
Depends-on: https://gerrit.cesnet.cz/c/CzechLight/dependencies/+/5748
Change-Id: I257b9016bf7ca2af20f5627a2fe1b79b077c0232
diff --git a/package/czechlight-cfg-fs/cfg-restore-sysrepo.service b/package/czechlight-cfg-fs/cfg-restore-sysrepo.service
index cac0f64..d289933 100644
--- a/package/czechlight-cfg-fs/cfg-restore-sysrepo.service
+++ b/package/czechlight-cfg-fs/cfg-restore-sysrepo.service
@@ -10,6 +10,7 @@
RemainAfterExit=yes
ExecStart=/bin/sysrepocfg -d startup -f json --import=/cfg/sysrepo/startup.json
ExecStart=/bin/sysrepocfg -C startup
+Group=sysrepo
StandardOutput=journal+console
[Install]
diff --git a/package/czechlight-cfg-fs/nacm-restore.service b/package/czechlight-cfg-fs/nacm-restore.service
index 96dfb7c..2cb3dec 100644
--- a/package/czechlight-cfg-fs/nacm-restore.service
+++ b/package/czechlight-cfg-fs/nacm-restore.service
@@ -9,6 +9,7 @@
RemainAfterExit=yes
ExecStart=/bin/sysrepocfg -d startup -m ietf-netconf-acm -f json --import=/usr/share/yang-data/nacm.json
ExecStart=/bin/sysrepocfg -C startup
+Group=sysrepo
[Install]
WantedBy=multi-user.target
diff --git a/package/czechlight-cfg-fs/sysrepo-persistent-cfg.service b/package/czechlight-cfg-fs/sysrepo-persistent-cfg.service
index 8f2642c..007bd7b 100644
--- a/package/czechlight-cfg-fs/sysrepo-persistent-cfg.service
+++ b/package/czechlight-cfg-fs/sysrepo-persistent-cfg.service
@@ -7,3 +7,4 @@
Type=simple
UMask=0077
ExecStart=/bin/sh -c 'while true; do inotifywait -e CLOSE_WRITE /etc/sysrepo/data/*.startup && mkdir -p /cfg/sysrepo/ && sysrepocfg -d startup -f json -X > /cfg/sysrepo/startup.json; done'
+Group=sysrepo