From 792a4f695c307e70b52eeb4160b4498182ffc7d6 Mon Sep 17 00:00:00 2001 From: shenlan Date: Tue, 19 Aug 2025 17:55:57 +0800 Subject: [PATCH] feat: ensure artifact root permissions --- playbooks/deploy_openresty_vhosts.yml | 1 + playbooks/roles/vhosts/OpenResty/tasks/main.yml | 9 +++++++++ playbooks/roles/vhosts/OpenResty/templates/nginx.conf.j2 | 1 + 3 files changed, 11 insertions(+) diff --git a/playbooks/deploy_openresty_vhosts.yml b/playbooks/deploy_openresty_vhosts.yml index 56316ff..7d3d6dd 100644 --- a/playbooks/deploy_openresty_vhosts.yml +++ b/playbooks/deploy_openresty_vhosts.yml @@ -16,6 +16,7 @@ - cn-artifact.svc.plus ssl_certificate: /etc/ssl/svc.plus.pem ssl_certificate_key: /etc/ssl/svc.plus.rsa.key + root: /data/update-server type: artifact roles: - roles/vhosts/common/ diff --git a/playbooks/roles/vhosts/OpenResty/tasks/main.yml b/playbooks/roles/vhosts/OpenResty/tasks/main.yml index 4129686..f8bffca 100644 --- a/playbooks/roles/vhosts/OpenResty/tasks/main.yml +++ b/playbooks/roles/vhosts/OpenResty/tasks/main.yml @@ -47,6 +47,15 @@ loop: "{{ vhosts | default([]) }}" notify: Restart OpenResty +- name: Ensure artifact root directories exist + file: + path: "{{ item.root }}" + state: directory + owner: www-data + group: www-data + mode: "0755" + loop: "{{ vhosts | default([]) | selectattr('type', 'equalto', 'artifact') | selectattr('root', 'defined') | list }}" + - name: Enable and start OpenResty systemd: name: openresty diff --git a/playbooks/roles/vhosts/OpenResty/templates/nginx.conf.j2 b/playbooks/roles/vhosts/OpenResty/templates/nginx.conf.j2 index bce5dcc..bb93d4e 100644 --- a/playbooks/roles/vhosts/OpenResty/templates/nginx.conf.j2 +++ b/playbooks/roles/vhosts/OpenResty/templates/nginx.conf.j2 @@ -1,4 +1,5 @@ worker_processes auto; +user www-data; events { worker_connections 1024;