File: privsep.pp

package info (click to toggle)
puppet-module-oslo 25.0.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 976 kB
  • sloc: ruby: 2,304; python: 38; makefile: 10; sh: 10
file content (80 lines) | stat: -rw-r--r-- 2,659 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# == Define: oslo::privsep
#
# Configure oslo_privsep options
#
# This resource configures Oslo privilege separator resources for an OpenStack service.
# It will manage the [privsep_${entrypoint}] section in the given config resource.
#
# === Parameters:
#
# [*entrypoint*]
#  (Required) Privsep entrypoint. (string value)
#  Defaults to $name.
#
# [*config*]
#  (Required) Configuration file to manage. (string value)
#
# [*config_group*]
#  (Optional) Name of the section in which the parameters are set.
#  (string value)
#  Defaults to "privsep_${entrypoint}"
#
# [*user*]
#  (Optional) User that the privsep daemon should run as. (string value)
#  Defaults to $facts['os_service_default'].
#
# [*group*]
#  (Optional) Group that the privsep daemon should run as. (string value)
#  Defaults to $facts['os_service_default'].
#
# [*capabilities*]
#  (Optional) List of Linux capabilities retained by the privsep daemon.
#  (list value)
#  Defaults to $facts['os_service_default'].
#
# [*thread_pool_size*]
#  (Optional) The number of threads available for privsep to concurrently
#  run processes.
#  Defaults to $facts['os_service_default'].
#
# [*helper_command*]
#  (Optional) Command to invoke to start the privsep daemon if not using
#  the "fork" method. If not specified, a default is generated using
#  "sudo privsep-helper" and arguments designed to recreate the current
#  configuration. This command must accept suitable --privsep_context and
#  --privsep_sock_path arguments.
#  Defaults to $facts['os_service_default'].
#
# [*logger_name*]
#  (Optional) Logger name to use for this privsep context.
#  Defaults to $facts['os_service_default'].
#
# == Examples
#
#   oslo::privsep { 'osbrick':
#     config => 'nova_config'
#   }
#
define oslo::privsep (
  $config,
  $entrypoint       = $name,
  $config_group     = "privsep_${entrypoint}",
  $user             = $facts['os_service_default'],
  $group            = $facts['os_service_default'],
  $capabilities     = $facts['os_service_default'],
  $thread_pool_size = $facts['os_service_default'],
  $helper_command   = $facts['os_service_default'],
  $logger_name      = $facts['os_service_default'],
) {

  $privsep_options = {
    "${config_group}/user"             => { value => $user },
    "${config_group}/group"            => { value => $group },
    "${config_group}/capabilities"     => { value => $capabilities },
    "${config_group}/thread_pool_size" => { value => $thread_pool_size },
    "${config_group}/helper_command"   => { value => $helper_command },
    "${config_group}/logger_name"      => { value => $logger_name },
  }

  create_resources($config, $privsep_options)
}