privsep: Add support for the remaining parameters
This change adds support for the following two parameters of the oslo.privsep library, so that all options can be configured by the oslo::privsep defined resource type. - thread_pool_size - logger_name Change-Id: I88eb0a5a1d3fd795a2c29b7be4d6e5722a330c45
This commit is contained in:
parent
c47f5dbc4f
commit
49de918c25
|
@ -15,7 +15,8 @@
|
||||||
# (Required) Configuration file to manage. (string value)
|
# (Required) Configuration file to manage. (string value)
|
||||||
#
|
#
|
||||||
# [*config_group*]
|
# [*config_group*]
|
||||||
# (Optional) Name of the section in which the parameters are set. (string value)
|
# (Optional) Name of the section in which the parameters are set.
|
||||||
|
# (string value)
|
||||||
# Defaults to "privsep_${entrypoint}"
|
# Defaults to "privsep_${entrypoint}"
|
||||||
#
|
#
|
||||||
# [*user*]
|
# [*user*]
|
||||||
|
@ -27,14 +28,25 @@
|
||||||
# Defaults to $::os_service_default.
|
# Defaults to $::os_service_default.
|
||||||
#
|
#
|
||||||
# [*capabilities*]
|
# [*capabilities*]
|
||||||
# (Optional) List of Linux capabilities retained by the privsep daemon. (list value)
|
# (Optional) List of Linux capabilities retained by the privsep daemon.
|
||||||
|
# (list value)
|
||||||
|
# Defaults to $::os_service_default.
|
||||||
|
#
|
||||||
|
# [*thread_pool_size*]
|
||||||
|
# (Optional) The number of threads available for privsep to concurrently
|
||||||
|
# run processes.
|
||||||
# Defaults to $::os_service_default.
|
# Defaults to $::os_service_default.
|
||||||
#
|
#
|
||||||
# [*helper_command*]
|
# [*helper_command*]
|
||||||
# (Optional) Command to invoke to start the privsep daemon if not using the "fork" method.
|
# (Optional) Command to invoke to start the privsep daemon if not using
|
||||||
# If not specified, a default is generated using "sudo privsep-helper" and arguments designed to
|
# the "fork" method. If not specified, a default is generated using
|
||||||
# recreate the current configuration. This command must accept suitable --privsep_context
|
# "sudo privsep-helper" and arguments designed to recreate the current
|
||||||
# and --privsep_sock_path arguments.
|
# configuration. This command must accept suitable --privsep_context and
|
||||||
|
# --privsep_sock_path arguments.
|
||||||
|
# Defaults to $::os_service_default.
|
||||||
|
#
|
||||||
|
# [*logger_name*]
|
||||||
|
# (Optional) Logger name to use for this privsep context.
|
||||||
# Defaults to $::os_service_default.
|
# Defaults to $::os_service_default.
|
||||||
#
|
#
|
||||||
# == Examples
|
# == Examples
|
||||||
|
@ -45,19 +57,23 @@
|
||||||
#
|
#
|
||||||
define oslo::privsep (
|
define oslo::privsep (
|
||||||
$config,
|
$config,
|
||||||
$entrypoint = $name,
|
$entrypoint = $name,
|
||||||
$config_group = "privsep_${entrypoint}",
|
$config_group = "privsep_${entrypoint}",
|
||||||
$user = $::os_service_default,
|
$user = $::os_service_default,
|
||||||
$group = $::os_service_default,
|
$group = $::os_service_default,
|
||||||
$capabilities = $::os_service_default,
|
$capabilities = $::os_service_default,
|
||||||
$helper_command = $::os_service_default,
|
$thread_pool_size = $::os_service_default,
|
||||||
|
$helper_command = $::os_service_default,
|
||||||
|
$logger_name = $::os_service_default,
|
||||||
) {
|
) {
|
||||||
|
|
||||||
$privsep_options = {
|
$privsep_options = {
|
||||||
"${config_group}/user" => { value => $user },
|
"${config_group}/user" => { value => $user },
|
||||||
"${config_group}/group" => { value => $group },
|
"${config_group}/group" => { value => $group },
|
||||||
"${config_group}/capabilities" => { value => $capabilities },
|
"${config_group}/capabilities" => { value => $capabilities },
|
||||||
"${config_group}/helper_command" => { value => $helper_command },
|
"${config_group}/thread_pool_size" => { value => $thread_pool_size },
|
||||||
|
"${config_group}/helper_command" => { value => $helper_command },
|
||||||
|
"${config_group}/logger_name" => { value => $logger_name },
|
||||||
}
|
}
|
||||||
|
|
||||||
create_resources($config, $privsep_options)
|
create_resources($config, $privsep_options)
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The ``oslo::privsep`` defined resource type now supports
|
||||||
|
the ``thread_pool_size`` parameter and the ``logger_name`` parameter.
|
|
@ -15,17 +15,21 @@ describe 'oslo::privsep' do
|
||||||
is_expected.to contain_keystone_config('privsep_osbrick/user').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_keystone_config('privsep_osbrick/user').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_keystone_config('privsep_osbrick/group').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_keystone_config('privsep_osbrick/group').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_keystone_config('privsep_osbrick/capabilities').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_keystone_config('privsep_osbrick/capabilities').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_keystone_config('privsep_osbrick/thread_pool_size').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_keystone_config('privsep_osbrick/helper_command').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_keystone_config('privsep_osbrick/helper_command').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_keystone_config('privsep_osbrick/logger_name').with_value('<SERVICE DEFAULT>')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'with overridden parameters' do
|
context 'with overridden parameters' do
|
||||||
before do
|
before do
|
||||||
params.merge!({
|
params.merge!({
|
||||||
:user => 'keystone',
|
:user => 'keystone',
|
||||||
:group => 'keystone',
|
:group => 'keystone',
|
||||||
:capabilities => [],
|
:capabilities => [],
|
||||||
:helper_command => 'sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf',
|
:thread_pool_size => 1,
|
||||||
|
:helper_command => 'sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf',
|
||||||
|
:logger_name => 'oslo_privsep.daemon',
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -33,7 +37,9 @@ describe 'oslo::privsep' do
|
||||||
is_expected.to contain_keystone_config('privsep_osbrick/user').with_value('keystone')
|
is_expected.to contain_keystone_config('privsep_osbrick/user').with_value('keystone')
|
||||||
is_expected.to contain_keystone_config('privsep_osbrick/group').with_value('keystone')
|
is_expected.to contain_keystone_config('privsep_osbrick/group').with_value('keystone')
|
||||||
is_expected.to contain_keystone_config('privsep_osbrick/capabilities').with_value([])
|
is_expected.to contain_keystone_config('privsep_osbrick/capabilities').with_value([])
|
||||||
|
is_expected.to contain_keystone_config('privsep_osbrick/thread_pool_size').with_value(1)
|
||||||
is_expected.to contain_keystone_config('privsep_osbrick/helper_command').with_value('sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf')
|
is_expected.to contain_keystone_config('privsep_osbrick/helper_command').with_value('sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf')
|
||||||
|
is_expected.to contain_keystone_config('privsep_osbrick/logger_name').with_value('oslo_privsep.daemon')
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue