privsep: Add support for the remaining parameters

This change adds support for the following two parameters of the oslo.privsep library, so that all options can be configured by the oslo::privsep defined resource type. - thread_pool_size - logger_name Change-Id: I88eb0a5a1d3fd795a2c29b7be4d6e5722a330c45
2022-09-01 02:38:42 +09:00 · 2022-09-01 02:38:42 +09:00 · 49de918c25
parent c47f5dbc4f
commit 49de918c25
3 changed files with 47 additions and 20 deletions
--- a/manifests/privsep.pp
+++ b/manifests/privsep.pp
@ -15,7 +15,8 @@
 #  (Required) Configuration file to manage. (string value)
 #
 # [*config_group*]
-#  (Optional) Name of the section in which the parameters are set. (string value)
+#  (Optional) Name of the section in which the parameters are set.
 #  (string value)
 #  Defaults to "privsep_${entrypoint}"
 #
 # [*user*]
@ -27,14 +28,25 @@
 #  Defaults to $::os_service_default.
 #
 # [*capabilities*]
-#  (Optional) List of Linux capabilities retained by the privsep daemon. (list value)
+#  (Optional) List of Linux capabilities retained by the privsep daemon.
 #  (list value)
 #  Defaults to $::os_service_default.
 #
 # [*thread_pool_size*]
 #  (Optional) The number of threads available for privsep to concurrently
 #  run processes.
 #  Defaults to $::os_service_default.
 #
 # [*helper_command*]
-#  (Optional) Command to invoke to start the privsep daemon if not using the "fork" method.
+#  (Optional) Command to invoke to start the privsep daemon if not using
-#  If not specified, a default is generated using "sudo privsep-helper" and arguments designed to
+#  the "fork" method. If not specified, a default is generated using
-#  recreate the current configuration. This command must accept suitable --privsep_context
+#  "sudo privsep-helper" and arguments designed to recreate the current
-#  and --privsep_sock_path arguments.
+#  configuration. This command must accept suitable --privsep_context and
 #  --privsep_sock_path arguments.
 #  Defaults to $::os_service_default.
 #
 # [*logger_name*]
 #  (Optional) Logger name to use for this privsep context.
 #  Defaults to $::os_service_default.
 #
 # == Examples
@ -45,19 +57,23 @@
 #
 define oslo::privsep (
  $config,
-  $entrypoint     = $name,
+  $entrypoint       = $name,
-  $config_group   = "privsep_${entrypoint}",
+  $config_group     = "privsep_${entrypoint}",
-  $user           = $::os_service_default,
+  $user             = $::os_service_default,
-  $group          = $::os_service_default,
+  $group            = $::os_service_default,
-  $capabilities   = $::os_service_default,
+  $capabilities     = $::os_service_default,
-  $helper_command = $::os_service_default,
+  $thread_pool_size = $::os_service_default,
  $helper_command   = $::os_service_default,
  $logger_name      = $::os_service_default,
 ) {
  $privsep_options = {
-    "${config_group}/user"           => { value => $user },
+    "${config_group}/user"             => { value => $user },
-    "${config_group}/group"          => { value => $group },
+    "${config_group}/group"            => { value => $group },
-    "${config_group}/capabilities"   => { value => $capabilities },
+    "${config_group}/capabilities"     => { value => $capabilities },
-    "${config_group}/helper_command" => { value => $helper_command },
+    "${config_group}/thread_pool_size" => { value => $thread_pool_size },
    "${config_group}/helper_command"   => { value => $helper_command },
    "${config_group}/logger_name"      => { value => $logger_name },
  }
  create_resources($config, $privsep_options)
--- a/releasenotes/notes/privsep-opts-d3d12d20281a0ee5.yaml
+++ b/releasenotes/notes/privsep-opts-d3d12d20281a0ee5.yaml
@ -0,0 +1,5 @@
 ---
 features:
  - |
    The ``oslo::privsep`` defined resource type now supports
    the ``thread_pool_size`` parameter and the ``logger_name`` parameter.
--- a/spec/defines/oslo_privsep_spec.rb
+++ b/spec/defines/oslo_privsep_spec.rb
@ -15,17 +15,21 @@ describe 'oslo::privsep' do
        is_expected.to contain_keystone_config('privsep_osbrick/user').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_keystone_config('privsep_osbrick/group').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_keystone_config('privsep_osbrick/capabilities').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_keystone_config('privsep_osbrick/thread_pool_size').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_keystone_config('privsep_osbrick/helper_command').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_keystone_config('privsep_osbrick/logger_name').with_value('<SERVICE DEFAULT>')
      end
    end
    context 'with overridden parameters' do
      before do
        params.merge!({
-          :user           => 'keystone',
+          :user             => 'keystone',
-          :group          => 'keystone',
+          :group            => 'keystone',
-          :capabilities   => [],
+          :capabilities     => [],
-          :helper_command => 'sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf',
+          :thread_pool_size => 1,
          :helper_command   => 'sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf',
          :logger_name      => 'oslo_privsep.daemon',
        })
      end
@ -33,7 +37,9 @@ describe 'oslo::privsep' do
        is_expected.to contain_keystone_config('privsep_osbrick/user').with_value('keystone')
        is_expected.to contain_keystone_config('privsep_osbrick/group').with_value('keystone')
        is_expected.to contain_keystone_config('privsep_osbrick/capabilities').with_value([])
        is_expected.to contain_keystone_config('privsep_osbrick/thread_pool_size').with_value(1)
        is_expected.to contain_keystone_config('privsep_osbrick/helper_command').with_value('sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf')
        is_expected.to contain_keystone_config('privsep_osbrick/logger_name').with_value('oslo_privsep.daemon')
      end
    end