81 lines
2.6 KiB
Puppet
81 lines
2.6 KiB
Puppet
# == Define: oslo::privsep
|
|
#
|
|
# Configure oslo_privsep options
|
|
#
|
|
# This resource configures Oslo privilege separator resources for an OpenStack service.
|
|
# It will manage the [privsep_${entrypoint}] section in the given config resource.
|
|
#
|
|
# === Parameters:
|
|
#
|
|
# [*entrypoint*]
|
|
# (Required) Privsep entrypoint. (string value)
|
|
# Defaults to $name.
|
|
#
|
|
# [*config*]
|
|
# (Required) Configuration file to manage. (string value)
|
|
#
|
|
# [*config_group*]
|
|
# (Optional) Name of the section in which the parameters are set.
|
|
# (string value)
|
|
# Defaults to "privsep_${entrypoint}"
|
|
#
|
|
# [*user*]
|
|
# (Optional) User that the privsep daemon should run as. (string value)
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*group*]
|
|
# (Optional) Group that the privsep daemon should run as. (string value)
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*capabilities*]
|
|
# (Optional) List of Linux capabilities retained by the privsep daemon.
|
|
# (list value)
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*thread_pool_size*]
|
|
# (Optional) The number of threads available for privsep to concurrently
|
|
# run processes.
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*helper_command*]
|
|
# (Optional) Command to invoke to start the privsep daemon if not using
|
|
# the "fork" method. If not specified, a default is generated using
|
|
# "sudo privsep-helper" and arguments designed to recreate the current
|
|
# configuration. This command must accept suitable --privsep_context and
|
|
# --privsep_sock_path arguments.
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# [*logger_name*]
|
|
# (Optional) Logger name to use for this privsep context.
|
|
# Defaults to $facts['os_service_default'].
|
|
#
|
|
# == Examples
|
|
#
|
|
# oslo::privsep { 'osbrick':
|
|
# config => 'nova_config'
|
|
# }
|
|
#
|
|
define oslo::privsep (
|
|
$config,
|
|
$entrypoint = $name,
|
|
$config_group = "privsep_${entrypoint}",
|
|
$user = $facts['os_service_default'],
|
|
$group = $facts['os_service_default'],
|
|
$capabilities = $facts['os_service_default'],
|
|
$thread_pool_size = $facts['os_service_default'],
|
|
$helper_command = $facts['os_service_default'],
|
|
$logger_name = $facts['os_service_default'],
|
|
) {
|
|
|
|
$privsep_options = {
|
|
"${config_group}/user" => { value => $user },
|
|
"${config_group}/group" => { value => $group },
|
|
"${config_group}/capabilities" => { value => $capabilities },
|
|
"${config_group}/thread_pool_size" => { value => $thread_pool_size },
|
|
"${config_group}/helper_command" => { value => $helper_command },
|
|
"${config_group}/logger_name" => { value => $logger_name },
|
|
}
|
|
|
|
create_resources($config, $privsep_options)
|
|
}
|