diff --git a/manifests/profile/base/metrics/collectd/sensubility.pp b/manifests/profile/base/metrics/collectd/sensubility.pp index dfa49fbb5..4987ed7fb 100644 --- a/manifests/profile/base/metrics/collectd/sensubility.pp +++ b/manifests/profile/base/metrics/collectd/sensubility.pp @@ -91,6 +91,19 @@ # (Optional) String. Password part of credentials used to authenticate # to the AMQP 1.0 intermediary. # Defaults to undef +# +# [*exec_user*] +# (Optional) String. User under which sensubility is executed via collectd-exec. +# Defaults to 'collectd' +# +# [*exec_group*] +# (Optional) String. Group under which sensubility is executed via collectd-exec. +# Defaults to 'collectd' +# +# [*exec_sudo_rule*] +# (Optional) String. Rule which will be saved in /etc/sudoers.d for user specified +# by parameter exec_user. +# Defaults to undef class tripleo::profile::base::metrics::collectd::sensubility ( $ensure = 'present', $config_path = '/etc/collectd-sensubility.conf', @@ -108,7 +121,10 @@ class tripleo::profile::base::metrics::collectd::sensubility ( $amqp_host = undef, $amqp_port = undef, $amqp_user = undef, - $amqp_password = undef + $amqp_password = undef, + $exec_user = 'collectd', + $exec_group = 'collectd', + $exec_sudo_rule = undef ) { include collectd include collectd::plugin::exec @@ -140,8 +156,25 @@ class tripleo::profile::base::metrics::collectd::sensubility ( } collectd::plugin::exec::cmd { 'sensubility': - user => 'collectd', - group => 'collectd', + user => $exec_user, + group => $exec_group, exec => ['collectd-sensubility'], } + + if $exec_sudo_rule { + $sudoers_path = "/etc/sudoers.d/sensubility_${exec_user}" + file { $sudoers_path: + ensure => $ensure, + mode => '0440', + content => "${exec_user} ${exec_sudo_rule}", + notify => Exec["${exec_user}-sudo-syntax-check"] + } + + exec { "${exec_user}-sudo-syntax-check": + path => ['/usr/sbin/', '/usr/bin/'], + command => "visudo -c -f '${sudoers_path}' || (rm -f '${sudoers_path}' && exit 1)", + refreshonly => true, + } + } + } diff --git a/spec/classes/tripleo_profile_base_metrics_collectd_sensubility_spec.rb b/spec/classes/tripleo_profile_base_metrics_collectd_sensubility_spec.rb new file mode 100644 index 000000000..fcd6e43c2 --- /dev/null +++ b/spec/classes/tripleo_profile_base_metrics_collectd_sensubility_spec.rb @@ -0,0 +1,43 @@ +# +# Copyright (C) 2020 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +require 'spec_helper' + +describe 'tripleo::profile::base::metrics::collectd::sensubility' do + shared_examples_for 'tripleo::profile::base::metrics::collectd::sensubility' do + context 'with defaults and sudo rule defined' do + let(:params) do + {:exec_sudo_rule => 'ALL=(ALL) NOPASSWD:ALL'} + end + it 'has sudoers file for appropriate user with relevant rule' do + is_expected.to compile.with_all_deps + is_expected.to contain_file('/etc/sudoers.d/sensubility_collectd').with_content('collectd ALL=(ALL) NOPASSWD:ALL') + is_expected.to contain_exec('collectd-sudo-syntax-check').with( + :command => "visudo -c -f '/etc/sudoers.d/sensubility_collectd' || (rm -f '/etc/sudoers.d/sensubility_collectd' && exit 1)", + ) + end + end + end + + on_supported_os.each do |os, facts| + context "on #{os}" do + let (:facts) { + facts + } + it_behaves_like 'tripleo::profile::base::metrics::collectd::sensubility' + end + end +end diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index 318ac58d2..d1ae19c8c 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -177,3 +177,5 @@ neutron::plugins::ovs::opendaylight::odl_password: 'admin' swift_proxy_short_bootstrap_node_name: node # required for metrics::qdr_user ctlplane: '192.168.24.123' +# required to avoid EPEL repo management when testing collectd::sensubility +collectd::manage_repo: false