Add support for oslo privilege separator management
Add oslo::privsep define to configure privsep_${entrypoint}
section of given config resource.
Change-Id: If4d52487f2a97fd6e26edf9c0d5dbc2300c09482
This commit is contained in:
3 changed files with 116 additions and 0 deletions
59
manifests/privsep.pp
Normal file
59
manifests/privsep.pp
Normal file
@@ -0,0 +1,59 @@
#==Define:oslo::privsep
#
#Configureoslo_privsepoptions
#
#ThisresourceconfiguresOsloprivilegeseparatorresourcesforanOpenStackservice.
#Itwillmanagethe[privsep_${entrypoint}]sectioninthegivenconfigresource.
#
#===Parameters:
#
#[*entrypoint*]
#(Required)Privsepentrypoint.(stringvalue)
#Defaultsto$name.
#
#[*config*]
#(Required)Configurationfiletomanage.(stringvalue)
#
#[*user*]
#(Optional)Userthattheprivsepdaemonshouldrunas.(stringvalue)
#Defaultsto$::os_service_default.
#
#[*group*]
#(Optional)Groupthattheprivsepdaemonshouldrunas.(stringvalue)
#Defaultsto$::os_service_default.
#
#[*capabilities*]
#(Optional)ListofLinuxcapabilitiesretainedbytheprivsepdaemon.(listvalue)
#Defaultsto$::os_service_default.
#
#[*helper_command*]
#(Optional)Commandtoinvoketostarttheprivsepdaemonifnotusingthe"fork"method.
#Ifnotspecified,adefaultisgeneratedusing"sudo privsep-helper"andargumentsdesignedto
#recreatethecurrentconfiguration.Thiscommandmustacceptsuitable--privsep_context
#and--privsep_sock_patharguments.
#Defaultsto$::os_service_default.
#
#==Examples
#
#oslo::privsep{ 'osbrick':
# config => 'nova_config'
# }
#
defineoslo::privsep(
$config,
$entrypoint=$name,
$user=$::os_service_default,
$group=$::os_service_default,
$capabilities=$::os_service_default,
$helper_command=$::os_service_default,
){
$privsep_options = {
"privsep_${entrypoint}/user"=>{ value => $user },
"privsep_${entrypoint}/group"=>{ value => $group },
"privsep_${entrypoint}/capabilities"=>{ value => $capabilities },
"privsep_${entrypoint}/helper_command"=>{ value => $helper_command },
}
create_resources($config,$privsep_options)
}
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.