bundles/telegraf: support requesting additional capabilities and/or groups

2021-04-24 11:44:55 +02:00 · 2021-04-24 11:44:55 +02:00 · a980e22ecb
commit a980e22ecb
parent f78c024edc
2 changed files with 37 additions and 0 deletions
--- a/bundles/telegraf/files/override.conf
+++ b/bundles/telegraf/files/override.conf
@ -0,0 +1,2 @@
+[Service]
+AmbientCapabilities=${' '.join(sorted(capabilities))}
--- a/bundles/telegraf/items.py
+++ b/bundles/telegraf/items.py
@ -79,11 +79,46 @@ files = {
    },
 }

+if node.metadata.get('telegraf/additional_capabilities', set()):
+    files['/etc/systemd/system/telegraf.service.d/bundlewrap.conf'] = {
+        'source': 'override.conf',
+        'content_type': 'mako',
+        'context': {
+            'capabilities': node.metadata['telegraf']['additional_capabilities'],
+        },
+        'triggers': {
+            'action:systemd-reload',
+            'svc_systemd:telegraf:restart',
+        },
+    }
+else:
+    files['/etc/systemd/system/telegraf.service.d/bundlewrap.conf'] = {
+        'delete': True,
+        'triggers': {
+            'action:systemd-reload',
+            'svc_systemd:telegraf:restart',
+        },
+    }
+
+users = {
+    'telegraf': {
+        'groups': node.metadata.get('telegraf/additional_groups', set()),
+        'needs': {
+            'pkg_apt:telegraf',
+        },
+        'triggers': {
+            'svc_systemd:telegraf:restart',
+        },
+    },
+}
+
 svc_systemd = {
    'telegraf': {
        'needs': {
            'file:/etc/telegraf/telegraf.conf',
+            'file:/etc/systemd/system/telegraf.service.d/bundlewrap.conf',
            'pkg_apt:telegraf',
+            'user:telegraf',
        },
    },
 }