From a980e22ecbc5d00a9b7df4e69abb3bf4c5739598 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 24 Apr 2021 11:44:55 +0200 Subject: [PATCH] bundles/telegraf: support requesting additional capabilities and/or groups --- bundles/telegraf/files/override.conf | 2 ++ bundles/telegraf/items.py | 35 ++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 bundles/telegraf/files/override.conf diff --git a/bundles/telegraf/files/override.conf b/bundles/telegraf/files/override.conf new file mode 100644 index 0000000..c455687 --- /dev/null +++ b/bundles/telegraf/files/override.conf @@ -0,0 +1,2 @@ +[Service] +AmbientCapabilities=${' '.join(sorted(capabilities))} diff --git a/bundles/telegraf/items.py b/bundles/telegraf/items.py index c987088..a4b52da 100644 --- a/bundles/telegraf/items.py +++ b/bundles/telegraf/items.py @@ -79,11 +79,46 @@ files = { }, } +if node.metadata.get('telegraf/additional_capabilities', set()): + files['/etc/systemd/system/telegraf.service.d/bundlewrap.conf'] = { + 'source': 'override.conf', + 'content_type': 'mako', + 'context': { + 'capabilities': node.metadata['telegraf']['additional_capabilities'], + }, + 'triggers': { + 'action:systemd-reload', + 'svc_systemd:telegraf:restart', + }, + } +else: + files['/etc/systemd/system/telegraf.service.d/bundlewrap.conf'] = { + 'delete': True, + 'triggers': { + 'action:systemd-reload', + 'svc_systemd:telegraf:restart', + }, + } + +users = { + 'telegraf': { + 'groups': node.metadata.get('telegraf/additional_groups', set()), + 'needs': { + 'pkg_apt:telegraf', + }, + 'triggers': { + 'svc_systemd:telegraf:restart', + }, + }, +} + svc_systemd = { 'telegraf': { 'needs': { 'file:/etc/telegraf/telegraf.conf', + 'file:/etc/systemd/system/telegraf.service.d/bundlewrap.conf', 'pkg_apt:telegraf', + 'user:telegraf', }, }, }