Add admins to redis group on masters

Avoid permissions errors if Salt attempts to write to Redis during
non-root state.apply calls.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

1 files changed, 13 insertions, 10 deletions

diff --git a/salt/profile/salt/master.sls b/salt/profile/salt/master.sls
index ae2aee4..b647bb1 100644
--- a/salt/profile/salt/master.sls
+++ b/salt/profile/salt/master.sls
@@ -80,14 +80,6 @@ salt_master_extra_packages:
     - require:
       - pkg: redis
 
-salt_redis_membership:
-  group.present:
-    - name: redis
-    - addusers:
-      - {{ master_pillar['user'] }}
-    - require:
-      - pkg: redis
-
 salt_redis_service_enable:
   service.enabled:
     - name: {{ redis_service }}
@@ -102,14 +94,25 @@ salt_redis_service_start:
     - watch:
       - file: {{ redis_config }}
 
+salt_redis_membership:
+  group.present:
+    - name: redis
+    - require:
+      - pkg: redis
+    - addusers:
+      - {{ master_pillar['user'] }}
 {%- if pillar['secret_salt'] is defined %}
+      {%- for user in master_pillar['publisher_acl'] %}
+      - {{ user }}
+      {%- endfor %}
+
 admin_salt_membership:
   group.present:
     - name: salt
+    - require:
+      - pkg: salt-master
     - addusers:
       {%- for user in master_pillar['publisher_acl'] %}
       - {{ user }}
       {%- endfor %}
-    - require:
-      - pkg: salt-master
 {%- endif %}