| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
- add database disable switch under `config_data`
- remove `ip4-only` switch under `config_data` (it is host dependent)
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
|
|
|
|
|
| |
- add config data for nsd.
Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>
|
| |
|
|
|
|
|
|
|
| |
- remove trailing whitespaces
- format octal modes correctly
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- remove spaces, add headers
- add ignore for line-lengths in .pipeline.yml
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/31
|
|/
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-denc-webcluster-nginx-modsec into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/30
|
|/
|
|
|
|
|
|
| |
With the rollout of our Salted configuration, ModSecurity came enforced.
This adds necessary rules to PrivateBin and BookStack for correct
operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
from import-denc-webcluster-nginx-listen-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/29
|
|/
|
|
|
|
| |
Accidentally configured to listen only internally.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
reload-apparmor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/28
|
|/
|
|
|
|
| |
Self-explanatory.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-denc-webcluster-apparmor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/27
|
| |
| |
| |
| |
| |
| | |
Allow access to client trust certificate and to static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
Some web proxy servers need additional AppArmor drop-ins, for example
for serving static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
|
| |
Simple profile to allow for management of local profile drop-ins using
pillar values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-denc-webcluster-iphash into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/26
|
|/
|
|
|
|
|
|
| |
- remove keys duplicated by include
- repair wrong snippets include directory
- repair wrong ip_hash option syntax
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/25
|
|/
|
|
|
|
| |
Accidentally added as a service.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-denc-webcluster-fw into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/24
|
| |
| |
| |
| |
| |
| | |
Prevent script tampering.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
| |
Public firewall rules were missing from initial import.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-denc-webcluster into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/12
|
| |
| |
| |
| |
| |
| |
| | |
Configure backend firewall zones if applicable. Allow all UDP for
cluster traffic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| | |
Needed for keepalived operation.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
Role managing the Netcup IP failover script plus keepalived.
Requires ha-node role introduced via a8bbe056f1.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
Short profile source from other profiles requiring the keepalived_script
user to be present.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
Profile managing a Netcup IP address failover script for use with
keepalived.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| | |
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| | |
Add shared nginx configuration to nemesis/hubris HA pair nodes.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
| |
Add shared configuration to cluster.denc.web-proxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
(#23) from common-suse into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/23
|
| |
| |
| |
| |
| |
| | |
Ensure qemu-guest-agent is active on all KVM guests.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
We only use AutoYaST for the OS deployment and don't need the packages
afterwards.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| |/
|/|
| |
| |
| | |
dericom02-webfw into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/22
|
|/
|
|
|
|
|
| |
Import locally configured web zone into Salt. This zone allows the web
proxy to reach http for serving Matterbridge media.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
lighttpd-watch into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/21
|
|/
|
|
|
|
|
| |
- add more explicit Salt ID dependencies
- reload service on configuration changes
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
matterbridge-xmpp-debug into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/20
|
|/
|
|
|
|
| |
It's very noisy - one can enable it on demand if needed.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
matterbridge-watch into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/19
|
|/
|
|
|
|
|
| |
Matterbridge does detect file changes, but seems to only apply them on
a service restart.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
matterbridge-booleans into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/18
|
| |
| |
| |
| |
| |
| | |
Needed to make the TOML configuration format happy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| |/
|/|
| |
| |
| | |
matterbridge-aithunder into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/17
|
|/
|
|
|
|
| |
Discord room does not exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
matterbridge-booleans into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/16
|
|/
|
|
|
|
| |
TOML configuration format needs lowercase boolean values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/15
|
| |
| |
| |
| |
| |
| |
| | |
- move base media directory to variable
- add lighttpd vhosts to pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
| |
Create media directories if defined in the pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
matterbridge-pillar-fixup into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/14
|
|/
|
|
|
|
|
| |
Empty for now, adding for future reference and because we enforce role
pillars to exist.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-dericom02 into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/10
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| | |
| | |
| | |
| | |
| | | |
matterbridge-refactor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/11
|
| |/
| |
| |
| |
| |
| |
| |
| | |
- reduce pillar calls
- no longer define possible configuration options, apply settings from
pillar 1:1
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\ \
| |/
|/|
| |
| |
| | |
keepalived-formula into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/13
|
| |
| |
| |
| |
| |
| | |
Add ha-node role for machines in a HA pair using keepalived.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Ergo rightfully does not accept plain text websocket connections.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Fallout from 77fa39e59c15a2235f210128dab821d2e2fd6ae5 - libertacasa
nginx snippet needs to be included in liberta.casa server for main
website to operate on the clearnet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Accidentally mixed up the libertacasa with the libertacasa2 nginx
TLS snippet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Always include mime.types on web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Always include files in conf.d and vhosts.d on web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/9
|
|/
|
|
|
|
|
| |
Import default nginx.conf contents from our custom packaged file into
Salt.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Add logic to wrap IPv6 listening addresses in brackets, to prevent nginx
from failing to start.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
import-deriweb01 into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/8
|
| |
| |
| |
| |
| |
| |
| | |
Allow internal http and https to pass on web proxies.
To-do: logic for web proxies directly attached to the internet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| | |
Initially for .sls and .jinja/.j2 files - we can add others later on if
needed.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
| |
Transfer local/manual nginx configuration structure into pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add TLS configuration snippet shared between all web-proxies.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
For use in nginx pillars.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Configure repository to be refreshed automatically.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- web-proxy role to configure nginx
- pillar with common nginx configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
- move pillar macros and map to base directory
- move listener logic from macro to map
- update includes respectively
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Useful to accept new minions.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add role, profile and pillar for roleproxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
| |
Grains have only been managed to track roles, however those have since
been moved to the Role API. Hence the managed /etc/salt/grains file can
safely be removed from management.
Existing installations will be cleaned up by me.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
To match the SUSE defaults deployed by our AutoYaST configuration.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- interfaces with no IPv4 address would cause a render failure
- repair if-clause needed for interfaces with only IPv4 addresses
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
| |
Detect which interfaces belong to which zones, and configure firewalld
accordingly.
Backend zone is currently only prepared and yet to be tested and
enabled.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Needed for firewall interface-zone mapping logic.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
State would print the colons unquoted into the file, causing the YAML to
not parse.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Reflect production setting, allow pillar to merge from different roles.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
... and sort list entries alphabetically.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
No individual listeners can be configured, hence global dual stack
listener it is.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
If-clause to check for Syndic roles caused regression on minions without
any assigned roles.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
|
| |
Don't fail if mine does not contain information about the queried
minion.
In the future it would be nice to add another conditional to allow such
minions to fall-back to the locally executed network module for
masterless setups.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Needed for formula to not nuke Syndic key permissions. Little bit ugly.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
The network module run on the Salt master, but the macro should fetch
minion addresses.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add Salt mine configuration to collect minion IP addresses.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Likely needed as it does not support searching a more fine grained base
DN.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Tornado does not support all the features.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- python-ldap is needed for authenticating with the API
- shell completions are useful :-)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Split horizon for the complete .email zone is not feasible for all
sites, and TLS certificate currently does not cover any of the internal
hostnames.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| | |
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/6
|
|/
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
This is more a MTA configuration for system email on all hosts instead of
a dedicated email server role.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
- add formulas.yaml file containing list of all enabled formulas
- read formulas from said file in role.salt.master and prepare_minion.py
- add symlink for easier tracking of the file
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Not needed, but the formula writes a hash:/ entry default, which might
cause confusion in the future, since our alias_maps is using lmdb:/.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
LibertaCasa RPM repsitory:
- comment was not added by Salt, it attempted to re-add it every time
- set lower priority
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
- correct mydestination to allow lysergic.dev to be sent through the
relay
- correct relayhost to use SMTPS port
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/4
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
| |
This reverts commit 4863396938c7c638517cbefc3a2773c9eb29bc69.
|
|\
| |
| |
| |
| |
| | |
master-include-common into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/3
|
|/
|
|
|
|
|
| |
Needed to allow individual apply's of salt.master without breaking
common configuration options.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
(#2) from postfix into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/2
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add configuration for global client MTA's.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Enable Postfix management
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Adapt to current private pillar top:
- match ID grain for inclusion of ID files
- move roles under conditional
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Zypper pillar data is not needed on non-SUSE systems.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Add ID and initialize with fish and system-group wheel packages.
More packages to be added later on.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Speed up state.apply's.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Release tag can be different from machine to machine. Checking for the
version tag should be good enough.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
| |
manage
- home:crameleon:LibertaCasa repository
- ca-certificates-syscid
in common SUSE state.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Syndics are generally the masters assigned to their region.
We want the minions on syndics to connect to their upstream master
("master of masters") instead of to themselves.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Avoid permissions errors if Salt attempts to write to Redis during
non-root state.apply calls.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
This is an attempt to remove the need for the custom nbroles module. If
it works out, the localhost reference should be replaced with a global
roles API endpoint.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Fallout from b112ee3131f82cf8b8bc09726b9088950f9dc6dc.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Allow for extension modules to be delivered using the Salt file server.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
'gpg_keydir' is a master specific setting, it does not work under the
top level 'salt' key.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Add Redis configuration to salt.master profile for caching on Salt masters.
To-Do: move configuration to a formula based approach.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- add missing settings needed for use in production
- correct existing settings with new advancements
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Globally setting log level for easier initial setup. Later on we should
consider removing it again, or moving it to the salt:master pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Role is targetted globally.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Call rolesyncer on new commits to production.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
These were only relevant during testing. Leaving the empty list in case
exclusions need to be added in the future.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Roles under salt/ are enforced to be existent - adding "empty" file to
match pillar/role/salt/.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Improve nested role support introduced with
442ff683d1e5b3c15a7ef90b27c4be2b3e70ff30 by correctly converting
subdirectories into nested state references.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
No longer used, referenced profile removed in
a1782581bb5124ecee97baa86ef8a312ad4828d0.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- adapt preparation script to new environment
- add sample mocking pillar including README
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Script allows for testing and pipeline minions to work without access to
the roles API. Additionally added a note about this in prepare_minion.py.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
- walk both pillar and salt roles
- support nested roles / state files in subdirectories
- allow test invocation of the script from the command line
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Module is needed by masters as well.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Importing local lookup.py script into Git - this file is loaded as an
external pillar module by Salt masters to allow for external pillars to
be referenced inside external pillars.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
File was only used for testing secrets and is no longer in use.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Module should now replace ${...} variables during rendering. Pillar
references need to be quoted.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- remove RPM public key import
- remove test-webserver profile
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
- + renaming baseline to common
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|