summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Split to OS specific common pillarGeorg Pfuetzenreuter2023-01-242-5/+4
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Include users in pipelineGeorg Pfuetzenreuter2023-01-221-0/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Include users in common.suseGeorg Pfuetzenreuter2023-01-221-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Enforce ID and roles in topGeorg Pfuetzenreuter2023-01-221-2/+7
| | | | | | | | Adapt to current private pillar top: - match ID grain for inclusion of ID files - move roles under conditional Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Enable users-formulaGeorg Pfuetzenreuter2023-01-221-2/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Wrap zypper pillar in OS checkGeorg Pfuetzenreuter2023-01-221-0/+2
| | | | | | Zypper pillar data is not needed on non-SUSE systems. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add common_packages to common.suseGeorg Pfuetzenreuter2023-01-221-0/+6
| | | | | | | Add ID and initialize with fish and system-group wheel packages. More packages to be added later on. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Disable refreshdb_forceGeorg Pfuetzenreuter2023-01-221-0/+3
| | | | | | Speed up state.apply's. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Remove release from RPM key checkGeorg Pfuetzenreuter2023-01-221-1/+1
| | | | | | | Release tag can be different from machine to machine. Checking for the version tag should be good enough. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Manage LC repository + ca-certificatesGeorg Pfuetzenreuter2023-01-221-0/+34
| | | | | | | | | manage - home:crameleon:LibertaCasa repository - ca-certificates-syscid in common SUSE state. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Connect syndic minions to syndic masterGeorg Pfuetzenreuter2023-01-221-1/+11
| | | | | | | | Syndics are generally the masters assigned to their region. We want the minions on syndics to connect to their upstream master ("master of masters") instead of to themselves. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add admins to redis group on mastersGeorg Pfuetzenreuter2023-01-221-10/+13
| | | | | | | Avoid permissions errors if Salt attempts to write to Redis during non-root state.apply calls. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Use central machine-roles endpointGeorg Pfuetzenreuter2023-01-222-2/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Use http.query instead of nbroles moduleGeorg Pfuetzenreuter2023-01-223-4/+4
| | | | | | | | This is an attempt to remove the need for the custom nbroles module. If it works out, the localhost reference should be replaced with a global roles API endpoint. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: configure publisher_aclGeorg Pfuetzenreuter2023-01-221-0/+12
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Update symlink to nbroles.pyGeorg Pfuetzenreuter2023-01-221-1/+1
| | | | | | Fallout from b112ee3131f82cf8b8bc09726b9088950f9dc6dc. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: manage formulasGeorg Pfuetzenreuter2023-01-222-1/+12
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Move extmods to salt/Georg Pfuetzenreuter2023-01-222-0/+0
| | | | | | Allow for extension modules to be delivered using the Salt file server. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: move file_roots to productionGeorg Pfuetzenreuter2023-01-221-1/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: move gpg_keydir to masterGeorg Pfuetzenreuter2023-01-221-1/+1
| | | | | | | 'gpg_keydir' is a master specific setting, it does not work under the top level 'salt' key. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* salt.master: manage extension modulesGeorg Pfuetzenreuter2023-01-222-2/+34
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Configure Redis for Salt masterGeorg Pfuetzenreuter2023-01-221-0/+65
| | | | | | | Add Redis configuration to salt.master profile for caching on Salt masters. To-Do: move configuration to a formula based approach. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Update salt.master role pillarGeorg Pfuetzenreuter2023-01-221-2/+5
| | | | | | | - add missing settings needed for use in production - correct existing settings with new advancements Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Set Salt log level to infoGeorg Pfuetzenreuter2023-01-221-0/+1
| | | | | | | Globally setting log level for easier initial setup. Later on we should consider removing it again, or moving it to the salt:master pillar. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add salt.syndic role + pillarGeorg Pfuetzenreuter2023-01-222-0/+6
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* roles.py: exclude salt.commonGeorg Pfuetzenreuter2023-01-221-1/+1
| | | | | | Role is targetted globally. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Sync roles in pipelineGeorg Pfuetzenreuter2023-01-221-0/+15
| | | | | | Call rolesyncer on new commits to production. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add rolesyncer scriptGeorg Pfuetzenreuter2023-01-211-0/+77
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* roles.py: remove exclusionsGeorg Pfuetzenreuter2023-01-211-1/+1
| | | | | | | These were only relevant during testing. Leaving the empty list in case exclusions need to be added in the future. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init pipeline configGeorg Pfuetzenreuter2023-01-211-0/+18
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add empty salt.common SLSGeorg Pfuetzenreuter2023-01-211-0/+1
| | | | | | | Roles under salt/ are enforced to be existent - adding "empty" file to match pillar/role/salt/. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Configure formulas in prepare_minion.pyGeorg Pfuetzenreuter2023-01-211-0/+9
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add clone_formulas scriptGeorg Pfuetzenreuter2023-01-211-0/+12
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* roles.py: repair role walkingGeorg Pfuetzenreuter2023-01-211-3/+10
| | | | | | | | Improve nested role support introduced with 442ff683d1e5b3c15a7ef90b27c4be2b3e70ff30 by correctly converting subdirectories into nested state references. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Remove test-webserver roleGeorg Pfuetzenreuter2023-01-211-2/+0
| | | | | | | No longer used, referenced profile removed in a1782581bb5124ecee97baa86ef8a312ad4828d0. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Update mocking baseGeorg Pfuetzenreuter2023-01-213-3/+46
| | | | | | | - adapt preparation script to new environment - add sample mocking pillar including README Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add nbroles_to_grains script + add noteGeorg Pfuetzenreuter2023-01-212-0/+5
| | | | | | | Script allows for testing and pipeline minions to work without access to the roles API. Additionally added a note about this in prepare_minion.py. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add id/role pillar README'sGeorg Pfuetzenreuter2023-01-212-0/+2
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* roles.py: support nested roles + cli invocationGeorg Pfuetzenreuter2023-01-211-4/+9
| | | | | | | | - walk both pillar and salt roles - support nested roles / state files in subdirectories - allow test invocation of the script from the command line Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Target roles without grains in topsGeorg Pfuetzenreuter2023-01-212-8/+7
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Link nbroles module to extmodsGeorg Pfuetzenreuter2023-01-211-0/+1
| | | | | | Module is needed by masters as well. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init lookup.pyGeorg Pfuetzenreuter2023-01-211-0/+113
| | | | | | | | Importing local lookup.py script into Git - this file is loaded as an external pillar module by Salt masters to allow for external pillars to be referenced inside external pillars. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Use nbroles instead of grainsGeorg Pfuetzenreuter2023-01-213-4/+16
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Remove common secret includeGeorg Pfuetzenreuter2023-01-201-1/+0
| | | | | | File was only used for testing secrets and is no longer in use. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Add secret variablesGeorg Pfuetzenreuter2023-01-201-0/+16
| | | | | | | Module should now replace ${...} variables during rendering. Pillar references need to be quoted. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init master role w/ pillarGeorg Pfuetzenreuter2023-01-153-0/+40
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Re-order minion profileGeorg Pfuetzenreuter2023-01-152-4/+5
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Use custom minion master configurationGeorg Pfuetzenreuter2023-01-152-1/+9
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Use traditional grains managementGeorg Pfuetzenreuter2023-01-154-14/+8
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Move managed grains to minion pillarGeorg Pfuetzenreuter2023-01-152-2/+7
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init salted salt + minion pillarGeorg Pfuetzenreuter2023-01-155-1/+11
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Cleanup after devel importGeorg Pfuetzenreuter2023-01-152-9/+0
| | | | | | | - remove RPM public key import - remove test-webserver profile Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Refactor common treeGeorg Pfuetzenreuter2023-01-153-3/+3
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Ignore missing ID'sGeorg Pfuetzenreuter2023-01-151-0/+1
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Include common secret pillarGeorg Pfuetzenreuter2023-01-151-0/+3
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Init pillarGeorg Pfuetzenreuter2023-01-152-0/+16
| | | | Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* Import profiles/roles from salt-develGeorg Pfuetzenreuter2023-01-1521-1/+731
| | | | | | - + renaming baseline to common Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
* InitGeorg Pfuetzenreuter2023-01-154-0/+59
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>