| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
No states assigned yet.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Leap 15.5 renamed the package, "redis" will try to install Redis 6 and
cause a conflict.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Allow sshd configuration to be skipped on "special" machines using
an optional "manage_sshd: False" pillar option.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Multiple packages need it as a dependency, maintaining an exclusion list
is not feasible.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Skip failing local users management on machines using sssd.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Fixup to b685f16c914b9fa05bda7c69ce9e157d04262d09, default value was
outside of conditional - it didn't cause any errors, but did not work as
expected either. :-)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Ensure strings are quoted correctly.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Replace with call to grains dict.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Needed for some PHP extensions.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Re-order ending quote.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Attempt to repair quoting by correcting the if-condition grouping and by
replacing the quote filter with manual quotes.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Environment file needs to be readable by the www, not the wwwrun, group
for PHP-FPM to be able to access it.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Some strings contain spaces or special characters and should be quoted.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
The reload/restart module calls have been dropped from the formula.
Watch the service.running state instead.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/40
|
| |
| |
| |
| | |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
|
| |
Allow formulas update on Salt master without applying the complete Salt
master profile.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Some keys needed quoting to pass the YAML parser.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- add apache-httpd profile with snippets configuration
- add TLS snippet to apache-httpd role pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Since the last commit introduced a new Prometheus targets profile, it
makes sense to move node_exporter underneath the Prometheus tree as
well.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
|
|
| |
* add new roles:
- monitoring.prometheus
- monitoring.prometheus-alertmanager
- monitoring.prometheus-exporter-blackbox
* add common Prometheus and Prometheus Alertmanager pillar data
* add moni.lysergic.dev specific Prometheus pillar data
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- remove trailing whitespaces
- format octal modes correctly
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Self-explanatory.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Some web proxy servers need additional AppArmor drop-ins, for example
for serving static content.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Simple profile to allow for management of local profile drop-ins using
pillar values.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Role managing the Netcup IP failover script plus keepalived.
Requires ha-node role introduced via a8bbe056f1.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Short profile source from other profiles requiring the keepalived_script
user to be present.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Profile managing a Netcup IP address failover script for use with
keepalived.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Ensure qemu-guest-agent is active on all KVM guests.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
We only use AutoYaST for the OS deployment and don't need the packages
afterwards.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- add more explicit Salt ID dependencies
- reload service on configuration changes
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Matterbridge does detect file changes, but seems to only apply them on
a service restart.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Needed to make the TOML configuration format happy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Create media directories if defined in the pillar.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|\
| |
| |
| |
| |
| | |
matterbridge-refactor into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/11
|
| |
| |
| |
| |
| |
| |
| |
| | |
- reduce pillar calls
- no longer define possible configuration options, apply settings from
pillar 1:1
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|/
|
|
|
|
| |
Add ha-node role for machines in a HA pair using keepalived.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Configure repository to be refreshed automatically.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- web-proxy role to configure nginx
- pillar with common nginx configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Useful to accept new minions.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Add role, profile and pillar for roleproxy.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
| |
Grains have only been managed to track roles, however those have since
been moved to the Role API. Hence the managed /etc/salt/grains file can
safely be removed from management.
Existing installations will be cleaned up by me.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
If-clause to check for Syndic roles caused regression on minions without
any assigned roles.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- python-ldap is needed for authenticating with the API
- shell completions are useful :-)
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Split horizon for the complete .email zone is not feasible for all
sites, and TLS certificate currently does not cover any of the internal
hostnames.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
This is more a MTA configuration for system email on all hosts instead of
a dedicated email server role.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
LibertaCasa RPM repsitory:
- comment was not added by Salt, it attempted to re-add it every time
- set lower priority
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
|
| |
Add configuration for global client MTA's.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Enable Postfix management
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Add ID and initialize with fish and system-group wheel packages.
More packages to be added later on.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Release tag can be different from machine to machine. Checking for the
version tag should be good enough.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
|
| |
manage
- home:crameleon:LibertaCasa repository
- ca-certificates-syscid
in common SUSE state.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
Syndics are generally the masters assigned to their region.
We want the minions on syndics to connect to their upstream master
("master of masters") instead of to themselves.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Avoid permissions errors if Salt attempts to write to Redis during
non-root state.apply calls.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
|
| |
This is an attempt to remove the need for the custom nbroles module. If
it works out, the localhost reference should be replaced with a global
roles API endpoint.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Fallout from b112ee3131f82cf8b8bc09726b9088950f9dc6dc.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
Allow for extension modules to be delivered using the Salt file server.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Add Redis configuration to salt.master profile for caching on Salt masters.
To-Do: move configuration to a formula based approach.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
Roles under salt/ are enforced to be existent - adding "empty" file to
match pillar/role/salt/.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
No longer used, referenced profile removed in
a1782581bb5124ecee97baa86ef8a312ad4828d0.
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
|
| |
- remove RPM public key import
- remove test-webserver profile
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
| |
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
|
|
|
|
| |
- + renaming baseline to common
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|
|
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
|