blob: 6ec51aa6c1bb6855d4f0a1bae890a405cb76d2a1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
{%- set salt_pillar = pillar['salt'] -%}
{%- set master_pillar = salt_pillar['master'] -%}
{%- set redis_config = '/etc/redis/salt.conf' -%}
{%- set redis_service = 'redis@salt' -%}
{%- set extmods = salt_pillar['extmods'] -%}
{%- set extmoddir = master_pillar['extension_modules'] -%}
include:
- salt.master
salt_master_extension_modules_dirs:
file.directory:
- names:
- {{ extmoddir }}
{%- for modtype in extmods %}
- {{ extmoddir }}/{{ modtype }}
{%- endfor %}
- user: root
- group: salt
- mode: 0755
salt_master_extension_modules_bins:
file.managed:
- names:
{%- for modtype, modnames in extmods.items() %}
{%- for modname in modnames %}
- {{ extmoddir }}/{{ modtype }}/{{ modname }}:
- source: salt://extmods/{{ modtype }}/{{ modname }}
{%- endfor %}
{%- endfor %}
- user: root
- group: salt
- mode: 0640
- require:
- file: salt_master_extension_modules_dirs
salt_master_formulas:
git.latest:
- name: https://git.com.de/LibertaCasa/salt-formulas.git
- target: /srv/formulas
- branch: production
- submodules: True
salt_master_extra_packages:
pkg.installed:
- names:
- python3-ldap
- python3-pynetbox
- python3-redis
- redis
- salt-bash-completion
- salt-fish-completion
- watch_in:
- service: salt-master
# to-do: move Redis configuration to a formula
{{ redis_config }}:
file.managed:
- contents:
- port 0
- tcp-backlog 511
- unixsocket /run/redis/salt.sock
- unixsocketperm 460
- timeout 0
- supervised systemd
- pidfile /run/redis/salt.pid
- logfile /var/log/redis/salt.log
- databases 1
- dir /var/lib/redis/salt/
- acllog-max-len 64
- requirepass {{ master_pillar['cache.redis.password'] }}
- user: root
- group: redis
- mode: 0640
- require:
- pkg: redis
/var/lib/redis/salt:
file.directory:
- user: redis
- group: redis
- mode: 0750
- require:
- pkg: redis
salt_redis_service_enable:
service.enabled:
- name: {{ redis_service }}
- require:
- pkg: redis
salt_redis_service_start:
service.running:
- name: {{ redis_service }}
- require:
- pkg: redis
- watch:
- file: {{ redis_config }}
salt_redis_membership:
group.present:
- name: redis
- require:
- pkg: redis
- addusers:
- {{ master_pillar['user'] }}
{%- if pillar['secret_salt'] is defined %}
{%- for user in master_pillar['publisher_acl'] %}
- {{ user }}
{%- endfor %}
admin_salt_membership:
group.present:
- name: salt
- require:
- pkg: salt-master
- addusers:
{%- for user in master_pillar['publisher_acl'] %}
- {{ user }}
{%- endfor %}
{%- endif %}
|