From fb1d7e8d3b22f6250d635eb48ea2e1765c5f042c Mon Sep 17 00:00:00 2001 From: Andrew Vant Date: Fri, 3 Apr 2015 17:33:25 -0400 Subject: [PATCH 001/146] Added pillar option to redirect profile and map folders. --- pillar.example | 6 ++++++ salt/cloud.sls | 22 ++++++++++------------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/pillar.example b/pillar.example index ca41f63..5076166 100644 --- a/pillar.example +++ b/pillar.example @@ -82,6 +82,12 @@ salt: - cloud.providers.d/key - cloud.profiles.d - cloud.maps.d + + # You can take profile and map templates from an alternate location + # if desired. + profiles_src: salt://templates/cloud.profiles.d + maps_src: salt://templates/cloud.maps.d + providers: - ec2 - gce diff --git a/salt/cloud.sls b/salt/cloud.sls index 9d467e7..b95c103 100644 --- a/salt/cloud.sls +++ b/salt/cloud.sls @@ -60,21 +60,19 @@ cloud-cert-{{ cert }}-pem: {% endfor %} {% for providers in salt_settings.cloud.providers %} -salt-cloud-profiles-{{ providers }}: - file.managed: - - name: /etc/salt/cloud.profiles.d/{{ providers }}.conf - - template: jinja - - source: salt://salt/files/cloud.profiles.d/{{ providers }}.conf - salt-cloud-providers-{{ providers }}: file.managed: - name: /etc/salt/cloud.providers.d/{{ providers }}.conf - template: jinja - source: salt://salt/files/cloud.providers.d/{{ providers }}.conf - -salt-cloud-maps-{{ providers }}: - file.managed: - - name: /etc/salt/cloud.maps.d/{{ providers }}.conf - - template: jinja - - source: salt://salt/files/cloud.maps.d/{{ providers }}.conf {% endfor %} + +{%- for dir in ['profiles', 'maps'] %} +{%- set default_src = 'salt://salt/files/cloud.{}.d'.format(dir) %} +{%- set source = salt_settings.cloud.get(dir + "_src", default_src) %} +salt-cloud-{{ dir }}: + file.recurse: + - name: /etc/salt/cloud.{{ dir }}.d + - source: {{ source }} + - template: jinja +{%- endfor %} From 7e074dc37917a9c70a29cfa49eb8fe1b8d21b38b Mon Sep 17 00:00:00 2001 From: Andrew Vant Date: Fri, 3 Apr 2015 18:47:08 -0400 Subject: [PATCH 002/146] Supplied default values for all pillar queries in provider templates. These aren't intended to function; they're here to allow the use of file.recurse on the provider folder, without requiring the user to provide pillar data for templates they're not using. --- salt/files/cloud.providers.d/ec2.conf | 6 +++--- salt/files/cloud.providers.d/gce.conf | 6 +++--- salt/files/cloud.providers.d/rsos.conf | 8 ++++---- salt/files/cloud.providers.d/saltify.conf | 5 ++++- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/salt/files/cloud.providers.d/ec2.conf b/salt/files/cloud.providers.d/ec2.conf index fddf6b7..9afbcf3 100644 --- a/salt/files/cloud.providers.d/ec2.conf +++ b/salt/files/cloud.providers.d/ec2.conf @@ -2,12 +2,12 @@ {% set cloud = salt['pillar.get']('salt:cloud', {}) -%} ec2_ubuntu_public: minion: - master: {{ cloud['master'] }} + master: {{ cloud.get('master', 'salt') }} grains: test: True ssh_interface: public_ips - id: {{ cloud['aws_key'] }} - key: '{{ cloud['aws_secret'] }}' + id: {{ cloud.get('aws_key', 'DEFAULT') }} + key: '{{ cloud.get('aws_secret', 'DEFAULT') }}' private_key: /etc/salt/cloud.providers.d/key/key.pem keyname: keyname location: eu-west-1 diff --git a/salt/files/cloud.providers.d/gce.conf b/salt/files/cloud.providers.d/gce.conf index 5313dfb..6b90bfb 100644 --- a/salt/files/cloud.providers.d/gce.conf +++ b/salt/files/cloud.providers.d/gce.conf @@ -1,11 +1,11 @@ # This file managed by Salt, do not edit by hand!! {% set cloud = salt['pillar.get']('salt:cloud', {}) -%} gce: - project: "{{ cloud['gce_project'] }}" - service_account_email_address: "{{ cloud['gce_service_account_email_address'] }}" + project: "{{ cloud.get('gce_project', 'DEFAULT') }}" + service_account_email_address: "{{ cloud.get('gce_service_account_email_address', 'DEFAULT') }}" service_account_private_key: "/etc/salt/cloud.providers.d/key.pem" minion: - master: {{ cloud['master'] }} + master: {{ cloud.get('master', 'salt') }} grains: test: True provider: gce diff --git a/salt/files/cloud.providers.d/rsos.conf b/salt/files/cloud.providers.d/rsos.conf index d3d6aa7..4bd41f1 100644 --- a/salt/files/cloud.providers.d/rsos.conf +++ b/salt/files/cloud.providers.d/rsos.conf @@ -6,7 +6,7 @@ rsos_{{ region|lower }}: minion: - master: {{ cloud['master'] }} + master: {{ cloud.get('master', 'salt') }} grains: region: {{ region|lower }} @@ -15,7 +15,7 @@ rsos_{{ region|lower }}: protocol: ipv4 compute_region: {{ region }} provider: openstack - user: {{ cloud['rsos_user'] }} - tenant: {{ cloud['rsos_tenant'] }} - apikey: {{ cloud['rsos_apikey'] }} + user: {{ cloud.get('rsos_user', 'DEFAULT') }} + tenant: {{ cloud.get('rsos_tenant', 'DEFAULT') }} + apikey: {{ cloud.get('rsos_apikey', 'DEFAULT') }} {% endfor %} diff --git a/salt/files/cloud.providers.d/saltify.conf b/salt/files/cloud.providers.d/saltify.conf index 4fcff65..97cc2d5 100644 --- a/salt/files/cloud.providers.d/saltify.conf +++ b/salt/files/cloud.providers.d/saltify.conf @@ -1,5 +1,8 @@ # This file is managed by Salt via {{ source }} + +{% set cloud = salt['pillar.get']('salt:cloud', {}) -%} + saltify: provider: saltify minion: - master: {{ cloud['master'] }} + master: {{ cloud.get('master', 'salt') }} From f3ed6e182895b7632394aae39c079a3dd2d8798d Mon Sep 17 00:00:00 2001 From: Andrew Vant Date: Fri, 3 Apr 2015 19:30:26 -0400 Subject: [PATCH 003/146] cloud.providers.d can now be redirected. This obsoletes the salt:cloud:folders and salt:cloud:providers pillar entries. Provider keys have been moved to /etc/salt/pki/cloud. --- pillar.example | 17 ++++++-------- salt/cloud.sls | 32 ++++++++------------------- salt/defaults.yaml | 6 +++++ salt/files/cloud.providers.d/ec2.conf | 2 +- salt/files/cloud.providers.d/gce.conf | 2 +- 5 files changed, 24 insertions(+), 35 deletions(-) diff --git a/pillar.example b/pillar.example index 5076166..e30b978 100644 --- a/pillar.example +++ b/pillar.example @@ -78,19 +78,16 @@ salt: # salt cloud config cloud: master: salt - folders: - - cloud.providers.d/key - - cloud.profiles.d - - cloud.maps.d # You can take profile and map templates from an alternate location - # if desired. - profiles_src: salt://templates/cloud.profiles.d - maps_src: salt://templates/cloud.maps.d + # if you want to write your own. + template_sources: + providers: salt://templates/cloud.providers.d + profiles: salt://templates/cloud.profiles.d + maps: salt://templates/cloud.maps.d - providers: - - ec2 - - gce + # These settings are used by the default provider templates and + # only need to be set for the ones you're using. aws_key: AWSKEYIJSHJAIJS6JSH aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95 gce_project: test diff --git a/salt/cloud.sls b/salt/cloud.sls index b95c103..6834f2d 100644 --- a/salt/cloud.sls +++ b/salt/cloud.sls @@ -32,47 +32,33 @@ salt-cloud: {% endif %} {% endif %} -{% for folder in salt_settings.cloud.folders %} -{{ folder }}: - file.directory: - - name: /etc/salt/{{ folder }} - - user: root - - group: root - - file_mode: 744 - - dir_mode: 755 - - makedirs: True -{% endfor %} - {% for cert in pillar.get('salt_cloud_certs', {}) %} {% for type in ['pem'] %} cloud-cert-{{ cert }}-pem: file.managed: - - name: /etc/salt/cloud.providers.d/key/{{ cert }}.pem + - name: /etc/salt/pki/cloud/{{ cert }}.pem - source: salt://salt/files/key - template: jinja - user: root - group: root - mode: 600 + - makedirs: True - defaults: key: {{ cert }} type: {{ type }} {% endfor %} {% endfor %} -{% for providers in salt_settings.cloud.providers %} -salt-cloud-providers-{{ providers }}: - file.managed: - - name: /etc/salt/cloud.providers.d/{{ providers }}.conf - - template: jinja - - source: salt://salt/files/cloud.providers.d/{{ providers }}.conf -{% endfor %} - -{%- for dir in ['profiles', 'maps'] %} -{%- set default_src = 'salt://salt/files/cloud.{}.d'.format(dir) %} -{%- set source = salt_settings.cloud.get(dir + "_src", default_src) %} +{%- for dir in ['providers', 'profiles', 'maps'] %} +{%- set source = salt_settings.cloud.template_sources.get(dir) %} salt-cloud-{{ dir }}: file.recurse: - name: /etc/salt/cloud.{{ dir }}.d - source: {{ source }} - template: jinja + - user: root + - group: root + - dir_mode: 755 + - file_mode: 644 + - makedirs: True {%- endfor %} diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 3457a72..c42f5aa 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -23,3 +23,9 @@ salt: install_from_source: True gitpython: install_from_source: False + + cloud: + template_sources: + providers: salt://salt/files/cloud.providers.d + profiles: salt://salt/files/cloud.profiles.d + maps: salt://salt/files/cloud.maps.d diff --git a/salt/files/cloud.providers.d/ec2.conf b/salt/files/cloud.providers.d/ec2.conf index 9afbcf3..56dab21 100644 --- a/salt/files/cloud.providers.d/ec2.conf +++ b/salt/files/cloud.providers.d/ec2.conf @@ -8,7 +8,7 @@ ec2_ubuntu_public: ssh_interface: public_ips id: {{ cloud.get('aws_key', 'DEFAULT') }} key: '{{ cloud.get('aws_secret', 'DEFAULT') }}' - private_key: /etc/salt/cloud.providers.d/key/key.pem + private_key: /etc/salt/pki/cloud/ec2.pem keyname: keyname location: eu-west-1 availability_zone: eu-west-1a diff --git a/salt/files/cloud.providers.d/gce.conf b/salt/files/cloud.providers.d/gce.conf index 6b90bfb..def68f2 100644 --- a/salt/files/cloud.providers.d/gce.conf +++ b/salt/files/cloud.providers.d/gce.conf @@ -3,7 +3,7 @@ gce: project: "{{ cloud.get('gce_project', 'DEFAULT') }}" service_account_email_address: "{{ cloud.get('gce_service_account_email_address', 'DEFAULT') }}" - service_account_private_key: "/etc/salt/cloud.providers.d/key.pem" + service_account_private_key: "/etc/salt/pki/cloud/gce.pem" minion: master: {{ cloud.get('master', 'salt') }} grains: From f0e9c2df87ecca478d8f3b13a8b39678ee69e153 Mon Sep 17 00:00:00 2001 From: Andrew Vant Date: Mon, 6 Apr 2015 11:24:41 -0400 Subject: [PATCH 004/146] Enforced root-only permissions on cloud.providers.d. As mentioned in issue #118, provider files may contain passwords or API keys and should be restricted. Profiles/maps are probably OK with the defaults. --- salt/cloud.sls | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/salt/cloud.sls b/salt/cloud.sls index 6834f2d..f67a147 100644 --- a/salt/cloud.sls +++ b/salt/cloud.sls @@ -56,9 +56,17 @@ salt-cloud-{{ dir }}: - name: /etc/salt/cloud.{{ dir }}.d - source: {{ source }} - template: jinja - - user: root - - group: root - - dir_mode: 755 - - file_mode: 644 - makedirs: True {%- endfor %} + +salt-cloud-providers-permissions: + file.directory: + - name: /etc/salt/cloud.providers.d + - user: root + - group: root + - file_mode: 600 + - dir_mode: 700 + - recurse: + - user + - group + - mode From 462455ead9ae9aad37d6a0d119f9a0b4d0b9a000 Mon Sep 17 00:00:00 2001 From: Simon Lloyd Date: Thu, 9 Apr 2015 17:16:15 +0200 Subject: [PATCH 005/146] Exclude require statement when install_packages is False. The 'require' statement needs a list as input, but doesn't get any input when install_packages is set to False. --- salt/ssh.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/ssh.sls b/salt/ssh.sls index ad2b5be..d93e176 100644 --- a/salt/ssh.sls +++ b/salt/ssh.sls @@ -11,7 +11,7 @@ ensure roster config: - name: {{ salt_settings.config_path }}/roster - source: salt://salt/files/roster.jinja - template: jinja - - require: {% if salt_settings.install_packages %} + - require: - pkg: ensure salt-ssh is installed {% endif %} From d3adb685b683d429650cf6e129acabe891339e20 Mon Sep 17 00:00:00 2001 From: Forrest Alvarez Date: Fri, 10 Apr 2015 16:11:19 -0700 Subject: [PATCH 006/146] Change spaces to dashes in IDs for ssh.sls --- salt/ssh.sls | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/ssh.sls b/salt/ssh.sls index d93e176..5129581 100644 --- a/salt/ssh.sls +++ b/salt/ssh.sls @@ -1,17 +1,17 @@ {% from "salt/map.jinja" import salt_settings with context %} {% if salt_settings.install_packages %} -ensure salt-ssh is installed: +ensure-salt-ssh-is-installed: pkg.installed: - name: {{ salt_settings.salt_ssh }} {% endif %} -ensure roster config: +ensure-roster-config: file.managed: - name: {{ salt_settings.config_path }}/roster - source: salt://salt/files/roster.jinja - template: jinja {% if salt_settings.install_packages %} - require: - - pkg: ensure salt-ssh is installed + - pkg: ensure-salt-ssh-is-installed {% endif %} From ba143c18109d9e9efd6ca092b01d1ae25fc7118d Mon Sep 17 00:00:00 2001 From: Andrew Vant Date: Mon, 13 Apr 2015 16:07:03 -0400 Subject: [PATCH 007/146] Updated pillar.example with the correct defaults for template_sources. --- pillar.example | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pillar.example b/pillar.example index e30b978..3f7a8f3 100644 --- a/pillar.example +++ b/pillar.example @@ -82,9 +82,9 @@ salt: # You can take profile and map templates from an alternate location # if you want to write your own. template_sources: - providers: salt://templates/cloud.providers.d - profiles: salt://templates/cloud.profiles.d - maps: salt://templates/cloud.maps.d + providers: salt://salt/files/cloud.providers.d + profiles: salt://salt/files/cloud.profiles.d + maps: salt://salt/files/cloud.maps.d # These settings are used by the default provider templates and # only need to be set for the ones you're using. From e632b8bcb5400df743076803319a2cffd5db930f Mon Sep 17 00:00:00 2001 From: Andrew Vant Date: Mon, 13 Apr 2015 16:08:11 -0400 Subject: [PATCH 008/146] Cloud file.recurse loop no longer hardcodes folder list. --- salt/cloud.sls | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/salt/cloud.sls b/salt/cloud.sls index f67a147..13bd5c0 100644 --- a/salt/cloud.sls +++ b/salt/cloud.sls @@ -49,12 +49,11 @@ cloud-cert-{{ cert }}-pem: {% endfor %} {% endfor %} -{%- for dir in ['providers', 'profiles', 'maps'] %} -{%- set source = salt_settings.cloud.template_sources.get(dir) %} +{%- for dir, templ_path in salt_settings.cloud.template_sources.items() %} salt-cloud-{{ dir }}: file.recurse: - name: /etc/salt/cloud.{{ dir }}.d - - source: {{ source }} + - source: {{ templ_path }} - template: jinja - makedirs: True {%- endfor %} From efcefd65791195416ef6b4f7035a8ecf15d8ed07 Mon Sep 17 00:00:00 2001 From: Matt Parlette Date: Wed, 15 Apr 2015 15:36:09 -0400 Subject: [PATCH 009/146] Updated master.d/f_defaults for 2014.7 Added config setting for: * pillar_source_merging_strategy --- salt/files/master.d/f_defaults.conf | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 53cbd41..3c1ddb0 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -1,5 +1,5 @@ # This file managed by Salt, do not edit by hand!! -# Based on salt version 0.17.4 default config +# Based on salt version 2014.7 default config {% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] -%} {% set cfg_salt = pillar.get('salt', {}) -%} {% set cfg_master = cfg_salt.get('master', {}) -%} @@ -697,6 +697,14 @@ ext_pillar: # master config file that can then be used on minions. {{ get_config('pillar_opts', 'True') }} +# The pillar_source_merging_strategy option allows you to configure merging strategy +# between different sources. It accepts four values: recurse, aggregate, overwrite, +# or smart. Recurse will merge recursively mapping of data. Aggregate instructs +# aggregation of elements between sources that use the #!yamlex renderer. Overwrite +# will verwrite elements according the order in which they are processed. This is +# behavior of the 2014.1 branch and earlier. Smart guesses the best strategy based +# on the "renderer" setting and is the default value. +{{ get_config('pillar_source_merging_strategy', 'smart') }} ##### Syndic settings ##### ########################################## From a01249a7fc3f6e69baa80c242e59e6430de06773 Mon Sep 17 00:00:00 2001 From: Andrew Vant Date: Fri, 17 Apr 2015 10:48:47 -0400 Subject: [PATCH 010/146] ec2/gce profiles/providers are no longer configured if they are not used. Needed because salt-cloud will attempt to load them even if they are filled with invalid default values, creating error spam. --- salt/files/cloud.profiles.d/ec2.conf | 5 ++++- salt/files/cloud.profiles.d/gce.conf | 5 ++++- salt/files/cloud.providers.d/ec2.conf | 2 ++ salt/files/cloud.providers.d/gce.conf | 4 +++- 4 files changed, 13 insertions(+), 3 deletions(-) diff --git a/salt/files/cloud.profiles.d/ec2.conf b/salt/files/cloud.profiles.d/ec2.conf index 3032f1a..2141ef7 100644 --- a/salt/files/cloud.profiles.d/ec2.conf +++ b/salt/files/cloud.profiles.d/ec2.conf @@ -1,4 +1,6 @@ # This file managed by Salt, do not edit by hand!! +{% set cloud = salt['pillar.get']('salt:cloud', {}) -%} +{% if 'aws_key' in cloud %} base_ubuntu_ec2: provider: ec2_ubuntu_public image: ami-cb4986bc @@ -13,4 +15,5 @@ base_ubuntu_ec2: SecurityGroupId: - sg-6ec11d3b tag: {'Environment': 'production', 'Role': 'ubuntu'} - sync_after_install: grains \ No newline at end of file + sync_after_install: grains +{% endif %} diff --git a/salt/files/cloud.profiles.d/gce.conf b/salt/files/cloud.profiles.d/gce.conf index 8120489..0311d03 100644 --- a/salt/files/cloud.profiles.d/gce.conf +++ b/salt/files/cloud.profiles.d/gce.conf @@ -1,4 +1,6 @@ # This file managed by Salt, do not edit by hand!! +{%- set cloud = salt['pillar.get']('salt:cloud', {}) -%} +{%- if 'gce_project' in cloud %} base_debian_gce: image: debian-7-wheezy size: g1-small @@ -10,4 +12,5 @@ base_debian_gce: delete_boot_pd: True deploy: True make_master: False - provider: gce \ No newline at end of file + provider: gce +{%- endif %} diff --git a/salt/files/cloud.providers.d/ec2.conf b/salt/files/cloud.providers.d/ec2.conf index 56dab21..5cb7e05 100644 --- a/salt/files/cloud.providers.d/ec2.conf +++ b/salt/files/cloud.providers.d/ec2.conf @@ -1,5 +1,6 @@ # This file managed by Salt, do not edit by hand!! {% set cloud = salt['pillar.get']('salt:cloud', {}) -%} +{% if 'aws_key' in cloud %} ec2_ubuntu_public: minion: master: {{ cloud.get('master', 'salt') }} @@ -14,3 +15,4 @@ ec2_ubuntu_public: availability_zone: eu-west-1a ssh_username: ubuntu provider: ec2 +{% endif %} diff --git a/salt/files/cloud.providers.d/gce.conf b/salt/files/cloud.providers.d/gce.conf index def68f2..d963143 100644 --- a/salt/files/cloud.providers.d/gce.conf +++ b/salt/files/cloud.providers.d/gce.conf @@ -1,5 +1,6 @@ # This file managed by Salt, do not edit by hand!! -{% set cloud = salt['pillar.get']('salt:cloud', {}) -%} +{%- set cloud = salt['pillar.get']('salt:cloud', {}) -%} +{%- if 'gce_project' in cloud %} gce: project: "{{ cloud.get('gce_project', 'DEFAULT') }}" service_account_email_address: "{{ cloud.get('gce_service_account_email_address', 'DEFAULT') }}" @@ -9,3 +10,4 @@ gce: grains: test: True provider: gce +{%- endif %} From df05eb70d853dde6bad5300559dfb034766e558c Mon Sep 17 00:00:00 2001 From: Julien Lavergne Date: Wed, 22 Apr 2015 16:59:18 +0200 Subject: [PATCH 011/146] fixed wrong command name: add-apt-repository became apt-add-repository --- dev/setup-salt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/setup-salt.sh b/dev/setup-salt.sh index dc0a734..43a4c1f 100644 --- a/dev/setup-salt.sh +++ b/dev/setup-salt.sh @@ -1,5 +1,5 @@ #!/bin/sh -sudo add-apt-repository ppa:saltstack/salt -y +sudo apt-add-repository ppa:saltstack/salt -y sudo apt-get update -y sudo apt-get install salt-master -y sudo apt-get install salt-minion -y From e87132cf1c117274671b0686ff18739e6e275700 Mon Sep 17 00:00:00 2001 From: Julien Lavergne Date: Thu, 23 Apr 2015 10:11:36 +0200 Subject: [PATCH 012/146] fixed missing add-apt-repository command when ubuntu is the server one --- dev/setup-salt.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dev/setup-salt.sh b/dev/setup-salt.sh index 43a4c1f..a8cede4 100644 --- a/dev/setup-salt.sh +++ b/dev/setup-salt.sh @@ -1,5 +1,7 @@ #!/bin/sh -sudo apt-add-repository ppa:saltstack/salt -y +sudo apt-get update -y +sudo apt-get install python-software-properties pkg-config software-properties-common -y +sudo add-apt-repository ppa:saltstack/salt -y sudo apt-get update -y sudo apt-get install salt-master -y sudo apt-get install salt-minion -y From 09073ebed81c60dde8376d649668672cc4d3270a Mon Sep 17 00:00:00 2001 From: Julien Lavergne Date: Thu, 23 Apr 2015 11:08:39 +0200 Subject: [PATCH 013/146] optimized setup bootstrap --- dev/setup-salt.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dev/setup-salt.sh b/dev/setup-salt.sh index a8cede4..12aaaf8 100644 --- a/dev/setup-salt.sh +++ b/dev/setup-salt.sh @@ -2,7 +2,6 @@ sudo apt-get update -y sudo apt-get install python-software-properties pkg-config software-properties-common -y sudo add-apt-repository ppa:saltstack/salt -y -sudo apt-get update -y sudo apt-get install salt-master -y sudo apt-get install salt-minion -y # setup top files to test the formula From 4344a1311b414f37fde4469bc05ef234ea96d3bc Mon Sep 17 00:00:00 2001 From: Javier Domingo Date: Fri, 8 May 2015 22:33:43 +0200 Subject: [PATCH 014/146] Cleanup template for easier user reading The user will already have it's /etc/salt/minion file, so it doesn't need all this info, and it makes easier to know what has been generated and what not --- salt/files/minion.d/f_defaults.conf | 544 +++++----------------------- 1 file changed, 86 insertions(+), 458 deletions(-) diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index 3c234ca..3e743c9 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -16,14 +16,10 @@ ##### Primary configuration settings ##### ########################################## -# Per default the minion will automatically include all config files -# from minion.d/*.conf (minion.d is a directory in the same directory -# as the main minion config file). +# minion includes {{ get_config('default_include', 'minion.d/*.conf') }} -# Set the location of the salt master server. If the master server cannot be -# resolved, then the minion will fail to start. -# master:salt +# master configs {%- if 'master' in cfg_minion -%} {%- if cfg_minion['master'] is not string %} master: @@ -44,147 +40,87 @@ master: {%- endif -%} {%- endif %} -# If multiple masters are specified in the 'master' setting, the default behavior -# is to always try to connect to them in the order they are listed. If random_master is -# set to True, the order will be randomized instead. This can be helpful in distributing -# the load of many minions executing salt-call requests, for example, from a cron job. -# If only one master is listed, this setting is ignored and a warning will be logged. +# choose a random master {{ get_config('random_master', 'False') }} -# Set whether the minion should connect to the master via IPv6: +# use IPv6 {{ get_config('ipv6', 'False') }} -# Set the number of seconds to wait before attempting to resolve -# the master hostname if name resolution fails. Defaults to 30 seconds. -# Set to zero if the minion should shutdown and not retry. +# name resolution retries {{ get_config('retry_dns', '30') }} -# Set the port used by the master reply and authentication server. +# master port {{ get_config('master_port', '4506') }} -# The user to run salt. +# user to run salt. {{ get_config('user', 'root') }} -# Specify the location of the daemon process ID file. +# PID file {{ get_config('pidfile', '/var/run/salt-minion.pid') }} -# The root directory prepended to these options: pki_dir, cachedir, log_file, -# sock_dir, pidfile. +# root dir {{ get_config('root_dir', '/') }} -# The directory to store the pki information in +# pki dir {{ get_config('pki_dir', '/etc/salt/pki/minion') }} -# Explicitly declare the id for this minion to use, if left commented the id -# will be the hostname as returned by the python call: socket.getfqdn() -# Since salt uses detached ids it is possible to run multiple minions on the -# same machine but with different ids, this can be useful for salt compute -# clusters. +# minion id {% if 'id' in cfg_minion -%} id: {{ cfg_minion['id'] }} {% else -%} #id: {%- endif %} -# Append a domain to a hostname in the event that it does not exist. This is -# useful for systems where socket.getfqdn() does not actually result in a -# FQDN (for instance, Solaris). +# domain name for hostnames {{ get_config('append_domain', '') }} -# Custom static grains for this minion can be specified here and used in SLS -# files just like all other grains. This example sets 4 custom grains, with -# the 'roles' grain having two values that can be matched against. -#grains: -# roles: -# - webserver -# - memcache -# deployment: datacenter4 -# cabinet: 13 -# cab_u: 14-15 +# custom grains {{ get_config('grains', '{}') }} -# Where cache data goes. +# cache location {{ get_config('cachedir', '/var/cache/salt/minion') }} -# Verify and set permissions on configuration directories at startup. +# environment verification {{ get_config('verify_env', 'True') }} -# The minion can locally cache the return data from jobs sent to it, this -# can be a good way to keep track of jobs the minion has executed -# (on the minion side). By default this feature is disabled, to enable, set -# cache_jobs to True. +# cache executed jobs {{ get_config('cache_jobs', 'False') }} -# Set the directory used to hold unix sockets. +# unix socket location {{ get_config('sock_dir', '/var/run/salt/minion') }} -# Set the default outputter used by the salt-call command. The default is -# "nested". +# output formatter {{ get_config('output', 'nested') }} -# -# By default output is colored. To disable colored output, set the color value -# to False. +# output color {{ get_config('color', 'True') }} - -# Do not strip off the colored output from nested results and state outputs -# (true by default). +# remove nested color {{ get_config('strip_colors', 'False') }} -# Backup files that are replaced by file.managed and file.recurse under -# 'cachedir'/file_backups relative to their original location and appended -# with a timestamp. The only valid setting is "minion". Disabled by default. -# -# Alternatively this can be specified for each file in state files: -# /etc/ssh/sshd_config: -# file.managed: -# - source: salt://ssh/sshd_config -# - backup: minion -# +# backup modified files {{ get_config('backup_mode', 'minion') }} -# When waiting for a master to accept the minion's public key, salt will -# continuously attempt to reconnect until successful. This is the time, in -# seconds, between those reconnection attempts. +# key acceptance time {{ get_config('acceptance_wait_time', '10') }} - -# If this is nonzero, the time between reconnection attempts will increase by -# acceptance_wait_time seconds per iteration, up to this maximum. If this is -# set to zero, the time between reconnection attempts will stay constant. +# maximum acceptance wait {{ get_config('acceptance_wait_time_max', '0') }} - -# If the master rejects the minion's public key, retry instead of exiting. -# Rejected keys will be handled the same as waiting on acceptance. +# retry key {{ get_config('rejected_retry', 'False') }} - -# When the master key changes, the minion will try to re-auth itself to receive -# the new master key. In larger environments this can cause a SYN flood on the -# master because all minions try to re-auth immediately. To prevent this and -# have a minion wait for a random amount of time, use this optional parameter. -# The wait-time will be a random number of seconds between 0 and the defined value. +# time to wait for trying reauth {{ get_config('random_reauth_delay', '60') }} - -# When waiting for a master to accept the minion's public key, salt will -# continuously attempt to reconnect until successful. This is the timeout value, -# in seconds, for each individual attempt. After this timeout expires, the minion -# will wait for acceptance_wait_time seconds before trying again. Unless your master -# is under unusually heavy load, this should be left at the default. +# auth wait timeout {{ get_config('auth_timeout', '60') }} - -# Number of consecutive SaltReqTimeoutError that are acceptable when trying to -# authenticate. +# auth retries {{ get_config('auth_tries', '7') }} - -# If authentication fails due to SaltReqTimeoutError during a ping_interval, -# cause sub minion process to restart. +# retry auth if ping failed {{ get_config('auth_safemode', 'False') }} -# Ping Master to ensure connection is alive (minutes). +# master ping interval {{ get_config('ping_interval', '0') }} -# The Salt Mine functions are executed when the minion starts and at a given interval by the scheduler. -# The default interval is every 60 minutes. +# salt mine functions execution interval {{ get_config('mine_interval', '60') }} +# mine functions {%- if 'mine_functions' in cfg_minion %} mine_functions: {%- for func, args in cfg_minion['mine_functions'].items() %} @@ -192,136 +128,34 @@ mine_functions: {%- endfor %} {%- endif %} -# To auto recover minions if master changes IP address (DDNS) -# auth_tries: 10 -# auth_safemode: False -# ping_interval: 90 -# restart_on_error: True -# -# Minions won't know master is missing until a ping fails. After the ping fail, -# the minion will attempt authentication and likely fails out and cause a restart. -# When the minion restarts it will resolve the masters IP and attempt to reconnect. - -# If you don't have any problems with syn-floods, don't bother with the -# three recon_* settings described below, just leave the defaults! -# -# The ZeroMQ pull-socket that binds to the masters publishing interface tries -# to reconnect immediately, if the socket is disconnected (for example if -# the master processes are restarted). In large setups this will have all -# minions reconnect immediately which might flood the master (the ZeroMQ-default -# is usually a 100ms delay). To prevent this, these three recon_* settings -# can be used. -# recon_default: the interval in milliseconds that the socket should wait before -# trying to reconnect to the master (1000ms = 1 second) -# -# recon_max: the maximum time a socket should wait. each interval the time to wait -# is calculated by doubling the previous time. if recon_max is reached, -# it starts again at recon_default. Short example: -# -# reconnect 1: the socket will wait 'recon_default' milliseconds -# reconnect 2: 'recon_default' * 2 -# reconnect 3: ('recon_default' * 2) * 2 -# reconnect 4: value from previous interval * 2 -# reconnect 5: value from previous interval * 2 -# reconnect x: if value >= recon_max, it starts again with recon_default -# -# recon_randomize: generate a random wait time on minion start. The wait time will -# be a random value between recon_default and recon_default + -# recon_max. Having all minions reconnect with the same recon_default -# and recon_max value kind of defeats the purpose of being able to -# change these settings. If all minions have the same values and your -# setup is quite large (several thousand minions), they will still -# flood the master. The desired behavior is to have timeframe within -# all minions try to reconnect. -# -# Example on how to use these settings. The goal: have all minions reconnect within a -# 60 second timeframe on a disconnect. -# recon_default: 1000 -# recon_max: 59000 -# recon_randomize: True -# -# Each minion will have a randomized reconnect value between 'recon_default' -# and 'recon_default + recon_max', which in this example means between 1000ms -# 60000ms (or between 1 and 60 seconds). The generated random-value will be -# doubled after each attempt to reconnect. Lets say the generated random -# value is 11 seconds (or 11000ms). -# reconnect 1: wait 11 seconds -# reconnect 2: wait 22 seconds -# reconnect 3: wait 33 seconds -# reconnect 4: wait 44 seconds -# reconnect 5: wait 55 seconds -# reconnect 6: wait time is bigger than 60 seconds (recon_default + recon_max) -# reconnect 7: wait 11 seconds -# reconnect 8: wait 22 seconds -# reconnect 9: wait 33 seconds -# reconnect x: etc. -# -# In a setup with ~6000 thousand hosts these settings would average the reconnects -# to about 100 per second and all hosts would be reconnected within 60 seconds. +# reconnection parameters {{ get_config('recon_default', '100') }} {{ get_config('recon_max', '5000') }} {{ get_config('recon_randomize', 'False') }} -# The loop_interval sets how long in seconds the minion will wait between -# evaluating the scheduler and running cleanup tasks. This defaults to a -# sane 60 seconds, but if the minion scheduler needs to be evaluated more -# often lower this value +# minion scheduler interval {{ get_config('loop_interval', '60') }} -# The grains_refresh_every setting allows for a minion to periodically check -# its grains to see if they have changed and, if so, to inform the master -# of the new grains. This operation is moderately expensive, therefore -# care should be taken not to set this value too low. -# -# Note: This value is expressed in __minutes__! -# -# A value of 10 minutes is a reasonable default. -# -# If the value is set to zero, this check is disabled. +# grain refresh interval {{ get_config('grains_refresh_every', '1') }} - -# Cache grains on the minion. Default is False. +# cache grains in minion {{ get_config('grains_cache', 'False') }} - -# Grains cache expiration, in seconds. If the cache file is older than this -# number of seconds then the grains cache will be dumped and fully re-populated -# with fresh data. Defaults to 5 minutes. Will have no effect if 'grains_cache' -# is not enabled. +# grains cache expiration interval {{ get_config('grains_cache_expiration', '300') }} -# Windows platforms lack posix IPC and must rely on slower TCP based inter- -# process communications. Set ipc_mode to 'tcp' on such systems +# ipc method {{ get_config('ipc_mode', 'ipc') }} - -# Overwrite the default tcp ports used by the minion when in tcp mode +# ipc tcp ports {{ get_config('tcp_pub_port', '4510') }} {{ get_config('tcp_pull_port', '4511') }} -# Passing very large events can cause the minion to consume large amounts of -# memory. This value tunes the maximum size of a message allowed onto the -# minion event bus. The value is expressed in bytes. +# max event size in minion bus {{ get_config('max_event_size', '1048576') }} -# To detect failed master(s) and fire events on connect/disconnect, set -# master_alive_interval to the number of seconds to poll the masters for -# connection events. -# +# master check alive interval {{ get_config('master_alive_interval', '30') }} -# The minion can include configuration from other files. To enable this, -# pass a list of paths to this option. The paths can be either relative or -# absolute; if relative, they are considered to be relative to the directory -# the main minion configuration file lives in (this file). Paths can make use -# of shell-style globbing. If no files are matched by a path passed to this -# option then the minion will log a warning message. -# -# Include a config file from some other path: -# include: /etc/salt/extra_config -# -# Include config from several files and directories: -#include: -# - /etc/salt/extra_config -# - /etc/roles/webserver +# include extra config {% if 'include' in cfg_minion -%} {% if isinstance(cfg_minion['include'], list) -%} include: @@ -345,169 +179,69 @@ mine_functions: ##### Minion module management ##### ########################################## -# Disable specific modules. This allows the admin to limit the level of -# access the master has to the minion. +# disable modules {{ get_config('disable_modules', '[cmd,test]') }} {{ get_config('disable_returners', '[]') }} # -# Modules can be loaded from arbitrary paths. This enables the easy deployment -# of third party modules. Modules for returners and minions can be loaded. -# Specify a list of extra directories to search for minion modules and -# returners. These paths must be fully qualified! +# minion modules search paths {{ get_config('module_dirs', '[]') }} {{ get_config('returner_dirs', '[]') }} {{ get_config('states_dirs', '[]') }} {{ get_config('render_dirs', '[]') }} {{ get_config('utils_dirs', '[]') }} -# -# A module provider can be statically overwritten or extended for the minion -# via the providers option, in this case the default module will be -# overwritten by the specified module. In this example the pkg module will -# be provided by the yumpkg5 module instead of the system default. -#providers: -# pkg: yumpkg5 +# module overrides {{ get_config('providers', '{}') }} -# -# Enable Cython modules searching and loading. (Default: False) +# enable cython modules {{ get_config('cython_enable', 'False') }} -# -# Specify a max size (in bytes) for modules on import. This feature is currently -# only supported on *nix operating systems and requires psutil. +# max module size {{ get_config('modules_max_memory', '-1') }} ##### State Management Settings ##### ########################################### -# The state management system executes all of the state templates on the minion -# to enable more granular control of system state management. The type of -# template and serialization used for state management needs to be configured -# on the minion, the default renderer is yaml_jinja. This is a yaml file -# rendered from a jinja template, the available options are: -# yaml_jinja -# yaml_mako -# yaml_wempy -# json_jinja -# json_mako -# json_wempy -# +# renderer selection {{ get_config('renderer', 'yaml_jinja') }} -# -# The failhard option tells the minions to stop immediately after the first -# failure detected in the state execution. Defaults to False. +# fail on first failure {{ get_config('failhard', 'False') }} -# -# autoload_dynamic_modules turns on automatic loading of modules found in the -# environments on the master. This is turned on by default. To turn of -# autoloading modules when states run, set this value to False. +# auto reload dynamic modules {{ get_config('autoload_dynamic_modules', 'True') }} -# -# clean_dynamic_modules keeps the dynamic modules on the minion in sync with -# the dynamic modules on the master, this means that if a dynamic module is -# not on the master it will be deleted from the minion. By default, this is -# enabled and can be disabled by changing this value to False. +# sync dynamic modules with deletion {{ get_config('clean_dynamic_modules', 'True') }} -# -# Normally, the minion is not isolated to any single environment on the master -# when running states, but the environment can be isolated on the minion side -# by statically setting it. Remember that the recommended way to manage -# environments is to isolate via the top file. +# minion accepted environment {{ get_config('environment', 'None') }} -# -# If using the local file directory, then the state top file name needs to be -# defined, by default this is top.sls. +# top state file {{ get_config('state_top', 'top.sls') }} -# -# Run states when the minion daemon starts. To enable, set startup_states to: -# 'highstate' -- Execute state.highstate -# 'sls' -- Read in the sls_list option and execute the named sls files -# 'top' -- Read top_file option and execute based on that file on the Master +# states to run in minion daemon {{ get_config('startup_states', "''") }} -# -# List of states to run when the minion starts up if startup_states is 'sls': -#sls_list: -# - edit.vim -# - hyper +# sls states to run {{ get_config('sls_list', '[]') }} -# -# Top file to execute if startup_states is 'top': +# top file to run {{ get_config('top_file', "''") }} -# Automatically aggregate all states that have support for mod_aggregate by -# setting to True. Or pass a list of state module names to automatically -# aggregate just those types. -# -# state_aggregate: -# - pkg -# -#state_aggregate: False - ##### File Directory Settings ##### ########################################## -# The Salt Minion can redirect all file server operations to a local directory, -# this allows for the same state tree that is on the master to be used if -# copied completely onto the minion. This is a literal copy of the settings on -# the master but used to reference a local directory on the minion. - -# Set the file client. The client defaults to looking on the master server for -# files, but can be directed to look at the local file directory setting -# defined below by setting it to local. +# file client location {%- if standalone %} file_client: local {%- else %} {{ get_config('file_client', 'remote') }} {%- endif %} -# The file directory works on environments passed to the minion, each environment -# can have multiple root directories, the subdirectories in the multiple file -# roots cannot match, otherwise the downloaded files will not be able to be -# reliably ensured. A base environment is required to house the top file. -# Example: -# file_roots: -# base: -# - /srv/salt/ -# dev: -# - /srv/salt/dev/services -# - /srv/salt/dev/states -# prod: -# - /srv/salt/prod/services -# - /srv/salt/prod/states -# +# environment file roots {% if 'file_roots' in cfg_minion -%} {{ file_roots(cfg_minion['file_roots']) }} {%- elif 'file_roots' in cfg_salt -%} {{ file_roots(cfg_salt['file_roots']) }} {%- elif formulas|length -%} {{ file_roots({'base': ['/srv/salt']}) }} -{%- else -%} -#file_roots: -# base: -# - /srv/salt {%- endif %} -# By default, the Salt fileserver recurses fully into all defined environments -# to attempt to find files. To limit this behavior so that the fileserver only -# traverses directories with SLS files and special Salt directories like _modules, -# enable the option below. This might be useful for installations where a file root -# has a very large number of files and performance is negatively impacted. Default -# is False. +# limit fileserver traversal {{ get_config('fileserver_limit_traversal', 'False') }} -# -# Git fileserver backend configuration -# -# Gitfs can be provided by one of two python modules: GitPython or pygit2. If -# using pygit2, both libgit2 and git must also be installed. +# gitfs provider {{ get_config('gitfs_provider', 'pygit2') }} -# -# When using the git fileserver backend at least one git remote needs to be -# defined. The user running the salt master will need read access to the repo. -# -# The repos will be searched in order to find the file requested by a client -# and the first repo to have the file will return it. -# When using the git backend branches and tags are translated into salt -# environments. -# Note: file:// repos will be treated as a remote, so refs you want used must -# exist in that repo as *local* refs. +# gitfs remotes {% if 'gitfs_remotes' in cfg_minion -%} gitfs_remotes: {%- for remote in cfg_minion['gitfs_remotes'] %} @@ -525,34 +259,15 @@ gitfs_remotes: {%- endif -%} {%- endfor -%} {%- endif %} -# -#gitfs_remotes: -# - git://github.com/saltstack/salt-states.git -# - file:///var/git/saltmaster -# -# The gitfs_ssl_verify option specifies whether to ignore ssl certificate -# errors when contacting the gitfs backend. You might want to set this to -# false if you're using a git backend that uses a self-signed certificate but -# keep in mind that setting this flag to anything other than the default of True -# is a security concern, you may want to try using the ssh transport. +# verify git ssl errors {{ get_config('gitfs_ssl_verify', 'True') }} - -# The gitfs_root option gives the ability to serve files from a subdirectory -# within the repository. The path is defined relative to the root of the -# repository and defaults to the repository root. +# gitfs root dir {{ get_config('gitfs_root', 'somefolder/otherfolder') }} - -# The hash_type is the hash to use when discovering the hash of a file in -# the local fileserver. The default is md5, but sha1, sha224, sha256, sha384 -# and sha512 are also supported. -# -# Warning: Prior to changing this value, the minion should be stopped and all -# Salt caches should be cleared. + +# file hash method {{ get_config('hash_type', 'md5') }} -# The Salt pillar is searched for locally if file_client is set to local. If -# this is the case, and pillar data is defined, then the pillar_roots need to -# also be configured on the minion: +# pillar roots {% if 'pillar_roots' in cfg_minion -%} pillar_roots: {%- for name, roots in cfg_minion['pillar_roots']|dictsort %} @@ -569,119 +284,58 @@ pillar_roots: - {{ dir }} {%- endfor -%} {%- endfor -%} -{% else -%} -#pillar_roots: -# base: -# - /srv/salt {%- endif %} ###### Security settings ##### ########################################### -# Enable "open mode", this mode still maintains encryption, but turns off -# authentication, this is only intended for highly secure environments or for -# the situation where your keys end up in a bad state. If you run in open mode -# you do so at your own risk! +# disable authentication {{ get_config('open_mode', 'False') }} - -# Enable permissive access to the salt keys. This allows you to run the -# master or minion as root, but have a non-root group be given access to -# your pki_dir. To make the access explicit, root must belong to the group -# you've given access to. This is potentially quite insecure. +# allow access to pki dir {{ get_config('permissive_pki_access', 'False') }} -# The state_verbose and state_output settings can be used to change the way -# state system data is printed to the display. By default all data is printed. -# The state_verbose setting can be set to True or False, when set to False -# all data that has a result of True and no changes will be suppressed. +# print verbose changes {{ get_config('state_verbose', 'True') }} - -# The state_output setting changes if the output is the full multi line -# output for each changed state if set to 'full', but if set to 'terse' -# the output will be shortened to a single line. +# multi line output {{ get_config('state_output', 'full') }} - -# The state_output_diff setting changes whether or not the output from -# successful states is returned. Useful when even the terse output of these -# states is cluttering the logs. Set it to True to ignore them. +# output diff {{ get_config('state_output_diff', 'False') }} -# Fingerprint of the master public key to double verify the master is valid, -# the master fingerprint can be found by running "salt-key -F master" on the -# salt master. +# master fingerprint {{ get_config('master_finger', "''") }} ###### Thread settings ##### ########################################### -# Disable multiprocessing support, by default when a minion receives a -# publication a new process is spawned and the command is executed therein. +# enable multiprocessing {{ get_config('multiprocessing', 'True') }} ##### Logging settings ##### ########################################## -# The location of the minion log file -# The minion log can be sent to a regular file, local path name, or network -# location. Remote logging works best when configured to use rsyslogd(8) (e.g.: -# ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI -# format is: ://:/ -#log_file: /var/log/salt/minion -#log_file: file:///dev/log -#log_file: udp://loghost:10514 -# +# log file and log lock file location {{ get_config('log_file', '/var/log/salt/minion') }} {{ get_config('key_logfile', ' /var/log/salt/key') }} -# The level of messages to send to the console. -# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. -# Default: 'warning' +# console log level {{ get_config('log_level', 'warning') }} - -# The level of messages to send to the log file. -# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. -# If using 'log_granular_levels' this must be set to the highest desired level. -# Default: 'warning' +# logfile log level {{ get_config('log_level_logfile', '') }} -# The date and time format used in log messages. Allowed date/time formating -# can be seen here: http://docs.python.org/library/time.html#time.strftime +# datetime format for console and logfile {{ get_config('log_datefmt', "'%H:%M:%S'") }} {{ get_config('log_datefmt_logfile', "'%Y-%m-%d %H:%M:%S'") }} -# The format of the console logging messages. Allowed formatting options can -# be seen here: http://docs.python.org/library/logging.html#logrecord-attributes +# log format for console and logfiles {{ get_config('log_fmt_console', "'[%(levelname)-8s] %(message)s'") }} {{ get_config('log_fmt_logfile', "'%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'") }} -# This can be used to control logging levels more specificically. This -# example sets the main salt library at the 'warning' level, but sets -# 'salt.modules' to log at the 'debug' level: -# log_granular_levels: -# 'salt': 'warning' -# 'salt.modules': 'debug' -# +# log particular modules {{ get_config('log_granular_levels', '{}') }} ###### Module configuration ##### ########################################### -# Salt allows for modules to be passed arbitrary configuration data, any data -# passed here in valid yaml format will be passed on to the salt minion modules -# for use. It is STRONGLY recommended that a naming convention be used in which -# the module name is followed by a . and then the value. Also, all top level -# data must be applied via the yaml dict construct, some examples: -# -# You can specify that all modules should run in test mode: -#test: True -# -# A simple value for the test module: -#test.foo: foo -# -# A list for the test module: -#test.bar: [baz,quo] -# -# A dict for the test module: -#test.baz: {spam: sausage, cheese: bread} +# module parameters {%- if 'module_config' in cfg_minion %} {%- for modkey, modval in cfg_minion.module_config.items() %} {{ modkey }}: {{ modval }} @@ -691,51 +345,25 @@ pillar_roots: ###### Update settings ###### ########################################### -# Using the features in Esky, a salt minion can both run as a frozen app and -# be updated on the fly. These options control how the update process -# (saltutil.update()) behaves. -# -# The url for finding and downloading updates. Disabled by default. +# update url {{ get_config('update_url', 'False') }} -# -# The list of services to restart after a successful update. Empty by default. +# services to restart after update {{ get_config('update_restart_services', '[]') }} ###### Keepalive settings ###### ############################################ -# ZeroMQ now includes support for configuring SO_KEEPALIVE if supported by -# the OS. If connections between the minion and the master pass through -# a state tracking device such as a firewall or VPN gateway, there is -# the risk that it could tear down the connection the master and minion -# without informing either party that their connection has been taken away. -# Enabling TCP Keepalives prevents this from happening. - -# Overall state of TCP Keepalives, enable (1 or True), disable (0 or False) -# or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled. +# use tcp keepalive {{ get_config('tcp_keepalive', 'True') }} - -# How long before the first keepalive should be sent in seconds. Default 300 -# to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds -# on Linux see /proc/sys/net/ipv4/tcp_keepalive_time. +# first keepalive from idle {{ get_config('tcp_keepalive_idle', '300') }} - -# How many lost probes are needed to consider the connection lost. Default -1 -# to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes. +# keepalive number for connection lost {{ get_config('tcp_keepalive_cnt', '-1') }} - -# How often, in seconds, to send keepalives after the first one. Default -1 to -# use OS defaults, typically 75 seconds on Linux, see -# /proc/sys/net/ipv4/tcp_keepalive_intvl. +# keepalive interval {{ get_config('tcp_keepalive_intvl', '-1') }} ###### Windows Software settings ###### ############################################ -# Location of the repository cache file on the master: +# windows repo cache {{ get_config('win_repo_cachefile', 'salt://win/repo/winrepo.p') }} - -###### Returner settings ###### -############################################ -# Which returner(s) will be used for minion's result: -#return: mysql From 47b75d05c7a9c52215337e33484d374c23f3b0b7 Mon Sep 17 00:00:00 2001 From: Edvinas Klovas Date: Thu, 14 May 2015 13:37:36 +0300 Subject: [PATCH 015/146] add pillar_roots for minion and master in pillar.example --- pillar.example | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pillar.example b/pillar.example index 3f7a8f3..614cc7d 100644 --- a/pillar.example +++ b/pillar.example @@ -27,7 +27,9 @@ salt: file_roots: base: - /srv/salt - + pillar_roots: + base: + - /srv/pillar # for salt-api with tornado rest interface rest_tornado: port: 8000 @@ -56,6 +58,9 @@ salt: file_roots: base: - /srv/salt + pillar_roots: + base: + - /srv/pillar module_config: test: True test.foo: foo From 47b37f2ffb0b74100a23a93f620525c5ea081cb5 Mon Sep 17 00:00:00 2001 From: Edvinas Klovas Date: Sat, 16 May 2015 15:10:36 +0300 Subject: [PATCH 016/146] Fix pillar_roots configuration format in master This commit fixes how `pillar_roots` are generated and after this fix the generated configuration does not contain any unnecessary new lines: ```yaml pillar_roots: base: /srv/salt/dir1 dev: /srv/salt/dir2 /srv/salt/dir3 locale: /srv/salt/dir4 ``` Before this commit the pillar_roots in `f_defaults.conf` for master would be generated with a lot of empty lines in between directories, like this: ```yaml pillar_roots: base: /srv/salt/dir1 dev: /srv/salt/dir2 /srv/salt/dir3 local: /srv/salt/dir4 ``` The minion configuration is not affected and renders fine. --- salt/files/master.d/f_defaults.conf | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 53cbd41..4f72676 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -642,27 +642,27 @@ gitfs_remotes: # Pillar is laid out in the same fashion as the file server, with environments, # a top file and sls files. However, pillar data does not need to be in the # highstate format, and is generally just key/value pairs. -{% if 'pillar_roots' in cfg_master %} +{% if 'pillar_roots' in cfg_master -%} pillar_roots: -{% for name, roots in cfg_master['pillar_roots']|dictsort %} +{%- for name, roots in cfg_master['pillar_roots']|dictsort %} {{ name }}: -{% for dir in roots %} +{%- for dir in roots %} - {{ dir }} +{%- endfor -%} {% endfor %} -{% endfor %} -{% elif 'pillar_roots' in cfg_salt %} +{%- elif 'pillar_roots' in cfg_salt -%} pillar_roots: -{% for name, roots in cfg_salt['pillar_roots']|dictsort %} +{%- for name, roots in cfg_salt['pillar_roots']|dictsort -%} {{ name }}: -{% for dir in roots %} +{%- for dir in roots -%} - {{ dir }} -{% endfor %} -{% endfor %} -{% else %} +{%- endfor -%} +{%- endfor -%} +{%- else -%} #pillar_roots: # base: # - /srv/pillar -{% endif %} +{%- endif -%} # {% if 'ext_pillar' in cfg_master %} ext_pillar: From 8992e158827e28b94d58dadd259fe2b957bc444d Mon Sep 17 00:00:00 2001 From: Edvinas Klovas Date: Sat, 16 May 2015 15:51:19 +0300 Subject: [PATCH 017/146] fix typo --- salt/files/master.d/f_defaults.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 4f72676..e15689c 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -662,7 +662,7 @@ pillar_roots: #pillar_roots: # base: # - /srv/pillar -{%- endif -%} +{%- endif %} # {% if 'ext_pillar' in cfg_master %} ext_pillar: From 14c262fdadcb3a8cc4a728c2da61d8e1ed928e3b Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Sun, 17 May 2015 15:39:49 +0200 Subject: [PATCH 018/146] fix empty formulas list in pillar with empty dic. --- salt/formulas.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/formulas.sls b/salt/formulas.sls index 55c31fe..b2461d8 100644 --- a/salt/formulas.sls +++ b/salt/formulas.sls @@ -4,7 +4,7 @@ {% from "salt/formulas.jinja" import formulas_git_opt with context %} # Loop over all formulas listed in pillar data -{% for env, entries in salt['pillar.get']('salt_formulas:list').iteritems() %} +{% for env, entries in salt['pillar.get']('salt_formulas:list', {}).iteritems() %} {% for entry in entries %} {% set basedir = formulas_git_opt(env, 'basedir') %} From 145b58a9d373500dbfc91cdc59d8065b228095be Mon Sep 17 00:00:00 2001 From: puneet kandhari Date: Tue, 26 May 2015 09:41:04 -0500 Subject: [PATCH 019/146] Remove Duplicates from defaults.yaml and map.jinja --- salt/defaults.yaml | 7 ++- salt/map.jinja | 126 ++++++++++++++++++++------------------------- 2 files changed, 63 insertions(+), 70 deletions(-) diff --git a/salt/defaults.yaml b/salt/defaults.yaml index c42f5aa..de663e1 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -1,17 +1,22 @@ +# -*- coding: utf-8 -*- +# vim: ft=yaml salt: install_packages: True + clean_config_d_dir: True + config_path: /etc/salt + minion_service: salt-minion master_service: salt-master api_service: salt-api syndic_service: salt-syndic + salt_master: salt-master salt_minion: salt-minion salt_syndic: salt-syndic salt_cloud: salt-cloud salt_api: salt-api salt_ssh: salt-ssh - clean_config_d_dir: True master: gitfs_provider: gitpython diff --git a/salt/map.jinja b/salt/map.jinja index 0f989e7..b8347d0 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -1,72 +1,60 @@ +# -*- coding: utf-8 -*- +# vim: ft=jinja + +{## Start with defaults from defaults.yaml ##} {% import_yaml "salt/defaults.yaml" as default_settings %} -{% set distro_map = salt['grains.filter_by']({ - 'Debian': {'salt_master': 'salt-master', - 'salt_minion': 'salt-minion', - 'salt_syndic': 'salt-syndic', - 'salt_cloud': 'salt-cloud', - 'salt_api': 'salt-api', - 'salt_ssh': 'salt-ssh'}, - 'Ubuntu': {'salt_master': 'salt-master', - 'salt_minion': 'salt-minion', - 'salt_syndic': 'salt-syndic', - 'salt_cloud': 'salt-cloud', - 'salt_api': 'salt-api', - 'salt_ssh': 'salt-ssh'}, - 'CentOS': {'salt_master': 'salt-master', - 'salt_minion': 'salt-minion', - 'salt_syndic': 'salt-syndic', - 'salt_cloud': 'salt-cloud', - 'salt_api': 'salt-api', - 'salt_ssh': 'salt-ssh'}, - 'Amazon': {'salt_master': 'salt-master', - 'salt_minion': 'salt-minion', - 'salt_syndic': 'salt-syndic', - 'salt_cloud': 'salt-cloud', - 'salt_api': 'salt-api', - 'salt_ssh': 'salt-ssh'}, - 'Fedora': {'salt_master': 'salt-master', - 'salt_minion': 'salt-minion', - 'salt_syndic': 'salt-syndic', - 'salt_cloud': 'salt-cloud', - 'salt_api': 'salt-api', - 'salt_ssh': 'salt-ssh'}, - 'RedHat': {'salt_master': 'salt-master', - 'salt_minion': 'salt-minion', - 'salt_syndic': 'salt-syndic', - 'salt_cloud': 'salt-cloud', - 'salt_api': 'salt-api', - 'salt_ssh': 'salt-ssh'}, - 'Gentoo': {'salt_master': 'app-admin/salt', - 'salt_minion': 'app-admin/salt', - 'salt_syndic': 'app-admin/salt', - 'salt_api': 'app-admin/salt', - 'salt_cloud': 'app-admin/salt'}, - 'Arch': {'salt_master': 'salt-zmq', - 'salt_minion': 'salt-zmq', - 'salt_syndic': 'salt-zmq', - 'salt_cloud': 'salt-zmq', - 'salt_api': 'salt-zmq', - 'salt_ssh': 'salt-zmq'}, - 'Suse': {'salt_master': 'salt-master', - 'salt_minion': 'salt-minion', - 'salt_syndic': 'salt-syndic', - 'salt_api': 'salt-api', - 'salt_cloud': 'salt-cloud', - 'salt_ssh': 'salt-ssh'}, - 'FreeBSD': {'salt_master': 'py27-salt', - 'salt_minion': 'py27-salt', - 'salt_syndic': 'py27-salt', - 'salt_cloud': 'py27-salt', - 'salt_api': 'py27-salt', - 'config_path': '/usr/local/etc/salt', - 'minion_service': 'salt_minion', - 'master_service': 'salt_master', - 'api_service': 'salt_api', - 'syndic_service': 'salt_syndic'}, -}, merge=salt['pillar.get']('salt:lookup')) %} +{## +Setup variable using grains['os_family'] based logic, only add key:values here +that differ from whats in defaults.yaml +##} +{% set os_family_map = salt['grains.filter_by']({ + 'Debian': {}, + 'Ubuntu': {}, + 'CentOS': {}, + 'Amazon': {}, + 'Fedora': {}, + 'RedHat': {}, + 'Suse': {}, + 'Gentoo': { + 'salt_master': 'app-admin/salt', + 'salt_minion': 'app-admin/salt', + 'salt_syndic': 'app-admin/salt', + 'salt_api': 'app-admin/salt', + 'salt_cloud': 'app-admin/salt' + }, + 'Arch': { + 'salt_master': 'salt-zmq', + 'salt_minion': 'salt-zmq', + 'salt_syndic': 'salt-zmq', + 'salt_cloud': 'salt-zmq', + 'salt_api': 'salt-zmq', + 'salt_ssh': 'salt-zmq' + }, + 'FreeBSD': { + 'salt_master': 'py27-salt', + 'salt_minion': 'py27-salt', + 'salt_syndic': 'py27-salt', + 'salt_cloud': 'py27-salt', + 'salt_api': 'py27-salt', + 'config_path': '/usr/local/etc/salt', + 'minion_service': 'salt_minion', + 'master_service': 'salt_master', + 'api_service': 'salt_api', + 'syndic_service': 'salt_syndic' + }, + } + , grain="os_family" + , merge=salt['pillar.get']('salt:lookup')) +%} -{% do default_settings.salt.update(distro_map) %} - -{% set salt_settings = salt['pillar.get']('salt', default=default_settings.salt, - merge=True) %} +{## Merge the flavor_map to the default settings ##} +{% do default_settings.salt.update(os_family_map) %} + +{## Merge in salt:lookup pillar ##} +{% set salt_settings = salt['pillar.get']( + 'salt', + default=default_settings.salt, + merge=True + ) +%} From e2d192ba89cee20b37ce7f638c90a954de289352 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Tue, 2 Jun 2015 20:40:53 +0100 Subject: [PATCH 020/146] Improvements to Enterprise Linux family OSs. * Install pygit from package * Add Official Salt ZeroMQ 4 COPR repository Note that Salt itself is assumed to already to be available to the system via yum, via EPEL for example --- README.rst | 3 +++ salt/gitfs/pygit2.sls | 5 ++--- salt/map.jinja | 13 ++++++++++++- salt/pkgrepo/init.sls | 8 +++++--- salt/pkgrepo/redhat/absent.sls | 0 salt/pkgrepo/redhat/init.sls | 10 ++++++++++ 6 files changed, 32 insertions(+), 7 deletions(-) create mode 100644 salt/pkgrepo/redhat/absent.sls create mode 100644 salt/pkgrepo/redhat/init.sls diff --git a/README.rst b/README.rst index d11530a..6706b4c 100644 --- a/README.rst +++ b/README.rst @@ -67,6 +67,7 @@ Install gitfs backend GitPython dependenciess. Set ``salt:master:gitfs_provider: ---------------------- Install gitfs backend libgit2/pygit2 dependenciess. Set ``salt:master:gitfs_provider: pygit2`` in your pillar. +For EL distributions, pygit is installed from packages from `EPEL `_. ``salt.pkgrepo`` ---------------- @@ -77,6 +78,8 @@ and Ubuntu, and aims to implement the `installation recommendations of the official documentation `_. +On EL distributions, the official Salt `COPR for ZeroMQ 4 `_. Salt itself is installed via `EPEL `_. + ``salt.pkgrepo.absent`` ----------------------- diff --git a/salt/gitfs/pygit2.sls b/salt/gitfs/pygit2.sls index 22e9da1..585a08a 100644 --- a/salt/gitfs/pygit2.sls +++ b/salt/gitfs/pygit2.sls @@ -53,8 +53,7 @@ install-pygit2: - name: pygit2 {% else %} -# install from package -# TODO haven't actually found a distro that has a good version to test -# debian jessie will have libgit2-21 +{{ salt_settings.pygit2 }}: + pkg.installed {% endif %} diff --git a/salt/map.jinja b/salt/map.jinja index b8347d0..9878a77 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -14,7 +14,18 @@ that differ from whats in defaults.yaml 'CentOS': {}, 'Amazon': {}, 'Fedora': {}, - 'RedHat': {}, + 'RedHat': { + 'pygit2': 'python-pygit2', + 'gitfs': { + 'pygit2': { + 'install_from_source': False + }, + }, + 'master': { + 'gitfs_provider': 'pygit2' + }, + 'repotype': 'epel' + }, 'Suse': {}, 'Gentoo': { 'salt_master': 'app-admin/salt', diff --git a/salt/pkgrepo/init.sls b/salt/pkgrepo/init.sls index 67e3596..1f10148 100644 --- a/salt/pkgrepo/init.sls +++ b/salt/pkgrepo/init.sls @@ -1,4 +1,6 @@ -{% if grains['os_family'] == 'Debian' %} +{% set name = { + 'RedHat': 'redhat', + 'Debian': grains['os']|lower, +}.get(grains.os_family) %} include: - - .{{ grains['os']|lower }} -{% endif %} + - .{{ name }} diff --git a/salt/pkgrepo/redhat/absent.sls b/salt/pkgrepo/redhat/absent.sls new file mode 100644 index 0000000..e69de29 diff --git a/salt/pkgrepo/redhat/init.sls b/salt/pkgrepo/redhat/init.sls new file mode 100644 index 0000000..feb167c --- /dev/null +++ b/salt/pkgrepo/redhat/init.sls @@ -0,0 +1,10 @@ +{% from "salt/map.jinja" import salt_settings with context %} + +saltstack-zeromq4: + pkgrepo.managed: + - humanname: Copr repo for zeromq4 owned by saltstack + - baseurl: http://copr-be.cloud.fedoraproject.org/results/saltstack/zeromq4/{{ salt_settings.repotype }}-$releasever-$basearch/ + - gpgcheck: 1 + - gpgkey: https://copr-be.cloud.fedoraproject.org/results/saltstack/zeromq4/pubkey.gpg + - skip_if_unavailable: True + - enabled: 1 From 1cf72d85f8142d46f300d512c35303b784865291 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Fri, 5 Jun 2015 21:27:01 +0100 Subject: [PATCH 021/146] The git command line tool is a requirement of pygit2 --- salt/gitfs/pygit2.sls | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/gitfs/pygit2.sls b/salt/gitfs/pygit2.sls index 585a08a..dd7ec61 100644 --- a/salt/gitfs/pygit2.sls +++ b/salt/gitfs/pygit2.sls @@ -1,5 +1,8 @@ {% from "salt/map.jinja" import salt_settings with context %} +git: + pkg.installed + {% if salt_settings.gitfs.pygit2.install_from_source %} # we probably don't have a package or it's not a high enough version # install latest from source/pip From 6ec31374cb8718434526d277e0692b490d1b3bbc Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Tue, 9 Jun 2015 23:05:49 +0200 Subject: [PATCH 022/146] Remove hardcoded paths with {{ slspath }} variable --- salt/cloud.sls | 2 +- salt/master.sls | 2 +- salt/minion.sls | 2 +- salt/pkgrepo/debian/init.sls | 4 ++-- salt/ssh.sls | 2 +- salt/standalone.sls | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/salt/cloud.sls b/salt/cloud.sls index 13bd5c0..251f07e 100644 --- a/salt/cloud.sls +++ b/salt/cloud.sls @@ -37,7 +37,7 @@ salt-cloud: cloud-cert-{{ cert }}-pem: file.managed: - name: /etc/salt/pki/cloud/{{ cert }}.pem - - source: salt://salt/files/key + - source: salt://{{ slspath }}/files/key - template: jinja - user: root - group: root diff --git a/salt/master.sls b/salt/master.sls index 234ffca..1e29e23 100644 --- a/salt/master.sls +++ b/salt/master.sls @@ -8,7 +8,7 @@ salt-master: file.recurse: - name: {{ salt_settings.config_path }}/master.d - template: jinja - - source: salt://salt/files/master.d + - source: salt://{{ slspath }}/files/master.d - clean: {{ salt_settings.clean_config_d_dir }} - exclude_pat: _* service.running: diff --git a/salt/minion.sls b/salt/minion.sls index 7f0cd52..f682a62 100644 --- a/salt/minion.sls +++ b/salt/minion.sls @@ -8,7 +8,7 @@ salt-minion: file.recurse: - name: {{ salt_settings.config_path }}/minion.d - template: jinja - - source: salt://salt/files/minion.d + - source: salt://{{ slspath }}/files/minion.d - clean: {{ salt_settings.clean_config_d_dir }} - exclude_pat: _* - context: diff --git a/salt/pkgrepo/debian/init.sls b/salt/pkgrepo/debian/init.sls index ffe7165..56ae83d 100644 --- a/salt/pkgrepo/debian/init.sls +++ b/salt/pkgrepo/debian/init.sls @@ -1,7 +1,7 @@ saltstack-apt-key: file.managed: - name: /etc/apt/trusted.gpg.d/saltstack.gpg - - source: salt://salt/pkgrepo/debian/saltstack.gpg + - source: salt://{{ slspath }}/saltstack.gpg - user: root - group: root - mode: 644 @@ -9,7 +9,7 @@ saltstack-apt-key: saltstack-pkgrepo: file.managed: - name: /etc/apt/sources.list.d/saltstack.list - - source: salt://salt/pkgrepo/debian/sources.list + - source: salt://{{ slspath }}/sources.list - user: root - group: root - mode: 644 diff --git a/salt/ssh.sls b/salt/ssh.sls index 5129581..fad6463 100644 --- a/salt/ssh.sls +++ b/salt/ssh.sls @@ -9,7 +9,7 @@ ensure-salt-ssh-is-installed: ensure-roster-config: file.managed: - name: {{ salt_settings.config_path }}/roster - - source: salt://salt/files/roster.jinja + - source: salt://{{ slspath }}/files/roster.jinja - template: jinja {% if salt_settings.install_packages %} - require: diff --git a/salt/standalone.sls b/salt/standalone.sls index 1b3c2a1..4bc3770 100644 --- a/salt/standalone.sls +++ b/salt/standalone.sls @@ -8,7 +8,7 @@ salt-minion: file.recurse: - name: {{ salt_settings.config_path }}/minion.d - template: jinja - - source: salt://salt/files/minion.d + - source: salt://{{ slspath }}/files/minion.d - clean: {{ salt_settings.clean_config_d_dir }} - exclude_pat: _* - context: From d4180295e3c7d587a28e01aa372cc19f8cbd3120 Mon Sep 17 00:00:00 2001 From: Petr Demin Date: Wed, 17 Jun 2015 17:12:28 +0300 Subject: [PATCH 023/146] formulas.jinja: python 2.6 support --- salt/formulas.jinja | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/formulas.jinja b/salt/formulas.jinja index 071312c..599659f 100644 --- a/salt/formulas.jinja +++ b/salt/formulas.jinja @@ -8,8 +8,8 @@ {% set formulas = salt['pillar.get']('salt_formulas:list', {}) %} {%- macro formulas_git_opt(env, opt) -%} -{%- set value = salt['pillar.get']('salt_formulas:git_opts:{}:{}'.format(env, opt), - salt['pillar.get']('salt_formulas:git_opts:default:{}'.format(opt), +{%- set value = salt['pillar.get']('salt_formulas:git_opts:{0}:{1}'.format(env, opt), + salt['pillar.get']('salt_formulas:git_opts:default:{0}'.format(opt), defaults[opt])) -%} {%- if value is mapping -%} {{ value|yaml }} @@ -21,7 +21,7 @@ {%- macro formulas_roots(env) -%} {%- set value = [] -%} {%- for dir in formulas.get(env, []) -%} -{%- do value.append('{}/{}'.format(formulas_git_opt(env, 'basedir'), dir)) -%} +{%- do value.append('{0}/{1}'.format(formulas_git_opt(env, 'basedir'), dir)) -%} {%- endfor -%} {{ value|yaml }} {%- endmacro -%} From eb421c676fb6519083f2b93dd83739afb75436a6 Mon Sep 17 00:00:00 2001 From: Petr Demin Date: Wed, 17 Jun 2015 17:12:28 +0300 Subject: [PATCH 024/146] formulas.jinja: python 2.6 support --- salt/formulas.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/formulas.sls b/salt/formulas.sls index b2461d8..1a40745 100644 --- a/salt/formulas.sls +++ b/salt/formulas.sls @@ -8,7 +8,7 @@ {% for entry in entries %} {% set basedir = formulas_git_opt(env, 'basedir') %} -{% set gitdir = '{}/{}'.format(basedir, entry) %} +{% set gitdir = '{0}/{1}'.format(basedir, entry) %} {% set update = formulas_git_opt(env, 'update')|load_yaml %} # Setup the directory hosting the Git repository From 8479111cbdccf1b558a2aab387b4f62bd510b4d5 Mon Sep 17 00:00:00 2001 From: Devin Christensen Date: Wed, 17 Jun 2015 09:53:31 -0600 Subject: [PATCH 025/146] Fix syndic requisites The syndic service was depending upon itself, which caused the salt run to fail. This commit fixes that by depending on the salt-master service rather than the salt-syndic service. I also made it more general by using IDs to specify the provider rather than the name, which is a bit less reliable. --- salt/syndic.sls | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/salt/syndic.sls b/salt/syndic.sls index 9079552..58a9ee0 100644 --- a/salt/syndic.sls +++ b/salt/syndic.sls @@ -8,12 +8,11 @@ salt-syndic: pkg.installed: - name: {{ salt_settings.salt_syndic }} {% endif %} - service: - - running + service.running - require: - - service: {{ salt_settings.syndic_service }} + - service: salt-master - watch: {% if salt_settings.install_packages %} - pkg: salt-master {% endif %} - - file: {{ salt_settings.config_path }}/master + - file: salt-master From 645b4c65ceee1d0975b037d7f2674bab4983f1bd Mon Sep 17 00:00:00 2001 From: Devin Christensen Date: Fri, 19 Jun 2015 15:33:16 -0600 Subject: [PATCH 026/146] Fix syntax error --- salt/syndic.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/syndic.sls b/salt/syndic.sls index 58a9ee0..eaeb2a4 100644 --- a/salt/syndic.sls +++ b/salt/syndic.sls @@ -8,7 +8,7 @@ salt-syndic: pkg.installed: - name: {{ salt_settings.salt_syndic }} {% endif %} - service.running + service.running: - require: - service: salt-master - watch: From 7bb82b0178cb4024a0e6c9b65de0a8c0f07d6297 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Jochum?= Date: Mon, 13 Jul 2015 13:37:10 +0200 Subject: [PATCH 027/146] Advance sal/api.sls, install rest_cherrypy or rest_tornado from pip. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: René Jochum --- README.rst | 1 + salt/api.sls | 42 +++++++++++++++++++++++++++++++++++++----- salt/defaults.yaml | 3 +++ 3 files changed, 41 insertions(+), 5 deletions(-) diff --git a/README.rst b/README.rst index 6706b4c..07e887c 100644 --- a/README.rst +++ b/README.rst @@ -46,6 +46,7 @@ Configure pillar data under salt:ssh_roster to feed the template. Install salt api Requisite: Configure salt-master with rest_cherrypy or rest_tornado. +Requires: pip.extensions as it installs the latest version from pip. ``salt.standalone`` ------------------- diff --git a/salt/api.sls b/salt/api.sls index 812f243..820c349 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -1,16 +1,48 @@ +#!jinja|yaml + {% from "salt/map.jinja" import salt_settings with context %} include: - salt.master + - pip.extensions + +{%- set cfg_salt = pillar.get('salt', {}) %} +{%- set cfg_master = cfg_salt.get('master', {}) %} salt-api: -{% if salt_settings.install_packages %} pkg.installed: - - name: {{ salt_settings.salt_api }} -{% endif %} + - name: {{ salt_settings['salt-api'] }} service.running: - - name: {{ salt_settings.api_service }} + - name: {{ salt_settings.get('api_service', 'salt-api') }} - require: - - service: {{ salt_settings.master_service }} + - service: {{ salt_settings.get('api_service', 'salt-api') }} +{%- if 'rest_cherrypy' in cfg_master %} + - pip: salt-api-cherrypy +{% elif 'rest_tornado' in cfg_master %} + - pip: salt-api-tornado +{% endif %} - watch: - pkg: salt-master + - file: salt-master + +{%- if 'rest_cherrypy' in cfg_master %} +salt-api-cherrypy: + pkg.purged: + - name: {{ salt_settings['python-cherrypy'] }} + pip.installed: + - name: cherrypy + - require: + - pkg: salt-api-cherrypy + - pkg: pip_extensions +{% endif %} + +{%- if 'rest_tornado' in cfg_master %} +salt-api-tornado: + pkg.purged: + - name: {{ salt_settings['python-tornado'] }} + pip.installed: + - name: tornado + - require: + - pkg: salt-api-tornado + - pkg: pip_extensions +{% endif %} diff --git a/salt/defaults.yaml b/salt/defaults.yaml index de663e1..2c61f12 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -18,6 +18,9 @@ salt: salt_api: salt-api salt_ssh: salt-ssh + python-cherrypy: python-cherrypy + python-tornado: python-tornado + master: gitfs_provider: gitpython From 8a1b8dc9db3781b46db1000205802fc864ba75cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Jochum?= Date: Mon, 13 Jul 2015 13:46:17 +0200 Subject: [PATCH 028/146] Fix salt/api.sls. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: René Jochum --- salt/api.sls | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/salt/api.sls b/salt/api.sls index 820c349..9c1fa13 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -9,40 +9,39 @@ include: {%- set cfg_salt = pillar.get('salt', {}) %} {%- set cfg_master = cfg_salt.get('master', {}) %} -salt-api: +salt_api_install: pkg.installed: - - name: {{ salt_settings['salt-api'] }} + - name: {{ salt_settings['salt_api'] }} service.running: - name: {{ salt_settings.get('api_service', 'salt-api') }} - require: - - service: {{ salt_settings.get('api_service', 'salt-api') }} {%- if 'rest_cherrypy' in cfg_master %} - - pip: salt-api-cherrypy + - pip: salt_api_cherrypy {% elif 'rest_tornado' in cfg_master %} - - pip: salt-api-tornado + - pip: salt_api_tornado {% endif %} - watch: - pkg: salt-master - file: salt-master {%- if 'rest_cherrypy' in cfg_master %} -salt-api-cherrypy: +salt_api_cherrypy: pkg.purged: - name: {{ salt_settings['python-cherrypy'] }} pip.installed: - name: cherrypy - require: - - pkg: salt-api-cherrypy + - pkg: salt_api_cherrypy - pkg: pip_extensions {% endif %} {%- if 'rest_tornado' in cfg_master %} -salt-api-tornado: +salt_api_tornado: pkg.purged: - name: {{ salt_settings['python-tornado'] }} pip.installed: - name: tornado - require: - - pkg: salt-api-tornado + - pkg: salt_api_tornado - pkg: pip_extensions {% endif %} From 90282eff03847713936dd85045a3aa48c99e892c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Jochum?= Date: Mon, 13 Jul 2015 22:08:20 +0200 Subject: [PATCH 029/146] Install cherrypy/tornado from pip only if use_pip is True. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: René Jochum --- pillar.example | 4 ++++ salt/api.sls | 57 ++++++++++++++++++++++++++++++++++++---------- salt/defaults.yaml | 4 ++-- 3 files changed, 51 insertions(+), 14 deletions(-) diff --git a/pillar.example b/pillar.example index 614cc7d..8d06db4 100644 --- a/pillar.example +++ b/pillar.example @@ -38,6 +38,10 @@ salt: debug: False disable_ssl: False + api: + # Installs the latest version of cherrpy/tornado from pip. + use_pip: True + # salt minion config: minion: diff --git a/salt/api.sls b/salt/api.sls index 9c1fa13..3314a26 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -2,12 +2,15 @@ {% from "salt/map.jinja" import salt_settings with context %} -include: - - salt.master - - pip.extensions - {%- set cfg_salt = pillar.get('salt', {}) %} {%- set cfg_master = cfg_salt.get('master', {}) %} +{%- set use_pip = salt['pillar.get']('salt:api:use_pip', False) %} + +include: + - salt.master +{%- if use_pip %} + - pip.extensions +{%- endif %} salt_api_install: pkg.installed: @@ -15,20 +18,31 @@ salt_api_install: service.running: - name: {{ salt_settings.get('api_service', 'salt-api') }} - require: +{%- if use_pip %} {%- if 'rest_cherrypy' in cfg_master %} - pip: salt_api_cherrypy -{% elif 'rest_tornado' in cfg_master %} +{%- elif 'rest_tornado' in cfg_master %} - pip: salt_api_tornado -{% endif %} +{%- endif %} +{%- else %} # if use_pip +{%- if 'rest_cherrypy' in cfg_master %} + - pkg: salt_api_cherrypy +{%- elif 'rest_tornado' in cfg_master %} + - pkg: salt_api_tornado +{%- endif %} +{%- endif %} - watch: - pkg: salt-master - file: salt-master +{%- if use_pip %} {%- if 'rest_cherrypy' in cfg_master %} salt_api_cherrypy: - pkg.purged: - - name: {{ salt_settings['python-cherrypy'] }} - pip.installed: + pkg: + - purged + - name: {{ salt_settings['python_cherrypy'] }} + pip: + - installed - name: cherrypy - require: - pkg: salt_api_cherrypy @@ -37,11 +51,30 @@ salt_api_cherrypy: {%- if 'rest_tornado' in cfg_master %} salt_api_tornado: - pkg.purged: - - name: {{ salt_settings['python-tornado'] }} - pip.installed: + pkg: + - purged + - name: {{ salt_settings['python_tornado'] }} + pip: + - installed - name: tornado - require: - pkg: salt_api_tornado - pkg: pip_extensions {% endif %} + +{%- else %} # if use_pip + +{% if 'rest_cherrypy' in cfg_master %} +salt_api_cherrypy: + pkg: + - installed + - name: {{ salt_settings['python_cherrypy'] }} +{% endif %} + +{% if 'rest_tornado' in cfg_master %} +salt_api_tornado: + pkg: + - installed + - name: {{ salt_settings['python_tornado'] }} +{% endif %} +{%- endif %} diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 2c61f12..4b4562c 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -18,8 +18,8 @@ salt: salt_api: salt-api salt_ssh: salt-ssh - python-cherrypy: python-cherrypy - python-tornado: python-tornado + python_cherrypy: python-cherrypy + python_tornado: python-tornado master: gitfs_provider: gitpython From c5ae289fa1210551986fbc6d959c3127e00011be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Jochum?= Date: Mon, 13 Jul 2015 22:31:32 +0200 Subject: [PATCH 030/146] Fix stuff suggested by @iggy. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: René Jochum --- salt/api.sls | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/salt/api.sls b/salt/api.sls index 3314a26..a017e3c 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -38,11 +38,9 @@ salt_api_install: {%- if use_pip %} {%- if 'rest_cherrypy' in cfg_master %} salt_api_cherrypy: - pkg: - - purged - - name: {{ salt_settings['python_cherrypy'] }} - pip: - - installed + pkg.purged + - name: {{ salt_settings.python_cherrypy }} + pip.installed - name: cherrypy - require: - pkg: salt_api_cherrypy @@ -51,11 +49,9 @@ salt_api_cherrypy: {%- if 'rest_tornado' in cfg_master %} salt_api_tornado: - pkg: - - purged - - name: {{ salt_settings['python_tornado'] }} - pip: - - installed + pkg.purged + - name: {{ salt_settings.python_tornado }} + pip.installed - name: tornado - require: - pkg: salt_api_tornado @@ -66,15 +62,13 @@ salt_api_tornado: {% if 'rest_cherrypy' in cfg_master %} salt_api_cherrypy: - pkg: - - installed - - name: {{ salt_settings['python_cherrypy'] }} + pkg.installed + - name: {{ salt_settings.python_cherrypy }} {% endif %} {% if 'rest_tornado' in cfg_master %} salt_api_tornado: - pkg: - - installed - - name: {{ salt_settings['python_tornado'] }} + pkg.installed + - name: {{ salt_settings.python_tornado }} {% endif %} {%- endif %} From b03831c0b05ce3c376ebd150cf436dca2d80f090 Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Tue, 14 Jul 2015 03:22:28 -0400 Subject: [PATCH 031/146] Add support for GitPython and salt-ssh on FreeBSD masters This change tweaks the GitPython package installation state to support alternate package names (on FreeBSD, it's called "py27-GitPython"). Also, on FreeBSD salt-ssh is included in the "py27-salt" package by default, requiring an update to `distro_map`. --- salt/defaults.yaml | 1 + salt/gitfs/gitpython.sls | 3 ++- salt/map.jinja | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 4b4562c..511e7ec 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -18,6 +18,7 @@ salt: salt_api: salt-api salt_ssh: salt-ssh + python_git: python-git python_cherrypy: python-cherrypy python_tornado: python-tornado diff --git a/salt/gitfs/gitpython.sls b/salt/gitfs/gitpython.sls index 7fa09ef..5d90be8 100644 --- a/salt/gitfs/gitpython.sls +++ b/salt/gitfs/gitpython.sls @@ -8,6 +8,7 @@ GitPython: {% else %} python-git: - pkg.installed + pkg.installed: + - name: {{ salt_settings['python_git'] }} {% endif %} diff --git a/salt/map.jinja b/salt/map.jinja index 9878a77..3643c18 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -48,6 +48,8 @@ that differ from whats in defaults.yaml 'salt_syndic': 'py27-salt', 'salt_cloud': 'py27-salt', 'salt_api': 'py27-salt', + 'salt_ssh': 'py27-salt', + 'python_git': 'py27-GitPython', 'config_path': '/usr/local/etc/salt', 'minion_service': 'salt_minion', 'master_service': 'salt_master', From 22b8dde1ff21acf97cd30fe197d20d451246b5ae Mon Sep 17 00:00:00 2001 From: Marco Orovecchia Date: Tue, 14 Jul 2015 14:21:14 +0200 Subject: [PATCH 032/146] salt.api state fails Seems there are several colons missing for salt.api to work correctly, hope I found all of them --- salt/api.sls | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/salt/api.sls b/salt/api.sls index a017e3c..d4f0df8 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -38,9 +38,9 @@ salt_api_install: {%- if use_pip %} {%- if 'rest_cherrypy' in cfg_master %} salt_api_cherrypy: - pkg.purged + pkg.purged: - name: {{ salt_settings.python_cherrypy }} - pip.installed + pip.installed: - name: cherrypy - require: - pkg: salt_api_cherrypy @@ -49,9 +49,9 @@ salt_api_cherrypy: {%- if 'rest_tornado' in cfg_master %} salt_api_tornado: - pkg.purged + pkg.purged: - name: {{ salt_settings.python_tornado }} - pip.installed + pip.installed: - name: tornado - require: - pkg: salt_api_tornado @@ -62,13 +62,13 @@ salt_api_tornado: {% if 'rest_cherrypy' in cfg_master %} salt_api_cherrypy: - pkg.installed + pkg.installed: - name: {{ salt_settings.python_cherrypy }} {% endif %} {% if 'rest_tornado' in cfg_master %} salt_api_tornado: - pkg.installed + pkg.installed: - name: {{ salt_settings.python_tornado }} {% endif %} {%- endif %} From 14b466e02216a1d08ae31c3b86b9019e1ea0360b Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Tue, 14 Jul 2015 09:40:16 -0400 Subject: [PATCH 033/146] Change variable lookup to match usage in other states Done at the maintainer's request. --- salt/gitfs/gitpython.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/gitfs/gitpython.sls b/salt/gitfs/gitpython.sls index 5d90be8..f1a48e6 100644 --- a/salt/gitfs/gitpython.sls +++ b/salt/gitfs/gitpython.sls @@ -9,6 +9,6 @@ GitPython: python-git: pkg.installed: - - name: {{ salt_settings['python_git'] }} + - name: {{ salt_settings.python_git }} {% endif %} From ef73e4ce98a7e3832fa3d06172f8cd30d6ff393e Mon Sep 17 00:00:00 2001 From: Brian Jackson Date: Mon, 20 Jul 2015 17:05:54 -0500 Subject: [PATCH 034/146] Revert "Change variable lookup to match usage in other states" This reverts commit 14b466e02216a1d08ae31c3b86b9019e1ea0360b. --- salt/gitfs/gitpython.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/gitfs/gitpython.sls b/salt/gitfs/gitpython.sls index f1a48e6..5d90be8 100644 --- a/salt/gitfs/gitpython.sls +++ b/salt/gitfs/gitpython.sls @@ -9,6 +9,6 @@ GitPython: python-git: pkg.installed: - - name: {{ salt_settings.python_git }} + - name: {{ salt_settings['python_git'] }} {% endif %} From f9cb912a65ab2a252ee0a9c94e271b4633abcba2 Mon Sep 17 00:00:00 2001 From: Brian Jackson Date: Mon, 20 Jul 2015 17:05:56 -0500 Subject: [PATCH 035/146] Revert "salt.api state fails" This reverts commit 22b8dde1ff21acf97cd30fe197d20d451246b5ae. --- salt/api.sls | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/salt/api.sls b/salt/api.sls index d4f0df8..a017e3c 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -38,9 +38,9 @@ salt_api_install: {%- if use_pip %} {%- if 'rest_cherrypy' in cfg_master %} salt_api_cherrypy: - pkg.purged: + pkg.purged - name: {{ salt_settings.python_cherrypy }} - pip.installed: + pip.installed - name: cherrypy - require: - pkg: salt_api_cherrypy @@ -49,9 +49,9 @@ salt_api_cherrypy: {%- if 'rest_tornado' in cfg_master %} salt_api_tornado: - pkg.purged: + pkg.purged - name: {{ salt_settings.python_tornado }} - pip.installed: + pip.installed - name: tornado - require: - pkg: salt_api_tornado @@ -62,13 +62,13 @@ salt_api_tornado: {% if 'rest_cherrypy' in cfg_master %} salt_api_cherrypy: - pkg.installed: + pkg.installed - name: {{ salt_settings.python_cherrypy }} {% endif %} {% if 'rest_tornado' in cfg_master %} salt_api_tornado: - pkg.installed: + pkg.installed - name: {{ salt_settings.python_tornado }} {% endif %} {%- endif %} From ed3ab22a13336f5b90189999407f01710a1c9830 Mon Sep 17 00:00:00 2001 From: Brian Jackson Date: Mon, 20 Jul 2015 17:05:56 -0500 Subject: [PATCH 036/146] Revert "Add support for GitPython and salt-ssh on FreeBSD masters" This reverts commit b03831c0b05ce3c376ebd150cf436dca2d80f090. --- salt/defaults.yaml | 1 - salt/gitfs/gitpython.sls | 3 +-- salt/map.jinja | 2 -- 3 files changed, 1 insertion(+), 5 deletions(-) diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 511e7ec..4b4562c 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -18,7 +18,6 @@ salt: salt_api: salt-api salt_ssh: salt-ssh - python_git: python-git python_cherrypy: python-cherrypy python_tornado: python-tornado diff --git a/salt/gitfs/gitpython.sls b/salt/gitfs/gitpython.sls index 5d90be8..7fa09ef 100644 --- a/salt/gitfs/gitpython.sls +++ b/salt/gitfs/gitpython.sls @@ -8,7 +8,6 @@ GitPython: {% else %} python-git: - pkg.installed: - - name: {{ salt_settings['python_git'] }} + pkg.installed {% endif %} diff --git a/salt/map.jinja b/salt/map.jinja index 3643c18..9878a77 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -48,8 +48,6 @@ that differ from whats in defaults.yaml 'salt_syndic': 'py27-salt', 'salt_cloud': 'py27-salt', 'salt_api': 'py27-salt', - 'salt_ssh': 'py27-salt', - 'python_git': 'py27-GitPython', 'config_path': '/usr/local/etc/salt', 'minion_service': 'salt_minion', 'master_service': 'salt_master', From 8448aa40211ef8f0b20a0a51d87a510eae68d05e Mon Sep 17 00:00:00 2001 From: Brian Jackson Date: Mon, 20 Jul 2015 17:05:56 -0500 Subject: [PATCH 037/146] Revert "Fix stuff suggested by @iggy." This reverts commit c5ae289fa1210551986fbc6d959c3127e00011be. --- salt/api.sls | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/salt/api.sls b/salt/api.sls index a017e3c..3314a26 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -38,9 +38,11 @@ salt_api_install: {%- if use_pip %} {%- if 'rest_cherrypy' in cfg_master %} salt_api_cherrypy: - pkg.purged - - name: {{ salt_settings.python_cherrypy }} - pip.installed + pkg: + - purged + - name: {{ salt_settings['python_cherrypy'] }} + pip: + - installed - name: cherrypy - require: - pkg: salt_api_cherrypy @@ -49,9 +51,11 @@ salt_api_cherrypy: {%- if 'rest_tornado' in cfg_master %} salt_api_tornado: - pkg.purged - - name: {{ salt_settings.python_tornado }} - pip.installed + pkg: + - purged + - name: {{ salt_settings['python_tornado'] }} + pip: + - installed - name: tornado - require: - pkg: salt_api_tornado @@ -62,13 +66,15 @@ salt_api_tornado: {% if 'rest_cherrypy' in cfg_master %} salt_api_cherrypy: - pkg.installed - - name: {{ salt_settings.python_cherrypy }} + pkg: + - installed + - name: {{ salt_settings['python_cherrypy'] }} {% endif %} {% if 'rest_tornado' in cfg_master %} salt_api_tornado: - pkg.installed - - name: {{ salt_settings.python_tornado }} + pkg: + - installed + - name: {{ salt_settings['python_tornado'] }} {% endif %} {%- endif %} From d216a3f651287856e7f5e8720bb46b6709dc3673 Mon Sep 17 00:00:00 2001 From: Brian Jackson Date: Mon, 20 Jul 2015 17:05:56 -0500 Subject: [PATCH 038/146] Revert "Install cherrypy/tornado from pip only if use_pip is True." This reverts commit 90282eff03847713936dd85045a3aa48c99e892c. --- pillar.example | 4 ---- salt/api.sls | 55 ++++++++++------------------------------------ salt/defaults.yaml | 4 ++-- 3 files changed, 13 insertions(+), 50 deletions(-) diff --git a/pillar.example b/pillar.example index 8d06db4..614cc7d 100644 --- a/pillar.example +++ b/pillar.example @@ -38,10 +38,6 @@ salt: debug: False disable_ssl: False - api: - # Installs the latest version of cherrpy/tornado from pip. - use_pip: True - # salt minion config: minion: diff --git a/salt/api.sls b/salt/api.sls index 3314a26..9c1fa13 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -2,15 +2,12 @@ {% from "salt/map.jinja" import salt_settings with context %} -{%- set cfg_salt = pillar.get('salt', {}) %} -{%- set cfg_master = cfg_salt.get('master', {}) %} -{%- set use_pip = salt['pillar.get']('salt:api:use_pip', False) %} - include: - salt.master -{%- if use_pip %} - pip.extensions -{%- endif %} + +{%- set cfg_salt = pillar.get('salt', {}) %} +{%- set cfg_master = cfg_salt.get('master', {}) %} salt_api_install: pkg.installed: @@ -18,31 +15,20 @@ salt_api_install: service.running: - name: {{ salt_settings.get('api_service', 'salt-api') }} - require: -{%- if use_pip %} {%- if 'rest_cherrypy' in cfg_master %} - pip: salt_api_cherrypy -{%- elif 'rest_tornado' in cfg_master %} +{% elif 'rest_tornado' in cfg_master %} - pip: salt_api_tornado -{%- endif %} -{%- else %} # if use_pip -{%- if 'rest_cherrypy' in cfg_master %} - - pkg: salt_api_cherrypy -{%- elif 'rest_tornado' in cfg_master %} - - pkg: salt_api_tornado -{%- endif %} -{%- endif %} +{% endif %} - watch: - pkg: salt-master - file: salt-master -{%- if use_pip %} {%- if 'rest_cherrypy' in cfg_master %} salt_api_cherrypy: - pkg: - - purged - - name: {{ salt_settings['python_cherrypy'] }} - pip: - - installed + pkg.purged: + - name: {{ salt_settings['python-cherrypy'] }} + pip.installed: - name: cherrypy - require: - pkg: salt_api_cherrypy @@ -51,30 +37,11 @@ salt_api_cherrypy: {%- if 'rest_tornado' in cfg_master %} salt_api_tornado: - pkg: - - purged - - name: {{ salt_settings['python_tornado'] }} - pip: - - installed + pkg.purged: + - name: {{ salt_settings['python-tornado'] }} + pip.installed: - name: tornado - require: - pkg: salt_api_tornado - pkg: pip_extensions {% endif %} - -{%- else %} # if use_pip - -{% if 'rest_cherrypy' in cfg_master %} -salt_api_cherrypy: - pkg: - - installed - - name: {{ salt_settings['python_cherrypy'] }} -{% endif %} - -{% if 'rest_tornado' in cfg_master %} -salt_api_tornado: - pkg: - - installed - - name: {{ salt_settings['python_tornado'] }} -{% endif %} -{%- endif %} diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 4b4562c..2c61f12 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -18,8 +18,8 @@ salt: salt_api: salt-api salt_ssh: salt-ssh - python_cherrypy: python-cherrypy - python_tornado: python-tornado + python-cherrypy: python-cherrypy + python-tornado: python-tornado master: gitfs_provider: gitpython From 6e98d508c46fe08f1cbfe5e09c78f914c9d86b5f Mon Sep 17 00:00:00 2001 From: Brian Jackson Date: Mon, 20 Jul 2015 17:05:57 -0500 Subject: [PATCH 039/146] Revert "Fix salt/api.sls." This reverts commit 8a1b8dc9db3781b46db1000205802fc864ba75cf. --- salt/api.sls | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/salt/api.sls b/salt/api.sls index 9c1fa13..820c349 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -9,39 +9,40 @@ include: {%- set cfg_salt = pillar.get('salt', {}) %} {%- set cfg_master = cfg_salt.get('master', {}) %} -salt_api_install: +salt-api: pkg.installed: - - name: {{ salt_settings['salt_api'] }} + - name: {{ salt_settings['salt-api'] }} service.running: - name: {{ salt_settings.get('api_service', 'salt-api') }} - require: + - service: {{ salt_settings.get('api_service', 'salt-api') }} {%- if 'rest_cherrypy' in cfg_master %} - - pip: salt_api_cherrypy + - pip: salt-api-cherrypy {% elif 'rest_tornado' in cfg_master %} - - pip: salt_api_tornado + - pip: salt-api-tornado {% endif %} - watch: - pkg: salt-master - file: salt-master {%- if 'rest_cherrypy' in cfg_master %} -salt_api_cherrypy: +salt-api-cherrypy: pkg.purged: - name: {{ salt_settings['python-cherrypy'] }} pip.installed: - name: cherrypy - require: - - pkg: salt_api_cherrypy + - pkg: salt-api-cherrypy - pkg: pip_extensions {% endif %} {%- if 'rest_tornado' in cfg_master %} -salt_api_tornado: +salt-api-tornado: pkg.purged: - name: {{ salt_settings['python-tornado'] }} pip.installed: - name: tornado - require: - - pkg: salt_api_tornado + - pkg: salt-api-tornado - pkg: pip_extensions {% endif %} From 4c1f57792a23df6e4cd17cca72ed91004678aa32 Mon Sep 17 00:00:00 2001 From: Brian Jackson Date: Mon, 20 Jul 2015 17:05:57 -0500 Subject: [PATCH 040/146] Revert "Advance sal/api.sls, install rest_cherrypy or rest_tornado from pip." This reverts commit 7bb82b0178cb4024a0e6c9b65de0a8c0f07d6297. --- README.rst | 1 - salt/api.sls | 44 ++++++-------------------------------------- salt/defaults.yaml | 3 --- 3 files changed, 6 insertions(+), 42 deletions(-) diff --git a/README.rst b/README.rst index 07e887c..6706b4c 100644 --- a/README.rst +++ b/README.rst @@ -46,7 +46,6 @@ Configure pillar data under salt:ssh_roster to feed the template. Install salt api Requisite: Configure salt-master with rest_cherrypy or rest_tornado. -Requires: pip.extensions as it installs the latest version from pip. ``salt.standalone`` ------------------- diff --git a/salt/api.sls b/salt/api.sls index 820c349..812f243 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -1,48 +1,16 @@ -#!jinja|yaml - {% from "salt/map.jinja" import salt_settings with context %} include: - salt.master - - pip.extensions - -{%- set cfg_salt = pillar.get('salt', {}) %} -{%- set cfg_master = cfg_salt.get('master', {}) %} salt-api: +{% if salt_settings.install_packages %} pkg.installed: - - name: {{ salt_settings['salt-api'] }} - service.running: - - name: {{ salt_settings.get('api_service', 'salt-api') }} - - require: - - service: {{ salt_settings.get('api_service', 'salt-api') }} -{%- if 'rest_cherrypy' in cfg_master %} - - pip: salt-api-cherrypy -{% elif 'rest_tornado' in cfg_master %} - - pip: salt-api-tornado + - name: {{ salt_settings.salt_api }} {% endif %} + service.running: + - name: {{ salt_settings.api_service }} + - require: + - service: {{ salt_settings.master_service }} - watch: - pkg: salt-master - - file: salt-master - -{%- if 'rest_cherrypy' in cfg_master %} -salt-api-cherrypy: - pkg.purged: - - name: {{ salt_settings['python-cherrypy'] }} - pip.installed: - - name: cherrypy - - require: - - pkg: salt-api-cherrypy - - pkg: pip_extensions -{% endif %} - -{%- if 'rest_tornado' in cfg_master %} -salt-api-tornado: - pkg.purged: - - name: {{ salt_settings['python-tornado'] }} - pip.installed: - - name: tornado - - require: - - pkg: salt-api-tornado - - pkg: pip_extensions -{% endif %} diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 2c61f12..de663e1 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -18,9 +18,6 @@ salt: salt_api: salt-api salt_ssh: salt-ssh - python-cherrypy: python-cherrypy - python-tornado: python-tornado - master: gitfs_provider: gitpython From fffd30fe17c15f497eb6f54fdf1ed98a20d7fb90 Mon Sep 17 00:00:00 2001 From: genus Date: Fri, 24 Jul 2015 17:41:49 +0300 Subject: [PATCH 041/146] Add master_sign_pubkey option --- salt/files/master.d/f_defaults.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 40ff5d3..5aaef11 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -375,6 +375,9 @@ client_acl_blacklist: {{ get_config('sign_pub_message', 'False') }} +{{ get_config('master_sign_pubkey', 'False') }} + + ##### Master Module Management ##### ########################################## # Manage how master side modules are loaded. From a738198d8bd3974137a801a3f4274079a1ec9ffd Mon Sep 17 00:00:00 2001 From: genus Date: Fri, 24 Jul 2015 17:58:41 +0300 Subject: [PATCH 042/146] Add verify_master_pubkey_sign --- salt/files/minion.d/f_defaults.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index 3e743c9..7bdf59b 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -155,6 +155,9 @@ mine_functions: # master check alive interval {{ get_config('master_alive_interval', '30') }} +# verify_master_pubkey_sign +{{ get_config('verify_master_pubkey_sign', 'False') }} + # include extra config {% if 'include' in cfg_minion -%} {% if isinstance(cfg_minion['include'], list) -%} From 5b93601c7819d5ad5d675bef48d8f2448102c7c6 Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Fri, 24 Jul 2015 16:11:23 -0400 Subject: [PATCH 043/146] Use the py27-salt package when installing salt-ssh on FreeBSD On FreeBSD salt-ssh gets bundled into a single package with the other SaltStack components (minion, master, etc.). --- salt/map.jinja | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/map.jinja b/salt/map.jinja index 9878a77..1ca7b51 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -48,6 +48,7 @@ that differ from whats in defaults.yaml 'salt_syndic': 'py27-salt', 'salt_cloud': 'py27-salt', 'salt_api': 'py27-salt', + 'salt_ssh': 'py27-salt', 'config_path': '/usr/local/etc/salt', 'minion_service': 'salt_minion', 'master_service': 'salt_master', From 85a426ccdf4aa02c77cf09571a4b3d6757223822 Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Fri, 24 Jul 2015 16:27:52 -0400 Subject: [PATCH 044/146] Add new `salt:python_git` key. This key defaults to a value of `python-git`. --- salt/defaults.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/defaults.yaml b/salt/defaults.yaml index de663e1..40a8e68 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -18,6 +18,8 @@ salt: salt_api: salt-api salt_ssh: salt-ssh + python_git: python-git + master: gitfs_provider: gitpython From b47799083031c7268e6b0b60313e47e5ddf8dbbd Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Fri, 24 Jul 2015 16:30:02 -0400 Subject: [PATCH 045/146] Use the py27-GitPython package when installing GitPython on FreeBSD. --- salt/map.jinja | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/map.jinja b/salt/map.jinja index 9878a77..9018018 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -48,6 +48,7 @@ that differ from whats in defaults.yaml 'salt_syndic': 'py27-salt', 'salt_cloud': 'py27-salt', 'salt_api': 'py27-salt', + 'python_git': 'py27-GitPython', 'config_path': '/usr/local/etc/salt', 'minion_service': 'salt_minion', 'master_service': 'salt_master', From ef275bd138aa58e9aa4f7fedc9d842d3c05986eb Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Fri, 24 Jul 2015 16:31:00 -0400 Subject: [PATCH 046/146] Allow customizing the GitPython package name. --- salt/gitfs/gitpython.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/gitfs/gitpython.sls b/salt/gitfs/gitpython.sls index 7fa09ef..f1a48e6 100644 --- a/salt/gitfs/gitpython.sls +++ b/salt/gitfs/gitpython.sls @@ -8,6 +8,7 @@ GitPython: {% else %} python-git: - pkg.installed + pkg.installed: + - name: {{ salt_settings.python_git }} {% endif %} From ba9cc2605c8088f47803f697dab147fbcf6b7995 Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Fri, 24 Jul 2015 17:06:15 -0400 Subject: [PATCH 047/146] Use the py27-pygit2 package when installing pygit2 on FreeBSD --- salt/map.jinja | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/map.jinja b/salt/map.jinja index 3643c18..6126b3e 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -50,6 +50,7 @@ that differ from whats in defaults.yaml 'salt_api': 'py27-salt', 'salt_ssh': 'py27-salt', 'python_git': 'py27-GitPython', + 'pygit2': 'py27-pygit2', 'config_path': '/usr/local/etc/salt', 'minion_service': 'salt_minion', 'master_service': 'salt_master', From 4ff1a746d6c18c8e79ada0e9f5f4f3c0553970a6 Mon Sep 17 00:00:00 2001 From: genus Date: Wed, 29 Jul 2015 19:48:56 +0300 Subject: [PATCH 048/146] Add master_type option --- salt/files/minion.d/f_defaults.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index 7bdf59b..681fa96 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -157,6 +157,7 @@ mine_functions: # verify_master_pubkey_sign {{ get_config('verify_master_pubkey_sign', 'False') }} +{{ get_config('master_type', 'str') }} # include extra config {% if 'include' in cfg_minion -%} From 3f9e4fc7d47bcf0c1f67952b4a6edebe17a04f26 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Paw=C5=82owski?= Date: Thu, 30 Jul 2015 10:45:20 +0200 Subject: [PATCH 049/146] Fix for centos5 and jinja < 2.6 --- salt/formulas.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/formulas.jinja b/salt/formulas.jinja index 599659f..1337281 100644 --- a/salt/formulas.jinja +++ b/salt/formulas.jinja @@ -11,7 +11,7 @@ {%- set value = salt['pillar.get']('salt_formulas:git_opts:{0}:{1}'.format(env, opt), salt['pillar.get']('salt_formulas:git_opts:default:{0}'.format(opt), defaults[opt])) -%} -{%- if value is mapping -%} +{%- if value is iterable -%} {{ value|yaml }} {%- else -%} {{ value }} From c014015e79ed48862873a2f496a2ed5cbd49cc37 Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Sun, 2 Aug 2015 21:17:36 -0400 Subject: [PATCH 050/146] Configure the salt-api service to start at boot time --- salt/api.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/api.sls b/salt/api.sls index 812f243..a10081f 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -9,6 +9,7 @@ salt-api: - name: {{ salt_settings.salt_api }} {% endif %} service.running: + - enable: True - name: {{ salt_settings.api_service }} - require: - service: {{ salt_settings.master_service }} From 825fd7cd77ab34fcf750af580d7c040a8b2ff734 Mon Sep 17 00:00:00 2001 From: jpic Date: Thu, 6 Aug 2015 11:35:20 +0200 Subject: [PATCH 051/146] Fixed pillar_roots generation for salt-master. With a simple pillar like this:: $ sudo salt-call --config-dir /srv/etc/bootstrap --pillar-root /srv/pillar pillar.get salt:pillar_roots local: ---------- base: - /srv/pillar This was generated in /etc/salt/master.d/f_defaults.conf:: # highstate format, and is generally just key/value pairs. pillar_roots:base:- /srv/pillar # Resulting in parse errors by salt:: $ sudo salt '*' state.highstate [ERROR ] Error parsing configuration file: /etc/salt/master.d/f_defaults.conf - while scanning a simple key in "", line 531, column 1: pillar_roots:base:- /srv/pillar ^ could not found expected ':' in "", line 532, column 1: # ^ [ERROR ] Error parsing configuration file: /etc/salt/master.d/f_defaults.conf - while scanning a simple key in "", line 531, column 1: pillar_roots:base:- /srv/pillar ^ could not found expected ':' in "", line 532, column 1: # ^ This patch will fix it as such:: ID: salt-master Function: file.recurse Name: /etc/salt/master.d Result: True Comment: Recursively updated /etc/salt/master.d Started: 11:37:12.946823 Duration: 6255.296 ms Changes: ---------- /etc/salt/master.d/f_defaults.conf: ---------- diff: --- +++ @@ -528,7 +528,9 @@ # Pillar is laid out in the same fashion as the file server, with environments, # a top file and sls files. However, pillar data does not need to be in the # highstate format, and is generally just key/value pairs. -pillar_roots:base:- /srv/pillar +pillar_roots: + base: + - /srv/pillar # Resulting in:: # highstate format, and is generally just key/value pairs. pillar_roots: base: - /srv/pillar # --- salt/files/master.d/f_defaults.conf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 5aaef11..209c47a 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -652,12 +652,12 @@ pillar_roots: {%- for dir in roots %} - {{ dir }} {%- endfor -%} -{% endfor %} -{%- elif 'pillar_roots' in cfg_salt -%} +{%- endfor -%} +{% elif 'pillar_roots' in cfg_salt -%} pillar_roots: -{%- for name, roots in cfg_salt['pillar_roots']|dictsort -%} +{%- for name, roots in cfg_salt['pillar_roots']|dictsort %} {{ name }}: -{%- for dir in roots -%} +{%- for dir in roots %} - {{ dir }} {%- endfor -%} {%- endfor -%} From 02f7b279a1e6cb6f63c3d1649068476f866d160d Mon Sep 17 00:00:00 2001 From: Simon Lloyd Date: Sat, 8 Aug 2015 17:58:45 +0200 Subject: [PATCH 052/146] Only watch salt-api package if install_packages=true Also watch salt-api pkg instead of salt-master one. --- salt/api.sls | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/salt/api.sls b/salt/api.sls index 812f243..e6b387e 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -12,5 +12,7 @@ salt-api: - name: {{ salt_settings.api_service }} - require: - service: {{ salt_settings.master_service }} +{% if salt_settings.install_packages %} - watch: - - pkg: salt-master + - pkg: salt-api +{% endif %} From addc6d5a2634b7f1f9c27f46ecc708b73aca5a51 Mon Sep 17 00:00:00 2001 From: Shane Poage Date: Wed, 19 Aug 2015 23:46:49 -0500 Subject: [PATCH 053/146] Added logic to properly install pygit2 on ubuntu systems and made the pygit2 installation more flexible in general. --- salt/defaults.yaml | 7 +++++++ salt/gitfs/pygit2.sls | 37 +++++++++++++++++++++++++------------ salt/map.jinja | 36 ++++++++++++++++++++---------------- 3 files changed, 52 insertions(+), 28 deletions(-) diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 40a8e68..1e345ca 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -28,6 +28,13 @@ salt: install_from_source: True pygit2: install_from_source: True + version: 0.23.0 + libgit2: + version: 0.23.0 + install_from_source: True + build_parent_dir: /usr/src/ + # hash necessary until github issue #9272 is addressed + download_hash: 683d1164e361e2a0a8d52652840e2340 gitpython: install_from_source: False diff --git a/salt/gitfs/pygit2.sls b/salt/gitfs/pygit2.sls index dd7ec61..1a8341a 100644 --- a/salt/gitfs/pygit2.sls +++ b/salt/gitfs/pygit2.sls @@ -1,9 +1,16 @@ {% from "salt/map.jinja" import salt_settings with context %} +{% set pygit2_settings = salt_settings.gitfs.pygit2 %} git: pkg.installed -{% if salt_settings.gitfs.pygit2.install_from_source %} +{% if pygit2_settings.install_from_source %} +{% set libgit2_settings = pygit2_settings.libgit2 %} + +{% if libgit2_settings.install_from_source %} +{% set libgit2_src_dir = libgit2_settings.build_parent_dir + 'libgit2-' + libgit2_settings.version %} +{% set libgit2_build_dir = libgit2_src_dir + '/_build' %} + # we probably don't have a package or it's not a high enough version # install latest from source/pip pygit-deps: @@ -17,32 +24,32 @@ pygit-deps: dl-libgit2-src: archive.extracted: - - name: /usr/src - - source: https://github.com/libgit2/libgit2/archive/v0.22.1.tar.gz - - source_hash: md5=dbf516d18e176bbb131de3efccfee533 + - name: {{ libgit2_settings.build_parent_dir }} + - source: https://github.com/libgit2/libgit2/archive/v{{ libgit2_settings.version }}.tar.gz + - source_hash: md5={{ libgit2_settings.download_hash }} - archive_format: tar - keep: True - - if_missing: /usr/src/libgit2-0.22.1 + - if_missing: /usr/src/libgit2-{{ libgit2_settings.version }} -/usr/src/libgit2-0.22.1/_build: +{{ libgit2_build_dir }}: file.directory configure-libgit2: cmd.run: - name: cmake .. - - cwd: /usr/src/libgit2-0.22.1/_build - - creates: /usr/src/libgit2-0.22.1/_build/Makefile + - cwd: {{ libgit2_build_dir }} + - creates: {{ libgit2_build_dir }}/Makefile build-libgit2: cmd.run: - name: make -j4 - - cwd: /usr/src/libgit2-0.22.1/_build - - creates: /usr/src/libgit2-0.22.1/_build/libgit2.so + - cwd: {{ libgit2_build_dir }} + - creates: {{ libgit2_build_dir }}/libgit2.so install-libgit2: cmd.run: - name: make install - - cwd: /usr/src/libgit2-0.22.1/_build + - cwd: {{ libgit2_build_dir }} - creates: /usr/local/lib/libgit2.so run-ldconfig-after-lib-install: @@ -51,9 +58,15 @@ run-ldconfig-after-lib-install: - onchanges: - cmd: install-libgit2 +{% else %} +{{ salt_settings.libgit2 }}: + pkg.installed + +{% endif %} + install-pygit2: pip.installed: - - name: pygit2 + - name: pygit2 == {{ pygit2_settings.version }} {% else %} {{ salt_settings.pygit2 }}: diff --git a/salt/map.jinja b/salt/map.jinja index 6126b3e..027e9ee 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -9,22 +9,29 @@ Setup variable using grains['os_family'] based logic, only add key:values here that differ from whats in defaults.yaml ##} {% set os_family_map = salt['grains.filter_by']({ - 'Debian': {}, - 'Ubuntu': {}, - 'CentOS': {}, - 'Amazon': {}, - 'Fedora': {}, + 'Debian': { + 'libgit2': 'libgit2-22', + 'gitfs': { + 'pygit2': { + 'install_from_source': True, + 'version': '0.22.1', + 'libgit2': { + 'install_from_source': False, + }, + }, + }, + }, 'RedHat': { 'pygit2': 'python-pygit2', 'gitfs': { 'pygit2': { - 'install_from_source': False + 'install_from_source': False, }, }, 'master': { 'gitfs_provider': 'pygit2' }, - 'repotype': 'epel' + 'repotype': 'epel', }, 'Suse': {}, 'Gentoo': { @@ -32,7 +39,7 @@ that differ from whats in defaults.yaml 'salt_minion': 'app-admin/salt', 'salt_syndic': 'app-admin/salt', 'salt_api': 'app-admin/salt', - 'salt_cloud': 'app-admin/salt' + 'salt_cloud': 'app-admin/salt', }, 'Arch': { 'salt_master': 'salt-zmq', @@ -40,7 +47,7 @@ that differ from whats in defaults.yaml 'salt_syndic': 'salt-zmq', 'salt_cloud': 'salt-zmq', 'salt_api': 'salt-zmq', - 'salt_ssh': 'salt-zmq' + 'salt_ssh': 'salt-zmq', }, 'FreeBSD': { 'salt_master': 'py27-salt', @@ -55,20 +62,17 @@ that differ from whats in defaults.yaml 'minion_service': 'salt_minion', 'master_service': 'salt_master', 'api_service': 'salt_api', - 'syndic_service': 'salt_syndic' + 'syndic_service': 'salt_syndic', }, - } - , grain="os_family" - , merge=salt['pillar.get']('salt:lookup')) + }, grain="os_family", merge=salt['pillar.get']('salt:lookup')) %} {## Merge the flavor_map to the default settings ##} {% do default_settings.salt.update(os_family_map) %} - + {## Merge in salt:lookup pillar ##} {% set salt_settings = salt['pillar.get']( 'salt', default=default_settings.salt, - merge=True - ) + merge=True) %} From 9779609bc4dcc400bf3fc6ec074252dee09f512f Mon Sep 17 00:00:00 2001 From: Brian Jackson Date: Thu, 27 Aug 2015 17:37:53 -0500 Subject: [PATCH 054/146] Remove mapping test This test isn't available in certain popular versions of Jinja (namely the one installed by default in CentOS 6). --- salt/formulas.jinja | 4 ---- 1 file changed, 4 deletions(-) diff --git a/salt/formulas.jinja b/salt/formulas.jinja index 599659f..0c0a50b 100644 --- a/salt/formulas.jinja +++ b/salt/formulas.jinja @@ -11,11 +11,7 @@ {%- set value = salt['pillar.get']('salt_formulas:git_opts:{0}:{1}'.format(env, opt), salt['pillar.get']('salt_formulas:git_opts:default:{0}'.format(opt), defaults[opt])) -%} -{%- if value is mapping -%} {{ value|yaml }} -{%- else -%} -{{ value }} -{%- endif -%} {%- endmacro -%} {%- macro formulas_roots(env) -%} From f0e691fa132e0c2ce998e8665c93809783f49836 Mon Sep 17 00:00:00 2001 From: Shane Poage Date: Tue, 1 Sep 2015 16:28:27 -0500 Subject: [PATCH 055/146] Fixed conflict with git-formula by allowing either inclusion of formula to install git dependency or specify a package name to install with a custom state ID. --- salt/defaults.yaml | 4 ++++ salt/gitfs/pygit2.sls | 10 ++++++++-- salt/map.jinja | 10 +++++++++- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 1e345ca..1a7fa7a 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -29,6 +29,10 @@ salt: pygit2: install_from_source: True version: 0.23.0 + git: + # if not false, should be state name + require_state: False + install_from_package: git libgit2: version: 0.23.0 install_from_source: True diff --git a/salt/gitfs/pygit2.sls b/salt/gitfs/pygit2.sls index 1a8341a..9fce72b 100644 --- a/salt/gitfs/pygit2.sls +++ b/salt/gitfs/pygit2.sls @@ -1,8 +1,14 @@ {% from "salt/map.jinja" import salt_settings with context %} {% set pygit2_settings = salt_settings.gitfs.pygit2 %} -git: - pkg.installed +{% if pygit2_settings.git.get('require_state', False) %} +include: + - {{ pygit2_settings.git.require_state }} +{% elif pygit2_settings.git.get('install_from_package', 'git') %} +pygit2-git: + pkg.installed: + - name: {{ pygit2_settings.git.install_from_package }} +{% endif %} {% if pygit2_settings.install_from_source %} {% set libgit2_settings = pygit2_settings.libgit2 %} diff --git a/salt/map.jinja b/salt/map.jinja index 027e9ee..3ee36c1 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -15,6 +15,10 @@ that differ from whats in defaults.yaml 'pygit2': { 'install_from_source': True, 'version': '0.22.1', + 'git': { + 'require_state': False, + 'install_from_package': 'git', + }, 'libgit2': { 'install_from_source': False, }, @@ -25,7 +29,11 @@ that differ from whats in defaults.yaml 'pygit2': 'python-pygit2', 'gitfs': { 'pygit2': { - 'install_from_source': False, + 'install_from_source': False, + 'git': { + 'require_state': False, + 'install_from_package': 'git', + }, }, }, 'master': { From 827ed47a259ad26853df378c8569b984cdf8df93 Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Thu, 3 Sep 2015 14:56:45 -0400 Subject: [PATCH 056/146] Filter all calls to formulas_git_opt through load_yaml Jinja macros are not actually functions. The only thing they can return is a string. In order to return structured data, the callee must serialize it, and the caller must deserialize it. This state formula uses YAML as the intermediary, hence the occurrence of both the `|yaml` (callee) and `|load_yaml` (caller) filters in its code. The post-render "mapping values are not allowed here" error in *salt/formulas.sls* or the broken rendering of *salt/files/master.d/f_defaults.conf* happens because invocations of the `formulas_git_opt` macro in several Jinja `set` statements do not get deserialized, resulting in the trailing newline followed by three dot characters (`...`), which YAML uses to signal the end of a document. Correcting these rendering errors requires adding the necessary deserialization code at those locations (i.e., filtering the macro call through `|load_yaml`). --- salt/formulas.jinja | 3 ++- salt/formulas.sls | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/salt/formulas.jinja b/salt/formulas.jinja index 0c0a50b..2a466a2 100644 --- a/salt/formulas.jinja +++ b/salt/formulas.jinja @@ -17,7 +17,8 @@ {%- macro formulas_roots(env) -%} {%- set value = [] -%} {%- for dir in formulas.get(env, []) -%} -{%- do value.append('{0}/{1}'.format(formulas_git_opt(env, 'basedir'), dir)) -%} +{%- set basedir = formulas_git_opt(env, 'basedir')|load_yaml -%} +{%- do value.append('{0}/{1}'.format(basedir, dir)) -%} {%- endfor -%} {{ value|yaml }} {%- endmacro -%} diff --git a/salt/formulas.sls b/salt/formulas.sls index 1a40745..5eaaff5 100644 --- a/salt/formulas.sls +++ b/salt/formulas.sls @@ -7,7 +7,7 @@ {% for env, entries in salt['pillar.get']('salt_formulas:list', {}).iteritems() %} {% for entry in entries %} -{% set basedir = formulas_git_opt(env, 'basedir') %} +{% set basedir = formulas_git_opt(env, 'basedir')|load_yaml %} {% set gitdir = '{0}/{1}'.format(basedir, entry) %} {% set update = formulas_git_opt(env, 'update')|load_yaml %} @@ -26,9 +26,10 @@ {% if gitdir not in processed_gitdirs %} {% do processed_gitdirs.append(gitdir) %} {% set options = formulas_git_opt(env, 'options')|load_yaml %} +{% set baseurl = formulas_git_opt(env, 'baseurl')|load_yaml %} {{ gitdir }}: git.latest: - - name: {{ formulas_git_opt(env, 'baseurl') }}/{{ entry }}.git + - name: {{ baseurl }}/{{ entry }}.git - target: {{ gitdir }} {%- for key, value in options.iteritems() %} - {{ key }}: {{ value }} From 52893bc978753faaad15f11228f4bd14173858b3 Mon Sep 17 00:00:00 2001 From: Wolodja Wentland Date: Tue, 13 Oct 2015 14:56:51 +0200 Subject: [PATCH 057/146] Manage show_jid in master configuration This makes it easier for users to check the status of jobs that ran into a timeout. --- salt/files/master.d/f_defaults.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 209c47a..5baf3a7 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -109,6 +109,9 @@ # Return minions that timeout when running commands like test.ping {{ get_config('show_timeout', 'True') }} +# Display the jid when a job is published +{{ get_config('show_jid', 'False') }} + # By default, output is colored. To disable colored output, set the color value # to False. {{ get_config('color', 'True') }} From d7382e2d1f85d87aa965b29e253cb87e811a3267 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 13 Oct 2015 15:41:41 +0200 Subject: [PATCH 058/146] use salt_settings.syndic_service so state works on FreeBSD, too --- salt/syndic.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/syndic.sls b/salt/syndic.sls index eaeb2a4..e372b2e 100644 --- a/salt/syndic.sls +++ b/salt/syndic.sls @@ -9,6 +9,7 @@ salt-syndic: - name: {{ salt_settings.salt_syndic }} {% endif %} service.running: + - name: {{ salt_settings.syndic_service }} - require: - service: salt-master - watch: From 0216d665272d9b036b74f5f6438d9584dc58157a Mon Sep 17 00:00:00 2001 From: Wolodja Wentland Date: Tue, 13 Oct 2015 16:37:14 +0200 Subject: [PATCH 059/146] Remove trailing whitespace from master config --- salt/files/master.d/f_defaults.conf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 209c47a..027fedb 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -135,7 +135,7 @@ {{ get_config('minion_data_cache', 'True') }} # Store all returns in the given returner. -# Setting this option requires that any returner-specific configuration also +# Setting this option requires that any returner-specific configuration also # be set. See various returners in salt/returners for details on required # configuration values. (See also, event_return_queue below.) # @@ -199,12 +199,12 @@ event_return_blacklist: # the key rotation event as minions reconnect. Consider this carefully if this # salt master is managing a large number of minions. # -# If disabled, it is recommended to handle this event by listening for the +# If disabled, it is recommended to handle this event by listening for the # 'aes_key_rotate' event with the 'key' tag and acting appropriately. {{ get_config('ping_on_rotate', 'False') }} # By default, the master deletes its cache of minion data when the key for that -# minion is removed. To preserve the cache after key deletion, set +# minion is removed. To preserve the cache after key deletion, set # 'preserve_minion_cache' to True. # # WARNING: This may have security implications if compromised minions auth with @@ -336,7 +336,7 @@ client_acl_blacklist: {% endif %} # Enforce client_acl & client_acl_blacklist when users have sudo -# access to the salt command. +# access to the salt command. # {{ get_config('sudo_acl', 'False') }} @@ -492,7 +492,7 @@ client_acl_blacklist: # the master server. The default is md5, but sha1, sha224, sha256, sha384 # and sha512 are also supported. # -# Prior to changing this value, the master should be stopped and all Salt +# Prior to changing this value, the master should be stopped and all Salt # caches should be cleared. {{ get_config('hash_type', 'md5') }} From d730d4f2b853d659676fd724f9543505b0ee4c3e Mon Sep 17 00:00:00 2001 From: Devon Stewart Date: Tue, 6 Oct 2015 17:13:25 -0700 Subject: [PATCH 060/146] Using cfg_salt['master'] is never the right answer - When it's iterable, the minion could be running on the master - When it's a string, there's no advantage over just specifying `salt:minion:master` --- salt/files/minion.d/f_defaults.conf | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index 681fa96..b3cb6b3 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -20,8 +20,7 @@ {{ get_config('default_include', 'minion.d/*.conf') }} # master configs -{%- if 'master' in cfg_minion -%} -{%- if cfg_minion['master'] is not string %} +{%- if 'master' in cfg_minion and cfg_minion['master'] is not string %} master: {% for name in cfg_minion['master'] -%} - {{ name }} @@ -29,16 +28,6 @@ master: {%- else %} {{ get_config('master', 'salt') }} {%- endif %} -{% elif 'master' in cfg_salt -%} -{%- if cfg_salt['master'] is not string %} -master: - {% for name in cfg_salt['master'] -%} - - {{ name }} - {% endfor -%} -{%- else %} -{{ get_config('master', 'salt') }} -{%- endif -%} -{%- endif %} # choose a random master {{ get_config('random_master', 'False') }} From 8b39b3776269b61a2cf1036c7615c7498c8ab4aa Mon Sep 17 00:00:00 2001 From: abednarik Date: Mon, 16 Nov 2015 22:05:36 -0300 Subject: [PATCH 061/146] Replace deprecated iteritems() with items() --- salt/formulas.sls | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/formulas.sls b/salt/formulas.sls index 5eaaff5..b433bb5 100644 --- a/salt/formulas.sls +++ b/salt/formulas.sls @@ -4,7 +4,7 @@ {% from "salt/formulas.jinja" import formulas_git_opt with context %} # Loop over all formulas listed in pillar data -{% for env, entries in salt['pillar.get']('salt_formulas:list', {}).iteritems() %} +{% for env, entries in salt['pillar.get']('salt_formulas:list', {}).items() %} {% for entry in entries %} {% set basedir = formulas_git_opt(env, 'basedir')|load_yaml %} @@ -17,7 +17,7 @@ {{ basedir }}: file.directory: {%- for key, value in salt['pillar.get']('salt_formulas:basedir_opts', - {'makedirs': True}).iteritems() %} + {'makedirs': True}).items() %} - {{ key }}: {{ value }} {%- endfor %} {% endif %} @@ -31,7 +31,7 @@ git.latest: - name: {{ baseurl }}/{{ entry }}.git - target: {{ gitdir }} - {%- for key, value in options.iteritems() %} + {%- for key, value in options.items() %} - {{ key }}: {{ value }} {%- endfor %} - require: From 3a83533669b4a2eaa65f14bda0971e9d2c93c217 Mon Sep 17 00:00:00 2001 From: risca Date: Wed, 18 Nov 2015 19:56:35 +0100 Subject: [PATCH 062/146] fixed ext_pillar according to https://docs.saltstack.com/en/latest/topics/development/external_pillars.html#configuration and master_tops according to https://docs.saltstack.com/en/latest/topics/master_tops/index.html --- salt/files/master.d/f_defaults.conf | 36 +++++++++++++++++++++++++---- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 3da402e..54cb732 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -408,7 +408,19 @@ client_acl_blacklist: # master_tops: # ext_nodes: # -{{ get_config('master_tops', '{}') }} +{% if 'master_tops' in cfg_master %} +master_tops: +{%- for master in cfg_master['master_tops'] -%} + {%- if cfg_master['master_tops'][master] is string %} + {{ master }}: {{ cfg_master['master_tops'][master] }} + {%- else %} + {{ master}}: + {%- for parameter in cfg_master['master_tops'][master] %} + {{ parameter }}: {{ cfg_master['master_tops'][master][parameter] }} + {%- endfor -%} + {%- endif -%} +{%- endfor %} +{% endif %} # The external_nodes option allows Salt to gather data that would normally be # placed in a top file. The external_nodes option is the executable that will @@ -672,9 +684,25 @@ pillar_roots: # {% if 'ext_pillar' in cfg_master %} ext_pillar: -{% for pillar in cfg_master['ext_pillar'] %} - - {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }} -{% endfor %} +{%- for pillar in cfg_master['ext_pillar'] -%} + {%- for key in pillar -%} + {%- if pillar[key] is string %} + - {{ key }}: {{ pillar[key] }} + {%- elif pillar[key] is iterable and pillar[key] is not mapping %} + - {{ key }}: + {%- for parameter in pillar[key] %} + - {{ parameter }} + {%- endfor -%} + {%- elif pillar[key] is mapping and pillar[key] is not string %} + - {{ key }}: + {%- for parameter in pillar[key] %} + {{ parameter }}: {{pillar[key][parameter]}} + {%- endfor %} + {%- else %} +# Error in rendering {{ key }}, please read https://docs.saltstack.com/en/latest/topics/development/external_pillars.html#configuration + {% endif %} + {%- endfor -%} +{%- endfor %} {% elif 'ext_pillar' in cfg_salt %} ext_pillar: {% for pillar in cfg_salt['ext_pillar'] %} From 87f3e849d23d3dae2411015e21f66c77b7860a33 Mon Sep 17 00:00:00 2001 From: James O'Neill Date: Sat, 5 Dec 2015 23:24:05 +1300 Subject: [PATCH 063/146] Make Debian use pkgrepo.managed and allow the repo name and key_url to be overridden via Pillar lookup. --- salt/map.jinja | 4 +++- salt/pkgrepo/debian/absent.sls | 4 ++++ salt/pkgrepo/debian/init.sls | 22 ++++++---------------- salt/pkgrepo/debian/sources.list | 2 -- 4 files changed, 13 insertions(+), 19 deletions(-) delete mode 100644 salt/pkgrepo/debian/sources.list diff --git a/salt/map.jinja b/salt/map.jinja index 3ee36c1..37e2f24 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -4,12 +4,14 @@ {## Start with defaults from defaults.yaml ##} {% import_yaml "salt/defaults.yaml" as default_settings %} -{## +{## Setup variable using grains['os_family'] based logic, only add key:values here that differ from whats in defaults.yaml ##} {% set os_family_map = salt['grains.filter_by']({ 'Debian': { + 'pkgrepo': 'deb http://debian.saltstack.com/debian ' + salt['grains.get']('oscodename') + '-saltstack main', + 'key_url': 'salt://' + slspath + '/saltstack.gpg', 'libgit2': 'libgit2-22', 'gitfs': { 'pygit2': { diff --git a/salt/pkgrepo/debian/absent.sls b/salt/pkgrepo/debian/absent.sls index 2ace193..a3eb838 100644 --- a/salt/pkgrepo/debian/absent.sls +++ b/salt/pkgrepo/debian/absent.sls @@ -1,4 +1,8 @@ +{% from "salt/map.jinja" import salt_settings with context %} + drop-saltstack-pkgrepo: + pkgrepo.absent: + - name: {{ salt_settings.pkgrepo }} file.absent: - name: /etc/apt/sources.list.d/saltstack.list diff --git a/salt/pkgrepo/debian/init.sls b/salt/pkgrepo/debian/init.sls index 56ae83d..4483619 100644 --- a/salt/pkgrepo/debian/init.sls +++ b/salt/pkgrepo/debian/init.sls @@ -1,21 +1,11 @@ -saltstack-apt-key: - file.managed: - - name: /etc/apt/trusted.gpg.d/saltstack.gpg - - source: salt://{{ slspath }}/saltstack.gpg - - user: root - - group: root - - mode: 644 +{% from "salt/map.jinja" import salt_settings with context %} saltstack-pkgrepo: - file.managed: - - name: /etc/apt/sources.list.d/saltstack.list - - source: salt://{{ slspath }}/sources.list - - user: root - - group: root - - mode: 644 - - template: jinja - - require: - - file: saltstack-apt-key + pkgrepo.managed: + - humanname: SaltStack Debian Repo + - name: {{ salt_settings.pkgrepo }} + - file: /etc/apt/sources.list.d/saltstack.list + - key_url: {{ salt_settings.key_url }} # Order: 1 because we can't put a require_in on "pkg: salt-{master,minion}" # because we don't know if they are used. - order: 1 diff --git a/salt/pkgrepo/debian/sources.list b/salt/pkgrepo/debian/sources.list deleted file mode 100644 index f99e426..0000000 --- a/salt/pkgrepo/debian/sources.list +++ /dev/null @@ -1,2 +0,0 @@ -# saltstack -deb http://debian.saltstack.com/debian {{ grains['oscodename'] }}-saltstack main From 6d9683ca1f902ee6c522e01d1518e060881d0ef1 Mon Sep 17 00:00:00 2001 From: James O'Neill Date: Wed, 9 Dec 2015 23:33:00 +1300 Subject: [PATCH 064/146] Add clean_file to wipe saltstack.list contents --- salt/pkgrepo/debian/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/pkgrepo/debian/init.sls b/salt/pkgrepo/debian/init.sls index 4483619..350713f 100644 --- a/salt/pkgrepo/debian/init.sls +++ b/salt/pkgrepo/debian/init.sls @@ -6,6 +6,7 @@ saltstack-pkgrepo: - name: {{ salt_settings.pkgrepo }} - file: /etc/apt/sources.list.d/saltstack.list - key_url: {{ salt_settings.key_url }} + - clean_file: True # Order: 1 because we can't put a require_in on "pkg: salt-{master,minion}" # because we don't know if they are used. - order: 1 From 02be0b13671968f2486dac62ee7bbfcda82ea768 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Paw=C5=82owski?= Date: Mon, 21 Dec 2015 15:00:35 +0100 Subject: [PATCH 065/146] add support for returner setting in minion configuration --- salt/files/minion.d/f_defaults.conf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index b3cb6b3..b435690 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -360,3 +360,8 @@ pillar_roots: ############################################ # windows repo cache {{ get_config('win_repo_cachefile', 'salt://win/repo/winrepo.p') }} + +###### Returner settings ###### +############################################ +# default returner +{{ get_config('return', '') }} From 3b8669cd67feae3ed72e3b149d08e3746073b1dd Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Thu, 24 Dec 2015 13:28:35 -0500 Subject: [PATCH 066/146] dropped ppa and updated to official repos for ubuntu --- salt/pkgrepo/ubuntu/absent.sls | 4 +++- salt/pkgrepo/ubuntu/init.sls | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/salt/pkgrepo/ubuntu/absent.sls b/salt/pkgrepo/ubuntu/absent.sls index 27b5fd6..1b63537 100644 --- a/salt/pkgrepo/ubuntu/absent.sls +++ b/salt/pkgrepo/ubuntu/absent.sls @@ -1,3 +1,5 @@ drop-saltstack-pkgrepo: pkgrepo.absent: - - ppa: saltstack/salt + - name: deb http://repo.saltstack.com/apt/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/latest {{ grains['lsb_distrib_codename'] }} main + - file: /etc/apt/sources.list.d/saltstack.list + - key_url: https://repo.saltstack.com/apt/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/latest/SALTSTACK-GPG-KEY.pub \ No newline at end of file diff --git a/salt/pkgrepo/ubuntu/init.sls b/salt/pkgrepo/ubuntu/init.sls index bd3986a..35e950c 100644 --- a/salt/pkgrepo/ubuntu/init.sls +++ b/salt/pkgrepo/ubuntu/init.sls @@ -1,3 +1,5 @@ saltstack-pkgrepo: pkgrepo.managed: - - ppa: saltstack/salt + - name: deb http://repo.saltstack.com/apt/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/latest {{ grains['lsb_distrib_codename'] }} main + - file: /etc/apt/sources.list.d/saltstack.list + - key_url: https://repo.saltstack.com/apt/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/latest/SALTSTACK-GPG-KEY.pub \ No newline at end of file From 8f2191471bcdbc4f413f9a621d72ecf6a67b2841 Mon Sep 17 00:00:00 2001 From: Seth Miller Date: Fri, 8 Jan 2016 11:21:22 -0600 Subject: [PATCH 067/146] Replace pkgrepo with offical Saltstack repo issue #180 --- README.rst | 7 +------ salt/pkgrepo/redhat/init.sls | 11 +++++------ 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/README.rst b/README.rst index 6706b4c..fd3948a 100644 --- a/README.rst +++ b/README.rst @@ -73,12 +73,7 @@ For EL distributions, pygit is installed from packages from `EPEL `_. - -On EL distributions, the official Salt `COPR for ZeroMQ 4 `_. Salt itself is installed via `EPEL `_. +benefit from the latest version. This state currently only works on Debian, Ubuntu, RHEL 6/7 and aims to implement the `installation recommendations of the official documentation `_. ``salt.pkgrepo.absent`` ----------------------- diff --git a/salt/pkgrepo/redhat/init.sls b/salt/pkgrepo/redhat/init.sls index feb167c..a99827a 100644 --- a/salt/pkgrepo/redhat/init.sls +++ b/salt/pkgrepo/redhat/init.sls @@ -1,10 +1,9 @@ {% from "salt/map.jinja" import salt_settings with context %} -saltstack-zeromq4: +saltstack-pkgrepo: pkgrepo.managed: - - humanname: Copr repo for zeromq4 owned by saltstack - - baseurl: http://copr-be.cloud.fedoraproject.org/results/saltstack/zeromq4/{{ salt_settings.repotype }}-$releasever-$basearch/ - - gpgcheck: 1 - - gpgkey: https://copr-be.cloud.fedoraproject.org/results/saltstack/zeromq4/pubkey.gpg - - skip_if_unavailable: True + - humanname: SaltStack repo for RHEL/CentOS $releasever + - baseurl: https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest - enabled: 1 + - gpgcheck: 1 + - gpgkey: https://repo.saltstack.com/yum/redhat/$releasever/$basearch/latest/SALTSTACK-GPG-KEY.pub From cbe576366831910262caec523a7d2c12287a7c55 Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Sat, 9 Jan 2016 19:39:47 +0100 Subject: [PATCH 068/146] fix pillar and libvirt --- salt/files/master.d/_libvirt.conf | 1 + salt/files/master.d/_pillar.conf | 1 + salt/files/minion.d/_libvirt.conf | 1 + salt/files/minion.d/_pillar.conf | 1 + 4 files changed, 4 insertions(+) create mode 100644 salt/files/master.d/_libvirt.conf create mode 100644 salt/files/master.d/_pillar.conf create mode 100644 salt/files/minion.d/_libvirt.conf create mode 100644 salt/files/minion.d/_pillar.conf diff --git a/salt/files/master.d/_libvirt.conf b/salt/files/master.d/_libvirt.conf new file mode 100644 index 0000000..bbd38bc --- /dev/null +++ b/salt/files/master.d/_libvirt.conf @@ -0,0 +1 @@ +virt.tunnel: True diff --git a/salt/files/master.d/_pillar.conf b/salt/files/master.d/_pillar.conf new file mode 100644 index 0000000..5f3fdf0 --- /dev/null +++ b/salt/files/master.d/_pillar.conf @@ -0,0 +1 @@ +pillar_merge_lists: False diff --git a/salt/files/minion.d/_libvirt.conf b/salt/files/minion.d/_libvirt.conf new file mode 100644 index 0000000..bbd38bc --- /dev/null +++ b/salt/files/minion.d/_libvirt.conf @@ -0,0 +1 @@ +virt.tunnel: True diff --git a/salt/files/minion.d/_pillar.conf b/salt/files/minion.d/_pillar.conf new file mode 100644 index 0000000..5f3fdf0 --- /dev/null +++ b/salt/files/minion.d/_pillar.conf @@ -0,0 +1 @@ +pillar_merge_lists: False From adb0c7008d3e55bcaea48099a9b324fe07b41bec Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Sat, 9 Jan 2016 21:45:23 +0100 Subject: [PATCH 069/146] removing accidentally committed files --- salt/files/master.d/_libvirt.conf | 1 - salt/files/master.d/_pillar.conf | 1 - salt/files/minion.d/_libvirt.conf | 1 - salt/files/minion.d/_pillar.conf | 1 - 4 files changed, 4 deletions(-) delete mode 100644 salt/files/master.d/_libvirt.conf delete mode 100644 salt/files/master.d/_pillar.conf delete mode 100644 salt/files/minion.d/_libvirt.conf delete mode 100644 salt/files/minion.d/_pillar.conf diff --git a/salt/files/master.d/_libvirt.conf b/salt/files/master.d/_libvirt.conf deleted file mode 100644 index bbd38bc..0000000 --- a/salt/files/master.d/_libvirt.conf +++ /dev/null @@ -1 +0,0 @@ -virt.tunnel: True diff --git a/salt/files/master.d/_pillar.conf b/salt/files/master.d/_pillar.conf deleted file mode 100644 index 5f3fdf0..0000000 --- a/salt/files/master.d/_pillar.conf +++ /dev/null @@ -1 +0,0 @@ -pillar_merge_lists: False diff --git a/salt/files/minion.d/_libvirt.conf b/salt/files/minion.d/_libvirt.conf deleted file mode 100644 index bbd38bc..0000000 --- a/salt/files/minion.d/_libvirt.conf +++ /dev/null @@ -1 +0,0 @@ -virt.tunnel: True diff --git a/salt/files/minion.d/_pillar.conf b/salt/files/minion.d/_pillar.conf deleted file mode 100644 index 5f3fdf0..0000000 --- a/salt/files/minion.d/_pillar.conf +++ /dev/null @@ -1 +0,0 @@ -pillar_merge_lists: False From 41f2de74bd92b9b03ea7544e6815786c12c2f8d4 Mon Sep 17 00:00:00 2001 From: Kevin Schmidt Date: Fri, 11 Dec 2015 12:42:16 +0000 Subject: [PATCH 070/146] * add gitfs whitelist and blacklist --- salt/files/master.d/f_defaults.conf | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 54cb732..770c8d9 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -652,6 +652,30 @@ gitfs_remotes: # repository and defaults to the repository root. {{ get_config('gitfs_root', 'somefolder/otherfolder') }} +# The gitfs_env_whitelist and gitfs_env_blacklist parameters allow for greater +# control over which branches/tags are exposed as fileserver environments. +{% if 'gitfs_env_whitelist' in cfg_master -%} +gitfs_env_whitelist: + {%- for git_env in cfg_master['gitfs_env_whitelist'] %} + - {{ git_env }} + {%- endfor -%} +{% else -%} +# gitfs_env_whitelist: +# - base +# - v1.* +{% endif %} + +{% if 'gitfs_env_blacklist' in cfg_master -%} +gitfs_env_blacklist: + {%- for git_env in cfg_master['gitfs_env_blacklist'] %} + - {{ git_env }} + {%- endfor -%} +{% else -%} +# gitfs_env_blacklist: +# - bug/* +# - feature/* +{% endif %} + ##### Pillar settings ##### ########################################## From ce6849247e5d309aaa2a983a888cd63b9e1ff9c2 Mon Sep 17 00:00:00 2001 From: Kevin Schmidt Date: Wed, 13 Jan 2016 13:04:22 +0000 Subject: [PATCH 071/146] add consul config support --- salt/files/master.d/f_defaults.conf | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 770c8d9..539e913 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -1045,3 +1045,12 @@ rest_tornado: ########################################## {{ get_config('presence_events', 'False') }} {% endif %} + +{% if 'consul_config' in cfg_master %} +##### consul_config ##### +########################################## +consul_config: + {% for name, value in cfg_master['consul_config'].items() %} + {{ name }}: {{ value }} + {%- endfor %} +{%- endif %} From d1cbec3fe25fbf62ec1015274bfab259a62cd149 Mon Sep 17 00:00:00 2001 From: Thomas Larsen Date: Mon, 8 Feb 2016 13:45:09 +0000 Subject: [PATCH 072/146] Added support for downloading formulas from multiple baseurls into the same environment. --- pillar.example | 12 +++++++----- salt/formulas.jinja | 4 +++- salt/formulas.sls | 5 +++-- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/pillar.example b/pillar.example index 614cc7d..f2511db 100644 --- a/pillar.example +++ b/pillar.example @@ -160,9 +160,11 @@ salt_formulas: # List of formulas to enable in each environment list: base: - - salt-formula - - postfix-formula + https://github.com/saltstack-formulas: + - salt-formula + - postfix-formula dev: - - salt-formula - - postfix-formula - - openssh-formula + https://github.com/saltstack-formulas + - salt-formula + - postfix-formula + - openssh-formula diff --git a/salt/formulas.jinja b/salt/formulas.jinja index 2a466a2..123c88c 100644 --- a/salt/formulas.jinja +++ b/salt/formulas.jinja @@ -16,10 +16,12 @@ {%- macro formulas_roots(env) -%} {%- set value = [] -%} -{%- for dir in formulas.get(env, []) -%} +{%- for repo,f_name in formulas.get(env, {}).items() -%} +{%- for dir in f_name -%} {%- set basedir = formulas_git_opt(env, 'basedir')|load_yaml -%} {%- do value.append('{0}/{1}'.format(basedir, dir)) -%} {%- endfor -%} +{%- endfor -%} {{ value|yaml }} {%- endmacro -%} diff --git a/salt/formulas.sls b/salt/formulas.sls index b433bb5..a58cc4f 100644 --- a/salt/formulas.sls +++ b/salt/formulas.sls @@ -4,7 +4,8 @@ {% from "salt/formulas.jinja" import formulas_git_opt with context %} # Loop over all formulas listed in pillar data -{% for env, entries in salt['pillar.get']('salt_formulas:list', {}).items() %} +{% for env, elements in salt['pillar.get']('salt_formulas:list', {}).items() %} +{% for baseurl, entries in elements.items() %} {% for entry in entries %} {% set basedir = formulas_git_opt(env, 'basedir')|load_yaml %} @@ -26,7 +27,6 @@ {% if gitdir not in processed_gitdirs %} {% do processed_gitdirs.append(gitdir) %} {% set options = formulas_git_opt(env, 'options')|load_yaml %} -{% set baseurl = formulas_git_opt(env, 'baseurl')|load_yaml %} {{ gitdir }}: git.latest: - name: {{ baseurl }}/{{ entry }}.git @@ -43,3 +43,4 @@ {% endfor %} {% endfor %} +{% endfor %} From bbeacc4ace14342f5bbd37c1230a4d72178d1b19 Mon Sep 17 00:00:00 2001 From: Thomas Larsen Date: Mon, 8 Feb 2016 14:01:47 +0000 Subject: [PATCH 073/146] Fixed typo in `pillar.example` --- pillar.example | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pillar.example b/pillar.example index f2511db..0198dff 100644 --- a/pillar.example +++ b/pillar.example @@ -135,9 +135,6 @@ salt_formulas: # environment, if an option is missing in a given environment, the # value from "default" is used instead. default: - # URL where the formulas git repositories are downloaded from - # it will be suffixed with .git - baseurl: https://github.com/saltstack-formulas # Directory where Git repositories are downloaded basedir: /srv/formulas # Update the git repository to the latest version (False by default) @@ -164,7 +161,7 @@ salt_formulas: - salt-formula - postfix-formula dev: - https://github.com/saltstack-formulas + https://github.com/saltstack-formulas: - salt-formula - postfix-formula - openssh-formula From e8021220b886877e371e4f27619ab6e76541b419 Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Tue, 16 Feb 2016 10:20:42 -0500 Subject: [PATCH 074/146] Revert PR #200 This restores the original structure/behavior of the `salt_formulas` Pillar key. --- pillar.example | 15 ++++++++------- salt/formulas.jinja | 4 +--- salt/formulas.sls | 5 ++--- 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/pillar.example b/pillar.example index 0198dff..614cc7d 100644 --- a/pillar.example +++ b/pillar.example @@ -135,6 +135,9 @@ salt_formulas: # environment, if an option is missing in a given environment, the # value from "default" is used instead. default: + # URL where the formulas git repositories are downloaded from + # it will be suffixed with .git + baseurl: https://github.com/saltstack-formulas # Directory where Git repositories are downloaded basedir: /srv/formulas # Update the git repository to the latest version (False by default) @@ -157,11 +160,9 @@ salt_formulas: # List of formulas to enable in each environment list: base: - https://github.com/saltstack-formulas: - - salt-formula - - postfix-formula + - salt-formula + - postfix-formula dev: - https://github.com/saltstack-formulas: - - salt-formula - - postfix-formula - - openssh-formula + - salt-formula + - postfix-formula + - openssh-formula diff --git a/salt/formulas.jinja b/salt/formulas.jinja index 123c88c..2a466a2 100644 --- a/salt/formulas.jinja +++ b/salt/formulas.jinja @@ -16,12 +16,10 @@ {%- macro formulas_roots(env) -%} {%- set value = [] -%} -{%- for repo,f_name in formulas.get(env, {}).items() -%} -{%- for dir in f_name -%} +{%- for dir in formulas.get(env, []) -%} {%- set basedir = formulas_git_opt(env, 'basedir')|load_yaml -%} {%- do value.append('{0}/{1}'.format(basedir, dir)) -%} {%- endfor -%} -{%- endfor -%} {{ value|yaml }} {%- endmacro -%} diff --git a/salt/formulas.sls b/salt/formulas.sls index a58cc4f..b433bb5 100644 --- a/salt/formulas.sls +++ b/salt/formulas.sls @@ -4,8 +4,7 @@ {% from "salt/formulas.jinja" import formulas_git_opt with context %} # Loop over all formulas listed in pillar data -{% for env, elements in salt['pillar.get']('salt_formulas:list', {}).items() %} -{% for baseurl, entries in elements.items() %} +{% for env, entries in salt['pillar.get']('salt_formulas:list', {}).items() %} {% for entry in entries %} {% set basedir = formulas_git_opt(env, 'basedir')|load_yaml %} @@ -27,6 +26,7 @@ {% if gitdir not in processed_gitdirs %} {% do processed_gitdirs.append(gitdir) %} {% set options = formulas_git_opt(env, 'options')|load_yaml %} +{% set baseurl = formulas_git_opt(env, 'baseurl')|load_yaml %} {{ gitdir }}: git.latest: - name: {{ baseurl }}/{{ entry }}.git @@ -43,4 +43,3 @@ {% endfor %} {% endfor %} -{% endfor %} From bfcaca38a6a9f032889a1247ea20b93f7c586a5a Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Sat, 20 Feb 2016 21:07:17 +0100 Subject: [PATCH 075/146] merge options from 2015.8.7 version in f_defaults.conf --- salt/files/master.d/f_defaults.conf | 295 +++++++++++++++++++++------- 1 file changed, 224 insertions(+), 71 deletions(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 539e913..c183514 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -1,5 +1,5 @@ # This file managed by Salt, do not edit by hand!! -# Based on salt version 2014.7 default config +# Based on salt version 2015.8.7 default config {% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] -%} {% set cfg_salt = pillar.get('salt', {}) -%} {% set cfg_master = cfg_salt.get('master', {}) -%} @@ -15,10 +15,11 @@ {%- from 'salt/formulas.jinja' import file_roots, formulas with context -%} ##### Primary configuration settings ##### ########################################## -# This configuration file is used to manage the behavior of the Salt Master -# Values that are commented out but have no space after the comment are -# defaults that need not be set in the config. If there is a space after the -# comment that the value is presented as an example and is not the default. +# This configuration file is used to manage the behavior of the Salt Master. +# Values that are commented out but have an empty line after the comment are +# defaults that do not need to be set in the config. If there is no blank line +# after the comment then the value is presented as an example and is not the +# default. # Per default, the master will automatically include all config files # from master.d/*.conf (master.d is a directory in the same directory @@ -41,30 +42,6 @@ # modified files cause conflicts, set verify_env to False. {{ get_config('user', 'root') }} -# Max open files -# -# Each minion connecting to the master uses AT LEAST one file descriptor, the -# master subscription connection. If enough minions connect you might start -# seeing on the console (and then salt-master crashes): -# Too many open files (tcp_listener.cpp:335) -# Aborted (core dumped) -# -# By default this value will be the one of `ulimit -Hn`, ie, the hard limit for -# max open files. -# -# If you wish to set a different value than the default one, uncomment and -# configure this setting. Remember that this value CANNOT be higher than the -# hard limit. Raising the hard limit depends on your OS and/or distribution, -# a good way to find the limit is to search the internet. For example: -# raise max open files hard limit debian -# -{{ get_config('max_open_files', '100000') }} - -# The number of worker threads to start. These threads are used to manage -# return calls made from minions to the master. If the master seems to be -# running slowly, increase the number of threads. -{{ get_config('worker_threads', '5') }} - # The port used by the communication interface. The ret (return) port is the # interface used for the file server, authentication, job returns, etc. {{ get_config('ret_port', '4506') }} @@ -81,6 +58,8 @@ {{ get_config('pki_dir', '/etc/salt/pki/master') }} # Directory to store job and cache data: +# This directory may contain sensitive data and should be protected accordingly. +# {{ get_config('cachedir', '/var/cache/salt/master') }} # Directory for custom modules. This directory can contain subdirectories for @@ -88,6 +67,25 @@ # "states", "returners", etc. {{ get_config('extension_modules', '') }} +# Directory for custom modules. This directory can contain subdirectories for +# each of Salt's module types such as "runners", "output", "wheel", "modules", +# "states", "returners", etc. +# Like 'extension_modules' but can take an array of paths +{% if 'module_dirs' in cfg_master -%} +module_dirs: + {%- for dir in cfg_master['module_dirs'] %} + - {{ dir}} + {%- endfor -%} +{% elif 'module_dirs' in cfg_salt -%} +module_dirs: + {%- for dir in cfg_salt['module_dirs'] %} + - {{ dir}} + {%- endfor -%} +{% else -%} +#module_dirs: +# - /var/cache/salt/minion/extmods +{% endif %} + # Verify and set permissions on configuration directories at startup: {{ get_config('verify_env', 'True') }} @@ -109,9 +107,6 @@ # Return minions that timeout when running commands like test.ping {{ get_config('show_timeout', 'True') }} -# Display the jid when a job is published -{{ get_config('show_jid', 'False') }} - # By default, output is colored. To disable colored output, set the color value # to False. {{ get_config('color', 'True') }} @@ -138,10 +133,9 @@ {{ get_config('minion_data_cache', 'True') }} # Store all returns in the given returner. -# Setting this option requires that any returner-specific configuration also +# Setting this option requires that any returner-specific configuration also # be set. See various returners in salt/returners for details on required # configuration values. (See also, event_return_queue below.) -# {{ get_config('event_return', 'mysql') }} # On busy systems, enabling event_returns can cause a considerable load on @@ -182,7 +176,6 @@ event_return_blacklist: # event_return_blacklist: # - salt/master/not_this_tag # - salt/master/or_this_one - {% endif %} # Passing very large events can cause the minion to consume large amounts of @@ -202,12 +195,12 @@ event_return_blacklist: # the key rotation event as minions reconnect. Consider this carefully if this # salt master is managing a large number of minions. # -# If disabled, it is recommended to handle this event by listening for the +# If disabled, it is recommended to handle this event by listening for the # 'aes_key_rotate' event with the 'key' tag and acting appropriately. {{ get_config('ping_on_rotate', 'False') }} # By default, the master deletes its cache of minion data when the key for that -# minion is removed. To preserve the cache after key deletion, set +# minion is removed. To preserve the cache after key deletion, set # 'preserve_minion_cache' to True. # # WARNING: This may have security implications if compromised minions auth with @@ -236,6 +229,58 @@ event_return_blacklist: # - /etc/salt/extra_config {{ get_config('include', '[]') }} +##### Large-scale tuning settings ##### +########################################## +# Max open files +# +# Each minion connecting to the master uses AT LEAST one file descriptor, the +# master subscription connection. If enough minions connect you might start +# seeing on the console (and then salt-master crashes): +# Too many open files (tcp_listener.cpp:335) +# Aborted (core dumped) +# +# By default this value will be the one of `ulimit -Hn`, ie, the hard limit for +# max open files. +# +# If you wish to set a different value than the default one, uncomment and +# configure this setting. Remember that this value CANNOT be higher than the +# hard limit. Raising the hard limit depends on your OS and/or distribution, +# a good way to find the limit is to search the internet. For example: +# raise max open files hard limit debian +# +{{ get_config('max_open_files', '100000') }} + +# The number of worker threads to start. These threads are used to manage +# return calls made from minions to the master. If the master seems to be +# running slowly, increase the number of threads. This setting can not be +# set lower than 3. +{{ get_config('worker_threads', '5') }} + +# Set the ZeroMQ high water marks +# http://api.zeromq.org/3-2:zmq-setsockopt + +# The publisher interface ZeroMQPubServerChannel +{{ get_config('pub_hwm', '1000') }} + +# These two ZMQ HWM settings, salt_event_pub_hwm and event_publisher_pub_hwm +# are significant for masters with thousands of minions. When these are +# insufficiently high it will manifest in random responses missing in the CLI +# and even missing from the job cache. Masters that have fast CPUs and many +# cores with appropriate worker_threads will not need these set as high. + +# On deployment with 8,000 minions, 2.4GHz CPUs, 24 cores, 32GiB memory has +# these settings: +# +# salt_event_pub_hwm: 128000 +# event_publisher_pub_hwm: 64000 + +# ZMQ high-water-mark for SaltEvent pub socket +{{ get_config('salt_event_pub_hwm', '20000') }} + +# ZMQ high-water-mark for EventPublisher pub socket +{{ get_config('event_publisher_pub_hwm', '10000') }} + + ##### Security settings ##### ########################################## # Enable "open mode", this mode still maintains encryption, but turns off @@ -276,10 +321,6 @@ event_return_blacklist: # This setting should be treated with care since it opens up execution # capabilities to non root users. By default this capability is completely # disabled. -#client_acl: -# larry: -# - test.ping -# - network.* {% if 'client_acl' in cfg_master -%} client_acl: {%- for name, user in cfg_master['client_acl']|dictsort %} @@ -308,7 +349,6 @@ client_acl: # This example would blacklist all non sudo users, including root from # running any commands. It would also blacklist any use of the "cmd" # module. This is completely disabled by default. -# {% if 'client_acl_blacklist' in cfg_master %} client_acl_blacklist: users: @@ -339,8 +379,7 @@ client_acl_blacklist: {% endif %} # Enforce client_acl & client_acl_blacklist when users have sudo -# access to the salt command. -# +# access to the salt command. {{ get_config('sudo_acl', 'False') }} # The external auth system uses the Salt auth modules to authenticate and @@ -377,9 +416,41 @@ client_acl_blacklist: # will cause minion to throw an exception and drop the message. {{ get_config('sign_pub_message', 'False') }} - +# Sign the master auth-replies with a cryptographic signature of the masters public key. +# Please see the tutorial how to use these settings in the Multimaster-PKI with Failover Tutorial {{ get_config('master_sign_pubkey', 'False') }} +# The customizable name of the signing-key-pair without suffix. +# master_sign_key_name: +{{ get_config('master_sign', '{}') }} + +# The name of the file in the masters pki-directory that holds the pre-calculated +# signature of the masters public-key. +# master_pubkey_signature: +{{ get_config('master_pubkey_signature', '{}') }} + +# Instead of computing the signature for each auth-reply, use a pre-calculated signature. +# The master_pubkey_signature must also be set for this. +{{ get_config('master_use_pubkey_signature', 'False') }} + +# Rotate the salt-masters AES-key when a minion-public is deleted with salt-key. +# This is a very important security-setting. Disabling it will enable deleted minions to still +# listen in on the messages published by the salt-master. +# Do not disable this unless it is absolutely clear what this does. +{{ get_config('rotate_aes_key', 'True') }} + +##### Salt-SSH Configuration ##### +########################################## + +# Pass in an alternative location for the salt-ssh roster file +{{ get_config('roster_file', '/etc/salt/roster') }} + +# Pass in minion option overrides that will be inserted into the SHIM for +# salt-ssh calls. The local minion config is not used for salt-ssh. Can be +# overridden on a per-minion basis in the roster (`minion_opts`) +#ssh_minion_opts: +# gpg_keydir: /root/gpg +{{ get_config('ssh_minion_opts', '{}') }} ##### Master Module Management ##### ########################################## @@ -408,6 +479,7 @@ client_acl_blacklist: # master_tops: # ext_nodes: # +#master_tops: {} {% if 'master_tops' in cfg_master %} master_tops: {%- for master in cfg_master['master_tops'] -%} @@ -438,7 +510,7 @@ master_tops: # (block, not variable tag!). Defaults to False, corresponds to the Jinja # environment init variable "trim_blocks". {{ get_config('jinja_trim_blocks', 'False') }} -# + # If this is set to True leading spaces and tabs are stripped from the start # of a line to a block. Defaults to False, corresponds to the Jinja # environment init variable "lstrip_blocks". @@ -462,13 +534,19 @@ master_tops: {{ get_config('state_output', 'full') }} # Automatically aggregate all states that have support for mod_aggregate by -# setting to True. Or pass a list of state module names to automatically +# setting to 'True'. Or pass a list of state module names to automatically # aggregate just those types. # # state_aggregate: # - pkg # #state_aggregate: False +{{ get_config('state_aggregate', '{}') }} + +# Send progress events as each function in a state run completes execution +# by setting to 'True'. Progress events are in the format +# 'salt/job//prog//'. +{{ get_config('state_events', 'False') }} ##### File Server settings ##### ########################################## @@ -490,7 +568,7 @@ master_tops: # prod: # - /srv/salt/prod/services # - /srv/salt/prod/states - +# {% if 'file_roots' in cfg_master -%} {{ file_roots(cfg_master['file_roots']) }} {%- elif 'file_roots' in cfg_salt -%} @@ -503,11 +581,27 @@ master_tops: # - /srv/salt {%- endif %} +# When using multiple environments, each with their own top file, the +# default behaviour is an unordered merge. To prevent top files from +# being merged together and instead to only use the top file from the +# requested environment, set this value to 'same'. +{{ get_config('top_file_merging_stragety', 'merge') }} + +# To specify the order in which environments are merged, set the ordering +# in the env_order option. Given a conflict, the last matching value will +# win. +{{ get_config('env_order', '["base", "dev", "prod"]') }} + +# If top_file_merging_strategy is set to 'same' and an environment does not +# contain a top file, the top file in the environment specified by default_top +# will be used instead. +{{ get_config('default_top', 'base') }} + # The hash_type is the hash to use when discovering the hash of a file on # the master server. The default is md5, but sha1, sha224, sha256, sha384 # and sha512 are also supported. # -# Prior to changing this value, the master should be stopped and all Salt +# Prior to changing this value, the master should be stopped and all Salt # caches should be cleared. {{ get_config('hash_type', 'md5') }} @@ -578,26 +672,26 @@ fileserver_backend: - {{ backend }} {%- endfor -%} {%- endif %} -# + # Uncomment the line below if you do not want the file_server to follow # symlinks when walking the filesystem tree. This is set to True # by default. Currently this only applies to the default roots # fileserver_backend. {{ get_config('fileserver_followsymlinks', 'False') }} -# + # Uncomment the line below if you do not want symlinks to be # treated as the files they are pointing to. By default this is set to # False. By uncommenting the line below, any detected symlink while listing # files on the Master will not be returned to the Minion. {{ get_config('fileserver_ignoresymlinks', 'True') }} -# + # By default, the Salt fileserver recurses fully into all defined environments # to attempt to find files. To limit this behavior so that the fileserver only # traverses directories with SLS files and special Salt directories like _modules, # enable the option below. This might be useful for installations where a file root # has a very large number of files and performance is impacted. Default is False. {{ get_config('fileserver_limit_traversal', 'False') }} -# + # The fileserver can fire events off every time the fileserver is updated, # these are disabled by default, but can be easily turned on by setting this # flag to True @@ -608,7 +702,7 @@ fileserver_backend: # Gitfs can be provided by one of two python modules: GitPython or pygit2. If # using pygit2, both libgit2 and git must also be installed. {{ get_config('gitfs_provider', 'gitpython') }} -# + # When using the git fileserver backend at least one git remote needs to be # defined. The user running the salt master will need read access to the repo. # @@ -646,7 +740,7 @@ gitfs_remotes: # keep in mind that setting this flag to anything other than the default of True # is a security concern, you may want to try using the ssh transport. {{ get_config('gitfs_ssl_verify', 'True') }} -# + # The gitfs_root option gives the ability to serve files from a subdirectory # within the repository. The path is defined relative to the root of the # repository and defaults to the repository root. @@ -676,7 +770,6 @@ gitfs_env_blacklist: # - feature/* {% endif %} - ##### Pillar settings ##### ########################################## # Salt Pillars allow for the building of global data that can be made selectively @@ -705,7 +798,7 @@ pillar_roots: # base: # - /srv/pillar {%- endif %} -# + {% if 'ext_pillar' in cfg_master %} ext_pillar: {%- for pillar in cfg_master['ext_pillar'] -%} @@ -718,7 +811,7 @@ ext_pillar: - {{ parameter }} {%- endfor -%} {%- elif pillar[key] is mapping and pillar[key] is not string %} - - {{ key }}: + - {{ key }}: {%- for parameter in pillar[key] %} {{ parameter }}: {{pillar[key][parameter]}} {%- endfor %} @@ -755,6 +848,13 @@ ext_pillar: # master config file that can then be used on minions. {{ get_config('pillar_opts', 'True') }} +# The pillar_safe_render_error option prevents the master from passing pillar +# render errors to the minion. This is set on by default because the error could +# contain templating data which would give that minion information it shouldn't +# have, like a password! When set true the error message will only show: +# Rendering SLS 'my.sls' failed. Please see master log for details. +{{ get_config('pillar_safe_render_error', 'True') }} + # The pillar_source_merging_strategy option allows you to configure merging strategy # between different sources. It accepts four values: recurse, aggregate, overwrite, # or smart. Recurse will merge recursively mapping of data. Aggregate instructs @@ -764,13 +864,18 @@ ext_pillar: # on the "renderer" setting and is the default value. {{ get_config('pillar_source_merging_strategy', 'smart') }} +# Recursively merge lists by aggregating them instead of replacing them. +{{ get_config('pillar_merge_lists', 'False') }} + + ##### Syndic settings ##### ########################################## # The Salt syndic is used to pass commands through a master from a higher -# master. Using the syndic is simple, if this is a master that will have -# syndic servers(s) below it set the "order_masters" setting to True, if this -# is a master that will be running a syndic daemon for passthrough the -# "syndic_master" setting needs to be set to the location of the master server +# master. Using the syndic is simple. If this is a master that will have +# syndic servers(s) below it, then set the "order_masters" setting to True. +# +# If this is a master that will be running a syndic daemon for passthrough, then +# the "syndic_master" setting needs to be set to the location of the master server # to receive commands from. # Set the order_masters setting to True if this master will command lower @@ -790,6 +895,7 @@ ext_pillar: # LOG file of the syndic daemon: {{ get_config('syndic_log_file', 'syndic.log') }} + ##### Peer Publish settings ##### ########################################## # Salt minions can send commands to other minions, but only if the minion is @@ -864,9 +970,8 @@ peer_run: {% endfor %} {% endif %} - ##### Mine settings ##### -########################################## +##################################### # Restrict mine.get access from minions. By default any minion has a full access # to get all mine data from master cache. In acl definion below, only pcre matches # are allowed. @@ -902,7 +1007,6 @@ mine_get: # - disk.* {%- endif %} - ##### Logging settings ##### ########################################## # The location of the master log file @@ -919,10 +1023,15 @@ mine_get: # The level of messages to send to the console. # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. +# +# The following log levels are considered INSECURE and may log sensitive data: +# ['garbage', 'trace', 'debug'] +# {{ get_config('log_level', 'warning') }} # The level of messages to send to the log file. # One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. +# If using 'log_granular_levels' this must be set to the highest desired level. {{ get_config('log_level_logfile', 'warning') }} # The date and time format used in log messages. Allowed date/time formating @@ -932,7 +1041,21 @@ mine_get: # The format of the console logging messages. Allowed formatting options can # be seen here: http://docs.python.org/library/logging.html#logrecord-attributes +# +# Console log colors are specified by these additional formatters: +# +# %(colorlevel)s +# %(colorname)s +# %(colorprocess)s +# %(colormsg)s +# +# Since it is desirable to include the surrounding brackets, '[' and ']', in +# the coloring of the messages, these color formatters also include padding as +# well. Color LogRecord attributes are only available for console logging. +# +{{ get_config('log_fmt_console', "'%(colorlevel)s %(colormsg)s'") }} {{ get_config('log_fmt_console', "'[%(levelname)-8s] %(message)s'") }} + {{ get_config('log_fmt_logfile', "'%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'") }} # This can be used to control logging levels more specificically. This @@ -956,8 +1079,7 @@ log_granular_levels: #log_granular_levels: {} {% endif %} - -##### Node Groups ##### +##### Node Groups ###### ########################################## # Node groups allow for logical groupings of minion nodes. A group consists of a group # name and a compound target. @@ -976,7 +1098,6 @@ nodegroups: {% endfor %} {% endif %} - ##### Range Cluster settings ##### ########################################## # The range server (and optional port) that serves your cluster information @@ -984,8 +1105,33 @@ nodegroups: # {{ get_config('range_server', 'range:80') }} -##### Windows Software Repo settings ##### -############################################## + +##### Windows Software Repo settings ##### +########################################### +# Location of the repo on the master: +{{ get_config('win_repo_dir_ng', '/srv/salt/win/repo-ng') }} + +# List of git repositories to include with the local repo: +{% if 'win_gitrepos_ng' in cfg_master %} +win_gitrepos_ng: + {% for repo in cfg_master['win_gitrepos_ng'] %} + - {{ repo }} + {% endfor %} +{% elif 'win_gitrepos_ng' in cfg_salt %} +win_gitrepos_ng: + {% for repo in cfg_salt['win_gitrepos_ng'] %} + - {{ repo }} + {% endfor %} +{% else %} +#winrepo_remotes_ng: +# - 'https://github.com/saltstack/salt-winrepo-ng.git' +{% endif %} + + +##### Windows Software Repo settings - Pre 2015.8 ##### +######################################################## +# Legacy repo settings for pre-2015.8 Windows minions. +# # Location of the repo on the master: {{ get_config('win_repo', '/srv/salt/win/repo') }} @@ -1004,7 +1150,7 @@ win_gitrepos: - {{ repo }} {% endfor %} {% else %} -#win_gitrepos: +#winrepo_remotes: # - 'https://github.com/saltstack/salt-winrepo.git' {% endif %} @@ -1012,6 +1158,13 @@ win_gitrepos: ############################################ # Which returner(s) will be used for minion's result: #return: mysql +{{ get_config('return', '')}} + + +###### Miscellaneous settings ###### +############################################ +# Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch +{{ get_config('event_match_type', 'startswith') }} {% if 'halite' in cfg_master %} ##### Halite ##### From a4c5b4f322054fa396c40c994fb52ae9cc532af8 Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Sat, 20 Feb 2016 23:25:06 +0100 Subject: [PATCH 076/146] update 2015.8.7 version config for the minion --- salt/files/minion.d/f_defaults.conf | 606 +++++++++++++++++++++++----- 1 file changed, 495 insertions(+), 111 deletions(-) diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index b435690..f09ebca 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -1,5 +1,6 @@ # This file managed by Salt, do not edit by hand!! -# Based on salt version 0.17.4 default config +# Based on salt version 2015.8.7 default config +# {% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] -%} {% set cfg_salt = pillar.get('salt', {}) -%} {% set cfg_minion = cfg_salt.get('minion', {}) -%} @@ -13,13 +14,22 @@ {%- endif -%} {%- endmacro -%} {%- from 'salt/formulas.jinja' import file_roots, formulas with context -%} + ##### Primary configuration settings ##### ########################################## +# This configuration file is used to manage the behavior of the Salt Minion. +# With the exception of the location of the Salt Master Server, values that are +# commented out but have an empty line after the comment are defaults that need +# not be set in the config. If there is no blank line after the comment, the +# value is presented as an example and is not the default. -# minion includes +# Per default the minion will automatically include all config files +# from minion.d/*.conf (minion.d is a directory in the same directory +# as the main minion config file). {{ get_config('default_include', 'minion.d/*.conf') }} -# master configs +# Set the location of the salt master server. If the master server cannot be +# resolved, then the minion will fail to start. {%- if 'master' in cfg_minion and cfg_minion['master'] is not string %} master: {% for name in cfg_minion['master'] -%} @@ -29,126 +39,294 @@ master: {{ get_config('master', 'salt') }} {%- endif %} -# choose a random master +# If multiple masters are specified in the 'master' setting, the default behavior +# is to always try to connect to them in the order they are listed. If random_master is +# set to True, the order will be randomized instead. This can be helpful in distributing +# the load of many minions executing salt-call requests, for example, from a cron job. +# If only one master is listed, this setting is ignored and a warning will be logged. +# NOTE: If master_type is set to failover, use master_shuffle instead. {{ get_config('random_master', 'False') }} -# use IPv6 +# Use if master_type is set to failover. +{{ get_config('master_shuffle', 'False') }} + +# Minions can connect to multiple masters simultaneously (all masters +# are "hot"), or can be configured to failover if a master becomes +# unavailable. Multiple hot masters are configured by setting this +# value to "str". Failover masters can be requested by setting +# to "failover". MAKE SURE TO SET master_alive_interval if you are +# using failover. +{{ get_config('master_type', 'str') }} + +# verify_master_pubkey_sign +{{ get_config('verify_master_pubkey_sign', 'False') }} + +# Poll interval in seconds for checking if the master is still there. Only +# respected if master_type above is "failover". To disable the interval entirely, +# set the value to -1. (This may be necessary on machines which have high numbers +# of TCP connections, such as load balancers.) +{{ get_config('master_alive_interval', '30') }} + +# Set whether the minion should connect to the master via IPv6: {{ get_config('ipv6', 'False') }} -# name resolution retries +# Set the number of seconds to wait before attempting to resolve +# the master hostname if name resolution fails. Defaults to 30 seconds. +# Set to zero if the minion should shutdown and not retry. {{ get_config('retry_dns', '30') }} -# master port +# Set the port used by the master reply and authentication server. {{ get_config('master_port', '4506') }} -# user to run salt. +# The user to run salt. {{ get_config('user', 'root') }} -# PID file +# Setting sudo_user will cause salt to run all execution modules under an sudo +# to the user given in sudo_user. The user under which the salt minion process +# itself runs will still be that provided in the user config above, but all +# execution modules run by the minion will be rerouted through sudo. +{{ get_config('sudo_user', 'saltdev') }} + +# Specify the location of the daemon process ID file. {{ get_config('pidfile', '/var/run/salt-minion.pid') }} -# root dir +# The root directory prepended to these options: pki_dir, cachedir, log_file, +# sock_dir, pidfile. {{ get_config('root_dir', '/') }} -# pki dir +# The directory to store the pki information in {{ get_config('pki_dir', '/etc/salt/pki/minion') }} -# minion id +# Explicitly declare the id for this minion to use, if left commented the id +# will be the hostname as returned by the python call: socket.getfqdn() +# Since salt uses detached ids it is possible to run multiple minions on the +# same machine but with different ids, this can be useful for salt compute +# clusters. {% if 'id' in cfg_minion -%} id: {{ cfg_minion['id'] }} {% else -%} #id: {%- endif %} -# domain name for hostnames +# Append a domain to a hostname in the event that it does not exist. This is +# useful for systems where socket.getfqdn() does not actually result in a +# FQDN (for instance, Solaris). {{ get_config('append_domain', '') }} -# custom grains +# Custom static grains for this minion can be specified here and used in SLS +# files just like all other grains. This example sets 4 custom grains, with +# the 'roles' grain having two values that can be matched against. +#grains: +# roles: +# - webserver +# - memcache +# deployment: datacenter4 +# cabinet: 13 +# cab_u: 14-15 {{ get_config('grains', '{}') }} -# cache location +# Where cache data goes. +# This data may contain sensitive data and should be protected accordingly. {{ get_config('cachedir', '/var/cache/salt/minion') }} -# environment verification +# Verify and set permissions on configuration directories at startup. {{ get_config('verify_env', 'True') }} -# cache executed jobs +# The minion can locally cache the return data from jobs sent to it, this +# can be a good way to keep track of jobs the minion has executed +# (on the minion side). By default this feature is disabled, to enable, set +# cache_jobs to True. {{ get_config('cache_jobs', 'False') }} -# unix socket location +# Set the directory used to hold unix sockets. {{ get_config('sock_dir', '/var/run/salt/minion') }} -# output formatter +# Set the default outputter used by the salt-call command. The default is +# "nested". {{ get_config('output', 'nested') }} -# output color + +# By default output is colored. To disable colored output, set the color value +# to False. {{ get_config('color', 'True') }} -# remove nested color + +# Do not strip off the colored output from nested results and state outputs +# (true by default). {{ get_config('strip_colors', 'False') }} -# backup modified files +# Backup files that are replaced by file.managed and file.recurse under +# 'cachedir'/file_backups relative to their original location and appended +# with a timestamp. The only valid setting is "minion". Disabled by default. +# +# Alternatively this can be specified for each file in state files: +# /etc/ssh/sshd_config: +# file.managed: +# - source: salt://ssh/sshd_config +# - backup: minion +# {{ get_config('backup_mode', 'minion') }} -# key acceptance time +# When waiting for a master to accept the minion's public key, salt will +# continuously attempt to reconnect until successful. This is the time, in +# seconds, between those reconnection attempts. {{ get_config('acceptance_wait_time', '10') }} -# maximum acceptance wait + +# If this is nonzero, the time between reconnection attempts will increase by +# acceptance_wait_time seconds per iteration, up to this maximum. If this is +# set to zero, the time between reconnection attempts will stay constant. {{ get_config('acceptance_wait_time_max', '0') }} -# retry key + +# If the master rejects the minion's public key, retry instead of exiting. +# Rejected keys will be handled the same as waiting on acceptance. {{ get_config('rejected_retry', 'False') }} -# time to wait for trying reauth + +# When the master key changes, the minion will try to re-auth itself to receive +# the new master key. In larger environments this can cause a SYN flood on the +# master because all minions try to re-auth immediately. To prevent this and +# have a minion wait for a random amount of time, use this optional parameter. +# The wait-time will be a random number of seconds between 0 and the defined value. {{ get_config('random_reauth_delay', '60') }} -# auth wait timeout + +# When waiting for a master to accept the minion's public key, salt will +# continuously attempt to reconnect until successful. This is the timeout value, +# in seconds, for each individual attempt. After this timeout expires, the minion +# will wait for acceptance_wait_time seconds before trying again. Unless your master +# is under unusually heavy load, this should be left at the default. {{ get_config('auth_timeout', '60') }} -# auth retries + +# Number of consecutive SaltReqTimeoutError that are acceptable when trying to +# authenticate. {{ get_config('auth_tries', '7') }} -# retry auth if ping failed + +# If authentication fails due to SaltReqTimeoutError during a ping_interval, +# cause sub minion process to restart. {{ get_config('auth_safemode', 'False') }} -# master ping interval +# Ping Master to ensure connection is alive (minutes). {{ get_config('ping_interval', '0') }} -# salt mine functions execution interval -{{ get_config('mine_interval', '60') }} +# To auto recover minions if master changes IP address (DDNS) +# auth_tries: 10 +# auth_safemode: False +# ping_interval: 90 +# +# Minions won't know master is missing until a ping fails. After the ping fail, +# the minion will attempt authentication and likely fails out and cause a restart. +# When the minion restarts it will resolve the masters IP and attempt to reconnect. -# mine functions -{%- if 'mine_functions' in cfg_minion %} -mine_functions: -{%- for func, args in cfg_minion['mine_functions'].items() %} - {{ func }}: {{ args }} -{%- endfor %} -{%- endif %} - -# reconnection parameters +# If you don't have any problems with syn-floods, don't bother with the +# three recon_* settings described below, just leave the defaults! +# +# The ZeroMQ pull-socket that binds to the masters publishing interface tries +# to reconnect immediately, if the socket is disconnected (for example if +# the master processes are restarted). In large setups this will have all +# minions reconnect immediately which might flood the master (the ZeroMQ-default +# is usually a 100ms delay). To prevent this, these three recon_* settings +# can be used. +# recon_default: the interval in milliseconds that the socket should wait before +# trying to reconnect to the master (1000ms = 1 second) +# +# recon_max: the maximum time a socket should wait. each interval the time to wait +# is calculated by doubling the previous time. if recon_max is reached, +# it starts again at recon_default. Short example: +# +# reconnect 1: the socket will wait 'recon_default' milliseconds +# reconnect 2: 'recon_default' * 2 +# reconnect 3: ('recon_default' * 2) * 2 +# reconnect 4: value from previous interval * 2 +# reconnect 5: value from previous interval * 2 +# reconnect x: if value >= recon_max, it starts again with recon_default +# +# recon_randomize: generate a random wait time on minion start. The wait time will +# be a random value between recon_default and recon_default + +# recon_max. Having all minions reconnect with the same recon_default +# and recon_max value kind of defeats the purpose of being able to +# change these settings. If all minions have the same values and your +# setup is quite large (several thousand minions), they will still +# flood the master. The desired behavior is to have timeframe within +# all minions try to reconnect. +# +# Example on how to use these settings. The goal: have all minions reconnect within a +# 60 second timeframe on a disconnect. +# recon_default: 1000 +# recon_max: 59000 +# recon_randomize: True +# +# Each minion will have a randomized reconnect value between 'recon_default' +# and 'recon_default + recon_max', which in this example means between 1000ms +# 60000ms (or between 1 and 60 seconds). The generated random-value will be +# doubled after each attempt to reconnect. Lets say the generated random +# value is 11 seconds (or 11000ms). +# reconnect 1: wait 11 seconds +# reconnect 2: wait 22 seconds +# reconnect 3: wait 33 seconds +# reconnect 4: wait 44 seconds +# reconnect 5: wait 55 seconds +# reconnect 6: wait time is bigger than 60 seconds (recon_default + recon_max) +# reconnect 7: wait 11 seconds +# reconnect 8: wait 22 seconds +# reconnect 9: wait 33 seconds +# reconnect x: etc. +# +# In a setup with ~6000 thousand hosts these settings would average the reconnects +# to about 100 per second and all hosts would be reconnected within 60 seconds. {{ get_config('recon_default', '100') }} {{ get_config('recon_max', '5000') }} {{ get_config('recon_randomize', 'False') }} -# minion scheduler interval +# The loop_interval sets how long in seconds the minion will wait between +# evaluating the scheduler and running cleanup tasks. This defaults to a +# sane 60 seconds, but if the minion scheduler needs to be evaluated more +# often lower this value {{ get_config('loop_interval', '60') }} -# grain refresh interval +# The grains_refresh_every setting allows for a minion to periodically check +# its grains to see if they have changed and, if so, to inform the master +# of the new grains. This operation is moderately expensive, therefore +# care should be taken not to set this value too low. +# +# Note: This value is expressed in __minutes__! +# +# A value of 10 minutes is a reasonable default. +# +# If the value is set to zero, this check is disabled. {{ get_config('grains_refresh_every', '1') }} -# cache grains in minion + +# Cache grains on the minion. Default is False. {{ get_config('grains_cache', 'False') }} -# grains cache expiration interval + +# Grains cache expiration, in seconds. If the cache file is older than this +# number of seconds then the grains cache will be dumped and fully re-populated +# with fresh data. Defaults to 5 minutes. Will have no effect if 'grains_cache' +# is not enabled. {{ get_config('grains_cache_expiration', '300') }} -# ipc method +# Windows platforms lack posix IPC and must rely on slower TCP based inter- +# process communications. Set ipc_mode to 'tcp' on such systems {{ get_config('ipc_mode', 'ipc') }} -# ipc tcp ports + +# Overwrite the default tcp ports used by the minion when in tcp mode {{ get_config('tcp_pub_port', '4510') }} {{ get_config('tcp_pull_port', '4511') }} -# max event size in minion bus +# Passing very large events can cause the minion to consume large amounts of +# memory. This value tunes the maximum size of a message allowed onto the +# minion event bus. The value is expressed in bytes. {{ get_config('max_event_size', '1048576') }} -# master check alive interval +# To detect failed master(s) and fire events on connect/disconnect, set +# master_alive_interval to the number of seconds to poll the masters for +# connection events. +# {{ get_config('master_alive_interval', '30') }} -# verify_master_pubkey_sign -{{ get_config('verify_master_pubkey_sign', 'False') }} -{{ get_config('master_type', 'str') }} - -# include extra config +# The minion can include configuration from other files. To enable this, +# pass a list of paths to this option. The paths can be either relative or +# absolute; if relative, they are considered to be relative to the directory +# the main minion configuration file lives in (this file). Paths can make use +# of shell-style globbing. If no files are matched by a path passed to this +# option then the minion will log a warning message. +# +# Include a config file from some other path: {% if 'include' in cfg_minion -%} {% if isinstance(cfg_minion['include'], list) -%} include: @@ -169,58 +347,133 @@ mine_functions: {% endif -%} {% endif -%} - ##### Minion module management ##### ########################################## -# disable modules +# Disable specific modules. This allows the admin to limit the level of +# access the master has to the minion. {{ get_config('disable_modules', '[cmd,test]') }} {{ get_config('disable_returners', '[]') }} -# -# minion modules search paths + +# Modules can be loaded from arbitrary paths. This enables the easy deployment +# of third party modules. Modules for returners and minions can be loaded. +# Specify a list of extra directories to search for minion modules and +# returners. These paths must be fully qualified! {{ get_config('module_dirs', '[]') }} {{ get_config('returner_dirs', '[]') }} {{ get_config('states_dirs', '[]') }} {{ get_config('render_dirs', '[]') }} {{ get_config('utils_dirs', '[]') }} -# module overrides -{{ get_config('providers', '{}') }} -# enable cython modules -{{ get_config('cython_enable', 'False') }} -# max module size -{{ get_config('modules_max_memory', '-1') }} +# A module provider can be statically overwritten or extended for the minion +# via the providers option, in this case the default module will be +# overwritten by the specified module. In this example the pkg module will +# be provided by the yumpkg5 module instead of the system default. +#providers: +# pkg: yumpkg5 +{{ get_config('providers', '{}') }} + +# Enable Cython modules searching and loading. (Default: False) +{{ get_config('cython_enable', 'False') }} + +# Specify a max size (in bytes) for modules on import. This feature is currently +# only supported on *nix operating systems and requires psutil. +{{ get_config('modules_max_memory', '-1') }} ##### State Management Settings ##### ########################################### -# renderer selection +# The state management system executes all of the state templates on the minion +# to enable more granular control of system state management. The type of +# template and serialization used for state management needs to be configured +# on the minion, the default renderer is yaml_jinja. This is a yaml file +# rendered from a jinja template, the available options are: +# yaml_jinja +# yaml_mako +# yaml_wempy +# json_jinja +# json_mako +# json_wempy +# {{ get_config('renderer', 'yaml_jinja') }} -# fail on first failure + +# The failhard option tells the minions to stop immediately after the first +# failure detected in the state execution. Defaults to False. {{ get_config('failhard', 'False') }} -# auto reload dynamic modules + +# Reload the modules prior to a highstate run. {{ get_config('autoload_dynamic_modules', 'True') }} -# sync dynamic modules with deletion + +# clean_dynamic_modules keeps the dynamic modules on the minion in sync with +# the dynamic modules on the master, this means that if a dynamic module is +# not on the master it will be deleted from the minion. By default, this is +# enabled and can be disabled by changing this value to False. {{ get_config('clean_dynamic_modules', 'True') }} -# minion accepted environment + +# Normally, the minion is not isolated to any single environment on the master +# when running states, but the environment can be isolated on the minion side +# by statically setting it. Remember that the recommended way to manage +# environments is to isolate via the top file. {{ get_config('environment', 'None') }} -# top state file + +# If using the local file directory, then the state top file name needs to be +# defined, by default this is top.sls. {{ get_config('state_top', 'top.sls') }} -# states to run in minion daemon + +# Run states when the minion daemon starts. To enable, set startup_states to: +# 'highstate' -- Execute state.highstate +# 'sls' -- Read in the sls_list option and execute the named sls files +# 'top' -- Read top_file option and execute based on that file on the Master {{ get_config('startup_states', "''") }} -# sls states to run + +# List of states to run when the minion starts up if startup_states is 'sls': +#sls_list: +# - edit.vim +# - hyper {{ get_config('sls_list', '[]') }} -# top file to run + +# Top file to execute if startup_states is 'top': {{ get_config('top_file', "''") }} +# Automatically aggregate all states that have support for mod_aggregate by +# setting to True. Or pass a list of state module names to automatically +# aggregate just those types. +# +# state_aggregate: +# - pkg +# +#state_aggregate: False +{{ get_config('state_aggregate', '{}') }} + ##### File Directory Settings ##### ########################################## -# file client location +# The Salt Minion can redirect all file server operations to a local directory, +# this allows for the same state tree that is on the master to be used if +# copied completely onto the minion. This is a literal copy of the settings on +# the master but used to reference a local directory on the minion. + +# Set the file client. The client defaults to looking on the master server for +# files, but can be directed to look at the local file directory setting +# defined below by setting it to "local". Setting a local file_client runs the +# minion in masterless mode. {%- if standalone %} file_client: local {%- else %} {{ get_config('file_client', 'remote') }} {%- endif %} -# environment file roots +# The file directory works on environments passed to the minion, each environment +# can have multiple root directories, the subdirectories in the multiple file +# roots cannot match, otherwise the downloaded files will not be able to be +# reliably ensured. A base environment is required to house the top file. +# Example: +# file_roots: +# base: +# - /srv/salt/ +# dev: +# - /srv/salt/dev/services +# - /srv/salt/dev/states +# prod: +# - /srv/salt/prod/services +# - /srv/salt/prod/states {% if 'file_roots' in cfg_minion -%} {{ file_roots(cfg_minion['file_roots']) }} {%- elif 'file_roots' in cfg_salt -%} @@ -229,9 +482,22 @@ file_client: local {{ file_roots({'base': ['/srv/salt']}) }} {%- endif %} -# limit fileserver traversal +# By default, the Salt fileserver recurses fully into all defined environments +# to attempt to find files. To limit this behavior so that the fileserver only +# traverses directories with SLS files and special Salt directories like _modules, +# enable the option below. This might be useful for installations where a file root +# has a very large number of files and performance is negatively impacted. Default +# is False. {{ get_config('fileserver_limit_traversal', 'False') }} +# The hash_type is the hash to use when discovering the hash of a file in +# the local fileserver. The default is md5, but sha1, sha224, sha256, sha384 +# and sha512 are also supported. +# +# Warning: Prior to changing this value, the minion should be stopped and all +# Salt caches should be cleared. +{{ get_config('hash_type', 'md5') }} + # gitfs provider {{ get_config('gitfs_provider', 'pygit2') }} # gitfs remotes @@ -257,10 +523,9 @@ gitfs_remotes: # gitfs root dir {{ get_config('gitfs_root', 'somefolder/otherfolder') }} -# file hash method -{{ get_config('hash_type', 'md5') }} - -# pillar roots +# The Salt pillar is searched for locally if file_client is set to local. If +# this is the case, and pillar data is defined, then the pillar_roots need to +# also be configured on the minion: {% if 'pillar_roots' in cfg_minion -%} pillar_roots: {%- for name, roots in cfg_minion['pillar_roots']|dictsort %} @@ -282,86 +547,205 @@ pillar_roots: ###### Security settings ##### ########################################### -# disable authentication +# Enable "open mode", this mode still maintains encryption, but turns off +# authentication, this is only intended for highly secure environments or for +# the situation where your keys end up in a bad state. If you run in open mode +# you do so at your own risk! {{ get_config('open_mode', 'False') }} -# allow access to pki dir + +# Enable permissive access to the salt keys. This allows you to run the +# master or minion as root, but have a non-root group be given access to +# your pki_dir. To make the access explicit, root must belong to the group +# you've given access to. This is potentially quite insecure. {{ get_config('permissive_pki_access', 'False') }} -# print verbose changes +# The state_verbose and state_output settings can be used to change the way +# state system data is printed to the display. By default all data is printed. +# The state_verbose setting can be set to True or False, when set to False +# all data that has a result of True and no changes will be suppressed. {{ get_config('state_verbose', 'True') }} -# multi line output + +# The state_output setting changes if the output is the full multi line +# output for each changed state if set to 'full', but if set to 'terse' +# the output will be shortened to a single line. {{ get_config('state_output', 'full') }} -# output diff + +# The state_output_diff setting changes whether or not the output from +# successful states is returned. Useful when even the terse output of these +# states is cluttering the logs. Set it to True to ignore them. {{ get_config('state_output_diff', 'False') }} -# master fingerprint +# The state_output_profile setting changes whether profile information +# will be shown for each state run. +{{ get_config('state_output_profile', 'True') }} + +# Fingerprint of the master public key to validate the identity of your Salt master +# before the initial key exchange. The master fingerprint can be found by running +# "salt-key -F master" on the Salt master. {{ get_config('master_finger', "''") }} + ###### Thread settings ##### ########################################### -# enable multiprocessing +# Disable multiprocessing support, by default when a minion receives a +# publication a new process is spawned and the command is executed therein. {{ get_config('multiprocessing', 'True') }} ##### Logging settings ##### ########################################## -# log file and log lock file location +# The location of the minion log file +# The minion log can be sent to a regular file, local path name, or network +# location. Remote logging works best when configured to use rsyslogd(8) (e.g.: +# ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI +# format is: ://:/ +#log_file: /var/log/salt/minion +#log_file: file:///dev/log +#log_file: udp://loghost:10514 +# {{ get_config('log_file', '/var/log/salt/minion') }} {{ get_config('key_logfile', ' /var/log/salt/key') }} -# console log level +# The level of messages to send to the console. +# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. +# +# The following log levels are considered INSECURE and may log sensitive data: +# ['garbage', 'trace', 'debug'] +# +# Default: 'warning' {{ get_config('log_level', 'warning') }} -# logfile log level + +# The level of messages to send to the log file. +# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'. +# If using 'log_granular_levels' this must be set to the highest desired level. +# Default: 'warning' {{ get_config('log_level_logfile', '') }} -# datetime format for console and logfile +# The date and time format used in log messages. Allowed date/time formating +# can be seen here: http://docs.python.org/library/time.html#time.strftime {{ get_config('log_datefmt', "'%H:%M:%S'") }} {{ get_config('log_datefmt_logfile', "'%Y-%m-%d %H:%M:%S'") }} -# log format for console and logfiles +# The format of the console logging messages. Allowed formatting options can +# be seen here: http://docs.python.org/library/logging.html#logrecord-attributes +# +# Console log colors are specified by these additional formatters: +# +# %(colorlevel)s +# %(colorname)s +# %(colorprocess)s +# %(colormsg)s +# +# Since it is desirable to include the surrounding brackets, '[' and ']', in +# the coloring of the messages, these color formatters also include padding as +# well. Color LogRecord attributes are only available for console logging. +# +{{ get_config('log_fmt_console', "'%(colorlevel)s %(colormsg)s'") }} {{ get_config('log_fmt_console', "'[%(levelname)-8s] %(message)s'") }} +# {{ get_config('log_fmt_logfile', "'%(asctime)s,%(msecs)03.0f [%(name)-17s][%(levelname)-8s] %(message)s'") }} -# log particular modules +# This can be used to control logging levels more specificically. This +# example sets the main salt library at the 'warning' level, but sets +# 'salt.modules' to log at the 'debug' level: +# log_granular_levels: +# 'salt': 'warning' +# 'salt.modules': 'debug' +# {{ get_config('log_granular_levels', '{}') }} +# To diagnose issues with minions disconnecting or missing returns, ZeroMQ +# supports the use of monitor sockets to log connection events. This +# feature requires ZeroMQ 4.0 or higher. +# +# To enable ZeroMQ monitor sockets, set 'zmq_monitor' to 'True' and log at a +# debug level or higher. +# +# A sample log event is as follows: +# +# [DEBUG ] ZeroMQ event: {'endpoint': 'tcp://127.0.0.1:4505', 'event': 512, +# 'value': 27, 'description': 'EVENT_DISCONNECTED'} +# +# All events logged will include the string 'ZeroMQ event'. A connection event +# should be logged as the minion starts up and initially connects to the +# master. If not, check for debug log level and that the necessary version of +# ZeroMQ is installed. +# +{{ get_config('zmq_monitor', 'False') }} ###### Module configuration ##### ########################################### -# module parameters -{%- if 'module_config' in cfg_minion %} -{%- for modkey, modval in cfg_minion.module_config.items() %} -{{ modkey }}: {{ modval }} -{%- endfor %} -{%- endif %} - +# Salt allows for modules to be passed arbitrary configuration data, any data +# passed here in valid yaml format will be passed on to the salt minion modules +# for use. It is STRONGLY recommended that a naming convention be used in which +# the module name is followed by a . and then the value. Also, all top level +# data must be applied via the yaml dict construct, some examples: +# +# You can specify that all modules should run in test mode: +{{ get_config('test', 'True') }} +# A simple value for the test module: +#test.foo: foo +# +# A list for the test module: +#test.bar: [baz,quo] +# +# A dict for the test module: +#test.baz: {spam: sausage, cheese: bread} +# +# ###### Update settings ###### ########################################### -# update url +# Using the features in Esky, a salt minion can both run as a frozen app and +# be updated on the fly. These options control how the update process +# (saltutil.update()) behaves. +# +# The url for finding and downloading updates. Disabled by default. {{ get_config('update_url', 'False') }} -# services to restart after update +# +# The list of services to restart after a successful update. Empty by default. {{ get_config('update_restart_services', '[]') }} ###### Keepalive settings ###### ############################################ -# use tcp keepalive +# ZeroMQ now includes support for configuring SO_KEEPALIVE if supported by +# the OS. If connections between the minion and the master pass through +# a state tracking device such as a firewall or VPN gateway, there is +# the risk that it could tear down the connection the master and minion +# without informing either party that their connection has been taken away. +# Enabling TCP Keepalives prevents this from happening. + +# Overall state of TCP Keepalives, enable (1 or True), disable (0 or False) +# or leave to the OS defaults (-1), on Linux, typically disabled. Default True, enabled. {{ get_config('tcp_keepalive', 'True') }} -# first keepalive from idle + +# How long before the first keepalive should be sent in seconds. Default 300 +# to send the first keepalive after 5 minutes, OS default (-1) is typically 7200 seconds +# on Linux see /proc/sys/net/ipv4/tcp_keepalive_time. {{ get_config('tcp_keepalive_idle', '300') }} -# keepalive number for connection lost + +# How many lost probes are needed to consider the connection lost. Default -1 +# to use OS defaults, typically 9 on Linux, see /proc/sys/net/ipv4/tcp_keepalive_probes. {{ get_config('tcp_keepalive_cnt', '-1') }} -# keepalive interval + +# How often, in seconds, to send keepalives after the first one. Default -1 to +# use OS defaults, typically 75 seconds on Linux, see +# /proc/sys/net/ipv4/tcp_keepalive_intvl. {{ get_config('tcp_keepalive_intvl', '-1') }} - -###### Windows Software settings ###### +###### Windows Software settings ###### ############################################ -# windows repo cache +# Location of the repository cache file on the master: {{ get_config('win_repo_cachefile', 'salt://win/repo/winrepo.p') }} -###### Returner settings ###### +###### Returner settings ###### ############################################ -# default returner +# Which returner(s) will be used for minion's result: {{ get_config('return', '') }} + +###### Miscellaneous settings ###### +############################################ +# Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch +#event_match_type: startswith +{{ get_config('event_match_type', 'startswith') }} From 7474d4239d42160a513c5e647884f413cd6ad430 Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Fri, 4 Mar 2016 11:27:45 +0000 Subject: [PATCH 077/146] Fix Windows repo settings using values from 2015.8 documentation --- salt/files/master.d/f_defaults.conf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index c183514..50db276 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -1109,17 +1109,17 @@ nodegroups: ##### Windows Software Repo settings ##### ########################################### # Location of the repo on the master: -{{ get_config('win_repo_dir_ng', '/srv/salt/win/repo-ng') }} +{{ get_config('winrepo_dir_ng', '/srv/salt/win/repo-ng') }} # List of git repositories to include with the local repo: -{% if 'win_gitrepos_ng' in cfg_master %} -win_gitrepos_ng: - {% for repo in cfg_master['win_gitrepos_ng'] %} +{% if 'winrepo_remotes_ng' in cfg_master %} +winrepo_remotes_ng: + {% for repo in cfg_master['winrepo_remotes_ng'] %} - {{ repo }} {% endfor %} -{% elif 'win_gitrepos_ng' in cfg_salt %} -win_gitrepos_ng: - {% for repo in cfg_salt['win_gitrepos_ng'] %} +{% elif 'winrepo_remotes_ng' in cfg_salt %} +winrepo_remotes_ng: + {% for repo in cfg_salt['winrepo_remotes_ng'] %} - {{ repo }} {% endfor %} {% else %} From c4e116ee8f07fddbbca44b32799fcf7612d8731f Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Fri, 4 Mar 2016 11:30:19 +0000 Subject: [PATCH 078/146] Provide Windows repo settings: 2015.8+ master used for pre-2015.8 minions --- salt/files/master.d/f_defaults.conf | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 50db276..8181e25 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -1108,6 +1108,8 @@ nodegroups: ##### Windows Software Repo settings ##### ########################################### +# Repo settings for 2015.8+ master used with 2015.8+ Windows minions +# # Location of the repo on the master: {{ get_config('winrepo_dir_ng', '/srv/salt/win/repo-ng') }} @@ -1127,6 +1129,29 @@ winrepo_remotes_ng: # - 'https://github.com/saltstack/salt-winrepo-ng.git' {% endif %} +# Repo settings for 2015.8+ master used with pre-2015.8 Windows minions +# +# Location of the repo on the master: +{{ get_config('winrepo_dir', '/srv/salt/win/repo') }} + +# Location of the master's repo cache file: +{{ get_config('winrepo_cachefile', 'winrepo.p') }} + +# List of git repositories to include with the local repo: +{% if 'winrepo_remotes' in cfg_master %} +winrepo_remotes: + {% for repo in cfg_master['winrepo_remotes'] %} + - {{ repo }} + {% endfor %} +{% elif 'winrepo_remotes' in cfg_salt %} +winrepo_remotes: + {% for repo in cfg_salt['winrepo_remotes'] %} + - {{ repo }} + {% endfor %} +{% else %} +#winrepo_remotes: +# - 'https://github.com/saltstack/salt-winrepo.git' +{% endif %} ##### Windows Software Repo settings - Pre 2015.8 ##### ######################################################## From 7f36259614125ef7c6ff40e66f41e003bf05875d Mon Sep 17 00:00:00 2001 From: Imran Iqbal Date: Fri, 4 Mar 2016 11:36:16 +0000 Subject: [PATCH 079/146] Remove excessive blank lines rendered after "Miscellaneous settings" --- salt/files/master.d/f_defaults.conf | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 8181e25..0f35b2a 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -1186,49 +1186,49 @@ win_gitrepos: {{ get_config('return', '')}} -###### Miscellaneous settings ###### +###### Miscellaneous settings ###### ############################################ # Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch {{ get_config('event_match_type', 'startswith') }} -{% if 'halite' in cfg_master %} +{%- if 'halite' in cfg_master %} ##### Halite ##### ########################################## halite: - {% for name, value in cfg_master['halite'].items() %} + {%- for name, value in cfg_master['halite'].items() %} {{ name }}: {{ value }} - {% endfor %} -{% endif %} + {%- endfor %} +{%- endif %} -{% if 'rest_cherrypy' in cfg_master %} +{%- if 'rest_cherrypy' in cfg_master %} ##### rest_cherrypy ##### ########################################## rest_cherrypy: - {% for name, value in cfg_master['rest_cherrypy'].items() %} + {%- for name, value in cfg_master['rest_cherrypy'].items() %} {{ name }}: {{ value }} {%- endfor %} {%- endif %} -{% if 'rest_tornado' in cfg_master %} +{%- if 'rest_tornado' in cfg_master %} ##### rest_tornado ##### ########################################### rest_tornado: - {% for name, value in cfg_master['rest_tornado'].items() %} + {%- for name, value in cfg_master['rest_tornado'].items() %} {{ name }}: {{ value }} {%- endfor %} {%- endif %} -{% if 'presence_events' in cfg_master %} +{%- if 'presence_events' in cfg_master %} ##### presence events ##### ########################################## {{ get_config('presence_events', 'False') }} -{% endif %} +{%- endif %} -{% if 'consul_config' in cfg_master %} +{%- if 'consul_config' in cfg_master %} ##### consul_config ##### ########################################## consul_config: - {% for name, value in cfg_master['consul_config'].items() %} + {%- for name, value in cfg_master['consul_config'].items() %} {{ name }}: {{ value }} {%- endfor %} {%- endif %} From c7552b6d0a00bcae19b4de27469c039cd7f825ab Mon Sep 17 00:00:00 2001 From: Seth Miller Date: Tue, 22 Mar 2016 20:15:44 -0500 Subject: [PATCH 080/146] Add Windows support to map.jinja This adds some minimal support for Windows minions. --- salt/map.jinja | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/salt/map.jinja b/salt/map.jinja index 37e2f24..2753a7d 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -74,6 +74,11 @@ that differ from whats in defaults.yaml 'api_service': 'salt_api', 'syndic_service': 'salt_syndic', }, + 'Windows': { + 'salt_minion': 'saltstack.minion', + 'config_path': 'C:\salt\conf', + 'minion_service': 'salt-minion', + }, }, grain="os_family", merge=salt['pillar.get']('salt:lookup')) %} From e97822a0d5ba73ab884d1355b45d6afefc45f24c Mon Sep 17 00:00:00 2001 From: "a.genus" Date: Fri, 25 Mar 2016 16:57:06 +0300 Subject: [PATCH 081/146] Take mine_functions back --- salt/files/minion.d/f_defaults.conf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index f09ebca..9c65ce3 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -204,6 +204,14 @@ id: {{ cfg_minion['id'] }} # Ping Master to ensure connection is alive (minutes). {{ get_config('ping_interval', '0') }} +{%- if 'mine_functions' in cfg_minion %} +mine_functions: +{%- for func, args in cfg_minion['mine_functions'].items() %} + {{ func }}: {{ args }} +{%- endfor %} +{%- endif %} + + # To auto recover minions if master changes IP address (DDNS) # auth_tries: 10 # auth_safemode: False From 398d71d392b1b1cbcc31cb35ce7f2503ee00bb7c Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Sun, 27 Mar 2016 12:36:48 +0200 Subject: [PATCH 082/146] add formula file --- FORMULA | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 FORMULA diff --git a/FORMULA b/FORMULA new file mode 100644 index 0000000..40d1c79 --- /dev/null +++ b/FORMULA @@ -0,0 +1,8 @@ +name: salt +os: Debian, Redhat, Suse, Arch, Gentoo, FreeBSD, Windows +os_family: Debian, Redhat, Suse, Arch, Gentoo, FreeBSD, Windows +version: 201603 +release: 1 +minimum_version: 2015.8 +summary: Formula for install Saltstack +description: Formula for installing Saltstack From 001b034eb5ff66f50f0d609b8e38bd7562f8b98d Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Tue, 29 Mar 2016 13:28:47 -0400 Subject: [PATCH 083/146] Replace absolute config pathname prefixes with the config_path variable --- salt/cloud.sls | 6 +++--- salt/files/cloud.providers.d/ec2.conf | 9 +++++---- salt/files/cloud.providers.d/gce.conf | 3 ++- salt/master.sls | 2 +- salt/minion.sls | 2 +- salt/standalone.sls | 2 +- 6 files changed, 13 insertions(+), 11 deletions(-) diff --git a/salt/cloud.sls b/salt/cloud.sls index 251f07e..fec735e 100644 --- a/salt/cloud.sls +++ b/salt/cloud.sls @@ -36,7 +36,7 @@ salt-cloud: {% for type in ['pem'] %} cloud-cert-{{ cert }}-pem: file.managed: - - name: /etc/salt/pki/cloud/{{ cert }}.pem + - name: {{ salt_settings.config_path }}/pki/cloud/{{ cert }}.pem - source: salt://{{ slspath }}/files/key - template: jinja - user: root @@ -52,7 +52,7 @@ cloud-cert-{{ cert }}-pem: {%- for dir, templ_path in salt_settings.cloud.template_sources.items() %} salt-cloud-{{ dir }}: file.recurse: - - name: /etc/salt/cloud.{{ dir }}.d + - name: {{ salt_settings.config_path }}/cloud.{{ dir }}.d - source: {{ templ_path }} - template: jinja - makedirs: True @@ -60,7 +60,7 @@ salt-cloud-{{ dir }}: salt-cloud-providers-permissions: file.directory: - - name: /etc/salt/cloud.providers.d + - name: {{ salt_settings.config_path }}/cloud.providers.d - user: root - group: root - file_mode: 600 diff --git a/salt/files/cloud.providers.d/ec2.conf b/salt/files/cloud.providers.d/ec2.conf index 5cb7e05..990a476 100644 --- a/salt/files/cloud.providers.d/ec2.conf +++ b/salt/files/cloud.providers.d/ec2.conf @@ -1,6 +1,7 @@ # This file managed by Salt, do not edit by hand!! -{% set cloud = salt['pillar.get']('salt:cloud', {}) -%} -{% if 'aws_key' in cloud %} +{%- from "salt/map.jinja" import salt_settings with context -%} +{%- set cloud = salt['pillar.get']('salt:cloud', {}) -%} +{%- if 'aws_key' in cloud %} ec2_ubuntu_public: minion: master: {{ cloud.get('master', 'salt') }} @@ -9,10 +10,10 @@ ec2_ubuntu_public: ssh_interface: public_ips id: {{ cloud.get('aws_key', 'DEFAULT') }} key: '{{ cloud.get('aws_secret', 'DEFAULT') }}' - private_key: /etc/salt/pki/cloud/ec2.pem + private_key: {{ salt_settings.config_path }}/pki/cloud/ec2.pem keyname: keyname location: eu-west-1 availability_zone: eu-west-1a ssh_username: ubuntu provider: ec2 -{% endif %} +{%- endif %} diff --git a/salt/files/cloud.providers.d/gce.conf b/salt/files/cloud.providers.d/gce.conf index d963143..4a8d762 100644 --- a/salt/files/cloud.providers.d/gce.conf +++ b/salt/files/cloud.providers.d/gce.conf @@ -1,10 +1,11 @@ # This file managed by Salt, do not edit by hand!! +{%- from "salt/map.jinja" import salt_settings with context -%} {%- set cloud = salt['pillar.get']('salt:cloud', {}) -%} {%- if 'gce_project' in cloud %} gce: project: "{{ cloud.get('gce_project', 'DEFAULT') }}" service_account_email_address: "{{ cloud.get('gce_service_account_email_address', 'DEFAULT') }}" - service_account_private_key: "/etc/salt/pki/cloud/gce.pem" + service_account_private_key: "{{ salt_settings.config_path }}/pki/cloud/gce.pem" minion: master: {{ cloud.get('master', 'salt') }} grains: diff --git a/salt/master.sls b/salt/master.sls index 1e29e23..3352353 100644 --- a/salt/master.sls +++ b/salt/master.sls @@ -24,4 +24,4 @@ salt-master: # clean up old _defaults.conf file if they have it around remove-old-master-conf-file: file.absent: - - name: /etc/salt/master.d/_defaults.conf + - name: {{ salt_settings.config_path }}/master.d/_defaults.conf diff --git a/salt/minion.sls b/salt/minion.sls index f682a62..2097abe 100644 --- a/salt/minion.sls +++ b/salt/minion.sls @@ -26,4 +26,4 @@ salt-minion: # clean up old _defaults.conf file if they have it around remove-old-minion-conf-file: file.absent: - - name: /etc/salt/minion.d/_defaults.conf + - name: {{ salt_settings.config_path }}/minion.d/_defaults.conf diff --git a/salt/standalone.sls b/salt/standalone.sls index 4bc3770..e98a58c 100644 --- a/salt/standalone.sls +++ b/salt/standalone.sls @@ -25,4 +25,4 @@ salt-minion: # clean up old _defaults.conf file if they have it around remove-old-standalone-conf-file: file.absent: - - name: /etc/salt/minion.d/_defaults.conf + - name: {{ salt_settings.config_path }}/minion.d/_defaults.conf From abe9b91e66d0ea610f3167c1e47927a982293cf0 Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Tue, 29 Mar 2016 13:36:46 -0400 Subject: [PATCH 084/146] Replace reference to slspath with the complete URL of the source file Without this change, importing map.jinja in config files (as opposed to SLS files) causes a rendering error because `slspath` isn't defined. The `salt_settings.key_url` variable gets used only in `salt/pkgrepo/debian/init.sls`. --- salt/map.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/map.jinja b/salt/map.jinja index 2753a7d..368b5e6 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -11,7 +11,7 @@ that differ from whats in defaults.yaml {% set os_family_map = salt['grains.filter_by']({ 'Debian': { 'pkgrepo': 'deb http://debian.saltstack.com/debian ' + salt['grains.get']('oscodename') + '-saltstack main', - 'key_url': 'salt://' + slspath + '/saltstack.gpg', + 'key_url': 'salt://salt/pkgrepo/debian/saltstack.gpg', 'libgit2': 'libgit2-22', 'gitfs': { 'pygit2': { From c4208bb66155b0aeea8fae50af5dea5e4fb95ab2 Mon Sep 17 00:00:00 2001 From: John Galt Date: Thu, 31 Mar 2016 19:39:55 -0700 Subject: [PATCH 085/146] Renamed "provider" to "driver" --- salt/files/cloud.providers.d/ec2.conf | 2 +- salt/files/cloud.providers.d/gce.conf | 2 +- salt/files/cloud.providers.d/rsos.conf | 2 +- salt/files/cloud.providers.d/saltify.conf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/files/cloud.providers.d/ec2.conf b/salt/files/cloud.providers.d/ec2.conf index 990a476..003fa5b 100644 --- a/salt/files/cloud.providers.d/ec2.conf +++ b/salt/files/cloud.providers.d/ec2.conf @@ -15,5 +15,5 @@ ec2_ubuntu_public: location: eu-west-1 availability_zone: eu-west-1a ssh_username: ubuntu - provider: ec2 + driver: ec2 {%- endif %} diff --git a/salt/files/cloud.providers.d/gce.conf b/salt/files/cloud.providers.d/gce.conf index 4a8d762..5a409e8 100644 --- a/salt/files/cloud.providers.d/gce.conf +++ b/salt/files/cloud.providers.d/gce.conf @@ -10,5 +10,5 @@ gce: master: {{ cloud.get('master', 'salt') }} grains: test: True - provider: gce + driver: gce {%- endif %} diff --git a/salt/files/cloud.providers.d/rsos.conf b/salt/files/cloud.providers.d/rsos.conf index 4bd41f1..801717d 100644 --- a/salt/files/cloud.providers.d/rsos.conf +++ b/salt/files/cloud.providers.d/rsos.conf @@ -14,7 +14,7 @@ rsos_{{ region|lower }}: compute_name: cloudServersOpenStack protocol: ipv4 compute_region: {{ region }} - provider: openstack + driver: openstack user: {{ cloud.get('rsos_user', 'DEFAULT') }} tenant: {{ cloud.get('rsos_tenant', 'DEFAULT') }} apikey: {{ cloud.get('rsos_apikey', 'DEFAULT') }} diff --git a/salt/files/cloud.providers.d/saltify.conf b/salt/files/cloud.providers.d/saltify.conf index 97cc2d5..23e4dae 100644 --- a/salt/files/cloud.providers.d/saltify.conf +++ b/salt/files/cloud.providers.d/saltify.conf @@ -3,6 +3,6 @@ {% set cloud = salt['pillar.get']('salt:cloud', {}) -%} saltify: - provider: saltify + driver: saltify minion: master: {{ cloud.get('master', 'salt') }} From e26b805279dda14218aed3b132c64e3863193700 Mon Sep 17 00:00:00 2001 From: John Galt Date: Thu, 31 Mar 2016 23:17:35 -0700 Subject: [PATCH 086/146] Added version check for provider/driver backwards compatibility --- salt/files/cloud.providers.d/ec2.conf | 4 ++++ salt/files/cloud.providers.d/gce.conf | 4 ++++ salt/files/cloud.providers.d/rsos.conf | 4 ++++ salt/files/cloud.providers.d/saltify.conf | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/salt/files/cloud.providers.d/ec2.conf b/salt/files/cloud.providers.d/ec2.conf index 003fa5b..1413166 100644 --- a/salt/files/cloud.providers.d/ec2.conf +++ b/salt/files/cloud.providers.d/ec2.conf @@ -15,5 +15,9 @@ ec2_ubuntu_public: location: eu-west-1 availability_zone: eu-west-1a ssh_username: ubuntu + {%- if grains.saltversioninfo[0] >= 2016 or (grains.saltversioninfo[0] >= 2015 and grains.saltversioninfo[1] >= 8) %} driver: ec2 + {%- else %} + provider: ec2 + {%- endif %} {%- endif %} diff --git a/salt/files/cloud.providers.d/gce.conf b/salt/files/cloud.providers.d/gce.conf index 5a409e8..57278ee 100644 --- a/salt/files/cloud.providers.d/gce.conf +++ b/salt/files/cloud.providers.d/gce.conf @@ -10,5 +10,9 @@ gce: master: {{ cloud.get('master', 'salt') }} grains: test: True + {%- if grains.saltversioninfo[0] >= 2016 or (grains.saltversioninfo[0] >= 2015 and grains.saltversioninfo[1] >= 8) %} driver: gce + {%- else %} + provider: gce + {%- endif %} {%- endif %} diff --git a/salt/files/cloud.providers.d/rsos.conf b/salt/files/cloud.providers.d/rsos.conf index 801717d..3734e36 100644 --- a/salt/files/cloud.providers.d/rsos.conf +++ b/salt/files/cloud.providers.d/rsos.conf @@ -14,7 +14,11 @@ rsos_{{ region|lower }}: compute_name: cloudServersOpenStack protocol: ipv4 compute_region: {{ region }} + {%- if grains.saltversioninfo[0] >= 2016 or (grains.saltversioninfo[0] >= 2015 and grains.saltversioninfo[1] >= 8) %} driver: openstack + {%- else %} + provider: openstack + {%- endif %} user: {{ cloud.get('rsos_user', 'DEFAULT') }} tenant: {{ cloud.get('rsos_tenant', 'DEFAULT') }} apikey: {{ cloud.get('rsos_apikey', 'DEFAULT') }} diff --git a/salt/files/cloud.providers.d/saltify.conf b/salt/files/cloud.providers.d/saltify.conf index 23e4dae..4ff5b1b 100644 --- a/salt/files/cloud.providers.d/saltify.conf +++ b/salt/files/cloud.providers.d/saltify.conf @@ -3,6 +3,10 @@ {% set cloud = salt['pillar.get']('salt:cloud', {}) -%} saltify: + {%- if grains.saltversioninfo[0] >= 2016 or (grains.saltversioninfo[0] >= 2015 and grains.saltversioninfo[1] >= 8) %} driver: saltify + {%- else %} + provider: saltify + {%- endif %} minion: master: {{ cloud.get('master', 'salt') }} From 08501c9e18d00f256ee0491092acc1c17c61bf20 Mon Sep 17 00:00:00 2001 From: David Boucha Date: Mon, 4 Apr 2016 11:48:20 -0600 Subject: [PATCH 087/146] Comment out second master config example This second master config example was causing problems when vagrant would use the default pillar.example --- pillar.example | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pillar.example b/pillar.example index 614cc7d..ec2c51d 100644 --- a/pillar.example +++ b/pillar.example @@ -45,9 +45,9 @@ salt: master: salt # multi master setup - master: - - salt_master_1 - - salt_master_2 + #master: + #- salt_master_1 + #- salt_master_2 fileserver_backend: - git From cca75d93d749dd42e836d43d3948459d3a6e9007 Mon Sep 17 00:00:00 2001 From: David Boucha Date: Mon, 4 Apr 2016 12:28:35 -0600 Subject: [PATCH 088/146] Use the latest stable salt from repo.saltstack.com --- dev/setup-salt.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/dev/setup-salt.sh b/dev/setup-salt.sh index 12aaaf8..5f2d2e2 100644 --- a/dev/setup-salt.sh +++ b/dev/setup-salt.sh @@ -1,7 +1,10 @@ #!/bin/sh + +# use the latest stable Salt from repo.saltstack.com +wget -O - https://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add - +sudo echo 'deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest trusty main' > /etc/apt/sources.list.d/saltstack.list + sudo apt-get update -y -sudo apt-get install python-software-properties pkg-config software-properties-common -y -sudo add-apt-repository ppa:saltstack/salt -y sudo apt-get install salt-master -y sudo apt-get install salt-minion -y # setup top files to test the formula From c4ef48c5e80c9533b2f20a9a89c6c7319fbc28e2 Mon Sep 17 00:00:00 2001 From: Brad Thurber Date: Tue, 19 Apr 2016 12:51:17 -0400 Subject: [PATCH 089/146] add new gitfs functionality --- README.rst | 5 ++ pillar.example | 10 +++ salt/files/gitfs_key.jinja | 1 + salt/files/master.d/f_defaults.conf | 95 +++++++++++++++++++++++++++-- salt/gitfs/keys.sls | 20 ++++++ 5 files changed, 127 insertions(+), 4 deletions(-) create mode 100644 salt/files/gitfs_key.jinja create mode 100644 salt/gitfs/keys.sls diff --git a/README.rst b/README.rst index fd3948a..67e3294 100644 --- a/README.rst +++ b/README.rst @@ -63,6 +63,11 @@ Install gitfs backend dulwich dependencies. Set ``salt:master:gitfs_provider: du Install gitfs backend GitPython dependenciess. Set ``salt:master:gitfs_provider: gitpython`` in your pillar. +``salt.gitfs.keys`` +---------------------- + +Install ssh keys to be used by gitfs + ``salt.gitfs.pygit2`` ---------------------- diff --git a/pillar.example b/pillar.example index ec2c51d..db8fc55 100644 --- a/pillar.example +++ b/pillar.example @@ -115,6 +115,16 @@ salt: user: ubuntu sudo: True priv: /etc/salt/ssh_keys/sshkey.pem + gitfs: + keys: + global: + # key and pub end up being the extension used on the key file. values other than key and pub are possible + key: | + -----BEGIN RSA PRIVATE KEY----- + ........... + -----END RSA PRIVATE KEY----- + pub: | + ........... salt_cloud_certs: aws: diff --git a/salt/files/gitfs_key.jinja b/salt/files/gitfs_key.jinja new file mode 100644 index 0000000..9d11fbb --- /dev/null +++ b/salt/files/gitfs_key.jinja @@ -0,0 +1 @@ +{{ pillar['salt']['gitfs']['keys'][key][type] }} \ No newline at end of file diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 0f35b2a..fbec0a9 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -699,9 +699,37 @@ fileserver_backend: # Git File Server Backend Configuration # -# Gitfs can be provided by one of two python modules: GitPython or pygit2. If -# using pygit2, both libgit2 and git must also be installed. -{{ get_config('gitfs_provider', 'gitpython') }} +# Optional parameter used to specify the provider to be used for gitfs. Must +# be one of the following: pygit2, gitpython, or dulwich. If unset, then each +# will be tried in that same order, and the first one with a compatible +# version installed will be the provider that is used. +{{ get_config('gitfs_provider', 'pygit2') }} + +# Along with gitfs_password, is used to authenticate to HTTPS remotes. +{{ get_config('gitfs_user', 'git') }} + +# Along with gitfs_user, is used to authenticate to HTTPS remotes. +# This parameter is not required if the repository does not use authentication. +{{ get_config('gitfs_password', 'mypassword') }} + +# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. +# This parameter enables authentication over HTTP. Enable this at your own risk. +{{ get_config('gitfs_insecure_auth', 'False') }} + +# Along with gitfs_privkey (and optionally gitfs_passphrase), is used to authenticate +# to SSH remotes. This parameter (or its per-remote counterpart) is required for SSH remotes. +{{ get_config('gitfs_pubkey', '/path/to/key.pub') }} + +# Along with gitfs_pubkey (and optionally gitfs_passphrase), is used to authenticate +# to SSH remotes. This parameter (or its per-remote counterpart) is required for SSH remotes. +{{ get_config('gitfs_privkey', '/path/to/key') }} + +# This parameter is optional, required only when the SSH key being used to +# authenticate is protected by a passphrase. +{{ get_config('gitfs_passphrase', 'mypassphrase') }} + +# Along with gitfs_user, is used to authenticate to HTTPS remotes. +# This parameter is not required if the repository does not use authentication. # When using the git fileserver backend at least one git remote needs to be # defined. The user running the salt master will need read access to the repo. @@ -865,8 +893,67 @@ ext_pillar: {{ get_config('pillar_source_merging_strategy', 'smart') }} # Recursively merge lists by aggregating them instead of replacing them. -{{ get_config('pillar_merge_lists', 'False') }} +{{ get_config('pillar_merge_lists', False) }} +# Git External Pillar (git_pillar) Configuration Options +# +# Specify the provider to be used for git_pillar. Must be either pygit2 or +# gitpython. If unset, then both will be tried in that same order, and the +# first one with a compatible version installed will be the provider that +# is used. +{{ get_config('git_pillar_provider', 'pygit2') }} + +# If the desired branch matches this value, and the environment is omitted +# from the git_pillar configuration, then the environment for that git_pillar +# remote will be base. +{{ get_config('git_pillar_base', 'master') }} + +# If the branch is omitted from a git_pillar remote, then this branch will +# be used instead. +{{ get_config('git_pillar_branch', 'master') }} + +# Environment to use for git_pillar remotes. This is normally derived from +# the branch/tag (or from a per-remote env parameter), but if set this will +# override the process of deriving the env from the branch/tag name. +{{ get_config('git_pillar_env', '') }} + +# Path relative to the root of the repository where the git_pillar top file +# and SLS files are located. +{{ get_config('git_pillar_root', 'pillar') }} + +# Specifies whether or not to ignore SSL certificate errors when contacting +# the remote repository. +{{ get_config('git_pillar_ssl_verify', True) }} + +# When set to False, if there is an update/checkout lock for a git_pillar +# remote and the pid written to it is not running on the master, the lock +# file will be automatically cleared and a new lock will be obtained. +{{ get_config('git_pillar_global_lock', False) }} + +# Git External Pillar Authentication Options +# +# Along with git_pillar_password, is used to authenticate to HTTPS remotes. +{{ get_config('git_pillar_user', '') }} + +# Along with git_pillar_user, is used to authenticate to HTTPS remotes. +# This parameter is not required if the repository does not use authentication. +{{ get_config('git_pillar_password', '') }} + +# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. +# This parameter enables authentication over HTTP. +{{ get_config('git_pillar_insecure_auth', False) }} + +# Along with git_pillar_privkey (and optionally git_pillar_passphrase), +# is used to authenticate to SSH remotes. +{{ get_config('git_pillar_pubkey', '/path/to/key.pub') }} + +# Along with git_pillar_pubkey (and optionally git_pillar_passphrase), +# is used to authenticate to SSH remotes. +{{ get_config('git_pillar_privkey', '/path/to/key') }} + +# This parameter is optional, required only when the SSH key being used +# to authenticate is protected by a passphrase. +{{ get_config('git_pillar_passphrase', '') }} ##### Syndic settings ##### ########################################## diff --git a/salt/gitfs/keys.sls b/salt/gitfs/keys.sls new file mode 100644 index 0000000..badc467 --- /dev/null +++ b/salt/gitfs/keys.sls @@ -0,0 +1,20 @@ +{%- from "salt/map.jinja" import salt_settings with context %} + +{%- set gitfs_keys=salt['pillar.get']('salt:gitfs:keys') %} + +{%- for key, keyvalues in gitfs_keys.items() %} +{%- for type, keydata in keyvalues.items() %} +gitfs-key-{{ key }}-{{ type }}: + file.managed: + - name: {{ salt_settings.config_path }}/pki/gitfs/{{ key }}.{{ type }} + - source: salt://salt/files/gitfs_key.jinja + - template: jinja + - user: root + - group: root + - mode: 600 + - makedirs: True + - defaults: + key: {{ key }} + type: {{ type }} +{%- endfor %} +{%- endfor %} \ No newline at end of file From 939aa37028acad48761d8687f2d751155e409ecb Mon Sep 17 00:00:00 2001 From: Brad Thurber Date: Wed, 20 Apr 2016 15:10:55 -0400 Subject: [PATCH 090/146] Cleanup and make closer to the PR submitted for the mainline salt repo master config file --- salt/files/gitfs_key.jinja | 2 +- salt/files/master.d/f_defaults.conf | 25 ++++++++++++------------- salt/gitfs/keys.sls | 2 +- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/salt/files/gitfs_key.jinja b/salt/files/gitfs_key.jinja index 9d11fbb..7c33128 100644 --- a/salt/files/gitfs_key.jinja +++ b/salt/files/gitfs_key.jinja @@ -1 +1 @@ -{{ pillar['salt']['gitfs']['keys'][key][type] }} \ No newline at end of file +{{ pillar['salt']['gitfs']['keys'][key][type] }} diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index fbec0a9..8a38d85 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -710,26 +710,25 @@ fileserver_backend: # Along with gitfs_user, is used to authenticate to HTTPS remotes. # This parameter is not required if the repository does not use authentication. -{{ get_config('gitfs_password', 'mypassword') }} +{{ get_config('gitfs_password', '') }} # By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. # This parameter enables authentication over HTTP. Enable this at your own risk. {{ get_config('gitfs_insecure_auth', 'False') }} -# Along with gitfs_privkey (and optionally gitfs_passphrase), is used to authenticate -# to SSH remotes. This parameter (or its per-remote counterpart) is required for SSH remotes. -{{ get_config('gitfs_pubkey', '/path/to/key.pub') }} +# Along with gitfs_privkey (and optionally gitfs_passphrase), is used to +# authenticate to SSH remotes. This parameter (or its per-remote counterpart) +# is required for SSH remotes. +{{ get_config('gitfs_pubkey', '') }} -# Along with gitfs_pubkey (and optionally gitfs_passphrase), is used to authenticate -# to SSH remotes. This parameter (or its per-remote counterpart) is required for SSH remotes. -{{ get_config('gitfs_privkey', '/path/to/key') }} +# Along with gitfs_pubkey (and optionally gitfs_passphrase), is used to +# authenticate to SSH remotes. This parameter (or its per-remote counterpart) +# is required for SSH remotes. +{{ get_config('gitfs_privkey', '') }} # This parameter is optional, required only when the SSH key being used to # authenticate is protected by a passphrase. -{{ get_config('gitfs_passphrase', 'mypassphrase') }} - -# Along with gitfs_user, is used to authenticate to HTTPS remotes. -# This parameter is not required if the repository does not use authentication. +{{ get_config('gitfs_passphrase', '') }} # When using the git fileserver backend at least one git remote needs to be # defined. The user running the salt master will need read access to the repo. @@ -945,11 +944,11 @@ ext_pillar: # Along with git_pillar_privkey (and optionally git_pillar_passphrase), # is used to authenticate to SSH remotes. -{{ get_config('git_pillar_pubkey', '/path/to/key.pub') }} +{{ get_config('git_pillar_pubkey', '') }} # Along with git_pillar_pubkey (and optionally git_pillar_passphrase), # is used to authenticate to SSH remotes. -{{ get_config('git_pillar_privkey', '/path/to/key') }} +{{ get_config('git_pillar_privkey', '') }} # This parameter is optional, required only when the SSH key being used # to authenticate is protected by a passphrase. diff --git a/salt/gitfs/keys.sls b/salt/gitfs/keys.sls index badc467..338046b 100644 --- a/salt/gitfs/keys.sls +++ b/salt/gitfs/keys.sls @@ -17,4 +17,4 @@ gitfs-key-{{ key }}-{{ type }}: key: {{ key }} type: {{ type }} {%- endfor %} -{%- endfor %} \ No newline at end of file +{%- endfor %} From 39479cafe91d9dcf9e2677307c7e81e952d69c62 Mon Sep 17 00:00:00 2001 From: Brad Thurber Date: Thu, 28 Apr 2016 09:43:13 -0400 Subject: [PATCH 091/146] add missing gitfs parms to minion config file as well (for use by standalone minions) --- salt/files/minion.d/f_defaults.conf | 232 +++++++++++++++++++++++++++- 1 file changed, 229 insertions(+), 3 deletions(-) diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index 9c65ce3..cec953a 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -488,6 +488,33 @@ file_client: local {{ file_roots(cfg_salt['file_roots']) }} {%- elif formulas|length -%} {{ file_roots({'base': ['/srv/salt']}) }} +{%- else -%} +#file_roots: +# base: +# - /srv/salt +{%- endif %} + + +# File Server Backend +# +# Salt supports a modular fileserver backend system, this system allows +# the salt minion to link directly to third party systems to gather and +# manage the files available to minions. Multiple backends can be +# configured and will be searched for the requested file in the order in which +# they are defined here. The default setting only enables the standard backend +# "roots" which uses the "file_roots" option. +#fileserver_backend: +# - roots +# +# To use multiple backends list them in the order they are searched: +#fileserver_backend: +# - git +# - roots +{% if 'fileserver_backend' in cfg_minion -%} +fileserver_backend: +{%- for backend in cfg_minion['fileserver_backend'] %} + - {{ backend }} +{%- endfor -%} {%- endif %} # By default, the Salt fileserver recurses fully into all defined environments @@ -508,7 +535,40 @@ file_client: local # gitfs provider {{ get_config('gitfs_provider', 'pygit2') }} -# gitfs remotes + +# Along with gitfs_password, is used to authenticate to HTTPS remotes. +{{ get_config('gitfs_user', 'git') }} + +# Along with gitfs_user, is used to authenticate to HTTPS remotes. +# This parameter is not required if the repository does not use authentication. +{{ get_config('gitfs_password', '') }} + +# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. +# This parameter enables authentication over HTTP. Enable this at your own risk. +{{ get_config('gitfs_insecure_auth', 'False') }} + +# Along with gitfs_privkey (and optionally gitfs_passphrase), is used to +# authenticate to SSH remotes. This parameter (or its per-remote counterpart) +# is required for SSH remotes. +{{ get_config('gitfs_pubkey', '') }} + +# Along with gitfs_pubkey (and optionally gitfs_passphrase), is used to +# authenticate to SSH remotes. This parameter (or its per-remote counterpart) +# is required for SSH remotes. +{{ get_config('gitfs_privkey', '') }} + +# This parameter is optional, required only when the SSH key being used to +# authenticate is protected by a passphrase. +{{ get_config('gitfs_passphrase', '') }} +# When using the git fileserver backend at least one git remote needs to be +# defined. The user running the salt master will need read access to the repo. +# +# The repos will be searched in order to find the file requested by a client +# and the first repo to have the file will return it. +# When using the git backend branches and tags are translated into salt +# environments. +# Note: file:// repos will be treated as a remote, so refs you want used must +# exist in that repo as *local* refs. {% if 'gitfs_remotes' in cfg_minion -%} gitfs_remotes: {%- for remote in cfg_minion['gitfs_remotes'] %} @@ -526,11 +586,45 @@ gitfs_remotes: {%- endif -%} {%- endfor -%} {%- endif %} -# verify git ssl errors + +# The gitfs_ssl_verify option specifies whether to ignore ssl certificate +# errors when contacting the gitfs backend. You might want to set this to +# false if you're using a git backend that uses a self-signed certificate but +# keep in mind that setting this flag to anything other than the default of True +# is a security concern, you may want to try using the ssh transport. {{ get_config('gitfs_ssl_verify', 'True') }} -# gitfs root dir + +# The gitfs_root option gives the ability to serve files from a subdirectory +# within the repository. The path is defined relative to the root of the +# repository and defaults to the repository root. {{ get_config('gitfs_root', 'somefolder/otherfolder') }} +# The gitfs_env_whitelist and gitfs_env_blacklist parameters allow for greater +# control over which branches/tags are exposed as fileserver environments. +{% if 'gitfs_env_whitelist' in cfg_minion -%} +gitfs_env_whitelist: + {%- for git_env in cfg_minion['gitfs_env_whitelist'] %} + - {{ git_env }} + {%- endfor -%} +{% else -%} +# gitfs_env_whitelist: +# - base +# - v1.* +{% endif %} + +{% if 'gitfs_env_blacklist' in cfg_minion -%} +gitfs_env_blacklist: + {%- for git_env in cfg_minion['gitfs_env_blacklist'] %} + - {{ git_env }} + {%- endfor -%} +{% else -%} +# gitfs_env_blacklist: +# - bug/* +# - feature/* +{% endif %} + +##### Pillar settings ##### +########################################## # The Salt pillar is searched for locally if file_client is set to local. If # this is the case, and pillar data is defined, then the pillar_roots need to # also be configured on the minion: @@ -550,8 +644,140 @@ pillar_roots: - {{ dir }} {%- endfor -%} {%- endfor -%} +{%- else -%} +#pillar_roots: +# base: +# - /srv/pillar {%- endif %} +{% if 'ext_pillar' in cfg_minion %} +ext_pillar: +{%- for pillar in cfg_minion['ext_pillar'] -%} + {%- for key in pillar -%} + {%- if pillar[key] is string %} + - {{ key }}: {{ pillar[key] }} + {%- elif pillar[key] is iterable and pillar[key] is not mapping %} + - {{ key }}: + {%- for parameter in pillar[key] %} + - {{ parameter }} + {%- endfor -%} + {%- elif pillar[key] is mapping and pillar[key] is not string %} + - {{ key }}: + {%- for parameter in pillar[key] %} + {{ parameter }}: {{pillar[key][parameter]}} + {%- endfor %} + {%- else %} +# Error in rendering {{ key }}, please read https://docs.saltstack.com/en/latest/topics/development/external_pillars.html#configuration + {% endif %} + {%- endfor -%} +{%- endfor %} +{% elif 'ext_pillar' in cfg_salt %} +ext_pillar: +{% for pillar in cfg_salt['ext_pillar'] %} + - {{ pillar.items()[0][0] }}: {{ pillar.items()[0][1] }} +{% endfor %} +{% else %} +#ext_pillar: +# - hiera: /etc/hiera.yaml +# - cmd_yaml: cat /etc/salt/yaml +{% endif %} + +# The ext_pillar_first option allows for external pillar sources to populate +# before file system pillar. This allows for targeting file system pillar from +# ext_pillar. +{{ get_config('ext_pillar_first', 'False') }} + +# The pillar_gitfs_ssl_verify option specifies whether to ignore ssl certificate +# errors when contacting the pillar gitfs backend. You might want to set this to +# false if you're using a git backend that uses a self-signed certificate but +# keep in mind that setting this flag to anything other than the default of True +# is a security concern, you may want to try using the ssh transport. +{{ get_config('pillar_gitfs_ssl_verify', 'True') }} + +# The pillar_opts option adds the master configuration file data to a dict in +# the pillar called "master". This is used to set simple configurations in the +# master config file that can then be used on minions. +{{ get_config('pillar_opts', 'True') }} + +# The pillar_safe_render_error option prevents the master from passing pillar +# render errors to the minion. This is set on by default because the error could +# contain templating data which would give that minion information it shouldn't +# have, like a password! When set true the error message will only show: +# Rendering SLS 'my.sls' failed. Please see master log for details. +{{ get_config('pillar_safe_render_error', 'True') }} + +# The pillar_source_merging_strategy option allows you to configure merging strategy +# between different sources. It accepts four values: recurse, aggregate, overwrite, +# or smart. Recurse will merge recursively mapping of data. Aggregate instructs +# aggregation of elements between sources that use the #!yamlex renderer. Overwrite +# will verwrite elements according the order in which they are processed. This is +# behavior of the 2014.1 branch and earlier. Smart guesses the best strategy based +# on the "renderer" setting and is the default value. +{{ get_config('pillar_source_merging_strategy', 'smart') }} + +# Recursively merge lists by aggregating them instead of replacing them. +{{ get_config('pillar_merge_lists', False) }} + +# Git External Pillar (git_pillar) Configuration Options +# +# Specify the provider to be used for git_pillar. Must be either pygit2 or +# gitpython. If unset, then both will be tried in that same order, and the +# first one with a compatible version installed will be the provider that +# is used. +{{ get_config('git_pillar_provider', 'pygit2') }} + +# If the desired branch matches this value, and the environment is omitted +# from the git_pillar configuration, then the environment for that git_pillar +# remote will be base. +{{ get_config('git_pillar_base', 'master') }} + +# If the branch is omitted from a git_pillar remote, then this branch will +# be used instead. +{{ get_config('git_pillar_branch', 'master') }} + +# Environment to use for git_pillar remotes. This is normally derived from +# the branch/tag (or from a per-remote env parameter), but if set this will +# override the process of deriving the env from the branch/tag name. +{{ get_config('git_pillar_env', '') }} + +# Path relative to the root of the repository where the git_pillar top file +# and SLS files are located. +{{ get_config('git_pillar_root', 'pillar') }} + +# Specifies whether or not to ignore SSL certificate errors when contacting +# the remote repository. +{{ get_config('git_pillar_ssl_verify', True) }} + +# When set to False, if there is an update/checkout lock for a git_pillar +# remote and the pid written to it is not running on the master, the lock +# file will be automatically cleared and a new lock will be obtained. +{{ get_config('git_pillar_global_lock', False) }} + +# Git External Pillar Authentication Options +# +# Along with git_pillar_password, is used to authenticate to HTTPS remotes. +{{ get_config('git_pillar_user', '') }} + +# Along with git_pillar_user, is used to authenticate to HTTPS remotes. +# This parameter is not required if the repository does not use authentication. +{{ get_config('git_pillar_password', '') }} + +# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. +# This parameter enables authentication over HTTP. +{{ get_config('git_pillar_insecure_auth', False) }} + +# Along with git_pillar_privkey (and optionally git_pillar_passphrase), +# is used to authenticate to SSH remotes. +{{ get_config('git_pillar_pubkey', '') }} + +# Along with git_pillar_pubkey (and optionally git_pillar_passphrase), +# is used to authenticate to SSH remotes. +{{ get_config('git_pillar_privkey', '') }} + +# This parameter is optional, required only when the SSH key being used +# to authenticate is protected by a passphrase. +{{ get_config('git_pillar_passphrase', '') }} + ###### Security settings ##### ########################################### From d2df21101101a966412fcc68f892ef440424f79e Mon Sep 17 00:00:00 2001 From: Brad Thurber Date: Mon, 2 May 2016 09:13:38 -0400 Subject: [PATCH 092/146] allow state to function without errors if no keys are find in pilar --- salt/gitfs/keys.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/gitfs/keys.sls b/salt/gitfs/keys.sls index 338046b..3b002b8 100644 --- a/salt/gitfs/keys.sls +++ b/salt/gitfs/keys.sls @@ -1,6 +1,6 @@ {%- from "salt/map.jinja" import salt_settings with context %} -{%- set gitfs_keys=salt['pillar.get']('salt:gitfs:keys') %} +{%- set gitfs_keys=salt['pillar.get']('salt:gitfs:keys', {}) %} {%- for key, keyvalues in gitfs_keys.items() %} {%- for type, keydata in keyvalues.items() %} From b3a3fa4d720f30d852c0ce9f539707841e743fa5 Mon Sep 17 00:00:00 2001 From: Brad Thurber Date: Fri, 6 May 2016 14:45:41 -0400 Subject: [PATCH 093/146] Ability to create non-templated cloud config files (maps/providers/profiles). --- pillar.example | 31 +++++++++++++++++++++++++++++++ salt/cloud.sls | 25 +++++++++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/pillar.example b/pillar.example index db8fc55..8392bc0 100644 --- a/pillar.example +++ b/pillar.example @@ -83,6 +83,37 @@ salt: # salt cloud config cloud: master: salt + + # For non-templated custom cloud provider/profile/map files + providers: + provider-filename1.conf: + vmware-prod: + driver: vmware + user: myusernameprod + password: mypassword + vmware-nonprod: + driver: vmware + user: myusernamenonprod + password: mypassword + profiles: + profile-filename1.conf: + server-non-prod: + clonefrom: rhel6xtemplatenp + grains: + platform: + name: salt + realm: lab + subscription_level: standard + memory: 8GB + num_cpus: 4 + password: sUpErsecretey + provider: vmware-nonprod + maps: + map-filename1.map: + server-non-prod: + - host.mycompany.com: + grains: + environment: dev1 # You can take profile and map templates from an alternate location # if you want to write your own. diff --git a/salt/cloud.sls b/salt/cloud.sls index fec735e..3c80080 100644 --- a/salt/cloud.sls +++ b/salt/cloud.sls @@ -1,5 +1,9 @@ {% from "salt/map.jinja" import salt_settings with context %} +{% set cloudmaps = salt['pillar.get']('salt:cloud:maps', {}) -%} +{% set cloudprofiles = salt['pillar.get']('salt:cloud:profiles', {}) -%} +{% set cloudproviders = salt['pillar.get']('salt:cloud:providers', {}) -%} + python-pip: pkg.installed @@ -58,6 +62,27 @@ salt-cloud-{{ dir }}: - makedirs: True {%- endfor %} +{% for key, value in cloudmaps.items() %} +/etc/salt/cloud.maps.d/{{ key }}: + file.managed: + - contents: | + {{ value|yaml(False) | indent(8) }} +{% endfor %} + +{% for key, value in cloudprofiles.items() %} +/etc/salt/cloud.profiles.d/{{ key }}: + file.managed: + - contents: | + {{ value|yaml(False) | indent(8) }} +{% endfor %} + +{% for key, value in cloudproviders.items() %} +/etc/salt/cloud.providers.d/{{ key }}: + file.managed: + - contents: | + {{ value|yaml(False) | indent(8) }} +{% endfor %} + salt-cloud-providers-permissions: file.directory: - name: {{ salt_settings.config_path }}/cloud.providers.d From b9ae603fd782ed40dc8c0e7a02fa49a81b8be8db Mon Sep 17 00:00:00 2001 From: Brad Thurber Date: Thu, 26 May 2016 10:52:10 -0400 Subject: [PATCH 094/146] Add support for master eauth LDAP config --- pillar.example | 5 +++ salt/files/master.d/f_defaults.conf | 62 +++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) diff --git a/pillar.example b/pillar.example index 8392bc0..4414ed5 100644 --- a/pillar.example +++ b/pillar.example @@ -37,6 +37,11 @@ salt: ssl_key: /etc/pki/api/certs/server.key debug: False disable_ssl: False + ## for external auth - LDAP + # filter to use for Active Directory LDAP + auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %} + # filter to use for Most other LDAP servers + auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %} # salt minion config: minion: diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 8a38d85..29b5f8a 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -439,6 +439,68 @@ client_acl_blacklist: # Do not disable this unless it is absolutely clear what this does. {{ get_config('rotate_aes_key', 'True') }} +# Unique ID attribute name for the user. For Active Directory should be set +# to 'sAMAccountName'. Default value is 'memberUid'. +{{ get_config('auth.ldap.accountattributename', 'memberUid') }} + +# Set this to True if LDAP is Active Directory. Default is False +{{ get_config('auth.ldap.activedirectory', False) }} + +# Bind to LDAP anonymously to determine group membership +# Active Directory does not allow anonymous binds without special configuration +{{ get_config('auth.ldap.anonymous', False) }} + +# The base DN under which users can be found in LDAP +{{ get_config('auth.ldap.basedn', '') }} + +# The user Salt authenticates to search for a users' Distinguished Name and +# group membership. +{{ get_config('auth.ldap.binddn', '') }} + +# The bind password to go along with the bind dn (binddn). +{{ get_config('auth.ldap.bindpw', '') }} + +# The filter used to find the DN associated with a user. For most LDAPs use +# the value {% raw %}'uid={{ username }}'{% endraw %}. For Active Directory use the value +# {% raw %}'sAMAccountName={{username}}'{% endraw %}. +{{ get_config('auth.ldap.filter', '') }} + +# The attribute used for user group membership. Defaults to 'memberOf' +{{ get_config('auth.ldap.groupattribute', 'memberOf') }} + +# LDAP group class. Use 'group' for Active Directory. Defaults to 'posixGroup' +{{ get_config('auth.ldap.groupclass', 'posixGroup') }} + +# To specify an OU that contains group data. Not used for Active Directory +# Default value: 'Groups' +{{ get_config('auth.ldap.groupou', 'Groups') }} + +# Allows the administrator to strip off a certain set of domain names +# so the hostnames looked up in the directory service can match the minion IDs. +{{ get_config('auth.ldap.minion_stripdomains', []) }} + +# Verify server's TLS certificate. Default value: False +{{ get_config('auth.ldap.no_verify', False) }} + +# Only for Active Directory. Default value: 'person' +{{ get_config('auth.ldap.persontype', 'person') }} + +# Port to connect via. Default value: '389' +{{ get_config('auth.ldap.port', '389') }} + +# LDAP scope level, almost always 2. Default value: 2 +{{ get_config('auth.ldap.scope', 2) }} + +# Server to auth against. Default value: 'localhost' +{{ get_config('auth.ldap.server', 'localhost') }} + +# Use TLS when connecting. Default value: False +{{ get_config('auth.ldap.tls', False) }} + +# Server specified in URI format. Overrides .ldap.server, .ldap.port, +# .ldap.tls. Default value: '' +{{ get_config('auth.ldap.uri', '') }} + ##### Salt-SSH Configuration ##### ########################################## From ac4ed62c032fd1468c5346053a622e7de322708f Mon Sep 17 00:00:00 2001 From: Christian McHugh Date: Fri, 27 May 2016 22:35:15 -0500 Subject: [PATCH 095/146] Support engine configuration --- pillar.example | 16 ++++++++++++++++ salt/files/master.d/engine.conf | 8 ++++++++ 2 files changed, 24 insertions(+) create mode 100644 salt/files/master.d/engine.conf diff --git a/pillar.example b/pillar.example index 4414ed5..4b16756 100644 --- a/pillar.example +++ b/pillar.example @@ -43,6 +43,22 @@ salt: # filter to use for Most other LDAP servers auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %} + # optional engine configuration + engines: + slack: + token: xoxp-XXXXX-XXXXXXX + control: True + valid_users: + - someuser + - otheruser + valid_commands: + - test.ping + - list_jobs + aliases: + list_jobs: + type: runner + cmd: jobs.list_jobs + # salt minion config: minion: diff --git a/salt/files/master.d/engine.conf b/salt/files/master.d/engine.conf new file mode 100644 index 0000000..d2ecec6 --- /dev/null +++ b/salt/files/master.d/engine.conf @@ -0,0 +1,8 @@ +# +# This file is managed by Salt! Do not edit by hand! +# +{%- set engines = salt['pillar.get']('salt:engines') -%} +{%- if engines %} +engines: + {{ engines | yaml(False) | indent(2) }} +{%- endif -%} From adad72741e48fc1281a528073c35c31b00c95dd1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89tienne=20BERSAC?= Date: Sun, 29 May 2016 20:42:41 +0200 Subject: [PATCH 096/146] Render config as JSON --- salt/files/minion.d/f_defaults.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index cec953a..84661bf 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -6,11 +6,11 @@ {% set cfg_minion = cfg_salt.get('minion', {}) -%} {%- macro get_config(configname, default_value) -%} {%- if configname in cfg_minion -%} -{{ configname }}: {{ cfg_minion[configname] }} +{{ configname }}: {{ cfg_minion[configname]|json }} {%- elif configname in cfg_salt and configname not in reserved_keys -%} -{{ configname }}: {{ cfg_salt[configname] }} +{{ configname }}: {{ cfg_salt[configname]|json }} {%- else -%} -#{{ configname }}: {{ default_value }} +#{{ configname }}: {{ default_value|json }} {%- endif -%} {%- endmacro -%} {%- from 'salt/formulas.jinja' import file_roots, formulas with context -%} From 6690e8b103df811c74f9634c8d450b5967ac6a4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tiago=20Teresa=20Teod=C3=B3sio?= Date: Mon, 30 May 2016 13:50:16 +0200 Subject: [PATCH 097/146] Fixing GitPython package name for RedHat OS family. Tested on CentOS 7. --- salt/map.jinja | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/map.jinja b/salt/map.jinja index 368b5e6..ac2a106 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -29,6 +29,7 @@ that differ from whats in defaults.yaml }, 'RedHat': { 'pygit2': 'python-pygit2', + 'python_git': 'GitPython', 'gitfs': { 'pygit2': { 'install_from_source': False, From ca42d40ef98cdf7016a45a2c97ab09e0a5118045 Mon Sep 17 00:00:00 2001 From: risca Date: Tue, 7 Jun 2016 19:46:08 +0200 Subject: [PATCH 098/146] added support for LXC profiles --- pillar.example | 17 +++++++++++ salt/files/master.d/lxc_profiles.conf | 42 +++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 salt/files/master.d/lxc_profiles.conf diff --git a/pillar.example b/pillar.example index 4b16756..832f939 100644 --- a/pillar.example +++ b/pillar.example @@ -37,6 +37,23 @@ salt: ssl_key: /etc/pki/api/certs/server.key debug: False disable_ssl: False + # for profile configuration as https://docs.saltstack.com/en/latest/topics/tutorials/lxc.html#tutorial-lxc-profiles + lxc.container_profile: + debian: + template: download + options: + dist: debian + release: jessie + arch: amd64 + backing: lvm + vgname: kimsufi + size: 10G + lxc.network_profile: + basic: + eth0: + link: lxcbr0 + type: veth + flags: up ## for external auth - LDAP # filter to use for Active Directory LDAP auth.ldap.filter: {% raw %}'sAMAccountName={{username}}'{% endraw %} diff --git a/salt/files/master.d/lxc_profiles.conf b/salt/files/master.d/lxc_profiles.conf new file mode 100644 index 0000000..2538848 --- /dev/null +++ b/salt/files/master.d/lxc_profiles.conf @@ -0,0 +1,42 @@ +# This file managed by Salt, do not edit by hand!! +# Based on salt version 2015.8.7 default config +{% set cfg_salt = pillar.get('salt', {}) -%} +{% set cfg_master = cfg_salt.get('master', {}) -%} +{% set cfg_prof = cfg_master.get('lxc.container_profile', {}) -%} +{% set cfg_net = cfg_master.get('lxc.network_profile', {}) -%} + +###### Profile configurations ######### +####################################### +{% if cfg_prof %} +lxc.container_profile: +{%- for prof in cfg_prof %} + {{ prof }}: +{%- for conf in cfg_prof[prof] %} +{%- if cfg_prof[prof][conf] is mapping %} + {{ conf }}: +{%- for opt in cfg_prof[prof][conf] %} + {{ opt }}: {{ cfg_prof[prof][conf][opt] }} +{%- endfor %} +{%- else %} + {{ conf }}: {{ cfg_prof[prof][conf] }} +{%- endif %} +{%- endfor %} +{% endfor %} +{%- endif %} + +{% if cfg_net %} +lxc.network_profile: +{%- for prof in cfg_net %} + {{ prof }}: +{%- for conf in cfg_net[prof] -%} +{%- if cfg_net[prof][conf] is mapping %} + {{ conf }}: +{%- for opt in cfg_net[prof][conf] %} + {{ opt }}: {{ cfg_net[prof][conf][opt] }} +{%- endfor %} +{%- else %} + {{ conf }}: {{ cfg_net[prof][conf] }} +{%- endif %} +{%- endfor %} +{% endfor %} +{%- endif %} From 182098fc16c01313ebf2c36ca605bfb1f18585cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= Date: Mon, 20 Jun 2016 22:24:20 +0200 Subject: [PATCH 099/146] JSON encode values embedded in the salt-master's configuration file This avoids problems when values are strings containing colons. And it mimicks what was already done for the salt-minion's configuration file. Fixes #233. --- salt/files/master.d/f_defaults.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 29b5f8a..9b0d87c 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -5,11 +5,11 @@ {% set cfg_master = cfg_salt.get('master', {}) -%} {%- macro get_config(configname, default_value) -%} {%- if configname in cfg_master -%} -{{ configname }}: {{ cfg_master[configname] }} +{{ configname }}: {{ cfg_master[configname]|json }} {%- elif configname in cfg_salt and configname not in reserved_keys -%} -{{ configname }}: {{ cfg_salt[configname] }} +{{ configname }}: {{ cfg_salt[configname]|json }} {%- else -%} -#{{ configname }}: {{ default_value }} +#{{ configname }}: {{ default_value|json }} {%- endif -%} {%- endmacro -%} {%- from 'salt/formulas.jinja' import file_roots, formulas with context -%} From ee06702fca5ce6bdb198b7ceb898397584048b3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= Date: Mon, 20 Jun 2016 21:30:45 +0200 Subject: [PATCH 100/146] Use repo.saltstack.com in salt.pkgrepo for Debian-based distributions repo.saltstack.com handles all currently supported Debian releases as well as all supported Ubuntu releases so this change should be fine. Part of #180. --- salt/map.jinja | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/salt/map.jinja b/salt/map.jinja index ac2a106..dadf7c2 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -8,10 +8,12 @@ Setup variable using grains['os_family'] based logic, only add key:values here that differ from whats in defaults.yaml ##} +{% set osrelease = salt['grains.get']('osrelease') %} {% set os_family_map = salt['grains.filter_by']({ 'Debian': { - 'pkgrepo': 'deb http://debian.saltstack.com/debian ' + salt['grains.get']('oscodename') + '-saltstack main', - 'key_url': 'salt://salt/pkgrepo/debian/saltstack.gpg', + 'pkgrepo': 'deb http://repo.saltstack.com/apt/' + + salt['grains.get']('os')|lower + '/' + salt['grains.get']('osmajorrelease', osrelease) + '/amd64/latest ' + salt['grains.get']('oscodename') + ' main', + 'key_url': 'https://repo.saltstack.com/apt/' + salt['grains.get']('os')|lower + '/' + salt['grains.get']('osmajorrelease', osrelease) + '/amd64/latest/SALTSTACK-GPG-KEY.pub', 'libgit2': 'libgit2-22', 'gitfs': { 'pygit2': { From 98d591eab2357e1fe0a3b26abdb36db3cedd284b Mon Sep 17 00:00:00 2001 From: Manoj Sonawane Date: Mon, 27 Jun 2016 01:34:05 +0000 Subject: [PATCH 101/146] add module_config for minions --- salt/files/minion.d/f_defaults.conf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index cec953a..dcd1a64 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -927,6 +927,14 @@ ext_pillar: # A dict for the test module: #test.baz: {spam: sausage, cheese: bread} # + + +{%- if 'module_config' in cfg_minion %} + {%- for modkey, modval in cfg_minion.module_config.items() %} +{{ modkey }}: {{ modval }} + {%- endfor %} +{%- endif %} + # ###### Update settings ###### ########################################### From 621e1f218c6d7957b457f5c88e8cd6ce333db4d9 Mon Sep 17 00:00:00 2001 From: Matthew Pherigo Date: Fri, 1 Jul 2016 21:25:06 -0500 Subject: [PATCH 102/146] Add support for OpenBSD in map.jinja --- salt/map.jinja | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/salt/map.jinja b/salt/map.jinja index dadf7c2..2da0b0b 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -77,6 +77,18 @@ that differ from whats in defaults.yaml 'api_service': 'salt_api', 'syndic_service': 'salt_syndic', }, + 'OpenBSD': { + 'salt_master': 'salt', + 'salt_minion': 'salt', + 'salt_syndic': 'salt', + 'salt_cloud': 'salt', + 'salt_api': 'salt', + 'salt_ssh': 'salt', + 'config_path': '/etc/salt', + 'minion_service': 'salt_minion', + 'master_service': 'salt_master', + 'python_git': 'py-GitPython', + }, 'Windows': { 'salt_minion': 'saltstack.minion', 'config_path': 'C:\salt\conf', From 478fef683bc04c1d375ae2179996eed5d901bead Mon Sep 17 00:00:00 2001 From: Rene Jochum Date: Thu, 7 Jul 2016 16:15:39 +0200 Subject: [PATCH 103/146] Remove trailing whitespaces in config templates. Signed-off-by: Rene Jochum --- salt/files/master.d/f_defaults.conf | 50 ++++++++++++++--------------- salt/files/minion.d/f_defaults.conf | 14 ++++---- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 9b0d87c..08ca3eb 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -59,7 +59,7 @@ # Directory to store job and cache data: # This directory may contain sensitive data and should be protected accordingly. -# +# {{ get_config('cachedir', '/var/cache/salt/master') }} # Directory for custom modules. This directory can contain subdirectories for @@ -133,7 +133,7 @@ module_dirs: {{ get_config('minion_data_cache', 'True') }} # Store all returns in the given returner. -# Setting this option requires that any returner-specific configuration also +# Setting this option requires that any returner-specific configuration also # be set. See various returners in salt/returners for details on required # configuration values. (See also, event_return_queue below.) {{ get_config('event_return', 'mysql') }} @@ -195,12 +195,12 @@ event_return_blacklist: # the key rotation event as minions reconnect. Consider this carefully if this # salt master is managing a large number of minions. # -# If disabled, it is recommended to handle this event by listening for the +# If disabled, it is recommended to handle this event by listening for the # 'aes_key_rotate' event with the 'key' tag and acting appropriately. {{ get_config('ping_on_rotate', 'False') }} # By default, the master deletes its cache of minion data when the key for that -# minion is removed. To preserve the cache after key deletion, set +# minion is removed. To preserve the cache after key deletion, set # 'preserve_minion_cache' to True. # # WARNING: This may have security implications if compromised minions auth with @@ -379,7 +379,7 @@ client_acl_blacklist: {% endif %} # Enforce client_acl & client_acl_blacklist when users have sudo -# access to the salt command. +# access to the salt command. {{ get_config('sudo_acl', 'False') }} # The external auth system uses the Salt auth modules to authenticate and @@ -416,7 +416,7 @@ client_acl_blacklist: # will cause minion to throw an exception and drop the message. {{ get_config('sign_pub_message', 'False') }} -# Sign the master auth-replies with a cryptographic signature of the masters public key. +# Sign the master auth-replies with a cryptographic signature of the masters public key. # Please see the tutorial how to use these settings in the Multimaster-PKI with Failover Tutorial {{ get_config('master_sign_pubkey', 'False') }} @@ -424,18 +424,18 @@ client_acl_blacklist: # master_sign_key_name: {{ get_config('master_sign', '{}') }} -# The name of the file in the masters pki-directory that holds the pre-calculated +# The name of the file in the masters pki-directory that holds the pre-calculated # signature of the masters public-key. # master_pubkey_signature: {{ get_config('master_pubkey_signature', '{}') }} -# Instead of computing the signature for each auth-reply, use a pre-calculated signature. +# Instead of computing the signature for each auth-reply, use a pre-calculated signature. # The master_pubkey_signature must also be set for this. {{ get_config('master_use_pubkey_signature', 'False') }} -# Rotate the salt-masters AES-key when a minion-public is deleted with salt-key. -# This is a very important security-setting. Disabling it will enable deleted minions to still -# listen in on the messages published by the salt-master. +# Rotate the salt-masters AES-key when a minion-public is deleted with salt-key. +# This is a very important security-setting. Disabling it will enable deleted minions to still +# listen in on the messages published by the salt-master. # Do not disable this unless it is absolutely clear what this does. {{ get_config('rotate_aes_key', 'True') }} @@ -453,16 +453,16 @@ client_acl_blacklist: # The base DN under which users can be found in LDAP {{ get_config('auth.ldap.basedn', '') }} -# The user Salt authenticates to search for a users' Distinguished Name and +# The user Salt authenticates to search for a users' Distinguished Name and # group membership. {{ get_config('auth.ldap.binddn', '') }} -# The bind password to go along with the bind dn (binddn). +# The bind password to go along with the bind dn (binddn). {{ get_config('auth.ldap.bindpw', '') }} # The filter used to find the DN associated with a user. For most LDAPs use -# the value {% raw %}'uid={{ username }}'{% endraw %}. For Active Directory use the value -# {% raw %}'sAMAccountName={{username}}'{% endraw %}. +# the value {% raw %}'uid={{ username }}'{% endraw %}. For Active Directory use the value +# {% raw %}'sAMAccountName={{username}}'{% endraw %}. {{ get_config('auth.ldap.filter', '') }} # The attribute used for user group membership. Defaults to 'memberOf' @@ -475,7 +475,7 @@ client_acl_blacklist: # Default value: 'Groups' {{ get_config('auth.ldap.groupou', 'Groups') }} -# Allows the administrator to strip off a certain set of domain names +# Allows the administrator to strip off a certain set of domain names # so the hostnames looked up in the directory service can match the minion IDs. {{ get_config('auth.ldap.minion_stripdomains', []) }} @@ -646,7 +646,7 @@ master_tops: # When using multiple environments, each with their own top file, the # default behaviour is an unordered merge. To prevent top files from # being merged together and instead to only use the top file from the -# requested environment, set this value to 'same'. +# requested environment, set this value to 'same'. {{ get_config('top_file_merging_stragety', 'merge') }} # To specify the order in which environments are merged, set the ordering @@ -663,7 +663,7 @@ master_tops: # the master server. The default is md5, but sha1, sha224, sha256, sha384 # and sha512 are also supported. # -# Prior to changing this value, the master should be stopped and all Salt +# Prior to changing this value, the master should be stopped and all Salt # caches should be cleared. {{ get_config('hash_type', 'md5') }} @@ -770,11 +770,11 @@ fileserver_backend: # Along with gitfs_password, is used to authenticate to HTTPS remotes. {{ get_config('gitfs_user', 'git') }} -# Along with gitfs_user, is used to authenticate to HTTPS remotes. +# Along with gitfs_user, is used to authenticate to HTTPS remotes. # This parameter is not required if the repository does not use authentication. {{ get_config('gitfs_password', '') }} -# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. +# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. # This parameter enables authentication over HTTP. Enable this at your own risk. {{ get_config('gitfs_insecure_auth', 'False') }} @@ -973,9 +973,9 @@ ext_pillar: # be used instead. {{ get_config('git_pillar_branch', 'master') }} -# Environment to use for git_pillar remotes. This is normally derived from +# Environment to use for git_pillar remotes. This is normally derived from # the branch/tag (or from a per-remote env parameter), but if set this will -# override the process of deriving the env from the branch/tag name. +# override the process of deriving the env from the branch/tag name. {{ get_config('git_pillar_env', '') }} # Path relative to the root of the repository where the git_pillar top file @@ -983,12 +983,12 @@ ext_pillar: {{ get_config('git_pillar_root', 'pillar') }} # Specifies whether or not to ignore SSL certificate errors when contacting -# the remote repository. +# the remote repository. {{ get_config('git_pillar_ssl_verify', True) }} # When set to False, if there is an update/checkout lock for a git_pillar # remote and the pid written to it is not running on the master, the lock -# file will be automatically cleared and a new lock will be obtained. +# file will be automatically cleared and a new lock will be obtained. {{ get_config('git_pillar_global_lock', False) }} # Git External Pillar Authentication Options @@ -1379,4 +1379,4 @@ consul_config: {%- for name, value in cfg_master['consul_config'].items() %} {{ name }}: {{ value }} {%- endfor %} -{%- endif %} +{%- endif %} \ No newline at end of file diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index 9912b23..2d3ddfb 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -539,11 +539,11 @@ fileserver_backend: # Along with gitfs_password, is used to authenticate to HTTPS remotes. {{ get_config('gitfs_user', 'git') }} -# Along with gitfs_user, is used to authenticate to HTTPS remotes. +# Along with gitfs_user, is used to authenticate to HTTPS remotes. # This parameter is not required if the repository does not use authentication. {{ get_config('gitfs_password', '') }} -# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. +# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote. # This parameter enables authentication over HTTP. Enable this at your own risk. {{ get_config('gitfs_insecure_auth', 'False') }} @@ -735,9 +735,9 @@ ext_pillar: # be used instead. {{ get_config('git_pillar_branch', 'master') }} -# Environment to use for git_pillar remotes. This is normally derived from +# Environment to use for git_pillar remotes. This is normally derived from # the branch/tag (or from a per-remote env parameter), but if set this will -# override the process of deriving the env from the branch/tag name. +# override the process of deriving the env from the branch/tag name. {{ get_config('git_pillar_env', '') }} # Path relative to the root of the repository where the git_pillar top file @@ -745,12 +745,12 @@ ext_pillar: {{ get_config('git_pillar_root', 'pillar') }} # Specifies whether or not to ignore SSL certificate errors when contacting -# the remote repository. +# the remote repository. {{ get_config('git_pillar_ssl_verify', True) }} # When set to False, if there is an update/checkout lock for a git_pillar # remote and the pid written to it is not running on the master, the lock -# file will be automatically cleared and a new lock will be obtained. +# file will be automatically cleared and a new lock will be obtained. {{ get_config('git_pillar_global_lock', False) }} # Git External Pillar Authentication Options @@ -990,4 +990,4 @@ ext_pillar: ############################################ # Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch #event_match_type: startswith -{{ get_config('event_match_type', 'startswith') }} +{{ get_config('event_match_type', 'startswith') }} \ No newline at end of file From 6ae81a96407bab18e783ff1e18a0b22b325d315f Mon Sep 17 00:00:00 2001 From: Rene Jochum Date: Thu, 7 Jul 2016 16:16:50 +0200 Subject: [PATCH 104/146] Add support for mongodb connection settings to config templates. Signed-off-by: Rene Jochum --- salt/files/master.d/f_defaults.conf | 14 ++++++++++++++ salt/files/minion.d/f_defaults.conf | 16 +++++++++++++++- 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 08ca3eb..3965fa8 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -1379,4 +1379,18 @@ consul_config: {%- for name, value in cfg_master['consul_config'].items() %} {{ name }}: {{ value }} {%- endfor %} +{%- endif %} + +{% if 'mongo' in cfg_master -%} +##### mongodb connection settings ##### +########################################## +{%- for name, value in cfg_master['mongo'].items() %} +mongo.{{ name }}: {{ value }} +{%- endfor %} + +{% if 'alternative.mongo' in cfg_master -%} +{%- for name, value in cfg_master['alternative.mongo'].items() %} +alternative.mongo.{{ name }}: {{ value }} +{%- endfor %} +{% endif %} {%- endif %} \ No newline at end of file diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index 2d3ddfb..95d5865 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -990,4 +990,18 @@ ext_pillar: ############################################ # Default match type for filtering events tags: startswith, endswith, find, regex, fnmatch #event_match_type: startswith -{{ get_config('event_match_type', 'startswith') }} \ No newline at end of file +{{ get_config('event_match_type', 'startswith') }} + +{% if 'mongo' in cfg_minion -%} +##### mongodb connection settings ##### +########################################## +{%- for name, value in cfg_minion['mongo'].items() %} +mongo.{{ name }}: {{ value }} +{%- endfor %} + +{% if 'alternative.mongo' in cfg_minion -%} +{%- for name, value in cfg_minion['alternative.mongo'].items() %} +alternative.mongo.{{ name }}: {{ value }} +{%- endfor %} +{% endif %} +{%- endif %} \ No newline at end of file From 12390494cf9e9a6f77e8ed90eb8328c3925c4d0a Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Sat, 9 Jul 2016 08:29:33 -0400 Subject: [PATCH 105/146] Add support for s3fs --- salt/files/master.d/f_defaults.conf | 45 +++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 3965fa8..56aaeb5 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -859,6 +859,51 @@ gitfs_env_blacklist: # - feature/* {% endif %} +# S3 File Server Backend Configuration +# +# S3 credentials must be set in the master config file. +# Alternatively, if on EC2 these credentials can be automatically +# loaded from instance metadata. +{% if 's3.keyid' in cfg_master -%} +{{ get_config('s3.keyid', '') }} +{{ get_config('s3.key', '') }} +{% else -%} +# s3.keyid: GKTADJGHEIQSXMKKRBJ08H +# s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs +{% endif %} +# This fileserver supports two modes of operation for the buckets: +# - A single bucket per environment +# - Multiple environments per bucket +# +# Note that bucket names must be all lowercase both in the AWS console +# and in Salt, otherwise you may encounter SignatureDoesNotMatch +# errors. +# +# A multiple-environment bucket must adhere to the following root +# directory structure: +# +# s3://// +# +# This fileserver back-end requires the use of the MD5 hashing +# algorithm. MD5 may not be compliant with all security policies. +{% if 's3.buckets' in cfg_master -%} +{{ get_config('s3.buckets', '') }} +{% else -%} +# s3.buckets: #single bucket per environment +# production: +# - bucket1 +# - bucket2 +# staging: +# - bucket3 +# - bucket4 +# +# s3.buckets: #multiple environments per bucket +# - bucket1 +# - bucket2 +# - bucket3 +# - bucket4 +{% endif %} + ##### Pillar settings ##### ########################################## # Salt Pillars allow for the building of global data that can be made selectively From d7be9aba9f98a34a8acd4894a4b02a32c8813d46 Mon Sep 17 00:00:00 2001 From: "Matthew X. Economou" Date: Sat, 9 Jul 2016 21:23:49 -0400 Subject: [PATCH 106/146] Document sample s3fs configuration --- pillar.example | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pillar.example b/pillar.example index 832f939..6d3058d 100644 --- a/pillar.example +++ b/pillar.example @@ -20,10 +20,18 @@ salt: master: fileserver_backend: - git + - s3fs - roots gitfs_remotes: - git://github.com/saltstack-formulas/salt-formula.git: - base: develop + s3.keyid: GKTADJGHEIQSXMKKRBJ08H + s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs + s3.buckets: + - bucket1 + - bucket2 + - bucket3 + - bucket4 file_roots: base: - /srv/salt From fa6818af352d417f72d08e39be8d1328efc94194 Mon Sep 17 00:00:00 2001 From: Rene Jochum Date: Thu, 14 Jul 2016 18:18:24 +0200 Subject: [PATCH 107/146] Use https for the Ubuntu repo same as salt-bootstrap. Signed-off-by: Rene Jochum --- salt/pkgrepo/ubuntu/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/pkgrepo/ubuntu/init.sls b/salt/pkgrepo/ubuntu/init.sls index 35e950c..0fc7519 100644 --- a/salt/pkgrepo/ubuntu/init.sls +++ b/salt/pkgrepo/ubuntu/init.sls @@ -1,5 +1,5 @@ saltstack-pkgrepo: pkgrepo.managed: - - name: deb http://repo.saltstack.com/apt/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/latest {{ grains['lsb_distrib_codename'] }} main + - name: deb https://repo.saltstack.com/apt/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/latest {{ grains['lsb_distrib_codename'] }} main - file: /etc/apt/sources.list.d/saltstack.list - key_url: https://repo.saltstack.com/apt/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/latest/SALTSTACK-GPG-KEY.pub \ No newline at end of file From 1b611c871e17ec402c166ec352872c8b8c502837 Mon Sep 17 00:00:00 2001 From: Rene Jochum Date: Thu, 14 Jul 2016 18:23:08 +0200 Subject: [PATCH 108/146] Add optional method to remove /etc/salt/minion. Signed-off-by: Rene Jochum --- pillar.example | 7 +++++-- salt/defaults.yaml | 2 ++ salt/minion.sls | 6 ++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/pillar.example b/pillar.example index 6d3058d..3033bef 100644 --- a/pillar.example +++ b/pillar.example @@ -4,6 +4,9 @@ salt: # and up as it'll wipe out important files that Salt relies on. clean_config_d_dir: False + # This state will remove "/etc/salt/minion" when you set this to true. + minion_remove_config: True + # Set this to False to not have the formula install packages (in the case you # install Salt via git/pip/etc.) install_packages: True @@ -129,7 +132,7 @@ salt: # salt cloud config cloud: master: salt - + # For non-templated custom cloud provider/profile/map files providers: provider-filename1.conf: @@ -158,7 +161,7 @@ salt: map-filename1.map: server-non-prod: - host.mycompany.com: - grains: + grains: environment: dev1 # You can take profile and map templates from an alternate location diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 1a7fa7a..1cbb3f1 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -6,6 +6,8 @@ salt: config_path: /etc/salt + minion_remove_config: False + minion_service: salt-minion master_service: salt-master api_service: salt-api diff --git a/salt/minion.sls b/salt/minion.sls index 2097abe..9d141b7 100644 --- a/salt/minion.sls +++ b/salt/minion.sls @@ -23,6 +23,12 @@ salt-minion: - file: salt-minion - file: remove-old-minion-conf-file +{% if salt_settings.minion_remove_config %} +remove-default-minion-conf-file: + file.absent: + - name: {{ salt_settings.config_path }}/minion +{% endif %} + # clean up old _defaults.conf file if they have it around remove-old-minion-conf-file: file.absent: From f17b8f5424f271d8dbf9a19ad4b5887ab74ff081 Mon Sep 17 00:00:00 2001 From: Rene Jochum Date: Fri, 15 Jul 2016 15:13:21 +0200 Subject: [PATCH 109/146] Add optional method to remove /etc/salt/master. Signed-off-by: Rene Jochum --- pillar.example | 3 +++ salt/defaults.yaml | 1 + salt/master.sls | 6 ++++++ 3 files changed, 10 insertions(+) diff --git a/pillar.example b/pillar.example index 3033bef..0e7486c 100644 --- a/pillar.example +++ b/pillar.example @@ -7,6 +7,9 @@ salt: # This state will remove "/etc/salt/minion" when you set this to true. minion_remove_config: True + # This state will remove "/etc/salt/master" when you set this to true. + master_remove_config: True + # Set this to False to not have the formula install packages (in the case you # install Salt via git/pip/etc.) install_packages: True diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 1cbb3f1..c20f387 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -7,6 +7,7 @@ salt: config_path: /etc/salt minion_remove_config: False + master_remove_config: False minion_service: salt-minion master_service: salt-master diff --git a/salt/master.sls b/salt/master.sls index 3352353..e7918e6 100644 --- a/salt/master.sls +++ b/salt/master.sls @@ -21,6 +21,12 @@ salt-master: - file: salt-master - file: remove-old-master-conf-file +{% if salt_settings.master_remove_config %} +remove-default-master-conf-file: + file.absent: + - name: {{ salt_settings.config_path }}/master +{% endif %} + # clean up old _defaults.conf file if they have it around remove-old-master-conf-file: file.absent: From 3b265a544aa5818f3453a119f8a49151374397f3 Mon Sep 17 00:00:00 2001 From: "Jeremy T. Bouse" Date: Sat, 13 Aug 2016 13:56:53 -0400 Subject: [PATCH 110/146] Fix URLs in salt.pkgrepo for Raspbian & Ubuntu Rasbian reports back the following grain values: local: ---------- os: Raspbian os_family: Debian osarch: armhf osmajorrelease: 8 osrelease: 8.0 Ubuntu reports back the following grain values: local: ---------- os: Ubuntu os_family: Debian osarch: amd64 osmajorrelease: 14 osrelease: 14.04 For Raspbian the osarch needed to be changed from other Debain os_family distributions. For Ubuntu the osrelease value is needed instead of osmajorrelease as other Debian os_family distributions. Part of #180 --- salt/map.jinja | 13 ++++++++++++- salt/pkgrepo/init.sls | 2 +- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/salt/map.jinja b/salt/map.jinja index 2da0b0b..c256f0c 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -94,7 +94,18 @@ that differ from whats in defaults.yaml 'config_path': 'C:\salt\conf', 'minion_service': 'salt-minion', }, - }, grain="os_family", merge=salt['pillar.get']('salt:lookup')) + }, merge=salt['grains.filter_by']({ + 'Ubuntu': { + 'pkgrepo': 'deb http://repo.saltstack.com/apt/' + + salt['grains.get']('os')|lower + '/' + osrelease + '/amd64/latest ' + salt['grains.get']('oscodename') + ' main', + 'key_url': 'https://repo.saltstack.com/apt/' + salt['grains.get']('os')|lower + '/' + osrelease + '/amd64/latest/SALTSTACK-GPG-KEY.pub', + }, + 'Raspbian': { + 'pkgrepo': 'deb http://repo.saltstack.com/apt/' + + salt['grains.get']('os_family')|lower + '/' + salt['grains.get']('osmajorrelease', osrelease) + '/armhf/latest ' + salt['grains.get']('oscodename') + ' main', + 'key_url': 'https://repo.saltstack.com/apt/' + salt['grains.get']('os_family')|lower + '/' + salt['grains.get']('osmajorrelease', osrelease) + '/armhf/latest/SALTSTACK-GPG-KEY.pub', + }, + }, grain='os', merge=salt['pillar.get']('salt:lookup'))) %} {## Merge the flavor_map to the default settings ##} diff --git a/salt/pkgrepo/init.sls b/salt/pkgrepo/init.sls index 1f10148..e6eeb3c 100644 --- a/salt/pkgrepo/init.sls +++ b/salt/pkgrepo/init.sls @@ -1,6 +1,6 @@ {% set name = { 'RedHat': 'redhat', - 'Debian': grains['os']|lower, + 'Debian': grains['os_family']|lower, }.get(grains.os_family) %} include: - .{{ name }} From 5abdaee5a2ee333b54e1fa2b26512175e5bcae22 Mon Sep 17 00:00:00 2001 From: Matthew Richardson Date: Mon, 22 Aug 2016 11:22:08 +0100 Subject: [PATCH 111/146] Handle config opts not part of default config. --- salt/files/minion.d/f_defaults.conf | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index 95d5865..172927b 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -4,7 +4,9 @@ {% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] -%} {% set cfg_salt = pillar.get('salt', {}) -%} {% set cfg_minion = cfg_salt.get('minion', {}) -%} +{% set default_keys = [] -%} {%- macro get_config(configname, default_value) -%} +{%- do default_keys.append(configname) %} {%- if configname in cfg_minion -%} {{ configname }}: {{ cfg_minion[configname]|json }} {%- elif configname in cfg_salt and configname not in reserved_keys -%} @@ -103,6 +105,7 @@ master: # same machine but with different ids, this can be useful for salt compute # clusters. {% if 'id' in cfg_minion -%} +{%- do default_keys.append('id') %} id: {{ cfg_minion['id'] }} {% else -%} #id: @@ -205,6 +208,7 @@ id: {{ cfg_minion['id'] }} {{ get_config('ping_interval', '0') }} {%- if 'mine_functions' in cfg_minion %} +{%- do default_keys.append('mine_functions') %} mine_functions: {%- for func, args in cfg_minion['mine_functions'].items() %} {{ func }}: {{ args }} @@ -336,6 +340,7 @@ mine_functions: # # Include a config file from some other path: {% if 'include' in cfg_minion -%} +{%- do default_keys.append('include') %} {% if isinstance(cfg_minion['include'], list) -%} include: {% for include in cfg_minion['include'] -%} @@ -483,6 +488,7 @@ file_client: local # - /srv/salt/prod/services # - /srv/salt/prod/states {% if 'file_roots' in cfg_minion -%} +{%- do default_keys.append('file_roots') %} {{ file_roots(cfg_minion['file_roots']) }} {%- elif 'file_roots' in cfg_salt -%} {{ file_roots(cfg_salt['file_roots']) }} @@ -511,6 +517,7 @@ file_client: local # - git # - roots {% if 'fileserver_backend' in cfg_minion -%} +{%- do default_keys.append('fileserver_backend') %} fileserver_backend: {%- for backend in cfg_minion['fileserver_backend'] %} - {{ backend }} @@ -570,6 +577,7 @@ fileserver_backend: # Note: file:// repos will be treated as a remote, so refs you want used must # exist in that repo as *local* refs. {% if 'gitfs_remotes' in cfg_minion -%} +{%- do default_keys.append('gitfs_remotes') %} gitfs_remotes: {%- for remote in cfg_minion['gitfs_remotes'] %} {%- if remote is iterable and remote is not string %} @@ -602,6 +610,7 @@ gitfs_remotes: # The gitfs_env_whitelist and gitfs_env_blacklist parameters allow for greater # control over which branches/tags are exposed as fileserver environments. {% if 'gitfs_env_whitelist' in cfg_minion -%} +{%- do default_keys.append('gitfs_env_whitelist') %} gitfs_env_whitelist: {%- for git_env in cfg_minion['gitfs_env_whitelist'] %} - {{ git_env }} @@ -613,6 +622,7 @@ gitfs_env_whitelist: {% endif %} {% if 'gitfs_env_blacklist' in cfg_minion -%} +{%- do default_keys.append('gitfs_env_blacklist') %} gitfs_env_blacklist: {%- for git_env in cfg_minion['gitfs_env_blacklist'] %} - {{ git_env }} @@ -629,6 +639,7 @@ gitfs_env_blacklist: # this is the case, and pillar data is defined, then the pillar_roots need to # also be configured on the minion: {% if 'pillar_roots' in cfg_minion -%} +{%- do default_keys.append('pillar_roots') %} pillar_roots: {%- for name, roots in cfg_minion['pillar_roots']|dictsort %} {{ name }}: @@ -651,6 +662,7 @@ pillar_roots: {%- endif %} {% if 'ext_pillar' in cfg_minion %} +{%- do default_keys.append('ext_pillar') %} ext_pillar: {%- for pillar in cfg_minion['ext_pillar'] -%} {%- for key in pillar -%} @@ -930,6 +942,7 @@ ext_pillar: {%- if 'module_config' in cfg_minion %} +{%- do default_keys.append('module_config') %} {%- for modkey, modval in cfg_minion.module_config.items() %} {{ modkey }}: {{ modval }} {%- endfor %} @@ -993,6 +1006,7 @@ ext_pillar: {{ get_config('event_match_type', 'startswith') }} {% if 'mongo' in cfg_minion -%} +{%- do default_keys.append('mongo') %} ##### mongodb connection settings ##### ########################################## {%- for name, value in cfg_minion['mongo'].items() %} @@ -1000,8 +1014,17 @@ mongo.{{ name }}: {{ value }} {%- endfor %} {% if 'alternative.mongo' in cfg_minion -%} +{%- do default_keys.append('alternative.mongo') %} {%- for name, value in cfg_minion['alternative.mongo'].items() %} alternative.mongo.{{ name }}: {{ value }} {%- endfor %} {% endif %} -{%- endif %} \ No newline at end of file +{%- endif %} + +############ Other settings ############ +########################################## +{%- for configname in cfg_minion %} +{%- if configname not in reserved_keys and configname not in default_keys %} +{{ configname }}: {{ cfg_minion[configname]|json }} +{%- endif %} +{%- endfor %} \ No newline at end of file From 89ece150e61c91e31e1bdb3af9b249fbd5d0fe56 Mon Sep 17 00:00:00 2001 From: Matthew Richardson Date: Tue, 23 Aug 2016 09:48:39 +0100 Subject: [PATCH 112/146] Tidy up comments, add some docs/examples. --- README.rst | 2 +- pillar.example | 4 ++++ salt/files/minion.d/f_defaults.conf | 2 -- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.rst b/README.rst index 67e3294..a034960 100644 --- a/README.rst +++ b/README.rst @@ -120,7 +120,7 @@ you control, then you can safely enable the ``Configuration`` ================= -Every option available in the templates can be set in pillar. Settings under 'salt' will be overridden by more specific settings under ``salt['master']``, ``salt['minion']`` or ``salt['cloud']`` +Every option available in the templates can be set in pillar. Settings under 'salt' will be overridden by more specific settings under ``salt['master']``, ``salt['minion']`` or ``salt['cloud']``. Options specified in ``salt['minion']`` which are not present in the default configuration file will be added to the end of the configuration file. :: diff --git a/pillar.example b/pillar.example index 0e7486c..4b0938a 100644 --- a/pillar.example +++ b/pillar.example @@ -132,6 +132,10 @@ salt: mine_functions: network.interface_ip: [eth0] + # other 'non-default' config + auth_keytab: /root/auth.keytab + auth_principal: kadmin/admin + # salt cloud config cloud: master: salt diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index 172927b..4178d42 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -1021,8 +1021,6 @@ alternative.mongo.{{ name }}: {{ value }} {% endif %} {%- endif %} -############ Other settings ############ -########################################## {%- for configname in cfg_minion %} {%- if configname not in reserved_keys and configname not in default_keys %} {{ configname }}: {{ cfg_minion[configname]|json }} From 776c5ecbe6f1f2839e0c4f37367a54b297cc8d81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Paw=C5=82owski?= Date: Wed, 24 Aug 2016 13:06:24 +0200 Subject: [PATCH 113/146] Add yaml_utf8 option to salt master configuration. --- salt/files/master.d/f_defaults.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 56aaeb5..002d371 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -610,6 +610,9 @@ master_tops: # 'salt/job//prog//'. {{ get_config('state_events', 'False') }} +# Enable extra routines for YAML renderer used states containing UTF characters. +{{ get_config('yaml_utf8', 'False') }} + ##### File Server settings ##### ########################################## # Salt runs a lightweight file server written in zeromq to deliver files to From a89d8d9b6bc31bc7681ed5ae96772d4812003622 Mon Sep 17 00:00:00 2001 From: "Jeremy T. Bouse" Date: Sun, 4 Sep 2016 14:47:39 +0000 Subject: [PATCH 114/146] Add winrepo_provider to master.d/f_defaults.conf --- salt/files/master.d/f_defaults.conf | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 002d371..3a9bc76 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -1304,6 +1304,12 @@ nodegroups: ##### Windows Software Repo settings ##### ########################################### +# Specify the provider to be used for git_pillar. Must be either pygit2 or +# gitpython. If unset, then both will be tried in that same order, and the +# first one with a compatible version installed will be the provider that +# is used. +{{ get_config('winrepo_provider', 'pygit2') }} + # Repo settings for 2015.8+ master used with 2015.8+ Windows minions # # Location of the repo on the master: @@ -1441,4 +1447,4 @@ mongo.{{ name }}: {{ value }} alternative.mongo.{{ name }}: {{ value }} {%- endfor %} {% endif %} -{%- endif %} \ No newline at end of file +{%- endif %} From 79fcda8806c6e92ebbcedd355fc49b0bd0473a5e Mon Sep 17 00:00:00 2001 From: "Jeremy T. Bouse" Date: Sun, 4 Sep 2016 14:48:10 +0000 Subject: [PATCH 115/146] Clean up formating of nodegroups --- salt/files/master.d/f_defaults.conf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 3a9bc76..6550c56 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -1282,17 +1282,17 @@ log_granular_levels: #nodegroups: # group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com' # group2: 'G@os:Debian and foo.domain.com' -{% if 'nodegroups' in cfg_master %} +{%- if 'nodegroups' in cfg_master %} nodegroups: - {% for name, lvl in cfg_master['nodegroups'].items() %} + {%- for name, lvl in cfg_master['nodegroups'].items() %} {{ name }}: {{ lvl }} - {% endfor %} -{% elif 'nodegroups' in cfg_salt %} + {%- endfor %} +{%- elif 'nodegroups' in cfg_salt %} nodegroups: - {% for name, lvl in cfg_salt['nodegroups'].items() %} + {%- for name, lvl in cfg_salt['nodegroups'].items() %} {{ name }}: {{ lvl }} - {% endfor %} -{% endif %} + {%- endfor %} +{%- endif %} ##### Range Cluster settings ##### ########################################## From a842dbe6218b9605cce9248442eb247cb7436fd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kr=C3=A4mer?= Date: Mon, 5 Sep 2016 10:48:31 +0200 Subject: [PATCH 116/146] Fixes saltstack-formulas/salt-formula#190 --- salt/map.jinja | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/salt/map.jinja b/salt/map.jinja index c256f0c..2b14108 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -1,6 +1,33 @@ # -*- coding: utf-8 -*- # vim: ft=jinja +{%- macro deep_merge(a, b) %} +{%- for k,v in b.iteritems() %} +{%- if v is string or v is number %} +{%- do a.update({ k: v }) %} +{%- elif v is not mapping %} +{%- if a[k] is not defined %} +{%- do a.update({ k: v }) %} +{%- elif a[k] is iterable and a[k] is not mapping and a[k] is not string %} +{%- do a.update({ k: v|list + a[k]|list}) %} +{%- else %} +{%- do a.update({ k: v }) %} +{%- endif %} +{%- elif v is mapping %} +{%- if a[k] is not defined %} +{%- do a.update({ k: v }) %} +{%- elif a[k] is not mapping %} +{%- do a.update({ k: v }) %} +{%- else %} +{%- do deep_merge(a[k], v) %} +{%- endif %} +{%- else %} +{%- do a.update({ k: 'ERROR: case not contempled in merging!' }) %} +{%- endif %} +{%- endfor %} +{%- endmacro %} + + {## Start with defaults from defaults.yaml ##} {% import_yaml "salt/defaults.yaml" as default_settings %} @@ -109,7 +136,7 @@ that differ from whats in defaults.yaml %} {## Merge the flavor_map to the default settings ##} -{% do default_settings.salt.update(os_family_map) %} +{% do deep_merge(default_settings.salt,os_family_map) %} {## Merge in salt:lookup pillar ##} {% set salt_settings = salt['pillar.get']( From 4283cba1234da9a3da9e1c95a768d898fa20bdce Mon Sep 17 00:00:00 2001 From: "Jeremy T. Bouse" Date: Tue, 6 Sep 2016 05:33:23 +0000 Subject: [PATCH 117/146] Add example for winrepo_provider --- pillar.example | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pillar.example b/pillar.example index 4b0938a..9575dc9 100644 --- a/pillar.example +++ b/pillar.example @@ -74,6 +74,11 @@ salt: # filter to use for Most other LDAP servers auth.ldap.filter: {% raw %}'uid={{ username }}'{% endraw %} + # Define winrepo provider, by default support order is pygit2, gitpython + # Set to gitpython for Debian & Ubuntu to get around saltstack/salt#35993 + # where pygit2 is not compiled with pygit2.GIT_FEATURE_HTTPS support + winrepo_provider: gitpython + # optional engine configuration engines: slack: From 749bf0e8634c44b4156eaf597d3045dbb73b3192 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Kr=C3=A4mer?= Date: Tue, 13 Sep 2016 09:03:06 +0200 Subject: [PATCH 118/146] [BIGFUX] make pygit2 work with ubuntu xenial --- salt/map.jinja | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/salt/map.jinja b/salt/map.jinja index 2b14108..f237dde 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -126,6 +126,16 @@ that differ from whats in defaults.yaml 'pkgrepo': 'deb http://repo.saltstack.com/apt/' + salt['grains.get']('os')|lower + '/' + osrelease + '/amd64/latest ' + salt['grains.get']('oscodename') + ' main', 'key_url': 'https://repo.saltstack.com/apt/' + salt['grains.get']('os')|lower + '/' + osrelease + '/amd64/latest/SALTSTACK-GPG-KEY.pub', + 'pygit2': 'python-pygit2', + 'gitfs': { + 'pygit2': { + 'install_from_source': False, + 'git': { + 'require_state': False, + 'install_from_package': None, + }, + }, + }, }, 'Raspbian': { 'pkgrepo': 'deb http://repo.saltstack.com/apt/' + From 37f82242e7f5202d88fe88d0d2d3d3dc73f0c92f Mon Sep 17 00:00:00 2001 From: John Kristensen Date: Tue, 20 Sep 2016 13:38:01 +1000 Subject: [PATCH 119/146] By default don't install cloud dependencies using pip The salt-cloud packages automatically pull in the pycrypto and libcloud dependencies for RedHat and Debian (at least when using the SaltStack repos), so it doesn't really make sense to install these dependencies using pip. By default we no longer use pip, but the old behaviour can be restored by setting 'salt:use_pip' to True in the pillar. There could probably be a case made for removing the pip stuff altogether, but we will leave it in for the time being to preserve some backwards compatibility. --- salt/cloud.sls | 4 ++++ salt/defaults.yaml | 1 + 2 files changed, 5 insertions(+) diff --git a/salt/cloud.sls b/salt/cloud.sls index 3c80080..63d4776 100644 --- a/salt/cloud.sls +++ b/salt/cloud.sls @@ -4,6 +4,7 @@ {% set cloudprofiles = salt['pillar.get']('salt:cloud:profiles', {}) -%} {% set cloudproviders = salt['pillar.get']('salt:cloud:providers', {}) -%} +{%- if salt_settings.use_pip %} python-pip: pkg.installed @@ -23,17 +24,20 @@ apache-libcloud: pip.installed: - require: - pkg: python-pip +{%- endif %} {% if salt_settings.install_packages %} salt-cloud: pkg.installed: - name: {{ salt_settings.salt_cloud }} + {%- if salt_settings.use_pip %} - require: - pip: apache-libcloud - pip: pycrypto {% if grains['os_family'] not in ['Debian', 'RedHat'] %} - pip: crypto {% endif %} + {%- endif %} {% endif %} {% for cert in pillar.get('salt_cloud_certs', {}) %} diff --git a/salt/defaults.yaml b/salt/defaults.yaml index c20f387..91512f5 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -2,6 +2,7 @@ # vim: ft=yaml salt: install_packages: True + use_pip: False clean_config_d_dir: True config_path: /etc/salt From ddaa166de21cee9ec86a29ad462396de1a345b84 Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Fri, 30 Sep 2016 21:27:20 +0200 Subject: [PATCH 120/146] add engine and reactor config to salt minion configuration --- pillar.example | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/pillar.example b/pillar.example index 9575dc9..3394677 100644 --- a/pillar.example +++ b/pillar.example @@ -141,6 +141,23 @@ salt: auth_keytab: /root/auth.keytab auth_principal: kadmin/admin + # optional engine configuration + engines: + slack: + token: xoxp-XXXXX-XXXXXXX + control: True + valid_users: + - someuser + - otheruser + valid_commands: + - test.ping + - list_jobs + aliases: + list_jobs: + type: runner + cmd: jobs.list_jobs + + # salt cloud config cloud: master: salt From 13a6ecf8b9c65f0865f604e86c8087e315224b7b Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Fri, 30 Sep 2016 22:00:11 +0200 Subject: [PATCH 121/146] add missing files --- salt/files/minion.d/engine.conf | 8 ++++++++ salt/files/minion.d/reactor.conf | 15 +++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 salt/files/minion.d/engine.conf create mode 100644 salt/files/minion.d/reactor.conf diff --git a/salt/files/minion.d/engine.conf b/salt/files/minion.d/engine.conf new file mode 100644 index 0000000..d2ecec6 --- /dev/null +++ b/salt/files/minion.d/engine.conf @@ -0,0 +1,8 @@ +# +# This file is managed by Salt! Do not edit by hand! +# +{%- set engines = salt['pillar.get']('salt:engines') -%} +{%- if engines %} +engines: + {{ engines | yaml(False) | indent(2) }} +{%- endif -%} diff --git a/salt/files/minion.d/reactor.conf b/salt/files/minion.d/reactor.conf new file mode 100644 index 0000000..dd7fbb5 --- /dev/null +++ b/salt/files/minion.d/reactor.conf @@ -0,0 +1,15 @@ +# +# This file is managed by Salt! Do not edit by hand! +# +{%- set reactors = salt['pillar.get']('salt:reactor') -%} +{%- if reactors %} +reactor: + {%- for reactor in reactors %} + {%- for event_tag, reactor_files in reactor.items() %} + - '{{ event_tag }}': + {%- for reactor_file in reactor_files %} + - {{ reactor_file }} + {%- endfor %} + {%- endfor %} + {% endfor -%} +{%- endif -%} From 1ffbb4b6bc947ffa2b3e406ee13ac489f82d9ba0 Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Sat, 1 Oct 2016 09:30:39 +0200 Subject: [PATCH 122/146] add option to start minion service if master_type is set to disable --- salt/standalone.sls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/salt/standalone.sls b/salt/standalone.sls index e98a58c..ba5441f 100644 --- a/salt/standalone.sls +++ b/salt/standalone.sls @@ -13,7 +13,11 @@ salt-minion: - exclude_pat: _* - context: standalone: True +{%- if salt_settings.minion.master_type is defined and salt_settings.minion.master_type == 'disable' %} + service.running: +{%- else %} service.dead: +{%- endif %} - enable: False - name: {{ salt_settings.minion_service }} - require: From 64e7376fe4e8834b874942866c132b64442cd504 Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Sat, 1 Oct 2016 11:31:56 +0200 Subject: [PATCH 123/146] fix minion daemon to be enabled if master_type is set to disable --- salt/standalone.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/standalone.sls b/salt/standalone.sls index ba5441f..e76e2c3 100644 --- a/salt/standalone.sls +++ b/salt/standalone.sls @@ -15,10 +15,11 @@ salt-minion: standalone: True {%- if salt_settings.minion.master_type is defined and salt_settings.minion.master_type == 'disable' %} service.running: + - enable: True {%- else %} service.dead: -{%- endif %} - enable: False +{%- endif %} - name: {{ salt_settings.minion_service }} - require: {% if salt_settings.install_packages %} From c27bfd92b741193ebf44b83395e6f9dd920df2d0 Mon Sep 17 00:00:00 2001 From: carpenti Date: Wed, 5 Oct 2016 10:26:36 +0200 Subject: [PATCH 124/146] make the configuration of engines specific to master or minion the engines are now configured using the following pillars: * salt.master.engines * salt.minion.engines instead of a global salt.engines pillar. Note: the pillar.example provided seems to assume this behaviour. (the pillar is salt.master.engines.slack and not salt.engines.slack) --- salt/files/master.d/engine.conf | 2 +- salt/files/minion.d/engine.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/files/master.d/engine.conf b/salt/files/master.d/engine.conf index d2ecec6..5e7089d 100644 --- a/salt/files/master.d/engine.conf +++ b/salt/files/master.d/engine.conf @@ -1,7 +1,7 @@ # # This file is managed by Salt! Do not edit by hand! # -{%- set engines = salt['pillar.get']('salt:engines') -%} +{%- set engines = salt['pillar.get']('salt:master:engines') -%} {%- if engines %} engines: {{ engines | yaml(False) | indent(2) }} diff --git a/salt/files/minion.d/engine.conf b/salt/files/minion.d/engine.conf index d2ecec6..17773e5 100644 --- a/salt/files/minion.d/engine.conf +++ b/salt/files/minion.d/engine.conf @@ -1,7 +1,7 @@ # # This file is managed by Salt! Do not edit by hand! # -{%- set engines = salt['pillar.get']('salt:engines') -%} +{%- set engines = salt['pillar.get']('salt:minion:engines') -%} {%- if engines %} engines: {{ engines | yaml(False) | indent(2) }} From 08d10376abb17afbc86184ed253e079473ba1405 Mon Sep 17 00:00:00 2001 From: carpenti Date: Wed, 5 Oct 2016 21:14:00 +0200 Subject: [PATCH 125/146] implementing retro-compatible behavior Using the old salt.engines pillar and merging it with the new salt.[master|minion].engines pillar. This way, it doesn't break previous behavior and permits to define common engines on master and minion. In the merge, the salt.[master|minion].engines pillar takes precedence if conflict as it's the more specific pillar. --- salt/files/master.d/engine.conf | 3 ++- salt/files/minion.d/engine.conf | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/salt/files/master.d/engine.conf b/salt/files/master.d/engine.conf index 5e7089d..746cdbe 100644 --- a/salt/files/master.d/engine.conf +++ b/salt/files/master.d/engine.conf @@ -1,7 +1,8 @@ # # This file is managed by Salt! Do not edit by hand! # -{%- set engines = salt['pillar.get']('salt:master:engines') -%} +{%- set engines = salt['pillar.get']('salt:engines') -%} +{%- set engines = salt['pillar.get']('salt:master:engines', default=engines, merge=True) -%} {%- if engines %} engines: {{ engines | yaml(False) | indent(2) }} diff --git a/salt/files/minion.d/engine.conf b/salt/files/minion.d/engine.conf index 17773e5..658f0e0 100644 --- a/salt/files/minion.d/engine.conf +++ b/salt/files/minion.d/engine.conf @@ -1,7 +1,8 @@ # # This file is managed by Salt! Do not edit by hand! # -{%- set engines = salt['pillar.get']('salt:minion:engines') -%} +{%- set engines = salt['pillar.get']('salt:engines') -%} +{%- set engines = salt['pillar.get']('salt:minion:engines', default=engines, merge=True) -%} {%- if engines %} engines: {{ engines | yaml(False) | indent(2) }} From 3098aebcadfdd33188461731d0ebd25a4db1ccee Mon Sep 17 00:00:00 2001 From: carpenti Date: Wed, 5 Oct 2016 22:28:33 +0200 Subject: [PATCH 126/146] add engines as a reserved_keys to not add generic configuration --- salt/files/master.d/f_defaults.conf | 2 +- salt/files/minion.d/f_defaults.conf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 6550c56..c613ee7 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -1,6 +1,6 @@ # This file managed by Salt, do not edit by hand!! # Based on salt version 2015.8.7 default config -{% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] -%} +{% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs', 'engines'] -%} {% set cfg_salt = pillar.get('salt', {}) -%} {% set cfg_master = cfg_salt.get('master', {}) -%} {%- macro get_config(configname, default_value) -%} diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index 4178d42..c6629f0 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -1,7 +1,7 @@ # This file managed by Salt, do not edit by hand!! # Based on salt version 2015.8.7 default config # -{% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs'] -%} +{% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs', 'engines'] -%} {% set cfg_salt = pillar.get('salt', {}) -%} {% set cfg_minion = cfg_salt.get('minion', {}) -%} {% set default_keys = [] -%} @@ -1025,4 +1025,4 @@ alternative.mongo.{{ name }}: {{ value }} {%- if configname not in reserved_keys and configname not in default_keys %} {{ configname }}: {{ cfg_minion[configname]|json }} {%- endif %} -{%- endfor %} \ No newline at end of file +{%- endfor %} From 9d0b6b03d8ee22e46d4469a302ef6ac04db77e57 Mon Sep 17 00:00:00 2001 From: Marcin Witowski Date: Fri, 7 Oct 2016 00:48:59 +0200 Subject: [PATCH 127/146] fix typo for top_file_merging_strategy in salt/files/master.d/f_defaults.conf template --- salt/files/master.d/f_defaults.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 6550c56..7918fb8 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -650,7 +650,7 @@ master_tops: # default behaviour is an unordered merge. To prevent top files from # being merged together and instead to only use the top file from the # requested environment, set this value to 'same'. -{{ get_config('top_file_merging_stragety', 'merge') }} +{{ get_config('top_file_merging_strategy', 'merge') }} # To specify the order in which environments are merged, set the ordering # in the env_order option. Given a conflict, the last matching value will From 423d58dd888efbb71d4fad170d3dc332d8166e94 Mon Sep 17 00:00:00 2001 From: Ivan Kadochnikov Date: Fri, 7 Oct 2016 16:26:14 +0300 Subject: [PATCH 128/146] Add state that ensures pkgrepo for RedHat is absent --- salt/pkgrepo/redhat/absent.sls | 3 +++ 1 file changed, 3 insertions(+) diff --git a/salt/pkgrepo/redhat/absent.sls b/salt/pkgrepo/redhat/absent.sls index e69de29..9945714 100644 --- a/salt/pkgrepo/redhat/absent.sls +++ b/salt/pkgrepo/redhat/absent.sls @@ -0,0 +1,3 @@ +drop-saltstack-pkgrepo: + pkgrepo.absent: + - name: saltstack-pkgrepo From 6f4880a25826ac5df3f20875df27ae7852ec440f Mon Sep 17 00:00:00 2001 From: Rob Ruma Date: Fri, 14 Oct 2016 08:25:18 -0400 Subject: [PATCH 129/146] Adding support for master_id option documented in https://docs.saltstack.com/en/latest/ref/configuration/master.html#master-id --- salt/files/master.d/f_defaults.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 7918fb8..0a6093d 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -21,6 +21,12 @@ # after the comment then the value is presented as an example and is not the # default. +# The id to be passed in the publish job to minions. +# This is used for MultiSyndics to return the job to the requesting master. +# This must be the same string as the syndic is configured with. +# master_id: None +{{ get_config('master_id', 'None') }} + # Per default, the master will automatically include all config files # from master.d/*.conf (master.d is a directory in the same directory # as the main master config file). From 8fd8c76d5f84f5bbc0940ffd5dcb12518d911334 Mon Sep 17 00:00:00 2001 From: genuss Date: Wed, 9 Nov 2016 20:48:15 +0300 Subject: [PATCH 130/146] Change default value for pillar_opts --- salt/files/master.d/f_defaults.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 6550c56..7030474 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -983,7 +983,7 @@ ext_pillar: # The pillar_opts option adds the master configuration file data to a dict in # the pillar called "master". This is used to set simple configurations in the # master config file that can then be used on minions. -{{ get_config('pillar_opts', 'True') }} +{{ get_config('pillar_opts', 'False') }} # The pillar_safe_render_error option prevents the master from passing pillar # render errors to the minion. This is set on by default because the error could From 13ea551011f06f03caab0ba83cf0acc5e928f223 Mon Sep 17 00:00:00 2001 From: Ivan Kadochnikov Date: Fri, 7 Oct 2016 15:55:15 +0300 Subject: [PATCH 131/146] Simplify pkgrepo logic, made possible by 3b265a544 --- salt/pkgrepo/absent.sls | 2 +- salt/pkgrepo/init.sls | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/salt/pkgrepo/absent.sls b/salt/pkgrepo/absent.sls index d79b15f..b66c8e3 100644 --- a/salt/pkgrepo/absent.sls +++ b/salt/pkgrepo/absent.sls @@ -1,2 +1,2 @@ include: - - .{{ grains['os']|lower }}.absent + - .{{ grains['os_family']|lower }}.absent diff --git a/salt/pkgrepo/init.sls b/salt/pkgrepo/init.sls index e6eeb3c..b2c794c 100644 --- a/salt/pkgrepo/init.sls +++ b/salt/pkgrepo/init.sls @@ -1,6 +1,2 @@ -{% set name = { - 'RedHat': 'redhat', - 'Debian': grains['os_family']|lower, -}.get(grains.os_family) %} include: - - .{{ name }} + - .{{ grains['os_family']|lower }} From fcefad089941423d9dce26efc76a24550162d14a Mon Sep 17 00:00:00 2001 From: Ivan Kadochnikov Date: Fri, 7 Oct 2016 15:55:44 +0300 Subject: [PATCH 132/146] Delete pkgrepo/ubuntu, not used anymore --- salt/pkgrepo/ubuntu/absent.sls | 5 ----- salt/pkgrepo/ubuntu/init.sls | 5 ----- 2 files changed, 10 deletions(-) delete mode 100644 salt/pkgrepo/ubuntu/absent.sls delete mode 100644 salt/pkgrepo/ubuntu/init.sls diff --git a/salt/pkgrepo/ubuntu/absent.sls b/salt/pkgrepo/ubuntu/absent.sls deleted file mode 100644 index 1b63537..0000000 --- a/salt/pkgrepo/ubuntu/absent.sls +++ /dev/null @@ -1,5 +0,0 @@ -drop-saltstack-pkgrepo: - pkgrepo.absent: - - name: deb http://repo.saltstack.com/apt/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/latest {{ grains['lsb_distrib_codename'] }} main - - file: /etc/apt/sources.list.d/saltstack.list - - key_url: https://repo.saltstack.com/apt/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/latest/SALTSTACK-GPG-KEY.pub \ No newline at end of file diff --git a/salt/pkgrepo/ubuntu/init.sls b/salt/pkgrepo/ubuntu/init.sls deleted file mode 100644 index 0fc7519..0000000 --- a/salt/pkgrepo/ubuntu/init.sls +++ /dev/null @@ -1,5 +0,0 @@ -saltstack-pkgrepo: - pkgrepo.managed: - - name: deb https://repo.saltstack.com/apt/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/latest {{ grains['lsb_distrib_codename'] }} main - - file: /etc/apt/sources.list.d/saltstack.list - - key_url: https://repo.saltstack.com/apt/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/latest/SALTSTACK-GPG-KEY.pub \ No newline at end of file From e18eeffb5ecfc9937abcaaecf93b05b14a19d81a Mon Sep 17 00:00:00 2001 From: Ivan Kadochnikov Date: Fri, 7 Oct 2016 15:58:47 +0300 Subject: [PATCH 133/146] Delete debian saltstack repo gpg, not used since 87f3e849d23d --- salt/pkgrepo/debian/saltstack.gpg | Bin 2212 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 salt/pkgrepo/debian/saltstack.gpg diff --git a/salt/pkgrepo/debian/saltstack.gpg b/salt/pkgrepo/debian/saltstack.gpg deleted file mode 100644 index 78da01e4d02e76b880acf2cdbab719da0851dd75..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2212 zcmV;V2wV4=0u2OFep)O65CFlTb!7VIqTBoob+53rKJO^krL|RpjInKfc58&6WdASR z<C66P27Rw|$CP+&L$_!Vi#NF0bLk77d6j+2a^=e>r!LeP z)t)SK=Zxo4@IZn`3Sli5I6@gEeLQrCcH{qF;iwkeL|uu9QV{r{mDU%04YzR3*JWoR z8qpP^Sr`In$|YD$-Xkr?gE=8GHWEYzw^zy&`FT5_pf@OAuOT{I*wDX%BcqYOo2QMIl`lGw|)9v8QnTw4k z>4B20+~*~rVgf=xEOz2sAbuIKz2eCTdekFRO>T9402m3zkEM2ZcYbm73;j75D7bpD z4Y6r8aR=F-$0_2&R@-o7G5?Ja?p1aRr%PCV&Wn@Vl+t`@P0D)I{CwlfelD8K0ZDE% zYSx?B66}ybNoII6Y`;#^@fzz7PfcH^{u% z^59EpXHAd9+6xX_>5_5RNAVbPA}u2ZIZ*4w_0yhK` z0SEvg1p-liS}Xz^0|g5S2nPcN6$%Lm3k4Pe0|5X69svRufB*^!5U`#=u=1{Ixhe4w z0JDU+Lo%CMt^P6_5`}jjsWr@xL(wh#Ka0D3c+ZEW4s$d#8b$$NG70wc9Z+KeOoE-@ zV#oFf>mTi)M==XYDxgU(-ItFN8!Vjqd5zZ*>O z0%=H1tpvT`ruTFE5AFcfZG?;vE#cxwCEGazUZe|(v>yPY06?s{^K1Q%*_G8sZNV9q z%I8^L2LRTRiI}Im8=^EGii151~6tDsS1GxeX z1W|rkECCPzs6JR{Ebhp2lLdHokWzR6GeFE1PnnG#$?zY^l7hnT7Qjew)&Qp|w=F_J`pBSY(j>gOigd7cE|20ZCtGZo{+B~v>)0bZnDcr!)b(ZT>M z;xP>n)T`CdERoHKj}BtpKED_Cl5p0wG^4ZinW%0}S4A@CtYC{-e@EST0X(W}xX1tL z81z6OIw2NojHdx_PvW?lA2%ZiD8n7mt7cbg)5pypSj|MeBTmQFg`ZqjlNN1!*ghjo z(zP)yu@yFOU5indiy76fj`vwOqoTDe0;F&M-lesT;A;QtS)wiJC$_YXQw@HWJ2r1cp8k)i?I?i zBk%v)+pJelDpoKr&jNk5*TlS$s zcs?KQ9dUh}hMoZ3wXm2Nqu4tM)F>gb{kG7(o5>R($@5XEcOO+}&=_Mqo6p<^hvS7F z*O9X(g};{tT_nP&4z26-qWh|##IxC%9Ik8DVTUI&?-Nx|ifU8-B7?8}6MV=V8!wyw ze0#|S^3@|n_%BPP^K4ISGET3qm18Wbn^##*^c`!Me3>>;wwyNdZAtnHzHK!z=x$*+ z*jT@KXE)klq=vwJ-=x6c^qCH;xGJlgPWJ*fM_x=xhxbSsi49~1r~Q8fpaYG80D|Cg zM!wsT%;Xe}3P(~u_u+>(S0j-ItG6Up#zKR6rF3VNzDtx6T|cU}q9ie&x$CI|#K43r zhc(MLzyw2+$D32^UFa5++*=)v0Ix0KSywBhEN=L!G%V^MtcORd*YIvedZMhl9G~W= zRKoiJFj>=pcw#`zlrQ9FT#SVqMNjDcb2$tp{rFb(8oXf{(2#yZREtib1ny@$^=!T@ zUnL;}yh(zXaQXa9>wb^dqhh}P$I>EPCdy*I5E6q4o~&cf?5(f)e6{=r<&9Z!_S-b< z@^xbIY)#pD@NV&wU5wFzp%oRoQ8uI4jjs#i+Qqj mf)Sd95cb^dnQt*8|E^>FPOoRgrH_-IR#z)S(H_dM0ssSe2_Yi@ From fd0b200fea1c7638b3f1e9ae5d09216b5b4b9e32 Mon Sep 17 00:00:00 2001 From: Ivan Kadochnikov Date: Fri, 7 Oct 2016 16:12:20 +0300 Subject: [PATCH 134/146] Delete repotype from map.jinja, unused after 8f2191471 --- salt/map.jinja | 1 - 1 file changed, 1 deletion(-) diff --git a/salt/map.jinja b/salt/map.jinja index f237dde..e402581 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -71,7 +71,6 @@ that differ from whats in defaults.yaml 'master': { 'gitfs_provider': 'pygit2' }, - 'repotype': 'epel', }, 'Suse': {}, 'Gentoo': { From 855211322647f7585ba264b964f4fe41201b75fb Mon Sep 17 00:00:00 2001 From: Ivan Kadochnikov Date: Thu, 10 Nov 2016 16:05:48 +0300 Subject: [PATCH 135/146] update map.jinja after Arch renamed the package --- salt/map.jinja | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/salt/map.jinja b/salt/map.jinja index f237dde..6f110e6 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -82,12 +82,12 @@ that differ from whats in defaults.yaml 'salt_cloud': 'app-admin/salt', }, 'Arch': { - 'salt_master': 'salt-zmq', - 'salt_minion': 'salt-zmq', - 'salt_syndic': 'salt-zmq', - 'salt_cloud': 'salt-zmq', - 'salt_api': 'salt-zmq', - 'salt_ssh': 'salt-zmq', + 'salt_master': 'salt', + 'salt_minion': 'salt', + 'salt_syndic': 'salt', + 'salt_cloud': 'salt', + 'salt_api': 'salt', + 'salt_ssh': 'salt', }, 'FreeBSD': { 'salt_master': 'py27-salt', From 5b87c50e463c9c5df9e26e8ef302b3ae1732e5b4 Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Mon, 14 Nov 2016 22:13:52 +0000 Subject: [PATCH 136/146] Add SmartOS salt-master and gitfs support --- salt/defaults.yaml | 1 + salt/gitfs/dulwich.sls | 6 ++++-- salt/map.jinja | 19 +++++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 91512f5..8a82d80 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -23,6 +23,7 @@ salt: salt_ssh: salt-ssh python_git: python-git + python_dulwich: python-dulwich master: gitfs_provider: gitpython diff --git a/salt/gitfs/dulwich.sls b/salt/gitfs/dulwich.sls index b5c2589..e8e1a42 100644 --- a/salt/gitfs/dulwich.sls +++ b/salt/gitfs/dulwich.sls @@ -15,7 +15,9 @@ install-dulwich: - name: dulwich {% else %} -# install from package -# TODO haven't actually found a distro that has a good version to test + +python-dulwich: + pkg.installed: + - name: {{ salt_settings.python_dulwich }} {% endif %} diff --git a/salt/map.jinja b/salt/map.jinja index 6f110e6..369fc2f 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -142,6 +142,25 @@ that differ from whats in defaults.yaml salt['grains.get']('os_family')|lower + '/' + salt['grains.get']('osmajorrelease', osrelease) + '/armhf/latest ' + salt['grains.get']('oscodename') + ' main', 'key_url': 'https://repo.saltstack.com/apt/' + salt['grains.get']('os_family')|lower + '/' + salt['grains.get']('osmajorrelease', osrelease) + '/armhf/latest/SALTSTACK-GPG-KEY.pub', }, + 'SmartOS': { + 'salt_master': 'salt', + 'salt_minion': 'salt', + 'salt_syndic': 'salt', + 'salt_cloud': 'salt', + 'salt_api': 'salt', + 'salt_ssh': 'salt', + 'minion_service': 'salt:minion', + 'master_service': 'salt:master', + 'python_dulwich': 'py27-dulwich', + 'gitfs': { + 'dulwich': { + 'install_from_source': False, + } + }, + 'master': { + 'gitfs_provider': 'dulwich' + }, + } }, grain='os', merge=salt['pillar.get']('salt:lookup'))) %} From 157f356442d8a9fee1a092594ef0390cd947ae9c Mon Sep 17 00:00:00 2001 From: Matt Willsher Date: Mon, 14 Nov 2016 22:22:52 +0000 Subject: [PATCH 137/146] Correct SmartOS config path --- salt/map.jinja | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/map.jinja b/salt/map.jinja index 369fc2f..3c9ed4c 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -157,6 +157,7 @@ that differ from whats in defaults.yaml 'install_from_source': False, } }, + 'config_path': '/opt/local/etc/salt', 'master': { 'gitfs_provider': 'dulwich' }, From 8e41067c6998652be9b44a2906d1a4f4cbe87a27 Mon Sep 17 00:00:00 2001 From: Dafydd Jones Date: Mon, 7 Nov 2016 18:49:38 +0000 Subject: [PATCH 138/146] allow non-default config settings in master.d/f_defaults.conf (similar to PR#247) --- salt/files/master.d/f_defaults.conf | 37 +++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/salt/files/master.d/f_defaults.conf b/salt/files/master.d/f_defaults.conf index 702f852..b97bf57 100644 --- a/salt/files/master.d/f_defaults.conf +++ b/salt/files/master.d/f_defaults.conf @@ -3,7 +3,9 @@ {% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs', 'engines'] -%} {% set cfg_salt = pillar.get('salt', {}) -%} {% set cfg_master = cfg_salt.get('master', {}) -%} +{% set default_keys = [] -%} {%- macro get_config(configname, default_value) -%} +{%- do default_keys.append(configname) %} {%- if configname in cfg_master -%} {{ configname }}: {{ cfg_master[configname]|json }} {%- elif configname in cfg_salt and configname not in reserved_keys -%} @@ -78,6 +80,7 @@ # "states", "returners", etc. # Like 'extension_modules' but can take an array of paths {% if 'module_dirs' in cfg_master -%} +{%- do default_keys.append('module_dirs') %} module_dirs: {%- for dir in cfg_master['module_dirs'] %} - {{ dir}} @@ -152,6 +155,7 @@ module_dirs: # Only events returns matching tags in a whitelist {% if 'event_return_whitelist' in cfg_master -%} +{%- do default_keys.append('event_return_whitelist') %} event_return_whitelist: {%- for event_return in cfg_master['event_return_whitelist'] %} - {{ event_return }} @@ -169,6 +173,7 @@ event_return_whitelist: # Store all event returns _except_ the tags in a blacklist {% if 'event_return_blacklist' in cfg_master -%} +{%- do default_keys.append('event_return_blacklist') %} event_return_blacklist: {%- for event_return in cfg_master['event_return_blacklist'] %} - {{ event_return }} @@ -328,6 +333,7 @@ event_return_blacklist: # capabilities to non root users. By default this capability is completely # disabled. {% if 'client_acl' in cfg_master -%} +{%- do default_keys.append('client_acl') %} client_acl: {%- for name, user in cfg_master['client_acl']|dictsort %} {{ name}}: @@ -356,6 +362,7 @@ client_acl: # running any commands. It would also blacklist any use of the "cmd" # module. This is completely disabled by default. {% if 'client_acl_blacklist' in cfg_master %} +{%- do default_keys.append('client_acl_blacklist') %} client_acl_blacklist: users: {% for user in cfg_master['client_acl_blacklist'].get('users', []) %} @@ -549,6 +556,7 @@ client_acl_blacklist: # #master_tops: {} {% if 'master_tops' in cfg_master %} +{%- do default_keys.append('master_tops') %} master_tops: {%- for master in cfg_master['master_tops'] -%} {%- if cfg_master['master_tops'][master] is string %} @@ -641,6 +649,7 @@ master_tops: # - /srv/salt/prod/states # {% if 'file_roots' in cfg_master -%} +{%- do default_keys.append('file_roots') %} {{ file_roots(cfg_master['file_roots']) }} {%- elif 'file_roots' in cfg_salt -%} {{ file_roots(cfg_salt['file_roots']) }} @@ -686,6 +695,7 @@ master_tops: # and don't want all the '.svn' folders and content synced to your minions, # you could set this to '/\.svn($|/)'. By default nothing is ignored. {% if 'file_ignore_regex' in cfg_master %} +{%- do default_keys.append('file_ignore_regex') %} file_ignore_regex: {% for regex in cfg_master['file_ignore_regex'] %} - {{ regex }} @@ -706,6 +716,7 @@ file_ignore_regex: # to file_ignore_regex above, but works on globs instead of regex. By default # nothing is ignored. {% if 'file_ignore_glob' in cfg_master %} +{%- do default_keys.append('file_ignore_glob') %} file_ignore_glob: {% for glob in cfg_master['file_ignore_glob'] %} - {{ glob }} @@ -738,6 +749,7 @@ file_ignore_glob: # - git # - roots {% if 'fileserver_backend' in cfg_master -%} +{%- do default_keys.append('fileserver_backend') %} fileserver_backend: {%- for backend in cfg_master['fileserver_backend'] %} - {{ backend }} @@ -811,6 +823,7 @@ fileserver_backend: # Note: file:// repos will be treated as a remote, so refs you want used must # exist in that repo as *local* refs. {% if 'gitfs_remotes' in cfg_master -%} +{%- do default_keys.append('gitfs_remotes') %} gitfs_remotes: {%- for remote in cfg_master['gitfs_remotes'] %} {%- if remote is iterable and remote is not string %} @@ -847,6 +860,7 @@ gitfs_remotes: # The gitfs_env_whitelist and gitfs_env_blacklist parameters allow for greater # control over which branches/tags are exposed as fileserver environments. {% if 'gitfs_env_whitelist' in cfg_master -%} +{%- do default_keys.append('gitfs_env_whitelist') %} gitfs_env_whitelist: {%- for git_env in cfg_master['gitfs_env_whitelist'] %} - {{ git_env }} @@ -858,6 +872,7 @@ gitfs_env_whitelist: {% endif %} {% if 'gitfs_env_blacklist' in cfg_master -%} +{%- do default_keys.append('gitfs_env_blacklist') %} gitfs_env_blacklist: {%- for git_env in cfg_master['gitfs_env_blacklist'] %} - {{ git_env }} @@ -921,6 +936,7 @@ gitfs_env_blacklist: # a top file and sls files. However, pillar data does not need to be in the # highstate format, and is generally just key/value pairs. {% if 'pillar_roots' in cfg_master -%} +{%- do default_keys.append('pillar_roots') %} pillar_roots: {%- for name, roots in cfg_master['pillar_roots']|dictsort %} {{ name }}: @@ -943,6 +959,7 @@ pillar_roots: {%- endif %} {% if 'ext_pillar' in cfg_master %} +{%- do default_keys.append('ext_pillar') %} ext_pillar: {%- for pillar in cfg_master['ext_pillar'] -%} {%- for key in pillar -%} @@ -1122,6 +1139,7 @@ ext_pillar: # This is not recommended, since it would allow anyone who gets root on any # single minion to instantly have root on all of the minions! {% if 'peer' in cfg_master %} +{%- do default_keys.append('peer') %} peer: {% for name, roots in cfg_master['peer'].items() %} {{ name }}: @@ -1155,6 +1173,7 @@ peer: # foo.example.com: # - manage.up {% if 'peer_run' in cfg_master %} +{%- do default_keys.append('peer_run') %} peer_run: {% for name, roots in cfg_master['peer_run'].items() %} {{ name }}: @@ -1185,6 +1204,7 @@ peer_run: # data only, minions web* to get all network.* and disk.* mine data and all other # minions won't get any mine data. {% if 'mine_get' in cfg_master -%} +{%- do default_keys.append('mine_get') %} mine_get: {%- for minion, data in cfg_master['mine_get']|dictsort %} {{ minion }}: @@ -1268,6 +1288,7 @@ mine_get: # 'salt.modules': 'debug' # {% if 'log_granular_levels' in cfg_master %} +{%- do default_keys.append('log_granular_levels') %} log_granular_levels: {% for name, lvl in cfg_master['log_granular_levels'].items() %} {{ name }}: {{ lvl }} @@ -1289,6 +1310,7 @@ log_granular_levels: # group1: 'L@foo.domain.com,bar.domain.com,baz.domain.com and bl*.domain.com' # group2: 'G@os:Debian and foo.domain.com' {%- if 'nodegroups' in cfg_master %} +{%- do default_keys.append('nodegroups') %} nodegroups: {%- for name, lvl in cfg_master['nodegroups'].items() %} {{ name }}: {{ lvl }} @@ -1323,6 +1345,7 @@ nodegroups: # List of git repositories to include with the local repo: {% if 'winrepo_remotes_ng' in cfg_master %} +{%- do default_keys.append('winrepo_remotes_ng') %} winrepo_remotes_ng: {% for repo in cfg_master['winrepo_remotes_ng'] %} - {{ repo }} @@ -1347,6 +1370,7 @@ winrepo_remotes_ng: # List of git repositories to include with the local repo: {% if 'winrepo_remotes' in cfg_master %} +{%- do default_keys.append('winrepo_remotes') %} winrepo_remotes: {% for repo in cfg_master['winrepo_remotes'] %} - {{ repo }} @@ -1373,6 +1397,7 @@ winrepo_remotes: # List of git repositories to include with the local repo: {% if 'win_gitrepos' in cfg_master %} +{%- do default_keys.append('win_gitrepos') %} win_gitrepos: {% for repo in cfg_master['win_gitrepos'] %} - {{ repo }} @@ -1400,6 +1425,7 @@ win_gitrepos: {{ get_config('event_match_type', 'startswith') }} {%- if 'halite' in cfg_master %} +{%- do default_keys.append('halite') %} ##### Halite ##### ########################################## halite: @@ -1409,6 +1435,7 @@ halite: {%- endif %} {%- if 'rest_cherrypy' in cfg_master %} +{%- do default_keys.append('rest_cherrypy') %} ##### rest_cherrypy ##### ########################################## rest_cherrypy: @@ -1418,6 +1445,7 @@ rest_cherrypy: {%- endif %} {%- if 'rest_tornado' in cfg_master %} +{%- do default_keys.append('rest_tornado') %} ##### rest_tornado ##### ########################################### rest_tornado: @@ -1433,6 +1461,7 @@ rest_tornado: {%- endif %} {%- if 'consul_config' in cfg_master %} +{%- do default_keys.append('consul_config') %} ##### consul_config ##### ########################################## consul_config: @@ -1442,6 +1471,7 @@ consul_config: {%- endif %} {% if 'mongo' in cfg_master -%} +{%- do default_keys.append('mongo') %} ##### mongodb connection settings ##### ########################################## {%- for name, value in cfg_master['mongo'].items() %} @@ -1449,8 +1479,15 @@ mongo.{{ name }}: {{ value }} {%- endfor %} {% if 'alternative.mongo' in cfg_master -%} +{%- do default_keys.append('alternative.mongo') %} {%- for name, value in cfg_master['alternative.mongo'].items() %} alternative.mongo.{{ name }}: {{ value }} {%- endfor %} {% endif %} {%- endif %} + +{%- for configname in cfg_master %} +{%- if configname not in reserved_keys and configname not in default_keys %} +{{ configname }}: {{ cfg_master[configname]|json }} +{%- endif %} +{%- endfor %} From 43663fec1b6089663f7a2e836a7727c04ecef59b Mon Sep 17 00:00:00 2001 From: John Kristensen Date: Fri, 2 Dec 2016 17:28:30 +1100 Subject: [PATCH 139/146] Have salt-api service watch the master config files The salt-api service is configured using the master config files but is not restarted when the master is restarted. We need the salt-api service to watch the master config files to ensure that any config changes are picked up. --- salt/api.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/api.sls b/salt/api.sls index 4681c43..278511f 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -13,7 +13,8 @@ salt-api: - name: {{ salt_settings.api_service }} - require: - service: {{ salt_settings.master_service }} -{% if salt_settings.install_packages %} - watch: +{% if salt_settings.install_packages %} - pkg: salt-api {% endif %} + - file: salt-master From 0166cd409702b1e3526b228b585826d684385ede Mon Sep 17 00:00:00 2001 From: Jeff Baskin Date: Mon, 19 Dec 2016 23:29:42 -0500 Subject: [PATCH 140/146] Added fedora. --- salt/map.jinja | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/salt/map.jinja b/salt/map.jinja index 5fc70ca..b02c9d7 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -57,7 +57,10 @@ that differ from whats in defaults.yaml }, }, 'RedHat': { - 'pygit2': 'python-pygit2', + 'pygit2': salt['grains.filter_by']({ + 'Fedora': 'python2-pygit2', + 'default': 'python-pygit2', + }, grain='os'), 'python_git': 'GitPython', 'gitfs': { 'pygit2': { From e329bda7bfca282575d90680c59310e5b080f634 Mon Sep 17 00:00:00 2001 From: Rene Jochum Date: Sun, 25 Dec 2016 17:41:47 +0100 Subject: [PATCH 141/146] Fix pygit2-libgit2 builds on Debian like platforms. Signed-off-by: Rene Jochum --- salt/gitfs/pygit2.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/gitfs/pygit2.sls b/salt/gitfs/pygit2.sls index 9fce72b..2439efe 100644 --- a/salt/gitfs/pygit2.sls +++ b/salt/gitfs/pygit2.sls @@ -23,6 +23,7 @@ pygit-deps: pkg.installed: - pkgs: - build-essential + - pkg-config - python-dev - libssh-dev - libffi-dev From caff23424d6829b528a2cd6ac1f675e3e4556700 Mon Sep 17 00:00:00 2001 From: Niels Abspoel Date: Thu, 12 Jan 2017 23:40:41 +0100 Subject: [PATCH 142/146] fix default dict --- salt/files/master.d/engine.conf | 2 +- salt/files/minion.d/engine.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/files/master.d/engine.conf b/salt/files/master.d/engine.conf index 746cdbe..47e6a6d 100644 --- a/salt/files/master.d/engine.conf +++ b/salt/files/master.d/engine.conf @@ -1,7 +1,7 @@ # # This file is managed by Salt! Do not edit by hand! # -{%- set engines = salt['pillar.get']('salt:engines') -%} +{%- set engines = salt['pillar.get']('salt:engines', {}) -%} {%- set engines = salt['pillar.get']('salt:master:engines', default=engines, merge=True) -%} {%- if engines %} engines: diff --git a/salt/files/minion.d/engine.conf b/salt/files/minion.d/engine.conf index 658f0e0..695e3ed 100644 --- a/salt/files/minion.d/engine.conf +++ b/salt/files/minion.d/engine.conf @@ -1,7 +1,7 @@ # # This file is managed by Salt! Do not edit by hand! # -{%- set engines = salt['pillar.get']('salt:engines') -%} +{%- set engines = salt['pillar.get']('salt:engines', {}) -%} {%- set engines = salt['pillar.get']('salt:minion:engines', default=engines, merge=True) -%} {%- if engines %} engines: From 73906a03a520c90920b1885add4d50865a6cb3fc Mon Sep 17 00:00:00 2001 From: Tobias Martin Date: Fri, 13 Jan 2017 14:22:39 +0100 Subject: [PATCH 143/146] added beacons configuration support --- pillar.example | 16 +++++++++++++++- salt/files/minion.d/beacons.conf | 9 +++++++++ salt/files/minion.d/f_defaults.conf | 2 +- 3 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 salt/files/minion.d/beacons.conf diff --git a/pillar.example b/pillar.example index 3394677..721bd3b 100644 --- a/pillar.example +++ b/pillar.example @@ -141,7 +141,7 @@ salt: auth_keytab: /root/auth.keytab auth_principal: kadmin/admin - # optional engine configuration + # optional engine configuration engines: slack: token: xoxp-XXXXX-XXXXXXX @@ -157,6 +157,20 @@ salt: type: runner cmd: jobs.list_jobs + # optional beacons configuration + beacons: + load: + 1m: + - 0.0 + - 2.0 + 5m: + - 0.0 + - 1.5 + 15m: + - 0.1 + - 1.0 + interval: 10 + # salt cloud config cloud: diff --git a/salt/files/minion.d/beacons.conf b/salt/files/minion.d/beacons.conf new file mode 100644 index 0000000..72c7105 --- /dev/null +++ b/salt/files/minion.d/beacons.conf @@ -0,0 +1,9 @@ +# +# This file is managed by Salt! Do not edit by hand! +# +{%- set beacons = salt['pillar.get']('salt:beacons') -%} +{%- set engines = salt['pillar.get']('salt:minion:beacons', default=engines, merge=True) -%} +{%- if beacons %} +beacons: + {{ beacons | yaml(False) | indent(2) }} +{%- endif -%} diff --git a/salt/files/minion.d/f_defaults.conf b/salt/files/minion.d/f_defaults.conf index c6629f0..d4110c8 100644 --- a/salt/files/minion.d/f_defaults.conf +++ b/salt/files/minion.d/f_defaults.conf @@ -1,7 +1,7 @@ # This file managed by Salt, do not edit by hand!! # Based on salt version 2015.8.7 default config # -{% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs', 'engines'] -%} +{% set reserved_keys = ['master', 'minion', 'cloud', 'salt_cloud_certs', 'engines', 'beacons'] -%} {% set cfg_salt = pillar.get('salt', {}) -%} {% set cfg_minion = cfg_salt.get('minion', {}) -%} {% set default_keys = [] -%} From fc408475420ea2a540b158a9afe41ab31f063573 Mon Sep 17 00:00:00 2001 From: Tobias Martin Date: Fri, 13 Jan 2017 15:26:17 +0100 Subject: [PATCH 144/146] fixed beacon variable name --- salt/files/minion.d/beacons.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/files/minion.d/beacons.conf b/salt/files/minion.d/beacons.conf index 72c7105..e9bb4f8 100644 --- a/salt/files/minion.d/beacons.conf +++ b/salt/files/minion.d/beacons.conf @@ -2,7 +2,7 @@ # This file is managed by Salt! Do not edit by hand! # {%- set beacons = salt['pillar.get']('salt:beacons') -%} -{%- set engines = salt['pillar.get']('salt:minion:beacons', default=engines, merge=True) -%} +{%- set beacons = salt['pillar.get']('salt:minion:beacons', default=beacons, merge=True) -%} {%- if beacons %} beacons: {{ beacons | yaml(False) | indent(2) }} From 8ae39f4700bab2581a52f7cc4ca10949b583f7e6 Mon Sep 17 00:00:00 2001 From: ek9 Date: Fri, 13 Jan 2017 17:03:19 +0100 Subject: [PATCH 145/146] Arch Linux: install pygit2 or libgit2 via pacman instead of source by default --- salt/map.jinja | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/map.jinja b/salt/map.jinja index b02c9d7..318291f 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -90,6 +90,8 @@ that differ from whats in defaults.yaml 'salt_cloud': 'salt', 'salt_api': 'salt', 'salt_ssh': 'salt', + 'pygit2': 'python2-pygit2', + 'libgit2': 'libgit2', }, 'FreeBSD': { 'salt_master': 'py27-salt', From d7af7c15bbf4423c268850884dbebb3c8affa068 Mon Sep 17 00:00:00 2001 From: ek9 Date: Fri, 13 Jan 2017 17:31:47 +0100 Subject: [PATCH 146/146] Alpine Linux: add basic support --- salt/map.jinja | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/salt/map.jinja b/salt/map.jinja index b02c9d7..79e8d91 100644 --- a/salt/map.jinja +++ b/salt/map.jinja @@ -91,6 +91,16 @@ that differ from whats in defaults.yaml 'salt_api': 'salt', 'salt_ssh': 'salt', }, + 'Alpine': { + 'salt_master': 'salt-master', + 'salt_minion': 'salt-minion', + 'salt_syndic': 'salt-syndic', + 'salt_cloud': 'salt-cloud', + 'salt_api': 'salt-api', + 'salt_ssh': 'salt-ssh', + 'pygit2': 'py2-pygit2', + 'libgit2': 'libgit2', + }, 'FreeBSD': { 'salt_master': 'py27-salt', 'salt_minion': 'py27-salt',