diff --git a/README.rst b/README.rst index 0b9f758..7fddf78 100644 --- a/README.rst +++ b/README.rst @@ -25,9 +25,14 @@ Install a minion Install a master. +``salt.cloud`` +--------------- + +Install salt cloud. + ``Configuration`` ----------------- -Every option available in the templates can be set in pillar. Settings under 'salt' will be overridden by more specific settings under salt['master'] or salt['minion'] +Every option available in the templates can be set in pillar. Settings under 'salt' will be overridden by more specific settings under salt['master'], salt['minion'] or salt['cloud'] :: @@ -39,3 +44,6 @@ Every option available in the templates can be set in pillar. Settings under 'sa minion: user: saltuser ... + cloud: + providers: ec2 + ... diff --git a/pillar.example b/pillar.example index 48d2f45..3374e12 100644 --- a/pillar.example +++ b/pillar.example @@ -19,3 +19,28 @@ salt: test.baz: spam: sausage cheese: bread + cloud: + master: salt + folders: + - cloud.providers.d/key + - cloud.profiles.d + - cloud.maps.d + providers: + - ec2 + - gce + aws_key: AWSKEYIJSHJAIJS6JSH + aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95 + gce_project: test + gce_service_account_email_address: 867543072364-orl4h2tpp8jcn1tr9ipj@developer.gserviceaccount.com +salt_cloud_certs: + aws: + pem: | + -----BEGIN RSA PRIVATE KEY----- + ........... + -----END RSA PRIVATE KEY----- + + gce: + pem: | + -----BEGIN RSA PRIVATE KEY----- + ........... + -----END RSA PRIVATE KEY----- diff --git a/salt/cloud.sls b/salt/cloud.sls new file mode 100644 index 0000000..25a2cfb --- /dev/null +++ b/salt/cloud.sls @@ -0,0 +1,80 @@ +{% from "salt/package-map.jinja" import pkgs with context %} +{% set salt = pillar.get('salt', {}) -%} +{% set cloud = salt.get('cloud', {}) -%} + +python-pip: + pkg.installed + +pycrypto: + pip.installed: + - require: + - pkg: python-pip + +crypto: + pip.installed: + - require: + - pkg: python-pip + +apache-libcloud: + pip.installed: + - require: + - pkg: python-pip + +salt-cloud: + pkg.installed: + - name: {{ pkgs['salt-cloud'] }} + - require: + - pip: apache-libcloud + - pip: pycrypto + - pip: crypto + +{% for folder in cloud['folders'] %} +{{ folder }}: + file.directory: + - name: /etc/salt/{{ folder }} + - user: root + - group: root + - file_mode: 744 + - dir_mode: 755 + - makedirs: True +{% endfor %} + +{% for cert in pillar.get('salt_cloud_certs', {}) %} +{% for type in ['pem'] %} +cloud-cert-{{ cert }}-pem: + file.managed: + - name: /etc/salt/cloud.providers.d/key/{{ cert }}.pem + - source: salt://salt/files/key + - template: jinja + - user: root + - group: root + - mode: 600 + - defaults: + key: {{ cert }} + type: {{ type }} +{% endfor %} +{% endfor %} + +{% for providers in cloud['providers'] %} +salt-cloud-profiles-{{ providers }}: + file.managed: + - name: /etc/salt/cloud.profiles.d/{{ providers }}.conf + - template: jinja + - source: salt://salt/files/cloud.profiles.d/{{ providers }}.conf +{% endfor %} + +{% for providers in cloud['providers'] %} +salt-cloud-providers-{{ providers }}: + file.managed: + - name: /etc/salt/cloud.providers.d/{{ providers }}.conf + - template: jinja + - source: salt://salt/files/cloud.providers.d/{{ providers }}.conf +{% endfor %} + +{% for providers in cloud['providers'] %} +salt-cloud-maps-{{ providers }}: + file.managed: + - name: /etc/salt/cloud.maps.d/{{ providers }}.conf + - template: jinja + - source: salt://salt/files/cloud.maps.d/{{ providers }}.conf +{% endfor %} diff --git a/salt/files/cloud.maps.d/ec2.conf b/salt/files/cloud.maps.d/ec2.conf new file mode 100644 index 0000000..90d7636 --- /dev/null +++ b/salt/files/cloud.maps.d/ec2.conf @@ -0,0 +1 @@ +# This file managed by Salt, do not edit by hand!! \ No newline at end of file diff --git a/salt/files/cloud.maps.d/gce.conf b/salt/files/cloud.maps.d/gce.conf new file mode 100644 index 0000000..eea25ea --- /dev/null +++ b/salt/files/cloud.maps.d/gce.conf @@ -0,0 +1 @@ +# This file managed by Salt, do not edit by hand!! diff --git a/salt/files/cloud.profiles.d/ec2.conf b/salt/files/cloud.profiles.d/ec2.conf new file mode 100644 index 0000000..3032f1a --- /dev/null +++ b/salt/files/cloud.profiles.d/ec2.conf @@ -0,0 +1,16 @@ +# This file managed by Salt, do not edit by hand!! +base_ubuntu_ec2: + provider: ec2_ubuntu_public + image: ami-cb4986bc + size: t2.micro + ssh_username: ubuntu + network_interfaces: + - DeviceIndex: 0 + PrivateIpAddresses: + - Primary: True + AssociatePublicIpAddress: True + SubnetId: subnet-57856332 + SecurityGroupId: + - sg-6ec11d3b + tag: {'Environment': 'production', 'Role': 'ubuntu'} + sync_after_install: grains \ No newline at end of file diff --git a/salt/files/cloud.profiles.d/gce.conf b/salt/files/cloud.profiles.d/gce.conf new file mode 100644 index 0000000..8120489 --- /dev/null +++ b/salt/files/cloud.profiles.d/gce.conf @@ -0,0 +1,13 @@ +# This file managed by Salt, do not edit by hand!! +base_debian_gce: + image: debian-7-wheezy + size: g1-small + location: us-central1-a + network: default + tags: '["https-server", "http-server"]' + metadata: '{"salt-minion": "true"}' + use_persistent_disk: True + delete_boot_pd: True + deploy: True + make_master: False + provider: gce \ No newline at end of file diff --git a/salt/files/cloud.providers.d/ec2.conf b/salt/files/cloud.providers.d/ec2.conf new file mode 100644 index 0000000..0aeede2 --- /dev/null +++ b/salt/files/cloud.providers.d/ec2.conf @@ -0,0 +1,17 @@ +# This file managed by Salt, do not edit by hand!! +{% set salt = pillar.get('salt', {}) -%} +{% set cloud = salt.get('cloud', {}) -%} +ec2_ubuntu_public: + minion: + master: {{ cloud['master'] }} + grains: + test: True + ssh_interface: public_ips + id: {{ cloud['aws_key'] }} + key: '{{ cloud['aws_secret'] }}' + private_key: /etc/salt/cloud.providers.d/key/key.pem + keyname: keyname + location: eu-west-1 + availability_zone: eu-west-1a + ssh_username: ubuntu + provider: ec2 \ No newline at end of file diff --git a/salt/files/cloud.providers.d/gce.conf b/salt/files/cloud.providers.d/gce.conf new file mode 100644 index 0000000..823bf15 --- /dev/null +++ b/salt/files/cloud.providers.d/gce.conf @@ -0,0 +1,12 @@ +# This file managed by Salt, do not edit by hand!! +{% set salt = pillar.get('salt', {}) -%} +{% set cloud = salt.get('cloud', {}) -%} +gce: + project: "{{ cloud['gce_project'] }}" + service_account_email_address: "{{ cloud['gce_service_account_email_address'] }}" + service_account_private_key: "/etc/salt/cloud.providers.d/key.pem" + minion: + master: {{ cloud['master'] }} + grains: + test: True + provider: gce \ No newline at end of file diff --git a/salt/files/key b/salt/files/key new file mode 100644 index 0000000..66fd017 --- /dev/null +++ b/salt/files/key @@ -0,0 +1 @@ +{{ pillar['salt_cloud_certs'][key][type] }} \ No newline at end of file diff --git a/salt/package-map.jinja b/salt/package-map.jinja index 59e1e1e..5943090 100644 --- a/salt/package-map.jinja +++ b/salt/package-map.jinja @@ -1,19 +1,27 @@ {% set package_table = { 'Debian': {'salt-master': 'salt-master', - 'salt-minion': 'salt-minion'}, + 'salt-minion': 'salt-minion', + 'salt-cloud': 'salt-cloud'}, 'Ubuntu': {'salt-master': 'salt-master', - 'salt-minion': 'salt-minion'}, + 'salt-minion': 'salt-minion', + 'salt-cloud': 'salt-cloud'}, 'CentOS': {'salt-master': 'salt-master', - 'salt-minion': 'salt-minion'}, + 'salt-minion': 'salt-minion', + 'salt-cloud': 'salt-cloud'}, 'Amazon': {'salt-master': 'salt-master', - 'salt-minion': 'salt-minion'}, + 'salt-minion': 'salt-minion', + 'salt-cloud': 'salt-cloud'}, 'Fedora': {'salt-master': 'salt-master', - 'salt-minion': 'salt-minion'}, + 'salt-minion': 'salt-minion', + 'salt-cloud': 'salt-cloud'}, 'RedHat': {'salt-master': 'salt-master', - 'salt-minion': 'salt-minion'}, + 'salt-minion': 'salt-minion', + 'salt-cloud': 'salt-cloud'}, 'Gentoo': {'salt-master': 'app-admin/salt', + 'salt-minion': 'app-admin/salt', 'salt-minion': 'app-admin/salt'}, 'Arch': {'salt-master': 'salt', + 'salt-minion': 'salt', 'salt-minion': 'salt'} } %}