0
0
mirror of https://github.com/saltstack-formulas/salt-formula.git synced 2024-11-27 22:38:10 +01:00

add new gitfs functionality

This commit is contained in:
Brad Thurber 2016-04-19 12:51:17 -04:00
parent 6578fb2ae2
commit c4ef48c5e8
5 changed files with 127 additions and 4 deletions

View File

@ -63,6 +63,11 @@ Install gitfs backend dulwich dependencies. Set ``salt:master:gitfs_provider: du
Install gitfs backend GitPython dependenciess. Set ``salt:master:gitfs_provider: gitpython`` in your pillar.
``salt.gitfs.keys``
----------------------
Install ssh keys to be used by gitfs
``salt.gitfs.pygit2``
----------------------

View File

@ -115,6 +115,16 @@ salt:
user: ubuntu
sudo: True
priv: /etc/salt/ssh_keys/sshkey.pem
gitfs:
keys:
global:
# key and pub end up being the extension used on the key file. values other than key and pub are possible
key: |
-----BEGIN RSA PRIVATE KEY-----
...........
-----END RSA PRIVATE KEY-----
pub: |
...........
salt_cloud_certs:
aws:

View File

@ -0,0 +1 @@
{{ pillar['salt']['gitfs']['keys'][key][type] }}

View File

@ -699,9 +699,37 @@ fileserver_backend:
# Git File Server Backend Configuration
#
# Gitfs can be provided by one of two python modules: GitPython or pygit2. If
# using pygit2, both libgit2 and git must also be installed.
{{ get_config('gitfs_provider', 'gitpython') }}
# Optional parameter used to specify the provider to be used for gitfs. Must
# be one of the following: pygit2, gitpython, or dulwich. If unset, then each
# will be tried in that same order, and the first one with a compatible
# version installed will be the provider that is used.
{{ get_config('gitfs_provider', 'pygit2') }}
# Along with gitfs_password, is used to authenticate to HTTPS remotes.
{{ get_config('gitfs_user', 'git') }}
# Along with gitfs_user, is used to authenticate to HTTPS remotes.
# This parameter is not required if the repository does not use authentication.
{{ get_config('gitfs_password', 'mypassword') }}
# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
# This parameter enables authentication over HTTP. Enable this at your own risk.
{{ get_config('gitfs_insecure_auth', 'False') }}
# Along with gitfs_privkey (and optionally gitfs_passphrase), is used to authenticate
# to SSH remotes. This parameter (or its per-remote counterpart) is required for SSH remotes.
{{ get_config('gitfs_pubkey', '/path/to/key.pub') }}
# Along with gitfs_pubkey (and optionally gitfs_passphrase), is used to authenticate
# to SSH remotes. This parameter (or its per-remote counterpart) is required for SSH remotes.
{{ get_config('gitfs_privkey', '/path/to/key') }}
# This parameter is optional, required only when the SSH key being used to
# authenticate is protected by a passphrase.
{{ get_config('gitfs_passphrase', 'mypassphrase') }}
# Along with gitfs_user, is used to authenticate to HTTPS remotes.
# This parameter is not required if the repository does not use authentication.
# When using the git fileserver backend at least one git remote needs to be
# defined. The user running the salt master will need read access to the repo.
@ -865,8 +893,67 @@ ext_pillar:
{{ get_config('pillar_source_merging_strategy', 'smart') }}
# Recursively merge lists by aggregating them instead of replacing them.
{{ get_config('pillar_merge_lists', 'False') }}
{{ get_config('pillar_merge_lists', False) }}
# Git External Pillar (git_pillar) Configuration Options
#
# Specify the provider to be used for git_pillar. Must be either pygit2 or
# gitpython. If unset, then both will be tried in that same order, and the
# first one with a compatible version installed will be the provider that
# is used.
{{ get_config('git_pillar_provider', 'pygit2') }}
# If the desired branch matches this value, and the environment is omitted
# from the git_pillar configuration, then the environment for that git_pillar
# remote will be base.
{{ get_config('git_pillar_base', 'master') }}
# If the branch is omitted from a git_pillar remote, then this branch will
# be used instead.
{{ get_config('git_pillar_branch', 'master') }}
# Environment to use for git_pillar remotes. This is normally derived from
# the branch/tag (or from a per-remote env parameter), but if set this will
# override the process of deriving the env from the branch/tag name.
{{ get_config('git_pillar_env', '') }}
# Path relative to the root of the repository where the git_pillar top file
# and SLS files are located.
{{ get_config('git_pillar_root', 'pillar') }}
# Specifies whether or not to ignore SSL certificate errors when contacting
# the remote repository.
{{ get_config('git_pillar_ssl_verify', True) }}
# When set to False, if there is an update/checkout lock for a git_pillar
# remote and the pid written to it is not running on the master, the lock
# file will be automatically cleared and a new lock will be obtained.
{{ get_config('git_pillar_global_lock', False) }}
# Git External Pillar Authentication Options
#
# Along with git_pillar_password, is used to authenticate to HTTPS remotes.
{{ get_config('git_pillar_user', '') }}
# Along with git_pillar_user, is used to authenticate to HTTPS remotes.
# This parameter is not required if the repository does not use authentication.
{{ get_config('git_pillar_password', '') }}
# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
# This parameter enables authentication over HTTP.
{{ get_config('git_pillar_insecure_auth', False) }}
# Along with git_pillar_privkey (and optionally git_pillar_passphrase),
# is used to authenticate to SSH remotes.
{{ get_config('git_pillar_pubkey', '/path/to/key.pub') }}
# Along with git_pillar_pubkey (and optionally git_pillar_passphrase),
# is used to authenticate to SSH remotes.
{{ get_config('git_pillar_privkey', '/path/to/key') }}
# This parameter is optional, required only when the SSH key being used
# to authenticate is protected by a passphrase.
{{ get_config('git_pillar_passphrase', '') }}
##### Syndic settings #####
##########################################

20
salt/gitfs/keys.sls Normal file
View File

@ -0,0 +1,20 @@
{%- from "salt/map.jinja" import salt_settings with context %}
{%- set gitfs_keys=salt['pillar.get']('salt:gitfs:keys') %}
{%- for key, keyvalues in gitfs_keys.items() %}
{%- for type, keydata in keyvalues.items() %}
gitfs-key-{{ key }}-{{ type }}:
file.managed:
- name: {{ salt_settings.config_path }}/pki/gitfs/{{ key }}.{{ type }}
- source: salt://salt/files/gitfs_key.jinja
- template: jinja
- user: root
- group: root
- mode: 600
- makedirs: True
- defaults:
key: {{ key }}
type: {{ type }}
{%- endfor %}
{%- endfor %}