|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274 |
- {%- set tplroot = tpldir.split('/')[0] %}
- {%- from tplroot ~ "/map.jinja" import salt_settings with context %}
- {%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
-
- {% if salt_settings.pin_version and salt_settings.version and grains.os_family|lower == 'debian' %}
- include:
- - .pin
- {% endif %}
-
- {%- if grains.os == 'MacOS' %}
- {% if salt_settings.install_packages %}
-
- download-salt-minion:
- {% if salt_settings.salt_minion_pkg_source %} {# minion upgrade? #}
- file.managed:
- - name: '/tmp/salt.pkg'
- - source: {{ salt_settings.salt_minion_pkg_source }}
- {%- if salt_settings.salt_minion_pkg_hash %}
- - source_hash: {{ salt_settings.salt_minion_pkg_hash }}
- {% else %}
- - skip_verify: True
- {% endif %}
- - user: {{ salt_settings.rootuser }}
- - group: {{ salt_settings.rootgroup }}
- - mode: '0644'
- - unless:
- - test -n "{{ salt_settings.version }}" && '/opt/salt/bin/salt-minion --version=.*{{ salt_settings.version }}.*'
- - require_in:
- - macpackage: salt-minion
- - retry: {{ salt_settings.retry_options | json }}
- {%- elif "workaround https://github.com/saltstack/salt/issues/49348" %}
- {% if salt_settings.install_packages %}
- pkg.installed:
- - name: {{ salt_settings.salt_minion }}
- {%- if salt_settings.version is defined %}
- - version: {{ salt_settings.version }}
- {%- endif %}
- {% endif %}
- {%- endif %}
-
- salt-minion-macos:
- file.managed:
- - onlyif: {{ grains.os == 'MacOS' }}
- - name: /Library/LaunchDaemons/com.saltstack.salt.minion.plist
- - source: {{ salt_settings.salt_minion_macos_plist_source }}
- - source_hash: {{ salt_settings.salt_minion_macos_plist_hash }}
- - retry: {{ salt_settings.retry_options | json }}
- - require_in:
- - service: salt-minion
- - watch_in:
- - service: salt-minion
- {%- endif %}
- {%- endif %}
-
- salt-minion:
- {% if salt_settings.install_packages %}
- {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source %}
- macpackage.installed:
- - name: '/tmp/salt.pkg'
- - target: /
- {# macpackage.installed is weird with version_check, detects diff but incomplete install #}
- - force: True {# workaround #}
- - unless:
- - test -n "{{ salt_settings.version }}" && '/opt/salt/bin/salt-minion --version=.*{{ salt_settings.version }}.*'
- {% if salt_settings.minion_service_details.state != 'ignore' %}
- - require_in:
- - service: salt-minion
- {% endif %}
- - onchanges_in:
- - cmd: remove-macpackage-salt
- {%- elif grains.os != 'MacOS' and "workaround https://github.com/saltstack/salt/issues/49348" %}
- pkg.installed:
- - name: {{ salt_settings.salt_minion }}
- {%- if salt_settings.version %}
- - version: {{ salt_settings.version }}
- {%- endif %}
- {% if salt_settings.minion_service_details.state != 'ignore' %}
- - require_in:
- - service: salt-minion
- {% endif %}
- {%- endif %}
- {% endif %}
- file.recurse:
- - name: {{ salt_settings.config_path | path_join('minion.d') }}
- {%- if salt_settings.minion_config_use_TOFS %}
- - template: ''
- - source: {{ files_switch(['minion.d'],
- lookup='salt-minion'
- )
- }}
- {%- else %}
- - template: jinja
- - source: salt://{{ tplroot }}/files/minion.d
- - context:
- standalone: False
- {%- endif %}
- - clean: {{ salt_settings.clean_config_d_dir }}
- - exclude_pat: _*
- {% if salt_settings.minion_service_details.state != 'ignore' %}
- service.{{ salt_settings.minion_service_details.state }}:
- - enable: {{ salt_settings.minion_service_details.enabled }}
- - name: {{ salt_settings.minion_service }}
- {%- if grains.os_family in ['FreeBSD', 'Gentoo'] %}
- - retry: {{ salt_settings.retry_options | json }}
- {%- endif %}
- - watch:
- - file: remove-old-minion-conf-file
- - order: last
- {% endif %}
- {%- if not salt_settings.restart_via_at %}
- cmd.run:
- {%- if grains['saltversioninfo'] >= [ 2016, 3 ] %}
- {%- if grains['kernel'] == 'Windows' %}
- - name: 'salt-call.bat --local service.restart {{ salt_settings.minion_service }}'
- {%- else %}
- - name: 'salt-call --local service.restart {{ salt_settings.minion_service }} --out-file /dev/null'
- {%- endif %}
- - bg: True
- {%- else %}
- {%- if grains['kernel'] == 'Windows' %}
- - name: 'start powershell "Restart-Service -Name {{ salt_settings.minion_service }}"'
- {%- else %}
- # old style, pre 2016.3. fork and disown the process
- - name: |-
- exec 0>&- # close stdin
- exec 1>&- # close stdout
- exec 2>&- # close stderr
- nohup salt-call --local service.restart {{ salt_settings.minion_service }} --out-file /dev/null &
- {%- endif %}
- {%- endif %}
- - onchanges:
- {%- if salt_settings.install_packages %}
- {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source %}
- - macpackage: salt-minion
- {%- elif grains.os == 'MacOS' %}
- - pkg: download-salt-minion
- {%- else %}
- - pkg: salt-minion
- {%- endif %}
- {%- endif %}
- - file: salt-minion
- - file: remove-old-minion-conf-file
- {%- else %}
-
- {% if grains.os_family not in ['MacOS', 'FreeBSD'] %}
- {# MacOS and FreeBSD have the 'at' command; but there's no package to install #}
- at:
- pkg.installed:
- - require_in: restart-salt-minion
- {% endif %}
-
- restart-salt-minion:
- cmd.run:
- - name: echo salt-call --local service.restart {{ salt_settings.minion_service }} | at now + 1 minute
- - order: last
- - onchanges:
- {%- if salt_settings.install_packages %}
- {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source %}
- - macpackage: salt-minion
- {%- elif grains.os == 'MacOS' %}
- - pkg: download-salt-minion
- {%- else %}
- - pkg: salt-minion
- {%- endif %}
- {%- endif %}
- - file: salt-minion
- - file: remove-old-minion-conf-file
- {%- endif %}
-
- {% if 'inotify' in salt_settings.get('minion', {}).get('beacons', {}) and salt_settings.get('pyinotify', False) %}
- salt-minion-beacon-inotify:
- pkg.installed:
- - name: {{ salt_settings.pyinotify }}
- - require_in:
- - service: salt-minion
- - watch_in:
- - service: salt-minion
- {% endif %}
-
- {% if salt_settings.minion_remove_config %}
- remove-default-minion-conf-file:
- file.absent:
- - name: {{ salt_settings.config_path }}/minion
- {% endif %}
-
- # clean up old _defaults.conf file if they have it around
- remove-old-minion-conf-file:
- file.absent:
- - name: {{ salt_settings.config_path | path_join('minion.d', '_defaults.conf') }}
-
- {% if grains.os == 'MacOS' %}
- remove-macpackage-salt:
- file.absent:
- - name: /tmp/salt.pkg
- - force: True
- {% endif %}
-
- {% if not salt_settings.minion_remove_config %}
- permissions-minion-config:
- file.managed:
- - name: {{ salt_settings.config_path | path_join('minion') }}
- - user: {{ salt_settings.rootuser }}
- - group:
- {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
- wheel
- {%- else %}
- {{ salt_settings.rootgroup }}
- {%- endif %}
- {%- if grains['kernel'] != 'Windows' %}
- - mode: 640
- {% endif %}
- - replace: False
- {% endif %}
-
- salt-minion-pki-dir:
- file.directory:
- {% if 'pki_dir' in salt_settings.minion %}
- - name: {{ salt_settings.minion.pki_dir }}
- {% else %}
- - name: {{ salt_settings.config_path | path_join('pki', 'minion') }}
- {% endif %}
- - user: {{ salt_settings.rootuser }}
- - group:
- {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
- wheel
- {%- else %}
- {{ salt_settings.rootgroup }}
- {%- endif %}
- {%- if grains['kernel'] != 'Windows' %}
- - mode: 700
- {% endif %}
- - makedirs: True
-
- permissions-minion.pem:
- file.managed:
- {% if 'pki_dir' in salt_settings.minion %}
- - name: {{ salt_settings.minion.pki_dir | path_join('minion.pem') }}
- {% else %}
- - name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pem') }}
- {% endif %}
- - user: {{ salt_settings.rootuser }}
- - group:
- {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
- wheel
- {%- else %}
- {{ salt_settings.rootgroup }}
- {%- endif %}
- {%- if grains['kernel'] != 'Windows' %}
- - mode: 400
- {% endif %}
- - replace: False
- - require:
- - file: salt-minion-pki-dir
-
- permissions-minion.pub:
- file.managed:
- {% if 'pki_dir' in salt_settings.minion %}
- - name: {{ salt_settings.minion.pki_dir | path_join('minion.pub') }}
- {% else %}
- - name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pub') }}
- {% endif %}
- - user: {{ salt_settings.rootuser }}
- - group:
- {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
- wheel
- {%- else %}
- {{ salt_settings.rootgroup }}
- {%- endif %}
- {%- if grains['kernel'] != 'Windows' %}
- - mode: 644
- {% endif %}
- - replace: False
- - require:
- - file: salt-minion-pki-dir
|