Saltstack Official Salt Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

minion.sls 9.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271
  1. {%- set tplroot = tpldir.split('/')[0] %}
  2. {%- from tplroot ~ "/map.jinja" import salt_settings with context %}
  3. {%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
  4. {% if salt_settings.pin_version and salt_settings.version and grains.os_family|lower == 'debian' %}
  5. include:
  6. - .pin
  7. {% endif %}
  8. {%- if grains.os == 'MacOS' %}
  9. {% if salt_settings.install_packages %}
  10. download-salt-minion:
  11. {% if salt_settings.salt_minion_pkg_source %} {# minion upgrade? #}
  12. file.managed:
  13. - name: '/tmp/salt.pkg'
  14. - source: {{ salt_settings.salt_minion_pkg_source }}
  15. {%- if salt_settings.salt_minion_pkg_hash %}
  16. - source_hash: {{ salt_settings.salt_minion_pkg_hash }}
  17. {% else %}
  18. - skip_verify: True
  19. {% endif %}
  20. - user: root
  21. - group: wheel
  22. - mode: '0644'
  23. - unless:
  24. - test -n "{{ salt_settings.version }}" && '/opt/salt/bin/salt-minion --version=.*{{ salt_settings.version }}.*'
  25. - require_in:
  26. - macpackage: salt-minion
  27. - retry: {{ salt_settings.retry_options | json }}
  28. {%- elif "workaround https://github.com/saltstack/salt/issues/49348" %}
  29. cmd.run:
  30. - name: /usr/local/bin/brew install {{ salt_settings.salt_minion }}
  31. - onlyif: test -x /usr/local/bin/brew
  32. - runas: {{ salt_settings.rootuser }}
  33. {%- endif %}
  34. salt-minion-macos:
  35. file.managed:
  36. - onlyif: {{ grains.os == 'MacOS' }}
  37. - name: /Library/LaunchDaemons/com.saltstack.salt.minion.plist
  38. - source: https://raw.githubusercontent.com/saltstack/salt/master/pkg/osx/scripts/com.saltstack.salt.master.plist
  39. - source_hash: {{ salt_settings.salt_minion_macos_plist_hash }}
  40. - retry: {{ salt_settings.retry_options | json }}
  41. - require_in:
  42. - service: salt-minion
  43. - watch_in:
  44. - service: salt-minion
  45. {%- endif %}
  46. {%- endif %}
  47. salt-minion:
  48. {% if salt_settings.install_packages %}
  49. {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source %}
  50. macpackage.installed:
  51. - name: '/tmp/salt.pkg'
  52. - target: /
  53. {# macpackage.installed is weird with version_check, detects diff but incomplete install #}
  54. - force: True {# workaround #}
  55. - unless:
  56. - test -n "{{ salt_settings.version }}" && '/opt/salt/bin/salt-minion --version=.*{{ salt_settings.version }}.*'
  57. {% if salt_settings.minion_service_details.state != 'ignore' %}
  58. - require_in:
  59. - service: salt-minion
  60. {% endif %}
  61. - onchanges_in:
  62. - cmd: remove-macpackage-salt
  63. {%- elif grains.os != 'MacOS' and "workaround https://github.com/saltstack/salt/issues/49348" %}
  64. pkg.installed:
  65. - name: {{ salt_settings.salt_minion }}
  66. {%- if salt_settings.version %}
  67. - version: {{ salt_settings.version }}
  68. {%- endif %}
  69. {% if salt_settings.minion_service_details.state != 'ignore' %}
  70. - require_in:
  71. - service: salt-minion
  72. {% endif %}
  73. {%- endif %}
  74. {% endif %}
  75. file.recurse:
  76. - name: {{ salt_settings.config_path | path_join('minion.d') }}
  77. {%- if salt_settings.minion_config_use_TOFS %}
  78. - template: ''
  79. - source: {{ files_switch(['minion.d'],
  80. lookup='salt-minion'
  81. )
  82. }}
  83. {%- else %}
  84. - template: jinja
  85. - source: salt://{{ tplroot }}/files/minion.d
  86. - context:
  87. standalone: False
  88. {%- endif %}
  89. - clean: {{ salt_settings.clean_config_d_dir }}
  90. - exclude_pat: _*
  91. {% if salt_settings.minion_service_details.state != 'ignore' %}
  92. service.{{ salt_settings.minion_service_details.state }}:
  93. - enable: {{ salt_settings.minion_service_details.enabled }}
  94. - name: {{ salt_settings.minion_service }}
  95. {%- if grains.os_family in ['FreeBSD', 'Gentoo'] %}
  96. - retry: {{ salt_settings.retry_options | json }}
  97. {%- endif %}
  98. - watch:
  99. - file: remove-old-minion-conf-file
  100. - order: last
  101. {% endif %}
  102. {%- if not salt_settings.restart_via_at %}
  103. cmd.run:
  104. {%- if grains['saltversioninfo'] >= [ 2016, 3 ] %}
  105. {%- if grains['kernel'] == 'Windows' %}
  106. - name: 'salt-call.bat --local service.restart {{ salt_settings.minion_service }}'
  107. {%- else %}
  108. - name: 'salt-call --local service.restart {{ salt_settings.minion_service }} --out-file /dev/null'
  109. {%- endif %}
  110. - bg: True
  111. {%- else %}
  112. {%- if grains['kernel'] == 'Windows' %}
  113. - name: 'start powershell "Restart-Service -Name {{ salt_settings.minion_service }}"'
  114. {%- else %}
  115. # old style, pre 2016.3. fork and disown the process
  116. - name: |-
  117. exec 0>&- # close stdin
  118. exec 1>&- # close stdout
  119. exec 2>&- # close stderr
  120. nohup salt-call --local service.restart {{ salt_settings.minion_service }} --out-file /dev/null &
  121. {%- endif %}
  122. {%- endif %}
  123. - onchanges:
  124. {%- if salt_settings.install_packages %}
  125. {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source %}
  126. - macpackage: salt-minion
  127. {%- elif grains.os == 'MacOS' %}
  128. - cmd: download-salt-minion
  129. {%- else %}
  130. - pkg: salt-minion
  131. {%- endif %}
  132. {%- endif %}
  133. - file: salt-minion
  134. - file: remove-old-minion-conf-file
  135. {%- else %}
  136. {% if grains.os_family not in ['MacOS', 'FreeBSD'] %}
  137. {# MacOS and FreeBSD have the 'at' command; but there's no package to install #}
  138. at:
  139. pkg.installed:
  140. - require_in: restart-salt-minion
  141. {% endif %}
  142. restart-salt-minion:
  143. cmd.run:
  144. - name: echo salt-call --local service.restart {{ salt_settings.minion_service }} | at now + 1 minute
  145. - order: last
  146. - onchanges:
  147. {%- if salt_settings.install_packages %}
  148. {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source %}
  149. - macpackage: salt-minion
  150. {%- elif grains.os == 'MacOS' %}
  151. - cmd: download-salt-minion
  152. {%- else %}
  153. - pkg: salt-minion
  154. {%- endif %}
  155. {%- endif %}
  156. - file: salt-minion
  157. - file: remove-old-minion-conf-file
  158. {%- endif %}
  159. {% if 'inotify' in salt_settings.get('minion', {}).get('beacons', {}) and salt_settings.get('pyinotify', False) %}
  160. salt-minion-beacon-inotify:
  161. pkg.installed:
  162. - name: {{ salt_settings.pyinotify }}
  163. - require_in:
  164. - service: salt-minion
  165. - watch_in:
  166. - service: salt-minion
  167. {% endif %}
  168. {% if salt_settings.minion_remove_config %}
  169. remove-default-minion-conf-file:
  170. file.absent:
  171. - name: {{ salt_settings.config_path }}/minion
  172. {% endif %}
  173. # clean up old _defaults.conf file if they have it around
  174. remove-old-minion-conf-file:
  175. file.absent:
  176. - name: {{ salt_settings.config_path | path_join('minion.d', '_defaults.conf') }}
  177. {% if grains.os == 'MacOS' %}
  178. remove-macpackage-salt:
  179. file.absent:
  180. - name: /tmp/salt.pkg
  181. - force: True
  182. {% endif %}
  183. {% if not salt_settings.minion_remove_config %}
  184. permissions-minion-config:
  185. file.managed:
  186. - name: {{ salt_settings.config_path | path_join('minion') }}
  187. - user: {{ salt_settings.rootuser }}
  188. - group:
  189. {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
  190. wheel
  191. {%- else %}
  192. root
  193. {%- endif %}
  194. {%- if grains['kernel'] != 'Windows' %}
  195. - mode: 640
  196. {% endif %}
  197. - replace: False
  198. {% endif %}
  199. salt-minion-pki-dir:
  200. file.directory:
  201. {% if 'pki_dir' in salt_settings.minion %}
  202. - name: {{ salt_settings.minion.pki_dir }}
  203. {% else %}
  204. - name: {{ salt_settings.config_path | path_join('pki', 'minion') }}
  205. {% endif %}
  206. - user: {{ salt_settings.rootuser }}
  207. - group:
  208. {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
  209. wheel
  210. {%- else %}
  211. root
  212. {%- endif %}
  213. {%- if grains['kernel'] != 'Windows' %}
  214. - mode: 700
  215. {% endif %}
  216. - makedirs: True
  217. permissions-minion.pem:
  218. file.managed:
  219. {% if 'pki_dir' in salt_settings.minion %}
  220. - name: {{ salt_settings.minion.pki_dir | path_join('minion.pem') }}
  221. {% else %}
  222. - name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pem') }}
  223. {% endif %}
  224. - user: {{ salt_settings.rootuser }}
  225. - group:
  226. {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
  227. wheel
  228. {%- else %}
  229. root
  230. {%- endif %}
  231. {%- if grains['kernel'] != 'Windows' %}
  232. - mode: 400
  233. {% endif %}
  234. - replace: False
  235. - require:
  236. - file: salt-minion-pki-dir
  237. permissions-minion.pub:
  238. file.managed:
  239. {% if 'pki_dir' in salt_settings.minion %}
  240. - name: {{ salt_settings.minion.pki_dir | path_join('minion.pub') }}
  241. {% else %}
  242. - name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pub') }}
  243. {% endif %}
  244. - user: {{ salt_settings.rootuser }}
  245. - group:
  246. {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
  247. wheel
  248. {%- else %}
  249. root
  250. {%- endif %}
  251. {%- if grains['kernel'] != 'Windows' %}
  252. - mode: 644
  253. {% endif %}
  254. - replace: False
  255. - require:
  256. - file: salt-minion-pki-dir