浏览代码

feat(minion): ensure correct permissions for salt-cloud generated files

tags/v1.10.0
Heinz Wiesinger 4 年前
父节点
当前提交
dfa7f7d1d8
共有 1 个文件被更改,包括 76 次插入0 次删除
  1. +76
    -0
      salt/minion.sls

+ 76
- 0
salt/minion.sls 查看文件

@@ -191,3 +191,79 @@ remove-macpackage-salt:
- name: /tmp/salt.pkg
- force: True
{% endif %}

permissions-minion-config:
file.managed:
- name: {{ salt_settings.config_path | path_join('minion') }}
- user: {{ salt_settings.rootuser }}
- group:
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
wheel
{%- else %}
root
{%- endif %}
{%- if grains['kernel'] != 'Windows' %}
- mode: 640
{% endif %}
- replace: False

salt-minion-pki-dir:
file.directory:
{% if 'pki_dir' in salt_settings.minion %}
- name: {{ salt_settings.minion.pki_dir }}
{% else %}
- name: {{ salt_settings.config_path | path_join('pki', 'minion') }}
{% endif %}
- user: {{ salt_settings.rootuser }}
- group:
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
wheel
{%- else %}
root
{%- endif %}
{%- if grains['kernel'] != 'Windows' %}
- mode: 700
{% endif %}
- makedirs: True

permissions-minion.pem:
file.managed:
{% if 'pki_dir' in salt_settings.minion %}
- name: {{ salt_settings.minion.pki_dir | path_join('minion.pem') }}
{% else %}
- name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pem') }}
{% endif %}
- user: {{ salt_settings.rootuser }}
- group:
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
wheel
{%- else %}
root
{%- endif %}
{%- if grains['kernel'] != 'Windows' %}
- mode: 400
{% endif %}
- replace: False
- require:
- file: salt-minion-pki-dir

permissions-minion.pub:
file.managed:
{% if 'pki_dir' in salt_settings.minion %}
- name: {{ salt_settings.minion.pki_dir | path_join('minion.pub') }}
{% else %}
- name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pub') }}
{% endif %}
- user: {{ salt_settings.rootuser }}
- group:
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
wheel
{%- else %}
root
{%- endif %}
{%- if grains['kernel'] != 'Windows' %}
- mode: 644
{% endif %}
- replace: False
- require:
- file: salt-minion-pki-dir

正在加载...
取消
保存