Saltstack Official Salt Formula

275 line
9.2KB

  1. {%- set tplroot = tpldir.split('/')[0] %}
  2. {%- from tplroot ~ "/map.jinja" import salt_settings with context %}
  3. {%- from tplroot ~ "/libtofs.jinja" import files_switch with context %}
  4. {% if salt_settings.pin_version and salt_settings.version and grains.os_family|lower == 'debian' %}
  5. include:
  6. - .pin
  7. {% endif %}
  8. {%- if grains.os == 'MacOS' %}
  9. {% if salt_settings.install_packages %}
  10. download-salt-minion:
  11. {% if salt_settings.salt_minion_pkg_source %} {# minion upgrade? #}
  12. file.managed:
  13. - name: '/tmp/salt.pkg'
  14. - source: {{ salt_settings.salt_minion_pkg_source }}
  15. {%- if salt_settings.salt_minion_pkg_hash %}
  16. - source_hash: {{ salt_settings.salt_minion_pkg_hash }}
  17. {% else %}
  18. - skip_verify: True
  19. {% endif %}
  20. - user: {{ salt_settings.rootuser }}
  21. - group: {{ salt_settings.rootgroup }}
  22. - mode: '0644'
  23. - unless:
  24. - test -n "{{ salt_settings.version }}" && '/opt/salt/bin/salt-minion --version=.*{{ salt_settings.version }}.*'
  25. - require_in:
  26. - macpackage: salt-minion
  27. - retry: {{ salt_settings.retry_options | json }}
  28. {%- elif "workaround https://github.com/saltstack/salt/issues/49348" %}
  29. {% if salt_settings.install_packages %}
  30. pkg.installed:
  31. - name: {{ salt_settings.salt_minion }}
  32. {%- if salt_settings.version is defined %}
  33. - version: {{ salt_settings.version }}
  34. {%- endif %}
  35. {% endif %}
  36. {%- endif %}
  37. salt-minion-macos:
  38. file.managed:
  39. - onlyif: {{ grains.os == 'MacOS' }}
  40. - name: /Library/LaunchDaemons/com.saltstack.salt.minion.plist
  41. - source: https://raw.githubusercontent.com/saltstack/salt/master/pkg/osx/scripts/com.saltstack.salt.master.plist
  42. - source_hash: {{ salt_settings.salt_minion_macos_plist_hash }}
  43. - retry: {{ salt_settings.retry_options | json }}
  44. - require_in:
  45. - service: salt-minion
  46. - watch_in:
  47. - service: salt-minion
  48. {%- endif %}
  49. {%- endif %}
  50. salt-minion:
  51. {% if salt_settings.install_packages %}
  52. {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source %}
  53. macpackage.installed:
  54. - name: '/tmp/salt.pkg'
  55. - target: /
  56. {# macpackage.installed is weird with version_check, detects diff but incomplete install #}
  57. - force: True {# workaround #}
  58. - unless:
  59. - test -n "{{ salt_settings.version }}" && '/opt/salt/bin/salt-minion --version=.*{{ salt_settings.version }}.*'
  60. {% if salt_settings.minion_service_details.state != 'ignore' %}
  61. - require_in:
  62. - service: salt-minion
  63. {% endif %}
  64. - onchanges_in:
  65. - cmd: remove-macpackage-salt
  66. {%- elif grains.os != 'MacOS' and "workaround https://github.com/saltstack/salt/issues/49348" %}
  67. pkg.installed:
  68. - name: {{ salt_settings.salt_minion }}
  69. {%- if salt_settings.version %}
  70. - version: {{ salt_settings.version }}
  71. {%- endif %}
  72. {% if salt_settings.minion_service_details.state != 'ignore' %}
  73. - require_in:
  74. - service: salt-minion
  75. {% endif %}
  76. {%- endif %}
  77. {% endif %}
  78. file.recurse:
  79. - name: {{ salt_settings.config_path | path_join('minion.d') }}
  80. {%- if salt_settings.minion_config_use_TOFS %}
  81. - template: ''
  82. - source: {{ files_switch(['minion.d'],
  83. lookup='salt-minion'
  84. )
  85. }}
  86. {%- else %}
  87. - template: jinja
  88. - source: salt://{{ tplroot }}/files/minion.d
  89. - context:
  90. standalone: False
  91. {%- endif %}
  92. - clean: {{ salt_settings.clean_config_d_dir }}
  93. - exclude_pat: _*
  94. {% if salt_settings.minion_service_details.state != 'ignore' %}
  95. service.{{ salt_settings.minion_service_details.state }}:
  96. - enable: {{ salt_settings.minion_service_details.enabled }}
  97. - name: {{ salt_settings.minion_service }}
  98. {%- if grains.os_family in ['FreeBSD', 'Gentoo'] %}
  99. - retry: {{ salt_settings.retry_options | json }}
  100. {%- endif %}
  101. - watch:
  102. - file: remove-old-minion-conf-file
  103. - order: last
  104. {% endif %}
  105. {%- if not salt_settings.restart_via_at %}
  106. cmd.run:
  107. {%- if grains['saltversioninfo'] >= [ 2016, 3 ] %}
  108. {%- if grains['kernel'] == 'Windows' %}
  109. - name: 'salt-call.bat --local service.restart {{ salt_settings.minion_service }}'
  110. {%- else %}
  111. - name: 'salt-call --local service.restart {{ salt_settings.minion_service }} --out-file /dev/null'
  112. {%- endif %}
  113. - bg: True
  114. {%- else %}
  115. {%- if grains['kernel'] == 'Windows' %}
  116. - name: 'start powershell "Restart-Service -Name {{ salt_settings.minion_service }}"'
  117. {%- else %}
  118. # old style, pre 2016.3. fork and disown the process
  119. - name: |-
  120. exec 0>&- # close stdin
  121. exec 1>&- # close stdout
  122. exec 2>&- # close stderr
  123. nohup salt-call --local service.restart {{ salt_settings.minion_service }} --out-file /dev/null &
  124. {%- endif %}
  125. {%- endif %}
  126. - onchanges:
  127. {%- if salt_settings.install_packages %}
  128. {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source %}
  129. - macpackage: salt-minion
  130. {%- elif grains.os == 'MacOS' %}
  131. - pkg: download-salt-minion
  132. {%- else %}
  133. - pkg: salt-minion
  134. {%- endif %}
  135. {%- endif %}
  136. - file: salt-minion
  137. - file: remove-old-minion-conf-file
  138. {%- else %}
  139. {% if grains.os_family not in ['MacOS', 'FreeBSD'] %}
  140. {# MacOS and FreeBSD have the 'at' command; but there's no package to install #}
  141. at:
  142. pkg.installed:
  143. - require_in: restart-salt-minion
  144. {% endif %}
  145. restart-salt-minion:
  146. cmd.run:
  147. - name: echo salt-call --local service.restart {{ salt_settings.minion_service }} | at now + 1 minute
  148. - order: last
  149. - onchanges:
  150. {%- if salt_settings.install_packages %}
  151. {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source %}
  152. - macpackage: salt-minion
  153. {%- elif grains.os == 'MacOS' %}
  154. - pkg: download-salt-minion
  155. {%- else %}
  156. - pkg: salt-minion
  157. {%- endif %}
  158. {%- endif %}
  159. - file: salt-minion
  160. - file: remove-old-minion-conf-file
  161. {%- endif %}
  162. {% if 'inotify' in salt_settings.get('minion', {}).get('beacons', {}) and salt_settings.get('pyinotify', False) %}
  163. salt-minion-beacon-inotify:
  164. pkg.installed:
  165. - name: {{ salt_settings.pyinotify }}
  166. - require_in:
  167. - service: salt-minion
  168. - watch_in:
  169. - service: salt-minion
  170. {% endif %}
  171. {% if salt_settings.minion_remove_config %}
  172. remove-default-minion-conf-file:
  173. file.absent:
  174. - name: {{ salt_settings.config_path }}/minion
  175. {% endif %}
  176. # clean up old _defaults.conf file if they have it around
  177. remove-old-minion-conf-file:
  178. file.absent:
  179. - name: {{ salt_settings.config_path | path_join('minion.d', '_defaults.conf') }}
  180. {% if grains.os == 'MacOS' %}
  181. remove-macpackage-salt:
  182. file.absent:
  183. - name: /tmp/salt.pkg
  184. - force: True
  185. {% endif %}
  186. {% if not salt_settings.minion_remove_config %}
  187. permissions-minion-config:
  188. file.managed:
  189. - name: {{ salt_settings.config_path | path_join('minion') }}
  190. - user: {{ salt_settings.rootuser }}
  191. - group:
  192. {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
  193. wheel
  194. {%- else %}
  195. {{ salt_settings.rootgroup }}
  196. {%- endif %}
  197. {%- if grains['kernel'] != 'Windows' %}
  198. - mode: 640
  199. {% endif %}
  200. - replace: False
  201. {% endif %}
  202. salt-minion-pki-dir:
  203. file.directory:
  204. {% if 'pki_dir' in salt_settings.minion %}
  205. - name: {{ salt_settings.minion.pki_dir }}
  206. {% else %}
  207. - name: {{ salt_settings.config_path | path_join('pki', 'minion') }}
  208. {% endif %}
  209. - user: {{ salt_settings.rootuser }}
  210. - group:
  211. {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
  212. wheel
  213. {%- else %}
  214. {{ salt_settings.rootgroup }}
  215. {%- endif %}
  216. {%- if grains['kernel'] != 'Windows' %}
  217. - mode: 700
  218. {% endif %}
  219. - makedirs: True
  220. permissions-minion.pem:
  221. file.managed:
  222. {% if 'pki_dir' in salt_settings.minion %}
  223. - name: {{ salt_settings.minion.pki_dir | path_join('minion.pem') }}
  224. {% else %}
  225. - name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pem') }}
  226. {% endif %}
  227. - user: {{ salt_settings.rootuser }}
  228. - group:
  229. {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
  230. wheel
  231. {%- else %}
  232. {{ salt_settings.rootgroup }}
  233. {%- endif %}
  234. {%- if grains['kernel'] != 'Windows' %}
  235. - mode: 400
  236. {% endif %}
  237. - replace: False
  238. - require:
  239. - file: salt-minion-pki-dir
  240. permissions-minion.pub:
  241. file.managed:
  242. {% if 'pki_dir' in salt_settings.minion %}
  243. - name: {{ salt_settings.minion.pki_dir | path_join('minion.pub') }}
  244. {% else %}
  245. - name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pub') }}
  246. {% endif %}
  247. - user: {{ salt_settings.rootuser }}
  248. - group:
  249. {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
  250. wheel
  251. {%- else %}
  252. {{ salt_settings.rootgroup }}
  253. {%- endif %}
  254. {%- if grains['kernel'] != 'Windows' %}
  255. - mode: 644
  256. {% endif %}
  257. - replace: False
  258. - require:
  259. - file: salt-minion-pki-dir