New version of salt-formula from Saltstack

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116
  1. {%- set service_grains = {'salt': {'graph': []}} %}
  2. {%- for service_name, service in pillar.items() %}
  3. {%- set grains_fragment_file = service_name+'/meta/meta.yml' %}
  4. {%- macro load_grains_file() %}{% include grains_fragment_file ignore missing %}{% endmacro %}
  5. {%- set grains_yaml = load_grains_file()|load_yaml %}
  6. {%- if grains_yaml is mapping %}
  7. {%- for node in grains_yaml.graph %}
  8. {%- do service_grains.salt.graph.append(node) %}
  9. {%- endfor %}
  10. {%- endif %}
  11. {%- endfor %}
  12. grain:
  13. salt:
  14. {{ service_grains|yaml(False)|indent(4) }}
  15. orchestrate:
  16. master:
  17. priority: 60
  18. minion:
  19. priority: 70
  20. control:
  21. priority: 400
  22. require:
  23. - salt: salt.master
  24. minion:
  25. {%- if pillar.get('salt', {}).get('minion', {}).get('ca') %}
  26. pki:
  27. {%- from "salt/map.jinja" import minion with context %}
  28. x509_signing_policies:
  29. {%- for ca_name,ca in minion.ca.items() %}
  30. {%- for signing_policy_name, signing_policy in ca.signing_policy.iteritems() %}
  31. {{ ca_name }}_{{ signing_policy_name }}:
  32. - minions: '{{ signing_policy.minions }}'
  33. - signing_private_key: /etc/pki/ca/{{ ca_name }}/ca.key
  34. - signing_cert: /etc/pki/ca/{{ ca_name }}/ca.crt
  35. {%- if ca.country is defined %}
  36. - C: {{ ca.country }}
  37. {%- endif %}
  38. {%- if ca.state is defined %}
  39. - ST: {{ ca.state }}
  40. {%- endif %}
  41. {%- if ca.locality is defined %}
  42. - L: {{ ca.locality }}
  43. {%- endif %}
  44. {%- if ca.organization is defined %}
  45. - O: {{ ca.organization }}
  46. {%- endif %}
  47. {%- if ca.organization_unit is defined %}
  48. - OU: {{ ca.organization_unit }}
  49. {%- endif %}
  50. {%- if signing_policy.type == 'v3_edge_cert_client' %}
  51. - basicConstraints: "CA:FALSE"
  52. - keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment"
  53. - extendedKeyUsage: "critical clientAuth"
  54. {%- elif signing_policy.type == 'v3_edge_cert_server' %}
  55. - basicConstraints: "CA:FALSE"
  56. - keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment"
  57. - extendedKeyUsage: "critical,serverAuth"
  58. {%- elif signing_policy.type == 'v3_intermediate_ca' %}
  59. - basicConstraints: "CA:TRUE"
  60. - keyUsage: "critical cRLSign,keyCertSign"
  61. {%- elif signing_policy.type == 'v3_edge_ca' %}
  62. - basicConstraints: "CA:TRUE,pathlen:0"
  63. - keyUsage: "critical cRLSign,keyCertSign"
  64. {%- elif signing_policy.type == 'v3_edge_cert_open' %}
  65. - basicConstraints: "CA:FALSE"
  66. {%- endif %}
  67. - subjectKeyIdentifier: hash
  68. - authorityKeyIdentifier: keyid,issuer:always
  69. - days_valid: {{ ca.days_valid.certificate }}
  70. - copypath: /etc/pki/ca/{{ ca_name }}/certs/
  71. {%- endfor %}
  72. {%- endfor %}
  73. {%- endif %}
  74. {%- if pillar.salt.control is defined and pillar.salt.control.virt_enabled is defined %}
  75. virt:
  76. {% from "salt/map.jinja" import control with context %}
  77. {%- if control.net_profile is defined or control.disk_profile is defined %}
  78. virt:
  79. {%- if control.net_profile is defined %}
  80. nic:
  81. {%- for item_name, item in control.net_profile.iteritems() %}
  82. {{ item_name }}:
  83. {%- for iface_name, iface in item.iteritems() %}
  84. {{ iface_name }}:
  85. {%- if iface.bridge is defined %}
  86. bridge: {{ iface.bridge }}
  87. {%- endif %}
  88. {%- if iface.network is defined %}
  89. network: {{ iface.network }}
  90. {%- endif %}
  91. {%- if iface.model is defined %}
  92. model: {{ iface.model }}
  93. {%- endif %}
  94. {%- endfor %}
  95. {%- endfor %}
  96. {%- endif %}
  97. {%- if control.disk_profile is defined %}
  98. disk:
  99. {%- for item_name, item in control.disk_profile.iteritems() %}
  100. {{ item_name }}:
  101. {%- for disk_name, disk in item.iteritems() %}
  102. - {{ disk }}:
  103. {%- if disk.size is defined %}
  104. size: {{ disk.size }}
  105. {%- endif %}
  106. {%- endfor %}
  107. {%- endfor %}
  108. {%- endif %}
  109. {%- endif %}
  110. virt.images: /var/lib/libvirt/images
  111. {%- endif %}
  112. {#-
  113. vim: syntax=jinja
  114. -#}