Merge pull request #2 from tcpcloud/salt_ssh

Salt ssh

CHANGELOG.rst

@@ -3,6 +3,13 @@
 salt-formula
 ============
 
+0.0.4
+-----
+
+- Salt-virt
+- Salt API
+
+
 0.0.3
 -----
 

README.rst

@@ -25,28 +25,13 @@ Salt master with reclass ENC as metadata backend
 
 Salt master with API
 
-.. code-block:: yaml
-
-    salt:
-      api:
-        enabled: true
-        ssl:
-          engine: salt
-        bind:
-          address: 0.0.0.0
-          port: 8000
+.. literalinclude:: tests/pillar/master_api.sls
+   :language: yaml
 
 Salt master with defined user ACLs
 
-.. code-block:: yaml
-
-    salt:
-      master:
-        user:
-          peter:
-            permissions:
-            - 'fs.fs'
-            - 'fs.\*'
+.. literalinclude:: tests/pillar/master_acl.sls
+   :language: yaml
 
 Salt master with preset minions
 
@@ -55,7 +40,6 @@ Salt master with preset minions
     salt:
       master:
         enabled: true
-        ...
         minions:
         - name: 'node1.system.location.domain.com'
 
@@ -125,8 +109,7 @@ Salt master syndicate master of masters
     salt:
       master:
         enabled: true
-        ...
-        syndic:
+        syndicate:
           mode: master
 
 Salt master syndicate (client) master
@@ -136,7 +119,6 @@ Salt master syndicate (client) master
     salt:
       master:
         enabled: true
-        ...
         syndicate:
           mode: client
           host: master-master
@@ -177,6 +159,26 @@ Salt master peer for remote certificate sign.
           ".*":
           - x509.sign_remote_certificate
 
+
+Salt SSH
+--------
+
+Salt SSH with sudoer using key
+
+.. literalinclude:: tests/pillar/master_ssh_minion_key.sls
+   :language: yaml
+
+Salt SSH with sudoer using password
+
+.. literalinclude:: tests/pillar/master_ssh_minion_password.sls
+   :language: yaml
+
+Salt SSH with root using password
+
+.. literalinclude:: tests/pillar/master_ssh_minion_root.sls
+   :language: yaml
+
+
 Salt minion
 -----------
 
@@ -202,6 +204,9 @@ Salt minion with graphing dependencies
 .. literalinclude:: tests/pillar/minion_graph.sls
    :language: yaml
 
+PKI CA
+~~~~~~
+
 Salt minion with PKI CA
 
 .. literalinclude:: tests/pillar/minion_pki_ca.sls
@@ -212,6 +217,7 @@ Salt minion with PKI certificate
 .. literalinclude:: tests/pillar/minion_pki_cert.sls
    :language: yaml
 
+
 Salt control (cloud/kvm/docker)
 -------------------------------
 
@@ -225,7 +231,7 @@ Salt cloud with Digital Ocean provider
 .. literalinclude:: tests/pillar/control_cloud_digitalocean.sls
    :language: yaml
 
-Salt virt KVM cluster
+Salt virt with KVM cluster
 
 .. literalinclude:: tests/pillar/control_virt.sls
    :language: yaml
@@ -270,32 +276,3 @@ salt-cloud
 * http://salt-cloud.readthedocs.org/en/latest/topics/map.html
 * http://docs.saltstack.com/en/latest/topics/tutorials/multimaster.html
 
-salt-virt
----------
-
-Sample pillar
-
-.. code-block:: yaml
-
-  salt:
-    control:
-      enabled: True
-      virt_enabled: True
-      size:
-        medium:
-          cpu: 2
-          ram: 1024
-      cluster:
-        localnode:
-          domain: domain.com
-          engine: virt
-          config:
-            engine: salt
-            host: 127.0.0.1
-          node:
-            ubuntu01:
-              provider: node001.domain.com
-              image: ubuntu-14-04-x64-1456128611.qcow2
-              size: medium
-              disk_profile: database
-              net_profile: testing

VERSION

@@ -1 +1 @@
-0.2
+0.4

metadata.yml

@@ -1,5 +1,5 @@
 name: "salt"
-version: "0.2"
+version: "0.4"
 source: "https://github.com/tcpcloud/salt-formula-salt"
 dependencies:
 - name: git

salt/files/roster

@@ -0,0 +1,16 @@
+{%- from "salt/map.jinja" import master with context %}
+{%- for minion_name, minion in master.get('ssh_minion', {}).items() %}
+{{ minion_name }}:
+  host: {{ minion.host }}
+  user: {{ minion.user }}
+  {%- if minion.password is defined %}
+  passwd: {{ minion.password }}
+  {%- endif %}
+  {%- if minion.key_file is defined %}
+  priv: {{ minion.key_file }}
+  {%- endif %}
+  {%- if minion.get('sudo', False) %}
+  sudo: True
+  tty: True
+  {%- endif %}
+{%- endfor %}

salt/master/init.sls

@@ -6,6 +6,9 @@ include:
 {%- if pillar.salt.master.windows_repo is defined %}
 - salt.master.win_repo
 {%- endif %}
+{%- if pillar.salt.master.ssh_minion is defined %}
+- salt.master.ssh
+{%- endif %}
 {#
 - salt.master.orchestrate
 #}

salt/master/pillar.sls

@@ -4,9 +4,13 @@
 {%- if master.pillar.engine == 'salt' %}
 
 include:
+{%- if master.pillar.source.engine == "git" %}
 - git.client
+{%- endif %}
 - salt.master.service
 
+{%- if master.pillar.source.engine == "git" %}
+
 {{ master.pillar.source.address }}:
   git.latest:
   - target: /srv/salt/pillar
@@ -25,6 +29,8 @@ include:
 
 {%- endif %}
 
+{%- endif %}
+
 {%- elif master.pillar.engine == 'reclass' %}
 
 include:

salt/master/ssh.sls

@@ -0,0 +1,17 @@
+{%- from "salt/map.jinja" import master with context %}
+{%- if master.enabled %}
+
+include:
+- salt.master.service
+
+/etc/salt/roster:
+  file.managed:
+  - source: salt://salt/files/roster
+  - user: root
+  - template: jinja
+  - require:
+    - {{ master.install_state }}
+  - watch_in:
+    - service: salt_master_service
+
+{%- endif %}

tests/pillar/control_virt.sls

@@ -31,4 +31,4 @@ salt:
           ubuntu2:
             provider: node02.domain.com
             image: bubuntu.qcomw
-            size: small
+            size: small

tests/pillar/master_acl.sls

@@ -0,0 +1,24 @@
+git:
+  client:
+    enabled: true
+linux:
+  system:
+    enabled: true
+salt:
+  master:
+    enabled: true
+    source:
+      engine: pkg
+    pillar:
+      engine: salt
+      source:
+        engine: local
+    environment:
+      prd:
+        formula: {}
+    user:
+      peter:
+        enabled: true
+        permissions:
+        - 'fs.fs'
+        - 'fs.\*'

tests/pillar/master_api.sls

@@ -0,0 +1,25 @@
+git:
+  client:
+    enabled: true
+linux:
+  system:
+    enabled: true
+salt:
+  master:
+    enabled: true
+    source:
+      engine: pkg
+    pillar:
+      engine: salt
+      source:
+        engine: local
+    environment:
+      prd:
+        formula: {}
+  api:
+    enabled: true
+    ssl:
+      engine: salt
+    bind:
+      address: 0.0.0.0
+      port: 8000

tests/pillar/master_cluster_failover.sls

@@ -0,0 +1,18 @@
+git:
+  client:
+    enabled: true
+linux:
+  system:
+    enabled: true
+salt:
+  master:
+    enabled: true
+    source:
+      engine: pkg
+    pillar:
+      engine: salt
+      source:
+        engine: local
+    environment:
+      prd:
+        formula: {}

tests/pillar/master_custom_handler.sls

@@ -0,0 +1,24 @@
+git:
+  client:
+    enabled: true
+linux:
+  system:
+    enabled: true
+salt:
+  master:
+    enabled: true
+    source:
+      engine: pkg
+    pillar:
+      engine: salt
+      source:
+        engine: local
+    environment:
+      prd:
+        formula: {}
+    handler:
+      handler01:
+        engine: udp
+        bind:
+          host: 127.0.0.1
+          port: 9999

tests/pillar/master_ssh_minion_key.sls

@@ -0,0 +1,25 @@
+git:
+  client:
+    enabled: true
+linux:
+  system:
+    enabled: true
+salt:
+  master:
+    enabled: true
+    source:
+      engine: pkg
+    pillar:
+      engine: salt
+      source:
+        engine: local
+    environment:
+      prd:
+        formula: {}
+    ssh_minion:
+      node01:
+        host: 10.0.0.1
+        user: saltssh
+        sudo: true
+        key_file: /path/to/the/key
+        port: 22

tests/pillar/master_ssh_minion_password.sls

@@ -0,0 +1,25 @@
+git:
+  client:
+    enabled: true
+linux:
+  system:
+    enabled: true
+salt:
+  master:
+    enabled: true
+    source:
+      engine: pkg
+    pillar:
+      engine: salt
+      source:
+        engine: local
+    environment:
+      prd:
+        formula: {}
+    ssh_minion:
+      node01:
+        host: 10.0.0.1
+        user: saltssh
+        sudo: true
+        password: password
+        port: 22

tests/pillar/master_ssh_minion_root.sls

@@ -0,0 +1,24 @@
+git:
+  client:
+    enabled: true
+linux:
+  system:
+    enabled: true
+salt:
+  master:
+    enabled: true
+    source:
+      engine: pkg
+    pillar:
+      engine: salt
+      source:
+        engine: local
+    environment:
+      prd:
+        formula: {}
+    ssh_minion:
+      node01:
+        host: 10.0.0.1
+        user: root
+        password: password
+        port: 22

tests/pillar/minion_custom_handler.sls

@@ -0,0 +1,14 @@
+salt:
+  minion:
+    enabled: true
+    handler:
+      handler01:
+        engine: udp
+        bind:
+          host: 127.0.0.1
+          port: 9999
+      handler02:
+        engine: zmq
+        bind:
+          host: 127.0.0.1
+          port: 9999