瀏覽代碼

Merge branch 'mine_publish' into 'master'

Salt ACL and API updates

See merge request !12
tags/0.4
Aleš Komárek 8 年之前
父節點
當前提交
7ff7459674
共有 6 個文件被更改,包括 53 次插入31 次删除
  1. +17
    -3
      README.rst
  2. +1
    -1
      metadata/service/master/cluster.yml
  3. +1
    -1
      metadata/service/master/single.yml
  4. +11
    -6
      salt/api.sls
  5. +20
    -0
      salt/files/_api.conf
  6. +3
    -20
      salt/files/master.conf

+ 17
- 3
README.rst 查看文件

@@ -28,11 +28,25 @@ Salt master with API
.. code-block:: yaml

salt:
master:
...
api:
enabled: true
port: 8000
ssl:
engine: salt
bind:
address: 0.0.0.0
port: 8000

Salt master with defined user ACLs

.. code-block:: yaml

salt:
master:
user:
peter:
permissions:
- 'fs.fs'
- 'fs.\*'

Salt master with preset minions


+ 1
- 1
metadata/service/master/cluster.yml 查看文件

@@ -11,4 +11,4 @@ parameters:
source:
engine: pkg
command_timeout: 5
worker_threads: 2
worker_threads: 3

+ 1
- 1
metadata/service/master/single.yml 查看文件

@@ -13,5 +13,5 @@ parameters:
source:
engine: pkg
command_timeout: 5
worker_threads: 2
worker_threads: 3
base_environment: ${_param:salt_master_base_environment}

+ 11
- 6
salt/api.sls 查看文件

@@ -1,14 +1,19 @@
{%- from "salt/map.jinja" import api with context %}
{%- if api.enabled %}

include:
- salt.master

salt_api_packages:
pkg.installed
pkg.installed:
- names: {{ api.pkgs }}

/etc/salt/master.d/_api.conf:
file.managed:
- source: salt://salt/files/_api.conf
- user: root
- template: jinja
- require:
- {{ master.install_state }}
- pkg: salt_api_packages
- watch_in:
- service: salt_api_service

salt_api_service:
service.running:
@@ -16,6 +21,6 @@ salt_api_service:
- require:
- pkg: salt_api_packages
- watch:
- file: /etc/salt/master
- file: /etc/salt/master.d/_api.conf

{%- endif %}

+ 20
- 0
salt/files/_api.conf 查看文件

@@ -0,0 +1,20 @@
{%- from "linux/map.jinja" import system with context %}
{%- from "salt/map.jinja" import api with context %}

rest_cherrypy:
port: {{ api.bind.port }}
host: {{ api.bind.address }}
{%- if api.get('ssl', {}).get('enabled', False) %}
{%- if api.ssl.engine == 'salt' %}
ssl_crt: /etc/ssl/certs/{{ system.name }}.{{ system.domain }}.crt
ssl_key: /etc/ssl/private/{{ system.name }}.{{ system.domain }}.key
{%- else %}
ssl_crt: {{ api.ssl.get('cert_file')|default("/etc/ssl/certs/"+grains.get('fqdn')+".crt") }}
ssl_crt: {{ api.ssl.get('key_file')|default("/etc/ssl/private/"+grains.get('fqdn')+".key") }}
{%- endif %}
{%- else %}
disable_ssl: True
{%- endif %}
{%- if api.get('debug', False) %}
debug: True
{%- endif %}

+ 3
- 20
salt/files/master.conf 查看文件

@@ -64,29 +64,12 @@ master_tops:

{%- endif %}

{%- if master.acl is defined %}
{%- if master.user is defined %}

client_acl:
{%- for acl in master.acl %}
{{ acl.name }}:
{%- for right in acl.rights %}
- {{ right }}
{%- for user_name, user in master.user.iteritems() %}
{{ user_name }}: {{ user.permissions|yaml }}
{%- endfor %}
{%- endfor %}

{%- endif %}

{%- if master.bind.api is defined %}

rest_cherrypy:
port: {{ master.api.port }}
ssl_crt: /etc/ssl/certs/{{ system.name }}.{{ system.domain }}.crt
ssl_key: /etc/ssl/private/{{ system.name }}.{{ system.domain }}.key
{%- if pillar.halite is defined %}
static: /srv/halite/halite
app: /srv/halite/halite/index.html
{%- endif %}
debug: True

{%- endif %}


Loading…
取消
儲存