Browse Source

Merge branch 'mine_publish' into 'master'

Salt ACL and API updates

See merge request !12
tags/0.4
Aleš Komárek 8 years ago
parent
commit
7ff7459674
6 changed files with 53 additions and 31 deletions
  1. +17
    -3
      README.rst
  2. +1
    -1
      metadata/service/master/cluster.yml
  3. +1
    -1
      metadata/service/master/single.yml
  4. +11
    -6
      salt/api.sls
  5. +20
    -0
      salt/files/_api.conf
  6. +3
    -20
      salt/files/master.conf

+ 17
- 3
README.rst View File

.. code-block:: yaml .. code-block:: yaml


salt: salt:
master:
...
api: api:
enabled: true enabled: true
port: 8000
ssl:
engine: salt
bind:
address: 0.0.0.0
port: 8000

Salt master with defined user ACLs

.. code-block:: yaml

salt:
master:
user:
peter:
permissions:
- 'fs.fs'
- 'fs.\*'


Salt master with preset minions Salt master with preset minions



+ 1
- 1
metadata/service/master/cluster.yml View File

source: source:
engine: pkg engine: pkg
command_timeout: 5 command_timeout: 5
worker_threads: 2
worker_threads: 3

+ 1
- 1
metadata/service/master/single.yml View File

source: source:
engine: pkg engine: pkg
command_timeout: 5 command_timeout: 5
worker_threads: 2
worker_threads: 3
base_environment: ${_param:salt_master_base_environment} base_environment: ${_param:salt_master_base_environment}

+ 11
- 6
salt/api.sls View File

{%- from "salt/map.jinja" import api with context %} {%- from "salt/map.jinja" import api with context %}
{%- if api.enabled %} {%- if api.enabled %}


include:
- salt.master

salt_api_packages: salt_api_packages:
pkg.installed
pkg.installed:
- names: {{ api.pkgs }} - names: {{ api.pkgs }}

/etc/salt/master.d/_api.conf:
file.managed:
- source: salt://salt/files/_api.conf
- user: root
- template: jinja
- require: - require:
- {{ master.install_state }}
- pkg: salt_api_packages
- watch_in:
- service: salt_api_service


salt_api_service: salt_api_service:
service.running: service.running:
- require: - require:
- pkg: salt_api_packages - pkg: salt_api_packages
- watch: - watch:
- file: /etc/salt/master
- file: /etc/salt/master.d/_api.conf


{%- endif %} {%- endif %}

+ 20
- 0
salt/files/_api.conf View File

{%- from "linux/map.jinja" import system with context %}
{%- from "salt/map.jinja" import api with context %}

rest_cherrypy:
port: {{ api.bind.port }}
host: {{ api.bind.address }}
{%- if api.get('ssl', {}).get('enabled', False) %}
{%- if api.ssl.engine == 'salt' %}
ssl_crt: /etc/ssl/certs/{{ system.name }}.{{ system.domain }}.crt
ssl_key: /etc/ssl/private/{{ system.name }}.{{ system.domain }}.key
{%- else %}
ssl_crt: {{ api.ssl.get('cert_file')|default("/etc/ssl/certs/"+grains.get('fqdn')+".crt") }}
ssl_crt: {{ api.ssl.get('key_file')|default("/etc/ssl/private/"+grains.get('fqdn')+".key") }}
{%- endif %}
{%- else %}
disable_ssl: True
{%- endif %}
{%- if api.get('debug', False) %}
debug: True
{%- endif %}

+ 3
- 20
salt/files/master.conf View File



{%- endif %} {%- endif %}


{%- if master.acl is defined %}
{%- if master.user is defined %}


client_acl: client_acl:
{%- for acl in master.acl %}
{{ acl.name }}:
{%- for right in acl.rights %}
- {{ right }}
{%- for user_name, user in master.user.iteritems() %}
{{ user_name }}: {{ user.permissions|yaml }}
{%- endfor %} {%- endfor %}
{%- endfor %}

{%- endif %}

{%- if master.bind.api is defined %}

rest_cherrypy:
port: {{ master.api.port }}
ssl_crt: /etc/ssl/certs/{{ system.name }}.{{ system.domain }}.crt
ssl_key: /etc/ssl/private/{{ system.name }}.{{ system.domain }}.key
{%- if pillar.halite is defined %}
static: /srv/halite/halite
app: /srv/halite/halite/index.html
{%- endif %}
debug: True


{%- endif %} {%- endif %}



Loading…
Cancel
Save