salt-proxy

Change-Id: I2aba1213b1dda46aee929b8ea583c41316e3eb0b

README.rst

@@ -171,6 +171,57 @@ Salt master peer for remote certificate sign.
           ".*":
           - x509.sign_remote_certificate
 
+Salt proxy
+----------
+
+Salt proxy pillar
+
+.. code-block:: yaml
+
+    salt:
+      minion:
+        proxy:
+          master: localhost
+          device:
+            vsrx01.mydomain.local:
+              enabled: true
+              engine: napalm
+            csr1000v.mydomain.local:
+              enabled: true
+              engine: napalm
+
+.. note:: This is pillar of the the real salt-minion
+
+
+Proxy pillar for IOS device
+
+.. code-block:: yaml
+
+    proxy:
+      proxytype: napalm
+      driver: ios
+      host: csr1000v.mydomain.local
+      username: root
+      passwd: r00tme
+
+.. note:: This is pillar of the node thats not able to run salt-minion itself
+
+
+Proxy pillar for JunOS device
+
+.. code-block:: yaml
+
+    proxy:
+      proxytype: napalm
+      driver: junos
+      host: vsrx01.mydomain.local
+      username: root
+      passwd: r00tme
+      optional_args:
+        config_format: set
+
+.. note:: This is pillar of the node thats not able to run salt-minion itself
+
 
 Salt SSH
 --------

salt/files/proxy.conf

@@ -0,0 +1,8 @@
+##### Primary configuration settings #####
+##########################################
+# This configuration file is used to manage the behavior of all Salt Proxy
+# Minions on this host.
+
+master: {{ proxy.master|default('localhost') }}
+multiprocessing: False
+mine_enabled: True

salt/files/salt-proxy.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Salt proxy minion
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/salt-proxy --proxyid %i
+User=root
+Group=root
+Restart=always
+RestartPreventExitStatus=SIGHUP
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target

salt/map.jinja

@@ -110,6 +110,19 @@ RedHat:
 {%- if pillar.salt.minion is defined %}
 {%- set raw_minion = salt['grains.filter_by'](minion_specific, merge=salt['pillar.get']('salt:minion')) %}
 {%- set minion = salt['grains.filter_by'](minion_common, merge=raw_minion) %}
+
+{%- if pillar.salt.minion.proxy is defined %}
+{% set proxy = salt['grains.filter_by']({
+    'Debian': {
+        'napalm_pkgs': ['python-pip', 'libxml2-dev', 'libxslt1-dev', 'zlib1g-dev'],
+        'napalm_pip_pkgs': ['napalm', 'oauth']
+    },
+    'RedHat': {
+        'napalm_pkgs': ['libxml2-dev', 'libxslt1-dev', 'zlib1g-dev']
+    },
+}, merge=pillar.salt.minion.get('proxy', {})) %}
+{%- endif %}
+
 {%- endif %}
 
 

salt/minion/init.sls

@@ -8,3 +8,6 @@ include:
 - salt.minion.ca
 {%- endif %}
 - salt.minion.cert
+{%- if pillar.salt.minion.proxy is defined %}
+- salt.minion.proxy
+{%- endif %}

salt/minion/proxy.sls

@@ -0,0 +1,52 @@
+{%- from "salt/map.jinja" import proxy with context %}
+
+{%- set napalm = false %}
+
+{%- for proxy_name, proxy_device in proxy.device.iteritems() %}
+
+{%- if proxy_device.engine == 'napalm' %}
+
+{%- set napalm = true %}
+
+{%- endif %}
+
+{%- endfor %}
+
+/etc/systemd/system/salt-proxy@.service:
+  file.managed:
+  - source: salt://salt/files/salt-proxy.service
+  - template: jinja
+
+/etc/salt/proxy:
+  file.managed:
+  - source: salt://salt/files/proxy.conf
+  - template: jinja
+  - defaults:
+      napalm: {{ napalm }}
+      proxy: {{ proxy|yaml }}
+
+{%- if napalm %}
+
+network_proxy_packages:
+  pkg.installed:
+  - names: {{ proxy.napalm_pkgs }}
+
+napalm:
+  pip.installed:
+    - name: {{ proxy.napalm_pip_pkgs}}
+    - require:
+      - pkg: python-pip
+
+{%- endif %}
+
+{%- for proxy_name, proxy_device in proxy.device.iteritems() %}
+
+salt_proxy_{{ proxy_name }}_service:
+  service.running:
+  - enable: true
+  - name: salt-proxy@{{ proxy_name }}
+  - watch:
+    - file: /etc/salt/proxy
+    - file: /etc/systemd/system/salt-proxy@.service
+
+{%- endfor %}

tests/pillar/minion_proxy.sls

@@ -0,0 +1,12 @@
+salt:
+  minion:
+    enabled:true
+    proxy:
+      master: localhost
+      device:
+        vsrx01.mydomain.local:
+          enabled: true
+          engine: napalm
+        csr1000v.mydomain.local:
+          enabled: true
+          engine: napalm