Browse Source

Master remote ACLs

tags/2016.12
Ales Komarek 8 years ago
parent
commit
b222a135fa
3 changed files with 25 additions and 12 deletions
  1. +14
    -3
      salt/files/_acl.conf
  2. +0
    -9
      salt/files/master.conf
  3. +11
    -0
      salt/master/service.sls

+ 14
- 3
salt/files/_acl.conf View File

@@ -1,4 +1,15 @@
{%- from "salt/map.jinja" import master with context %}

peer:
.*:
- x509.sign_remote_certificate
{%- if master.user is defined %}

external_auth:
pam:
{%- for user_name, user in master.user.iteritems() %}
{{ user_name }}: {{ user.permissions|yaml }}
{%- endfor %}

{%- endif %}

{#-
vim: syntax=jinja
-#}

+ 0
- 9
salt/files/master.conf View File

@@ -64,15 +64,6 @@ master_tops:

{%- endif %}

{%- if master.user is defined %}

client_acl:
{%- for user_name, user in master.user.iteritems() %}
{{ user_name }}: {{ user.permissions|yaml }}
{%- endfor %}

{%- endif %}

{%- for handler in pillar.salt.minion.get("handlers", []) %}

{%- if handler.engine == "udp"%}

+ 11
- 0
salt/master/service.sls View File

@@ -30,6 +30,16 @@ salt_master_packages:

{%- if master.peer is defined %}

/etc/salt/master.d/_acl.conf:
file.managed:
- source: salt://salt/files/_acl.conf
- user: root
- template: jinja
- require:
- {{ master.install_state }}
- watch_in:
- service: salt_master_service

/etc/salt/master.d/_peer.conf:
file.managed:
- source: salt://salt/files/_peer.conf
@@ -40,6 +50,7 @@ salt_master_packages:
- watch_in:
- service: salt_master_service


{%- endif %}

salt_master_service:

Loading…
Cancel
Save