Kirill Bespalov
6b2a592dc9
Fix salt.minion.cert CA certs generation
1:
In case of trust_salt_ca usage, the salt.minion.cert state
generates broken certs body due to a space replacing:
-----BEGINCERTIFICATE-----
MIIFzzCCA7egAwIBAgIITiyuuFgl1S4wDQYJKoZIhvcNAQELBQAwSjELMAkGA1UE
BhMCY3oxFzAVBgNVBAMMDlNhbHQgT
....
To fix it the "x509.pem_managed" is used.
2:
If a symlink to CA cert is already exists, then the state is failing.
The force=True (replace) is used now to avoid the issue.
Change-Id: I4a2bd7c882e179560657a3dc7edf18c7e5835492
7 years ago
Jiri Broulik
8827524529
proxy_minion fix
Change-Id: I73a4a14734651f6483fae169a2290e9c5b377d76
7 years ago
Petr Michalec
6bce131c39
fix ca cert render indent issue
7 years ago
Petr Michalec
91e16770e8
formula, service symlinks. force/makedirs True
7 years ago
Petr Michalec
7a2f1d281c
version to be specified for salt formula
7 years ago
Petr Michalec
2162e5dfc6
Fix minion install pkgs and dependency packages
7 years ago
Ales Komarek
5474068a16
Reactor system, documentation fixes
Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14
7 years ago
Filip Pytloun
95ccd0894d
Add lost break into while true loop
Change-Id: I7b4dc2001e07b047964f4ebbbbe0b23db7819566
7 years ago
Tomáš Kukrál
6f6e7965ce
fix meta/salt with missing pillar
Change-Id: I484f7156dc82ca528307857f41018f4048467f78
7 years ago
Filip Pytloun
5700aa5a67
Restart salt-minion on config change
Change-Id: Ie1f1397817b47f299107e4f44dfb4c5ffe1c010c
7 years ago
Tomáš Kukrál
044667bcce
set state_output to "changes"
Terse output is not enough for debugging.
Change-Id: Ida9a4ef0a2ad053fc370d3833d716d9e8d38d814
7 years ago
Tomáš Kukrál
8922aef95b
configure state_output
This option can configure default output of state calls. Terse (default
option) will make each call to be on single line and make salt output
better.
Change-Id: Id0987561e34a84fb26a796729d6ab3de3b9ae8e5
7 years ago
Filip Pytloun
8797b20780
Manage minion.d using support metadata
Change-Id: I6f1292779858c45f9cf6f4caf3657ee000b2cf06
7 years ago
Petr Michalec
1a056d59f3
Fix pedantic syntax of the state file
7 years ago
Tomáš Kukrál
5381187ddc
update packages for centos
Change-Id: I2b8ee84718e10d6261f1c93ca02ff4b60977e37f
7 years ago
Alexander Noskov
cdc61890fd
Update virt.sls
Add ability to specify custom node name in reclass.
7 years ago
Petr Michalec
03e5362f09
fix prepending whitespaces starting 2nd line
7 years ago
Petr Michalec
e0d1980267
fix minion proxy, if devices not defined
7 years ago
Filip Pytloun
70798fd4df
Manage grains using support metadata
Change-Id: I1e1269268a81d8cd01b5fe9328f63e8bf85e941b
7 years ago
Yuriy Taraday
19054adce5
Use forward dependency for ca_file instead of reverse one
We can have this failing because of bad mine data:
salt['mine.get'](cert.host, 'x509.get_pem_entries')
Without this change, dependency between salt_minion_cert_*_all and
ca_file is just ignored and salt_minion_cert_*_all state fails because
it can't find appropriate file.
Change-Id: I2a5dd12e08159bf110ff0d9879ebf0ad5d9d97c1
7 years ago
Jiri Broulik
a0f4668a04
salt-proxy
Change-Id: I2aba1213b1dda46aee929b8ea583c41316e3eb0b
7 years ago
Petr Michalec
64e7e680f2
fix, ca crt rollout for trusted_ca_minions
7 years ago
Petr Michalec
b368eb750f
retry_dns 0 for failover setup
7 years ago
Ruslan Usichenko
a1a09ef7c6
Add more precise match if host exists on kvm host
Change-Id: I26aeae62cc1c1d407d36d1d6bf101db073d9e610
7 years ago
Petr Michalec
e07687e17e
Global trust for SaltCA, distribute ca.crt
7 years ago
Tomáš Kukrál
e3ae6b3bbf
fix conflicting salt_ca_certificates_packages
It was failing with:
Rendering SLS 'base:salt.minion.cert' failed: Conflicting ID 'salt_ca_certificates_packages'
ca-certificates installation should be probably moved out of the loop in
the future.
Change-Id: I26aeae62cc1c1d407d36d1d6bf101db073d9e601
7 years ago
Filip Pytloun
1fde6eac8d
Add salt master's CA into system CA bundle
Change-Id: I89cec95e87db52fd59a84d57c485d8c938711ef3
7 years ago
Filip Pytloun
a7d2ecde9b
Run saltutil.sync_all when minion is started
Unfortunately this is not idempotent, however we surely want to sync
everything when salt.minion state is executed.
Change-Id: I0faaf606b57dbd7d009156abfe50d2e5f350190e
7 years ago
Swann Croiset
7d792fe76f
Factorize minion grains generation
7 years ago
Tomáš Kukrál
a480e1663c
add policy open_usage
This policy will be used for certificate with various keyUsage
parameters. Etcd for example.
Change-Id: I2a6387f8b7ee58fb6f256881e3e09142f13119a9
7 years ago
Tomáš Kukrál
bb122162f2
allow to set keyUsage and extendedKeyUsage cert params
Change-Id: I1eaa9cf7a7f861cc5de604e03fba8a74436d99ad
7 years ago
Petr Michalec
dc7dbfffb7
add minion.conf default output/log level settings
7 years ago
Guillaume Thouvenin
8467224c8d
Update check for local salt master
By default the check is OK for a number of processes between 1 and 15
but on our machine the number is up to 48. So we set the limit
accordingly.
Change-Id: Iac3d2b91312dfe778ebcd39b5eb985348c7aee5a
7 years ago
Ondrej Smola
b74020fe39
added autostart for vm into virt
7 years ago
Martin819
92294ff2af
Added Kitchen and Travis
7 years ago
Tomáš Kukrál
04aa7b4bc7
fix mass install of formula pkgs
Previous approach fails when all of formulas are installed from git.
Change-Id: I0622461ee6469c59c1fd3ad4a23cdaeaeee1b444
7 years ago
Anežka Jadlovská
87c561dbad
Speed up installation of formula packages
Install all pkgs for formulas together.
7 years ago
Tomáš Kukrál
38bb20473f
fix Conflicting ID for ...crt_cert_permissions
This error occures when multiple certs signed by same CA are requested
on minion.
Change-Id: I6b20ab4e1795298c94f55fdc61af99f933d8491c
7 years ago
Tomáš Kukrál
5ea7fb3b3c
send mine always (not only on change)
First run is made during salt-master cloud-init and thus it is onchanges
is not suitable here because ca.crt file is already generated.
7 years ago
Ondrej Smola
6a4e11aafc
added config for proxy on salt minion
7 years ago
Ales Komarek
dec3101da7
Syndic service
7 years ago
Ales Komarek
70a32ba44f
Conditional orders
7 years ago
Ales Komarek
2c5e080c01
Support of multi-master-of-masters
7 years ago
Ales Komarek
a33b905a72
Cleaned up salt-syndic features
7 years ago
Simon Pasquier
b154dc3a7a
Fix salt.api state to catch undefined data
7 years ago
Ales Komarek
b1cb0104e3
API Expire responses
8 years ago
Michael Kutý
08eb0a4d28
Support letsencrypt certs for API.
Letsencrypt could makes symlinks to standard locations in the future.
8 years ago
Ondrej Smola
cd92dbf958
added log_level to salt minion
8 years ago
Olivier Bourdon
d261b33c40
Fix typo in package name
8 years ago
Ales Komarek
76eb5f1ccb
psutil package
8 years ago