This change adds support for installation of other formula dependencies
during run of salt.minion state. Due to this, other states are able to
run successfuly on first run because their modules' dependencies are
already satisfied and loaded.
Change-Id: I6e3149b808be641125b82c650f98cd09f79dd631
There was a wrong assumption that if galera.master or
galera.slave or mysql.server was defined in pillar we tried
to pick user/password from pillar.
This patch updates condition to ensure that enabled attribute
set to True.
Related-Prod: PROD-16658
Change-Id: I9cdd9259000d7fc648b41d7402dc8ffe9659955b
Handle this option to allow/deny a minion to push
a file up to the master server (disabled by default).
Change-Id: I08f9bfedbc5356442c314992326dd206484e34ab
It adds oauth package to 'dependency_pkgs' and
'dependency_pkgs_pip' sections to have it installed
by system package manager or by pip.
Change-Id: I2e799c92c6e6f7c0705bb962ac32b8c166723af1
Exposing CA keys in a mine creates a security flaw, thus such
should be avoided.
This change removes code responsible for putting and retrieving
CA key from a mine and changes the ca.sls state to allow configuring
where CA cert and its key would be generated as well as their owners.
Fixes PROD-13439
Change-Id: I6d78b13dcb3754c51606edd7e2d8158e128244a4
Issues:
* cmd.wait doesn't work correctly with bg=True
* cmd.wait will be deprecated in next releases [1]
* watch/watch_in work differently than onchanges/onchanges_in as some
* module override mod_watch()
This patch does:
* Replaces cmd.wait to cmd.run with onchanges.
* On any config file changes salt_minion_service_restart will be
triggered so salt master will get state immediately because of bg=True
* salt_minion_service is used only for service enablement
[1] https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html
Change-Id: I7b87b3614708b861e1767566426c7a67c337ba01
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
In cases when a service whants to generate and sign a certificate
it requires a CA key along with a CA cert itself.
For example, Octavia needs it for signing a certificate it generates
for a newly spawned amphora.
This change add sending a CA key to the mine from where it can be
extracted in the cert.sls state.
Also allow managing permissions for a CA cert and key retrieved
from the mine.
Related PROD: PROD-11933
Change-Id: I911effb4a63ae048e348ed04b7aca33998e359aa
In case of trust_salt_ca usage, the salt.minion.cert state
generates broken certs body due to a space replacing.
Change-Id: Id49e42807ddbc2addaf59a4c4541b720bbf87527
This is useful when using proxies. The default Tornado backend does not
utilize proxy environment variables and isn't able to set no_proxy variable.
Change-Id: I4a51c6fc9abe65d46ed4f3adeb30f7a25337857e
Currently the CI job fails with module not found errror.
AttributeError: 'module' object has no attribute 'check_refresh
The reason is new version of salt tries to call
salt.utils.pkg.check_refresh which is not available in 2016.11.3 but is
available in 2016.11.6.
Reference:
1. https://github.com/saltstack/salt/blob/v2016.11.3/salt/states/pkg.py
2. https://github.com/saltstack/salt/blob/v2016.11.6/salt/states/pkg.py#L1819
The fix proposed here is to use pkg.installed instead of pkg.latest.
It's not a good idea to always update salt whenever the salt state is
run, this may introduce failures unknown to the user. There is a pipeline
to update packages which should be used for updating to latest.
pkg.latest generally isn't a good way to write idempotent formulas. See
official salt docs: "Generally it is better for the installed function
to be used, as latest will update the package whenever a new package is
available."
Change-Id: I8da5c36c1613e54768993080f2514afc920c49f8
1. Remove implicit creation of "local_trusted_symlink".
To install a system-wide certificates the linux.system.cert
state or 'trusted_ca_minion' option must be used.
2. A ca-cert file may exist on a file-system and
not be pulled from mine. So, in this case
the following state be incorrect:
- watch:
- x509: ca_file
To support this case, we need to replace `watch` statement
with `watch_in`.
Change-Id: If41d050b56913d72da1ef7981f30780fec5d6d95