salt custom py module seedng.py should use the same Salt version
when preinstalling minion for salt-controlled VMs via bootstrap
script.
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Do not change VCP disk profile globally, it causes to re-use
the properties from one node in another.
Change-Id: Iff98010c32c1060b50bc0ae040edb72108c57da1
It adds oauth package to 'dependency_pkgs' and
'dependency_pkgs_pip' sections to have it installed
by system package manager or by pip.
Change-Id: I2e799c92c6e6f7c0705bb962ac32b8c166723af1
Exposing CA keys in a mine creates a security flaw, thus such
should be avoided.
This change removes code responsible for putting and retrieving
CA key from a mine and changes the ca.sls state to allow configuring
where CA cert and its key would be generated as well as their owners.
Fixes PROD-13439
Change-Id: I6d78b13dcb3754c51606edd7e2d8158e128244a4
Issues:
* cmd.wait doesn't work correctly with bg=True
* cmd.wait will be deprecated in next releases [1]
* watch/watch_in work differently than onchanges/onchanges_in as some
* module override mod_watch()
This patch does:
* Replaces cmd.wait to cmd.run with onchanges.
* On any config file changes salt_minion_service_restart will be
triggered so salt master will get state immediately because of bg=True
* salt_minion_service is used only for service enablement
[1] https://docs.saltstack.com/en/latest/ref/states/all/salt.states.cmd.html
Change-Id: I7b87b3614708b861e1767566426c7a67c337ba01
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
In cases when a service whants to generate and sign a certificate
it requires a CA key along with a CA cert itself.
For example, Octavia needs it for signing a certificate it generates
for a newly spawned amphora.
This change add sending a CA key to the mine from where it can be
extracted in the cert.sls state.
Also allow managing permissions for a CA cert and key retrieved
from the mine.
Related PROD: PROD-11933
Change-Id: I911effb4a63ae048e348ed04b7aca33998e359aa