This is useful when using proxies. The default Tornado backend does not
utilize proxy environment variables and isn't able to set no_proxy variable.
Change-Id: I4a51c6fc9abe65d46ed4f3adeb30f7a25337857e
Currently the CI job fails with module not found errror.
AttributeError: 'module' object has no attribute 'check_refresh
The reason is new version of salt tries to call
salt.utils.pkg.check_refresh which is not available in 2016.11.3 but is
available in 2016.11.6.
Reference:
1. https://github.com/saltstack/salt/blob/v2016.11.3/salt/states/pkg.py
2. https://github.com/saltstack/salt/blob/v2016.11.6/salt/states/pkg.py#L1819
The fix proposed here is to use pkg.installed instead of pkg.latest.
It's not a good idea to always update salt whenever the salt state is
run, this may introduce failures unknown to the user. There is a pipeline
to update packages which should be used for updating to latest.
pkg.latest generally isn't a good way to write idempotent formulas. See
official salt docs: "Generally it is better for the installed function
to be used, as latest will update the package whenever a new package is
available."
Change-Id: I8da5c36c1613e54768993080f2514afc920c49f8
1. Remove implicit creation of "local_trusted_symlink".
To install a system-wide certificates the linux.system.cert
state or 'trusted_ca_minion' option must be used.
2. A ca-cert file may exist on a file-system and
not be pulled from mine. So, in this case
the following state be incorrect:
- watch:
- x509: ca_file
To support this case, we need to replace `watch` statement
with `watch_in`.
Change-Id: If41d050b56913d72da1ef7981f30780fec5d6d95
1:
In case of trust_salt_ca usage, the salt.minion.cert state
generates broken certs body due to a space replacing:
-----BEGINCERTIFICATE-----
MIIFzzCCA7egAwIBAgIITiyuuFgl1S4wDQYJKoZIhvcNAQELBQAwSjELMAkGA1UE
BhMCY3oxFzAVBgNVBAMMDlNhbHQgT
....
To fix it the "x509.pem_managed" is used.
2:
If a symlink to CA cert is already exists, then the state is failing.
The force=True (replace) is used now to avoid the issue.
Change-Id: I4a2bd7c882e179560657a3dc7edf18c7e5835492
This option can configure default output of state calls. Terse (default
option) will make each call to be on single line and make salt output
better.
Change-Id: Id0987561e34a84fb26a796729d6ab3de3b9ae8e5
We can have this failing because of bad mine data:
salt['mine.get'](cert.host, 'x509.get_pem_entries')
Without this change, dependency between salt_minion_cert_*_all and
ca_file is just ignored and salt_minion_cert_*_all state fails because
it can't find appropriate file.
Change-Id: I2a5dd12e08159bf110ff0d9879ebf0ad5d9d97c1
It was failing with:
Rendering SLS 'base:salt.minion.cert' failed: Conflicting ID 'salt_ca_certificates_packages'
ca-certificates installation should be probably moved out of the loop in
the future.
Change-Id: I26aeae62cc1c1d407d36d1d6bf101db073d9e601
Unfortunately this is not idempotent, however we surely want to sync
everything when salt.minion state is executed.
Change-Id: I0faaf606b57dbd7d009156abfe50d2e5f350190e
By default the check is OK for a number of processes between 1 and 15
but on our machine the number is up to 48. So we set the limit
accordingly.
Change-Id: Iac3d2b91312dfe778ebcd39b5eb985348c7aee5a