Filip Pytloun
95ccd0894d
Add lost break into while true loop
Change-Id: I7b4dc2001e07b047964f4ebbbbe0b23db7819566
vor 7 Jahren
Filip Pytloun
5700aa5a67
Restart salt-minion on config change
Change-Id: Ie1f1397817b47f299107e4f44dfb4c5ffe1c010c
vor 7 Jahren
Filip Pytloun
8797b20780
Manage minion.d using support metadata
Change-Id: I6f1292779858c45f9cf6f4caf3657ee000b2cf06
vor 7 Jahren
Petr Michalec
1a056d59f3
Fix pedantic syntax of the state file
vor 7 Jahren
Petr Michalec
03e5362f09
fix prepending whitespaces starting 2nd line
vor 7 Jahren
Petr Michalec
e0d1980267
fix minion proxy, if devices not defined
vor 7 Jahren
Filip Pytloun
70798fd4df
Manage grains using support metadata
Change-Id: I1e1269268a81d8cd01b5fe9328f63e8bf85e941b
vor 7 Jahren
Yuriy Taraday
19054adce5
Use forward dependency for ca_file instead of reverse one
We can have this failing because of bad mine data:
salt['mine.get'](cert.host, 'x509.get_pem_entries')
Without this change, dependency between salt_minion_cert_*_all and
ca_file is just ignored and salt_minion_cert_*_all state fails because
it can't find appropriate file.
Change-Id: I2a5dd12e08159bf110ff0d9879ebf0ad5d9d97c1
vor 7 Jahren
Jiri Broulik
a0f4668a04
salt-proxy
Change-Id: I2aba1213b1dda46aee929b8ea583c41316e3eb0b
vor 7 Jahren
Petr Michalec
64e7e680f2
fix, ca crt rollout for trusted_ca_minions
vor 7 Jahren
Petr Michalec
e07687e17e
Global trust for SaltCA, distribute ca.crt
vor 7 Jahren
Tomáš Kukrál
e3ae6b3bbf
fix conflicting salt_ca_certificates_packages
It was failing with:
Rendering SLS 'base:salt.minion.cert' failed: Conflicting ID 'salt_ca_certificates_packages'
ca-certificates installation should be probably moved out of the loop in
the future.
Change-Id: I26aeae62cc1c1d407d36d1d6bf101db073d9e601
vor 7 Jahren
Filip Pytloun
1fde6eac8d
Add salt master's CA into system CA bundle
Change-Id: I89cec95e87db52fd59a84d57c485d8c938711ef3
vor 7 Jahren
Filip Pytloun
a7d2ecde9b
Run saltutil.sync_all when minion is started
Unfortunately this is not idempotent, however we surely want to sync
everything when salt.minion state is executed.
Change-Id: I0faaf606b57dbd7d009156abfe50d2e5f350190e
vor 7 Jahren
Tomáš Kukrál
bb122162f2
allow to set keyUsage and extendedKeyUsage cert params
Change-Id: I1eaa9cf7a7f861cc5de604e03fba8a74436d99ad
vor 7 Jahren
Martin819
92294ff2af
Added Kitchen and Travis
vor 7 Jahren
Tomáš Kukrál
38bb20473f
fix Conflicting ID for ...crt_cert_permissions
This error occures when multiple certs signed by same CA are requested
on minion.
Change-Id: I6b20ab4e1795298c94f55fdc61af99f933d8491c
vor 7 Jahren
Tomáš Kukrál
5ea7fb3b3c
send mine always (not only on change)
First run is made during salt-master cloud-init and thus it is onchanges
is not suitable here because ca.crt file is already generated.
vor 7 Jahren
Vladimir Eremin
3c32aea063
Fix empty array get
It was responsible for
[CRITICAL] Rendering SLS 'base:salt.minion.cert' failed: Jinja variable 'dict object' has no attribute 'cfg01.mk20-lab-advanced.local'
[ERROR ] Data passed to highstate outputter is not a valid highstate return: {'local': ["Rendering SLS 'base:salt.minion.cert' failed: Jinja variable 'dict object' has no attribute 'cfg01.mk20-lab-advanced.local'"]}
vor 8 Jahren
Ales Komarek
dbb39dee22
Salt-minion fix
vor 8 Jahren
Filip Pytloun
1a4fb2f4c9
Fix duplicate definition of mine.send
vor 8 Jahren
Filip Pytloun
aafb50a304
Add ability to create concatenated pem file
vor 8 Jahren
Ales Komarek
93663473d0
Name escaping
vor 8 Jahren
Filip Pytloun
5521f52d6a
Enhance minion.cert
- allow defining custom key/cert path
- ensure key/cert directories
- set key/cert permissions by metadata
vor 8 Jahren
Ales Komarek
4386f3020a
Fix parameter to cert
vor 8 Jahren
Ales Komarek
09be95486f
Publish to mine
vor 8 Jahren
Ales Komarek
0bf2e30aef
Fix cert rights
vor 8 Jahren
Filip Pytloun
dac0ed8d0d
Fix cat /etc/salt/grains.d/* when files not present
vor 8 Jahren
Adam Tengler
caedd97958
Optional installation source - pip
source:engine metadata created - defaults to pkg
installation, pip installation alternative added
vor 8 Jahren
Ales Komarek
bca80b792f
x509 subject properties
vor 8 Jahren
Ales Komarek
370356a933
PKI client cert paths
vor 8 Jahren
Ales Komarek
9a9abb366b
Salt PKI proper x509v3 cert extensions
vor 8 Jahren
Ales Komarek
7a911e0f2f
PKI CA certs
vor 8 Jahren
marco
16d0dc2bc4
fix missing defined
vor 8 Jahren
Ales Komarek
ffbaaed24d
Salt PKI fixes
vor 8 Jahren
Ales Komarek
5d17e4b42c
Added Salt PKI setup, orchestration skeleton
vor 8 Jahren