New version of salt-formula from Saltstack

122 lines
4.4KB

  1. {%- set service_grains = {'salt': {'graph': []}} %}
  2. {%- for service_name, service in pillar.items() %}
  3. {%- set grains_fragment_file = service_name+'/meta/meta.yml' %}
  4. {%- macro load_grains_file() %}{% include grains_fragment_file ignore missing %}{% endmacro %}
  5. {%- set grains_yaml = load_grains_file()|load_yaml %}
  6. {%- if grains_yaml is mapping and grains_yaml.graph %}
  7. {%- for node in grains_yaml.graph if grains_yaml.graph %}
  8. {%- do service_grains.salt.graph.append(node) %}
  9. {%- endfor %}
  10. {%- endif %}
  11. {%- endfor %}
  12. grain:
  13. salt:
  14. {{ service_grains|yaml(False)|indent(4) }}
  15. orchestrate:
  16. master:
  17. priority: 60
  18. minion:
  19. priority: 70
  20. control:
  21. priority: 400
  22. require:
  23. - salt: salt.master
  24. minion:
  25. {%- if pillar.get('salt', {}).get('minion', {}).get('ca') %}
  26. pki:
  27. {%- from "salt/map.jinja" import minion with context %}
  28. x509_signing_policies:
  29. {%- for ca_name,ca in minion.ca.items() %}
  30. {%- set ca_file = ca.get('ca_file', '/etc/pki/ca/' ~ ca_name ~ '/ca.crt') %}
  31. {%- set ca_key_file = ca.get('ca_key_file', '/etc/pki/ca/' ~ ca_name ~ '/ca.key') %}
  32. {%- set ca_certs_dir = salt['file.dirname'](ca_file) ~ '/certs/' %}
  33. {%- for signing_policy_name, signing_policy in ca.signing_policy.iteritems() %}
  34. {{ ca_name }}_{{ signing_policy_name }}:
  35. - minions: '{{ signing_policy.minions }}'
  36. - signing_private_key: {{ ca_key_file }}
  37. - signing_cert: {{ ca_file }}
  38. {%- if ca.country is defined %}
  39. - C: {{ ca.country }}
  40. {%- endif %}
  41. {%- if ca.state is defined %}
  42. - ST: {{ ca.state }}
  43. {%- endif %}
  44. {%- if ca.locality is defined %}
  45. - L: {{ ca.locality }}
  46. {%- endif %}
  47. {%- if ca.organization is defined %}
  48. - O: {{ ca.organization }}
  49. {%- endif %}
  50. {%- if ca.organization_unit is defined %}
  51. - OU: {{ ca.organization_unit }}
  52. {%- endif %}
  53. {%- if signing_policy.type == 'v3_edge_cert_client' %}
  54. - basicConstraints: "CA:FALSE"
  55. - keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment"
  56. - extendedKeyUsage: "critical clientAuth"
  57. {%- elif signing_policy.type == 'v3_edge_cert_server' %}
  58. - basicConstraints: "CA:FALSE"
  59. - keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment"
  60. - extendedKeyUsage: "critical,serverAuth"
  61. {%- elif signing_policy.type == 'v3_intermediate_ca' %}
  62. - basicConstraints: "CA:TRUE"
  63. - keyUsage: "critical cRLSign,keyCertSign"
  64. {%- elif signing_policy.type == 'v3_edge_ca' %}
  65. - basicConstraints: "CA:TRUE,pathlen:0"
  66. - keyUsage: "critical cRLSign,keyCertSign"
  67. {%- elif signing_policy.type == 'v3_edge_cert_open' %}
  68. - basicConstraints: "CA:FALSE"
  69. {%- endif %}
  70. - subjectKeyIdentifier: hash
  71. - authorityKeyIdentifier: keyid,issuer:always
  72. - days_valid: {{ ca.days_valid.certificate }}
  73. - copypath: {{ ca_certs_dir }}
  74. {%- endfor %}
  75. {%- endfor %}
  76. {%- endif %}
  77. {%- if pillar.salt.control is defined and pillar.salt.control.virt_enabled is defined %}
  78. virt:
  79. {% from "salt/map.jinja" import control with context %}
  80. {%- if control.net_profile is defined or control.disk_profile is defined %}
  81. virt:
  82. {%- if control.net_profile is defined %}
  83. nic:
  84. {%- for item_name, item in control.net_profile.iteritems() %}
  85. {{ item_name }}:
  86. {%- for iface_name, iface in item.iteritems() %}
  87. {{ iface_name }}:
  88. {%- if iface.bridge is defined %}
  89. bridge: {{ iface.bridge }}
  90. {%- endif %}
  91. {%- if iface.network is defined %}
  92. network: {{ iface.network }}
  93. {%- endif %}
  94. {%- if iface.model is defined %}
  95. model: {{ iface.model }}
  96. {%- endif %}
  97. {%- endfor %}
  98. {%- endfor %}
  99. {%- endif %}
  100. {%- if control.disk_profile is defined %}
  101. disk:
  102. {%- for item_name, item in control.disk_profile.iteritems() %}
  103. {{ item_name }}:
  104. {%- for disk_name, disk in item.iteritems() %}
  105. - {{ disk }}:
  106. {%- if disk.size is defined %}
  107. size: {{ disk.size }}
  108. {%- endif %}
  109. {%- endfor %}
  110. {%- endfor %}
  111. {%- endif %}
  112. {%- endif %}
  113. virt.images: /var/lib/libvirt/images
  114. {%- endif %}
  115. {#-
  116. vim: syntax=jinja
  117. -#}