formula: salt | formula: salt | ||||
grains: | grains: | ||||
noservices: true | noservices: true | ||||
vendor_repo: | |||||
- type: apt | |||||
url: http://apt-mk.mirantis.com/trusty | |||||
key_url: http://apt-mk.mirantis.com/public.gpg | |||||
components: salt | |||||
distribution: testing | |||||
state_top: | state_top: | ||||
base: | base: | ||||
"*": | "*": | ||||
- master_ssh_key | - master_ssh_key | ||||
- master_ssh_password | - master_ssh_password | ||||
- master_ssh_root | - master_ssh_root | ||||
- master_handler | |||||
- minion_pki_cert | - minion_pki_cert | ||||
- master_formulas | |||||
pillars-from-files: | pillars-from-files: | ||||
minion_pki.sls: tests/pillar/minion_pki_ca.sls | minion_pki.sls: tests/pillar/minion_pki_ca.sls | ||||
minion_pki_cert.sls: tests/pillar/minion_pki_cert.sls | minion_pki_cert.sls: tests/pillar/minion_pki_cert.sls | ||||
master_ssh_key.sls: tests/pillar/master_ssh_minion_key.sls | master_ssh_key.sls: tests/pillar/master_ssh_minion_key.sls | ||||
master_ssh_password.sls: tests/pillar/master_ssh_minion_password.sls | master_ssh_password.sls: tests/pillar/master_ssh_minion_password.sls | ||||
master_ssh_root.sls: tests/pillar/master_ssh_minion_root.sls | master_ssh_root.sls: tests/pillar/master_ssh_minion_root.sls | ||||
master_handler.sls: tests/pillar/master_custom_handler.sls | |||||
master_formulas.sls: tests/pillar/master_formulas.sls | |||||
- name: control-default | - name: control-default | ||||
provisioner: | provisioner: |
script: | script: | ||||
- test ! -e .kitchen.yml || bundle exec kitchen converge || true | - test ! -e .kitchen.yml || bundle exec kitchen converge || true | ||||
- test ! -e .kitchen.yml || bundle exec kitchen verify | |||||
- test ! -e .kitchen.yml || bundle exec kitchen verify -t tests/integration | |||||
notifications: | notifications: | ||||
webhooks: | webhooks: |
==== | |||||
Salt | |||||
==== | |||||
============ | |||||
Salt Formula | |||||
============ | |||||
Salt is a new approach to infrastructure management. Easy enough to get running in minutes, scalable enough to manage tens of thousands of servers, and fast enough to communicate with them in seconds. | |||||
Salt is a new approach to infrastructure management. Easy enough to get | |||||
running in minutes, scalable enough to manage tens of thousands of servers, | |||||
and fast enough to communicate with them in seconds. | |||||
Salt delivers a dynamic communication bus for infrastructures that can be used for orchestration, remote execution, configuration management and much more. | |||||
Salt delivers a dynamic communication bus for infrastructures that can be used | |||||
for orchestration, remote execution, configuration management and much more. | |||||
Sample Metadata | |||||
=============== | |||||
Sample pillars | |||||
============== | |||||
Salt master | Salt master | ||||
----------- | ----------- | ||||
Salt master with base production environment and pillar tree as metadata backend | |||||
Salt master with base formulas and pillar metadata backend | |||||
.. literalinclude:: tests/pillar/master_single_pillar.sls | .. literalinclude:: tests/pillar/master_single_pillar.sls | ||||
:language: yaml | :language: yaml | ||||
Salt master with reclass ENC as metadata backend | |||||
Salt master with reclass ENC metadata backend | |||||
.. literalinclude:: tests/pillar/master_single_reclass.sls | .. literalinclude:: tests/pillar/master_single_reclass.sls | ||||
:language: yaml | :language: yaml | ||||
minions: | minions: | ||||
- name: 'node1.system.location.domain.com' | - name: 'node1.system.location.domain.com' | ||||
Salt master with alternative installation source and version (optional) - pip | |||||
Salt master with pip based installation (optional) | |||||
.. code-block:: yaml | .. code-block:: yaml | ||||
engine: pip | engine: pip | ||||
version: 2016.3.0rc2 | version: 2016.3.0rc2 | ||||
Salt master with specified formula to install through apt-get | |||||
Install formula through system package management | |||||
.. code-block:: yaml | .. code-block:: yaml | ||||
... | ... | ||||
environment: | environment: | ||||
prd: | prd: | ||||
keysone: | |||||
keystone: | |||||
source: pkg | |||||
name: salt-formula-keystone | |||||
nova: | |||||
source: pkg | source: pkg | ||||
name: salt-formula-keystone | name: salt-formula-keystone | ||||
version: 0.1+0~20160818133412.24~1.gbp6e1ebb | |||||
postresql: | |||||
source: pkg | |||||
name: salt-formula-postgresql | |||||
version: purged | |||||
Formula keystone is installed latest version and the formulas without version are installed in one call to aptpkg module. | |||||
If the version attribute is present sls iterates over formulas and take action to install specific version or remove it. | |||||
The version attribute may have these values ``[latest|purged|removed|<VERSION>]``. | |||||
Clone master branch of keystone formula as local feature branch | Clone master branch of keystone formula as local feature branch | ||||
address: https://git.openstack.org/openstack/salt-formula-keystone | address: https://git.openstack.org/openstack/salt-formula-keystone | ||||
revision: refs/changes/56/123456/1 | revision: refs/changes/56/123456/1 | ||||
Salt syndic: Master of masters | |||||
.. code-block:: yaml | |||||
salt: | |||||
master: | |||||
enabled: true | |||||
order_masters: True | |||||
Salt syndic: Lower master | |||||
.. code-block:: yaml | |||||
salt: | |||||
syndic: | |||||
enabled: true | |||||
master: | |||||
host: master-of-master-host | |||||
timeout: 5 | |||||
Salt syndic: Lower master with multi-master of masters | |||||
.. code-block:: yaml | |||||
salt: | |||||
syndic: | |||||
enabled: true | |||||
masters: | |||||
- host: master-of-master-host1 | |||||
- host: master-of-master-host2 | |||||
timeout: 5 | |||||
Salt master with custom handlers | |||||
Salt master with logging handlers | |||||
.. code-block:: yaml | .. code-block:: yaml | ||||
host: 127.0.0.1 | host: 127.0.0.1 | ||||
port: 9999 | port: 9999 | ||||
Salt master peer for remote certificate sign. | |||||
Salt master peer setup for remote certificate signing | |||||
.. code-block:: yaml | .. code-block:: yaml | ||||
".*": | ".*": | ||||
- x509.sign_remote_certificate | - x509.sign_remote_certificate | ||||
Salt proxy | |||||
---------- | |||||
Configure verbosity of state output (used for `salt` command) | |||||
.. code-block:: yaml | |||||
salt: | |||||
master: | |||||
state_output: changes | |||||
Salt Reactor system configuration | |||||
.. code-block:: yaml | |||||
salt: | |||||
master: | |||||
reactor: | |||||
salt/minion/*/start: | |||||
- salt://reactor/minion-started.sls | |||||
Salt syndic | |||||
----------- | |||||
The master of masters | |||||
.. code-block:: yaml | |||||
salt: | |||||
master: | |||||
enabled: true | |||||
order_masters: True | |||||
Lower syndicated master | |||||
.. code-block:: yaml | |||||
salt: | |||||
syndic: | |||||
enabled: true | |||||
master: | |||||
host: master-of-master-host | |||||
timeout: 5 | |||||
Syndicated master with multiple master of masters | |||||
.. code-block:: yaml | |||||
salt: | |||||
syndic: | |||||
enabled: true | |||||
masters: | |||||
- host: master-of-master-host1 | |||||
- host: master-of-master-host2 | |||||
timeout: 5 | |||||
Salt-minion proxy | |||||
----------------- | |||||
Salt proxy pillar | Salt proxy pillar | ||||
.. literalinclude:: tests/pillar/minion_graph.sls | .. literalinclude:: tests/pillar/minion_graph.sls | ||||
:language: yaml | :language: yaml | ||||
Salt minion behind http proxy | |||||
Salt minion behind HTTP proxy | |||||
.. code-block:: yaml | .. code-block:: yaml | ||||
host: 127.0.0.1 | host: 127.0.0.1 | ||||
port: 3128 | port: 3128 | ||||
PKI CA | |||||
~~~~~~ | |||||
Salt minion with PKI CA | |||||
Salt minion with PKI certificate authority (CA) | |||||
.. literalinclude:: tests/pillar/minion_pki_ca.sls | .. literalinclude:: tests/pillar/minion_pki_ca.sls | ||||
:language: yaml | :language: yaml | ||||
Salt minion with PKI certificate | |||||
Salt minion using PKI certificate | |||||
.. literalinclude:: tests/pillar/minion_pki_cert.sls | .. literalinclude:: tests/pillar/minion_pki_cert.sls | ||||
:language: yaml | :language: yaml | ||||
export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all | export LIBCLOUD_DEBUG=/dev/stderr; salt-cloud --list-sizes provider_name --log-level all | ||||
Read more | |||||
========= | |||||
More Information | |||||
================ | |||||
* http://salt.readthedocs.org/en/latest/ | * http://salt.readthedocs.org/en/latest/ | ||||
* https://github.com/DanielBryan/salt-state-graph | * https://github.com/DanielBryan/salt-state-graph |
pkg.installed: | pkg.installed: | ||||
- names: {{ control.virt_pkgs }} | - names: {{ control.virt_pkgs }} | ||||
{% if grains.oscodename == 'trusty' %} | |||||
{#- This tool is not available in newer releases #} | |||||
update-guestfs-appliance: | update-guestfs-appliance: | ||||
cmd.wait: | cmd.wait: | ||||
- watch: | - watch: | ||||
- pkg: salt_control_virt_packages | - pkg: salt_control_virt_packages | ||||
{# | |||||
{%- for package in control.virt_pips %} | |||||
{{ package }}: | |||||
pip.installed: | |||||
- require: | |||||
- pkg: salt_control_virt_packages | |||||
{%- endfor %} | |||||
#} | |||||
/etc/salt/minion.d/_virt.conf: | |||||
file.managed: | |||||
- source: salt://salt/files/_virt.conf | |||||
- user: root | |||||
- group: root | |||||
- template: jinja | |||||
- require: | |||||
- pkg: salt_control_virt_packages | |||||
{%- if not grains.get('noservices', False) %} | |||||
- watch_in: | |||||
- service: salt_minion_service | |||||
{%- endif %} | |||||
{%- endif %} | |||||
{%- for cluster_name, cluster in control.cluster.iteritems() %} | {%- for cluster_name, cluster in control.cluster.iteritems() %} | ||||
{%- from "salt/map.jinja" import minion with context %} | |||||
x509_signing_policies: | |||||
{%- for ca_name,ca in minion.ca.items() %} | |||||
{%- for signing_policy_name, signing_policy in ca.signing_policy.iteritems() %} | |||||
{{ ca_name }}_{{ signing_policy_name }}: | |||||
- minions: '{{ signing_policy.minions }}' | |||||
- signing_private_key: /etc/pki/ca/{{ ca_name }}/ca.key | |||||
- signing_cert: /etc/pki/ca/{{ ca_name }}/ca.crt | |||||
{%- if ca.country is defined %} | |||||
- C: {{ ca.country }} | |||||
{%- endif %} | |||||
{%- if ca.state is defined %} | |||||
- ST: {{ ca.state }} | |||||
{%- endif %} | |||||
{%- if ca.locality is defined %} | |||||
- L: {{ ca.locality }} | |||||
{%- endif %} | |||||
{%- if ca.organization is defined %} | |||||
- O: {{ ca.organization }} | |||||
{%- endif %} | |||||
{%- if ca.organization_unit is defined %} | |||||
- OU: {{ ca.organization_unit }} | |||||
{%- endif %} | |||||
{%- if signing_policy.type == 'v3_edge_cert_client' %} | |||||
- basicConstraints: "CA:FALSE" | |||||
- keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment" | |||||
- extendedKeyUsage: "critical clientAuth" | |||||
{%- elif signing_policy.type == 'v3_edge_cert_server' %} | |||||
- basicConstraints: "CA:FALSE" | |||||
- keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment" | |||||
- extendedKeyUsage: "critical,serverAuth" | |||||
{%- elif signing_policy.type == 'v3_intermediate_ca' %} | |||||
- basicConstraints: "CA:TRUE" | |||||
- keyUsage: "critical cRLSign,keyCertSign" | |||||
{%- elif signing_policy.type == 'v3_edge_ca' %} | |||||
- basicConstraints: "CA:TRUE,pathlen:0" | |||||
- keyUsage: "critical cRLSign,keyCertSign" | |||||
{%- elif signing_policy.type == 'v3_edge_cert_open' %} | |||||
- basicConstraints: "CA:FALSE" | |||||
{%- endif %} | |||||
- subjectKeyIdentifier: hash | |||||
- authorityKeyIdentifier: keyid,issuer:always | |||||
- days_valid: {{ ca.days_valid.certificate }} | |||||
- copypath: /etc/pki/ca/{{ ca_name }}/certs/ | |||||
{%- endfor %} | |||||
{%- endfor %} |
{% from "salt/map.jinja" import master with context %} | |||||
reactor: | |||||
{%- for event, reactors in master.reactor.items() %} | |||||
- {{ event }}: | |||||
{%- for reactor in reactors %} | |||||
- {{ reactor }} | |||||
{%- endfor %} | |||||
{%- endfor %} |
{% from "salt/map.jinja" import control with context %} | |||||
{%- if control.net_profile is defined or control.disk_profile is defined %} | |||||
virt: | |||||
{%- if control.net_profile is defined %} | |||||
nic: | |||||
{%- for item_name, item in control.net_profile.iteritems() %} | |||||
{{ item_name }}: | |||||
{%- for iface_name, iface in item.iteritems() %} | |||||
{{ iface_name }}: | |||||
{%- if iface.bridge is defined %} | |||||
bridge: {{ iface.bridge }} | |||||
{%- endif %} | |||||
{%- if iface.network is defined %} | |||||
network: {{ iface.network }} | |||||
{%- endif %} | |||||
{%- if iface.model is defined %} | |||||
model: {{ iface.model }} | |||||
{%- endif %} | |||||
{%- endfor %} | |||||
{%- endfor %} | |||||
{%- endif %} | |||||
{%- if control.disk_profile is defined %} | |||||
disk: | |||||
{%- for item_name, item in control.disk_profile.iteritems() %} | |||||
{{ item_name }}: | |||||
{%- for disk_name, disk in item.iteritems() %} | |||||
- {{ disk }}: | |||||
{%- if disk.size is defined %} | |||||
size: {{ disk.size }} | |||||
{%- endif %} | |||||
{%- endfor %} | |||||
{%- endfor %} | |||||
{%- endif %} | |||||
{%- endif %} | |||||
virt.images: /var/lib/libvirt/images |
worker_threads: {{ master.worker_threads }} | worker_threads: {{ master.worker_threads }} | ||||
timeout: {{ master.command_timeout }} | timeout: {{ master.command_timeout }} | ||||
state_output: {{ master.get('state_output', 'changes') }} | |||||
{%- if master.system is defined %} | {%- if master.system is defined %} | ||||
file_roots: | file_roots: |
Arch: | Arch: | ||||
pkgs: | pkgs: | ||||
- salt-zmq | - salt-zmq | ||||
grains_validity_pkgs: | |||||
- python-yaml | |||||
Debian: | Debian: | ||||
pkgs: | pkgs: | ||||
- salt-minion | - salt-minion |
{%- endif %} | {%- endif %} | ||||
{%- set _formula_pkgs = [] %} | {%- set _formula_pkgs = [] %} | ||||
{%- set _formula_pkgs_with_version = [] %} | |||||
{%- for formula_name, formula in environment.get('formula', {}).iteritems() %} | {%- for formula_name, formula in environment.get('formula', {}).iteritems() %} | ||||
{%- if formula.source == 'pkg' %} | {%- if formula.source == 'pkg' %} | ||||
{%- if formula.version is defined %} | |||||
{%- do _formula_pkgs_with_version.append(formula) %} | |||||
{%- else %} | |||||
{%- do _formula_pkgs.append(formula.name) %} | {%- do _formula_pkgs.append(formula.name) %} | ||||
{%- endif %} | {%- endif %} | ||||
{%- endif %} | |||||
{%- endfor %} | {%- endfor %} | ||||
{% if _formula_pkgs|length > 1 %} | {% if _formula_pkgs|length > 1 %} | ||||
salt_master_{{ environment_name }}_pkg_formulas: | salt_master_{{ environment_name }}_pkg_formulas: | ||||
pkg.latest: | pkg.latest: | ||||
- pkgs: | - pkgs: | ||||
{%- for pkg in _formula_pkgs %} | {%- for pkg in _formula_pkgs %} | ||||
- {{ pkg }} | - {{ pkg }} | ||||
{%- endfor %} | {%- endfor %} | ||||
- refresh: True | |||||
- cache_valid_time: 300 | |||||
{% endif %} | |||||
{% if _formula_pkgs_with_version|length > 1 %} | |||||
{%- for formula in _formula_pkgs_with_version %} | |||||
salt_master_{{ environment_name }}_pkg_formula_{{ formula.name }}: | |||||
{%- if formula.version == 'latest' %} | |||||
pkg.latest: | |||||
- refresh: True | |||||
- cache_valid_time: 300 | |||||
{%- elif formula.version == 'purged' %} | |||||
pkg.purged: | |||||
{%- elif formula.version == 'removed' %} | |||||
pkg.removed: | |||||
{%- else %} | |||||
pkg.installed: | |||||
- version: {{ formula.version }} | |||||
- refresh: True | |||||
- cache_valid_time: 300 | |||||
{% endif %} | |||||
- name: {{ formula.name }} | |||||
{%- endfor %} | |||||
{% endif %} | {% endif %} | ||||
include: | include: | ||||
- salt.master.service | - salt.master.service | ||||
{%- if pillar.salt.master.reactor is defined %} | |||||
- salt.master.reactor | |||||
{%- endif %} | |||||
- salt.master.env | - salt.master.env | ||||
- salt.master.pillar | - salt.master.pillar | ||||
- salt.master.minion | - salt.master.minion |
{%- from "salt/map.jinja" import master with context %} | |||||
{%- if master.enabled %} | |||||
include: | |||||
- salt.master.service | |||||
/etc/salt/master.d/_reactor.conf: | |||||
file.managed: | |||||
- source: salt://salt/files/_reactor.conf | |||||
- user: root | |||||
- template: jinja | |||||
- require: | |||||
- {{ master.install_state }} | |||||
- watch_in: | |||||
- service: salt_master_service | |||||
{%- endif %} |
orchestrate: | orchestrate: | ||||
master: | master: | ||||
priority: 60 | priority: 60 | ||||
minion: | |||||
minion: | |||||
priority: 70 | priority: 70 | ||||
control: | |||||
control: | |||||
priority: 400 | priority: 400 | ||||
require: | require: | ||||
- salt: salt.master | - salt: salt.master | ||||
minion: | |||||
{%- if pillar.get('salt', {}).get('minion', {}).get('ca') %} | |||||
pki: | |||||
{%- from "salt/map.jinja" import minion with context %} | |||||
x509_signing_policies: | |||||
{%- for ca_name,ca in minion.ca.items() %} | |||||
{%- for signing_policy_name, signing_policy in ca.signing_policy.iteritems() %} | |||||
{{ ca_name }}_{{ signing_policy_name }}: | |||||
- minions: '{{ signing_policy.minions }}' | |||||
- signing_private_key: /etc/pki/ca/{{ ca_name }}/ca.key | |||||
- signing_cert: /etc/pki/ca/{{ ca_name }}/ca.crt | |||||
{%- if ca.country is defined %} | |||||
- C: {{ ca.country }} | |||||
{%- endif %} | |||||
{%- if ca.state is defined %} | |||||
- ST: {{ ca.state }} | |||||
{%- endif %} | |||||
{%- if ca.locality is defined %} | |||||
- L: {{ ca.locality }} | |||||
{%- endif %} | |||||
{%- if ca.organization is defined %} | |||||
- O: {{ ca.organization }} | |||||
{%- endif %} | |||||
{%- if ca.organization_unit is defined %} | |||||
- OU: {{ ca.organization_unit }} | |||||
{%- endif %} | |||||
{%- if signing_policy.type == 'v3_edge_cert_client' %} | |||||
- basicConstraints: "CA:FALSE" | |||||
- keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment" | |||||
- extendedKeyUsage: "critical clientAuth" | |||||
{%- elif signing_policy.type == 'v3_edge_cert_server' %} | |||||
- basicConstraints: "CA:FALSE" | |||||
- keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment" | |||||
- extendedKeyUsage: "critical,serverAuth" | |||||
{%- elif signing_policy.type == 'v3_intermediate_ca' %} | |||||
- basicConstraints: "CA:TRUE" | |||||
- keyUsage: "critical cRLSign,keyCertSign" | |||||
{%- elif signing_policy.type == 'v3_edge_ca' %} | |||||
- basicConstraints: "CA:TRUE,pathlen:0" | |||||
- keyUsage: "critical cRLSign,keyCertSign" | |||||
{%- elif signing_policy.type == 'v3_edge_cert_open' %} | |||||
- basicConstraints: "CA:FALSE" | |||||
{%- endif %} | |||||
- subjectKeyIdentifier: hash | |||||
- authorityKeyIdentifier: keyid,issuer:always | |||||
- days_valid: {{ ca.days_valid.certificate }} | |||||
- copypath: /etc/pki/ca/{{ ca_name }}/certs/ | |||||
{%- endfor %} | |||||
{%- endfor %} | |||||
{%- endif %} | |||||
{%- if pillar.salt.control is defined and pillar.salt.control.virt_enabled is defined %} | |||||
virt: | |||||
{% from "salt/map.jinja" import control with context %} | |||||
{%- if control.net_profile is defined or control.disk_profile is defined %} | |||||
virt: | |||||
{%- if control.net_profile is defined %} | |||||
nic: | |||||
{%- for item_name, item in control.net_profile.iteritems() %} | |||||
{{ item_name }}: | |||||
{%- for iface_name, iface in item.iteritems() %} | |||||
{{ iface_name }}: | |||||
{%- if iface.bridge is defined %} | |||||
bridge: {{ iface.bridge }} | |||||
{%- endif %} | |||||
{%- if iface.network is defined %} | |||||
network: {{ iface.network }} | |||||
{%- endif %} | |||||
{%- if iface.model is defined %} | |||||
model: {{ iface.model }} | |||||
{%- endif %} | |||||
{%- endfor %} | |||||
{%- endfor %} | |||||
{%- endif %} | |||||
{%- if control.disk_profile is defined %} | |||||
disk: | |||||
{%- for item_name, item in control.disk_profile.iteritems() %} | |||||
{{ item_name }}: | |||||
{%- for disk_name, disk in item.iteritems() %} | |||||
- {{ disk }}: | |||||
{%- if disk.size is defined %} | |||||
size: {{ disk.size }} | |||||
{%- endif %} | |||||
{%- endfor %} | |||||
{%- endfor %} | |||||
{%- endif %} | |||||
{%- endif %} | |||||
virt.images: /var/lib/libvirt/images | |||||
{%- endif %} | |||||
{#- | |||||
vim: syntax=jinja | |||||
-#} |
include: | include: | ||||
- salt.minion.service | - salt.minion.service | ||||
/etc/salt/minion.d/_pki.conf: | |||||
file.managed: | |||||
- source: salt://salt/files/_pki.conf | |||||
- template: jinja | |||||
- require: | |||||
- {{ minion.install_state }} | |||||
{%- if not grains.get('noservices', False) %} | |||||
- watch_in: | |||||
- service: salt_minion_service | |||||
{%- endif %} | |||||
{%- for ca_name,ca in minion.ca.iteritems() %} | {%- for ca_name,ca in minion.ca.iteritems() %} | ||||
/etc/pki/ca/{{ ca_name }}/certs: | /etc/pki/ca/{{ ca_name }}/certs: |
file.managed: | file.managed: | ||||
- name: {{ cacerts_dir }}/{{ cacert_file }} | - name: {{ cacerts_dir }}/{{ cacert_file }} | ||||
- contents: | | - contents: | | ||||
{{ ca_cert | indent(8) }} | |||||
{{ ca_cert|replace(' ', '')|indent(8) }} | |||||
- makedirs: True | - makedirs: True | ||||
- show_changes: True | - show_changes: True | ||||
- follow_symlinks: True | - follow_symlinks: True |
{%- macro load_support_file() %}{% include support_fragment_file ignore missing %}{% endmacro %} | {%- macro load_support_file() %}{% include support_fragment_file ignore missing %}{% endmacro %} | ||||
{%- set support_yaml = load_support_file()|load_yaml %} | {%- set support_yaml = load_support_file()|load_yaml %} | ||||
{%- if support_yaml %} | |||||
{%- if support_yaml and support_yaml.get('grain', {}) %} | |||||
{%- for name, grain in support_yaml.get('grain', {}).iteritems() %} | {%- for name, grain in support_yaml.get('grain', {}).iteritems() %} | ||||
salt_minion_grain_{{ service_name }}_{{ name }}: | salt_minion_grain_{{ service_name }}_{{ name }}: | ||||
file.managed: | file.managed: |
- service: salt_minion_service | - service: salt_minion_service | ||||
{%- endif %} | {%- endif %} | ||||
{%- for service_name, service in pillar.items() %} | |||||
{%- set support_fragment_file = service_name+'/meta/salt.yml' %} | |||||
{%- macro load_support_file() %}{% include support_fragment_file ignore missing %}{% endmacro %} | |||||
{%- set support_yaml = load_support_file()|load_yaml %} | |||||
{%- if support_yaml and support_yaml.get('minion', {}) %} | |||||
{%- for name, conf in support_yaml.get('minion', {}).iteritems() %} | |||||
salt_minion_config_{{ service_name }}_{{ name }}: | |||||
file.managed: | |||||
- name: /etc/salt/minion.d/_{{ name }}.conf | |||||
- contents: | | |||||
{{ conf|yaml(False)|indent(8) }} | |||||
{%- if not grains.get('noservices', False) %} | |||||
- watch_in: | |||||
- cmd: salt_minion_service_restart | |||||
{%- endif %} | |||||
- require: | |||||
- {{ minion.install_state }} | |||||
salt_minion_config_{{ service_name }}_{{ name }}_validity_check: | |||||
cmd.wait: | |||||
- name: python -c "import yaml; stream = file('/etc/salt/minion.d/_{{ name }}.conf', 'r'); yaml.load(stream); stream.close()" | |||||
- watch: | |||||
- file: salt_minion_config_{{ service_name }}_{{ name }} | |||||
{%- if not grains.get('noservices', False) %} | |||||
- require_in: | |||||
- cmd: salt_minion_service_restart | |||||
{%- endif %} | |||||
{%- endfor %} | |||||
{%- endif %} | |||||
{%- endfor %} | |||||
{%- if not grains.get('noservices', False) %} | {%- if not grains.get('noservices', False) %} | ||||
salt_minion_service: | salt_minion_service: | ||||
service.running: | service.running: | ||||
- require: | - require: | ||||
- pkg: salt_minion_packages | - pkg: salt_minion_packages | ||||
- pkg: salt_minion_dependency_packages | - pkg: salt_minion_dependency_packages | ||||
{#- Restart salt-minion if needed but after all states are executed #} | |||||
salt_minion_service_restart: | |||||
cmd.wait: | |||||
- name: 'while true; do salt-call saltutil.running|grep fun: && continue; salt-call --local service.restart {{ minion.service }}; break; done' | |||||
- shell: /bin/bash | |||||
- bg: true | |||||
- require: | |||||
- service: salt_minion_service | |||||
{%- endif %} | {%- endif %} | ||||
salt_minion_sync_all: | salt_minion_sync_all: |
%w(keepalived haproxy libvirt ntp openssh).each do |f| | |||||
describe package("salt-formula-#{f}") do | |||||
it { should be_installed } | |||||
end | |||||
end | |||||
%w(mysql postgresql).each do |f| | |||||
describe package("salt-formula-#{f}") do | |||||
it { should_not be_installed } | |||||
end | |||||
end | |||||
salt: | salt: | ||||
master: | master: | ||||
command_timeout: 5 | command_timeout: 5 | ||||
worker_threads: 2 | |||||
worker_threads: 3 | |||||
enabled: true | enabled: true | ||||
source: | source: | ||||
engine: pkg | engine: pkg |
git: | |||||
client: | |||||
enabled: true | |||||
linux: | |||||
system: | |||||
enabled: true | |||||
salt: | |||||
master: | |||||
enabled: true | |||||
pillar: | |||||
source: | |||||
engine: local | |||||
environment: | |||||
prd: | |||||
formula: | |||||
keepalived: | |||||
source: pkg | |||||
name: salt-formula-keepalived | |||||
haproxy: | |||||
source: pkg | |||||
name: salt-formula-haproxy | |||||
libvirt: | |||||
source: pkg | |||||
name: salt-formula-libvirt | |||||
version: latest | |||||
ntp: | |||||
source: pkg | |||||
name: salt-formula-ntp | |||||
version: latest | |||||
openssh: | |||||
source: pkg | |||||
name: salt-formula-openssh | |||||
version: latest | |||||
mysql: | |||||
source: pkg | |||||
name: salt-formula-mysql | |||||
version: purged | |||||
postgresql: | |||||
source: pkg | |||||
name: salt-formula-postgresql | |||||
version: removed | |||||
dev: | |||||
formula: | |||||
aptly: | |||||
source: git | |||||
address: 'https://github.com/salt-formulas/salt-formula-aptly.git' | |||||
revision: master | |||||
bind: | |||||
source: git | |||||
address: 'https://github.com/salt-formulas/salt-formula-bind.git' | |||||
revision: master |