Bläddra i källkod

Manage minion.d using support metadata

Change-Id: I6f1292779858c45f9cf6f4caf3657ee000b2cf06
pr/fix/install_formulas_fix
Filip Pytloun 7 år sedan
förälder
incheckning
8797b20780
8 ändrade filer med 127 tillägg och 132 borttagningar
  1. +3
    -24
      salt/control/virt.sls
  2. +0
    -47
      salt/files/_pki.conf
  3. +0
    -37
      salt/files/_virt.conf
  4. +0
    -4
      salt/map.jinja
  5. +95
    -2
      salt/meta/salt.yml
  6. +0
    -11
      salt/minion/ca.sls
  7. +1
    -7
      salt/minion/grains.sls
  8. +28
    -0
      salt/minion/service.sls

+ 3
- 24
salt/control/virt.sls Visa fil

@@ -8,34 +8,13 @@ salt_control_virt_packages:
pkg.installed:
- names: {{ control.virt_pkgs }}

{% if grains.oscodename == 'trusty' %}
{#- This tool is not available in newer releases #}
update-guestfs-appliance:
cmd.wait:
- watch:
- pkg: salt_control_virt_packages

{#
{%- for package in control.virt_pips %}

{{ package }}:
pip.installed:
- require:
- pkg: salt_control_virt_packages

{%- endfor %}
#}

/etc/salt/minion.d/_virt.conf:
file.managed:
- source: salt://salt/files/_virt.conf
- user: root
- group: root
- template: jinja
- require:
- pkg: salt_control_virt_packages
{%- if not grains.get('noservices', False) %}
- watch_in:
- service: salt_minion_service
{%- endif %}
{%- endif %}

{%- for cluster_name, cluster in control.cluster.iteritems() %}


+ 0
- 47
salt/files/_pki.conf Visa fil

@@ -1,47 +0,0 @@
{%- from "salt/map.jinja" import minion with context %}

x509_signing_policies:
{%- for ca_name,ca in minion.ca.items() %}
{%- for signing_policy_name, signing_policy in ca.signing_policy.iteritems() %}
{{ ca_name }}_{{ signing_policy_name }}:
- minions: '{{ signing_policy.minions }}'
- signing_private_key: /etc/pki/ca/{{ ca_name }}/ca.key
- signing_cert: /etc/pki/ca/{{ ca_name }}/ca.crt
{%- if ca.country is defined %}
- C: {{ ca.country }}
{%- endif %}
{%- if ca.state is defined %}
- ST: {{ ca.state }}
{%- endif %}
{%- if ca.locality is defined %}
- L: {{ ca.locality }}
{%- endif %}
{%- if ca.organization is defined %}
- O: {{ ca.organization }}
{%- endif %}
{%- if ca.organization_unit is defined %}
- OU: {{ ca.organization_unit }}
{%- endif %}
{%- if signing_policy.type == 'v3_edge_cert_client' %}
- basicConstraints: "CA:FALSE"
- keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment"
- extendedKeyUsage: "critical clientAuth"
{%- elif signing_policy.type == 'v3_edge_cert_server' %}
- basicConstraints: "CA:FALSE"
- keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment"
- extendedKeyUsage: "critical,serverAuth"
{%- elif signing_policy.type == 'v3_intermediate_ca' %}
- basicConstraints: "CA:TRUE"
- keyUsage: "critical cRLSign,keyCertSign"
{%- elif signing_policy.type == 'v3_edge_ca' %}
- basicConstraints: "CA:TRUE,pathlen:0"
- keyUsage: "critical cRLSign,keyCertSign"
{%- elif signing_policy.type == 'v3_edge_cert_open' %}
- basicConstraints: "CA:FALSE"
{%- endif %}
- subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always
- days_valid: {{ ca.days_valid.certificate }}
- copypath: /etc/pki/ca/{{ ca_name }}/certs/
{%- endfor %}
{%- endfor %}

+ 0
- 37
salt/files/_virt.conf Visa fil

@@ -1,37 +0,0 @@
{% from "salt/map.jinja" import control with context %}

{%- if control.net_profile is defined or control.disk_profile is defined %}
virt:
{%- if control.net_profile is defined %}
nic:
{%- for item_name, item in control.net_profile.iteritems() %}
{{ item_name }}:
{%- for iface_name, iface in item.iteritems() %}
{{ iface_name }}:
{%- if iface.bridge is defined %}
bridge: {{ iface.bridge }}
{%- endif %}
{%- if iface.network is defined %}
network: {{ iface.network }}
{%- endif %}
{%- if iface.model is defined %}
model: {{ iface.model }}
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- endif %}
{%- if control.disk_profile is defined %}
disk:
{%- for item_name, item in control.disk_profile.iteritems() %}
{{ item_name }}:
{%- for disk_name, disk in item.iteritems() %}
- {{ disk }}:
{%- if disk.size is defined %}
size: {{ disk.size }}
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- endif %}
{%- endif %}

virt.images: /var/lib/libvirt/images

+ 0
- 4
salt/map.jinja Visa fil

@@ -89,14 +89,11 @@ default:
Arch:
pkgs:
- salt-zmq
grains_validity_pkgs:
- python-yaml
Debian:
pkgs:
- salt-minion
- python-m2crypto
- python-psutil
grains_validity_pkgs:
- python-yaml
Gentoo:
pkgs:
@@ -109,7 +106,6 @@ RedHat:
- salt-minion
- m2crypto
- psutils
grains_validity_pkgs:
- PyYAML
{%- endload %}


+ 95
- 2
salt/meta/salt.yml Visa fil

@@ -1,10 +1,103 @@
orchestrate:
master:
priority: 60
minion:
minion:
priority: 70
control:
control:
priority: 400
require:
- salt: salt.master

minion:
{%- if pillar.salt.minion is defined and pillar.salt.minion.ca is defined %}
pki:
{%- from "salt/map.jinja" import minion with context %}
x509_signing_policies:
{%- for ca_name,ca in minion.ca.items() %}
{%- for signing_policy_name, signing_policy in ca.signing_policy.iteritems() %}
{{ ca_name }}_{{ signing_policy_name }}:
- minions: '{{ signing_policy.minions }}'
- signing_private_key: /etc/pki/ca/{{ ca_name }}/ca.key
- signing_cert: /etc/pki/ca/{{ ca_name }}/ca.crt
{%- if ca.country is defined %}
- C: {{ ca.country }}
{%- endif %}
{%- if ca.state is defined %}
- ST: {{ ca.state }}
{%- endif %}
{%- if ca.locality is defined %}
- L: {{ ca.locality }}
{%- endif %}
{%- if ca.organization is defined %}
- O: {{ ca.organization }}
{%- endif %}
{%- if ca.organization_unit is defined %}
- OU: {{ ca.organization_unit }}
{%- endif %}
{%- if signing_policy.type == 'v3_edge_cert_client' %}
- basicConstraints: "CA:FALSE"
- keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment"
- extendedKeyUsage: "critical clientAuth"
{%- elif signing_policy.type == 'v3_edge_cert_server' %}
- basicConstraints: "CA:FALSE"
- keyUsage: "critical digitalSignature,nonRepudiation,keyEncipherment"
- extendedKeyUsage: "critical,serverAuth"
{%- elif signing_policy.type == 'v3_intermediate_ca' %}
- basicConstraints: "CA:TRUE"
- keyUsage: "critical cRLSign,keyCertSign"
{%- elif signing_policy.type == 'v3_edge_ca' %}
- basicConstraints: "CA:TRUE,pathlen:0"
- keyUsage: "critical cRLSign,keyCertSign"
{%- elif signing_policy.type == 'v3_edge_cert_open' %}
- basicConstraints: "CA:FALSE"
{%- endif %}
- subjectKeyIdentifier: hash
- authorityKeyIdentifier: keyid,issuer:always
- days_valid: {{ ca.days_valid.certificate }}
- copypath: /etc/pki/ca/{{ ca_name }}/certs/
{%- endfor %}
{%- endfor %}
{%- endif %}

{%- if pillar.salt.control is defined and pillar.salt.control.virt_enabled is defined %}
virt:
{% from "salt/map.jinja" import control with context %}
{%- if control.net_profile is defined or control.disk_profile is defined %}
virt:
{%- if control.net_profile is defined %}
nic:
{%- for item_name, item in control.net_profile.iteritems() %}
{{ item_name }}:
{%- for iface_name, iface in item.iteritems() %}
{{ iface_name }}:
{%- if iface.bridge is defined %}
bridge: {{ iface.bridge }}
{%- endif %}
{%- if iface.network is defined %}
network: {{ iface.network }}
{%- endif %}
{%- if iface.model is defined %}
model: {{ iface.model }}
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- endif %}
{%- if control.disk_profile is defined %}
disk:
{%- for item_name, item in control.disk_profile.iteritems() %}
{{ item_name }}:
{%- for disk_name, disk in item.iteritems() %}
- {{ disk }}:
{%- if disk.size is defined %}
size: {{ disk.size }}
{%- endif %}
{%- endfor %}
{%- endfor %}
{%- endif %}
{%- endif %}
virt.images: /var/lib/libvirt/images
{%- endif %}

{#-
vim: syntax=jinja
-#}

+ 0
- 11
salt/minion/ca.sls Visa fil

@@ -4,17 +4,6 @@
include:
- salt.minion.service

/etc/salt/minion.d/_pki.conf:
file.managed:
- source: salt://salt/files/_pki.conf
- template: jinja
- require:
- {{ minion.install_state }}
{%- if not grains.get('noservices', False) %}
- watch_in:
- service: salt_minion_service
{%- endif %}

{%- for ca_name,ca in minion.ca.iteritems() %}

/etc/pki/ca/{{ ca_name }}/certs:

+ 1
- 7
salt/minion/grains.sls Visa fil

@@ -22,16 +22,12 @@ salt_minion_grains_files:
- require:
- file: salt_minion_grains_dir

salt_minion_grains_pkg_validity_check:
pkg.installed:
- pkgs: {{ minion.grains_validity_pkgs }}

{%- for service_name, service in pillar.items() %}
{%- set support_fragment_file = service_name+'/meta/salt.yml' %}
{%- macro load_support_file() %}{% include support_fragment_file ignore missing %}{% endmacro %}
{%- set support_yaml = load_support_file()|load_yaml %}

{%- if support_yaml %}
{%- if support_yaml and support_yaml.get('grain', {}) %}
{%- for name, grain in support_yaml.get('grain', {}).iteritems() %}
salt_minion_grain_{{ service_name }}_{{ name }}:
file.managed:
@@ -44,8 +40,6 @@ salt_minion_grain_{{ service_name }}_{{ name }}:
salt_minion_grain_{{ service_name }}_{{ name }}_validity_check:
cmd.wait:
- name: python -c "import yaml; stream = file('/etc/salt/grains.d/{{ name }}', 'r'); yaml.load(stream); stream.close()"
- require:
- pkg: salt_minion_grains_pkg_validity_check
- watch:
- file: salt_minion_grain_{{ service_name }}_{{ name }}
- watch_in:

+ 28
- 0
salt/minion/service.sls Visa fil

@@ -31,6 +31,34 @@ salt_minion_packages:
- service: salt_minion_service
{%- endif %}

{%- for service_name, service in pillar.items() %}
{%- set support_fragment_file = service_name+'/meta/salt.yml' %}
{%- macro load_support_file() %}{% include support_fragment_file ignore missing %}{% endmacro %}
{%- set support_yaml = load_support_file()|load_yaml %}

{%- if support_yaml and support_yaml.get('minion', {}) %}
{%- for name, conf in support_yaml.get('minion', {}).iteritems() %}
salt_minion_config_{{ service_name }}_{{ name }}:
file.managed:
- name: /etc/salt/minion.d/_{{ name }}.conf
- contents: |
{{ conf|yaml(False)|indent(8) }}
- require:
- {{ minion.install_state }}

salt_minion_config_{{ service_name }}_{{ name }}_validity_check:
cmd.wait:
- name: python -c "import yaml; stream = file('/etc/salt/minion.d/_{{ name }}.conf', 'r'); yaml.load(stream); stream.close()"
- watch:
- file: salt_minion_config_{{ service_name }}_{{ name }}
{%- if not grains.get('noservices', False) %}
- watch_in:
- service: salt_minion_service
{%- endif %}
{%- endfor %}
{%- endif %}
{%- endfor %}

{%- if not grains.get('noservices', False) %}
salt_minion_service:
service.running:

Laddar…
Avbryt
Spara