In case of trust_salt_ca usage, the salt.minion.cert state
generates broken certs body due to a space replacing.
Change-Id: Id49e42807ddbc2addaf59a4c4541b720bbf87527
This is useful when using proxies. The default Tornado backend does not
utilize proxy environment variables and isn't able to set no_proxy variable.
Change-Id: I4a51c6fc9abe65d46ed4f3adeb30f7a25337857e
Currently the CI job fails with module not found errror.
AttributeError: 'module' object has no attribute 'check_refresh
The reason is new version of salt tries to call
salt.utils.pkg.check_refresh which is not available in 2016.11.3 but is
available in 2016.11.6.
Reference:
1. https://github.com/saltstack/salt/blob/v2016.11.3/salt/states/pkg.py
2. https://github.com/saltstack/salt/blob/v2016.11.6/salt/states/pkg.py#L1819
The fix proposed here is to use pkg.installed instead of pkg.latest.
It's not a good idea to always update salt whenever the salt state is
run, this may introduce failures unknown to the user. There is a pipeline
to update packages which should be used for updating to latest.
pkg.latest generally isn't a good way to write idempotent formulas. See
official salt docs: "Generally it is better for the installed function
to be used, as latest will update the package whenever a new package is
available."
Change-Id: I8da5c36c1613e54768993080f2514afc920c49f8
1. Remove implicit creation of "local_trusted_symlink".
To install a system-wide certificates the linux.system.cert
state or 'trusted_ca_minion' option must be used.
2. A ca-cert file may exist on a file-system and
not be pulled from mine. So, in this case
the following state be incorrect:
- watch:
- x509: ca_file
To support this case, we need to replace `watch` statement
with `watch_in`.
Change-Id: If41d050b56913d72da1ef7981f30780fec5d6d95
1:
In case of trust_salt_ca usage, the salt.minion.cert state
generates broken certs body due to a space replacing:
-----BEGINCERTIFICATE-----
MIIFzzCCA7egAwIBAgIITiyuuFgl1S4wDQYJKoZIhvcNAQELBQAwSjELMAkGA1UE
BhMCY3oxFzAVBgNVBAMMDlNhbHQgT
....
To fix it the "x509.pem_managed" is used.
2:
If a symlink to CA cert is already exists, then the state is failing.
The force=True (replace) is used now to avoid the issue.
Change-Id: I4a2bd7c882e179560657a3dc7edf18c7e5835492
This option can configure default output of state calls. Terse (default
option) will make each call to be on single line and make salt output
better.
Change-Id: Id0987561e34a84fb26a796729d6ab3de3b9ae8e5
We can have this failing because of bad mine data:
salt['mine.get'](cert.host, 'x509.get_pem_entries')
Without this change, dependency between salt_minion_cert_*_all and
ca_file is just ignored and salt_minion_cert_*_all state fails because
it can't find appropriate file.
Change-Id: I2a5dd12e08159bf110ff0d9879ebf0ad5d9d97c1