config-mgmt/salt-states
0
0
Fork 0
Code Releases Activity

simplified salt formula

Browse Source
This commit is contained in:
Keiran Snowden
2023-12-22 12:46:48 -05:00
parent da94efd63d
commit c01611317a
7 changed files with 146 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
firewall/init.sls
View File

@@ -1,4 +1,4 @@
{% from "firewall/map.jinja" import firewall %}
{% from "firewall/map.jinja" import firewall with context %}
iptables:
pkg.installed:

33
salt/deb_install/init.sls Normal file
View File

@@ -0,0 +1,33 @@
{% from "salt/map.jinja" import salt_daemons with context %}
{% from "salt/deb_install/map.jinja" import osrelease, oscodename with context %}
/etc/apt/keyrings/salt-archive-keyring-2023.gpg:
file.managed:
- source: https://repo.saltproject.io/salt/py3/{{ grains['os'].lower() }}/{{ osrelease }}/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
- source_hash: c6f6cbcd96fdb130b1dde8dcfc05d46a3a3f322ff0514f98e2e6473896243472
/etc/apt/sources.list.d/salt.list:
file.managed:
- contents: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/{{ grains['os'].lower() }}/{{ osrelease }}/amd64/minor/{{ salt.pillar.get("salt:version") }} {{ oscodename }} main"
salt-common:
pkg.installed:
- version: '{{ salt.pillar.get("salt:version") }}'
- refresh: true
- require:
- file: /etc/apt/keyrings/salt-archive-keyring-2023.gpg
- file: /etc/apt/sources.list.d/salt.list
{% for daemon in salt_daemons %}
salt-{{ daemon }}:
pkg.installed:
- version: '{{ salt.pillar.get("salt:version") }}'
- require:
- pkg: salt-common
service.running:
- enable: true
- require:
- pkg: salt-{{ daemon }}
- listen:
- file: /etc/salt/{{ daemon }}
{% endfor %}

7
salt/deb_install/map.jinja Normal file
View File

@@ -0,0 +1,7 @@
{% if grains['os'] == 'Debian' and grains['osrelease']|int > 11 %}
{% set osrelease = 11 %}
{% set oscodename = 'bullseye' %}
{% else %}
{% set osrelease = grains['osrelease'] %}
{% set oscodename = grains['oscodename'] %}
{% endif %}

167
salt/init.sls
View File

@@ -1,165 +1,17 @@
{% if salt.pillar.get('salt:master', false) %}
{% set salt_daemons = ['master', 'minion'] %}
{% else %}
{% set salt_daemons = ['minion'] %}
{% endif %}
{% from "salt/map.jinja" import salt_daemons with context %}
include:
{% if grains['osarch'].lower().startswith('arm') %}
'make salt venv':
cmd.run:
- name: /usr/bin/python3 -m venv /opt/saltstack/salt
- creates: /opt/saltstack/salt
pip install salt:
cmd.run:
- name: /opt/saltstack/salt/bin/pip3 install 'salt=={{ salt.pillar.get("salt:version") }}'
- unless: /opt/saltstack/salt/bin/pip3 freeze | grep -q 'salt=={{ salt.pillar.get("salt:version") }}'
- require:
- cmd: 'make salt venv'
{% for link in ('salt', 'salt-call', 'salt-minion', 'salt-proxy', 'salt-run', 'salt-key') %}
/usr/bin/{{ link }}:
file.symlink:
- target: /opt/saltstack/salt/bin/{{ link }}
{% endfor %}
/usr/bin/salt-pip:
file.symlink:
- target: /opt/saltstack/salt/bin/pip3
systemd reload for salt:
module.run:
- name: service.systemctl_reload
- onchanges:
{% for daemon in salt_daemons %}
- file: /lib/systemd/system/salt-{{ daemon }}.service
{% endfor %}
{% for daemon in salt_daemons %}
/lib/systemd/system/salt-{{ daemon }}.service:
file.managed:
- source: salt://salt/files/salt-{{ daemon }}.service
- user: root
- group: root
- mode: 644
salt-{{ daemon }}:
service.running:
- enable: true
- require:
- file: /lib/systemd/system/salt-{{ daemon }}.service
- module: systemd reload for salt
- watch:
- cmd: pip install salt
- listen:
- file: /etc/salt/{{ daemon }}
{% endfor %}
{% elif grains['os'] == 'Debian' %}
/etc/apt/keyrings/salt-archive-keyring-2023.gpg:
file.managed:
- source: https://repo.saltproject.io/salt/py3/debian/11/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
- source_hash: c6f6cbcd96fdb130b1dde8dcfc05d46a3a3f322ff0514f98e2e6473896243472
{% if grains['osrelease']|int > 11 %}
{% set osrelease = 11 %}
{% set oscodename = 'bullseye' %}
{% else %}
{% set osrelease = grains['osrelease'] %}
{% set oscodename = grains['oscodename'] %}
{% endif %}
/etc/apt/sources.list.d/salt.list:
file.managed:
- contents: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/debian/{{ osrelease }}/amd64/minor/{{ salt.pillar.get("salt:version") }} {{ oscodename }} main"
{% elif grains['os'] == 'Ubuntu' %}
/etc/apt/keyrings/salt-archive-keyring-2023.gpg:
file.managed:
- source: https://repo.saltproject.io/salt/py3/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
- source_hash: c6f6cbcd96fdb130b1dde8dcfc05d46a3a3f322ff0514f98e2e6473896243472 # sha256
/etc/apt/sources.list.d/salt.list:
file.managed:
- contents: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/minor/{{ salt.pillar.get("salt:version") }} {{ grains['lsb_distrib_codename'] }} main"
salt-common:
pkg.installed:
- version: '{{ salt.pillar.get("salt:version") }}'
- refresh: true
- require:
- file: /etc/apt/keyrings/salt-archive-keyring-2023.gpg
- file: /etc/apt/sources.list.d/salt.list
{% for daemon in salt_daemons %}
salt-{{ daemon }}:
pkg.installed:
- version: '{{ salt.pillar.get("salt:version") }}'
- require:
- pkg: salt-common
service.running:
- enable: true
- require:
- pkg: salt-{{ daemon }}
- listen:
- file: /etc/salt/{{ daemon }}
{% endfor %}
salt-common:
pkg.installed:
- version: '{{ salt.pillar.get("salt:version") }}'
- refresh: true
- require:
- file: /etc/apt/keyrings/salt-archive-keyring-2023.gpg
- file: /etc/apt/sources.list.d/salt.list
{% for daemon in salt_daemons %}
salt-{{ daemon }}:
pkg.installed:
- version: '{{ salt.pillar.get("salt:version") }}'
- require:
- pkg: salt-common
service.running:
- enable: true
- require:
- pkg: salt-{{ daemon }}
- listen:
- file: /etc/salt/{{ daemon }}
{% endfor %}
- salt.pypi_install
{% elif grains['os_family'] == 'Debian' %}
- salt.deb_install
{% elif grains['os_family'] == 'RedHat' %}
/etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023:
file.managed:
- source: salt://salt/files/SALT-PROJECT-GPG-PUBKEY-2023.pub
salt:
pkgrepo.managed:
- baseurl: "https://repo.saltproject.io/salt/py3/redhat/{{ grains['osmajorrelease'] }}/x86_64/minor/{{ salt.pillar.get("salt:version") }}"
- humanname: Salt repo for RHEL/CentOS {{ grains['osmajorrelease'] }} PY3
- gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
- skip_if_unavailable: true
- failovermethod: priority
- priority: 10
- enabled: 1
- enabled_metadata: 1
- gpgcheck: 1
- gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
- require:
- file: /etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
pkg.installed:
- version: '{{ salt.pillar.get("salt:version") }}-*'
- refresh: true
- require:
- pkgrepo: salt
- salt.rhel_install
{% else %}
{{ raise("Unsupported grains.os") }}
{{ raise("Unsupported grains.os") }}
{% endif %}
{% for daemon in salt_daemons %}
{% for daemon in salt_daemons %}
/etc/salt/{{ daemon }}:
file.managed:
- source: salt://salt/files/{{ daemon }}.jinja
@@ -167,5 +19,4 @@ salt:
- user: root
- group: root
- mode: 644
{% endfor %}
{% endfor %}

5
salt/map.jinja Normal file
View File

@@ -0,0 +1,5 @@
{% if salt.pillar.get('salt:master', false) %}
{% set salt_daemons = ['master', 'minion'] %}
{% else %}
{% set salt_daemons = ['minion'] %}
{% endif %}

49
salt/pypi_install.sls Normal file
View File

@@ -0,0 +1,49 @@
{% from "salt/map.jinja" import salt_daemons with context %}
'make salt venv':
cmd.run:
- name: /usr/bin/python3 -m venv /opt/saltstack/salt
- creates: /opt/saltstack/salt
pip install salt:
cmd.run:
- name: /opt/saltstack/salt/bin/pip3 install 'salt=={{ salt.pillar.get("salt:version") }}'
- unless: /opt/saltstack/salt/bin/pip3 freeze | grep -q 'salt=={{ salt.pillar.get("salt:version") }}'
- require:
- cmd: 'make salt venv'
{% for link in ('salt', 'salt-call', 'salt-minion', 'salt-proxy', 'salt-run', 'salt-key') %}
/usr/bin/{{ link }}:
file.symlink:
- target: /opt/saltstack/salt/bin/{{ link }}
{% endfor %}
/usr/bin/salt-pip:
file.symlink:
- target: /opt/saltstack/salt/bin/pip3
systemd reload for salt:
module.run:
- name: service.systemctl_reload
- onchanges:
{% for daemon in salt_daemons %}
- file: /lib/systemd/system/salt-{{ daemon }}.service
{% endfor %}
{% for daemon in salt_daemons %}
/lib/systemd/system/salt-{{ daemon }}.service:
file.managed:
- source: salt://salt/files/salt-{{ daemon }}.service
- user: root
- group: root
- mode: 644
salt-{{ daemon }}:
service.running:
- enable: true
- require:
- file: /lib/systemd/system/salt-{{ daemon }}.service
- module: systemd reload for salt
- watch:
- cmd: pip install salt
- listen:
- file: /etc/salt/{{ daemon }}
{% endfor %}

42
salt/rhel_install.sls Normal file
View File

@@ -0,0 +1,42 @@
{% from "salt/map.jinja" import salt_daemons with context %}
{% if grains['os'] != 'CentOS' %}
{{ raise("Unsupported distro") }}
{% endif %}
/etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023:
file.managed:
- source: salt://salt/files/SALT-PROJECT-GPG-PUBKEY-2023.pub
salt:
pkgrepo.managed:
- baseurl: "https://repo.saltproject.io/salt/py3/redhat/{{ grains['osmajorrelease'] }}/x86_64/minor/{{ salt.pillar.get("salt:version") }}"
- humanname: Salt repo for RHEL/CentOS {{ grains['osmajorrelease'] }} PY3
- gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
- skip_if_unavailable: true
- failovermethod: priority
- priority: 10
- enabled: 1
- enabled_metadata: 1
- gpgcheck: 1
- gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
- require:
- file: /etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
pkg.installed:
- version: '{{ salt.pillar.get("salt:version") }}-*'
- refresh: true
- require:
- pkgrepo: salt
{% for daemon in salt_daemons %}
salt-{{ daemon }}:
pkg.installed:
- version: '{{ salt.pillar.get("salt:version") }}-*'
- require:
- pkg: salt
service.running:
- enable: true
- require:
- pkg: salt-{{ daemon }}
- listen:
- file: /etc/salt/{{ daemon }}
{% endfor %}