From c01611317ae232cba8faf63de3e4487dc4d6077c Mon Sep 17 00:00:00 2001 From: Terry Derks Date: Fri, 22 Dec 2023 12:46:48 -0500 Subject: [PATCH] simplified salt formula --- firewall/init.sls | 2 +- salt/deb_install/init.sls | 33 ++++++++ salt/deb_install/map.jinja | 7 ++ salt/init.sls | 167 ++----------------------------------- salt/map.jinja | 5 ++ salt/pypi_install.sls | 49 +++++++++++ salt/rhel_install.sls | 42 ++++++++++ 7 files changed, 146 insertions(+), 159 deletions(-) create mode 100644 salt/deb_install/init.sls create mode 100644 salt/deb_install/map.jinja create mode 100644 salt/map.jinja create mode 100644 salt/pypi_install.sls create mode 100644 salt/rhel_install.sls diff --git a/firewall/init.sls b/firewall/init.sls index c3a097b..20321f9 100644 --- a/firewall/init.sls +++ b/firewall/init.sls @@ -1,4 +1,4 @@ -{% from "firewall/map.jinja" import firewall %} +{% from "firewall/map.jinja" import firewall with context %} iptables: pkg.installed: diff --git a/salt/deb_install/init.sls b/salt/deb_install/init.sls new file mode 100644 index 0000000..1e269ad --- /dev/null +++ b/salt/deb_install/init.sls @@ -0,0 +1,33 @@ +{% from "salt/map.jinja" import salt_daemons with context %} +{% from "salt/deb_install/map.jinja" import osrelease, oscodename with context %} + +/etc/apt/keyrings/salt-archive-keyring-2023.gpg: + file.managed: + - source: https://repo.saltproject.io/salt/py3/{{ grains['os'].lower() }}/{{ osrelease }}/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg + - source_hash: c6f6cbcd96fdb130b1dde8dcfc05d46a3a3f322ff0514f98e2e6473896243472 + +/etc/apt/sources.list.d/salt.list: + file.managed: + - contents: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/{{ grains['os'].lower() }}/{{ osrelease }}/amd64/minor/{{ salt.pillar.get("salt:version") }} {{ oscodename }} main" + +salt-common: + pkg.installed: + - version: '{{ salt.pillar.get("salt:version") }}' + - refresh: true + - require: + - file: /etc/apt/keyrings/salt-archive-keyring-2023.gpg + - file: /etc/apt/sources.list.d/salt.list + +{% for daemon in salt_daemons %} +salt-{{ daemon }}: + pkg.installed: + - version: '{{ salt.pillar.get("salt:version") }}' + - require: + - pkg: salt-common + service.running: + - enable: true + - require: + - pkg: salt-{{ daemon }} + - listen: + - file: /etc/salt/{{ daemon }} +{% endfor %} diff --git a/salt/deb_install/map.jinja b/salt/deb_install/map.jinja new file mode 100644 index 0000000..3e45e7c --- /dev/null +++ b/salt/deb_install/map.jinja @@ -0,0 +1,7 @@ +{% if grains['os'] == 'Debian' and grains['osrelease']|int > 11 %} + {% set osrelease = 11 %} + {% set oscodename = 'bullseye' %} +{% else %} + {% set osrelease = grains['osrelease'] %} + {% set oscodename = grains['oscodename'] %} +{% endif %} diff --git a/salt/init.sls b/salt/init.sls index b2ea9de..aecb206 100644 --- a/salt/init.sls +++ b/salt/init.sls @@ -1,165 +1,17 @@ -{% if salt.pillar.get('salt:master', false) %} -{% set salt_daemons = ['master', 'minion'] %} -{% else %} -{% set salt_daemons = ['minion'] %} -{% endif %} +{% from "salt/map.jinja" import salt_daemons with context %} +include: {% if grains['osarch'].lower().startswith('arm') %} - -'make salt venv': - cmd.run: - - name: /usr/bin/python3 -m venv /opt/saltstack/salt - - creates: /opt/saltstack/salt - -pip install salt: - cmd.run: - - name: /opt/saltstack/salt/bin/pip3 install 'salt=={{ salt.pillar.get("salt:version") }}' - - unless: /opt/saltstack/salt/bin/pip3 freeze | grep -q 'salt=={{ salt.pillar.get("salt:version") }}' - - require: - - cmd: 'make salt venv' - -{% for link in ('salt', 'salt-call', 'salt-minion', 'salt-proxy', 'salt-run', 'salt-key') %} -/usr/bin/{{ link }}: - file.symlink: - - target: /opt/saltstack/salt/bin/{{ link }} -{% endfor %} -/usr/bin/salt-pip: - file.symlink: - - target: /opt/saltstack/salt/bin/pip3 - -systemd reload for salt: - module.run: - - name: service.systemctl_reload - - onchanges: -{% for daemon in salt_daemons %} - - file: /lib/systemd/system/salt-{{ daemon }}.service -{% endfor %} - -{% for daemon in salt_daemons %} -/lib/systemd/system/salt-{{ daemon }}.service: - file.managed: - - source: salt://salt/files/salt-{{ daemon }}.service - - user: root - - group: root - - mode: 644 -salt-{{ daemon }}: - service.running: - - enable: true - - require: - - file: /lib/systemd/system/salt-{{ daemon }}.service - - module: systemd reload for salt - - watch: - - cmd: pip install salt - - listen: - - file: /etc/salt/{{ daemon }} -{% endfor %} - -{% elif grains['os'] == 'Debian' %} - -/etc/apt/keyrings/salt-archive-keyring-2023.gpg: - file.managed: - - source: https://repo.saltproject.io/salt/py3/debian/11/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg - - source_hash: c6f6cbcd96fdb130b1dde8dcfc05d46a3a3f322ff0514f98e2e6473896243472 - -{% if grains['osrelease']|int > 11 %} - {% set osrelease = 11 %} - {% set oscodename = 'bullseye' %} -{% else %} - {% set osrelease = grains['osrelease'] %} - {% set oscodename = grains['oscodename'] %} -{% endif %} - -/etc/apt/sources.list.d/salt.list: - file.managed: - - contents: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/debian/{{ osrelease }}/amd64/minor/{{ salt.pillar.get("salt:version") }} {{ oscodename }} main" - -{% elif grains['os'] == 'Ubuntu' %} - -/etc/apt/keyrings/salt-archive-keyring-2023.gpg: - file.managed: - - source: https://repo.saltproject.io/salt/py3/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg - - source_hash: c6f6cbcd96fdb130b1dde8dcfc05d46a3a3f322ff0514f98e2e6473896243472 # sha256 - -/etc/apt/sources.list.d/salt.list: - file.managed: - - contents: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/minor/{{ salt.pillar.get("salt:version") }} {{ grains['lsb_distrib_codename'] }} main" - -salt-common: - pkg.installed: - - version: '{{ salt.pillar.get("salt:version") }}' - - refresh: true - - require: - - file: /etc/apt/keyrings/salt-archive-keyring-2023.gpg - - file: /etc/apt/sources.list.d/salt.list - -{% for daemon in salt_daemons %} -salt-{{ daemon }}: - pkg.installed: - - version: '{{ salt.pillar.get("salt:version") }}' - - require: - - pkg: salt-common - service.running: - - enable: true - - require: - - pkg: salt-{{ daemon }} - - listen: - - file: /etc/salt/{{ daemon }} -{% endfor %} - -salt-common: - pkg.installed: - - version: '{{ salt.pillar.get("salt:version") }}' - - refresh: true - - require: - - file: /etc/apt/keyrings/salt-archive-keyring-2023.gpg - - file: /etc/apt/sources.list.d/salt.list - -{% for daemon in salt_daemons %} -salt-{{ daemon }}: - pkg.installed: - - version: '{{ salt.pillar.get("salt:version") }}' - - require: - - pkg: salt-common - service.running: - - enable: true - - require: - - pkg: salt-{{ daemon }} - - listen: - - file: /etc/salt/{{ daemon }} -{% endfor %} - + - salt.pypi_install +{% elif grains['os_family'] == 'Debian' %} + - salt.deb_install {% elif grains['os_family'] == 'RedHat' %} - -/etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023: - file.managed: - - source: salt://salt/files/SALT-PROJECT-GPG-PUBKEY-2023.pub -salt: - pkgrepo.managed: - - baseurl: "https://repo.saltproject.io/salt/py3/redhat/{{ grains['osmajorrelease'] }}/x86_64/minor/{{ salt.pillar.get("salt:version") }}" - - humanname: Salt repo for RHEL/CentOS {{ grains['osmajorrelease'] }} PY3 - - gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023 - - skip_if_unavailable: true - - failovermethod: priority - - priority: 10 - - enabled: 1 - - enabled_metadata: 1 - - gpgcheck: 1 - - gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023 - - require: - - file: /etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023 - pkg.installed: - - version: '{{ salt.pillar.get("salt:version") }}-*' - - refresh: true - - require: - - pkgrepo: salt - + - salt.rhel_install {% else %} - -{{ raise("Unsupported grains.os") }} - + {{ raise("Unsupported grains.os") }} {% endif %} -{% for daemon in salt_daemons %} +{% for daemon in salt_daemons %} /etc/salt/{{ daemon }}: file.managed: - source: salt://salt/files/{{ daemon }}.jinja @@ -167,5 +19,4 @@ salt: - user: root - group: root - mode: 644 -{% endfor %} - +{% endfor %} diff --git a/salt/map.jinja b/salt/map.jinja new file mode 100644 index 0000000..23ddd84 --- /dev/null +++ b/salt/map.jinja @@ -0,0 +1,5 @@ +{% if salt.pillar.get('salt:master', false) %} +{% set salt_daemons = ['master', 'minion'] %} +{% else %} +{% set salt_daemons = ['minion'] %} +{% endif %} diff --git a/salt/pypi_install.sls b/salt/pypi_install.sls new file mode 100644 index 0000000..e71f206 --- /dev/null +++ b/salt/pypi_install.sls @@ -0,0 +1,49 @@ +{% from "salt/map.jinja" import salt_daemons with context %} + +'make salt venv': + cmd.run: + - name: /usr/bin/python3 -m venv /opt/saltstack/salt + - creates: /opt/saltstack/salt + +pip install salt: + cmd.run: + - name: /opt/saltstack/salt/bin/pip3 install 'salt=={{ salt.pillar.get("salt:version") }}' + - unless: /opt/saltstack/salt/bin/pip3 freeze | grep -q 'salt=={{ salt.pillar.get("salt:version") }}' + - require: + - cmd: 'make salt venv' + +{% for link in ('salt', 'salt-call', 'salt-minion', 'salt-proxy', 'salt-run', 'salt-key') %} +/usr/bin/{{ link }}: + file.symlink: + - target: /opt/saltstack/salt/bin/{{ link }} +{% endfor %} +/usr/bin/salt-pip: + file.symlink: + - target: /opt/saltstack/salt/bin/pip3 + +systemd reload for salt: + module.run: + - name: service.systemctl_reload + - onchanges: +{% for daemon in salt_daemons %} + - file: /lib/systemd/system/salt-{{ daemon }}.service +{% endfor %} + +{% for daemon in salt_daemons %} +/lib/systemd/system/salt-{{ daemon }}.service: + file.managed: + - source: salt://salt/files/salt-{{ daemon }}.service + - user: root + - group: root + - mode: 644 +salt-{{ daemon }}: + service.running: + - enable: true + - require: + - file: /lib/systemd/system/salt-{{ daemon }}.service + - module: systemd reload for salt + - watch: + - cmd: pip install salt + - listen: + - file: /etc/salt/{{ daemon }} +{% endfor %} diff --git a/salt/rhel_install.sls b/salt/rhel_install.sls new file mode 100644 index 0000000..ccdadee --- /dev/null +++ b/salt/rhel_install.sls @@ -0,0 +1,42 @@ +{% from "salt/map.jinja" import salt_daemons with context %} + +{% if grains['os'] != 'CentOS' %} + {{ raise("Unsupported distro") }} +{% endif %} + +/etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023: + file.managed: + - source: salt://salt/files/SALT-PROJECT-GPG-PUBKEY-2023.pub +salt: + pkgrepo.managed: + - baseurl: "https://repo.saltproject.io/salt/py3/redhat/{{ grains['osmajorrelease'] }}/x86_64/minor/{{ salt.pillar.get("salt:version") }}" + - humanname: Salt repo for RHEL/CentOS {{ grains['osmajorrelease'] }} PY3 + - gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023 + - skip_if_unavailable: true + - failovermethod: priority + - priority: 10 + - enabled: 1 + - enabled_metadata: 1 + - gpgcheck: 1 + - gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023 + - require: + - file: /etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023 + pkg.installed: + - version: '{{ salt.pillar.get("salt:version") }}-*' + - refresh: true + - require: + - pkgrepo: salt + +{% for daemon in salt_daemons %} +salt-{{ daemon }}: + pkg.installed: + - version: '{{ salt.pillar.get("salt:version") }}-*' + - require: + - pkg: salt + service.running: + - enable: true + - require: + - pkg: salt-{{ daemon }} + - listen: + - file: /etc/salt/{{ daemon }} +{% endfor %}