salt-states/salt/init.sls

{% if salt.pillar.get('salt:master', false) %}
{%   set salt_daemons = ['master', 'minion'] %}
{% else %}
{%   set salt_daemons = ['minion'] %}
{% endif %}

{% if grains['osarch'].lower().startswith('arm') %}

'make salt venv':
  cmd.run:
    - name: /usr/bin/python3 -m venv /opt/saltstack/salt
    - creates: /opt/saltstack/salt

pip install salt:
  cmd.run:
    - name: /opt/saltstack/salt/bin/pip3 install 'salt=={{ salt.pillar.get("salt:version") }}'
    - unless: /opt/saltstack/salt/bin/pip3 freeze | grep -q 'salt=={{ salt.pillar.get("salt:version") }}'
    - require:
      - cmd: 'make salt venv'

{%   for link in ('salt', 'salt-call', 'salt-minion', 'salt-proxy', 'salt-run', 'salt-key') %}
/usr/bin/{{ link }}:
  file.symlink:
    - target: /opt/saltstack/salt/bin/{{ link }}
{%   endfor %}
/usr/bin/salt-pip:
  file.symlink:
    - target: /opt/saltstack/salt/bin/pip3

systemd reload for salt:
  module.run:
    - name: service.systemctl_reload
    - onchanges:
{%   for daemon in salt_daemons %}
      - file: /lib/systemd/system/salt-{{ daemon }}.service
{%   endfor %}

{%   for daemon in salt_daemons %}
/lib/systemd/system/salt-{{ daemon }}.service:
  file.managed:
    - source: salt://salt/files/salt-{{ daemon }}.service
    - user: root
    - group: root
    - mode: 644
salt-{{ daemon }}:
  service.running:
    - enable: true
    - require:
      - file: /lib/systemd/system/salt-{{ daemon }}.service
      - module: systemd reload for salt
    - watch:
      - cmd: pip install salt
    - listen:
      - file: /etc/salt/{{ daemon }}
{%   endfor %}

{% elif grains['os'] == 'Debian' %}

/etc/apt/keyrings/salt-archive-keyring-2023.gpg:
  file.managed:
    - source: https://repo.saltproject.io/salt/py3/debian/11/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
    - source_hash: c6f6cbcd96fdb130b1dde8dcfc05d46a3a3f322ff0514f98e2e6473896243472

{% if grains['osrelease']|int > 11 %}
  {% set osrelease = 11 %}
  {% set oscodename = 'bullseye' %}
{% else %}
  {% set osrelease = grains['osrelease'] %}
  {% set oscodename = grains['oscodename'] %}
{% endif %}

/etc/apt/sources.list.d/salt.list:
  file.managed:
    - contents: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/debian/{{ osrelease }}/amd64/minor/{{ salt.pillar.get("salt:version") }} {{ oscodename }} main"

{% elif grains['os'] == 'Ubuntu' %}

/etc/apt/keyrings/salt-archive-keyring-2023.gpg:
  file.managed:
    - source: https://repo.saltproject.io/salt/py3/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
    - source_hash: c6f6cbcd96fdb130b1dde8dcfc05d46a3a3f322ff0514f98e2e6473896243472 # sha256

/etc/apt/sources.list.d/salt.list:
  file.managed:
    - contents: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/ubuntu/{{ grains['lsb_distrib_release'] }}/amd64/minor/{{ salt.pillar.get("salt:version") }} {{ grains['lsb_distrib_codename'] }} main"

salt-common:
  pkg.installed:
    - version: '{{ salt.pillar.get("salt:version") }}'
    - refresh: true
    - require:
      - file: /etc/apt/keyrings/salt-archive-keyring-2023.gpg
      - file: /etc/apt/sources.list.d/salt.list

{%   for daemon in salt_daemons %}
salt-{{ daemon }}:
  pkg.installed:
    - version: '{{ salt.pillar.get("salt:version") }}'
    - require:
      - pkg: salt-common
  service.running:
    - enable: true
    - require:
      - pkg: salt-{{ daemon }}
    - listen:
      - file: /etc/salt/{{ daemon }}
{%   endfor %}

salt-common:
  pkg.installed:
    - version: '{{ salt.pillar.get("salt:version") }}'
    - refresh: true
    - require:
      - file: /etc/apt/keyrings/salt-archive-keyring-2023.gpg
      - file: /etc/apt/sources.list.d/salt.list

{%   for daemon in salt_daemons %}
salt-{{ daemon }}:
  pkg.installed:
    - version: '{{ salt.pillar.get("salt:version") }}'
    - require:
      - pkg: salt-common
  service.running:
    - enable: true
    - require:
      - pkg: salt-{{ daemon }}
    - listen:
      - file: /etc/salt/{{ daemon }}
{%   endfor %}

{% elif grains['os_family'] == 'RedHat' %}

/etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023:
  file.managed:
    - source: salt://salt/files/SALT-PROJECT-GPG-PUBKEY-2023.pub
salt:
  pkgrepo.managed:
    - baseurl: "https://repo.saltproject.io/salt/py3/redhat/{{ grains['osmajorrelease'] }}/x86_64/minor/{{ salt.pillar.get("salt:version") }}"
    - humanname: Salt repo for RHEL/CentOS {{ grains['osmajorrelease'] }} PY3
    - gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
    - skip_if_unavailable: true
    - failovermethod: priority
    - priority: 10
    - enabled: 1
    - enabled_metadata: 1
    - gpgcheck: 1
    - gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
    - require:
      - file: /etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
  pkg.installed:
    - version: '{{ salt.pillar.get("salt:version") }}-*'
    - refresh: true
    - require:
      - pkgrepo: salt

{% else %}

{{ raise("Unsupported grains.os") }}

{% endif %}

{%   for daemon in salt_daemons %}
/etc/salt/{{ daemon }}:
  file.managed:
    - source: salt://salt/files/{{ daemon }}.jinja
    - template: jinja
    - user: root
    - group: root
    - mode: 644
{%   endfor %}