frebib/salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: frebib:077f2ab15fb8bddec4f2370aa0763f47e89297fb
Branches Tags
frebib:master frebib:empty-pillar frebib:dev
...
compare: frebib:empty-pillar
Branches Tags
frebib:empty-pillar frebib:master frebib:dev

7 Commits
077f2ab15f ... empty-pill

Author SHA1 Message Date
Joe Groocock
cc0e8f7aff pillar: add empty pillar and pillarstack config 
Prevents the following warnings/errors in the master log:

    [ERROR   ] Root path 'pillar' not present in git_pillar remote '__env__ https://git.spritsail.io/frebib/salt.git', skipping.
    [ERROR   ] Root path 'pillar' not present in git_pillar remote '__env__ https://github.com/nerdhouse/salt.git', skipping.
    [CRITICAL] Specified ext_pillar interface gitstack is unavailable

Signed-off-by: Joe Groocock <me@frebib.net>
 2020-07-19 15:37:22 +01:00
Joe Groocock
8024449e2b salt/minion: only restart salt-minion on config/pkg change 
Signed-off-by: Joe Groocock <me@frebib.net>
 2020-07-19 15:21:09 +01:00
Joe Groocock
37e659cfc3 users: add Docker group to admin users 
Signed-off-by: Joe Groocock <me@frebib.net>
 2020-07-19 15:13:34 +01:00
Joe Groocock
05d7cef80c users: manage ssh authorised keys 
Signed-off-by: Joe Groocock <me@frebib.net>
 2020-07-19 15:10:01 +01:00
Joe Groocock
6d843a0b65 users/frebib: add frebib-Cf SSH public key 
Signed-off-by: Joe Groocock <me@frebib.net>
 2020-07-19 15:00:06 +01:00
Joe Groocock
2b9420afa9 Manage salt-minion package, service and config 
Restart the service after upgrading the package or modifying the minion
configuration file.

Signed-off-by: Joe Groocock <me@frebib.net>
 2020-07-12 17:09:28 +01:00
Joe Groocock
889383f111 Add systemd-journal group to admin_groups 
Only if the init system is systemd, though

Signed-off-by: Joe Groocock <me@frebib.net>
 2020-07-12 14:58:22 +01:00
7 changed files with 90 additions and 2 deletions
Expand all files Collapse all files

3
pillar/top.sls Normal file
View File

@ -0,0 +1,3 @@
{{ saltenv }}:
'*':
[]

1
stack/stack.cfg Normal file
View File

@ -0,0 +1 @@
[]

40
states/salt/minion/init.sls Normal file
View File

@ -0,0 +1,40 @@
{%- set masters = ['salt.nerdhouse.io'] %}
salt-minion:
pkg.installed:
- version: latest
service.running:
- enable: true
- require:
- pkg: salt-minion
- file: /etc/salt/minion
restart-salt-minion:
cmd.run:
- name: sleep 10 && systemctl restart salt-minion
- bg: true
- order: last
- onchanges:
- pkg: salt-minion
- file: /etc/salt/minion
- require:
- cmd: check-minion-config
/etc/salt/minion:
file.managed:
- source: salt://{{ slspath }}/templates/minion.jinja
- template: jinja
- user: root
- group: root
- mode: 644
- context:
masters: {{ masters|json }}
- require:
- pkg: salt-minion
check-minion-config:
cmd.run:
- name: sudo salt-call --local --skip-grains test.true
- onchanges:
- pkg: salt-minion
- file: /etc/salt/minion

26
states/salt/minion/templates/minion.jinja Normal file
View File

@ -0,0 +1,26 @@
id: {{ grains.id|lower }}
log_level: info
ipv6: true
ssl: true
transport: tcp
# https://github.com/saltstack/salt/blob/b95213ec903402f25c1e0aeb3990fe8452ab63ce/conf/minion#L39-L47
# str, failover or disable
master_type: str
{% if masters is defined %}
master:
{%- for master in masters %}
- {{ master }}
{%- endfor %}
{%- endif %}
# set the default saltenv for highstate
# otherwise it tries to run all of them 🤔
saltenv: base
# useful for influencing git_pillar and gitfs at the same time
pillarenv_from_saltenv: true
enable_fqdns_grains: false
enable_gpu_grains: false
# vim: ft=yaml

1
states/top.sls
View File

@ -2,3 +2,4 @@
'*':
- users
- sshd
- salt.minion

5
states/users/init.sls
View File

@ -16,4 +16,9 @@
{%- if user.shell is defined %}
- shell: {{ user.shell }}
{%- endif %}
ssh_auth.manage:
- user: {{ name }}
{%- if user['ssh-keys'] is defined %}
- ssh_keys: {{ user['ssh-keys']|json }}
{%- endif %}
{%- endfor %}

16
states/users/users.jinja
View File

@ -1,15 +1,27 @@
{%- set sudo_group = 'sudo' if grains.os|lower == 'debian' else 'wheel' %}
{%- set admin_groups = [sudo_group] %}
{%- if grains.init == 'systemd' %}
{%- do admin_groups.append('systemd-journal') %}
{%- endif %}
{# FIXME(frebib): manage Docker group instead of blindly adding it #}
{%- do admin_groups.append('docker') %}
frebib:
groups:
- {{ sudo_group }}
{%- for group in admin_groups %}
- {{ group }}
{%- endfor %}
ssh-keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINk+sOUEXKsGqITyMhna9v77ADGagkr3YMpgZFkrvqcd frebib@frebib-PC
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIGxhZPQM/3Ck+DNNM0CoIZTsvKqQLKq8fqQoO6fXzX frebib@frebib-OnePlus3
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+T8ChEU9YmpE2BY77oEtKzedB8HWDSM5bErDN9gcvj frebib@frebib-Cf
adam:
groups:
- {{ sudo_group }}
{%- for group in admin_groups %}
- {{ group }}
{%- endfor %}
ssh-keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAiF/WxxMOOE/r8I/anF8gKarjNFmeoPuXNMYE0Hwo/NMqbJ9qKVONn+4fa5T99yhhAnYy92PBPxjmSsOqex28XZFh4I4GBGKh+Su1tJKLXsts1rbJmB1gSpKGbbjsiZcta4FqbiLKyUGL1wiV6GWucKdkC9lfTfocmH20tLbqSTryTAfy62oaEyEUSSATcwnl6ITF6BaQVGT8e78O4DpMYvYXFDa0nre0GlBigI0bAIHknmo+5JuL9i6RbnLr/zHMBiT3lnqQ8IO0JLNJD3ML/X/vgo3Htd6ovKe28YBi+LV+olpcFlQGSpNj+gE67UYb+Hw4mMTjzG4RhNHfQZCrNw== adampc
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYo04d3a7J22F0NlAM1MeqmZrbF7iaF9p9whLQmq/gYgZnFKtW7G/rQCUUG5X8yEn5LXkc9SYdRceyaleNDAe0/uEJIbbm+VPgkShV+pyA8AbP4+OF95JKgCS6/B59IStF8GrVnX9krjYLYVwS3FqwvYt/ZkYriX4hkaTkf3FslLU7eEwrDec3RuGXhTDTdLdFyq6wXsI/bITX2C0b8D5obNNkyPJFVV1zshy9mQ5/5wjHYLyZhUSRzcY6xDOlxWmTSHseYG1U5espgba7t6ZaL/n44IrXzFsuXRIA74rx3ESAtCEesM3TaPI/Q8dHOYsCdDquTyccP/nEkDCxxhl3 adam-laptop