pillar: add empty pillar and pillarstack config

Prevents the following warnings/errors in the master log: [ERROR ] Root path 'pillar' not present in git_pillar remote '__env__ https://git.spritsail.io/frebib/salt.git', skipping. [ERROR ] Root path 'pillar' not present in git_pillar remote '__env__ https://github.com/nerdhouse/salt.git', skipping. [CRITICAL] Specified ext_pillar interface gitstack is unavailable Signed-off-by: Joe Groocock <me@frebib.net>
salt/minion: only restart salt-minion on config/pkg change
2020-07-19 15:37:22 +01:00 · 2020-07-19 15:21:09 +01:00 · 2020-07-19 15:13:34 +01:00 · 2020-07-19 15:10:01 +01:00 · 2020-07-19 15:00:06 +01:00 · 2020-07-12 17:09:28 +01:00
7 changed files with 80 additions and 0 deletions
--- a/pillar/top.sls
+++ b/pillar/top.sls
@ -0,0 +1,3 @@
+{{ saltenv }}:
+  '*':
+    []
--- a/stack/stack.cfg
+++ b/stack/stack.cfg
@ -0,0 +1 @@
+[]
--- a/states/salt/minion/init.sls
+++ b/states/salt/minion/init.sls
@ -0,0 +1,40 @@
+{%- set masters = ['salt.nerdhouse.io'] %}
+
+salt-minion:
+  pkg.installed:
+  - version: latest
+  service.running:
+  - enable: true
+  - require:
+    - pkg: salt-minion
+    - file: /etc/salt/minion
+
+restart-salt-minion:
+  cmd.run:
+  - name: sleep 10 && systemctl restart salt-minion
+  - bg: true
+  - order: last
+  - onchanges:
+    - pkg: salt-minion
+    - file: /etc/salt/minion
+  - require:
+    - cmd: check-minion-config
+
+/etc/salt/minion:
+  file.managed:
+  - source: salt://{{ slspath }}/templates/minion.jinja
+  - template: jinja
+  - user: root
+  - group: root
+  - mode: 644
+  - context:
+      masters: {{ masters|json }}
+  - require:
+    - pkg: salt-minion
+
+check-minion-config:
+  cmd.run:
+  - name: sudo salt-call --local --skip-grains test.true
+  - onchanges:
+    - pkg: salt-minion
+    - file: /etc/salt/minion
--- a/states/salt/minion/templates/minion.jinja
+++ b/states/salt/minion/templates/minion.jinja
@ -0,0 +1,26 @@
+id: {{ grains.id|lower }}
+log_level: info
+ipv6: true
+ssl: true
+transport: tcp
+
+# https://github.com/saltstack/salt/blob/b95213ec903402f25c1e0aeb3990fe8452ab63ce/conf/minion#L39-L47
+# str, failover or disable
+master_type: str
+{% if masters is defined %}
+master:
+  {%- for master in masters %}
+- {{ master }}
+  {%- endfor %}
+{%- endif %}
+
+# set the default saltenv for highstate
+# otherwise it tries to run all of them 🤔
+saltenv: base
+# useful for influencing git_pillar and gitfs at the same time
+pillarenv_from_saltenv: true
+
+enable_fqdns_grains: false
+enable_gpu_grains: false
+
+# vim: ft=yaml
--- a/states/top.sls
+++ b/states/top.sls
@ -2,3 +2,4 @@
  '*':
  - users
  - sshd
+  - salt.minion
--- a/states/users/init.sls
+++ b/states/users/init.sls
@ -16,4 +16,9 @@
  {%- if user.shell is defined %}
  - shell: {{ user.shell }}
  {%- endif %}
+  ssh_auth.manage:
+  - user: {{ name }}
+  {%- if user['ssh-keys'] is defined %}
+  - ssh_keys: {{ user['ssh-keys']|json }}
+  {%- endif %}
 {%- endfor %}
--- a/states/users/users.jinja
+++ b/states/users/users.jinja
@ -4,6 +4,9 @@
  {%- do admin_groups.append('systemd-journal') %}
 {%- endif %}

+{# FIXME(frebib): manage Docker group instead of blindly adding it #}
+{%- do admin_groups.append('docker') %}
+
 frebib:
  groups:
 {%- for group in admin_groups %}
@ -12,6 +15,7 @@ frebib:
  ssh-keys:
  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINk+sOUEXKsGqITyMhna9v77ADGagkr3YMpgZFkrvqcd frebib@frebib-PC
  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIGxhZPQM/3Ck+DNNM0CoIZTsvKqQLKq8fqQoO6fXzX frebib@frebib-OnePlus3
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+T8ChEU9YmpE2BY77oEtKzedB8HWDSM5bErDN9gcvj frebib@frebib-Cf

 adam:
  groups:
Author	SHA1	Message	Date
Joe Groocock	cc0e8f7aff	pillar: add empty pillar and pillarstack config Prevents the following warnings/errors in the master log: [ERROR ] Root path 'pillar' not present in git_pillar remote '__env__ https://git.spritsail.io/frebib/salt.git', skipping. [ERROR ] Root path 'pillar' not present in git_pillar remote '__env__ https://github.com/nerdhouse/salt.git', skipping. [CRITICAL] Specified ext_pillar interface gitstack is unavailable Signed-off-by: Joe Groocock <me@frebib.net>	2020-07-19 15:37:22 +01:00
Joe Groocock	8024449e2b	salt/minion: only restart salt-minion on config/pkg change Signed-off-by: Joe Groocock <me@frebib.net>	2020-07-19 15:21:09 +01:00
Joe Groocock	37e659cfc3	users: add Docker group to admin users Signed-off-by: Joe Groocock <me@frebib.net>	2020-07-19 15:13:34 +01:00
Joe Groocock	05d7cef80c	users: manage ssh authorised keys Signed-off-by: Joe Groocock <me@frebib.net>	2020-07-19 15:10:01 +01:00
Joe Groocock	6d843a0b65	users/frebib: add frebib-Cf SSH public key Signed-off-by: Joe Groocock <me@frebib.net>	2020-07-19 15:00:06 +01:00
Joe Groocock	2b9420afa9	Manage salt-minion package, service and config Restart the service after upgrading the package or modifying the minion configuration file. Signed-off-by: Joe Groocock <me@frebib.net>	2020-07-12 17:09:28 +01:00