salt/minion: only restart salt-minion on config/pkg change

Signed-off-by: Joe Groocock <me@frebib.net>
users: add Docker group to admin users
2020-07-19 15:21:09 +01:00 · 2020-07-19 15:13:34 +01:00 · 2020-07-19 15:10:01 +01:00
3 changed files with 13 additions and 4 deletions
--- a/states/salt/minion/init.sls
+++ b/states/salt/minion/init.sls
@ -11,10 +11,10 @@ salt-minion:

 restart-salt-minion:
  cmd.run:
-  - name: "sleep 10 && systemctl restart salt-minion --no-block"
+  - name: sleep 10 && systemctl restart salt-minion
  - bg: true
  - order: last
-  - watch:
+  - onchanges:
    - pkg: salt-minion
    - file: /etc/salt/minion
  - require:
@ -34,6 +34,7 @@ restart-salt-minion:

 check-minion-config:
  cmd.run:
-  - name: sudo salt-call --local --skip-grains test.ping
-  - watch:
+  - name: sudo salt-call --local --skip-grains test.true
+  - onchanges:
+    - pkg: salt-minion
    - file: /etc/salt/minion
--- a/states/users/init.sls
+++ b/states/users/init.sls
@ -16,4 +16,9 @@
  {%- if user.shell is defined %}
  - shell: {{ user.shell }}
  {%- endif %}
+  ssh_auth.manage:
+  - user: {{ name }}
+  {%- if user['ssh-keys'] is defined %}
+  - ssh_keys: {{ user['ssh-keys']|json }}
+  {%- endif %}
 {%- endfor %}
--- a/states/users/users.jinja
+++ b/states/users/users.jinja
@ -4,6 +4,9 @@
  {%- do admin_groups.append('systemd-journal') %}
 {%- endif %}

+{# FIXME(frebib): manage Docker group instead of blindly adding it #}
+{%- do admin_groups.append('docker') %}
+
 frebib:
  groups:
 {%- for group in admin_groups %}
Author	SHA1	Message	Date
Joe Groocock	8024449e2b	salt/minion: only restart salt-minion on config/pkg change Signed-off-by: Joe Groocock <me@frebib.net>	2020-07-19 15:21:09 +01:00
Joe Groocock	37e659cfc3	users: add Docker group to admin users Signed-off-by: Joe Groocock <me@frebib.net>	2020-07-19 15:13:34 +01:00
Joe Groocock	05d7cef80c	users: manage ssh authorised keys Signed-off-by: Joe Groocock <me@frebib.net>	2020-07-19 15:10:01 +01:00