LibertaCasa/salt
LibertaCasa/salt
9
1
Fork 0
Code Issues 5 Pull Requests Releases Activity

Add admins to redis group on masters
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Details

Browse Source 
Avoid permissions errors if Salt attempts to write to Redis during
non-root state.apply calls.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
Georg Pfuetzenreuter 2023-01-22 18:38:36 +01:00
parent cce6cce594
commit a5754ea0cb
Signed by: Georg
GPG Key ID: 1ED2F138E7E6FF57
1 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
salt/profile/salt/master.sls
View File

@ -80,14 +80,6 @@ salt_master_extra_packages:
- require: - require:
- pkg: redis - pkg: redis
salt_redis_membership:
group.present:
- name: redis
- addusers:
- {{ master_pillar['user'] }}
- require:
- pkg: redis
salt_redis_service_enable: salt_redis_service_enable:
service.enabled: service.enabled:
- name: {{ redis_service }} - name: {{ redis_service }}
@ -102,14 +94,25 @@ salt_redis_service_start:
- watch: - watch:
- file: {{ redis_config }} - file: {{ redis_config }}
salt_redis_membership:
group.present:
- name: redis
- require:
- pkg: redis
- addusers:
- {{ master_pillar['user'] }}
{%- if pillar['secret_salt'] is defined %} {%- if pillar['secret_salt'] is defined %}
{%- for user in master_pillar['publisher_acl'] %}
- {{ user }}
{%- endfor %}
admin_salt_membership: admin_salt_membership:
group.present: group.present:
- name: salt - name: salt
- require:
- pkg: salt-master
- addusers: - addusers:
{%- for user in master_pillar['publisher_acl'] %} {%- for user in master_pillar['publisher_acl'] %}
- {{ user }} - {{ user }}
{%- endfor %} {%- endfor %}
- require:
- pkg: salt-master
{%- endif %} {%- endif %}