Commit Graph

146 Commits

Author SHA1 Message Date
cce6cce594
Use central machine-roles endpoint
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 16:55:55 +01:00
0efd688151
Use http.query instead of nbroles module
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
This is an attempt to remove the need for the custom nbroles module. If
it works out, the localhost reference should be replaced with a global
roles API endpoint.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 16:32:57 +01:00
06a36e62ae
salt.master: configure publisher_acl
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 15:41:23 +01:00
4f633d8d4e
Update symlink to nbroles.py
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Fallout from b112ee3131.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:52:44 +01:00
5ab1c4f854
salt.master: manage formulas
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:49:30 +01:00
b112ee3131
Move extmods to salt/
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Allow for extension modules to be delivered using the Salt file server.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:46:25 +01:00
f7bb83bd75
salt.master: move file_roots to production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:40:21 +01:00
d593cbeae5
salt.master: move gpg_keydir to master
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
'gpg_keydir' is a master specific setting, it does not work under the
top level 'salt' key.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:34:42 +01:00
928809b267
salt.master: manage extension modules
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:34:42 +01:00
689eb5c676
Configure Redis for Salt master
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Add Redis configuration to salt.master profile for caching on Salt masters.
To-Do: move configuration to a formula based approach.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:56:21 +01:00
bcac69683b
Update salt.master role pillar
- add missing settings needed for use in production
- correct existing settings with new advancements

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:36 +01:00
5d60fe6a34
Set Salt log level to info
Globally setting log level for easier initial setup. Later on we should
consider removing it again, or moving it to the salt:master pillar.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:35 +01:00
ad4c6af852
Add salt.syndic role + pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:35 +01:00
8743190e5b
roles.py: exclude salt.common
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Role is targetted globally.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 02:46:27 +01:00
874e3c190d
Sync roles in pipeline
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Call rolesyncer on new commits to production.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 01:52:20 +01:00
ed427955c3
Add rolesyncer script
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 21:45:25 +01:00
03da60604e
roles.py: remove exclusions
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
These were only relevant during testing. Leaving the empty list in case
exclusions need to be added in the future.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 20:13:47 +01:00
0d9230d6bb
Init pipeline config
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 20:05:09 +01:00
e5e9685113
Add empty salt.common SLS
Roles under salt/ are enforced to be existent - adding "empty" file to
match pillar/role/salt/.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 19:54:17 +01:00
5e262f5f5f
Configure formulas in prepare_minion.py
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 19:51:39 +01:00
7f9bf11048
Add clone_formulas script
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 19:47:10 +01:00
50c638a000
roles.py: repair role walking
Improve nested role support introduced with
442ff683d1 by correctly converting
subdirectories into nested state references.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 19:40:19 +01:00
ab2f6802a9
Remove test-webserver role
No longer used, referenced profile removed in
a1782581bb.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 19:37:16 +01:00
a42961e982
Update mocking base
- adapt preparation script to new environment
- add sample mocking pillar including README

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:54:58 +01:00
97db5ef6db
Add nbroles_to_grains script + add note
Script allows for testing and pipeline minions to work without access to
the roles API. Additionally added a note about this in prepare_minion.py.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:54:58 +01:00
8c72e7c63a
Add id/role pillar README's
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:28:54 +01:00
442ff683d1
roles.py: support nested roles + cli invocation
- walk both pillar and salt roles
- support nested roles / state files in subdirectories
- allow test invocation of the script from the command line

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 14:52:48 +01:00
12f0a7bce0
Target roles without grains in tops
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 14:26:31 +01:00
91fd60c5a3
Link nbroles module to extmods
Module is needed by masters as well.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 01:22:29 +01:00
efb5e14112
Init lookup.py
Importing local lookup.py script into Git - this file is loaded as an
external pillar module by Salt masters to allow for external pillars to
be referenced inside external pillars.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 01:22:29 +01:00
bf0dfeb941
Use nbroles instead of grains
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 01:22:29 +01:00
2181a4999f
Remove common secret include
File was only used for testing secrets and is no longer in use.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-20 02:09:50 +01:00
69aa808f3d
Add secret variables
Module should now replace ${...} variables during rendering. Pillar
references need to be quoted.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-20 02:03:43 +01:00
fed1e35c88
Init master role w/ pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 18:47:54 +01:00
e26039e920
Re-order minion profile
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:51:44 +01:00
546508c7de
Use custom minion master configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:40:16 +01:00
fe2a1a21b9
Use traditional grains management
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:40:01 +01:00
eb1731e7a1
Move managed grains to minion pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:39:59 +01:00
11620c863c
Init salted salt + minion pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:39:31 +01:00
a1782581bb
Cleanup after devel import
- remove RPM public key import
- remove test-webserver profile

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 13:20:28 +01:00
f693159270
Refactor common tree
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 13:13:11 +01:00
ba563b6bb1
Ignore missing ID's
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 12:37:11 +01:00
f31c05171e
Include common secret pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 12:03:03 +01:00
4b08299e0c
Init pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 11:41:05 +01:00
2b40942a44
Import profiles/roles from salt-devel
- + renaming baseline to common

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 09:45:04 +01:00
f1a4b0514c
Init
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 09:18:15 +01:00