Commit Graph

100 Commits

Author SHA1 Message Date
3226b4113c
Remove release from RPM key check
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Release tag can be different from machine to machine. Checking for the
version tag should be good enough.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 20:55:56 +01:00
5bda75100a
Manage LC repository + ca-certificates
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
manage
- home:crameleon:LibertaCasa repository
- ca-certificates-syscid
in common SUSE state.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 20:44:39 +01:00
2e08c3cf36
Connect syndic minions to syndic master
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Syndics are generally the masters assigned to their region.
We want the minions on syndics to connect to their upstream master
("master of masters") instead of to themselves.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 19:28:28 +01:00
a5754ea0cb
Add admins to redis group on masters
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Avoid permissions errors if Salt attempts to write to Redis during
non-root state.apply calls.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 18:38:36 +01:00
cce6cce594
Use central machine-roles endpoint
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 16:55:55 +01:00
0efd688151
Use http.query instead of nbroles module
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
This is an attempt to remove the need for the custom nbroles module. If
it works out, the localhost reference should be replaced with a global
roles API endpoint.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 16:32:57 +01:00
06a36e62ae
salt.master: configure publisher_acl
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 15:41:23 +01:00
4f633d8d4e
Update symlink to nbroles.py
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Fallout from b112ee3131.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:52:44 +01:00
5ab1c4f854
salt.master: manage formulas
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:49:30 +01:00
b112ee3131
Move extmods to salt/
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Allow for extension modules to be delivered using the Salt file server.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:46:25 +01:00
f7bb83bd75
salt.master: move file_roots to production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:40:21 +01:00
d593cbeae5
salt.master: move gpg_keydir to master
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
'gpg_keydir' is a master specific setting, it does not work under the
top level 'salt' key.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:34:42 +01:00
928809b267
salt.master: manage extension modules
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:34:42 +01:00
689eb5c676
Configure Redis for Salt master
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Add Redis configuration to salt.master profile for caching on Salt masters.
To-Do: move configuration to a formula based approach.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:56:21 +01:00
bcac69683b
Update salt.master role pillar
- add missing settings needed for use in production
- correct existing settings with new advancements

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:36 +01:00
5d60fe6a34
Set Salt log level to info
Globally setting log level for easier initial setup. Later on we should
consider removing it again, or moving it to the salt:master pillar.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:35 +01:00
ad4c6af852
Add salt.syndic role + pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:35 +01:00
8743190e5b
roles.py: exclude salt.common
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Role is targetted globally.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 02:46:27 +01:00
874e3c190d
Sync roles in pipeline
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Call rolesyncer on new commits to production.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 01:52:20 +01:00
ed427955c3
Add rolesyncer script
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 21:45:25 +01:00
03da60604e
roles.py: remove exclusions
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
These were only relevant during testing. Leaving the empty list in case
exclusions need to be added in the future.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 20:13:47 +01:00
0d9230d6bb
Init pipeline config
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 20:05:09 +01:00
e5e9685113
Add empty salt.common SLS
Roles under salt/ are enforced to be existent - adding "empty" file to
match pillar/role/salt/.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 19:54:17 +01:00
5e262f5f5f
Configure formulas in prepare_minion.py
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 19:51:39 +01:00
7f9bf11048
Add clone_formulas script
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 19:47:10 +01:00
50c638a000
roles.py: repair role walking
Improve nested role support introduced with
442ff683d1 by correctly converting
subdirectories into nested state references.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 19:40:19 +01:00
ab2f6802a9
Remove test-webserver role
No longer used, referenced profile removed in
a1782581bb.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 19:37:16 +01:00
a42961e982
Update mocking base
- adapt preparation script to new environment
- add sample mocking pillar including README

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:54:58 +01:00
97db5ef6db
Add nbroles_to_grains script + add note
Script allows for testing and pipeline minions to work without access to
the roles API. Additionally added a note about this in prepare_minion.py.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:54:58 +01:00
8c72e7c63a
Add id/role pillar README's
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:28:54 +01:00
442ff683d1
roles.py: support nested roles + cli invocation
- walk both pillar and salt roles
- support nested roles / state files in subdirectories
- allow test invocation of the script from the command line

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 14:52:48 +01:00
12f0a7bce0
Target roles without grains in tops
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 14:26:31 +01:00
91fd60c5a3
Link nbroles module to extmods
Module is needed by masters as well.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 01:22:29 +01:00
efb5e14112
Init lookup.py
Importing local lookup.py script into Git - this file is loaded as an
external pillar module by Salt masters to allow for external pillars to
be referenced inside external pillars.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 01:22:29 +01:00
bf0dfeb941
Use nbroles instead of grains
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 01:22:29 +01:00
2181a4999f
Remove common secret include
File was only used for testing secrets and is no longer in use.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-20 02:09:50 +01:00
69aa808f3d
Add secret variables
Module should now replace ${...} variables during rendering. Pillar
references need to be quoted.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-20 02:03:43 +01:00
fed1e35c88
Init master role w/ pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 18:47:54 +01:00
e26039e920
Re-order minion profile
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:51:44 +01:00
546508c7de
Use custom minion master configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:40:16 +01:00
fe2a1a21b9
Use traditional grains management
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:40:01 +01:00
eb1731e7a1
Move managed grains to minion pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:39:59 +01:00
11620c863c
Init salted salt + minion pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:39:31 +01:00
a1782581bb
Cleanup after devel import
- remove RPM public key import
- remove test-webserver profile

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 13:20:28 +01:00
f693159270
Refactor common tree
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 13:13:11 +01:00
ba563b6bb1
Ignore missing ID's
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 12:37:11 +01:00
f31c05171e
Include common secret pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 12:03:03 +01:00
4b08299e0c
Init pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 11:41:05 +01:00
2b40942a44
Import profiles/roles from salt-devel
- + renaming baseline to common

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 09:45:04 +01:00
f1a4b0514c
Init
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 09:18:15 +01:00