Commit Graph

147 Commits

Author SHA1 Message Date
975fa89abc
Mine IP addresses
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Add Salt mine configuration to collect minion IP addresses.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 01:06:44 +01:00
e8b905cd0b
salt.master: increase LDAP scope
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Likely needed as it does not support searching a more fine grained base
DN.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 00:19:42 +01:00
a831a25701
salt.master: switch to CherryPy
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Tornado does not support all the features.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-28 00:17:39 +01:00
570522176a
salt.master: add LDAP configuration
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-27 20:01:01 +01:00
85bfe2cac4
salt.master: add Salt API configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-27 19:25:21 +01:00
950b308546
Relay via static zz0.email host
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Split horizon for the complete .email zone is not feasible for all
sites, and TLS certificate currently does not cover any of the internal
hostnames.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-27 12:45:01 +01:00
698234c040
Manage common SSH server
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-26 23:05:21 +01:00
f949c0aba0
mta.postfix->global.mta pillar; remove mta profile
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
This is more a MTA configuration for system email on all hosts instead of
a dedicated email server role.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-26 20:54:09 +01:00
56a1e11ef6
Move common to global pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-26 20:54:09 +01:00
d627582075
Read formulas from central file
- add formulas.yaml file containing list of all enabled formulas
- read formulas from said file in role.salt.master and prepare_minion.py
- add symlink for easier tracking of the file

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-26 20:54:09 +01:00
68939f8054
Postfix: configure alias_database
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Not needed, but the formula writes a hash:/ entry default, which might
cause confusion in the future, since our alias_maps is using lmdb:/.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-25 21:39:35 +01:00
9fd56e7640
Allow local system mail in Postfix
- correct mydestination to allow lysergic.dev to be sent through the
  relay
- correct relayhost to use SMTPS port

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-25 21:29:16 +01:00
4bf9ac9413
Include Postfix pillar via role
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 23:16:56 +01:00
7b9f184c6b
Revert "Split to OS specific common pillar"
This reverts commit 4863396938.
2023-01-24 23:03:20 +01:00
4c6b221dad
Include role.salt.common in master
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Needed to allow individual apply's of salt.master without breaking
common configuration options.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 21:46:18 +01:00
70036d224f
Manage aliases
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 21:18:08 +01:00
5f9a74c612
Enable postfix-formula
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 21:18:08 +01:00
6c7aaa08e1
Manage common Postfix
Add configuration for global client MTA's.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

Enable Postfix management

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 21:17:55 +01:00
4863396938
Split to OS specific common pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-24 18:03:15 +01:00
0457625204
Enforce ID and roles in top
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Adapt to current private pillar top:
- match ID grain for inclusion of ID files
- move roles under conditional

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 22:39:14 +01:00
48c9e05de1
Enable users-formula
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 21:37:45 +01:00
a3583e25a5
Wrap zypper pillar in OS check
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Zypper pillar data is not needed on non-SUSE systems.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 21:33:27 +01:00
e8f19191eb
Disable refreshdb_force
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Speed up state.apply's.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 21:02:44 +01:00
cce6cce594
Use central machine-roles endpoint
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 16:55:55 +01:00
0efd688151
Use http.query instead of nbroles module
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
This is an attempt to remove the need for the custom nbroles module. If
it works out, the localhost reference should be replaced with a global
roles API endpoint.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 16:32:57 +01:00
5ab1c4f854
salt.master: manage formulas
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:49:30 +01:00
f7bb83bd75
salt.master: move file_roots to production
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:40:21 +01:00
d593cbeae5
salt.master: move gpg_keydir to master
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
'gpg_keydir' is a master specific setting, it does not work under the
top level 'salt' key.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:34:42 +01:00
928809b267
salt.master: manage extension modules
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 14:34:42 +01:00
bcac69683b
Update salt.master role pillar
- add missing settings needed for use in production
- correct existing settings with new advancements

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:36 +01:00
5d60fe6a34
Set Salt log level to info
Globally setting log level for easier initial setup. Later on we should
consider removing it again, or moving it to the salt:master pillar.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:35 +01:00
ad4c6af852
Add salt.syndic role + pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-22 13:49:35 +01:00
a42961e982
Update mocking base
- adapt preparation script to new environment
- add sample mocking pillar including README

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:54:58 +01:00
8c72e7c63a
Add id/role pillar README's
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 18:28:54 +01:00
12f0a7bce0
Target roles without grains in tops
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 14:26:31 +01:00
bf0dfeb941
Use nbroles instead of grains
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-21 01:22:29 +01:00
2181a4999f
Remove common secret include
File was only used for testing secrets and is no longer in use.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-20 02:09:50 +01:00
69aa808f3d
Add secret variables
Module should now replace ${...} variables during rendering. Pillar
references need to be quoted.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-20 02:03:43 +01:00
fed1e35c88
Init master role w/ pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 18:47:54 +01:00
e26039e920
Re-order minion profile
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:51:44 +01:00
546508c7de
Use custom minion master configuration
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:40:16 +01:00
fe2a1a21b9
Use traditional grains management
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:40:01 +01:00
eb1731e7a1
Move managed grains to minion pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:39:59 +01:00
11620c863c
Init salted salt + minion pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 17:39:31 +01:00
ba563b6bb1
Ignore missing ID's
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 12:37:11 +01:00
f31c05171e
Include common secret pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 12:03:03 +01:00
4b08299e0c
Init pillar
Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-01-15 11:41:05 +01:00