Configure Redis for Salt master

Add Redis configuration to salt.master profile for caching on Salt masters.
To-Do: move configuration to a formula based approach.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

pillar/role/salt/common.sls

@@ -1,2 +1,3 @@
 salt:
   hash_type: sha512
+  log_level: info

pillar/role/salt/master.sls

@@ -15,10 +15,9 @@ salt:
     file_roots:
       base:
         - /srv/formulas/salt-formula
+    gitfs_root: salt
     gitfs_remotes:
       - https://git.com.de/LibertaCasa/salt.git:
-        - root: salt
-        - base: production
         - user: ${'secret_salt:master:gitfs_remotes:LibertaCasa:user'}
         - password: ${'secret_salt:master:gitfs_remotes:LibertaCasa:password'}
     ext_pillar:
@@ -39,8 +38,12 @@ salt:
           - root: ${'secret_salt:master:ext_pillar:git:Lysergic:root'}
           - user: ${'secret_salt:master:ext_pillar:git:Lysergic:user'}
           - password: ${'secret_salt:master:ext_pillar:git:Lysergic:password'}
+      - lookup:
     ext_pillar_first: True
     pillar_merge_lists: True
+    pillar_source_merging_strategy: smart
+    top_file_merging_strategy: same
+    env_order: ['production']
     log_level: info
     show_jid: True
     timeout: 20

pillar/role/salt/syndic.sls

@@ -0,0 +1,4 @@
+salt:
+  master:
+    syndic_user: salt
+    syndic_master: ${'secret_salt:master:syndic_master'}

salt/profile/salt/master.sls

@@ -1,2 +1,67 @@
+{%- master_pillar = pillar.get('salt:master') -%}
+{%- redis_config = '/etc/redis/salt.conf' -%}
+{%- redis_service = 'redis@salt' -%}
+
 include:
   - salt.master
+
+salt_master_extra_packages:
+  pkg.installed:
+    - names:
+      - python3-pynetbox
+      - python3-redis
+      - redis
+    - watch_in:
+      - service: salt-master
+
+# to-do: move Redis configuration to a formula
+{{ redis_config }}:
+  file.managed:
+    - contents:
+      - port 0
+      - tcp-backlog 511
+      - unixsocket /run/redis/salt.sock
+      - unixsocketperm 460
+      - timeout 0
+      - supervised systemd
+      - pidfile /run/redis/salt.pid
+      - logfile /var/log/redis/salt.log
+      - databases 1
+      - dir /var/lib/redis/salt/
+      - acllog-max-len 64
+      - requirepass {{ master_pillar['cache.redis.password'] }}
+    - user: root
+    - group: redis
+    - mode: 0640
+    - require:
+      - pkg: redis
+
+/var/lib/redis/salt:
+  file.directory:
+    - user: redis
+    - group: redis
+    - mode: 0750
+    - require:
+      - pkg: redis
+
+salt_redis_membership:
+  group.present:
+    - name: redis
+    - addusers:
+      - {{ master_pillar['user'] }}
+    - require:
+      - pkg: redis
+
+salt_redis_service_enable:
+  service.enabled:
+    - name: {{ redis_service }}
+    - require:
+      - pkg: redis
+
+salt_redis_service_start:
+  service.running:
+    - name: {{ redis_service }}
+    - require:
+      - pkg: redis
+    - watch:
+      - file: {{ redis_config }}

salt/role/salt/syndic.sls

@@ -0,0 +1,2 @@
+include:
+  - salt.syndic