Configure Redis for Salt master

Add Redis configuration to salt.master profile for caching on Salt masters. To-Do: move configuration to a formula based approach. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
Update salt.master role pillar
2023-01-22 13:49:36 +01:00 · 2023-01-22 13:49:36 +01:00 · 2023-01-22 13:49:35 +01:00 · 2023-01-22 13:49:35 +01:00
4 changed files with 74 additions and 3 deletions
--- a/pillar/role/salt/common.sls
+++ b/pillar/role/salt/common.sls
@ -1,2 +1,3 @@
 salt:
  hash_type: sha512
+  log_level: info
--- a/pillar/role/salt/master.sls
+++ b/pillar/role/salt/master.sls
@ -15,10 +15,9 @@ salt:
    file_roots:
      base:
        - /srv/formulas/salt-formula
+    gitfs_root: salt
    gitfs_remotes:
      - https://git.com.de/LibertaCasa/salt.git:
-        - root: salt
-        - base: production
        - user: ${'secret_salt:master:gitfs_remotes:LibertaCasa:user'}
        - password: ${'secret_salt:master:gitfs_remotes:LibertaCasa:password'}
    ext_pillar:
@ -39,8 +38,12 @@ salt:
          - root: ${'secret_salt:master:ext_pillar:git:Lysergic:root'}
          - user: ${'secret_salt:master:ext_pillar:git:Lysergic:user'}
          - password: ${'secret_salt:master:ext_pillar:git:Lysergic:password'}
+      - lookup:
    ext_pillar_first: True
    pillar_merge_lists: True
+    pillar_source_merging_strategy: smart
+    top_file_merging_strategy: same
+    env_order: ['production']
    log_level: info
    show_jid: True
    timeout: 20
--- a/salt/profile/salt/master.sls
+++ b/salt/profile/salt/master.sls
@ -0,0 +1,67 @@
+{%- master_pillar = pillar.get('salt:master') -%}
+{%- redis_config = '/etc/redis/salt.conf' -%}
+{%- redis_service = 'redis@salt' -%}
+
+include:
+  - salt.master
+
+salt_master_extra_packages:
+  pkg.installed:
+    - names:
+      - python3-pynetbox
+      - python3-redis
+      - redis
+    - watch_in:
+      - service: salt-master
+
+# to-do: move Redis configuration to a formula
+{{ redis_config }}:
+  file.managed:
+    - contents:
+      - port 0
+      - tcp-backlog 511
+      - unixsocket /run/redis/salt.sock
+      - unixsocketperm 460
+      - timeout 0
+      - supervised systemd
+      - pidfile /run/redis/salt.pid
+      - logfile /var/log/redis/salt.log
+      - databases 1
+      - dir /var/lib/redis/salt/
+      - acllog-max-len 64
+      - requirepass {{ master_pillar['cache.redis.password'] }}
+    - user: root
+    - group: redis
+    - mode: 0640
+    - require:
+      - pkg: redis
+
+/var/lib/redis/salt:
+  file.directory:
+    - user: redis
+    - group: redis
+    - mode: 0750
+    - require:
+      - pkg: redis
+
+salt_redis_membership:
+  group.present:
+    - name: redis
+    - addusers:
+      - {{ master_pillar['user'] }}
+    - require:
+      - pkg: redis
+
+salt_redis_service_enable:
+  service.enabled:
+    - name: {{ redis_service }}
+    - require:
+      - pkg: redis
+
+salt_redis_service_start:
+  service.running:
+    - name: {{ redis_service }}
+    - require:
+      - pkg: redis
+    - watch:
+      - file: {{ redis_config }}
--- a/salt/role/salt/master.sls
+++ b/salt/role/salt/master.sls
@ -1,2 +1,2 @@
 include:
-  - salt.master
+  - profile.salt.master
Author	SHA1	Message	Date
Georg Pfuetzenreuter	863dc19795	Configure Redis for Salt master Some checks failed ci/lysergic/push/pipeline Pipeline failed Details Add Redis configuration to salt.master profile for caching on Salt masters. To-Do: move configuration to a formula based approach. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-01-22 13:49:36 +01:00
Georg Pfuetzenreuter	bcac69683b	Update salt.master role pillar - add missing settings needed for use in production - correct existing settings with new advancements Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-01-22 13:49:36 +01:00
Georg Pfuetzenreuter	5d60fe6a34	Set Salt log level to info Globally setting log level for easier initial setup. Later on we should consider removing it again, or moving it to the salt:master pillar. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-01-22 13:49:35 +01:00
Georg Pfuetzenreuter	ad4c6af852	Add salt.syndic role + pillar Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>	2023-01-22 13:49:35 +01:00