Manage Salt roleproxy

Add role, profile and pillar for roleproxy. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
salt.minion: no longer manage grains
2023-01-30 00:39:33 +01:00 · 2023-01-29 23:33:40 +01:00
6 changed files with 48 additions and 22 deletions
--- a/pillar/role/salt/roleproxy.sls
+++ b/pillar/role/salt/roleproxy.sls
@ -0,0 +1,12 @@
+salt:
+  roleproxy:
+    nb_host: ${'secret_salt:roleproxy:nb_host'}
+    nb_token: ${'secret_salt:roleproxy:nb_token'}
+
+firewalld:
+  zones:
+    internal:
+      ports:
+        - comment: salt-roleproxy
+          port: 4580
+          protocol: tcp
--- a/salt/profile/salt/files/etc/salt/grains.j2
+++ b/salt/profile/salt/files/etc/salt/grains.j2
@ -1,9 +0,0 @@
-{%- set header = salt['pillar.get']('managed_header_pound') -%}
-{%- set roles = salt['pillar.get']('netbox:config_context:roles', []) -%}
-{{ header }}
-{%- if roles is defined and roles %}
-roles:
-  {%- for role in roles %}
-  - {{ role }}
-  {%- endfor %}
-{% endif %}
--- a/salt/profile/salt/grains.sls
+++ b/salt/profile/salt/grains.sls
@ -1,12 +0,0 @@
-salt_grains_file:
-  file.managed:
-    - user: root
-    - mode: '0644'
-    - template: jinja
-    - names:
-      - /etc/salt/grains:
-        - source: salt:///{{ slspath }}/files/etc/salt/grains.j2
-    - require_in:
-      - service: salt-minion
-    - watch_in:
-      - service: salt-minion
--- a/salt/profile/salt/minion.sls
+++ b/salt/profile/salt/minion.sls
@ -18,5 +18,4 @@
      - service: salt-minion

 include:
-  - .grains
  - salt.minion
--- a/salt/profile/salt/roleproxy.sls
+++ b/salt/profile/salt/roleproxy.sls
@ -0,0 +1,34 @@
+{%- set roleproxy_pillar = pillar['salt']['roleproxy'] -%}
+
+salt_roleproxy_packages:
+  pkg.installed:
+    - names:
+      - salt-netbox-roleproxy
+    - watch_in:
+      - service: salt_roleproxy_service
+
+salt_roleproxy_sysconfig:
+  file.keyvalue:
+    - name: /etc/sysconfig/roleproxy
+    - separator: '='
+    - show_changes: False
+    - key_values:
+        NB_HOST: {{ roleproxy_pillar['nb_host'] }}
+        NB_TOKEN: {{ roleproxy_pillar['nb_token'] }}
+    - require:
+      - pkg: salt_roleproxy_packages
+    - watch_in:
+      - service: salt_roleproxy_service
+
+salt_roleproxy_service_enable:
+  service.enabled:
+    - name: roleproxy
+    - require:
+      - pkg: salt_roleproxy_packages
+
+salt_roleproxy_service:
+  service.running:
+    - name: roleproxy
+    - watch:
+      - pkg: salt_roleproxy_packages
+      - file: salt_roleproxy_sysconfig
--- a/salt/role/salt/roleproxy.sls
+++ b/salt/role/salt/roleproxy.sls
@ -0,0 +1,2 @@
+include:
+  - profile.salt.roleproxy