From 11b017e6a82881c04d3b3ab415d83e9480ef0f71 Mon Sep 17 00:00:00 2001 From: Michael Schmitt Date: Wed, 30 Mar 2022 16:02:26 -0600 Subject: [PATCH] feat(package): allow for salt package version hold --- pillar.example | 8 +++++--- salt/api.sls | 6 ++++++ salt/cloud.sls | 11 +++++++++++ salt/hold.sls | 12 ++++++++++++ salt/master.sls | 10 ++++++++-- salt/minion.sls | 12 +++++++++--- salt/ssh.sls | 11 +++++++++++ salt/standalone.sls | 11 +++++++++++ salt/syndic.sls | 6 ++++++ 9 files changed, 79 insertions(+), 8 deletions(-) create mode 100644 salt/hold.sls diff --git a/pillar.example b/pillar.example index c2d0d0a..fb08ddc 100644 --- a/pillar.example +++ b/pillar.example @@ -24,9 +24,11 @@ salt: # Optional: set salt version (if install_packages is set to true) version: 2017.7.2-1.el7 - # Pin version provided under 'version' key by using apt-pinning - # available only on Debian family OS-es - pin_version: false + # These 2 options apply only to yum/dnf, apt, and zypper-based systems: + # Force the package to be held at the installed version (optional) + hold_version: false + # Allow the upgrade or downgrade of a "held" package version (optional) + update_holds: false # to overwrite map.jinja salt packages lookup: diff --git a/salt/api.sls b/salt/api.sls index bd85fb7..98264a2 100644 --- a/salt/api.sls +++ b/salt/api.sls @@ -10,6 +10,12 @@ salt-api: {%- if salt_settings.version is defined %} - version: {{ salt_settings.version }} {%- endif %} + {%- if salt_settings.hold_version is defined %} + - hold: {{ salt_settings.hold_version }} + {%- endif %} + {%- if salt_settings.update_holds is defined %} + - update_holds: {{ salt_settings.update_holds }} + {%- endif %} {% endif %} {% if salt_settings.api_service_details.state != 'ignore' %} service.{{ salt_settings.api_service_details.state }}: diff --git a/salt/cloud.sls b/salt/cloud.sls index 71ae0d2..942ac86 100644 --- a/salt/cloud.sls +++ b/salt/cloud.sls @@ -1,6 +1,11 @@ {%- set tplroot = tpldir.split('/')[0] %} {% from "salt/map.jinja" import salt_settings with context %} +{% if salt_settings.hold_version is defined and salt_settings.install_packages %} +include: + - .hold +{% endif %} + {%- if salt_settings.use_pip %} python-pip: pkg.installed @@ -24,6 +29,12 @@ salt-cloud: {%- if salt_settings.version is defined %} - version: {{ salt_settings.version }} {%- endif %} + {%- if salt_settings.hold_version is defined %} + - hold: {{ salt_settings.hold_version }} + {%- endif %} + {%- if salt_settings.update_holds is defined %} + - update_holds: {{ salt_settings.update_holds }} + {%- endif %} {%- if salt_settings.use_pip %} - require: - pip: salt-cloud-pip-packages diff --git a/salt/hold.sls b/salt/hold.sls new file mode 100644 index 0000000..e3f08c0 --- /dev/null +++ b/salt/hold.sls @@ -0,0 +1,12 @@ +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import salt_settings with context %} + +{% if salt_settings.hold_version is defined and grains.os_family|lower == 'redhat' %} +salt-install-hold-plugin: + pkg.installed: + {% if grains.osmajorrelease > 7 %} + - name: python3-dnf-plugin-versionlock + {% else %} + - name: yum-plugin-versionlock + {% endif %} +{% endif %} diff --git a/salt/master.sls b/salt/master.sls index 577bebc..d4ee674 100644 --- a/salt/master.sls +++ b/salt/master.sls @@ -2,9 +2,9 @@ {%- from tplroot ~ "/map.jinja" import salt_settings with context %} {%- from tplroot ~ "/libtofs.jinja" import files_switch with context %} -{% if salt_settings.pin_version and salt_settings.version and grains.os_family|lower == 'debian' %} +{% if salt_settings.hold_version is defined and salt_settings.install_packages %} include: - - .pin + - .hold {% endif %} {%- if grains.kernel != 'Windows' %} @@ -26,6 +26,12 @@ salt-master: - name: {{ salt_settings.salt_master }} {%- if salt_settings.version is defined %} - version: {{ salt_settings.version }} + {%- endif %} + {%- if salt_settings.hold_version is defined %} + - hold: {{ salt_settings.hold_version }} + {%- endif %} + {%- if salt_settings.update_holds is defined %} + - update_holds: {{ salt_settings.update_holds }} {%- endif %} {% if salt_settings.master_service_details.state != 'ignore' %} - require_in: diff --git a/salt/minion.sls b/salt/minion.sls index 1a72d9a..1ea0469 100644 --- a/salt/minion.sls +++ b/salt/minion.sls @@ -2,9 +2,9 @@ {%- from tplroot ~ "/map.jinja" import salt_settings with context %} {%- from tplroot ~ "/libtofs.jinja" import files_switch with context %} -{% if salt_settings.pin_version and salt_settings.version and grains.os_family|lower == 'debian' %} +{% if salt_settings.hold_version is defined and salt_settings.install_packages %} include: - - .pin + - .hold {% endif %} {%- if grains.os == 'MacOS' %} @@ -68,8 +68,14 @@ salt-minion: {%- elif grains.os != 'MacOS' and "workaround https://github.com/saltstack/salt/issues/49348" %} pkg.installed: - name: {{ salt_settings.salt_minion }} - {%- if salt_settings.version %} + {%- if salt_settings.version is defined %} - version: {{ salt_settings.version }} + {%- endif %} + {%- if salt_settings.hold_version is defined %} + - hold: {{ salt_settings.hold_version }} + {%- endif %} + {%- if salt_settings.update_holds is defined %} + - update_holds: {{ salt_settings.update_holds }} {%- endif %} {% if salt_settings.minion_service_details.state != 'ignore' %} - require_in: diff --git a/salt/ssh.sls b/salt/ssh.sls index e81e89e..472e47a 100644 --- a/salt/ssh.sls +++ b/salt/ssh.sls @@ -1,6 +1,11 @@ {%- set tplroot = tpldir.split('/')[0] %} {% from "salt/map.jinja" import salt_settings with context %} +{% if salt_settings.hold_version is defined and salt_settings.install_packages %} +include: + - .hold +{% endif %} + {% if salt_settings.install_packages %} ensure-salt-ssh-is-installed: pkg.installed: @@ -8,6 +13,12 @@ ensure-salt-ssh-is-installed: {%- if salt_settings.version is defined %} - version: {{ salt_settings.version }} {%- endif %} + {%- if salt_settings.hold_version is defined %} + - hold: {{ salt_settings.hold_version }} + {%- endif %} + {%- if salt_settings.update_holds is defined %} + - update_holds: {{ salt_settings.update_holds }} + {%- endif %} {% endif %} ensure-roster-config: diff --git a/salt/standalone.sls b/salt/standalone.sls index a14f12b..8632af2 100644 --- a/salt/standalone.sls +++ b/salt/standalone.sls @@ -1,6 +1,11 @@ {%- set tplroot = tpldir.split('/')[0] %} {% from "salt/map.jinja" import salt_settings with context %} +{% if salt_settings.hold_version is defined and salt_settings.install_packages %} +include: + - .hold +{% endif %} + salt-minion-standalone: {% if salt_settings.install_packages %} pkg.installed: @@ -8,6 +13,12 @@ salt-minion-standalone: {%- if salt_settings.version is defined %} - version: {{ salt_settings.version }} {%- endif %} + {%- if salt_settings.hold_version is defined %} + - hold: {{ salt_settings.hold_version }} + {%- endif %} + {%- if salt_settings.update_holds is defined %} + - update_holds: {{ salt_settings.update_holds }} + {%- endif %} {% endif %} file.recurse: - name: {{ salt_settings.config_path }}/minion.d diff --git a/salt/syndic.sls b/salt/syndic.sls index d6d6875..5d38820 100644 --- a/salt/syndic.sls +++ b/salt/syndic.sls @@ -9,6 +9,12 @@ salt-syndic: - name: {{ salt_settings.salt_syndic }} {%- if salt_settings.version is defined %} - version: {{ salt_settings.version }} + {%- endif %} + {%- if salt_settings.hold_version is defined %} + - hold: {{ salt_settings.hold_version }} + {%- endif %} + {%- if salt_settings.update_holds is defined %} + - update_holds: {{ salt_settings.update_holds }} {%- endif %} - require_in: - service: salt-syndic