diff --git a/pillar.example b/pillar.example index ca41f63..3f7a8f3 100644 --- a/pillar.example +++ b/pillar.example @@ -78,13 +78,16 @@ salt: # salt cloud config cloud: master: salt - folders: - - cloud.providers.d/key - - cloud.profiles.d - - cloud.maps.d - providers: - - ec2 - - gce + + # You can take profile and map templates from an alternate location + # if you want to write your own. + template_sources: + providers: salt://salt/files/cloud.providers.d + profiles: salt://salt/files/cloud.profiles.d + maps: salt://salt/files/cloud.maps.d + + # These settings are used by the default provider templates and + # only need to be set for the ones you're using. aws_key: AWSKEYIJSHJAIJS6JSH aws_secret: AWSSECRETYkkDY1iQf9zRtl9+pW+Nm+aZY95 gce_project: test diff --git a/salt/cloud.sls b/salt/cloud.sls index 9d467e7..13bd5c0 100644 --- a/salt/cloud.sls +++ b/salt/cloud.sls @@ -32,49 +32,40 @@ salt-cloud: {% endif %} {% endif %} -{% for folder in salt_settings.cloud.folders %} -{{ folder }}: - file.directory: - - name: /etc/salt/{{ folder }} - - user: root - - group: root - - file_mode: 744 - - dir_mode: 755 - - makedirs: True -{% endfor %} - {% for cert in pillar.get('salt_cloud_certs', {}) %} {% for type in ['pem'] %} cloud-cert-{{ cert }}-pem: file.managed: - - name: /etc/salt/cloud.providers.d/key/{{ cert }}.pem + - name: /etc/salt/pki/cloud/{{ cert }}.pem - source: salt://salt/files/key - template: jinja - user: root - group: root - mode: 600 + - makedirs: True - defaults: key: {{ cert }} type: {{ type }} {% endfor %} {% endfor %} -{% for providers in salt_settings.cloud.providers %} -salt-cloud-profiles-{{ providers }}: - file.managed: - - name: /etc/salt/cloud.profiles.d/{{ providers }}.conf +{%- for dir, templ_path in salt_settings.cloud.template_sources.items() %} +salt-cloud-{{ dir }}: + file.recurse: + - name: /etc/salt/cloud.{{ dir }}.d + - source: {{ templ_path }} - template: jinja - - source: salt://salt/files/cloud.profiles.d/{{ providers }}.conf + - makedirs: True +{%- endfor %} -salt-cloud-providers-{{ providers }}: - file.managed: - - name: /etc/salt/cloud.providers.d/{{ providers }}.conf - - template: jinja - - source: salt://salt/files/cloud.providers.d/{{ providers }}.conf - -salt-cloud-maps-{{ providers }}: - file.managed: - - name: /etc/salt/cloud.maps.d/{{ providers }}.conf - - template: jinja - - source: salt://salt/files/cloud.maps.d/{{ providers }}.conf -{% endfor %} +salt-cloud-providers-permissions: + file.directory: + - name: /etc/salt/cloud.providers.d + - user: root + - group: root + - file_mode: 600 + - dir_mode: 700 + - recurse: + - user + - group + - mode diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 3457a72..c42f5aa 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -23,3 +23,9 @@ salt: install_from_source: True gitpython: install_from_source: False + + cloud: + template_sources: + providers: salt://salt/files/cloud.providers.d + profiles: salt://salt/files/cloud.profiles.d + maps: salt://salt/files/cloud.maps.d diff --git a/salt/files/cloud.providers.d/ec2.conf b/salt/files/cloud.providers.d/ec2.conf index fddf6b7..56dab21 100644 --- a/salt/files/cloud.providers.d/ec2.conf +++ b/salt/files/cloud.providers.d/ec2.conf @@ -2,13 +2,13 @@ {% set cloud = salt['pillar.get']('salt:cloud', {}) -%} ec2_ubuntu_public: minion: - master: {{ cloud['master'] }} + master: {{ cloud.get('master', 'salt') }} grains: test: True ssh_interface: public_ips - id: {{ cloud['aws_key'] }} - key: '{{ cloud['aws_secret'] }}' - private_key: /etc/salt/cloud.providers.d/key/key.pem + id: {{ cloud.get('aws_key', 'DEFAULT') }} + key: '{{ cloud.get('aws_secret', 'DEFAULT') }}' + private_key: /etc/salt/pki/cloud/ec2.pem keyname: keyname location: eu-west-1 availability_zone: eu-west-1a diff --git a/salt/files/cloud.providers.d/gce.conf b/salt/files/cloud.providers.d/gce.conf index 5313dfb..def68f2 100644 --- a/salt/files/cloud.providers.d/gce.conf +++ b/salt/files/cloud.providers.d/gce.conf @@ -1,11 +1,11 @@ # This file managed by Salt, do not edit by hand!! {% set cloud = salt['pillar.get']('salt:cloud', {}) -%} gce: - project: "{{ cloud['gce_project'] }}" - service_account_email_address: "{{ cloud['gce_service_account_email_address'] }}" - service_account_private_key: "/etc/salt/cloud.providers.d/key.pem" + project: "{{ cloud.get('gce_project', 'DEFAULT') }}" + service_account_email_address: "{{ cloud.get('gce_service_account_email_address', 'DEFAULT') }}" + service_account_private_key: "/etc/salt/pki/cloud/gce.pem" minion: - master: {{ cloud['master'] }} + master: {{ cloud.get('master', 'salt') }} grains: test: True provider: gce diff --git a/salt/files/cloud.providers.d/rsos.conf b/salt/files/cloud.providers.d/rsos.conf index d3d6aa7..4bd41f1 100644 --- a/salt/files/cloud.providers.d/rsos.conf +++ b/salt/files/cloud.providers.d/rsos.conf @@ -6,7 +6,7 @@ rsos_{{ region|lower }}: minion: - master: {{ cloud['master'] }} + master: {{ cloud.get('master', 'salt') }} grains: region: {{ region|lower }} @@ -15,7 +15,7 @@ rsos_{{ region|lower }}: protocol: ipv4 compute_region: {{ region }} provider: openstack - user: {{ cloud['rsos_user'] }} - tenant: {{ cloud['rsos_tenant'] }} - apikey: {{ cloud['rsos_apikey'] }} + user: {{ cloud.get('rsos_user', 'DEFAULT') }} + tenant: {{ cloud.get('rsos_tenant', 'DEFAULT') }} + apikey: {{ cloud.get('rsos_apikey', 'DEFAULT') }} {% endfor %} diff --git a/salt/files/cloud.providers.d/saltify.conf b/salt/files/cloud.providers.d/saltify.conf index 4fcff65..97cc2d5 100644 --- a/salt/files/cloud.providers.d/saltify.conf +++ b/salt/files/cloud.providers.d/saltify.conf @@ -1,5 +1,8 @@ # This file is managed by Salt via {{ source }} + +{% set cloud = salt['pillar.get']('salt:cloud', {}) -%} + saltify: provider: saltify minion: - master: {{ cloud['master'] }} + master: {{ cloud.get('master', 'salt') }}