saltstack-formulas/salt-formula
Template
2
0
Fork 0
Code Releases Activity

Adjust minion PKI permissions

Browse Source 
Needed for non-root Syndic operation.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
Georg Pfuetzenreuter 2023-02-01 22:48:16 +01:00
parent 2a7a9decee
commit 1c0551755f
Signed by: Georg
GPG Key ID: 1ED2F138E7E6FF57
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
salt/minion.sls
View File

@ -220,14 +220,16 @@ salt-minion-pki-dir:
- name: {{ salt_settings.config_path | path_join('pki', 'minion') }} - name: {{ salt_settings.config_path | path_join('pki', 'minion') }}
{% endif %} {% endif %}
- user: {{ salt_settings.rootuser }} - user: {{ salt_settings.rootuser }}
- group: - group: salt
{#
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %} {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
wheel wheel
{%- else %} {%- else %}
{{ salt_settings.rootgroup }} {{ salt_settings.rootgroup }}
{%- endif %} {%- endif %}
#}
{%- if grains['kernel'] != 'Windows' %} {%- if grains['kernel'] != 'Windows' %}
- mode: 700 - mode: 750
{% endif %} {% endif %}
- makedirs: True - makedirs: True
@ -239,14 +241,16 @@ permissions-minion.pem:
- name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pem') }} - name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pem') }}
{% endif %} {% endif %}
- user: {{ salt_settings.rootuser }} - user: {{ salt_settings.rootuser }}
- group: - group: salt
{#
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %} {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
wheel wheel
{%- else %} {%- else %}
{{ salt_settings.rootgroup }} {{ salt_settings.rootgroup }}
{%- endif %} {%- endif %}
#}
{%- if grains['kernel'] != 'Windows' %} {%- if grains['kernel'] != 'Windows' %}
- mode: 400 - mode: 440
{% endif %} {% endif %}
- replace: False - replace: False
- require: - require: