add new gitfs functionality
This commit is contained in:
Brad Thurber
parent
6578fb2ae2
commit
c4ef48c5e8
@ -63,6 +63,11 @@ Install gitfs backend dulwich dependencies. Set ``salt:master:gitfs_provider: du
|
||||
|
||||
Install gitfs backend GitPython dependenciess. Set ``salt:master:gitfs_provider: gitpython`` in your pillar.
|
||||
|
||||
``salt.gitfs.keys``
|
||||
----------------------
|
||||
|
||||
Install ssh keys to be used by gitfs
|
||||
|
||||
``salt.gitfs.pygit2``
|
||||
----------------------
|
||||
|
||||
|
||||
@ -115,6 +115,16 @@ salt:
|
||||
user: ubuntu
|
||||
sudo: True
|
||||
priv: /etc/salt/ssh_keys/sshkey.pem
|
||||
gitfs:
|
||||
keys:
|
||||
global:
|
||||
# key and pub end up being the extension used on the key file. values other than key and pub are possible
|
||||
key: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
...........
|
||||
-----END RSA PRIVATE KEY-----
|
||||
pub: |
|
||||
...........
|
||||
|
||||
salt_cloud_certs:
|
||||
aws:
|
||||
|
||||
1
salt/files/gitfs_key.jinja
Normal file
1
salt/files/gitfs_key.jinja
Normal file
@ -0,0 +1 @@
|
||||
{{ pillar['salt']['gitfs']['keys'][key][type] }}
|
||||
@ -699,9 +699,37 @@ fileserver_backend:
|
||||
|
||||
# Git File Server Backend Configuration
|
||||
#
|
||||
# Gitfs can be provided by one of two python modules: GitPython or pygit2. If
|
||||
# using pygit2, both libgit2 and git must also be installed.
|
||||
{{ get_config('gitfs_provider', 'gitpython') }}
|
||||
# Optional parameter used to specify the provider to be used for gitfs. Must
|
||||
# be one of the following: pygit2, gitpython, or dulwich. If unset, then each
|
||||
# will be tried in that same order, and the first one with a compatible
|
||||
# version installed will be the provider that is used.
|
||||
{{ get_config('gitfs_provider', 'pygit2') }}
|
||||
|
||||
# Along with gitfs_password, is used to authenticate to HTTPS remotes.
|
||||
{{ get_config('gitfs_user', 'git') }}
|
||||
|
||||
# Along with gitfs_user, is used to authenticate to HTTPS remotes.
|
||||
# This parameter is not required if the repository does not use authentication.
|
||||
{{ get_config('gitfs_password', 'mypassword') }}
|
||||
|
||||
# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
|
||||
# This parameter enables authentication over HTTP. Enable this at your own risk.
|
||||
{{ get_config('gitfs_insecure_auth', 'False') }}
|
||||
|
||||
# Along with gitfs_privkey (and optionally gitfs_passphrase), is used to authenticate
|
||||
# to SSH remotes. This parameter (or its per-remote counterpart) is required for SSH remotes.
|
||||
{{ get_config('gitfs_pubkey', '/path/to/key.pub') }}
|
||||
|
||||
# Along with gitfs_pubkey (and optionally gitfs_passphrase), is used to authenticate
|
||||
# to SSH remotes. This parameter (or its per-remote counterpart) is required for SSH remotes.
|
||||
{{ get_config('gitfs_privkey', '/path/to/key') }}
|
||||
|
||||
# This parameter is optional, required only when the SSH key being used to
|
||||
# authenticate is protected by a passphrase.
|
||||
{{ get_config('gitfs_passphrase', 'mypassphrase') }}
|
||||
|
||||
# Along with gitfs_user, is used to authenticate to HTTPS remotes.
|
||||
# This parameter is not required if the repository does not use authentication.
|
||||
|
||||
# When using the git fileserver backend at least one git remote needs to be
|
||||
# defined. The user running the salt master will need read access to the repo.
|
||||
@ -865,8 +893,67 @@ ext_pillar:
|
||||
{{ get_config('pillar_source_merging_strategy', 'smart') }}
|
||||
|
||||
# Recursively merge lists by aggregating them instead of replacing them.
|
||||
{{ get_config('pillar_merge_lists', 'False') }}
|
||||
{{ get_config('pillar_merge_lists', False) }}
|
||||
|
||||
# Git External Pillar (git_pillar) Configuration Options
|
||||
#
|
||||
# Specify the provider to be used for git_pillar. Must be either pygit2 or
|
||||
# gitpython. If unset, then both will be tried in that same order, and the
|
||||
# first one with a compatible version installed will be the provider that
|
||||
# is used.
|
||||
{{ get_config('git_pillar_provider', 'pygit2') }}
|
||||
|
||||
# If the desired branch matches this value, and the environment is omitted
|
||||
# from the git_pillar configuration, then the environment for that git_pillar
|
||||
# remote will be base.
|
||||
{{ get_config('git_pillar_base', 'master') }}
|
||||
|
||||
# If the branch is omitted from a git_pillar remote, then this branch will
|
||||
# be used instead.
|
||||
{{ get_config('git_pillar_branch', 'master') }}
|
||||
|
||||
# Environment to use for git_pillar remotes. This is normally derived from
|
||||
# the branch/tag (or from a per-remote env parameter), but if set this will
|
||||
# override the process of deriving the env from the branch/tag name.
|
||||
{{ get_config('git_pillar_env', '') }}
|
||||
|
||||
# Path relative to the root of the repository where the git_pillar top file
|
||||
# and SLS files are located.
|
||||
{{ get_config('git_pillar_root', 'pillar') }}
|
||||
|
||||
# Specifies whether or not to ignore SSL certificate errors when contacting
|
||||
# the remote repository.
|
||||
{{ get_config('git_pillar_ssl_verify', True) }}
|
||||
|
||||
# When set to False, if there is an update/checkout lock for a git_pillar
|
||||
# remote and the pid written to it is not running on the master, the lock
|
||||
# file will be automatically cleared and a new lock will be obtained.
|
||||
{{ get_config('git_pillar_global_lock', False) }}
|
||||
|
||||
# Git External Pillar Authentication Options
|
||||
#
|
||||
# Along with git_pillar_password, is used to authenticate to HTTPS remotes.
|
||||
{{ get_config('git_pillar_user', '') }}
|
||||
|
||||
# Along with git_pillar_user, is used to authenticate to HTTPS remotes.
|
||||
# This parameter is not required if the repository does not use authentication.
|
||||
{{ get_config('git_pillar_password', '') }}
|
||||
|
||||
# By default, Salt will not authenticate to an HTTP (non-HTTPS) remote.
|
||||
# This parameter enables authentication over HTTP.
|
||||
{{ get_config('git_pillar_insecure_auth', False) }}
|
||||
|
||||
# Along with git_pillar_privkey (and optionally git_pillar_passphrase),
|
||||
# is used to authenticate to SSH remotes.
|
||||
{{ get_config('git_pillar_pubkey', '/path/to/key.pub') }}
|
||||
|
||||
# Along with git_pillar_pubkey (and optionally git_pillar_passphrase),
|
||||
# is used to authenticate to SSH remotes.
|
||||
{{ get_config('git_pillar_privkey', '/path/to/key') }}
|
||||
|
||||
# This parameter is optional, required only when the SSH key being used
|
||||
# to authenticate is protected by a passphrase.
|
||||
{{ get_config('git_pillar_passphrase', '') }}
|
||||
|
||||
##### Syndic settings #####
|
||||
##########################################
|
||||
|
||||
20
salt/gitfs/keys.sls
Normal file
20
salt/gitfs/keys.sls
Normal file
@ -0,0 +1,20 @@
|
||||
{%- from "salt/map.jinja" import salt_settings with context %}
|
||||
|
||||
{%- set gitfs_keys=salt['pillar.get']('salt:gitfs:keys') %}
|
||||
|
||||
{%- for key, keyvalues in gitfs_keys.items() %}
|
||||
{%- for type, keydata in keyvalues.items() %}
|
||||
gitfs-key-{{ key }}-{{ type }}:
|
||||
file.managed:
|
||||
- name: {{ salt_settings.config_path }}/pki/gitfs/{{ key }}.{{ type }}
|
||||
- source: salt://salt/files/gitfs_key.jinja
|
||||
- template: jinja
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 600
|
||||
- makedirs: True
|
||||
- defaults:
|
||||
key: {{ key }}
|
||||
type: {{ type }}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
Loading…
Reference in New Issue
Block a user