Skip to content

Commit

Permalink
Merge pull request #13 from jordiprats/master
Browse files Browse the repository at this point in the history 
millores varies
  • Loading branch information
@jordiprats
jordiprats authored Aug 16, 2018
2 parents 925088d + d61c27f commit 8e3f93b
Show file tree
Hide file tree
Showing 17 changed files with 303 additions and 16 deletions.
11 changes: 11 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
# CHANGELOG

## 0.1.6

* **salt::cloud**:
- bugfix log_datefmt
- flag to manage vSphere dependencies (true by default)
* **salt::api**:
- added **saltstack::api::rest_timeout** (default: 7200)
* **salt::master**:
- added keys management
- acl management for salt-master via eAuth

## 0.1.5

* added Ubuntu 18.04 support
Expand Down
140 changes: 128 additions & 12 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,19 @@

## Overview

saltstack configuration management
saltstack - minion, master, api, cloud, syndic and ssh setup and configuration

## Module Description

If applicable, this section should have a brief description of the technology
the module integrates with and what that integration enables. This section
should answer the questions: "What does this module *do*?" and "Why would I use
it?"
This module installs saltstack components:
* minion
* master
* api
* cloud
* syndic
* ssh

If your module has a range of functionality (installation, configuration,
management, etc.) this is the time to mention it.
Using a yum/apt repo as appropriate

## Setup

Expand All @@ -44,6 +46,8 @@ This module requires pluginsync enabled for puppet <=3.8

### Beginning with saltstack

A single node configuration example with ACLs:

```puppet
class { 'saltstack::minion':
master => '127.0.0.1'
Expand All @@ -59,34 +63,146 @@ saltstack::master::pillar { 'base':
files => [ '/srv/salt-data/pillar' ],
}
class { 'saltstack::ssh': }
class { 'saltstack::cloud': }
class { 'saltstack::api': }
class { 'saltstack::syndic': }
saltstack::master::key { $::fqdn:
status => 'accepted'
}
saltstack::master::acl { 'saltuser':
match => [ '.*', '@runner' ],
}
saltstack::master::acl { 'saltuser2':
match => [ '.*', '@runner' ],
}
```

## Usage

salt minion:
Installing a salt minion:

```puppet
class { 'saltstack::minion':
master => 'salt-master.systemadmin.es'
}
```

salt master:
Installing a salt master:

```puppet
class { 'saltstack::master': }
```

## Reference

TODO
### saltstack

Placeholder, not needed

### saltstack::repo

saltstack repo installation

* **srcdir**: Where to store temporal files (default: /usr/local/src)

### saltstack::minion

* **master**: 'saltmaster',
* **master_type**: = 'failover',
* **master_failback**: = false,
* **random_master**: = false,
* **master_port**: = '4506',
* **manage_package**: = true,
* **package_ensure**: = 'installed',
* **manage_service**: = true,
* **manage_docker_service**: = true,
* **service_ensure**: = 'running',
* **service_enable**: = true,
* **minion_id**: = $::fqdn,
* **hash_type**: = 'sha256',

## saltstack::master

* **manage_package**: = true,
* **package_ensure**: = 'installed',
* **manage_service**: = true,
* **manage_docker_service**: = true,
* **service_ensure**: = 'running',
* **service_enable**: = true,
* **interface**: = '0.0.0.0',
* **ipv6**: = false,
* **user**: = 'root',
* **publish_port**: = '4505',
* **ret_port**: = '4506',
* **keep_jobs**: = '170',
* **max_event_size**: = '10485760',
* **hash_type**: = 'sha256',
* **masted_recurse**: = true,
* **masted_purge**: = true,

## saltstack::api

* **manage_package**: = true,
* **package_ensure**: = 'installed',
* **manage_service**: = true,
* **manage_docker_service**: = true,
* **service_ensure**: = 'running',
* **service_enable**: = true,
* **port**: = '8000',
* **host**: = undef,
* **debug**: = false,
* **ssl_crt**: = undef,
* **ssl_key**: = undef,
* **disable_ssl**: = undef,
* **webhook_disable_auth**: = false,
* **webhook_url**: = undef,
* **thread_pool**: = '100',
* **socket_queue_size**: = '30',
* **expire_responses**: = false,
* **max_request_body_size**: = '1048576',
* **collect_stats**: = false,
* **static**: = undef,
* **static_path**: = undef,
* **app**: = undef,
* **app_path**: = undef,
* **root_prefix**: = '/',
* **generate_selfsigned_cert**: = true,
* **rest_timeout**: = '7200',

## saltstack::cloud

* **manage_package**: = true,
* **package_ensure**: = 'installed',
* **keysize**: = '2048',
* **script**: = undef,
* **log_file**: = '/var/log/salt/cloud',
* **log_level**: = 'info',
* **log_level_logfile**: = 'info',
* **log_datefmt**: = '%Y-%m-%d %H:%M:%S',
* **log_fmt_logfile**: = undef,
* **log_granular_levels**: = undef,
* **delete_sshkeys**: = false,
* **install_windows_dependencies**: = true,
* **install_vsphere_dependencies**: = true,

## saltstack::ssh

* **manage_package**: = true,
* **package_ensure**: = 'installed',

## saltstack::syndic

* **manage_package**: = true,
* **package_ensure**: = 'installed',
* **manage_service**: = true,
* **manage_docker_service**: = true,
* **service_ensure**: = 'running',
* **service_enable**: = true,

## Limitations

Expand Down
12 changes: 12 additions & 0 deletions examples/base.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,15 @@
class { 'saltstack::api': }

class { 'saltstack::syndic': }

saltstack::master::key { $::fqdn:
status => 'accepted'
}

saltstack::master::acl { 'saltuser':
match => [ '.*', '@runner' ],
}

saltstack::master::acl { 'saltuser2':
match => [ '.*', '@runner' ],
}
25 changes: 25 additions & 0 deletions lib/puppet/functions/salt_key_status.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
Puppet::Functions.create_function(:salt_key_status) do |args|
dispatch :salt_key_status do
param 'String', :arg
end

def salt_key_status(arg)
# salt-key -L --out=txt | grep "'centos7.vm'" | cut -f 1 -d:
command = ['/usr/bin/salt-key -L --out=txt | grep']
command.push("\"'" + arg + "'\"")
command.push("| cut -f 1 -d:")

command = command.join ' '

output = Puppet::Util::Execution.execute(command, {
:uid => 'root',
:gid => 'root',
:failonfail => false,
:combine => true,
:override_locale => true,
})

return output
end

end
1 change: 1 addition & 0 deletions manifests/api.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
$app_path = undef,
$root_prefix = '/',
$generate_selfsigned_cert = true,
$rest_timeout = '7200',
) inherits saltstack::params {

case $::osfamily
Expand Down
1 change: 1 addition & 0 deletions manifests/api/config.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
group => 'root',
mode => '0664',
content => template("${module_name}/api/api.erb"),
require => File['/etc/salt/master.d'],
}

}
1 change: 1 addition & 0 deletions manifests/cloud.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
$log_granular_levels = undef,
$delete_sshkeys = false,
$install_windows_dependencies = true,
$install_vsphere_dependencies = true,
) inherits saltstack::params {

case $::osfamily
Expand Down
9 changes: 9 additions & 0 deletions manifests/cloud/install.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,15 @@
}
}

if($saltstack::cloud::install_vsphere_dependencies)
{
include ::python

pythonpip { 'pyvmomi':
ensure => 'present',
}
}

if($saltstack::cloud::install_windows_dependencies)
{
if($saltstack::params::windows_dependencies!=undef)
Expand Down
2 changes: 2 additions & 0 deletions manifests/master.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@
$keep_jobs = '170',
$max_event_size = '10485760',
$hash_type = 'sha256',
$masted_recurse = true,
$masted_purge = true,
) inherits saltstack::params{

class { '::saltstack::master::install': } ->
Expand Down
39 changes: 39 additions & 0 deletions manifests/master/acl.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
define saltstack::master::acl (
$user = $name,
$backend = 'pam',
$match = '.*',
) {
include ::saltstack::master

if(!defined(Concat['/etc/salt/master.d/external_auth.conf']))
{
concat { '/etc/salt/master.d/external_auth.conf':
ensure => 'present',
owner => 'root',
group => 'root',
mode => '0600',
require => File['/etc/salt/master.d'],
}

concat::fragment { 'salt master external_auth header':
target => '/etc/salt/master.d/external_auth.conf',
order => '00',
content => "# puppet managed file\nexternal_auth:\n",
}
}

if(!defined(Concat::Fragment["salt master external_auth backend ${backend}"]))
{
concat::fragment { "salt master external_auth backend ${backend}":
target => '/etc/salt/master.d/external_auth.conf',
order => "01-${backend}",
content => " ${backend}:\n",
}
}

concat::fragment { "salt master external_auth user ${user}":
target => '/etc/salt/master.d/external_auth.conf',
order => "01-${backend}-${user}",
content => template("${module_name}/master/acl.erb"),
}
}
9 changes: 9 additions & 0 deletions manifests/master/config.pp
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,14 @@
class saltstack::master::config inherits saltstack::master {

file { '/etc/salt/master.d':
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0755',
recurse => $saltstack::master::masted_recurse,
purge => $saltstack::master::masted_purge,
}

concat { '/etc/salt/master':
ensure => 'present',
owner => 'root',
Expand Down
48 changes: 48 additions & 0 deletions manifests/master/key.pp
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# [root@centos7 ~]# salt-key -L --out=txt
# minions_rejected: []
# minions_denied: []
# minions_pre: [u'centos7.vm']
# minions: [u'centos71.vm']
define saltstack::master::key (
$hostname = $name,
$status = 'accepted',
) {
include ::saltstack::master

$current_status = salt_key_status($hostname)

case $status
{
'accepted':
{
case $current_status
{
/^minions$/: {}
/^minions_/:
{
exec { "salt-key for ${hostname} from ${current_status} to ${status}":
command => "salt-key -a ${hostname} --include-rejected --include-denied -y",
path => '/usr/sbin:/usr/bin:/sbin:/bin',
}
}
default: { fail("ERROR: current status set as '${current_status}' - desired state: ${status}")}
}
}
'rejected':
{
case $current_status
{
/^minions_denied$/, /^minions$/, /^minions_pre$/:
{
exec { "salt-key for ${hostname} from ${current_status} to ${status}":
command => "salt-key -r ${hostname} --include-accepted --include-denied -y",
path => '/usr/sbin:/usr/bin:/sbin:/bin',
}
}
/^minions_rejected$/: { }
default: { fail("ERROR: current status set as '${current_status}' - desired state: ${status}")}
}
}
default: { fail("Unsupported desired status: ${status}") }
}
}
Loading

0 comments on commit 8e3f93b

Please sign in to comment.