Project

General

Profile

« Previous | Next » 

Revision 4ea5cf8a

Added by Bastian Schmidt over 2 years ago

Add parameter autosign_key_file and Salt Master configuration

  • Add parameter autosign_key_file
  • Add docs for autosign_key_file
  • Add Salt Master configuration

Co-authored-by: Ewoud Kohl van Wijngaarden <>

View differences:

manifests/plugin/salt.pp
#
# $autosign_file:: File to use for salt autosign
#
# $autosign_key_file:: File to use for salt autosign via grains
#
# $user:: User to run salt commands under
#
# $api:: Use Salt API
......
#
class foreman_proxy::plugin::salt (
Stdlib::Absolutepath $autosign_file = $foreman_proxy::plugin::salt::params::autosign_file,
Stdlib::Absolutepath $autosign_key_file = $foreman_proxy::plugin::salt::params::autosign_key_file,
Boolean $enabled = $foreman_proxy::plugin::salt::params::enabled,
Foreman_proxy::ListenOn $listen_on = $foreman_proxy::plugin::salt::params::listen_on,
String $user = $foreman_proxy::plugin::salt::params::user,
......
String $api_password = $foreman_proxy::plugin::salt::params::api_password,
Optional[Stdlib::Absolutepath] $saltfile = $foreman_proxy::plugin::salt::params::saltfile,
) inherits foreman_proxy::plugin::salt::params {
$foreman_ssl_cert = pick($foreman_proxy::foreman_ssl_cert, $foreman_proxy::ssl_cert)
$foreman_ssl_key = pick($foreman_proxy::foreman_ssl_key, $foreman_proxy::ssl_key)
$reactor_path = '/usr/share/foreman-proxy/salt/reactors'
foreman_proxy::plugin::module { 'salt':
enabled => $enabled,
listen_on => $listen_on,
}
file {"${foreman_proxy::etc}/salt/master.d":
ensure => directory,
mode => '0755',
}
file {"${foreman_proxy::etc}/salt/master.d/foreman.conf":
ensure => file,
content => template('foreman_proxy/plugin/salt_master.conf.erb'),
owner => 'root',
mode => '0640',
}
}
manifests/plugin/salt/params.pp
$enabled = true
$listen_on = 'https'
$autosign_file = "${foreman_proxy::params::etc}/salt/autosign.conf"
$autosign_grains_dir = '/var/lib/foreman-proxy/salt/grains'
$autosign_key_file = "${autosign_grains_dir}/autosign_key"
$user = 'root'
$api = false
spec/classes/foreman_proxy__plugin__salt_spec.rb
let :params do {
:user => 'example',
:autosign_file => '/etc/salt/example.conf',
:autosign_key_file => '/var/lib/foreman-proxy/salt/grains/autosign_key',
:api => true,
:api_url => 'http://foreman.example.com',
:api_auth => 'ldap',
......
should contain_file('/etc/foreman-proxy/settings.d/salt.yml').
with_content(%r{:salt_command_user: example}).
with_content(%r{:autosign_file: /etc/salt/example.conf}).
with_content(%r{:autosign_key_file: /var/lib/foreman-proxy/salt/grains/autosign_key}).
with_content(%r{:use_api: true}).
with_content(%r{:api_url: http://foreman.example.com}).
with_content(%r{:api_auth: ldap}).
templates/plugin/salt.yml.erb
---
:enabled: <%= @module_enabled %>
:autosign_file: <%= scope.lookupvar('::foreman_proxy::plugin::salt::autosign_file') %>
:autosign_key_file: <%= scope.lookupvar('::foreman_proxy::plugin::salt::autosign_key_file') %>
:salt_command_user: <%= scope.lookupvar('::foreman_proxy::plugin::salt::user') %>
# Some features require using the Salt API - such as listing environments and retrieving state info
:use_api: <%= scope.lookupvar('::foreman_proxy::plugin::salt::api') %>
templates/plugin/salt_master.conf.erb
# /etc/salt/master.d/foreman.config Master configuration
#
# This file summarizes configurations for the salt-master.
# Have a look at the [Foreman Salt Plugin Documentation](https://theforeman.org/plugins/foreman_salt/) for detailed explanations.
#
# After editing this file, run the following command to active the changes:
# systemctl restart salt-master
##
# Autosign
autosign_grains_dir: <%= scope.lookupvar('foreman_proxy::plugin::salt::autosign_grains_dir') %>
autosign_file: <%= scope.lookupvar('foreman_proxy::plugin::salt::autosign_file') %>
# Uncomment the next line to make use of the autosign host name file (not recommended)
# permissive_pki_access: True
##
# Node classifier
master_tops:
ext_nodes: /usr/bin/foreman-node
##
# Pillar data access
ext_pillar:
- puppet: /usr/bin/foreman-node
##
# Salt API access
external_auth:
<%= scope.lookupvar('foreman_proxy::plugin::salt::api_auth') %>:
<%= scope.lookupvar('foreman_proxy::plugin::salt::api_username') %>:
- '@runner'
rest_cherrypy:
port: 9191
ssl_key: <%= @foreman_ssl_key %>
ssl_crt: <%= @foreman_ssl_cert %>
##
# Remote execution provider
publisher_acl:
foreman-proxy:
- state.template_str
##
# Reactors
reactor:
- 'salt/auth': # Autosign reactor
- <%= @reactor_path %>/foreman_minion_auth.sls
- 'salt/job/*/ret/*': # Report reactor
- <%= @reactor_path %>/foreman_report_upload.sls

Also available in: Unified diff