Revision 4ea5cf8a
Added by Bastian Schmidt over 2 years ago
manifests/plugin/salt.pp | ||
---|---|---|
#
|
||
# $autosign_file:: File to use for salt autosign
|
||
#
|
||
# $autosign_key_file:: File to use for salt autosign via grains
|
||
#
|
||
# $user:: User to run salt commands under
|
||
#
|
||
# $api:: Use Salt API
|
||
... | ... | |
#
|
||
class foreman_proxy::plugin::salt (
|
||
Stdlib::Absolutepath $autosign_file = $foreman_proxy::plugin::salt::params::autosign_file,
|
||
Stdlib::Absolutepath $autosign_key_file = $foreman_proxy::plugin::salt::params::autosign_key_file,
|
||
Boolean $enabled = $foreman_proxy::plugin::salt::params::enabled,
|
||
Foreman_proxy::ListenOn $listen_on = $foreman_proxy::plugin::salt::params::listen_on,
|
||
String $user = $foreman_proxy::plugin::salt::params::user,
|
||
... | ... | |
String $api_password = $foreman_proxy::plugin::salt::params::api_password,
|
||
Optional[Stdlib::Absolutepath] $saltfile = $foreman_proxy::plugin::salt::params::saltfile,
|
||
) inherits foreman_proxy::plugin::salt::params {
|
||
$foreman_ssl_cert = pick($foreman_proxy::foreman_ssl_cert, $foreman_proxy::ssl_cert)
|
||
$foreman_ssl_key = pick($foreman_proxy::foreman_ssl_key, $foreman_proxy::ssl_key)
|
||
$reactor_path = '/usr/share/foreman-proxy/salt/reactors'
|
||
|
||
foreman_proxy::plugin::module { 'salt':
|
||
enabled => $enabled,
|
||
listen_on => $listen_on,
|
||
}
|
||
|
||
file {"${foreman_proxy::etc}/salt/master.d":
|
||
ensure => directory,
|
||
mode => '0755',
|
||
}
|
||
file {"${foreman_proxy::etc}/salt/master.d/foreman.conf":
|
||
ensure => file,
|
||
content => template('foreman_proxy/plugin/salt_master.conf.erb'),
|
||
owner => 'root',
|
||
mode => '0640',
|
||
}
|
||
}
|
manifests/plugin/salt/params.pp | ||
---|---|---|
$enabled = true
|
||
$listen_on = 'https'
|
||
$autosign_file = "${foreman_proxy::params::etc}/salt/autosign.conf"
|
||
$autosign_grains_dir = '/var/lib/foreman-proxy/salt/grains'
|
||
$autosign_key_file = "${autosign_grains_dir}/autosign_key"
|
||
$user = 'root'
|
||
|
||
$api = false
|
spec/classes/foreman_proxy__plugin__salt_spec.rb | ||
---|---|---|
let :params do {
|
||
:user => 'example',
|
||
:autosign_file => '/etc/salt/example.conf',
|
||
:autosign_key_file => '/var/lib/foreman-proxy/salt/grains/autosign_key',
|
||
:api => true,
|
||
:api_url => 'http://foreman.example.com',
|
||
:api_auth => 'ldap',
|
||
... | ... | |
should contain_file('/etc/foreman-proxy/settings.d/salt.yml').
|
||
with_content(%r{:salt_command_user: example}).
|
||
with_content(%r{:autosign_file: /etc/salt/example.conf}).
|
||
with_content(%r{:autosign_key_file: /var/lib/foreman-proxy/salt/grains/autosign_key}).
|
||
with_content(%r{:use_api: true}).
|
||
with_content(%r{:api_url: http://foreman.example.com}).
|
||
with_content(%r{:api_auth: ldap}).
|
templates/plugin/salt.yml.erb | ||
---|---|---|
---
|
||
:enabled: <%= @module_enabled %>
|
||
:autosign_file: <%= scope.lookupvar('::foreman_proxy::plugin::salt::autosign_file') %>
|
||
:autosign_key_file: <%= scope.lookupvar('::foreman_proxy::plugin::salt::autosign_key_file') %>
|
||
:salt_command_user: <%= scope.lookupvar('::foreman_proxy::plugin::salt::user') %>
|
||
# Some features require using the Salt API - such as listing environments and retrieving state info
|
||
:use_api: <%= scope.lookupvar('::foreman_proxy::plugin::salt::api') %>
|
templates/plugin/salt_master.conf.erb | ||
---|---|---|
# /etc/salt/master.d/foreman.config Master configuration
|
||
#
|
||
# This file summarizes configurations for the salt-master.
|
||
# Have a look at the [Foreman Salt Plugin Documentation](https://theforeman.org/plugins/foreman_salt/) for detailed explanations.
|
||
#
|
||
# After editing this file, run the following command to active the changes:
|
||
# systemctl restart salt-master
|
||
|
||
|
||
##
|
||
# Autosign
|
||
autosign_grains_dir: <%= scope.lookupvar('foreman_proxy::plugin::salt::autosign_grains_dir') %>
|
||
autosign_file: <%= scope.lookupvar('foreman_proxy::plugin::salt::autosign_file') %>
|
||
# Uncomment the next line to make use of the autosign host name file (not recommended)
|
||
# permissive_pki_access: True
|
||
|
||
|
||
##
|
||
# Node classifier
|
||
master_tops:
|
||
ext_nodes: /usr/bin/foreman-node
|
||
|
||
|
||
##
|
||
# Pillar data access
|
||
ext_pillar:
|
||
- puppet: /usr/bin/foreman-node
|
||
|
||
|
||
##
|
||
# Salt API access
|
||
external_auth:
|
||
<%= scope.lookupvar('foreman_proxy::plugin::salt::api_auth') %>:
|
||
<%= scope.lookupvar('foreman_proxy::plugin::salt::api_username') %>:
|
||
- '@runner'
|
||
|
||
rest_cherrypy:
|
||
port: 9191
|
||
ssl_key: <%= @foreman_ssl_key %>
|
||
ssl_crt: <%= @foreman_ssl_cert %>
|
||
|
||
|
||
##
|
||
# Remote execution provider
|
||
publisher_acl:
|
||
foreman-proxy:
|
||
- state.template_str
|
||
|
||
|
||
##
|
||
# Reactors
|
||
reactor:
|
||
- 'salt/auth': # Autosign reactor
|
||
- <%= @reactor_path %>/foreman_minion_auth.sls
|
||
- 'salt/job/*/ret/*': # Report reactor
|
||
- <%= @reactor_path %>/foreman_report_upload.sls
|
Also available in: Unified diff
Add parameter autosign_key_file and Salt Master configuration
Co-authored-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>