Page MenuHomeDevCentral
Files F27207952

No OneTemporary
Actions

View Options

diff --git a/GIDs b/GIDs
index 37bec0e..b2f4478 100644
--- a/GIDs
+++ b/GIDs
@@ -1,3 +1,5 @@
827 chaton-dev
828 deployment
829 nasqueron-irc
+9001 salt
+9002 deploy
diff --git a/UIDs b/UIDs
index 0a75283..6ab315c 100644
--- a/UIDs
+++ b/UIDs
@@ -1,3 +1,5 @@
830 odderon
831 builder
832 chaton
+9001 salt
+9002 deploy
diff --git a/roles/saltmaster/sudo/files/deploy b/roles/saltmaster/account/files/deploy
similarity index 91%
rename from roles/saltmaster/sudo/files/deploy
rename to roles/saltmaster/account/files/deploy
index 0c2883f..4e1b1de 100644
--- a/roles/saltmaster/sudo/files/deploy
+++ b/roles/saltmaster/account/files/deploy
@@ -1,17 +1,17 @@
# -------------------------------------------------------------
# SaltStack deployment
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-09-28
# License: Trivial work, not eligible to copyright
-# Source file: roles/saltmaster/sudo/files/deploy
+# Source file: roles/saltmaster/account/files/deploy
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
%deploy ALL = (deploy) NOPASSWD: ALL
diff --git a/roles/saltmaster/sudo/files/salt b/roles/saltmaster/account/files/salt
similarity index 94%
rename from roles/saltmaster/sudo/files/salt
rename to roles/saltmaster/account/files/salt
index 8b9fdcd..de421ab 100644
--- a/roles/saltmaster/sudo/files/salt
+++ b/roles/saltmaster/account/files/salt
@@ -1,20 +1,20 @@
# -------------------------------------------------------------
# SaltStack deployment
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
-# Source file: roles/saltmaster/sudo/files/salt
+# Source file: roles/saltmaster/account/files/salt
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
Cmnd_Alias SALT = /usr/local/bin/salt, /usr/local/bin/salt-api, /usr/local/bin/salt-call, /usr/local/bin/salt-cloud, /usr/local/bin/salt-cp, /usr/local/bin/salt-key, /usr/local/bin/salt-master, /usr/local/bin/salt-minion, /usr/local/bin/salt-proxy, /usr/local/bin/salt-run, /usr/local/bin/salt-ssh, /usr/local/bin/salt-syndic, /usr/local/etc/rc.d/salt_master
%salt ALL=(salt) NOPASSWD: SALT
%salt ALL=(ALL) NOPASSWD: /usr/local/bin/salt-call
diff --git a/roles/saltmaster/account/init.sls b/roles/saltmaster/account/init.sls
new file mode 100644
index 0000000..0b8d2a3
--- /dev/null
+++ b/roles/saltmaster/account/init.sls
@@ -0,0 +1,65 @@
+# -------------------------------------------------------------
+# Salt — Salt master configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-28
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# Accounts
+# -------------------------------------------------------------
+
+# Salt account
+salt_account:
+ group.present:
+ - name: salt
+ - gid: 9001
+ - system: True
+ user.present:
+ - name: salt
+ - fullname: SaltStack master account
+ - uid: 9001
+ - gid: 9001
+ - home: /var/run/salt
+
+salt_account_ownership:
+ cmd.run:
+ - name: chown -R salt {{ dirs.etc }}/salt /var/cache/salt /var/log/salt /var/run/salt
+ - onchanges:
+ - user: salt_account
+
+# Deployment account
+deploy_account:
+ group.present:
+ - name: deploy
+ - gid: 9002
+ - system: True
+ user.present:
+ - name: deploy
+ - fullname: Deployment and management of the Salt staging area
+ - uid: 9002
+ - gid: 9002
+ - home: /opt/salt/staging
+
+deploy_account_ownership:
+ cmd.run:
+ - name: chown -R salt /opt/salt/staging /opt/salt/private/staging
+ - onchanges:
+ - user: deploy_account
+
+# -------------------------------------------------------------
+# Sudo capabilities
+#
+# Ops should be able to sudo -u salt …
+# Deployers should be able to sudo -u deploy <anything>
+# -------------------------------------------------------------
+
+{% for sudofile in ['salt', 'deploy'] %}
+saltmaster_sudo_capabilities_{{ sudofile }}:
+ file.managed:
+ - name: {{ dirs.etc }}/sudoers.d/{{ sudofile }}
+ - source: salt://roles/saltmaster/account/files/{{ sudofile }}
+{% endfor %}
diff --git a/roles/saltmaster/init.sls b/roles/saltmaster/init.sls
new file mode 100644
index 0000000..039a43e
--- /dev/null
+++ b/roles/saltmaster/init.sls
@@ -0,0 +1,12 @@
+# -------------------------------------------------------------
+# Salt — Provision a salt master
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-10-21
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+include:
+ - .account
+ - .cloud
+ - .salt-wrapper
diff --git a/roles/saltmaster/salt-wrapper/files/salt-wrapper.conf b/roles/saltmaster/salt-wrapper/files/salt-wrapper.conf
index d18d171..d445511 100644
--- a/roles/saltmaster/salt-wrapper/files/salt-wrapper.conf
+++ b/roles/saltmaster/salt-wrapper/files/salt-wrapper.conf
@@ -1,21 +1,21 @@
{
"comments": [
"This file is managed by our rOPS SaltStack repository.",
"Changes to this file may cause incorrect behavior",
"and will be lost if the state is redeployed.",
"Source file: roles/saltmaster/salt-wrapper/files/salt-wrapper.conf"
],
"roots": [
{
"config": "/usr/local/etc/salt-woodscloud",
- "states": "/opt/woodscloud-operations"
+ "states": "/opt/salt/woodscloud-operations"
},
{
"config": "/usr/local/etc/salt",
- "states": "/opt/nasqueron-operations"
+ "states": "/opt/salt/nasqueron-operations"
}
]
}
diff --git a/roles/saltmaster/sudo/init.sls b/roles/saltmaster/sudo/init.sls
deleted file mode 100644
index 6e6512c..0000000
--- a/roles/saltmaster/sudo/init.sls
+++ /dev/null
@@ -1,23 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Salt master configuration
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Nasqueron
-# Created: 2017-04-28
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-{% from "map.jinja" import dirs with context %}
-
-# -------------------------------------------------------------
-# Sudo capabilities
-#
-# Ops should be able to sudo -u salt …
-# Deployers should be able to sudo -u deploy <anything>
-# -------------------------------------------------------------
-
-{% for sudofile in ['salt', 'deploy'] %}
-saltmaster_sudo_capabilities_{{ sudofile }}:
- file.managed:
- - name: {{ dirs.etc }}/sudoers.d/{{ sudofile }}
- - source: salt://roles/saltmaster/sudo/files/{{ sudofile }}
-{% endfor %}
diff --git a/top.sls b/top.sls
index cde9a4f..1689d9e 100644
--- a/top.sls
+++ b/top.sls
@@ -1,35 +1,34 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
base:
'*':
- roles/core/rc
- roles/core/hostname
- roles/core/network
- roles/core/motd
- roles/core/rsyslog
- roles/core/salt
- roles/core/sshd
'local':
- - roles/saltmaster/sudo
- - roles/saltmaster/salt-wrapper
+ - roles/saltmaster
'ysul.nasqueron.org':
- roles/webserver-legacy
- roles/webserver-varnish
'dwellers.nasqueron.org':
- roles/paas-docker/docker
- roles/paas-lxc/lxc
- roles/mastodon
'eglide':
- roles/webserver-core/letsencrypt
- roles/shellserver/users
- roles/shellserver/userland-software
- roles/shellserver/eglide-website
- roles/shellserver/vhosts
- roles/shellserver/web-hosting
- roles/shellserver/odderon

File Metadata

Mime Type
text/x-diff
Expires
Sun, May 3, 06:35 (20 h, 59 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3673178
Default Alt Text
(8 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator