Page MenuHomeDevCentral

D3278.id8434.diff
No OneTemporary

D3278.id8434.diff

diff --git a/pillar/services/table.sls b/pillar/services/table.sls
--- a/pillar/services/table.sls
+++ b/pillar/services/table.sls
@@ -9,6 +9,8 @@
nasqueron_services:
# Complector services
salt_primary: 172.27.27.7
+ salt_api_url: https://172.27.27.7:8300
+
vault: 172.27.27.7
vault_url: https://172.27.27.7:8200
diff --git a/roles/salt-primary/api/certificates.sls b/roles/salt-primary/api/certificates.sls
new file mode 100644
--- /dev/null
+++ b/roles/salt-primary/api/certificates.sls
@@ -0,0 +1,30 @@
+# -------------------------------------------------------------
+# Salt — Provision a salt primary server
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# Copy TLS certificates from Vault
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ dirs.etc }}/certificates/salt-api:
+ file.directory:
+ - user: salt
+ - mode: 755
+ - makedirs: True
+
+{{ dirs.etc }}/certificates/salt-api/fullchain.pem:
+ file.managed:
+ - user: salt
+ - mode: 444
+ - source: /usr/local/etc/certificates/vault/fullchain.pem
+
+{{ dirs.etc }}/certificates/salt-api/private.key:
+ file.managed:
+ - user: salt
+ - mode: 400
+ - source: /usr/local/etc/certificates/vault/private.key
diff --git a/roles/salt-primary/api/files/api.conf b/roles/salt-primary/api/files/api.conf
new file mode 100644
--- /dev/null
+++ b/roles/salt-primary/api/files/api.conf
@@ -0,0 +1,22 @@
+# -------------------------------------------------------------
+# Salt configuration :: API
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/salt-primary/api/files/api.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+rest_cherrypy:
+ port: 8300
+ ssl_crt: {{ certificates_path }}/fullchain.pem
+ ssl_key: {{ certificates_path }}/private.key
+ webhook_disable_auth: True
+ collect_stats: True
+ stats_disable_auth: True
diff --git a/roles/salt-primary/api/files/salt_api.rc b/roles/salt-primary/api/files/salt_api.rc
new file mode 100644
--- /dev/null
+++ b/roles/salt-primary/api/files/salt_api.rc
@@ -0,0 +1,16 @@
+# -------------------------------------------------------------
+# Salt
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/salt-primary/api/files/salt_api.rc
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+salt_api_enable="YES"
diff --git a/roles/salt-primary/init.sls b/roles/salt-primary/api/init.sls
copy from roles/salt-primary/init.sls
copy to roles/salt-primary/api/init.sls
--- a/roles/salt-primary/init.sls
+++ b/roles/salt-primary/api/init.sls
@@ -2,14 +2,10 @@
# Salt — Provision a salt primary server
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
-# Created: 2017-10-21
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- - .software
- - .config
- - .account
- - .cloud
- - .staging
- - .salt-wrapper
+ - .rest_cherrypy
+ - .certificates
+ - .service
diff --git a/roles/salt-primary/api/rest_cherrypy.sls b/roles/salt-primary/api/rest_cherrypy.sls
new file mode 100644
--- /dev/null
+++ b/roles/salt-primary/api/rest_cherrypy.sls
@@ -0,0 +1,44 @@
+# -------------------------------------------------------------
+# Salt — Provision a salt primary server
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs, packages_prefixes with context %}
+
+# -------------------------------------------------------------
+# Additional software
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+install_salt_api_extra_software:
+ pkg.installed:
+ - pkgs:
+ - {{ packages_prefixes.python3 }}cherrypy
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ dirs.etc }}/salt/master.d/api.conf:
+ file.managed:
+ - source: salt://roles/salt-primary/api/files/api.conf
+ - template: jinja
+ - context:
+ certificates_path: {{ dirs.etc }}/certificates/salt-api
+
+# -------------------------------------------------------------
+# Fix for contextvars issue
+#
+# This package is now a part of the Python library since 3.7
+# Yes, this is hacky.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% set pythonversion = "{}.{}".format(grains["pythonversion"][0], grains["pythonversion"][1]) %}
+
+drop_contextvars:
+ file.comment:
+ - name: {{ grains["saltpath"] }}-{{ grains["saltversion"] }}-py{{ pythonversion }}.egg-info/requires.txt
+ - regex: ^contextvars
+ - backup: False
+ - ignore_missing: True
diff --git a/roles/salt-primary/api/service.sls b/roles/salt-primary/api/service.sls
new file mode 100644
--- /dev/null
+++ b/roles/salt-primary/api/service.sls
@@ -0,0 +1,29 @@
+# -------------------------------------------------------------
+# Salt — Provision a salt primary server
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import services with context %}
+
+# -------------------------------------------------------------
+# Enable FreeBSD service
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if services["manager"] == "rc" %}
+
+/etc/rc.conf.d/salt_api:
+ file.managed:
+ - source: salt://roles/salt-primary/api/files/salt_api.rc
+
+{% endif %}
+
+# -------------------------------------------------------------
+# Start service
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+service_salt_api:
+ service.running:
+ - name: salt_api
+ - enable: true
diff --git a/roles/salt-primary/init.sls b/roles/salt-primary/init.sls
--- a/roles/salt-primary/init.sls
+++ b/roles/salt-primary/init.sls
@@ -13,3 +13,4 @@
- .cloud
- .staging
- .salt-wrapper
+ - .api

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 23, 18:03 (18 h, 28 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2257973
Default Alt Text
D3278.id8434.diff (7 KB)

Event Timeline