Page MenuHomeDevCentral

D1078.id2757.diff
No OneTemporary

D1078.id2757.diff

diff --git a/GIDs b/GIDs
--- a/GIDs
+++ b/GIDs
@@ -1,3 +1,5 @@
827 chaton-dev
828 deployment
829 nasqueron-irc
+9001 salt
+9002 deploy
diff --git a/UIDs b/UIDs
--- a/UIDs
+++ b/UIDs
@@ -1,3 +1,5 @@
830 odderon
831 builder
832 chaton
+9001 salt
+9002 deploy
diff --git a/roles/saltmaster/sudo/files/deploy b/roles/saltmaster/account/files/deploy
rename from roles/saltmaster/sudo/files/deploy
rename to roles/saltmaster/account/files/deploy
--- a/roles/saltmaster/sudo/files/deploy
+++ b/roles/saltmaster/account/files/deploy
@@ -4,7 +4,7 @@
# Project: Nasqueron
# Created: 2017-09-28
# License: Trivial work, not eligible to copyright
-# Source file: roles/saltmaster/sudo/files/deploy
+# Source file: roles/saltmaster/account/files/deploy
# -------------------------------------------------------------
#
# <auto-generated>
diff --git a/roles/saltmaster/sudo/files/salt b/roles/saltmaster/account/files/salt
rename from roles/saltmaster/sudo/files/salt
rename to roles/saltmaster/account/files/salt
--- a/roles/saltmaster/sudo/files/salt
+++ b/roles/saltmaster/account/files/salt
@@ -4,7 +4,7 @@
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
-# Source file: roles/saltmaster/sudo/files/salt
+# Source file: roles/saltmaster/account/files/salt
# -------------------------------------------------------------
#
# <auto-generated>
diff --git a/roles/saltmaster/account/init.sls b/roles/saltmaster/account/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/saltmaster/account/init.sls
@@ -0,0 +1,65 @@
+# -------------------------------------------------------------
+# Salt — Salt master configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-04-28
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# Accounts
+# -------------------------------------------------------------
+
+# Salt account
+salt_account:
+ group.present:
+ - name: salt
+ - gid: 9001
+ - system: True
+ user.present:
+ - name: salt
+ - fullname: SaltStack master account
+ - uid: 9001
+ - gid: 9001
+ - home: /var/run/salt
+
+salt_account_ownership:
+ cmd.run:
+ - name: chown -R salt {{ dirs.etc }}/salt /var/cache/salt /var/log/salt /var/run/salt
+ - onchanges:
+ - user: salt_account
+
+# Deployment account
+deploy_account:
+ group.present:
+ - name: deploy
+ - gid: 9002
+ - system: True
+ user.present:
+ - name: deploy
+ - fullname: Deployment and management of the Salt staging area
+ - uid: 9002
+ - gid: 9002
+ - home: /opt/salt/staging
+
+deploy_account_ownership:
+ cmd.run:
+ - name: chown -R salt /opt/salt/staging /opt/salt/private/staging
+ - onchanges:
+ - user: deploy_account
+
+# -------------------------------------------------------------
+# Sudo capabilities
+#
+# Ops should be able to sudo -u salt …
+# Deployers should be able to sudo -u deploy <anything>
+# -------------------------------------------------------------
+
+{% for sudofile in ['salt', 'deploy'] %}
+saltmaster_sudo_capabilities_{{ sudofile }}:
+ file.managed:
+ - name: {{ dirs.etc }}/sudoers.d/{{ sudofile }}
+ - source: salt://roles/saltmaster/account/files/{{ sudofile }}
+{% endfor %}
diff --git a/roles/saltmaster/init.sls b/roles/saltmaster/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/saltmaster/init.sls
@@ -0,0 +1,12 @@
+# -------------------------------------------------------------
+# Salt — Provision a salt master
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-10-21
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+include:
+ - .account
+ - .cloud
+ - .salt-wrapper
diff --git a/roles/saltmaster/salt-wrapper/files/salt-wrapper.conf b/roles/saltmaster/salt-wrapper/files/salt-wrapper.conf
--- a/roles/saltmaster/salt-wrapper/files/salt-wrapper.conf
+++ b/roles/saltmaster/salt-wrapper/files/salt-wrapper.conf
@@ -11,11 +11,11 @@
"roots": [
{
"config": "/usr/local/etc/salt-woodscloud",
- "states": "/opt/woodscloud-operations"
+ "states": "/opt/salt/woodscloud-operations"
},
{
"config": "/usr/local/etc/salt",
- "states": "/opt/nasqueron-operations"
+ "states": "/opt/salt/nasqueron-operations"
}
]
}
diff --git a/roles/saltmaster/sudo/init.sls b/roles/saltmaster/sudo/init.sls
deleted file mode 100644
--- a/roles/saltmaster/sudo/init.sls
+++ /dev/null
@@ -1,23 +0,0 @@
-# -------------------------------------------------------------
-# Salt — Salt master configuration
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Nasqueron
-# Created: 2017-04-28
-# License: Trivial work, not eligible to copyright
-# -------------------------------------------------------------
-
-{% from "map.jinja" import dirs with context %}
-
-# -------------------------------------------------------------
-# Sudo capabilities
-#
-# Ops should be able to sudo -u salt …
-# Deployers should be able to sudo -u deploy <anything>
-# -------------------------------------------------------------
-
-{% for sudofile in ['salt', 'deploy'] %}
-saltmaster_sudo_capabilities_{{ sudofile }}:
- file.managed:
- - name: {{ dirs.etc }}/sudoers.d/{{ sudofile }}
- - source: salt://roles/saltmaster/sudo/files/{{ sudofile }}
-{% endfor %}
diff --git a/top.sls b/top.sls
--- a/top.sls
+++ b/top.sls
@@ -16,8 +16,7 @@
- roles/core/salt
- roles/core/sshd
'local':
- - roles/saltmaster/sudo
- - roles/saltmaster/salt-wrapper
+ - roles/saltmaster
'ysul.nasqueron.org':
- roles/webserver-legacy
- roles/webserver-varnish

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 23, 18:52 (18 h, 29 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2258700
Default Alt Text
D1078.id2757.diff (5 KB)

Event Timeline