Previously, we used the two following folders to provision Salt:
Now, on Ysul, we also want to let the capability to users to deploy their private stuff too through Salt. By private stuff, we don't consider credentials (they should not be stored directly in Salt) but some cases have been identified:
- archives of resources with collective ownership, not fully available in open source license
- resources with privacy issue
- private backup
As such the hierarchy is reorganized like this:
rOPS | Public | Salt states | /opt/salt/nasqueron-operations |
rSTAGING | Public | Files to deploy | /opt/salt/staging |
rPRIVOPS | Private | Salt states | /opt//salt/private/operations |
rPRIVSTAGING | Private | Files to deploy | /opt/salt/private/staging |
The goal is to allow to replace "/opt" by /opt/salt" and to keep the staging/ops paths.
It's by the way acceptable to ask to add a submodule in rPRIVSTAGING but to declare the Salt states in rOPS, or to redeploy through rPRIVOPS a resource in rSTAGING.
The private repositories are NOT available to the Salt master, only in /usr/local/etc/salt/minion to be used with salt-call.