Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3767478
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
4 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/roles/saltmaster/account/init.sls b/roles/saltmaster/account/init.sls
index a5f74d6..422336f 100644
--- a/roles/saltmaster/account/init.sls
+++ b/roles/saltmaster/account/init.sls
@@ -1,67 +1,85 @@
# -------------------------------------------------------------
# Salt — Salt master configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-04-28
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
# Accounts
# -------------------------------------------------------------
# Salt account
salt_account:
group.present:
- name: salt
- gid: 9001
user.present:
- name: salt
- fullname: SaltStack master account
- uid: 9001
- gid: 9001
- home: /var/run/salt
salt_account_ownership:
cmd.run:
- name: chown -R salt {{ dirs.etc }}/salt /var/cache/salt /var/log/salt /var/run/salt
- onchanges:
- user: salt_account
# Deployment account
deploy_account:
user.present:
- name: deploy
- fullname: Deployment and management of the Salt staging area
- uid: 9002
- gid: 3003
- home: /var/run/deploy
# Allow to repair ownership if the account is created after the staging
deploy_account_ownership:
cmd.run:
- name: chown -R salt /opt/salt/staging /opt/salt/private/staging
- onchanges:
- user: deploy_account
+# -------------------------------------------------------------
+# SSH key for deployment account
+#
+# This key should be added to:
+#
+# - zemke-rhyne account on devcentral
+# https://devcentral.nasqueron.org/settings/user/zemke-rhyne/page/ssh/
+#
+# - alken-orin account on GitHub
+# Credentials are stored in DevCentral passphrase application
+# -------------------------------------------------------------
+
+/opt/salt/security:
+ file.directory:
+ - user: deploy
+ - group: ops
+ - chmod: 770
+
deploy_account_ssh_key:
cmd.run:
- - name: ssh-keygen -t ed25519 -N "" -f /var/run/deploy/.ssh/id_ed25519
+ - name: ssh-keygen -t ed25519 -N "" -f /opt/salt/security/id_ed25519
- runas: deploy
- - creates: /var/run/deploy/.ssh/id_ed25519
+ - creates: /opt/salt/security/id_ed25519
# -------------------------------------------------------------
# Sudo capabilities
#
# Ops should be able to sudo -u salt …
# Deployers should be able to sudo -u deploy <anything>
# -------------------------------------------------------------
{% for sudofile in ['salt', 'deploy'] %}
saltmaster_sudo_capabilities_{{ sudofile }}:
file.managed:
- name: {{ dirs.etc }}/sudoers.d/{{ sudofile }}
- source: salt://roles/saltmaster/account/files/{{ sudofile }}
{% endfor %}
diff --git a/roles/saltmaster/staging/init.sls b/roles/saltmaster/staging/init.sls
index ad3dc97..d3ad525 100644
--- a/roles/saltmaster/staging/init.sls
+++ b/roles/saltmaster/staging/init.sls
@@ -1,38 +1,38 @@
# -------------------------------------------------------------
# Salt — Provision a salt master
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-10-21
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Git repositories for the staging area
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
staging_public_repository:
file.directory:
- name: /opt/salt/staging
- user: deploy
- group: deploy
- dir_mode: 775
git.latest:
- name: https://devcentral.nasqueron.org/source/staging.git
- target: /opt/salt/staging
- user: deploy
- update_head: False
- submodules: True
staging_private_repository:
file.directory:
- name: /opt/salt/private/staging
- user: deploy
- group: deploy
- dir_mode: 770
git.latest:
- name: ssh://vcs@devcentral.nasqueron.org:5022/source/private-staging.git
- target: /opt/salt/private/staging
- user: deploy
- - identity: /var/run/deploy/.ssh/id_ed25519
+ - identity: /opt/salt/security/id_ed25519
- update_head: False
- submodules: True
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Mon, Nov 25, 00:35 (16 h, 49 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2259275
Default Alt Text
(4 KB)
Attached To
Mode
rOPS Nasqueron Operations
Attached
Detach File
Event Timeline
Log In to Comment