diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-04-26 11:33:31 +0200 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2020-04-26 11:33:31 +0200 |
commit | b014bfaadc4104067ff98d0202351625cf03224f (patch) | |
tree | a38cfbd330f7f0d1c46ceccf33215180a15ef948 /src/conf_mode | |
parent | 7765d528ce304275350f87c748fa7988ffb4bc26 (diff) | |
parent | 6a3938cbf595ea24d2d2e3802cf78a0519483339 (diff) | |
download | vyos-1x-b014bfaadc4104067ff98d0202351625cf03224f.tar.gz vyos-1x-b014bfaadc4104067ff98d0202351625cf03224f.zip |
Merge branch 'salt' of github.com:c-po/vyos-1x into current
* 'salt' of github.com:c-po/vyos-1x:
salt: T2384: migrate config options
salt: T2385: XML: improve completion helpers on hash_type
salt: T2384: always log to syslog
Revert "salt: T2382: id and master nodes are mandatory - use in verify()"
salt: T2382: ease config generation
salt: T2382: migrate get_config() to list items
salt: T2382: id and master nodes are mandatory - use in verify()
salt: T2382: add missing verify()
salt: T2382: XML: run as user nobody
salt: T2382: XML: add proper valueHelp and validators for master
salt: T2382: add missing dependency on salt-minion
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/salt-minion.py | 107 |
1 files changed, 49 insertions, 58 deletions
diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/salt-minion.py index 236480854..515019014 100755 --- a/src/conf_mode/salt-minion.py +++ b/src/conf_mode/salt-minion.py @@ -17,117 +17,108 @@ import os from copy import deepcopy -from pwd import getpwnam from socket import gethostname from sys import exit from urllib3 import PoolManager from vyos.config import Config -from vyos import ConfigError -from vyos.util import call from vyos.template import render - +from vyos.util import call, chown +from vyos import ConfigError config_file = r'/etc/salt/minion' +master_keyfile = r'/opt/vyatta/etc/config/salt/pki/minion/master_sign.pub' default_config_data = { - 'hash_type': 'sha256', - 'log_file': '/var/log/salt/minion', + 'hash': 'sha256', 'log_level': 'warning', 'master' : 'salt', - 'user': 'minion', + 'user': 'nobody', + 'group': 'nogroup', 'salt_id': gethostname(), 'mine_interval': '60', - 'verify_master_pubkey_sign': 'false' + 'verify_master_pubkey_sign': 'false', + 'master_key': '' } def get_config(): salt = deepcopy(default_config_data) conf = Config() - if not conf.exists('service salt-minion'): + base = ['service', 'salt-minion'] + + if not conf.exists(base): return None else: - conf.set_level('service salt-minion') - - if conf.exists('hash_type'): - salt['hash_type'] = conf.return_value('hash_type') + conf.set_level(base) - if conf.exists('log_file'): - salt['log_file'] = conf.return_value('log_file') + if conf.exists(['hash']): + salt['hash'] = conf.return_value(['hash']) - if conf.exists('log_level'): - salt['log_level'] = conf.return_value('log_level') + if conf.exists(['master']): + salt['master'] = conf.return_values(['master']) - if conf.exists('master'): - master = conf.return_values('master') - salt['master'] = master + if conf.exists(['id']): + salt['salt_id'] = conf.return_value(['id']) - if conf.exists('id'): - salt['salt_id'] = conf.return_value('id') + if conf.exists(['user']): + salt['user'] = conf.return_value(['user']) - if conf.exists('user'): - salt['user'] = conf.return_value('user') + if conf.exists(['interval']): + salt['interval'] = conf.return_value(['interval']) - if conf.exists('mine_interval'): - salt['mine_interval'] = conf.return_value('mine_interval') - - salt['master-key'] = None - if conf.exists('master-key'): - salt['master-key'] = conf.return_value('master-key') + if conf.exists(['master-key']): + salt['master_key'] = conf.return_value(['master-key']) salt['verify_master_pubkey_sign'] = 'true' return salt -def generate(salt): - paths = ['/etc/salt/','/var/run/salt','/opt/vyatta/etc/config/salt/'] - directory = '/opt/vyatta/etc/config/salt/pki/minion' - uid = getpwnam(salt['user']).pw_uid - http = PoolManager() +def verify(salt): + return None - if salt is None: +def generate(salt): + if not salt: return None - if not os.path.exists(directory): - os.makedirs(directory) + for file in [config_file, master_keyfile]: + dirname = os.path.dirname(file) + if not os.path.exists(dirname): + os.mkdir(dirname) + chown(dirname, salt['user'], salt['group']) render(config_file, 'salt-minion/minion.tmpl', salt) + chown(config_file, salt['user'], salt['group']) - path = "/etc/salt/" - for path in paths: - for root, dirs, files in os.walk(path): - for usgr in dirs: - os.chown(os.path.join(root, usgr), uid, 100) - for usgr in files: - os.chown(os.path.join(root, usgr), uid, 100) - - if not os.path.exists('/opt/vyatta/etc/config/salt/pki/minion/master_sign.pub'): - if not salt['master-key'] is None: - r = http.request('GET', salt['master-key'], preload_content=False) + if not os.path.exists(master_keyfile): + if salt['master_key']: + req = PoolManager().request('GET', salt['master_key'], preload_content=False) - with open('/opt/vyatta/etc/config/salt/pki/minion/master_sign.pub', 'wb') as out: + with open(master_keyfile, 'wb') as f: while True: - data = r.read(1024) + data = req.read(1024) if not data: break - out.write(data) + f.write(data) - r.release_conn() + req.release_conn() + chown(master_keyfile, salt['user'], salt['group']) return None def apply(salt): - if salt is not None: - call("sudo systemctl restart salt-minion") + if not salt: + # Salt removed from running config + call('systemctl stop salt-minion.service') + if os.path.exists(config_file): + os.unlink(config_file) else: - # Salt access is removed in the commit - call("sudo systemctl stop salt-minion") - os.unlink(config_file) + call('systemctl restart salt-minion.service') return None if __name__ == '__main__': try: c = get_config() + verify(c) generate(c) apply(c) except ConfigError as e: |