salt-minion: T2230: move inlined templates to dedicated files

2 files changed, 89 insertions, 87 deletions

diff --git a/data/templates/salt-minion/minion.tmpl b/data/templates/salt-minion/minion.tmpl
new file mode 100644
index 000000000..5e50d588c
--- /dev/null
+++ b/data/templates/salt-minion/minion.tmpl
@@ -0,0 +1,63 @@
+### Autogenerated by salt-minion.py ###
+
+##### Primary configuration settings #####
+##########################################
+
+# The hash_type is the hash to use when discovering the hash of a file on
+# the master server. The default is sha256, but md5, sha1, sha224, sha384 and
+# sha512 are also supported.
+#
+# WARNING: While md5 and sha1 are also supported, do not use them due to the
+# high chance of possible collisions and thus security breach.
+#
+# Prior to changing this value, the master should be stopped and all Salt
+# caches should be cleared.
+hash_type: {{ hash_type }}
+
+#####         Logging settings       #####
+##########################################
+# The location of the minion log file
+# The minion log can be sent to a regular file, local path name, or network
+# location. Remote logging works best when configured to use rsyslogd(8) (e.g.:
+# ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI
+# format is: <file|udp|tcp>://<host|socketpath>:<port-if-required>/<log-facility>
+#log_file: /var/log/salt/minion
+#log_file: file:///dev/log
+#log_file: udp://loghost:10514
+#
+log_file: {{ log_file }}
+
+# The level of messages to send to the console.
+# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
+#
+# The following log levels are considered INSECURE and may log sensitive data:
+# ['garbage', 'trace', 'debug']
+#
+# Default: 'warning'
+log_level: {{ log_level }}
+
+# Set the location of the salt master server, if the master server cannot be
+# resolved, then the minion will fail to start.
+master:
+{% for host in master -%}
+- {{ host }}
+{% endfor %}
+
+# The user to run salt
+user: {{ user }}
+
+# The directory to store the pki information in
+pki_dir: /config/salt/pki/minion
+
+# Explicitly declare the id for this minion to use, if left commented the id
+# will be the hostname as returned by the python call: socket.getfqdn()
+# Since salt uses detached ids it is possible to run multiple minions on the
+# same machine but with different ids, this can be useful for salt compute
+# clusters.
+id: {{ salt_id }}
+
+
+# The number of minutes between mine updates.
+mine_interval: {{ mine_interval }}
+
+verify_master_pubkey_sign: {{ verify_master_pubkey_sign }}
diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/salt-minion.py
index 303ddae48..bc1767454 100755
--- a/src/conf_mode/salt-minion.py
+++ b/src/conf_mode/salt-minion.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2018-2020 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -13,102 +13,35 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-#
 
-import sys
 import os
-import pwd
-import socket
-import urllib3
 
-import jinja2
+from copy import deepcopy
+from jinja2 import FileSystemLoader, Environment
+from pwd import getpwnam
+from socket import gethostname
+from sys import exit
+from urllib3 import PoolManager
 
 from vyos.config import Config
+from vyos.defaults import directories as vyos_data_dir
 from vyos import ConfigError
 
 config_file = r'/etc/salt/minion'
 
-# Please be careful if you edit the template.
-config_tmpl = """
-### Autogenerated by salt-minion.py ###
-
-##### Primary configuration settings #####
-##########################################
-
-# The hash_type is the hash to use when discovering the hash of a file on
-# the master server. The default is sha256, but md5, sha1, sha224, sha384 and
-# sha512 are also supported.
-#
-# WARNING: While md5 and sha1 are also supported, do not use them due to the
-# high chance of possible collisions and thus security breach.
-#
-# Prior to changing this value, the master should be stopped and all Salt
-# caches should be cleared.
-hash_type: {{ hash_type }}
-
-#####         Logging settings       #####
-##########################################
-# The location of the minion log file
-# The minion log can be sent to a regular file, local path name, or network
-# location. Remote logging works best when configured to use rsyslogd(8) (e.g.:
-# ``file:///dev/log``), with rsyslogd(8) configured for network logging. The URI
-# format is: <file|udp|tcp>://<host|socketpath>:<port-if-required>/<log-facility>
-#log_file: /var/log/salt/minion
-#log_file: file:///dev/log
-#log_file: udp://loghost:10514
-#
-log_file: {{ log_file }}
-
-# The level of messages to send to the console.
-# One of 'garbage', 'trace', 'debug', info', 'warning', 'error', 'critical'.
-#
-# The following log levels are considered INSECURE and may log sensitive data:
-# ['garbage', 'trace', 'debug']
-#
-# Default: 'warning'
-log_level: {{ log_level }}
-
-# Set the location of the salt master server, if the master server cannot be
-# resolved, then the minion will fail to start.
-master:
-{% for host in master -%}
-- {{ host }}
-{% endfor %}
-
-# The user to run salt
-user: {{ user }}
-
-# The directory to store the pki information in
-pki_dir: /config/salt/pki/minion
-
-# Explicitly declare the id for this minion to use, if left commented the id
-# will be the hostname as returned by the python call: socket.getfqdn()
-# Since salt uses detached ids it is possible to run multiple minions on the
-# same machine but with different ids, this can be useful for salt compute
-# clusters.
-id: {{ salt_id }}
-
-
-# The number of minutes between mine updates.
-mine_interval: {{ mine_interval }}
-
-verify_master_pubkey_sign: {{ verify_master_pubkey_sign }}
-"""
-
 default_config_data = {
     'hash_type': 'sha256',
     'log_file': '/var/log/salt/minion',
     'log_level': 'warning',
     'master' : 'salt',
     'user': 'minion',
-    'salt_id': socket.gethostname(),
+    'salt_id': gethostname(),
     'mine_interval': '60',
     'verify_master_pubkey_sign': 'false'
 }
 
 def get_config():
-    salt = default_config_data
+    salt = deepcopy(default_config_data)
     conf = Config()
     if not conf.exists('service salt-minion'):
         return None
@@ -145,25 +78,31 @@ def get_config():
     return salt
 
 def generate(salt):
-    paths = ['/etc/salt/','/var/run/salt','/opt/vyatta/etc/config/salt/'] 
+    paths = ['/etc/salt/','/var/run/salt','/opt/vyatta/etc/config/salt/']
     directory = '/opt/vyatta/etc/config/salt/pki/minion'
-    uid = pwd.getpwnam(salt['user']).pw_uid
-    http = urllib3.PoolManager()
+    uid = getpwnam(salt['user']).pw_uid
+    http = PoolManager()
 
     if salt is None:
         return None
 
+    # Prepare Jinja2 template loader from files
+    tmpl_path = os.path.join(vyos_data_dir['data'], 'templates', 'salt-minion')
+    fs_loader = FileSystemLoader(tmpl_path)
+    env = Environment(loader=fs_loader)
+
     if not os.path.exists(directory):
         os.makedirs(directory)
 
-    tmpl = jinja2.Template(config_tmpl)
+    tmpl = env.get_template('minion.tmpl')
     config_text = tmpl.render(salt)
     with open(config_file, 'w') as f:
         f.write(config_text)
-    path = "/etc/salt/"  
+
+    path = "/etc/salt/"
     for path in paths:
-      for root, dirs, files in os.walk(path):  
-        for usgr in dirs:  
+      for root, dirs, files in os.walk(path):
+        for usgr in dirs:
           os.chown(os.path.join(root, usgr), uid, 100)
         for usgr in files:
           os.chown(os.path.join(root, usgr), uid, 100)
@@ -171,14 +110,14 @@ def generate(salt):
     if not os.path.exists('/opt/vyatta/etc/config/salt/pki/minion/master_sign.pub'):
         if not salt['master-key'] is None:
             r = http.request('GET', salt['master-key'], preload_content=False)
-    
+
             with open('/opt/vyatta/etc/config/salt/pki/minion/master_sign.pub', 'wb') as out:
                 while True:
                     data = r.read(1024)
                     if not data:
                         break
                     out.write(data)
-    
+
             r.release_conn()
 
     return None
@@ -200,4 +139,4 @@ if __name__ == '__main__':
         apply(c)
     except ConfigError as e:
         print(e)
-        sys.exit(1)
+        exit(1)