diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-04-26 10:33:06 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2020-04-26 10:33:06 +0200 |
| commit | d98a0d596790664e9226db63639d2299dc57312c (patch) | |
| tree | 8ca6b6da3a7140d546ed907df820daf02ec803fd /src/conf_mode/salt-minion.py | |
| parent | ad39362fb0e5c31741ae7f0f2d8bd44428c381ef (diff) | |
| download | vyos-1x-d98a0d596790664e9226db63639d2299dc57312c.tar.gz vyos-1x-d98a0d596790664e9226db63639d2299dc57312c.zip | |
salt: T2382: XML: run as user nobody
Diffstat (limited to 'src/conf_mode/salt-minion.py')
| -rwxr-xr-x | src/conf_mode/salt-minion.py | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/salt-minion.py index 236480854..15bf18a3d 100755 --- a/src/conf_mode/salt-minion.py +++ b/src/conf_mode/salt-minion.py @@ -23,10 +23,9 @@ from sys import exit from urllib3 import PoolManager from vyos.config import Config -from vyos import ConfigError -from vyos.util import call from vyos.template import render - +from vyos.util import call +from vyos import ConfigError config_file = r'/etc/salt/minion' @@ -35,7 +34,7 @@ default_config_data = { 'log_file': '/var/log/salt/minion', 'log_level': 'warning', 'master' : 'salt', - 'user': 'minion', + 'user': 'nobody', 'salt_id': gethostname(), 'mine_interval': '60', 'verify_master_pubkey_sign': 'false' @@ -79,14 +78,14 @@ def get_config(): return salt def generate(salt): + if not salt: + return None + paths = ['/etc/salt/','/var/run/salt','/opt/vyatta/etc/config/salt/'] directory = '/opt/vyatta/etc/config/salt/pki/minion' uid = getpwnam(salt['user']).pw_uid http = PoolManager() - if salt is None: - return None - if not os.path.exists(directory): os.makedirs(directory) @@ -117,10 +116,10 @@ def generate(salt): def apply(salt): if salt is not None: - call("sudo systemctl restart salt-minion") + call('systemctl restart salt-minion.service') else: # Salt access is removed in the commit - call("sudo systemctl stop salt-minion") + call('systemctl stop salt-minion.service') os.unlink(config_file) return None |