diff options
-rw-r--r-- | data/templates/salt-minion/minion.j2 | 11 | ||||
-rw-r--r-- | interface-definitions/salt-minion.xml.in | 10 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_service_salt.py | 2 | ||||
-rwxr-xr-x | src/conf_mode/salt-minion.py | 63 |
4 files changed, 37 insertions, 49 deletions
diff --git a/data/templates/salt-minion/minion.j2 b/data/templates/salt-minion/minion.j2 index cc1a63a6e..7e7ac5885 100644 --- a/data/templates/salt-minion/minion.j2 +++ b/data/templates/salt-minion/minion.j2 @@ -32,17 +32,17 @@ log_file: /var/log/salt/minion # ['garbage', 'trace', 'debug'] # # Default: 'warning' -log_level: {{ log_level }} +log_level: warning # Set the location of the salt master server, if the master server cannot be # resolved, then the minion will fail to start. master: {% for host in master %} -- {{ host }} + - {{ host }} {% endfor %} # The user to run salt -user: {{ user }} +user: minion # The directory to store the pki information in pki_dir: /config/salt/pki/minion @@ -52,9 +52,10 @@ pki_dir: /config/salt/pki/minion # Since salt uses detached ids it is possible to run multiple minions on the # same machine but with different ids, this can be useful for salt compute # clusters. -id: {{ salt_id }} +id: {{ id }} # The number of minutes between mine updates. mine_interval: {{ interval }} -verify_master_pubkey_sign: {{ verify_master_pubkey_sign }} +verify_master_pubkey_sign: {{ 'True' if master_key is vyos_defined else 'False' }} + diff --git a/interface-definitions/salt-minion.xml.in b/interface-definitions/salt-minion.xml.in index d3b022d12..9425d2b7f 100644 --- a/interface-definitions/salt-minion.xml.in +++ b/interface-definitions/salt-minion.xml.in @@ -15,20 +15,21 @@ <list>md5 sha1 sha224 sha256 sha384 sha512</list> </completionHelp> <constraint> - <regex>^(md5|sha1|sha224|sha256|sha384|sha512)$</regex> + <regex>(md5|sha1|sha224|sha256|sha384|sha512)</regex> </constraint> </properties> + <defaultValue>sha256</defaultValue> </leafNode> <leafNode name="master"> <properties> - <help>The hostname or IP address of the master.</help> + <help>Hostname or IP address of the Salt master server</help> <valueHelp> <format>ipv4</format> - <description>Remote syslog server IPv4 address</description> + <description>Salt server IPv4 address</description> </valueHelp> <valueHelp> <format>hostname</format> - <description>Remote syslog server FQDN</description> + <description>Salt server FQDN address</description> </valueHelp> <constraint> <validator name="ip-address"/> @@ -54,6 +55,7 @@ <validator name="numeric" argument="--range 1-1440"/> </constraint> </properties> + <defaultValue>60</defaultValue> </leafNode> <leafNode name="master-key"> <properties> diff --git a/smoketest/scripts/cli/test_service_salt.py b/smoketest/scripts/cli/test_service_salt.py index ebed04e53..bbeec7f7b 100755 --- a/smoketest/scripts/cli/test_service_salt.py +++ b/smoketest/scripts/cli/test_service_salt.py @@ -55,7 +55,7 @@ class TestServiceSALT(VyOSUnitTestSHIM.TestCase): # commiconf = read_file() Check configured port conf = read_file(SALT_CONF) - self.assertIn(f'- {server}', conf) + self.assertIn(f' - {server}', conf) # defaults hostname = gethostname() diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/salt-minion.py index d939db9a2..89df3b48a 100755 --- a/src/conf_mode/salt-minion.py +++ b/src/conf_mode/salt-minion.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2018-2020 VyOS maintainers and contributors +# Copyright (C) 2018-2022 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -16,14 +16,16 @@ import os -from copy import deepcopy from socket import gethostname from sys import exit from urllib3 import PoolManager from vyos.config import Config +from vyos.configdict import dict_merge from vyos.template import render -from vyos.util import call, chown +from vyos.util import call +from vyos.util import chown +from vyos.xml import defaults from vyos import ConfigError from vyos import airbag @@ -32,20 +34,10 @@ airbag.enable() config_file = r'/etc/salt/minion' master_keyfile = r'/opt/vyatta/etc/config/salt/pki/minion/master_sign.pub' -default_config_data = { - 'hash': 'sha256', - 'log_level': 'warning', - 'master' : 'salt', - 'user': 'minion', - 'group': 'vyattacfg', - 'salt_id': gethostname(), - 'interval': '60', - 'verify_master_pubkey_sign': 'false', - 'master_key': '' -} +user='minion' +group='vyattacfg' def get_config(config=None): - salt = deepcopy(default_config_data) if config: conf = config else: @@ -54,28 +46,23 @@ def get_config(config=None): if not conf.exists(base): return None - else: - conf.set_level(base) - - if conf.exists(['hash']): - salt['hash'] = conf.return_value(['hash']) - - if conf.exists(['master']): - salt['master'] = conf.return_values(['master']) - - if conf.exists(['id']): - salt['salt_id'] = conf.return_value(['id']) - - if conf.exists(['user']): - salt['user'] = conf.return_value(['user']) - if conf.exists(['interval']): - salt['interval'] = conf.return_value(['interval']) + salt = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True) + # ID default is dynamic thus we can not use defaults() + if 'id' not in salt: + salt['id'] = gethostname() + # We have gathered the dict representation of the CLI, but there are default + # options which we need to update into the dictionary retrived. + default_values = defaults(base) + salt = dict_merge(default_values, salt) - if conf.exists(['master-key']): - salt['master_key'] = conf.return_value(['master-key']) - salt['verify_master_pubkey_sign'] = 'true' + if not conf.exists(base): + return None + else: + conf.set_level(base) + import pprint + pprint.pprint(salt) return salt def verify(salt): @@ -85,13 +72,11 @@ def generate(salt): if not salt: return None - render(config_file, 'salt-minion/minion.j2', salt, - user=salt['user'], group=salt['group']) + render(config_file, 'salt-minion/minion.j2', salt, user=user, group=group) if not os.path.exists(master_keyfile): - if salt['master_key']: + if 'master_key' in salt: req = PoolManager().request('GET', salt['master_key'], preload_content=False) - with open(master_keyfile, 'wb') as f: while True: data = req.read(1024) @@ -100,7 +85,7 @@ def generate(salt): f.write(data) req.release_conn() - chown(master_keyfile, salt['user'], salt['group']) + chown(master_keyfile, user, group) return None |