Support salt minions via cloud-config [Jeff Bauer] (LP: #927795)

4 files changed, 110 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index bdba748e..45af41ed 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,7 @@
  - add support for adding and deleting CA Certificates [Mike Milner] (LP: #915232)
  - in ci-info lines, use '.' to indicate empty field for easier machine reading
  - support empty lines in "#include" files (LP: #923043)
+ - support configuration of salt minions (Jeff Bauer) (LP: #927795)
 0.6.2:
  - fix bug where update was not done unless update was explicitly set.
    It would not be run if 'upgrade' or packages were set to be installed
diff --git a/cloudinit/CloudConfig/cc_salt_minion.py b/cloudinit/CloudConfig/cc_salt_minion.py
new file mode 100644
index 00000000..9a710e72
--- /dev/null
+++ b/cloudinit/CloudConfig/cc_salt_minion.py
@@ -0,0 +1,55 @@
+# vi: ts=4 expandtab
+#
+#    Author: Jeff Bauer <jbauer@rubic.com>
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License version 3, as
+#    published by the Free Software Foundation.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import os.path
+import subprocess
+import cloudinit.CloudConfig as cc
+import yaml
+
+def handle(_name, cfg, cloud, log, _args):
+    # If there isn't a salt key in the configuration don't do anything
+    if 'salt_minion' not in cfg:
+        return
+    salt_cfg = cfg['salt_minion']
+    # Start by installing the salt package ...
+    cc.install_packages(("salt",))
+    config_dir = '/etc/salt'
+    if not os.path.isdir(config_dir):
+        os.makedirs(config_dir)
+    # ... and then update the salt configuration
+    if 'conf' in salt_cfg:
+        # Add all sections from the conf object to /etc/salt/minion
+        minion_config = os.path.join(config_dir, 'minion')
+        yaml.dump(salt_cfg['conf'],
+                  file(minion_config, 'w'),
+                  default_flow_style=False)
+    # ... copy the key pair if specified
+    if 'public_key' in salt_cfg and 'private_key' in salt_cfg:
+        pki_dir = '/etc/salt/pki'
+        cumask = os.umask(077)
+        if not os.path.isdir(pki_dir):
+            os.makedirs(pki_dir)
+        pub_name = os.path.join(pki_dir, 'minion.pub')
+        pem_name = os.path.join(pki_dir, 'minion.pem')
+        with open(pub_name, 'w') as f:
+            f.write(salt_cfg['public_key'])
+        with open(pem_name, 'w') as f:
+            f.write(salt_cfg['private_key'])
+        os.umask(cumask)
+
+    # Start salt-minion
+    subprocess.check_call(['service', 'salt-minion', 'start'])
diff --git a/config/cloud.cfg b/config/cloud.cfg
index 25d02cee..4eab2a36 100644
--- a/config/cloud.cfg
+++ b/config/cloud.cfg
@@ -24,6 +24,7 @@ cloud_config_modules:
  - timezone
  - puppet
  - chef
+ - salt
  - mcollective
  - disable-ec2-metadata
  - runcmd
diff --git a/doc/examples/cloud-config-salt-minion.txt b/doc/examples/cloud-config-salt-minion.txt
new file mode 100644
index 00000000..939fdc8b
--- /dev/null
+++ b/doc/examples/cloud-config-salt-minion.txt
@@ -0,0 +1,53 @@
+#cloud-config
+#
+# This is an example file to automatically setup and run a salt
+# minion when the instance boots for the first time.
+# Make sure that this file is valid yaml before starting instances.
+# It should be passed as user-data when starting the instance.
+
+salt_minion:
+  # conf contains all the directives to be assigned in /etc/salt/minion.
+
+  conf:
+    # Set the location of the salt master server, if the master server cannot be
+    # resolved, then the minion will fail to start.
+
+    master: salt.example.com
+
+  # Salt keys are manually generated by: salt-key --gen-keys=GEN_KEYS,
+  # where GEN_KEYS is the name of the keypair, e.g. 'minion'.  The keypair
+  # will be copied to /etc/salt/pki on the minion instance.
+
+  public_key: |
+    -----BEGIN PUBLIC KEY-----
+    MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAwI4yqk1Y12zVmu9Ejlua
+    h2FD6kjrt+N9XfGqZUUVNeRb7CA0Sj5Q6NtgoaiXuIrSea2sLda6ivqAGmtxMMrP
+    zpf3FwsYWxBUNF7D4YeLmYjvcTbfr3bCOIRnPNXZ+4isuvvEiM02u2cO0okZSgeb
+    dofNa1NbTLYAQr9jZZb7GPKrTO4CKy0xzBih/A+sl6dL9PNDmqXQEjyJS6PXG1Vj
+    PvD5jpSrxuIl5Ms/+2Ro3ALgvC8dgoY/3m3csnd06afumGKv5YOGtf+bnWLhc0bf
+    6Sk8Q6i5t0Bl+HAULSPr+B9x/I0rN76ZnPvTj1+hJ0zTof4d0hOLx/K5OQyt7AKo
+    4wIBAQ==
+    -----END PUBLIC KEY-----
+
+  private_key: |
+    -----BEGIN RSA PRIVATE KEY-----
+    Proc-Type: 4,ENCRYPTED
+    DEK-Info: AES-128-CBC,ECE30DBBA56E2DF06B7BC415F8870994
+
+    YQOE5HIsghqjRsxPQqiWMH/VHmyFH6xIpBcmzxzispEHwBojlvLXviwvR66YhgNw
+    7smwE10Ik4/cwwiHTZqCk++jPATPygBiqQkUijCWzcT9kfaxmqdP4PL+hu9g7kGC
+    KrD2Bm8/oO08s957aThuHC1sABRcJ1V3FRzJT6Za4fwweyvHVYRnmgaDA6zH0qV8
+    NqBSB2hnNXKEdh6UFz9QGcrQxnRjfdIaW64zoEX7jT7gYYL7FkGXBa3XdMOA4fnl
+    adRwLFMs0jfilisZv8oUbPdZ6J6x3o8p8LVecCF8tdZt1zkcLSIXKnoDFpHSISGs
+    BD9aqD+E4ejynM/tPaVFq4IHzT8viN6h6WcH8fbpClFZ66Iyy9XL3/CjAY7Jzhh9
+    fnbc4Iq28cdbmO/vkR7JyVOgEMWe1BcSqtro70XoUNRY8uDJUPqohrhm/9AigFRA
+    Pwyf3LqojxRnwXjHsZtGltUtEAPZzgh3fKJnx9MyRR7DPXBRig7TAHU7n2BFRhHA
+    TYThy29bK6NkIc/cKc2kEQVo98Cr04PO8jVxZM332FlhiVlP0kpAp+tFj7aMzPTG
+    sJumb9kPbMsgpEuTCONm3yyoufGEBFMrIJ+Po48M2RlYOh50VkO09pI+Eu7FPtVB
+    H4gKzoJIpZZ/7vYXQ3djM8s9hc5gD5CVExTZV4drbsXt6ITiwHuxZ6CNHRBPL5AY
+    wmF8QZz4oivv1afdSe6E6OGC3uVmX3Psn5CVq2pE8VlRDKFy1WqfU2enRAijSS2B
+    rtJs263fOJ8ZntDzMVMPgiAlzzfA285KUletpAeUmz+peR1gNzkE0eKSG6THOCi0
+    rfmR8SeEzyNvin0wQ3qgYiiHjHbbFhJIMAQxoX+0hDSooM7Wo5wkLREULpGuesTg
+    A6Fe3CiOivMDraNGA7H6Yg==
+    -----END RSA PRIVATE KEY-----
+