salt master stuff and CA move
This commit is contained in:
do
14
base/packages/salt/master.sls
Normal file
14
base/packages/salt/master.sls
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
{%- set salt_v = "3002.6+dfsg1-4+deb11u1" %}
|
||||||
|
|
||||||
|
pkgs-salt-master:
|
||||||
|
pkg.installed:
|
||||||
|
- hold: True
|
||||||
|
- pkgs:
|
||||||
|
- salt-master: {{ salt_v }}
|
||||||
|
- salt-api: {{ salt_v }}
|
||||||
|
|
||||||
|
pkgs-salt-additional:
|
||||||
|
pkg.installed
|
||||||
|
- pkgs:
|
||||||
|
- python3-cherrypy3
|
||||||
|
- python3-pygit2
|
||||||
@@ -7,11 +7,11 @@
|
|||||||
|
|
||||||
/etc/pki/intca.crt:
|
/etc/pki/intca.crt:
|
||||||
x509.pem_managed:
|
x509.pem_managed:
|
||||||
- text: {{ salt['mine.get']('tumor.chaos', 'x509.get_pem_entries')['tumor.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
|
- text: {{ salt['mine.get']('salt.chaos', 'x509.get_pem_entries')['salt.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
|
||||||
|
|
||||||
/etc/ssl/certs/intca.crt:
|
/etc/ssl/certs/intca.crt:
|
||||||
x509.pem_managed:
|
x509.pem_managed:
|
||||||
- text: {{ salt['mine.get']('tumor.chaos', 'x509.get_pem_entries')['tumor.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
|
- text: {{ salt['mine.get']('salt.chaos', 'x509.get_pem_entries')['salt.chaos']['/etc/pki/ca.crt']|replace('\n', '') }}
|
||||||
|
|
||||||
|
|
||||||
/usr/sbin/update-ca-certificates:
|
/usr/sbin/update-ca-certificates:
|
||||||
|
|||||||
@@ -11,7 +11,7 @@
|
|||||||
|
|
||||||
/etc/pki/public.crt:
|
/etc/pki/public.crt:
|
||||||
x509.certificate_managed:
|
x509.certificate_managed:
|
||||||
- ca_server: tumor.chaos
|
- ca_server: salt.chaos
|
||||||
- signing_policy: host
|
- signing_policy: host
|
||||||
- public_key: /etc/pki/private.key
|
- public_key: /etc/pki/private.key
|
||||||
- CN: {{ grains['fqdn'] }}
|
- CN: {{ grains['fqdn'] }}
|
||||||
@@ -25,7 +25,7 @@
|
|||||||
|
|
||||||
/etc/pki/{{ cn }}.crt:
|
/etc/pki/{{ cn }}.crt:
|
||||||
x509.certificate_managed:
|
x509.certificate_managed:
|
||||||
- ca_server: tumor.chaos
|
- ca_server: salt.chaos
|
||||||
- signing_policy: host
|
- signing_policy: host
|
||||||
- public_key: /etc/pki/private.key
|
- public_key: /etc/pki/private.key
|
||||||
- days_remaining: 5
|
- days_remaining: 5
|
||||||
|
|||||||
6
top.sls
6
top.sls
@@ -7,8 +7,6 @@ base:
|
|||||||
- base
|
- base
|
||||||
- hardware
|
- hardware
|
||||||
- os
|
- os
|
||||||
'tumor*':
|
|
||||||
- base.pki.ca
|
|
||||||
'adm01.wks':
|
'adm01.wks':
|
||||||
- base.rsyslog.server
|
- base.rsyslog.server
|
||||||
- base.packages.haproxy
|
- base.packages.haproxy
|
||||||
@@ -20,10 +18,12 @@ base:
|
|||||||
'G@osarch:arm64 or G@osarch:armhf or G@osarch:armel':
|
'G@osarch:arm64 or G@osarch:armhf or G@osarch:armel':
|
||||||
- match: compound
|
- match: compound
|
||||||
- base.packages.arch.arm
|
- base.packages.arch.arm
|
||||||
'auto*':
|
'auto02*':
|
||||||
- k8s.podman
|
- k8s.podman
|
||||||
- base.packages.haproxy
|
- base.packages.haproxy
|
||||||
- systemd.units
|
- systemd.units
|
||||||
|
- base.packages.salt.master
|
||||||
|
- base.pki.ca
|
||||||
'pine*':
|
'pine*':
|
||||||
- k8s
|
- k8s
|
||||||
- roles.nut.client
|
- roles.nut.client
|
||||||
|
|||||||
Reference in New Issue
Block a user