From 14276e2074067b47e85f8d2746a592ca2a2c3a58 Mon Sep 17 00:00:00 2001 From: N Date: Thu, 1 Aug 2019 01:27:49 +0100 Subject: [PATCH 1/2] fix(macos): fix minion package handling for homebrew --- salt/defaults.yaml | 2 ++ salt/minion.sls | 47 +++++++++++++++++++++++++++---------------- salt/osfamilymap.yaml | 11 +++++++++- 3 files changed, 42 insertions(+), 18 deletions(-) diff --git a/salt/defaults.yaml b/salt/defaults.yaml index 44ea3aa4b..afe1420f7 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -1,6 +1,8 @@ # -*- coding: utf-8 -*- # vim: ft=yaml salt: + version: '' + rootuser: root install_packages: True use_pip: False clean_config_d_dir: True diff --git a/salt/minion.sls b/salt/minion.sls index 391defa74..43ca54e6c 100644 --- a/salt/minion.sls +++ b/salt/minion.sls @@ -2,14 +2,15 @@ {%- from tplroot ~ "/map.jinja" import salt_settings with context %} {%- from tplroot ~ "/libtofs.jinja" import files_switch with context %} -{% if salt_settings.install_packages and grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source != '' and salt_settings.version != '' %} -{# only download IF we know where to get the pkg from and if we know what version to check the current install (if installed) against #} -{# e.g. don't download unless it appears as though we're about to try and upgrade the minion #} +{% if salt_settings.install_packages and grains.os == 'MacOS' %} download-salt-minion: + {% if salt_settings.salt_minion_pkg_source %} + {# only download IF we know where to get the pkg from and what version to check the current install (if installed) against #} + {# e.g. don't download unless it appears as though we're about to try and upgrade the minion #} file.managed: - name: '/tmp/salt.pkg' - source: {{ salt_settings.salt_minion_pkg_source }} - {% if salt_settings.salt_minion_pkg_hash != '' %} + {%- if salt_settings.salt_minion_pkg_hash %} - source_hash: {{ salt_settings.salt_minion_pkg_hash }} {% else %} - skip_verify: True @@ -18,27 +19,36 @@ download-salt-minion: - group: wheel - mode: 0644 - unless: - - '/opt/salt/bin/salt-minion --version | grep {{ salt_settings.version }}' + - test -n "{{ salt_settings.version }}" && '/opt/salt/bin/salt-minion --version=.*{{ salt_settings.version }}.*' - require_in: - macpackage: salt-minion + {%- elif "workaround https://github.com/saltstack/salt/issues/49348" %} + cmd.run: + - name: /usr/local/bin/brew install {{ salt_settings.salt_minion }} + - onlyif: test -x /usr/local/bin/brew + - runas: {{ salt_settings.rootuser }} + {%- endif %} {% endif %} salt-minion: {% if salt_settings.install_packages %} - {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source != '' and salt_settings.version != '' %} + {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source %} macpackage.installed: - name: '/tmp/salt.pkg' - target: / {# macpackage.installed behaves weirdly with version_check; version_check detects difference but fails to actually complete install. #} {# use force == True as workaround #} - force: True - - version_check: /opt/salt/bin/salt-minion --version=.*{{ salt_settings.version }}.* + - unless: + - test -n "{{ salt_settings.version }}" && '/opt/salt/bin/salt-minion --version=.*{{ salt_settings.version }}.*' - require_in: - service: salt-minion - {%- else %} + - onchanges_in: + - cmd: remove-macpackage-salt + {%- elif grains.os != 'MacOS' and "workaround https://github.com/saltstack/salt/issues/49348" %} pkg.installed: - name: {{ salt_settings.salt_minion }} - {%- if salt_settings.version is defined %} + {%- if salt_settings.version %} - version: {{ salt_settings.version }} {%- endif %} - require_in: @@ -89,8 +99,10 @@ salt-minion: {%- endif %} - onchanges: {%- if salt_settings.install_packages %} - {%- if grains.os == 'MacOS' %} + {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source %} - macpackage: salt-minion + {%- elif grains.os == 'MacOS' %} + - cmd: download-salt-minion {%- else %} - pkg: salt-minion {%- endif %} @@ -113,11 +125,13 @@ restart-salt-minion: - pkg: at - onchanges: {%- if salt_settings.install_packages %} - {%- if grains.os == 'MacOS' %} + {%- if grains.os == 'MacOS' and salt_settings.salt_minion_pkg_source %} - macpackage: salt-minion - {%- else %} + {%- elif grains.os == 'MacOS' %} + - cmd: download-salt-minion + {%- else %} - pkg: salt-minion - {%- endif %} + {%- endif %} {%- endif %} - file: salt-minion - file: remove-old-minion-conf-file @@ -146,8 +160,7 @@ remove-old-minion-conf-file: {% if grains.os == 'MacOS' %} remove-macpackage-salt: - cmd.run: - - name: 'rm -f /tmp/salt.pkg' - - onchanges: - - macpackage: salt-minion + file.absent: + - name: /tmp/salt.pkg + - force: True {% endif %} diff --git a/salt/osfamilymap.yaml b/salt/osfamilymap.yaml index b0a5fc074..a1f568433 100644 --- a/salt/osfamilymap.yaml +++ b/salt/osfamilymap.yaml @@ -14,6 +14,12 @@ {% set osmajorrelease = salt['grains.get']('osmajorrelease', osrelease)|string %} {% set oscodename = salt['grains.get']('oscodename') %} +#from template-formula +{%- if grains.os == 'MacOS' %} + {%- set macos_rootuser = salt['cmd.run']("stat -f '%Su' /dev/console") %} + {%- set macos_rootgroup = salt['cmd.run']("stat -f '%Sg' /dev/console") %} +{%- endif %} + Debian: pkgrepo: 'deb http://repo.saltstack.com/{{ py_ver_repr }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }} {{ oscodename }} main' key_url: 'https://repo.saltstack.com/{{ py_ver_repr }}/{{ osfamily_lower }}/{{ osmajorrelease }}/amd64/{{ salt_release }}/SALTSTACK-GPG-KEY.pub' @@ -122,8 +128,11 @@ Windows: minion_service: salt-minion MacOS: - salt_minion: com.saltstack.salt + salt_minion: salt salt_minion_pkg_source: '' salt_minion_pkg_hash: '' config_path: /private/etc/salt minion_service: com.saltstack.salt.minion + ## from template-formula + rootuser: {{ macos_rootuser | d('') }} + rootgroup: {{ macos_rootgroup | d('') }} From beb0e85b0436e1f3475e351f1b23a73f1e41fc72 Mon Sep 17 00:00:00 2001 From: N Date: Thu, 1 Aug 2019 12:52:46 +0100 Subject: [PATCH 2/2] fix(perms): some os have custom user/root --- salt/defaults.yaml | 1 + salt/formulas.sls | 6 ++++++ salt/osfamilymap.yaml | 1 + 3 files changed, 8 insertions(+) diff --git a/salt/defaults.yaml b/salt/defaults.yaml index afe1420f7..21c3b30ec 100644 --- a/salt/defaults.yaml +++ b/salt/defaults.yaml @@ -3,6 +3,7 @@ salt: version: '' rootuser: root + rootgroup: root install_packages: True use_pip: False clean_config_d_dir: True diff --git a/salt/formulas.sls b/salt/formulas.sls index 7eb8be006..27b49b200 100644 --- a/salt/formulas.sls +++ b/salt/formulas.sls @@ -6,6 +6,10 @@ {%- from "salt/formulas.jinja" import formulas_git_opt with context %} {%- from "salt/formulas.jinja" import formulas_opts_for_git_latest with context %} +## from template-formula +{%- set tplroot = tpldir.split('/')[0] %} +{%- from tplroot ~ "/map.jinja" import salt_settings with context %} + # Loop over all formulas listed in pillar data {%- for env, entries in salt['pillar.get']('salt_formulas:list', {}).items() %} {%- for entry in entries %} @@ -31,6 +35,8 @@ {%- for key, value in salt['pillar.get']('salt_formulas:basedir_opts', {'makedirs': True}).items() %} - {{ key }}: {{ value }} + - user: {{ salt_settings.rootuser }} + - group: {{ salt_settings.rootgroup }} {%- endfor %} {%- endif %} diff --git a/salt/osfamilymap.yaml b/salt/osfamilymap.yaml index a1f568433..79f8932fe 100644 --- a/salt/osfamilymap.yaml +++ b/salt/osfamilymap.yaml @@ -96,6 +96,7 @@ Alpine: libgit2: libgit2 FreeBSD: + rootgroup: wheel salt_master: py27-salt salt_minion: py27-salt salt_syndic: py27-salt