gnuviech/gvasalt
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Streamline base state extract vagrant specifics

Browse source 
- manage all wanted apt repositories
- move vagrant specific stuff to vagrant state
- use better password for slapd
This commit is contained in:
Jan Dittberner 2020-03-03 17:24:56 +01:00
parent c4dcf12a0a
commit 738107b523
9 changed files with 108 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1 +1,2 @@
.*.swp
.idea/ .idea/

103
states/base/init.sls
View file

@ -1,15 +1,87 @@
base: deb http://httpredir.debian.org/debian {{ salt['grains.get']('oscodename', 'buster') }} main:
pkgrepo.absent
debian-repo:
pkgrepo.managed: pkgrepo.managed:
- name: deb http://httpredir.debian.org/debian jessie-backports main - humanname: Debian
- name: deb http://deb.debian.org/debian/ {{ salt['grains.get']('oscodename', 'buster') }} main
- file: /etc/apt/sources.list
debian-updates-repo:
pkgrepo.managed:
- humanname: Debian updates
- name: deb http://deb.debian.org/debian/ {{ salt['grains.get']('oscodename', 'buster') }}-updates main
- file: /etc/apt/sources.list
debian-security-repo:
pkgrepo.managed:
- humanname: Debian security
- name: deb http://security.debian.org/ {{ salt['grains.get']('oscodename', 'buster') }}/updates main
- file: /etc/apt/sources.list
backports-repo:
pkgrepo.managed:
- humanname: Debian backports
- name: deb http://deb.debian.org/debian/ {{ salt['grains.get']('oscodename', 'buster') }}-backports main
- file: /etc/apt/sources.list.d/backports.list - file: /etc/apt/sources.list.d/backports.list
base-packages: salt-repo:
pkgrepo.managed:
- humanname: Saltstack Repository
- name: deb https://repo.saltstack.com/py3/debian/{{ salt['grains.get']('osmajorrelease') }}/amd64/latest {{ salt['grains.get']('oscodename', 'buster') }} main
- dist: {{ salt['grains.get']('oscodename', 'buster') }}
- file: /etc/apt/sources.list.d/saltstack.list
- key_url: https://repo.saltstack.com/py3/debian/{{ salt['grains.get']('osmajorrelease') }}/amd64/latest/SALTSTACK-GPG-KEY.pub
/etc/apt/apt.conf.d/02norecommends:
file.managed:
- user: root
- group: root
- mode: 0644
- contents: 'Apt::Install-Recommends "false";'
/etc/apt/apt.conf.d/03translations:
file.managed:
- user: root
- group: root
- mode: 0644
- contents: 'Acquire::Languages "none";'
/etc/apt/apt.conf.d/04compression:
file.managed:
- user: root
- group: root
- mode: 0644
- contents: 'Acquire::CompressionTypes::Order {"xz"; "gz"; "bz2"; "uncompressed"};'
base:
pkg.installed: pkg.installed:
- pkgs: - pkgs:
- screen - apt-transport-https
- htop - bash-completion
- bsdmainutils
- ca-certificates
- debconf-utils
- etckeeper
- git - git
- less
- locales-all - locales-all
- lsb-release
- tmux
- virt-what
sudo:
pkg.installed
/etc/sudoers.d/sudonopasswd:
file:
- managed
- mode: 0440
- user: root
- group: root
- source: salt://base/sudonopasswd
- require:
- pkg: sudo
/etc/salt/grains: /etc/salt/grains:
file.managed: file.managed:
@ -18,26 +90,9 @@ base-packages:
- mode: 0600 - mode: 0600
- replace: False - replace: False
/home/vagrant/.screenrc: nano:
file.managed: pkg.purged
- user: vagrant
- group: vagrant
- mode: 0644
- source: salt://base/screenrc
update-system: update-system:
pkg.uptodate: pkg.uptodate:
- refresh: True - refresh: True
/home/vagrant/bin:
file.directory:
- user: vagrant
- group: vagrant
- mode: 0750
/home/vagrant/.bashrc:
file.managed:
- user: vagrant
- group: vagrant
- mode: 0644
- source: salt://base/bashrc

1
states/base/sudonopasswd Normal file
View file

@ -0,0 +1 @@
%sudo ALL=(ALL:ALL) NOPASSWD: ALL

2
states/gnuviechadmin/gvaldap/create_base_ldap_objects.sh
View file

@ -48,7 +48,7 @@ olcAccess: {4}to *
EOD EOD
# add OUs, groups and ldapadmin user # add OUs, groups and ldapadmin user
ldapmodify -v -H {{ salt['pillar.get']('gnuviechadmin:ldap_url') }} -x -D "cn=admin,{{ base_dn }}" -w '{{ salt["grains.get_or_set_hash"]("slapd.password") }}' <<EOD ldapmodify -v -H {{ salt['pillar.get']('gnuviechadmin:ldap_url') }} -x -D "cn=admin,{{ base_dn }}" -w '{{ salt["grains.get_or_set_hash"]("slapd:password", 16) }}' <<EOD
dn: ou={{ ldap_users_ou }},{{ base_dn }} dn: ou={{ ldap_users_ou }},{{ base_dn }}
changetype: add changetype: add
objectClass: top objectClass: top

4
states/ldapserver/init.sls
View file

@ -3,8 +3,8 @@ ldapserver-packages:
- name: slapd - name: slapd
- data: - data:
'slapd/domain': {'type': 'string', 'value': '{{ salt["pillar.get"]("gnuviechadmin:ldap_domain") }}'} 'slapd/domain': {'type': 'string', 'value': '{{ salt["pillar.get"]("gnuviechadmin:ldap_domain") }}'}
'slapd/password1': {'type': 'string', 'value': '{{ salt["grains.get_or_set_hash"]("slapd.password") }}'} 'slapd/password1': {'type': 'string', 'value': '{{ salt["grains.get_or_set_hash"]("slapd:password", 16) }}'}
'slapd/password2': {'type': 'string', 'value': '{{ salt["grains.get_or_set_hash"]("slapd.password") }}'} 'slapd/password2': {'type': 'string', 'value': '{{ salt["grains.get_or_set_hash"]("slapd:password", 16) }}'}
pkg.installed: pkg.installed:
- pkgs: - pkgs:
- ldap-utils - ldap-utils

0
states/base/bashrc → states/vagrant/bashrc
View file

24
states/vagrant/init.sls Normal file
View file

@ -0,0 +1,24 @@
include:
- vim
/home/vagrant/bin:
file.directory:
- user: vagrant
- group: vagrant
- mode: 0750
/home/vagrant/.bashrc:
file.managed:
- user: vagrant
- group: vagrant
- mode: 0644
- source: salt://vagrant/bashrc
/home/vagrant/.vimrc:
file.managed:
- user: vagrant
- group: vagrant
- mode: 0644
- source: salt://vagrant/vimrc
- require:
- pkg: vim-nox

0
states/vim/vimrc → states/vagrant/vimrc
View file

7
states/vim/init.sls
View file

@ -6,10 +6,3 @@ editor:
- path: /usr/bin/vim.nox - path: /usr/bin/vim.nox
- require: - require:
- pkg: vim-nox - pkg: vim-nox
/home/vagrant/.vimrc:
file.managed:
- user: vagrant
- group: vagrant
- mode: 0644
- source: salt://vim/vimrc