From fc2c78b41070a2a13bdfa43b5d2a24b217ebb085 Mon Sep 17 00:00:00 2001 From: Pedro Algarvio Date: Tue, 23 Apr 2013 11:15:54 +0100 Subject: [PATCH] Add the necessary functionality to allow pre-seeding minion keys. Fixes #112. * Added a `movefile` function which will overwrite files only if allowed. * Move any key files found on the directory passed to `-k` to the minions pki directory for the local master. --- ChangeLog | 34 ++++++------ README.rst | 20 ++++++-- bootstrap-salt.sh | 128 ++++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 159 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index 246e64e..36b5a6b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,14 +1,14 @@ Version 1.5.X: - * Fixed an issue we had when /proc/cpuinfo had more than one CPU. - Detected on AMD cpu's. - * OpenSUSE 12.3 uses lsb_release. Fix the returned distro name - "openSUSE project" to "openSUSE" which the script handles. + * Fixed an issue we had when /proc/cpuinfo had more than one CPU. Detected on AMD cpu's. + * OpenSUSE 12.3 uses lsb_release. Fix the returned distro name "openSUSE project" to "openSUSE" + which the script handles. + * Added an custom move function which will only override if required and if we permit it. + * Implemented the necessary function to pre-seed minion keys on a salt master as an optional + argument. * Distro Support Fixed: - * FreeBSD (Don't let the script fail if PACKAGESITE is not - set) + * FreeBSD (Don't let the script fail if PACKAGESITE is not set) * Distro Support Added: - * Ubuntu 13.04 (Was disabled because of a bad beta1. Fixed in - beta2) + * Ubuntu 13.04 (Was disabled because of a bad beta1. Fixed in beta2) Version 1.5.3: @@ -18,8 +18,8 @@ Version 1.5.3: * Fixed `config_salt()` * Distro Support Fixed: * EPEL based installations (CentOS, Amazon Linux, RedHat) - * SuSE/OpenSUSE (problem running the script twice, ie, existing - `devel_languages_python` repository) + * SuSE/OpenSUSE (problem running the script twice, ie, existing `devel_languages_python` + repository) * SuSE 11 SP1 (pip based install and config trigger) * Distro Support Added: * Debian 7 (Only git installations at the moment) @@ -29,8 +29,7 @@ Version 1.5.2: * Fix issue with travis testing(it installs it's own ZeroMQ3 lib * Allow setting the debug output from an environment variable * Fix an escape issue in the `printf` calls used in our echo calls - * Don't overwrite files(config, init.d, etc). Use a specific flag to - force overwrites. + * Don't overwrite files(config, init.d, etc). Use a specific flag to force overwrites. * Distro Support Fixed: * Ubuntu daily installs. * Distro Support Added: @@ -41,10 +40,9 @@ Version 1.5.1: * Improved unittesting. * Starting daemons. * Make sure that daemons are really running. - * For the users to make the choice if installing from PIP(if required - since there aren't system pacakges). - * Fixed salt's git cloning when the salt git tree is already present on - the system. + * For the users to make the choice if installing from PIP(if required since there aren't system + pacakges). + * Fixed salt's git cloning when the salt git tree is already present on the system. * Distro Support Fixed: * Debian 6 * Ubuntu 12.10 @@ -66,3 +64,7 @@ Version 1.5: * Arch * SmartOS * FreeBSD 9.0 + + +# Don't remove the line bellow. +# vim: fenc=utf-8 spell spl=en cc=100 tw=99 fo=want ts=4 diff --git a/README.rst b/README.rst index 1901ba9..737ea2a 100644 --- a/README.rst +++ b/README.rst @@ -106,7 +106,21 @@ In order to install salt for a distribution you need to define: config_salt [THIS ONE IS ALREADY DEFINED AS THE DEFAULT] -3. To install salt, which, of course, is required, one of: +3. Optionally, define a salt master pre-seed function, which will be called if the -k (pre-seed + master keys) option is passed. One of: + +.. code:: bash + + pressed____master + pressed_____master + pressed___master + pressed____master + pressed___master + pressed__master + pressed_master [THIS ONE IS ALREADY DEFINED AS THE DEFAULT] + + +4. To install salt, which, of course, is required, one of: .. code:: bash @@ -115,7 +129,7 @@ In order to install salt for a distribution you need to define: install__ -4. Optionally, define a post install function, one of: +5. Optionally, define a post install function, one of: .. code:: bash @@ -127,7 +141,7 @@ In order to install salt for a distribution you need to define: install__post -5. Optionally, define a start daemons function, one of: +6. Optionally, define a start daemons function, one of: .. code:: bash diff --git a/bootstrap-salt.sh b/bootstrap-salt.sh index 206e9d4..a150c31 100755 --- a/bootstrap-salt.sh +++ b/bootstrap-salt.sh @@ -137,6 +137,8 @@ usage() { -n No colours. -D Show debug output. -c Temporary configuration directory + -k Temporary directory holding the minion keys which will pre-seed + the master. -M Also install salt-master -S Also install salt-syndic -N Do not install salt-minion @@ -156,6 +158,7 @@ EOT # Handle command line arguments #----------------------------------------------------------------------- TEMP_CONFIG_DIR="null" +TEMP_KEYS_DIR="null" INSTALL_MASTER=$BS_FALSE INSTALL_SYNDIC=$BS_FALSE INSTALL_MINION=$BS_TRUE @@ -165,7 +168,7 @@ PIP_ALLOWED=${BS_PIP_ALLOWED:-$BS_FALSE} SALT_ETC_DIR=${BS_SALT_ETC_DIR:-/etc/salt} FORCE_OVERWRITE=${BS_FORCE_OVERWRITE:-$BS_FALSE} -while getopts ":hvnDc:MSNCP" opt +while getopts ":hvnDc:k:MSNCP" opt do case "${opt}" in @@ -181,6 +184,13 @@ do exit 1 fi ;; + k ) TEMP_KEYS_DIR="$OPTARG" + # If the configuration directory does not exist, error out + if [ ! -d "$TEMP_KEYS_DIR" ]; then + echoerror "The pre-seed keys directory ${TEMP_KEYS_DIR} does not exist." + exit 1 + fi + ;; M ) INSTALL_MASTER=$BS_TRUE ;; S ) INSTALL_SYNDIC=$BS_TRUE ;; N ) INSTALL_MINION=$BS_FALSE ;; @@ -818,11 +828,11 @@ copyfile() { if [ ! -f "$dfile" ]; then # The destination file does not exist, copy echodebug "Copying $sfile to $dfile" - cp "$sfile" "$dfile" + cp "$sfile" "$dfile" || return 1 elif [ -f "$dfile" ] && [ $overwrite -eq $BS_TRUE ]; then # The destination exist and we're overwriting echodebug "Overriding $dfile with $sfile" - cp -f "$sfile" "$dfile" + cp -f "$sfile" "$dfile" || return 2 elif [ -f "$dfile" ] && [ $overwrite -ne $BS_TRUE ]; then echodebug "Not overriding $dfile with $sfile" fi @@ -830,6 +840,46 @@ copyfile() { } +#--- FUNCTION ---------------------------------------------------------------- +# NAME: movefile +# DESCRIPTION: Simple function to move files. Overrides if asked. +#------------------------------------------------------------------------------- +movefile() { + overwrite=$FORCE_OVERWRITE + if [ $# -eq 2 ]; then + sfile=$1 + dfile=$2 + elif [ $# -eq 3 ]; then + sfile=$1 + dfile=$2 + overwrite=$3 + else + echoerror "Wrong number of arguments for movefile()" + echoinfo "USAGE: movefile OR movefile " + exit 1 + fi + + # Does the source file exist? + if [ ! -f "$sfile" ]; then + echowarn "$sfile does not exist!" + return 1 + fi + + if [ ! -f "$dfile" ]; then + # The destination file does not exist, copy + echodebug "Moving $sfile to $dfile" + mv "$sfile" "$dfile" || return 1 + elif [ -f "$dfile" ] && [ $overwrite -eq $BS_TRUE ]; then + # The destination exist and we're overwriting + echodebug "Overriding $dfile with $sfile" + mv -f "$sfile" "$dfile" || return 1 + elif [ -f "$dfile" ] && [ $overwrite -ne $BS_TRUE ]; then + echodebug "Not overriding $dfile with $sfile" + fi + + return 0 +} + ############################################################################## # # Distribution install functions @@ -845,7 +895,7 @@ copyfile() { # 6. install__deps # # Optionally, define a salt configuration function, which will be called if -# the -c|config-dir option is passed. One of: +# the -c (config-dir) option is passed. One of: # 1. config____salt # 2. config_____salt # 3. config___salt @@ -854,6 +904,16 @@ copyfile() { # 6. config__salt # 7. config_salt [THIS ONE IS ALREADY DEFINED AS THE DEFAULT] # +# Optionally, define a salt master pre-seed function, which will be called if +# the -k (pre-seed master keys) option is passed. One of: +# 1. pressed____master +# 2. pressed_____master +# 3. pressed___master +# 4 pressed____master +# 5. pressed___master +# 6. pressed__master +# 7. pressed_master [THIS ONE IS ALREADY DEFINED AS THE DEFAULT] +# # To install salt, which, of course, is required, one of: # 1. install___ # 2. install____ @@ -2392,6 +2452,34 @@ config_salt() { ############################################################################## +############################################################################## +# +# Default salt master minion keys pre-seed function. Matches ANY distribution +# as long as the -k option is passed. +# +preseed_master() { + # Create the PKI directory + [ -d $PKI_DIR/minions ] || mkdir -p $PKI_DIR/minions && chmod 700 $PKI_DIR/minions || return 1 + + for keyfile in $(ls $TEMP_KEYS_DIR); do + src_keyfile="${TEMP_KEYS_DIR}/${keyfile}" + dst_keyfile="${PKI_DIR}/minions/${keyfile}" + + # If it's not a file, skip to the next + [ ! -f $keyfile_path ] && continue + + movefile "$src_keyfile" "$dst_keyfile" || return 1 + chmod 664 $dst_keyfile || return 1 + done + + return 0 +} +# +# Ended Default Salt Master Pre-Seed minion keys function +# +############################################################################## + + ############################################################################## # # This function checks if all of the installed daemons are running or not. @@ -2459,6 +2547,27 @@ if [ "$TEMP_CONFIG_DIR" != "null" ]; then fi +# Let's get the pre-seed master function +PRESEED_MASTER_FUNC="null" +if [ "$TEMP_CONFIG_DIR" != "null" ]; then + + PRESEED_FUNC_NAMES="preseed_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}_${ITYPE}_master" + PRESEED_FUNC_NAMES="$PRESEED_FUNC_NAMES preseed_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}${PREFIXED_DISTRO_MINOR_VERSION}_${ITYPE}_master" + PRESEED_FUNC_NAMES="$PRESEED_FUNC_NAMES preseed_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}_master" + PRESEED_FUNC_NAMES="$PRESEED_FUNC_NAMES preseed_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}${PREFIXED_DISTRO_MINOR_VERSION}_master" + PRESEED_FUNC_NAMES="$PRESEED_FUNC_NAMES preseed_${DISTRO_NAME_L}_${ITYPE}_master" + PRESEED_FUNC_NAMES="$PRESEED_FUNC_NAMES preseed_${DISTRO_NAME_L}_master" + PRESEED_FUNC_NAMES="$PRESEED_FUNC_NAMES preseed_master" + + for FUNC_NAME in $(__strip_duplicates $PRESEED_FUNC_NAMES); do + if __function_defined $FUNC_NAME; then + PRESEED_MASTER_FUNC=$FUNC_NAME + break + fi + done +fi + + # Let's get the install function INSTALL_FUNC_NAMES="install_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}_${ITYPE}" INSTALL_FUNC_NAMES="$INSTALL_FUNC_NAMES install_${DISTRO_NAME_L}${PREFIXED_DISTRO_MAJOR_VERSION}${PREFIXED_DISTRO_MINOR_VERSION}_${ITYPE}" @@ -2561,6 +2670,17 @@ if [ "$TEMP_CONFIG_DIR" != "null" ] && [ "$CONFIG_SALT_FUNC" != "null" ]; then fi +# Pre-Seed master keys +if [ "$TEMP_KEYS_DIR" != "null" ] && [ "$PRESEED_MASTER_FUNC" != "null" ]; then + echoinfo "Running ${PRESEED_MASTER_FUNC}()" + $PRESEED_MASTER_FUNC + if [ $? -ne 0 ]; then + echoerror "Failed to run ${PRESEED_MASTER_FUNC}()!!!" + exit 1 + fi +fi + + # Install Salt if [ $CONFIG_ONLY -eq $BS_FALSE ]; then # Only execute function is not in config mode only