saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-16 09:40:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Updated Debian and RPM to allow for correct ownership and systemd status

Browse source
This commit is contained in:
David Murphy 2024-05-01 13:27:27 -06:00 committed by Daniel Wozniak
parent 949e30cc74
commit 5ec86050ca
9 changed files with 149 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
pkg/debian/salt-api.postinst
View file

@ -2,7 +2,7 @@
case "$1" in
configure)
db_get salt-master/user
db_get salt-api/user
if [ "$RET" != "root" ]; then
if [ ! -e "/var/log/salt/api" ]; then
touch /var/log/salt/api
@ -10,6 +10,17 @@ case "$1" in
fi
chown $RET:$RET /var/log/salt/api
fi
if command -v systemctl; then systemctl enable salt-api; fi
if command -v systemctl; then
db_get salt-api/active
if [ "$RET" == "active" ]; then
systemctl restart salt-api
fi
db_get salt-api/enabled
if [ "$RET" == "enabled" ]; then
systemctl enable salt-api
else
systemctl disable salt-api
fi
fi
;;
esac

30
pkg/debian/salt-api.preinst Normal file
View file

@ -0,0 +1,30 @@
#!/bin/sh -x
. /usr/share/debconf/confmodule
## TBD DGM need to allow for salt-minion having been installed previously and need to allow for it's ownership
case "$1" in
upgrade)
[ -z "$SALT_HOME" ] && SALT_HOME=/opt/saltstack/salt
[ -z "$SALT_USER" ] && SALT_USER=salt
[ -z "$SALT_NAME" ] && SALT_NAME="Salt"
[ -z "$SALT_GROUP" ] && SALT_GROUP=salt
# Reset permissions to fix previous installs
CUR_USER=$(ls -dl /run/salt-api.pid | cut -d ' ' -f 3)
CUR_GROUP=$(ls -dl /run/salt-api.pid | cut -d ' ' -f 4)
db_set salt-api/user $CUR_USER
chown -R $CUR_USER:$CUR_GROUP /var/log/salt/api
if command -v systemctl; then
SM_ENABLED=$(systemctl show salt-api | grep -w UnitFileState | cut -d '=' -f 2)
db_get salt-api/enabled $SM_ENABLED
SM_ACTIVE=$(systemctl is-active salt-api)
db_get salt-api/active $SM_ACTIVE
else
db_get salt-api/enabled enabled
db_get salt-api/active active
fi
;;
esac

3
pkg/debian/salt-cloud.postinst
View file

@ -5,8 +5,7 @@ case "$1" in
db_get salt-master/user
if [ "$RET" != "root" ]; then
PY_VER=$(/opt/saltstack/salt/bin/python3 -c "import sys; sys.stdout.write('{}.{}'.format(*sys.version_info)); sys.stdout.flush;")
# TBD DGM what is this salt:salt doing here, should this be $RET:$RET
chown -R salt:salt /etc/salt/cloud.deploy.d /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy
chown -R $RET:$RET /etc/salt/cloud.deploy.d /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy
fi
;;
esac

7
pkg/debian/salt-master.config
View file

@ -1,7 +0,0 @@
## TBD DGM #!/bin/sh -e
## TBD DGM
## TBD DGM # Source debconf library.
## TBD DGM . /usr/share/debconf/confmodule
## TBD DGM
## TBD DGM db_input medium salt-master/user || true
## TBD DGM db_go || true

11
pkg/debian/salt-master.postinst
View file

@ -17,7 +17,16 @@ case "$1" in
chown -R $RET:$RET /etc/salt/pki/master /etc/salt/master.d /var/log/salt/master /var/log/salt/key /var/cache/salt/master /var/run/salt/master
fi
if command -v systemctl; then
systemctl enable salt-master
db_get salt-master/active
if [ "$RET" == "active" ]; then
systemctl restart salt-master
fi
db_get salt-master/enabled
if [ "$RET" == "enabled" ]; then
systemctl enable salt-master
else
systemctl disable salt-master
fi
fi
;;
esac

14
pkg/debian/salt-master.preinst
View file

@ -17,6 +17,7 @@ case "$1" in
\! \( -path /etc/salt/cloud.deploy.d\* -o -path /var/log/salt/cloud -o -path \
/opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy\* \) -a \( -user ${SALT_USER} \
-o -group ${SALT_GROUP} \) -exec chown ${SALT_USER}:${SALT_GROUP} \{\} \;
;;
upgrade)
@ -27,14 +28,21 @@ case "$1" in
PY_VER=$(/opt/saltstack/salt/bin/python3 -c "import sys; sys.stdout.write('{}.{}'.format(*sys.version_info)); sys.stdout.flush();")
# Reset permissions to fix previous installs
## find ${SALT_HOME} /etc/salt /var/log/salt /var/cache/salt /var/run/salt \
## \! \( -path /etc/salt/cloud.deploy.d\* -o -path /var/log/salt/cloud -o -path /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy\* \) -a \
## \( -user ${SALT_USER} -o -group ${SALT_GROUP} \) -exec chown root:root \{\} \;
CUR_USER=$(ls -dl /run/salt/master | cut -d ' ' -f 3)
CUR_GROUP=$(ls -dl /run/salt/master | cut -d ' ' -f 4)
db_set salt-master/user $CUR_USER
chown -R $CUR_USER:$CUR_GROUP /etc/salt/pki/master /etc/salt/master.d /var/log/salt/master \
/var/log/salt/key /var/cache/salt/master /var/run/salt/master
if command -v systemctl; then
SM_ENABLED=$(systemctl show salt-master | grep -w UnitFileState | cut -d '=' -f 2)
db_get salt-master/enabled $SM_ENABLED
SM_ACTIVE=$(systemctl is-active salt-master)
db_get salt-master/active $SM_ACTIVE
else
db_get salt-master/enabled enabled
db_get salt-master/active active
fi
;;
esac

32
pkg/debian/salt-minion.postinst Normal file
View file

@ -0,0 +1,32 @@
#!/bin/sh -x
. /usr/share/debconf/confmodule
case "$1" in
configure)
db_get salt-minion/user
if [ "$RET" != "root" ]; then
if [ ! -e "/var/log/salt/minion" ]; then
touch /var/log/salt/minion
chmod 640 /var/log/salt/minion
fi
if [ ! -e "/var/log/salt/key" ]; then
touch /var/log/salt/key
chmod 640 /var/log/salt/key
fi
chown -R $RET:$RET /etc/salt/pki/minion /etc/salt/minion.d /var/log/salt/minion /var/cache/salt/minion /var/run/salt/minion
fi
if command -v systemctl; then
db_get salt-minion/active
if [ "$RET" == "active" ]; then
systemctl restart salt-minion
fi
db_get salt-minion/enabled
if [ "$RET" == "enabled" ]; then
systemctl enable salt-minion
else
systemctl disable salt-minion
fi
fi
;;
esac

32
pkg/debian/salt-minion.preinst Normal file
View file

@ -0,0 +1,32 @@
#!/bin/sh -x
. /usr/share/debconf/confmodule
## TBD DGM need to allow for salt-minion having been installed previously and need to allow for it's ownership
case "$1" in
upgrade)
[ -z "$SALT_HOME" ] && SALT_HOME=/opt/saltstack/salt
[ -z "$SALT_USER" ] && SALT_USER=salt
[ -z "$SALT_NAME" ] && SALT_NAME="Salt"
[ -z "$SALT_GROUP" ] && SALT_GROUP=salt
PY_VER=$(/opt/saltstack/salt/bin/python3 -c "import sys; sys.stdout.write('{}.{}'.format(*sys.version_info)); sys.stdout.flush();")
# Reset permissions to fix previous installs
CUR_USER=$(ls -dl /run/salt/minion | cut -d ' ' -f 3)
CUR_GROUP=$(ls -dl /run/salt/minion | cut -d ' ' -f 4)
db_set salt-minion/user $CUR_USER
chown -R $CUR_USER:$CUR_GROUP /etc/salt/pki/minion /etc/salt/minion.d /var/log/salt/minion \
/var/cache/salt/minion /var/run/salt/minion
if command -v systemctl; then
SM_ENABLED=$(systemctl show salt-minion | grep -w UnitFileState | cut -d '=' -f 2)
db_get salt-minion/enabled $SM_ENABLED
SM_ACTIVE=$(systemctl is-active salt-minion)
db_get salt-minion/active $SM_ACTIVE
else
db_get salt-minion/enabled enabled
db_get salt-minion/active active
fi
;;
esac

59
pkg/rpm/salt.spec
View file

@ -19,8 +19,14 @@
%global _SALT_USER salt
%global _SALT_NAME Salt
%global _SALT_HOME /opt/saltstack/salt
%global _CUR_USER %{_SALT_USER}
%global _CUR_GROUP %{_SALT_GROUP}
# salt-master current user and group
%global _MS_CUR_USER %{_SALT_USER}
%global _MS_CUR_GROUP %{_SALT_GROUP}
# salt-minion current user and group
%global _MN_CUR_USER %{_SALT_USER}
%global _MN_CUR_GROUP %{_SALT_GROUP}
# Disable debugsource template
%define _debugsource_template %{nil}
@ -429,36 +435,19 @@ usermod -c "%{_SALT_NAME}" \
%pre master
if [ $1 -gt 1 ] ; then
# Reset permissions to match previous installs - performing upgrade
# PY_VER=$(/opt/saltstack/salt/bin/python3 -c "import sys; sys.stdout.write('{}.{}'.format(*sys.version_info)); sys.stdout.flush();")
# _CUR_USER=$(ls -dl /run/salt/master | cut -d ' ' -f 3)
# _CUR_GROUP=$(ls -dl /run/salt/master | cut -d ' ' -f 4)
# # TBD DGM this find command will overwrite any ownership if a minion - user is preinstalled first
# find /etc/salt /opt/saltstack/salt /var/log/salt /var/cache/salt /var/run/salt \
# \! \( -path /etc/salt/cloud.deploy.d\* -o -path /var/log/salt/cloud -o \
# -path /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy\* \) -a \
# \( -user salt -o -group salt \) -exec chown -R ${_CUR_USER}:${_CUR_GROUP} \{\} \;
_LCUR_USER=$(ls -dl /run/salt/master | cut -d ' ' -f 3)
_LCUR_GROUP=$(ls -dl /run/salt/master | cut -d ' ' -f 4)
%global _CUR_USER %{_LCUR_USER}
%global _CUR_GROUP %{_LCUR_GROUP}
_MS_LCUR_USER=$(ls -dl /run/salt/master | cut -d ' ' -f 3)
_MS_LCUR_GROUP=$(ls -dl /run/salt/master | cut -d ' ' -f 4)
%global _MS_CUR_USER %{_MS_LCUR_USER}
%global _MS_CUR_GROUP %{_MS_LCUR_GROUP}
fi
%pre minion
if [ $1 -gt 1 ] ; then
# Reset permissions to match previous installs - performing upgrade
# _CUR_USER=$(ls -dl /run/salt/minion | cut -d ' ' -f 3)
# _CUR_GROUP=$(ls -dl /run/salt/minion | cut -d ' ' -f 4)
# if [ ! -e "/var/log/salt/master" ]; then
# find /etc/salt /opt/saltstack/salt /var/log/salt /var/cache/salt /var/run/salt \
# \( -user salt -o -group salt \) -exec chown -R ${_CUR_USER}:${_CUR_GROUP} \{\} \;
# else
# # master exists, it takes precedence
# find /etc/salt/minion /var/log/salt/minion /var/cache/salt/minion /var/run/salt/minion \
# \( -user salt -o -group salt \) -exec chown -R ${_CUR_USER}:${_CUR_GROUP} \{\} \;
_LCUR_USER=$(ls -dl /run/salt/minion | cut -d ' ' -f 3)
_LCUR_GROUP=$(ls -dl /run/salt/minion | cut -d ' ' -f 4)
%global _CUR_USER %{_LCUR_USER}
%global _CUR_GROUP %{_LCUR_GROUP}
_MN_LCUR_USER=$(ls -dl /run/salt/minion | cut -d ' ' -f 3)
_MN_LCUR_GROUP=$(ls -dl /run/salt/minion | cut -d ' ' -f 4)
%global _MN_CUR_USER %{_MN_LCUR_USER}
%global _MN_CUR_GROUP %{_MN_LCUR_GROUP}
fi
@ -590,9 +579,7 @@ if [ ! -e "/var/log/salt/cloud" ]; then
fi
if [ $1 -gt 1 ] ; then
# Reset permissions to match previous installs - performing upgrade
# _CUR_USER=$(ls -dl /var/log/salt/cloud | cut -d ' ' -f 3)
# _CUR_GROUP=$(ls -dl /var/log/salt/cloud | cut -d ' ' -f 4)
chown -R %{_CUR_USER}:%{_CUR_GROUP} /etc/salt/cloud.deploy.d /var/log/salt/cloud /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy
chown -R %{_MS_CUR_USER}:%{_MS_CUR_GROUP} /etc/salt/cloud.deploy.d /var/log/salt/cloud /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy
else
chown -R %{_SALT_USER}:%{_SALT_GROUP} /etc/salt/cloud.deploy.d /var/log/salt/cloud /opt/saltstack/salt/lib/python${PY_VER}/site-packages/salt/cloud/deploy
fi
@ -609,9 +596,7 @@ if [ ! -e "/var/log/salt/key" ]; then
fi
if [ $1 -gt 1 ] ; then
# Reset permissions to match previous installs - performing upgrade
# _CUR_USER=$(ls -dl /run/salt/master | cut -d ' ' -f 3)
# _CUR_GROUP=$(ls -dl /run/salt/master | cut -d ' ' -f 4)
chown -R %{_CUR_USER}:%{_CUR_GROUP} /etc/salt/pki/master /etc/salt/master.d /var/log/salt/master /var/log/salt/key /var/cache/salt/master /var/run/salt/master
chown -R %{_MS_CUR_USER}:%{_MS_CUR_GROUP} /etc/salt/pki/master /etc/salt/master.d /var/log/salt/master /var/log/salt/key /var/cache/salt/master /var/run/salt/master
else
chown -R %{_SALT_USER}:%{_SALT_GROUP} /etc/salt/pki/master /etc/salt/master.d /var/log/salt/master /var/log/salt/key /var/cache/salt/master /var/run/salt/master
fi
@ -624,9 +609,7 @@ if [ ! -e "/var/log/salt/api" ]; then
fi
if [ $1 -gt 1 ] ; then
# Reset permissions to match previous installs - performing upgrade
# _CUR_USER=$(ls -dl /var/log/salt/api | cut -d ' ' -f 3)
# _CUR_GROUP=$(ls -dl /var/log/salt/api | cut -d ' ' -f 4)
chown -R %{_CUR_USER}:%{_CUR_GROUP} /var/log/salt/api
chown -R %{_MS_CUR_USER}:%{_MS_CUR_GROUP} /var/log/salt/api
else
chown -R %{_SALT_USER}:%{_SALT_GROUP} /var/log/salt/api
fi
@ -642,9 +625,7 @@ if [ ! -e "/var/log/salt/key" ]; then
fi
if [ $1 -gt 1 ] ; then
# Reset permissions to match previous installs - performing upgrade
# _CUR_USER=$(ls -dl /run/salt/minion | cut -d ' ' -f 3)
# _CUR_GROUP=$(ls -dl /run/salt/minion | cut -d ' ' -f 4)
chown -R %{_CUR_USER}:%{_CUR_GROUP} /etc/salt/pki/minion /etc/salt/minion.d /var/log/salt/minion /var/cache/salt/minion /var/run/salt/minion
chown -R %{_MN_CUR_USER}:%{_MN_CUR_GROUP} /etc/salt/pki/minion /etc/salt/minion.d /var/log/salt/minion /var/cache/salt/minion /var/run/salt/minion
else
chown -R %{_SALT_USER}:%{_SALT_GROUP} /etc/salt/pki/minion /etc/salt/minion.d /var/log/salt/minion /var/cache/salt/minion /var/run/salt/minion
fi