Updated salt-syndic to utilize user/group for Salt (master settings), and maintain on upgrade

2025-04-16 09:40:20 +00:00 · 2024-08-14 11:12:43 -06:00 · 2024-08-14 11:12:43 -06:00 · d3ad2520d3
commit d3ad2520d3
parent 4d2ad41860
7 changed files with 130 additions and 20 deletions
--- a/pkg/common/salt-api.service
+++ b/pkg/common/salt-api.service
@ -2,6 +2,7 @@
 Description=The Salt API
 Documentation=man:salt-api(1) file:///usr/share/doc/salt/html/contents.html https://docs.saltproject.io/en/latest/contents.html
 After=network.target
+PartOf=salt-master.service

 [Service]
 Type=notify
--- a/pkg/debian/salt-api.preinst
+++ b/pkg/debian/salt-api.preinst
@ -22,7 +22,6 @@ case "$1" in
    else
        db_set salt-api/enabled enabled
        db_set salt-api/active active
-
    fi
    ;;
 esac
--- a/pkg/debian/salt-syndic.postinst
+++ b/pkg/debian/salt-syndic.postinst
@ -0,0 +1,37 @@
+#!/bin/sh
+
+. /usr/share/debconf/confmodule
+
+case "$1" in
+  configure)
+    db_get salt-syndic/user
+    if [ "$RET" != "root" ]; then
+      if [ ! -e "/var/log/salt/syndic" ]; then
+        touch /var/log/salt/syndic
+        chmod 640 /var/log/salt/syndic
+      fi
+      chown $RET:$RET /var/log/salt/syndic
+    fi
+    if command -v systemctl; then
+        db_get salt-syndic/active
+        RESLT=$(echo "$RET" | cut -d ' ' -f 1)
+        if [ "$RESLT" != 10 ]; then
+            systemctl daemon-reload
+            if [ "$RESLT" = "active" ]; then
+                systemctl restart salt-syndic
+            fi
+            db_get salt-syndic/enabled
+            RESLT=$(echo "$RET" | cut -d ' ' -f 1)
+            if [ "$RESLT" = "disabled" ]; then
+                systemctl disable salt-syndic
+            else
+                systemctl enable salt-syndic
+            fi
+        else
+            systemctl daemon-reload
+            systemctl restart salt-syndic
+            systemctl enable salt-syndic
+        fi
+    fi
+  ;;
+esac
--- a/pkg/debian/salt-syndic.preinst
+++ b/pkg/debian/salt-syndic.preinst
@ -0,0 +1,27 @@
+#!/bin/sh
+
+. /usr/share/debconf/confmodule
+
+case "$1" in
+  upgrade)
+    [ -z "$SALT_HOME" ] && SALT_HOME=/opt/saltstack/salt
+    [ -z "$SALT_USER" ] && SALT_USER=salt
+    [ -z "$SALT_NAME" ] && SALT_NAME="Salt"
+    [ -z "$SALT_GROUP" ] && SALT_GROUP=salt
+
+    # Reset permissions to fix previous installs
+    CUR_USER=$(ls -dl /run/salt-syndic.pid | cut -d ' ' -f 3)
+    CUR_GROUP=$(ls -dl /run/salt-syndic.pid | cut -d ' ' -f 4)
+    db_set salt-syndic/user $CUR_USER
+    chown -R $CUR_USER:$CUR_GROUP /var/log/salt/syndic
+    if command -v systemctl; then
+        SM_ENABLED=$(systemctl show -p UnitFileState salt-syndic | cut -d '=' -f 2)
+        db_set salt-syndic/enabled $SM_ENABLED
+        SM_ACTIVE=$(systemctl is-active salt-syndic)
+        db_set salt-syndic/active $SM_ACTIVE
+    else
+        db_set salt-syndic/enabled enabled
+        db_set salt-syndic/active active
+    fi
+    ;;
+esac
--- a/pkg/debian/salt-syndic.templates
+++ b/pkg/debian/salt-syndic.templates
@ -0,0 +1,17 @@
+Template: salt-syndic/user
+Type: string
+Default: salt
+Description: User for salt-syndic
+  User to run the salt-syndic process as
+
+Template: salt-syndic/enabled
+Type: string
+Default: enabled
+Description: Systemd enable state for salt-syndic
+ default enable state for salt-syndic systemd state
+
+Template: salt-syndic/active
+Type: string
+Default: active
+Description: Systemd active state for salt-syndic
+ default active state for salt-syndic systemd state
--- a/pkg/rpm/salt.spec
+++ b/pkg/rpm/salt.spec
@ -441,6 +441,15 @@ if [ $1 -gt 1 ] ; then
    %global _MS_CUR_GROUP %{_MS_LCUR_GROUP}
 fi

+%pre syndic
+if [ $1 -gt 1 ] ; then
+    # Reset permissions to match previous installs - performing upgrade
+    _MS_LCUR_USER=$(ls -dl /run/salt/master | cut -d ' ' -f 3)
+    _MS_LCUR_GROUP=$(ls -dl /run/salt/master | cut -d ' ' -f 4)
+    %global _MS_CUR_USER  %{_MS_LCUR_USER}
+    %global _MS_CUR_GROUP %{_MS_LCUR_GROUP}
+fi
+
 %pre minion
 if [ $1 -gt 1 ] ; then
    # Reset permissions to match previous installs - performing upgrade
@ -463,6 +472,14 @@ if [ $1 -eq 0 ] ; then
  /bin/systemctl stop salt-syndic.service > /dev/null 2>&1 || :
 fi

+%preun syndic
+# %%systemd_preun salt-syndic.service
+if [ $1 -eq 0 ] ; then
+  # Package removal, not upgrade
+  /bin/systemctl --no-reload disable salt-syndic.service > /dev/null 2>&1 || :
+  /bin/systemctl stop salt-syndic.service > /dev/null 2>&1 || :
+fi
+
 %preun minion
 # %%systemd_preun salt-minion.service
 if [ $1 -eq 0 ] ; then
@ -471,7 +488,6 @@ if [ $1 -eq 0 ] ; then
  /bin/systemctl stop salt-minion.service > /dev/null 2>&1 || :
 fi

-
 %preun api
 # %%systemd_preun salt-api.service
 if [ $1 -eq 0 ] ; then
@ -602,6 +618,19 @@ else
 fi


+%posttrans syndic
+if [ ! -e "/var/log/salt/syndic" ]; then
+  touch /var/log/salt/syndic
+  chmod 640 /var/log/salt/syndic
+fi
+if [ $1 -gt 1 ] ; then
+    # Reset permissions to match previous installs - performing upgrade
+    chown -R %{_MS_CUR_USER}:%{_MS_CUR_GROUP} /var/log/salt/syndic
+else
+    chown -R %{_SALT_USER}:%{_SALT_GROUP} /var/log/salt/syndic
+fi
+
+
 %posttrans api
 if [ ! -e "/var/log/salt/api" ]; then
  touch /var/log/salt/api
--- a/salt/minion.py
+++ b/salt/minion.py
@ -280,10 +280,10 @@ def get_proc_dir(cachedir, **kwargs):
         gid. Must be int. Works only on unix/unix like systems.
    """
    # pylint: disable=logging-fstring-interpolation
-    log.warning(f"DGM get_proc_dir entry, cachedir '{cachedir}', kwargs '{kwargs}'")
-    print(
-        f"DGM get_proc_dir entry, cachedir '{cachedir}', kwargs '{kwargs}'", flush=True
-    )
+    ## DGM log.warning(f"DGM get_proc_dir entry, cachedir '{cachedir}', kwargs '{kwargs}'")
+    ## DGM print(
+    ## DGM     f"DGM get_proc_dir entry, cachedir '{cachedir}', kwargs '{kwargs}'", flush=True
+    ## DGM )

    fn_ = os.path.join(cachedir, "proc")
    mode = kwargs.pop("mode", None)
@ -312,13 +312,13 @@ def get_proc_dir(cachedir, **kwargs):
        gid = kwargs.pop("gid", -1)

        # pylint: disable=logging-fstring-interpolation
-        log.warning(
-            f"DGM get_proc_dir chown, d_stat '{d_stat}', uid '{uid}', gid '{gid}'"
-        )
-        print(
-            f"DGM get_proc_dir chown, d_stat '{d_stat}', uid '{uid}', gid '{gid}'",
-            flush=True,
-        )
+        ## DGM log.warning(
+        ## DGM     f"DGM get_proc_dir chown, d_stat '{d_stat}', uid '{uid}', gid '{gid}'"
+        ## DGM )
+        ## DGM print(
+        ## DGM     f"DGM get_proc_dir chown, d_stat '{d_stat}', uid '{uid}', gid '{gid}'",
+        ## DGM     flush=True,
+        ## DGM )

        # if uid and gid are both -1 then go ahead with
        # no changes at all
@ -326,13 +326,13 @@ def get_proc_dir(cachedir, **kwargs):
            i for i in (uid, gid) if i != -1
        ]:
            # pylint: disable=logging-fstring-interpolation
-            log.warning(
-                f"DGM get_proc_dir chown file, file '{fn_}' , uid '{uid}', gid '{gid}'"
-            )
-            print(
-                f"DGM get_proc_dir chown file, file '{fn_}' , uid '{uid}', gid '{gid}'",
-                flush=True,
-            )
+            ## DGM log.warning(
+            ## DGM     f"DGM get_proc_dir chown file, file '{fn_}' , uid '{uid}', gid '{gid}'"
+            ## DGM )
+            ## DGM print(
+            ## DGM     f"DGM get_proc_dir chown file, file '{fn_}' , uid '{uid}', gid '{gid}'",
+            ## DGM     flush=True,
+            ## DGM )

            os.chown(fn_, uid, gid)