saltstack/salt
1
0
Fork 0
mirror of https://github.com/saltstack/salt.git synced 2025-04-17 10:10:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #23272 from basepi/salt-ssh.minion.config.19114

Browse source 
[2014.7] Allow salt-ssh minion config overrides via master config and roster
This commit is contained in:
Thomas S Hatch 2015-05-05 15:28:47 -06:00
commit ea61abfa68
7 changed files with 69 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
conf/master
View file

@ -259,6 +259,17 @@
# will cause minion to throw an exception and drop the message.
# sign_pub_messages: False
##### Salt-SSH Configuration #####
##########################################
# Pass in an alternative location for the salt-ssh roster file
#roster_file: /etc/salt/roster
# Pass in minion option overrides that will be inserted into the SHIM for
# salt-ssh calls. The local minion config is not used for salt-ssh. Can be
# overridden on a per-minion basis in the roster (`minion_opts`)
#ssh_minion_opts:
# gpg_keydir: /root/gpg
##### Master Module Management #####
##########################################

21
doc/ref/configuration/master.rst
View file

@ -429,6 +429,10 @@ that connect to a master via localhost.
presence_events: False
Salt-SSH Configuration
======================
.. conf_master:: roster_file
``roster_file``
@ -442,6 +446,23 @@ Pass in an alternative location for the salt-ssh roster file
roster_file: /root/roster
.. conf_master:: ssh_minion_opts
``ssh_minion_opts``
-------------------
Default: None
Pass in minion option overrides that will be inserted into the SHIM for
salt-ssh calls. The local minion config is not used for salt-ssh. Can be
overridden on a per-minion basis in the roster (``minion_opts``)
.. code-block:: yaml
minion_opts:
gpg_keydir: /root/gpg
Master Security Settings
========================

9
doc/topics/ssh/index.rst
View file

@ -126,6 +126,15 @@ file is in ``/etc/salt/master``. If one wishes to use a customized configuration
the ``-c`` option to Salt SSH facilitates passing in a directory to look inside for a
configuration file named ``master``.
Minion Config
---------------
.. versionadded:: 2015.2.1
Minion config options can be defined globally using the master configuration
option ``ssh_minion_opts``. It can also be defined on a per-minion basis with
the ``minion_opts`` entry in the roster.
Running Salt SSH as non-root user
=================================

17
doc/topics/ssh/roster.rst
View file

@ -34,13 +34,14 @@ The information which can be stored in a roster `target` is the following:
.. code-block:: yaml
<Salt ID>: # The id to reference the target system with
host: # The IP address or DNS name of the remote host
user: # The user to log in as
passwd: # The password to log in with
<Salt ID>: # The id to reference the target system with
host: # The IP address or DNS name of the remote host
user: # The user to log in as
passwd: # The password to log in with
# Optional parameters
port: # The target system's ssh port number
sudo: # Boolean to run command via sudo
priv: # File path to ssh private key, defaults to salt-ssh.rsa
timeout: # Number of seconds to wait for response
port: # The target system's ssh port number
sudo: # Boolean to run command via sudo
priv: # File path to ssh private key, defaults to salt-ssh.rsa
timeout: # Number of seconds to wait for response
minion_opts: # Dictionary of minion opts

17
salt/client/ssh/__init__.py
View file

@ -519,6 +519,7 @@ class Single(object):
mods=None,
fsclient=None,
thin=None,
minion_opts=None,
**kwargs):
self.opts = opts
self.tty = tty
@ -561,12 +562,15 @@ class Single(object):
'sudo': sudo,
'tty': tty,
'mods': self.mods}
self.minion_config = yaml.dump(
{
self.minion_opts = opts.get('ssh_minion_opts', {})
if minion_opts is not None:
self.minion_opts.update(minion_opts)
self.minion_opts.update({
'root_dir': os.path.join(self.thin_dir, 'running_data'),
'id': self.id,
'sock_dir': '/',
}, width=1000).strip()
})
self.minion_config = yaml.dump(self.minion_opts)
self.target = kwargs
self.target.update(args)
self.serial = salt.payload.Serial(opts)
@ -679,6 +683,7 @@ class Single(object):
self.opts,
self.id,
fsclient=self.fsclient,
minion_opts=self.minion_opts,
**self.target)
opts_pkg = pre_wrapper['test.opts_pkg']()
opts_pkg['file_roots'] = self.opts['file_roots']
@ -735,6 +740,7 @@ class Single(object):
opts,
self.id,
fsclient=self.fsclient,
minion_opts=self.minion_opts,
**self.target)
self.wfuncs = salt.loader.ssh_wrapper(opts, wrapper, self.context)
wrapper.wfuncs = self.wfuncs
@ -767,7 +773,10 @@ class Single(object):
debug = '1'
arg_str = '''
OPTIONS = OBJ()
OPTIONS.config = '{0}'
OPTIONS.config = \
"""
{0}
"""
OPTIONS.delimiter = '{1}'
OPTIONS.saltdir = '{2}'
OPTIONS.checksum = '{3}'

4
salt/client/ssh/wrapper/__init__.py
View file

@ -29,6 +29,7 @@ class FunctionWrapper(object):
mods=None,
fsclient=None,
cmd_prefix=None,
minion_opts=None,
**kwargs):
super(FunctionWrapper, self).__init__()
self.cmd_prefix = cmd_prefix
@ -39,6 +40,7 @@ class FunctionWrapper(object):
'host': host}
self.fsclient = fsclient
self.kwargs.update(kwargs)
self.minion_opts = minion_opts
def __contains__(self, key):
'''
@ -71,6 +73,7 @@ class FunctionWrapper(object):
mods=self.mods,
fsclient=self.fsclient,
cmd_prefix=cmd,
minion_opts=self.minion_opts
**kwargs)
if self.cmd_prefix:
@ -95,6 +98,7 @@ class FunctionWrapper(object):
mods=self.mods,
wipe=True,
fsclient=self.fsclient,
minion_opts=self.minion_opts,
**self.kwargs
)
stdout, stderr, _ = single.cmd_block()

5
salt/renderers/gpg.py
View file

@ -135,10 +135,9 @@ def render(gpg_data, saltenv='base', sls='', argline='', **kwargs):
'''
if not HAS_GPG:
raise SaltRenderError('GPG unavailable')
homedir = None
if 'config.get' in __salt__:
homedir = __salt__['config.get']('gpg_keydir', None)
if homedir is None:
homedir = __salt__['config.get']('gpg_keydir', DEFAULT_GPG_KEYDIR)
else:
homedir = __opts__.get('gpg_keydir', DEFAULT_GPG_KEYDIR)
log.debug('Reading GPG keys from: {0}'.format(homedir))
try: