Remove checks for perms on /var/log/salt/master and /var/run/salt/master
in the salt_master fixture as they may not existing during an upgrade
test and it's not critical to test them in the fixture.
Handles permission changes caused by test suite running as root and
the creation of /var/cache/salt/master/.root_key.
Running the test suite as root means that /etc/salt/pki/master subdirs
get their ownership changed to root - clean that up in conftest.py.
No longer need to fix /var/log/salt as we handle the files in there
individually.
Adds exclusion for /var/cache/salt/master/.root_key as that gets created
by salt* cli tools running as root.
Removes group test for ownership on files by the salt user. Files that
are created by the salt-master process can be owned by salt:root, rather
than salt:salt and that's valid
Adds test that checks that files and directories created by the packages
that should be owned by salt:salt are owned by that user and that the
other files/directories created are owned by root:root.
Moves log creation for /var/log/salt/master and /var/log/salt/cloud
and setting ownership to salt:salt to the %posttrans scriplets.
Whilst using %post work fine for fresh installs, upgrading means that
the previous package %postun removes those files. Using %posttrans
ensures the logs are created at the end of the full install/upgrade
transaction.
Updates lists of files to check in package tests when starting master.
We now set the following as owned by salt:salt in master postinst
* /etc/salt/pki/master
* /etc/salt/master.d
* /var/log/salt/master
* /var/cache/salt/master
* /var/run/salt/master
Reduces the permissions granted to the salt user used to run the
salt-master:
* Under /etc/salt limit ownership to /etc/salt/pki/master and
/etc/salt/master.d
* Until #64219 is resolved also include /etc/salt/minion.d
* Under /var/cache/salt and /var/run/salt only give ownership on
master directories
* Under /var/log/salt, ensure /var/log/salt/master exists and give
ownership oof that. Also update logrotate config to create that with
correct ownership and perms and install that on debian packages.
Updates Debian and RPM packages so that /opt/saltstack/salt and the
python packages don't have to be owned by salt user.
It shouldn't be necessary for salt user, used to run salt-master to be
able to write/modify files in that directory hierarchy.
Add postinst scripts to call the python compileall module to create
byte-compiled python modules. This should preserve performance whilst
not requiring write access for salt user.
Also cleans up .pyc files and __pycache__ dirs on removal.
