opendev/system-config
Code Issues Proposed changes

Update launch docs for salt permissions.

Browse Source 
* launch/README: Mention adding yourself to the salt group.

* modules/salt/manifests/master.pp: Loosen directory permissions
minimally as needed for salt group members to be able to run the
launch script without being root.

Change-Id: I4e462fe2efabe2200a635c79e4b7a1314bf174a3
Reviewed-on: https://review.openstack.org/27562
Reviewed-by: Jesse Keating <jesse.keating@rackspace.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
This commit is contained in:
Jeremy Stanley 2013-04-24 01:55:27 +00:00 committed by Jenkins
parent 45725e67ff
commit b48c3bc49b
2 changed files with 36 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
launch/README
View File

@ -3,10 +3,11 @@ Create Server
Note that these instructions assume you're working from this Note that these instructions assume you're working from this
directory on an updated local clone of the repository, and that directory on an updated local clone of the repository, and that
your account is a member of the puppet group for access to the your account is a member of the puppet and salt groups for access
puppet keys:: to their respective keys::
sudo adduser YOURUSER puppet sudo adduser YOURUSER puppet
sudo adduser YOURUSER salt
(Remember to log out and back into your shell if you add yourself (Remember to log out and back into your shell if you add yourself
to a group.) to a group.)

28
modules/salt/manifests/master.pp
View File

@ -36,6 +36,7 @@ class salt::master {
home => '/home/salt', home => '/home/salt',
shell => '/bin/bash', shell => '/bin/bash',
system => true, system => true,
require => Group['salt'],
} }
file { '/home/salt': file { '/home/salt':
@ -56,6 +57,33 @@ class salt::master {
require => Package['salt-master'], require => Package['salt-master'],
} }
file { '/etc/salt/pki':
ensure => directory,
owner => 'salt',
group => 'salt',
mode => '0710',
require => [
Package['salt-master'],
User['salt'],
],
}
file { '/etc/salt/pki/master':
ensure => directory,
owner => 'salt',
group => 'salt',
mode => '0770',
require => File['/etc/salt/pki'],
}
file { '/etc/salt/pki/master/minions':
ensure => directory,
owner => 'salt',
group => 'salt',
mode => '0775',
require => File['/etc/salt/pki/master'],
}
service { 'salt-master': service { 'salt-master':
ensure => running, ensure => running,
enable => true, enable => true,