Update launch docs for salt permissions.
* launch/README: Mention adding yourself to the salt group. * modules/salt/manifests/master.pp: Loosen directory permissions minimally as needed for salt group members to be able to run the launch script without being root. Change-Id: I4e462fe2efabe2200a635c79e4b7a1314bf174a3 Reviewed-on: https://review.openstack.org/27562 Reviewed-by: Jesse Keating <jesse.keating@rackspace.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
This commit is contained in:
Jeremy Stanley
Jenkins
parent
45725e67ff
commit
b48c3bc49b
@ -3,10 +3,11 @@ Create Server
|
|||||||
|
|
||||||
Note that these instructions assume you're working from this
|
Note that these instructions assume you're working from this
|
||||||
directory on an updated local clone of the repository, and that
|
directory on an updated local clone of the repository, and that
|
||||||
your account is a member of the puppet group for access to the
|
your account is a member of the puppet and salt groups for access
|
||||||
puppet keys::
|
to their respective keys::
|
||||||
|
|
||||||
sudo adduser YOURUSER puppet
|
sudo adduser YOURUSER puppet
|
||||||
|
sudo adduser YOURUSER salt
|
||||||
|
|
||||||
(Remember to log out and back into your shell if you add yourself
|
(Remember to log out and back into your shell if you add yourself
|
||||||
to a group.)
|
to a group.)
|
||||||
|
|||||||
@ -31,11 +31,12 @@ class salt::master {
|
|||||||
}
|
}
|
||||||
|
|
||||||
user { 'salt':
|
user { 'salt':
|
||||||
ensure => present,
|
ensure => present,
|
||||||
gid => 'salt',
|
gid => 'salt',
|
||||||
home => '/home/salt',
|
home => '/home/salt',
|
||||||
shell => '/bin/bash',
|
shell => '/bin/bash',
|
||||||
system => true,
|
system => true,
|
||||||
|
require => Group['salt'],
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/home/salt':
|
file { '/home/salt':
|
||||||
@ -56,6 +57,33 @@ class salt::master {
|
|||||||
require => Package['salt-master'],
|
require => Package['salt-master'],
|
||||||
}
|
}
|
||||||
|
|
||||||
|
file { '/etc/salt/pki':
|
||||||
|
ensure => directory,
|
||||||
|
owner => 'salt',
|
||||||
|
group => 'salt',
|
||||||
|
mode => '0710',
|
||||||
|
require => [
|
||||||
|
Package['salt-master'],
|
||||||
|
User['salt'],
|
||||||
|
],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/salt/pki/master':
|
||||||
|
ensure => directory,
|
||||||
|
owner => 'salt',
|
||||||
|
group => 'salt',
|
||||||
|
mode => '0770',
|
||||||
|
require => File['/etc/salt/pki'],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/salt/pki/master/minions':
|
||||||
|
ensure => directory,
|
||||||
|
owner => 'salt',
|
||||||
|
group => 'salt',
|
||||||
|
mode => '0775',
|
||||||
|
require => File['/etc/salt/pki/master'],
|
||||||
|
}
|
||||||
|
|
||||||
service { 'salt-master':
|
service { 'salt-master':
|
||||||
ensure => running,
|
ensure => running,
|
||||||
enable => true,
|
enable => true,
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user