Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gelencsér Szabolcs
/
salt
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Wiki
Members
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
661836a4
authored
Mar 22, 2016
by
Czémán Arnold
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'redhat' into debian
Conflicts: README.md
parents
6dfeb416
d2f1016c
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
73 additions
and
33 deletions
+73
-33
README.md
+3
-26
salt/manager/files/nginx-default-site.conf
+0
-3
salt/manager/files/nginx.te
+16
-0
salt/manager/nginx.sls
+43
-2
salt/vmdriver/files/sudoers
+1
-1
salt/vmdriver/files/vmdriver.te
+10
-1
No files found.
README.md
View file @
661836a4
# C
ircle
Project - Salt Installer
# C
IRCLE
Project - Salt Installer
## OS Support
...
...
@@ -6,11 +6,9 @@
*
Red Hat Enterprise Linux 7+
*
Cent OS 7+
*
Scientific Linux 7+
*
Oracle Linux 7+ --> work in progress
*
Debian Linux family:
*
Debian linux 8+
*
Ubuntu linux 14.04 LTS
*
Ubuntu linux 15.04+ --> work in progress
## Prerequisites
...
...
@@ -40,28 +38,6 @@ sudo apt-get install python-pip vim git
sudo
pip install
salt
==
2014.7.1
```
## Configure salt
Open the salt minion configuration
```
bash
sudo
mkdir
-p
/etc/salt
sudo
vim /etc/salt/minion
```
Add these lines:
```
bash
file_client:
local
file_roots:
base:
- /home/cloud/salt/salt
pillar_roots:
base:
- /home/cloud/salt/pillar
```
## Get the installer
Clone circle installer git repository into cloud home
...
...
@@ -146,7 +122,7 @@ Other variables
Run the following installation command:
```
bash
sudo
salt-call state.sls allinone
sudo
salt-call state.sls allinone
--local
--file-root
=
/home/
$USER
/salt/salt
--pillar-root
=
/home/
$USER
/salt/pillar
```
After this finished, you have to get "Failed: 0" message.
If installer fails, please visit the
[
Troubleshooting
](
#troubleshooting
)
paragraph.
...
...
@@ -211,6 +187,7 @@ Finally, we can run the machine. Click on 'deploy' and start it. You can choose,
### Portal won't load
Maybe port 443 is closed. Check and open it.
### Portal won't load on Ubuntu 14.04
```
bash
sudo
service nginx restart
...
...
salt/manager/files/nginx-default-site.conf
View file @
661836a4
...
...
@@ -14,9 +14,6 @@ server {
alias
/
home
/{{
pillar
[
'user'
] }}/
circle
/
circle
/
static_collected
;
# your Django project's static files
}
{%
endif
%}
location
/
doc
{
alias
/
home
/
cloud
/
circle
-
website
/
_
build
/
html
;
}
location
/ {
{%
if
pillar
[
'deployment_type'
] ==
"production"
%}
...
...
salt/manager/files/nginx.te
0 → 100644
View file @
661836a4
module nginx 1.0;
require {
type initrc_tmp_t;
type httpd_t;
type initrc_t;
class sock_file write;
class unix_stream_socket connectto;
}
#============= httpd_t ==============
allow httpd_t initrc_t:unix_stream_socket connectto;
#!!!! This avc is allowed in the current policy
allow httpd_t initrc_tmp_t:sock_file write;
salt/manager/nginx.sls
View file @
661836a4
...
...
@@ -5,12 +5,20 @@ nginx:
- pkg: nginx
- cmd: circlecert
- file: nginxdefault
- file: nginx_home_permission
{% if grains['os_family'] == 'RedHat' %}
- file: nginxconf
- cmd: nginx_no_private_temp
{% endif %}
pkg:
- installed
nginx_home_permission:
file.directory:
- name: /home/{{ pillar['user'] }}
- user: {{ pillar['user'] }}
- dir_mode: 711
circlecert:
cmd.run:
{% if grains['os_family'] == 'RedHat' %}
...
...
@@ -22,17 +30,50 @@ circlecert:
- creates: /etc/ssl/certs/circle.pem
{% if grains['os_family'] == 'RedHat' %}
nginx_selinux:
nginx_selinux
_pkgs
:
pkg.installed:
- pkgs:
- policycoreutils
- policycoreutils-python
nginx_httpd_can_network_connect:
selinux.boolean:
- name: httpd_can_network_connect
- value: True
- persist: True
- require:
- pkg: nginx_selinux
- pkg: nginx_selinux_pkgs
nginx_httpd_read_user_content:
selinux.boolean:
- name: httpd_read_user_content
- value: True
- persist: True
- require:
- pkg: nginx_selinux_pkgs
/root/nginx.te:
file.managed:
- source: salt://manager/files/nginx.te
- template: jinja
- mode: 644
nginx_semodule:
cmd.run:
- cwd: /root
- user: root
- name: checkmodule -M -m -o nginx.mod nginx.te; semodule_package -o nginx.pp -m nginx.mod; semodule -i nginx.pp
- unless: semodule -l |grep -qs ^nginx
- require:
- file: /root/nginx.te
- pkg: nginx_selinux_pkgs
nginx_no_private_temp:
cmd.run:
- user: root
- name: sed -i "/PrivateTmp/d" /usr/lib/systemd/system/nginx.service
- require:
- pkg: nginx
{% endif %}
nginxdefault:
...
...
salt/vmdriver/files/sudoers
View file @
661836a4
{{ pillar['user'] }} ALL = (ALL) NOPASSWD: /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /sbin/ip link set *
Defaults:
cloud
!requiretty
Defaults:
{{ pillar['user'] }}
!requiretty
salt/vmdriver/files/vmdriver.te
View file @
661836a4
module vmdriver 1.
0
;
module vmdriver 1.
1
;
require {
type virt_var_lib_t;
type svirt_tcg_t;
type svirt_t;
type default_t;
class sock_file { create unlink };
class dir { write remove_name add_name };
class lnk_file read;
}
#============= svirt_tcg_t ==============
allow svirt_tcg_t virt_var_lib_t:dir { write remove_name add_name };
allow svirt_tcg_t virt_var_lib_t:sock_file { create unlink };
#============= svirt_t ==============
allow svirt_t virt_var_lib_t:dir { write add_name };
allow svirt_t virt_var_lib_t:sock_file create;
allow svirt_t default_t:lnk_file read;
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment