Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gazsi István
/
salt
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
51d881f7
authored
Mar 08, 2015
by
Bach Dániel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
random fixes
parent
13d50a60
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
92 additions
and
7 deletions
+92
-7
salt/agentdriver/configuration.sls
+1
-0
salt/manager/init.sls
+1
-0
salt/manager/nginx.sls
+14
-0
salt/manager/postgres.sls
+1
-1
salt/manager/rabbitmq.sls
+18
-6
salt/vmdriver/files/10.virt.rules
+10
-0
salt/vmdriver/files/vmdriver.te
+13
-0
salt/vmdriver/libvirt.sls
+34
-0
No files found.
salt/agentdriver/configuration.sls
View file @
51d881f7
...
@@ -38,6 +38,7 @@ incron:
...
@@ -38,6 +38,7 @@ incron:
{% endif %}
{% endif %}
service:
service:
- reload: true
- reload: true
- enable: true
- running
- running
- watch:
- watch:
- file: /etc/incron.d/agentdriver
- file: /etc/incron.d/agentdriver
salt/manager/init.sls
View file @
51d881f7
...
@@ -75,6 +75,7 @@ portal:
...
@@ -75,6 +75,7 @@ portal:
- watch:
- watch:
- file: manager_postactivate
- file: manager_postactivate
- file: portal.conf
- file: portal.conf
- sls: manager.gitrepo
memcached:
memcached:
service:
service:
...
...
salt/manager/nginx.sls
View file @
51d881f7
...
@@ -17,6 +17,20 @@ circlecert:
...
@@ -17,6 +17,20 @@ circlecert:
- cwd: /etc/ssl/certs/
- cwd: /etc/ssl/certs/
- creates: /etc/ssl/certs/circle.pem
- creates: /etc/ssl/certs/circle.pem
{% if grains['os_family'] == 'RedHat' %}
nginx_selinux:
pkg.installed:
- pkgs:
- policycoreutils
- policycoreutils-python
selinux.boolean:
- name: httpd_can_network_connect
- value: True
- persist: True
- require:
- pkg: nginx_selinux
{% endif %}
nginxdefault:
nginxdefault:
file.managed:
file.managed:
{% if grains['os_family'] == 'RedHat' %}
{% if grains['os_family'] == 'RedHat' %}
...
...
salt/manager/postgres.sls
View file @
51d881f7
...
@@ -3,7 +3,7 @@ postgresql_initdb:
...
@@ -3,7 +3,7 @@ postgresql_initdb:
cmd.run:
cmd.run:
- cwd: /
- cwd: /
- user: root
- user: root
- name:
service postgresql
initdb
- name:
postgresql-setup
initdb
- unless: test -f /var/lib/pgsql/data/postgresql.conf
- unless: test -f /var/lib/pgsql/data/postgresql.conf
- env:
- env:
LC_ALL: C.UTF-8
LC_ALL: C.UTF-8
...
...
salt/manager/rabbitmq.sls
View file @
51d881f7
rabbitmq-server:
rabbitmq-server:
pkg.installed:
pkg.installed:
- name: rabbitmq-server
- name: rabbitmq-server
{% if grains['os_family'] == 'RedHat' %}
file.managed:
- name: /etc/rabbitmq/rabbitmq-env.conf
- contents: RABBITMQ_DIST_PORT=5671
{% endif %}
service.running:
service.running:
- enable: True
- enable: True
- require:
- require:
- pkg: rabbitmq-server
- pkg: rabbitmq-server
{% if grains['os_family'] == 'RedHat' %}
- file: rabbitmq-server
{% endif %}
rabbitmq_user:
rabbitmq_user:
rabbitmq_user.present:
rabbitmq_user.present:
- name: {{ pillar['amqp']['user'] }}
- name: {{ pillar['amqp']['user'] }}
- password: {{ pillar['amqp']['password'] }}
- password: {{ pillar['amqp']['password'] }}
- require:
- service: rabbitmq-server
virtual_host:
virtual_host:
rabbitmq_vhost.present:
rabbitmq_vhost.present:
- name: {{ pillar['amqp']['vhost']}}
- name: {{ pillar['amqp']['vhost']}}
- user: {{ pillar['amqp']['user'] }}
- user: {{ pillar['amqp']['user'] }}
- conf: .*
- conf: .*
- write: .*
- write: .*
- read: .*
- read: .*
- require:
- service: rabbitmq-server
salt/vmdriver/files/10.virt.rules
0 → 100644
View file @
51d881f7
polkit.addRule(function(action, subject) {
polkit.log("action=" + action);
polkit.log("subject=" + subject);
var now = new Date();
polkit.log("now=" + now)
if ((action.id == "org.libvirt.unix.manage" || action.id == "org.libvirt.unix.monitor") && subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
return null;
});
salt/vmdriver/files/vmdriver.te
0 → 100644
View file @
51d881f7
module vmdriver 1.0;
require {
type virt_var_lib_t;
type svirt_tcg_t;
class sock_file { create unlink };
class dir { write remove_name add_name };
}
#============= svirt_tcg_t ==============
allow svirt_tcg_t virt_var_lib_t:dir { write remove_name add_name };
allow svirt_tcg_t virt_var_lib_t:sock_file { create unlink };
salt/vmdriver/libvirt.sls
View file @
51d881f7
...
@@ -26,6 +26,40 @@ libvirt-bin:
...
@@ -26,6 +26,40 @@ libvirt-bin:
file.symlink:
file.symlink:
- target: /usr/libexec/qemu-kvm
- target: /usr/libexec/qemu-kvm
/etc/polkit-1/rules.d/10.virt.rules:
file.managed:
- source: salt://vmdriver/files/10.virt.rules
- template: jinja
- mode: 644
polkit:
service:
- running
- watch:
- file: /etc/polkit-1/rules.d/10.virt.rules
/root/vmdriver.te:
file.managed:
- source: salt://vmdriver/files/vmdriver.te
- template: jinja
- mode: 644
selinux_pkgs:
pkg.installed:
- pkgs:
- policycoreutils
- policycoreutils-python
vmdriver_semodule:
cmd.run:
- cwd: /root
- user: root
- name: checkmodule -M -m -o vmdriver.mod vmdriver.te; semodule_package -o vmdriver.pp -m vmdriver.mod; semodule -i vmdriver.pp
- unless: semodule -l |grep -qs ^vmdriver
- require:
- file: /root/vmdriver.te
- pkg: selinux_pkgs
{% else %}
{% else %}
/etc/apparmor.d/libvirt/TEMPLATE:
/etc/apparmor.d/libvirt/TEMPLATE:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment