├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── bind-formula ├── LICENSE ├── README.rst ├── bind-formula.changes ├── bind-formula.spec ├── bind │ ├── files │ │ ├── arch │ │ │ └── named.conf │ │ ├── debian │ │ │ ├── default │ │ │ ├── logrotate_bind │ │ │ ├── named.conf │ │ │ ├── named.conf.default-zones │ │ │ ├── named.conf.key │ │ │ ├── named.conf.options │ │ │ └── rndc.conf │ │ ├── freebsd │ │ │ ├── named.conf │ │ │ └── tty1.eu-empty-private-networks.conf │ │ ├── named.conf.local.jinja │ │ ├── named.conf.logging.jinja │ │ ├── redhat │ │ │ ├── default │ │ │ └── named.conf │ │ ├── suse │ │ │ ├── default │ │ │ └── named.conf │ │ └── zone.jinja │ ├── init.sls │ ├── install.sls │ ├── map.jinja │ ├── reverse_zone.jinja │ └── utils.sls ├── form.yml ├── metadata.yml ├── pillar-with-views.example ├── pillar.example └── pillar.example.smr ├── cpu-mitigations-formula ├── metadata │ ├── form.yml │ ├── metadata.yml │ └── pillar.example └── states │ ├── init.sls │ └── map.jinja ├── dhcpd-formula ├── LICENSE ├── README.rst ├── dhcpd-formula.changes ├── dhcpd-formula.spec ├── dhcpd │ ├── config.sls │ ├── files │ │ ├── dhcpd.conf │ │ ├── dhcpd.sample │ │ ├── host.jinja │ │ ├── service_config.Debian │ │ ├── service_config.FreeBSD │ │ ├── service_config.Suse │ │ └── subnet.jinja │ ├── init.sls │ └── map.jinja └── metadata │ ├── form.yml │ ├── metadata.yml │ └── pillar.example ├── grafana-formula ├── LICENSE ├── grafana-formula.changes ├── grafana-formula.spec ├── grafana │ ├── files │ │ ├── caasp-cluster.json │ │ ├── caasp-etcd-cluster.json │ │ ├── caasp-namespaces.json │ │ ├── dashboard-provider.yml │ │ ├── datasources.yml │ │ ├── grafana.ini │ │ ├── mgr-apache.json │ │ ├── mgr-client-systems.json.jinja │ │ ├── mgr-postgresql.json │ │ └── mgr-server.json.jinja │ └── init.sls └── metadata │ ├── form.yml │ └── metadata.yml ├── kitchensink-formula ├── LICENSE ├── kitchensink-formula.changes ├── kitchensink-formula.spec ├── kitchensink │ └── init.sls └── metadata │ ├── form.yml │ ├── metadata.yml │ └── pillar.example ├── liberate-formula ├── LICENSE ├── README.md ├── liberate-formula.changes ├── liberate-formula.spec ├── liberate │ └── init.sls └── metadata │ ├── form.yml │ └── metadata.yml ├── locale-formula ├── COPYING ├── README.rst ├── locale-formula.changes ├── locale-formula.spec ├── metadata │ ├── form.yml │ ├── metadata.yml │ └── pillar.example └── states │ ├── init.sls │ └── map.jinja ├── openvpn-formula ├── metadata │ ├── form.yml │ └── metadata.yml ├── openvpn-formula.changes ├── openvpn-formula.spec └── openvpn │ ├── common.sls │ ├── files │ ├── _gateway.conf │ ├── _subnet.conf │ ├── ipp.txt │ └── server.conf │ ├── init.sls │ ├── map.jinja │ └── server │ ├── init.sls │ └── service.sls ├── prometheus-exporters-formula ├── LICENSE ├── metadata │ ├── form.yml │ ├── metadata.yml │ └── pillar.example ├── prometheus-exporters │ ├── files │ │ ├── apache-exporter-config.Debian │ │ ├── apache-exporter-config.RedHat │ │ ├── apache-exporter-config.Suse │ │ ├── exporter-exporter-config.Debian │ │ ├── exporter-exporter-config.RedHat │ │ ├── exporter-exporter-config.Suse │ │ ├── exporter-exporter.yaml │ │ ├── exporter-proxy.yaml │ │ ├── node-exporter-config.Debian │ │ ├── node-exporter-config.RedHat │ │ ├── node-exporter-config.Suse │ │ ├── postgres-exporter-config.Debian │ │ ├── postgres-exporter-config.RedHat │ │ ├── postgres-exporter-config.Suse │ │ ├── postgres-exporter-password │ │ └── web.yml │ ├── init.sls │ └── map.jinja └── scripts │ └── migrate_formula_data.py ├── prometheus-formula ├── LICENSE ├── README.md ├── metadata │ ├── form.yml │ ├── metadata.yml │ └── pillar.example ├── prometheus-formula.changes ├── prometheus-formula.spec └── prometheus │ ├── files │ ├── alertmanager-service.conf │ ├── blackbox-web.yml │ ├── blackbox_exporter-service.conf │ ├── general-rules.yml │ ├── mgr-server.yml │ ├── prometheus-rules.yml │ ├── prometheus-service.conf │ ├── prometheus.yml │ ├── prometheus_old.yml │ └── web.yml │ ├── init.sls │ └── map.jinja ├── pxe-formula ├── form.yml ├── metadata.yml ├── pillar.example ├── pxe-formula.changes ├── pxe-formula.spec └── pxe │ ├── files │ ├── pxecfg.grub2.base │ ├── pxecfg.grub2.template │ └── pxecfg.template │ ├── init.sls │ ├── map.jinja │ ├── terminal_entry.sls │ └── uninstall.sls ├── system-lock-formula ├── LICENSE ├── metadata │ ├── README.md │ ├── form.yml │ ├── metadata.yml │ └── pillar.example ├── system-lock-formula.changes ├── system-lock-formula.spec └── system-lock │ └── init.sls ├── tftpd-formula ├── form.yml ├── metadata.yml ├── tftpd-formula.changes ├── tftpd-formula.spec └── tftpd │ ├── files │ └── tftp.template │ ├── init.sls │ ├── map.jinja │ └── uninstall.sls ├── uyuni-config-formula ├── LICENSE ├── README.md ├── metadata │ ├── form.yml │ ├── metadata.yml │ └── pillar.example ├── uyuni-config-formula.changes ├── uyuni-config-formula.spec └── uyuni-config │ └── init.sls ├── virtualization-formulas ├── LICENSE ├── guest │ ├── metadata │ │ ├── form.yml │ │ ├── metadata.yml │ │ └── pillar.example │ └── states │ │ └── init.sls ├── host │ ├── metadata │ │ ├── form.yml │ │ ├── metadata.yml │ │ └── pillar.example │ ├── src │ │ ├── __init__.py │ │ ├── states │ │ │ └── bootloader.py │ │ └── tests │ │ │ ├── __init__.py │ │ │ └── test_states_bootloader.py │ ├── states │ │ ├── .gitignore │ │ ├── init.sls │ │ ├── iommu.sls │ │ └── map.jinja │ └── virtualization-host-formula.conf ├── sriov │ ├── metadata │ │ ├── form.yml │ │ ├── metadata.yml │ │ └── pillar.example │ └── states │ │ └── init.sls ├── virtualization-formulas.changes └── virtualization-formulas.spec └── vsftpd-formula ├── LICENSE ├── form.yml ├── metadata.yml ├── pillar.example ├── vsftpd-formula.changes ├── vsftpd-formula.spec └── vsftpd ├── config.sls ├── files └── vsftpd.conf ├── init.sls └── map.jinja /.gitignore: -------------------------------------------------------------------------------- 1 | *.tar.gz 2 | .idea/ 3 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | 2 | LOCALE_VERSION=0.4.0 3 | CPU_MITIGATIONS_VERSION=0.5.0 4 | PROMETHEUS_VERSION=0.8.0 5 | PROMETHEUS_EXPORTERS_VERSION=1.4.1 6 | GRAFANA_VERSION=0.12.0 7 | VIRTUALIZATION_VERSION=0.6.2 8 | SYSTEM_LOCK_VERSION=0.1 9 | UYUNI_CONFIG_VERSION=0.2 10 | LIBERATE_VERSION=0.1.0 11 | PXE_VERSION=0.3.0 12 | 13 | locale:: clean 14 | git archive --format=tar.gz --prefix=locale-formula-${LOCALE_VERSION}/ HEAD:locale-formula/ >locale-formula-${LOCALE_VERSION}.tar.gz 15 | 16 | cpu-mitigations:: clean 17 | git archive --format=tar.gz --prefix=cpu-mitigations-formula-${CPU_MITIGATIONS_VERSION}/ HEAD:cpu-mitigations-formula/ >cpu-mitigations-formula-${CPU_MITIGATIONS_VERSION}.tar.gz 18 | 19 | prometheus:: clean 20 | git archive --format=tar.gz --prefix=prometheus-formula-${PROMETHEUS_VERSION}/ HEAD:prometheus-formula/ >prometheus-formula-${PROMETHEUS_VERSION}.tar.gz 21 | 22 | prometheus-exporters:: clean 23 | git archive --format=tar.gz --prefix=prometheus-exporters-formula-${PROMETHEUS_EXPORTERS_VERSION}/ HEAD:prometheus-exporters-formula/ >prometheus-exporters-formula-${PROMETHEUS_EXPORTERS_VERSION}.tar.gz 24 | 25 | grafana:: clean 26 | git archive --format=tar.gz --prefix=grafana-formula-${GRAFANA_VERSION}/ HEAD:grafana-formula/ >grafana-formula-${GRAFANA_VERSION}.tar.gz 27 | 28 | virtualization:: clean 29 | git archive --format=tar.gz --prefix=virtualization-formulas-${VIRTUALIZATION_VERSION}/ HEAD:virtualization-formulas/ >virtualization-formulas-${VIRTUALIZATION_VERSION}.tar.gz 30 | 31 | system-lock:: clean 32 | git archive --format=tar.gz --prefix=system-lock-formula-${SYSTEM_LOCK_VERSION}/ HEAD:system-lock-formula/ >system-lock-formula-${SYSTEM_LOCK_VERSION}.tar.gz 33 | 34 | uyuni-config:: clean 35 | git archive --format=tar.gz --prefix=uyuni-config-formula-${UYUNI_CONFIG_VERSION}/ HEAD:uyuni-config-formula/ >uyuni-config-formula-${UYUNI_CONFIG_VERSION}.tar.gz 36 | 37 | liberate:: clean 38 | git archive --format=tar.gz --prefix=liberate-formula-${LIBERATE_VERSION}/ HEAD:liberate-formula/ >liberate-formula-${LIBERATE_VERSION}.tar.gz 39 | 40 | pxe:: clean 41 | git archive --format=tar.gz --prefix=pxe-formula-${PXE_VERSION}/ HEAD:pxe-formula/ >pxe-formula-${PXE_VERSION}.tar.gz 42 | 43 | clean:: 44 | find . -name "*~" | xargs rm -f 45 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SUSE Salt Formulas 2 | 3 | This repository contains [Salt Formulas](https://docs.saltproject.io/en/latest/topics/development/conventions/formulas.html) to be shipped for `openSUSE` and `SUSE Linux Enterprise Server`. Formulas can be used with stand-alone Salt or within [Uyuni](https://www.uyuni-project.org/) / [SUSE Multi-Linux Manager](https://www.suse.com/products/suse-manager/) offering UI support for configuration through Pillar data. 4 | 5 | ## Repository Structure 6 | 7 | For each Formula there is a separate directory where the directory name consists of the Formula name and a `-formula` suffix. Each of these directories should be mostly consistent with the [Salt Formulas conventions](https://docs.saltproject.io/en/latest/topics/development/conventions/formulas.html#repository-structure), while additional metadata files (`form.yml`, `metadata.yml`) should go to a separate `metadata` directory, for example: 8 | 9 | ``` 10 | example-formula 11 | |-- example/ 12 | | |-- files/ 13 | | | |-- foo.conf 14 | | |-- bar.sls 15 | | |-- init.sls 16 | | |-- map.jinja 17 | |-- metadata/ 18 | | |-- form.yml 19 | | |-- metadata.yml 20 | |-- example-formula.changes 21 | |-- example-formula.spec 22 | |-- LICENSE 23 | |-- README.md 24 | ``` 25 | 26 | ## Packaging Information 27 | 28 | For information about packaging Formulas as RPM packages (including a `spec` file template) please refer to the [packaging guide](https://github.com/SUSE/salt-formulas/wiki/Packaging-Guide). 29 | 30 | ## Stable Branches 31 | 32 | The repository includes stable branches for maintaining bug-fixes of released versions. 33 | When submitting a bug-fix, please consider if it needs a cherry-pick to stable branch, 34 | e.g. `Manager-4.0`. 35 | -------------------------------------------------------------------------------- /bind-formula/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013-2015 Salt Stack Formulas 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /bind-formula/README.rst: -------------------------------------------------------------------------------- 1 | ==== 2 | bind 3 | ==== 4 | 5 | Formulas to set up and configure the bind DNS server. 6 | 7 | .. note:: 8 | 9 | See the full `Salt Formulas installation and usage instructions 10 | `_. 11 | 12 | Available states 13 | ================ 14 | 15 | .. contents:: 16 | :local: 17 | 18 | ``bind`` 19 | -------- 20 | 21 | Install the bind package and start the bind service. 22 | 23 | ``bind.config`` 24 | --------------- 25 | 26 | Manage the bind configuration file. 27 | This state can generate some basic zone files if a `records` entry is found in the 28 | `available_zones`' declaration for the zone (see `pillar.example` for how to write these) 29 | 30 | Example Pillar 31 | ============== 32 | 33 | .. code:: yaml 34 | 35 | bind: 36 | configured_zones: 37 | example.com: 38 | type: master 39 | notify: False 40 | available_zones: 41 | example.com: 42 | file: example.com.txt 43 | soa: 44 | ns: ns1.example.com # Required 45 | contact: hostmaster.example.com # Required 46 | serial: 2017041001 # Required 47 | records: # Records for the zone, grouped by type 48 | A: 49 | mx1: # A RR with multiple values can 50 | - 1.2.3.228 # be written as an array 51 | - 1.2.3.229 52 | cat: 2.3.4.188 53 | rat: 1.2.3.231 54 | live: 1.2.3.236 55 | 56 | See *bind/pillar.example* for a more complete example. 57 | 58 | On the other hand, if no `records` entry exists, the zone file is not generated by this state 59 | rather than taken from `salt://zones`. See `pillar.example` for how to overwrite 60 | this URL. 61 | 62 | Example Pillar 63 | ============== 64 | 65 | .. code:: yaml 66 | 67 | bind: 68 | configured_zones: 69 | sub.domain.com: 70 | type: master 71 | notify: False 72 | configured_views: 73 | myview1: 74 | match_clients: 75 | - client1 76 | - client2 77 | configured_zones: 78 | my.zone: 79 | type: master 80 | notify: False 81 | 82 | See *bind/pillar.example*. 83 | 84 | Notes 85 | ===== 86 | 87 | * When using views all zones must be configured in views! 88 | -------------------------------------------------------------------------------- /bind-formula/bind-formula.changes: -------------------------------------------------------------------------------- 1 | ------------------------------------------------------------------- 2 | Mon Jan 17 10:18:00 UTC 2022 - Ondrej Holecek 3 | 4 | - Update to version 0.1.1642432942.9359cc6 5 | * Update defaults based on SLE15SP4 release 6 | * chroot option was replaced by systemd protections 7 | 8 | ------------------------------------------------------------------- 9 | Fri Jan 29 08:59:21 UTC 2021 - Ondrej Holecek 10 | 11 | - Update bind formula to newest upstream version 12 | - Fix apparmor conflict on Debian systems (bsc#1181461) 13 | - Update to version 0.1.1615805990.f15c8d9 14 | 15 | ------------------------------------------------------------------- 16 | Tue Oct 20 11:21:05 UTC 2020 - Ondrej Holecek 17 | 18 | - Temporarily disable dnssec-validation as hotfix for bsc#1177790 19 | - Update to version 0.1.1603299886.60e4bcf 20 | 21 | ------------------------------------------------------------------- 22 | Thu Oct 3 15:56:55 UTC 2019 - Ondrej Holecek 23 | 24 | - Bind form update - make options pillar optional. 25 | * fixes problem with empty options introduced in previous version 26 | - Update to version 0.1.1573049925.b509ada 27 | 28 | ------------------------------------------------------------------- 29 | Tue Sep 24 14:03:48 UTC 2019 - Ondrej Holecek 30 | 31 | - Update to version 0.1.1569489047.99c648b 32 | - Improvements to bind form: 33 | * remove wrong default for bind options preventing correct upload 34 | of bind options using XMLRPC (bsc#1150657) 35 | * add explaining names to CNAME and A sections 36 | 37 | ------------------------------------------------------------------- 38 | Tue Sep 17 14:52:14 UTC 2019 - Ondrej Holecek 39 | 40 | - Update to version 0.1.1568808472.be9f236 41 | - Update formula to upstream version hash d5d11a48b 42 | 43 | ------------------------------------------------------------------- 44 | Thu May 23 13:54:24 UTC 2019 - Ondrej Holecek 45 | 46 | - Updated copyrights and bug reporting link 47 | - Update to version 0.1.1558613789.64ba093 48 | 49 | ------------------------------------------------------------------- 50 | Mon Jun 25 14:41:26 UTC 2018 - nadvornik@suse.com 51 | 52 | - Do not allow empty values in SOA pillar 53 | 54 | ------------------------------------------------------------------- 55 | Fri Jun 15 13:50:46 UTC 2018 - nadvornik@suse.com 56 | 57 | - Generate rev zones for any zone 58 | 59 | ------------------------------------------------------------------- 60 | Fri Jun 15 13:49:05 UTC 2018 - nadvornik@suse.com 61 | 62 | - Include forwarders, allow generic options in bind formula 63 | 64 | ------------------------------------------------------------------- 65 | Thu Jun 7 11:52:42 UTC 2018 - psladek@suse.com 66 | 67 | - advanced features in form 68 | 69 | ------------------------------------------------------------------- 70 | Wed Jun 6 11:19:58 UTC 2018 - nadvornik@suse.com 71 | 72 | - Updated from upstream 73 | 74 | ------------------------------------------------------------------- 75 | Sun Mar 18 16:44:37 UTC 2018 - oholecek@suse.com 76 | 77 | - Add 'after' tag to metada to ensure correct order 78 | - see also bsc#1083326 79 | 80 | ------------------------------------------------------------------- 81 | Tue Jan 16 12:33:57 UTC 2018 - nadvornik@suse.com 82 | 83 | - implemented automatic generation of 84 | zone serial and reverse zones 85 | - added form 86 | 87 | ------------------------------------------------------------------- 88 | Mon Jul 24 14:43:24 UTC 2017 - nadvornik@suse.com 89 | 90 | - new package 91 | 92 | -------------------------------------------------------------------------------- /bind-formula/bind-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package bind-formula 3 | # 4 | # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | %define fname bind 20 | %define fdir %{_datadir}/susemanager/formulas 21 | Name: bind-formula 22 | Version: 0.1 23 | Release: 0 24 | Summary: Salt formula for configuring and running BIND 25 | License: Apache-2.0 26 | Group: System/Packages 27 | Url: https://github.com/saltstack-formulas/bind-formula 28 | Source: bind-formula-%{version}.tar.xz 29 | BuildRoot: %{_tmppath}/%{name}-%{version}-build 30 | BuildArch: noarch 31 | 32 | %description 33 | Salt formula for managing configuration and running of BIND server. 34 | 35 | %prep 36 | %setup -q 37 | 38 | %build 39 | 40 | %install 41 | mkdir -p %{buildroot}%{fdir}/states/%{fname} 42 | mkdir -p %{buildroot}%{fdir}/metadata/%{fname} 43 | cp -R bind/* %{buildroot}%{fdir}/states/%{fname} 44 | cp -R form.yml metadata.yml LICENSE pillar.example pillar-with-views.example pillar.example.smr README.rst %{buildroot}%{fdir}/metadata/%{fname} 45 | 46 | %files 47 | %defattr(-,root,root) 48 | %dir %{_datadir}/susemanager 49 | %dir %{fdir} 50 | %dir %{fdir}/states 51 | %dir %{fdir}/metadata 52 | %{fdir}/states/%{fname} 53 | %{fdir}/metadata/%{fname} 54 | 55 | %changelog 56 | -------------------------------------------------------------------------------- /bind-formula/bind/files/arch/named.conf: -------------------------------------------------------------------------------- 1 | // vim:set ts=4 sw=4 et: 2 | 3 | options { 4 | directory "{{ map.get('named_directory') }}"; 5 | pid-file "/run/named/named.pid"; 6 | 7 | // Uncomment these to enable IPv6 connections support 8 | // IPv4 will still work: 9 | // listen-on-v6 { any; }; 10 | // Add this for no IPv4: 11 | // listen-on { none; }; 12 | 13 | {#- Allow inclusion of arbitrary statements #} 14 | {%- for statement, value in salt['pillar.get']('bind:config:options', {})|dictsort -%} 15 | {%- if value is iterable and value is not string %} 16 | {{ statement }} { 17 | {%- for item in value %} 18 | {{ item }}; 19 | {%- endfor %} 20 | }; 21 | {%- else %} 22 | {{ statement }} {{ value }}; 23 | {%- endif %} 24 | {%- endfor %} 25 | }; 26 | 27 | zone "localhost" IN { 28 | type master; 29 | file "localhost.zone"; 30 | }; 31 | 32 | zone "0.0.127.in-addr.arpa" IN { 33 | type master; 34 | file "127.0.0.zone"; 35 | }; 36 | 37 | zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" { 38 | type master; 39 | file "localhost.ip6.zone"; 40 | }; 41 | 42 | zone "255.in-addr.arpa" IN { 43 | type master; 44 | file "empty.zone"; 45 | }; 46 | 47 | zone "0.in-addr.arpa" IN { 48 | type master; 49 | file "empty.zone"; 50 | }; 51 | 52 | zone "." IN { 53 | type hint; 54 | file "root.hint"; 55 | }; 56 | 57 | //zone "example.org" IN { 58 | // type slave; 59 | // file "example.zone"; 60 | // masters { 61 | // 192.168.1.100; 62 | // }; 63 | // allow-query { any; }; 64 | // allow-transfer { any; }; 65 | //}; 66 | 67 | include "{{ map.local_config }}"; 68 | -------------------------------------------------------------------------------- /bind-formula/bind/files/debian/default: -------------------------------------------------------------------------------- 1 | {% set protocol = salt['pillar.get']('bind:config:protocol', False) -%} 2 | {% set param = ['-u bind'] -%} 3 | {% if protocol -%} 4 | {% do param.append('-' + protocol|string) -%} 5 | {% endif -%} 6 | # run resolvconf? 7 | RESOLVCONF=no 8 | 9 | # startup options for the server 10 | OPTIONS="{{ param|join(' ') }}" 11 | -------------------------------------------------------------------------------- /bind-formula/bind/files/debian/logrotate_bind: -------------------------------------------------------------------------------- 1 | {%- from "bind/map.jinja" import map with context %} 2 | {%- set user = salt['pillar.get']('bind:config:user', map.user) %} 3 | {%- set group = salt['pillar.get']('bind:config:group', map.group) %} 4 | {%- set mode = salt['pillar.get']('bind:config:log_mode', map.log_mode) %} 5 | {{ map.log_dir }}/*.log { 6 | rotate 7 7 | daily 8 | missingok 9 | notifempty 10 | sharedscripts 11 | copytruncate 12 | compress 13 | create {{ mode }} {{ user }} {{ group }} 14 | {% if not salt['pkg.version']('logrotate').startswith('3.7')-%} 15 | su {{ user }} {{ group }} 16 | {% endif %} 17 | } 18 | -------------------------------------------------------------------------------- /bind-formula/bind/files/debian/named.conf: -------------------------------------------------------------------------------- 1 | // This is the primary configuration file for the BIND DNS server named. 2 | // 3 | // Please read /usr/share/doc/bind9/README.Debian.gz for information on the 4 | // structure of BIND configuration files in Debian, *BEFORE* you customize 5 | // this configuration file. 6 | // 7 | // If you are just adding zones, please do that in /etc/bind/named.conf.local 8 | 9 | include "{{ map.options_config }}"; 10 | include "{{ map.local_config }}"; 11 | {%- if 'keys' in salt['pillar.get']('bind') %} 12 | include "{{ map.key_config }}"; 13 | {% endif %} 14 | {%- if salt['pillar.get']('bind:config:default_zones', False) %} 15 | include "{{ map.default_zones_config }}"; 16 | {% endif %} 17 | {%- for incl in salt['pillar.get']('bind:config:includes', []) %} 18 | include "{{ incl }}"; 19 | {% endfor %} 20 | -------------------------------------------------------------------------------- /bind-formula/bind/files/debian/named.conf.default-zones: -------------------------------------------------------------------------------- 1 | // prime the server with knowledge of the root servers 2 | zone "." { 3 | type hint; 4 | file "/usr/share/dns/root.hints"; 5 | }; 6 | 7 | // be authoritative for the localhost forward and reverse zones, and for 8 | // broadcast zones as per RFC 1912 9 | 10 | zone "localhost" { 11 | type master; 12 | file "/etc/bind/db.local"; 13 | }; 14 | 15 | zone "127.in-addr.arpa" { 16 | type master; 17 | file "/etc/bind/db.127"; 18 | }; 19 | 20 | zone "0.in-addr.arpa" { 21 | type master; 22 | file "/etc/bind/db.0"; 23 | }; 24 | 25 | zone "255.in-addr.arpa" { 26 | type master; 27 | file "/etc/bind/db.255"; 28 | }; 29 | 30 | 31 | -------------------------------------------------------------------------------- /bind-formula/bind/files/debian/named.conf.key: -------------------------------------------------------------------------------- 1 | # vim: sts=2 ts=2 sw=2 et ai 2 | // 3 | // Do any local configuration here 4 | // 5 | 6 | {% for key,args in salt['pillar.get']('bind:keys', {})|dictsort -%} 7 | key "{{ key }}" { 8 | algorithm {{ args['algorithm'] | default('HMAC-MD5.SIG-ALG.REG.INT') }}; 9 | secret "{{ args['secret'] }}"; 10 | }; 11 | {% endfor %} 12 | 13 | -------------------------------------------------------------------------------- /bind-formula/bind/files/debian/named.conf.options: -------------------------------------------------------------------------------- 1 | {%- set key_directory = salt['pillar.get']('bind:lookup:key_directory', key_directory) %} 2 | 3 | options { 4 | directory "{{ named_directory }}"; 5 | 6 | // If there is a firewall between you and nameservers you want 7 | // to talk to, you may need to fix the firewall to allow multiple 8 | // ports to talk. See http://www.kb.cert.org/vuls/id/800113 9 | 10 | // If your ISP provided one or more IP addresses for stable 11 | // nameservers, you probably want to use them as forwarders. 12 | // Uncomment the following block, and insert the addresses replacing 13 | // the all-0's placeholder. 14 | 15 | // forwarders { 16 | // 0.0.0.0; 17 | // }; 18 | 19 | auth-nxdomain no; # conform to RFC1035 20 | 21 | {%- if salt['pillar.get']('bind:config:ipv6', False) %} 22 | listen-on-v6 { {{ salt['pillar.get']('bind:config:ipv6_listen', 'any') }}; }; 23 | {%- endif -%} 24 | 25 | {%- if key_directory %} 26 | key-directory "{{ key_directory }}"; 27 | {%- endif -%} 28 | 29 | {#- Allow inclusion of arbitrary statements #} 30 | {%- for statement, value in salt['pillar.get']('bind:config:options', {})|dictsort -%} 31 | {%- if value is iterable and value is not string %} 32 | {{ statement }} { 33 | {%- for item in value %} 34 | {{ item }}; 35 | {%- endfor %} 36 | }; 37 | {%- else %} 38 | {{ statement }} {{ value }}; 39 | {%- endif %} 40 | {%- endfor %} 41 | }; 42 | -------------------------------------------------------------------------------- /bind-formula/bind/files/debian/rndc.conf: -------------------------------------------------------------------------------- 1 | options { 2 | default-key "{{salt['pillar.get']('bind:rndc_client:options:default:key', 'rndc_key') }}"; 3 | default-server "{{salt['pillar.get']('bind:rndc_client:options:default:server', 'localhost') }}"; 4 | default-port {{salt['pillar.get']('bind:rndc_client:options:default:port', '953') }}; 5 | }; 6 | 7 | 8 | {% for key,args in salt['pillar.get']('bind:rndc_client:server', {})|dictsort -%} 9 | server "{{ key }}" { 10 | key {{ args['key'] }}; 11 | }; 12 | {% endfor %} 13 | 14 | {% for key,args in salt['pillar.get']('bind:keys', {})|dictsort -%} 15 | key "{{ key }}" { 16 | algorithm {{ args['algorithm'] | default('HMAC-MD5.SIG-ALG.REG.INT') }}; 17 | secret "{{ args['secret'] }}"; 18 | }; 19 | {% endfor %} 20 | -------------------------------------------------------------------------------- /bind-formula/bind/files/freebsd/tty1.eu-empty-private-networks.conf: -------------------------------------------------------------------------------- 1 | zone "16.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 2 | zone "17.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 3 | zone "18.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 4 | zone "19.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 5 | zone "20.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 6 | zone "21.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 7 | zone "22.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 8 | zone "23.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 9 | zone "24.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 10 | zone "25.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 11 | zone "26.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 12 | zone "27.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 13 | zone "28.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 14 | zone "29.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 15 | zone "30.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 16 | zone "31.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; }; 17 | -------------------------------------------------------------------------------- /bind-formula/bind/files/named.conf.logging.jinja: -------------------------------------------------------------------------------- 1 | 2 | 3 | logging { 4 | 5 | {% for channel in salt['pillar.get']('bind:config:use_extensive_logging:channel') %} 6 | channel {{ channel }} { 7 | {%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':file', False) %} 8 | {%- set channel_file = salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':file') %} 9 | {%- set channel_versions = salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':versions', '3') %} 10 | {%- set channel_size = salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':size', '20m') %} 11 | file "{{ map.log_dir }}/{{ channel_file }}" versions {{ channel_versions }} size {{ channel_size }}; 12 | {%- endif %} 13 | {%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':print-time') %} 14 | print-time yes; 15 | {%- endif %} 16 | {%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':print-category') %} 17 | print-category yes; 18 | {%- endif %} 19 | {%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':print-severity') %} 20 | print-severity yes; 21 | {%- endif %} 22 | {%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':severity') %} 23 | severity {{ salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':severity') }}; 24 | {%- endif %} 25 | {%- if salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':syslog') %} 26 | syslog {{ salt['pillar.get']('bind:config:use_extensive_logging:channel:'+channel+':syslog') }}; 27 | {%- endif %} 28 | }; 29 | {% endfor %} 30 | 31 | {%- for category in salt['pillar.get']('bind:config:use_extensive_logging:category') %} 32 | category {{ category }} { {{ salt['pillar.get']('bind:config:use_extensive_logging:category:'+category, []) | join('; ') }}; }; 33 | 34 | {%- endfor %} 35 | 36 | }; 37 | -------------------------------------------------------------------------------- /bind-formula/bind/files/redhat/default: -------------------------------------------------------------------------------- 1 | {% set protocol = salt['pillar.get']('bind:config:protocol', False) -%} 2 | {% set param = [] -%} 3 | {% if protocol -%} 4 | {{ param.append('-' + protocol|string) }} 5 | {% endif -%} 6 | # ROOTDIR="/var/named/chroot" 7 | # KEYTAB_FILE="/dir/file" 8 | # DISABLE_ZONE_CHECKING 9 | OPTIONS="{{ param|join(' ') }}" 10 | -------------------------------------------------------------------------------- /bind-formula/bind/files/redhat/named.conf: -------------------------------------------------------------------------------- 1 | // 2 | // named.conf 3 | // 4 | // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS 5 | // server as a caching only nameserver (as a localhost DNS resolver only). 6 | // 7 | // See /usr/share/doc/bind*/sample/ for example named configuration files. 8 | // 9 | 10 | options { 11 | directory "{{ map.get('named_directory') }}"; 12 | dump-file "{{ map.get('named_directory') }}/data/cache_dump.db"; 13 | statistics-file "{{ map.get('named_directory') }}/data/named_stats.txt"; 14 | memstatistics-file "{{ map.get('named_directory') }}/data/named_mem_stats.txt"; 15 | 16 | {#- Allow inclusion of arbitrary statements #} 17 | {%- for statement, value in salt['pillar.get']('bind:config:options', map.get('options', {}))|dictsort -%} 18 | {%- if value is iterable and value is not string %} 19 | {{ statement }} { 20 | {%- for item in value %} 21 | {{ item }}; 22 | {%- endfor %} 23 | }; 24 | {%- else %} 25 | {{ statement }} {{ value }}; 26 | {%- endif %} 27 | {%- endfor %} 28 | 29 | /* Path to ISC DLV key */ 30 | bindkeys-file "/etc/named.iscdlv.key"; 31 | 32 | managed-keys-directory "{{ map.get('named_directory') }}/dynamic"; 33 | }; 34 | 35 | zone "." IN { 36 | type hint; 37 | file "named.ca"; 38 | }; 39 | 40 | include "/etc/named.rfc1912.zones"; 41 | include "{{ map.local_config }}"; 42 | include "/etc/named.root.key"; 43 | {%- for incl in salt['pillar.get']('bind:config:includes', []) %} 44 | include "{{ incl }}"; 45 | {% endfor %} 46 | -------------------------------------------------------------------------------- /bind-formula/bind/files/suse/default: -------------------------------------------------------------------------------- 1 | # This file is managed by salt - DO NOT EDIT! 2 | 3 | {% set protocol = salt['pillar.get']('bind:config:protocol', False) -%} 4 | {% set param = [] -%} 5 | {% if protocol -%} 6 | {{ param.append('-' + protocol|string) }} 7 | {% endif -%} 8 | 9 | ## Path: Network/DNS/Name Server 10 | ## Description: Names server settings 11 | 12 | ## Type: string 13 | ## Default: "" 14 | ## ServiceReload: named 15 | # NOTE: "named" are now protected/resticted by directives 16 | # in the "named.service" systemd unit files. 17 | # Therefore the NAMED_CONF_INCLUDE_FILES variable has been made obsolete 18 | 19 | ## Type: string 20 | ## Default: "" 21 | ## ServiceReload: named 22 | # 23 | # Programms to be executed each time the DNS server 'named' is started or 24 | # reloaded. 25 | # 26 | # Filenames can be relative to /usr/share/bind/. 27 | # 28 | NAMED_INITIALIZE_SCRIPTS="" 29 | 30 | ## Type: string 31 | ## Default: "" 32 | ## ServiceRestart: named 33 | # 34 | # Additional arguments when starting the name daemon 35 | # 36 | # For example "-n 2" to use two CPUs if named is unable to determine the 37 | # number of available CPUs. 38 | # 39 | # See man 8 named for all available commandline options. 40 | # 41 | # "-u named" is used in any case by the init script to run the named daemon as 42 | # user 'named' after completing privileged operations. 43 | # 44 | NAMED_ARGS="{{ param|join(' ') }}" 45 | 46 | ## Type: numeric 47 | ## Default: 512 48 | ## ServiceReload: named 49 | # 50 | # Keysize of rndc.key 51 | # 52 | RNDC_KEYSIZE=512 53 | 54 | {% if salt['grains.get']('osrelease') == '15.3' -%} 55 | ## Type: yesno 56 | ## Default: yes 57 | ## ServiceRestart: lwresd,named 58 | # 59 | # Shall the DNS server 'named' or the LightWeight RESolver Daemon, lwresd run 60 | # in the chroot jail /var/lib/named/? 61 | # 62 | # Each time you start one of the daemons with the init script, /etc/named.conf, 63 | # /etc/named.conf.include, /etc/rndc.key, and all files listed in 64 | # NAMED_CONF_INCLUDE_FILES will be copied relative to /var/lib/named/. 65 | # 66 | NAMED_RUN_CHROOTED="yes" 67 | 68 | ## Type: string 69 | ## Default: "" 70 | ## ServiceReload: named 71 | # 72 | # All mentioned config files will be copied relativ to /var/lib/named/, when 73 | # 'named' is started in the chroot jail. 74 | # 75 | # /etc/named.conf and /etc/rndc.key are always copied. Also all files from 76 | # include statements in named.conf. 77 | # 78 | # Filenames can be relative to /etc/named.d/. 79 | # 80 | # Please take care of the order if one file needs a setting of another. 81 | # 82 | # Example: "/etc/named-dhcpd.key ldap.dump rndc-access.conf" 83 | # 84 | NAMED_CONF_INCLUDE_FILES="{{ map.local_config }} {{ salt['pillar.get']('bind:config:includes', [])|join(' ') }}" 85 | 86 | # Programms to be executed each time the DNS server 'named' is started or 87 | # reloaded. 88 | # 89 | # Filenames can be relative to /usr/share/bind/. 90 | # 91 | NAMED_INITIALIZE_SCRIPTS="createNamedConfInclude" 92 | {% endif -%} 93 | -------------------------------------------------------------------------------- /bind-formula/bind/files/zone.jinja: -------------------------------------------------------------------------------- 1 | ; 2 | ; This file is managed/autogenerated by Salt, do not edit by hand!! 3 | ; Modify the values passed to the bind pillar instead. 4 | ; 5 | {%- set zone_serial = soa['serial'] %} 6 | {%- set serial_auto = zone_serial == 'auto' %} 7 | {%- set zone_ns = soa['ns'] %} 8 | {%- set zone_contact = soa['contact'] %} 9 | {%- set zone_class = soa['class'] if soa['class'] is defined else 'IN' %} 10 | {%- set zone_refresh = soa['refresh'] if soa['refresh'] is defined else '12h' %} 11 | {%- set zone_retry = soa['retry'] if soa['retry'] is defined else '15m' %} 12 | {%- set zone_expiry = soa['expiry'] if soa['expiry'] is defined else '2w' %} 13 | {%- set zone_nxdomain = soa['nxdomain'] if soa['nxdomain'] is defined else '1m' %} 14 | 15 | {% if not serial_auto or include %} 16 | {% if soa['ttl'] is defined %} 17 | $TTL {{ soa['ttl'] }} 18 | {% endif %} 19 | @ {{ zone_class }} SOA {{ zone_ns }} {{ zone_contact }} ( 20 | {{ salt['dnsutil.serial'](zone) if serial_auto else zone_serial }} ; serial 21 | {{ zone_refresh }} ; refresh 22 | {{ zone_retry }} ; retry 23 | {{ zone_expiry }} ; expiry 24 | {{ zone_nxdomain }} ; nxdomain ttl 25 | ); 26 | {%- endif %} 27 | 28 | {% if include %} 29 | $INCLUDE {{ include }} 30 | {% else %} 31 | {% for type, rrs in records|dictsort %} 32 | ; 33 | ; {{ type }} RRs 34 | ; 35 | {%- for host, data in rrs|dictsort %} 36 | {%- if data is number or data is string %} 37 | {{ host }} {{ type }} {{ data }} 38 | {%- elif data is iterable %} 39 | {%- for value in data %} 40 | {{ host }} {{ type }} {{ value }} 41 | {%- endfor %} 42 | {%- endif %} 43 | {%- endfor %} 44 | {% endfor %} 45 | {%- endif %} 46 | -------------------------------------------------------------------------------- /bind-formula/bind/install.sls: -------------------------------------------------------------------------------- 1 | {% from "bind/map.jinja" import map with context %} 2 | 3 | {%- set key_directory = salt['pillar.get']('bind:config:key_directory', map.key_directory) %} 4 | 5 | bind: 6 | pkg.installed: 7 | - pkgs: {{ map.pkgs|json }} 8 | service.running: 9 | - name: {{ map.service }} 10 | - enable: True 11 | - reload: True 12 | 13 | bind_key_directory: 14 | file.directory: 15 | - name: {{ key_directory }} 16 | - require: 17 | - pkg: bind 18 | -------------------------------------------------------------------------------- /bind-formula/bind/reverse_zone.jinja: -------------------------------------------------------------------------------- 1 | {%- macro generate_reverse(zone_records, net, for_zones, available_zones) %} 2 | {%- set res = {} %} 3 | {%- set net = salt['network.calc_net'](net) %} 4 | {% set for_zones = [ for_zones ] if for_zones is string else for_zones %} 5 | {% set for_zones = available_zones.keys() if for_zones|length == 1 and for_zones[0] == 'any' else for_zones %} 6 | {%- for zone in for_zones %} 7 | {%- set A_records = available_zones.get(zone, {}).get('records', {}).get('A', {}) %} 8 | {%- for name, addr_list in A_records|dictsort %} 9 | {%- set addr_list = [ addr_list ] if addr_list is string or addr_list is number else addr_list %} 10 | {%- for addr in addr_list %} 11 | {%- if salt['network.ip_in_subnet'](addr, net) %} 12 | {%- if name.endswith('.') %} 13 | {%- set full_name = name %} 14 | {%- else %} 15 | {%- set full_name = name + '.' + zone + '.' %} 16 | {%- endif %} 17 | {%- set rev_ip = '.'.join(addr.split('.')[::-1]) %} 18 | {%- do res.update({rev_ip + '.in-addr.arpa.': full_name}) %} 19 | {%- endif %} 20 | {%- endfor %} 21 | {%- endfor %} 22 | {%- endfor %} 23 | {%- do zone_records.update({'PTR': res }) %} 24 | {%- endmacro %} 25 | -------------------------------------------------------------------------------- /bind-formula/bind/utils.sls: -------------------------------------------------------------------------------- 1 | bind9-host: 2 | pkg.installed 3 | -------------------------------------------------------------------------------- /bind-formula/form.yml: -------------------------------------------------------------------------------- 1 | bind: 2 | $type: hidden-group 3 | 4 | config: 5 | $type: group 6 | options: 7 | $type: edit-group 8 | $optional: True 9 | $prototype: 10 | $type: text 11 | $key: 12 | $type: text 13 | $name: Option 14 | include_forwarders: 15 | $type: boolean 16 | $default: false 17 | 18 | configured_zones: 19 | $type: edit-group 20 | $minItems: 1 21 | $itemName: Zone ${i} 22 | $prototype: 23 | $type: group 24 | $key: 25 | $type: text 26 | $name: Name 27 | type: 28 | $type: select 29 | $values: ["master", "slave"] 30 | $default: master 31 | notify: 32 | $type: boolean 33 | $default: False 34 | 35 | available_zones: 36 | $type: edit-group 37 | $minItems: 1 38 | $itemName: Zone ${i} 39 | $prototype: 40 | $type: group 41 | $key: 42 | $type: text 43 | $name: Name 44 | file: 45 | $type: text 46 | soa: 47 | $name: SOA 48 | $type: group 49 | ns: 50 | $name: NS 51 | $type: text 52 | $placeholder: ns@zone 53 | $ifEmpty: ns 54 | contact: 55 | $type: text 56 | $placeholder: admin@domain 57 | $ifEmpty: root@localhost 58 | serial: 59 | $default: auto 60 | $ifEmpty: auto 61 | class: 62 | $default: IN 63 | refresh: 64 | $default: 8600 65 | $type: number 66 | retry: 67 | $default: 900 68 | $type: number 69 | expiry: 70 | $default: 86000 71 | $type: number 72 | nxdomain: 73 | $name: NXDOMAIN 74 | $default: 500 75 | $type: number 76 | ttl: 77 | $name: TTL 78 | $default: 8600 79 | $type: number 80 | records: 81 | $type: group 82 | A: 83 | $type: edit-group 84 | $optional: true 85 | $minItems: 0 86 | $prototype: 87 | $key: 88 | $type: text 89 | $name: Hostname 90 | $type: text 91 | $name: IP address 92 | NS: 93 | $name: NS 94 | $type: group 95 | $optional: true 96 | '@': 97 | $type: edit-group 98 | $minItems: 0 99 | $prototype: 100 | $type: text 101 | CNAME: 102 | $name: CNAME 103 | $type: edit-group 104 | $optional: true 105 | $minItems: 0 106 | $prototype: 107 | $key: 108 | $type: text 109 | $name: Alias 110 | $type: text 111 | $name: Hostname 112 | generate_reverse: 113 | $type: group 114 | $optional: true 115 | net: 116 | $name: Network 117 | $optional: true 118 | for_zones: 119 | $type: edit-group 120 | $optional: true 121 | $minItems: 0 122 | $prototype: 123 | $type: text 124 | -------------------------------------------------------------------------------- /bind-formula/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Settings for bind nameserver 3 | group: general_system_configuration 4 | after: 5 | - branch-network -------------------------------------------------------------------------------- /bind-formula/pillar.example.smr: -------------------------------------------------------------------------------- 1 | bind: 2 | configured_zones: 3 | branch1.smr.suse.cz: # First domain zone 4 | type: master # We're the master of this zone 5 | notify: False 6 | 7 | 128.168.192.in-addr.arpa: # Reverse lookup for local IPs 8 | type: master # As above 9 | notify: False 10 | 11 | 12 | ### Define zone records in pillar ### 13 | available_zones: 14 | branch1.smr.suse.cz: 15 | file: branch1.txt 16 | soa: # Declare the SOA RRs for the zone 17 | ns: branchserver1.branch1.smr.suse.cz # Required 18 | contact: hostmaster.smr.suse.cz # Required 19 | serial: auto # Required 20 | class: IN # Optional. Default: IN 21 | refresh: 8600 # Optional. Default: 12h 22 | retry: 900 # Optional. Default: 15m 23 | expiry: 86000 # Optional. Default: 2w 24 | nxdomain: 500 # Optional. Default: 1m 25 | ttl: 8600 # Optional. Not set by default 26 | records: # Records for the zone, grouped by type 27 | A: 28 | branchserver1: 192.168.128.1 29 | salt: 10.100.24.130 30 | 31 | NS: 32 | '@': 33 | - branchserver1 34 | CNAME: 35 | ftp: branchserver1.branch1.smr.suse.cz. 36 | tftp: branchserver1.branch1.smr.suse.cz. 37 | dns: branchserver1.branch1.smr.suse.cz. 38 | dhcp: branchserver1.branch1.smr.suse.cz. 39 | 40 | 41 | 128.168.192.in-addr.arpa: 42 | file: branch1-rev.txt 43 | soa: # Declare the SOA RRs for the zone 44 | ns: branchserver1.branch1.smr.suse.cz # Required 45 | contact: hostmaster.smr.suse.cz # Required 46 | serial: auto # Required 47 | class: IN # Optional. Default: IN 48 | refresh: 8600 # Optional. Default: 12h 49 | retry: 900 # Optional. Default: 15m 50 | expiry: 86000 # Optional. Default: 2w 51 | nxdomain: 500 # Optional. Default: 1m 52 | ttl: 8600 # Optional. Not set by default 53 | records: # Records for the zone, grouped by type 54 | NS: 55 | '@': 56 | - branchserver1.branch1.smr.suse.cz. 57 | generate_reverse: # take all A records from branch1.smr.suse.cz that are in 192.168.128.0/24 subnet 58 | net: 192.168.128.0/24 # and generate reverse records for them 59 | for_zones: 60 | - branch1.smr.suse.cz # branch1.smr.suse.cz is a zone defined in pillar, see above 61 | -------------------------------------------------------------------------------- /cpu-mitigations-formula/metadata/form.yml: -------------------------------------------------------------------------------- 1 | mitigations: 2 | $type: group 3 | 4 | name: 5 | $type: select 6 | $values: ["Auto", 7 | "Auto + No SMT", 8 | "Off", 9 | "Manual" 10 | ] 11 | $default: Auto 12 | -------------------------------------------------------------------------------- /cpu-mitigations-formula/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Settings for kernel options for performance/security. 3 | group: security_configuration 4 | -------------------------------------------------------------------------------- /cpu-mitigations-formula/metadata/pillar.example: -------------------------------------------------------------------------------- 1 | # Options are: 'Auto', 'Auto + No SMT', 'Off', 'Manual' 2 | mitigations: 3 | name: Auto 4 | -------------------------------------------------------------------------------- /cpu-mitigations-formula/states/init.sls: -------------------------------------------------------------------------------- 1 | # This state configures cpu mitigation kernel parameters via the grub conf. 2 | {% from "cpu-mitigations/map.jinja" import map with context %} 3 | {%- set selected = salt['pillar.get']('mitigations:name', 'Auto') %} 4 | 5 | # check for supported os version 6 | {%- set supported_vers = ['42.3', '12.3', '12.4', '12.5'] %} 7 | 8 | {%- set supported = (grains['os_family'] == 'Suse' and (grains['osrelease'] in supported_vers or grains['osmajorrelease'] >= 15)) %} 9 | 10 | {% if supported %} 11 | # Change the mitigations parameters for the kernel 12 | remove_mitigations: 13 | file.replace: 14 | - name: /etc/default/grub 15 | - pattern: ^GRUB_CMDLINE_LINUX_DEFAULT="(.*?)(?:\s*)mitigations=(?:auto,nosmt|off|auto)(.*?)" 16 | - repl: GRUB_CMDLINE_LINUX_DEFAULT="\1\2" 17 | - unless: 18 | - 'grep "{{ map.cpu_opt.get(selected).get('kernel') }}[ \"]" /etc/default/grub' 19 | 20 | add_mitigation_option: 21 | file.replace: 22 | - name: /etc/default/grub 23 | - pattern: ^GRUB_CMDLINE_LINUX_DEFAULT="([^"]*)" 24 | {% if selected == 'Manual' %} 25 | - repl: GRUB_CMDLINE_LINUX_DEFAULT="\1" 26 | {% else %} 27 | - repl: GRUB_CMDLINE_LINUX_DEFAULT="\1{{ map.cpu_opt.get(selected).get('kernel') }}" 28 | {% endif %} #manual 29 | - unless: 30 | - 'grep "{{ map.cpu_opt.get(selected).get('kernel') }}[ \"]" /etc/default/grub' 31 | 32 | # Change the mitigations for the Xen hypervisor if present 33 | {% set xen_bool_false = "\(no\|off\|false\|0\|disable\)" %} 34 | {% set xen_specctrl = map.cpu_opt.get(selected).get('xen').get('spec-ctrl', True) %} 35 | remove_xen_specctrl: 36 | file.replace: 37 | - name: /etc/default/grub 38 | - pattern: ^GRUB_CMDLINE_XEN="(.*?)(?:\s*) (?:no)?spec-ctrl(?:=(?:no|off|false|0|disable))(.*?)" 39 | - repl: GRUB_CMDLINE_XEN="\1\2" 40 | - onlyif: 41 | - 'test "True" == "{{ xen_specctrl }}" && grep "GRUB_CMDLINE_XEN=.*nospec-ctrl\|spec-ctrl={{ xen_bool_false }}" /etc/default/grub && test -e /boot/xen.gz' 42 | 43 | {% set xen_smt = map.cpu_opt.get(selected).get('xen').get('smt', True) %} 44 | remove_xen_smt: 45 | file.replace: 46 | - name: /etc/default/grub 47 | - pattern: ^GRUB_CMDLINE_XEN="(.*?)(?:\s*) (?:no)?smt(?:=(?:no|off|false|0|disable))(.*?)" 48 | - repl: GRUB_CMDLINE_XEN="\1\2" 49 | - onlyif: 50 | - 'test "True" == "{{ xen_smt }}" && grep "GRUB_CMDLINE_XEN=.*nosmt\|smt={{ xen_bool_false }}" /etc/default/grub && test -e /boot/xen.gz' 51 | 52 | add_xen_specctrl_option: 53 | file.replace: 54 | - name: /etc/default/grub 55 | - pattern: ^GRUB_CMDLINE_XEN="([^"]*)" 56 | - repl: GRUB_CMDLINE_XEN="\1 spec-ctrl=no" 57 | - onlyif: 58 | - 'test "False" == "{{ xen_specctrl }}" -a -e /boot/xen.gz' 59 | - unless: 60 | - 'grep "GRUB_CMDLINE_XEN=.*nospec-ctrl\|spec-ctrl={{ xen_bool_false }}" /etc/default/grub' 61 | 62 | add_xen_smt_option: 63 | file.replace: 64 | - name: /etc/default/grub 65 | - pattern: ^GRUB_CMDLINE_XEN="([^"]*)" 66 | - repl: GRUB_CMDLINE_XEN="\1 smt=no" 67 | - onlyif: 68 | - 'test "False" == "{{ xen_smt }}" -a -e /boot/xen.gz' 69 | - unless: 70 | - 'grep "GRUB_CMDLINE_XEN=.*nosmt\|smt={{ xen_bool_false }}" /etc/default/grub' 71 | 72 | rebuild_grub_conf: 73 | cmd.run: 74 | - name: grub2-mkconfig -o /boot/grub2/grub.cfg 75 | - onchanges: 76 | - file: remove_mitigations 77 | - file: add_mitigation_option 78 | - file: remove_xen_smt 79 | - file: remove_xen_specctrl 80 | - file: add_xen_specctrl_option 81 | - file: add_xen_smt_option 82 | {% endif %} #supported 83 | -------------------------------------------------------------------------------- /cpu-mitigations-formula/states/map.jinja: -------------------------------------------------------------------------------- 1 | {% set map = { 2 | 'cpu_opt': { 3 | 'Auto' : { 4 | 'kernel': ' mitigations=auto', 5 | 'xen': { 6 | }, 7 | }, 8 | 'Auto + No SMT' : { 9 | 'kernel': ' mitigations=auto,nosmt', 10 | 'xen': { 11 | 'smt': False 12 | }, 13 | }, 14 | 'Off' : { 15 | 'kernel': ' mitigations=off', 16 | 'xen': { 17 | 'spec-ctrl': False, 18 | }, 19 | }, 20 | 'Manual' : { 21 | 'kernel': '', 22 | 'xen': '', 23 | }, 24 | }, 25 | } 26 | %} 27 | -------------------------------------------------------------------------------- /dhcpd-formula/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013-2015 Salt Stack Formulas 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /dhcpd-formula/README.rst: -------------------------------------------------------------------------------- 1 | dhcpd 2 | ===== 3 | 4 | Formula to install, configure and start dhcpd. 5 | 6 | .. note:: 7 | 8 | See the full `Salt Formulas installation and usage instructions 9 | `_. 10 | 11 | Available states 12 | ================ 13 | 14 | .. contents:: 15 | :local: 16 | 17 | ``dhcpd`` 18 | --------- 19 | 20 | Install and turn on dhcpd. 21 | 22 | .. note:: 23 | 24 | To have more pythonic variables the dashes ('-') in their names 25 | are replaced with underscores ('_') so 'dynamic-bootp' becomes 26 | 'dynamic_bootp' in pillar[dhcpd]. 27 | 28 | ``dhcpd.config`` 29 | ---------------- 30 | 31 | Manage configuration for dhcpd. 32 | See ``pillar.example`` for pillar-data for a sample configuration. 33 | 34 | Note 35 | ==== 36 | Repackaged from https://github.com/saltstack-formulas/dhcpd-formula -------------------------------------------------------------------------------- /dhcpd-formula/dhcpd-formula.changes: -------------------------------------------------------------------------------- 1 | ------------------------------------------------------------------- 2 | Thu Jan 6 14:40:03 UTC 2022 - Michael Calmer 3 | 4 | - Update to version 0.1.1641480250.d5bd14c 5 | * make routers option optional 6 | 7 | ------------------------------------------------------------------- 8 | Wed Feb 10 11:46:42 UTC 2021 - Vladimir Nadvornik 9 | 10 | - Add arm64 support 11 | - Update to version 0.1.1615805990.f15c8d9 12 | 13 | ------------------------------------------------------------------- 14 | Thu Feb 27 10:24:53 UTC 2020 - Vladimir Nadvornik 15 | 16 | - UEFI HTTPBoot support 17 | - Changed default of filename_efi to shim.efi for secure boot 18 | - Update to version 0.1.1583829431.db6edda 19 | 20 | ------------------------------------------------------------------- 21 | Tue Sep 17 14:53:21 UTC 2019 - Ondrej Holecek 22 | 23 | - Update to version 0.1.1568808472.be9f236 24 | - Update formula to upstream version hash e041d03bb 25 | 26 | ------------------------------------------------------------------- 27 | Thu May 23 13:54:24 UTC 2019 - Ondrej Holecek 28 | 29 | - Updated copyrights and bug reporting link 30 | - Update to version 0.1.1558613789.64ba093 31 | 32 | ------------------------------------------------------------------- 33 | Fri Mar 29 14:25:08 UTC 2019 - nadvornik@suse.com 34 | 35 | - UEFI PXE support 36 | 37 | ------------------------------------------------------------------- 38 | Tue Sep 25 14:00:12 UTC 2018 - Ondrej Holecek 39 | 40 | - Form hardware address clarification (bsc#1106243) 41 | 42 | ------------------------------------------------------------------- 43 | Fri Jun 15 09:27:46 UTC 2018 - oholecek@suse.com 44 | 45 | - Allow hosts to be specified under specific subnet 46 | 47 | ------------------------------------------------------------------- 48 | Mon Jun 11 11:02:11 UTC 2018 - oholecek@suse.com 49 | 50 | - Mark domain name as optional in form 51 | 52 | ------------------------------------------------------------------- 53 | Fri Jun 1 16:54:47 UTC 2018 - oholecek@suse.com 54 | 55 | - Update form.yml to use edit-groups 56 | - Remove no longer needed local changes 57 | - Update formula from upstream: 58 | * 1bfce299 Add support for several config options 59 | * 6e2941f5 add domain-search option 60 | * 5b64a734 class and subnet pool minor fixes / additions 61 | * cb98ea91 add option next-server for hosts in dhcpd.conf 62 | 63 | ------------------------------------------------------------------- 64 | Sun Mar 18 16:04:52 UTC 2018 - oholecek@suse.com 65 | 66 | - Add 'after' tag to metada to ensure correct order 67 | - see also bsc#1083326 68 | - Replace dict.has_key by key in dict to support python3 69 | - Update dhcpd from upstream 70 | - commits: 71 | * 1862e37 Add sysconfig file for SUSE 72 | * e698297 Bugfix: Remove quotes from subnet-mask directive 73 | * 159d52b Formatting tweaks 74 | * fcf92c0 Add key directive 75 | * 2ee9710 Modifications to allow/deny directives 76 | * e3c9844 Add directives: router, update-static-leases, subnet-mask, ddns-domainname 77 | * eeeee2a add domain-search option 78 | * 1cdbc02 Add allow, deny and max-lease-time options for pool under subnet 79 | 80 | ------------------------------------------------------------------- 81 | Tue May 30 08:35:07 UTC 2017 - oholecek@suse.com 82 | 83 | - Initial package 84 | -------------------------------------------------------------------------------- /dhcpd-formula/dhcpd-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package dhcpd-formula 3 | # 4 | # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | %define fname dhcpd 20 | %define fdir %{_datadir}/susemanager/formulas 21 | Name: dhcpd-formula 22 | Version: 0.1 23 | Release: 0 24 | Summary: Salt formula for configuring and running DHCP server 25 | License: Apache-2.0 26 | Group: System/Packages 27 | Url: https://github.com/saltstack-formulas/dhcpd-formula/ 28 | Source: dhcpd-formula-%{version}.tar.xz 29 | BuildRoot: %{_tmppath}/%{name}-%{version}-build 30 | BuildArch: noarch 31 | 32 | %description 33 | Salt formula for managing configuration and running of DHCP server. 34 | 35 | %prep 36 | %setup -q 37 | 38 | %build 39 | 40 | %install 41 | mkdir -p %{buildroot}%{fdir}/states/%{fname} 42 | mkdir -p %{buildroot}%{fdir}/metadata/%{fname} 43 | cp -R dhcpd/* %{buildroot}%{fdir}/states/%{fname} 44 | cp -R metadata/* %{buildroot}%{fdir}/metadata/%{fname} 45 | cp LICENSE %{buildroot}%{fdir}/metadata/%{fname} 46 | 47 | %files 48 | %defattr(-,root,root) 49 | %dir %{_datadir}/susemanager 50 | %dir %{fdir} 51 | %dir %{fdir}/states 52 | %dir %{fdir}/metadata 53 | %{fdir}/states/%{fname} 54 | %{fdir}/metadata/%{fname} 55 | 56 | %changelog 57 | -------------------------------------------------------------------------------- /dhcpd-formula/dhcpd/config.sls: -------------------------------------------------------------------------------- 1 | {% from "dhcpd/map.jinja" import dhcpd with context %} 2 | 3 | include: 4 | - dhcpd 5 | 6 | dhcpd.conf: 7 | file.managed: 8 | - name: {{ dhcpd.config }} 9 | - source: salt://dhcpd/files/dhcpd.conf 10 | # apparmor limits dhcpd to its config dir, so copy the file there 11 | - check_cmd: | 12 | sh -c ' 13 | export TMPDIR=$(dirname "{{ dhcpd.config }}") ; 14 | TMPFILE="$(mktemp)" ; 15 | cp "$0" "${TMPFILE}" ; 16 | dhcpd -t -cf "${TMPFILE}" ; 17 | ERROR="$?" ; 18 | rm -f "${TMPFILE}" ; 19 | exit $ERROR ' 20 | - template: jinja 21 | - user: root 22 | {% if 'BSD' in salt['grains.get']('os') %} 23 | - group: wheel 24 | {% else %} 25 | - group: root 26 | {% endif %} 27 | - mode: 644 28 | - watch_in: 29 | - service: dhcpd 30 | - require: 31 | - pkg: dhcpd 32 | 33 | {% if dhcpd.service_config is defined %} 34 | 35 | service_config: 36 | file.managed: 37 | - name: {{ dhcpd.service_config }} 38 | - source: {{ 'salt://dhcpd/files/service_config.' ~ salt['grains.get']('os_family') }} 39 | - makedirs: True 40 | - template: jinja 41 | - user: root 42 | {% if 'BSD' in salt['grains.get']('os') %} 43 | - group: wheel 44 | {% else %} 45 | - group: root 46 | {% endif %} 47 | - mode: 644 48 | - watch_in: 49 | - service: dhcpd 50 | 51 | {% endif %} 52 | -------------------------------------------------------------------------------- /dhcpd-formula/dhcpd/files/dhcpd.sample: -------------------------------------------------------------------------------- 1 | # dhcpd.conf 2 | # 3 | # Sample configuration file for ISC dhcpd 4 | # 5 | 6 | # option definitions common to all supported networks... 7 | option domain-name "example.org"; 8 | option domain-name-servers ns1.example.org, ns2.example.org; 9 | 10 | default-lease-time 600; 11 | max-lease-time 7200; 12 | 13 | # Use this to enble / disable dynamic dns updates globally. 14 | #ddns-update-style none; 15 | 16 | # If this DHCP server is the official DHCP server for the local 17 | # network, the authoritative directive should be uncommented. 18 | #authoritative; 19 | 20 | # Use this to send dhcp log messages to a different log file (you also 21 | # have to hack syslog.conf to complete the redirection). 22 | log-facility local7; 23 | 24 | # No service will be given on this subnet, but declaring it helps the 25 | # DHCP server to understand the network topology. 26 | 27 | subnet 10.152.187.0 netmask 255.255.255.0 { 28 | } 29 | 30 | # This is a very basic subnet declaration. 31 | 32 | subnet 10.254.239.0 netmask 255.255.255.224 { 33 | range 10.254.239.10 10.254.239.20; 34 | option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; 35 | } 36 | 37 | # This declaration allows BOOTP clients to get dynamic addresses, 38 | # which we don't really recommend. 39 | 40 | subnet 10.254.239.32 netmask 255.255.255.224 { 41 | range dynamic-bootp 10.254.239.40 10.254.239.60; 42 | option broadcast-address 10.254.239.31; 43 | option routers rtr-239-32-1.example.org; 44 | } 45 | 46 | # A slightly different configuration for an internal subnet. 47 | subnet 10.5.5.0 netmask 255.255.255.224 { 48 | range 10.5.5.26 10.5.5.30; 49 | option domain-name-servers ns1.internal.example.org; 50 | option domain-name "internal.example.org"; 51 | option routers 10.5.5.1; 52 | option broadcast-address 10.5.5.31; 53 | default-lease-time 600; 54 | max-lease-time 7200; 55 | } 56 | 57 | # Hosts which require special configuration options can be listed in 58 | # host statements. If no address is specified, the address will be 59 | # allocated dynamically (if possible), but the host-specific information 60 | # will still come from the host declaration. 61 | 62 | host passacaglia { 63 | hardware ethernet 0:0:c0:5d:bd:95; 64 | filename "vmunix.passacaglia"; 65 | server-name "toccata.fugue.com"; 66 | } 67 | 68 | # Fixed IP addresses can also be specified for hosts. These addresses 69 | # should not also be listed as being available for dynamic assignment. 70 | # Hosts for which fixed IP addresses have been specified can boot using 71 | # BOOTP or DHCP. Hosts for which no fixed address is specified can only 72 | # be booted with DHCP, unless there is an address range on the subnet 73 | # to which a BOOTP client is connected which has the dynamic-bootp flag 74 | # set. 75 | host fantasia { 76 | hardware ethernet 08:00:07:26:c0:a5; 77 | fixed-address fantasia.fugue.com; 78 | } 79 | 80 | # You can declare a class of clients and then do address allocation 81 | # based on that. The example below shows a case where all clients 82 | # in a certain class get addresses on the 10.17.224/24 subnet, and all 83 | # other clients get addresses on the 10.0.29/24 subnet. 84 | 85 | class "foo" { 86 | match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; 87 | } 88 | 89 | shared-network 224-29 { 90 | subnet 10.17.224.0 netmask 255.255.255.0 { 91 | option routers rtr-224.example.org; 92 | } 93 | subnet 10.0.29.0 netmask 255.255.255.0 { 94 | option routers rtr-29.example.org; 95 | } 96 | pool { 97 | allow members of "foo"; 98 | range 10.17.224.10 10.17.224.250; 99 | } 100 | pool { 101 | deny members of "foo"; 102 | range 10.0.29.10 10.0.29.230; 103 | } 104 | } 105 | -------------------------------------------------------------------------------- /dhcpd-formula/dhcpd/files/host.jinja: -------------------------------------------------------------------------------- 1 | {%- if 'comment' in config %} 2 | {%- for line in config.comment.splitlines() %} 3 | # {{ line }} 4 | {%- endfor %} 5 | {%- endif %} 6 | host {{ host }} { 7 | {%- if 'allow' in config %} 8 | {%- if config.allow is iterable and config.allow is not string %} 9 | {%- for item in config.allow %} 10 | allow {{ item }}; 11 | {%- endfor %} 12 | {%- else %} 13 | allow {{ config.allow }}; 14 | {%- endif %} 15 | {%- endif %} 16 | {%- if 'deny' in config %} 17 | {%- if config.deny is iterable and config.deny is not string %} 18 | {%- for item in config.deny %} 19 | deny {{ item }}; 20 | {%- endfor %} 21 | {%- else %} 22 | deny {{ config.deny }}; 23 | {%- endif %} 24 | {%- endif %} 25 | {%- if 'hardware' in config %} 26 | hardware {{ config.hardware }}; 27 | {%- endif %} 28 | {%- if 'fixed_address' in config %} 29 | fixed-address {{ config.fixed_address }}; 30 | {%- endif %} 31 | {%- if 'filename_http' in config %} 32 | if substring (option vendor-class-identifier, 0, 10) = "HTTPClient" { 33 | option vendor-class-identifier "HTTPClient"; 34 | filename "{{ config.filename_http }}"; 35 | } 36 | else { 37 | {%- endif %} 38 | {%- if 'filename_efi' in config %} 39 | if option arch = 00:07 or option arch = 00:0b { 40 | filename "{{ config.filename_efi }}"; 41 | {%- if 'filename' in config %} 42 | } else { 43 | filename "{{ config.filename }}"; 44 | {%- endif %} 45 | } 46 | {%- elif 'filename' in config %} 47 | filename "{{ config.filename }}"; 48 | {%- endif %} 49 | {%- if 'next_server' in config %} 50 | next-server {{ config.next_server }}; 51 | {%- endif %} 52 | {%- if 'filename_http' in config %} 53 | } 54 | {%- endif %} 55 | {%- if 'server_name' in config %} 56 | server-name "{{ config.server_name }}"; 57 | {%- endif %} 58 | {%- if 'host_name' in config %} 59 | option host-name "{{ config.host_name }}"; 60 | {%- endif %} 61 | {%- for option in customized.keys() %} 62 | {%- if option in config %} 63 | {%- if customized[option]['type'] in types_to_quote %} {% set quote = dquote %} {%- endif %} 64 | option {{ option|replace('_', '-') }} {{ quote }}{{ config.get(option) }}{{ quote }}; 65 | {%- endif %} 66 | {%- endfor %} 67 | } 68 | -------------------------------------------------------------------------------- /dhcpd-formula/dhcpd/files/service_config.Debian: -------------------------------------------------------------------------------- 1 | # SaltStack-generated demon configuration file for ISC dhcpd 2 | 3 | # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). 4 | #DHCPD_CONF=/etc/dhcp/dhcpd.conf 5 | 6 | # Path to dhcpd's PID file (default: /var/run/dhcpd.pid). 7 | #DHCPD_PID=/var/run/dhcpd.pid 8 | 9 | # Additional options to start dhcpd with. 10 | # Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead 11 | #OPTIONS="" 12 | 13 | # On what interfaces should the DHCP server (dhcpd) serve DHCP requests? 14 | # Separate multiple interfaces with spaces, e.g. "eth0 eth1". 15 | INTERFACES="{{ ' '.join(salt['pillar.get']('dhcpd:listen_interfaces', [])) }}" 16 | -------------------------------------------------------------------------------- /dhcpd-formula/dhcpd/files/service_config.FreeBSD: -------------------------------------------------------------------------------- 1 | # SaltStack-generated demon configuration file for ISC dhcpd 2 | 3 | dhcpd_ifaces="{{ ' '.join(salt['pillar.get']('dhcpd:listen_interfaces', [])) }}" 4 | -------------------------------------------------------------------------------- /dhcpd-formula/dhcpd/files/subnet.jinja: -------------------------------------------------------------------------------- 1 | {%- if 'comment' in config %} 2 | {%- for line in config['comment'].splitlines() %} 3 | # {{ line }} 4 | {%- endfor %} 5 | {%- endif %} 6 | subnet {{ subnet }} netmask {{ config.netmask }} { 7 | {%- if 'use_host_decl_names' in config %} 8 | use-host-decl-names {{ config.use_host_decl_names }}; 9 | {%- endif %} 10 | {%- if 'range' in config %} 11 | {%- if 'dynamic_bootp' in config and config.dynamic_bootp %} 12 | range dynamic-bootp {{ config.range[0] }} {{ config.range[1] }}; 13 | {%- else %} 14 | range {{ config.range[0] }} {{ config.range[1] }}; 15 | {%- endif %} 16 | {%- endif %} 17 | {%- if 'broadcast_address' in config %} 18 | option broadcast-address {{ config['broadcast_address'] }}; 19 | {%- endif %} 20 | {%- if 'domain_name_servers' in config %} 21 | option domain-name-servers {{ config['domain_name_servers']|join(',') }}; 22 | {%- endif %} 23 | {%- if 'netbios_name_servers' in config %} 24 | option netbios-name-servers {{ config['netbios_name_servers']|join(',') }}; 25 | {%- endif %} 26 | {%- if 'ntp_servers' in config %} 27 | option ntp-servers {{ config['ntp_servers']|join(',') }}; 28 | {%- endif %} 29 | {%- if 'lpr_servers' in config %} 30 | option lpr-servers {{ config['lpr_servers']|join(',') }}; 31 | {%- endif %} 32 | {%- if 'irc_server' in config %} 33 | option irc-server {{ config['irc_server']|join(',') }}; 34 | {%- endif %} 35 | {%- if 'tftp_server_name' in config %} 36 | option tftp-server-name "{{ config['tftp_server_name'] }}"; 37 | {%- endif %} 38 | {%- if 'smtp_server' in config %} 39 | option smtp-server {{ config['smtp_server'] }}; 40 | {%- endif %} 41 | {%- if 'domain_name' in config %} 42 | option domain-name "{{ config['domain_name'] }}"; 43 | {%- endif %} 44 | {%- if 'domain_search' in config %} 45 | option domain-search "{{ config['domain_search']|join('","') }}"; 46 | {%- endif %} 47 | 48 | {%- set els = '' %} 49 | {%- if 'filename_http_arm64' in config %} 50 | if substring (option vendor-class-identifier, 0, 10) = "HTTPClient" and option arch = 00:13 { 51 | option vendor-class-identifier "HTTPClient"; 52 | filename "{{ config.filename_http_arm64 }}"; 53 | } 54 | {%- set els = 'els' %} 55 | {%- endif %} 56 | {%- if 'filename_http' in config %} 57 | {{ els }}if substring (option vendor-class-identifier, 0, 10) = "HTTPClient" { 58 | option vendor-class-identifier "HTTPClient"; 59 | filename "{{ config.filename_http }}"; 60 | } 61 | {%- set els = 'els' %} 62 | {%- endif %} 63 | {%- if 'next_server' in config %} 64 | {%- if 'filename_efi_arm64' in config %} 65 | {{ els }}if option arch = 00:0b { 66 | filename "{{ config.filename_efi_arm64 }}"; 67 | next-server {{ config['next_server'] }}; 68 | } 69 | {%- set els = 'els' %} 70 | {%- endif %} 71 | {%- if 'filename_efi' in config %} 72 | {{ els }}if option arch = 00:07 { 73 | filename "{{ config.filename_efi }}"; 74 | next-server {{ config['next_server'] }}; 75 | } 76 | {%- set els = 'els' %} 77 | {%- endif %} 78 | {%- if 'filename' in config %} 79 | {%- if els %} 80 | else { 81 | filename "{{ config.filename }}"; 82 | next-server {{ config['next_server'] }}; 83 | } 84 | {%- else %} 85 | filename "{{ config.filename }}"; 86 | next-server {{ config['next_server'] }}; 87 | {%- endif %} 88 | {%- endif %} 89 | {%- endif %} 90 | 91 | {%- if 'default_lease_time' in config %} 92 | default-lease-time {{ config['default_lease_time'] }}; 93 | {%- endif %} 94 | {%- if 'max_lease_time' in config %} 95 | max-lease-time {{ config['max_lease_time'] }}; 96 | {%- endif %} 97 | {%- if 'routers' in config and config.routers is string %} 98 | option routers {{ config.routers }}; 99 | {%- elif 'routers' in config and config.routers is sequence %} 100 | option routers 101 | {%- for router in config.routers %} {{ router }} 102 | {%- if not loop.last %},{% else %};{% endif %} 103 | {%- endfor %} 104 | {%- endif %} 105 | {%- for option in customized.keys() %} 106 | {%- if option in config %} 107 | {%- if customized[option]['type'] in types_to_quote %} {% set quote = dquote %} {%- endif %} 108 | option {{ option|replace('_', '-') }} {{ quote }}{{ config.get(option) }}{{ quote }}; 109 | {%- endif %} 110 | {%- endfor %} 111 | {%- for pool in salt['pillar.get']('dhcpd:subnets:{0}:pools'.format(subnet), []) %} 112 | pool { 113 | {%- if 'failover_peer' in pool %} 114 | failover peer "{{ pool['failover_peer'] }}"; 115 | {%- endif %} 116 | {%- if 'max_lease_time' in pool %} 117 | max-lease-time {{ pool.max_lease_time }}; 118 | {%- endif %} 119 | {%- if 'range' in pool %} 120 | range {{ pool.range[0] }} {{ pool.range[1] }}; 121 | {%- endif %} 122 | {%- if 'allow' in pool %} 123 | allow {{ pool.allow }}; 124 | {%- elif 'deny' in pool %} 125 | deny {{ pool.deny }}; 126 | {%- endif %} 127 | } 128 | {%- endfor %} 129 | {%- for host, config in salt['pillar.get']('dhcpd:subnets:{0}:hosts'.format(subnet), {}).items() %} 130 | {%- filter indent(width=2) %} 131 | {% include 'dhcpd/files/host.jinja' with context %} 132 | {%- endfilter %} 133 | {%- endfor %} 134 | } 135 | -------------------------------------------------------------------------------- /dhcpd-formula/dhcpd/init.sls: -------------------------------------------------------------------------------- 1 | {% from "dhcpd/map.jinja" import dhcpd with context %} 2 | 3 | include: 4 | - dhcpd.config 5 | 6 | dhcpd: 7 | pkg.installed: 8 | - name: {{ dhcpd.server }} 9 | {% if dhcpd.enable is defined and not dhcpd.enable %} 10 | service.dead: 11 | - name: {{ dhcpd.service }} 12 | - enable: False 13 | {% else %} 14 | service.running: 15 | - name: {{ dhcpd.service }} 16 | - enable: True 17 | - require: 18 | - pkg: {{ dhcpd.server }} 19 | - require: 20 | - file: {{ dhcpd.config }} 21 | {% endif %} 22 | -------------------------------------------------------------------------------- /dhcpd-formula/dhcpd/map.jinja: -------------------------------------------------------------------------------- 1 | {% set dhcpd = salt['grains.filter_by']({ 2 | 'Arch': { 3 | 'server': 'dhcp', 4 | 'service': 'dhcpd4', 5 | 'config': '/etc/dhcpd.conf', 6 | }, 7 | 'Debian': { 8 | 'server': 'isc-dhcp-server', 9 | 'service': 'isc-dhcp-server', 10 | 'config': '/etc/dhcp/dhcpd.conf', 11 | 'service_config': '/etc/default/isc-dhcp-server', 12 | }, 13 | 'RedHat': { 14 | 'server': 'dhcp', 15 | 'service': 'dhcpd', 16 | 'config': '/etc/dhcp/dhcpd.conf', 17 | }, 18 | 'FreeBSD': { 19 | 'server': 'isc-dhcp43-server', 20 | 'service': 'isc-dhcpd', 21 | 'config': '/usr/local/etc/dhcpd.conf', 22 | 'service_config': '/etc/rc.conf.d/dhcpd', 23 | }, 24 | 'Suse': { 25 | 'server': 'dhcp-server', 26 | 'service': 'dhcpd', 27 | 'config': '/etc/dhcpd.conf', 28 | 'service_config': '/etc/sysconfig/dhcpd', 29 | }, 30 | }, merge=salt['pillar.get']('dhcpd:lookup')) %} 31 | -------------------------------------------------------------------------------- /dhcpd-formula/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Settings for DHCP server 3 | group: general_system_configuration 4 | after: 5 | - branch-network -------------------------------------------------------------------------------- /grafana-formula/grafana-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package grafana-formula 3 | # 4 | # Copyright (c) 2024 SUSE LLC 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | %define fname grafana 20 | %define fdir %{_datadir}/susemanager/formulas 21 | Name: grafana-formula 22 | Version: 0.12.0 23 | Release: 0 24 | Summary: Salt formula for installing and configuring Grafana 25 | License: Apache-2.0 26 | Group: System/Packages 27 | URL: https://github.com/SUSE/salt-formulas 28 | Source: grafana-formula-%{version}.tar.gz 29 | BuildArch: noarch 30 | 31 | %description 32 | Salt Formula for installing and configuring Grafana. 33 | 34 | %prep 35 | %setup -q 36 | 37 | %build 38 | 39 | %install 40 | mkdir -p %{buildroot}%{fdir}/states/%{fname} 41 | mkdir -p %{buildroot}%{fdir}/metadata/%{fname} 42 | cp -R grafana/* %{buildroot}%{fdir}/states/%{fname} 43 | cp -R metadata/* %{buildroot}%{fdir}/metadata/%{fname} 44 | 45 | %files 46 | %defattr(-,root,root) 47 | %license LICENSE 48 | %dir %{_datadir}/susemanager 49 | %dir %{fdir} 50 | %dir %{fdir}/states 51 | %dir %{fdir}/metadata 52 | %{fdir}/states/%{fname} 53 | %{fdir}/metadata/%{fname} 54 | 55 | %changelog 56 | -------------------------------------------------------------------------------- /grafana-formula/grafana/files/dashboard-provider.yml: -------------------------------------------------------------------------------- 1 | apiVersion: 1 2 | 3 | providers: 4 | - name: default 5 | orgId: 1 6 | folder: '' 7 | type: file 8 | disableDeletion: false 9 | updateIntervalSeconds: 10 # how often Grafana will scan for changed dashboards 10 | options: 11 | path: /etc/grafana/provisioning 12 | -------------------------------------------------------------------------------- /grafana-formula/grafana/files/datasources.yml: -------------------------------------------------------------------------------- 1 | # config file version 2 | apiVersion: 1 3 | 4 | datasources: 5 | {% for name, datasource in salt['pillar.get']('grafana:datasources:prometheus').items() %} 6 | {% if datasource.user and datasource.password %} 7 | {% set basic_auth_enabled = true %} 8 | {% else %} 9 | {% set basic_auth_enabled = false %} 10 | {% endif %} 11 | 12 | - name: {{ name }} 13 | type: prometheus 14 | access: proxy 15 | url: {{ datasource.url }} 16 | basicAuth: {{ basic_auth_enabled }} 17 | isDefault: {{ loop.first }} 18 | editable: true 19 | jsonData: 20 | timeInterval: 5s 21 | {% if basic_auth_enabled %} 22 | basicAuthUser: {{ datasource.user }} 23 | secureJsonData: 24 | basicAuthPassword: {{ datasource.password }} 25 | {% endif %} 26 | version: 2 27 | {% endfor %} 28 | -------------------------------------------------------------------------------- /grafana-formula/metadata/form.yml: -------------------------------------------------------------------------------- 1 | grafana: 2 | $type: namespace 3 | 4 | enabled: 5 | $type: boolean 6 | $default: True 7 | $help: Enable/disable Grafana 8 | 9 | admin_user: 10 | $type: text 11 | $name: Default administrator user 12 | $default: admin 13 | $disabled: "!formValues.grafana.enabled" 14 | 15 | admin_pass: 16 | $type: password 17 | $name: Initial administrator password 18 | $default: admin 19 | $disabled: "!formValues.grafana.enabled" 20 | 21 | datasources: 22 | $type: group 23 | $disabled: "!formValues.grafana.enabled" 24 | $help: Configure the data sources used by Grafana. 25 | 26 | prometheus: 27 | $type: edit-group 28 | $minItems: 1 29 | $name: Prometheus 30 | $help: Configure Prometheus data sources. 31 | $itemName: Prometheus data source ${i} 32 | $prototype: 33 | $type: group 34 | $disabled: "!formValues.grafana.enabled" 35 | $key: 36 | $type: text 37 | $name: Datasource name 38 | $default: Prometheus 39 | $help: Data source name 40 | url: 41 | $type: url 42 | $default: http://localhost:9090 43 | $required: true 44 | $name: Prometheus URL 45 | $help: URL of a Prometheus instance 46 | user: 47 | $name: Prometheus server username 48 | password: 49 | $type: password 50 | $name: Prometheus server password 51 | 52 | dashboards: 53 | $type: group 54 | $disabled: "!formValues.grafana.enabled" 55 | $help: Dashboards to install. 56 | 57 | add_uyuni_dashboard: 58 | $type: boolean 59 | $name: ${productName} server dashboard 60 | $help: Add dashboard for monitoring an ${productName} server 61 | $default: True 62 | 63 | add_uyuni_clients_dashboard: 64 | $type: boolean 65 | $name: ${productName} clients dashboard 66 | $help: Add dashboard for monitoring ${productName} clients 67 | $default: True 68 | 69 | add_postgresql_dasboard: 70 | $type: boolean 71 | $name: PostgreSQL dashboard 72 | $help: Add dashboard for monitoring a PostgreSQL database 73 | $default: True 74 | 75 | add_apache_dashboard: 76 | $type: boolean 77 | $name: Apache HTTPD dashboard 78 | $help: Add dashboard for monitoring an Apache HTTPD server 79 | $default: True 80 | 81 | kubernetes: 82 | $type: group 83 | $disabled: "!formValues.grafana.enabled" 84 | $help: CaaSP dashboards to install. 85 | 86 | add_k8s_dashboard: 87 | $type: boolean 88 | $name: Kubernetes cluster dashboard 89 | $help: Add dashboard for monitoring a Kubernetes cluster 90 | $default: False 91 | 92 | add_etcd_dashboard: 93 | $type: boolean 94 | $name: Kubernetes etcd dashboard 95 | $help: Add dashboard for monitoring an etcd daemon 96 | $default: False 97 | 98 | add_k8s_namespaces_dashboard: 99 | $type: boolean 100 | $name: Kubernetes namespaces dashboard 101 | $help: Add dashboard for monitoring Kubernetes namespaces 102 | $default: False 103 | 104 | sap: 105 | $name: SAP 106 | $type: group 107 | $disabled: "!formValues.grafana.enabled" 108 | $help: SAP dashboards to install. 109 | 110 | add_ha_dashboard: 111 | $type: boolean 112 | $name: HA pacemaker cluster dashboards 113 | $help: Add dashboard for monitoring HA pacemaker clusters components 114 | $default: False 115 | 116 | add_sap_hana_dashboard: 117 | $type: boolean 118 | $name: SAP HANA dashboards 119 | $help: Add dashboard for monitoring SAP HANA components 120 | $default: False 121 | 122 | add_sap_netweaver_dashboard: 123 | $type: boolean 124 | $name: SAP NETWEAVER dashboards 125 | $help: Add dashboard for monitoring SAP NETWAVER components 126 | $default: False 127 | -------------------------------------------------------------------------------- /grafana-formula/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Enable and configure Grafana. 3 | group: monitoring 4 | -------------------------------------------------------------------------------- /kitchensink-formula/kitchensink-formula.changes: -------------------------------------------------------------------------------- 1 | ------------------------------------------------------------------- 2 | Fri May 15 13:05:07 UTC 2020 - Matei Albu 3 | 4 | - Initial version of kitchensink-formula 5 | -------------------------------------------------------------------------------- /kitchensink-formula/kitchensink-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package kitchensink-formula 3 | # 4 | # Copyright (c) 2020 SUSE LLC 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | %define fname kitchensink 20 | %define fdir %{_datadir}/susemanager/formulas 21 | Name: kitchensink-formula 22 | Version: 0.1 23 | Release: 0 24 | Summary: Example Salt formula demoing all features of formula forms 25 | License: Apache-2.0 26 | Group: System/Packages 27 | Url: https://github.com/SUSE/salt-formulas 28 | Source: kitchensink-formula-%{version}.tar.gz 29 | BuildRoot: %{_tmppath}/%{name}-%{version}-build 30 | BuildArch: noarch 31 | 32 | %description 33 | Example Salt formula demoing all features of formula forms. 34 | 35 | %prep 36 | %setup -q 37 | 38 | %build 39 | 40 | %install 41 | mkdir -p %{buildroot}%{fdir}/states/%{fname} 42 | mkdir -p %{buildroot}%{fdir}/metadata/%{fname} 43 | cp -R kitchensink/* %{buildroot}%{fdir}/states/%{fname} 44 | cp -R metadata/* %{buildroot}%{fdir}/metadata/%{fname} 45 | 46 | %files 47 | %defattr(-,root,root) 48 | %license LICENSE 49 | %dir %{_datadir}/susemanager 50 | %dir %{fdir} 51 | %dir %{fdir}/states 52 | %dir %{fdir}/metadata 53 | %{fdir}/states/%{fname} 54 | %{fdir}/metadata/%{fname} 55 | 56 | %changelog 57 | -------------------------------------------------------------------------------- /kitchensink-formula/kitchensink/init.sls: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SUSE/salt-formulas/f57e43d1ef0519266fbc758d40b678f1a5b2522e/kitchensink-formula/kitchensink/init.sls -------------------------------------------------------------------------------- /kitchensink-formula/metadata/form.yml: -------------------------------------------------------------------------------- 1 | kitchensync: 2 | $type: namespace 3 | 4 | enable_foo: 5 | $type: boolean 6 | $default: True 7 | $name: Enable group Foo 8 | 9 | foo: 10 | $type: group 11 | $name: A simple group 12 | $disabled: "!formValues.kitchensync.enable_foo" 13 | $key: 14 | $type: text 15 | $name: Key 16 | $default: fooX 17 | required_field: 18 | $type: text 19 | $name: Required field 20 | $help: "$required attribute example" 21 | $required: true 22 | $placeholder: This field is required 23 | formatted_field: 24 | $type: text 25 | $name: Formatted field 26 | $help: "Only lowercase letters allowed" 27 | $match: "[a-z]*" 28 | $placeholder: Only lowercase letters allowed 29 | 30 | show_bar: 31 | $type: boolean 32 | $default: True 33 | $help: "$visible example" 34 | $name: Show group Bar 35 | $default: True 36 | 37 | bar: 38 | $type: group 39 | $name: Another simple group 40 | $visible: "formValues.kitchensync.show_bar" 41 | $help: "$help is shown here for groups." 42 | sub_bar_relative: 43 | $type: edit-group 44 | $name: An edit-group 45 | $help: Shows the usage of relative expressions in the $disabled attribute 46 | $minItems: 2 47 | $prototype: 48 | enable: 49 | $type: boolean 50 | $name: Enable next field 51 | $default: True 52 | field: 53 | $type: select 54 | $values: ["Enable", 55 | "Disable" 56 | ] 57 | $default: Enable 58 | $name: Some selector 59 | $disabled: "!this.parent.value.enable" 60 | $help: Example using $disabled with relative expression 61 | sub_sub_bar: 62 | $type: edit-group 63 | $name: Example using two-level relative expressions 64 | $minItems: 1 65 | $itemName: Field ${i} 66 | $prototype: 67 | field: 68 | $type: text 69 | $name: Yet another field 70 | $placeholder: Enable/disable this field using the selecor in the group above 71 | $disabled: 'this.parent.parent.parent.value.field != "Enable"' 72 | show_hidden: 73 | $type: select 74 | $values: ["Show", 75 | "Hide" 76 | ] 77 | $default: Show 78 | $name: Show hidden 79 | hidden: 80 | $type: edit-group 81 | $itemName: Hidden 82 | $optional: True 83 | $visibleIf: .show_hidden == 'Show' 84 | $prototype: 85 | $type: group 86 | $minItems: 1 87 | $key: 88 | $type: text 89 | $name: Hidden Key 90 | $default: key default 91 | mountpoint: 92 | $type: text 93 | $name: Device Mount Point 94 | $help: What should the partition be mount as - /, swap, /var, ... 95 | $optional: True 96 | $default: blabla 97 | 98 | 99 | -------------------------------------------------------------------------------- /kitchensink-formula/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Kitchen sink example showing all formula forms features. 3 | group: examples 4 | 5 | -------------------------------------------------------------------------------- /kitchensink-formula/metadata/pillar.example: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SUSE/salt-formulas/f57e43d1ef0519266fbc758d40b678f1a5b2522e/kitchensink-formula/metadata/pillar.example -------------------------------------------------------------------------------- /liberate-formula/liberate-formula.changes: -------------------------------------------------------------------------------- 1 | ------------------------------------------------------------------- 2 | Mon Jan 15 11:00:00 UTC 2024 - Thomas Florio 3 | 4 | - Version 0.1.0 5 | * Integrate into salt-formulas project 6 | * Make sure the formula is idempotent and do not alter the system 7 | after the migration 8 | 9 | ------------------------------------------------------------------- 10 | Thu Nov 9 16:46:44 UTC 2023 - Ricardo Mateus 11 | 12 | - Version 0.0.2 13 | * Support for all flavors 14 | 15 | ------------------------------------------------------------------- 16 | Wed Nov 8 16:51:29 UTC 2023 - Miguel Pérez Colino 17 | 18 | - Initial build 19 | -------------------------------------------------------------------------------- /liberate-formula/liberate-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package liberate-formula 3 | # 4 | # Copyright (c) 2024 SUSE LLC 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | %define fname liberate 20 | %define fdir %{_datadir}/susemanager/formulas 21 | 22 | Name: liberate-formula 23 | Version: 0.1.0 24 | Release: 0 25 | Summary: Formula to liberate servers and convert them to SLL 26 | License: Apache-2.0 27 | Group: System/Packages 28 | Source: liberate-formula-%{version}.tar.gz 29 | BuildRoot: %{_tmppath}/%{name}-%{version}-build 30 | BuildArch: noarch 31 | 32 | %description 33 | Formula to liberate servers and convert them to SLL 34 | 35 | %prep 36 | %setup -q 37 | 38 | %build 39 | 40 | %install 41 | mkdir -p %{buildroot}%{fdir}/states/%{fname} 42 | mkdir -p %{buildroot}%{fdir}/metadata/%{fname} 43 | cp -R liberate/* %{buildroot}%{fdir}/states/%{fname} 44 | cp -R metadata/* %{buildroot}%{fdir}/metadata/%{fname} 45 | 46 | %files 47 | %defattr(-,root,root) 48 | %doc README.md 49 | %license LICENSE 50 | %dir %{_datadir}/susemanager 51 | %dir %{fdir} 52 | %dir %{fdir}/states 53 | %dir %{fdir}/metadata 54 | %{fdir}/states/%{fname} 55 | %{fdir}/metadata/%{fname} 56 | 57 | %changelog 58 | -------------------------------------------------------------------------------- /liberate-formula/liberate/init.sls: -------------------------------------------------------------------------------- 1 | {% if grains['os_family'] == 'RedHat' %} 2 | 3 | # Check if this machine was not already liberated 4 | {% if not salt['file.file_exists']('/etc/sysconfig/liberated') %} 5 | 6 | {% set release = grains.get('osmajorrelease', None)|int() %} 7 | {% set osName = grains.get('os', None) %} 8 | {% set reinstallPackages = salt['pillar.get']('liberate:reinstall_packages', true) %} 9 | 10 | {% set liberated = false %} 11 | {% set liberationDate = salt['system.get_system_date']() %} 12 | 13 | {% set isLiberty = salt['file.search']('/etc/os-release', 'SUSE Liberty Linux') %} 14 | {% set isSleES = salt['file.search']('/etc/os-release', 'SLES Expanded Support') %} 15 | 16 | # EL 9 17 | {% if release == 9 %} 18 | {% if not isLiberty %} 19 | 20 | /usr/share/redhat-release: 21 | file.absent 22 | 23 | /etc/dnf/protected.d/redhat-release.conf: 24 | file.absent 25 | 26 | {% if osName == 'Rocky' %} 27 | /usr/share/rocky-release/: 28 | file.absent 29 | 30 | remove_release_package: 31 | cmd.run: 32 | - name: "rpm -e --nodeps rocky-release" 33 | {% endif %} 34 | 35 | {% if osName == 'AlmaLinux' %} 36 | /usr/share/almalinux-release/: 37 | file.absent 38 | 39 | remove_release_package: 40 | cmd.run: 41 | - name: "rpm -e --nodeps almalinux-release" 42 | {% endif %} 43 | 44 | {% if osName == 'OEL' %} 45 | /usr/share/oraclelinux-release/: 46 | file.absent 47 | 48 | remove_release_package: 49 | cmd.run: 50 | - name: "rpm -e --nodeps oraclelinux-release" 51 | {% endif %} 52 | 53 | install_package_9: 54 | pkg.installed: 55 | - name: sll-release 56 | - refresh: True 57 | 58 | install_logos_9: 59 | pkg.installed: 60 | - name: sll-logos 61 | - refresh: True 62 | 63 | {% if reinstallPackages %} 64 | re_install_from_SLL: 65 | cmd.run: 66 | - name: "dnf -x 'venv-salt-minion' reinstall '*' -y >> /var/log/dnf_sll_migration.log" 67 | - require: 68 | - pkg: install_package_9 69 | {% endif %} 70 | 71 | {% set liberated = true %} 72 | 73 | {% endif %} # end if for search 74 | 75 | 76 | # EL 8 77 | {% elif release == 8 %} 78 | 79 | # Starting tasks for EL clones 8 or under. 80 | {% if not isSleES and not isLiberty %} 81 | 82 | /usr/share/redhat-release: 83 | file.absent 84 | 85 | /etc/dnf/protected.d/redhat-release.conf: 86 | file.absent 87 | 88 | {% if osName == 'Rocky' %} 89 | /usr/share/rocky-release/: 90 | file.absent 91 | 92 | remove_release_package: 93 | cmd.run: 94 | - name: "rpm -e --nodeps rocky-release" 95 | {% endif %} 96 | 97 | {% if osName == 'AlmaLinux' %} 98 | /usr/share/almalinux-release/: 99 | file.absent 100 | 101 | remove_release_package: 102 | cmd.run: 103 | - name: "rpm -e --nodeps almalinux-release" 104 | {% endif %} 105 | 106 | install_package_8: 107 | pkg.installed: 108 | - name: sles_es-release 109 | - refresh: True 110 | 111 | install_logos_8: 112 | pkg.installed: 113 | - name: sles_es-logos 114 | - refresh: True 115 | 116 | {% if reinstallPackages %} 117 | re_install_from_SLL: 118 | cmd.run: 119 | - name: "yum -x 'venv-salt-minion' -x 'salt-minion' reinstall '*' -y >> /var/log/dnf_sles_es_migration.log" 120 | - require: 121 | - pkg: install_package_8 122 | {% endif %} 123 | 124 | {% set liberated = true %} 125 | 126 | {% endif %} # end if for search 127 | 128 | 129 | # EL 7 130 | {% elif release == 7 %} 131 | 132 | # Starting tasks for EL clones 8 or under. 133 | {% if not isSleES and not isLiberty %} 134 | 135 | /usr/share/redhat-release: 136 | file.absent 137 | 138 | /etc/dnf/protected.d/redhat-release.conf: 139 | file.absent 140 | 141 | {% if osName == 'OEL' %} 142 | /usr/share/oraclelinux-release/: 143 | file.absent 144 | 145 | remove_release_package: 146 | cmd.run: 147 | - name: "rpm -e --nodeps oraclelinux-release-el7" 148 | {% endif %} 149 | 150 | install_package_7: 151 | pkg.installed: 152 | - name: sles_es-release-server 153 | - refresh: True 154 | 155 | install_logos_7: 156 | pkg.installed: 157 | - name: sles_es-logos 158 | - refresh: True 159 | 160 | {% if reinstallPackages %} 161 | re_install_from_SLL: 162 | cmd.run: 163 | - name: "yum -x 'venv-salt-minion' -x 'salt-minion' reinstall '*' -y >> /var/log/yum_sles_es_migration.log" 164 | - require: 165 | - pkg: install_package_7 166 | {% endif %} 167 | 168 | {% set liberated = true %} 169 | 170 | {% endif %} # end if for search 171 | 172 | {% endif %} # end if for release number 173 | 174 | create_liberation_file: 175 | file.managed: 176 | - name: /etc/sysconfig/liberated 177 | - contents: | 178 | LIBERATED="{{ liberated }}" 179 | LIBERATED_FROM="{{ osName }} {{ release }}" 180 | LIBERATED_DATE="{{ liberationDate }}" 181 | LIBERATED_REINSTALLED="{{ reinstallPackages }}" 182 | 183 | {% endif %} # end if file /etc/sysconfig/liberated exists 184 | 185 | {% endif %} # endif of rhel family 186 | -------------------------------------------------------------------------------- /liberate-formula/metadata/form.yml: -------------------------------------------------------------------------------- 1 | liberate: 2 | $type: namespace 3 | 4 | reinstall_packages: 5 | $name: 'Reinstall all packages after conversion' 6 | $type: boolean 7 | $help: 'If you want all the packages in your SLL system to have signatures from SUSE, please enable this option' 8 | $default: true 9 | -------------------------------------------------------------------------------- /liberate-formula/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | This Salt Formula helps convert systems from an EL clone (RHEL, CentOS, Rocky, Alma, Oracle Linux) to SUSE Liberty Linux 3 | group: suse_liberate 4 | -------------------------------------------------------------------------------- /locale-formula/README.rst: -------------------------------------------------------------------------------- 1 | ======== 2 | locale 3 | ======== 4 | 5 | Formula to configure locales. 6 | 7 | .. note:: 8 | 9 | See the full `Salt Formulas installation and usage instructions 10 | `_. 11 | 12 | Available states 13 | ================ 14 | 15 | .. contents:: 16 | :local: 17 | 18 | ``locale`` 19 | ---------- 20 | 21 | Configures the locale - langauge, keyboard and timezone. 22 | 23 | Defaults 24 | ======== 25 | 26 | Default values are: 27 | 28 | timezone: 'CET' 29 | utc: True 30 | language: English (US) 31 | keyboard: English (US) 32 | See locale/pillar.example. 33 | -------------------------------------------------------------------------------- /locale-formula/locale-formula.changes: -------------------------------------------------------------------------------- 1 | ------------------------------------------------------------------- 2 | Thu Dec 19 12:17:27 UTC 2024 - Marina Latini 3 | 4 | - Update to version 0.4.0 5 | * Refresh spec file 6 | 7 | ------------------------------------------------------------------- 8 | Thu Sep 15 11:37:18 UTC 2022 - Witek Bedyk 9 | 10 | - Update to version 0.3 11 | * Remove .map.gz from kb_map dictionary (bsc#1203406) 12 | 13 | ------------------------------------------------------------------- 14 | Thu May 11 13:58:06 CEST 2017 - mc@suse.de 15 | 16 | - remove documentation links which point to developer-only wiki 17 | (bsc#1033341) 18 | 19 | ------------------------------------------------------------------- 20 | Fri Mar 3 13:21:29 UTC 2017 - mseidl@suse.de 21 | 22 | - (bsc#1027642) Changed ids to avoid conflicts 23 | 24 | ------------------------------------------------------------------- 25 | Tue Feb 7 10:19:08 UTC 2017 - mseidl@suse.de 26 | 27 | - Add missing group spec file 28 | 29 | ------------------------------------------------------------------- 30 | Sun Feb 5 14:31:20 UTC 2017 - mseidl@suse.de 31 | 32 | - Updated files with gpl header + copying file 33 | 34 | ------------------------------------------------------------------- 35 | Fri Feb 3 11:52:44 UTC 2017 - mseidl@suse.de 36 | 37 | - Fixed spec file and changed file layout in src 38 | 39 | ------------------------------------------------------------------- 40 | Fri Feb 3 09:18:07 UTC 2017 - mseidl@suse.de 41 | 42 | - Initial commit 43 | -------------------------------------------------------------------------------- /locale-formula/locale-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package locale-formula 3 | # 4 | # Copyright (c) 2024 SUSE LLC 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | %define fname locale 20 | Name: %{fname}-formula 21 | Version: 0.4.0 22 | Release: 0 23 | Summary: Locale Salt Formula for SUSE Multi-Linux Manager and Uyuni 24 | License: GPL-3.0-only 25 | Group: System/Management 26 | URL: https://github.com/SUSE/salt-formulas 27 | Source0: %{name}-%{version}.tar.gz 28 | Requires: salt-master 29 | BuildArch: noarch 30 | 31 | %description 32 | Salt Formula for SUSE Multi-Linux Manager and Uyuni. 33 | It configures the locale settings for langauge, keyboard and 34 | timezone. 35 | 36 | 37 | %prep 38 | %setup -q 39 | 40 | %build 41 | 42 | %install 43 | mkdir -p %{buildroot}%{_datadir}/susemanager/formulas/states/%{fname} 44 | mkdir -p %{buildroot}%{_datadir}/susemanager/formulas/metadata/%{fname} 45 | cp -R states/* %{buildroot}%{_datadir}/susemanager/formulas/states/%{fname} 46 | cp -R metadata/* %{buildroot}%{_datadir}/susemanager/formulas/metadata/%{fname} 47 | 48 | %files 49 | %defattr(-,root,root,-) 50 | %license COPYING 51 | %doc README.rst 52 | %{_datadir}/susemanager 53 | 54 | %changelog 55 | -------------------------------------------------------------------------------- /locale-formula/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Settings for language, keyboard, and timezone 3 | group: general_system_configuration 4 | after: 5 | - users -------------------------------------------------------------------------------- /locale-formula/metadata/pillar.example: -------------------------------------------------------------------------------- 1 | # This file is part of locale-formula. 2 | # 3 | # Foobar is free software: you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation, either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # Foobar is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | # GNU General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU General Public License 14 | # along with Foobar. If not, see . 15 | 16 | timezone: 17 | hardware_clock_set_to_utc: True 18 | name: CET 19 | 20 | keyboard_and_language: 21 | keyboard_layout: English (US) 22 | language: English (US) 23 | -------------------------------------------------------------------------------- /locale-formula/states/init.sls: -------------------------------------------------------------------------------- 1 | # This file is part of locale-formula. 2 | # 3 | # Foobar is free software: you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation, either version 3 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # Foobar is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | # GNU General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU General Public License 14 | # along with Foobar. If not, see . 15 | 16 | # This state configures timezone, keyboard layout and language. 17 | 18 | {%- set timezone = salt['pillar.get']('timezone:name', 'CET') %} 19 | {%- set utc = salt['pillar.get']('timezone:utc', True) %} 20 | {%- set language = salt['pillar.get']('keyboard_and_language:language', 'English (US)') %} 21 | {%- set kb_layout = salt['pillar.get']('keyboard_and_language:keyboard_layout', 'English (US)') %} 22 | {% from "locale/map.jinja" import confmap with context %} 23 | {% from "locale/map.jinja" import map with context %} 24 | 25 | mgr_timezone_setting: 26 | timezone.system: 27 | - name: {{ timezone }} 28 | - utc: {{ utc }} 29 | 30 | mgr_timezone_packages: 31 | pkg.installed: 32 | - name: {{ confmap.pkgname }} 33 | 34 | mgr_timezone_symlink: 35 | file.symlink: 36 | - name: {{ confmap.path_localtime }} 37 | - target: {{ confmap.path_zoneinfo }}{{ timezone }} 38 | - force: true 39 | - require: 40 | - pkg: {{ confmap.pkgname }} 41 | 42 | mgr_kb_settings: 43 | keyboard.system: 44 | - name: {{ map.kb_map.get(kb_layout) }} 45 | 46 | mgr_locale_package: 47 | pkg.installed: 48 | - name: {{ confmap.loc_pkg }} 49 | 50 | {% if grains['os_family'] == 'Suse' %} 51 | /etc/sysconfig/language: 52 | file.replace: 53 | - pattern: ^ROOT_USES_LANG=.* 54 | - repl: ROOT_USES_LANG="yes" 55 | {% endif %} 56 | 57 | mgr_language_settings: 58 | locale.system: 59 | - name: {{ map.lang_map.get(language) }} 60 | - require: 61 | - pkg: mgr_locale_package 62 | -------------------------------------------------------------------------------- /openvpn-formula/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Settings for OpenVPN server 3 | group: general_system_configuration 4 | after: 5 | - branch-network 6 | -------------------------------------------------------------------------------- /openvpn-formula/openvpn-formula.changes: -------------------------------------------------------------------------------- 1 | ------------------------------------------------------------------- 2 | Fri Jul 16 07:36:14 UTC 2021 - Stefan Bluhm 3 | 4 | - Update to v0.1.2 5 | - Changed package to noarch. 6 | 7 | ------------------------------------------------------------------- 8 | Tue Aug 11 12:37:26 UTC 2020 - Alexander Graul 9 | 10 | - Update to v0.1.1 11 | - Add hint that ssl certs must be on system (bsc#1172279) 12 | 13 | ------------------------------------------------------------------- 14 | Mon Apr 27 14:35:26 UTC 2020 - Alexander Graul 15 | 16 | - Initial Package v0.1 17 | -------------------------------------------------------------------------------- /openvpn-formula/openvpn-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package openvpn-formula 3 | # 4 | # Copyright (c) 2020 SUSE LLC 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | Name: openvpn-formula 20 | Version: 0.1.2 21 | Release: 0 22 | BuildArch: noarch 23 | Summary: OpenVPN Salt Formula for Uyuni/SUSE Manager 24 | License: Apache-2.0 25 | URL: https://github.com/SUSE/salt-formulas/ 26 | Source: %{name}-%{version}.tar.xz 27 | Requires: susemanager-sls 28 | 29 | %description 30 | OpenVPN Salt Formula for use in Uyuni/SUSE Manager. 31 | 32 | %prep 33 | %setup -q 34 | 35 | %install 36 | mkdir -p %{buildroot}/usr/share/susemanager/formulas/metadata/openvpn 37 | mkdir -p %{buildroot}/usr/share/susemanager/formulas/states/openvpn 38 | cp metadata/* %{buildroot}/usr/share/susemanager/formulas/metadata/openvpn/ 39 | cp -r openvpn/* %{buildroot}/usr/share/susemanager/formulas/states/openvpn/ 40 | 41 | %files 42 | %dir /usr/share/susemanager 43 | %dir /usr/share/susemanager/formulas 44 | %dir /usr/share/susemanager/formulas/metadata 45 | %dir /usr/share/susemanager/formulas/states 46 | %dir /usr/share/susemanager/formulas/metadata/openvpn 47 | %dir /usr/share/susemanager/formulas/states/openvpn 48 | %dir /usr/share/susemanager/formulas/states/openvpn/server 49 | %dir /usr/share/susemanager/formulas/states/openvpn/files 50 | /usr/share/susemanager/formulas/metadata/openvpn/form.yml 51 | /usr/share/susemanager/formulas/metadata/openvpn/metadata.yml 52 | /usr/share/susemanager/formulas/states/openvpn/common.sls 53 | /usr/share/susemanager/formulas/states/openvpn/init.sls 54 | /usr/share/susemanager/formulas/states/openvpn/map.jinja 55 | /usr/share/susemanager/formulas/states/openvpn/server/init.sls 56 | /usr/share/susemanager/formulas/states/openvpn/server/service.sls 57 | /usr/share/susemanager/formulas/states/openvpn/files/_gateway.conf 58 | /usr/share/susemanager/formulas/states/openvpn/files/server.conf 59 | /usr/share/susemanager/formulas/states/openvpn/files/_subnet.conf 60 | /usr/share/susemanager/formulas/states/openvpn/files/ipp.txt 61 | 62 | %changelog 63 | -------------------------------------------------------------------------------- /openvpn-formula/openvpn/common.sls: -------------------------------------------------------------------------------- 1 | {% from "openvpn/map.jinja" import common with context %} 2 | 3 | openvpn_packages: 4 | pkg.installed: 5 | - names: {{ common.pkgs }} 6 | 7 | openvpn_ssl_dir: 8 | file.directory: 9 | - name: /etc/openvpn/ssl 10 | - require: 11 | - pkg: openvpn_packages 12 | 13 | 14 | 15 | {%- if grains.os_family == "Arch" %} 16 | 17 | {%- if pillar.openvpn.client is defined %} 18 | 19 | {% from "openvpn/map.jinja" import client with context %} 20 | 21 | {%- for tunnel_name, tunnel in client.tunnel.iteritems() %} 22 | 23 | openvpn_service: 24 | service.running: 25 | - name: "{{ tunnel_name }}.service" 26 | - enable: true 27 | {%- if grains.get('noservices') %} 28 | - onlyif: /bin/false 29 | {%- endif %} 30 | 31 | {%- endfor %} 32 | 33 | {%- endif %} 34 | {%- endif %} 35 | -------------------------------------------------------------------------------- /openvpn-formula/openvpn/files/_gateway.conf: -------------------------------------------------------------------------------- 1 | # Gateway settings 2 | mode {{ server.get('mode', 'server') }} 3 | {%- if server.get('mode', 'server') == 'server'} 4 | tls-server 5 | {%- endif %} 6 | 7 | ifconfig {{ server.endpoint.local }} {{ server.endpoint.remote }} 8 | ifconfig-pool {{ server.dhcp_pool.start }} {{ server.dhcp_pool.end }} 9 | 10 | {%- if server.get('redirect_gateway', False) %} 11 | push "redirect-gateway" 12 | {%- else %} 13 | ;push "redirect-gateway" 14 | {%- endif %} 15 | 16 | route {{ server.interface.network }} {{ server.interface.netmask }} 17 | 18 | {#- 19 | vim: syntax=jinja 20 | -#} 21 | -------------------------------------------------------------------------------- /openvpn-formula/openvpn/files/_subnet.conf: -------------------------------------------------------------------------------- 1 | # Configure server mode and supply a VPN subnet 2 | # for OpenVPN to draw client addresses from. 3 | # The server will take 10.8.0.1 for itself, 4 | # the rest will be made available to clients. 5 | # Each client will be able to reach the server 6 | # on 10.8.0.1. Comment this line out if you are 7 | # ethernet bridging. See the man page for more info. 8 | topology {{ server.get('topology', 'subnet') }} 9 | server {{ server.interface.network }} {{ server.interface.netmask }} 10 | 11 | ifconfig-pool-persist /etc/openvpn/ipp.txt 12 | 13 | {#- 14 | vim: syntax=jinja 15 | -#} 16 | -------------------------------------------------------------------------------- /openvpn-formula/openvpn/files/ipp.txt: -------------------------------------------------------------------------------- 1 | {%- from "openvpn/map.jinja" import server with context %}{%- for client in server.interface.get('clients', []) %} 2 | {{ client.name }},{{ client.address }} 3 | {%- endfor %} -------------------------------------------------------------------------------- /openvpn-formula/openvpn/files/server.conf: -------------------------------------------------------------------------------- 1 | {%- from "openvpn/map.jinja" import server with context %} 2 | 3 | local {{ server.bind.address }} 4 | port {{ server.bind.port }} 5 | 6 | # TCP or UDP server? 7 | proto {{ server.bind.get('protocol', 'udp') }} 8 | 9 | {%- if server.get('auth', False) %} 10 | plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn 11 | client-cert-not-required 12 | {%- endif %} 13 | 14 | # "dev tun" will create a routed IP tunnel, 15 | # "dev tap" will create an ethernet tunnel. 16 | dev {{ server.get('device', 'tun') }} 17 | 18 | # SSL 19 | ca {{ server.ssl.ca_group.get('file', '/etc/openvpn/ssl/ca.crt') }} 20 | cert {{ server.ssl.cert_group.get('file', '/etc/openvpn/ssl/server.crt') }} 21 | key {{ server.ssl.key_group.get('file', '/etc/openvpn/ssl/server.key') }} 22 | dh /etc/openvpn/ssl/dh2048.pem 23 | {%- if server.ssl.crl_group.get('enabled', False) %} 24 | crl-verify {{ server.ssl.crl_group.get('file', '/etc/openvpn/ssl/crl.pem') }} 25 | {%- endif %} 26 | 27 | 28 | {%- if server.get('topology', 'subnet') == 'subnet' %} 29 | {% include "openvpn/files/_subnet.conf" %} 30 | {%- elif server.topology == 'gateway' %} 31 | {% include "openvpn/files/_gateway.conf" %} 32 | {%- endif %} 33 | 34 | {%- for route in server.get('routes', []) %} 35 | push "route {{ route.network }} {{ route.netmask }}" 36 | {%- endfor %} 37 | 38 | # Uncomment this directive to allow different 39 | # clients to be able to "see" each other. 40 | # By default, clients will only see the server. 41 | # To force clients to only see the server, you 42 | # will also need to appropriately firewall the 43 | # server's TUN/TAP interface. 44 | {%- if server.get("client_to_client", False) %} 45 | client-to-client 46 | {%- else %} 47 | ;client-to-client 48 | {%- endif %} 49 | 50 | # Uncomment this directive if multiple clients 51 | # might connect with the same certificate/key 52 | # files or common names. This is recommended 53 | # only for testing purposes. For production use, 54 | # each client should have its own certificate/key 55 | # pair. 56 | # 57 | # IF YOU HAVE NOT GENERATED INDIVIDUAL 58 | # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, 59 | # EACH HAVING ITS OWN UNIQUE "COMMON NAME", 60 | # UNCOMMENT THIS LINE OUT. 61 | {%- if server.get("duplicate_cn", False) %} 62 | duplicate-cn 63 | {%- else %} 64 | ;duplicate-cn 65 | {%- endif %} 66 | 67 | # The keepalive directive causes ping-like 68 | # messages to be sent back and forth over 69 | # the link so that each side knows when 70 | # the other side has gone down. 71 | # Ping every 10 seconds, assume that remote 72 | # peer is down if no ping received during 73 | # a 120 second time period. 74 | keepalive 10 60 75 | inactive 600 76 | 77 | # For extra security beyond that provided 78 | # by SSL/TLS, create an "HMAC firewall" 79 | # to help block DoS attacks and UDP port flooding. 80 | # 81 | # Generate with: 82 | # openvpn --genkey --secret ta.key 83 | # 84 | # The server and each client must have 85 | # a copy of this key. 86 | # The second parameter should be '0' 87 | # on the server and '1' on the clients. 88 | {%- if server.get('tls_auth', False) %} 89 | tls-auth ta.key 0 90 | {%- else %} 91 | ;tls-auth ta.key 0 92 | {%- endif %} 93 | 94 | {%- if server.get('compression', True) %} 95 | compress lz4-v2 96 | push "compress lz4-v2" 97 | {%- else %} 98 | ;compress lz4-v2 99 | ;push "compress lz4-v2" 100 | {%- endif %} 101 | 102 | {%- if server.get('max_clients', False) %} 103 | max-clients {{ server.max_clients }} 104 | {%- endif %} 105 | user nobody 106 | group nogroup 107 | 108 | persist-key 109 | persist-tun 110 | 111 | ;status openvpn-status.log 112 | ;log openvpn.log 113 | ;log-append openvpn.log 114 | 115 | verb {{ server.get('verbosity', 3) }} 116 | ;mute 20 117 | 118 | {#- 119 | vim: syntax=jinja 120 | -#} 121 | -------------------------------------------------------------------------------- /openvpn-formula/openvpn/init.sls: -------------------------------------------------------------------------------- 1 | 2 | include: 3 | {% if pillar.openvpn.server is defined %} 4 | - openvpn.server 5 | {% endif %} 6 | {% if pillar.openvpn.client is defined %} 7 | - openvpn.client 8 | {% endif %} 9 | -------------------------------------------------------------------------------- /openvpn-formula/openvpn/map.jinja: -------------------------------------------------------------------------------- 1 | {% set common = salt['grains.filter_by']({ 2 | 'Debian': { 3 | 'pkgs': ['openvpn'], 4 | 'service': 'openvpn', 5 | 'config_dir': '/etc/openvpn', 6 | }, 7 | 'RedHat': { 8 | 'pkgs': ['openvpn'], 9 | 'service': 'openvpn', 10 | 'config_dir': '/etc/openvpn', 11 | }, 12 | 'Suse': { 13 | 'pkgs': ['openvpn'], 14 | 'service': 'openvpn', 15 | 'config_dir': '/etc/openvpn', 16 | }, 17 | 'Arch': { 18 | 'pkgs': ['openvpn'], 19 | 'service': 'openvpn', 20 | 'config_dir': '/etc/openvpn', 21 | }, 22 | }, merge=salt['pillar.get']('openvpn')) %} 23 | 24 | {% set client = salt['grains.filter_by']({ 25 | 'Debian': { 26 | 'service_enabled': True, 27 | 'tunnel': {}, 28 | 'pkipath': 'pki', 29 | }, 30 | 'RedHat': { 31 | 'service_enabled': True, 32 | 'tunnel': {}, 33 | }, 34 | 'Suse': { 35 | 'service_enabled': True, 36 | 'tunnel': {}, 37 | }, 38 | 'Arch': { 39 | 'service_enabled': True, 40 | 'tunnel': {}, 41 | }, 42 | }, merge=salt['pillar.get']('openvpn:client')) %} 43 | 44 | {% set server = salt['grains.filter_by']({ 45 | 'Debian': { 46 | 'service_enabled': True, 47 | 'pkipath': 'pki' 48 | }, 49 | 'RedHat': { 50 | 'service_enabled': True, 51 | }, 52 | 'Suse': { 53 | 'service_enabled': True, 54 | }, 55 | 'Arch': { 56 | 'service_enabled': True, 57 | }, 58 | }, merge=salt['pillar.get']('openvpn:server')) %} 59 | -------------------------------------------------------------------------------- /openvpn-formula/openvpn/server/init.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - openvpn.server.service 3 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/metadata/form.yml: -------------------------------------------------------------------------------- 1 | proxy_enabled: 2 | $type: boolean 3 | $name: Enable reverse proxy 4 | $default: False 5 | $help: Install reverse proxy for Prometheus exporters 6 | 7 | proxy_port: 8 | $type: number 9 | $name: Reverse proxy port number 10 | $default: 9999 11 | $disabled: '!formValues.proxy_enabled' 12 | $required: True 13 | 14 | tls: 15 | $type: group 16 | $name: TLS 17 | $help: > 18 | TLS configuration. Please ensure the files are present on the minion and readable for 19 | the user `prometheus` before applying the highstate. Please update Prometheus formula 20 | configuration for targets accordingly. 21 | 22 | enabled: 23 | $type: boolean 24 | $default: False 25 | 26 | ca_certificate: 27 | $name: CA Certificate 28 | $default: /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT 29 | $visible: this.parent.value.enabled == true 30 | 31 | server_certificate: 32 | $name: Server Certificate 33 | $placeholder: /etc/ssl/server.crt 34 | $visible: this.parent.value.enabled == true 35 | 36 | server_key: 37 | $name: Server Key 38 | $placeholder: /etc/ssl/server.key 39 | $visible: this.parent.value.enabled == true 40 | 41 | exporters: 42 | $type: group 43 | $help: Prometheus exporters 44 | 45 | node_exporter: 46 | $type: group 47 | $help: Prometheus exporter for hardware and OS metrics. 48 | 49 | enabled: 50 | $type: boolean 51 | $default: True 52 | 53 | address: 54 | $type: text 55 | $default: ':9100' 56 | 57 | args: 58 | $name: "Arguments" 59 | $type: text 60 | $help: Please refer to the documentation for available options. 61 | 62 | apache_exporter: 63 | $type: group 64 | $help: Prometheus exporter for apache mod_status statistics. 65 | 66 | enabled: 67 | $type: boolean 68 | $default: False 69 | 70 | address: 71 | $type: text 72 | $default: ':9117' 73 | 74 | args: 75 | $name: "Arguments" 76 | $type: text 77 | $help: Please refer to the documentation for available options. 78 | 79 | postgres_exporter: 80 | $type: group 81 | $help: Prometheus exporter for PostgreSQL server metrics. 82 | 83 | enabled: 84 | $type: boolean 85 | $default: False 86 | 87 | address: 88 | $type: text 89 | $default: ':9187' 90 | 91 | data_source_name: 92 | $name: "Data Source Name (legacy)" 93 | $type: text 94 | $default: postgresql://user:passwd@localhost:5432/database?sslmode=disable 95 | $help: This is a legacy configuration option kept for compatibility reasons. Can be removed in future versions. 96 | 97 | data_source_hostname: 98 | $type: text 99 | 100 | data_source_port: 101 | $type: number 102 | 103 | data_source_database: 104 | $type: text 105 | 106 | data_source_user: 107 | $type: text 108 | 109 | data_source_password: 110 | $type: password 111 | 112 | args: 113 | $name: "Arguments" 114 | $type: text 115 | $help: Please refer to the documentation for available options. 116 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Enable and configure Prometheus exporters for managed systems. 3 | group: monitoring 4 | 5 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/metadata/pillar.example: -------------------------------------------------------------------------------- 1 | proxy_enabled: False 2 | proxy_port: 9999 3 | 4 | exporters: 5 | node_exporter: 6 | enabled: True 7 | address: ':9100' 8 | args: '--collector.systemd' 9 | 10 | apache_exporter: 11 | enabled: False 12 | address: ':9117' 13 | 14 | postgres_exporter: 15 | enabled: False 16 | address: ':9187' 17 | data_source_name: postgresql://user:passwd@localhost:5432/database?sslmode=disable 18 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/apache-exporter-config.Debian: -------------------------------------------------------------------------------- 1 | # Set the command-line arguments to pass to the server. 2 | ARGS={{ args }} 3 | 4 | #Usage of prometheus-apache-exporter: 5 | # -host_override string 6 | # Override for HTTP Host header; empty string for no override. 7 | # -insecure 8 | # Ignore server certificate if using https. 9 | # -scrape_uri string 10 | # URI to apache stub status page. (default 11 | # "http://localhost/server-status/?auto") 12 | # -telemetry.address string 13 | # Address on which to expose metrics. (default ":9117") 14 | # -telemetry.endpoint string 15 | # Path under which to expose metrics. (default "/metrics") 16 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/apache-exporter-config.RedHat: -------------------------------------------------------------------------------- 1 | ## Path: Applications/ApacheExporter 2 | ## Description: Prometheus exporter for apache metrics 3 | ## Type: string() 4 | ## Default: "" 5 | ## ServiceRestart: prometheus-apache_exporter 6 | # 7 | # Arguments for running prometheus-apache_exporter 8 | # 9 | ARGS={{ args }} 10 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/apache-exporter-config.Suse: -------------------------------------------------------------------------------- 1 | ## Path: Applications/ApacheExporter 2 | ## Description: Prometheus exporter for apache metrics 3 | ## Type: string() 4 | ## Default: "" 5 | ## ServiceRestart: prometheus-apache_exporter 6 | # 7 | # Arguments for running prometheus-apache_exporter 8 | # 9 | ARGS={{ args }} 10 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/exporter-exporter-config.Debian: -------------------------------------------------------------------------------- 1 | ## Path: Applications/ExporterExporter 2 | ## Description: Reverse proxy designed for Prometheus exporters 3 | ## Type: string() 4 | ## Default: "" 5 | ## ServiceRestart: prometheus-exporter_exporter 6 | # 7 | # Arguments for running prometheus-exporter_exporter 8 | # 9 | {% set proxy_port = salt['pillar.get']('proxy_port') %} 10 | [Service] 11 | EnvironmentFile= 12 | Environment="ARGS=-config.file /etc/exporter_exporter.yaml -config.dirs /etc/exporter_exporter.d -web.listen-address=:{{ proxy_port }}" 13 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/exporter-exporter-config.RedHat: -------------------------------------------------------------------------------- 1 | ## Path: Applications/ExporterExporter 2 | ## Description: Reverse proxy designed for Prometheus exporters 3 | ## Type: string() 4 | ## Default: "" 5 | ## ServiceRestart: prometheus-exporter_exporter 6 | # 7 | # Arguments for running prometheus-exporter_exporter 8 | # 9 | {% set proxy_port = salt['pillar.get']('proxy_port') %} 10 | EXPEXP_FLAGS='-web.listen-address=:{{ proxy_port }}' 11 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/exporter-exporter-config.Suse: -------------------------------------------------------------------------------- 1 | ## Path: Applications/ExporterExporter 2 | ## Description: Reverse proxy designed for Prometheus exporters 3 | ## Type: string() 4 | ## Default: "" 5 | ## ServiceRestart: prometheus-exporter_exporter 6 | # 7 | # Arguments for running prometheus-exporter_exporter 8 | # 9 | {% set proxy_port = salt['pillar.get']('proxy_port') %} 10 | EXPEXP_FLAGS='-web.listen-address=:{{ proxy_port }}' 11 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/exporter-exporter.yaml: -------------------------------------------------------------------------------- 1 | modules: {} 2 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/exporter-proxy.yaml: -------------------------------------------------------------------------------- 1 | {% set exporter_address = salt['pillar.get']('exporters:' ~ module ~ '_exporter:address') %} 2 | {% set exporter_port = exporter_address.rsplit(':')[-1] %} 3 | {% set exporter_host = exporter_address.split(':')[0] %} 4 | 5 | method: http 6 | http: 7 | port: {{ exporter_port }} 8 | {% if exporter_host %} 9 | address: {{ exporter_host }} 10 | {% endif %} 11 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/node-exporter-config.RedHat: -------------------------------------------------------------------------------- 1 | ## Path: Applications/NodeExporter 2 | ## Description: Prometheus exporter for machine metrics 3 | ## Type: string() 4 | ## Default: "" 5 | ## ServiceRestart: prometheus-node_exporter 6 | # 7 | # Arguments for running prometheus-node_exporter 8 | # 9 | ARGS={{ args }} 10 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/node-exporter-config.Suse: -------------------------------------------------------------------------------- 1 | ## Path: Applications/NodeExporter 2 | ## Description: Prometheus exporter for machine metrics 3 | ## Type: string() 4 | ## Default: "" 5 | ## ServiceRestart: prometheus-node_exporter 6 | # 7 | # Arguments for running prometheus-node_exporter 8 | # 9 | ARGS={{ args }} 10 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/postgres-exporter-config.Debian: -------------------------------------------------------------------------------- 1 | {%- set source_name = salt['pillar.get']('exporters:postgres_exporter:data_source_name') %} 2 | 3 | {%- set host = salt['pillar.get']('exporters:postgres_exporter:data_source_hostname') %} 4 | {%- if not host and source_name %} 5 | {%- set host = source_name | regex_search('postgresq?l?:\/\/[^:@\s]*:[^@\s]*@([^\/\?\s]+):\d{1,5}/[^?\s]*') | first %} 6 | {%- endif %} 7 | 8 | {%- set port = salt['pillar.get']('exporters:postgres_exporter:data_source_port') %} 9 | {%- if not port and source_name %} 10 | {%- set port = source_name | regex_search('postgresq?l?:\/\/[^:@\s]*:[^@\s]*@[^\/\?\s]+:(\d{1,5})/[^?\s]*') | first %} 11 | {%- endif %} 12 | 13 | {%- set db = salt['pillar.get']('exporters:postgres_exporter:data_source_database') %} 14 | {%- if not db and source_name %} 15 | {%- set db = source_name | regex_search('postgresq?l?:\/\/[^:@\s]*:[^@\s]*@[^\/\?\s]+:\d{1,5}/([^?\s]*)') | first %} 16 | {%- endif %} 17 | 18 | {%- set user = salt['pillar.get']('exporters:postgres_exporter:data_source_user') %} 19 | {%- if not user and source_name %} 20 | {%- set user = source_name | regex_search('postgresq?l?:\/\/([^:@\s]*):[^@\s]*@[^\/\?\s]+:\d{1,5}/[^?\s]*') | first %} 21 | {%- endif %} 22 | [Service] 23 | EnvironmentFile= 24 | Environment="DATA_SOURCE_URI={{ host }}:{{ port }}/{{ db }}?sslmode=disable" 25 | Environment="DATA_SOURCE_USER={{ user }}" 26 | Environment="DATA_SOURCE_PASS_FILE={{ password_file }}" 27 | Environment="POSTGRES_EXPORTER_PARAMS={{ args }}" 28 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/postgres-exporter-config.RedHat: -------------------------------------------------------------------------------- 1 | {%- set source_name = salt['pillar.get']('exporters:postgres_exporter:data_source_name') %} 2 | 3 | {%- set host = salt['pillar.get']('exporters:postgres_exporter:data_source_hostname') %} 4 | {%- if not host and source_name %} 5 | {%- set host = source_name | regex_search('postgresq?l?:\/\/[^:@\s]*:[^@\s]*@([^\/\?\s]+):\d{1,5}/[^?\s]*') | first %} 6 | {%- endif %} 7 | 8 | {%- set port = salt['pillar.get']('exporters:postgres_exporter:data_source_port') %} 9 | {%- if not port and source_name %} 10 | {%- set port = source_name | regex_search('postgresq?l?:\/\/[^:@\s]*:[^@\s]*@[^\/\?\s]+:(\d{1,5})/[^?\s]*') | first %} 11 | {%- endif %} 12 | 13 | {%- set db = salt['pillar.get']('exporters:postgres_exporter:data_source_database') %} 14 | {%- if not db and source_name %} 15 | {%- set db = source_name | regex_search('postgresq?l?:\/\/[^:@\s]*:[^@\s]*@[^\/\?\s]+:\d{1,5}/([^?\s]*)') | first %} 16 | {%- endif %} 17 | 18 | {%- set user = salt['pillar.get']('exporters:postgres_exporter:data_source_user') %} 19 | {%- if not user and source_name %} 20 | {%- set user = source_name | regex_search('postgresq?l?:\/\/([^:@\s]*):[^@\s]*@[^\/\?\s]+:\d{1,5}/[^?\s]*') | first %} 21 | {%- endif %} 22 | [Service] 23 | EnvironmentFile= 24 | Environment="DATA_SOURCE_URI={{ host }}:{{ port }}/{{ db }}?sslmode=disable" 25 | Environment="DATA_SOURCE_USER={{ user }}" 26 | Environment="DATA_SOURCE_PASS_FILE={{ password_file }}" 27 | Environment="POSTGRES_EXPORTER_PARAMS={{ args }}" 28 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/postgres-exporter-config.Suse: -------------------------------------------------------------------------------- 1 | {%- set source_name = salt['pillar.get']('exporters:postgres_exporter:data_source_name') %} 2 | 3 | {%- set host = salt['pillar.get']('exporters:postgres_exporter:data_source_hostname') %} 4 | {%- if not host and source_name %} 5 | {%- set host = source_name | regex_search('postgresq?l?:\/\/[^:@\s]*:[^@\s]*@([^\/\?\s]+):\d{1,5}/[^?\s]*') | first %} 6 | {%- endif %} 7 | 8 | {%- set port = salt['pillar.get']('exporters:postgres_exporter:data_source_port') %} 9 | {%- if not port and source_name %} 10 | {%- set port = source_name | regex_search('postgresq?l?:\/\/[^:@\s]*:[^@\s]*@[^\/\?\s]+:(\d{1,5})/[^?\s]*') | first %} 11 | {%- endif %} 12 | 13 | {%- set db = salt['pillar.get']('exporters:postgres_exporter:data_source_database') %} 14 | {%- if not db and source_name %} 15 | {%- set db = source_name | regex_search('postgresq?l?:\/\/[^:@\s]*:[^@\s]*@[^\/\?\s]+:\d{1,5}/([^?\s]*)') | first %} 16 | {%- endif %} 17 | 18 | {%- set user = salt['pillar.get']('exporters:postgres_exporter:data_source_user') %} 19 | {%- if not user and source_name %} 20 | {%- set user = source_name | regex_search('postgresq?l?:\/\/([^:@\s]*):[^@\s]*@[^\/\?\s]+:\d{1,5}/[^?\s]*') | first %} 21 | {%- endif %} 22 | [Service] 23 | EnvironmentFile= 24 | Environment="DATA_SOURCE_URI={{ host }}:{{ port }}/{{ db }}?sslmode=disable" 25 | Environment="DATA_SOURCE_USER={{ user }}" 26 | Environment="DATA_SOURCE_PASS_FILE={{ password_file }}" 27 | Environment="POSTGRES_EXPORTER_PARAMS={{ args }}" 28 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/postgres-exporter-password: -------------------------------------------------------------------------------- 1 | {%- set source_name = salt['pillar.get']('exporters:postgres_exporter:data_source_name') %} 2 | {%- set password = salt['pillar.get']('exporters:postgres_exporter:data_source_password') %} 3 | {%- if not password and source_name %} 4 | {%- set password = source_name | regex_search('postgresq?l?:\/\/[^:@\s]*:([^@\s]*)@[^\/\?\s]+:\d{1,5}/[^?\s]*') | first %} 5 | {%- endif -%} 6 | {{ password }} 7 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/files/web.yml: -------------------------------------------------------------------------------- 1 | tls_server_config: 2 | cert_file: {{ salt['pillar.get']('tls:server_certificate') }} 3 | key_file: {{ salt['pillar.get']('tls:server_key') }} 4 | client_ca_file: {{ salt['pillar.get']('tls:ca_certificate', '/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT') }} 5 | client_auth_type: RequireClientCert 6 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/prometheus-exporters/map.jinja: -------------------------------------------------------------------------------- 1 | {% set exporters = salt['grains.filter_by']({ 2 | 'Suse': { 3 | 'node_exporter_package': 'golang-github-prometheus-node_exporter', 4 | 'node_exporter_service': 'prometheus-node_exporter', 5 | 'node_exporter_service_config': '/etc/sysconfig/prometheus-node_exporter', 6 | 'apache_exporter_package': 'golang-github-lusitaniae-apache_exporter', 7 | 'apache_exporter_service': 'prometheus-apache_exporter', 8 | 'apache_exporter_service_config': '/etc/sysconfig/prometheus-apache_exporter', 9 | 'postgres_exporter_package': 'prometheus-postgres_exporter', 10 | 'postgres_exporter_service': 'prometheus-postgres_exporter', 11 | 'postgres_exporter_service_config': '/etc/systemd/system/prometheus-postgres_exporter.service.d/60-suse-salt-formula.conf', 12 | 'postgres_exporter_password_file': '/etc/postgres_exporter/pg_passwd', 13 | 'exporter_exporter_package': 'golang-github-QubitProducts-exporter_exporter', 14 | 'exporter_exporter_service': 'prometheus-exporter_exporter', 15 | 'exporter_exporter_service_config': '/etc/sysconfig/prometheus-exporter_exporter', 16 | }, 17 | 'Debian': { 18 | 'node_exporter_package': 'prometheus-node-exporter', 19 | 'node_exporter_service': 'prometheus-node-exporter', 20 | 'node_exporter_service_config': '/etc/default/prometheus-node-exporter', 21 | 'apache_exporter_package': 'prometheus-apache-exporter', 22 | 'apache_exporter_service': 'prometheus-apache-exporter', 23 | 'apache_exporter_service_config': '/etc/default/prometheus-apache-exporter', 24 | 'postgres_exporter_package': 'prometheus-postgres-exporter', 25 | 'postgres_exporter_service': 'prometheus-postgres-exporter', 26 | 'postgres_exporter_service_config': '/etc/systemd/system/prometheus-postgres-exporter.service.d/60-suse-salt-formula.conf', 27 | 'postgres_exporter_password_file': '/etc/postgres_exporter/pg_passwd', 28 | 'exporter_exporter_package': 'prometheus-exporter-exporter', 29 | 'exporter_exporter_service': 'prometheus-exporter-exporter', 30 | 'exporter_exporter_service_config': '/etc/systemd/system/prometheus-exporter-exporter.service.d/uyuni.conf', 31 | }, 32 | 'RedHat': { 33 | 'node_exporter_package': 'golang-github-prometheus-node_exporter', 34 | 'node_exporter_service': 'prometheus-node_exporter', 35 | 'node_exporter_service_config': '/etc/sysconfig/prometheus-node_exporter', 36 | 'apache_exporter_package': 'golang-github-lusitaniae-apache_exporter', 37 | 'apache_exporter_service': 'prometheus-apache_exporter', 38 | 'apache_exporter_service_config': '/etc/sysconfig/prometheus-apache_exporter', 39 | 'postgres_exporter_package': 'prometheus-postgres_exporter', 40 | 'postgres_exporter_service': 'prometheus-postgres_exporter', 41 | 'postgres_exporter_service_config': '/etc/systemd/system/prometheus-postgres_exporter.service.d/60-suse-salt-formula.conf', 42 | 'postgres_exporter_password_file': '/etc/postgres_exporter/pg_passwd', 43 | }, 44 | }, merge=salt['pillar.get']('exporters:lookup')) %} 45 | -------------------------------------------------------------------------------- /prometheus-exporters-formula/scripts/migrate_formula_data.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | from collections import MutableMapping 4 | import json 5 | from pathlib import Path 6 | import shutil 7 | 8 | 9 | pillar_paths = [Path('/srv/susemanager/formula_data/pillar'), 10 | Path('/srv/susemanager/formula_data/group_pillar')] 11 | v05_keys = {'proxy_enabled', 'proxy_port'} 12 | v1_keys = {'node_exporter', 'apache_exporter', 'postgres_exporter'} 13 | 14 | 15 | class Migration: 16 | def __init__(self, path, filename): 17 | self.filepath = path / filename 18 | self.data = None 19 | 20 | def parse(self): 21 | with open(self.filepath) as formula_data: 22 | self.data = json.load(formula_data) 23 | 24 | def identify_schema_version(self): 25 | # schema 0.5 has no proxy support 26 | if set(self.data.keys()) & v05_keys != v05_keys: 27 | return 0.5 28 | # schema 1 has exporter names as keys 29 | if set(self.data.keys()) & v1_keys: 30 | return 1 31 | else: 32 | return 0 33 | 34 | # set default values for proxy configuration 35 | def migrate_from_version_05(self): 36 | if 'proxy_enabled' not in self.data: 37 | self.data['proxy_enabled'] = False 38 | if 'proxy_port' not in self.data: 39 | self.data['proxy_port'] = 9999 40 | 41 | # move `v1_keys` objects to `exporters` dictionary 42 | def migrate_from_version_1(self): 43 | exporters = self.data['exporters'] = {} 44 | for exporter in v1_keys: 45 | if exporter in self.data: 46 | exporters[exporter] = self.data.pop(exporter) 47 | 48 | def fix_schema(self): 49 | none_value_to_empty_string(self.data) 50 | 51 | def migrate(self): 52 | schema_version = self.identify_schema_version() 53 | 54 | if schema_version > 0: 55 | shutil.copy2(self.filepath, self.filepath.with_suffix( 56 | '.v{0}'.format(schema_version))) 57 | if schema_version <= 0.5: 58 | self.migrate_from_version_05() 59 | if schema_version <= 1: 60 | self.migrate_from_version_1() 61 | 62 | def dump(self): 63 | with open(self.filepath, 'w') as output: 64 | json.dump(self.data, output) 65 | 66 | 67 | def none_value_to_empty_string(data): 68 | if isinstance(data, MutableMapping): 69 | for k, v in data.items(): 70 | if v is None: 71 | data[k] = '' 72 | else: 73 | none_value_to_empty_string(v) 74 | 75 | 76 | # Find all prometheus-exporters formula data files and migrate them to the 77 | # current schema. Old versions stored for backup. 78 | for pillar_path in pillar_paths: 79 | if pillar_path.exists(): 80 | for formula_data_filename in pillar_path.iterdir(): 81 | if formula_data_filename.name.endswith( 82 | '_prometheus-exporters.json'): 83 | formula_migration = Migration(pillar_path, 84 | formula_data_filename) 85 | formula_migration.parse() 86 | formula_migration.fix_schema() 87 | formula_migration.migrate() 88 | formula_migration.dump() 89 | -------------------------------------------------------------------------------- /prometheus-formula/README.md: -------------------------------------------------------------------------------- 1 | Prometheus formula 2 | ================== 3 | 4 | This formula installs and configures _Prometheus_, _Alertmanager_ and _Blackbox 5 | exporter_ for _Uyuni_ and _SUSE Manager_. 6 | 7 | Currently only _openSUSE_ and _SUSE Linux Enterprise Server_ are supported. Users can 8 | however adapt the formula by setting following pillar values according to package and 9 | service names for their distribution: 10 | 11 | ```yaml 12 | prometheus: 13 | lookup: 14 | prometheus_package: golang-github-prometheus-prometheus 15 | alertmanager_package: golang-github-prometheus-alertmanager 16 | blackbox_exporter_package: prometheus-blackbox_exporter 17 | prometheus_service: prometheus 18 | alertmanager_service: prometheus-alertmanager 19 | blackbox_exporter_service: prometheus-blackbox_exporter 20 | blackbox_exporter_service_config: /etc/systemd/system/prometheus-blackbox_exporter.service.d/uyuni.conf 21 | prometheus_config: salt://prometheus/files/prometheus.yml 22 | ``` 23 | -------------------------------------------------------------------------------- /prometheus-formula/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Enable and configure Prometheus 3 | group: monitoring 4 | 5 | -------------------------------------------------------------------------------- /prometheus-formula/metadata/pillar.example: -------------------------------------------------------------------------------- 1 | prometheus: 2 | scrape_interval: 15 3 | evaluation_interval: 15 4 | monitor_mgr_server: True 5 | 6 | alertmanager: 7 | enabled: True 8 | 9 | -------------------------------------------------------------------------------- /prometheus-formula/prometheus-formula.changes: -------------------------------------------------------------------------------- 1 | * Fix checking Prometheus package version 2 | 3 | ------------------------------------------------------------------- 4 | Mon Jan 15 13:15:01 UTC 2024 - Witek Bedyk 5 | 6 | - Version 0.8.0 7 | * Fix federation endpoint 8 | * Add remote write configuration 9 | * Add group filtering for service discovery relabeling 10 | configuration 11 | 12 | ------------------------------------------------------------------- 13 | Tue Dec 19 09:32:35 UTC 2023 - Witek Bedyk 14 | 15 | - Version 0.7.1 16 | * Fix PrometheusNotIngestingSamples false positive alerts 17 | (bsc#1216550) 18 | 19 | ------------------------------------------------------------------- 20 | Thu Nov 3 11:53:07 UTC 2022 - Witek Bedyk 21 | 22 | - Version 0.7.0 23 | * Switch from basic authentication to TLS certificate client 24 | authentication for Blackbox exporter 25 | * Fix scheme label in clients targets configration 26 | * Add README.md 27 | 28 | ------------------------------------------------------------------- 29 | Thu May 5 08:03:42 UTC 2022 - Witek Bedyk 30 | 31 | - Version 0.6.2 32 | * Allow prometheus-formula only for SUSE systems (bsc#1199149) 33 | 34 | ------------------------------------------------------------------- 35 | Fri Feb 25 15:04:59 UTC 2022 - Witek Bedyk 36 | 37 | - Version 0.6.1 38 | * Fix checking available package version (bsc#1196489) 39 | 40 | ------------------------------------------------------------------- 41 | Tue Feb 8 13:46:50 UTC 2022 - Witek Bedyk 42 | 43 | - Version 0.6.0 44 | * Add support for new Uyuni SD in Prometheus >= 2.31 45 | * Fix Blackbox exporter configuration for Prometheus >= 2.31 46 | 47 | ------------------------------------------------------------------- 48 | Tue Oct 12 14:05:13 UTC 2021 - Witek Bedyk 49 | 50 | - Version 0.5.1 51 | * Fix opening Prometheus ports on proxy 52 | 53 | ------------------------------------------------------------------- 54 | Tue Sep 14 14:09:08 UTC 2021 - Witek Bedyk 55 | 56 | - Version 0.5.0 57 | * Add Prometheus targets configuration for minions SSH probing 58 | * Add blackbox exporter 59 | * Open Prometheus ports (bsc#1191144) 60 | 61 | ------------------------------------------------------------------- 62 | Wed Jul 7 08:36:19 UTC 2021 - Witek Bedyk 63 | 64 | - Version 0.4.1 65 | - Add docs stings in file SD UI 66 | 67 | ------------------------------------------------------------------- 68 | Tue May 4 18:58:17 UTC 2021 - Witek Bedyk 69 | 70 | - Version 0.4.0 71 | - Add TLS support for node exporter targets 72 | - Add TLS support for Prometheus server 73 | 74 | ------------------------------------------------------------------- 75 | Fri Feb 5 12:50:31 UTC 2021 - Witek Bedyk 76 | 77 | - Version 0.3.1 78 | - Set server hostname from pillar data (bsc#1180439) 79 | 80 | ------------------------------------------------------------------- 81 | Thu Oct 29 12:00:47 UTC 2020 - Witek Bedyk 82 | 83 | - Update to version 0.3.0 84 | - Disable Alertmanager clustering (bsc#1178145) 85 | 86 | ------------------------------------------------------------------- 87 | Fri Oct 2 12:36:57 UTC 2020 - Witek Bedyk 88 | 89 | - Use variable for product name 90 | 91 | ------------------------------------------------------------------- 92 | Thu Apr 23 08:11:39 UTC 2020 - Witek Bedyk 93 | 94 | - Update to version 0.2.1 95 | - Bugfix: Check for non-empty credentials (bsc#1168805) 96 | 97 | ------------------------------------------------------------------- 98 | Tue Mar 31 15:30:05 UTC 2020 - Witek Bedyk 99 | 100 | - Update to version 0.2 101 | - Add meta-monitoring configuration 102 | 103 | ------------------------------------------------------------------- 104 | Tue Mar 24 10:58:58 UTC 2020 - Witek Bedyk 105 | 106 | - Add federation configuration 107 | 108 | ------------------------------------------------------------------- 109 | Mon Dec 9 16:32:11 UTC 2019 - malbu@suse.com 110 | 111 | - Bugfix: disabled fields not enabled when checkbox is checked 112 | 113 | ------------------------------------------------------------------- 114 | Tue Oct 15 16:41:21 UTC 2019 - malbu@suse.com 115 | 116 | - Initial version of prometheus-formula 117 | -------------------------------------------------------------------------------- /prometheus-formula/prometheus-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package prometheus-formula 3 | # 4 | # Copyright (c) 2019 SUSE LLC 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | %define fname prometheus 20 | %define fdir %{_datadir}/susemanager/formulas 21 | Name: prometheus-formula 22 | Version: 0.8.0 23 | Release: 0 24 | Summary: Salt formula for installing and configuring Prometheus monitoring system 25 | License: Apache-2.0 26 | Group: System/Packages 27 | Url: https://github.com/SUSE/salt-formulas 28 | Source: prometheus-formula-%{version}.tar.gz 29 | BuildRoot: %{_tmppath}/%{name}-%{version}-build 30 | BuildArch: noarch 31 | 32 | %description 33 | Salt formula for installing and configuring Prometheus monitoring system. 34 | 35 | %prep 36 | %setup -q 37 | 38 | %build 39 | 40 | %install 41 | mkdir -p %{buildroot}%{fdir}/states/%{fname} 42 | mkdir -p %{buildroot}%{fdir}/metadata/%{fname} 43 | cp -R prometheus/* %{buildroot}%{fdir}/states/%{fname} 44 | cp -R metadata/* %{buildroot}%{fdir}/metadata/%{fname} 45 | 46 | %files 47 | %defattr(-,root,root) 48 | %doc README.md 49 | %license LICENSE 50 | %dir %{_datadir}/susemanager 51 | %dir %{fdir} 52 | %dir %{fdir}/states 53 | %dir %{fdir}/metadata 54 | %{fdir}/states/%{fname} 55 | %{fdir}/metadata/%{fname} 56 | 57 | %changelog 58 | -------------------------------------------------------------------------------- /prometheus-formula/prometheus/files/alertmanager-service.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | EnvironmentFile= 3 | Environment="ARGS=--cluster.listen-address=''" 4 | -------------------------------------------------------------------------------- /prometheus-formula/prometheus/files/blackbox-web.yml: -------------------------------------------------------------------------------- 1 | tls_server_config: 2 | cert_file: {{ salt['pillar.get']('prometheus:tls:server_certificate') }} 3 | key_file: {{ salt['pillar.get']('prometheus:tls:server_key') }} 4 | client_ca_file: {{ salt['pillar.get']('prometheus:blackbox_exporter:ca_certificate', '/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT') }} 5 | client_auth_type: RequireClientCert 6 | -------------------------------------------------------------------------------- /prometheus-formula/prometheus/files/blackbox_exporter-service.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | EnvironmentFile= 3 | Environment="ARGS={{ args }}" 4 | -------------------------------------------------------------------------------- /prometheus-formula/prometheus/files/general-rules.yml: -------------------------------------------------------------------------------- 1 | groups: 2 | - name: general.rules 3 | rules: 4 | - alert: TargetDown 5 | annotations: 6 | message: '{{ printf "%.4g" $value }}% of the {{ $labels.job }}/{{ $labels.instance 7 | }} instances are down.' 8 | expr: 100 * (count(up == 0) BY (job, instance) / count(up) BY (job, 9 | instance)) > 10 10 | for: 10m 11 | labels: 12 | severity: warning 13 | -------------------------------------------------------------------------------- /prometheus-formula/prometheus/files/mgr-server.yml: -------------------------------------------------------------------------------- 1 | - targets: 2 | - {{ uyuni_server_hostname }}:9100 3 | - {{ uyuni_server_hostname }}:5556 4 | - {{ uyuni_server_hostname }}:5557 5 | - {{ uyuni_server_hostname }}:9800 6 | labels: {} 7 | - targets: 8 | - {{ uyuni_server_hostname }}:9187 9 | labels: 10 | role: postgres 11 | -------------------------------------------------------------------------------- /prometheus-formula/prometheus/files/prometheus-service.conf: -------------------------------------------------------------------------------- 1 | [Service] 2 | EnvironmentFile= 3 | Environment="ARGS={{ args }}{{ enable_receiver }}" 4 | -------------------------------------------------------------------------------- /prometheus-formula/prometheus/files/web.yml: -------------------------------------------------------------------------------- 1 | tls_server_config: 2 | cert_file: {{ salt['pillar.get']('prometheus:tls:server_certificate') }} 3 | key_file: {{ salt['pillar.get']('prometheus:tls:server_key') }} 4 | basic_auth_users: 5 | {{ salt['pillar.get']('prometheus:tls:username') }}: {{ salt['pillar.get']('prometheus:tls:password') }} 6 | -------------------------------------------------------------------------------- /prometheus-formula/prometheus/map.jinja: -------------------------------------------------------------------------------- 1 | {% set prometheus = salt['grains.filter_by']({ 2 | 'Suse': { 3 | 'prometheus_package': 'golang-github-prometheus-prometheus', 4 | 'alertmanager_package': 'golang-github-prometheus-alertmanager', 5 | 'blackbox_exporter_package': 'prometheus-blackbox_exporter', 6 | 'prometheus_service': 'prometheus', 7 | 'alertmanager_service': 'prometheus-alertmanager', 8 | 'blackbox_exporter_service': 'prometheus-blackbox_exporter', 9 | 'blackbox_exporter_service_config': '/etc/systemd/system/prometheus-blackbox_exporter.service.d/uyuni.conf', 10 | 'prometheus_config': 'salt://prometheus/files/prometheus.yml', 11 | 'prometheus_config_old': 'salt://prometheus/files/prometheus_old.yml' 12 | }, 13 | }, merge=salt['pillar.get']('prometheus:lookup')) %} 14 | -------------------------------------------------------------------------------- /pxe-formula/form.yml: -------------------------------------------------------------------------------- 1 | pxe: 2 | $type: hidden-group 3 | 4 | kernel_name: 5 | $name: 'Kernel Filename' 6 | $type: text 7 | $default: 'linux' 8 | 9 | initrd_name: 10 | $name: 'Initrd Filename' 11 | $type: text 12 | $default: 'initrd' 13 | 14 | enable_arm64: 15 | $name: 'Enable ARM64 UEFI Boot' 16 | $type: boolean 17 | $default: false 18 | 19 | kernel_name_arm64: 20 | $name: 'Kernel Filename for ARM64' 21 | $type: text 22 | $default: 'linux_arm64' 23 | $visible: "this.parent.value.enable_arm64" 24 | 25 | initrd_name_arm64: 26 | $name: 'Initrd Filename for ARM64' 27 | $type: text 28 | $default: 'initrd_arm64' 29 | $visible: "this.parent.value.enable_arm64" 30 | 31 | default_kernel_parameters: 32 | $name: 'Kernel Command Line Parameters' 33 | $type: text 34 | $default: 'panic=60 ramdisk_size=710000 ramdisk_blocksize=4096 vga=0x317 splash=silent kiwidebug=0' 35 | 36 | pxe_root_directory: 37 | $name: 'PXE Root Directory' 38 | $type: text 39 | $default: '/srv/saltboot' 40 | 41 | -------------------------------------------------------------------------------- /pxe-formula/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | PXE settings for branch server 3 | group: SUSE_manager_for_retail 4 | after: 5 | - branch-network 6 | -------------------------------------------------------------------------------- /pxe-formula/pillar.example: -------------------------------------------------------------------------------- 1 | # from salt form: 2 | branchserver: 3 | kernel_name: 'linux' 4 | initrd_name: 'initrd' 5 | default_kernel_parameters: 'panic=60 ramdisk_size=710000 ramdisk_blocksize=4096 vga=0x317 splash=silent kiwidebug=1' 6 | 7 | 8 | # from reactor: 9 | root: '/dev/sda3' 10 | 11 | terminal_hwaddr_interfaces: 12 | lo: '00:00:00:00:00:00' 13 | eth0: '6c:ae:8b:10:01:25' 14 | 15 | terminal_kernel_parameters: 'console=ttyS0,57600' 16 | -------------------------------------------------------------------------------- /pxe-formula/pxe-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package pxe-formula 3 | # 4 | # Copyright (c) 2025 SUSE LLC 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | %define fname pxe 20 | Name: %{fname}-formula 21 | Version: 0.3.0 22 | Release: 0 23 | Summary: Formula for PXE boot server files on Retail branchserver 24 | License: GPL-2.0-or-later 25 | Group: System/Packages 26 | URL: https://github.com/SUSE/salt-formulas 27 | Source: %{fname}-formula-%{version}.tar.gz 28 | BuildArch: noarch 29 | 30 | %description 31 | Formula for install, setup and uninstall of syslinux pxe boot on POS branchserver 32 | 33 | %prep 34 | %setup -q 35 | 36 | %build 37 | 38 | %install 39 | mkdir -p %{buildroot}%{_datadir}/susemanager/formulas/states/%{fname}/files 40 | mkdir -p %{buildroot}%{_datadir}/susemanager/formulas/metadata/%{fname} 41 | cp -R %{fname}/* %{buildroot}%{_datadir}/susemanager/formulas/states/%{fname} 42 | cp form.yml %{buildroot}%{_datadir}/susemanager/formulas/metadata/%{fname} 43 | cp metadata.yml %{buildroot}%{_datadir}/susemanager/formulas/metadata/%{fname} 44 | 45 | 46 | %files 47 | %{_datadir}/susemanager 48 | 49 | %changelog 50 | -------------------------------------------------------------------------------- /pxe-formula/pxe/files/pxecfg.grub2.base: -------------------------------------------------------------------------------- 1 | configfile ${prefix}/pxelinux.cfg/01:$net_default_mac.grub2.cfg 2 | configfile ${prefix}/pxelinux.cfg/default.grub2_${grub_cpu}.cfg 3 | configfile ${prefix}/pxelinux.cfg/default.grub2.cfg 4 | -------------------------------------------------------------------------------- /pxe-formula/pxe/files/pxecfg.grub2.template: -------------------------------------------------------------------------------- 1 | {%- set kernel = kernel|default(salt['pillar.get']('pxe:kernel_name', 'linux')) %} 2 | {%- set initrd = initrd|default(salt['pillar.get']('pxe:initrd_name', 'initrd')) %} 3 | {%- set boot_image = 'boot_images:' + salt['pillar.get']('boot_image', 'default') %} 4 | {%- if salt['pillar.get'](boot_image) %} 5 | {%- set kernel = salt['pillar.get'](boot_image + ':kernel:url', '').split('/')[-1] %} 6 | {%- set initrd = salt['pillar.get'](boot_image + ':initrd:url', '').split('/')[-1] %} 7 | {%- set local_path = salt['pillar.get'](boot_image +':sync:local_path') %} 8 | {%- if local_path %} 9 | {%- set kernel = local_path + '/' + kernel %} 10 | {%- set initrd = local_path + '/' + initrd %} 11 | {%- endif %} 12 | {%- endif %} 13 | 14 | {%- set naming_config = '' %} 15 | {%- if salt['pillar.get']('pxe:disable_id_prefix') %} 16 | {%- set naming_config = "DISABLE_ID_PREFIX=1" %} 17 | {%- endif %} 18 | {%- if salt['pillar.get']('pxe:disable_unique_suffix') %} 19 | {%- set naming_config = naming_config + " DISABLE_UNIQUE_SUFFIX=1" %} 20 | {%- endif %} 21 | {%- set minion_id_naming = salt['pillar.get']('pxe:minion_id_naming', 'Hostname') %} 22 | {%- if minion_id_naming == 'FQDN' %} 23 | {%- set naming_config = naming_config + " USE_FQDN_MINION_ID=1" %} 24 | {%- elif minion_id_naming == 'HWType' %} 25 | {%- set naming_config = naming_config + " DISABLE_HOSTNAME_ID=1" %} 26 | {%- elif minion_id_naming == 'MAC' %} 27 | {%- set naming_config = naming_config + " USE_MAC_MINION_ID=1" %} 28 | {%- endif %} 29 | 30 | default=0 31 | timeout=1 32 | if test "${grub_platform}" = "efi" -a ( "${grub_cpu}" = "x86_64" -o "${grub_cpu}" = "i386" ) ; then 33 | menuentry netboot { 34 | linuxefi ${prefix}/{{ kernel }} {{ salt['pillar.get']('pxe:default_kernel_parameters', '') }} {{ naming_config }} MINION_ID_PREFIX={{ salt['pillar.get']('pxe:branch_id', 'UnknownBranch') }} 35 | {{- ' root=' + pillar['root'] if salt['pillar.get']('root') else '' }} 36 | {{- ' salt_device=' + pillar['salt_device'] if salt['pillar.get']('salt_device') else '' }} 37 | {{- ' ' + salt['pillar.get']('terminal_kernel_parameters', '') }} 38 | initrdefi ${prefix}/{{ initrd }} 39 | } 40 | else 41 | menuentry netboot { 42 | linux ${prefix}/{{ kernel }} {{ salt['pillar.get']('pxe:default_kernel_parameters', '') }} {{ naming_config }} MINION_ID_PREFIX={{ salt['pillar.get']('pxe:branch_id', 'UnknownBranch') }} 43 | {{- ' root=' + pillar['root'] if salt['pillar.get']('root') else '' }} 44 | {{- ' salt_device=' + pillar['salt_device'] if salt['pillar.get']('salt_device') else '' }} 45 | {{- ' ' + salt['pillar.get']('terminal_kernel_parameters', '') }} 46 | initrd ${prefix}/{{ initrd }} 47 | } 48 | fi 49 | -------------------------------------------------------------------------------- /pxe-formula/pxe/files/pxecfg.template: -------------------------------------------------------------------------------- 1 | {%- set kernel = salt['pillar.get']('pxe:kernel_name', 'linux') %} 2 | {%- set initrd = salt['pillar.get']('pxe:initrd_name', 'initrd') %} 3 | {%- set boot_image = 'boot_images:' + salt['pillar.get']('boot_image', 'default') %} 4 | {%- if salt['pillar.get'](boot_image) %} 5 | {%- set kernel = salt['pillar.get'](boot_image + ':kernel:url', '').split('/')[-1] %} 6 | {%- set initrd = salt['pillar.get'](boot_image + ':initrd:url', '').split('/')[-1] %} 7 | {%- set local_path = salt['pillar.get'](boot_image +':sync:local_path') %} 8 | {%- if local_path %} 9 | {%- set kernel = local_path + '/' + kernel %} 10 | {%- set initrd = local_path + '/' + initrd %} 11 | {%- endif %} 12 | {%- endif %} 13 | 14 | {%- set naming_config = '' %} 15 | {%- if salt['pillar.get']('pxe:disable_id_prefix') %} 16 | {%- set naming_config = "DISABLE_ID_PREFIX=1" %} 17 | {%- endif %} 18 | {%- if salt['pillar.get']('pxe:disable_unique_suffix') %} 19 | {%- set naming_config = naming_config + " DISABLE_UNIQUE_SUFFIX=1" %} 20 | {%- endif %} 21 | {%- set minion_id_naming = salt['pillar.get']('pxe:minion_id_naming', 'Hostname') %} 22 | {%- if minion_id_naming == 'FQDN' %} 23 | {%- set naming_config = naming_config + " USE_FQDN_MINION_ID=1" %} 24 | {%- elif minion_id_naming == 'HWType' %} 25 | {%- set naming_config = naming_config + " DISABLE_HOSTNAME_ID=1" %} 26 | {%- elif minion_id_naming == 'MAC' %} 27 | {%- set naming_config = naming_config + " USE_MAC_MINION_ID=1" %} 28 | {%- endif %} 29 | 30 | DEFAULT netboot 31 | 32 | LABEL netboot 33 | kernel {{ kernel }} 34 | append initrd={{ initrd }} {{ salt['pillar.get']('pxe:default_kernel_parameters', '') }} {{ naming_config }} MINION_ID_PREFIX={{ salt['pillar.get']('pxe:branch_id', 'UnknownBranch') }} 35 | {{- ' root=' + pillar['root'] if salt['pillar.get']('root') else '' }} 36 | {{- ' salt_device=' + pillar['salt_device'] if salt['pillar.get']('salt_device') else '' }} 37 | {{- ' ' + salt['pillar.get']('terminal_kernel_parameters', '') }} 38 | 39 | LABEL localboot 40 | localboot 0 41 | 42 | 43 | -------------------------------------------------------------------------------- /pxe-formula/pxe/init.sls: -------------------------------------------------------------------------------- 1 | # This file is part of pxe-formula. 2 | # 3 | # pxe-formula is free software: you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation, either version 2 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # pxe-formula is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | # GNU General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU General Public License 14 | # along with pxe-formula. If not, see . 15 | 16 | # This state install and configures pxe boot on POS branchserver 17 | 18 | {% from "pxe/map.jinja" import cfgmap with context %} 19 | 20 | 21 | install_pxe: 22 | pkg.installed: 23 | - pkgs: {{ cfgmap.packages | json }} 24 | 25 | install_efi: 26 | pkg.installed: 27 | - pkgs: {{ cfgmap.packages_efi | json }} 28 | 29 | 30 | srv_tftpboot_default: 31 | file.managed: 32 | - name: {{ cfgmap.pathname_defcfg }} 33 | - source: salt://pxe/files/pxecfg.template 34 | - user: root 35 | - group: root 36 | - mode: 644 37 | - makedirs: True 38 | - template: jinja 39 | - require: 40 | - pkg: install_pxe 41 | 42 | srv_tftpboot_default_efi: 43 | file.managed: 44 | - name: {{ cfgmap.pathname_defcfg_efi }} 45 | - source: salt://pxe/files/pxecfg.grub2.template 46 | - user: root 47 | - group: root 48 | - mode: 644 49 | - makedirs: True 50 | - template: jinja 51 | - require: 52 | - pkg: install_pxe 53 | 54 | srv_tftpboot_base_efi: 55 | file.managed: 56 | - name: {{ cfgmap.pathname_basecfg_efi }} 57 | - source: salt://pxe/files/pxecfg.grub2.base 58 | - user: root 59 | - group: root 60 | - mode: 644 61 | - makedirs: True 62 | - template: jinja 63 | - require: 64 | - pkg: install_pxe 65 | 66 | pxe_copy: 67 | file.copy: 68 | - name: {{ cfgmap.boot_pxelinux }} 69 | - source: {{ cfgmap.path_pxelinux }} 70 | - require: 71 | - file: srv_tftpboot_default 72 | 73 | pxe_copy_grub_efi: 74 | file.copy: 75 | - name: {{ cfgmap.boot_grub_efi }} 76 | - source: {{ cfgmap.path_grub_efi }} 77 | - require: 78 | - file: srv_tftpboot_default_efi 79 | 80 | pxe_copy_shim_efi: 81 | file.copy: 82 | - name: {{ cfgmap.boot_shim_efi }} 83 | - source: {{ cfgmap.path_shim_efi }} 84 | - require: 85 | - file: srv_tftpboot_default_efi 86 | 87 | pxe_copy_efi_dir: 88 | file.copy: 89 | - name: {{ cfgmap.boot_efi_dir }} 90 | - source: {{ cfgmap.path_efi_dir }} 91 | - require: 92 | - file: srv_tftpboot_default_efi 93 | 94 | {%- if salt['pillar.get']('pxe:enable_arm64', False) %} 95 | 96 | install_arm64_efi: 97 | pkg.installed: 98 | - pkgs: {{ cfgmap.packages_arm64_efi | json }} 99 | 100 | pxe_copy_grub_arm64_efi: 101 | file.copy: 102 | - name: {{ cfgmap.boot_grub_arm64_efi }} 103 | - source: {{ cfgmap.path_grub_arm64_efi }} 104 | - require: 105 | - file: srv_tftpboot_default_efi 106 | 107 | pxe_copy_arm64_efi_dir: 108 | file.copy: 109 | - name: {{ cfgmap.boot_arm64_efi_dir }} 110 | - source: {{ cfgmap.path_arm64_efi_dir }} 111 | - require: 112 | - file: srv_tftpboot_default_efi 113 | 114 | srv_tftpboot_default_arm64_efi: 115 | file.managed: 116 | - name: {{ cfgmap.pathname_defcfg_arm64_efi }} 117 | - source: salt://pxe/files/pxecfg.grub2.template 118 | - user: root 119 | - group: root 120 | - mode: 644 121 | - makedirs: True 122 | - template: jinja 123 | - context: 124 | kernel: {{ salt['pillar.get']('pxe:kernel_name_arm64', "linux_arm64") }} 125 | initrd: {{ salt['pillar.get']('pxe:initrd_name_arm64', "initrd_arm64") }} 126 | - require: 127 | - pkg: install_pxe 128 | 129 | {%- endif %} 130 | 131 | -------------------------------------------------------------------------------- /pxe-formula/pxe/map.jinja: -------------------------------------------------------------------------------- 1 | # This file is part of pxe-formula. 2 | # 3 | # pxe-formula is free software: you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation, either version 2 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # pxe-formula is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | # GNU General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU General Public License 14 | # along with pxe-formula. If not, see . 15 | {% set pxeroot = pillar['pxe'].get('pxe_root_directory','/srv/tftpboot') %} 16 | 17 | # workaround for bsc#1166523: this does not work on Leap 18 | # 'path_shim_efi': '/usr/share/efi/x86_64/shim.efi', 19 | 20 | {% set cfgmap = salt['grains.filter_by']({ 21 | 'Suse': { 22 | 'packages': ['syslinux'], 23 | 'packages_efi': ['shim', 'grub2-x86_64-efi'], 24 | 'path_base': pxeroot + '/boot', 25 | 'path_cfg': pxeroot + '/boot/pxelinux.cfg', 26 | 'pathname_defcfg': pxeroot + '/boot/pxelinux.cfg/default', 27 | 'boot_pxelinux': pxeroot + '/boot/pxelinux.0', 28 | 'path_pxelinux': '/usr/share/syslinux/pxelinux.0', 29 | 'pathname_defcfg_efi': pxeroot + '/boot/pxelinux.cfg/default.grub2.cfg', 30 | 'boot_grub_efi': pxeroot + '/boot/grub.efi', 31 | 'path_grub_efi': '/usr/share/grub2/x86_64-efi/grub.efi', 32 | 'boot_shim_efi': pxeroot + '/boot/shim.efi', 33 | 'path_shim_efi': '/usr/lib64/efi/shim.efi', 34 | 'pathname_basecfg_efi': pxeroot + '/boot/grub.cfg', 35 | 'boot_efi_dir': pxeroot + '/boot/x86_64-efi', 36 | 'path_efi_dir': '/usr/share/grub2/x86_64-efi', 37 | 38 | 'packages_arm64_efi': ['grub2-arm64-efi'], 39 | 'pathname_defcfg_arm64_efi': pxeroot + '/boot/pxelinux.cfg/default.grub2_arm64.cfg', 40 | 'boot_grub_arm64_efi': pxeroot + '/boot/grub-arm64.efi', 41 | 'path_grub_arm64_efi': '/usr/share/grub2/arm64-efi/grub.efi', 42 | 'boot_arm64_efi_dir': pxeroot + '/boot/arm64-efi', 43 | 'path_arm64_efi_dir': '/usr/share/grub2/arm64-efi' 44 | } 45 | }, merge=salt['grains.filter_by']({ 46 | 'SLES-12': { 47 | 'path_grub_efi': '/usr/lib/grub2/x86_64-efi/grub.efi', 48 | 'path_shim_efi': '/usr/lib64/efi/shim.efi', 49 | 'path_efi_dir': '/usr/lib/grub2/x86_64-efi' 50 | } 51 | }, grain='osfinger')) 52 | %} 53 | -------------------------------------------------------------------------------- /pxe-formula/pxe/terminal_entry.sls: -------------------------------------------------------------------------------- 1 | # generate pxe configuration for one terminal 2 | 3 | 4 | {% from "pxe/map.jinja" import cfgmap with context %} 5 | 6 | {% for nic, mac in pillar['terminal_hwaddr_interfaces'].items() if nic != 'lo' %} 7 | 8 | 9 | {{ cfgmap.path_cfg + '/01-' + mac.lower().replace(':', '-') }}: 10 | file.managed: 11 | - source: salt://pxe/files/pxecfg.template 12 | - user: root 13 | - group: root 14 | - mode: 644 15 | - template: jinja 16 | 17 | {{ cfgmap.path_cfg + '/01:' + mac.lower() }}.grub2.cfg: 18 | file.managed: 19 | - source: salt://pxe/files/pxecfg.grub2.template 20 | - user: root 21 | - group: root 22 | - mode: 644 23 | - template: jinja 24 | 25 | pxe_entries:{{ mac.lower().replace(':', '-') }}: 26 | grains.present: 27 | - value: {{ salt['pillar.get']('boot_image', 'default') }} 28 | - force: True 29 | 30 | {% endfor %} 31 | -------------------------------------------------------------------------------- /pxe-formula/pxe/uninstall.sls: -------------------------------------------------------------------------------- 1 | # This file is part of pxe-formula. 2 | # 3 | # pxe-formula is free software: you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation, either version 2 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # pxe-formula is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | # GNU General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU General Public License 14 | # along with pxe-formula. If not, see . 15 | 16 | # This state removes syslinux pxe boot on POS branchserver 17 | 18 | 19 | 20 | {% from "pxe/map.jinja" import cfgmap with context %} 21 | 22 | uninstall_pxe: 23 | pkg.removed: 24 | - name: {{ cfgmap.package }} 25 | 26 | file.absent: 27 | - names: 28 | - {{ cfgmap.path_cfg }} 29 | - {{ cfgmap.boot_pxelinux }} 30 | -------------------------------------------------------------------------------- /system-lock-formula/metadata/README.md: -------------------------------------------------------------------------------- 1 | The metadata of Salt Formulas that get installed per RPM belongs in this directory. 2 | 3 | -------------------------------------------------------------------------------- /system-lock-formula/metadata/form.yml: -------------------------------------------------------------------------------- 1 | minion_blackout: 2 | $type: boolean 3 | $default: False 4 | $name: Lock system 5 | $help: Disable all actions that can be issued on the minion. 6 | 7 | minion_blackout_whitelist: 8 | $type: edit-group 9 | $name: Allowed Salt modules 10 | $help: Removing the default values is not advised. 11 | $disabled: "!formValues.minion_blackout" 12 | $prototype: 13 | $type: text 14 | $required: true 15 | $default: 16 | - test.ping 17 | - grains.item 18 | - grains.items 19 | -------------------------------------------------------------------------------- /system-lock-formula/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Lock a minion by enabling the Salt blackout mode. When a system is locked, all actions can be scheduled but will ultimately fail. 3 | group: general_system_configuration 4 | pillar_only: True 5 | -------------------------------------------------------------------------------- /system-lock-formula/metadata/pillar.example: -------------------------------------------------------------------------------- 1 | minion_blackout: true 2 | minion_blackout_whitelist: 3 | - test.ping 4 | - grains.item 5 | - grains.items 6 | -------------------------------------------------------------------------------- /system-lock-formula/system-lock-formula.changes: -------------------------------------------------------------------------------- 1 | ------------------------------------------------------------------- 2 | Tue Mar 10 08:10:59 UTC 2020 - Michele Bologna 3 | 4 | - Clarified terms along documentation and product (bsc#1166061) 5 | 6 | ------------------------------------------------------------------- 7 | Tue Dec 5 16:41:21 UTC 2019 - malbu@suse.com 8 | 9 | - Initial version of system-lock-formula 10 | -------------------------------------------------------------------------------- /system-lock-formula/system-lock-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package system-lock-formula 3 | # 4 | # Copyright (c) 2019 SUSE LLC 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | %define fname system-lock 20 | %define fdir %{_datadir}/salt-formulas 21 | Name: system-lock-formula 22 | Version: 0.2 23 | Release: 0 24 | Summary: Salt formula for configuring Salt blackout mode 25 | License: Apache-2.0 26 | Group: System/Packages 27 | Url: https://github.com/SUSE/salt-formulas 28 | Source: system-lock-formula-%{version}.tar.gz 29 | BuildRoot: %{_tmppath}/%{name}-%{version}-build 30 | BuildArch: noarch 31 | 32 | %description 33 | Salt formula for configuring Salt blackout mode. 34 | 35 | %prep 36 | %setup -q 37 | 38 | %build 39 | 40 | %install 41 | mkdir -p %{buildroot}%{fdir}/states/%{fname} 42 | mkdir -p %{buildroot}%{fdir}/metadata/%{fname} 43 | cp -R system-lock/* %{buildroot}%{fdir}/states/%{fname} 44 | cp -R metadata/* %{buildroot}%{fdir}/metadata/%{fname} 45 | 46 | %files 47 | %defattr(-,root,root) 48 | %license LICENSE 49 | %dir %{_datadir}/salt-formulas 50 | %dir %{fdir} 51 | %dir %{fdir}/states 52 | %dir %{fdir}/metadata 53 | %{fdir}/states/%{fname} 54 | %{fdir}/metadata/%{fname} 55 | 56 | %changelog 57 | -------------------------------------------------------------------------------- /system-lock-formula/system-lock/init.sls: -------------------------------------------------------------------------------- 1 | # no states needed for system lock 2 | -------------------------------------------------------------------------------- /tftpd-formula/form.yml: -------------------------------------------------------------------------------- 1 | tftpd: 2 | $type: hidden-group 3 | 4 | listen_ip: 5 | $name: 'Internal Network Address' 6 | $type: text 7 | $optional: True 8 | $match: '(^$)|(^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}$)' 9 | $help: 'IPv4 address TFTP server should listen on. Empty value means 0.0.0.0' 10 | 11 | root_dir: 12 | $name: 'TFTP base directory' 13 | $type: text 14 | $default: '/srv/tftpboot' 15 | 16 | tftpd_user: 17 | $name: 'run TFTP under user' 18 | $type: text 19 | $default: 'tftp' 20 | 21 | 22 | -------------------------------------------------------------------------------- /tftpd-formula/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Settings for tftpd service 3 | group: general_system_configuration 4 | after: 5 | - branch-network 6 | -------------------------------------------------------------------------------- /tftpd-formula/tftpd-formula.changes: -------------------------------------------------------------------------------- 1 | ------------------------------------------------------------------- 2 | Tue Jan 14 10:40:01 UTC 2025 - Ondrej Holecek 3 | 4 | - Fix license snippets in source to be correctly GPL-2.0+ 5 | 6 | ------------------------------------------------------------------- 7 | Wed Dec 2 17:04:29 UTC 2020 - Ondrej Holecek 8 | 9 | - Add IP or empty string match for network address field 10 | - Update to version 0.1.1614170819.014d6e5 11 | 12 | ------------------------------------------------------------------- 13 | Thu May 23 13:54:24 UTC 2019 - Ondrej Holecek 14 | 15 | - Updated copyrights and bug reporting link 16 | - Update to version 0.1.1558613789.64ba093 17 | 18 | ------------------------------------------------------------------- 19 | Fri Jun 1 08:39:42 UTC 2018 - nadvornik@suse.com 20 | 21 | - adjust tftpd defaults for standalone use 22 | 23 | ------------------------------------------------------------------- 24 | Mon Apr 9 11:43:45 UTC 2018 - nadvornik@suse.com 25 | 26 | - remove conflicting atftp package 27 | 28 | ------------------------------------------------------------------- 29 | Sun Mar 18 16:38:10 UTC 2018 - oholecek@suse.com 30 | 31 | - Add 'after' tag to metada to ensure correct order 32 | - see also bsc#1083326 33 | 34 | ------------------------------------------------------------------- 35 | Fri Oct 27 12:45:00 UTC 2017 - psladek@suse.com 36 | 37 | - new package 38 | 39 | -------------------------------------------------------------------------------- /tftpd-formula/tftpd-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package tftpd-formula 3 | # 4 | # Copyright (c) 2025 SUSE LLC 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | %define fname tftpd 20 | Name: tftpd-formula 21 | Version: 0.1 22 | Release: 0 23 | Summary: Formula for tftpd server on POS branchserver 24 | License: GPL-2.0-or-later 25 | Group: System/Packages 26 | URL: https://github.com/SUSE/salt-formulas 27 | Source: tftpd-formula-%{version}.tar.xz 28 | BuildArch: noarch 29 | 30 | %description 31 | Formula for install, setup and uninstall of tftpd server on POS branchserver 32 | 33 | %prep 34 | %setup -q 35 | 36 | %build 37 | 38 | %install 39 | mkdir -p %{buildroot}%{_datadir}/susemanager/formulas/states/%{fname}/files 40 | mkdir -p %{buildroot}%{_datadir}/susemanager/formulas/metadata/%{fname} 41 | cp -R %{fname}/* %{buildroot}%{_datadir}/susemanager/formulas/states/%{fname} 42 | cp form.yml %{buildroot}%{_datadir}/susemanager/formulas/metadata/%{fname} 43 | cp metadata.yml %{buildroot}%{_datadir}/susemanager/formulas/metadata/%{fname} 44 | 45 | 46 | %files 47 | %{_datadir}/susemanager 48 | 49 | %changelog 50 | -------------------------------------------------------------------------------- /tftpd-formula/tftpd/files/tftp.template: -------------------------------------------------------------------------------- 1 | ## Description: TFTP Configuration 2 | ## Type: string 3 | ## Default: "tftp" 4 | # 5 | # daemon user (tftp) 6 | # 7 | #TFTP_USER="tftp" 8 | TFTP_USER="{{pillar['tftpd'].get('tftpd_user','tftp')}}" 9 | 10 | ## Type: string 11 | ## Default: "" 12 | ## 13 | ## INFO: 14 | # 15 | # tftp options 16 | # 17 | #TFTP_OPTIONS="" 18 | TFTP_OPTIONS="--address {{pillar['tftpd'].get('listen_ip','0.0.0.0')}}" 19 | 20 | 21 | ## Type: string 22 | ## Default: "/srv/tftpboot" 23 | ## was "/tftpboot" but 24 | ## "/tftpboot" is not allowed anymore in FHS 2.2. 25 | # 26 | # TFTP directory must be a world readable/writable directory. 27 | # By default /srv/tftpboot is assumed. 28 | # 29 | #TFTP_DIRECTORY="/srv/tftpboot" 30 | TFTP_DIRECTORY="{{pillar['tftpd'].get('root_dir','/srv/tftpboot')}}" 31 | 32 | 33 | -------------------------------------------------------------------------------- /tftpd-formula/tftpd/init.sls: -------------------------------------------------------------------------------- 1 | # This file is part of tftpd-formula. 2 | # 3 | # tftpd-formula is free software: you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation, either version 2 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # tftpd-formula is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | # GNU General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU General Public License 14 | # along with tftpd-formula. If not, see . 15 | 16 | # This state install, configures and start tftpd service on POS branchserver 17 | 18 | {% from "tftpd/map.jinja" import cfgmap with context %} 19 | 20 | remove_atftp: 21 | pkg.removed: 22 | - name: {{ cfgmap.conflicting_package }} 23 | 24 | install_tftp: 25 | pkg.installed: 26 | - name: {{ cfgmap.package }} 27 | 28 | etc_sysconfig_tftp: 29 | file.managed: 30 | - name: {{ cfgmap.pathname_cfg }} 31 | - source: salt://tftpd/files/tftp.template 32 | - user: root 33 | - group: root 34 | - mode: 644 35 | - template: jinja 36 | - backup: minion 37 | - require: 38 | - pkg: install_tftp 39 | 40 | 41 | enable_and_start_tftpd: 42 | service.running: 43 | - name: {{ cfgmap.servicename }} 44 | - enable: True 45 | - watch: 46 | - file: etc_sysconfig_tftp 47 | -------------------------------------------------------------------------------- /tftpd-formula/tftpd/map.jinja: -------------------------------------------------------------------------------- 1 | # This file is part of tftpd-formula. 2 | # 3 | # tftpd-formula is free software: you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation, either version 2 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # tftpd-formula is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | # GNU General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU General Public License 14 | # along with tftpd-formula. If not, see . 15 | 16 | # FIXME: swap after bsc#1064297 is resolved 17 | # 'servicename': 'tftp.service', 18 | # 'servicename': 'tftp.socket', 19 | {% set cfgmap = salt['grains.filter_by']({ 20 | 'Suse': { 21 | 'package': 'tftp', 22 | 'conflicting_package': 'atftp', 23 | 'servicename': 'tftp.socket', 24 | 'pathname_cfg': '/etc/sysconfig/tftp' 25 | } 26 | }) 27 | %} 28 | 29 | -------------------------------------------------------------------------------- /tftpd-formula/tftpd/uninstall.sls: -------------------------------------------------------------------------------- 1 | # This file is part of tftpd-formula. 2 | # 3 | # tftpd-formula is free software: you can redistribute it and/or modify 4 | # it under the terms of the GNU General Public License as published by 5 | # the Free Software Foundation, either version 2 of the License, or 6 | # (at your option) any later version. 7 | # 8 | # tftpd-formula is distributed in the hope that it will be useful, 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | # GNU General Public License for more details. 12 | # 13 | # You should have received a copy of the GNU General Public License 14 | # along with tftpd-formula. If not, see . 15 | 16 | # This state removes tftpd on POS branchserver 17 | 18 | {% from "tftpd/map.jinja" import cfgmap with context %} 19 | 20 | tftp_uninstall: 21 | pkg.removed: 22 | - name: {{ cfgmap.package }} 23 | 24 | file.absent: 25 | - name: {{ cfgmap.pathname_cfg }} 26 | -------------------------------------------------------------------------------- /uyuni-config-formula/README.md: -------------------------------------------------------------------------------- 1 | # Uyuni Configuration formula 2 | 3 | This formula allows to define: 4 | * Organizations 5 | * System groups in organizations 6 | * Users in organizations 7 | * User groups 8 | * Access to system groups 9 | * Access to software channels 10 | * Activation keys -------------------------------------------------------------------------------- /uyuni-config-formula/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Create organizations, users, system groups, etc. on an Uyuni or SUSE Manager Server 3 | group: hub 4 | -------------------------------------------------------------------------------- /uyuni-config-formula/metadata/pillar.example: -------------------------------------------------------------------------------- 1 | uyuni: 2 | xmlrpc: 3 | user: admin 4 | password: admin 5 | orgs: 6 | - org_id: org_form 7 | org_admin_user: org_form_user 8 | org_admin_password: org_form_user 9 | first_name: admin org 10 | last_name: admin org 11 | email: admin_org@org.com 12 | system_groups: 13 | - name: httpd_servers 14 | description: httpd_servers 15 | target: "*httpd*" 16 | users: 17 | - name: user_form_1 18 | password: user_form_1 19 | email: user_form_1@teest.como 20 | first_name: first 21 | last_name: last 22 | roles: ['config_admin'] 23 | system_groups: ['httpd_servers'] 24 | manageable_channels : [] 25 | subscribable_channels : [] 26 | activation_keys: 27 | - name: my_key 28 | description: My Activation Key created via formula 29 | base_channel: sle-product-sles15-sp2-pool-x86_64 30 | child_channels: ['sle-module-server-applications15-sp2-pool-x86_64'] 31 | configuration_channels: ['firewall'] 32 | packages: 33 | - name: vim 34 | - name: emacs 35 | arch: x86_64 36 | server_groups: ['httpd_servers'] 37 | usage_limit: 10 38 | # HACK do to limitation on the form framework we had to have a list of objects, instead of a list o string. 39 | # This was needed to allow the usage of select instead of free text. 40 | system_types: 41 | - type: 'virtualization_host' 42 | - type: 'container_build_host' 43 | contact_method: 'ssh-push' 44 | universal_default: false 45 | configure_after_registration: true 46 | - org_id: my_org 47 | org_admin_user: my_org_user 48 | org_admin_password: my_org_user 49 | first_name: first_name 50 | last_name: last_name__ 51 | email: my_org_user@org.com 52 | users: 53 | - name: user2 54 | password: user2 55 | email: user1@teest.como 56 | first_name: first 57 | last_name: last 58 | roles: [] 59 | system_groups: ['httpd_servers', 'example_group'] 60 | manageable_channels : ['my_local_channel'] 61 | subscribable_channels : ['new_local', 'my_local_channel_2'] 62 | -------------------------------------------------------------------------------- /uyuni-config-formula/uyuni-config-formula.changes: -------------------------------------------------------------------------------- 1 | - Add support for configure Activation Keys 2 | 3 | ------------------------------------------------------------------- 4 | Mon Aug 10 13:05:07 UTC 2020 - Ricardo Mateus 5 | 6 | - Initial version of Uyuni configuration modules 7 | -------------------------------------------------------------------------------- /uyuni-config-formula/uyuni-config-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package uyuni-config-formula 3 | # 4 | # Copyright (c) 2020 SUSE LLC 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | %define fname uyuni-config 20 | %define fdir %{_datadir}/susemanager/formulas 21 | Name: uyuni-config-formula 22 | Version: 0.1 23 | Release: 0 24 | Summary: Configure Uyuni with organizations, users, groups, etc. 25 | License: Apache-2.0 26 | Group: System/Packages 27 | Url: https://github.com/SUSE/salt-formulas 28 | Source: uyuni-config-formula-%{version}.tar.gz 29 | BuildRoot: %{_tmppath}/%{name}-%{version}-build 30 | BuildArch: noarch 31 | Requires: uyuni-config-modules 32 | 33 | %description 34 | A formula to configure an Uyuni or SUSE Manager Server with organizations, users, groups and so on. 35 | 36 | %prep 37 | %setup -q 38 | 39 | %build 40 | 41 | %install 42 | mkdir -p %{buildroot}%{fdir}/states/%{fname} 43 | mkdir -p %{buildroot}%{fdir}/metadata/%{fname} 44 | cp -R uyuni-config/* %{buildroot}%{fdir}/states/%{fname} 45 | cp -R metadata/* %{buildroot}%{fdir}/metadata/%{fname} 46 | 47 | %files 48 | %defattr(-,root,root) 49 | %license LICENSE 50 | %dir %{_datadir}/susemanager 51 | %dir %{fdir} 52 | %dir %{fdir}/states 53 | %dir %{fdir}/metadata 54 | %{fdir}/states/%{fname} 55 | %{fdir}/metadata/%{fname} 56 | 57 | %changelog 58 | -------------------------------------------------------------------------------- /uyuni-config-formula/uyuni-config/init.sls: -------------------------------------------------------------------------------- 1 | {% for org in salt['pillar.get']('uyuni:orgs', []) %} 2 | org_{{org['org_id']}}: 3 | uyuni.org_present: 4 | - name: {{org['org_id']}} 5 | - org_admin_user: {{org['org_admin_user']}} 6 | - org_admin_password: {{org['org_admin_password']}} 7 | - first_name: {{org['first_name']}} 8 | - last_name: {{org['last_name']}} 9 | - email: {{org['email']}} 10 | 11 | {% for group in org.get('system_groups', []) %} 12 | {{org['org_id']}}_{{group['name']}}: 13 | uyuni.group_present: 14 | - name: {{group['name']}} 15 | - description: {{group['description']|yaml_encode}} 16 | - target: {{group['target']|yaml_encode}} 17 | {% if 'target_type' in group %} 18 | - target_type: {{group['target_type']}} 19 | {% endif %} 20 | - org_admin_user: {{org['org_admin_user']}} 21 | - org_admin_password: {{org['org_admin_password']}} 22 | {% endfor %} 23 | 24 | {% for user in org.get('users', []) %} 25 | {{org['org_id']}}_{{user['name']}}: 26 | uyuni.user_present: 27 | - name: {{user['name']}} 28 | - password: {{user['password']}} 29 | - email: {{user['email']}} 30 | - first_name: {{user['first_name']}} 31 | - last_name: {{user['last_name']}} 32 | - roles: {{user.get('roles', [])}} 33 | - system_groups: {{user.get('system_groups', [])}} 34 | - org_admin_user: {{org['org_admin_user']}} 35 | - org_admin_password: {{org['org_admin_password']}} 36 | 37 | {{org['org_id']}}_{{user['name']}}_channels: 38 | uyuni.user_channels: 39 | - name: {{user['name']}} 40 | - password: {{user['password']}} 41 | - org_admin_user: {{org['org_admin_user']}} 42 | - org_admin_password: {{org['org_admin_password']}} 43 | - manageable_channels: {{user.get('manageable_channels',[])}} 44 | - subscribable_channels: {{user.get('subscribable_channels', [])}} 45 | 46 | {% endfor %} 47 | 48 | {% for ak in org.get('activation_keys', []) %} 49 | 50 | # HACK do to limitation on the form framework we had to have a list of objects, instead of a list o string. 51 | # This was needed to allow the usage of select instead of free text. 52 | # the next lines convert the system_types back to a list of strings, as expected on the salt stated 53 | {% set system_types = [] %} 54 | {% for ak in ak.get('system_types', []) %} 55 | {% set system_types = system_types.append(ak['type']) %} 56 | {% endfor %} 57 | 58 | {{org['org_id']}}_{{ak['name']}}: 59 | uyuni.activation_key_present: 60 | - name: {{ak['name']}} 61 | - description: {{ak['description']}} 62 | - org_admin_user: {{org['org_admin_user']}} 63 | - org_admin_password: {{org['org_admin_password']}} 64 | - base_channel: {{ak['base_channel']}} 65 | - child_channels: {{ak['child_channels']}} 66 | - configuration_channels: {{ak['configuration_channels']}} 67 | - packages: {{ak['packages']}} 68 | - server_groups: {{ak['server_groups']}} 69 | - usage_limit: {{ak['usage_limit']}} 70 | - system_types: {{system_types}} 71 | - contact_method: {{ak['contact_method']}} 72 | - universal_default: {{ak.get('universal_default', false)}} 73 | - configure_after_registration: {{ak.get('configure_after_registration', false)}} 74 | 75 | {% endfor %} 76 | 77 | {% endfor %} 78 | -------------------------------------------------------------------------------- /virtualization-formulas/guest/metadata/form.yml: -------------------------------------------------------------------------------- 1 | tuning: 2 | $name: Tuning 3 | $type: group 4 | $help: Virtual machine performance tuning settings 5 | 6 | disable_irq_balancing: 7 | $name: Disable IRQ balancing 8 | $type: boolean 9 | $default: False 10 | 11 | disable_ksm: 12 | $name: Disable Kernel Samepage Merging (KSM) 13 | $help: Reduces performance overhead by not sharing memory across virtual machines 14 | $type: boolean 15 | $default: False 16 | 17 | cpu_passthrough: 18 | $name: Optimizations for KVM passed through host CPU 19 | $help: This flag requires the KVM hint-dedicated option to be set on the VM definition 20 | $type: boolean 21 | $default: False 22 | -------------------------------------------------------------------------------- /virtualization-formulas/guest/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Settings for virtual machine. 3 | group: virtualization 4 | -------------------------------------------------------------------------------- /virtualization-formulas/guest/metadata/pillar.example: -------------------------------------------------------------------------------- 1 | tuning: 2 | disable_irq_balancing: True 3 | disable_ksm: True 4 | cpu_passthrough: True 5 | 6 | -------------------------------------------------------------------------------- /virtualization-formulas/guest/states/init.sls: -------------------------------------------------------------------------------- 1 | {%- if pillar.get("tuning", {})["disable_irq_balancing"] %} 2 | irqbalance_stopped: 3 | service.dead: 4 | - name: irqbalance 5 | - enable: False 6 | {%- else %} 7 | irqbalance_package: 8 | pkg.installed: 9 | - pkgs: 10 | - irqbalance 11 | 12 | irqbalance_started: 13 | service.running: 14 | - name: irqbalance 15 | - enable: True 16 | - require: 17 | - pkg: irqbalance_package 18 | {%- endif %} 19 | 20 | {%- if pillar.get("tuning", {})["disable_ksm"] %} 21 | ksm_stopped: 22 | service.dead: 23 | - name: ksm 24 | - enable: False 25 | 26 | ksm_disabled: 27 | cmd.run: 28 | - name: "echo 2 >/sys/kernel/mm/ksm/run" 29 | - unless: "test `cat /sys/kernel/mm/ksm/run` -eq 2" 30 | - require: 31 | - service: ksm_stopped 32 | {%- else %} 33 | ksm_package: 34 | pkg.installed: 35 | - pkgs: 36 | - qemu-ksm 37 | 38 | ksm_started: 39 | cmd.run: 40 | - name: systemctl enable --now ksm 41 | - require: 42 | - pkg: ksm_package 43 | {%- endif %} 44 | 45 | {%- if pillar.get("tuning", {})["cpu_passthrough"] %} 46 | no_kernel_default_base: 47 | pkg.removed: 48 | - pkgs: 49 | - kernel-default-base 50 | 51 | kernel_package: 52 | pkg.installed: 53 | - pkgs: 54 | - kernel-default 55 | - require: 56 | - pkg: no_kernel_default_base 57 | 58 | add_cpuidle_haltpoll: 59 | kmod.present: 60 | - name: cpuidle_haltpoll 61 | - persist: True 62 | - require: 63 | - pkg: kernel_package 64 | 65 | guest_tuning_unit_file: 66 | file.managed: 67 | - name: /etc/systemd/system/guest-tuning.service 68 | - contents: | 69 | [Unit] 70 | Description = Set VM tuning parameters (haltpoll and clock source) 71 | 72 | [Service] 73 | Type=oneshot 74 | ExecStart=\ 75 | sh -c "echo 800000 >/sys/module/haltpoll/parameters/guest_halt_poll_ns" ; \ 76 | sh -c "echo 200000 >/sys/module/haltpoll/parameters/guest_halt_poll_grow_start" ; \ 77 | sh -c "echo tsc > /sys/devices/system/clocksource/clocksource0/current_clocksource" 78 | 79 | [Install] 80 | WantedBy = basic.target 81 | 82 | systemctl_daemon_reload: 83 | cmd.run: 84 | - name: systemctl daemon-reload 85 | - require: 86 | - file: guest_tuning_unit_file 87 | 88 | {# Since it's a oneshot service the process will be dead, but the state shouldn't fail #} 89 | guest_tuning_service: 90 | service.enabled: 91 | - name: guest-tuning 92 | - require: 93 | - cmd: systemctl_daemon_reload 94 | 95 | guest_tuning_service_started: 96 | cmd.run: 97 | - name: systemctl start guest-tuning 98 | - require: 99 | - kmod: add_cpuidle_haltpoll 100 | - cmd: systemctl_daemon_reload 101 | 102 | {%- else %} 103 | remove_cpuidle_haltpoll: 104 | kmod.absent: 105 | - name: cpuidle_haltpoll 106 | - persist: True 107 | 108 | guest_tuning_service: 109 | service.disabled: 110 | - name: guest-tuning 111 | 112 | {% set default_clock = salt['grains.filter_by']({'xen': 'xen', 'kvm': 'kvm-clock'}) %} 113 | default_clock: 114 | cmd.run: 115 | - name: "echo {{ default_clock }} > /sys/devices/system/clocksource/clocksource0/current_clocksource" 116 | - unless: "test `cat /sys/devices/system/clocksource/clocksource0/current_clocksource` -eq '{{ default_clock }}'" 117 | {%- endif %} 118 | -------------------------------------------------------------------------------- /virtualization-formulas/host/metadata/form.yml: -------------------------------------------------------------------------------- 1 | hypervisor: 2 | $name: Hypervisor 3 | $type: select 4 | $values: ["KVM", 5 | "Xen" 6 | ] 7 | $default: KVM 8 | 9 | default_pool_enabled: 10 | $type: boolean 11 | $name: Create default storage pool 12 | $default: True 13 | 14 | default_net_enabled: 15 | $type: boolean 16 | $name: Create default virtual network 17 | $default: True 18 | 19 | default_pool: 20 | $name: Default pool 21 | $type: group 22 | $help: Configure the default storage pool 23 | $visible: formValues.default_pool_enabled == true 24 | 25 | path: 26 | $type: text 27 | $name: Pool local path 28 | $default: /var/lib/libvirt/images 29 | $help: Path to the folder containing the disk images 30 | $required: formValues.default_pool_enabled == true 31 | 32 | default_net: 33 | $name: Default net 34 | $type: group 35 | $help: Configure the default virtual network 36 | $visible: formValues.default_net_enabled == true 37 | 38 | mode: 39 | $name: Mode 40 | $type: select 41 | $values: ["NAT", "Bridge"] 42 | $default: "Bridge" 43 | 44 | bridge: 45 | $type: text 46 | $name: Bridge name 47 | $help: Name of the network bridge interface to use 48 | $default: br0 49 | $visible: formValues.default_net.mode == 'Bridge' 50 | $required: formValues.default_net.mode == 'Bridge' 51 | 52 | ipv4: 53 | $name: IPv4 54 | $type: group 55 | $help: IPv4 settings 56 | $visible: formValues.default_net.mode == 'NAT' 57 | 58 | gateway: 59 | $type: text 60 | $name: virtual host IPv4 address 61 | $default: 192.168.122.1 62 | 63 | prefix: 64 | $type: number 65 | $name: Network address prefix 66 | $default: 24 67 | 68 | dhcp_start: 69 | $type: text 70 | $name: First IP adress for DHCP 71 | $default: 192.168.122.2 72 | 73 | dhcp_end: 74 | $type: text 75 | $name: Last IP adress for DHCP 76 | $default: 192.168.122.254 77 | 78 | ipv6: 79 | $name: IPv6 80 | $type: group 81 | $help: IPv6 settings 82 | $visible: formValues.default_net.mode == 'NAT' 83 | 84 | gateway: 85 | $type: text 86 | $name: virtual host IPv4 address 87 | $placeholder: 2001:db8:ca2:2::1 88 | 89 | prefix: 90 | $type: number 91 | $name: Network address prefix 92 | $placeholder: 64 93 | 94 | dhcp_start: 95 | $type: text 96 | $name: First IP adress for DHCP 97 | 98 | dhcp_end: 99 | $type: text 100 | $name: Last IP adress for DHCP 101 | 102 | tuning: 103 | $name: Tuning 104 | $type: group 105 | $help: Virtual host performance tuning settings 106 | 107 | hugepages_size: 108 | $name: Memory huge pages size 109 | $help: "The value depends on the CPU features: pse for 2M, pdpe1gb for 1G" 110 | $type: text 111 | 112 | hugepages_count: 113 | $name: Number of huge pages 114 | $help: The number of huge pages to preallocate. 115 | $type: number 116 | 117 | disable_numa_balancing: 118 | $name: Disable NUMA balancing 119 | $help: Improves virtual CPU performances when used when used with CPU pinning. 120 | $type: boolean 121 | $default: False 122 | 123 | disable_irq_balancing: 124 | $name: Disable IRQ balancing 125 | $type: boolean 126 | $default: False 127 | 128 | disable_ksm: 129 | $name: Disable Kernel Samepage Merging (KSM) 130 | $help: Reduces performance overhead by not sharing memory across virtual machines 131 | $type: boolean 132 | $default: False 133 | iommu: 134 | $name: Enable IOMMU support (x86_64) 135 | $help: Sets up IOMMU kernel options. Requires the option to be enabled on the BIOS level too and hardware supporting IOMMU. 136 | $type: boolean 137 | $default: False 138 | -------------------------------------------------------------------------------- /virtualization-formulas/host/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Settings for virtualization host. 3 | group: virtualization 4 | -------------------------------------------------------------------------------- /virtualization-formulas/host/metadata/pillar.example: -------------------------------------------------------------------------------- 1 | hypervisor: KVM 2 | default_pool_enabled: True 3 | default_net_enabled: True 4 | default_pool: 5 | path: /var/lib/libvirt/images 6 | default_net: 7 | mode: NAT 8 | ipv4: 9 | gateway: 192.168.122.1 10 | prefix: 24 11 | dhcp_start: 192.168.122.2 12 | dhcp_end: 192.168.122.254 13 | ipv6: 14 | gateway: 2001:db8:ca2:2::1 15 | prefix: 64 16 | tuning: 17 | hugepages_size: 1GB 18 | hugepages_count: 1900 19 | disable_numa_balancing: True 20 | disable_irq_balancing: True 21 | disable_ksm: True 22 | iommu: True 23 | -------------------------------------------------------------------------------- /virtualization-formulas/host/src/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SUSE/salt-formulas/f57e43d1ef0519266fbc758d40b678f1a5b2522e/virtualization-formulas/host/src/__init__.py -------------------------------------------------------------------------------- /virtualization-formulas/host/src/states/bootloader.py: -------------------------------------------------------------------------------- 1 | import logging 2 | import re 3 | 4 | from salt.exceptions import CommandExecutionError 5 | 6 | __virtualname__ = 'bootloader' 7 | 8 | LOG = logging.getLogger(__name__) 9 | 10 | # Define not exported variables from Salt, so this can be imported as 11 | # a normal module 12 | try: 13 | __opts__ 14 | __salt__ 15 | __states__ 16 | except NameError: 17 | __opts__ = {} 18 | __salt__ = {} 19 | __states__ = {} 20 | 21 | def __virtual__(): 22 | return True 23 | 24 | def grub_set_default(name): 25 | ret = { 26 | 'name': name, 27 | 'result': False, 28 | 'changes': {}, 29 | 'comment': [], 30 | } 31 | cmd = 'sed -nre "s/[[:blank:]]*menuentry \'([^\']+)\'.*/\\1/p;" /boot/grub2/grub.cfg' 32 | entries = __salt__['cmd.run'](cmd).splitlines() 33 | filtered_entries = [entry for entry in entries if name in entry] 34 | if len(filtered_entries) == 0: 35 | ret['comment'] = 'No matching grub2 entry in configuration' 36 | return ret 37 | 38 | entry = filtered_entries[0] 39 | ret = __states__['file.append'](name='/etc/default/grub', text='GRUB_DEFAULT="{0}"'.format(entry)) 40 | ret['name'] = name 41 | return ret 42 | 43 | 44 | def kernel_param(name, value): 45 | """ 46 | Ensure a Kernel command line parameter has the given value. 47 | If the value is `None` the parameter has to be absent. 48 | """ 49 | ret = { 50 | 'name': name, 51 | 'result': False if not __opts__["test"] else None, 52 | 'changes': {}, 53 | 'comment': [], 54 | } 55 | cmd = 'sed -nre \'s/GRUB_CMDLINE_LINUX_DEFAULT="([^"]*)"/\\1/p\' /etc/default/grub' 56 | entries = __salt__['cmd.run'](cmd).splitlines() 57 | if len(entries) == 0: 58 | ret['result'] = True 59 | if value is not None: 60 | ret = __states__['file.append']( 61 | name='/etc/default/grub', 62 | text='GRUB_CMDLINE_LINUX_DEFAULT="{}={}"'.format(name, value)) 63 | ret['name'] = name 64 | return ret 65 | 66 | params = entries[0] 67 | param_str = name 68 | if value not in ("", None): 69 | param_str += "=" + str(value) 70 | matcher = re.match("^(.+ )?" + name + "(?:=([^ ]+))?( .+)?$", params) 71 | new_params = params 72 | if matcher and value is None: 73 | new_params = re.sub(' {2,}', ' ' ,matcher.expand('\\1\\3')).strip() 74 | elif matcher and value is not None: 75 | same_value = (matcher.group(2) is None and value == "") or matcher.group(2) == value 76 | if not same_value: 77 | new_params = matcher.expand('\\1{}\\3'.format(param_str)) 78 | elif not matcher and value is not None: 79 | new_params += " " + param_str 80 | 81 | if new_params != params: 82 | ret = __states__['file.replace']( 83 | name='/etc/default/grub', 84 | repl='GRUB_CMDLINE_LINUX_DEFAULT="{}"'.format(new_params), 85 | pattern='GRUB_CMDLINE_LINUX_DEFAULT="[^"]*"') 86 | ret['name'] = name 87 | return ret 88 | 89 | # no changes 90 | ret['result'] = True 91 | return ret 92 | -------------------------------------------------------------------------------- /virtualization-formulas/host/src/tests/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SUSE/salt-formulas/f57e43d1ef0519266fbc758d40b678f1a5b2522e/virtualization-formulas/host/src/tests/__init__.py -------------------------------------------------------------------------------- /virtualization-formulas/host/src/tests/test_states_bootloader.py: -------------------------------------------------------------------------------- 1 | import pytest 2 | from mock import MagicMock, patch 3 | 4 | from ..states import bootloader 5 | 6 | @pytest.mark.parametrize("param, value, param_string", [("foo", "bar", "foo=bar"), ("foo", "", "foo")]) 7 | def test_kernel_param_added(param, value, param_string): 8 | """ 9 | Test the bootloader.kernel_param function when adding a value 10 | """ 11 | existing_params = "systemd.show_status=1 console=ttyS0,115200 console=tty0 net.ifnames=0 quiet" 12 | run_mock = MagicMock(return_value=existing_params) 13 | with patch.dict(bootloader.__salt__, {'cmd.run': run_mock}): 14 | replace_mock = MagicMock(return_value={'result': True, 'change': 'replaced', 'comment': ''}) 15 | with patch.dict(bootloader.__states__, {'file.replace': replace_mock}): 16 | with patch.dict(bootloader.__opts__, {'test': False}): 17 | ret = bootloader.kernel_param(param, value) 18 | assert ret == { 19 | 'result': True, 20 | 'change': 'replaced', 21 | 'comment': '', 22 | 'name': param, 23 | } 24 | replace_mock.assert_called_once_with( 25 | name='/etc/default/grub', 26 | repl='GRUB_CMDLINE_LINUX_DEFAULT="{} {}"'.format(existing_params, param_string), 27 | pattern='GRUB_CMDLINE_LINUX_DEFAULT="[^"]*"' 28 | ) 29 | 30 | 31 | def test_kernel_param_updated(): 32 | """ 33 | Test the bootloader.kernel_param function when replacing a value 34 | """ 35 | existing_params = "systemd.show_status=1 console=ttyS0,115200 console=tty0 net.ifnames=0 quiet" 36 | run_mock = MagicMock(return_value=existing_params) 37 | with patch.dict(bootloader.__salt__, {'cmd.run': run_mock}): 38 | replace_mock = MagicMock(return_value={'result': True, 'change': 'replaced', 'comment': ''}) 39 | with patch.dict(bootloader.__states__, {'file.replace': replace_mock}): 40 | with patch.dict(bootloader.__opts__, {'test': False}): 41 | ret = bootloader.kernel_param('net.ifnames', '1') 42 | assert ret == { 43 | 'result': True, 44 | 'change': 'replaced', 45 | 'comment': '', 46 | 'name': 'net.ifnames', 47 | } 48 | replace_mock.assert_called_once_with( 49 | name='/etc/default/grub', 50 | repl='GRUB_CMDLINE_LINUX_DEFAULT="systemd.show_status=1 console=ttyS0,115200 console=tty0 net.ifnames=1 quiet"', 51 | pattern='GRUB_CMDLINE_LINUX_DEFAULT="[^"]*"' 52 | ) 53 | 54 | 55 | def test_kernel_param_removed(): 56 | """ 57 | Test the bootloader.kernel_param function when deleting a value 58 | """ 59 | existing_params = "systemd.show_status=1 console=ttyS0,115200 console=tty0 net.ifnames=0 quiet" 60 | run_mock = MagicMock(return_value=existing_params) 61 | with patch.dict(bootloader.__salt__, {'cmd.run': run_mock}): 62 | replace_mock = MagicMock(return_value={'result': True, 'change': 'replaced', 'comment': ''}) 63 | with patch.dict(bootloader.__states__, {'file.replace': replace_mock}): 64 | with patch.dict(bootloader.__opts__, {'test': False}): 65 | ret = bootloader.kernel_param('net.ifnames', None) 66 | assert ret == { 67 | 'result': True, 68 | 'change': 'replaced', 69 | 'comment': '', 70 | 'name': 'net.ifnames', 71 | } 72 | replace_mock.assert_called_once_with( 73 | name='/etc/default/grub', 74 | repl='GRUB_CMDLINE_LINUX_DEFAULT="systemd.show_status=1 console=ttyS0,115200 console=tty0 quiet"', 75 | pattern='GRUB_CMDLINE_LINUX_DEFAULT="[^"]*"' 76 | ) 77 | 78 | 79 | def test_kernel_param_append(): 80 | """ 81 | Test the bootloader.kernel_param function when adding a value 82 | """ 83 | run_mock = MagicMock(return_value='') 84 | with patch.dict(bootloader.__salt__, {'cmd.run': run_mock}): 85 | append_mock = MagicMock(return_value={'result': True, 'change': 'appended', 'comment': ''}) 86 | with patch.dict(bootloader.__states__, {'file.append': append_mock}): 87 | with patch.dict(bootloader.__opts__, {'test': False}): 88 | ret = bootloader.kernel_param("foo", "bar") 89 | assert ret == { 90 | 'result': True, 91 | 'change': 'appended', 92 | 'comment': '', 93 | 'name': 'foo', 94 | } 95 | append_mock.assert_called_once_with( 96 | name='/etc/default/grub', 97 | text='GRUB_CMDLINE_LINUX_DEFAULT="foo=bar"', 98 | ) 99 | -------------------------------------------------------------------------------- /virtualization-formulas/host/states/.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__ 2 | -------------------------------------------------------------------------------- /virtualization-formulas/host/states/iommu.sls: -------------------------------------------------------------------------------- 1 | intel_iommu_kernel_param: 2 | bootloader.kernel_param: 3 | - name: intel_iommu 4 | - value: {{ '"on"' if grains['cpu_vendor'] == 'GenuineIntel' and pillar['iommu'] else 'null' }} 5 | -------------------------------------------------------------------------------- /virtualization-formulas/host/states/map.jinja: -------------------------------------------------------------------------------- 1 | {% if grains['os_family'] == 'Suse' %} 2 | {% if '15' in grains['osrelease'] %} 3 | {% set hypervisor_packages = [ 4 | 'patterns-server-%s_server'|format(pillar['hypervisor']|lower()), 5 | 'python3-six', 6 | 'qemu-ksm' 7 | ] 8 | %} 9 | {% elif grains['osfullname'] == 'Leap' %} 10 | {% set hypervisor_packages = ['patterns-openSUSE-%s_server'|format(pillar['hypervisor']|lower())] %} 11 | {% else %} 12 | {% set hypervisor_packages = ['patterns-sles-%s_server'|format(pillar['hypervisor']|lower())] %} 13 | {% endif %} 14 | 15 | {% if pillar['hypervisor'] =='KVM' %} 16 | {% set hypervisor_packages = hypervisor_packages + ['libvirt-daemon-qemu'] %} 17 | {% elif pillar['hypervisor'] == 'Xen' %} 18 | {% set hypervisor_packages = hypervisor_packages + ['libvirt-daemon-xen'] %} 19 | {% endif %} 20 | 21 | {% set packages = hypervisor_packages + [ 22 | 'qemu-tools', 23 | 'guestfs-tools', 24 | 'libvirt-client', 25 | 'python3-libvirt-python', 26 | 'kernel-default', 27 | 'tuned', 28 | 'irqbalance', 29 | ] 30 | %} 31 | {% endif %} 32 | -------------------------------------------------------------------------------- /virtualization-formulas/host/virtualization-host-formula.conf: -------------------------------------------------------------------------------- 1 | file_roots: 2 | base: 3 | - /usr/share/susemanager/formulas/states/virtualization-host/ 4 | -------------------------------------------------------------------------------- /virtualization-formulas/sriov/metadata/form.yml: -------------------------------------------------------------------------------- 1 | devices: 2 | $type: edit-group 3 | $prototype: 4 | $key: 5 | $name: Device name 6 | $placeholder: eth0 7 | $type: text 8 | $name: Count 9 | $type: number 10 | $default: 4 11 | $help: Number of virtual interfaces for each SR-IOV capable device 12 | -------------------------------------------------------------------------------- /virtualization-formulas/sriov/metadata/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Enabling SR-IOV network devices 3 | group: virtualization 4 | -------------------------------------------------------------------------------- /virtualization-formulas/sriov/metadata/pillar.example: -------------------------------------------------------------------------------- 1 | devices: 2 | eth0: 8 3 | eth1: 4 4 | -------------------------------------------------------------------------------- /virtualization-formulas/sriov/states/init.sls: -------------------------------------------------------------------------------- 1 | {% if pillar["devices"] is mapping %} 2 | sriov_unit_file: 3 | file.managed: 4 | - name: /etc/systemd/system/sriov.service 5 | - contents: | 6 | [Unit] 7 | Description = Activate SR-IOV virtual interfaces 8 | After = network-online.target 9 | 10 | [Service] 11 | Type=oneshot 12 | ExecStart=\ 13 | {%- for eth, count in pillar["devices"].items() %} 14 | sh -c "echo {{ count }} >/sys/class/net/{{ eth }}/device/sriov_numvfs" ; \ 15 | {%- else %} 16 | sh -c 'for file in `ls /sys/class/net/*/device/sriov_numvfs`; do echo 0 >$file; done' 17 | {%- endfor %} 18 | 19 | [Install] 20 | WantedBy = default.target 21 | 22 | systemctl_daemon_reload: 23 | cmd.run: 24 | - name: systemctl daemon-reload 25 | - require: 26 | - file: sriov_unit_file 27 | 28 | {# Since it's a oneshot service the process will be dead, but the state shouldn't fail #} 29 | sriov_service: 30 | service.enabled: 31 | - name: sriov 32 | - require: 33 | - cmd: systemctl_daemon_reload 34 | 35 | sriov_service_started: 36 | cmd.run: 37 | - name: systemctl start sriov 38 | - require: 39 | - cmd: systemctl_daemon_reload 40 | {% endif %} 41 | -------------------------------------------------------------------------------- /virtualization-formulas/virtualization-formulas.changes: -------------------------------------------------------------------------------- 1 | ------------------------------------------------------------------- 2 | Fri Feb 18 14:15:21 UTC 2022 - Cédric Bosdonnat 3 | 4 | - Update to version 0.6.2 5 | * Ensure qemu-ksm is installed on host 6 | 7 | ------------------------------------------------------------------- 8 | Fri Sep 10 09:24:41 UTC 2021 - Cédric Bosdonnat 9 | 10 | - Update to version 0.6.1 11 | * host: install irqbalance package 12 | 13 | ------------------------------------------------------------------- 14 | Wed Jul 28 10:02:32 UTC 2021 - Cédric Bosdonnat 15 | 16 | - Update to version 0.6 17 | - Add host tuning parameters 18 | - Add guest formula 19 | - Add SR-IOV formula 20 | 21 | ------------------------------------------------------------------- 22 | Thu Aug 27 08:45:01 UTC 2020 - Cédric Bosdonnat 23 | 24 | - Update to version 0.5 25 | - Ensure kernel-default and libvirt-python3 are installed 26 | - Set bridge network as default 27 | - Fix conditionals (bsc#1175791) 28 | 29 | ------------------------------------------------------------------- 30 | Tue May 12 08:37:21 UTC 2020 - Cédric Bosdonnat 31 | 32 | - Update to version 0.4 33 | - Hidden required fields should not be required 34 | 35 | ------------------------------------------------------------------- 36 | Wed Apr 8 08:11:12 UTC 2020 - Cédric Bosdonnat 37 | 38 | - Update to version 0.3 39 | - Fix required fields 40 | - Fix bridge network creation 41 | 42 | ------------------------------------------------------------------- 43 | Wed Feb 5 12:04:53 UTC 2020 - Cédric Bosdonnat 44 | 45 | - Update to version 0.2 46 | - Add default virtual storage pool and networks 47 | - Fix Xen install 48 | - Add: 49 | * virtualization-host-formula.conf 50 | 51 | ------------------------------------------------------------------- 52 | Thu Jun 13 07:40:31 UTC 2019 - Cédric Bosdonnat 53 | 54 | - Initial version 55 | -------------------------------------------------------------------------------- /virtualization-formulas/virtualization-formulas.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package virtualization-formulas 3 | # 4 | # Copyright (c) 2022 SUSE LLC 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | 19 | Name: virtualization-formulas 20 | Version: 0.6.2 21 | Release: 0 22 | Summary: Virtualization Salt Formulas for SUSE Manager 23 | License: Apache-2.0 24 | Group: System/Management 25 | URL: https://github.com/SUSE/salt-formulas 26 | Source: %{name}-%{version}.tar.gz 27 | BuildRoot: %{_tmppath}/%{name}-%{version}-build 28 | BuildArch: noarch 29 | BuildRequires: salt-master 30 | Requires: salt-master 31 | Provides: virtualization-host-formula = %version-%release 32 | Obsoletes: virtualization-host-formula < %version-%release 33 | 34 | %description 35 | Virtualization Salt Formula for SUSE Manager for both the hypervisor and the guest. 36 | 37 | %prep 38 | %setup -q 39 | 40 | %build 41 | 42 | %install 43 | install -D -t %{buildroot}/usr/share/susemanager/formulas/states/virtualization-host host/states/* 44 | install -D -t %{buildroot}/usr/share/susemanager/formulas/metadata/virtualization-host host/metadata/* 45 | install -D -t %{buildroot}/usr/share/susemanager/formulas/states/virtualization-guest guest/states/* 46 | install -D -t %{buildroot}/usr/share/susemanager/formulas/metadata/virtualization-guest guest/metadata/* 47 | install -D -t %{buildroot}/usr/share/susemanager/formulas/states/SR-IOV sriov/states/* 48 | install -D -t %{buildroot}/usr/share/susemanager/formulas/metadata/SR-IOV sriov/metadata/* 49 | 50 | install -D -t %{buildroot}/usr/share/susemanager/formulas/states/virtualization-host/_states host/src/states/*.py 51 | install -D host/virtualization-host-formula.conf %{buildroot}/etc/salt/master.d/virtualization-host-formula.conf 52 | 53 | %files 54 | %defattr(-,root,root,-) 55 | %license LICENSE 56 | /usr/share/susemanager 57 | %config /etc/salt/master.d/virtualization-host-formula.conf 58 | 59 | %changelog 60 | 61 | -------------------------------------------------------------------------------- /vsftpd-formula/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013-2014 Salt Stack Formulas 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /vsftpd-formula/form.yml: -------------------------------------------------------------------------------- 1 | vsftpd_config: 2 | $type: hidden-group 3 | 4 | anon_root: 5 | $name: 'FTP server directory' 6 | $type: text 7 | $default: '/srv/ftp' 8 | 9 | 10 | listen_address: 11 | $name: 'Internal Network Address' 12 | $type: text 13 | $optional: True 14 | 15 | ssl_enable: 16 | $name: 'Enable ssl' 17 | $type: boolean 18 | $default: false 19 | 20 | secure_chroot_dir: 21 | $name: 'Chroot dir' 22 | $type: text 23 | $default: '/usr/share/empty' 24 | 25 | anonymous_enable: 26 | $name: 'Allow anonymous FTP' 27 | $type: boolean 28 | $default: true 29 | 30 | allow_anon_ssl: 31 | $name: 'Allow SSL for anonymous' 32 | $type: boolean 33 | $default: true 34 | 35 | listen: 36 | $name: 'Run standalone' 37 | $type: boolean 38 | $default: true 39 | 40 | local_enable: 41 | $name: 'Allow local users' 42 | $type: boolean 43 | $default: true 44 | 45 | dirmessage_enable: 46 | $name: 'Activate directory messages' 47 | $type: boolean 48 | $default: true 49 | 50 | use_localtime: 51 | $name: 'Use localtime' 52 | $type: boolean 53 | $default: true 54 | 55 | xferlog_enable: 56 | $name: 'Activate logging of transfers' 57 | $type: boolean 58 | $default: true 59 | 60 | connect_from_port_20: 61 | $name: 'Connect from port 20' 62 | $type: boolean 63 | $default: true 64 | 65 | pam_service_name: 66 | $name: 'PAM service name' 67 | $type: text 68 | $default: 'vsftpd' 69 | 70 | rsa_cert_file: 71 | $name: 'RSA certificate file' 72 | $type: text 73 | $default: '/etc/ssl/certs/[ssl-cert-file].pem' 74 | 75 | rsa_private_key_file: 76 | $name: 'RSA private key file' 77 | $type: text 78 | $default: '/etc/ssl/private/[ssl-cert-file].key' 79 | 80 | -------------------------------------------------------------------------------- /vsftpd-formula/metadata.yml: -------------------------------------------------------------------------------- 1 | description: 2 | Settings for vsftpd for branchserver 3 | group: general_system_configuration 4 | after: 5 | - branch-network -------------------------------------------------------------------------------- /vsftpd-formula/pillar.example: -------------------------------------------------------------------------------- 1 | vsftpd_config: 2 | listen: 'YES' 3 | anonymous_enable: 'NO' 4 | local_enable: 'YES' 5 | dirmessage_enable: 'YES' 6 | use_localtime: 'YES' 7 | xferlog_enable: 'YES' 8 | connect_from_port_20: 'YES' 9 | secure_chroot_dir: '/var/run/vsftpd/empty' 10 | pam_service_name: 'vsftpd' 11 | rsa_cert_file: '/etc/ssl/certs/ssl-cert-snakeoil.pem' 12 | rsa_private_key_file: '/etc/ssl/private/ssl-cert-snakeoil.key' 13 | 14 | 15 | 16 | # or use booleans 17 | vsftpd_config: 18 | listen: true 19 | anonymous_enable: false 20 | local_enable: true 21 | -------------------------------------------------------------------------------- /vsftpd-formula/vsftpd-formula.changes: -------------------------------------------------------------------------------- 1 | ------------------------------------------------------------------- 2 | Tue Sep 17 14:54:10 UTC 2019 - Ondrej Holecek 3 | 4 | - Update to version 0.1.1568808472.be9f236 5 | - Update formula to upstream version hash cc7d6b15 6 | 7 | ------------------------------------------------------------------- 8 | Thu May 23 13:54:24 UTC 2019 - Ondrej Holecek 9 | 10 | - Updated copyrights and bug reporting link 11 | - Update to version 0.1.1558613789.64ba093 12 | 13 | ------------------------------------------------------------------- 14 | Wed Jun 6 11:16:02 UTC 2018 - nadvornik@suse.com 15 | 16 | - Adjusted default directory 17 | - Use boolean values in pillar 18 | 19 | ------------------------------------------------------------------- 20 | Sun Mar 18 16:39:16 UTC 2018 - oholecek@suse.com 21 | 22 | - Add 'after' tag to metada to ensure correct order 23 | - see also bsc#1083326 24 | - Adjust vsftpd port range for SuSEfirewall2 25 | - Using default chroot in vsftpd 26 | - Configurable service directory for ftp and tftp 27 | - sets up correct user, group and access in branch-network 28 | adds service users into saltboot group 29 | 30 | ------------------------------------------------------------------- 31 | Wed Aug 09 16:31:16 UTC 2017 - psladek@suse.com 32 | 33 | - new package 34 | 35 | -------------------------------------------------------------------------------- /vsftpd-formula/vsftpd-formula.spec: -------------------------------------------------------------------------------- 1 | # 2 | # spec file for package vsftpd-formula 3 | # 4 | # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. 5 | # 6 | # All modifications and additions to the file contributed by third parties 7 | # remain the property of their copyright owners, unless otherwise agreed 8 | # upon. The license for this file, and modifications and additions to the 9 | # file, is the same license as for the pristine package itself (unless the 10 | # license for the pristine package is not an Open Source License, in which 11 | # case the license is the MIT License). An "Open Source License" is a 12 | # license that conforms to the Open Source Definition (Version 1.9) 13 | # published by the Open Source Initiative. 14 | 15 | # Please submit bugfixes or comments via https://bugs.opensuse.org/ 16 | # 17 | 18 | %define fname vsftpd 19 | %define fdir %{_datadir}/susemanager/formulas 20 | Name: vsftpd-formula 21 | Version: 0.1 22 | Release: 0 23 | Summary: Formula for vsftpd server for SUSE Manager 24 | License: Apache-2.0 25 | Group: System/Packages 26 | URL: https://github.com/saltstack-formulas/vsftpd-formula 27 | Source: vsftpd-formula-%{version}.tar.xz 28 | BuildRoot: %{_tmppath}/%{name}-%{version}-build 29 | BuildArch: noarch 30 | 31 | %description 32 | Formula for installation and setup of vsftpd server. 33 | 34 | %prep 35 | %setup -q 36 | 37 | %build 38 | 39 | %install 40 | mkdir -p %{buildroot}%{fdir}/states/%{fname}/files 41 | mkdir -p %{buildroot}%{fdir}/metadata/%{fname} 42 | cp -R %{fname}/* %{buildroot}%{fdir}/states/%{fname} 43 | cp form.yml %{buildroot}%{fdir}/metadata/%{fname} 44 | cp metadata.yml %{buildroot}%{fdir}/metadata/%{fname} 45 | cp LICENSE %{buildroot}%{fdir}/metadata/%{fname} 46 | 47 | %files 48 | %defattr(-,root,root) 49 | %dir %{_datadir}/susemanager 50 | %dir %{fdir} 51 | %dir %{fdir}/states 52 | %dir %{fdir}/metadata 53 | %{fdir}/states/%{fname} 54 | %{fdir}/metadata/%{fname} 55 | 56 | %changelog 57 | -------------------------------------------------------------------------------- /vsftpd-formula/vsftpd/config.sls: -------------------------------------------------------------------------------- 1 | {% from "vsftpd/map.jinja" import vsftpd with context %} 2 | 3 | vsftpd_config: 4 | file.managed: 5 | - name: {{ vsftpd.vsftpd_config }} 6 | - source: {{ vsftpd.vsftpd_config_src }} 7 | - template: jinja 8 | - user: root 9 | - mode: 644 10 | - makedirs: true 11 | - watch_in: 12 | - service: {{ vsftpd.service }} 13 | -------------------------------------------------------------------------------- /vsftpd-formula/vsftpd/init.sls: -------------------------------------------------------------------------------- 1 | {% from "vsftpd/map.jinja" import vsftpd with context %} 2 | {% set vsftpd_config = salt['pillar.get']('vsftpd_config') %} 3 | 4 | include: 5 | - vsftpd.config 6 | 7 | vsftpd: 8 | {% if vsftpd.server is defined %} 9 | pkg.installed: 10 | - name: {{ vsftpd.server }} 11 | {% endif %} 12 | service.running: 13 | - enable: True 14 | - name: {{ vsftpd.service }} 15 | - require: 16 | - file: vsftpd_chroot_dir 17 | {% if vsftpd_config.anon_root is defined %} 18 | - file: vsftpd_anon_dir_check 19 | {% endif %} 20 | {% if vsftpd.server is defined %} 21 | - pkg: {{ vsftpd.server }} 22 | {% endif %} 23 | 24 | 25 | vsftpd_chroot_dir: 26 | file.directory: 27 | - user: root 28 | - name: {{ pillar['vsftpd_config']['secure_chroot_dir'] }} 29 | - group: root 30 | - mode: 755 31 | - makedirs: True 32 | 33 | 34 | {% if vsftpd_config.anon_root is defined %} 35 | vsftpd_anon_dir_check: 36 | file.exists: 37 | - name: {{ vsftpd_config.anon_root }} 38 | {% endif %} 39 | -------------------------------------------------------------------------------- /vsftpd-formula/vsftpd/map.jinja: -------------------------------------------------------------------------------- 1 | {% set vsftpd = salt['grains.filter_by']({ 2 | 'Debian': { 3 | 'server': 'vsftpd', 4 | 'service': 'vsftpd', 5 | 'vsftpd_config': '/etc/vsftpd.conf', 6 | 'vsftpd_config_src': 'salt://vsftpd/files/vsftpd.conf', 7 | }, 8 | 'FreeBSD': { 9 | 'server': 'vsftpd-ssl', 10 | 'service': 'vsftpd', 11 | 'vsftpd_config': '/usr/local/etc/vsftpd.conf', 12 | 'vsftpd_config_src': 'salt://vsftpd/files/vsftpd.conf', 13 | }, 14 | 'RedHat': { 15 | 'server': 'vsftpd', 16 | 'service': 'vsftpd', 17 | 'vsftpd_config': '/etc/vsftpd/vsftpd.conf', 18 | 'vsftpd_config_src': 'salt://vsftpd/files/vsftpd.conf', 19 | }, 20 | 'Arch': { 21 | 'server': 'vsftpd', 22 | 'service': 'vssftpd', 23 | 'vsftpd_config': '/etc/vsftpd.conf', 24 | 'vsftpd_config_src': 'salt://vsftpd/files/vsftpd.conf', 25 | }, 26 | 'Suse': { 27 | 'server': 'vsftpd', 28 | 'service': 'vsftpd', 29 | 'vsftpd_config': '/etc/vsftpd.conf', 30 | 'vsftpd_config_src': 'salt://vsftpd/files/vsftpd.conf', 31 | }, 32 | }, merge=salt['pillar.get']('vsftpd:lookup')) %} 33 | --------------------------------------------------------------------------------