├── .gitignore ├── LICENSE ├── README.md ├── pillar ├── docker.sls ├── mine.sls ├── properties.sls └── top.sls ├── providers ├── Dockerfile ├── aws │ └── files │ │ ├── aws.conf │ │ ├── configure_cloud.sh │ │ ├── rancher.conf │ │ └── ubuntu_ec2.conf └── vagrant │ ├── Vagrantfile │ ├── configs │ ├── master │ └── minion │ └── keys │ ├── master.pem │ ├── master.pub │ ├── node01.pem │ ├── node01.pub │ ├── node02.pem │ └── node02.pub └── salt ├── common ├── jq │ └── init.sls └── python-setuptools │ └── init.sls ├── deploy └── rancher.sls ├── docker ├── etc │ └── docker ├── global_vars.jinja ├── init.sls ├── mysql │ └── init.sls ├── rancher │ ├── agent │ │ └── init.sls │ └── server │ │ ├── environments.sls │ │ └── init.sls └── registry │ └── init.sls ├── salt ├── clean_mine_cache.sls ├── etc │ └── salt │ │ └── grains ├── grains.sls ├── minion.sls └── salt │ └── grains └── top.sls /.gitignore: -------------------------------------------------------------------------------- 1 | providers/vagrant/.vagrant 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | Copyright 2016 Alen Komljen 179 | 180 | Licensed under the Apache License, Version 2.0 (the "License"); 181 | you may not use this file except in compliance with the License. 182 | You may obtain a copy of the License at 183 | 184 | http://www.apache.org/licenses/LICENSE-2.0 185 | 186 | Unless required by applicable law or agreed to in writing, software 187 | distributed under the License is distributed on an "AS IS" BASIS, 188 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 189 | See the License for the specific language governing permissions and 190 | limitations under the License. 191 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Rancher container platform deployment 2 | 3 | Salt states for Rancher container platform deployment. 4 | 5 | Support for: 6 | 7 | * Rancher server - single node with external MySQL database 8 | * Rancher agents - automatically provisioned on server start 9 | * Rancher multi-environment support - automatically create new environments and add agents to them (Kubernetes, Swarm and Mesos) 10 | * Docker registry - it is not automatically added to Rancher environment 11 | * Kubernetes will be automatically provisioned on one node 12 | * Support for different providers: 13 | * Vagrant 14 | * AWS 15 | 16 | Versions: 17 | 18 | * Ubuntu 14.04 19 | * Salt v2016.3.5 20 | * Rancher v1.4.1 21 | * Docker 1.12.6 22 | * Vagrant 1.9.3 23 | 24 | Rancher default environment: 25 | ![Rancher default environment](https://www.dropbox.com/s/4vta5amp2igjgo8/rancher_env2.png?raw=true) 26 | 27 | Rancher kubernetes environment: 28 | ![Rancher kubernetes environment](https://www.dropbox.com/s/n3esrs086z35d6n/rancher_env3.png?raw=true) 29 | 30 | # Configuration options 31 | 32 | You can automatically provision Rancher agents to a particular environment specifying ```agentEnvironment``` grain. Without it, agents will be added to a Default environment. Depending on provider those can be added to ```properties.sls``` file in Vagrant or if running on AWS inside ```/etc/salt/cloud.maps.d/rancher.conf```. 33 | 34 | # Vagrant 35 | 36 | If you want to test this deployment on your local machine inside VMs, the easiest way is to use Vagrant with VirtualBox provider: 37 | 38 | ``` 39 | git clone https://github.com/komljen/rancher-salt 40 | cd rancher-salt/providers/vagrant && vagrant up 41 | ``` 42 | This will bring up 3 VMs, one master, and 3 minion nodes. 43 | Test the connectivity between master and minions: 44 | 45 | ``` 46 | vagrant ssh master 47 | sudo salt '*' test.ping 48 | ``` 49 | If everything is OK you can proceed with the deployment step. First, you need to run high state to add roles to minions based on ```properties.sls``` file: 50 | 51 | ``` 52 | sudo salt '*' state.highstate 53 | ``` 54 | Then to start a Rancher deployment run orchestrate state: 55 | 56 | ``` 57 | sudo salt-run state.orchestrate deploy.rancher 58 | ``` 59 | It will take a few minutes to complete. Then you can check Rancher status at ```http://localhost:8080```. 60 | 61 | # AWS EC2 62 | 63 | Salt cloud is used for AWS provisioning. The easiest way is to run provisioning from prepared docker container which has salt and awscli tools installed with prepared config files. You can run this salt-cloud container in background and connect to it when needed: 64 | 65 | ``` 66 | docker run -d -e AWS_ACCESS_KEY_ID=KEY \ 67 | -e AWS_SECRET_ACCESS_KEY=SECRET \ 68 | -e AWS_DEFAULT_REGION=us-west-2 \ 69 | -e AWS_DEFAULT_AZ=us-west-2a \ 70 | -e AWS_AMI_ID=ami-d732f0b7 \ 71 | --name salt-cloud \ 72 | komljen/salt-cloud 73 | ``` 74 | Then check for logs and attach to a running container: 75 | 76 | ``` 77 | docker logs -f salt-cloud 78 | docker exec -i -t salt-cloud bash 79 | ``` 80 | 81 | If everything is fine you can start provisioning (master will start first and then all minion nodes will start in parallel): 82 | 83 | ``` 84 | salt-cloud -m /etc/salt/cloud.maps.d/rancher.conf -P -y 85 | ``` 86 | 87 | Now you can connect to the master node using new pem key /etc/salt/salt_cloud_key.pem. Check your master public IP address with: 88 | 89 | ``` 90 | salt-cloud -Q 91 | ssh -i /etc/salt/salt_cloud_key.pem ubuntu@ 92 | ``` 93 | 94 | Check environment and if all minions are connected deploy rancher: 95 | 96 | ``` 97 | sudo salt '*' test.ping 98 | sudo salt-run state.orchestrate deploy.rancher 99 | ``` 100 | 101 | To access rancher web UI at ```http://AWS_MASTER_PUBLIC_DNS:8080``` you need to open 8080 port first. 102 | 103 | If you want to destroy all instances (EBS volumes will be deleted also) run following command: 104 | 105 | ``` 106 | salt-cloud -m /etc/salt/cloud.maps.d/rancher.conf -d -y 107 | ``` 108 | 109 | **NOTE:** Do not delete container until you first copy .pem key from it! Otherwise, you will not be able to log into instances. 110 | 111 | ``` 112 | docker cp salt-cloud:/etc/salt/salt_cloud_key.pem . 113 | docker rm -f salt-cloud 114 | ``` 115 | -------------------------------------------------------------------------------- /pillar/docker.sls: -------------------------------------------------------------------------------- 1 | # Docker settings 2 | docker: 3 | version: 1.12.6-0~ubuntu-trusty 4 | dockerpy_version: 1.9.0 5 | registry: 6 | tag: 2 7 | -------------------------------------------------------------------------------- /pillar/mine.sls: -------------------------------------------------------------------------------- 1 | mine_functions: 2 | grains.items: [] 3 | network.interfaces: [] 4 | -------------------------------------------------------------------------------- /pillar/properties.sls: -------------------------------------------------------------------------------- 1 | # Node configuration 2 | nodes: 3 | master: 4 | agentEnvironment: Default 5 | roles: 6 | - rancher-server 7 | - rancher-agent 8 | - docker-registry 9 | node01: 10 | agentEnvironment: Kubernetes 11 | roles: 12 | - rancher-agent 13 | - mysql-server 14 | node02: 15 | agentEnvironment: Kubernetes 16 | roles: 17 | - rancher-agent 18 | 19 | # Docker settings 20 | docker: 21 | registry: 22 | data_path: /var/lib/docker-registry 23 | port: 5000 24 | #iface: eth0 25 | 26 | # Rancher settings 27 | rancher: 28 | server: 29 | version: v1.4.1 30 | port: 8080 31 | #iface: eth0 32 | db: 33 | name: rancher 34 | user: rancher 35 | password: rancher 36 | # Create additional environments on startup 37 | environments: 38 | kubernetes: 39 | - name: Kubernetes 40 | swarm: 41 | - name: Swarm 42 | mesos: 43 | - name: Mesos 44 | 45 | # Mysql settings 46 | mysql: 47 | version: 5.7.14 48 | data_path: /var/lib/mysql 49 | port: 3306 50 | #iface: eth0 51 | 52 | -------------------------------------------------------------------------------- /pillar/top.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | 3 | base: 4 | '*': 5 | - mine 6 | - docker 7 | - properties 8 | -------------------------------------------------------------------------------- /providers/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian:jessie 2 | MAINTAINER Alen Komljen 3 | 4 | ENV SALT_VERSION v2016.3.5 5 | 6 | RUN \ 7 | apt-get update && \ 8 | apt-get -y install \ 9 | python-setuptools \ 10 | vim \ 11 | curl \ 12 | git-core && \ 13 | rm -rf /var/lib/apt/lists/* 14 | 15 | RUN \ 16 | easy_install pip && \ 17 | pip install awscli && \ 18 | curl -L https://bootstrap.saltstack.com \ 19 | | sh -s -- -X -L -q git "$SALT_VERSION" 20 | 21 | COPY aws/files/aws.conf /etc/salt/cloud.providers.d/aws.conf 22 | COPY aws/files/ubuntu_ec2.conf /etc/salt/cloud.profiles.d/ubuntu_ec2.conf 23 | COPY aws/files/rancher.conf /etc/salt/cloud.maps.d/rancher.conf 24 | COPY aws/files/configure_cloud.sh configure_cloud.sh 25 | 26 | CMD ["./configure_cloud.sh"] 27 | -------------------------------------------------------------------------------- /providers/aws/files/aws.conf: -------------------------------------------------------------------------------- 1 | ec2: 2 | id: AWS_KEY 3 | key: AWS_SECRET 4 | private_key: /etc/salt/salt_cloud_key.pem 5 | keyname: salt_cloud_key 6 | location: AWS_REGION 7 | availability_zone: AWS_AZ 8 | driver: ec2 9 | del_root_vol_on_destroy: True 10 | del_all_vols_on_destroy: True 11 | rename_on_destroy: True 12 | ssh_interface: public_ips 13 | -------------------------------------------------------------------------------- /providers/aws/files/configure_cloud.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | echo "==> Checking AWS credentials" 3 | if ! aws ec2 describe-vpcs >/dev/null; then 4 | echo "==> Something went wrong!" 5 | echo "==> Delete this container: docker rm -f salt-cloud" 6 | echo "==> Please check AWS credentials and try again!" 7 | exit 1 8 | fi 9 | 10 | echo "==> Creating a new security group SaltCloudInstances" 11 | aws ec2 create-security-group \ 12 | --group-name SaltCloudInstances \ 13 | --description "The Security Group applied to all salt-cloud instances" 14 | 15 | echo "==> Opening port 22 to public for SaltCloudInstances" 16 | aws ec2 authorize-security-group-ingress \ 17 | --group-name SaltCloudInstances \ 18 | --protocol tcp --port 22 \ 19 | --cidr 0.0.0.0/0 20 | 21 | echo "==> Allowing all ports inside SaltCloudInstances security group" 22 | aws ec2 authorize-security-group-ingress \ 23 | --group-name SaltCloudInstances \ 24 | --source-group SaltCloudInstances \ 25 | --protocol all --port 0-65535 26 | 27 | export SG_ID=$(aws ec2 describe-security-groups --group-name SaltCloudInstances --query SecurityGroups[].GroupId --output text) 28 | export SUBNET_ID=$(aws ec2 describe-subnets --filters Name=availabilityZone,Values=${AWS_DEFAULT_AZ} --query Subnets[].SubnetId --output text) 29 | 30 | echo "==> Updating /etc/salt/cloud.providers.d/aws.conf" 31 | sed " 32 | s|AWS_KEY|${AWS_ACCESS_KEY_ID}|g 33 | s|AWS_SECRET|${AWS_SECRET_ACCESS_KEY}|g 34 | s|AWS_REGION|${AWS_DEFAULT_REGION}|g 35 | s|AWS_AZ|${AWS_DEFAULT_AZ}|g" \ 36 | -i /etc/salt/cloud.providers.d/aws.conf 37 | 38 | echo "==> Updating /etc/salt/cloud.profiles.d/ubuntu_ec2.conf" 39 | sed " 40 | s|SG_ID|${SG_ID}|g 41 | s|SUBNET_ID|${SUBNET_ID}|g 42 | s|AMI_ID|${AWS_AMI_ID}|g" \ 43 | -i /etc/salt/cloud.profiles.d/ubuntu_ec2.conf 44 | 45 | echo "==> Checking if salt_cloud_key already exists remotely" 46 | if ! aws ec2 describe-key-pairs | grep -wq salt_cloud_key; then 47 | echo "==> Generating new pem key /etc/salt/salt_cloud_key.pem" 48 | ssh-keygen -f /etc/salt/salt_cloud_key.pem -t rsa -b 4096 -q -N "" 49 | chmod 400 /etc/salt/salt_cloud_key.pem 50 | echo "==> Importing pub key to AWS with name salt_cloud_key" 51 | salt-cloud -f import_keypair ec2 keyname=salt_cloud_key file=/etc/salt/salt_cloud_key.pem.pub 52 | else 53 | echo "==> Key already exists, delete it or copy the key from your host before starting salt-cloud!" 54 | echo " docker cp /path/to/key/salt_cloud_key.pem salt-cloud:/etc/salt/salt_cloud_key.pem" 55 | echo "==> Then run this script again inside the container" 56 | fi 57 | 58 | echo "==> All done!" 59 | if [[ $(ps -ef | grep -wc configure_cloud.sh) -le 3 ]]; then 60 | echo "==> Keep this container running..." 61 | while true; do 62 | sleep 10; 63 | done 64 | fi 65 | 66 | -------------------------------------------------------------------------------- /providers/aws/files/rancher.conf: -------------------------------------------------------------------------------- 1 | rancher_server: 2 | - master: 3 | make_master: True 4 | salt_interface: private_ips 5 | master: 6 | hash_type: md5 7 | fileserver_backend: 8 | - roots 9 | - git 10 | gitfs_remotes: 11 | - https://github.com/komljen/rancher-salt 12 | gitfs_base: master 13 | gitfs_root: salt 14 | git_pillar_root: pillar 15 | ext_pillar: 16 | - git: 17 | - master https://github.com/komljen/rancher-salt 18 | pillar_roots: 19 | base: 20 | - /home/ubuntu/config 21 | worker_threads: 1 22 | jinja_trim_blocks: True 23 | jinja_lstrip_blocks: True 24 | grains: 25 | agentEnvironment: Default 26 | roles: 27 | - rancher-server 28 | - rancher-agent 29 | - docker-registry 30 | 31 | rancher_agent: 32 | - node01: 33 | grains: 34 | agentEnvironment: Kubernetes 35 | roles: 36 | - rancher-agent 37 | - mysql-server 38 | - node02: 39 | grains: 40 | agentEnvironment: Kubernetes 41 | roles: 42 | - rancher-agent 43 | 44 | -------------------------------------------------------------------------------- /providers/aws/files/ubuntu_ec2.conf: -------------------------------------------------------------------------------- 1 | ubuntu_ec2: 2 | provider: ec2 3 | image: AMI_ID 4 | ssh_username: ubuntu 5 | network_interfaces: 6 | - DeviceIndex: 0 7 | PrivateIpAddresses: 8 | - Primary: True 9 | AssociatePublicIpAddress: True 10 | SubnetId: SUBNET_ID 11 | SecurityGroupId: 12 | - SG_ID 13 | sync_after_install: all 14 | script_args: -p python-git -q git v2016.3.5 15 | grains: 16 | environment: DEV 17 | provider: AWS 18 | minion: 19 | hash_type: md5 20 | 21 | rancher_agent: 22 | extends: ubuntu_ec2 23 | size: t2.small 24 | 25 | rancher_server: 26 | extends: ubuntu_ec2 27 | size: t2.small 28 | -------------------------------------------------------------------------------- /providers/vagrant/Vagrantfile: -------------------------------------------------------------------------------- 1 | # vi: set ft=ruby : 2 | 3 | SALT_VERSION = "v2016.3.5" 4 | 5 | Vagrant.configure("2") do |config| 6 | config.vm.box = "ubuntu/trusty64" 7 | 8 | config.vm.provider "virtualbox" do |v| 9 | v.memory = 2048 10 | v.cpus = 2 11 | end 12 | 13 | config.vm.define "master" do |node| 14 | node.vm.hostname = "master" 15 | node.vm.network :private_network, ip: "192.168.33.10" 16 | node.vm.network "forwarded_port", guest: 8080, host: 8080, host_ip: "127.0.0.1" 17 | 18 | node.vm.synced_folder "../../../rancher-salt", "/home/vagrant/rancher-salt" 19 | 20 | # salt-master provisioning 21 | node.vm.provision :salt do |salt| 22 | salt.install_type = "git" 23 | salt.install_args = "#{SALT_VERSION}" 24 | salt.install_master = true 25 | salt.master_config = "configs/master" 26 | salt.run_highstate = false 27 | salt.master_key = 'keys/master.pem' 28 | salt.master_pub = 'keys/master.pub' 29 | 30 | salt.minion_config = "configs/minion" 31 | salt.minion_key = 'keys/master.pem' 32 | salt.minion_pub = 'keys/master.pub' 33 | 34 | salt.seed_master = { 35 | 'node01' => 'keys/node01.pub', 36 | 'node02' => 'keys/node02.pub', 37 | 'master' => 'keys/master.pub' 38 | } 39 | end 40 | end 41 | 42 | config.vm.define "node01" do |node| 43 | node.vm.hostname = "node01" 44 | node.vm.network :private_network, ip: "192.168.33.20" 45 | 46 | # salt-minion provisioning 47 | node.vm.provision :salt do |salt| 48 | salt.install_type = "git" 49 | salt.install_args = "#{SALT_VERSION}" 50 | salt.minion_config = "configs/minion" 51 | salt.minion_key = 'keys/node01.pem' 52 | salt.minion_pub = 'keys/node01.pub' 53 | end 54 | end 55 | 56 | config.vm.define "node02" do |node| 57 | node.vm.hostname = "node02" 58 | node.vm.network :private_network, ip: "192.168.33.30" 59 | 60 | # salt-minion provisioning 61 | node.vm.provision :salt do |salt| 62 | salt.install_type = "git" 63 | salt.install_args = "#{SALT_VERSION}" 64 | salt.minion_config = "configs/minion" 65 | salt.minion_key = 'keys/node02.pem' 66 | salt.minion_pub = 'keys/node02.pub' 67 | end 68 | end 69 | end 70 | -------------------------------------------------------------------------------- /providers/vagrant/configs/master: -------------------------------------------------------------------------------- 1 | file_recv: True 2 | file_roots: 3 | base: 4 | - /home/vagrant/rancher-salt/salt 5 | - /var/cache/salt/master/minions 6 | pillar_roots: 7 | base: 8 | - /home/vagrant/rancher-salt/pillar 9 | - /home/vagrant/config 10 | worker_threads: 1 11 | hash_type: sha256 12 | jinja_trim_blocks: True 13 | jinja_lstrip_blocks: True 14 | -------------------------------------------------------------------------------- /providers/vagrant/configs/minion: -------------------------------------------------------------------------------- 1 | master: 192.168.33.10 2 | hash_type: sha256 3 | grains: 4 | provider: VAGRANT 5 | -------------------------------------------------------------------------------- /providers/vagrant/keys/master.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJKQIBAAKCAgEApqaKe7m3lpnB7LGgpheHn2BVfLyzPTiS2HpwjOveYlpqzOvF 3 | yllPZri/znKqcZqXaCdb1eant1eqwxoby5M17MDCTNoDAjGzmz3Wihs8fBOFq7qs 4 | cUhIZAR3VppaCV/dk40/ZkNlzImcygDmLf6y1D5PCXKEn6yxcfNlIMAWcssHnxx4 5 | wRVsCujkY7x5yW2FF1bFvVDMRSWBySpuWp1VU1p267kttxgU5jOSimp6lJWFf3Yq 6 | CgE42OVR81cHi2XBbubX8ME9mLHhTCdTp4tjC+94DBTVEuH7DmmzpVbSsj5IUf1B 7 | hspSSd2aYxJC5CBDtUXMVLKv436F6+Lmye5az0aGzc0AqF2SrhYiH1cwgR08dS7a 8 | V/1RDxlk2bd2Feg/GCcg9jwUBGjK2+H46dMx/ThcyjwDR8W42E3jAa31JfwriaYh 9 | iEFCcaDI8mufBgKqEPgbuaUw7IlgpCCBgDdbtwV2UvMIJCql7BrY2Pw2sRf+tzoE 10 | +36bOijv5dqDlSgUOhpk7rPLsf9ZsVJcPL40yaq8DYG3rlWzdgZ6bpPNw/jfqwTs 11 | C5YMcCMaIc72F9nKAE2ZjtZ3ZZ/N2HklRFBzwVrGIL80BV+7QQ/tsQxWJmcYxFfI 12 | BwdWrIpvykQoyC5BvE4t4+qYNoJvrxBXhQU5VPPPTkRTfZnL9rg41Wrr/XECAwEA 13 | AQKCAgEAg1FUam5LplZ+oz7M8lQ0QHgupN4k9ybvP7ormj/6utG4usVG1E5P7QfD 14 | zLA6cs54ZFAvY3wfyK9CFf8qy92ybl7uPJTGLiJv/vJZbfZMUREpEctFOvbUZEvI 15 | pet261ApT63LuY9+VhBSBjNzLec3j1uR+EXPD+uK39oFZCs5BTfLR6ut06hHvMkL 16 | vzOzW+/7Igr0Qlu6uvn1LUlMMAcuR0JP1yvSRCarwUH+RSfmc9LmoSvBsKSJ4Q/C 17 | 5dc8ULHcHMG2gzYijYINoG6U0r9ZSvxmQk7gH8MGi7LrJmwmFuJRJppD2izvbtk6 18 | YLrxDsYF1H+tpUgwpTj72oaviYtS7iAa1w5hBcFB5Sk07FxbMKCYEb0DqSdfLiO5 19 | GzoltDIDivHDRvGRehWU/eaSIMRKUCTLuNVe13xZ6nI73y+M+uNdHDjsgj3u8Zjf 20 | wwZaPUbgwgqywlenSbDL/ZTb+dEkNf3fl1lwvEKgzAAanwL5j77YUqw8RkLePas4 21 | 3TGjD/aHr09ItawqPI1u9Lu+XN5dmIId8QRVdXmqALZiVrROEKPbUHGYGwS3/KN3 22 | TSk00qXWvJIaNAqT8ZbWjTLlR0Coosd1/HrY+VLmcLkvsTHFMQYOtXim9F3FBe8p 23 | YrXOYzxsduIxshJBGtlGGtagGolNObULsDGoqSTHZFo2BlqLxUkCggEBANlL5DMz 24 | XLd0A5BxGnpZKZioO5pbUtw5kqC14aQBccPRzoKj3ocF3Q+R8E9PVoXYNvBBkthK 25 | HQg6G4EclN0LykPGAhmBkohRlQSVuuEgI52nY77lJMoun09GX54WAie+W9J2aDTT 26 | yDsgV1YKtioN3bXpCiucU3LBOlnJ6UKJ22U0OXqoqqskL5F4MBKPbdR9BC1ZLX8i 27 | l/psGNCedGsvB4xrWTIGc4yjw43Sa5fwarmJ4KD0oJsoMcCczZnqCciqmmuoXMWa 28 | ZX4Wf7R62geMaGVDxcOkA4jyoMrV4doILyLK0TT/u/mokkvqdNhO4RzZvTQ1/M3R 29 | kHVVhE8FYI3NFwMCggEBAMRVVqxPzuJzYfaOhNx8inMEYo+U4/DMB7HsUJDZNhV1 30 | GvqVk+QWUKMFFxltyO1YFkF23fTF0sshXpozOor+iw9WCQqQYOepXwuIO8inGVrC 31 | P42PoKbPu0Q/Iy7S4u9A/3X0KY46cCoICq+xwWTevd3qUpq2ffQ2jrpijUCZOIJS 32 | 827Y7G+G1oPVdUJcyERGFqaMc1EpYMxdeKvgDnhZEpwpqaGZhIBTxxtc59qXF3b0 33 | fpxSQOyFBvIeE3XrCkb8V808JMFeRqmKAhIHwyw3O6f9K4OSU4Tta+M3lljZ2nS/ 34 | RGn9Yr5oC+fqC+exTvG0PKxeMUOfXj+x5eVeAaAvpXsCggEAbSTXbHhB+8uD9ss4 35 | t3eNkyX9Ohzg08j/Q0XYHl6zW95IUgopPbzOOoHdKJj7JqNhhPAK6CThzD4Tjphi 36 | lVzUrZIJf/I7Pclshi8G/Qj9mrR3P20tO3iLgHAimu8HChttV5st4Er36erms0sS 37 | ELGCSVrSRvFwYNV5j5wBU/CWiJDgxiFuCCRW2ER8MPZl/jMFJBoE5jTkDV66YB8W 38 | 7rdinT9WP/BJnbyr/tJQRLL3iFYew/nbqdNYmhyokMSjQW2fvq+EWaShkeGPJ4IF 39 | fYEi9qpB7XC2bdUguoEPvkoaEum4h1xkeJQZV5ReOD/2hl0/0bfEUUUPwD/CA0b6 40 | Jn97LQKCAQASAe3IMi28kW6ryZigDIA6Wm2b08EwZdZS2GTvVCzkvO/zieKdqfpN 41 | aXsb5vjl5A1uhbOH7tkNrorZw9cbxosEphSANovc06kXCrDJD6KAs45WspS+mBEK 42 | Cmx0r/0GisSjkfh5xhxhjolEYh5l3RQ3FXXsIM7epl5i9AUWprcLJQaU5SqSdCCa 43 | yOpPYukvcepD7l/pUs1BEVWvFgbdvPW7Aws++jCwAH8joFrXrsIFNBmkxtqTlwPz 44 | ExUf3KX9qsl21oxcfAQpKrJT6whYttwu5Uanc7VbXNdnaMLOdXTW/nAM9KOo6Swm 45 | Yk4jOx0NiEWEXcNQ+34Og4ediQjHI3efAoIBAQC7/DOu9f41JtpKaMt+pLX9+Jhr 46 | fOLwkwPq9ot0fQo+NB5Rpg2E3PPx8u7pOMatPyMMaAZhmkDr//qraZotw02AF0fX 47 | t46b4aJK9v6wO3iefbN8fP009HhVR4xpWfvzOsLiswpQiaZXddSy5gbEZgtk1gwF 48 | 2RsqpoTjZWVUkOEGufxayc27HMWi9QcKEYfR5c0JI/grDWVhHYo7pOrl7NKdiyNw 49 | GH7qsB482lOAzybBk51R0KQ30UhnIaYohEp8GcHif5LHawHnQXHF8LMNeOtpSWwa 50 | ctIZxHGFA7Y7hDY0bVaLP556anN5DVarGDY3J0PUnuj3YjZXH1wNVWjwUWn7 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /providers/vagrant/keys/master.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApqaKe7m3lpnB7LGgpheH 3 | n2BVfLyzPTiS2HpwjOveYlpqzOvFyllPZri/znKqcZqXaCdb1eant1eqwxoby5M1 4 | 7MDCTNoDAjGzmz3Wihs8fBOFq7qscUhIZAR3VppaCV/dk40/ZkNlzImcygDmLf6y 5 | 1D5PCXKEn6yxcfNlIMAWcssHnxx4wRVsCujkY7x5yW2FF1bFvVDMRSWBySpuWp1V 6 | U1p267kttxgU5jOSimp6lJWFf3YqCgE42OVR81cHi2XBbubX8ME9mLHhTCdTp4tj 7 | C+94DBTVEuH7DmmzpVbSsj5IUf1BhspSSd2aYxJC5CBDtUXMVLKv436F6+Lmye5a 8 | z0aGzc0AqF2SrhYiH1cwgR08dS7aV/1RDxlk2bd2Feg/GCcg9jwUBGjK2+H46dMx 9 | /ThcyjwDR8W42E3jAa31JfwriaYhiEFCcaDI8mufBgKqEPgbuaUw7IlgpCCBgDdb 10 | twV2UvMIJCql7BrY2Pw2sRf+tzoE+36bOijv5dqDlSgUOhpk7rPLsf9ZsVJcPL40 11 | yaq8DYG3rlWzdgZ6bpPNw/jfqwTsC5YMcCMaIc72F9nKAE2ZjtZ3ZZ/N2HklRFBz 12 | wVrGIL80BV+7QQ/tsQxWJmcYxFfIBwdWrIpvykQoyC5BvE4t4+qYNoJvrxBXhQU5 13 | VPPPTkRTfZnL9rg41Wrr/XECAwEAAQ== 14 | -----END PUBLIC KEY----- 15 | -------------------------------------------------------------------------------- /providers/vagrant/keys/node01.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJKAIBAAKCAgEAt/cBn0ojxd+kpM9db/lIhlpQqBPTQY+mFObVzE8PStSvz7xS 3 | uET798iNbAK8u3y4yCLl32wl2EWIAPfDQVKybca+IBu3QNhWy61t2Nupz2iMFCAy 4 | kxT3jL2hvsOQ61aToRP9VVkOIFUpNk5NFoPxIbK01Wb7vSLH3nqlF73LAubkJLJA 5 | kzXrl4lvjesJ3ObEKzDc1xSENCXWxFA+te02BSvm5tqucr5igqzyug8qGbbrfdPu 6 | 2S+k6Kor92LG0nNVpLIkHB+jSS4oFJ3TvOLOzO3QrFZoVtXfnAd4YY0rrqVs+3uS 7 | BpGuDJ1eZnQe9/Roz1+FvuSUmz1VwGWSztm9rBCHwR4gzMaqZiejTOikORmVpb8H 8 | oiq8Kf8lZymush9DLjihwRxjaRt310BxLK9LF/OoKuIKK1V2OtbdEZTTXfPoWs6s 9 | EGGFikS7jlKqhzjCNH6GpL3D+enDJ6Bl2vcjeVPl5a6dbkZHUC7rncRYLa0AyJv0 10 | 0PKMy6NHAk5FyN0sQ1Q8FD75L507kF/0F6pAFw8T2Sslvzs1DucpcnsRhy6z1QuM 11 | Nq4+ObaJtgKEE9kliHoAvoWm66ztq2qdyoUURn/jW+OgWxhZ1Vl5HI4woK0z7RDY 12 | LOKLzfBYuAMI/nKJZNBixQGdqUh5Mb3M0+2SOWeN3a3m64UzXGx59GOqE38CAwEA 13 | AQKCAgAptPxPKrXVhJCFNOYQHsoMe6lRkb0RXgnfLz5FZZ8n7fQ1+pIeaLVfRb6a 14 | QDydnPcfmJnY/2HNGGZvIbzIsID3VlmAWgg/0UxMPPNseNCUzzUC0xHkOpqs88kZ 15 | wKi4UhaCLFAA64HCXsxLHZFoi109sJBC2Wg1Rw9dJx0KtuKxs7sBftAZD95rqqL5 16 | 39GKnV7YE+ndcS9Py0xXkYHGKRNYNM3ShL2MEhGvYppdCFcZIVleW5AI+T4/6WSy 17 | X1iIGdHO1vxMy/du/eHkWqvIZPtRhpEKoURie3aIn0DxjNncbHC6yxceGiUFgyAF 18 | xknHGUgxy4w87QGr+EnapqyT7NWNK83Wpiw5Voo5PyInG7YygxmbWhFE0qeakzq2 19 | gSl2VrVrUFIop5G/kCE4UgrwvxWOvzZi8xJg6As1bRGs6iKRRYwpDr1rYLRR+RXo 20 | jGft58chSq7v7yqIF31o9Mhh9JGkesbyU937EsHbjNVm4zkoZRzS7ZGXcRTEHW1O 21 | kviWlRZ2qEjtgGkd4DadtDaOH1q5vWV/bwQ5zg9GNXtGL34R7BCD7CMOI5TjPid6 22 | /JgJV21SgneyFSyTrhlTz3rXYDXPwGzYJaXVZTJxuHjKhvD6Ubd+8DErh7zkUJy8 23 | hPdBC5b0oeM8MsshNAhbEfKGoIac6a3n6aY7tLywg9RmdK2lIQKCAQEA9LO8MjZ+ 24 | CPmX03WxjNVxHU/zKCYDoq5RYgjznO4KO1vDD0ZdgoyiKQ4KiTtgbaDzvF3hHV3L 25 | TfPBDJRt23IiEOj9/bRUtDY4AzjbC65EftUHXtzR6NYMHrwsm8ieNfx2N3ArwCC8 26 | AQJTDjlmSmXck6g2/BKXt2LoWNkgkKVClYTB5LtLfE9NqKjUX/4OWAB6BZnMwmWK 27 | 3Yz425VXDfe/p+ujuZAtQH2TZzE3ZNZCnhKhze8IJqaH2BQGJx+XR1yfcxC6qbVg 28 | duFBO1t96sE5h0k5kUKbXq2c9nIQ4IHiWEQLWUujmokIMyg35GoE8f/lIIF00NnK 29 | f3l5MJIuiA7QeQKCAQEAwHVir4/Bna9uZ44FQVH/0m+yLnVMLKj2PA0EoG32JRsJ 30 | 4v/qpxCDB30xUNfzb8QpTX8/7BJ6qMdEIcHv/IQVL8h+FrSjalNgOOXP8TUUPtGx 31 | jhFdJo5Z0soMYd+GV/0gMBPF8abtdZmmjazhWeX8ok07H9KzCLYVScjSDo1xDvNJ 32 | W2LGDKwMdJ3MHNVukKPfMn8rLDYTlwNdZd8Yy0Y1NXwAuJaVSgATUm9AsNr13tlA 33 | VuqFu9L99RZC78eMv7Z7SEoo/Qc3x1hGMFYDQ9GFogJCnUCG655NafIBSUOjRdy5 34 | +Mxi4BRjWJ+X+pPVplTulRXS+NuNhM5elxqhWLo1twKCAQEA61OWn2uMVbFC85dy 35 | ApCZ0ai7nVbBlEez+GXHcpnxuRgMRLpU32HD6VuZglRZ7dQl0ncuMQGsrPDILQLp 36 | i2r9m+mVqdEszIp/34lkDp2vPZI9HluaeyKuUTiCZebPT/fU8Ieta32PkCDeIwXM 37 | e6vuLwpMpqpywWgbLqbRDIoBuK0Nkp0UgR36/0Ity4sV3EfJEW3RXvosS9hw0yuR 38 | ptsls6WHtMMU4bpicZEBRrZPJpmghd1kp1bruT+4kxNsdrJ6nTvvZ5oIhQsnop/g 39 | Pk1It/QRqsK1jJ3GH7Oey2nddSkrCNsXIVy7SAdbiQz0aI7BmTsmTlvExEbb53wN 40 | x8cHcQKCAQAhDUfIbMDMis9EG4DNif6MLkCEeAJ//PhksbukrZ3DG5SkFl0/GbfW 41 | 9mocvymAfUi2lW7t5PKJv8b0oTDMxgY5cY4t6hHSdcUloFoIy5vRegOrKVI9B99n 42 | MunTeSbCP6dielLZQFixhJS06ga9gKDVYrwPqAi1K0gWptVkSGgtMBzeA+WNUZLG 43 | CD+AiCr3zhzLuEk6y4KrwZktoJXKeyEyMTySdtHmpoKq+o46kS/+eILzKk2TRxX0 44 | HEGcmkGSvw0HCi1l3vJ2WrObI3pmEDqJ6ydziBxjpIkY88XCxkno+pI5pygn4Xh6 45 | RNY941uiuB1NHzVfJZ11PFfETX9+FGSbAoIBABhmvh79QYQgIybsWcdxgFJdhowf 46 | o14+a6XbM4P+r0BSt3S3mHK8fw0ereTAc4wBbyT7CSTPDd1DsYkp6JyJkgBbiBVv 47 | MThhdfc28I1OELisp+IjD9jZwPY6UB/jQcWPU5ReCxHwZ+clFgXZLBPmlsNhzL/4 48 | hbCJPS3ulTa7fI5W5Oj9atG8O1WT7R2aa3IlkiGZA68qWkiAAfNpqOvhj+SNgrXm 49 | EGewYWBVvBJXVduOzKN1tgJ9iSOshOzCRdwadnnBTGTvb7rusovIdg3HfzDmn38+ 50 | k0FG+nPTVxVUIASESjOsByTNF1YJSrPtVOAhs/gRr//EmHrpNGR6MescPsQ= 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /providers/vagrant/keys/node01.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAt/cBn0ojxd+kpM9db/lI 3 | hlpQqBPTQY+mFObVzE8PStSvz7xSuET798iNbAK8u3y4yCLl32wl2EWIAPfDQVKy 4 | bca+IBu3QNhWy61t2Nupz2iMFCAykxT3jL2hvsOQ61aToRP9VVkOIFUpNk5NFoPx 5 | IbK01Wb7vSLH3nqlF73LAubkJLJAkzXrl4lvjesJ3ObEKzDc1xSENCXWxFA+te02 6 | BSvm5tqucr5igqzyug8qGbbrfdPu2S+k6Kor92LG0nNVpLIkHB+jSS4oFJ3TvOLO 7 | zO3QrFZoVtXfnAd4YY0rrqVs+3uSBpGuDJ1eZnQe9/Roz1+FvuSUmz1VwGWSztm9 8 | rBCHwR4gzMaqZiejTOikORmVpb8Hoiq8Kf8lZymush9DLjihwRxjaRt310BxLK9L 9 | F/OoKuIKK1V2OtbdEZTTXfPoWs6sEGGFikS7jlKqhzjCNH6GpL3D+enDJ6Bl2vcj 10 | eVPl5a6dbkZHUC7rncRYLa0AyJv00PKMy6NHAk5FyN0sQ1Q8FD75L507kF/0F6pA 11 | Fw8T2Sslvzs1DucpcnsRhy6z1QuMNq4+ObaJtgKEE9kliHoAvoWm66ztq2qdyoUU 12 | Rn/jW+OgWxhZ1Vl5HI4woK0z7RDYLOKLzfBYuAMI/nKJZNBixQGdqUh5Mb3M0+2S 13 | OWeN3a3m64UzXGx59GOqE38CAwEAAQ== 14 | -----END PUBLIC KEY----- 15 | -------------------------------------------------------------------------------- /providers/vagrant/keys/node02.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJKQIBAAKCAgEAv1UyeaN8m29lxwrsYpL4W9oWX/TzSdr7KKR5f2kF3ATCQl2t 3 | oPg8pZGCVJmpa/9f8mse7uHWfKAtnZ92ibo2ZwjZJrD9Mz0LDXx7pSGCcdmri02H 4 | oB/VPiCa82HCC+QjMlwygyN5De+FpMyF3Yqlc/BqIgPY5UPruOQ+EHxwIG4sVOo8 5 | 5UYml6XZomSEJhB7Xzutj53QsyXrVrU4ruqxtY3uzwH+jIYeyCl42UMZXj/FFx2L 6 | vrtqY2C67iARo8Vxv3aqIvdGNKMJNWrX5ZAamU4sesU69CijTonb7eAV988II7qC 7 | lRErzH7vUv3jKwmpIWyffydbIlNzVnIxRVjnJwky2pwSz8afbnQQqaipwyhMcVXi 8 | Ve1TjEdj7omikIaVe5q+4mtsaf4yRYnvcSXi0gSO02kHfrvzOCfW63V5QKodqTUs 9 | N2CcSwNAd5LXX5mBdn8ZuHEQOQ6DmJZ+DcQvzZoE+3/+/WFTs3pesmcFCsln16T0 10 | sbdDFRynGYbtzbbZe6Yl6aJKv7krmtq4mwoaTSK9I6SzK2/Iwk+Ppx1qS1quxITN 11 | +qFc34+9u73Riwb+pUE0x2pAlnuQscvJXkT5IGxm06m0Nvc6eaZxvofLzWaGBD4u 12 | oaOKT16orxhK2bcf7Ahx+i1XucDnLSbuv47in/y54tvh/2MCnJtdPbdYa9UCAwEA 13 | AQKCAgEAoym0cabJjIPi92qJS0aqJSpGCm6JSmJD7NTWB6E4Lfig8JeSicMndMox 14 | qpOft0mAOOrA5lYQ4xZ10AU8wRbbbeJNzIECa7+SvV1608dPxmcpsxHapuJ+pwyH 15 | FyY2pI1YtomJSevmP8wS3AbN4a9qiQRsfbVqMZlKW9HIW6bCt+U8SO24II1CO/Bj 16 | N+kgCJXln8D0sZSTdTLRDpBcVk4uXfU7wayhtpRpi6hSNnTSHV2kZaH8mhqZD0Ze 17 | ItOWN2MZLX20eT0F0b13DOagVlQdWr8fj1LCg5RkL4XA14pRMZKMDmvvD9Ak2a8l 18 | yFBaeUkzwh0vpu+Y+BzSLtYSzmCSPW3n02HjJ7hs3J5ytdRdK82fLYcj0oT15S+J 19 | x6Agi0byH3nH0JM0WKa1HVN8QRDP7aNWtUOUJGm6ebQAsD8UM0aUHngn2gL2Iogq 20 | HVEVpkAy59KrREV02eHfaVqtPHj3YRbm3ZVNJitAXtVLBJZh2pCzkRypGQvOGUiv 21 | UaGEvKE6cU0SU9PU/Ne8/t3uxDr6S5kxsSn3ubpyu+SyfKPztdBUTrEORXe0CZQs 22 | p7TnZpM+KM/9IuYwxgV+M6isKNSKmBN7c77CqVzLLygXKbebOOGEWOqIf9QH0u7+ 23 | VON33idwWnHfklSZSpbutxF5K5SdFzIoc4dz6hKYPqOburxYu8ECggEBAOfzGucR 24 | +8mk6aEGKTgFaUZ2Zm309gFeWBWq4783uKmcfUloTH74qw22y8UlpCU2QzJ4cSrr 25 | Msf76gM+oj0+0pFz9kd+s61xOw9Iews9zR/+NAzEZfU6j9BfpUCxxr2CeVcbao52 26 | bYFJL8Y0D76zbDqal9wGA89coMua+oLXODYn2OVfDCs3cCvLp2At1fAA58ywD9se 27 | psnJBaMZCFn+tSSxoNwiC2aGVRJr8/mMcpg+cq9nw8EiM5c+YY+S68ZotlVfWzg9 28 | IQGuqhhZjULErTIpz8/FZW5CYp8+H6wt+Pkw94m/7THNXQ/18hJe3Xoekjc0JTRO 29 | V4AUy8lKDYfl1KcCggEBANMr9G5SgHVfRMp4H4TbK7vSZn0jawV/TtjBEjiIsWza 30 | CS7unSD6ZcTP4vkSs/N6NxQHLGard7dvHiU09ZjzLpQMZY1F8lFAuxd0xfN35hI0 31 | utXrYx37e0JsBBJ88g4ii9KYtRe9ynfd6IYrP+4iV+UlMCxW3un+LUSfPTUW9XwL 32 | VJeST/0CFasollndpn7hAZK/RQ7MRkToG9e2J+6DSa2fxeWpjzF8m+URmQA5iVKo 33 | w1MccmK+d8ArpeEKnP/B+TuoYYe3QAegt4BJggpM5SXvUnwu2W4Lk2BtZpeD15V8 34 | B1HxbUQLNWgyUipmtTz2RriNQ3tGnyKbXAQoTZxW/yMCggEAAL5Ercze86x1mzB7 35 | 3VQXHESw21VXnHWC7r7Xb/trug9oT13oMNf3JFobmQwf1Iax/G1qX2rVhNKH027V 36 | 8kBLSHAIr/318W5VdB0VV9ng2GNmI0xVz01avJ4x1106d8z9Oow58S7r9ugXIRl1 37 | m3TTufRY3DmgtX9kfIKInva1lWbXSRTe4xyQXXOPm71J3DUEiSFfS6Jzgl4EiJtB 38 | 7ZflWLLBAzOQuclgaGi0JW6Px3EbyPgaJnpHlAp9IYqk+sPHIcrmbe20N18p6F4R 39 | F8+thmWf5tiJFKtdyYjXbSPQkmvXvzdAOVKhI7X0Cp8HMqb6bPbbz6kYmq52YLS+ 40 | CltwLQKCAQANOHhCG+os7vz4jBK1F5+iT6bY+Mmve2vtSBEi9vPcs73VcVzm/qY2 41 | bylvnIslmCYwm85c0ylYk51YiPtDSx5EaI5HDPUBv0K3Ujk+Z+hAhYqY7/axntf1 42 | rZuHqMjit6j3U1YrGVe+r2bqV3TWLNJB51UfwYSNM7uTy0BivYA69t6h6qgVV/cR 43 | UyYulCDjWqTlkhH5vjI8CCgOFjpjxVZsh081dKshVwLPkY15pSCCy0wHPQWwRupq 44 | XpExCKARpww6fu00OPXKRHaYkoGQsYW7HUOVwL0eFZ1xcQf2PmvV0QEIUUwc8XKz 45 | hkr8mpeILIb68OUjp6U43m8hV4CcZBnvAoIBAQC4bA4PAnLlmNQOlsKZ+53+r0eQ 46 | 5zdxdJh3M8DFFk2Jtf9BDFz5DH7ufT8PFowuXPZlASAwnZQFA01pywo8EdAcehof 47 | W+EDD9mdu2ONCQYBvrda0Jn/NzuVliIVhULs4tyhfyyQ7gqz0a6SBCuNoRs1moG0 48 | d9aUkw9JA2d3sKbjFzCdlBlEPX5f9mGZTaumVyF6H30Xfh/cvaFlAty6X72w9x+1 49 | IA8zaDWmx+mUMvPsK0UUu/LaKOzTpGR+RKgBKkBr3lFHykruR5mTd/ms69OuCVHZ 50 | 7bwbviu7p8zWVeDTKfXpCdBiHKDPO04AOAwMb6zXh9htXxBDxElF0N+Jcnee 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /providers/vagrant/keys/node02.pub: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv1UyeaN8m29lxwrsYpL4 3 | W9oWX/TzSdr7KKR5f2kF3ATCQl2toPg8pZGCVJmpa/9f8mse7uHWfKAtnZ92ibo2 4 | ZwjZJrD9Mz0LDXx7pSGCcdmri02HoB/VPiCa82HCC+QjMlwygyN5De+FpMyF3Yql 5 | c/BqIgPY5UPruOQ+EHxwIG4sVOo85UYml6XZomSEJhB7Xzutj53QsyXrVrU4ruqx 6 | tY3uzwH+jIYeyCl42UMZXj/FFx2LvrtqY2C67iARo8Vxv3aqIvdGNKMJNWrX5ZAa 7 | mU4sesU69CijTonb7eAV988II7qClRErzH7vUv3jKwmpIWyffydbIlNzVnIxRVjn 8 | Jwky2pwSz8afbnQQqaipwyhMcVXiVe1TjEdj7omikIaVe5q+4mtsaf4yRYnvcSXi 9 | 0gSO02kHfrvzOCfW63V5QKodqTUsN2CcSwNAd5LXX5mBdn8ZuHEQOQ6DmJZ+DcQv 10 | zZoE+3/+/WFTs3pesmcFCsln16T0sbdDFRynGYbtzbbZe6Yl6aJKv7krmtq4mwoa 11 | TSK9I6SzK2/Iwk+Ppx1qS1quxITN+qFc34+9u73Riwb+pUE0x2pAlnuQscvJXkT5 12 | IGxm06m0Nvc6eaZxvofLzWaGBD4uoaOKT16orxhK2bcf7Ahx+i1XucDnLSbuv47i 13 | n/y54tvh/2MCnJtdPbdYa9UCAwEAAQ== 14 | -----END PUBLIC KEY----- 15 | -------------------------------------------------------------------------------- /salt/common/jq/init.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | 3 | jq: 4 | pkg.installed 5 | -------------------------------------------------------------------------------- /salt/common/python-setuptools/init.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | 3 | python-setuptools: 4 | pkg.installed 5 | -------------------------------------------------------------------------------- /salt/deploy/rancher.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | {% set test = salt['pillar.get']('test', 'False') %} 3 | 4 | docker_setup: 5 | salt.state: 6 | - tgt: '*' 7 | - sls: docker 8 | - test: {{ test }} 9 | 10 | docker_registry_setup: 11 | salt.state: 12 | - tgt: 'roles:docker-registry' 13 | - tgt_type: grain 14 | - sls: docker.registry 15 | - test: {{ test }} 16 | - require: 17 | - salt: docker_setup 18 | 19 | mysql_server_setup: 20 | salt.state: 21 | - tgt: 'roles:mysql-server' 22 | - tgt_type: grain 23 | - sls: docker.mysql 24 | - test: {{ test }} 25 | - require: 26 | - salt: docker_setup 27 | 28 | rancher_server_setup: 29 | salt.state: 30 | - tgt: 'roles:rancher-server' 31 | - tgt_type: grain 32 | - sls: docker.rancher.server 33 | - test: {{ test }} 34 | - require: 35 | - salt: docker_setup 36 | 37 | rancher_server_add_envs: 38 | salt.state: 39 | - tgt: 'roles:rancher-server' 40 | - tgt_type: grain 41 | - sls: docker.rancher.server.environments 42 | - test: {{ test }} 43 | - require: 44 | - salt: rancher_server_setup 45 | 46 | rancher_agent_setup: 47 | salt.state: 48 | - tgt: 'roles:rancher-agent' 49 | - tgt_type: grain 50 | - sls: docker.rancher.agent 51 | - test: {{ test }} 52 | - require: 53 | - salt: rancher_server_setup 54 | -------------------------------------------------------------------------------- /salt/docker/etc/docker: -------------------------------------------------------------------------------- 1 | # TODO Set only if registry role is available 2 | {% set registry_iface = salt['pillar.get']('docker:registry:iface', 'eth0') %} 3 | {% if grains['provider'] == 'VAGRANT' %} 4 | {% set registry_iface = 'eth1' %} 5 | {% endif %} 6 | {% set registry_net = salt['mine.get']('roles:docker-registry','network.interfaces','grain').itervalues().next() %} 7 | {% set registry_ip = registry_net[registry_iface]['inet'][0]['address'] %} 8 | {% set registry_port = salt['pillar.get']('docker:registry:port', 5000) %} 9 | 10 | # TODO add insecure registry only if enabled on rancher 11 | DOCKER_OPTS="$DOCKER_OPTS --insecure-registry={{ registry_ip }}:{{ registry_port }} -s aufs" 12 | -------------------------------------------------------------------------------- /salt/docker/global_vars.jinja: -------------------------------------------------------------------------------- 1 | {% set rancher_db_name = salt['pillar.get']('rancher:server:db:name') %} 2 | {% set rancher_db_user = salt['pillar.get']('rancher:server:db:user') %} 3 | {% set rancher_db_password = salt['pillar.get']('rancher:server:db:password') %} 4 | {% set hostname = salt['config.get']('host') %} 5 | -------------------------------------------------------------------------------- /salt/docker/init.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | {% set kernelrelease = salt['grains.get']('kernelrelease') %} 3 | {% set docker_version = salt['pillar.get']('docker:version') %} 4 | {% set dockerpy_version = salt['pillar.get']('docker:dockerpy_version') %} 5 | {% set pip_version = '8.1.2' %} 6 | 7 | include: 8 | - common.python-setuptools 9 | 10 | install_pip: 11 | cmd.run: 12 | - name: easy_install pip=={{ pip_version }} 13 | - unless: pip --version | grep -w {{ pip_version }} 14 | - reload_modules: True 15 | - require: 16 | - pkg: python-setuptools 17 | 18 | dockerpy_module: 19 | pip.installed: 20 | - name: docker-py=={{ dockerpy_version }} 21 | - require: 22 | - cmd: install_pip 23 | 24 | # https://github.com/saltstack/salt/issues/35455 25 | salt-minion: 26 | service.running: 27 | - watch: 28 | - pip: dockerpy_module 29 | 30 | docker_repo: 31 | pkgrepo.managed: 32 | - name: deb https://apt.dockerproject.org/repo ubuntu-trusty main 33 | - file: /etc/apt/sources.list.d/docker.list 34 | - keyserver: hkp://p80.pool.sks-keyservers.net:80 35 | - keyid: 58118E89F3A912897C070ADBF76221572C52609D 36 | - require_in: 37 | - pkg: docker-engine 38 | 39 | linux-kernel-deps: 40 | pkg.installed: 41 | - pkgs: 42 | - linux-image-extra-{{ kernelrelease }} 43 | - aufs-tools 44 | cmd.run: 45 | - name: modprobe aufs 46 | - unless: modinfo aufs 47 | - require_in: 48 | - pkg: docker-engine 49 | 50 | lxc-docker: 51 | pkg.purged: 52 | - name: lxc-docker-* 53 | - require_in: 54 | - pkg: docker-engine 55 | 56 | docker-engine: 57 | pkg.installed: 58 | - version: {{ docker_version }} 59 | - refresh: True 60 | service.running: 61 | - name: docker 62 | - enable: True 63 | - require: 64 | - pkg: docker-engine 65 | - watch: 66 | - file: /etc/default/docker 67 | - pkg: linux-kernel-deps 68 | - pkg: docker-engine 69 | 70 | /etc/default/docker: 71 | file.managed: 72 | - template: jinja 73 | - source: salt://docker/etc/docker 74 | - require: 75 | - pkg: docker-engine 76 | -------------------------------------------------------------------------------- /salt/docker/mysql/init.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | {% import 'docker/global_vars.jinja' as conf with context %} 3 | {% set tag = salt['pillar.get']('mysql:version', '5.7.14') %} 4 | {% set data_path = salt['pillar.get']('mysql:data_path', '/var/lib/mysql') %} 5 | {% set port = salt['pillar.get']('mysql:port', 3306) %} 6 | 7 | mysql_image: 8 | dockerng.image_present: 9 | - name: mysql:{{ tag }} 10 | 11 | mysql_container: 12 | dockerng.running: 13 | - name: mysql-server 14 | - image: mysql:{{ tag }} 15 | - environment: 16 | - MYSQL_RANDOM_ROOT_PASSWORD: 'yes' 17 | - MYSQL_DATABASE: {{ conf.rancher_db_name }} 18 | - MYSQL_USER: {{ conf.rancher_db_user }} 19 | - MYSQL_PASSWORD: {{ conf.rancher_db_password }} 20 | - port_bindings: 21 | - {{ port }}:3306 22 | - binds: 23 | - {{ data_path }}:/var/lib/mysql 24 | - restart_policy: always 25 | - command: "--character-set-server=utf8 --collation-server=utf8_general_ci" 26 | - require: 27 | - dockerng: mysql_image 28 | -------------------------------------------------------------------------------- /salt/docker/rancher/agent/init.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | {% import 'docker/global_vars.jinja' as conf with context %} 3 | {% set rancher_iface = salt['pillar.get']('rancher:server:iface', 'eth0') %} 4 | {% if grains['provider'] == 'VAGRANT' %} 5 | {% set rancher_iface = 'eth1' %} 6 | {% endif %} 7 | {% set rancher_net = salt['mine.get']('roles:rancher-server','network.interfaces','grain').itervalues().next() %} 8 | {% set rancher_port = salt['pillar.get']('rancher:server:port', 8080) %} 9 | {% set rancher_environment = salt['grains.get']('agentEnvironment', 'Default') %} 10 | 11 | agent_registration_module: 12 | pip.installed: 13 | - name: rancher-agent-registration 14 | 15 | rancher_server_api_wait: 16 | cmd.run: 17 | - name: | 18 | wget --retry-connrefused --tries=30 -q --spider \ 19 | http://{{ rancher_net[rancher_iface]['inet'][0]['address'] }}:{{ rancher_port }}/v1 20 | - unless: curl -s --connect-timeout 1 http://{{ rancher_net[rancher_iface]['inet'][0]['address'] }}:{{ rancher_port }}/v1 21 | 22 | rancher_agent_container: 23 | cmd.run: 24 | - name: | 25 | rancher-agent-registration --url http://{{ rancher_net[rancher_iface]['inet'][0]['address'] }}:{{ rancher_port }} \ 26 | --key KEY --secret SECRET --environment {{ rancher_environment }} 27 | - unless: docker inspect rancher-agent 28 | - require: 29 | - cmd: rancher_server_api_wait 30 | - pip: agent_registration_module 31 | -------------------------------------------------------------------------------- /salt/docker/rancher/server/environments.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | {% import 'docker/global_vars.jinja' as conf with context %} 3 | {% set rancher_iface = salt['pillar.get']('rancher:server:iface', 'eth0') %} 4 | {% if grains['provider'] == 'VAGRANT' %} 5 | {% set rancher_iface = 'eth1' %} 6 | {% endif %} 7 | {% set rancher_ip = salt['network.ip_addrs'](rancher_iface)[0] %} 8 | {% set rancher_port = salt['pillar.get']('rancher:server:port', 8080) %} 9 | {% set rancher_environments = salt['pillar.get']('rancher:server:environments') %} 10 | 11 | {% if rancher_environments %} 12 | {% for env in rancher_environments %} 13 | {% set rancher_env_name = salt['pillar.get']('rancher:server:environments:' + env + ':name') %} 14 | {% set rancher_env_id = salt['cmd.run']('curl -s "http://' + rancher_ip + ':' + rancher_port|string + '/v2-beta/projectTemplates?name=' + rancher_env_name + '" | jq ".data[0].id"') %} 15 | add_{{ env }}_environment: 16 | cmd.run: 17 | - name: | 18 | curl -s \ 19 | -X POST \ 20 | -H 'Accept: application/json' \ 21 | -H 'Content-Type: application/json' \ 22 | -d '{"name":"{{ rancher_env_name }}", "projectTemplateId":{{ rancher_env_id }}, "allowSystemRole":false, "members":[], "virtualMachine":false, "servicesPortRange":null}' \ 23 | 'http://{{ rancher_ip }}:{{ rancher_port }}/v2-beta/projects' 24 | - unless: | 25 | curl -s 'http://{{ rancher_ip }}:{{ rancher_port }}/v1/projects' \ 26 | | jq .data[].name \ 27 | | grep -w '{{ rancher_env_name }}' 28 | {% endfor %} 29 | {% endif %} 30 | -------------------------------------------------------------------------------- /salt/docker/rancher/server/init.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | {% import 'docker/global_vars.jinja' as conf with context %} 3 | {% set tag = salt['pillar.get']('rancher:server:version', 'stable') %} 4 | {% set rancher_port = salt['pillar.get']('rancher:server:port', 8080) %} 5 | {% set mysql_iface = salt['pillar.get']('mysql:iface', 'eth0') %} 6 | {% set rancher_iface = salt['pillar.get']('rancher:server:iface', 'eth0') %} 7 | {% if grains['provider'] == 'VAGRANT' %} 8 | {% set mysql_iface = 'eth1' %} 9 | {% set rancher_iface = 'eth1' %} 10 | {% endif %} 11 | {% set rancher_ip = salt['network.ip_addrs'](rancher_iface)[0] %} 12 | {% set mysql_net = salt['mine.get']('roles:mysql-server','network.interfaces','grain').itervalues().next() %} 13 | {% set mysql_port = salt['pillar.get']('mysql:port', 3306) %} 14 | 15 | include: 16 | - common.jq 17 | 18 | rancher_image: 19 | dockerng.image_present: 20 | - name: rancher/server:{{ tag }} 21 | 22 | rancher_container: 23 | dockerng.running: 24 | - name: rancher-server 25 | - image: rancher/server:{{ tag }} 26 | - environment: 27 | - CATTLE_DB_CATTLE_MYSQL_HOST: {{ mysql_net[mysql_iface]['inet'][0]['address'] }} 28 | - CATTLE_DB_CATTLE_MYSQL_PORT: '{{ mysql_port }}' 29 | - CATTLE_DB_CATTLE_MYSQL_NAME: {{ conf.rancher_db_name }} 30 | - CATTLE_DB_CATTLE_USERNAME: {{ conf.rancher_db_user }} 31 | - CATTLE_DB_CATTLE_PASSWORD: {{ conf.rancher_db_password }} 32 | - port_bindings: 33 | - {{ rancher_port }}:8080 34 | - restart_policy: always 35 | - require: 36 | - dockerng: rancher_image 37 | 38 | rancher_server_api_wait: 39 | cmd.run: 40 | - name: | 41 | wget --retry-connrefused --tries=30 -q --spider \ 42 | http://{{ rancher_ip }}:{{ rancher_port }}/v2-beta && sleep 10 43 | - unless: curl -s --connect-timeout 1 http://{{ rancher_ip }}:{{ rancher_port }}/v2-beta 44 | - require: 45 | - dockerng: rancher_container 46 | -------------------------------------------------------------------------------- /salt/docker/registry/init.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | {% set data_path = salt['pillar.get']('docker:registry:data_path') %} 3 | {% if not data_path %} 4 | {% set data_path = '/var/lib/docker-registry' %} 5 | {% endif %} 6 | {% set tag = salt['pillar.get']('docker:registry:tag') %} 7 | {% set registry_port = salt['pillar.get']('docker:registry:port', 5000) %} 8 | 9 | registry_image: 10 | dockerng.image_present: 11 | - name: registry:{{ tag }} 12 | 13 | registry_stop_remove: 14 | cmd.run: 15 | - name: | 16 | docker stop -t 30 registry || true 17 | docker rm -f registry || true 18 | - unless: | 19 | docker inspect --format {% raw %}"{{ .Image }}"{% endraw %} registry \ 20 | | grep -w $(docker inspect --format {% raw %}"{{ .Id }}"{% endraw %} \ 21 | registry:{{ tag }}) 22 | - require: 23 | - dockerng: registry_image 24 | 25 | registry_container: 26 | dockerng.running: 27 | - name: registry 28 | - image: registry:{{ tag }} 29 | - port_bindings: 30 | - {{ registry_port }}:5000 31 | - binds: 32 | - {{ data_path }}:/var/lib/registry 33 | - restart_policy: always 34 | - require: 35 | - dockerng: registry_image 36 | -------------------------------------------------------------------------------- /salt/salt/clean_mine_cache.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | 3 | clean_mine_cache: 4 | cmd.run: 5 | - name: | 6 | rm /var/cache/salt/master/minions/*/mine.p && \ 7 | salt '*' mine.update && \ 8 | sleep 2 9 | -------------------------------------------------------------------------------- /salt/salt/etc/salt/grains: -------------------------------------------------------------------------------- 1 | {% set host = salt['config.get']('host') %} 2 | {% set roles = salt['pillar.get']('nodes:' + host + ':roles') %} 3 | {% set aenv = salt['pillar.get']('nodes:' + host + ':agentEnvironment') %} 4 | agentEnvironment: {{ aenv }} 5 | {% if roles %} 6 | roles: 7 | {% for role in roles %} 8 | - {{ role }} 9 | {% endfor %} 10 | {% endif %} 11 | -------------------------------------------------------------------------------- /salt/salt/grains.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | {% set psls = sls.split('.')[0] %} 3 | 4 | include: 5 | - .minion 6 | 7 | /etc/salt/grains: 8 | file.managed: 9 | - template: jinja 10 | - source: salt://{{ psls }}/etc/salt/grains 11 | -------------------------------------------------------------------------------- /salt/salt/minion.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | 3 | salt-minion: 4 | service.running: 5 | - watch: 6 | - file: /etc/salt/grains 7 | 8 | sleep 5: 9 | cmd.wait: 10 | - watch: 11 | - service: salt-minion 12 | -------------------------------------------------------------------------------- /salt/salt/salt/grains: -------------------------------------------------------------------------------- 1 | {% set host = salt['config.get']('host') %} 2 | {% set roles = salt['pillar.get']('nodes:' + host + ':roles') %} 3 | {% if roles %} 4 | roles: 5 | {% for role in roles %} 6 | - {{ role }} 7 | {% endfor %} 8 | {% endif %} 9 | -------------------------------------------------------------------------------- /salt/top.sls: -------------------------------------------------------------------------------- 1 | # vi: set ft=yaml.jinja : 2 | 3 | base: 4 | 'provider:VAGRANT': 5 | - match: grain 6 | - salt.grains 7 | --------------------------------------------------------------------------------