Commit 0af82f4c authored by remy's avatar remy
Browse files

set roles formula

parent 858b244d
# set_grains
# Set Grains
A SaltStack formula to setup roles and pool grains based on the subnet(s) and hostname.
\ No newline at end of file
This SaltStack formula defines additional grains to apply on the host based on its subnets and its Salt ID (`minion id` or `hostname` otherwise).
Caution:
> Version 3001 has a bug with an impossible deletion when the grain value is a list : https://github.com/saltstack/salt/issues/57718
> The value must then be re-assigned to this grain by forcing it `salt '$minion' grains.set pool foo force=True`), then delete it again with `salt '$minion' grains.delkey pool`.
Usage:
```bash
salt '*' state.sls set_grains
```
```bash
# to delete a grain value in a list
salt 'target' grains.remove roles <value>
# to delete a whole key, use:
salt 'target' grains.delval key
```
Edit `poolroles.sls` and `pillar.roles.example` to fit your needs.
## Parent
`Parent` is used and may be uncomment to specify a `parent` grain. It allows us to create a diagram with machine hardware dependencies.
For example, you can imagine have a _proxmox_ server with some virtual machines or containers.
- The _proxmox_ server will be have a pillar value of machine type: `machine_type: host`,
- A virtual machine will have a pillar value of machine type: `machine_type: vm`,
- A container will have a pillar value of machine type: `machine_type: container`.
Those 3 type of machines will also have an IP address.
VM and containers will also have a `url_mgmt` pillar value.
This value is used to check if a IP address is already present in host machines.
See `hosts212.example` for more informations on how to do this.
machines212:
px208:
ip: 192.168.212.208
user: isi
ldap_client: false
machine_type: host
url_link: https://192.168.212.208:8006
SaltHostname: proxmox.domain.tld
isidnsnames:
- px208
ns1:
ip: 192.168.212.87
user: isi
ldap_client: false
machine_type: container
url_mgmt: https://192.168.212.208:8006
SaltHostname: ns1.domain.tld
isidnsnames:
- ns1
isemdnsnames:
- ns1.isi
services:
- ssh
- cron
- knot
RsyncShareName:
- /root
- /etc
- /var/spool/cron
- /var/lib/knot
- /var/backups
BackupFilesExclude:
- /etc/ssh
- /root/.ssh
nas-isi:
ip: 192.168.212.85
user: isi
ldap_client: false
machine_type: host
url_mgmt: https://192.168.212.228
SaltHostname: nas-isi.domain.tld
services:
- ssh
- nfs
- rpcbind
- cron
RsyncShareName:
- /root
- /etc
- /var/spool/cron
BackupFilesExclude:
- /etc/ssh
- /root/.ssh
include:
- .poolroles
# - .parent
{% set fulldict = {} %}
{% set hosts212 = salt['pillar.get']('machines212', {}) %}
# mixing pillar machines dicts from many subnets
#{#% set hosts197 = salt['pillar.get']('machines197', {}) %#}
{% do fulldict.update(hosts212) %}
#{#% do fulldict.update(hosts197) %#}
{% for host, hostinfo in fulldict.items() %}
{% if 'SaltHostname' in hostinfo %}
{% if hostinfo['SaltHostname'] == grains['id'] %}
{% if 'machine_type' in hostinfo %}
{% if hostinfo['machine_type'] == 'vm' or hostinfo['machine_type'] == 'container' %}
{% if 'url_mgmt' in hostinfo %}
assign pxmaster parent for {{ host }}:
grains.present:
- name: parent
{% if '210' in hostinfo['url_mgmt'] %}
- value: "px210"
{% elif '211' in hostinfo['url_mgmt'] %}
- value: "px211"
{% elif '212' in hostinfo['url_mgmt'] %}
- value: "px212"
{% else %}
- value : "Unknown. Please edit hosts212.sls pillar file to add a known url_mgmt key."
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
roles:
backup:
minimal_salt_hostname:
- backup
exact_salt_hostname:
- dr1
- dr2
big:
minimal_salt_hostname:
- big
except:
- biocomgr
bioco:
minimal_salt_hostname:
- bioco
borgserver:
exact_salt_hostname:
- dr1
cluster:
minimal_salt_hostname:
- cluster
dhcp:
minimal_salt_hostname:
- cluster
- dhcp
dns:
exact_salt_hostname:
- mbb.domain.tld
minimal_salt_hostname:
- cluster
- ns1
- ns2
ftp:
exact_salt_hostname:
- ftpisem
gitlab:
minimal_salt_hostname:
- gitlab
gpu:
minimal_salt_hostname:
- gpu
storage:
minimal_salt_hostname:
- nas
ldap:
minimal_salt_hostname:
- ldap
master_mbbzone:
exact_salt_hostname:
- mbb.domain.tld
proxmox:
minimal_salt_hostname:
- pxmaster
proxmoxha:
minimal_salt_hostname:
- proxmox
saltmaster:
minimal_salt_hostname:
- salt
tftp:
minimal_salt_hostname:
- fai
- tftp
web:
minimal_salt_hostname:
- http
- intranet
- rstudio
- www
- web
exact_salt_hostname:
- idcov2
- galene.domain.tld
- isi.domain.tld
- mbb.domain.tld
- Otobo.domain.tld
{% set dnsdomainname = "domain.tld" %}
{% set salt_hostname = grains['id'] %}
{% set salt_versioninfo = grains['saltversioninfo'] %}
{% set force = False %}
{% if salt_versioninfo[0] > 2015 %}
{% set force = True %}
{% elif salt_versioninfo[0] == 2015 and salt_versioninfo[1] > 8 %}
{% set force = True %}
{% elif salt_versioninfo[0] == 2015 and salt_versioninfo[1] == 8 and salt_versioninfo[2] > 2 %}
{% set force = True %}
{% endif %}
#{{ salt_hostname|pprint }}
###############################################
# initialize the pool grain from the hostname #
###############################################
# remove it before appending it again
removing init pool grains:
grains.absent:
- name: pool
- destructive: True
- force: True
set pool:
grains.list_present:
- name: pool
- value:
{%- if salt["network.in_subnet"]('10.1.252.0/24') or 'compute' in salt_hostname or 'mbbnode' in salt_hostname or '_mbb' in salt_hostname or '_clmbb' in salt_hostname %}
- mbb_cluster
{% endif -%}
{%- if 'mbb.domain.tld' in salt_hostname %}
- mbb_isem
{% endif -%}
{%- if salt["network.in_subnet"]('192.168.212.0/24') or '212' in salt_hostname %}
- isem
- isem212
{% endif -%}
{%- if salt["network.in_subnet"]('10.255.62.0/24') %}
- storagepool
{% endif -%}
{%- if salt["network.in_subnet"]('192.168.64.0/22') %}
- isem
- isem64
{% endif -%}
###############################################
# initialize the role grain from the hostname #
###############################################
{% set allroles = salt['pillar.get']('roles', {}) %}
# remove it before appending it again
deleting all the following role:
grains.list_absent:
- name: roles
- value:
{% for roles, rolesinfos in allroles.items() %}
- {{ roles }}
{% endfor %}
# initialize the 'roles' grain
# force is avalaible since salt 2015.8.2
init master role grain:
grains.present:
- name: roles
- value:
- salt_master
{% if force == True %}
- force: True
{% endif %}
- onlyif:
- ls /etc/salt/master
init minion role grain:
grains.present:
- name: roles
- value:
- salt_minion
{% if force == True %}
- force: True
{% endif %}
- unless:
- ls /etc/salt/master
{% for roles, rolesinfos in allroles.items() %}
{% set parentloop = loop %}
{% if 'exact_salt_hostname' in rolesinfos %}
{% for exact_salt_hostname in rolesinfos['exact_salt_hostname'] %}
{% set fullname = exact_salt_hostname ~ "." ~ dnsdomainname %}
{% if exact_salt_hostname == salt_hostname or fullname == salt_hostname %}
set exact_roles {{ parentloop.index }}_{{ loop.index }}:
grains.append:
- name: roles
- value:
- {{ roles }}
{% endif %}
{% endfor %}
{% endif %}
{% if 'minimal_salt_hostname' in rolesinfos %}
{% for minimal_salt_hostname in rolesinfos['minimal_salt_hostname'] %}
{% if minimal_salt_hostname in salt_hostname %}
{% if not 'except' in rolesinfos or salt_hostname not in rolesinfos['except'] %}
set minimal_roles {{ parentloop.index }}_{{ loop.index }}:
grains.append:
- name: roles
- value:
- {{ roles }}
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
{% endfor %}
# adding a role based on a running service
{%- if salt["service.available"]('prometheus-node-exporter') or salt["ps.pgrep"]('node_exporter') %}
adding node_exporter prometheus roles if service found:
grains.append:
- name: roles
- value:
- 'node_exporter'
{% endif %}
delete init role:
grains.list_absent:
- name: roles
- value:
- salt_minion
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment