Run master as salt user

f38
Gwyn Ciesla 1 year ago
parent ad471783b0
commit c26bd71772

@ -11,7 +11,7 @@
Name: salt Name: salt
Version: 3006.1 Version: 3006.1
Release: 1%{?dist} Release: 2%{?dist}
Summary: A parallel remote execution system Summary: A parallel remote execution system
Group: System Environment/Daemons Group: System Environment/Daemons
License: ASL 2.0 License: ASL 2.0
@ -38,6 +38,7 @@ Source18: %{name}-master.fish
Source19: %{name}-minion.fish Source19: %{name}-minion.fish
Source20: %{name}-run.fish Source20: %{name}-run.fish
Source21: %{name}-syndic.fish Source21: %{name}-syndic.fish
Source22: %{name}.sysusers
Patch0: contextvars.patch Patch0: contextvars.patch
BuildArch: noarch BuildArch: noarch
@ -53,7 +54,7 @@ Requires: logrotate
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
BuildRequires: python3-devel BuildRequires: python3-devel
%{?sysusers_requires_compat}
%description %description
Salt is a distributed remote execution system used to execute commands and Salt is a distributed remote execution system used to execute commands and
@ -167,6 +168,8 @@ install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/proxy.d
# Add the config files # Add the config files
install -p -m 0640 conf/minion %{buildroot}%{_sysconfdir}/%{name}/minion install -p -m 0640 conf/minion %{buildroot}%{_sysconfdir}/%{name}/minion
install -p -m 0640 conf/master %{buildroot}%{_sysconfdir}/%{name}/master install -p -m 0640 conf/master %{buildroot}%{_sysconfdir}/%{name}/master
# Use salt user on nre master installations
sed -i 's/#user: root/user: salt/g' %{buildroot}%{_sysconfdir}/%{name}/master
install -p -m 0600 conf/cloud %{buildroot}%{_sysconfdir}/%{name}/cloud install -p -m 0600 conf/cloud %{buildroot}%{_sysconfdir}/%{name}/cloud
install -p -m 0640 conf/roster %{buildroot}%{_sysconfdir}/%{name}/roster install -p -m 0640 conf/roster %{buildroot}%{_sysconfdir}/%{name}/roster
install -p -m 0640 conf/proxy %{buildroot}%{_sysconfdir}/%{name}/proxy install -p -m 0640 conf/proxy %{buildroot}%{_sysconfdir}/%{name}/proxy
@ -204,6 +207,9 @@ install -p -m 0644 %{SOURCE21} %{buildroot}%{fish_dir}/%{name}-syndic.fish
mkdir -p %{buildroot}%{zsh_dir} mkdir -p %{buildroot}%{zsh_dir}
install -p -m 0644 pkg/common/%{name}.zsh %{buildroot}%{zsh_dir}/_%{name} install -p -m 0644 pkg/common/%{name}.zsh %{buildroot}%{zsh_dir}/_%{name}
# Salt user and group
install -p -D -m 0644 %{SOURCE22} %{buildroot}%{_sysusersdir}/salt.conf
mkdir -p %{buildroot}%{_sysconfdir}/%{name}/gpgkeys
%check %check
%pyproject_check_import -t %pyproject_check_import -t
@ -214,7 +220,7 @@ install -p -m 0644 pkg/common/%{name}.zsh %{buildroot}%{zsh_dir}/_%{name}
%doc README.fedora %doc README.fedora
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{_sysconfdir}/bash_completion.d/%{name}.bash %config(noreplace) %{_sysconfdir}/bash_completion.d/%{name}.bash
%{_var}/cache/%{name} %dir %{_var}/cache/%{name}/
%{_var}/log/%{name} %{_var}/log/%{name}
%{_bindir}/spm %{_bindir}/spm
%doc %{_mandir}/man1/spm.1* %doc %{_mandir}/man1/spm.1*
@ -238,9 +244,11 @@ install -p -m 0644 pkg/common/%{name}.zsh %{buildroot}%{zsh_dir}/_%{name}
%{_bindir}/%{name}-master %{_bindir}/%{name}-master
%{_bindir}/%{name}-run %{_bindir}/%{name}-run
%{_unitdir}/%{name}-master.service %{_unitdir}/%{name}-master.service
%config(noreplace) %{_sysconfdir}/%{name}/master %{_sysusersdir}/salt.conf
%config(noreplace) %{_sysconfdir}/%{name}/master.d %config(noreplace) %attr(0750, salt, salt) %{_sysconfdir}/%{name}/master
%config(noreplace) %{_sysconfdir}/%{name}/pki/master %config(noreplace) %attr(0750, salt, salt) %{_sysconfdir}/%{name}/master.d
%config(noreplace) %attr(0750, salt, salt) %{_sysconfdir}/%{name}/pki/master
%config(noreplace) %attr(0750, salt, salt) %{_sysconfdir}/%{name}/gpgkeys
%files minion %files minion
%doc %{_mandir}/man1/%{name}-call.1* %doc %{_mandir}/man1/%{name}-call.1*
@ -292,7 +300,11 @@ install -p -m 0644 pkg/common/%{name}.zsh %{buildroot}%{zsh_dir}/_%{name}
%preun api %preun api
%systemd_preun %{name}-api.service %systemd_preun %{name}-api.service
%pre master
%sysusers_create_compat %{SOURCE22}
%post master %post master
chown salt:salt %{_sysconfdir}/%{name}/gpgkeys -R
%systemd_post %{name}-master.service %systemd_post %{name}-master.service
%post syndic %post syndic
@ -318,6 +330,9 @@ install -p -m 0644 pkg/common/%{name}.zsh %{buildroot}%{zsh_dir}/_%{name}
%changelog %changelog
* Wed May 24 2023 Gwyn Ciesla <gwync@protonmail.com> - 3006.1-2
- Add salt user for master per upstream.
* Wed May 24 2023 Gwyn Ciesla <gwync@protonmail.com> - 3006.1-1 * Wed May 24 2023 Gwyn Ciesla <gwync@protonmail.com> - 3006.1-1
- 3006.1 - 3006.1

@ -0,0 +1,3 @@
#Type Name ID GECOS Home directory Shell
u salt - "Salt" /etc/salt /sbin/nologin
g salt -
Loading…
Cancel
Save