Run master as salt user

f38
Gwyn Ciesla 1 year ago
parent ad471783b0
commit c26bd71772

@ -11,7 +11,7 @@
Name: salt
Version: 3006.1
Release: 1%{?dist}
Release: 2%{?dist}
Summary: A parallel remote execution system
Group: System Environment/Daemons
License: ASL 2.0
@ -38,6 +38,7 @@ Source18: %{name}-master.fish
Source19: %{name}-minion.fish
Source20: %{name}-run.fish
Source21: %{name}-syndic.fish
Source22: %{name}.sysusers
Patch0: contextvars.patch
BuildArch: noarch
@ -53,7 +54,7 @@ Requires: logrotate
BuildRequires: systemd-rpm-macros
BuildRequires: python3-devel
%{?sysusers_requires_compat}
%description
Salt is a distributed remote execution system used to execute commands and
@ -167,6 +168,8 @@ install -d -m 0755 %{buildroot}%{_sysconfdir}/%{name}/proxy.d
# Add the config files
install -p -m 0640 conf/minion %{buildroot}%{_sysconfdir}/%{name}/minion
install -p -m 0640 conf/master %{buildroot}%{_sysconfdir}/%{name}/master
# Use salt user on nre master installations
sed -i 's/#user: root/user: salt/g' %{buildroot}%{_sysconfdir}/%{name}/master
install -p -m 0600 conf/cloud %{buildroot}%{_sysconfdir}/%{name}/cloud
install -p -m 0640 conf/roster %{buildroot}%{_sysconfdir}/%{name}/roster
install -p -m 0640 conf/proxy %{buildroot}%{_sysconfdir}/%{name}/proxy
@ -204,6 +207,9 @@ install -p -m 0644 %{SOURCE21} %{buildroot}%{fish_dir}/%{name}-syndic.fish
mkdir -p %{buildroot}%{zsh_dir}
install -p -m 0644 pkg/common/%{name}.zsh %{buildroot}%{zsh_dir}/_%{name}
# Salt user and group
install -p -D -m 0644 %{SOURCE22} %{buildroot}%{_sysusersdir}/salt.conf
mkdir -p %{buildroot}%{_sysconfdir}/%{name}/gpgkeys
%check
%pyproject_check_import -t
@ -214,7 +220,7 @@ install -p -m 0644 pkg/common/%{name}.zsh %{buildroot}%{zsh_dir}/_%{name}
%doc README.fedora
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{_sysconfdir}/bash_completion.d/%{name}.bash
%{_var}/cache/%{name}
%dir %{_var}/cache/%{name}/
%{_var}/log/%{name}
%{_bindir}/spm
%doc %{_mandir}/man1/spm.1*
@ -238,9 +244,11 @@ install -p -m 0644 pkg/common/%{name}.zsh %{buildroot}%{zsh_dir}/_%{name}
%{_bindir}/%{name}-master
%{_bindir}/%{name}-run
%{_unitdir}/%{name}-master.service
%config(noreplace) %{_sysconfdir}/%{name}/master
%config(noreplace) %{_sysconfdir}/%{name}/master.d
%config(noreplace) %{_sysconfdir}/%{name}/pki/master
%{_sysusersdir}/salt.conf
%config(noreplace) %attr(0750, salt, salt) %{_sysconfdir}/%{name}/master
%config(noreplace) %attr(0750, salt, salt) %{_sysconfdir}/%{name}/master.d
%config(noreplace) %attr(0750, salt, salt) %{_sysconfdir}/%{name}/pki/master
%config(noreplace) %attr(0750, salt, salt) %{_sysconfdir}/%{name}/gpgkeys
%files minion
%doc %{_mandir}/man1/%{name}-call.1*
@ -292,7 +300,11 @@ install -p -m 0644 pkg/common/%{name}.zsh %{buildroot}%{zsh_dir}/_%{name}
%preun api
%systemd_preun %{name}-api.service
%pre master
%sysusers_create_compat %{SOURCE22}
%post master
chown salt:salt %{_sysconfdir}/%{name}/gpgkeys -R
%systemd_post %{name}-master.service
%post syndic
@ -318,6 +330,9 @@ install -p -m 0644 pkg/common/%{name}.zsh %{buildroot}%{zsh_dir}/_%{name}
%changelog
* Wed May 24 2023 Gwyn Ciesla <gwync@protonmail.com> - 3006.1-2
- Add salt user for master per upstream.
* Wed May 24 2023 Gwyn Ciesla <gwync@protonmail.com> - 3006.1-1
- 3006.1

@ -0,0 +1,3 @@
#Type Name ID GECOS Home directory Shell
u salt - "Salt" /etc/salt /sbin/nologin
g salt -
Loading…
Cancel
Save