Accepting request 327739 from devel:languages:python
1 OBS-URL: https://build.opensuse.org/request/show/327739 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/salt?expand=0&rev=50
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
parent
88945b4134
commit
e4e14d8ea8
35
README.SUSE
Normal file
35
README.SUSE
Normal file
@ -0,0 +1,35 @@
|
||||
Salt-master as non-root user
|
||||
============================
|
||||
|
||||
With the latest version of the salt-master package a new user has been added.
|
||||
The user salt be used in later versions as the default user for the salt-master daemon.
|
||||
|
||||
For now the default user for the salt-master daemon will be root.
|
||||
|
||||
Why an extra user
|
||||
=================
|
||||
|
||||
While the current setup runs the master as root user, this is considered a security issue
|
||||
and not in line with the other configuration management tools (eg. puppet) which runs as a
|
||||
dedicated user.
|
||||
|
||||
How can I make the change
|
||||
=========================
|
||||
|
||||
If you would like to make the change before you can do the following steps manually:
|
||||
1. uncomment the user parameter in the master configuration
|
||||
user: salt
|
||||
2. update the file permissions:
|
||||
as root: chown -R salt /etc/salt /var/cache/salt /var/log/salt /var/run/salt
|
||||
3. restart the salt-master daemon:
|
||||
as root: rcsalt-master restart or systemctl restart salt-master
|
||||
|
||||
NOTE
|
||||
====
|
||||
|
||||
Running the salt-master daemon as a non-root user has some consequences, some salt operations
|
||||
cannot be executed correctly when the master is not running as root, specifically the pam external
|
||||
auth system, as this system needs root access to check authentication.
|
||||
|
||||
For more information:
|
||||
http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:f8b04dc8bd4b00ce803d31ce5fba033c2f20fa38cdc5a3bf54b4c47362fbe853
|
||||
size 5389038
|
||||
3
salt-2015.5.5.tar.gz
Normal file
3
salt-2015.5.5.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5cd8d317616abab691a83f7fd3f8bcf9ad8aecaa95fcfdc0f6d788de87f0beeb
|
||||
size 5526444
|
||||
14
salt.changes
14
salt.changes
@ -1,3 +1,17 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 18 06:58:18 UTC 2015 - aboe76@gmail.com
|
||||
|
||||
- Updated to Bugfix release 2015.5
|
||||
|
||||
for more details:
|
||||
https://github.com/saltstack/salt/blob/develop/doc/topics/releases/2015.5.5.rst
|
||||
|
||||
- Add prereq, for user creation.
|
||||
- Add creation of salt user in preparation of running the salt-master daemon
|
||||
as non-root user salt.
|
||||
https://bugzilla.opensuse.org/show_bug.cgi?id=939831
|
||||
- Add README.SUSE with explanation and how to.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 20 12:22:26 UTC 2015 - bwiedemann@suse.com
|
||||
|
||||
|
||||
14
salt.spec
14
salt.spec
@ -17,14 +17,14 @@
|
||||
|
||||
|
||||
Name: salt
|
||||
Version: 2015.5.3
|
||||
Version: 2015.5.5
|
||||
Release: 0
|
||||
Summary: A parallel remote execution system
|
||||
License: Apache-2.0
|
||||
Group: System/Monitoring
|
||||
Url: http://saltstack.org/
|
||||
Source0: http://pypi.python.org/packages/source/s/%{name}/%{name}-%{version}.tar.gz
|
||||
|
||||
Source1: README.SUSE
|
||||
# PATCH-FIX-OPENSUSE use-forking-daemon.patch tserong@suse.com -- We don't have python-systemd, so notify can't work
|
||||
Patch1: use-forking-daemon.patch
|
||||
|
||||
@ -76,7 +76,10 @@ Requires: python-tornado
|
||||
Requires: python-xml
|
||||
Requires: python-yaml
|
||||
Requires: python-zypp
|
||||
Requires(pre): %fillup_prereq
|
||||
Requires(pre): %fillup_prereq
|
||||
Requires(pre): %{_sbindir}/groupadd
|
||||
Requires(pre): %{_sbindir}/useradd
|
||||
Requires(pre): pwdutils
|
||||
%if 0%{?suse_version} < 1210
|
||||
Requires(pre): %insserv_prereq
|
||||
%endif
|
||||
@ -239,6 +242,7 @@ Zsh command line completion support for %{name}.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
cp %{S:1} .
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
@ -355,6 +359,8 @@ install -Dpm 0644 pkg/zsh_completion.zsh %{buildroot}/etc/zsh_completion.d/%{nam
|
||||
%endif
|
||||
|
||||
%pre master
|
||||
getent group salt >/dev/null || %{_sbindir}/groupadd -r salt
|
||||
getent passwd salt >/dev/null || %{_sbindir}/useradd -r -g salt -d /srv/salt -s /bin/false -c "salt-master daemon" salt
|
||||
%if 0%{?_unitdir:1}
|
||||
%service_add_pre salt-master.service
|
||||
%endif
|
||||
@ -521,7 +527,7 @@ install -Dpm 0644 pkg/zsh_completion.zsh %{buildroot}/etc/zsh_completion.d/%{nam
|
||||
%config(noreplace) %{_sysconfdir}/logrotate.d/salt
|
||||
%attr(755,root,root)%{python_sitelib}/salt/cloud/deploy/*.sh
|
||||
%{python_sitelib}/*
|
||||
%doc LICENSE AUTHORS README.rst HACKING.rst
|
||||
%doc LICENSE AUTHORS README.rst HACKING.rst README.SUSE
|
||||
|
||||
%if %with_bashcomp
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user