diff --git a/custom/testing/golden-pillar-tree/base.sls b/custom/testing/golden-pillar-tree/base.sls new file mode 100644 index 0000000..b875f1d --- /dev/null +++ b/custom/testing/golden-pillar-tree/base.sls @@ -0,0 +1,2 @@ +packer_build: true +packer_golden_images_build: true diff --git a/custom/testing/golden-pillar-tree/top.sls b/custom/testing/golden-pillar-tree/top.sls new file mode 100644 index 0000000..9e69fc0 --- /dev/null +++ b/custom/testing/golden-pillar-tree/top.sls @@ -0,0 +1,3 @@ +base: + '*': + - base diff --git a/custom/testing/golden-state-tree/config/dhclient.sls b/custom/testing/golden-state-tree/config/dhclient.sls new file mode 100644 index 0000000..3ba7af5 --- /dev/null +++ b/custom/testing/golden-state-tree/config/dhclient.sls @@ -0,0 +1,10 @@ +{% set dhclient_conf = '/etc/dhcp/dhclient.conf' %} + +{%- if salt['file.file_exists'](dhclient_conf) %} +dhclient_conf.lease_time: + file.line: + - name: {{ dhclient_conf }} + - content: "supersede dhcp-lease-time 86400;" + - mode: insert + - location: end +{%- endif %} diff --git a/custom/testing/golden-state-tree/config/locale.sls b/custom/testing/golden-state-tree/config/locale.sls new file mode 100644 index 0000000..b9ee291 --- /dev/null +++ b/custom/testing/golden-state-tree/config/locale.sls @@ -0,0 +1,104 @@ +# Arch Linux on some clouds has a default encoding of ASCII +# This is not typical in production, so set this to UTF-8 instead +# +# This will cause integration.shell.matcher.MatchTest.test_salt_documentation_arguments_not_assumed +# to fail if not set correctly. +{%- set on_docker = salt['grains.get']('virtual_subtype', '') in ('Docker',) %} +{%- set on_arch = grains['os_family'] == 'Arch' %} +{%- set on_suse = grains['os_family'] in ('Suse', 'SUSE') %} + +{%- if grains['os'] in ('MacOS',) %} +mac_locale: + file.blockreplace: + - name: /etc/profile + - marker_start: '#------ start locale zone ------' + - marker_end: '#------ endlocale zone ------' + - content: | + export LANG=en_US.UTF-8 + - append_if_not_found: true + +{%- elif grains['os'] in ('FreeBSD',) %} +/root/.bash_profile: + file.managed: + - user: root + - group: wheel + - mode: '0644' + +freebsd_locale: + file.blockreplace: + - name: /root/.bash_profile + - marker_start: '#------ start locale zone ------' + - marker_end: '#------ endlocale zone ------' + - content: | + export LANG=en_US.UTF-8 + - append_if_not_found: true +{%- else %} + + {%- if on_suse %} +suse_local: + pkg.installed: + - pkgs: + - glibc-locale + - dbus-1 + + {%- if not on_docker %} + service.running: + - name: dbus.socket + - onlyif: systemctl daemon-reload + {%- endif %} + {%- elif grains.os_family == 'Debian' %} +deb_locale: + file.touch: + - name: /etc/default/keyboard # ubuntu is stupid and this file has to exist for systemd-localed to be able to run + pkg.installed: + - pkgs: + - locales + - console-data + - dbus + {%- if grains.get('init') == 'systemd' %} + service.running: + - names: + - dbus.socket + - systemd-localed.service + {%- endif %} + {%- endif %} + + {%- if on_arch %} +accept_LANG_sshd: + file.append: + - name: /etc/ssh/sshd_config + - text: AcceptEnv LANG + {%- if not pillar.get('packer_golden_images_build', False) %} + service.running: + - name: sshd + - listen: + - file: accept_LANG_sshd + {%- endif %} + {%- endif %} + +# Fedora and Centos 8 + {%- if grains['os_family'] == 'RedHat' and grains['osmajorrelease'] != 7 and grains['os'] != 'VMware Photon OS' %} +redhat_locale: + pkg.installed: + - name: glibc-langpack-en + {%- endif %} + +# Photon OS 3 + {%- if grains['os'] == 'VMware Photon OS' %} +photon_locale: + pkg.installed: + - name: glibc-lang + {%- endif %} + +us_locale: + locale.present: + - name: en_US.UTF-8 + + {%- if grains['os_family'] not in ('FreeBSD',) %} +default_locale: + locale.system: + - name: en_US.UTF-8 + - require: + - locale: us_locale + {%- endif %} +{%- endif %} diff --git a/custom/testing/golden-state-tree/config/path.sls b/custom/testing/golden-state-tree/config/path.sls new file mode 100644 index 0000000..ec3379e --- /dev/null +++ b/custom/testing/golden-state-tree/config/path.sls @@ -0,0 +1,10 @@ +append-usr-local-bin-to-path: + file.append: + - name: /root/.bash_profile + - text: 'export PATH=/usr/local/bin:$PATH' + - unless: 'echo $PATH | grep -q /usr/local/bin' + environ.setenv: + - name: PATH + - value: '/usr/local/bin:{{ salt.cmd.run_stdout('echo $PATH', python_shell=True).strip() }}' + - unless: 'echo $PATH | grep -q /usr/local/bin' + - update_minion: True diff --git a/custom/testing/golden-state-tree/config/sshd_config.sls b/custom/testing/golden-state-tree/config/sshd_config.sls new file mode 100644 index 0000000..8a78c2b --- /dev/null +++ b/custom/testing/golden-state-tree/config/sshd_config.sls @@ -0,0 +1,77 @@ +{% set ssh_config = '/etc/ssh/sshd_config' %} + +ClientAliveInterval: + file.line: + - name: {{ ssh_config }} + - content: "ClientAliveInterval 60" + {%- if salt['file.search'](ssh_config, 'ClientAliveInterval') %} + - match: "(#)?.*ClientAliveInterval.*" + - mode: "replace" + {%- else %} + - mode: insert + - location: end + {%- endif %} + +ClientAliveCount: + file.line: + - name: {{ ssh_config }} + - content: "ClientAliveCountMax 20" + {%- if salt['file.search'](ssh_config, 'ClientAliveCountMax') %} + - match: "(#)?.*ClientAliveCountMax.*" + - mode: "replace" + {%- else %} + - mode: insert + - location: end + {%- endif %} + +TCPKeepAlive: + file.line: + - name: {{ ssh_config }} + - content: "TCPKeepAlive yes" + {%- if salt['file.search'](ssh_config, 'TCPKeepAlive') %} + - match: "(#)?.*TCPKeepAlive.*" + - mode: "replace" + {%- else %} + - mode: insert + - location: end + {%- endif %} + + +{%- if grains['os'] == 'VMware Photon OS' %} +{%- for algo in ("ssh-ed25519", "ecdsa-sha2-nistp256") %} + +HostKeyAlgorithms-{{ algo }}: + file.line: + - name: {{ ssh_config }} + - content: "HostKeyAlgorithms {{ algo }}" + - mode: insert + - location: end + +{%- endfor %} +{%- endif %} + +stop-sshd: + service.dead: + {%- if grains['os'] == 'Ubuntu' and grains['osmajorrelease'] >= 23 %} + - name: ssh + {%- else %} + - name: sshd + {%- endif %} + - enable: True + - require: + - ClientAliveInterval + - ClientAliveCount + - TCPKeepAlive + + +start-sshd: + service.enabled: + {%- if grains['os'] == 'Ubuntu' and grains['osmajorrelease'] >= 23 %} + - name: ssh + {%- else %} + - name: sshd + {%- endif %} + - enable: True + - reload: True + - require: + - stop-sshd diff --git a/custom/testing/golden-state-tree/config/sssd.sls b/custom/testing/golden-state-tree/config/sssd.sls new file mode 100644 index 0000000..69eff18 --- /dev/null +++ b/custom/testing/golden-state-tree/config/sssd.sls @@ -0,0 +1,3 @@ +sssd: + service.dead: + - onlyif: systemctl is-active sssd diff --git a/custom/testing/golden-state-tree/config/timezone.sls b/custom/testing/golden-state-tree/config/timezone.sls new file mode 100644 index 0000000..8209773 --- /dev/null +++ b/custom/testing/golden-state-tree/config/timezone.sls @@ -0,0 +1,4 @@ +set-time-zone: + timezone.system: + - name: Etc/UTC + - utc: True diff --git a/custom/testing/golden-state-tree/config/ulimits.sls b/custom/testing/golden-state-tree/config/ulimits.sls new file mode 100644 index 0000000..2972922 --- /dev/null +++ b/custom/testing/golden-state-tree/config/ulimits.sls @@ -0,0 +1,15 @@ +{%- if grains['kernel'] == 'Linux' %} +ulimits-nofile: + file.managed: + - name: /etc/security/limits.d/83-nofile.conf + - mode: 644 + - makedirs: True + - contents: 'root - nofile 1048576' +{%- elif grains['kernel'] == 'Darwin' %} +set limits for launchctl: + cmd.run: + - name: launchctl limit maxfiles 10240 unlimited + file.append: + - name: /etc/launchd.conf + - text: limit maxfiles 10240 unlimited +{%- endif %} diff --git a/custom/testing/golden-state-tree/download/busybox.sls b/custom/testing/golden-state-tree/download/busybox.sls new file mode 100644 index 0000000..8ac3f41 --- /dev/null +++ b/custom/testing/golden-state-tree/download/busybox.sls @@ -0,0 +1,17 @@ +/usr/bin/busybox: + file.managed: + {%- if grains['osarch'] == 'aarch64' %} + - source: https://github.com/saltstack/salt-jenkins/files/12686271/busybox.arch64.zip + - source_hash: f6c93120cec5f4a6414ae7e7725ef20dd51f07b93f5f69961c1ce2c3ab13b446 + {%- else %} + - source: https://github.com/saltstack/salt-jenkins/files/8031454/busybox.zip + - source_hash: sha256=d270442b2fff1c8ebbd076afaf2f6739abc5790526acfafd8fcdba3eab80ed73 + {%- endif %} + - mode: 0755 + + +run-busybox: + cmd.run: + - name: /usr/bin/busybox pwd && exit 0 || exit 1 + - require: + - /usr/bin/busybox diff --git a/custom/testing/golden-state-tree/download/vault.sls b/custom/testing/golden-state-tree/download/vault.sls new file mode 100644 index 0000000..d5b1e81 --- /dev/null +++ b/custom/testing/golden-state-tree/download/vault.sls @@ -0,0 +1,13 @@ +install-vault-binary: + + pkg.latest: + - name: unzip + + archive.extracted: + - name: /usr/local/bin/ + - source: https://releases.hashicorp.com/vault/0.9.6/vault_0.9.6_linux_amd64.zip + - source_hash: https://releases.hashicorp.com/vault/0.9.6/vault_0.9.6_SHA256SUMS + - archive_format: zip + - if_missing: /usr/local/bin/vault + - source_hash_update: True + - enforce_toplevel: False diff --git a/custom/testing/golden-state-tree/github-actions-runner/account.sls b/custom/testing/golden-state-tree/github-actions-runner/account.sls new file mode 100644 index 0000000..f43c434 --- /dev/null +++ b/custom/testing/golden-state-tree/github-actions-runner/account.sls @@ -0,0 +1,42 @@ + +create-actions-runner-account: + user.present: + - name: actions-runner + - shell: /bin/bash + - home: /home/actions-runner + - empty_password: true + - createhome: true + - usergroup: true + - optional_groups: + {#- + These groups get added to the user if the groups exist. + The groups were collected from the golden images cloud-init configuration + file /etc/cloud/cloud.cfg + #} + - adm + - audio + - cdrom + - dialout + - dip + - docker + - floppy + - lxd + - netdev + - plugdev + - sudo + - systemd-journal + - users + - video + - wheel + {%- if grains['os'] == 'VMware Photon OS' %} + {#- Let's also include the root's group in the account since Photon OS's + images are commonly built to use root and not other system accounts #} + - root + {%- endif %} + +actions-runner-sudoers-file: + file.managed: + - name: /etc/sudoers.d/actions-runner + - mode: "0644" + - contents: + - actions-runner ALL=(ALL) NOPASSWD:ALL diff --git a/custom/testing/golden-state-tree/github-actions-runner/files/add-start-at-boot-task.ps1 b/custom/testing/golden-state-tree/github-actions-runner/files/add-start-at-boot-task.ps1 new file mode 100644 index 0000000..a71925f --- /dev/null +++ b/custom/testing/golden-state-tree/github-actions-runner/files/add-start-at-boot-task.ps1 @@ -0,0 +1,5 @@ +$taskName = "Start GitHub Actions Runner" +$principal = New-ScheduledTaskPrincipal -UserID "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest +$action = New-ScheduledTaskAction -WorkingDirectory "C:\actions-runner" -Execute 'Powershell.exe' -Argument "-NoProfile -File ""C:\start-runner.ps1""" +$trigger = New-ScheduledTaskTrigger -AtStartup +Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName $taskName -Description $taskName diff --git a/custom/testing/golden-state-tree/github-actions-runner/files/github-actions-runner.systemd.unit b/custom/testing/golden-state-tree/github-actions-runner/files/github-actions-runner.systemd.unit new file mode 100644 index 0000000..80568be --- /dev/null +++ b/custom/testing/golden-state-tree/github-actions-runner/files/github-actions-runner.systemd.unit @@ -0,0 +1,16 @@ +# set ft=systemd + +[Unit] +Description=GitHub Actions Runner +After=network.target + +[Service] +ExecStart=/opt/actions-runner/start-runner-service.sh +User={{ actions_runner_account }} +WorkingDirectory=/opt/actions-runner/ +KillMode=process +KillSignal=SIGTERM +TimeoutStopSec=5min + +[Install] +WantedBy=multi-user.target diff --git a/custom/testing/golden-state-tree/github-actions-runner/files/start-github-actions-runner.sh b/custom/testing/golden-state-tree/github-actions-runner/files/start-github-actions-runner.sh new file mode 100644 index 0000000..7badeba --- /dev/null +++ b/custom/testing/golden-state-tree/github-actions-runner/files/start-github-actions-runner.sh @@ -0,0 +1,217 @@ +#!/usr/bin/env bash + +# Disable debug output explicitly +set +x + +# Define our logging file and pipe paths +LOGFILE="/var/log/runner-startup.log" +LOGPIPE="/tmp/start-github-actions-runner.logpipe" +# Ensure no residual pipe exists +rm "$LOGPIPE" 2>/dev/null + +# Create our logging pipe +# On FreeBSD we have to use mkfifo instead of mknod +if ! (mknod "$LOGPIPE" p >/dev/null 2>&1 || mkfifo "$LOGPIPE" >/dev/null 2>&1); then + echo "Failed to create the named pipe required to log" + exit 1 +fi + +# What ever is written to the logpipe gets written to the logfile +tee < "$LOGPIPE" "$LOGFILE" & + +# Close STDOUT, reopen it directing it to the logpipe +exec 1>&- +exec 1>"$LOGPIPE" +# Close STDERR, reopen it directing it to the logpipe +exec 2>&- +exec 2>"$LOGPIPE" + +## Retrieve instance metadata +echo "Retrieving TOKEN from AWS API" +TOKEN=$(curl -sS -f -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 180") + +SPB_DEBUG=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/tags/instance/spb:debug) +echo "Retrieved spb:debug - ($SPB_DEBUG)" +if [ "$SPB_DEBUG" = "true" ]; then + # Enable debug output + set -x +fi + +AMI_ID=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/ami-id) + +REGION=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .region) +echo "Retrieved REGION from AWS API ($REGION)" + +INSTANCE_ID=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/instance-id) +echo "Retrieved INSTANCE_ID from AWS API ($INSTANCE_ID)" + +SPB_START_GITHUB_RUNNER=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/tags/instance/spb:start-github-runner) +echo "Retrieved spb:start_github_runner tag - ($SPB_START_GITHUB_RUNNER)" + +if [ "$SPB_START_GITHUB_RUNNER" != "true" ]; then + echo "Not starting the GitHub Runner. Exiting." + exit 0 +fi + +PROJECT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/tags/instance/spb:project) +echo "Retrieved spb:project tag - ($PROJECT)" + +ENVIRONMENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/tags/instance/spb:environment) +echo "Retrieved spb:environment tag - ($ENVIRONMENT)" + +ENABLE_CLOUDWATCH_AGENT=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/tags/instance/spb:cloudwatch-enabled) +echo "Retrieved spb:cloudwatch-enabled - ($ENABLE_CLOUDWATCH_AGENT)" + +if [ "$ENABLE_CLOUDWATCH_AGENT" = "true" ]; then + echo "Cloudwatch is enabled" + SPB_RUNNER=$(curl -sS -f -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/tags/instance/spb:runner) + echo "Retrieved spb:runner - ($SPB_RUNNER)" + CLOUDWATCH_CONFIG_PARAMETER_NAME="/spb/$PROJECT/$ENVIRONMENT/runners/$SPB_RUNNER/cloudwatch-config" + amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c "ssm:$CLOUDWATCH_CONFIG_PARAMETER_NAME" +fi + +## Configure the runner +echo "Get GH Runner config from AWS SSM" +RUNNER_CONFIG_PARAMETER_NAME="/spb/$PROJECT/$ENVIRONMENT/config/$INSTANCE_ID" +CONFIG=$(aws ssm get-parameter --name "$RUNNER_CONFIG_PARAMETER_NAME" --with-decryption --region "$REGION" 2>/dev/null | jq -r ".Parameter | .Value") + +RETRY=1 +while [ -z "$CONFIG" ]; do + echo "Waiting for GH Runner config to become available in AWS SSM" + sleep 1 + CONFIG=$(aws ssm get-parameter --name "$RUNNER_CONFIG_PARAMETER_NAME" --with-decryption --region "$REGION" 2>/dev/null | jq -r ".Parameter | .Value") + (( RETRY++ )) + if [ $RETRY -gt 180 ]; then + echo "Failed to get the required runner configuration after $RETRY seconds." + echo "Terminating instance" + aws ec2 terminate-instances --instance-ids "$INSTANCE_ID" --region "$REGION" + exit 1 + fi +done + +NOTIFICATION_URL=$(echo "$CONFIG" | jq -r .notification_url) +NOTIFICATION_UUID=$(echo "$CONFIG" | jq -r .notification_uuid) + +cat >/opt/actions-runner/notify-runner-started.sh <<-EOF +echo "Notifying that the runner $INSTANCE_ID is working..." +RUNNER_NOTIFICATION_URL=$NOTIFICATION_URL +curl -f -s -H "Content-Type: application/json" -H "x-gh-runner-event: runner-started" -H "x-gh-runner-name: $INSTANCE_ID" -H "x-gh-runner-token: $NOTIFICATION_UUID" -X POST \$RUNNER_NOTIFICATION_URL +EOF +chmod 755 /opt/actions-runner/notify-runner-started.sh + +cat >/opt/actions-runner/notify-runner-completed.sh <<-EOF +echo "Notifying that the runner $INSTANCE_ID finished working..." +RUNNER_NOTIFICATION_URL=$NOTIFICATION_URL +curl -f -s -H "Content-Type: application/json" -H "x-gh-runner-event: runner-completed" -H "x-gh-runner-name: $INSTANCE_ID" -H "x-gh-runner-token: $NOTIFICATION_UUID" -X POST \$RUNNER_NOTIFICATION_URL +EOF +chmod 755 /opt/actions-runner/notify-runner-completed.sh + +if [ "$SPB_DEBUG" != "true" ]; then + echo "Delete GH Runner secrets from AWS SSM" + aws ssm delete-parameter --name "$RUNNER_CONFIG_PARAMETER_NAME" --region "$REGION" +fi + +if [ "$(cat /etc/os-release | grep ID_LIKE= | grep rhel)" != "" ] && [ "$(cat /etc/os-release | grep -E ^VERSION= | grep '="9')" != "" ]; then + # CentOS Stream 9 uses OpenSSL 3 and DotNet doesn't like it, yet + # This is a workaround since SHA1 is now know not to be secure + update-crypto-policies --set DEFAULT:SHA1 +fi + +chown -R {{ actions_runner_account }}:{{ actions_runner_account }} /opt/actions-runner + +RUNNER_CONFIG=$(echo "$CONFIG" | jq -r .runner_config) +echo "Configure GH Runner as user {{ actions_runner_account }}" +sudo -i -u "{{ actions_runner_account }}" -- /opt/actions-runner/config.sh --unattended --name "$INSTANCE_ID" --work "_work" ${RUNNER_CONFIG} + +INFO_ARCH=$(uname -p) +INFO_OS=$( ( lsb_release -ds || cat /etc/*release || uname -om ) 2>/dev/null | head -n1 | cut -d "=" -f2- | tr -d '"') +tee /opt/actions-runner/.setup_info </opt/actions-runner/start-runner-service.sh <<-EOF +#!/usr/bin/env bash + +__trap_exit() { + echo "Terminating instance" + aws ec2 terminate-instances --instance-ids "$INSTANCE_ID" --region "$REGION" +} +trap "__trap_exit" INT ABRT QUIT TERM + +cd /opt/actions-runner +echo "Starting the runner in ephemeral mode" + +export PATH=~/.local/bin:\$PATH +export ACTIONS_RUNNER_HOOK_JOB_STARTED=/opt/actions-runner/notify-runner-started.sh +export ACTIONS_RUNNER_HOOK_JOB_COMPLETED=/opt/actions-runner/notify-runner-completed.sh +export AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache +export RUNNER_TOOL_CACHE=/opt/hostedtoolcache +/opt/actions-runner/bin/runsvc.sh +echo "Runner has finished" +echo "Terminating instance" +aws ec2 terminate-instancts --instance-ids "$INSTANCE_ID" --region "$REGION" +EOF +chmod 755 /opt/actions-runner/start-runner-service.sh + +chown -R {{ actions_runner_account }}:{{ actions_runner_account }} /opt/actions-runner + + +SVC_NAME=github-actions-runner +CONFIG_PATH=/opt/actions-runner/.service +UNIT_PATH=/etc/systemd/system/${SVC_NAME}.service +command -v getenforce > /dev/null +if [ $? -eq 0 ] +then + selinuxEnabled=$(getenforce) + if [[ $selinuxEnabled == "Enforcing" ]] + then + # SELinux is enabled, we will need to Restore SELinux Context for the service file + restorecon -r -v "${UNIT_PATH}" || failed "failed to restore SELinux context on ${UNIT_PATH}" + fi +fi +systemctl daemon-reload || failed "failed to reload daemons" +echo "${SVC_NAME}" > ${CONFIG_PATH} || failed "failed to create ${CONFIG_PATH} file" +chown {{ actions_runner_account }}:{{ actions_runner_account }} ${CONFIG_PATH} || failed "failed to set permission for ${CONFIG_PATH}" + +function service_exists() { + if [ -f "${UNIT_PATH}" ]; then + return 0 + else + return 1 + fi +} + +function status() +{ + if service_exists; then + echo + echo "${UNIT_PATH}" + else + echo + echo "not installed" + echo + exit 1 + fi + + systemctl --no-pager status ${SVC_NAME} +} + +function start() +{ + systemctl start ${SVC_NAME} || failed "failed to start ${SVC_NAME}" + status +} + +start diff --git a/custom/testing/golden-state-tree/github-actions-runner/files/start-runner.ps1 b/custom/testing/golden-state-tree/github-actions-runner/files/start-runner.ps1 new file mode 100644 index 0000000..4dd6085 --- /dev/null +++ b/custom/testing/golden-state-tree/github-actions-runner/files/start-runner.ps1 @@ -0,0 +1,149 @@ +## Retrieve instance metadata + +$ErrorActionPreference="SilentlyContinue" +Stop-Transcript | out-null +$ErrorActionPreference = "Continue" +Start-Transcript -path C:/runner-startup.log -append + +Write-Host "Retrieving TOKEN from AWS API" +$token=Invoke-RestMethod -Method PUT -Uri "http://169.254.169.254/latest/api/token" -Headers @{"X-aws-ec2-metadata-token-ttl-seconds" = "180"} + +$ami_id=Invoke-RestMethod -Uri "http://169.254.169.254/latest/meta-data/ami-id" -Headers @{"X-aws-ec2-metadata-token" = $token} + +$metadata=Invoke-RestMethod -Uri "http://169.254.169.254/latest/dynamic/instance-identity/document" -Headers @{"X-aws-ec2-metadata-token" = $token} + +$Region = $metadata.region +Write-Host "Retrieved REGION from AWS API ($Region)" + +$InstanceId = $metadata.instanceId +Write-Host "Retrieved InstanceId from AWS API ($InstanceId)" + +$tags=aws ec2 describe-tags --region "$Region" --filters "Name=resource-id,Values=$InstanceId" | ConvertFrom-Json +Write-Host "Retrieved tags from AWS API" + +$project=$tags.Tags.where( {$_.Key -eq 'spb:project'}).value +Write-Host "Retrieved spb:project tag - ($project)" + +$environment=$tags.Tags.where( {$_.Key -eq 'spb:environment'}).value +Write-Host "Retrieved spb:environment tag - ($environment)" + +$cloudwatch_enabled=$tags.Tags.where( {$_.Key -eq 'spb:cloudwatch-enabled'}).value +Write-Host "Retrieved spb:cloudwatch-enabled tag - ($cloudwatch_enabled)" + +if ($cloudwatch_enabled -eq "true") +{ + Write-Host "Enabling CloudWatch Agent" + $spb_runner=$tags.Tags.where( {$_.Key -eq 'spb:runner'}).value + Write-Host "Retrieved spb:runner tag - ($spb_runner)" + + $CloudwatchConfigParameterName="/spb/$project/$environment/runners/$spb_runner/cloudwatch-config" + + & 'C:\Program Files\Amazon\AmazonCloudWatchAgent\amazon-cloudwatch-agent-ctl.ps1' -a fetch-config -m ec2 -s -c "ssm:$CloudwatchConfigParameterName" +} + +$spb_start_github_runner=$tags.Tags.where( {$_.Key -eq 'spb:start-github-runner'}).value +Write-Host "Retrieved spb:start-github-runner tag - ($spb_start_github_runner)" +if ($spb_start_github_runner -ne "true") +{ + Write-Host "Not starting the GitHub Runner. Exiting." + Exit 0 +} + +## Configure the runner + +Write-Host "Get GH Runner config from AWS SSM" +$RunnerConfigParameterName="/spb/$project/$environment/config/$InstanceId" +$config = $null +$i = 0 +do { + $config = (aws ssm get-parameter --name "$RunnerConfigParameterName" --with-decryption --region $Region --query "Parameter.{value:Value}" | ConvertFrom-Json | select -exp value | ConvertFrom-Json) + Write-Host "Waiting for GH Runner config to become available in AWS SSM ($i/180)" + Start-Sleep 1 + $i++ +} while (($null -eq $config) -and ($i -lt 180)) + + +if ($config -eq $null) +{ + Write-Host "Failed to get GH Runner config" + aws ec2 terminate-instances --instance-ids $InstanceId --region $Region +} else { + Write-Host "Delete GH Runner token from AWS SSM" + aws ssm delete-parameter --name "$RunnerConfigParameterName" --region $Region +} + +$runner_config = $config.runner_config + +# Disable User Access Control (UAC) +# TODO investigate if this is needed or if its overkill - https://github.com/philips-labs/terraform-aws-github-runner/issues/1505 +Set-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0 -Force +Write-Host "Disabled User Access Control (UAC)" + +Set-Location -Path c:\actions-runner -PassThru +$configCmd = "$pwd\config.cmd --unattended --name $InstanceId --work `"_work`" $runner_config" + +Write-Host "Configure GH Runner" +Invoke-Expression $configCmd + +$NotificationUrl = $config.notification_url +$NotificationUUID = $config.notification_uuid + +$notify_runner_started_contents = @" +Write-Host "Notifying that the runner $InstanceId is working..." +`$RequestParameters = @{ + Uri = '$NotificationUrl' + Method = 'POST' + Body = '' + Headers = @{ + "Content-Type" = "application/json" + "x-gh-runner-event" = "runner-started" + "x-gh-runner-name" = "$InstanceId" + "x-gh-runner-token" = "$NotificationUUID" + } +} + +Invoke-WebRequest `@RequestParameters +"@ +Set-Content -Path "c:\Notify-Runner-Started.ps1" -Value $notify_runner_started_contents -Force + +$notify_runner_completed_contents = @" +Write-Host "Notifying that the runner $InstanceId finished working..." +`$RequestParameters = @{ + Uri = '$NotificationUrl' + Method = 'POST' + Body = '' + Headers = @{ + "Content-Type" = "application/json" + "x-gh-runner-event" = "runner-completed" + "x-gh-runner-name" = "$InstanceId" + "x-gh-runner-token" = "$NotificationUUID" + } +} + +Invoke-WebRequest `@RequestParameters +"@ +Set-Content -Path "c:\Notify-Runner-Completed.ps1" -Value $notify_runner_completed_contents -Force + +$jsonBody = @( + @{ + group='Runner Image' + details="AMI id: $ami_id" + } +) +ConvertTo-Json -InputObject $jsonBody | Set-Content -Path "$pwd\.setup_info" + +Write-Host "Starting the GitHub Actions Runner" +Write-Host "Starting runner after $(((get-date) - (gcim Win32_OperatingSystem).LastBootUpTime).tostring("hh':'mm':'ss''"))" + +$env:ACTIONS_RUNNER_HOOK_JOB_STARTED="c:\Notify-Runner-Started.ps1" +$env:ACTIONS_RUNNER_HOOK_JOB_COMPLETED="c:\Notify-Runner-Completed.ps1" +$env:AGENT_TOOLSDIRECTORY="c:\hostedtoolcache" +$env:RUNNER_TOOL_CACHE="c:\hostedtoolcache" +Invoke-Expression "$pwd\run.cmd" +Start-Sleep 5 +$TerminateCommand = "aws ec2 terminate-instances --instance-ids $InstanceId --region $Region" +Write-Host "Terminating instance" +Start-Sleep 1 +Stop-Transcript +Start-Sleep 5 +Invoke-Expression $TerminateCommand diff --git a/custom/testing/golden-state-tree/github-actions-runner/init.sls b/custom/testing/golden-state-tree/github-actions-runner/init.sls new file mode 100644 index 0000000..aef2c25 --- /dev/null +++ b/custom/testing/golden-state-tree/github-actions-runner/init.sls @@ -0,0 +1,5 @@ +include: + {%- if grains['os'] != 'Windows' %} + - .account + {%- endif %} + - .install diff --git a/custom/testing/golden-state-tree/github-actions-runner/install.sls b/custom/testing/golden-state-tree/github-actions-runner/install.sls new file mode 100644 index 0000000..500282a --- /dev/null +++ b/custom/testing/golden-state-tree/github-actions-runner/install.sls @@ -0,0 +1,114 @@ +{%- if grains['os'] == 'Windows' %} + {%- set runner_base_directory = "c:" %} +{%- else %} + {%- set runner_base_directory = "/opt" %} +{%- endif %} + +{%- if grains['os'] == 'VMware Photon OS' %} +{#- Photon OS has /opt with perms too closed for another user to access #} +{{ runner_base_directory}}: + file.directory: + - user: root + - group: sudo + - dir_mode: "0751" +{%- endif %} + +{{ runner_base_directory}}/hostedtoolcache: + file.directory: + {%- if grains['os'] != 'Windows' %} + - user: actions-runner + - group: actions-runner + - dir_mode: "0755" + {%- else %} + - win_owner: Administrator + {%- endif %} + +download-and-decompress-runner-tarball: + archive.extracted: + - name: {{ runner_base_directory}}/actions-runner + - source: {{ pillar["github_actions_runner_tarball_url"] }} + {%- if grains['os'] != 'Windows' %} + - user: actions-runner + - group: actions-runner + {%- else %} + - enforce_toplevel: false + {%- endif %} + - skip_verify: true + - keep_source: false + +{{ runner_base_directory}}/actions-runner/.env: + file.append: + - text: + - ImageOS={{ grains.get('osfinger', grains['osfullname'].replace(' ', '-')) }} + - require: + - download-and-decompress-runner-tarball + +install-runner-dependencies: + {%- if pillar["github_actions_runner_install_dependencies"] %} + cmd.run: + - name: {{ runner_base_directory}}/actions-runner/bin/installdependencies.sh + - require: + - download-and-decompress-runner-tarball + {%- else %} + pkg.installed: + - pkgs: + {%- if grains['os'] == 'Windows' %} + - awscli + {%- else %} + - lttng-ust + - zlib + {%- if grains["os"] == "Amazon" %} + - openssl-libs + - krb5-libs + - libicu + {%- elif grains["os"] in ("Arch", "VMware Photon OS") %} + - krb5 + - icu + {%- endif %} + {%- endif %} +{%- endif %} + +{%- if grains['os'] == 'Windows' %} +create-start-runner-script: + file.managed: + - name: c:/start-runner.ps1 + - source: salt://github-actions-runner/files/start-runner.ps1 + - template: jinja + - defaults: + actions_runner_account: Administrator + +add-runner-start-at-boot-task: + cmd.script: + - source: salt://github-actions-runner/files/add-start-at-boot-task.ps1 + - shell: powershell + +{%- else %} + +{{ runner_base_directory}}/actions-runner: + file.directory: + - user: actions-runner + - group: actions-runner + - recurse: + - user + - group + - require: + - install-runner-dependencies + + +/var/lib/cloud/scripts/per-boot/start-github-actions-runner.sh: + file.managed: + - source: salt://github-actions-runner/files/start-github-actions-runner.sh + - mode: "0755" + - template: jinja + - defaults: + actions_runner_account: actions-runner + + +/etc/systemd/system/github-actions-runner.service: + file.managed: + - source: salt://github-actions-runner/files/github-actions-runner.systemd.unit + - mode: "0644" + - template: jinja + - defaults: + actions_runner_account: actions-runner +{%- endif %} diff --git a/custom/testing/golden-state-tree/os/alma-linux/config/init.sls b/custom/testing/golden-state-tree/os/alma-linux/config/init.sls new file mode 100644 index 0000000..d117d10 --- /dev/null +++ b/custom/testing/golden-state-tree/os/alma-linux/config/init.sls @@ -0,0 +1,8 @@ +include: + - .timezone + - config.path + - config.ulimits + - config.locale + - config.sssd + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/alma-linux/config/timezone.sls b/custom/testing/golden-state-tree/os/alma-linux/config/timezone.sls new file mode 100644 index 0000000..3b7e589 --- /dev/null +++ b/custom/testing/golden-state-tree/os/alma-linux/config/timezone.sls @@ -0,0 +1,10 @@ +include: + - pkgs.tzdata + +symlink-timezone-file: + file.symlink: + - name: /etc/localtime + - target: /usr/share/zoneinfo/UTC + - force: true + - require: + - tzdata diff --git a/custom/testing/golden-state-tree/os/alma-linux/init.sls b/custom/testing/golden-state-tree/os/alma-linux/init.sls new file mode 100644 index 0000000..e1fd9bb --- /dev/null +++ b/custom/testing/golden-state-tree/os/alma-linux/init.sls @@ -0,0 +1,8 @@ +include: + - .config + - .pkgs + - download.vault + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/alma-linux/pkgs/init.sls b/custom/testing/golden-state-tree/os/alma-linux/pkgs/init.sls new file mode 100644 index 0000000..d0c6fe7 --- /dev/null +++ b/custom/testing/golden-state-tree/os/alma-linux/pkgs/init.sls @@ -0,0 +1,36 @@ +include: + - os.rocky.pkgs.epel-release + - pkgs.cron + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.docker + - pkgs.gcc + - pkgs.gpg + - pkgs.libcurl + - pkgs.libffi + - pkgs.libgit2 + - pkgs.libsodium + - pkgs.libxml + - pkgs.libxslt + - pkgs.man + - pkgs.nginx + - pkgs.openldap + - pkgs.openssl + - pkgs.openssl-dev + - pkgs.patch + - pkgs.python3 + - pkgs.python3-pip + - pkgs.rng-tools + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.tar + - pkgs.zlib + - pkgs.vault + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.cargo {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} diff --git a/custom/testing/golden-state-tree/os/amazon/config/init.sls b/custom/testing/golden-state-tree/os/amazon/config/init.sls new file mode 100644 index 0000000..3932925 --- /dev/null +++ b/custom/testing/golden-state-tree/os/amazon/config/init.sls @@ -0,0 +1,8 @@ +include: + - config.path + - config.ulimits + - config.locale + - config.sssd + - config.timezone + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/amazon/init.sls b/custom/testing/golden-state-tree/os/amazon/init.sls new file mode 100644 index 0000000..093dd88 --- /dev/null +++ b/custom/testing/golden-state-tree/os/amazon/init.sls @@ -0,0 +1,7 @@ +include: + - .config + - .pkgs + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/amazon/pkgs/docker.sls b/custom/testing/golden-state-tree/os/amazon/pkgs/docker.sls new file mode 100644 index 0000000..95778e2 --- /dev/null +++ b/custom/testing/golden-state-tree/os/amazon/pkgs/docker.sls @@ -0,0 +1,27 @@ +{%- set on_docker = salt['grains.get']('virtual_subtype', '') in ('Docker',) %} + +{%- if on_docker == False %} +include: + - download.busybox +{%- endif %} + +amazon-linux-extras: + pkg.installed + +install-docker: + cmd.run: + - name: 'amazon-linux-extras install docker -y' + - creates: /usr/bin/docker + - require: + - amazon-linux-extras + +{%- if on_docker == False %} + +amazon-docker-service: + service.running: + - name: docker + - enable: True + - require: + - /usr/bin/busybox + - install-docker +{%- endif %} diff --git a/custom/testing/golden-state-tree/os/amazon/pkgs/epel-release.sls b/custom/testing/golden-state-tree/os/amazon/pkgs/epel-release.sls new file mode 100644 index 0000000..18dcb10 --- /dev/null +++ b/custom/testing/golden-state-tree/os/amazon/pkgs/epel-release.sls @@ -0,0 +1,3 @@ +epel-release: + cmd.run: + - name: amazon-linux-extras install epel diff --git a/custom/testing/golden-state-tree/os/amazon/pkgs/init.sls b/custom/testing/golden-state-tree/os/amazon/pkgs/init.sls new file mode 100644 index 0000000..92c9abe --- /dev/null +++ b/custom/testing/golden-state-tree/os/amazon/pkgs/init.sls @@ -0,0 +1,42 @@ +include: + - pkgs.cron + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.gcc + - pkgs.gpg + - pkgs.libcurl + - pkgs.libffi + - pkgs.libsodium + - pkgs.libxml + - pkgs.libxslt + - pkgs.make + - pkgs.man + - pkgs.nginx + - pkgs.openldap + - pkgs.openssl + - pkgs.openssl-dev + - pkgs.patch + - pkgs.python3 + - pkgs.python3-pip + - pkgs.rng-tools + - pkgs.rpmdevtools + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.tar + - pkgs.zlib + - pkgs.vault + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.cargo {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} + - pkgs.samba + + {#- OS Specific packages install #} + - .epel-release + {%- if grains['osarch'] not in ('amd64', 'armhf', 'arm64') %} + - .docker + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/amazon2023/config/init.sls b/custom/testing/golden-state-tree/os/amazon2023/config/init.sls new file mode 100644 index 0000000..3932925 --- /dev/null +++ b/custom/testing/golden-state-tree/os/amazon2023/config/init.sls @@ -0,0 +1,8 @@ +include: + - config.path + - config.ulimits + - config.locale + - config.sssd + - config.timezone + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/amazon2023/init.sls b/custom/testing/golden-state-tree/os/amazon2023/init.sls new file mode 100644 index 0000000..093dd88 --- /dev/null +++ b/custom/testing/golden-state-tree/os/amazon2023/init.sls @@ -0,0 +1,7 @@ +include: + - .config + - .pkgs + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/amazon2023/pkgs/docker.sls b/custom/testing/golden-state-tree/os/amazon2023/pkgs/docker.sls new file mode 100644 index 0000000..1459306 --- /dev/null +++ b/custom/testing/golden-state-tree/os/amazon2023/pkgs/docker.sls @@ -0,0 +1,21 @@ +{%- set on_docker = salt['grains.get']('virtual_subtype', '') in ('Docker',) %} + +{%- if on_docker == False %} +include: + - download.busybox +{%- endif %} + +install-docker: + pkg.installed: + - name: docker + - creates: /usr/bin/docker + +{%- if on_docker == False %} +amazon-docker-service: + service.running: + - name: docker + - enable: True + - require: + - /usr/bin/busybox + - install-docker +{%- endif %} diff --git a/custom/testing/golden-state-tree/os/amazon2023/pkgs/init.sls b/custom/testing/golden-state-tree/os/amazon2023/pkgs/init.sls new file mode 100644 index 0000000..d3d83d4 --- /dev/null +++ b/custom/testing/golden-state-tree/os/amazon2023/pkgs/init.sls @@ -0,0 +1,41 @@ +include: + - pkgs.cron + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.gcc + - pkgs.gpg + - pkgs.libcurl + - pkgs.libffi + - pkgs.libsodium-compile + - pkgs.libxml + - pkgs.libxslt + - pkgs.make + - pkgs.man + - pkgs.nginx + - pkgs.openldap + - pkgs.openssl + - pkgs.openssl-dev + - pkgs.patch + - pkgs.python3 + - pkgs.python3-pip + - pkgs.rng-tools + - pkgs.rpmdevtools + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.tar + - pkgs.zlib + - pkgs.vault + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.cargo {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} + - pkgs.samba + + {#- OS Specific packages install #} + {%- if grains['osarch'] not in ('amd64', 'armhf', 'arm64') %} + - .docker + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/arch/config/init.sls b/custom/testing/golden-state-tree/os/arch/config/init.sls new file mode 100644 index 0000000..3932925 --- /dev/null +++ b/custom/testing/golden-state-tree/os/arch/config/init.sls @@ -0,0 +1,8 @@ +include: + - config.path + - config.ulimits + - config.locale + - config.sssd + - config.timezone + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/arch/init.sls b/custom/testing/golden-state-tree/os/arch/init.sls new file mode 100644 index 0000000..093dd88 --- /dev/null +++ b/custom/testing/golden-state-tree/os/arch/init.sls @@ -0,0 +1,7 @@ +include: + - .config + - .pkgs + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/arch/pkgs/init.sls b/custom/testing/golden-state-tree/os/arch/pkgs/init.sls new file mode 100644 index 0000000..cf046e1 --- /dev/null +++ b/custom/testing/golden-state-tree/os/arch/pkgs/init.sls @@ -0,0 +1,38 @@ +include: + - pkgs.bower + - pkgs.cron + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.docker + - pkgs.gcc + - pkgs.gpg + - pkgs.ipset + - pkgs.libffi + - pkgs.libgit2 + - pkgs.libsodium + - pkgs.libxml + - pkgs.libxslt + - pkgs.lsb-release + - pkgs.lxc + - pkgs.man + - pkgs.nginx + - pkgs.npm + - pkgs.openldap + - pkgs.openssl + - pkgs.patch + - pkgs.python3 + - pkgs.python3-pip + - pkgs.rng-tools + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.tar + - pkgs.zlib + - pkgs.vault + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.rust {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} diff --git a/custom/testing/golden-state-tree/os/centos-stream/config/init.sls b/custom/testing/golden-state-tree/os/centos-stream/config/init.sls new file mode 100644 index 0000000..3932925 --- /dev/null +++ b/custom/testing/golden-state-tree/os/centos-stream/config/init.sls @@ -0,0 +1,8 @@ +include: + - config.path + - config.ulimits + - config.locale + - config.sssd + - config.timezone + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/centos-stream/init.sls b/custom/testing/golden-state-tree/os/centos-stream/init.sls new file mode 100644 index 0000000..e1fd9bb --- /dev/null +++ b/custom/testing/golden-state-tree/os/centos-stream/init.sls @@ -0,0 +1,8 @@ +include: + - .config + - .pkgs + - download.vault + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/centos-stream/pkgs/init.sls b/custom/testing/golden-state-tree/os/centos-stream/pkgs/init.sls new file mode 100644 index 0000000..184773a --- /dev/null +++ b/custom/testing/golden-state-tree/os/centos-stream/pkgs/init.sls @@ -0,0 +1,42 @@ +include: + - pkgs.cron + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.docker + - pkgs.gcc + - pkgs.gpg + - pkgs.ipset + - pkgs.libcurl + - pkgs.libffi + - pkgs.libgit2 + - pkgs.libsodium + - pkgs.libxml + - pkgs.libxslt + - pkgs.make + - pkgs.man + - pkgs.nginx + - pkgs.openldap + - pkgs.openssl + - pkgs.openssl-dev + - pkgs.patch + - pkgs.python3 + - pkgs.python3-pip + - pkgs.rng-tools + - pkgs.rpmdevtools + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.tar + - pkgs.zlib + - pkgs.vault + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.cargo {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} + - pkgs.samba + + {#- OS Specific packages install #} + - os.rocky.pkgs.epel-release diff --git a/custom/testing/golden-state-tree/os/centos/config/init.sls b/custom/testing/golden-state-tree/os/centos/config/init.sls new file mode 100644 index 0000000..3932925 --- /dev/null +++ b/custom/testing/golden-state-tree/os/centos/config/init.sls @@ -0,0 +1,8 @@ +include: + - config.path + - config.ulimits + - config.locale + - config.sssd + - config.timezone + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/centos/init.sls b/custom/testing/golden-state-tree/os/centos/init.sls new file mode 100644 index 0000000..e1fd9bb --- /dev/null +++ b/custom/testing/golden-state-tree/os/centos/init.sls @@ -0,0 +1,8 @@ +include: + - .config + - .pkgs + - download.vault + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/centos/pkgs/init.sls b/custom/testing/golden-state-tree/os/centos/pkgs/init.sls new file mode 100644 index 0000000..e3deb46 --- /dev/null +++ b/custom/testing/golden-state-tree/os/centos/pkgs/init.sls @@ -0,0 +1,40 @@ +include: + - os.rocky.pkgs.epel-release + - pkgs.cron + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.docker + - pkgs.gcc + - pkgs.gpg + - pkgs.ipset + - pkgs.libcurl + - pkgs.libffi + - pkgs.libgit2 + - pkgs.libsodium + - pkgs.libxml + - pkgs.libxslt + - pkgs.make + - pkgs.man + - pkgs.nginx + - pkgs.openldap + - pkgs.openssl + - pkgs.openssl-dev + - pkgs.patch + - pkgs.python3 + - pkgs.python3-pip + - pkgs.rng-tools + - pkgs.rpmdevtools + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.tar + - pkgs.zlib + - pkgs.vault + - pkgs.jq + - pkgs.xz + - pkgs.tree + - .rust {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} + - pkgs.samba diff --git a/custom/testing/golden-state-tree/os/centos/pkgs/rust.sls b/custom/testing/golden-state-tree/os/centos/pkgs/rust.sls new file mode 100644 index 0000000..71cbcd4 --- /dev/null +++ b/custom/testing/golden-state-tree/os/centos/pkgs/rust.sls @@ -0,0 +1,4 @@ + +rust: + cmd.run: + - name: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable diff --git a/custom/testing/golden-state-tree/os/debian/config/apt.sls b/custom/testing/golden-state-tree/os/debian/config/apt.sls new file mode 100644 index 0000000..9ea9920 --- /dev/null +++ b/custom/testing/golden-state-tree/os/debian/config/apt.sls @@ -0,0 +1,3 @@ +disable_auto_updates_on_debian_family: + file.absent: + - name: /etc/apt/apt.conf.d/20auto-upgrades diff --git a/custom/testing/golden-state-tree/os/debian/config/init.sls b/custom/testing/golden-state-tree/os/debian/config/init.sls new file mode 100644 index 0000000..b450d99 --- /dev/null +++ b/custom/testing/golden-state-tree/os/debian/config/init.sls @@ -0,0 +1,9 @@ +include: + - config.path + - .apt + - config.ulimits + - config.locale + - config.sssd + - config.timezone + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/debian/init.sls b/custom/testing/golden-state-tree/os/debian/init.sls new file mode 100644 index 0000000..093dd88 --- /dev/null +++ b/custom/testing/golden-state-tree/os/debian/init.sls @@ -0,0 +1,7 @@ +include: + - .config + - .pkgs + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/debian/pkgs/apt-utils.sls b/custom/testing/golden-state-tree/os/debian/pkgs/apt-utils.sls new file mode 100644 index 0000000..8f85ea9 --- /dev/null +++ b/custom/testing/golden-state-tree/os/debian/pkgs/apt-utils.sls @@ -0,0 +1,2 @@ +apt-utils: + pkg.installed diff --git a/custom/testing/golden-state-tree/os/debian/pkgs/init.sls b/custom/testing/golden-state-tree/os/debian/pkgs/init.sls new file mode 100644 index 0000000..2c0d67c --- /dev/null +++ b/custom/testing/golden-state-tree/os/debian/pkgs/init.sls @@ -0,0 +1,43 @@ +include: + - pkgs.cron + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.docker + - pkgs.gcc + - pkgs.gpg + - pkgs.ipset + - pkgs.libcurl + - pkgs.libffi + - pkgs.libgit2 + - pkgs.libsodium + - pkgs.libxml + - pkgs.libxslt + - pkgs.make + - pkgs.man + - pkgs.nginx + - pkgs.openldap + - pkgs.openssl + - pkgs.openssl-dev + - pkgs.patch + - pkgs.python3 + - pkgs.python3-pip + - pkgs.rng-tools + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.tar + - pkgs.zlib + - pkgs.vault + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.cargo {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} + - pkgs.samba + + {#- OS Specific packages install #} + - .apt-utils + - .libdpkg-perl + - .timesync diff --git a/custom/testing/golden-state-tree/os/debian/pkgs/libdpkg-perl.sls b/custom/testing/golden-state-tree/os/debian/pkgs/libdpkg-perl.sls new file mode 100644 index 0000000..61b6b98 --- /dev/null +++ b/custom/testing/golden-state-tree/os/debian/pkgs/libdpkg-perl.sls @@ -0,0 +1,2 @@ +libdpkg-perl: + pkg.installed diff --git a/custom/testing/golden-state-tree/os/debian/pkgs/timesync.sls b/custom/testing/golden-state-tree/os/debian/pkgs/timesync.sls new file mode 100644 index 0000000..a6b1301 --- /dev/null +++ b/custom/testing/golden-state-tree/os/debian/pkgs/timesync.sls @@ -0,0 +1,23 @@ +{%- if not grains['osmajorrelease'] in (9, 10, 18) %} +install-systemd-timesyncd: + pkg.installed: + - name: systemd-timesyncd +{%- endif %} + +enable-timesyncd-daemon: + service.enabled: + - name: systemd-timesyncd + +stop-chrony: + service.dead: + - name: chrony + +remove-chrony: + pkg.purged: + - name: chrony + +remove-drift-file: + file.absent: + - name: /var/lib/chrony/ + - require: + - stop-chrony diff --git a/custom/testing/golden-state-tree/os/fedora/config/init.sls b/custom/testing/golden-state-tree/os/fedora/config/init.sls new file mode 100644 index 0000000..3932925 --- /dev/null +++ b/custom/testing/golden-state-tree/os/fedora/config/init.sls @@ -0,0 +1,8 @@ +include: + - config.path + - config.ulimits + - config.locale + - config.sssd + - config.timezone + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/fedora/init.sls b/custom/testing/golden-state-tree/os/fedora/init.sls new file mode 100644 index 0000000..093dd88 --- /dev/null +++ b/custom/testing/golden-state-tree/os/fedora/init.sls @@ -0,0 +1,7 @@ +include: + - .config + - .pkgs + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/fedora/pkgs/g++.sls b/custom/testing/golden-state-tree/os/fedora/pkgs/g++.sls new file mode 100644 index 0000000..ca25441 --- /dev/null +++ b/custom/testing/golden-state-tree/os/fedora/pkgs/g++.sls @@ -0,0 +1,2 @@ +gcc-c++: + pkg.installed diff --git a/custom/testing/golden-state-tree/os/fedora/pkgs/init.sls b/custom/testing/golden-state-tree/os/fedora/pkgs/init.sls new file mode 100644 index 0000000..24f888a --- /dev/null +++ b/custom/testing/golden-state-tree/os/fedora/pkgs/init.sls @@ -0,0 +1,46 @@ +{%- set os_major_release = salt['grains.get']('osmajorrelease', 0)|int %} + +include: + - pkgs.cron + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.docker + - pkgs.gcc + - pkgs.gpg + - pkgs.ipset + - pkgs.libcurl + - pkgs.libffi + - pkgs.libgit2 + - pkgs.libsodium + - pkgs.libxml + - pkgs.libxslt + - pkgs.man + - pkgs.nginx + - pkgs.openldap + - pkgs.openssl + - pkgs.openssl-dev + - pkgs.patch + - pkgs.python3-pip + - pkgs.rng-tools + - pkgs.rpmdevtools + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.tar + - pkgs.zlib + {%- if os_major_release <= 39 %} + {#- Newer OS targets don't require vault for CI/CD, as community salt extensions cover this #} + - pkgs.vault + {%- endif %} + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.cargo {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} + - pkgs.samba + + {#- OS Specific packages install #} + - .g++ + - .python3 diff --git a/custom/testing/golden-state-tree/os/fedora/pkgs/python3.sls b/custom/testing/golden-state-tree/os/fedora/pkgs/python3.sls new file mode 100644 index 0000000..6061135 --- /dev/null +++ b/custom/testing/golden-state-tree/os/fedora/pkgs/python3.sls @@ -0,0 +1,8 @@ +include: + - pkgs.python3 + + +python-unversioned-command: + pkg.installed: + - require: + - python3 diff --git a/custom/testing/golden-state-tree/os/freebsd/config/init.sls b/custom/testing/golden-state-tree/os/freebsd/config/init.sls new file mode 100644 index 0000000..3a7b70e --- /dev/null +++ b/custom/testing/golden-state-tree/os/freebsd/config/init.sls @@ -0,0 +1,8 @@ +include: + - config.path + - .sysctl + - config.ulimits + - config.locale + - config.timezone + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/freebsd/config/sysctl.sls b/custom/testing/golden-state-tree/os/freebsd/config/sysctl.sls new file mode 100644 index 0000000..ef81ef4 --- /dev/null +++ b/custom/testing/golden-state-tree/os/freebsd/config/sysctl.sls @@ -0,0 +1,24 @@ +{%- if grains['os'] == 'FreeBSD' %} +adjust_freebsd_kernel_values: + file.append: + - name: /etc/sysctl.conf + - text: + - "kern.ipc.maxsockbuf=16777216" + - "kern.maxfiles=2048000" + - "kern.maxfilesperproc=200000" + - "net.inet.tcp.sendspace=262144" + - "net.inet.tcp.recvspace=262144" + - "net.inet.tcp.sendbuf_max=16777216" + - "net.inet.tcp.recvbuf_max=16777216" + - "net.inet.tcp.sendbuf_inc=32768" + - "net.inet.tcp.recvbuf_inc=65536" + - "net.local.stream.sendspace=16384" + - "net.local.stream.recvspace=16384" + - "net.inet.raw.maxdgram=16384" + - "net.inet.raw.recvspace=16384" + - "net.inet.tcp.abc_l_var=44" + - "net.inet.tcp.initcwnd_segments=44" + - "net.inet.tcp.mssdflt=1448" + - "net.inet.tcp.minmss=524" + - "vfs.read_max=128" +{%- endif %} diff --git a/custom/testing/golden-state-tree/os/freebsd/init.sls b/custom/testing/golden-state-tree/os/freebsd/init.sls new file mode 100644 index 0000000..63cafa7 --- /dev/null +++ b/custom/testing/golden-state-tree/os/freebsd/init.sls @@ -0,0 +1,3 @@ +include: + - .config + - .pkgs diff --git a/custom/testing/golden-state-tree/os/freebsd/pkgs/init.sls b/custom/testing/golden-state-tree/os/freebsd/pkgs/init.sls new file mode 100644 index 0000000..2d08704 --- /dev/null +++ b/custom/testing/golden-state-tree/os/freebsd/pkgs/init.sls @@ -0,0 +1,24 @@ +include: + - pkgs.bower + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.gcc + - pkgs.gpg + - pkgs.libffi + - pkgs.libgit2 + - pkgs.libsodium + - pkgs.libxml + - pkgs.libxslt + - pkgs.npm + - pkgs.openssl + - pkgs.patch + - pkgs.python3 + - pkgs.python3-pip + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.cargo diff --git a/custom/testing/golden-state-tree/os/init.sls b/custom/testing/golden-state-tree/os/init.sls new file mode 100644 index 0000000..6886765 --- /dev/null +++ b/custom/testing/golden-state-tree/os/init.sls @@ -0,0 +1,37 @@ +include: + {%- if grains['os'] == 'AlmaLinux' %} + - os.alma-linux + {%- elif grains.get("oscodename") == 'Amazon Linux 2' %} + - os.amazon + {%- elif grains.get("osfinger") == 'Amazon Linux-2023' %} + - os.amazon2023 + {%- elif grains['os_family'] == 'Arch' %} + - os.arch + {%- elif grains['os'] == 'CentOS' %} + - os.centos + {%- elif grains['os'] == 'CentOS Stream' %} + - os.centos-stream + {%- elif grains['os'] == 'Rocky' %} + - os.rocky + {%- elif grains['os'] == 'Debian' %} + - os.debian + {%- elif grains['os'] == 'Fedora' %} + - os.fedora + {%- elif grains['os'] == 'FreeBSD' %} + - os.freebsd + {%- elif grains['os'] == 'MacOS' %} + - os.macos + {%- elif grains['os'] == 'VMware Photon OS' %} + - os.photon + {%- elif grains['os_family'] == 'Suse' %} + - os.suse + {%- elif grains['os'] == 'Ubuntu' %} + - os.ubuntu + {%- elif grains['os'] == 'Windows' %} + - os.windows + {%- endif %} + + +provision-system-packages: + test.show_notification: + - text: "System Packages Provision Complete" diff --git a/custom/testing/golden-state-tree/os/macos/config/init.sls b/custom/testing/golden-state-tree/os/macos/config/init.sls new file mode 100644 index 0000000..2e53071 --- /dev/null +++ b/custom/testing/golden-state-tree/os/macos/config/init.sls @@ -0,0 +1,4 @@ +include: + - .path + - config.ulimits + - config.locale diff --git a/custom/testing/golden-state-tree/os/macos/config/path.sls b/custom/testing/golden-state-tree/os/macos/config/path.sls new file mode 100644 index 0000000..18de09b --- /dev/null +++ b/custom/testing/golden-state-tree/os/macos/config/path.sls @@ -0,0 +1,14 @@ +fix-path-for-mac: + file.append: + - names: + - /etc/pam.d/sshd: + - text: 'session optional pam_env.so' + - /etc/environment: + - text: 'export + PATH=/opt/salt/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/salt/bin:/usr/local/sbin:/Library/Frameworks/Python.framework/Versions/3.6/bin:/Library/Frameworks/Python.framework/Versions/2.7/bin' + - /etc/profile: + - text: 'export PATH=/opt/salt/bin:$PATH:/Library/Frameworks/Python.framework/Versions/3.6/bin:/Library/Frameworks/Python.framework/Versions/2.7/bin' + environ.setenv: + - name: PATH + - value: '/opt/salt/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/salt/bin:/usr/local/sbin:$PATH' + - update_minion: True diff --git a/custom/testing/golden-state-tree/os/macos/init.sls b/custom/testing/golden-state-tree/os/macos/init.sls new file mode 100644 index 0000000..093dd88 --- /dev/null +++ b/custom/testing/golden-state-tree/os/macos/init.sls @@ -0,0 +1,7 @@ +include: + - .config + - .pkgs + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/macos/pkgs/init.sls b/custom/testing/golden-state-tree/os/macos/pkgs/init.sls new file mode 100644 index 0000000..8930f20 --- /dev/null +++ b/custom/testing/golden-state-tree/os/macos/pkgs/init.sls @@ -0,0 +1,10 @@ +include: + {#- OS Specific packages install #} + - .python3 + - pkgs.dmidecode + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.cargo {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} diff --git a/custom/testing/golden-state-tree/os/macos/pkgs/openssl.sls b/custom/testing/golden-state-tree/os/macos/pkgs/openssl.sls new file mode 100644 index 0000000..b4f6ad8 --- /dev/null +++ b/custom/testing/golden-state-tree/os/macos/pkgs/openssl.sls @@ -0,0 +1,2 @@ +openssl: + pkg.installed diff --git a/custom/testing/golden-state-tree/os/macos/pkgs/python3.sls b/custom/testing/golden-state-tree/os/macos/pkgs/python3.sls new file mode 100644 index 0000000..80647e9 --- /dev/null +++ b/custom/testing/golden-state-tree/os/macos/pkgs/python3.sls @@ -0,0 +1,27 @@ +python3: + file.managed: + - source: https://www.python.org/ftp/python/3.6.8/python-3.6.8-macosx10.6.pkg + - name: /tmp/python-3.6.pkg + - user: vagrant + - group: wheel + - skip_verify: True + - onlyif: '[ ! -d /Library/Frameworks/Python.framework/Versions/3.6 ]' + macpackage.installed: + - name: /tmp/python-3.6.pkg + - reload_modules: True + - onlyif: '[ ! -d /Library/Frameworks/Python.framework/Versions/3.6 ]' + +install-certs-py3: + cmd.run: + - name: /Applications/Python\ 3.6/Install\ Certificates.command + - runas: vagrant + +add-python3-to-path: + file.append: + - names: + - /etc/paths.d/python: + - text: '/Library/Frameworks/Python.framework/Versions/3.6/bin' + environ.setenv: + - name: PATH + - value: '/Library/Frameworks/Python.framework/Versions/3.6/bin:{{ salt.cmd.run_stdout('echo $PATH', python_shell=True).strip() }}' + - update_minion: True diff --git a/custom/testing/golden-state-tree/os/photon/config/init.sls b/custom/testing/golden-state-tree/os/photon/config/init.sls new file mode 100644 index 0000000..db80f79 --- /dev/null +++ b/custom/testing/golden-state-tree/os/photon/config/init.sls @@ -0,0 +1,9 @@ +include: + - .ssh_config + - config.path + - config.ulimits + - config.locale + - config.sssd + - config.timezone + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/photon/config/ssh_config.sls b/custom/testing/golden-state-tree/os/photon/config/ssh_config.sls new file mode 100644 index 0000000..3dac48d --- /dev/null +++ b/custom/testing/golden-state-tree/os/photon/config/ssh_config.sls @@ -0,0 +1,7 @@ +ssh_config_arcfour128: + cmd.run: + - name: sed -i 's/arcfour128,//' /etc/ssh/ssh_config + +ssh_config_arcfour256: + cmd.run: + - name: sed -i 's/arcfour256,//' /etc/ssh/ssh_config diff --git a/custom/testing/golden-state-tree/os/photon/init.sls b/custom/testing/golden-state-tree/os/photon/init.sls new file mode 100644 index 0000000..093dd88 --- /dev/null +++ b/custom/testing/golden-state-tree/os/photon/init.sls @@ -0,0 +1,7 @@ +include: + - .config + - .pkgs + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/photon/pkgs/init.sls b/custom/testing/golden-state-tree/os/photon/pkgs/init.sls new file mode 100644 index 0000000..5a0a6f4 --- /dev/null +++ b/custom/testing/golden-state-tree/os/photon/pkgs/init.sls @@ -0,0 +1,36 @@ +include: + - pkgs.cron + - pkgs.bower + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.docker + - pkgs.gcc + - pkgs.gpg + - pkgs.libcurl + - pkgs.libffi + - pkgs.libsodium + - pkgs.libxml + - pkgs.libxslt + - pkgs.man + - pkgs.npm + - pkgs.openldap + - pkgs.openssl + - pkgs.openssl-dev + - pkgs.patch + - pkgs.python3 + - pkgs.python3-pip + {%- if grains['cpuarch'].lower() == 'x86_64' %} + - pkgs.rng-tools + {%- endif %} + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.tar + - pkgs.zlib + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.rust {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} diff --git a/custom/testing/golden-state-tree/os/rocky/config/init.sls b/custom/testing/golden-state-tree/os/rocky/config/init.sls new file mode 100644 index 0000000..3932925 --- /dev/null +++ b/custom/testing/golden-state-tree/os/rocky/config/init.sls @@ -0,0 +1,8 @@ +include: + - config.path + - config.ulimits + - config.locale + - config.sssd + - config.timezone + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/rocky/init.sls b/custom/testing/golden-state-tree/os/rocky/init.sls new file mode 100644 index 0000000..e1fd9bb --- /dev/null +++ b/custom/testing/golden-state-tree/os/rocky/init.sls @@ -0,0 +1,8 @@ +include: + - .config + - .pkgs + - download.vault + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/rocky/pkgs/epel-release.sls b/custom/testing/golden-state-tree/os/rocky/pkgs/epel-release.sls new file mode 100644 index 0000000..d8cc8bb --- /dev/null +++ b/custom/testing/golden-state-tree/os/rocky/pkgs/epel-release.sls @@ -0,0 +1,3 @@ +epel-release: + pkg.installed: + - aggregate: False diff --git a/custom/testing/golden-state-tree/os/rocky/pkgs/init.sls b/custom/testing/golden-state-tree/os/rocky/pkgs/init.sls new file mode 100644 index 0000000..38a11c8 --- /dev/null +++ b/custom/testing/golden-state-tree/os/rocky/pkgs/init.sls @@ -0,0 +1,42 @@ +include: + - pkgs.cron + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.docker + - pkgs.gcc + - pkgs.gpg + - pkgs.ipset + - pkgs.libcurl + - pkgs.libffi + - pkgs.libgit2 + - pkgs.libsodium + - pkgs.libxml + - pkgs.libxslt + - pkgs.make + - pkgs.man + - pkgs.nginx + - pkgs.openldap + - pkgs.openssl + - pkgs.openssl-dev + - pkgs.patch + - pkgs.python3 + - pkgs.python3-pip + - pkgs.rng-tools + - pkgs.rpmdevtools + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.tar + - pkgs.zlib + - pkgs.vault + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.cargo {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} + - pkgs.samba + + {#- OS Specific packages install #} + - .epel-release diff --git a/custom/testing/golden-state-tree/os/suse/config/init.sls b/custom/testing/golden-state-tree/os/suse/config/init.sls new file mode 100644 index 0000000..3932925 --- /dev/null +++ b/custom/testing/golden-state-tree/os/suse/config/init.sls @@ -0,0 +1,8 @@ +include: + - config.path + - config.ulimits + - config.locale + - config.sssd + - config.timezone + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/suse/init.sls b/custom/testing/golden-state-tree/os/suse/init.sls new file mode 100644 index 0000000..093dd88 --- /dev/null +++ b/custom/testing/golden-state-tree/os/suse/init.sls @@ -0,0 +1,7 @@ +include: + - .config + - .pkgs + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/suse/pkgs/cleanup.sls b/custom/testing/golden-state-tree/os/suse/pkgs/cleanup.sls new file mode 100644 index 0000000..b95bd72 --- /dev/null +++ b/custom/testing/golden-state-tree/os/suse/pkgs/cleanup.sls @@ -0,0 +1,5 @@ +remove-packages: + pkg.removed: + - names: + - docker + - nginx diff --git a/custom/testing/golden-state-tree/os/suse/pkgs/init.sls b/custom/testing/golden-state-tree/os/suse/pkgs/init.sls new file mode 100644 index 0000000..caad3b8 --- /dev/null +++ b/custom/testing/golden-state-tree/os/suse/pkgs/init.sls @@ -0,0 +1,42 @@ +include: + - pkgs.bower + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.docker + - pkgs.gcc + - pkgs.gpg + - pkgs.ipset + - pkgs.libcurl + - pkgs.libffi + - pkgs.libgit2 + - pkgs.libsodium + - pkgs.libxml + - pkgs.libxslt + - pkgs.man + - pkgs.npm + - pkgs.openldap + - pkgs.openssl + - pkgs.openssl-dev + - pkgs.patch + - pkgs.python3 + - pkgs.python3-pip + - pkgs.rng-tools + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.tar + - pkgs.zlib + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.cargo {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} + - pkgs.samba + {#- OS Specific packages install #} + - .python-xml {#- Yes! openSuse ships xml as separate package #} + {%- if not grains['osrelease'].startswith('15') %} + - .python-zypp + {%- endif %} + - .cleanup diff --git a/custom/testing/golden-state-tree/os/suse/pkgs/python-xml.sls b/custom/testing/golden-state-tree/os/suse/pkgs/python-xml.sls new file mode 100644 index 0000000..979161a --- /dev/null +++ b/custom/testing/golden-state-tree/os/suse/pkgs/python-xml.sls @@ -0,0 +1,3 @@ +# python3-xml is included in python3-base +python3-base: + pkg.installed diff --git a/custom/testing/golden-state-tree/os/suse/pkgs/python-zypp.sls b/custom/testing/golden-state-tree/os/suse/pkgs/python-zypp.sls new file mode 100644 index 0000000..43e264f --- /dev/null +++ b/custom/testing/golden-state-tree/os/suse/pkgs/python-zypp.sls @@ -0,0 +1,3 @@ +python-zypp: + cmd.run: + - name: zypper -n install python-zypp diff --git a/custom/testing/golden-state-tree/os/ubuntu/config/init.sls b/custom/testing/golden-state-tree/os/ubuntu/config/init.sls new file mode 100644 index 0000000..ae9ad70 --- /dev/null +++ b/custom/testing/golden-state-tree/os/ubuntu/config/init.sls @@ -0,0 +1,9 @@ +include: + - .timezone + - config.path + - os.debian.config.apt + - config.ulimits + - config.locale + - config.sssd + - config.dhclient + - config.sshd_config diff --git a/custom/testing/golden-state-tree/os/ubuntu/config/timezone.sls b/custom/testing/golden-state-tree/os/ubuntu/config/timezone.sls new file mode 100644 index 0000000..15cca08 --- /dev/null +++ b/custom/testing/golden-state-tree/os/ubuntu/config/timezone.sls @@ -0,0 +1,9 @@ +include: + - pkgs.tzdata + +symlink-timezone-file: + file.symlink: + - name: /etc/localtime + - target: /usr/share/zoneinfo/Etc/UTC + - require: + - tzdata diff --git a/custom/testing/golden-state-tree/os/ubuntu/init.sls b/custom/testing/golden-state-tree/os/ubuntu/init.sls new file mode 100644 index 0000000..093dd88 --- /dev/null +++ b/custom/testing/golden-state-tree/os/ubuntu/init.sls @@ -0,0 +1,7 @@ +include: + - .config + - .pkgs + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/ubuntu/pkgs/init.sls b/custom/testing/golden-state-tree/os/ubuntu/pkgs/init.sls new file mode 100644 index 0000000..27d3022 --- /dev/null +++ b/custom/testing/golden-state-tree/os/ubuntu/pkgs/init.sls @@ -0,0 +1,46 @@ +include: + - os.debian.pkgs.apt-utils + - os.debian.pkgs.libdpkg-perl + - os.debian.pkgs.timesync + - pkgs.bower + - pkgs.curl + - pkgs.dmidecode + - pkgs.dnsutils + - pkgs.docker + - pkgs.gcc + - pkgs.gpg + - pkgs.ipset + - pkgs.libcurl + - pkgs.libffi + - pkgs.libgit2 + - pkgs.libsodium + - pkgs.libxml + - pkgs.libxslt + - pkgs.lxc + - pkgs.make + - pkgs.man + - pkgs.nginx + - pkgs.npm + - pkgs.openldap + - pkgs.openssl + - pkgs.openssl-dev + - pkgs.patch + - pkgs.python3 + - pkgs.python3-pip + - pkgs.rng-tools + - pkgs.rsync + - pkgs.sed + - pkgs.swig + - pkgs.tar + - pkgs.zlib + {%- if grains['osmajorrelease'] <= 22 %} + {#- Newer OS targets don't require vault for CI/CD, as community salt extensions cover this #} + - pkgs.vault + {%- endif %} + - pkgs.jq + - pkgs.xz + - pkgs.tree + - pkgs.cargo {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} + - pkgs.samba diff --git a/custom/testing/golden-state-tree/os/windows/download/init.sls b/custom/testing/golden-state-tree/os/windows/download/init.sls new file mode 100644 index 0000000..c397600 --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/download/init.sls @@ -0,0 +1,2 @@ +include: + - .libs diff --git a/custom/testing/golden-state-tree/os/windows/download/libs.sls b/custom/testing/golden-state-tree/os/windows/download/libs.sls new file mode 100644 index 0000000..927aaa1 --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/download/libs.sls @@ -0,0 +1,20 @@ +{%- from '../pkgs/python3.sls' import python3_dir with context %} +{%- if grains['cpuarch'].lower() == 'x86' %} + {%- set bits = 32 %} +{%- else %} + {%- set bits = 64 %} +{%- endif %} + +include: + - ..pkgs.python3 + + +{%- for library in ("ssleay32.dll", "libeay32.dll", "libsodium.dll") %} +{{ library }}: + file.managed: + - name: '{{ python3_dir }}\\{{ library }}' + - source: https://repo.saltstack.com/windows/dependencies/{{ bits }}/{{ library }} + - skip_verify: true + - require: + - python3 +{%- endfor %} diff --git a/custom/testing/golden-state-tree/os/windows/init.sls b/custom/testing/golden-state-tree/os/windows/init.sls new file mode 100644 index 0000000..aeeba88 --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/init.sls @@ -0,0 +1,20 @@ +include: + - .pkgs + - .download + + {%- if pillar.get('github_actions_runner', False) %} + - github-actions-runner + {%- endif %} + +stop-minion: + service.dead: + - name: salt-minion + - enable: False + +windeps-sync-all: + module.run: + - name: saltutil.sync_all + - require: + - vcpp-compiler + - order: 2 + - reload_modules: True diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/7zip.sls b/custom/testing/golden-state-tree/os/windows/pkgs/7zip.sls new file mode 100644 index 0000000..9ed018f --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/7zip.sls @@ -0,0 +1,6 @@ +7zip: + pkg.installed + +7zip-exists-in-path: + win_path.exists: + - name: 'C:\Program Files\7-Zip' diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/choco_symlink.sls b/custom/testing/golden-state-tree/os/windows/pkgs/choco_symlink.sls new file mode 100644 index 0000000..8a8ea7e --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/choco_symlink.sls @@ -0,0 +1,5 @@ +# Ensure there is a symlink from chocolatey.exe to choco.exe +chocolatey-to-choco: + file.symlink: + - name: 'C:\ProgramData\chocolatey\bin\chocolatey.exe' + - target: 'C:\ProgramData\chocolatey\bin\choco.exe' diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/chrome.sls b/custom/testing/golden-state-tree/os/windows/pkgs/chrome.sls new file mode 100644 index 0000000..7d4abce --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/chrome.sls @@ -0,0 +1,2 @@ +chrome: + pkg.installed diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/compiler.sls b/custom/testing/golden-state-tree/os/windows/pkgs/compiler.sls new file mode 100644 index 0000000..9189399 --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/compiler.sls @@ -0,0 +1,15 @@ +{%- set py3_vcpp_compiler = 'ms-vcpp-2015-build-tools' %} + +include: + - .python3 + +py3-vcpp-compiler: + pkg.installed: + - name: {{ py3_vcpp_compiler }} + - require: + - python3 + +vcpp-compiler: + test.succeed_without_changes: + - require: + - py3-vcpp-compiler diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/git.sls b/custom/testing/golden-state-tree/os/windows/pkgs/git.sls new file mode 100644 index 0000000..923dc0e --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/git.sls @@ -0,0 +1,26 @@ +{%- set git_binary = 'git' | which %} +git-exists-in-path: + win_path.exists: + - name: 'C:\Program Files\Git\cmd' + +git-exists-in-path-unix: + win_path.exists: + - name: 'C:\Program Files\Git\usr\bin' + +git-windeps: + {%- if not git_binary %} + pkg.installed: + - name: git + # TODO: When changing the version here, be sure to also change the version + # TODO: in the powershell script so they don't compete with each other: + # TODO: ./os-images/AWS/windows/scripts/Install-Git.ps1 + - version: 2.41.0.3 + - refresh_modules: True + - extra_install_flags: "/GitAndUnixToolsOnPath" + - require: + - git-exists-in-path + - git-exists-in-path-unix + {%- else %} + test.show_notification: + - text: "Git is already installed" + {%- endif %} diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/gvim.sls b/custom/testing/golden-state-tree/os/windows/pkgs/gvim.sls new file mode 100644 index 0000000..a658888 --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/gvim.sls @@ -0,0 +1,2 @@ +gvim: + pkg.installed diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/init.sls b/custom/testing/golden-state-tree/os/windows/pkgs/init.sls new file mode 100644 index 0000000..52e63bb --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/init.sls @@ -0,0 +1,16 @@ +include: {#- + - pkgs.awscli + - pkgs.amazon-cloudwatch-agent #} + {#- OS Specific packages install #} + - .7zip + - .choco_symlink + - .chrome + - .compiler + - .git + - .gvim + - .jq + - .powershell_core + - .python3 + - .rsync + - .rust + - .vcredist diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/jq.sls b/custom/testing/golden-state-tree/os/windows/pkgs/jq.sls new file mode 100644 index 0000000..7015bf2 --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/jq.sls @@ -0,0 +1,5 @@ +jq: + chocolatey.installed: + - name: jq + - require: + - chocolatey-to-choco diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/powershell_core.sls b/custom/testing/golden-state-tree/os/windows/pkgs/powershell_core.sls new file mode 100644 index 0000000..52e8765 --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/powershell_core.sls @@ -0,0 +1,2 @@ +powershell-core: + pkg.installed diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/python3.sls b/custom/testing/golden-state-tree/os/windows/pkgs/python3.sls new file mode 100644 index 0000000..db42f9b --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/python3.sls @@ -0,0 +1,7 @@ +{%- set python3_dir = 'c:\\\\Python310' %} + +python3: + pkg.installed: + - name: python3_x64 + - version: '3.10.4150.0' + - extra_install_flags: "TargetDir={{ python3_dir }} Include_doc=0 Include_tcltk=0 Include_test=0 Include_launcher=1 PrependPath=1 Shortcuts=0" diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/rsync.sls b/custom/testing/golden-state-tree/os/windows/pkgs/rsync.sls new file mode 100644 index 0000000..880697e --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/rsync.sls @@ -0,0 +1,2 @@ +cwrsync: + pkg.installed diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/rust.sls b/custom/testing/golden-state-tree/os/windows/pkgs/rust.sls new file mode 100644 index 0000000..a3937ba --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/rust.sls @@ -0,0 +1,5 @@ +rust: + chocolatey.installed: + - name: rust + - require: + - chocolatey-to-choco diff --git a/custom/testing/golden-state-tree/os/windows/pkgs/vcredist.sls b/custom/testing/golden-state-tree/os/windows/pkgs/vcredist.sls new file mode 100644 index 0000000..0efd094 --- /dev/null +++ b/custom/testing/golden-state-tree/os/windows/pkgs/vcredist.sls @@ -0,0 +1,3 @@ +vcredist: + pkg.installed: + - name: ms-vcpp-2013-redist_x64 diff --git a/custom/testing/golden-state-tree/pkgs/amazon-cloudwatch-agent.sls b/custom/testing/golden-state-tree/pkgs/amazon-cloudwatch-agent.sls new file mode 100644 index 0000000..28bcbcd --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/amazon-cloudwatch-agent.sls @@ -0,0 +1,60 @@ +{%- if grains['os'] == 'Windows' %} + {%- set download_url = "https://s3.amazonaws.com/amazoncloudwatch-agent/windows/amd64/latest/amazon-cloudwatch-agent.msi" %} +{%- elif grains['os'] == 'MacOS' %} + {%- set download_url = "https://s3.amazonaws.com/amazoncloudwatch-agent/darwin/amd64/latest/amazon-cloudwatch-agent.pkg" %} + {%- set download_path = "/tmp/amazon-cloudwatch-agent.pkg" %} +{%- else %} + {%- if grains['cpuarch'].lower() == 'x86_64' %} + {% set arch = "amd64" %} + {%- else %} + {%- set arch = "arm64" %} + {%- endif %} + {%- if grains['os_family'] in ('RedHat', 'Suse') %} + {%- set extension = "rpm" %} + {%- else %} + {%- set extension = "deb" %} + {%- endif %} + {%- set download_url = "https://amazoncloudwatch-agent.s3.amazonaws.com/nightly-build/latest/linux/" + arch + "/amazon-cloudwatch-agent." + extension %} + {%- set download_path = "/tmp/amazon-cloudwatch-agent." + extension %} +{%- endif %} + + +{%- if grains['os'] != 'Windows' %} +download-amazon-cloudwatch-agent: + file.managed: + - name: {{ download_path }} + - source: {{ download_url }} + - skip_verify: true +{%- endif %} + +{%- if grains['os_family'] == 'Arch' %} +debtap: + pkg.installed + +build-arch-package: + cmd.run: + - name: debtap {{ download_path }} + - require: + - debtap +{%- endif %} + +install-amazon-cloudwatch-agent: + cmd.run: + {%- if grains['os'] == 'Windows' %} + - name: msiexec.exe /i {{ download_url }} /qn /L*v C:\CloudwatchInstall.log + {%- elif grains['os'] == 'MacOS' %} + - name: installer -pkg {{ download_path }} -target / + {%- elif grains['os_family'] in ('RedHat', 'Suse') %} + - name: rpm -U {{ download_path }} + {%- elif grains['os_family'] == 'Debian' %} + - name: dpkg -i -E {{ download_path }} + {%- elif grains['os_family'] == 'Arch' %} + - name: pacman -U {{ download_path.replace('.deb', '.zst') }} + {%- endif %} + {%- if grains['os'] != 'Windows' %} + - require: + - download-amazon-cloudwatch-agent + {%- if grains['os_family'] == 'Arch' %} + - build-arch-package + {%- endif %} + {%- endif %} diff --git a/custom/testing/golden-state-tree/pkgs/awscli.sls b/custom/testing/golden-state-tree/pkgs/awscli.sls new file mode 100644 index 0000000..d5c13f9 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/awscli.sls @@ -0,0 +1,41 @@ +{%- if grains['os'] == 'Windows' %} + {%- set download_url = "https://awscli.amazonaws.com/AWSCLIV2.msi" %} +{%- elif grains['os'] == 'MacOS' %} + {%- set download_url = "https://awscli.amazonaws.com/AWSCLIV2.pkg" %} +{%- else %} + {%- if grains['cpuarch'].lower() == 'x86_64' %} + {%- set download_url = "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" %} + {%- else %} + {%- set download_url = "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" %} + {%- endif %} +{%- endif %} + +{%- if grains['os'] == 'MacOS' %} +download-awscli: + file.managed: + - name: /tmp/AWSCLIV2.pkg + - source: {{ download_url }} + - skip_verify: true +{%- elif grains['os'] != 'Windows' %} +download-awscli: + archive.extracted: + - name: /tmp/ + - source: {{ download_url }} + - skip_verify: true + - archive_format: zip + - enforce_toplevel: False +{%- endif %} + +awscli: + cmd.run: +{%- if grains['os'] == 'Windows' %} + - name: msiexec.exe /i {{ download_url }} +{%- else %} + {%- if grains['os'] == 'MacOS' %} + - name: installer -pkg /tmp/AWSCLIV2.pkg -target / + {%- else %} + - name: /tmp/aws/install + {%- endif %} + - require: + - download-awscli +{%- endif %} diff --git a/custom/testing/golden-state-tree/pkgs/bower.sls b/custom/testing/golden-state-tree/pkgs/bower.sls new file mode 100644 index 0000000..924a7e5 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/bower.sls @@ -0,0 +1,7 @@ +include: + - pkgs.npm + +bower: + npm.installed: + - require: + - npm diff --git a/custom/testing/golden-state-tree/pkgs/cargo.sls b/custom/testing/golden-state-tree/pkgs/cargo.sls new file mode 100644 index 0000000..2b2b29c --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/cargo.sls @@ -0,0 +1,5 @@ +include: + - pkgs.rust + +cargo: + pkg.installed diff --git a/custom/testing/golden-state-tree/pkgs/cron.sls b/custom/testing/golden-state-tree/pkgs/cron.sls new file mode 100644 index 0000000..71d7b7e --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/cron.sls @@ -0,0 +1,7 @@ +{%- if grains['os'] == 'Debian' %} +cron: + pkg.installed +{%- else %} +cronie: + pkg.installed +{%- endif %} diff --git a/custom/testing/golden-state-tree/pkgs/curl.sls b/custom/testing/golden-state-tree/pkgs/curl.sls new file mode 100644 index 0000000..4c92806 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/curl.sls @@ -0,0 +1,2 @@ +curl: + pkg.latest diff --git a/custom/testing/golden-state-tree/pkgs/dmidecode.sls b/custom/testing/golden-state-tree/pkgs/dmidecode.sls new file mode 100644 index 0000000..030b8db --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/dmidecode.sls @@ -0,0 +1,9 @@ +{%- if grains['os'] == 'MacOS' %} + {%- set dmidecode = 'cavaliercoder/dmidecode/dmidecode' %} +{%- else %} + {%- set dmidecode = 'dmidecode' %} +{%- endif %} + +dmidecode: + pkg.installed: + - name: {{ dmidecode }} diff --git a/custom/testing/golden-state-tree/pkgs/dnsutils.sls b/custom/testing/golden-state-tree/pkgs/dnsutils.sls new file mode 100644 index 0000000..bbdf69d --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/dnsutils.sls @@ -0,0 +1,18 @@ +# Various bind packages are needed to run dig tests +{%- if grains['os_family'] in ('RedHat', 'Suse') and grains['os'] != 'VMware Photon OS' %} + {%- set dnsutils = 'bind-utils' %} +{%- elif grains['os'] == 'Gentoo' %} + {%- set dnsutils = 'bind-tools' %} +{%- elif grains['os'] == 'Arch' %} + {%- set dnsutils = 'bind' %} +{%- elif grains['os_family'] == 'FreeBSD' %} + {%- set dnsutils = 'bind-tools' %} +{%- elif grains['os'] == 'VMware Photon OS' %} + {%- set dnsutils = 'bindutils' %} +{%- else %} + {%- set dnsutils = 'dnsutils' %} +{%- endif %} + +dnsutils: + pkg.installed: + - name: {{ dnsutils }} diff --git a/custom/testing/golden-state-tree/pkgs/docker.sls b/custom/testing/golden-state-tree/pkgs/docker.sls new file mode 100644 index 0000000..422a773 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/docker.sls @@ -0,0 +1,104 @@ +{%- set on_docker = salt['grains.get']('virtual_subtype', '') in ('Docker',) %} +{%- if grains['osarch'] in ('armhf', 'arm64') %} + {#- Don't install docker on arm platforms #} + {% set install_docker = False %} +{%- else %} + {% set install_docker = True %} +{%- endif %} + +{%- if install_docker == True %} + + {%- if grains['os_family'] in ('Debian', 'RedHat') %} + {%- if grains['os'] != 'VMware Photon OS' %} + {%- if grains['os'] == 'Fedora' and grains['osmajorrelease']|int == 38 %} + {#- There's no docker official packages for Fedora 38 yet as it's the unstable version of Fedora #} + {%- set install_from_docker_repos = False %} + {%- else %} + {%- set install_from_docker_repos = True %} + {%- endif %} + {%- else %} + {%- set install_from_docker_repos = False %} + {%- endif %} + {%- else %} + {%- set install_from_docker_repos = False %} + {%- endif %} + + {%- if on_docker == False %} +include: + - download.busybox + {%- endif %} + + {%- if grains['os_family'] == 'Debian' %} +docker-prereqs: + pkg.installed: + - pkgs: + - apt-transport-https + - ca-certificates + - curl + - gnupg + - lsb-release + {%- endif %} + + {%- if install_from_docker_repos == True %} +docker-repo: + cmd.run: + {%- if grains['os'] == 'Ubuntu' %} + - name: | + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg + echo "deb [arch={{ grains['osarch'] }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null + - require: + - docker-prereqs + {%- elif grains['os'] == 'Debian' %} + - name: | + curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg + echo "deb [arch={{ grains['osarch'] }} signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null + - require: + - docker-prereqs + {%- elif grains['os'] == 'Fedora' %} + {#- Fedora must be addressed first because of the os_family logical check below #} + - name: | + dnf -y install dnf-plugins-core + dnf config-manager --add-repo https://download.docker.com/linux/fedora/docker-ce.repo + {%- elif grains['os_family'] == 'RedHat' %} + - name: | + yum install -y yum-utils + yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo + {%- endif %} + {%- endif %} + +install-docker: + pkg.installed: + - refresh: True + - aggregate: False + - pkgs: + {%- if install_from_docker_repos == True %} + - docker-ce + - docker-ce-cli + - containerd.io + - require: + - docker-repo + {%- else %} + {%- if grains['os'] == 'Fedora' and grains['osmajorrelease']|int == 38 %} + - moby-engine + {%- else %} + - docker + {%- endif %} + {%- endif %} + + {%- if grains['os_family'] != 'Debian' %} + {%- if on_docker == False %} +reload-systemd-units: + module.run: + - name: service.systemctl_reload + - order: 1 + +enable-docker-service: + service.enabled: + - name: docker + - require: + - install-docker + - /usr/bin/busybox + - reload-systemd-units + {%- endif %} + {%- endif %} +{%- endif %} diff --git a/custom/testing/golden-state-tree/pkgs/gcc.sls b/custom/testing/golden-state-tree/pkgs/gcc.sls new file mode 100644 index 0000000..e0ecde3 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/gcc.sls @@ -0,0 +1,29 @@ +{%- if grains['os'] == 'SmartOS' %} + {%- set gcc = 'gcc47' %} +{%- elif grains['os'] == 'Arch' %} + {%- if salt['pkg.list_repo_pkgs']('gcc-multilib') %} + {%- set gcc = 'gcc-multilib' %} + {%- else %} + {%- set gcc = 'gcc' %} + {%- endif %} +{%- else %} + {%- set gcc = 'gcc' %} +{%- endif %} + +{%- if grains['os'] == 'Arch' and gcc == 'gcc' %} +gcc-multilib: + pkg.removed +{%- endif %} + +gcc: + pkg.installed: + - name: {{ gcc }} +{# workaround on macosx - issue when install node and gcc together #} +{%- if grains['os_family'] in ('MacOS',) %} + - aggregate: False +{%- endif %} + +{%- if grains['os'] == 'VMware Photon OS' %} +build-essential: + pkg.installed +{%- endif %} diff --git a/custom/testing/golden-state-tree/pkgs/gpg.sls b/custom/testing/golden-state-tree/pkgs/gpg.sls new file mode 100644 index 0000000..c478f36 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/gpg.sls @@ -0,0 +1,11 @@ +{%- if grains['os_family'] == 'RedHat' and grains['os'] != 'VMware Photon OS' %} + {%- set gnupg = 'gnupg2' %} +{%- elif grains['os_family'] == 'Suse' %} + {%- set gnupg = 'gpg2' %} +{%- else %} + {%- set gnupg = 'gnupg' %} +{%- endif %} + +gnupg: + pkg.installed: + - name: {{ gnupg }} diff --git a/custom/testing/golden-state-tree/pkgs/ipset.sls b/custom/testing/golden-state-tree/pkgs/ipset.sls new file mode 100644 index 0000000..f6d88c8 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/ipset.sls @@ -0,0 +1,2 @@ +ipset: + pkg.latest diff --git a/custom/testing/golden-state-tree/pkgs/jq.sls b/custom/testing/golden-state-tree/pkgs/jq.sls new file mode 100644 index 0000000..ce7056a --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/jq.sls @@ -0,0 +1,5 @@ +{%- set jq = 'jq' %} + +jq: + pkg.installed: + - name: {{ jq }} diff --git a/custom/testing/golden-state-tree/pkgs/libcurl.sls b/custom/testing/golden-state-tree/pkgs/libcurl.sls new file mode 100644 index 0000000..cd9b926 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/libcurl.sls @@ -0,0 +1,13 @@ +{%- set libcurl_pkg = ['libcurl-devel'] %} +{%- if grains['os'] == 'VMware Photon OS' %} + {%- set libcurl_pkg = ['curl-devel'] %} +{%- elif grains['os_family'] == 'Debian' %} + {%- set libcurl_pkg = ['libcurl4-openssl-dev', 'libssl-dev', 'libgnutls28-dev'] %} +{%- endif %} + +libcurl-and-pycurl-deps: + pkg.latest: + - pkgs: + {%- for pkg in libcurl_pkg %} + - {{ pkg }} + {%- endfor %} diff --git a/custom/testing/golden-state-tree/pkgs/libffi.sls b/custom/testing/golden-state-tree/pkgs/libffi.sls new file mode 100644 index 0000000..2e42ac7 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/libffi.sls @@ -0,0 +1,11 @@ +{%- if grains['os_family'] == 'Debian' %} + {%- set libffi = "libffi-dev" %} +{%- elif grains['os'] in ['VMware Photon OS'] or grains["os_family"] in ("RedHat", "Suse") %} + {%- set libffi = "libffi-devel" %} +{%- else %} + {%- set libffi = "libffi" %} +{%- endif %} + +libffi: + pkg.installed: + - name: {{ libffi }} diff --git a/custom/testing/golden-state-tree/pkgs/libgit2.sls b/custom/testing/golden-state-tree/pkgs/libgit2.sls new file mode 100644 index 0000000..3e74e59 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/libgit2.sls @@ -0,0 +1,26 @@ +{%- if grains['os'] in ['Ubuntu', 'Debian'] %} + {%- set libgit2 = "libgit2-dev" %} +{%- elif grains['os'] in ['Fedora'] or grains.os_family == 'Suse' %} + {%- set libgit2 = "libgit2-devel" %} +{%- else %} + {%- set libgit2 = "libgit2" %} +{%- endif %} + +{%- if grains['os'] in ('AlmaLinux', 'Rocky', 'CentOS', 'CentOS Stream') %} +include: + - os.rocky.pkgs.epel-release +{%- elif grains['oscodename'] == 'Amazon Linux 2' %} +include: + - os.amazon.pkgs.epel-release +{%- elif grains['os_family'] == 'Suse' %} +include: + - pkgs.openssl-dev +{%- endif %} + +libgit2-dev: + pkg.installed: + - name: {{ libgit2 }} +{%- if grains['os_family'] == 'Suse' %} + - require: + - openssl-dev +{%- endif %} diff --git a/custom/testing/golden-state-tree/pkgs/libsodium-compile.sls b/custom/testing/golden-state-tree/pkgs/libsodium-compile.sls new file mode 100644 index 0000000..a275497 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/libsodium-compile.sls @@ -0,0 +1,29 @@ +download-and-extract-libsodium: + archive.extracted: + - name: /root/ + - source: https://salt-onedir-golden-images-provision.s3.us-west-2.amazonaws.com/libsodium-1.0.18.tar.gz + - source_hash: sha256=6f504490b342a4f8a4c4a02fc9b866cbef8622d5df4e5452b46be121e46636c1 + - keep_source: False + +configure-libsodium: + cmd.run: + - name: './configure' + - cwd: /root/libsodium-1.0.18 + +make-and-check-libsodium: + cmd.run: + - name: make && make check + - cwd: /root/libsodium-1.0.18 + +make-install-libsodium: + cmd.run: + - name: make install + - cwd: /root/libsodium-1.0.18 + +add-libsodium-to-ldconf: + cmd.run: + - name: echo /usr/local/lib | sudo tee /etc/ld.so.conf.d/local.conf + +ldconfig-libsodium: + cmd.run: + - name: ldconfig && ldconfig -p | grep libsodium diff --git a/custom/testing/golden-state-tree/pkgs/libsodium.sls b/custom/testing/golden-state-tree/pkgs/libsodium.sls new file mode 100644 index 0000000..18f7976 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/libsodium.sls @@ -0,0 +1,22 @@ +{%- set on_docker = salt['grains.get']('virtual_subtype', '') in ('Docker',) %} +{%- if grains['os'] == 'Gentoo' %} + {%- set libsodium = 'dev-libs/libsodium' %} +{%- elif grains['os_family'] == 'Suse' %} + {%- set libsodium = 'libsodium-devel' %} +{%- elif grains['os'] in ('Debian', 'Ubuntu') %} + {%- set libsodium = 'libsodium-dev' %} +{%- else %} + {%- set libsodium = 'libsodium' %} +{%- endif %} + +{%- if grains['os'] in ('AlmaLinux', 'Rocky', 'CentOS', 'CentOS Stream') %} +include: + - os.rocky.pkgs.epel-release +{%- elif grains['oscodename'] == 'Amazon Linux 2' %} +include: + - os.amazon.pkgs.epel-release +{%- endif %} + +libsodium: + pkg.installed: + - name: {{ libsodium }} diff --git a/custom/testing/golden-state-tree/pkgs/libxml.sls b/custom/testing/golden-state-tree/pkgs/libxml.sls new file mode 100644 index 0000000..5966a3d --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/libxml.sls @@ -0,0 +1,11 @@ +{%- if grains['os'] in ['Ubuntu', 'Debian'] %} + {%- set libxml2 = "libxml2-dev" %} +{%- elif grains['os'] in ['AlmaLinux', 'Fedora', 'Rocky', 'CentOS', 'CentOS Stream'] or grains.os_family == 'Suse' %} + {%- set libxml2 = "libxml2-devel" %} +{%- else %} + {%- set libxml2 = "libxml2" %} +{%- endif %} + +libxml2: + pkg.installed: + - name: {{ libxml2 }} diff --git a/custom/testing/golden-state-tree/pkgs/libxslt.sls b/custom/testing/golden-state-tree/pkgs/libxslt.sls new file mode 100644 index 0000000..9486b00 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/libxslt.sls @@ -0,0 +1,11 @@ +{%- if grains['os'] in ['Ubuntu', 'Debian'] %} + {%- set libxslt = "libxslt1-dev" %} +{%- elif grains['os'] in ['AlmaLinux', 'Fedora', 'Rocky', 'CentOS', 'CentOS Stream', 'VMware Photon OS'] or grains.os_family == 'Suse' %} + {%- set libxslt = "libxslt-devel" %} +{%- else %} + {%- set libxslt = "libxslt" %} +{%- endif %} + +libxslt: + pkg.installed: + - name: {{ libxslt }} diff --git a/custom/testing/golden-state-tree/pkgs/lsb-release.sls b/custom/testing/golden-state-tree/pkgs/lsb-release.sls new file mode 100644 index 0000000..bfdb325 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/lsb-release.sls @@ -0,0 +1,2 @@ +lsb-release: + pkg.installed diff --git a/custom/testing/golden-state-tree/pkgs/lxc.sls b/custom/testing/golden-state-tree/pkgs/lxc.sls new file mode 100644 index 0000000..269e828 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/lxc.sls @@ -0,0 +1,2 @@ +lxc: + pkg.latest diff --git a/custom/testing/golden-state-tree/pkgs/make.sls b/custom/testing/golden-state-tree/pkgs/make.sls new file mode 100644 index 0000000..5a2559e --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/make.sls @@ -0,0 +1,2 @@ +make: + pkg.installed diff --git a/custom/testing/golden-state-tree/pkgs/man.sls b/custom/testing/golden-state-tree/pkgs/man.sls new file mode 100644 index 0000000..e03ae98 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/man.sls @@ -0,0 +1,9 @@ +{%- if grains.os_family == 'Suse' %} + {%- set man = 'man' %} +{%- else %} + {%- set man = 'man-db' %} +{%- endif %} + +man: + pkg.installed: + - name: {{ man }} diff --git a/custom/testing/golden-state-tree/pkgs/nginx.sls b/custom/testing/golden-state-tree/pkgs/nginx.sls new file mode 100644 index 0000000..f315f2d --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/nginx.sls @@ -0,0 +1,9 @@ +nginx: + pkg.installed + +{%- if grains["os_family"] == 'Debian' %} +{#- Debian based distributions always start services #} +disable-nginx-service: + service.disabled: + - name: nginx +{%- endif %} diff --git a/custom/testing/golden-state-tree/pkgs/npm.sls b/custom/testing/golden-state-tree/pkgs/npm.sls new file mode 100644 index 0000000..d0bf2d0 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/npm.sls @@ -0,0 +1,30 @@ +{%- set suse = True if grains['os_family'] == 'Suse' else False %} +{%- set freebsd = True if grains['os'] == 'FreeBSD' else False %} +{%- set ubuntu = True if grains['os'] == 'Ubuntu' else False %} +{%- set macos = True if grains['os'] == 'MacOS' else False %} +{%- set photon = True if grains['os'] == 'VMware Photon OS' else False %} + +# Suse does not package npm separately +{%- if suse %} + {%- set npm = 'npm20' %} + {%- set nodejs = 'nodejs20' %} +{%- elif ubuntu %} + {%- set npm = 'npm' %} + {%- set nodejs = 'nodejs' %} +{%- elif freebsd %} + {%- set npm = 'www/npm' %} +{%- elif macos %} + {%- set npm = 'node' %} +{%- elif photon %} + {%- set npm = 'nodejs' %} +{%- else %} + {%- set npm = 'npm' %} +{%- endif %} + +npm: + pkg.installed: + - pkgs: + {%- if suse or ubuntu %} + - {{ nodejs }} + {%- endif %} + - {{ npm }} diff --git a/custom/testing/golden-state-tree/pkgs/openldap.sls b/custom/testing/golden-state-tree/pkgs/openldap.sls new file mode 100644 index 0000000..2c9f8f2 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/openldap.sls @@ -0,0 +1,18 @@ +openldap: + pkg.installed: + - pkgs: + {%- if grains['os_family'] == 'Debian' %} + - libldap2-dev + - libsasl2-dev + - libdpkg-perl + {%- elif grains['os_family'] == 'RedHat' and grains['os'] != 'VMware Photon OS' %} + - openldap-devel + {%- elif grains['os_family'] == 'FreeBSD' %} + - openldap-client + - openldap-server + {%- elif grains['os_family'] == 'Suse' %} + - openldap2-devel + - cyrus-sasl-devel + {%- elif grains['os_family'] == 'Arch' or grains['os'] == 'VMware Photon OS' %} + - openldap + {%- endif %} diff --git a/custom/testing/golden-state-tree/pkgs/openssl-dev.sls b/custom/testing/golden-state-tree/pkgs/openssl-dev.sls new file mode 100644 index 0000000..554872b --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/openssl-dev.sls @@ -0,0 +1,16 @@ +{%- if grains['os_family'] == 'RedHat' %} + {%- set openssl_dev = 'openssl-devel' %} +{%- elif grains['os_family'] == 'Suse' %} + {%- set openssl_dev = 'libopenssl-devel' %} +{%- else %} + {%- set openssl_dev = 'libssl-dev' %} +{%- endif %} + +include: + - pkgs.openssl + +openssl-dev: + pkg.installed: + - name: {{ openssl_dev }} + - require: + - openssl diff --git a/custom/testing/golden-state-tree/pkgs/openssl.sls b/custom/testing/golden-state-tree/pkgs/openssl.sls new file mode 100644 index 0000000..5d373b3 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/openssl.sls @@ -0,0 +1,2 @@ +openssl: + pkg.latest diff --git a/custom/testing/golden-state-tree/pkgs/patch.sls b/custom/testing/golden-state-tree/pkgs/patch.sls new file mode 100644 index 0000000..ea8d17e --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/patch.sls @@ -0,0 +1,9 @@ +{%- if grains['os'] == 'Gentoo' %} + {%- set patch = 'sys-devel/patch' %} +{%- else %} + {%- set patch = 'patch' %} +{%- endif %} + +patch: + pkg.installed: + - name: {{ patch }} diff --git a/custom/testing/golden-state-tree/pkgs/python3-pip.sls b/custom/testing/golden-state-tree/pkgs/python3-pip.sls new file mode 100644 index 0000000..2e07d7f --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/python3-pip.sls @@ -0,0 +1,24 @@ +{%- set distro = salt['grains.get']('oscodename', '') %} +{%- set os_family = salt['grains.get']('os_family', '') %} +{%- set os_major_release = salt['grains.get']('osmajorrelease', 0)|int %} +{%- set os = salt['grains.get']('os', '') %} + +{%- if os_family == 'RedHat' %} + {%- if os_major_release == 2018 %} + {%- set pip_pkg_name = 'python36-pip' %} + {%- else %} + {%- set pip_pkg_name = 'python3-pip' %} + {%- endif %} +{%- elif os_family in ('Debian', 'Ubuntu') %} + {%- set pip_pkg_name = 'python3-pip' %} +{%- elif os_family == 'Arch' %} + {%- set pip_pkg_name = 'python-pip' %} +{%- elif os_family == 'FreeBSD' %} + {%- set pip_pkg_name = 'py39-pip' %} +{%- else %} + {%- set pip_pkg_name = 'python3-pip' %} +{%- endif %} + +python3-pip: + pkg.installed: + - name: {{ pip_pkg_name }} diff --git a/custom/testing/golden-state-tree/pkgs/python3.sls b/custom/testing/golden-state-tree/pkgs/python3.sls new file mode 100644 index 0000000..f414306 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/python3.sls @@ -0,0 +1,42 @@ +{%- if grains['os_family'] in ('Arch', 'Solaris', 'FreeBSD', 'Gentoo', 'MacOS') %} + {%- set python3_dev = False %} +{%- elif grains['os'] == 'Amazon' %} + {%- set python3_dev = 'python3-devel' %} +{%- elif grains['os'] == 'Fedora' %} + {%- set python3_dev = 'python3-devel' %} +{%- elif grains['os'] in ('AlmaLinux', 'Rocky', 'CentOS', 'CentOS Stream', 'RedHat') %} + {%- if grains['osrelease'].startswith('8') %} + {%- set python3_dev = 'python36-devel' %} + {%- elif grains['osrelease'].startswith('9') %} + {%- set python3_dev = 'python3-devel' %} + {%- else %} + {%- set python3_dev = 'python3-devel' %} + {%- endif %} +{%- elif grains['os_family'] == 'Suse' %} + {%- set python3_dev = 'python3-devel' %} +{%- elif grains['os_family'] == 'Debian' %} + {%- set python3_dev = 'python3-dev' %} +{%- elif grains['os'] == 'VMware Photon OS' %} + {%- set python3_dev = 'python3-devel' %} +{%- else %} + {%- set python3_dev = 'python3-dev' %} +{%- endif %} + +{%- if grains['os_family'] == 'Arch' %} + {%- set python3 = 'python' %} +{%- elif grains["os_family"] == 'RedHat' and grains['osmajorrelease']|int == 8 %} + {%- set python3 = 'python36' %} +{%- else %} + {%- set python3 = 'python3' %} +{%- endif %} + +python3: + pkg.installed: + - name: {{ python3 }} + +{%- if python3_dev %} + +python3-dev: + pkg.installed: + - name: {{ python3_dev }} +{%- endif %} diff --git a/custom/testing/golden-state-tree/pkgs/rng-tools.sls b/custom/testing/golden-state-tree/pkgs/rng-tools.sls new file mode 100644 index 0000000..b504fc8 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/rng-tools.sls @@ -0,0 +1,9 @@ +{%- if grains['os_family'] == 'Debian' %} + {%- set rng_tools = 'rng-tools5' %} +{%- else %} + {%- set rng_tools = 'rng-tools' %} +{%- endif %} + +rng_tools: + pkg.installed: + - name: {{ rng_tools }} diff --git a/custom/testing/golden-state-tree/pkgs/rpmdevtools.sls b/custom/testing/golden-state-tree/pkgs/rpmdevtools.sls new file mode 100644 index 0000000..433d31b --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/rpmdevtools.sls @@ -0,0 +1,2 @@ +rpmdevtools: + pkg.installed diff --git a/custom/testing/golden-state-tree/pkgs/rsync.sls b/custom/testing/golden-state-tree/pkgs/rsync.sls new file mode 100644 index 0000000..7dbc5a1 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/rsync.sls @@ -0,0 +1,2 @@ +rsync: + pkg.installed diff --git a/custom/testing/golden-state-tree/pkgs/rust.sls b/custom/testing/golden-state-tree/pkgs/rust.sls new file mode 100644 index 0000000..5c9c6ec --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/rust.sls @@ -0,0 +1,9 @@ +{%- if grains['os_family'] == 'Debian' %} + {%- set rust = 'rustc' %} +{%- else %} + {%- set rust = 'rust' %} +{%- endif %} + +rust: + pkg.installed: + - name: {{ rust }} diff --git a/custom/testing/golden-state-tree/pkgs/samba.sls b/custom/testing/golden-state-tree/pkgs/samba.sls new file mode 100644 index 0000000..3ec141a --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/samba.sls @@ -0,0 +1,2 @@ +samba: + pkg.latest diff --git a/custom/testing/golden-state-tree/pkgs/sed.sls b/custom/testing/golden-state-tree/pkgs/sed.sls new file mode 100644 index 0000000..227a2f6 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/sed.sls @@ -0,0 +1,9 @@ +{%- if grains['os'] == 'FreeBSD' %} + {%- set sed = 'gsed' %} +{%- else %} + {%- set sed = 'sed' %} +{%- endif %} + +sed: + pkg.installed: + - name: {{ sed }} diff --git a/custom/testing/golden-state-tree/pkgs/swig.sls b/custom/testing/golden-state-tree/pkgs/swig.sls new file mode 100644 index 0000000..a6744bb --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/swig.sls @@ -0,0 +1,27 @@ +{%- if grains['os'] == 'CentOS Stream' and grains['osmajorrelease'] >= 9 %} +centos-crb-repo: + pkgrepo.managed: + - humanname: CentOS Stream $releasever - CRB + - mirrorlist: https://mirrors.centos.org/metalink?repo=centos-crb-$stream&arch=$basearch&protocol=https,http + - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial + - gpgcheck: 1 + - enabled: 1 +{%- elif grains['os'] == 'AlmaLinux' and grains['osmajorrelease'] >= 9 %} +centos-crb-repo: + pkgrepo.managed: + - humanname: AlmaLinux $releasever - CRB + - mirrorlist: https://mirrors.almalinux.org/mirrorlist/$releasever/crb + - gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 + - gpgcheck: 1 + - enabled: 1 +{%- elif grains['os'] == 'Rocky' and grains['osmajorrelease'] >= 9 %} +rocky-crb-repo: + pkgrepo.managed: + - humanname: Rocky $releasever - CRB + - name: crb + - gpgcheck: 1 + - enabled: 1 +{%- endif %} + +swig: + pkg.installed diff --git a/custom/testing/golden-state-tree/pkgs/tar.sls b/custom/testing/golden-state-tree/pkgs/tar.sls new file mode 100644 index 0000000..52011bd --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/tar.sls @@ -0,0 +1,2 @@ +tar: + pkg.installed diff --git a/custom/testing/golden-state-tree/pkgs/tree.sls b/custom/testing/golden-state-tree/pkgs/tree.sls new file mode 100644 index 0000000..6441c93 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/tree.sls @@ -0,0 +1,5 @@ +{%- set tree = 'tree' %} + +tree: + pkg.installed: + - name: {{ tree }} diff --git a/custom/testing/golden-state-tree/pkgs/tzdata.sls b/custom/testing/golden-state-tree/pkgs/tzdata.sls new file mode 100644 index 0000000..8602abd --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/tzdata.sls @@ -0,0 +1,2 @@ +tzdata: + pkg.installed diff --git a/custom/testing/golden-state-tree/pkgs/vault.sls b/custom/testing/golden-state-tree/pkgs/vault.sls new file mode 100644 index 0000000..6b60dc9 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/vault.sls @@ -0,0 +1,45 @@ +{%- if grains['os_family'] == 'Debian' %} +vault-prereqs: + pkg.installed: + - pkgs: + - apt-transport-https + - ca-certificates + - curl + - gnupg + - lsb-release +{%- endif %} + +{%- if grains['os_family'] in ('Debian', 'RedHat') %} +vault-repo: + cmd.run: + {%- if grains['os_family'] == 'Debian' %} + - name: | + curl -fsSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg + echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list > /dev/null + - require: + - vault-prereqs + {%- elif grains['os'] == 'Fedora' %} + {#- Fedora must be addressed first because of the os_family logical check below #} + - name: | + dnf -y install dnf-plugins-core + dnf config-manager --add-repo https://rpm.releases.hashicorp.com/fedora/hashicorp.repo + {%- elif grains['os'] == 'Amazon' %} + {#- Amazon must be addressed first because of the os_family logical check below #} + - name: | + yum install -y yum-utils + yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo + {%- elif grains['os_family'] == 'RedHat' %} + - name: | + yum install -y yum-utils + yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo + {%- endif %} +{%- endif %} + +install-vault: + pkg.installed: + - name: vault +{%- if grains['os_family'] in ('Debian', 'RedHat') %} + - refresh: True + - require: + - vault-repo +{%- endif %} diff --git a/custom/testing/golden-state-tree/pkgs/vim.sls b/custom/testing/golden-state-tree/pkgs/vim.sls new file mode 100644 index 0000000..aff0593 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/vim.sls @@ -0,0 +1,2 @@ +vim: + pkg.installed diff --git a/custom/testing/golden-state-tree/pkgs/xz.sls b/custom/testing/golden-state-tree/pkgs/xz.sls new file mode 100644 index 0000000..eb3ea9a --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/xz.sls @@ -0,0 +1,9 @@ +{%- if grains['os_family'] == 'Debian' %} + {%- set xz = 'xz-utils' %} +{%- else %} + {%- set xz = 'xz' %} +{%- endif %} + +xz: + pkg.installed: + - name: {{ xz }} diff --git a/custom/testing/golden-state-tree/pkgs/zlib.sls b/custom/testing/golden-state-tree/pkgs/zlib.sls new file mode 100644 index 0000000..8b01310 --- /dev/null +++ b/custom/testing/golden-state-tree/pkgs/zlib.sls @@ -0,0 +1,18 @@ +zlib: + pkg.latest: + - pkgs: +{%- if grains['os_family'] == "Arch" %} + - zlib +{%- elif grains['os_family'] == "Debian" %} + - zlib1g + - zlib1g-dev +{%- elif grains['os_family'] == "Suse" %} + - libz1 + - zlib-devel +{%- elif grains['os'] == "Fedora" %} + - zlib-ng-compat + - zlib-ng-compat-devel +{%- else %} + - zlib + - zlib-devel +{%- endif %} diff --git a/custom/testing/golden-state-tree/provision.sls b/custom/testing/golden-state-tree/provision.sls new file mode 100644 index 0000000..349060b --- /dev/null +++ b/custom/testing/golden-state-tree/provision.sls @@ -0,0 +1,10 @@ +include: + - os + - python-pkgs + +provision-system: + test.show_notification: + - text: "System Provision Complete" + - require: + - provision-system-packages + - provision-python-packages diff --git a/custom/testing/golden-state-tree/python-pkgs/init.sls b/custom/testing/golden-state-tree/python-pkgs/init.sls new file mode 100644 index 0000000..30ff3ac --- /dev/null +++ b/custom/testing/golden-state-tree/python-pkgs/init.sls @@ -0,0 +1,7 @@ +include: + - .nox + - .pyyaml + +provision-python-packages: + test.show_notification: + - text: "Python Packages Provision Complete" diff --git a/custom/testing/golden-state-tree/python-pkgs/nox.sls b/custom/testing/golden-state-tree/python-pkgs/nox.sls new file mode 100644 index 0000000..e5bd211 --- /dev/null +++ b/custom/testing/golden-state-tree/python-pkgs/nox.sls @@ -0,0 +1,79 @@ +{%- if grains['os'] == 'VMware Photon OS' %} + {#- + The latest version of nox pulls in packaging, which is already installed + on PhotonOS AMIs. If we try to uninstall that the following would also + be uninstalled: + python3-requests + python3-pyOpenSSL + python3-packaging + python3-cryptography + minimal + cloud-init + + The last one seems important, so we'll just use an older version of nox + #} + {%- set nox_version = '2020.12.31' %} +{%- else %} + {%- set nox_version = '2022.1.7' %} +{%- endif %} + +{%- if grains['os_family'] == 'Windows' %} + {%- set on_windows=True %} +{%- else %} + {%- set on_windows=False %} +{%- endif %} + +{%- if grains['os_family'] == 'FreeBSD' %} + {%- set on_freebsd=True %} +{%- else %} + {%- set on_freebsd=False %} +{%- endif %} + +{%- if on_windows %} + {%- set pip = 'py -3 -m pip' %} +{%- else %} + {%- if on_freebsd %} + {%- set pip = 'pip-3.9' %} + {%- else %} + {%- set pip = 'pip3' %} + {%- endif %} +{%- endif %} + +{%- set which_nox = 'nox' | which %} + +{%- if not which_nox %} +nox: + cmd.run: + {%- if not on_windows %} + {%- if (grains['os'] == 'Debian' and grains['osmajorrelease'] >= 12) or (grains['os'] == 'Ubuntu' and grains['osmajorrelease'] >= 23) or grains['os'] == 'Arch' %} + - name: "{{ pip }} install 'nox=={{ nox_version }}' --break-system-packages" + {%- else %} + - name: "{{ pip }} install 'nox=={{ nox_version }}'" + {%- endif %} + {%- else %} + - name: {{ pip }} install nox=={{ nox_version }} + {%- endif %} + + {%- if not on_windows %} +symlink-nox: + file.symlink: + - name: /usr/bin/nox + - target: /usr/local/bin/nox + - onlyif: '[ -f /usr/local/bin/nox ]' + - require: + - nox + {%- endif %} + +nox-version: + cmd.run: + {%- if not on_windows %} + - name: 'nox --version' + {%- else %} + - name: 'py -3 -m nox --version' + {%- endif %} + - require: + - nox + {%- if grains['os'] == 'MacOS' %} + - runas: vagrant + {%- endif %} +{%- endif %} diff --git a/custom/testing/golden-state-tree/python-pkgs/pyyaml.sls b/custom/testing/golden-state-tree/python-pkgs/pyyaml.sls new file mode 100644 index 0000000..c56db35 --- /dev/null +++ b/custom/testing/golden-state-tree/python-pkgs/pyyaml.sls @@ -0,0 +1,17 @@ +{%- if grains['os_family'] == 'Windows' %} + {%- set pip = 'py -3 -m pip' %} +{%- elif grains['os_family'] == 'FreeBSD' %} + {%- set pip = 'pip-3.9' %} +{%- else %} + {%- set pip = 'pip3' %} +{%- endif %} + +pyyaml: + cmd.run: + - name: {{ pip }} install pyyaml==6.0.1 + - unless: + {%- if grains['os_family'] == 'Windows' %} + - py -3 -c "import yaml" + {%- else %} + - python3 -c "import yaml" + {%- endif %}