diff --git a/salt/orch/deploy_newnode.sls b/salt/orch/deploy_newnode.sls index c05a812a3..0a2c448ba 100644 --- a/salt/orch/deploy_newnode.sls +++ b/salt/orch/deploy_newnode.sls @@ -12,6 +12,21 @@ attempts: 36 interval: 5 +# so-minion's setupMinionFiles rebuilds the new minion's pillar file from +# scratch, wiping any postgres.telegraf.* entries the reactor may have written +# on salt-key accept. Re-fan the cred here so the highstate below sees it. +# Idempotent via the unless: guard in postgres.auth. +manager_fanout_postgres_telegraf_{{NEWNODE}}: + salt.state: + - tgt: {{ MANAGER }} + - sls: + - postgres.auth + - queue: True + - pillar: + postgres_fanout_minion: {{ NEWNODE }} + - require: + - salt: {{NEWNODE}}_update_mine + # we need to prepare the manager for a new searchnode or heavynode {% if NEWNODE.split('_')|last in ['searchnode', 'heavynode'] %} manager_run_es_soc: @@ -30,3 +45,5 @@ manager_run_es_soc: - tgt: {{ NEWNODE }} - highstate: True - queue: True + - require: + - salt: manager_fanout_postgres_telegraf_{{NEWNODE}} diff --git a/salt/postgres/auth.sls b/salt/postgres/auth.sls index ec6f3ec7e..beed1f8bd 100644 --- a/salt/postgres/auth.sls +++ b/salt/postgres/auth.sls @@ -85,8 +85,11 @@ postgres_telegraf_minion_pillar_{{ safe }}: chown socore:socore "$PILLAR_FILE" 2>/dev/null || true chmod 640 "$PILLAR_FILE" fi - /usr/sbin/so-yaml.py replace "$PILLAR_FILE" postgres.telegraf.user '{{ entry.user }}' - /usr/sbin/so-yaml.py replace "$PILLAR_FILE" postgres.telegraf.pass '{{ entry.pass }}' + /usr/sbin/so-yaml.py replace "$PILLAR_FILE" postgres.telegraf.user "$PG_USER" + /usr/sbin/so-yaml.py replace "$PILLAR_FILE" postgres.telegraf.pass "$PG_PASS" + - env: + - PG_USER: '{{ entry.user }}' + - PG_PASS: '{{ entry.pass }}' - unless: | [ "$(/usr/sbin/so-yaml.py get -r /opt/so/saltstack/local/pillar/minions/{{ mid }}.sls postgres.telegraf.user 2>/dev/null)" = '{{ entry.user }}' ] - require: