From 77f88371b80433d242947350ec1148cc0adadca0 Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Wed, 23 Apr 2025 08:30:37 -0400 Subject: [PATCH 1/2] manage default and local in separate states --- salt/elasticsearch/auth.sls | 2 +- salt/kafka/nodes.sls | 4 ++-- salt/kibana/secrets.sls | 2 +- salt/manager/elasticsearch.sls | 2 +- salt/manager/init.sls | 17 +++++++++++++++-- 5 files changed, 20 insertions(+), 7 deletions(-) diff --git a/salt/elasticsearch/auth.sls b/salt/elasticsearch/auth.sls index f3aefa6b9..a7de4ef8f 100644 --- a/salt/elasticsearch/auth.sls +++ b/salt/elasticsearch/auth.sls @@ -15,7 +15,7 @@ elastic_auth_pillar: file.managed: - name: /opt/so/saltstack/local/pillar/elasticsearch/auth.sls - - mode: 600 + - mode: 640 - reload_pillar: True - contents: | elasticsearch: diff --git a/salt/kafka/nodes.sls b/salt/kafka/nodes.sls index cae2a1d0f..90cc931bb 100644 --- a/salt/kafka/nodes.sls +++ b/salt/kafka/nodes.sls @@ -10,9 +10,9 @@ write_kafka_pillar_yaml: file.managed: - name: /opt/so/saltstack/local/pillar/kafka/nodes.sls - - mode: 644 + - mode: 640 - user: socore - source: salt://kafka/files/managed_node_pillar.jinja - template: jinja - context: - COMBINED_KAFKANODES: {{ COMBINED_KAFKANODES }} \ No newline at end of file + COMBINED_KAFKANODES: {{ COMBINED_KAFKANODES }} diff --git a/salt/kibana/secrets.sls b/salt/kibana/secrets.sls index f97aa4d59..048cea4d4 100644 --- a/salt/kibana/secrets.sls +++ b/salt/kibana/secrets.sls @@ -22,7 +22,7 @@ kibana_pillar_directory: kibana_secrets_pillar: file.managed: - name: /opt/so/saltstack/local/pillar/kibana/secrets.sls - - mode: 600 + - mode: 640 - reload_pillar: True - contents: | kibana: diff --git a/salt/manager/elasticsearch.sls b/salt/manager/elasticsearch.sls index df93217b8..ab9dbb287 100644 --- a/salt/manager/elasticsearch.sls +++ b/salt/manager/elasticsearch.sls @@ -3,5 +3,5 @@ elastic_curl_config_distributed: - name: /opt/so/saltstack/local/salt/elasticsearch/curl.config - source: salt://elasticsearch/files/curl.config.template - template: jinja - - mode: 600 + - mode: 640 - show_changes: False diff --git a/salt/manager/init.sls b/salt/manager/init.sls index 5eadead92..4493047ba 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -127,15 +127,28 @@ so_fleetagent_status: - month: '*' - dayweek: '*' -socore_own_saltstack: +socore_own_saltstack_default: file.directory: - - name: /opt/so/saltstack + - name: /opt/so/saltstack/default - user: socore - group: socore - recurse: - user - group +socore_own_saltstack_local: + file.managed: + - name: /opt/so/saltstack/local + - user: socore + - group: socore + - dir_mode: 750 + - file_mode: 640 + - replace: False + - recurse: + - user + - group + - mode + rules_dir: file.directory: - name: /nsm/rules/yara From 19514a969b7a070b90bcba1d990f4fccd1ab15ea Mon Sep 17 00:00:00 2001 From: Josh Patterson Date: Wed, 23 Apr 2025 08:41:53 -0400 Subject: [PATCH 2/2] use file.directory --- salt/manager/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/manager/init.sls b/salt/manager/init.sls index 4493047ba..07a1b8816 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -137,7 +137,7 @@ socore_own_saltstack_default: - group socore_own_saltstack_local: - file.managed: + file.directory: - name: /opt/so/saltstack/local - user: socore - group: socore