Fleet standalone - custom hostnames

salt/fleet/event_gen-packages.sls

@@ -2,12 +2,19 @@
 {% set ENROLLSECRET = salt['pillar.get']('secrets:fleet_enroll-secret') %}
 {% set CURRENTPACKAGEVERSION = salt['pillar.get']('static:fleet_packages-version') %}
 {% set VERSION = salt['pillar.get']('static:soversion') %}
+{% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('static:fleet_custom_hostname', None) %}
+
+{% if CUSTOM_FLEET_HOSTNAME != None %}
+   {% set HOSTNAME = {{ CUSTOM_FLEET_HOSTNAME }}  %}
+{% else %}
+   {% set HOSTNAME = {{ grains.host }}  %}
+{% endif %}
 
 so/fleet:
   event.send:
     - data:
         action: 'genpackages'
-        hostname: {{ grains.host }}
+        package-hostname: {{ HOSTNAME }}
         role: {{ grains.role }}
         mainip: {{ grains.host }}
         enroll-secret: {{ ENROLLSECRET }}

salt/fleet/event_update-custom-hostname.sls

@@ -0,0 +1,9 @@
+{% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('static:fleet_custom_hostname', None) %}
+
+so/fleet:
+  event.send:
+    - data:
+        action: 'update_custom_hostname'
+        custom_hostname: {{ CUSTOM_FLEET_HOSTNAME }}
+        role: {{ grains.role }}
+        

salt/reactor/fleet.sls

@@ -9,10 +9,6 @@ import subprocess
 def run():
   MINIONID = data['id']
   ACTION = data['data']['action']
-  HOSTNAME = data['data']['hostname']
-  ROLE = data['data']['role']
-  ESECRET = data['data']['enroll-secret']
-  MAINIP = data['data']['mainip']
 
   STATICFILE = '/opt/so/saltstack/pillar/static.sls'
   SECRETSFILE = '/opt/so/saltstack/pillar/secrets.sls'
@@ -21,6 +17,11 @@ def run():
     if ACTION == 'enablefleet':
       logging.info('so/fleet enablefleet reactor')
 
+      ESECRET = data['data']['enroll-secret']
+      MAINIP = data['data']['mainip']
+      ROLE = data['data']['role']
+      HOSTNAME = data['data']['hostname']
+
       # Enable Fleet
       for line in fileinput.input(STATICFILE, inplace=True):
         if ROLE == 'so-fleet':
@@ -48,8 +49,10 @@ def run():
       logging.info('so/fleet genpackages reactor')
 
       PACKAGEVERSION = data['data']['current-package-version']
+      PACKAGEHOSTNAME = data['data']['package-hostname']
       MASTER = data['data']['master']
       VERSION = data['data']['version']
+      ESECRET = data['data']['enroll-secret']
       
       # Increment the package version by 1
       PACKAGEVERSION += 1
@@ -57,7 +60,7 @@ def run():
       # Run Docker container that will build the packages
       gen_packages = subprocess.run(["docker", "run","--rm", "--mount", "type=bind,source=/opt/so/saltstack/salt/fleet/packages,target=/output", \
          "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MASTER }:5000/soshybridhunter/so-fleet-launcher:{ VERSION }", \
-         f"{ESECRET}", f"{HOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')  
+         f"{ESECRET}", f"{PACKAGEHOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii')  
       
       # Update the 'packages-built' timestamp on the webpage (stored in the static pillar)
       for line in fileinput.input(STATICFILE, inplace=True):
@@ -70,6 +73,16 @@ def run():
         print(line)
 
       # Copy over newly-built packages
-      copy_packages = subprocess.run(["salt-call", "state.apply","fleet"], stdout=subprocess.PIPE, encoding='ascii')      
+      copy_packages = subprocess.run(["salt-call", "state.apply","fleet"], stdout=subprocess.PIPE, encoding='ascii')    
+
+    if ACTION == 'update_custom_hostname':
+      logging.info('so/fleet update_custom_hostname reactor')
+
+      CUSTOMHOSTNAME = data['data']['custom_hostname']
+      
+        # Update the Fleet host in the static pillar
+      for line in fileinput.input(STATICFILE, inplace=True):
+        line = re.sub(r'fleet_custom_hostname: \S*', f"fleet_custom_hostname: {CUSTOMHOSTNAME}", line.rstrip())
+        print(line)  
 
   return {}

salt/ssl/init.sls

@@ -5,6 +5,7 @@
 {% set global_ca_server = [] %}
 {% set MAININT = salt['pillar.get']('host:mainint') %}
 {% set MAINIP = salt['grains.get']('ip_interfaces').get(MAININT)[0] %}
+{% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('static:fleet_custom_hostname', None) %}
 
 {% if grains.id.split('_')|last in ['master', 'eval', 'standalone'] %}
     {% set trusttheca_text =  salt['mine.get'](grains.id, 'x509.get_pem_entries')[grains.id]['/etc/pki/ca.crt']|replace('\n', '') %}
@@ -201,6 +202,7 @@ chownfilebeatp8:
     - signing_policy: masterssl
     - public_key: /etc/pki/masterssl.key
     - CN: {{ HOSTNAME }}
+    - subjectAltName: DNS:{{ HOSTNAME }}, IP:{{ MAINIP }} {% if CUSTOM_FLEET_HOSTNAME != None %},DNS:{{ CUSTOM_FLEET_HOSTNAME }} {% endif %}
     - days_remaining: 0
     - days_valid: 820
     - backup: True
@@ -223,7 +225,7 @@ chownfilebeatp8:
   x509.certificate_managed:
     - signing_private_key: /etc/pki/fleet.key
     - CN: {{ HOSTNAME }}
-    - subjectAltName: DNS:{{ HOSTNAME }}, IP:{{ MAINIP }}
+    - subjectAltName: DNS:{{ HOSTNAME }}, IP:{{ MAINIP }} {% if CUSTOM_FLEET_HOSTNAME != None %},DNS:{{ CUSTOM_FLEET_HOSTNAME }} {% endif %}
     - days_remaining: 0
     - days_valid: 820
     - backup: True