salt-proxy
Change-Id: I2aba1213b1dda46aee929b8ea583c41316e3eb0b
diff --git a/README.rst b/README.rst
index 72f89a8..546129b 100644
--- a/README.rst
+++ b/README.rst
@@ -171,6 +171,57 @@
".*":
- x509.sign_remote_certificate
+Salt proxy
+----------
+
+Salt proxy pillar
+
+.. code-block:: yaml
+
+ salt:
+ minion:
+ proxy:
+ master: localhost
+ device:
+ vsrx01.mydomain.local:
+ enabled: true
+ engine: napalm
+ csr1000v.mydomain.local:
+ enabled: true
+ engine: napalm
+
+.. note:: This is pillar of the the real salt-minion
+
+
+Proxy pillar for IOS device
+
+.. code-block:: yaml
+
+ proxy:
+ proxytype: napalm
+ driver: ios
+ host: csr1000v.mydomain.local
+ username: root
+ passwd: r00tme
+
+.. note:: This is pillar of the node thats not able to run salt-minion itself
+
+
+Proxy pillar for JunOS device
+
+.. code-block:: yaml
+
+ proxy:
+ proxytype: napalm
+ driver: junos
+ host: vsrx01.mydomain.local
+ username: root
+ passwd: r00tme
+ optional_args:
+ config_format: set
+
+.. note:: This is pillar of the node thats not able to run salt-minion itself
+
Salt SSH
--------
diff --git a/salt/files/proxy.conf b/salt/files/proxy.conf
new file mode 100644
index 0000000..b143f85
--- /dev/null
+++ b/salt/files/proxy.conf
@@ -0,0 +1,8 @@
+##### Primary configuration settings #####
+##########################################
+# This configuration file is used to manage the behavior of all Salt Proxy
+# Minions on this host.
+
+master: {{ proxy.master|default('localhost') }}
+multiprocessing: False
+mine_enabled: True
diff --git a/salt/files/salt-proxy.service b/salt/files/salt-proxy.service
new file mode 100644
index 0000000..3348f10
--- /dev/null
+++ b/salt/files/salt-proxy.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Salt proxy minion
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/salt-proxy --proxyid %i
+User=root
+Group=root
+Restart=always
+RestartPreventExitStatus=SIGHUP
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/salt/map.jinja b/salt/map.jinja
index 155243e..3ed0070 100644
--- a/salt/map.jinja
+++ b/salt/map.jinja
@@ -110,6 +110,19 @@
{%- if pillar.salt.minion is defined %}
{%- set raw_minion = salt['grains.filter_by'](minion_specific, merge=salt['pillar.get']('salt:minion')) %}
{%- set minion = salt['grains.filter_by'](minion_common, merge=raw_minion) %}
+
+{%- if pillar.salt.minion.proxy is defined %}
+{% set proxy = salt['grains.filter_by']({
+ 'Debian': {
+ 'napalm_pkgs': ['python-pip', 'libxml2-dev', 'libxslt1-dev', 'zlib1g-dev'],
+ 'napalm_pip_pkgs': ['napalm', 'oauth']
+ },
+ 'RedHat': {
+ 'napalm_pkgs': ['libxml2-dev', 'libxslt1-dev', 'zlib1g-dev']
+ },
+}, merge=pillar.salt.minion.get('proxy', {})) %}
+{%- endif %}
+
{%- endif %}
diff --git a/salt/minion/init.sls b/salt/minion/init.sls
index 477b0b9..7d38076 100644
--- a/salt/minion/init.sls
+++ b/salt/minion/init.sls
@@ -8,3 +8,6 @@
- salt.minion.ca
{%- endif %}
- salt.minion.cert
+{%- if pillar.salt.minion.proxy is defined %}
+- salt.minion.proxy
+{%- endif %}
diff --git a/salt/minion/proxy.sls b/salt/minion/proxy.sls
new file mode 100644
index 0000000..00ec07c
--- /dev/null
+++ b/salt/minion/proxy.sls
@@ -0,0 +1,52 @@
+{%- from "salt/map.jinja" import proxy with context %}
+
+{%- set napalm = false %}
+
+{%- for proxy_name, proxy_device in proxy.device.iteritems() %}
+
+{%- if proxy_device.engine == 'napalm' %}
+
+{%- set napalm = true %}
+
+{%- endif %}
+
+{%- endfor %}
+
+/etc/systemd/system/salt-proxy@.service:
+ file.managed:
+ - source: salt://salt/files/salt-proxy.service
+ - template: jinja
+
+/etc/salt/proxy:
+ file.managed:
+ - source: salt://salt/files/proxy.conf
+ - template: jinja
+ - defaults:
+ napalm: {{ napalm }}
+ proxy: {{ proxy|yaml }}
+
+{%- if napalm %}
+
+network_proxy_packages:
+ pkg.installed:
+ - names: {{ proxy.napalm_pkgs }}
+
+napalm:
+ pip.installed:
+ - name: {{ proxy.napalm_pip_pkgs}}
+ - require:
+ - pkg: python-pip
+
+{%- endif %}
+
+{%- for proxy_name, proxy_device in proxy.device.iteritems() %}
+
+salt_proxy_{{ proxy_name }}_service:
+ service.running:
+ - enable: true
+ - name: salt-proxy@{{ proxy_name }}
+ - watch:
+ - file: /etc/salt/proxy
+ - file: /etc/systemd/system/salt-proxy@.service
+
+{%- endfor %}
diff --git a/tests/pillar/minion_proxy.sls b/tests/pillar/minion_proxy.sls
new file mode 100644
index 0000000..6363f90
--- /dev/null
+++ b/tests/pillar/minion_proxy.sls
@@ -0,0 +1,12 @@
+salt:
+ minion:
+ enabled:true
+ proxy:
+ master: localhost
+ device:
+ vsrx01.mydomain.local:
+ enabled: true
+ engine: napalm
+ csr1000v.mydomain.local:
+ enabled: true
+ engine: napalm