Configure salt to manage psf_known_hosts and salt-server-list.rst (#305)

* Configure salt to manage psf_known_hosts and salt-server-list.rst and serve them via HTTP * Revise suggested changes * Add `publish-files` service config to `haproxy.sls` * Correct syntax in nginx configuration * Correct salt-lint * set domains to serve from `salt-public.psf.io` and commit suggested changes * Update salt/base/salt.sls Co-authored-by: Ee Durbin <ee@python.org> * Update salt/base/salt.sls Co-authored-by: Ee Durbin <ee@python.org> --------- Co-authored-by: Ee Durbin <ee@python.org>
python · Feb 22, 2023 · 16ff742 · 16ff742
1 parent 2581271
commit 16ff742
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 2 deletions.
diff --git a/pillar/base/haproxy.sls b/pillar/base/haproxy.sls
@@ -94,6 +94,12 @@ haproxy:
       verify_host: salt.psf.io
       check: "GET /.well-known/acme-challenge/sentinel HTTP/1.1\\r\\nHost:\\ salt.psf.io"
 
+    publish-files:
+      domains:
+        - salt-public.psf.io
+      verify_host: salt.psf.io
+      check: "GET /salt-server-list.rst HTTP/1.1\\r\\nHost:\\ salt-public.psf.io"
+
   redirects:
     cheeseshop.python.org:
       target: pypi.org

diff --git a/salt/base/config/publish-files-nginx.conf b/salt/base/config/publish-files-nginx.conf
@@ -0,0 +1,13 @@
+server {
+  listen 9001 ssl;
+
+  ssl_certificate /etc/ssl/private/salt.psf.io.pem;
+  ssl_certificate_key /etc/ssl/private/salt.psf.io.pem;
+
+  server_name salt-public.psf.io;
+
+  location / {
+      root /srv/public;
+      try_files $uri =404;
+  }
+}
diff --git a/salt/base/salt.sls b/salt/base/salt.sls
@@ -80,21 +80,52 @@ salt-master:
     - require:
       - pkg: consul-pkgs
 
-/srv/psf_known_hosts:
+/srv/public:
+  file.directory:
+    - user: root
+    - group: root
+    - mode: "0755"
+
+/srv/public/psf_known_hosts:
   file.managed:
     - source: salt://base/config/known_hosts.jinja
     - template: jinja
     - user: root
     - group: root
     - mode: "0644"
 
-/srv/salt-server-list.rst:
+/srv/public/salt-server-list.rst:
   file.managed:
     - source: salt://base/config/salt-server-list.rst.jinja
     - template: jinja
     - user: root
     - group: root
     - mode: "0644"
+
+/etc/nginx/sites.d/publish-files.conf:
+  file.managed:
+    - source: salt://base/config/publish-files-nginx.conf
+    - user: root
+    - group: root
+    - mode: "0644"
+    - require:
+       - file: /etc/nginx/sites.d/
+       - file: /srv/public
+
+/etc/consul.d/service-publish-files.conf:
+  file.managed:
+    - source: salt://consul/etc/service.jinja
+    - template: jinja
+    - context:
+        name: publish-files
+        port: 9001
+    - user: root
+    - group: root
+    - mode: "0644"
+    - require:
+       - pkg: consul-pkgs
+
+
 {% endif %}
 
 salt-minion-pkg: