Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/lkubb/salt-truenas-formula

Manage TrueNAS with Salt-SSH.
https://github.com/lkubb/salt-truenas-formula

salt salt-formula saltstack saltstack-formula truenas truenas-core

Last synced: 7 days ago
JSON representation

Manage TrueNAS with Salt-SSH.

Awesome Lists containing this project

README 

        
.. _readme:



TrueNAS Formula

===============



|img_sr| |img_pc|



.. |img_sr| image:: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg

   :alt: Semantic Release

   :scale: 100%

   :target: https://github.com/semantic-release/semantic-release

.. |img_pc| image:: https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white

   :alt: pre-commit

   :scale: 100%

   :target: https://github.com/pre-commit/pre-commit



Manage TrueNAS with Salt.



This is a collection of states intended to be run over Salt-SSH.



.. contents:: **Table of Contents**

   :depth: 1



General notes

-------------



See the full `SaltStack Formulas installation and usage instructions

`_.



If you are interested in writing or contributing to formulas, please pay attention to the `Writing Formula Section

`_.



If you want to use this formula, please pay attention to the ``FORMULA`` file and/or ``git tag``,

which contains the currently released version. This formula is versioned according to `Semantic Versioning `_.



See `Formula Versioning Section `_ for more details.



If you need (non-default) configuration, please refer to:



- `how to configure the formula with map.jinja `_

- the ``pillar.example`` file

- the `Special notes`_ section



Special notes

-------------

* This formula is intended to be executed via ``salt-ssh``.

* It currently relies heavily on wrapper modules that are not yet part of Salt core, but are submitted in several of my PRs.



Configuration

-------------

An example pillar is provided, please see `pillar.example`. Note that you do not need to specify everything by pillar. Often, it's much easier and less resource-heavy to use the ``parameters//.yaml`` files for non-sensitive settings. The underlying logic is explained in `map.jinja`.



Available states

----------------



The following states are found in this formula:



.. contents::

   :local:



``truenas``

^^^^^^^^^^^

A collection of states to manage some aspects of TrueNAS.

You will have to target each mod explicitly, just ``truenas``

does nothing.



``truenas.certs``

^^^^^^^^^^^^^^^^^

Manages certificates that will be imported into the certificate store.



When using a ``ca_server``, will rely on the SSH wrapper emulation

of ``x509.certificate_managed`` since the remote does not have access

to the event bus.



The wrapper is found in my PR #65654 or in my formula for a private CA:

https://github.com/lkubb/salt-private-ca-formula



``truenas.minio``

^^^^^^^^^^^^^^^^^

Manages the MinIO plugin.



Currently only manages a certificate.



``truenas.minio.cert``

^^^^^^^^^^^^^^^^^^^^^^

Manages a certificate for the MinIO plugin.



The jail must exist for this state to work at all.



``truenas.sshd``

^^^^^^^^^^^^^^^^

Manages the SSH service.



``truenas.sshd.authorized_keys``

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Manages OpenSSH authorized keys.

If ``TrustedUserCAKeys`` has been specified in the server

configuration (``truenas:sshd:config``), all CA keys from

``truenas:sshd:trusted_user_ca_keys`` will be serialized

into the corresponding file as well.



``truenas.sshd.config``

^^^^^^^^^^^^^^^^^^^^^^^

Manages SSH configuration. TrueNAS automatically reloads the

config, so this is mostly standalone. It still depends on

`truenas.sshd.host_pki`_ since those should be managed before.



``truenas.sshd.host_pki``

^^^^^^^^^^^^^^^^^^^^^^^^^

Manages SSH host keys and other related files.



``truenas.sshd.service``

^^^^^^^^^^^^^^^^^^^^^^^^

Ensures SSH service is enabled and running.

No config since SSH is required for any of this to work.



``truenas.telegraf``

^^^^^^^^^^^^^^^^^^^^

Installs Telegraf and manages configuration.



You need to set ``truenas:telegraf:destination``.

It is advised to install it on a dataset to avoid it being

removed during an update.



``truenas.certs.clean``

^^^^^^^^^^^^^^^^^^^^^^^

Does not remove the certificates/keys because this is hard

to automate and can break a lot of things.

You will need to do this manually.



``truenas.sshd.authorized_keys.clean``

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Removes managed OpenSSH authorized keys and trusted user CA keys.



``truenas.telegraf.clean``

^^^^^^^^^^^^^^^^^^^^^^^^^^

Removes Telegraf and configuration.



Contributing to this repo

-------------------------



Commit messages

^^^^^^^^^^^^^^^



**Commit message formatting is significant!**



Please see `How to contribute `_ for more details.



pre-commit

^^^^^^^^^^



`pre-commit `_ is configured for this formula, which you may optionally use to ease the steps involved in submitting your changes.

First install  the ``pre-commit`` package manager using the appropriate `method `_, then run ``bin/install-hooks`` and

now ``pre-commit`` will run automatically on each ``git commit``. ::



  $ bin/install-hooks

  pre-commit installed at .git/hooks/pre-commit

  pre-commit installed at .git/hooks/commit-msg



State documentation

~~~~~~~~~~~~~~~~~~~

There is a script that semi-autodocuments available states: ``bin/slsdoc``.



If a ``.sls`` file begins with a Jinja comment, it will dump that into the docs. It can be configured differently depending on the formula. See the script source code for details currently.



This means if you feel a state should be documented, make sure to write a comment explaining it.



References

----------

* https://github.com/arensb/ansible-truenas

* https://github.com/samuelkadolph/truenas-telegraf

* https://github.com/danb35/deploy-freenas

* https://www.truenas.com/docs/api/core_websocket_api.htm

* https://github.com/truenas/middleware