Project

General

Profile

Archive #23606

salt-master a besoin d’un utilisateur PostgreSQL dédié pour écrire les informations des tâches

Added by Daniel Dehennin almost 2 years ago. Updated 8 months ago.

Status:
Nouveau
Priority:
Normal
Assigned To:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
4.00 h
Spent time:
Distribution:

Associated revisions

Revision 18a4c386 (diff)
Added by Daniel Dehennin almost 2 years ago

SaltStack: create a dedicated role for salt-master with sqitch

Waiting for a proper way to handle such need, I create the role
directly with sqitch like before.

Ref: #23526

  • services/saltmaster/migrations/deploy/salt-runner-db.sql: create the
    role and grant privileges.
  • services/saltmaster/migrations/revert/salt-runner-db.sql: revoke
    privileges and drop the dedicated role.
  • services/saltmaster/migrations/verify/salt-runner-db.sql: verify
    that the dedicated role can insert in the tables.

Ref: #23606

Revision 473d70c9 (diff)
Added by Daniel Dehennin almost 2 years ago

SaltStack: add volume for sqitch configuration in development

This permits to just restart the container in development

Ref: #23606

Revision 8236a38d (diff)
Added by Daniel Dehennin almost 2 years ago

Vault: grant login to database admin

The creation of role by sqitch is not working because the temporary
user created by Vault does not have the “CREATEROLE” privilege.

In the mean time we autorise the database administrator to login
without password.

Ref: #23606

Revision 1d6788fc (diff)
Added by Daniel Dehennin almost 2 years ago

SaltStack: use “salt-runner_admin” to connect to PostgreSQL

The creation of role by sqitch is not working because the temporary
user created by Vault does not have the “CREATEROLE” privilege.

  • services/saltmaster/salt-master-2017.conf: use “salt-returner_admin”
    instead of “salt-admin”.

Ref: #23606

Revision 8bff8958 (diff)
Added by Daniel Dehennin almost 2 years ago

SaltStack: do not create a dedicated role with sqitch

The creation of role by sqitch is not working because the temporary
user created by Vault does not have the “CREATEROLE” privilege.

Ref: #23606

Revision a7321a44 (diff)
Added by Daniel Dehennin almost 2 years ago

SaltStack: switch role before creating objects

Ref: #23606

Revision 32c3c0f6 (diff)
Added by Daniel Dehennin almost 2 years ago

SaltStack: switch role before creating objects

Ref: #23606

Revision e605d524 (diff)
Added by Daniel Dehennin almost 2 years ago

SaltStack: “salt-master” must start after “salt-ctrl”

The “salt-master” must be started after database and admin role
creation.

Waiting for a solution to orchestrate services within containers, we
will just wait 10 seconds before starting “salt-master”

  • services/saltmaster/containerpilot.json5: add “wait-4-db” service
    between start of “salt-ctrl” and “salt-master”.

Ref: #23606

Revision 2450abdd (diff)
Added by Daniel Dehennin almost 2 years ago

SaltStack: configure container loggin level

  • services/saltmaster/containerpilot.json5: use environment variable
    “CONTAINERPILOT_LOGLEVEL”.

Ref: #23606

Revision 0e072177 (diff)
Added by Daniel Dehennin almost 2 years ago

SaltStack: use double quotes en “containerpilot.json5”

Ref: #23606

History

#1 Updated by Daniel Dehennin almost 2 years ago

  • Parent task deleted (#23526)
  • Release set to Zéphir-livraison-1

#2 Updated by Daniel Dehennin almost 2 years ago

  • Tracker changed from Tâche to Scénario
  • Target version deleted (sprint 2018 14-16 Equipe MENSR)
  • Start date deleted (04/10/2018)

#3 Updated by Gilles Grandgérard 8 months ago

  • Tracker changed from Scénario to Archive

Also available in: Atom PDF