From 330297755f1656d50942d8df681f09047f808d0d Mon Sep 17 00:00:00 2001 From: Ee Durbin Date: Wed, 17 Jul 2024 12:25:48 -0400 Subject: [PATCH 1/2] local-dev: ensure pebble can access salt-master on the correct network Something changed in networking that caused salt-master.vagrant.psf.io to resolve on the .60 address which emulates the "public network". Since salt-master's pebble service is firewalled on that network, local pebble wasn't working --- salt/bugs/init.sls | 9 +++++++++ salt/planet/init.sls | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/salt/bugs/init.sls b/salt/bugs/init.sls index 0b0ebfb3..8cf065da 100644 --- a/salt/bugs/init.sls +++ b/salt/bugs/init.sls @@ -4,6 +4,15 @@ include: - tls.lego - nginx +{% if pillar["dc"] == "vagrant" %} +salt-master: + host.present: + - ip: 192.168.50.2 + - names: + - salt-master.vagrant.psf.io + - salt-master +{% endif %} + lego_bootstrap: cmd.run: - name: /usr/local/bin/lego -a --email="infrastructure-staff@python.org" {% if pillar["dc"] == "vagrant" %}--server=https://salt-master.vagrant.psf.io:14000/dir{% endif %} --domains="{{ grains['fqdn'] }}" {%- for domain in pillar['bugs']['subject_alternative_names'] %} --domains {{ domain }}{%- endfor %} --http --path /etc/lego --key-type ec256 run diff --git a/salt/planet/init.sls b/salt/planet/init.sls index 00f8a9ad..1f3f4fb5 100644 --- a/salt/planet/init.sls +++ b/salt/planet/init.sls @@ -20,6 +20,15 @@ planet-user: - require: - file: /etc/nginx/sites.d/ +{% if pillar["dc"] == "vagrant" %} +salt-master: + host.present: + - ip: 192.168.50.2 + - names: + - salt-master.vagrant.psf.io + - salt-master +{% endif %} + lego_bootstrap: cmd.run: - name: /usr/local/bin/lego -a --email="infrastructure-staff@python.org" {% if pillar["dc"] == "vagrant" %}--server=https://salt-master.vagrant.psf.io:14000/dir{% endif %} --domains="{{ grains['fqdn'] }}" {%- for domain in pillar['planet']['subject_alternative_names'] %} --domains {{ domain }}{%- endfor %} --http --path /etc/lego --key-type ec256 run From 51c92649b13befd12e1eeced9fbc0272fb968cbd Mon Sep 17 00:00:00 2001 From: Ee Durbin Date: Wed, 17 Jul 2024 12:38:20 -0400 Subject: [PATCH 2/2] move to shared `lego` state rather than each user --- salt/bugs/init.sls | 9 --------- salt/planet/init.sls | 9 --------- salt/tls/lego.sls | 9 +++++++++ 3 files changed, 9 insertions(+), 18 deletions(-) diff --git a/salt/bugs/init.sls b/salt/bugs/init.sls index 8cf065da..0b0ebfb3 100644 --- a/salt/bugs/init.sls +++ b/salt/bugs/init.sls @@ -4,15 +4,6 @@ include: - tls.lego - nginx -{% if pillar["dc"] == "vagrant" %} -salt-master: - host.present: - - ip: 192.168.50.2 - - names: - - salt-master.vagrant.psf.io - - salt-master -{% endif %} - lego_bootstrap: cmd.run: - name: /usr/local/bin/lego -a --email="infrastructure-staff@python.org" {% if pillar["dc"] == "vagrant" %}--server=https://salt-master.vagrant.psf.io:14000/dir{% endif %} --domains="{{ grains['fqdn'] }}" {%- for domain in pillar['bugs']['subject_alternative_names'] %} --domains {{ domain }}{%- endfor %} --http --path /etc/lego --key-type ec256 run diff --git a/salt/planet/init.sls b/salt/planet/init.sls index 1f3f4fb5..00f8a9ad 100644 --- a/salt/planet/init.sls +++ b/salt/planet/init.sls @@ -20,15 +20,6 @@ planet-user: - require: - file: /etc/nginx/sites.d/ -{% if pillar["dc"] == "vagrant" %} -salt-master: - host.present: - - ip: 192.168.50.2 - - names: - - salt-master.vagrant.psf.io - - salt-master -{% endif %} - lego_bootstrap: cmd.run: - name: /usr/local/bin/lego -a --email="infrastructure-staff@python.org" {% if pillar["dc"] == "vagrant" %}--server=https://salt-master.vagrant.psf.io:14000/dir{% endif %} --domains="{{ grains['fqdn'] }}" {%- for domain in pillar['planet']['subject_alternative_names'] %} --domains {{ domain }}{%- endfor %} --http --path /etc/lego --key-type ec256 run diff --git a/salt/tls/lego.sls b/salt/tls/lego.sls index fb1da6a3..074fff77 100644 --- a/salt/tls/lego.sls +++ b/salt/tls/lego.sls @@ -1,6 +1,15 @@ include: - nginx +{% if pillar["dc"] == "vagrant" %} +salt-master: + host.present: + - ip: 192.168.50.2 + - names: + - salt-master.vagrant.psf.io + - salt-master +{% endif %} + crypto_packages: pkg.installed: - pkgs: