From 04bb63811f68fa47a847263f9469343934bda029 Mon Sep 17 00:00:00 2001 From: Deimos Date: Tue, 22 Jan 2019 20:57:07 -0700 Subject: [PATCH] Salt: split Redis passwords server to own state The monitoring server needs Redis, but not the separate server that's used for the breached-passwords bloom filter in dev/prod. This splits that server out to its own state, so that it doesn't need to be set up on the monitoring server. --- salt/salt/redis/breached-passwords.sls | 29 +++++++++++++++++++++++++ salt/salt/redis/init.sls | 30 -------------------------- salt/salt/top.sls | 1 + 3 files changed, 30 insertions(+), 30 deletions(-) create mode 100644 salt/salt/redis/breached-passwords.sls diff --git a/salt/salt/redis/breached-passwords.sls b/salt/salt/redis/breached-passwords.sls new file mode 100644 index 0000000..39f4807 --- /dev/null +++ b/salt/salt/redis/breached-passwords.sls @@ -0,0 +1,29 @@ +/run/redis_breached_passwords: + file.directory: + - user: redis + - group: redis + - mode: 755 + - require: + - user: redis-user + +/etc/redis_breached_passwords.conf: + file.managed: + - source: salt://redis/redis_breached_passwords.conf + - user: redis + - group: redis + - mode: 600 + +/etc/systemd/system/redis_breached_passwords.service: + file.managed: + - source: salt://redis/redis_breached_passwords.service + - user: root + - group: root + - mode: 644 + - require_in: + - service: redis_breached_passwords.service + +redis_breached_passwords.service: + service.running: + - enable: True + - watch: + - file: /etc/redis_breached_passwords.conf diff --git a/salt/salt/redis/init.sls b/salt/salt/redis/init.sls index 245f601..eb2d41e 100644 --- a/salt/salt/redis/init.sls +++ b/salt/salt/redis/init.sls @@ -112,33 +112,3 @@ redis.service: - require: - user: redis-user - cmd: install-redis - -/run/redis_breached_passwords: - file.directory: - - user: redis - - group: redis - - mode: 755 - - require: - - user: redis-user - -/etc/redis_breached_passwords.conf: - file.managed: - - source: salt://redis/redis_breached_passwords.conf - - user: redis - - group: redis - - mode: 600 - -/etc/systemd/system/redis_breached_passwords.service: - file.managed: - - source: salt://redis/redis_breached_passwords.service - - user: root - - group: root - - mode: 644 - - require_in: - - service: redis_breached_passwords.service - -redis_breached_passwords.service: - service.running: - - enable: True - - watch: - - file: /etc/redis_breached_passwords.conf diff --git a/salt/salt/top.sls b/salt/salt/top.sls index b829b43..ccfb711 100644 --- a/salt/salt/top.sls +++ b/salt/salt/top.sls @@ -8,6 +8,7 @@ base: - postgresql.pgbouncer - python - redis + - redis.breached-passwords - redis.modules.rebloom - redis.modules.redis-cell - rabbitmq