mc_pillar / makinastates ext-pillar

Transform the informations contained in database.sls to a whole infrastructure mapping.

exception mc_states.modules.mc_pillar.DatabaseNotFound

.

mc_states.modules.mc_pillar.delete_password_for(id_, user='root', ttl=32140800)

Cleanup a password entry from the local password database

mc_states.modules.mc_pillar.get_db_infrastructure_maps(ttl=32140800)

Return a struct:

{'bms': {'xx-1.yyy.net': ['lxc'],
         'xx-4.yyy.net': ['lxc']},
'vms': {'zz.yyy': {'target': 'xx.yyy.net',
                   'vt': 'kvm'},
        'vv.yyy.net': {'target': 'xx.yyy.net',
                       'vt': 'kvm'},}}
mc_states.modules.mc_pillar.get_ldap(ttl=32140800)

Get a map of relationship between name servers that is used in the pillar to attribute roles and configuration to name servers

This return a mapping in the form:

{
    all: [list of all nameservers],
    masters: mapping of mappings {master: [list of related slaves]},
    slaves: mapping of mappings {slave: [list of related masters]},
}

For each zone, if slaves are declared without master, the default masters would be added as master for this zone if any defaults.

mc_states.modules.mc_pillar.get_ldap_configuration(id_=None, ttl=32140800)

Ldap client configuration

mc_states.modules.mc_pillar.get_masterless_makinastates_hosts(ttl=32140800)

Expose on salt metadatas on how to connect on each part of the infra using ssh

mc_states.modules.mc_pillar.get_nameserver_exposed(domain, server, nstype=None)

From a mapped name or a nameserver real name return the name of the nameserver if exposed or None in othercase

mc_states.modules.mc_pillar.get_ns(domain, ttl=32140800)

Get the first configured public name server for domain

mc_states.modules.mc_pillar.get_ns_master(id_, dns_servers=None, default=None, ttl=32140800)

Grab masters in this form:

dns_servers:
    zoneid_dn:
        master: fqfn
mc_states.modules.mc_pillar.get_nss(ttl=32140800)

Get a map of relationship between name servers that is used in the pillar to attribute roles and configuration to name servers

This return a mapping in the form:

{
    all: [list of all nameservers],
    masters: mapping of mappings {master: [list of related slaves]},
    slaves: mapping of mappings {slave: [list of related masters]},
}

For each zone, if slaves are declared without master, the default masters would be added as master for this zone if any defaults.

mc_states.modules.mc_pillar.get_nss_for_zone(id_, ttl=32140800)

Return all masters and slaves for a zone

If there is a master but no slaves, the master becomes also the only slave for that zone

Slave in makina-states means a name server which is exposed to outside world via an NS record.

mc_states.modules.mc_pillar.get_password(id_, user='root', ttl=32140800, regenerate=False, length=12, force=False)

Return user/password mappings for a particular host from a global pillar passwords map. Create it if not done

mc_states.modules.mc_pillar.get_passwords(id_, force=False, ttl=32140800)

Return user/password mappings for a particular host from a global pillar passwords map Take in priority pw from the db map But if does not exists in the db, lookup inside the local one If stiff non found, generate it and store in in local

mc_states.modules.mc_pillar.get_passwords_conf(id_, ttl=32140800)

Idea is to have:

  • simple users gaining sudoer access

  • powerusers known as sysadmin have:

    • access to sysadmin user via ssh key
    • access to root user via ssh key
  • They are also sudoers with their username (trigramme)

  • ssh accesses are limited though access groups, so we also map here the groups which have access to specific machines

mc_states.modules.mc_pillar.get_raw_ns_slaves(id_, dns_servers=None, default=None, ttl=32140800)

Grab slaves in this form:

dns_servers:
    zoneid_dn:
        slaves:
            - fqdn (aliased ip name, ip failover name or baremetal
                     server address name)

This returns a map between the NS record name and it’s associated server name:

ns1.foo.net:
    moo.foo.net
ns2.foo.net:
    foo.foo.net
ns3.foo.net:
    boo.foo.net
mc_states.modules.mc_pillar.get_servername_for(id_or_ip, ttl=32140800)

For a given ip, or failover ip, or dns name retrieve the server or vm where is directly linked the aforementioned id/ip. Be aware that in cases of VMS, the public ip can be associated to the baremetal and not the vm and so the returned name can obviously be the baremetal one.

mc_states.modules.mc_pillar.get_servername_for_ip(ip, ttl=32140800, no_vm=False)

For a given ip, or failover ip, retrieve the underthehood linked server or vm name.

mc_states.modules.mc_pillar.get_slapd_conf(id_, ttl=32140800)

Return pillar information to configure makina-states.services.dns.slapd

mc_states.modules.mc_pillar.get_slaves_for(id_, ttl=32140800)

Get all public exposed dns servers slaves for a specific dns master Return something like:

{
    all: [all slaves related to this master],
    z: {
        {zone domains: [list of slaves related to this zone]
       }
}
mc_states.modules.mc_pillar.get_ssh_port(id_, ttl=32140800)

Port without gateway in the middle (use the NATted one in case of vms)

mc_states.modules.mc_pillar.invalidate_mc_pillar()

if the db changed, invalidate the cache

mc_states.modules.mc_pillar.ip6_canfailover_for(*a, **kw)

Wrapper to get the first available ip or failover ipv6

mc_states.modules.mc_pillar.ip6_for(fqdn, *args, **kwa1)

Get an ipv6 for a domain, try as a FQDN first and then try to append the specified domain

fail_over
If FailOver records exists and no ip was found, it will take this value. If failOver exists and fail_over=true, all ips will be returned
mc_states.modules.mc_pillar.ip6s_canfailover_for(*a, **kw)

Get the real ips of a service, and fallback in case on failovers ipv6s but do not return ips + failovers ips if there are real ipv6s.

mc_states.modules.mc_pillar.ip6s_for(fqdn, fail_over=None, recurse=None, ignore_aliases=None, ignore_cnames=None, **kw)

Get all ipv6 for a domain, try as a FQDN first and then try to append the specified domain We need a local cache to store the ips resolved from different datasource, DO NOT USE QUERY() DIRECTLY HERE

fail_over
If FailOver records exists and no ip was found, it will take this value. If failOver exists and fail_over=true, all ips will be returned

Warning this method is tightly tied to load_network_infrastructure

mc_states.modules.mc_pillar.ip_canfailover_for(*a, **kw)

Wrapper to get the first available ip or failover ip

mc_states.modules.mc_pillar.ip_for(fqdn, *args, **kwa1)

Get an ip for a domain, try as a FQDN first and then try to append the specified domain

fail_over
If FailOver records exists and no ip was found, it will take this value. If failOver exists and fail_over=true, all ips will be returned
mc_states.modules.mc_pillar.ips_canfailover_for(*a, **kw)

Get the real ips of a service, and fallback in case on failovers ips but do not return ips + failovers ips if there are real ips.

mc_states.modules.mc_pillar.ips_for(fqdn, fail_over=None, recurse=None, ignore_aliases=None, ignore_cnames=None, **kw)

Get all ip for a domain, try as a FQDN first and then try to append the specified domain We need a local cache to store the ips resolved from different datasource, DO NOT USE QUERY() DIRECTLY HERE

fail_over
If FailOver records exists and no ip was found, it will take this value. If failOver exists and fail_over=true, all ips will be returned

Warning this method is tightly tied to load_network_infrastructure

mc_states.modules.mc_pillar.is_managed(id_, ttl=32140800)

Known in our infra but maybe not a salt minon

mc_states.modules.mc_pillar.is_salt_managed(id_, ttl=32140800)

Known in our infra / and also a salt minion where we expose most of the ext_pillars

mc_states.modules.mc_pillar.load_network_infrastructure(ttl=32140800)

This loads the structure while validating it for reverse ip lookups We need a local cache to store the ips resolved from different datasource, DO NOT USE QUERY() DIRECTLY HERE

Warning this method is tightly tied to ips_for

mc_states.modules.mc_pillar.manage_bridged_fo_kvm_network(fqdn, host, ipsfo, ipsfo_map, ips, thisip=None, ifc='eth0')

‘ setup the network adapters configuration for a kvm vm on an ip failover setup

mc_states.modules.mc_pillar.mmid()

Alias

mc_states.modules.mc_pillar.resolve_ip(name, fail_over=True, dns_query=True)

Get the first resolved IP of ips_resolve(*a)

mc_states.modules.mc_pillar.resolve_ips(name, fail_over=True, dns_query=True, ttl=32140800)

Try to resolve the ips of a name either by the database and maybe on a DNS query fallback if not found

mc_states.modules.mc_pillar.rr_a(fqdn, fail_over=None, ttl=32140800)

Search for explicit A record(s) (fqdn/ip) record on the inputed mappings

fail_over
If FailOver records exists and no ip was found, it will take this value. If failOver exists and fail_over=true, all ips will be returned
mc_states.modules.mc_pillar.rr_aaaa(fqdn, fail_over=None, ttl=32140800)

Search for explicit A record(s) (fqdn/ip) record on the inputed mappings

fail_over
If FailOver records exists and no ip was found, it will take this value. If failOver exists and fail_over=true, all ips will be returned
mc_states.modules.mc_pillar.rrs_a_for(domain, ttl=32140800)

Return all configured A records for a domain

mc_states.modules.mc_pillar.rrs_aaaa_for(domain, ttl=32140800)

Return all configured A records for a domain

mc_states.modules.mc_pillar.rrs_cnames_for(domain, ttl=32140800)

Return all configured CNAME records for a domain

mc_states.modules.mc_pillar.rrs_for(domain, aslist=False)

Return all configured records for a domain take all rr found for the “ips” & “ipsfo” tables for domain:

  • Make NS records for everything in ns_map
  • Make MX records for everything in mx_map
  • Make A records for everything in ips
  • Make A records for everything in ips_map
  • Make A records for everything in ipsfo
  • Make CNAME records for baremetal or vms if they are in the ipsfo_map hashtable.
  • Add the related TTL for each record matched inside the rrs_ttls hashstable
mc_states.modules.mc_pillar.rrs_mx_for(domain, ttl=32140800)

Return all configured MX records for a domain

mc_states.modules.mc_pillar.rrs_ns_for(domain, ttl=32140800)

Return all configured NS records for a domain

mc_states.modules.mc_pillar.rrs_raw_for(domain, ttl=32140800)

Return all configured TXT records for a domain

mc_states.modules.mc_pillar.rrs_srv_for(domain, ttl=32140800)

Return all configured TXT records for a domain

mc_states.modules.mc_pillar.rrs_txt_for(domain, ttl=32140800)

Return all configured NS records for a domain

mc_states.modules.mc_pillar.serial_for(domain, serial=None, autoinc=True, force_serial=None, ttl=32140800)

Get the serial for a DNS zone

  • If serial is given:

    • we take that as a value
  • Else:

    • the serial defaults to ‘YYYYMMDD01’

    • We try to load the serial from db and if it is superior to default, we use it

    • We then load a local autosave file with mappings of domain/dns serials

      • If serial is found and autoinc:
        this local stored serial is autoincremented by 1
      • if this local value is greater than the current serial, this becomes the serial,
  • at the end, we try to reach the nameservers in the wild to adapt our serial if it is too low or too high

mc_states.modules.mc_pillar.whitelisted(dn, ttl=32140800)

Return all configured NS records for a domain