Skip to content
Snippets Groups Projects
Commit 34dd64b6 authored by Tobias Jungel's avatar Tobias Jungel
Browse files

feat(networkd): allow configuration of file attributes

Allow to configure user/group/mode of networkd configuration files to
set e.g. systemd-networkd or a specific mode for sensitive
configuration.
parent f4be1ed2
No related branches found
No related tags found
No related merge requests found
...@@ -121,12 +121,17 @@ systemd: ...@@ -121,12 +121,17 @@ systemd:
## networkd ## networkd
networkd: networkd:
fileattr:
br0.network:
user: systemd-network
group: systemd-network
mode: "0600"
profiles: profiles:
network: network:
# eth0.network # br0.network
eth0: br0:
- Match: - Match:
- Name: eth0 - Name: br0
- Network: - Network:
- DHCP: "yes" - DHCP: "yes"
......
...@@ -22,6 +22,7 @@ systemd: ...@@ -22,6 +22,7 @@ systemd:
# networkctl reload is available since systemd 244 # networkctl reload is available since systemd 244
networkctl_reload: false networkctl_reload: false
pkg: {} pkg: {}
fileattr: {}
path: /etc/systemd/network path: /etc/systemd/network
service: systemd-networkd service: systemd-networkd
wait_online: true wait_online: true
......
...@@ -10,21 +10,33 @@ include: ...@@ -10,21 +10,33 @@ include:
- systemd.networkd.reload - systemd.networkd.reload
{%- endif %} {%- endif %}
{% if profiles is mapping %} {%- if profiles is mapping %}
{% for networkdprofile, types in profiles.items() %}
{% for profile, profileconfig in types.items() %}
/etc/systemd/network/{{ profile }}.{{ networkdprofile }}: /etc/systemd/network:
file.managed: file.directory:
- template: jinja
- source: salt://systemd/networkd/templates/profile.jinja
- user: root - user: root
- group: root - group: root
- mode: '0644'
- makedirs: true - makedirs: true
- dir_mode: 755 - dir_mode: 755
{%- for networkdprofile, types in profiles.items() %}
{%- for profile, profileconfig in types.items() %}
{%- set filename = profile ~ "." ~ networkdprofile %}
{%- set user = networkd.fileattr.get(filename, {}).user | default("root") %}
{%- set group = networkd.fileattr.get(filename, {}).group | default("root") %}
{%- set mode = networkd.fileattr.get(filename, {}).mode | default("0644") %}
/etc/systemd/network/{{ filename }}:
file.managed:
- template: jinja
- source: salt://systemd/networkd/templates/profile.jinja
- user: {{ user }}
- group: {{ group }}
- mode: {{ mode }}
- context: - context:
config: {{ profileconfig|json }} config: {{ profileconfig|json }}
- require:
- file: /etc/systemd/network
{%- if networkd.networkctl_reload %} {%- if networkd.networkctl_reload %}
- watch_in: - watch_in:
- cmd: systemd-networkd-reload-cmd-wait - cmd: systemd-networkd-reload-cmd-wait
......
...@@ -14,11 +14,11 @@ control 'Systemd Networkd' do ...@@ -14,11 +14,11 @@ control 'Systemd Networkd' do
it { should_not exist } it { should_not exist }
end end
describe file('/etc/systemd/network/eth0.network') do describe file('/etc/systemd/network/br0.network') do
its('type') { should eq :file } its('type') { should eq :file }
its('mode') { should cmp '0644' } its('mode') { should cmp '0600' }
its('owner') { should eq 'root' } its('owner') { should eq 'systemd-network' }
its('group') { should eq 'root' } its('group') { should eq 'systemd-network' }
end end
describe file('/etc/systemd/network/br0.netdev') do describe file('/etc/systemd/network/br0.netdev') do
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment