Improve salt setup
This commit improves the salt setup of the Vagrant box: - Salt output is reduced to log level warning - Hosts entries are created for the internal IPs of all planned gva component VMs - .bashrc and a .bash_functions sourced from it are now managed for the vagrant user - the VM name has been changed to gva.local - recent salt versions do not depend on m2crypto anymore, therefore it is now installed before x509certificate functions are called - the rabbitmq_vhost for gva is now setup before any users are created because the previous implementation was broken with recent salt versions - the gnuviechadmin-locale-data-compile step has been simplified because Django 1.9's compilemessages takes care of recursive .mo file compilation - pillar data has been separated by role (especially queue permissions and credentials) - salt configuration is now unified with gvaldap
This commit is contained in:
parent
f1f0e35ea1
commit
6147a90066
36 changed files with 523 additions and 188 deletions
5
Vagrantfile
vendored
5
Vagrantfile
vendored
|
@ -14,7 +14,7 @@ Vagrant.configure(2) do |config|
|
|||
# boxes at https://atlas.hashicorp.com/search.
|
||||
config.vm.box = "debian/jessie64"
|
||||
|
||||
config.vm.hostname = "gva-dev"
|
||||
config.vm.hostname = "gva.local"
|
||||
|
||||
# Disable automatic box update checking. If you disable this, then
|
||||
# boxes will only be checked for updates when the user runs
|
||||
|
@ -60,10 +60,11 @@ Vagrant.configure(2) do |config|
|
|||
|
||||
config.vm.provision :salt do |salt|
|
||||
salt.bootstrap_script = "salt/bootstrap.sh"
|
||||
salt.minion_id = "gvadev"
|
||||
salt.minion_id = "gva.local"
|
||||
salt.masterless = true
|
||||
salt.run_highstate = true
|
||||
salt.verbose = true
|
||||
salt.colorize = true
|
||||
salt.log_level = "warning"
|
||||
end
|
||||
end
|
||||
|
|
|
@ -27,6 +27,7 @@ EOF
|
|||
|
||||
cat >/etc/salt/grains <<EOF
|
||||
roles:
|
||||
- rabbitmq-server
|
||||
- gnuviechadmin.database
|
||||
- gnuviechadmin.queues
|
||||
- gnuviechadmin.webinterface
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
include:
|
||||
- gnuviechadmin.database.common
|
||||
|
||||
gnuviechadmin-database:
|
||||
owner:
|
||||
user: gnuviechadmin
|
||||
password: k4TG0oWeJ08urz697GVfavjK
|
||||
gnuviechadmin:
|
||||
database:
|
||||
owner:
|
||||
user: gnuviechadmin
|
||||
password: k4TG0oWeJ08urz697GVfavjK
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
gnuviechadmin-database:
|
||||
database: gnuviechadmin
|
||||
hostname: localhost
|
||||
port: 5432
|
||||
gnuviechadmin:
|
||||
database:
|
||||
name: gnuviechadmin
|
||||
host: localhost
|
||||
port: 5432
|
||||
|
|
8
salt/pillar/gnuviechadmin/gvaldap.sls
Normal file
8
salt/pillar/gnuviechadmin/gvaldap.sls
Normal file
|
@ -0,0 +1,8 @@
|
|||
include:
|
||||
- gnuviechadmin.queues.common
|
||||
- gnuviechadmin.queues.gvaldap
|
||||
|
||||
gnuviechadmin:
|
||||
component:
|
||||
name: gvaldap
|
||||
amqp_user: ldap
|
|
@ -1,21 +1,16 @@
|
|||
include:
|
||||
- gnuviechadmin.database
|
||||
- gnuviechadmin.queues
|
||||
|
||||
gnuviechadmin:
|
||||
deploymenttype: local
|
||||
mailfrom: admin@gnuviech-server.de
|
||||
adminemail: admin@gnuviech-server.de
|
||||
sitename: Gnuviech Customer Self Service
|
||||
domainname: localhost
|
||||
virtualenv: /home/vagrant/gva-venv
|
||||
devinstance: True
|
||||
minosuid: 10000
|
||||
minosgid: 10000
|
||||
osuserprefix: usr
|
||||
osuserhomedirbase: /home
|
||||
osuserdefaultshell: /usr/bin/rssh
|
||||
uploadserver: upload.example.com
|
||||
uploadserver: gvafile.local
|
||||
webmail_url: https://webmail.example.com/
|
||||
phpmyadmin_url: https://phpmyadmin.example.com/
|
||||
phppgadmin_url: https://phppgadmin.example.com/
|
||||
|
|
|
@ -1,62 +1,77 @@
|
|||
gnuviechadmin-queues:
|
||||
vhost: /gnuviechadmin
|
||||
owner:
|
||||
user: gnuviechadmin
|
||||
password: WxyKeo7Xunhwv29C
|
||||
users:
|
||||
cli:
|
||||
password: bUQ4QEB8yQEfsB0i
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
quotajob:
|
||||
password: TaNoj2H3ZNDIz1rt
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '^quotatool$'
|
||||
- '^quotatool$'
|
||||
- '^quotatool|amq.default$'
|
||||
tags:
|
||||
ldap:
|
||||
password: tl0ALc4aQBAl0W2e
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
file:
|
||||
password: StR6EgMjLyNGP1F8
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
mysql:
|
||||
password: Bhruvz8Oe9rXxRc7
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
pgsql:
|
||||
password: rWOawAtb7MEmGZo3
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
web:
|
||||
password: 1fBXqCu175rU7SWA
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
include:
|
||||
- gnuviechadmin.queues.common
|
||||
- gnuviechadmin.queues.gvaldap
|
||||
- gnuviechadmin.queues.gvafile
|
||||
- gnuviechadmin.queues.cli
|
||||
- gnuviechadmin.queues.gva
|
||||
- gnuviechadmin.queues.gvamysql
|
||||
- gnuviechadmin.queues.gvapgsql
|
||||
- gnuviechadmin.queues.gvaweb
|
||||
|
||||
gnuviechadmin:
|
||||
queues:
|
||||
users:
|
||||
ldap:
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
file:
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
gva:
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
mysql:
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
pgsql:
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
web:
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
cli:
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
quotajob:
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '^quotatool$'
|
||||
- '^quotatool$'
|
||||
- '^quotatool|amq.default$'
|
||||
tags:
|
||||
admin:
|
||||
password: MmE3Iwylj8Sgy46Z
|
||||
perms:
|
||||
'/gnuviechadmin':
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
tags:
|
||||
- administrator
|
||||
|
|
7
salt/pillar/gnuviechadmin/queues/cli.sls
Normal file
7
salt/pillar/gnuviechadmin/queues/cli.sls
Normal file
|
@ -0,0 +1,7 @@
|
|||
gnuviechadmin:
|
||||
queues:
|
||||
users:
|
||||
cli:
|
||||
password: bUQ4QEB8yQEfsB0i
|
||||
quotajob:
|
||||
password: TaNoj2H3ZNDIz1rt
|
3
salt/pillar/gnuviechadmin/queues/common.sls
Normal file
3
salt/pillar/gnuviechadmin/queues/common.sls
Normal file
|
@ -0,0 +1,3 @@
|
|||
gnuviechadmin:
|
||||
queues:
|
||||
vhost: /gnuviechadmin
|
5
salt/pillar/gnuviechadmin/queues/gva.sls
Normal file
5
salt/pillar/gnuviechadmin/queues/gva.sls
Normal file
|
@ -0,0 +1,5 @@
|
|||
gnuviechadmin:
|
||||
queues:
|
||||
users:
|
||||
gva:
|
||||
password: Y5KmkIou7o8J9jV5
|
5
salt/pillar/gnuviechadmin/queues/gvafile.sls
Normal file
5
salt/pillar/gnuviechadmin/queues/gvafile.sls
Normal file
|
@ -0,0 +1,5 @@
|
|||
gnuviechadmin:
|
||||
queues:
|
||||
users:
|
||||
file:
|
||||
password: StR6EgMjLyNGP1F8
|
5
salt/pillar/gnuviechadmin/queues/gvaldap.sls
Normal file
5
salt/pillar/gnuviechadmin/queues/gvaldap.sls
Normal file
|
@ -0,0 +1,5 @@
|
|||
gnuviechadmin:
|
||||
queues:
|
||||
users:
|
||||
ldap:
|
||||
password: tl0ALc4aQBAl0W2e
|
5
salt/pillar/gnuviechadmin/queues/gvamysql.sls
Normal file
5
salt/pillar/gnuviechadmin/queues/gvamysql.sls
Normal file
|
@ -0,0 +1,5 @@
|
|||
gnuviechadmin:
|
||||
queues:
|
||||
users:
|
||||
mysql:
|
||||
password: Bhruvz8Oe9rXxRc7
|
5
salt/pillar/gnuviechadmin/queues/gvapgsql.sls
Normal file
5
salt/pillar/gnuviechadmin/queues/gvapgsql.sls
Normal file
|
@ -0,0 +1,5 @@
|
|||
gnuviechadmin:
|
||||
queues:
|
||||
users:
|
||||
pgsql:
|
||||
password: rWOawAtb7MEmGZo3
|
5
salt/pillar/gnuviechadmin/queues/gvaweb.sls
Normal file
5
salt/pillar/gnuviechadmin/queues/gvaweb.sls
Normal file
|
@ -0,0 +1,5 @@
|
|||
gnuviechadmin:
|
||||
queues:
|
||||
users:
|
||||
web:
|
||||
password: 1fBXqCu175rU7SWA
|
9
salt/pillar/gnuviechadmin/webinterface.sls
Normal file
9
salt/pillar/gnuviechadmin/webinterface.sls
Normal file
|
@ -0,0 +1,9 @@
|
|||
include:
|
||||
- gnuviechadmin.queues.common
|
||||
- gnuviechadmin.queues.gva
|
||||
|
||||
gnuviechadmin:
|
||||
component:
|
||||
name: gva
|
||||
amqp_user: gva
|
||||
python_module: gnuviechadmin
|
|
@ -1,3 +1,8 @@
|
|||
base:
|
||||
'*':
|
||||
- gnuviechadmin
|
||||
{% for role in ('database', 'queues', 'webinterface', 'gvaldap', 'gvafile', 'gvamysql', 'gvapgsql', 'gvaweb') %}
|
||||
'roles:gnuviechadmin.{{ role }}':
|
||||
- match: grain
|
||||
- gnuviechadmin.{{ role }}
|
||||
{% endfor %}
|
25
salt/roots/base/bash_functions
Normal file
25
salt/roots/base/bash_functions
Normal file
|
@ -0,0 +1,25 @@
|
|||
#!/bin/bash
|
||||
|
||||
function devenv
|
||||
{
|
||||
. $HOME/gvasettings.sh
|
||||
. {{ venv }}/bin/activate
|
||||
cd {{ appdir }}
|
||||
}
|
||||
|
||||
function testenv
|
||||
{
|
||||
devenv
|
||||
export DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE%%.local}.test
|
||||
}
|
||||
|
||||
function settitle
|
||||
{
|
||||
if [ -n "$STY" ] ; then # We are in a screen session
|
||||
echo "Setting screen titles to $@"
|
||||
printf "\033k%s\033\\" "$@"
|
||||
screen -X eval "at \\# title $@" "shelltitle $@"
|
||||
else
|
||||
printf "\033]0;%s\007" "$@"
|
||||
fi
|
||||
}
|
117
salt/roots/base/bashrc
Normal file
117
salt/roots/base/bashrc
Normal file
|
@ -0,0 +1,117 @@
|
|||
# ~/.bashrc: executed by bash(1) for non-login shells.
|
||||
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
|
||||
# for examples
|
||||
|
||||
# If not running interactively, don't do anything
|
||||
case $- in
|
||||
*i*) ;;
|
||||
*) return;;
|
||||
esac
|
||||
|
||||
# don't put duplicate lines or lines starting with space in the history.
|
||||
# See bash(1) for more options
|
||||
HISTCONTROL=ignoreboth
|
||||
|
||||
# append to the history file, don't overwrite it
|
||||
shopt -s histappend
|
||||
|
||||
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
|
||||
HISTSIZE=1000
|
||||
HISTFILESIZE=2000
|
||||
|
||||
# check the window size after each command and, if necessary,
|
||||
# update the values of LINES and COLUMNS.
|
||||
shopt -s checkwinsize
|
||||
|
||||
# If set, the pattern "**" used in a pathname expansion context will
|
||||
# match all files and zero or more directories and subdirectories.
|
||||
#shopt -s globstar
|
||||
|
||||
# make less more friendly for non-text input files, see lesspipe(1)
|
||||
#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
|
||||
|
||||
# set variable identifying the chroot you work in (used in the prompt below)
|
||||
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
|
||||
debian_chroot=$(cat /etc/debian_chroot)
|
||||
fi
|
||||
|
||||
# set a fancy prompt (non-color, unless we know we "want" color)
|
||||
case "$TERM" in
|
||||
xterm-color) color_prompt=yes;;
|
||||
esac
|
||||
|
||||
# uncomment for a colored prompt, if the terminal has the capability; turned
|
||||
# off by default to not distract the user: the focus in a terminal window
|
||||
# should be on the output of commands, not on the prompt
|
||||
#force_color_prompt=yes
|
||||
|
||||
if [ -n "$force_color_prompt" ]; then
|
||||
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
|
||||
# We have color support; assume it's compliant with Ecma-48
|
||||
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
|
||||
# a case would tend to support setf rather than setaf.)
|
||||
color_prompt=yes
|
||||
else
|
||||
color_prompt=
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$color_prompt" = yes ]; then
|
||||
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
|
||||
else
|
||||
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
|
||||
fi
|
||||
unset color_prompt force_color_prompt
|
||||
|
||||
# If this is an xterm set the title to user@host:dir
|
||||
case "$TERM" in
|
||||
xterm*|rxvt*)
|
||||
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
esac
|
||||
|
||||
# enable color support of ls and also add handy aliases
|
||||
if [ -x /usr/bin/dircolors ]; then
|
||||
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
|
||||
alias ls='ls --color=auto'
|
||||
#alias dir='dir --color=auto'
|
||||
#alias vdir='vdir --color=auto'
|
||||
|
||||
#alias grep='grep --color=auto'
|
||||
#alias fgrep='fgrep --color=auto'
|
||||
#alias egrep='egrep --color=auto'
|
||||
fi
|
||||
|
||||
# colored GCC warnings and errors
|
||||
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
|
||||
|
||||
# some more ls aliases
|
||||
#alias ll='ls -l'
|
||||
#alias la='ls -A'
|
||||
#alias l='ls -CF'
|
||||
|
||||
# Alias definitions.
|
||||
# You may want to put all your additions into a separate file like
|
||||
# ~/.bash_aliases, instead of adding them here directly.
|
||||
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
|
||||
|
||||
if [ -f ~/.bash_aliases ]; then
|
||||
. ~/.bash_aliases
|
||||
fi
|
||||
|
||||
# enable programmable completion features (you don't need to enable
|
||||
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
|
||||
# sources /etc/bash.bashrc).
|
||||
if ! shopt -oq posix; then
|
||||
if [ -f /usr/share/bash-completion/bash_completion ]; then
|
||||
. /usr/share/bash-completion/bash_completion
|
||||
elif [ -f /etc/bash_completion ]; then
|
||||
. /etc/bash_completion
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f ~/.bash_functions ]; then
|
||||
. ~/.bash_functions
|
||||
fi
|
|
@ -15,3 +15,16 @@ base-packages:
|
|||
update-system:
|
||||
pkg.uptodate:
|
||||
- refresh: True
|
||||
|
||||
/home/vagrant/bin:
|
||||
file.directory:
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- mode: 0750
|
||||
|
||||
/home/vagrant/.bashrc:
|
||||
file.managed:
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- mode: 0644
|
||||
- source: salt://base/bashrc
|
||||
|
|
98
salt/roots/gnuviechadmin/base.sls
Normal file
98
salt/roots/gnuviechadmin/base.sls
Normal file
|
@ -0,0 +1,98 @@
|
|||
{% from 'gnuviechadmin/vars.sls' import home, gva_component, gva_amqp_user, checkout, appdir, venv %}
|
||||
|
||||
gva.local:
|
||||
host.present:
|
||||
- ip: 172.16.3.2
|
||||
- names:
|
||||
- mq
|
||||
- gva.local
|
||||
|
||||
gvaldap.local:
|
||||
host.present:
|
||||
- ip: 172.16.3.3
|
||||
|
||||
gvafile.local:
|
||||
host.present:
|
||||
- ip: 172.16.3.4
|
||||
|
||||
gvaweb.local:
|
||||
host.present:
|
||||
- ip: 172.16.3.5
|
||||
|
||||
gvamysql.local:
|
||||
host.present:
|
||||
- ip: 172.16.3.6
|
||||
|
||||
gvapgsql.local:
|
||||
host.present:
|
||||
- ip: 172.16.3.7
|
||||
|
||||
gnuviechadmin-packages:
|
||||
pkg.installed:
|
||||
- pkgs:
|
||||
- libyaml-dev
|
||||
- python-virtualenv
|
||||
- python-dev
|
||||
- python-pip
|
||||
- gettext
|
||||
|
||||
{{ home }}/gvasettings.sh:
|
||||
file.managed:
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- mode: 0640
|
||||
- source: salt://gnuviechadmin/{{ gva_component }}/settings.sh
|
||||
- template: jinja
|
||||
- context:
|
||||
broker_url: {{ 'amqp://%s:%s@mq/%s' % (gva_amqp_user, salt['pillar.get']('gnuviechadmin:queues:users:%s:password' % gva_amqp_user), salt['pillar.get']('gnuviechadmin:queues:vhost')) }}
|
||||
|
||||
gnuviechadmin-venv:
|
||||
cmd.run:
|
||||
- name: virtualenv {{ venv }}
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- unless: test -f {{ venv }}/bin/pip
|
||||
|
||||
gnuviechadmin-requires:
|
||||
cmd.run:
|
||||
- name: {{ venv }}/bin/pip install -U -r requirements/local.txt && touch {{ venv }}/lastinstall
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- cwd: {{ checkout }}
|
||||
- require:
|
||||
- cmd: gnuviechadmin-venv
|
||||
- pkg: gnuviechadmin-packages
|
||||
- unless: test -e {{ venv }}/lastinstall && test {{ checkout }}/requirements/local.txt -ot {{ venv }}/lastinstall && test {{ checkout }}/requirements/base.txt -ot {{ venv }}/lastinstall
|
||||
|
||||
gnuviechadmin-dbschema:
|
||||
cmd.wait:
|
||||
- name: . {{ home }}/gvasettings.sh ; unset LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME ; {{ venv }}/bin/python manage.py migrate --noinput
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- cwd: {{ appdir }}
|
||||
- watch:
|
||||
- cmd: gnuviechadmin-requires
|
||||
- file: {{ home }}/gvasettings.sh
|
||||
|
||||
gnuviechadmin-locale-data-compile:
|
||||
cmd.wait:
|
||||
- name: . {{ home }}/gvasettings.sh ; {{ venv }}/bin/python {{ appdir }}/manage.py compilemessages
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- cwd: {{ appdir }}
|
||||
- require:
|
||||
- pkg: gnuviechadmin-packages
|
||||
- file: {{ home }}/gvasettings.sh
|
||||
- cmd: gnuviechadmin-venv
|
||||
|
||||
/home/vagrant/.bash_functions:
|
||||
file.managed:
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- mode: 0644
|
||||
- source: salt://base/bash_functions
|
||||
- template: jinja
|
||||
- context:
|
||||
home: {{ home }}
|
||||
venv: {{ venv }}
|
||||
appdir: {{ appdir }}
|
25
salt/roots/gnuviechadmin/bash_functions
Normal file
25
salt/roots/gnuviechadmin/bash_functions
Normal file
|
@ -0,0 +1,25 @@
|
|||
#!/bin/bash
|
||||
|
||||
function devenv
|
||||
{
|
||||
. $HOME/gvasettings.sh
|
||||
. $HOME/gva-venv/bin/activate
|
||||
cd /vagrant/gnuviechadmin
|
||||
}
|
||||
|
||||
function testenv
|
||||
{
|
||||
devenv
|
||||
export DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE%%.local}.test
|
||||
}
|
||||
|
||||
function settitle
|
||||
{
|
||||
if [ -n "$STY" ] ; then # We are in a screen session
|
||||
echo "Setting screen titles to $@"
|
||||
printf "\033k%s\033\\" "$@"
|
||||
screen -X eval "at \\# title $@" "shelltitle $@"
|
||||
else
|
||||
printf "\033]0;%s\007" "$@"
|
||||
fi
|
||||
}
|
13
salt/roots/gnuviechadmin/celery.sls
Normal file
13
salt/roots/gnuviechadmin/celery.sls
Normal file
|
@ -0,0 +1,13 @@
|
|||
{% from 'gnuviechadmin/vars.sls' import home, gva_component, venv, appdir %}
|
||||
|
||||
{{ home }}/bin/run_celery.sh:
|
||||
file.managed:
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- mode: 0750
|
||||
- source: salt://gnuviechadmin/{{ gva_component }}/run_celery.sh
|
||||
- template: jinja
|
||||
- context:
|
||||
home: {{ home }}
|
||||
virtualenv: {{ venv }}
|
||||
appdir: {{ appdir }}
|
|
@ -3,9 +3,9 @@ include:
|
|||
|
||||
gnuviechadmin-database:
|
||||
postgres_user.present:
|
||||
- name: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}
|
||||
- name: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
|
||||
- user: postgres
|
||||
- password: {{ salt['pillar.get']('gnuviechadmin-database:owner:password') }}
|
||||
- password: {{ salt['pillar.get']('gnuviechadmin:database:owner:password') }}
|
||||
- login: True
|
||||
- createdb: {% if salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') == 'local' %}True
|
||||
{%- else %}False
|
||||
|
@ -13,20 +13,20 @@ gnuviechadmin-database:
|
|||
- require:
|
||||
- service: postgresql
|
||||
postgres_database.present:
|
||||
- name: {{ salt['pillar.get']('gnuviechadmin-database:database') }}
|
||||
- name: {{ salt['pillar.get']('gnuviechadmin:database:name') }}
|
||||
- user: postgres
|
||||
- owner: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}
|
||||
- owner: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
|
||||
- encoding: UTF8
|
||||
- template: template0
|
||||
- require:
|
||||
- service: postgresql
|
||||
- postgres_user: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}
|
||||
- postgres_user: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
|
||||
|
||||
{% for gnuviechadmin_db_role in salt['pillar.get']('gnuviechadmin-database:users') %}
|
||||
{% for gnuviechadmin_db_role in salt['pillar.get']('gnuviechadmin:database:users') %}
|
||||
gnuviechadmin-dbuser-{{ gnuviechadmin_db_role }}:
|
||||
postgres_user.present:
|
||||
- name: {{ salt['pillar.get']('gnuviechadmin-database:users:' + gnuviechadmin_db_role + ':user') }}
|
||||
- password: {{ salt['pillar.get']('gnuviechadmin-database:users:' + gnuviechadmin_db_role + ':password') }}
|
||||
- name: {{ salt['pillar.get']('gnuviechadmin:database:users:%s:user' % gnuviechadmin_db_role) }}
|
||||
- password: {{ salt['pillar.get']('gnuviechadmin:database:users:%s:password' % gnuviechadmin_db_role) }}
|
||||
- login: True
|
||||
- require:
|
||||
- service: postgresql
|
||||
|
|
|
@ -3,11 +3,11 @@
|
|||
export DJANGO_SETTINGS_MODULE="gnuviechadmin.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}"
|
||||
export GVA_ADMIN_NAME="Jan Dittberner"
|
||||
export GVA_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin:adminemail') }}"
|
||||
export GVA_PGSQL_DATABASE="{{ salt['pillar.get']('gnuviechadmin-database:database') }}"
|
||||
export GVA_PGSQL_USER="{{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}"
|
||||
export GVA_PGSQL_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-database:owner:password') }}"
|
||||
export GVA_PGSQL_HOSTNAME="{{ salt['pillar.get']('gnuviechadmin-database:hostname') }}"
|
||||
export GVA_PGSQL_PORT={{ salt['pillar.get']('gnuviechadmin-database:port') }}
|
||||
export GVA_PGSQL_DATABASE="{{ salt['pillar.get']('gnuviechadmin:database:name') }}"
|
||||
export GVA_PGSQL_USER="{{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}"
|
||||
export GVA_PGSQL_PASSWORD="{{ salt['pillar.get']('gnuviechadmin:database:owner:password') }}"
|
||||
export GVA_PGSQL_HOSTNAME="{{ salt['pillar.get']('gnuviechadmin:database:host') }}"
|
||||
export GVA_PGSQL_PORT={{ salt['pillar.get']('gnuviechadmin:database:port') }}
|
||||
export GVA_DOMAIN_NAME="{{ salt['pillar.get']('gnuviechadmin:domainname') }}"
|
||||
export GVA_SITE_NAME="{{ salt['pillar.get']('gnuviechadmin:sitename') }}"
|
||||
export GVA_SITE_SECRET="{{ salt['grains.get_or_set_hash']('gnuviechadmin:SECRET_KEY', 50) }}"
|
11
salt/roots/gnuviechadmin/gvaldap.sls
Normal file
11
salt/roots/gnuviechadmin/gvaldap.sls
Normal file
|
@ -0,0 +1,11 @@
|
|||
include:
|
||||
- gnuviechadmin.base
|
||||
- gnuviechadmin.celery
|
||||
|
||||
gvaldap-packages:
|
||||
pkg.installed:
|
||||
- pkgs:
|
||||
- libldap2-dev
|
||||
- libsasl2-dev
|
||||
- require_in:
|
||||
- pkg: gnuviechadmin-packages
|
7
salt/roots/gnuviechadmin/gvaldap/run_celery.sh
Normal file
7
salt/roots/gnuviechadmin/gvaldap/run_celery.sh
Normal file
|
@ -0,0 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -ex
|
||||
|
||||
. {{ home }}/gvasettings.sh
|
||||
cd {{ appdir }}
|
||||
{{ virtualenv }}/bin/celery worker -A gvaldap -Q ldap --loglevel=INFO
|
14
salt/roots/gnuviechadmin/gvaldap/settings.sh
Normal file
14
salt/roots/gnuviechadmin/gvaldap/settings.sh
Normal file
|
@ -0,0 +1,14 @@
|
|||
#!/bin/sh
|
||||
|
||||
export DJANGO_SETTINGS_MODULE="gvaldap.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}"
|
||||
export GVALDAP_ADMIN_NAME="Jan Dittberner"
|
||||
export GVALDAP_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:admin_email') }}"
|
||||
export GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_url') }}"
|
||||
export GVALDAP_LDAP_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_user') }}"
|
||||
export GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_password' ) }}"
|
||||
export GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_group') }}"
|
||||
export GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_user') }}"
|
||||
export GVALDAP_SECRETKEY="{{ salt['grains.get_or_set_hash']('gnuviechadmin-gvaldap:SECRET_KEY', 50) }}"
|
||||
export GVALDAP_BROKER_URL="{{ broker_url }}"
|
||||
export GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin-gvaldap:allowed_hosts') }}"
|
||||
export GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:server_email') }}"
|
|
@ -1,37 +1,30 @@
|
|||
include:
|
||||
- rabbitmq-server
|
||||
|
||||
gnuviechadmin-queues:
|
||||
rabbitmq_user.present:
|
||||
- name: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}
|
||||
- password: {{ salt['pillar.get']('gnuviechadmin-queues:owner:password') }}
|
||||
- tags:
|
||||
- administrator
|
||||
- perms:
|
||||
- {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}:
|
||||
- '.*'
|
||||
- '.*'
|
||||
- '.*'
|
||||
gnuviechadmin-queue-vhost:
|
||||
rabbitmq_vhost.present:
|
||||
- name: {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
|
||||
- owner: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}
|
||||
- require:
|
||||
- rabbitmq_user: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}
|
||||
- name: {{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
|
||||
|
||||
{% for user in salt['pillar.get']('gnuviechadmin-queues:users') %}
|
||||
{% for user in salt['pillar.get']('gnuviechadmin:queues:users') %}
|
||||
gnuviechadmin-queue-user-{{ user }}:
|
||||
rabbitmq_user.present:
|
||||
- name: {{ user }}
|
||||
- password: {{ salt['pillar.get']('gnuviechadmin-queues:users:%s:password' % user) }}
|
||||
{% if salt['pillar.get']('gnuviechadmin-queues:users:%s:perms' % user) %}
|
||||
- password: {{ salt['pillar.get']('gnuviechadmin:queues:users:%s:password' % user) }}
|
||||
{% if salt['pillar.get']('gnuviechadmin:queues:users:%s:perms' % user) %}
|
||||
- perms:
|
||||
{% for vhost, perms in salt['pillar.get']('gnuviechadmin-queues:users:%s:perms' % user).iteritems() %}
|
||||
{% for vhost, perms in salt['pillar.get']('gnuviechadmin:queues:users:%s:perms' % user).iteritems() %}
|
||||
- {{ vhost }}:
|
||||
- {{ perms[0] }}
|
||||
- {{ perms[1] }}
|
||||
- {{ perms[2] }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
- require:
|
||||
- rabbitmq_vhost: {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
|
||||
{% if salt['pillar.get']('gnuviechadmin:queues:users:%s:tags' % user) %}
|
||||
- tags:
|
||||
{% for tag in salt['pillar.get']('gnuviechadmin:queues:users:%s:tags' % user) %}
|
||||
- {{ tag }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
- require:
|
||||
- rabbitmq_vhost: {{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
|
||||
{% endfor %}
|
||||
|
|
7
salt/roots/gnuviechadmin/vars.sls
Normal file
7
salt/roots/gnuviechadmin/vars.sls
Normal file
|
@ -0,0 +1,7 @@
|
|||
{% set home = '/home/vagrant' %}
|
||||
{% set venv = home + '/gva-venv' %}
|
||||
{% set checkout = '/vagrant' %}
|
||||
{% set gva_component = salt['pillar.get']('gnuviechadmin:component:name') %}
|
||||
{% set gva_amqp_user = salt['pillar.get']('gnuviechadmin:component:amqp_user') %}
|
||||
{% set python_module = salt['pillar.get']('gnuviechadmin:component:python_module', gva_component) %}
|
||||
{% set appdir = checkout + '/' + python_module %}
|
|
@ -1,92 +1,27 @@
|
|||
include:
|
||||
- gnuviechadmin.base
|
||||
- webserver
|
||||
|
||||
mq:
|
||||
host.present:
|
||||
- ip: 127.0.0.1
|
||||
|
||||
gnuviechadmin-packages:
|
||||
libpq-dev:
|
||||
pkg.installed:
|
||||
- names:
|
||||
- libpq-dev
|
||||
- libyaml-dev
|
||||
- python-virtualenv
|
||||
- python-dev
|
||||
- python-pip
|
||||
- gettext
|
||||
- require_in:
|
||||
- pkg: gnuviechadmin-packages
|
||||
|
||||
python-m2crypto:
|
||||
pkg.installed:
|
||||
- reload_modules: true
|
||||
|
||||
{% import "webserver/sslcert.macros.sls" as sslcert %}
|
||||
|
||||
{% set venv = salt['pillar.get']('gnuviechadmin:virtualenv') %}
|
||||
{% set checkout = '/vagrant' %}
|
||||
{% set home = '/home/vagrant' %}
|
||||
{% set appdir = checkout + '/gnuviechadmin' %}
|
||||
{% set domainname = salt['pillar.get']('gnuviechadmin:domainname') %}
|
||||
{{ sslcert.key_cert(domainname) }}
|
||||
|
||||
{{ venv }}:
|
||||
file.directory:
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- require:
|
||||
- cmd: gnuviechadmin-venv
|
||||
|
||||
{{ home }}/gvasettings.sh:
|
||||
file.managed:
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- mode: 0640
|
||||
- source: salt://gnuviechadmin/gvasettings.sh
|
||||
- template: jinja
|
||||
- context:
|
||||
broker_url: amqp://{{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}:{{ salt['pillar.get']('gnuviechadmin-queues:owner:password') }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
|
||||
|
||||
gnuviechadmin-venv:
|
||||
cmd.run:
|
||||
- name: virtualenv {{ venv }}
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- unless: test -f {{ venv }}/bin/pip
|
||||
|
||||
gnuviechadmin-requires:
|
||||
cmd.run:
|
||||
- name: {{ venv }}/bin/pip install -U -r requirements/local.txt && touch {{ venv }}/lastinstall
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- cwd: {{ checkout }}
|
||||
- require:
|
||||
- file: {{ venv }}
|
||||
- pkg: python-dev
|
||||
- pkg: libpq-dev
|
||||
- unless: test -e {{ venv }}/lastinstall && test {{ checkout }}/requirements/local.txt -ot {{ venv }}/lastinstall && test {{ checkout }}/requirements/base.txt -ot {{ venv }}/lastinstall
|
||||
|
||||
gnuviechadmin-dbschema:
|
||||
cmd.wait:
|
||||
- name: . {{ home }}/gvasettings.sh ; unset LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME ; {{ venv }}/bin/python manage.py migrate --noinput
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- cwd: {{ appdir }}
|
||||
- watch:
|
||||
- cmd: gnuviechadmin-requires
|
||||
- file: {{ home }}/gvasettings.sh
|
||||
|
||||
gnuviechadmin-locale-data-compile:
|
||||
cmd.wait:
|
||||
- name: . {{ home }}/gvasettings.sh ; find {{ appdir }} -type d -name 'locale' | while read dir; do cd $(dirname "$dir") ; {{ venv }}/bin/python {{ appdir }}/manage.py compilemessages ; done
|
||||
- user: vagrant
|
||||
- group: vagrant
|
||||
- cwd: {{ appdir }}
|
||||
- require:
|
||||
- pkg: gettext
|
||||
- file: {{ home }}/gvasettings.sh
|
||||
- file: {{ venv }}
|
||||
|
||||
/etc/nginx/sites-available/{{ domainname }}:
|
||||
file.managed:
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 0640
|
||||
- source: salt://gnuviechadmin/gnuviechadmin.nginx
|
||||
- source: salt://gnuviechadmin/gva/gnuviechadmin.nginx
|
||||
- template: jinja
|
||||
- context:
|
||||
domainname: {{ domainname }}
|
||||
|
|
|
@ -11,7 +11,7 @@ nginx-common:
|
|||
|
||||
/etc/nginx/nginx.conf:
|
||||
file.managed:
|
||||
- source: salt://base/nginx.conf
|
||||
- source: salt://nginx/nginx.conf
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 0644
|
|
@ -1,5 +1,5 @@
|
|||
include:
|
||||
- base.nginx
|
||||
- nginx
|
||||
|
||||
/etc/nginx/conf.d/logformat.conf:
|
||||
file.managed:
|
||||
|
|
|
@ -23,6 +23,7 @@
|
|||
- require:
|
||||
- file: {{ nginx_ssl_certdir }}
|
||||
- cmd: {{ certfile }}
|
||||
- pkg: python-m2crypto
|
||||
- require_in:
|
||||
- file: /etc/nginx/sites-available/{{ domain_name }}
|
||||
- service: nginx
|
||||
|
|
Loading…
Reference in a new issue