Improve salt setup

This commit improves the salt setup of the Vagrant box:
- Salt output is reduced to log level warning
- Hosts entries are created for the internal IPs of all planned gva
  component VMs
- .bashrc and a .bash_functions sourced from it are now managed for the
  vagrant user
- the VM name has been changed to gva.local
- recent salt versions do not depend on m2crypto anymore, therefore it
  is now installed before x509certificate functions are called
- the rabbitmq_vhost for gva is now setup before any users are created
  because the previous implementation was broken with recent salt
  versions
- the gnuviechadmin-locale-data-compile step has been simplified because
  Django 1.9's compilemessages takes care of recursive .mo file
  compilation
- pillar data has been separated by role (especially queue permissions
  and credentials)
- salt configuration is now unified with gvaldap

Vagrantfile

@@ -14,7 +14,7 @@ Vagrant.configure(2) do |config|
   # boxes at https://atlas.hashicorp.com/search.
   config.vm.box = "debian/jessie64"
 
-  config.vm.hostname = "gva-dev"
+  config.vm.hostname = "gva.local"
 
   # Disable automatic box update checking. If you disable this, then
   # boxes will only be checked for updates when the user runs
@@ -60,10 +60,11 @@ Vagrant.configure(2) do |config|
 
   config.vm.provision :salt do |salt|
       salt.bootstrap_script = "salt/bootstrap.sh"
-      salt.minion_id = "gvadev"
+      salt.minion_id = "gva.local"
       salt.masterless = true
       salt.run_highstate = true
       salt.verbose = true
       salt.colorize = true
+      salt.log_level = "warning"
   end
 end

salt/bootstrap.sh

@@ -27,6 +27,7 @@ EOF
 
 cat >/etc/salt/grains <<EOF
 roles:
+  - rabbitmq-server
   - gnuviechadmin.database
   - gnuviechadmin.queues
   - gnuviechadmin.webinterface

salt/pillar/gnuviechadmin/database.sls

@@ -1,7 +1,8 @@
 include:
   - gnuviechadmin.database.common
 
-gnuviechadmin-database:
-  owner:
-    user: gnuviechadmin
-    password: k4TG0oWeJ08urz697GVfavjK
+gnuviechadmin:
+  database:
+    owner:
+      user: gnuviechadmin
+      password: k4TG0oWeJ08urz697GVfavjK

salt/pillar/gnuviechadmin/database/common.sls

@@ -1,4 +1,5 @@
-gnuviechadmin-database:
-  database: gnuviechadmin
-  hostname: localhost
-  port: 5432
+gnuviechadmin:
+  database:
+    name: gnuviechadmin
+    host: localhost
+    port: 5432

salt/pillar/gnuviechadmin/gvaldap.sls

@@ -0,0 +1,8 @@
+include:
+  - gnuviechadmin.queues.common
+  - gnuviechadmin.queues.gvaldap
+
+gnuviechadmin:
+  component:
+    name: gvaldap
+    amqp_user: ldap

salt/pillar/gnuviechadmin/init.sls

@@ -1,21 +1,16 @@
-include:
-  - gnuviechadmin.database
-  - gnuviechadmin.queues
-
 gnuviechadmin:
   deploymenttype: local
   mailfrom: admin@gnuviech-server.de
   adminemail: admin@gnuviech-server.de
   sitename: Gnuviech Customer Self Service
   domainname: localhost
-  virtualenv: /home/vagrant/gva-venv
   devinstance: True
   minosuid: 10000
   minosgid: 10000
   osuserprefix: usr
   osuserhomedirbase: /home
   osuserdefaultshell: /usr/bin/rssh
-  uploadserver: upload.example.com
+  uploadserver: gvafile.local
   webmail_url: https://webmail.example.com/
   phpmyadmin_url: https://phpmyadmin.example.com/
   phppgadmin_url: https://phppgadmin.example.com/

salt/pillar/gnuviechadmin/queues.sls

@@ -1,62 +1,77 @@
-gnuviechadmin-queues:
-  vhost: /gnuviechadmin
-  owner:
-    user: gnuviechadmin
-    password: WxyKeo7Xunhwv29C
-  users:
-    cli:
-      password: bUQ4QEB8yQEfsB0i
-      perms:
-          '/gnuviechadmin':
-            - '.*'
-            - '.*'
-            - '.*'
-      tags:
-    quotajob:
-      password: TaNoj2H3ZNDIz1rt
-      perms:
-          '/gnuviechadmin':
-            - '^quotatool$'
-            - '^quotatool$'
-            - '^quotatool|amq.default$'
-      tags:
-    ldap:
-      password: tl0ALc4aQBAl0W2e
-      perms:
-          '/gnuviechadmin':
-            - '.*'
-            - '.*'
-            - '.*'
-      tags:
-    file:
-      password: StR6EgMjLyNGP1F8
-      perms:
-          '/gnuviechadmin':
-            - '.*'
-            - '.*'
-            - '.*'
-      tags:
-    mysql:
-      password: Bhruvz8Oe9rXxRc7
-      perms:
-          '/gnuviechadmin':
-            - '.*'
-            - '.*'
-            - '.*'
-      tags:
-    pgsql:
-      password: rWOawAtb7MEmGZo3
-      perms:
-          '/gnuviechadmin':
-            - '.*'
-            - '.*'
-            - '.*'
-      tags:
-    web:
-      password: 1fBXqCu175rU7SWA
-      perms:
-          '/gnuviechadmin':
-            - '.*'
-            - '.*'
-            - '.*'
-      tags:
+include:
+  - gnuviechadmin.queues.common
+  - gnuviechadmin.queues.gvaldap
+  - gnuviechadmin.queues.gvafile
+  - gnuviechadmin.queues.cli
+  - gnuviechadmin.queues.gva
+  - gnuviechadmin.queues.gvamysql
+  - gnuviechadmin.queues.gvapgsql
+  - gnuviechadmin.queues.gvaweb
+
+gnuviechadmin:
+  queues:
+    users:
+      ldap:
+        perms:
+            '/gnuviechadmin':
+              - '.*'
+              - '.*'
+              - '.*'
+        tags:
+      file:
+        perms:
+            '/gnuviechadmin':
+              - '.*'
+              - '.*'
+              - '.*'
+      gva:
+        perms:
+            '/gnuviechadmin':
+              - '.*'
+              - '.*'
+              - '.*'
+        tags:
+      mysql:
+        perms:
+            '/gnuviechadmin':
+              - '.*'
+              - '.*'
+              - '.*'
+        tags:
+      pgsql:
+        perms:
+            '/gnuviechadmin':
+              - '.*'
+              - '.*'
+              - '.*'
+        tags:
+      web:
+        perms:
+            '/gnuviechadmin':
+              - '.*'
+              - '.*'
+              - '.*'
+        tags:
+      cli:
+        perms:
+            '/gnuviechadmin':
+              - '.*'
+              - '.*'
+              - '.*'
+        tags:
+      quotajob:
+        perms:
+            '/gnuviechadmin':
+              - '^quotatool$'
+              - '^quotatool$'
+              - '^quotatool|amq.default$'
+        tags:
+      admin:
+        password: MmE3Iwylj8Sgy46Z
+        perms:
+            '/gnuviechadmin':
+              - '.*'
+              - '.*'
+              - '.*'
+        tags:
+          - administrator

salt/pillar/gnuviechadmin/queues/cli.sls

@@ -0,0 +1,7 @@
+gnuviechadmin:
+  queues:
+    users:
+      cli:
+        password: bUQ4QEB8yQEfsB0i
+      quotajob:
+        password: TaNoj2H3ZNDIz1rt

salt/pillar/gnuviechadmin/queues/common.sls

@@ -0,0 +1,3 @@
+gnuviechadmin:
+  queues:
+    vhost: /gnuviechadmin

salt/pillar/gnuviechadmin/queues/gva.sls

@@ -0,0 +1,5 @@
+gnuviechadmin:
+  queues:
+    users:
+      gva:
+        password: Y5KmkIou7o8J9jV5

salt/pillar/gnuviechadmin/queues/gvafile.sls

@@ -0,0 +1,5 @@
+gnuviechadmin:
+  queues:
+    users:
+      file:
+        password: StR6EgMjLyNGP1F8

salt/pillar/gnuviechadmin/queues/gvaldap.sls

@@ -0,0 +1,5 @@
+gnuviechadmin:
+  queues:
+    users:
+      ldap:
+        password: tl0ALc4aQBAl0W2e

salt/pillar/gnuviechadmin/queues/gvamysql.sls

@@ -0,0 +1,5 @@
+gnuviechadmin:
+  queues:
+    users:
+      mysql:
+        password: Bhruvz8Oe9rXxRc7

salt/pillar/gnuviechadmin/queues/gvapgsql.sls

@@ -0,0 +1,5 @@
+gnuviechadmin:
+  queues:
+    users:
+      pgsql:
+        password: rWOawAtb7MEmGZo3

salt/pillar/gnuviechadmin/queues/gvaweb.sls

@@ -0,0 +1,5 @@
+gnuviechadmin:
+  queues:
+    users:
+      web:
+        password: 1fBXqCu175rU7SWA

salt/pillar/gnuviechadmin/webinterface.sls

@@ -0,0 +1,9 @@
+include:
+  - gnuviechadmin.queues.common
+  - gnuviechadmin.queues.gva
+
+gnuviechadmin:
+  component:
+    name: gva
+    amqp_user: gva
+    python_module: gnuviechadmin

salt/pillar/top.sls

@@ -1,3 +1,8 @@
 base:
   '*':
     - gnuviechadmin
+{% for role in ('database', 'queues', 'webinterface', 'gvaldap', 'gvafile', 'gvamysql', 'gvapgsql', 'gvaweb') %}
+  'roles:gnuviechadmin.{{ role }}':
+    - match: grain
+    - gnuviechadmin.{{ role }}
+{% endfor %}

salt/roots/base/bash_functions

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+function devenv
+{
+    . $HOME/gvasettings.sh
+    . {{ venv }}/bin/activate
+    cd {{ appdir }}
+}
+
+function testenv
+{
+    devenv
+    export DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE%%.local}.test
+}
+
+function settitle
+{
+    if [ -n "$STY" ] ; then      # We are in a screen session
+        echo "Setting screen titles to $@"
+        printf "\033k%s\033\\" "$@"
+        screen -X eval "at \\# title $@" "shelltitle $@"
+    else
+        printf "\033]0;%s\007" "$@"
+    fi
+}

salt/roots/base/bashrc

@@ -0,0 +1,117 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# If not running interactively, don't do anything
+case $- in
+    *i*) ;;
+      *) return;;
+esac
+
+# don't put duplicate lines or lines starting with space in the history.
+# See bash(1) for more options
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# If set, the pattern "**" used in a pathname expansion context will
+# match all files and zero or more directories and subdirectories.
+#shopt -s globstar
+
+# make less more friendly for non-text input files, see lesspipe(1)
+#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+    debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+    xterm-color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+	# We have color support; assume it's compliant with Ecma-48
+	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+	# a case would tend to support setf rather than setaf.)
+	color_prompt=yes
+    else
+	color_prompt=
+    fi
+fi
+
+if [ "$color_prompt" = yes ]; then
+    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
+else
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+fi
+unset color_prompt force_color_prompt
+
+# If this is an xterm set the title to user@host:dir
+case "$TERM" in
+xterm*|rxvt*)
+    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
+    ;;
+*)
+    ;;
+esac
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+    alias ls='ls --color=auto'
+    #alias dir='dir --color=auto'
+    #alias vdir='vdir --color=auto'
+
+    #alias grep='grep --color=auto'
+    #alias fgrep='fgrep --color=auto'
+    #alias egrep='egrep --color=auto'
+fi
+
+# colored GCC warnings and errors
+#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
+
+# some more ls aliases
+#alias ll='ls -l'
+#alias la='ls -A'
+#alias l='ls -CF'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+    . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if ! shopt -oq posix; then
+  if [ -f /usr/share/bash-completion/bash_completion ]; then
+    . /usr/share/bash-completion/bash_completion
+  elif [ -f /etc/bash_completion ]; then
+    . /etc/bash_completion
+  fi
+fi
+
+if [ -f ~/.bash_functions ]; then
+    . ~/.bash_functions
+fi

salt/roots/base/init.sls

@@ -15,3 +15,16 @@ base-packages:
 update-system:
   pkg.uptodate:
     - refresh: True
+
+/home/vagrant/bin:
+  file.directory:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0750
+
+/home/vagrant/.bashrc:
+  file.managed:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0644
+    - source: salt://base/bashrc

salt/roots/gnuviechadmin/base.sls

@@ -0,0 +1,98 @@
+{% from 'gnuviechadmin/vars.sls' import home, gva_component, gva_amqp_user, checkout, appdir, venv %}
+
+gva.local:
+  host.present:
+    - ip: 172.16.3.2
+    - names:
+      - mq
+      - gva.local
+
+gvaldap.local:
+  host.present:
+    - ip: 172.16.3.3
+
+gvafile.local:
+  host.present:
+    - ip: 172.16.3.4
+
+gvaweb.local:
+  host.present:
+    - ip: 172.16.3.5
+
+gvamysql.local:
+  host.present:
+    - ip: 172.16.3.6
+
+gvapgsql.local:
+  host.present:
+    - ip: 172.16.3.7
+
+gnuviechadmin-packages:
+  pkg.installed:
+    - pkgs:
+      - libyaml-dev
+      - python-virtualenv
+      - python-dev
+      - python-pip
+      - gettext
+
+{{ home }}/gvasettings.sh:
+  file.managed:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0640
+    - source: salt://gnuviechadmin/{{ gva_component }}/settings.sh
+    - template: jinja
+    - context:
+        broker_url: {{ 'amqp://%s:%s@mq/%s' % (gva_amqp_user, salt['pillar.get']('gnuviechadmin:queues:users:%s:password' % gva_amqp_user), salt['pillar.get']('gnuviechadmin:queues:vhost')) }}
+
+gnuviechadmin-venv:
+  cmd.run:
+    - name: virtualenv {{ venv }}
+    - user: vagrant
+    - group: vagrant
+    - unless: test -f {{ venv }}/bin/pip
+
+gnuviechadmin-requires:
+  cmd.run:
+    - name: {{ venv }}/bin/pip install -U -r requirements/local.txt && touch {{ venv }}/lastinstall
+    - user: vagrant
+    - group: vagrant
+    - cwd: {{ checkout }}
+    - require:
+      - cmd: gnuviechadmin-venv
+      - pkg: gnuviechadmin-packages
+    - unless: test -e {{ venv }}/lastinstall && test {{ checkout }}/requirements/local.txt -ot {{ venv }}/lastinstall && test {{ checkout }}/requirements/base.txt -ot {{ venv }}/lastinstall
+
+gnuviechadmin-dbschema:
+  cmd.wait:
+    - name: . {{ home }}/gvasettings.sh ; unset LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME ; {{ venv }}/bin/python manage.py migrate --noinput
+    - user: vagrant
+    - group: vagrant
+    - cwd: {{ appdir }}
+    - watch:
+      - cmd: gnuviechadmin-requires
+      - file: {{ home }}/gvasettings.sh
+
+gnuviechadmin-locale-data-compile:
+  cmd.wait:
+    - name: . {{ home }}/gvasettings.sh ; {{ venv }}/bin/python {{ appdir }}/manage.py compilemessages
+    - user: vagrant
+    - group: vagrant
+    - cwd: {{ appdir }}
+    - require:
+      - pkg: gnuviechadmin-packages
+      - file: {{ home }}/gvasettings.sh
+      - cmd: gnuviechadmin-venv
+
+/home/vagrant/.bash_functions:
+  file.managed:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0644
+    - source: salt://base/bash_functions
+    - template: jinja
+    - context:
+        home: {{ home }}
+        venv: {{ venv }}
+        appdir: {{ appdir }}

salt/roots/gnuviechadmin/bash_functions

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+function devenv
+{
+    . $HOME/gvasettings.sh
+    . $HOME/gva-venv/bin/activate
+    cd /vagrant/gnuviechadmin
+}
+
+function testenv
+{
+    devenv
+    export DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE%%.local}.test
+}
+
+function settitle
+{
+    if [ -n "$STY" ] ; then      # We are in a screen session
+        echo "Setting screen titles to $@"
+        printf "\033k%s\033\\" "$@"
+        screen -X eval "at \\# title $@" "shelltitle $@"
+    else
+        printf "\033]0;%s\007" "$@"
+    fi
+}

salt/roots/gnuviechadmin/celery.sls

@@ -0,0 +1,13 @@
+{% from 'gnuviechadmin/vars.sls' import home, gva_component, venv, appdir %}
+
+{{ home }}/bin/run_celery.sh:
+  file.managed:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0750
+    - source: salt://gnuviechadmin/{{ gva_component }}/run_celery.sh
+    - template: jinja
+    - context:
+        home: {{ home }}
+        virtualenv: {{ venv }}
+        appdir: {{ appdir }}

salt/roots/gnuviechadmin/database.sls

@@ -3,9 +3,9 @@ include:
 
 gnuviechadmin-database:
   postgres_user.present:
-    - name: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}
+    - name: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
     - user: postgres
-    - password: {{ salt['pillar.get']('gnuviechadmin-database:owner:password') }}
+    - password: {{ salt['pillar.get']('gnuviechadmin:database:owner:password') }}
     - login: True
     - createdb: {% if salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') == 'local' %}True
 {%- else %}False
@@ -13,20 +13,20 @@ gnuviechadmin-database:
     - require:
       - service: postgresql
   postgres_database.present:
-    - name: {{ salt['pillar.get']('gnuviechadmin-database:database') }}
+    - name: {{ salt['pillar.get']('gnuviechadmin:database:name') }}
     - user: postgres
-    - owner: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}
+    - owner: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
     - encoding: UTF8
     - template: template0
     - require:
       - service: postgresql
-      - postgres_user: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}
+      - postgres_user: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
 
-{% for gnuviechadmin_db_role in salt['pillar.get']('gnuviechadmin-database:users') %}
+{% for gnuviechadmin_db_role in salt['pillar.get']('gnuviechadmin:database:users') %}
 gnuviechadmin-dbuser-{{ gnuviechadmin_db_role }}:
   postgres_user.present:
-    - name: {{ salt['pillar.get']('gnuviechadmin-database:users:' + gnuviechadmin_db_role + ':user') }}
-    - password: {{ salt['pillar.get']('gnuviechadmin-database:users:' + gnuviechadmin_db_role + ':password') }}
+    - name: {{ salt['pillar.get']('gnuviechadmin:database:users:%s:user' % gnuviechadmin_db_role) }}
+    - password: {{ salt['pillar.get']('gnuviechadmin:database:users:%s:password' % gnuviechadmin_db_role) }}
     - login: True
     - require:
       - service: postgresql

salt/roots/gnuviechadmin/gva/settings.sh

@@ -3,11 +3,11 @@
 export DJANGO_SETTINGS_MODULE="gnuviechadmin.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}"
 export GVA_ADMIN_NAME="Jan Dittberner"
 export GVA_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin:adminemail') }}"
-export GVA_PGSQL_DATABASE="{{ salt['pillar.get']('gnuviechadmin-database:database') }}"
-export GVA_PGSQL_USER="{{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}"
-export GVA_PGSQL_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-database:owner:password') }}"
-export GVA_PGSQL_HOSTNAME="{{ salt['pillar.get']('gnuviechadmin-database:hostname') }}"
-export GVA_PGSQL_PORT={{ salt['pillar.get']('gnuviechadmin-database:port') }}
+export GVA_PGSQL_DATABASE="{{ salt['pillar.get']('gnuviechadmin:database:name') }}"
+export GVA_PGSQL_USER="{{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}"
+export GVA_PGSQL_PASSWORD="{{ salt['pillar.get']('gnuviechadmin:database:owner:password') }}"
+export GVA_PGSQL_HOSTNAME="{{ salt['pillar.get']('gnuviechadmin:database:host') }}"
+export GVA_PGSQL_PORT={{ salt['pillar.get']('gnuviechadmin:database:port') }}
 export GVA_DOMAIN_NAME="{{ salt['pillar.get']('gnuviechadmin:domainname') }}"
 export GVA_SITE_NAME="{{ salt['pillar.get']('gnuviechadmin:sitename') }}"
 export GVA_SITE_SECRET="{{ salt['grains.get_or_set_hash']('gnuviechadmin:SECRET_KEY', 50) }}"

salt/roots/gnuviechadmin/gvaldap.sls

@@ -0,0 +1,11 @@
+include:
+  - gnuviechadmin.base
+  - gnuviechadmin.celery
+
+gvaldap-packages:
+  pkg.installed:
+    - pkgs:
+      - libldap2-dev
+      - libsasl2-dev
+    - require_in:
+      - pkg: gnuviechadmin-packages

salt/roots/gnuviechadmin/gvaldap/run_celery.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -ex
+
+. {{ home }}/gvasettings.sh
+cd {{ appdir }}
+{{ virtualenv }}/bin/celery worker -A gvaldap -Q ldap --loglevel=INFO

salt/roots/gnuviechadmin/gvaldap/settings.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+export DJANGO_SETTINGS_MODULE="gvaldap.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}"
+export GVALDAP_ADMIN_NAME="Jan Dittberner"
+export GVALDAP_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:admin_email') }}"
+export GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_url') }}"
+export GVALDAP_LDAP_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_user') }}"
+export GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_password' ) }}"
+export GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_group') }}"
+export GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_user') }}"
+export GVALDAP_SECRETKEY="{{ salt['grains.get_or_set_hash']('gnuviechadmin-gvaldap:SECRET_KEY', 50) }}"
+export GVALDAP_BROKER_URL="{{ broker_url }}"
+export GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin-gvaldap:allowed_hosts') }}"
+export GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:server_email') }}"

salt/roots/gnuviechadmin/queues.sls

@@ -1,37 +1,30 @@
 include:
   - rabbitmq-server
 
-gnuviechadmin-queues:
-  rabbitmq_user.present:
-    - name: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}
-    - password: {{ salt['pillar.get']('gnuviechadmin-queues:owner:password') }}
-    - tags:
-      - administrator
-    - perms:
-      - {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}:
-        - '.*'
-        - '.*'
-        - '.*'
+gnuviechadmin-queue-vhost:
   rabbitmq_vhost.present:
-    - name: {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
-    - owner: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}
-    - require:
-      - rabbitmq_user: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}
+    - name: {{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
 
-{% for user in salt['pillar.get']('gnuviechadmin-queues:users') %}
+{% for user in salt['pillar.get']('gnuviechadmin:queues:users') %}
 gnuviechadmin-queue-user-{{ user }}:
   rabbitmq_user.present:
     - name: {{ user }}
-    - password: {{ salt['pillar.get']('gnuviechadmin-queues:users:%s:password' % user) }}
-{% if salt['pillar.get']('gnuviechadmin-queues:users:%s:perms' % user) %}
+    - password: {{ salt['pillar.get']('gnuviechadmin:queues:users:%s:password' % user) }}
+{% if salt['pillar.get']('gnuviechadmin:queues:users:%s:perms' % user) %}
     - perms:
-{% for vhost, perms in salt['pillar.get']('gnuviechadmin-queues:users:%s:perms' % user).iteritems() %}
+{% for vhost, perms in salt['pillar.get']('gnuviechadmin:queues:users:%s:perms' % user).iteritems() %}
       - {{ vhost }}:
         - {{ perms[0] }}
         - {{ perms[1] }}
         - {{ perms[2] }}
 {% endfor %}
 {% endif %}
-    - require:
-      - rabbitmq_vhost: {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
+{% if salt['pillar.get']('gnuviechadmin:queues:users:%s:tags' % user) %}
+    - tags:
+{% for tag in salt['pillar.get']('gnuviechadmin:queues:users:%s:tags' % user) %}
+      - {{ tag }}
+{% endfor %}
+{% endif %}
+    - require:
+      - rabbitmq_vhost: {{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
 {% endfor %}

salt/roots/gnuviechadmin/vars.sls

@@ -0,0 +1,7 @@
+{% set home = '/home/vagrant' %}
+{% set venv = home + '/gva-venv' %}
+{% set checkout = '/vagrant' %}
+{% set gva_component = salt['pillar.get']('gnuviechadmin:component:name') %}
+{% set gva_amqp_user = salt['pillar.get']('gnuviechadmin:component:amqp_user') %}
+{% set python_module = salt['pillar.get']('gnuviechadmin:component:python_module', gva_component) %}
+{% set appdir = checkout + '/' + python_module %}

salt/roots/gnuviechadmin/webinterface.sls

@@ -1,92 +1,27 @@
 include:
+  - gnuviechadmin.base
   - webserver
 
-mq:
-  host.present:
-    - ip: 127.0.0.1
-
-gnuviechadmin-packages:
+libpq-dev:
   pkg.installed:
-    - names:
-      - libpq-dev
-      - libyaml-dev
-      - python-virtualenv
-      - python-dev
-      - python-pip
-      - gettext
+    - require_in:
+      - pkg: gnuviechadmin-packages
+
+python-m2crypto:
+  pkg.installed:
+    - reload_modules: true
 
 {% import "webserver/sslcert.macros.sls" as sslcert %}
 
-{% set venv = salt['pillar.get']('gnuviechadmin:virtualenv') %}
-{% set checkout = '/vagrant' %}
-{% set home = '/home/vagrant' %}
-{% set appdir = checkout + '/gnuviechadmin' %}
 {% set domainname = salt['pillar.get']('gnuviechadmin:domainname') %}
 {{ sslcert.key_cert(domainname) }}
 
-{{ venv }}:
-  file.directory:
-    - user: vagrant
-    - group: vagrant
-    - require:
-      - cmd: gnuviechadmin-venv
-
-{{ home }}/gvasettings.sh:
-  file.managed:
-    - user: vagrant
-    - group: vagrant
-    - mode: 0640
-    - source: salt://gnuviechadmin/gvasettings.sh
-    - template: jinja
-    - context:
-        broker_url: amqp://{{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}:{{ salt['pillar.get']('gnuviechadmin-queues:owner:password') }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
-
-gnuviechadmin-venv:
-  cmd.run:
-    - name: virtualenv {{ venv }}
-    - user: vagrant
-    - group: vagrant
-    - unless: test -f {{ venv }}/bin/pip
-
-gnuviechadmin-requires:
-  cmd.run:
-    - name: {{ venv }}/bin/pip install -U -r requirements/local.txt && touch {{ venv }}/lastinstall
-    - user: vagrant
-    - group: vagrant
-    - cwd: {{ checkout }}
-    - require:
-      - file: {{ venv }}
-      - pkg: python-dev
-      - pkg: libpq-dev
-    - unless: test -e {{ venv }}/lastinstall && test {{ checkout }}/requirements/local.txt -ot {{ venv }}/lastinstall && test {{ checkout }}/requirements/base.txt -ot {{ venv }}/lastinstall
-
-gnuviechadmin-dbschema:
-  cmd.wait:
-    - name: . {{ home }}/gvasettings.sh ; unset LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME ; {{ venv }}/bin/python manage.py migrate --noinput
-    - user: vagrant
-    - group: vagrant
-    - cwd: {{ appdir }}
-    - watch:
-      - cmd: gnuviechadmin-requires
-      - file: {{ home }}/gvasettings.sh
-
-gnuviechadmin-locale-data-compile:
-  cmd.wait:
-    - name: . {{ home }}/gvasettings.sh ; find {{ appdir }} -type d -name 'locale' | while read dir; do cd $(dirname "$dir") ; {{ venv }}/bin/python {{ appdir }}/manage.py compilemessages ; done
-    - user: vagrant
-    - group: vagrant
-    - cwd: {{ appdir }}
-    - require:
-      - pkg: gettext
-      - file: {{ home }}/gvasettings.sh
-      - file: {{ venv }}
-
 /etc/nginx/sites-available/{{ domainname }}:
   file.managed:
     - user: root
     - group: root
     - mode: 0640
-    - source: salt://gnuviechadmin/gnuviechadmin.nginx
+    - source: salt://gnuviechadmin/gva/gnuviechadmin.nginx
     - template: jinja
     - context:
         domainname: {{ domainname }}

salt/roots/nginx/init.sls

@@ -11,7 +11,7 @@ nginx-common:
 
 /etc/nginx/nginx.conf:
   file.managed:
-    - source: salt://base/nginx.conf
+    - source: salt://nginx/nginx.conf
     - user: root
     - group: root
     - mode: 0644

salt/roots/webserver/init.sls

@@ -1,5 +1,5 @@
 include:
-  - base.nginx
+  - nginx
 
 /etc/nginx/conf.d/logformat.conf:
   file.managed:

salt/roots/webserver/sslcert.macros.sls

@@ -23,6 +23,7 @@
     - require:
       - file: {{ nginx_ssl_certdir }}
       - cmd: {{ certfile }}
+      - pkg: python-m2crypto
     - require_in:
       - file: /etc/nginx/sites-available/{{ domain_name }}
       - service: nginx