Improve salt setup

This commit improves the salt setup of the Vagrant box: - Salt output is reduced to log level warning - Hosts entries are created for the internal IPs of all planned gva component VMs - .bashrc and a .bash_functions sourced from it are now managed for the vagrant user - the VM name has been changed to gva.local - recent salt versions do not depend on m2crypto anymore, therefore it is now installed before x509certificate functions are called - the rabbitmq_vhost for gva is now setup before any users are created because the previous implementation was broken with recent salt versions - the gnuviechadmin-locale-data-compile step has been simplified because Django 1.9's compilemessages takes care of recursive .mo file compilation - pillar data has been separated by role (especially queue permissions and credentials) - salt configuration is now unified with gvaldap
2016-01-29 18:34:40 +01:00 · 2016-01-29 18:34:40 +01:00 · 6147a90066
parent f1f0e35ea1
commit 6147a90066
36 changed files with 523 additions and 188 deletions
--- a/5
+++ b/5
@ -14,7 +14,7 @@ Vagrant.configure(2) do |config|
  # boxes at https://atlas.hashicorp.com/search.
  config.vm.box = "debian/jessie64"
-  config.vm.hostname = "gva-dev"
+  config.vm.hostname = "gva.local"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
@ -60,10 +60,11 @@ Vagrant.configure(2) do |config|
  config.vm.provision :salt do |salt|
      salt.bootstrap_script = "salt/bootstrap.sh"
-      salt.minion_id = "gvadev"
+      salt.minion_id = "gva.local"
      salt.masterless = true
      salt.run_highstate = true
      salt.verbose = true
      salt.colorize = true
      salt.log_level = "warning"
  end
 end
--- a/salt/bootstrap.sh
+++ b/salt/bootstrap.sh
@ -27,6 +27,7 @@ EOF
 cat >/etc/salt/grains <<EOF
 roles:
  - rabbitmq-server
  - gnuviechadmin.database
  - gnuviechadmin.queues
  - gnuviechadmin.webinterface
--- a/salt/pillar/gnuviechadmin/database.sls
+++ b/salt/pillar/gnuviechadmin/database.sls
@ -1,7 +1,8 @@
 include:
  - gnuviechadmin.database.common
-gnuviechadmin-database:
+gnuviechadmin:
-  owner:
+  database:
-    user: gnuviechadmin
+    owner:
-    password: k4TG0oWeJ08urz697GVfavjK
+      user: gnuviechadmin
      password: k4TG0oWeJ08urz697GVfavjK
--- a/salt/pillar/gnuviechadmin/database/common.sls
+++ b/salt/pillar/gnuviechadmin/database/common.sls
@ -1,4 +1,5 @@
-gnuviechadmin-database:
+gnuviechadmin:
-  database: gnuviechadmin
+  database:
-  hostname: localhost
+    name: gnuviechadmin
-  port: 5432
+    host: localhost
    port: 5432
--- a/salt/pillar/gnuviechadmin/gvaldap.sls
+++ b/salt/pillar/gnuviechadmin/gvaldap.sls
@ -0,0 +1,8 @@
 include:
  - gnuviechadmin.queues.common
  - gnuviechadmin.queues.gvaldap
 gnuviechadmin:
  component:
    name: gvaldap
    amqp_user: ldap
--- a/salt/pillar/gnuviechadmin/init.sls
+++ b/salt/pillar/gnuviechadmin/init.sls
@ -1,21 +1,16 @@
 include:
  - gnuviechadmin.database
  - gnuviechadmin.queues
 gnuviechadmin:
  deploymenttype: local
  mailfrom: admin@gnuviech-server.de
  adminemail: admin@gnuviech-server.de
  sitename: Gnuviech Customer Self Service
  domainname: localhost
  virtualenv: /home/vagrant/gva-venv
  devinstance: True
  minosuid: 10000
  minosgid: 10000
  osuserprefix: usr
  osuserhomedirbase: /home
  osuserdefaultshell: /usr/bin/rssh
-  uploadserver: upload.example.com
+  uploadserver: gvafile.local
  webmail_url: https://webmail.example.com/
  phpmyadmin_url: https://phpmyadmin.example.com/
  phppgadmin_url: https://phppgadmin.example.com/
--- a/salt/pillar/gnuviechadmin/queues.sls
+++ b/salt/pillar/gnuviechadmin/queues.sls
@ -1,62 +1,77 @@
-gnuviechadmin-queues:
+include:
-  vhost: /gnuviechadmin
+  - gnuviechadmin.queues.common
-  owner:
+  - gnuviechadmin.queues.gvaldap
-    user: gnuviechadmin
+  - gnuviechadmin.queues.gvafile
-    password: WxyKeo7Xunhwv29C
+  - gnuviechadmin.queues.cli
-  users:
+  - gnuviechadmin.queues.gva
-    cli:
+  - gnuviechadmin.queues.gvamysql
-      password: bUQ4QEB8yQEfsB0i
+  - gnuviechadmin.queues.gvapgsql
-      perms:
+  - gnuviechadmin.queues.gvaweb
-          '/gnuviechadmin':
+
-            - '.*'
+gnuviechadmin:
-            - '.*'
+  queues:
-            - '.*'
+    users:
-      tags:
+      ldap:
-    quotajob:
+        perms:
-      password: TaNoj2H3ZNDIz1rt
+            '/gnuviechadmin':
-      perms:
+              - '.*'
-          '/gnuviechadmin':
+              - '.*'
-            - '^quotatool$'
+              - '.*'
-            - '^quotatool$'
+        tags:
-            - '^quotatool|amq.default$'
+      file:
-      tags:
+        perms:
-    ldap:
+            '/gnuviechadmin':
-      password: tl0ALc4aQBAl0W2e
+              - '.*'
-      perms:
+              - '.*'
-          '/gnuviechadmin':
+              - '.*'
-            - '.*'
+      gva:
-            - '.*'
+        perms:
-            - '.*'
+            '/gnuviechadmin':
-      tags:
+              - '.*'
-    file:
+              - '.*'
-      password: StR6EgMjLyNGP1F8
+              - '.*'
-      perms:
+        tags:
-          '/gnuviechadmin':
+      mysql:
-            - '.*'
+        perms:
-            - '.*'
+            '/gnuviechadmin':
-            - '.*'
+              - '.*'
-      tags:
+              - '.*'
-    mysql:
+              - '.*'
-      password: Bhruvz8Oe9rXxRc7
+        tags:
-      perms:
+      pgsql:
-          '/gnuviechadmin':
+        perms:
-            - '.*'
+            '/gnuviechadmin':
-            - '.*'
+              - '.*'
-            - '.*'
+              - '.*'
-      tags:
+              - '.*'
-    pgsql:
+        tags:
-      password: rWOawAtb7MEmGZo3
+      web:
-      perms:
+        perms:
-          '/gnuviechadmin':
+            '/gnuviechadmin':
-            - '.*'
+              - '.*'
-            - '.*'
+              - '.*'
-            - '.*'
+              - '.*'
-      tags:
+        tags:
-    web:
+      cli:
-      password: 1fBXqCu175rU7SWA
+        perms:
-      perms:
+            '/gnuviechadmin':
-          '/gnuviechadmin':
+              - '.*'
-            - '.*'
+              - '.*'
-            - '.*'
+              - '.*'
-            - '.*'
+        tags:
-      tags:
+      quotajob:
        perms:
            '/gnuviechadmin':
              - '^quotatool$'
              - '^quotatool$'
              - '^quotatool|amq.default$'
        tags:
      admin:
        password: MmE3Iwylj8Sgy46Z
        perms:
            '/gnuviechadmin':
              - '.*'
              - '.*'
              - '.*'
        tags:
          - administrator
--- a/salt/pillar/gnuviechadmin/queues/cli.sls
+++ b/salt/pillar/gnuviechadmin/queues/cli.sls
@ -0,0 +1,7 @@
 gnuviechadmin:
  queues:
    users:
      cli:
        password: bUQ4QEB8yQEfsB0i
      quotajob:
        password: TaNoj2H3ZNDIz1rt
--- a/salt/pillar/gnuviechadmin/queues/common.sls
+++ b/salt/pillar/gnuviechadmin/queues/common.sls
@ -0,0 +1,3 @@
 gnuviechadmin:
  queues:
    vhost: /gnuviechadmin
--- a/salt/pillar/gnuviechadmin/queues/gva.sls
+++ b/salt/pillar/gnuviechadmin/queues/gva.sls
@ -0,0 +1,5 @@
 gnuviechadmin:
  queues:
    users:
      gva:
        password: Y5KmkIou7o8J9jV5
--- a/salt/pillar/gnuviechadmin/queues/gvafile.sls
+++ b/salt/pillar/gnuviechadmin/queues/gvafile.sls
@ -0,0 +1,5 @@
 gnuviechadmin:
  queues:
    users:
      file:
        password: StR6EgMjLyNGP1F8
--- a/salt/pillar/gnuviechadmin/queues/gvaldap.sls
+++ b/salt/pillar/gnuviechadmin/queues/gvaldap.sls
@ -0,0 +1,5 @@
 gnuviechadmin:
  queues:
    users:
      ldap:
        password: tl0ALc4aQBAl0W2e
--- a/salt/pillar/gnuviechadmin/queues/gvamysql.sls
+++ b/salt/pillar/gnuviechadmin/queues/gvamysql.sls
@ -0,0 +1,5 @@
 gnuviechadmin:
  queues:
    users:
      mysql:
        password: Bhruvz8Oe9rXxRc7
--- a/salt/pillar/gnuviechadmin/queues/gvapgsql.sls
+++ b/salt/pillar/gnuviechadmin/queues/gvapgsql.sls
@ -0,0 +1,5 @@
 gnuviechadmin:
  queues:
    users:
      pgsql:
        password: rWOawAtb7MEmGZo3
--- a/salt/pillar/gnuviechadmin/queues/gvaweb.sls
+++ b/salt/pillar/gnuviechadmin/queues/gvaweb.sls
@ -0,0 +1,5 @@
 gnuviechadmin:
  queues:
    users:
      web:
        password: 1fBXqCu175rU7SWA
--- a/salt/pillar/gnuviechadmin/webinterface.sls
+++ b/salt/pillar/gnuviechadmin/webinterface.sls
@ -0,0 +1,9 @@
 include:
  - gnuviechadmin.queues.common
  - gnuviechadmin.queues.gva
 gnuviechadmin:
  component:
    name: gva
    amqp_user: gva
    python_module: gnuviechadmin
--- a/salt/pillar/top.sls
+++ b/salt/pillar/top.sls
@ -1,3 +1,8 @@
 base:
  '*':
    - gnuviechadmin
 {% for role in ('database', 'queues', 'webinterface', 'gvaldap', 'gvafile', 'gvamysql', 'gvapgsql', 'gvaweb') %}
  'roles:gnuviechadmin.{{ role }}':
    - match: grain
    - gnuviechadmin.{{ role }}
 {% endfor %}
--- a/salt/roots/base/bash_functions
+++ b/salt/roots/base/bash_functions
@ -0,0 +1,25 @@
 #!/bin/bash
 function devenv
 {
    . $HOME/gvasettings.sh
    . {{ venv }}/bin/activate
    cd {{ appdir }}
 }
 function testenv
 {
    devenv
    export DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE%%.local}.test
 }
 function settitle
 {
    if [ -n "$STY" ] ; then      # We are in a screen session
        echo "Setting screen titles to $@"
        printf "\033k%s\033\\" "$@"
        screen -X eval "at \\# title $@" "shelltitle $@"
    else
        printf "\033]0;%s\007" "$@"
    fi
 }
--- a/salt/roots/base/bashrc
+++ b/salt/roots/base/bashrc
@ -0,0 +1,117 @@
 # ~/.bashrc: executed by bash(1) for non-login shells.
 # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
 # for examples
 # If not running interactively, don't do anything
 case $- in
    *i*) ;;
      *) return;;
 esac
 # don't put duplicate lines or lines starting with space in the history.
 # See bash(1) for more options
 HISTCONTROL=ignoreboth
 # append to the history file, don't overwrite it
 shopt -s histappend
 # for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
 HISTSIZE=1000
 HISTFILESIZE=2000
 # check the window size after each command and, if necessary,
 # update the values of LINES and COLUMNS.
 shopt -s checkwinsize
 # If set, the pattern "**" used in a pathname expansion context will
 # match all files and zero or more directories and subdirectories.
 #shopt -s globstar
 # make less more friendly for non-text input files, see lesspipe(1)
 #[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
 # set variable identifying the chroot you work in (used in the prompt below)
 if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
    debian_chroot=$(cat /etc/debian_chroot)
 fi
 # set a fancy prompt (non-color, unless we know we "want" color)
 case "$TERM" in
    xterm-color) color_prompt=yes;;
 esac
 # uncomment for a colored prompt, if the terminal has the capability; turned
 # off by default to not distract the user: the focus in a terminal window
 # should be on the output of commands, not on the prompt
 #force_color_prompt=yes
 if [ -n "$force_color_prompt" ]; then
    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
 	# We have color support; assume it's compliant with Ecma-48
 	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
 	# a case would tend to support setf rather than setaf.)
 	color_prompt=yes
    else
 	color_prompt=
    fi
 fi
 if [ "$color_prompt" = yes ]; then
    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
 else
    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
 fi
 unset color_prompt force_color_prompt
 # If this is an xterm set the title to user@host:dir
 case "$TERM" in
 xterm*|rxvt*)
    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
    ;;
 *)
    ;;
 esac
 # enable color support of ls and also add handy aliases
 if [ -x /usr/bin/dircolors ]; then
    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
    alias ls='ls --color=auto'
    #alias dir='dir --color=auto'
    #alias vdir='vdir --color=auto'
    #alias grep='grep --color=auto'
    #alias fgrep='fgrep --color=auto'
    #alias egrep='egrep --color=auto'
 fi
 # colored GCC warnings and errors
 #export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
 # some more ls aliases
 #alias ll='ls -l'
 #alias la='ls -A'
 #alias l='ls -CF'
 # Alias definitions.
 # You may want to put all your additions into a separate file like
 # ~/.bash_aliases, instead of adding them here directly.
 # See /usr/share/doc/bash-doc/examples in the bash-doc package.
 if [ -f ~/.bash_aliases ]; then
    . ~/.bash_aliases
 fi
 # enable programmable completion features (you don't need to enable
 # this, if it's already enabled in /etc/bash.bashrc and /etc/profile
 # sources /etc/bash.bashrc).
 if ! shopt -oq posix; then
  if [ -f /usr/share/bash-completion/bash_completion ]; then
    . /usr/share/bash-completion/bash_completion
  elif [ -f /etc/bash_completion ]; then
    . /etc/bash_completion
  fi
 fi
 if [ -f ~/.bash_functions ]; then
    . ~/.bash_functions
 fi
--- a/salt/roots/base/init.sls
+++ b/salt/roots/base/init.sls
@ -15,3 +15,16 @@ base-packages:
 update-system:
  pkg.uptodate:
    - refresh: True
 /home/vagrant/bin:
  file.directory:
    - user: vagrant
    - group: vagrant
    - mode: 0750
 /home/vagrant/.bashrc:
  file.managed:
    - user: vagrant
    - group: vagrant
    - mode: 0644
    - source: salt://base/bashrc
--- a/salt/roots/gnuviechadmin/base.sls
+++ b/salt/roots/gnuviechadmin/base.sls
@ -0,0 +1,98 @@
 {% from 'gnuviechadmin/vars.sls' import home, gva_component, gva_amqp_user, checkout, appdir, venv %}
 gva.local:
  host.present:
    - ip: 172.16.3.2
    - names:
      - mq
      - gva.local
 gvaldap.local:
  host.present:
    - ip: 172.16.3.3
 gvafile.local:
  host.present:
    - ip: 172.16.3.4
 gvaweb.local:
  host.present:
    - ip: 172.16.3.5
 gvamysql.local:
  host.present:
    - ip: 172.16.3.6
 gvapgsql.local:
  host.present:
    - ip: 172.16.3.7
 gnuviechadmin-packages:
  pkg.installed:
    - pkgs:
      - libyaml-dev
      - python-virtualenv
      - python-dev
      - python-pip
      - gettext
 {{ home }}/gvasettings.sh:
  file.managed:
    - user: vagrant
    - group: vagrant
    - mode: 0640
    - source: salt://gnuviechadmin/{{ gva_component }}/settings.sh
    - template: jinja
    - context:
        broker_url: {{ 'amqp://%s:%s@mq/%s' % (gva_amqp_user, salt['pillar.get']('gnuviechadmin:queues:users:%s:password' % gva_amqp_user), salt['pillar.get']('gnuviechadmin:queues:vhost')) }}
 gnuviechadmin-venv:
  cmd.run:
    - name: virtualenv {{ venv }}
    - user: vagrant
    - group: vagrant
    - unless: test -f {{ venv }}/bin/pip
 gnuviechadmin-requires:
  cmd.run:
    - name: {{ venv }}/bin/pip install -U -r requirements/local.txt && touch {{ venv }}/lastinstall
    - user: vagrant
    - group: vagrant
    - cwd: {{ checkout }}
    - require:
      - cmd: gnuviechadmin-venv
      - pkg: gnuviechadmin-packages
    - unless: test -e {{ venv }}/lastinstall && test {{ checkout }}/requirements/local.txt -ot {{ venv }}/lastinstall && test {{ checkout }}/requirements/base.txt -ot {{ venv }}/lastinstall
 gnuviechadmin-dbschema:
  cmd.wait:
    - name: . {{ home }}/gvasettings.sh ; unset LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME ; {{ venv }}/bin/python manage.py migrate --noinput
    - user: vagrant
    - group: vagrant
    - cwd: {{ appdir }}
    - watch:
      - cmd: gnuviechadmin-requires
      - file: {{ home }}/gvasettings.sh
 gnuviechadmin-locale-data-compile:
  cmd.wait:
    - name: . {{ home }}/gvasettings.sh ; {{ venv }}/bin/python {{ appdir }}/manage.py compilemessages
    - user: vagrant
    - group: vagrant
    - cwd: {{ appdir }}
    - require:
      - pkg: gnuviechadmin-packages
      - file: {{ home }}/gvasettings.sh
      - cmd: gnuviechadmin-venv
 /home/vagrant/.bash_functions:
  file.managed:
    - user: vagrant
    - group: vagrant
    - mode: 0644
    - source: salt://base/bash_functions
    - template: jinja
    - context:
        home: {{ home }}
        venv: {{ venv }}
        appdir: {{ appdir }}
--- a/salt/roots/gnuviechadmin/bash_functions
+++ b/salt/roots/gnuviechadmin/bash_functions
@ -0,0 +1,25 @@
 #!/bin/bash
 function devenv
 {
    . $HOME/gvasettings.sh
    . $HOME/gva-venv/bin/activate
    cd /vagrant/gnuviechadmin
 }
 function testenv
 {
    devenv
    export DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE%%.local}.test
 }
 function settitle
 {
    if [ -n "$STY" ] ; then      # We are in a screen session
        echo "Setting screen titles to $@"
        printf "\033k%s\033\\" "$@"
        screen -X eval "at \\# title $@" "shelltitle $@"
    else
        printf "\033]0;%s\007" "$@"
    fi
 }
--- a/salt/roots/gnuviechadmin/celery.sls
+++ b/salt/roots/gnuviechadmin/celery.sls
@ -0,0 +1,13 @@
 {% from 'gnuviechadmin/vars.sls' import home, gva_component, venv, appdir %}
 {{ home }}/bin/run_celery.sh:
  file.managed:
    - user: vagrant
    - group: vagrant
    - mode: 0750
    - source: salt://gnuviechadmin/{{ gva_component }}/run_celery.sh
    - template: jinja
    - context:
        home: {{ home }}
        virtualenv: {{ venv }}
        appdir: {{ appdir }}
--- a/salt/roots/gnuviechadmin/database.sls
+++ b/salt/roots/gnuviechadmin/database.sls
@ -3,9 +3,9 @@ include:
 gnuviechadmin-database:
  postgres_user.present:
-    - name: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}
+    - name: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
    - user: postgres
-    - password: {{ salt['pillar.get']('gnuviechadmin-database:owner:password') }}
+    - password: {{ salt['pillar.get']('gnuviechadmin:database:owner:password') }}
    - login: True
    - createdb: {% if salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') == 'local' %}True
 {%- else %}False
@ -13,20 +13,20 @@ gnuviechadmin-database:
    - require:
      - service: postgresql
  postgres_database.present:
-    - name: {{ salt['pillar.get']('gnuviechadmin-database:database') }}
+    - name: {{ salt['pillar.get']('gnuviechadmin:database:name') }}
    - user: postgres
-    - owner: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}
+    - owner: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
    - encoding: UTF8
    - template: template0
    - require:
      - service: postgresql
-      - postgres_user: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}
+      - postgres_user: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
-{% for gnuviechadmin_db_role in salt['pillar.get']('gnuviechadmin-database:users') %}
+{% for gnuviechadmin_db_role in salt['pillar.get']('gnuviechadmin:database:users') %}
 gnuviechadmin-dbuser-{{ gnuviechadmin_db_role }}:
  postgres_user.present:
-    - name: {{ salt['pillar.get']('gnuviechadmin-database:users:' + gnuviechadmin_db_role + ':user') }}
+    - name: {{ salt['pillar.get']('gnuviechadmin:database:users:%s:user' % gnuviechadmin_db_role) }}
-    - password: {{ salt['pillar.get']('gnuviechadmin-database:users:' + gnuviechadmin_db_role + ':password') }}
+    - password: {{ salt['pillar.get']('gnuviechadmin:database:users:%s:password' % gnuviechadmin_db_role) }}
    - login: True
    - require:
      - service: postgresql
--- a/salt/roots/gnuviechadmin/gva/gnuviechadmin.nginx
+++ b/salt/roots/gnuviechadmin/gva/gnuviechadmin.nginx
--- a/salt/roots/gnuviechadmin/gva/settings.sh
+++ b/salt/roots/gnuviechadmin/gva/settings.sh
@ -3,11 +3,11 @@
 export DJANGO_SETTINGS_MODULE="gnuviechadmin.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}"
 export GVA_ADMIN_NAME="Jan Dittberner"
 export GVA_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin:adminemail') }}"
-export GVA_PGSQL_DATABASE="{{ salt['pillar.get']('gnuviechadmin-database:database') }}"
+export GVA_PGSQL_DATABASE="{{ salt['pillar.get']('gnuviechadmin:database:name') }}"
-export GVA_PGSQL_USER="{{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}"
+export GVA_PGSQL_USER="{{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}"
-export GVA_PGSQL_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-database:owner:password') }}"
+export GVA_PGSQL_PASSWORD="{{ salt['pillar.get']('gnuviechadmin:database:owner:password') }}"
-export GVA_PGSQL_HOSTNAME="{{ salt['pillar.get']('gnuviechadmin-database:hostname') }}"
+export GVA_PGSQL_HOSTNAME="{{ salt['pillar.get']('gnuviechadmin:database:host') }}"
-export GVA_PGSQL_PORT={{ salt['pillar.get']('gnuviechadmin-database:port') }}
+export GVA_PGSQL_PORT={{ salt['pillar.get']('gnuviechadmin:database:port') }}
 export GVA_DOMAIN_NAME="{{ salt['pillar.get']('gnuviechadmin:domainname') }}"
 export GVA_SITE_NAME="{{ salt['pillar.get']('gnuviechadmin:sitename') }}"
 export GVA_SITE_SECRET="{{ salt['grains.get_or_set_hash']('gnuviechadmin:SECRET_KEY', 50) }}"
--- a/salt/roots/gnuviechadmin/gvaldap.sls
+++ b/salt/roots/gnuviechadmin/gvaldap.sls
@ -0,0 +1,11 @@
 include:
  - gnuviechadmin.base
  - gnuviechadmin.celery
 gvaldap-packages:
  pkg.installed:
    - pkgs:
      - libldap2-dev
      - libsasl2-dev
    - require_in:
      - pkg: gnuviechadmin-packages
--- a/salt/roots/gnuviechadmin/gvaldap/run_celery.sh
+++ b/salt/roots/gnuviechadmin/gvaldap/run_celery.sh
@ -0,0 +1,7 @@
 #!/bin/sh
 set -ex
 . {{ home }}/gvasettings.sh
 cd {{ appdir }}
 {{ virtualenv }}/bin/celery worker -A gvaldap -Q ldap --loglevel=INFO
--- a/salt/roots/gnuviechadmin/gvaldap/settings.sh
+++ b/salt/roots/gnuviechadmin/gvaldap/settings.sh
@ -0,0 +1,14 @@
 #!/bin/sh
 export DJANGO_SETTINGS_MODULE="gvaldap.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}"
 export GVALDAP_ADMIN_NAME="Jan Dittberner"
 export GVALDAP_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:admin_email') }}"
 export GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_url') }}"
 export GVALDAP_LDAP_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_user') }}"
 export GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_password' ) }}"
 export GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_group') }}"
 export GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_user') }}"
 export GVALDAP_SECRETKEY="{{ salt['grains.get_or_set_hash']('gnuviechadmin-gvaldap:SECRET_KEY', 50) }}"
 export GVALDAP_BROKER_URL="{{ broker_url }}"
 export GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin-gvaldap:allowed_hosts') }}"
 export GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:server_email') }}"
--- a/salt/roots/gnuviechadmin/queues.sls
+++ b/salt/roots/gnuviechadmin/queues.sls
@ -1,37 +1,30 @@
 include:
  - rabbitmq-server
-gnuviechadmin-queues:
+gnuviechadmin-queue-vhost:
  rabbitmq_user.present:
    - name: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}
    - password: {{ salt['pillar.get']('gnuviechadmin-queues:owner:password') }}
    - tags:
      - administrator
    - perms:
      - {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}:
        - '.*'
        - '.*'
        - '.*'
  rabbitmq_vhost.present:
-    - name: {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
+    - name: {{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
    - owner: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}
    - require:
      - rabbitmq_user: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}
-{% for user in salt['pillar.get']('gnuviechadmin-queues:users') %}
+{% for user in salt['pillar.get']('gnuviechadmin:queues:users') %}
 gnuviechadmin-queue-user-{{ user }}:
  rabbitmq_user.present:
    - name: {{ user }}
-    - password: {{ salt['pillar.get']('gnuviechadmin-queues:users:%s:password' % user) }}
+    - password: {{ salt['pillar.get']('gnuviechadmin:queues:users:%s:password' % user) }}
-{% if salt['pillar.get']('gnuviechadmin-queues:users:%s:perms' % user) %}
+{% if salt['pillar.get']('gnuviechadmin:queues:users:%s:perms' % user) %}
    - perms:
-{% for vhost, perms in salt['pillar.get']('gnuviechadmin-queues:users:%s:perms' % user).iteritems() %}
+{% for vhost, perms in salt['pillar.get']('gnuviechadmin:queues:users:%s:perms' % user).iteritems() %}
      - {{ vhost }}:
        - {{ perms[0] }}
        - {{ perms[1] }}
        - {{ perms[2] }}
 {% endfor %}
 {% endif %}
-    - require:
+{% if salt['pillar.get']('gnuviechadmin:queues:users:%s:tags' % user) %}
-      - rabbitmq_vhost: {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
+    - tags:
 {% for tag in salt['pillar.get']('gnuviechadmin:queues:users:%s:tags' % user) %}
      - {{ tag }}
 {% endfor %}
 {% endif %}
    - require:
      - rabbitmq_vhost: {{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
 {% endfor %}
--- a/salt/roots/gnuviechadmin/vars.sls
+++ b/salt/roots/gnuviechadmin/vars.sls
@ -0,0 +1,7 @@
 {% set home = '/home/vagrant' %}
 {% set venv = home + '/gva-venv' %}
 {% set checkout = '/vagrant' %}
 {% set gva_component = salt['pillar.get']('gnuviechadmin:component:name') %}
 {% set gva_amqp_user = salt['pillar.get']('gnuviechadmin:component:amqp_user') %}
 {% set python_module = salt['pillar.get']('gnuviechadmin:component:python_module', gva_component) %}
 {% set appdir = checkout + '/' + python_module %}
--- a/salt/roots/gnuviechadmin/webinterface.sls
+++ b/salt/roots/gnuviechadmin/webinterface.sls
@ -1,92 +1,27 @@
 include:
  - gnuviechadmin.base
  - webserver
-mq:
+libpq-dev:
  host.present:
    - ip: 127.0.0.1
 gnuviechadmin-packages:
  pkg.installed:
-    - names:
+    - require_in:
-      - libpq-dev
+      - pkg: gnuviechadmin-packages
-      - libyaml-dev
+
-      - python-virtualenv
+python-m2crypto:
-      - python-dev
+  pkg.installed:
-      - python-pip
+    - reload_modules: true
      - gettext
 {% import "webserver/sslcert.macros.sls" as sslcert %}
 {% set venv = salt['pillar.get']('gnuviechadmin:virtualenv') %}
 {% set checkout = '/vagrant' %}
 {% set home = '/home/vagrant' %}
 {% set appdir = checkout + '/gnuviechadmin' %}
 {% set domainname = salt['pillar.get']('gnuviechadmin:domainname') %}
 {{ sslcert.key_cert(domainname) }}
 {{ venv }}:
  file.directory:
    - user: vagrant
    - group: vagrant
    - require:
      - cmd: gnuviechadmin-venv
 {{ home }}/gvasettings.sh:
  file.managed:
    - user: vagrant
    - group: vagrant
    - mode: 0640
    - source: salt://gnuviechadmin/gvasettings.sh
    - template: jinja
    - context:
        broker_url: amqp://{{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}:{{ salt['pillar.get']('gnuviechadmin-queues:owner:password') }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
 gnuviechadmin-venv:
  cmd.run:
    - name: virtualenv {{ venv }}
    - user: vagrant
    - group: vagrant
    - unless: test -f {{ venv }}/bin/pip
 gnuviechadmin-requires:
  cmd.run:
    - name: {{ venv }}/bin/pip install -U -r requirements/local.txt && touch {{ venv }}/lastinstall
    - user: vagrant
    - group: vagrant
    - cwd: {{ checkout }}
    - require:
      - file: {{ venv }}
      - pkg: python-dev
      - pkg: libpq-dev
    - unless: test -e {{ venv }}/lastinstall && test {{ checkout }}/requirements/local.txt -ot {{ venv }}/lastinstall && test {{ checkout }}/requirements/base.txt -ot {{ venv }}/lastinstall
 gnuviechadmin-dbschema:
  cmd.wait:
    - name: . {{ home }}/gvasettings.sh ; unset LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME ; {{ venv }}/bin/python manage.py migrate --noinput
    - user: vagrant
    - group: vagrant
    - cwd: {{ appdir }}
    - watch:
      - cmd: gnuviechadmin-requires
      - file: {{ home }}/gvasettings.sh
 gnuviechadmin-locale-data-compile:
  cmd.wait:
    - name: . {{ home }}/gvasettings.sh ; find {{ appdir }} -type d -name 'locale' | while read dir; do cd $(dirname "$dir") ; {{ venv }}/bin/python {{ appdir }}/manage.py compilemessages ; done
    - user: vagrant
    - group: vagrant
    - cwd: {{ appdir }}
    - require:
      - pkg: gettext
      - file: {{ home }}/gvasettings.sh
      - file: {{ venv }}
 /etc/nginx/sites-available/{{ domainname }}:
  file.managed:
    - user: root
    - group: root
    - mode: 0640
-    - source: salt://gnuviechadmin/gnuviechadmin.nginx
+    - source: salt://gnuviechadmin/gva/gnuviechadmin.nginx
    - template: jinja
    - context:
        domainname: {{ domainname }}
--- a/salt/roots/nginx/init.sls
+++ b/salt/roots/nginx/init.sls
@ -11,7 +11,7 @@ nginx-common:
 /etc/nginx/nginx.conf:
  file.managed:
-    - source: salt://base/nginx.conf
+    - source: salt://nginx/nginx.conf
    - user: root
    - group: root
    - mode: 0644
--- a/salt/roots/nginx/nginx.conf
+++ b/salt/roots/nginx/nginx.conf
--- a/salt/roots/webserver/init.sls
+++ b/salt/roots/webserver/init.sls
@ -1,5 +1,5 @@
 include:
-  - base.nginx
+  - nginx
 /etc/nginx/conf.d/logformat.conf:
  file.managed:
--- a/salt/roots/webserver/sslcert.macros.sls
+++ b/salt/roots/webserver/sslcert.macros.sls
@ -23,6 +23,7 @@
    - require:
      - file: {{ nginx_ssl_certdir }}
      - cmd: {{ certfile }}
      - pkg: python-m2crypto
    - require_in:
      - file: /etc/nginx/sites-available/{{ domain_name }}
      - service: nginx