Add initial Vagrant/Saltstack setup

This commit adds an initial Vagrant and Saltstack setup that reuses the
same configuration as that of the gva repository. The LDAP server itself
is not configured yet.

salt/roots/gnuviechadmin/base.sls

@@ -0,0 +1,98 @@
+{% from 'gnuviechadmin/vars.sls' import home, gva_component, gva_amqp_user, checkout, appdir, venv %}
+
+gva.local:
+  host.present:
+    - ip: 172.16.3.2
+    - names:
+      - mq
+      - gva.local
+
+gvaldap.local:
+  host.present:
+    - ip: 172.16.3.3
+
+gvafile.local:
+  host.present:
+    - ip: 172.16.3.4
+
+gvaweb.local:
+  host.present:
+    - ip: 172.16.3.5
+
+gvamysql.local:
+  host.present:
+    - ip: 172.16.3.6
+
+gvapgsql.local:
+  host.present:
+    - ip: 172.16.3.7
+
+gnuviechadmin-packages:
+  pkg.installed:
+    - pkgs:
+      - libyaml-dev
+      - python-virtualenv
+      - python-dev
+      - python-pip
+      - gettext
+
+{{ home }}/gvasettings.sh:
+  file.managed:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0640
+    - source: salt://gnuviechadmin/{{ gva_component }}/settings.sh
+    - template: jinja
+    - context:
+        broker_url: {{ 'amqp://%s:%s@mq/%s' % (gva_amqp_user, salt['pillar.get']('gnuviechadmin:queues:users:%s:password' % gva_amqp_user), salt['pillar.get']('gnuviechadmin:queues:vhost')) }}
+
+gnuviechadmin-venv:
+  cmd.run:
+    - name: virtualenv {{ venv }}
+    - user: vagrant
+    - group: vagrant
+    - unless: test -f {{ venv }}/bin/pip
+
+gnuviechadmin-requires:
+  cmd.run:
+    - name: {{ venv }}/bin/pip install -U -r requirements/local.txt && touch {{ venv }}/lastinstall
+    - user: vagrant
+    - group: vagrant
+    - cwd: {{ checkout }}
+    - require:
+      - cmd: gnuviechadmin-venv
+      - pkg: gnuviechadmin-packages
+    - unless: test -e {{ venv }}/lastinstall && test {{ checkout }}/requirements/local.txt -ot {{ venv }}/lastinstall && test {{ checkout }}/requirements/base.txt -ot {{ venv }}/lastinstall
+
+gnuviechadmin-dbschema:
+  cmd.wait:
+    - name: . {{ home }}/gvasettings.sh ; unset LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME ; {{ venv }}/bin/python manage.py migrate --noinput
+    - user: vagrant
+    - group: vagrant
+    - cwd: {{ appdir }}
+    - watch:
+      - cmd: gnuviechadmin-requires
+      - file: {{ home }}/gvasettings.sh
+
+gnuviechadmin-locale-data-compile:
+  cmd.wait:
+    - name: . {{ home }}/gvasettings.sh ; {{ venv }}/bin/python {{ appdir }}/manage.py compilemessages
+    - user: vagrant
+    - group: vagrant
+    - cwd: {{ appdir }}
+    - require:
+      - pkg: gnuviechadmin-packages
+      - file: {{ home }}/gvasettings.sh
+      - cmd: gnuviechadmin-venv
+
+/home/vagrant/.bash_functions:
+  file.managed:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0644
+    - source: salt://base/bash_functions
+    - template: jinja
+    - context:
+        home: {{ home }}
+        venv: {{ venv }}
+        appdir: {{ appdir }}

salt/roots/gnuviechadmin/bash_functions

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+function devenv
+{
+    . $HOME/gvasettings.sh
+    . $HOME/gva-venv/bin/activate
+    cd /vagrant/gnuviechadmin
+}
+
+function testenv
+{
+    devenv
+    export DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE%%.local}.test
+}
+
+function settitle
+{
+    if [ -n "$STY" ] ; then      # We are in a screen session
+        echo "Setting screen titles to $@"
+        printf "\033k%s\033\\" "$@"
+        screen -X eval "at \\# title $@" "shelltitle $@"
+    else
+        printf "\033]0;%s\007" "$@"
+    fi
+}

salt/roots/gnuviechadmin/celery.sls

@@ -0,0 +1,13 @@
+{% from 'gnuviechadmin/vars.sls' import home, gva_component, venv, appdir %}
+
+{{ home }}/bin/run_celery.sh:
+  file.managed:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0750
+    - source: salt://gnuviechadmin/{{ gva_component }}/run_celery.sh
+    - template: jinja
+    - context:
+        home: {{ home }}
+        virtualenv: {{ venv }}
+        appdir: {{ appdir }}

salt/roots/gnuviechadmin/database.sls

@@ -0,0 +1,33 @@
+include:
+  - postgresql-server
+
+gnuviechadmin-database:
+  postgres_user.present:
+    - name: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
+    - user: postgres
+    - password: {{ salt['pillar.get']('gnuviechadmin:database:owner:password') }}
+    - login: True
+    - createdb: {% if salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') == 'local' %}True
+{%- else %}False
+{%- endif %}
+    - require:
+      - service: postgresql
+  postgres_database.present:
+    - name: {{ salt['pillar.get']('gnuviechadmin:database:name') }}
+    - user: postgres
+    - owner: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
+    - encoding: UTF8
+    - template: template0
+    - require:
+      - service: postgresql
+      - postgres_user: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
+
+{% for gnuviechadmin_db_role in salt['pillar.get']('gnuviechadmin:database:users') %}
+gnuviechadmin-dbuser-{{ gnuviechadmin_db_role }}:
+  postgres_user.present:
+    - name: {{ salt['pillar.get']('gnuviechadmin:database:users:%s:user' % gnuviechadmin_db_role) }}
+    - password: {{ salt['pillar.get']('gnuviechadmin:database:users:%s:password' % gnuviechadmin_db_role) }}
+    - login: True
+    - require:
+      - service: postgresql
+{% endfor %}

salt/roots/gnuviechadmin/gva/gnuviechadmin.nginx

@@ -0,0 +1,27 @@
+server {
+  server_name www.{{ domainname }};
+  listen 443 ssl;
+
+  ssl_certificate {{ ssl_certdir }}/{{ domainname }}.crt.pem;
+  ssl_certificate_key {{ ssl_keydir }}/{{ domainname }}.key.pem;
+
+  if ( $host != '{{ domainname }}') {
+    return 301 https://{{ domainname }}$request_uri;
+  }
+
+  client_max_body_size 1M;
+  gzip on;
+  gzip_types text/javascript application/x-javascript text/css;
+
+  location /media {
+    alias /vagrant/gnuviechadmin/media;
+  }
+
+  location /static {
+    alias /vagrant/gnuviechadmin/assets;
+  }
+
+  location / {
+    proxy_pass http://localhost:8000;
+  }
+}

salt/roots/gnuviechadmin/gva/settings.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+
+export DJANGO_SETTINGS_MODULE="gnuviechadmin.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}"
+export GVA_ADMIN_NAME="Jan Dittberner"
+export GVA_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin:adminemail') }}"
+export GVA_PGSQL_DATABASE="{{ salt['pillar.get']('gnuviechadmin:database:name') }}"
+export GVA_PGSQL_USER="{{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}"
+export GVA_PGSQL_PASSWORD="{{ salt['pillar.get']('gnuviechadmin:database:owner:password') }}"
+export GVA_PGSQL_HOSTNAME="{{ salt['pillar.get']('gnuviechadmin:database:host') }}"
+export GVA_PGSQL_PORT={{ salt['pillar.get']('gnuviechadmin:database:port') }}
+export GVA_DOMAIN_NAME="{{ salt['pillar.get']('gnuviechadmin:domainname') }}"
+export GVA_SITE_NAME="{{ salt['pillar.get']('gnuviechadmin:sitename') }}"
+export GVA_SITE_SECRET="{{ salt['grains.get_or_set_hash']('gnuviechadmin:SECRET_KEY', 50) }}"
+export GVA_SITE_ADMINMAIL="{{ salt['pillar.get']('gnuviechadmin:adminemail') }}"
+export GVA_MIN_OS_UID={{ salt['pillar.get']('gnuviechadmin:minosuid') }}
+export GVA_MIN_OS_GID={{ salt['pillar.get']('gnuviechadmin:minosgid') }}
+export GVA_OSUSER_PREFIX="{{ salt['pillar.get']('gnuviechadmin:osuserprefix') }}"
+export GVA_OSUSER_HOME_BASEPATH="{{ salt['pillar.get']('gnuviechadmin:osuserhomedirbase') }}"
+export GVA_OSUSER_DEFAULT_SHELL="{{ salt['pillar.get']('gnuviechadmin:osuserdefaultshell') }}"
+export GVA_BROKER_URL="{{ broker_url }}"
+export GVA_OSUSER_UPLOADSERVER="{{ salt['pillar.get']('gnuviechadmin:uploadserver') }}"
+export GVA_WEBMAIL_URL="{{ salt['pillar.get']('gnuviechadmin:webmail_url') }}"
+export GVA_PHPMYADMIN_URL="{{ salt['pillar.get']('gnuviechadmin:phpmyadmin_url') }}"
+export GVA_PHPPGADMIN_URL="{{ salt['pillar.get']('gnuviechadmin:phppgadmin_url') }}"

salt/roots/gnuviechadmin/gvaldap.sls

@@ -0,0 +1,11 @@
+include:
+  - gnuviechadmin.base
+  - gnuviechadmin.celery
+
+gvaldap-packages:
+  pkg.installed:
+    - pkgs:
+      - libldap2-dev
+      - libsasl2-dev
+    - require_in:
+      - pkg: gnuviechadmin-packages

salt/roots/gnuviechadmin/gvaldap/run_celery.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -ex
+
+. {{ home }}/gvasettings.sh
+cd {{ appdir }}
+{{ virtualenv }}/bin/celery worker -A gvaldap -Q ldap --loglevel=INFO

salt/roots/gnuviechadmin/gvaldap/settings.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+export DJANGO_SETTINGS_MODULE="gvaldap.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}"
+export GVALDAP_ADMIN_NAME="Jan Dittberner"
+export GVALDAP_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:admin_email') }}"
+export GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_url') }}"
+export GVALDAP_LDAP_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_user') }}"
+export GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_password' ) }}"
+export GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_group') }}"
+export GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_user') }}"
+export GVALDAP_SECRETKEY="{{ salt['grains.get_or_set_hash']('gnuviechadmin-gvaldap:SECRET_KEY', 50) }}"
+export GVALDAP_BROKER_URL="{{ broker_url }}"
+export GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin-gvaldap:allowed_hosts') }}"
+export GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:server_email') }}"

salt/roots/gnuviechadmin/queues.sls

@@ -0,0 +1,30 @@
+include:
+  - rabbitmq-server
+
+gnuviechadmin-queue-vhost:
+  rabbitmq_vhost.present:
+    - name: {{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
+
+{% for user in salt['pillar.get']('gnuviechadmin:queues:users') %}
+gnuviechadmin-queue-user-{{ user }}:
+  rabbitmq_user.present:
+    - name: {{ user }}
+    - password: {{ salt['pillar.get']('gnuviechadmin:queues:users:%s:password' % user) }}
+{% if salt['pillar.get']('gnuviechadmin:queues:users:%s:perms' % user) %}
+    - perms:
+{% for vhost, perms in salt['pillar.get']('gnuviechadmin:queues:users:%s:perms' % user).iteritems() %}
+      - {{ vhost }}:
+        - {{ perms[0] }}
+        - {{ perms[1] }}
+        - {{ perms[2] }}
+{% endfor %}
+{% endif %}
+{% if salt['pillar.get']('gnuviechadmin:queues:users:%s:tags' % user) %}
+    - tags:
+{% for tag in salt['pillar.get']('gnuviechadmin:queues:users:%s:tags' % user) %}
+      - {{ tag }}
+{% endfor %}
+{% endif %}
+    - require:
+      - rabbitmq_vhost: {{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
+{% endfor %}

salt/roots/gnuviechadmin/vars.sls

@@ -0,0 +1,7 @@
+{% set home = '/home/vagrant' %}
+{% set venv = home + '/gva-venv' %}
+{% set checkout = '/vagrant' %}
+{% set gva_component = salt['pillar.get']('gnuviechadmin:component:name') %}
+{% set gva_amqp_user = salt['pillar.get']('gnuviechadmin:component:amqp_user') %}
+{% set python_module = salt['pillar.get']('gnuviechadmin:component:python_module', gva_component) %}
+{% set appdir = checkout + '/' + python_module %}

salt/roots/gnuviechadmin/webinterface.sls

@@ -0,0 +1,39 @@
+include:
+  - gnuviechadmin.base
+  - webserver
+
+libpq-dev:
+  pkg.installed:
+    - require_in:
+      - pkg: gnuviechadmin-packages
+
+python-m2crypto:
+  pkg.installed:
+    - reload_modules: true
+
+{% import "webserver/sslcert.macros.sls" as sslcert %}
+
+{% set domainname = salt['pillar.get']('gnuviechadmin:domainname') %}
+{{ sslcert.key_cert(domainname) }}
+
+/etc/nginx/sites-available/{{ domainname }}:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0640
+    - source: salt://gnuviechadmin/gva/gnuviechadmin.nginx
+    - template: jinja
+    - context:
+        domainname: {{ domainname }}
+        ssl_keydir: {{ salt['pillar.get']('nginx:sslkeydir', '/etc/nginx/ssl/private') }}
+        ssl_certdir: {{ salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') }}
+    - require:
+      - pkg: nginx
+
+/etc/nginx/sites-enabled/{{ domainname }}:
+  file.symlink:
+    - target: /etc/nginx/sites-available/{{ domainname }}
+    - require:
+      - file: /etc/nginx/sites-available/{{ domainname }}
+    - watch_in:
+      - service: nginx