gvasalt/states/gnuviechadmin/gva.sls

{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}
{% set app_home = salt['grains.get']('gnuviechadmin:home', '/home/{}'.format(gvaappname)) %}
{% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %}
{% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}
{% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}

{% set amqp_user = salt['pillar.get']('gnuviechadmin:{}:amqp_user'.format(gvaappname), gvaappname) -%}
{% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
{% set domainname = salt['pillar.get']('gnuviechadmin:{}:domainname'.format(gvaappname), 'service.localhost') %}
{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}

{% from 'gnuviechadmin/gvaapp_macros.sls' import gvaapp_base with context %}
include:
- base
- python.pipenv
- python.virtualenv
- uwsgi.python3

{{ gvaapp_base(gvaappname, 'uwsgi') }}

{{ gvaappname }}-dependencies:
  pkg.installed:
    - pkgs:
      - libpq-dev
    - require_in:
      - cmd: {{ gvaappname }}-requirements

gettext:
  pkg.installed

{{ checkout }}/.env:
  file.managed:
    - user: {{ app_user }}
    - group: {{ app_group }}
    - mode: 0640
    - source: salt://gnuviechadmin/{{ gvaappname }}/env-vars
    - template: jinja
    - context:
        gvaappname: {{ gvaappname }}
        broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin:queues:users:{}:password'.format(amqp_user)) }}@{{ salt['pillar.get']('gnuviechadmin:amqp_host', 'mq') }}/{{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
        result_url: redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0
    - require:
      - user: {{ gvaappname }}-user
      - group: {{ gvaappname }}-group
      - file: {{ checkout }}

{% for command in ['migrate --noinput', 'collectstatic --noinput', 'compilemessages'] %}
{{ gvaappname }}-manage-{{ command }}:
  cmd.wait:
    - name: /usr/local/bin/pipenv run python3 manage.py {{ command }}
    - runas: {{ app_user }}
    - cwd: {{ checkout }}/gnuviechadmin
    - env:
      - VIRTUAL_ENV: "{{ venv }}"
      - LC_ALL: C.UTF-8
      - LANG: C.UTF-8
    - watch:
      - cmd: {{ gvaappname }}-requirements
      - file: {{ checkout }}/.env
      {%- if update_git %}
      - git: {{ gitrepo }}
      {%- endif %}
{% endfor %}

/etc/uwsgi/apps-available/{{ gvaappname }}.ini:
  file.managed:
    - user: root
    - group: {{ app_group }}
    - mode: 0640
    - source: salt://gnuviechadmin/{{ gvaappname }}/uwsgi.ini
    - template: jinja
    - context:
        gvaappname: {{ gvaappname }}
        broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin:queues:users:{}:password'.format(amqp_user)) }}@{{ salt['pillar.get']('gnuviechadmin:amqp_host', 'mq') }}/{{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
        result_url: redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0
        workdir: {{ checkout }}/gnuviechadmin
        venv: {{ venv }}
    - require:
      - pkg: uwsgi
    - require_in:
      - service: uwsgi
    - watch_in:
      - service: uwsgi

/etc/uwsgi/apps-enabled/{{ gvaappname }}.ini:
  file.symlink:
    - target: /etc/uwsgi/apps-available/{{ gvaappname }}.ini
    - require:
      - file: /etc/uwsgi/apps-available/{{ gvaappname }}.ini
    - require_in:
      - service: uwsgi

{% set letsencrypt = salt['pillar.get']('gnuviechadmin:{}:letsencrypt'.format(gvaappname), False) %}
{% if not letsencrypt %}
python3-cryptography:
  pkg.installed

{% from 'webserver/sslcert.macros.sls' import key_cert with context %}
{{ key_cert(domainname) }}
{% endif %}

/etc/nginx/sites-available/{{ domainname }}:
  file.managed:
    - user: root
    - group: root
    - mode: 0640
    - source: salt://gnuviechadmin/{{ gvaappname }}/app.nginx
    - template: jinja
    - context:
        domainname: {{ domainname }}
        checkout: {{ checkout }}
        letsencrypt: {{ letsencrypt }}
        appname: {{ gvaappname }}
    - require:
      - pkg: nginx
    - watch_in:
      - service: nginx

/etc/nginx/sites-enabled/{{ domainname }}:
  file.symlink:
    - target: /etc/nginx/sites-available/{{ domainname }}
    - require:
      - file: /etc/nginx/sites-available/{{ domainname }}
      - file: /etc/uwsgi/apps-enabled/{{ gvaappname }}.ini
      - service: uwsgi
    - watch_in:
      - service: nginx
Implement salt states for gva webinterface - setup listener and pg_hba.conf for PostgreSQL server - add state code for gva - add macros for nginx and uwsgi with Python 3 support - add pillar data for gva 2020-03-07 18:26:52 +01:00			`{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}`
			`{% set app_home = salt['grains.get']('gnuviechadmin:home', '/home/{}'.format(gvaappname)) %}`
			`{% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %}`
			`{% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}`
			`{% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}`

			`{% set amqp_user = salt['pillar.get']('gnuviechadmin:{}:amqp_user'.format(gvaappname), gvaappname) -%}`
			`{% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}`
			`{% set domainname = salt['pillar.get']('gnuviechadmin:{}:domainname'.format(gvaappname), 'service.localhost') %}`
			`{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}`
			`{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}`

			`{% from 'gnuviechadmin/gvaapp_macros.sls' import gvaapp_base with context %}`
			`include:`
			`- base`
			`- python.pipenv`
			`- python.virtualenv`
			`- uwsgi.python3`

			`{{ gvaapp_base(gvaappname, 'uwsgi') }}`

			`{{ gvaappname }}-dependencies:`
			`pkg.installed:`
			`- pkgs:`
			`- libpq-dev`
			`- require_in:`
			`- cmd: {{ gvaappname }}-requirements`

			`gettext:`
			`pkg.installed`

			`{{ checkout }}/.env:`
			`file.managed:`
			`- user: {{ app_user }}`
			`- group: {{ app_group }}`
			`- mode: 0640`
			`- source: salt://gnuviechadmin/{{ gvaappname }}/env-vars`
			`- template: jinja`
			`- context:`
			`gvaappname: {{ gvaappname }}`
			`broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin:queues:users:{}:password'.format(amqp_user)) }}@{{ salt['pillar.get']('gnuviechadmin:amqp_host', 'mq') }}/{{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}`
			`result_url: redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0`
			`- require:`
			`- user: {{ gvaappname }}-user`
			`- group: {{ gvaappname }}-group`
			`- file: {{ checkout }}`

			`{% for command in ['migrate --noinput', 'collectstatic --noinput', 'compilemessages'] %}`
			`{{ gvaappname }}-manage-{{ command }}:`
			`cmd.wait:`
			`- name: /usr/local/bin/pipenv run python3 manage.py {{ command }}`
			`- runas: {{ app_user }}`
			`- cwd: {{ checkout }}/gnuviechadmin`
			`- env:`
			`- VIRTUAL_ENV: "{{ venv }}"`
			`- LC_ALL: C.UTF-8`
			`- LANG: C.UTF-8`
			`- watch:`
			`- cmd: {{ gvaappname }}-requirements`
			`- file: {{ checkout }}/.env`
			`{%- if update_git %}`
			`- git: {{ gitrepo }}`
			`{%- endif %}`
			`{% endfor %}`

			`/etc/uwsgi/apps-available/{{ gvaappname }}.ini:`
			`file.managed:`
			`- user: root`
			`- group: {{ app_group }}`
			`- mode: 0640`
			`- source: salt://gnuviechadmin/{{ gvaappname }}/uwsgi.ini`
			`- template: jinja`
			`- context:`
			`gvaappname: {{ gvaappname }}`
			`broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin:queues:users:{}:password'.format(amqp_user)) }}@{{ salt['pillar.get']('gnuviechadmin:amqp_host', 'mq') }}/{{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}`
			`result_url: redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0`
			`workdir: {{ checkout }}/gnuviechadmin`
			`venv: {{ venv }}`
			`- require:`
			`- pkg: uwsgi`
			`- require_in:`
			`- service: uwsgi`
			`- watch_in:`
			`- service: uwsgi`

			`/etc/uwsgi/apps-enabled/{{ gvaappname }}.ini:`
			`file.symlink:`
			`- target: /etc/uwsgi/apps-available/{{ gvaappname }}.ini`
			`- require:`
			`- file: /etc/uwsgi/apps-available/{{ gvaappname }}.ini`
			`- require_in:`
			`- service: uwsgi`

			`{% set letsencrypt = salt['pillar.get']('gnuviechadmin:{}:letsencrypt'.format(gvaappname), False) %}`
			`{% if not letsencrypt %}`
			`python3-cryptography:`
			`pkg.installed`

			`{% from 'webserver/sslcert.macros.sls' import key_cert with context %}`
			`{{ key_cert(domainname) }}`
			`{% endif %}`

			`/etc/nginx/sites-available/{{ domainname }}:`
			`file.managed:`
			`- user: root`
			`- group: root`
			`- mode: 0640`
			`- source: salt://gnuviechadmin/{{ gvaappname }}/app.nginx`
			`- template: jinja`
			`- context:`
			`domainname: {{ domainname }}`
			`checkout: {{ checkout }}`
			`letsencrypt: {{ letsencrypt }}`
			`appname: {{ gvaappname }}`
			`- require:`
			`- pkg: nginx`
			`- watch_in:`
			`- service: nginx`

			`/etc/nginx/sites-enabled/{{ domainname }}:`
			`file.symlink:`
			`- target: /etc/nginx/sites-available/{{ domainname }}`
			`- require:`
			`- file: /etc/nginx/sites-available/{{ domainname }}`
			`- file: /etc/uwsgi/apps-enabled/{{ gvaappname }}.ini`
			`- service: uwsgi`
			`- watch_in:`
			`- service: nginx`