226 lines
6.7 KiB
Text
226 lines
6.7 KiB
Text
|
{% macro gvaapp_base(gvaappname, servicename) -%}
|
||
|
include:
|
||
|
- python.pipenv
|
||
|
- python.virtualenv
|
||
|
|
||
|
{% set app_home = salt['grains.get']('gnuviechadmin:home', '/home/{}'.format(gvaappname)) %}
|
||
|
{% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %}
|
||
|
{% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}
|
||
|
{% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}
|
||
|
|
||
|
{% set appfullname = 'GNUViech Admin {} User'.format(grains['gnuviechadmin']['fullname']) -%}
|
||
|
{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
|
||
|
{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
|
||
|
{% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
|
||
|
{% set deployment_key = '{}/.ssh/id_deployment'.format(app_home) -%}
|
||
|
|
||
|
{{ gvaappname }}-group:
|
||
|
group.present:
|
||
|
- name: {{ app_group }}
|
||
|
|
||
|
{{ gvaappname }}-user:
|
||
|
user.present:
|
||
|
- name: {{ app_user }}
|
||
|
- home: {{ app_home }}
|
||
|
- shell: /bin/bash
|
||
|
- fullname: {{ appfullname }}
|
||
|
- groups:
|
||
|
- {{ app_group }}
|
||
|
alias.present:
|
||
|
- target: root
|
||
|
|
||
|
gvabase-dependencies:
|
||
|
pkg.installed:
|
||
|
- name: build-essential
|
||
|
|
||
|
{% if update_git %}
|
||
|
{{ app_home }}/.ssh:
|
||
|
file.directory:
|
||
|
- user: {{ app_user }}
|
||
|
- group: {{ app_group }}
|
||
|
- mode: 0700
|
||
|
- require:
|
||
|
- user: {{ gvaappname }}-user
|
||
|
|
||
|
SSH Deployment Key:
|
||
|
cmd.run:
|
||
|
- name: ssh-keygen -t ed25519 -C "Deployment key for {{ gvaappname }}" -N "" -f {{ deployment_key }}
|
||
|
- creates: {{ deployment_key }}
|
||
|
- runas: {{ app_user }}
|
||
|
- requires:
|
||
|
- file: {{ app_home }}/.ssh
|
||
|
- require_in:
|
||
|
git: {{ gitrepo }}
|
||
|
|
||
|
SSH known hosts configuration:
|
||
|
file.managed:
|
||
|
- name: {{ app_home }}/.ssh/known_hosts
|
||
|
- user: {{ app_user }}
|
||
|
- group: {{ app_group }}
|
||
|
- mode: 0600
|
||
|
- contents_pillar: gnuviechadmin:ssh_known_hosts
|
||
|
- require:
|
||
|
- file: {{ app_home }}/.ssh
|
||
|
- require_in:
|
||
|
git: {{ gitrepo }}
|
||
|
|
||
|
SSH configuration:
|
||
|
file.managed:
|
||
|
- name: {{ app_home }}/.ssh/config
|
||
|
- user: {{ app_user }}
|
||
|
- group: {{ app_group }}
|
||
|
- mode: 0600
|
||
|
- source: salt://gnuviechadmin/ssh_deploy_config
|
||
|
- template: jinja
|
||
|
- context:
|
||
|
key: {{ deployment_key }}
|
||
|
- require:
|
||
|
- file: {{ app_home }}/.ssh
|
||
|
- require_in:
|
||
|
git: {{ gitrepo }}
|
||
|
{% endif %}
|
||
|
|
||
|
{{ checkout }}:
|
||
|
file.directory:
|
||
|
- user: {{ app_user }}
|
||
|
- group: {{ app_group }}
|
||
|
- mode: 0755
|
||
|
- require:
|
||
|
- user: {{ gvaappname }}-user
|
||
|
|
||
|
{% if update_git %}
|
||
|
{{ gitrepo }}:
|
||
|
git.latest:
|
||
|
- user: {{ app_user }}
|
||
|
- target: {{ checkout }}
|
||
|
- rev: {{ salt['pillar.get']('gnuviechadmin:{}:git_branch'.format(gvaappname), 'production') }}
|
||
|
- require:
|
||
|
- file: {{ checkout }}
|
||
|
- watch_in:
|
||
|
- cmd: {{ gvaappname }}-requirements
|
||
|
- service: {{ servicename }}
|
||
|
{% endif %}
|
||
|
|
||
|
rm -rf {{ venv }}:
|
||
|
cmd.run:
|
||
|
- runas: {{ app_user }}
|
||
|
- unless: test -f {{ venv }}/bin/python3
|
||
|
- require:
|
||
|
- user: {{ gvaappname }}-user
|
||
|
|
||
|
create-{{ gvaappname }}-venv:
|
||
|
cmd.run:
|
||
|
- name: python3 -m virtualenv --python=python3 {{ venv }}
|
||
|
- runas: {{ app_user }}
|
||
|
- unless: test -f {{ venv }}/bin/pip3
|
||
|
- require:
|
||
|
- user: {{ gvaappname }}-user
|
||
|
- python3-virtualenv-packages
|
||
|
- watch_in:
|
||
|
- cmd: update-{{ gvaappname }}-pip
|
||
|
|
||
|
update-{{ gvaappname }}-pip:
|
||
|
cmd.wait:
|
||
|
- name: {{ venv }}/bin/python3 -m pip install -U pip
|
||
|
- runas: {{ app_user }}
|
||
|
- require:
|
||
|
- user: {{ gvaappname }}-user
|
||
|
|
||
|
{{ venv }}:
|
||
|
file.directory:
|
||
|
- user: {{ app_user }}
|
||
|
- group: {{ app_group }}
|
||
|
- require:
|
||
|
- cmd: create-{{ gvaappname }}-venv
|
||
|
- watch_in:
|
||
|
- cmd: {{ gvaappname }}-requirements
|
||
|
|
||
|
{{ gvaappname }}-requirements:
|
||
|
cmd.wait:
|
||
|
- name: /usr/local/bin/pipenv install --deploy
|
||
|
- runas: {{ app_user }}
|
||
|
- cwd: {{ checkout }}
|
||
|
- env:
|
||
|
- VIRTUAL_ENV: "{{ venv }}"
|
||
|
- PIPENV_HIDE_EMOJIS: 1
|
||
|
- PIPENV_NOSPIN: 1
|
||
|
- PIPENV_COLORBLIND: 1
|
||
|
- LC_ALL: C.UTF-8
|
||
|
- LANG: C.UTF-8
|
||
|
- require:
|
||
|
- cmd: install_pipenv
|
||
|
- file: {{ venv }}
|
||
|
{%- if update_git %}
|
||
|
- git: {{ gitrepo }}
|
||
|
{%- else %}
|
||
|
- file: {{ checkout }}
|
||
|
{%- endif %}
|
||
|
- pkg: gvabase-dependencies
|
||
|
- unless: test $(find {{ venv }} -type f -cnewer Pipfile.lock \! -name '*.pyc'|wc -l) -gt 0
|
||
|
- watch_in:
|
||
|
- service: {{ servicename }}
|
||
|
{% endmacro %}
|
||
|
|
||
|
{% macro create_celery_worker(gvaappname, purpose) %}
|
||
|
{% set app_home = salt['grains.get']('gnuviechadmin:home', '/home/{}'.format(gvaappname)) %}
|
||
|
{% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %}
|
||
|
{% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}
|
||
|
|
||
|
{% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}
|
||
|
{% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
|
||
|
{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
|
||
|
{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
|
||
|
|
||
|
{% set servicename = gvaappname + "-celery-worker" %}
|
||
|
{% set amqp_user = grains['gnuviechadmin']['amqpuser'] -%}
|
||
|
{{ gvaapp_base(gvaappname, servicename ) }}
|
||
|
/etc/default/{{ gvaappname }}:
|
||
|
file.managed:
|
||
|
- user: root
|
||
|
- group: root
|
||
|
- mode: 0640
|
||
|
- source: salt://gnuviechadmin/{{ gvaappname }}/celery-worker.env
|
||
|
- template: jinja
|
||
|
- context:
|
||
|
virtualenv: {{ venv }}
|
||
|
checkout: {{ checkout }}
|
||
|
broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin-queues:users:' + amqp_user + ':password') }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
|
||
|
- watch_in:
|
||
|
- service: {{ servicename }}
|
||
|
|
||
|
/etc/systemd/system/{{ servicename }}.service:
|
||
|
file.managed:
|
||
|
- user: root
|
||
|
- group: root
|
||
|
- mode: 0640
|
||
|
- source: salt://gnuviechadmin/celery-worker.service
|
||
|
- template: jinja
|
||
|
- context:
|
||
|
virtualenv: {{ venv }}
|
||
|
checkout: {{ checkout }}
|
||
|
app_user: {{ app_user }}
|
||
|
appname: {{ gvaappname }}
|
||
|
celery_module: {{ salt['pillar.get']('gnuviechadmin:{}:celery_module'.format(gvaappname), gvaappname) }}
|
||
|
amqpname: {{ amqp_user }}
|
||
|
description: Gnuviechadmin celery worker {{ purpose|default(gvaappname) }}
|
||
|
- watch_in:
|
||
|
- service: {{ servicename }}
|
||
|
|
||
|
{{ servicename }}:
|
||
|
service.running:
|
||
|
- enable: True
|
||
|
- require:
|
||
|
- file: {{ venv }}
|
||
|
{%- if update_git %}
|
||
|
- git: {{ gitrepo }}
|
||
|
{%- else %}
|
||
|
- file: {{ checkout }}
|
||
|
{%- endif %}
|
||
|
- file: /etc/systemd/system/{{ servicename }}.service
|
||
|
- watch:
|
||
|
- cmd: {{ gvaappname }}-requirements
|
||
|
{%- if update_git %}
|
||
|
- git: {{ gitrepo }}
|
||
|
{%- endif %}
|
||
|
{% endmacro %}
|