Make gnuviechadmin components work with Poetry

This commit is contained in:
Jan Dittberner 2023-05-07 13:15:45 +02:00
parent 18f0061ee4
commit 1932c76423
18 changed files with 41 additions and 29 deletions

View file

@ -9,7 +9,7 @@ gnuviechadmin:
amqp_user: file
celery_module: fileservertasks
fullname: File Server
git_branch: master
git_branch: main
git_url: https://git.dittberner.info/gnuviech/gvafile.git
mail_directory: /home/mail
sftp_authkeys_directory: /srv/sftp/authorized_keys

View file

@ -13,7 +13,7 @@ gnuviechadmin:
celery_module: ldaptasks
django_secret_key: IyOiTDt2DMo4gBVTwZ+E2p+mI1S/rNzZVIFlSr6TpgtxtsJODOVWHaxgVW3FqGZVaFU=
fullname: LDAP
git_branch: master
git_branch: main
git_url: https://git.dittberner.info/gnuviech/gvaldap.git
ldap_admin_password: NnVnGoWBVw6BKb9DhTwHAz0ICrdiDy+HL1A6F2Rz
ldap_admin_user: ldapadmin

View file

@ -9,7 +9,9 @@ gnuviechadmin:
amqp_user: mysql
celery_module: mysqltasks
fullname: MySQL Server
git_branch: master
git_branch: main
git_url: https://git.dittberner.info/gnuviech/gvamysql.git
mysql_admin_password: jSXstgT/AbWofdI2tJWYpQvFX1mtxt4tFMlrYxSA
mysql_admin_user: gvamysql
mysql.default_file: /etc/mysql/debian.cnf

View file

@ -9,7 +9,7 @@ gnuviechadmin:
amqp_user: pgsql
celery_module: pgsqltasks
fullname: PostgreSQL Server
git_branch: master
git_branch: main
git_url: https://git.dittberner.info/gnuviech/gvapgsql.git
pgsql_admin_password: AAv6d1t9p/vtX/kVorim2MJROQfQPWJoZP3mzyMW
pgsql_admin_user: gvapgsql

View file

@ -9,5 +9,5 @@ gnuviechadmin:
amqp_user: web
celery_module: webtasks
fullname: Web
git_branch: master
git_branch: main
git_url: https://git.dittberner.info/gnuviech/gvaweb.git

View file

@ -3,7 +3,7 @@ Description={{ description }}
[Service]
EnvironmentFile=-/etc/default/{{ appname }}
ExecStart={{ virtualenv }}/bin/celery worker -A {{ celery_module }} -Q {{ amqpname }} --loglevel=INFO
ExecStart={{ checkout }}/.venv/bin/celery --app="{{ celery_module }}" worker --queues="{{ amqpname }}" --task-events --concurrency=1 --loglevel=INFO
Restart=on-failure
User={{ app_user }}
WorkingDirectory={{ checkout }}/{{ appname }}

View file

@ -1,3 +1,4 @@
---
{% macro gvaapp_base(gvaappname, servicename) -%}
{% set app_home = salt['grains.get']('gnuviechadmin:home', '/home/{}'.format(gvaappname)) %}
{% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %}
@ -7,7 +8,6 @@
{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
{% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
{% set venv = "{}/.venv".format(checkout) -%}
{% set deployment_key = '{}/.ssh/id_deployment'.format(app_home) -%}
{% for host in salt['pillar.get']('gnuviechadmin:machines', {}) %}
@ -77,7 +77,7 @@ gvabase-dependencies:
{% endif %}
{{ gvaappname }}-requirements:
cmd.wait:
cmd.run:
- name: /usr/local/poetry/bin/poetry install
- runas: {{ app_user }}
- cwd: {{ checkout }}
@ -93,7 +93,7 @@ gvabase-dependencies:
- file: {{ checkout }}
{%- endif %}
- pkg: gvabase-dependencies
- unless: test $(find {{ venv }} -type f -cnewer Pipfile.lock \! -name '*.pyc'|wc -l) -gt 0
- unless: test $(find {{ checkout }}/.venv -type f -cnewer poetry.lock \! -name '*.pyc'|wc -l) -gt 0
- watch_in:
- service: {{ servicename }}
{% endmacro %}
@ -103,7 +103,6 @@ gvabase-dependencies:
{% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %}
{% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}
{% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}
{% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
@ -119,7 +118,6 @@ gvabase-dependencies:
- source: salt://gnuviechadmin/{{ gvaappname }}/celery-worker.env
- template: jinja
- context:
virtualenv: {{ venv }}
checkout: {{ checkout }}
broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin:queues:users:{}:password'.format(amqp_user)) }}@{{ salt['pillar.get']('gnuviechadmin:amqp_host', 'mq') }}/{{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
result_url: redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0
@ -134,7 +132,6 @@ gvabase-dependencies:
- source: salt://gnuviechadmin/celery-worker.service
- template: jinja
- context:
virtualenv: {{ venv }}
checkout: {{ checkout }}
app_user: {{ app_user }}
appname: {{ gvaappname }}
@ -148,7 +145,6 @@ gvabase-dependencies:
service.running:
- enable: True
- require:
- file: {{ venv }}
{%- if update_git %}
- git: {{ gitrepo }}
{%- else %}

View file

@ -7,8 +7,7 @@
{% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
include:
- base
- python.pipenv
- python.virtualenv
- python.poetry
- nfsserver
{{ mail_directory }}:

View file

@ -3,3 +3,6 @@ GVAFILE_MAIL_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:gvafile:mail_direct
GVAFILE_RESULTS_REDIS_URL="{{ result_url }}"
GVAFILE_SFTP_AUTHKEYS_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:gvafile:sftp_authkeys_directory') }}"
GVAFILE_SFTP_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:gvafile:web_directory') }}"
LANG=C.UTF-8
LC_ALL=C.UTF-8
TZ=Europe/Berlin

View file

@ -1,15 +1,16 @@
---
{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}
{% set purpose = "for LDAP data management" %}
{% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
include:
- python.pipenv
- python.virtualenv
- python.poetry
{{ create_celery_worker(gvaappname, purpose) }}
{{ gvaappname }}-dependencies:
pkg.installed:
- pkgs:
- python3-dev
- libldap2-dev
- libsasl2-dev
- require_in:

View file

@ -5,9 +5,12 @@ GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin:gvaldap:allowed_host
GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn_groups') }}"
GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn_users') }}"
GVALDAP_BROKER_URL="{{ broker_url }}"
GVALDAP_RESULTS_REDIS_URL="{{ result_url }}"
GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_password' ) }}"
GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin:ldap_url') }}"
GVALDAP_LDAP_USER="cn={{ salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_user') }},{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn') }}"
GVALDAP_RESULTS_REDIS_URL="{{ result_url }}"
GVALDAP_SECRETKEY="{{ salt['pillar.get']('gnuviechadmin:gvaldap:django_secret_key') }}"
GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin:server_email') }}"
LANG=C.UTF-8
LC_ALL=C.UTF-8
TZ=Europe/Berlin

View file

@ -6,9 +6,7 @@
# FIXME: this is broken due to https://github.com/saltstack/salt/issues/56124
# patches.mysql is needed to be run on the minion before usage with Salt 3000
include:
- python.pipenv
- python.virtualenv
- patches.mysql
- python.poetry
- mariadb-server
{{ create_celery_worker(gvaappname, purpose) }}
@ -16,21 +14,22 @@ include:
{{ gvaappname }}-dependencies:
pkg.installed:
- pkgs:
- python3-dev
- libmariadb-dev-compat
- require_in:
- cmd: {{ gvaappname }}-requirements
python3-mysqldb:
pkg.installed
pip.installed:
- name: mysqlclient
gvamysql-mysql-user:
mysql_user.present:
- name: {{ mysql_admin_user }}
- host: '%'
- password: {{ mysql_admin_password }}
- unix_socket: true
- require:
- pkg: python3-mysqldb
- pip: python3-mysqldb
gvamysql-grants-all-dbs:
mysql_grants.present:
@ -41,4 +40,5 @@ gvamysql-grants-all-dbs:
- password: {{ mysql_admin_password }}
- host: '%'
- require:
- pip: python3-mysqldb
- mysql_user: gvamysql-mysql-user

View file

@ -4,3 +4,6 @@ GVAMYSQL_DBADMIN_PASSWORD="{{ salt['pillar.get']('gnuviechadmin:gvamysql:mysql_a
GVAMYSQL_DBADMIN_PORT="{{ salt['pillar.get']('gnuviechadmin:gvamysql:mysql_admin_port', 3306) }}"
GVAMYSQL_DBADMIN_USER="{{ salt['pillar.get']('gnuviechadmin:gvamysql:mysql_admin_user', 'gvamysql') }}"
GVAMYSQL_RESULTS_REDIS_URL="{{ result_url }}"
LANG=C.UTF-8
LC_ALL=C.UTF-8
TZ=Europe/Berlin

View file

@ -2,8 +2,7 @@
{% set purpose = "for PostgreSQL configuration management" %}
{% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
include:
- python.pipenv
- python.virtualenv
- python.poetry
- postgresql-server
{{ create_celery_worker(gvaappname, purpose) }}
@ -11,6 +10,7 @@ include:
{{ gvaappname }}-dependencies:
pkg.installed:
- pkgs:
- python3-dev
- libpq-dev
- require_in:
- cmd: {{ gvaappname }}-requirements

View file

@ -4,3 +4,6 @@ GVAPGSQL_DBADMIN_HOST="{{ salt['pillar.get']('gnuviechadmin:gvapgsql:pgsql_admin
GVAPGSQL_DBADMIN_PORT="{{ salt['pillar.get']('gnuviechadmin:gvapgsql:pgsql_admin_port', 5432) }}"
GVAPGSQL_DBADMIN_USER="{{ salt['pillar.get']('gnuviechadmin:gvapgsql:pgsql_admin_user', 'gvapgsql') }}"
GVAPGSQL_DBADMIN_PASSWORD="{{ salt['pillar.get']('gnuviechadmin:gvapgsql:pgsql_admin_password') }}"
LANG=C.UTF-8
LC_ALL=C.UTF-8
TZ=Europe/Berlin

View file

@ -3,8 +3,7 @@
{% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
include:
- base
- python.pipenv
- python.virtualenv
- python.poetry
{{ create_celery_worker(gvaappname, purpose) }}

View file

@ -3,3 +3,6 @@ GVAWEB_NGINX_SITES_AVAILABLE="{{ salt['pillar.get']('gnuviechadmin:gvaweb:nginx_
GVAWEB_NGINX_SITES_ENABLED="{{ salt['pillar.get']('gnuviechadmin:gvaweb:nginx_sites_enabled', '/etc/nginx/sites-enabled') }}"
GVAWEB_RESULTS_REDIS_URL="{{ result_url }}"
GVAWEB_WWWUSER_MOUNT="{{ salt['pillar.get']('gnuviechadmin:gvaweb:wwwuser_mount', '/srv/wwwfiles') }}"
LANG=C.UTF-8
LC_ALL=C.UTF-8
TZ=Europe/Berlin

View file

@ -9,7 +9,7 @@ mysql:
/etc/mysql/my.cnf:
file.managed:
- owner: root
- user: root
- group: root
- mode: 0644
- source: salt://mariadb-server/my.cnf