gnuviech/gvasalt
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Improve salt setup

Browse source 
This commit improves the salt setup of the Vagrant box:
- Salt output is reduced to log level warning
- Hosts entries are created for the internal IPs of all planned gva
  component VMs
- .bashrc and a .bash_functions sourced from it are now managed for the
  vagrant user
- the VM name has been changed to gva.local
- recent salt versions do not depend on m2crypto anymore, therefore it
  is now installed before x509certificate functions are called
- the rabbitmq_vhost for gva is now setup before any users are created
  because the previous implementation was broken with recent salt
  versions
- the gnuviechadmin-locale-data-compile step has been simplified because
  Django 1.9's compilemessages takes care of recursive .mo file
  compilation
- pillar data has been separated by role (especially queue permissions
  and credentials)
- salt configuration is now unified with gvaldap
This commit is contained in:
Jan Dittberner 2016-01-29 18:34:40 +01:00
parent 6fa4662bfd
commit 8396a0788d
35 changed files with 520 additions and 186 deletions
Download patch file Download diff file Expand all files Collapse all files

1
bootstrap.sh
View file

@ -27,6 +27,7 @@ EOF
cat >/etc/salt/grains <<EOF
roles:
- rabbitmq-server
- gnuviechadmin.database
- gnuviechadmin.queues
- gnuviechadmin.webinterface

9
pillar/gnuviechadmin/database.sls
View file

@ -1,7 +1,8 @@
include:
- gnuviechadmin.database.common
gnuviechadmin-database:
owner:
user: gnuviechadmin
password: k4TG0oWeJ08urz697GVfavjK
gnuviechadmin:
database:
owner:
user: gnuviechadmin
password: k4TG0oWeJ08urz697GVfavjK

9
pillar/gnuviechadmin/database/common.sls
View file

@ -1,4 +1,5 @@
gnuviechadmin-database:
database: gnuviechadmin
hostname: localhost
port: 5432
gnuviechadmin:
database:
name: gnuviechadmin
host: localhost
port: 5432

8
pillar/gnuviechadmin/gvaldap.sls Normal file
View file

@ -0,0 +1,8 @@
include:
- gnuviechadmin.queues.common
- gnuviechadmin.queues.gvaldap
gnuviechadmin:
component:
name: gvaldap
amqp_user: ldap

7
pillar/gnuviechadmin/init.sls
View file

@ -1,21 +1,16 @@
include:
- gnuviechadmin.database
- gnuviechadmin.queues
gnuviechadmin:
deploymenttype: local
mailfrom: admin@gnuviech-server.de
adminemail: admin@gnuviech-server.de
sitename: Gnuviech Customer Self Service
domainname: localhost
virtualenv: /home/vagrant/gva-venv
devinstance: True
minosuid: 10000
minosgid: 10000
osuserprefix: usr
osuserhomedirbase: /home
osuserdefaultshell: /usr/bin/rssh
uploadserver: upload.example.com
uploadserver: gvafile.local
webmail_url: https://webmail.example.com/
phpmyadmin_url: https://phpmyadmin.example.com/
phppgadmin_url: https://phppgadmin.example.com/

139
pillar/gnuviechadmin/queues.sls
View file

@ -1,62 +1,77 @@
gnuviechadmin-queues:
vhost: /gnuviechadmin
owner:
user: gnuviechadmin
password: WxyKeo7Xunhwv29C
users:
cli:
password: bUQ4QEB8yQEfsB0i
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
quotajob:
password: TaNoj2H3ZNDIz1rt
perms:
'/gnuviechadmin':
- '^quotatool$'
- '^quotatool$'
- '^quotatool|amq.default$'
tags:
ldap:
password: tl0ALc4aQBAl0W2e
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
file:
password: StR6EgMjLyNGP1F8
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
mysql:
password: Bhruvz8Oe9rXxRc7
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
pgsql:
password: rWOawAtb7MEmGZo3
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
web:
password: 1fBXqCu175rU7SWA
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
include:
- gnuviechadmin.queues.common
- gnuviechadmin.queues.gvaldap
- gnuviechadmin.queues.gvafile
- gnuviechadmin.queues.cli
- gnuviechadmin.queues.gva
- gnuviechadmin.queues.gvamysql
- gnuviechadmin.queues.gvapgsql
- gnuviechadmin.queues.gvaweb
gnuviechadmin:
queues:
users:
ldap:
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
file:
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
gva:
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
mysql:
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
pgsql:
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
web:
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
cli:
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
quotajob:
perms:
'/gnuviechadmin':
- '^quotatool$'
- '^quotatool$'
- '^quotatool|amq.default$'
tags:
admin:
password: MmE3Iwylj8Sgy46Z
perms:
'/gnuviechadmin':
- '.*'
- '.*'
- '.*'
tags:
- administrator

7
pillar/gnuviechadmin/queues/cli.sls Normal file
View file

@ -0,0 +1,7 @@
gnuviechadmin:
queues:
users:
cli:
password: bUQ4QEB8yQEfsB0i
quotajob:
password: TaNoj2H3ZNDIz1rt

3
pillar/gnuviechadmin/queues/common.sls Normal file
View file

@ -0,0 +1,3 @@
gnuviechadmin:
queues:
vhost: /gnuviechadmin

5
pillar/gnuviechadmin/queues/gva.sls Normal file
View file

@ -0,0 +1,5 @@
gnuviechadmin:
queues:
users:
gva:
password: Y5KmkIou7o8J9jV5

5
pillar/gnuviechadmin/queues/gvafile.sls Normal file
View file

@ -0,0 +1,5 @@
gnuviechadmin:
queues:
users:
file:
password: StR6EgMjLyNGP1F8

5
pillar/gnuviechadmin/queues/gvaldap.sls Normal file
View file

@ -0,0 +1,5 @@
gnuviechadmin:
queues:
users:
ldap:
password: tl0ALc4aQBAl0W2e

5
pillar/gnuviechadmin/queues/gvamysql.sls Normal file
View file

@ -0,0 +1,5 @@
gnuviechadmin:
queues:
users:
mysql:
password: Bhruvz8Oe9rXxRc7

5
pillar/gnuviechadmin/queues/gvapgsql.sls Normal file
View file

@ -0,0 +1,5 @@
gnuviechadmin:
queues:
users:
pgsql:
password: rWOawAtb7MEmGZo3

5
pillar/gnuviechadmin/queues/gvaweb.sls Normal file
View file

@ -0,0 +1,5 @@
gnuviechadmin:
queues:
users:
web:
password: 1fBXqCu175rU7SWA

9
pillar/gnuviechadmin/webinterface.sls Normal file
View file

@ -0,0 +1,9 @@
include:
- gnuviechadmin.queues.common
- gnuviechadmin.queues.gva
gnuviechadmin:
component:
name: gva
amqp_user: gva
python_module: gnuviechadmin

5
pillar/top.sls
View file

@ -1,3 +1,8 @@
base:
'*':
- gnuviechadmin
{% for role in ('database', 'queues', 'webinterface', 'gvaldap', 'gvafile', 'gvamysql', 'gvapgsql', 'gvaweb') %}
'roles:gnuviechadmin.{{ role }}':
- match: grain
- gnuviechadmin.{{ role }}
{% endfor %}

25
roots/base/bash_functions Normal file
View file

@ -0,0 +1,25 @@
#!/bin/bash
function devenv
{
. $HOME/gvasettings.sh
. {{ venv }}/bin/activate
cd {{ appdir }}
}
function testenv
{
devenv
export DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE%%.local}.test
}
function settitle
{
if [ -n "$STY" ] ; then # We are in a screen session
echo "Setting screen titles to $@"
printf "\033k%s\033\\" "$@"
screen -X eval "at \\# title $@" "shelltitle $@"
else
printf "\033]0;%s\007" "$@"
fi
}

117
roots/base/bashrc Normal file
View file

@ -0,0 +1,117 @@
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
# If not running interactively, don't do anything
case $- in
*i*) ;;
*) return;;
esac
# don't put duplicate lines or lines starting with space in the history.
# See bash(1) for more options
HISTCONTROL=ignoreboth
# append to the history file, don't overwrite it
shopt -s histappend
# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
HISTSIZE=1000
HISTFILESIZE=2000
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize
# If set, the pattern "**" used in a pathname expansion context will
# match all files and zero or more directories and subdirectories.
#shopt -s globstar
# make less more friendly for non-text input files, see lesspipe(1)
#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi
# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color) color_prompt=yes;;
esac
# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes
if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi
if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt
# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac
# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'
#alias grep='grep --color=auto'
#alias fgrep='fgrep --color=auto'
#alias egrep='egrep --color=auto'
fi
# colored GCC warnings and errors
#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
# some more ls aliases
#alias ll='ls -l'
#alias la='ls -A'
#alias l='ls -CF'
# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi
if [ -f ~/.bash_functions ]; then
. ~/.bash_functions
fi

13
roots/base/init.sls
View file

@ -15,3 +15,16 @@ base-packages:
update-system:
pkg.uptodate:
- refresh: True
/home/vagrant/bin:
file.directory:
- user: vagrant
- group: vagrant
- mode: 0750
/home/vagrant/.bashrc:
file.managed:
- user: vagrant
- group: vagrant
- mode: 0644
- source: salt://base/bashrc

98
roots/gnuviechadmin/base.sls Normal file
View file

@ -0,0 +1,98 @@
{% from 'gnuviechadmin/vars.sls' import home, gva_component, gva_amqp_user, checkout, appdir, venv %}
gva.local:
host.present:
- ip: 172.16.3.2
- names:
- mq
- gva.local
gvaldap.local:
host.present:
- ip: 172.16.3.3
gvafile.local:
host.present:
- ip: 172.16.3.4
gvaweb.local:
host.present:
- ip: 172.16.3.5
gvamysql.local:
host.present:
- ip: 172.16.3.6
gvapgsql.local:
host.present:
- ip: 172.16.3.7
gnuviechadmin-packages:
pkg.installed:
- pkgs:
- libyaml-dev
- python-virtualenv
- python-dev
- python-pip
- gettext
{{ home }}/gvasettings.sh:
file.managed:
- user: vagrant
- group: vagrant
- mode: 0640
- source: salt://gnuviechadmin/{{ gva_component }}/settings.sh
- template: jinja
- context:
broker_url: {{ 'amqp://%s:%s@mq/%s' % (gva_amqp_user, salt['pillar.get']('gnuviechadmin:queues:users:%s:password' % gva_amqp_user), salt['pillar.get']('gnuviechadmin:queues:vhost')) }}
gnuviechadmin-venv:
cmd.run:
- name: virtualenv {{ venv }}
- user: vagrant
- group: vagrant
- unless: test -f {{ venv }}/bin/pip
gnuviechadmin-requires:
cmd.run:
- name: {{ venv }}/bin/pip install -U -r requirements/local.txt && touch {{ venv }}/lastinstall
- user: vagrant
- group: vagrant
- cwd: {{ checkout }}
- require:
- cmd: gnuviechadmin-venv
- pkg: gnuviechadmin-packages
- unless: test -e {{ venv }}/lastinstall && test {{ checkout }}/requirements/local.txt -ot {{ venv }}/lastinstall && test {{ checkout }}/requirements/base.txt -ot {{ venv }}/lastinstall
gnuviechadmin-dbschema:
cmd.wait:
- name: . {{ home }}/gvasettings.sh ; unset LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME ; {{ venv }}/bin/python manage.py migrate --noinput
- user: vagrant
- group: vagrant
- cwd: {{ appdir }}
- watch:
- cmd: gnuviechadmin-requires
- file: {{ home }}/gvasettings.sh
gnuviechadmin-locale-data-compile:
cmd.wait:
- name: . {{ home }}/gvasettings.sh ; {{ venv }}/bin/python {{ appdir }}/manage.py compilemessages
- user: vagrant
- group: vagrant
- cwd: {{ appdir }}
- require:
- pkg: gnuviechadmin-packages
- file: {{ home }}/gvasettings.sh
- cmd: gnuviechadmin-venv
/home/vagrant/.bash_functions:
file.managed:
- user: vagrant
- group: vagrant
- mode: 0644
- source: salt://base/bash_functions
- template: jinja
- context:
home: {{ home }}
venv: {{ venv }}
appdir: {{ appdir }}

25
roots/gnuviechadmin/bash_functions Normal file
View file

@ -0,0 +1,25 @@
#!/bin/bash
function devenv
{
. $HOME/gvasettings.sh
. $HOME/gva-venv/bin/activate
cd /vagrant/gnuviechadmin
}
function testenv
{
devenv
export DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE%%.local}.test
}
function settitle
{
if [ -n "$STY" ] ; then # We are in a screen session
echo "Setting screen titles to $@"
printf "\033k%s\033\\" "$@"
screen -X eval "at \\# title $@" "shelltitle $@"
else
printf "\033]0;%s\007" "$@"
fi
}

13
roots/gnuviechadmin/celery.sls Normal file
View file

@ -0,0 +1,13 @@
{% from 'gnuviechadmin/vars.sls' import home, gva_component, venv, appdir %}
{{ home }}/bin/run_celery.sh:
file.managed:
- user: vagrant
- group: vagrant
- mode: 0750
- source: salt://gnuviechadmin/{{ gva_component }}/run_celery.sh
- template: jinja
- context:
home: {{ home }}
virtualenv: {{ venv }}
appdir: {{ appdir }}

16
roots/gnuviechadmin/database.sls
View file

@ -3,9 +3,9 @@ include:
gnuviechadmin-database:
postgres_user.present:
- name: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}
- name: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
- user: postgres
- password: {{ salt['pillar.get']('gnuviechadmin-database:owner:password') }}
- password: {{ salt['pillar.get']('gnuviechadmin:database:owner:password') }}
- login: True
- createdb: {% if salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') == 'local' %}True
{%- else %}False
@ -13,20 +13,20 @@ gnuviechadmin-database:
- require:
- service: postgresql
postgres_database.present:
- name: {{ salt['pillar.get']('gnuviechadmin-database:database') }}
- name: {{ salt['pillar.get']('gnuviechadmin:database:name') }}
- user: postgres
- owner: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}
- owner: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
- encoding: UTF8
- template: template0
- require:
- service: postgresql
- postgres_user: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}
- postgres_user: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}
{% for gnuviechadmin_db_role in salt['pillar.get']('gnuviechadmin-database:users') %}
{% for gnuviechadmin_db_role in salt['pillar.get']('gnuviechadmin:database:users') %}
gnuviechadmin-dbuser-{{ gnuviechadmin_db_role }}:
postgres_user.present:
- name: {{ salt['pillar.get']('gnuviechadmin-database:users:' + gnuviechadmin_db_role + ':user') }}
- password: {{ salt['pillar.get']('gnuviechadmin-database:users:' + gnuviechadmin_db_role + ':password') }}
- name: {{ salt['pillar.get']('gnuviechadmin:database:users:%s:user' % gnuviechadmin_db_role) }}
- password: {{ salt['pillar.get']('gnuviechadmin:database:users:%s:password' % gnuviechadmin_db_role) }}
- login: True
- require:
- service: postgresql

0
roots/gnuviechadmin/gnuviechadmin.nginx → roots/gnuviechadmin/gva/gnuviechadmin.nginx
View file

10
roots/gnuviechadmin/gvasettings.sh → roots/gnuviechadmin/gva/settings.sh
View file

@ -3,11 +3,11 @@
export DJANGO_SETTINGS_MODULE="gnuviechadmin.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}"
export GVA_ADMIN_NAME="Jan Dittberner"
export GVA_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin:adminemail') }}"
export GVA_PGSQL_DATABASE="{{ salt['pillar.get']('gnuviechadmin-database:database') }}"
export GVA_PGSQL_USER="{{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}"
export GVA_PGSQL_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-database:owner:password') }}"
export GVA_PGSQL_HOSTNAME="{{ salt['pillar.get']('gnuviechadmin-database:hostname') }}"
export GVA_PGSQL_PORT={{ salt['pillar.get']('gnuviechadmin-database:port') }}
export GVA_PGSQL_DATABASE="{{ salt['pillar.get']('gnuviechadmin:database:name') }}"
export GVA_PGSQL_USER="{{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}"
export GVA_PGSQL_PASSWORD="{{ salt['pillar.get']('gnuviechadmin:database:owner:password') }}"
export GVA_PGSQL_HOSTNAME="{{ salt['pillar.get']('gnuviechadmin:database:host') }}"
export GVA_PGSQL_PORT={{ salt['pillar.get']('gnuviechadmin:database:port') }}
export GVA_DOMAIN_NAME="{{ salt['pillar.get']('gnuviechadmin:domainname') }}"
export GVA_SITE_NAME="{{ salt['pillar.get']('gnuviechadmin:sitename') }}"
export GVA_SITE_SECRET="{{ salt['grains.get_or_set_hash']('gnuviechadmin:SECRET_KEY', 50) }}"

11
roots/gnuviechadmin/gvaldap.sls Normal file
View file

@ -0,0 +1,11 @@
include:
- gnuviechadmin.base
- gnuviechadmin.celery
gvaldap-packages:
pkg.installed:
- pkgs:
- libldap2-dev
- libsasl2-dev
- require_in:
- pkg: gnuviechadmin-packages

7
roots/gnuviechadmin/gvaldap/run_celery.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/sh
set -ex
. {{ home }}/gvasettings.sh
cd {{ appdir }}
{{ virtualenv }}/bin/celery worker -A gvaldap -Q ldap --loglevel=INFO

14
roots/gnuviechadmin/gvaldap/settings.sh Normal file
View file

@ -0,0 +1,14 @@
#!/bin/sh
export DJANGO_SETTINGS_MODULE="gvaldap.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}"
export GVALDAP_ADMIN_NAME="Jan Dittberner"
export GVALDAP_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:admin_email') }}"
export GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_url') }}"
export GVALDAP_LDAP_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_user') }}"
export GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_password' ) }}"
export GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_group') }}"
export GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_user') }}"
export GVALDAP_SECRETKEY="{{ salt['grains.get_or_set_hash']('gnuviechadmin-gvaldap:SECRET_KEY', 50) }}"
export GVALDAP_BROKER_URL="{{ broker_url }}"
export GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin-gvaldap:allowed_hosts') }}"
export GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:server_email') }}"

35
roots/gnuviechadmin/queues.sls
View file

@ -1,37 +1,30 @@
include:
- rabbitmq-server
gnuviechadmin-queues:
rabbitmq_user.present:
- name: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}
- password: {{ salt['pillar.get']('gnuviechadmin-queues:owner:password') }}
- tags:
- administrator
- perms:
- {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}:
- '.*'
- '.*'
- '.*'
gnuviechadmin-queue-vhost:
rabbitmq_vhost.present:
- name: {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
- owner: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}
- require:
- rabbitmq_user: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}
- name: {{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
{% for user in salt['pillar.get']('gnuviechadmin-queues:users') %}
{% for user in salt['pillar.get']('gnuviechadmin:queues:users') %}
gnuviechadmin-queue-user-{{ user }}:
rabbitmq_user.present:
- name: {{ user }}
- password: {{ salt['pillar.get']('gnuviechadmin-queues:users:%s:password' % user) }}
{% if salt['pillar.get']('gnuviechadmin-queues:users:%s:perms' % user) %}
- password: {{ salt['pillar.get']('gnuviechadmin:queues:users:%s:password' % user) }}
{% if salt['pillar.get']('gnuviechadmin:queues:users:%s:perms' % user) %}
- perms:
{% for vhost, perms in salt['pillar.get']('gnuviechadmin-queues:users:%s:perms' % user).iteritems() %}
{% for vhost, perms in salt['pillar.get']('gnuviechadmin:queues:users:%s:perms' % user).iteritems() %}
- {{ vhost }}:
- {{ perms[0] }}
- {{ perms[1] }}
- {{ perms[2] }}
{% endfor %}
{% endif %}
- require:
- rabbitmq_vhost: {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
{% if salt['pillar.get']('gnuviechadmin:queues:users:%s:tags' % user) %}
- tags:
{% for tag in salt['pillar.get']('gnuviechadmin:queues:users:%s:tags' % user) %}
- {{ tag }}
{% endfor %}
{% endif %}
- require:
- rabbitmq_vhost: {{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
{% endfor %}

7
roots/gnuviechadmin/vars.sls Normal file
View file

@ -0,0 +1,7 @@
{% set home = '/home/vagrant' %}
{% set venv = home + '/gva-venv' %}
{% set checkout = '/vagrant' %}
{% set gva_component = salt['pillar.get']('gnuviechadmin:component:name') %}
{% set gva_amqp_user = salt['pillar.get']('gnuviechadmin:component:amqp_user') %}
{% set python_module = salt['pillar.get']('gnuviechadmin:component:python_module', gva_component) %}
{% set appdir = checkout + '/' + python_module %}

83
roots/gnuviechadmin/webinterface.sls
View file

@ -1,92 +1,27 @@
include:
- gnuviechadmin.base
- webserver
mq:
host.present:
- ip: 127.0.0.1
gnuviechadmin-packages:
libpq-dev:
pkg.installed:
- names:
- libpq-dev
- libyaml-dev
- python-virtualenv
- python-dev
- python-pip
- gettext
- require_in:
- pkg: gnuviechadmin-packages
python-m2crypto:
pkg.installed:
- reload_modules: true
{% import "webserver/sslcert.macros.sls" as sslcert %}
{% set venv = salt['pillar.get']('gnuviechadmin:virtualenv') %}
{% set checkout = '/vagrant' %}
{% set home = '/home/vagrant' %}
{% set appdir = checkout + '/gnuviechadmin' %}
{% set domainname = salt['pillar.get']('gnuviechadmin:domainname') %}
{{ sslcert.key_cert(domainname) }}
{{ venv }}:
file.directory:
- user: vagrant
- group: vagrant
- require:
- cmd: gnuviechadmin-venv
{{ home }}/gvasettings.sh:
file.managed:
- user: vagrant
- group: vagrant
- mode: 0640
- source: salt://gnuviechadmin/gvasettings.sh
- template: jinja
- context:
broker_url: amqp://{{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}:{{ salt['pillar.get']('gnuviechadmin-queues:owner:password') }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
gnuviechadmin-venv:
cmd.run:
- name: virtualenv {{ venv }}
- user: vagrant
- group: vagrant
- unless: test -f {{ venv }}/bin/pip
gnuviechadmin-requires:
cmd.run:
- name: {{ venv }}/bin/pip install -U -r requirements/local.txt && touch {{ venv }}/lastinstall
- user: vagrant
- group: vagrant
- cwd: {{ checkout }}
- require:
- file: {{ venv }}
- pkg: python-dev
- pkg: libpq-dev
- unless: test -e {{ venv }}/lastinstall && test {{ checkout }}/requirements/local.txt -ot {{ venv }}/lastinstall && test {{ checkout }}/requirements/base.txt -ot {{ venv }}/lastinstall
gnuviechadmin-dbschema:
cmd.wait:
- name: . {{ home }}/gvasettings.sh ; unset LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME ; {{ venv }}/bin/python manage.py migrate --noinput
- user: vagrant
- group: vagrant
- cwd: {{ appdir }}
- watch:
- cmd: gnuviechadmin-requires
- file: {{ home }}/gvasettings.sh
gnuviechadmin-locale-data-compile:
cmd.wait:
- name: . {{ home }}/gvasettings.sh ; find {{ appdir }} -type d -name 'locale' | while read dir; do cd $(dirname "$dir") ; {{ venv }}/bin/python {{ appdir }}/manage.py compilemessages ; done
- user: vagrant
- group: vagrant
- cwd: {{ appdir }}
- require:
- pkg: gettext
- file: {{ home }}/gvasettings.sh
- file: {{ venv }}
/etc/nginx/sites-available/{{ domainname }}:
file.managed:
- user: root
- group: root
- mode: 0640
- source: salt://gnuviechadmin/gnuviechadmin.nginx
- source: salt://gnuviechadmin/gva/gnuviechadmin.nginx
- template: jinja
- context:
domainname: {{ domainname }}

2
roots/base/nginx.sls → roots/nginx/init.sls
View file

@ -11,7 +11,7 @@ nginx-common:
/etc/nginx/nginx.conf:
file.managed:
- source: salt://base/nginx.conf
- source: salt://nginx/nginx.conf
- user: root
- group: root
- mode: 0644

0
roots/base/nginx.conf → roots/nginx/nginx.conf
View file

2
roots/webserver/init.sls
View file

@ -1,5 +1,5 @@
include:
- base.nginx
- nginx
/etc/nginx/conf.d/logformat.conf:
file.managed:

1
roots/webserver/sslcert.macros.sls
View file

@ -23,6 +23,7 @@
- require:
- file: {{ nginx_ssl_certdir }}
- cmd: {{ certfile }}
- pkg: python-m2crypto
- require_in:
- file: /etc/nginx/sites-available/{{ domain_name }}
- service: nginx