From 8396a0788d5588d9ff641fa97011f37e5d4008dd Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Fri, 29 Jan 2016 18:34:40 +0100 Subject: [PATCH] Improve salt setup This commit improves the salt setup of the Vagrant box: - Salt output is reduced to log level warning - Hosts entries are created for the internal IPs of all planned gva component VMs - .bashrc and a .bash_functions sourced from it are now managed for the vagrant user - the VM name has been changed to gva.local - recent salt versions do not depend on m2crypto anymore, therefore it is now installed before x509certificate functions are called - the rabbitmq_vhost for gva is now setup before any users are created because the previous implementation was broken with recent salt versions - the gnuviechadmin-locale-data-compile step has been simplified because Django 1.9's compilemessages takes care of recursive .mo file compilation - pillar data has been separated by role (especially queue permissions and credentials) - salt configuration is now unified with gvaldap --- bootstrap.sh | 1 + pillar/gnuviechadmin/database.sls | 9 +- pillar/gnuviechadmin/database/common.sls | 9 +- pillar/gnuviechadmin/gvaldap.sls | 8 + pillar/gnuviechadmin/init.sls | 7 +- pillar/gnuviechadmin/queues.sls | 139 ++++++++++-------- pillar/gnuviechadmin/queues/cli.sls | 7 + pillar/gnuviechadmin/queues/common.sls | 3 + pillar/gnuviechadmin/queues/gva.sls | 5 + pillar/gnuviechadmin/queues/gvafile.sls | 5 + pillar/gnuviechadmin/queues/gvaldap.sls | 5 + pillar/gnuviechadmin/queues/gvamysql.sls | 5 + pillar/gnuviechadmin/queues/gvapgsql.sls | 5 + pillar/gnuviechadmin/queues/gvaweb.sls | 5 + pillar/gnuviechadmin/webinterface.sls | 9 ++ pillar/top.sls | 5 + roots/base/bash_functions | 25 ++++ roots/base/bashrc | 117 +++++++++++++++ roots/base/init.sls | 13 ++ roots/gnuviechadmin/base.sls | 98 ++++++++++++ roots/gnuviechadmin/bash_functions | 25 ++++ roots/gnuviechadmin/celery.sls | 13 ++ roots/gnuviechadmin/database.sls | 16 +- .../{ => gva}/gnuviechadmin.nginx | 0 .../{gvasettings.sh => gva/settings.sh} | 10 +- roots/gnuviechadmin/gvaldap.sls | 11 ++ roots/gnuviechadmin/gvaldap/run_celery.sh | 7 + roots/gnuviechadmin/gvaldap/settings.sh | 14 ++ roots/gnuviechadmin/queues.sls | 35 ++--- roots/gnuviechadmin/vars.sls | 7 + roots/gnuviechadmin/webinterface.sls | 83 ++--------- roots/{base/nginx.sls => nginx/init.sls} | 2 +- roots/{base => nginx}/nginx.conf | 0 roots/webserver/init.sls | 2 +- roots/webserver/sslcert.macros.sls | 1 + 35 files changed, 520 insertions(+), 186 deletions(-) create mode 100644 pillar/gnuviechadmin/gvaldap.sls create mode 100644 pillar/gnuviechadmin/queues/cli.sls create mode 100644 pillar/gnuviechadmin/queues/common.sls create mode 100644 pillar/gnuviechadmin/queues/gva.sls create mode 100644 pillar/gnuviechadmin/queues/gvafile.sls create mode 100644 pillar/gnuviechadmin/queues/gvaldap.sls create mode 100644 pillar/gnuviechadmin/queues/gvamysql.sls create mode 100644 pillar/gnuviechadmin/queues/gvapgsql.sls create mode 100644 pillar/gnuviechadmin/queues/gvaweb.sls create mode 100644 pillar/gnuviechadmin/webinterface.sls create mode 100644 roots/base/bash_functions create mode 100644 roots/base/bashrc create mode 100644 roots/gnuviechadmin/base.sls create mode 100644 roots/gnuviechadmin/bash_functions create mode 100644 roots/gnuviechadmin/celery.sls rename roots/gnuviechadmin/{ => gva}/gnuviechadmin.nginx (100%) rename roots/gnuviechadmin/{gvasettings.sh => gva/settings.sh} (79%) create mode 100644 roots/gnuviechadmin/gvaldap.sls create mode 100644 roots/gnuviechadmin/gvaldap/run_celery.sh create mode 100644 roots/gnuviechadmin/gvaldap/settings.sh create mode 100644 roots/gnuviechadmin/vars.sls rename roots/{base/nginx.sls => nginx/init.sls} (95%) rename roots/{base => nginx}/nginx.conf (100%) diff --git a/bootstrap.sh b/bootstrap.sh index 4e85da5..a9921e8 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -27,6 +27,7 @@ EOF cat >/etc/salt/grains <&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + #alias grep='grep --color=auto' + #alias fgrep='fgrep --color=auto' + #alias egrep='egrep --color=auto' +fi + +# colored GCC warnings and errors +#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' + +# some more ls aliases +#alias ll='ls -l' +#alias la='ls -A' +#alias l='ls -CF' + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi + +if [ -f ~/.bash_functions ]; then + . ~/.bash_functions +fi diff --git a/roots/base/init.sls b/roots/base/init.sls index f8edda5..3b896aa 100644 --- a/roots/base/init.sls +++ b/roots/base/init.sls @@ -15,3 +15,16 @@ base-packages: update-system: pkg.uptodate: - refresh: True + +/home/vagrant/bin: + file.directory: + - user: vagrant + - group: vagrant + - mode: 0750 + +/home/vagrant/.bashrc: + file.managed: + - user: vagrant + - group: vagrant + - mode: 0644 + - source: salt://base/bashrc diff --git a/roots/gnuviechadmin/base.sls b/roots/gnuviechadmin/base.sls new file mode 100644 index 0000000..b0e8ccb --- /dev/null +++ b/roots/gnuviechadmin/base.sls @@ -0,0 +1,98 @@ +{% from 'gnuviechadmin/vars.sls' import home, gva_component, gva_amqp_user, checkout, appdir, venv %} + +gva.local: + host.present: + - ip: 172.16.3.2 + - names: + - mq + - gva.local + +gvaldap.local: + host.present: + - ip: 172.16.3.3 + +gvafile.local: + host.present: + - ip: 172.16.3.4 + +gvaweb.local: + host.present: + - ip: 172.16.3.5 + +gvamysql.local: + host.present: + - ip: 172.16.3.6 + +gvapgsql.local: + host.present: + - ip: 172.16.3.7 + +gnuviechadmin-packages: + pkg.installed: + - pkgs: + - libyaml-dev + - python-virtualenv + - python-dev + - python-pip + - gettext + +{{ home }}/gvasettings.sh: + file.managed: + - user: vagrant + - group: vagrant + - mode: 0640 + - source: salt://gnuviechadmin/{{ gva_component }}/settings.sh + - template: jinja + - context: + broker_url: {{ 'amqp://%s:%s@mq/%s' % (gva_amqp_user, salt['pillar.get']('gnuviechadmin:queues:users:%s:password' % gva_amqp_user), salt['pillar.get']('gnuviechadmin:queues:vhost')) }} + +gnuviechadmin-venv: + cmd.run: + - name: virtualenv {{ venv }} + - user: vagrant + - group: vagrant + - unless: test -f {{ venv }}/bin/pip + +gnuviechadmin-requires: + cmd.run: + - name: {{ venv }}/bin/pip install -U -r requirements/local.txt && touch {{ venv }}/lastinstall + - user: vagrant + - group: vagrant + - cwd: {{ checkout }} + - require: + - cmd: gnuviechadmin-venv + - pkg: gnuviechadmin-packages + - unless: test -e {{ venv }}/lastinstall && test {{ checkout }}/requirements/local.txt -ot {{ venv }}/lastinstall && test {{ checkout }}/requirements/base.txt -ot {{ venv }}/lastinstall + +gnuviechadmin-dbschema: + cmd.wait: + - name: . {{ home }}/gvasettings.sh ; unset LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME ; {{ venv }}/bin/python manage.py migrate --noinput + - user: vagrant + - group: vagrant + - cwd: {{ appdir }} + - watch: + - cmd: gnuviechadmin-requires + - file: {{ home }}/gvasettings.sh + +gnuviechadmin-locale-data-compile: + cmd.wait: + - name: . {{ home }}/gvasettings.sh ; {{ venv }}/bin/python {{ appdir }}/manage.py compilemessages + - user: vagrant + - group: vagrant + - cwd: {{ appdir }} + - require: + - pkg: gnuviechadmin-packages + - file: {{ home }}/gvasettings.sh + - cmd: gnuviechadmin-venv + +/home/vagrant/.bash_functions: + file.managed: + - user: vagrant + - group: vagrant + - mode: 0644 + - source: salt://base/bash_functions + - template: jinja + - context: + home: {{ home }} + venv: {{ venv }} + appdir: {{ appdir }} diff --git a/roots/gnuviechadmin/bash_functions b/roots/gnuviechadmin/bash_functions new file mode 100644 index 0000000..2c7fd41 --- /dev/null +++ b/roots/gnuviechadmin/bash_functions @@ -0,0 +1,25 @@ +#!/bin/bash + +function devenv +{ + . $HOME/gvasettings.sh + . $HOME/gva-venv/bin/activate + cd /vagrant/gnuviechadmin +} + +function testenv +{ + devenv + export DJANGO_SETTINGS_MODULE=${DJANGO_SETTINGS_MODULE%%.local}.test +} + +function settitle +{ + if [ -n "$STY" ] ; then # We are in a screen session + echo "Setting screen titles to $@" + printf "\033k%s\033\\" "$@" + screen -X eval "at \\# title $@" "shelltitle $@" + else + printf "\033]0;%s\007" "$@" + fi +} diff --git a/roots/gnuviechadmin/celery.sls b/roots/gnuviechadmin/celery.sls new file mode 100644 index 0000000..b27b504 --- /dev/null +++ b/roots/gnuviechadmin/celery.sls @@ -0,0 +1,13 @@ +{% from 'gnuviechadmin/vars.sls' import home, gva_component, venv, appdir %} + +{{ home }}/bin/run_celery.sh: + file.managed: + - user: vagrant + - group: vagrant + - mode: 0750 + - source: salt://gnuviechadmin/{{ gva_component }}/run_celery.sh + - template: jinja + - context: + home: {{ home }} + virtualenv: {{ venv }} + appdir: {{ appdir }} diff --git a/roots/gnuviechadmin/database.sls b/roots/gnuviechadmin/database.sls index 5e9c963..ab57c2a 100644 --- a/roots/gnuviechadmin/database.sls +++ b/roots/gnuviechadmin/database.sls @@ -3,9 +3,9 @@ include: gnuviechadmin-database: postgres_user.present: - - name: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }} + - name: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }} - user: postgres - - password: {{ salt['pillar.get']('gnuviechadmin-database:owner:password') }} + - password: {{ salt['pillar.get']('gnuviechadmin:database:owner:password') }} - login: True - createdb: {% if salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') == 'local' %}True {%- else %}False @@ -13,20 +13,20 @@ gnuviechadmin-database: - require: - service: postgresql postgres_database.present: - - name: {{ salt['pillar.get']('gnuviechadmin-database:database') }} + - name: {{ salt['pillar.get']('gnuviechadmin:database:name') }} - user: postgres - - owner: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }} + - owner: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }} - encoding: UTF8 - template: template0 - require: - service: postgresql - - postgres_user: {{ salt['pillar.get']('gnuviechadmin-database:owner:user') }} + - postgres_user: {{ salt['pillar.get']('gnuviechadmin:database:owner:user') }} -{% for gnuviechadmin_db_role in salt['pillar.get']('gnuviechadmin-database:users') %} +{% for gnuviechadmin_db_role in salt['pillar.get']('gnuviechadmin:database:users') %} gnuviechadmin-dbuser-{{ gnuviechadmin_db_role }}: postgres_user.present: - - name: {{ salt['pillar.get']('gnuviechadmin-database:users:' + gnuviechadmin_db_role + ':user') }} - - password: {{ salt['pillar.get']('gnuviechadmin-database:users:' + gnuviechadmin_db_role + ':password') }} + - name: {{ salt['pillar.get']('gnuviechadmin:database:users:%s:user' % gnuviechadmin_db_role) }} + - password: {{ salt['pillar.get']('gnuviechadmin:database:users:%s:password' % gnuviechadmin_db_role) }} - login: True - require: - service: postgresql diff --git a/roots/gnuviechadmin/gnuviechadmin.nginx b/roots/gnuviechadmin/gva/gnuviechadmin.nginx similarity index 100% rename from roots/gnuviechadmin/gnuviechadmin.nginx rename to roots/gnuviechadmin/gva/gnuviechadmin.nginx diff --git a/roots/gnuviechadmin/gvasettings.sh b/roots/gnuviechadmin/gva/settings.sh similarity index 79% rename from roots/gnuviechadmin/gvasettings.sh rename to roots/gnuviechadmin/gva/settings.sh index 94b5aab..60bbb98 100644 --- a/roots/gnuviechadmin/gvasettings.sh +++ b/roots/gnuviechadmin/gva/settings.sh @@ -3,11 +3,11 @@ export DJANGO_SETTINGS_MODULE="gnuviechadmin.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}" export GVA_ADMIN_NAME="Jan Dittberner" export GVA_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin:adminemail') }}" -export GVA_PGSQL_DATABASE="{{ salt['pillar.get']('gnuviechadmin-database:database') }}" -export GVA_PGSQL_USER="{{ salt['pillar.get']('gnuviechadmin-database:owner:user') }}" -export GVA_PGSQL_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-database:owner:password') }}" -export GVA_PGSQL_HOSTNAME="{{ salt['pillar.get']('gnuviechadmin-database:hostname') }}" -export GVA_PGSQL_PORT={{ salt['pillar.get']('gnuviechadmin-database:port') }} +export GVA_PGSQL_DATABASE="{{ salt['pillar.get']('gnuviechadmin:database:name') }}" +export GVA_PGSQL_USER="{{ salt['pillar.get']('gnuviechadmin:database:owner:user') }}" +export GVA_PGSQL_PASSWORD="{{ salt['pillar.get']('gnuviechadmin:database:owner:password') }}" +export GVA_PGSQL_HOSTNAME="{{ salt['pillar.get']('gnuviechadmin:database:host') }}" +export GVA_PGSQL_PORT={{ salt['pillar.get']('gnuviechadmin:database:port') }} export GVA_DOMAIN_NAME="{{ salt['pillar.get']('gnuviechadmin:domainname') }}" export GVA_SITE_NAME="{{ salt['pillar.get']('gnuviechadmin:sitename') }}" export GVA_SITE_SECRET="{{ salt['grains.get_or_set_hash']('gnuviechadmin:SECRET_KEY', 50) }}" diff --git a/roots/gnuviechadmin/gvaldap.sls b/roots/gnuviechadmin/gvaldap.sls new file mode 100644 index 0000000..f600b9f --- /dev/null +++ b/roots/gnuviechadmin/gvaldap.sls @@ -0,0 +1,11 @@ +include: + - gnuviechadmin.base + - gnuviechadmin.celery + +gvaldap-packages: + pkg.installed: + - pkgs: + - libldap2-dev + - libsasl2-dev + - require_in: + - pkg: gnuviechadmin-packages diff --git a/roots/gnuviechadmin/gvaldap/run_celery.sh b/roots/gnuviechadmin/gvaldap/run_celery.sh new file mode 100644 index 0000000..eac31c8 --- /dev/null +++ b/roots/gnuviechadmin/gvaldap/run_celery.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +set -ex + +. {{ home }}/gvasettings.sh +cd {{ appdir }} +{{ virtualenv }}/bin/celery worker -A gvaldap -Q ldap --loglevel=INFO diff --git a/roots/gnuviechadmin/gvaldap/settings.sh b/roots/gnuviechadmin/gvaldap/settings.sh new file mode 100644 index 0000000..e99308c --- /dev/null +++ b/roots/gnuviechadmin/gvaldap/settings.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +export DJANGO_SETTINGS_MODULE="gvaldap.settings.{{ salt['pillar.get']('gnuviechadmin:deploymenttype', 'production') }}" +export GVALDAP_ADMIN_NAME="Jan Dittberner" +export GVALDAP_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:admin_email') }}" +export GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_url') }}" +export GVALDAP_LDAP_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_user') }}" +export GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_password' ) }}" +export GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_group') }}" +export GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_user') }}" +export GVALDAP_SECRETKEY="{{ salt['grains.get_or_set_hash']('gnuviechadmin-gvaldap:SECRET_KEY', 50) }}" +export GVALDAP_BROKER_URL="{{ broker_url }}" +export GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin-gvaldap:allowed_hosts') }}" +export GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:server_email') }}" diff --git a/roots/gnuviechadmin/queues.sls b/roots/gnuviechadmin/queues.sls index e529dda..5462fb7 100644 --- a/roots/gnuviechadmin/queues.sls +++ b/roots/gnuviechadmin/queues.sls @@ -1,37 +1,30 @@ include: - rabbitmq-server -gnuviechadmin-queues: - rabbitmq_user.present: - - name: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }} - - password: {{ salt['pillar.get']('gnuviechadmin-queues:owner:password') }} - - tags: - - administrator - - perms: - - {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}: - - '.*' - - '.*' - - '.*' +gnuviechadmin-queue-vhost: rabbitmq_vhost.present: - - name: {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }} - - owner: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }} - - require: - - rabbitmq_user: {{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }} + - name: {{ salt['pillar.get']('gnuviechadmin:queues:vhost') }} -{% for user in salt['pillar.get']('gnuviechadmin-queues:users') %} +{% for user in salt['pillar.get']('gnuviechadmin:queues:users') %} gnuviechadmin-queue-user-{{ user }}: rabbitmq_user.present: - name: {{ user }} - - password: {{ salt['pillar.get']('gnuviechadmin-queues:users:%s:password' % user) }} -{% if salt['pillar.get']('gnuviechadmin-queues:users:%s:perms' % user) %} + - password: {{ salt['pillar.get']('gnuviechadmin:queues:users:%s:password' % user) }} +{% if salt['pillar.get']('gnuviechadmin:queues:users:%s:perms' % user) %} - perms: -{% for vhost, perms in salt['pillar.get']('gnuviechadmin-queues:users:%s:perms' % user).iteritems() %} +{% for vhost, perms in salt['pillar.get']('gnuviechadmin:queues:users:%s:perms' % user).iteritems() %} - {{ vhost }}: - {{ perms[0] }} - {{ perms[1] }} - {{ perms[2] }} {% endfor %} {% endif %} - - require: - - rabbitmq_vhost: {{ salt['pillar.get']('gnuviechadmin-queues:vhost') }} +{% if salt['pillar.get']('gnuviechadmin:queues:users:%s:tags' % user) %} + - tags: +{% for tag in salt['pillar.get']('gnuviechadmin:queues:users:%s:tags' % user) %} + - {{ tag }} +{% endfor %} +{% endif %} + - require: + - rabbitmq_vhost: {{ salt['pillar.get']('gnuviechadmin:queues:vhost') }} {% endfor %} diff --git a/roots/gnuviechadmin/vars.sls b/roots/gnuviechadmin/vars.sls new file mode 100644 index 0000000..6ad1aa2 --- /dev/null +++ b/roots/gnuviechadmin/vars.sls @@ -0,0 +1,7 @@ +{% set home = '/home/vagrant' %} +{% set venv = home + '/gva-venv' %} +{% set checkout = '/vagrant' %} +{% set gva_component = salt['pillar.get']('gnuviechadmin:component:name') %} +{% set gva_amqp_user = salt['pillar.get']('gnuviechadmin:component:amqp_user') %} +{% set python_module = salt['pillar.get']('gnuviechadmin:component:python_module', gva_component) %} +{% set appdir = checkout + '/' + python_module %} diff --git a/roots/gnuviechadmin/webinterface.sls b/roots/gnuviechadmin/webinterface.sls index 0c2d5be..f94c060 100644 --- a/roots/gnuviechadmin/webinterface.sls +++ b/roots/gnuviechadmin/webinterface.sls @@ -1,92 +1,27 @@ include: + - gnuviechadmin.base - webserver -mq: - host.present: - - ip: 127.0.0.1 - -gnuviechadmin-packages: +libpq-dev: pkg.installed: - - names: - - libpq-dev - - libyaml-dev - - python-virtualenv - - python-dev - - python-pip - - gettext + - require_in: + - pkg: gnuviechadmin-packages + +python-m2crypto: + pkg.installed: + - reload_modules: true {% import "webserver/sslcert.macros.sls" as sslcert %} -{% set venv = salt['pillar.get']('gnuviechadmin:virtualenv') %} -{% set checkout = '/vagrant' %} -{% set home = '/home/vagrant' %} -{% set appdir = checkout + '/gnuviechadmin' %} {% set domainname = salt['pillar.get']('gnuviechadmin:domainname') %} {{ sslcert.key_cert(domainname) }} -{{ venv }}: - file.directory: - - user: vagrant - - group: vagrant - - require: - - cmd: gnuviechadmin-venv - -{{ home }}/gvasettings.sh: - file.managed: - - user: vagrant - - group: vagrant - - mode: 0640 - - source: salt://gnuviechadmin/gvasettings.sh - - template: jinja - - context: - broker_url: amqp://{{ salt['pillar.get']('gnuviechadmin-queues:owner:user') }}:{{ salt['pillar.get']('gnuviechadmin-queues:owner:password') }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }} - -gnuviechadmin-venv: - cmd.run: - - name: virtualenv {{ venv }} - - user: vagrant - - group: vagrant - - unless: test -f {{ venv }}/bin/pip - -gnuviechadmin-requires: - cmd.run: - - name: {{ venv }}/bin/pip install -U -r requirements/local.txt && touch {{ venv }}/lastinstall - - user: vagrant - - group: vagrant - - cwd: {{ checkout }} - - require: - - file: {{ venv }} - - pkg: python-dev - - pkg: libpq-dev - - unless: test -e {{ venv }}/lastinstall && test {{ checkout }}/requirements/local.txt -ot {{ venv }}/lastinstall && test {{ checkout }}/requirements/base.txt -ot {{ venv }}/lastinstall - -gnuviechadmin-dbschema: - cmd.wait: - - name: . {{ home }}/gvasettings.sh ; unset LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME ; {{ venv }}/bin/python manage.py migrate --noinput - - user: vagrant - - group: vagrant - - cwd: {{ appdir }} - - watch: - - cmd: gnuviechadmin-requires - - file: {{ home }}/gvasettings.sh - -gnuviechadmin-locale-data-compile: - cmd.wait: - - name: . {{ home }}/gvasettings.sh ; find {{ appdir }} -type d -name 'locale' | while read dir; do cd $(dirname "$dir") ; {{ venv }}/bin/python {{ appdir }}/manage.py compilemessages ; done - - user: vagrant - - group: vagrant - - cwd: {{ appdir }} - - require: - - pkg: gettext - - file: {{ home }}/gvasettings.sh - - file: {{ venv }} - /etc/nginx/sites-available/{{ domainname }}: file.managed: - user: root - group: root - mode: 0640 - - source: salt://gnuviechadmin/gnuviechadmin.nginx + - source: salt://gnuviechadmin/gva/gnuviechadmin.nginx - template: jinja - context: domainname: {{ domainname }} diff --git a/roots/base/nginx.sls b/roots/nginx/init.sls similarity index 95% rename from roots/base/nginx.sls rename to roots/nginx/init.sls index 21afb3a..cd47736 100644 --- a/roots/base/nginx.sls +++ b/roots/nginx/init.sls @@ -11,7 +11,7 @@ nginx-common: /etc/nginx/nginx.conf: file.managed: - - source: salt://base/nginx.conf + - source: salt://nginx/nginx.conf - user: root - group: root - mode: 0644 diff --git a/roots/base/nginx.conf b/roots/nginx/nginx.conf similarity index 100% rename from roots/base/nginx.conf rename to roots/nginx/nginx.conf diff --git a/roots/webserver/init.sls b/roots/webserver/init.sls index 0fc0155..59fad3b 100644 --- a/roots/webserver/init.sls +++ b/roots/webserver/init.sls @@ -1,5 +1,5 @@ include: - - base.nginx + - nginx /etc/nginx/conf.d/logformat.conf: file.managed: diff --git a/roots/webserver/sslcert.macros.sls b/roots/webserver/sslcert.macros.sls index 528e65d..e3bf201 100644 --- a/roots/webserver/sslcert.macros.sls +++ b/roots/webserver/sslcert.macros.sls @@ -23,6 +23,7 @@ - require: - file: {{ nginx_ssl_certdir }} - cmd: {{ certfile }} + - pkg: python-m2crypto - require_in: - file: /etc/nginx/sites-available/{{ domain_name }} - service: nginx