Improve salt setup

This commit improves the salt setup of the Vagrant box: - Salt output is reduced to log level warning - Hosts entries are created for the internal IPs of all planned gva component VMs - .bashrc and a .bash_functions sourced from it are now managed for the vagrant user - the VM name has been changed to gva.local - recent salt versions do not depend on m2crypto anymore, therefore it is now installed before x509certificate functions are called - the rabbitmq_vhost for gva is now setup before any users are created because the previous implementation was broken with recent salt versions - the gnuviechadmin-locale-data-compile step has been simplified because Django 1.9's compilemessages takes care of recursive .mo file compilation - pillar data has been separated by role (especially queue permissions and credentials) - salt configuration is now unified with gvaldap
2016-01-29 18:34:40 +01:00 · 2016-01-29 18:34:40 +01:00 · 8396a0788d
commit 8396a0788d
parent 6fa4662bfd
35 changed files with 520 additions and 186 deletions
--- a/roots/nginx/init.sls
+++ b/roots/nginx/init.sls
@ -0,0 +1,38 @@
+nginx:
+  pkg:
+    - installed
+  service.running:
+    - enable: True
+    - require:
+      - pkg: nginx
+
+nginx-common:
+  pkg.installed
+
+/etc/nginx/nginx.conf:
+  file.managed:
+    - source: salt://nginx/nginx.conf
+    - user: root
+    - group: root
+    - mode: 0644
+    - require:
+      - pkg: nginx-common
+    - watch_in:
+      - service: nginx
+
+{% set nginx_ssl_keydir = salt['pillar.get']('nginx:sslkeydir', '/etc/nginx/ssl/private') %}
+{% set nginx_ssl_certdir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}
+
+{{ nginx_ssl_certdir }}:
+  file.directory:
+    - user: root
+    - group: root
+    - mode: 0755
+    - makedirs: True
+
+{{ nginx_ssl_keydir }}:
+  file.directory:
+    - user: root
+    - group: root
+    - mode: 0750
+    - makedirs: True
--- a/roots/nginx/nginx.conf
+++ b/roots/nginx/nginx.conf
@ -0,0 +1,49 @@
+user www-data;
+worker_processes 4;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}