Move some of the gvaldap and gvaweb data to pillars
This commit is contained in:
parent
2da305fb5f
commit
dd43bd4b31
|
|
@ -0,0 +1,9 @@
|
|||
include:
|
||||
- gnuviechadmin
|
||||
- gnuviechadmin.queues.common
|
||||
|
||||
gnuviechadmin:
|
||||
appname: gva
|
||||
gva:
|
||||
django_secret_key: yBnbG4azhNaTxIW0/Rv2dEij9PcVU1KVR//1bR6LujmLBnZJw8OOrEi2dIqz3pyOdG8=
|
||||
|
||||
|
|
@ -2,17 +2,22 @@ include:
|
|||
- gnuviechadmin
|
||||
- gnuviechadmin.queues.common
|
||||
- gnuviechadmin.queues.gvaldap
|
||||
- ldapserver
|
||||
|
||||
gnuviechadmin:
|
||||
component:
|
||||
name: gvaldap
|
||||
amqp_user: ldap
|
||||
ldap_admin_user: ldapadmin
|
||||
ldap_admin_password: NnVnGoWBVw6BKb9DhTwHAz0ICrdiDy+HL1A6F2Rz
|
||||
allowed_hosts: 127.0.0.1,gvaldap.local,localhost
|
||||
appname: gvaldap
|
||||
server_email: gvaldap@gnuviech-server.de
|
||||
admin_email: jan@dittberner.info
|
||||
admin_name: Jan Dittberner
|
||||
gvaldap:
|
||||
git_url: https://git.dittberner.info/gnuviech/gvaldap.git
|
||||
git_branch: master
|
||||
ldap_groups_ou: groups
|
||||
ldap_users_ou: users
|
||||
allowed_hosts: localhost,ldap
|
||||
amqp_user: ldap
|
||||
celery_module: ldaptasks
|
||||
django_secret_key: IyOiTDt2DMo4gBVTwZ+E2p+mI1S/rNzZVIFlSr6TpgtxtsJODOVWHaxgVW3FqGZVaFU=
|
||||
fullname: LDAP
|
||||
git_branch: master
|
||||
git_url: https://git.dittberner.info/gnuviech/gvaldap.git
|
||||
ldap_admin_password: NnVnGoWBVw6BKb9DhTwHAz0ICrdiDy+HL1A6F2Rz
|
||||
ldap_admin_user: ldapadmin
|
||||
|
|
|
|||
|
|
@ -4,10 +4,10 @@ include:
|
|||
- gnuviechadmin.queues.gvaweb
|
||||
|
||||
gnuviechadmin:
|
||||
component:
|
||||
name: gvaweb
|
||||
amqp_user: web
|
||||
appname: gvaweb
|
||||
gvaweb:
|
||||
amqp_user: web
|
||||
fullname: Web
|
||||
git_url: https://git.dittberner.info/gnuviech/gvaweb.git
|
||||
git_branch: master
|
||||
celery_module: webtasks
|
||||
|
|
|
|||
|
|
@ -1,3 +1,6 @@
|
|||
include:
|
||||
- gnuviechadmin.redis
|
||||
|
||||
gnuviechadmin:
|
||||
ssh_known_hosts: |
|
||||
nextgit.gnuviech-server.de ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBESb6Q0nyvx82wJ0S6Jx7ZvY6wJzuwqh2zWOlXzLDcor8Pu5iLqUn5GywS0ooyl3Hkyn983R6Zdr49zgTroRwQA=
|
||||
|
|
@ -12,15 +15,12 @@ gnuviechadmin:
|
|||
osuserprefix: usr
|
||||
osuserhomedirbase: /home
|
||||
osuserdefaultshell: /usr/bin/rssh
|
||||
uploadserver: gvafile.local
|
||||
ldap_domain: gva.local
|
||||
ldap_url: ldap://gvaldap.local
|
||||
uploadserver: file
|
||||
ldap_base_dn: dc=gva,dc=local
|
||||
ldap_groups_ou: groups
|
||||
ldap_users_ou: users
|
||||
redis_password: j2gfWeACPrj0R2xkgv4KAznCM9nCuUb4
|
||||
redis_host: gva.local
|
||||
django_secret_key: yBnbG4azhNaTxIW0/Rv2dEij9PcVU1KVR//1bR6LujmLBnZJw8OOrEi2dIqz3pyOdG8=
|
||||
ldap_base_dn_groups: ou=groups,dc=gva,dc=local
|
||||
ldap_base_dn_users: ou=groups,dc=gva,dc=local
|
||||
ldap_domain: gva.local
|
||||
ldap_url: ldap://ldap
|
||||
machines:
|
||||
gva.local:
|
||||
ip: 172.16.3.2
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
gnuviechadmin:
|
||||
redis_password: j2gfWeACPrj0R2xkgv4KAznCM9nCuUb4
|
||||
redis_host: mq
|
||||
|
|
@ -1,12 +1,10 @@
|
|||
base:
|
||||
'*':
|
||||
- gnuviechadmin
|
||||
{% for role in ('database', 'queues', 'webinterface', 'gvaldap', 'gvafile', 'gvamysql', 'gvapgsql', 'gvaweb') %}
|
||||
{%- for role in ('database', 'redis', 'queues', 'gva', 'gvaldap', 'gvafile', 'gvamysql', 'gvapgsql', 'gvaweb') %}
|
||||
'roles:gnuviechadmin.{{ role }}':
|
||||
- match: grain
|
||||
- gnuviechadmin.{{ role }}
|
||||
{% endfor %}
|
||||
{% for role in ('fileserver', 'ldapclient') %}
|
||||
{% for role in ('fileserver', 'ldapserver', 'ldapclient') %}
|
||||
'roles:{{ role }}':
|
||||
- match: grain
|
||||
- {{ role }}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,3 @@
|
|||
deb http://httpredir.debian.org/debian {{ salt['grains.get']('oscodename', 'buster') }} main:
|
||||
pkgrepo.absent
|
||||
|
||||
debian-repo:
|
||||
pkgrepo.managed:
|
||||
- humanname: Debian
|
||||
|
|
@ -19,6 +16,11 @@ debian-security-repo:
|
|||
- name: deb http://security.debian.org/ {{ salt['grains.get']('oscodename', 'buster') }}/updates main
|
||||
- file: /etc/apt/sources.list
|
||||
|
||||
httpredir-debian-repo:
|
||||
pkgrepo.absent:
|
||||
- name: deb http://httpredir.debian.org/debian {{ salt['grains.get']('oscodename', 'buster') }} main
|
||||
- file: /etc/apt/sources.list
|
||||
|
||||
backports-repo:
|
||||
pkgrepo.managed:
|
||||
- humanname: Debian backports
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
{% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}
|
||||
{% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}
|
||||
|
||||
{% set appfullname = 'GNUViech Admin {} User'.format(grains['gnuviechadmin']['fullname']) -%}
|
||||
{% set appfullname = 'GNUViech Admin {} User'.format(salt['pillar.get']('gnuviechadmin:{}:fullname'.format(gvaappname))) -%}
|
||||
{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
|
||||
{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
|
||||
{% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
|
||||
|
|
@ -46,7 +46,7 @@ SSH Deployment Key:
|
|||
- requires:
|
||||
- file: {{ app_home }}/.ssh
|
||||
- require_in:
|
||||
git: {{ gitrepo }}
|
||||
- git: {{ gitrepo }}
|
||||
|
||||
SSH known hosts configuration:
|
||||
file.managed:
|
||||
|
|
@ -58,7 +58,7 @@ SSH known hosts configuration:
|
|||
- require:
|
||||
- file: {{ app_home }}/.ssh
|
||||
- require_in:
|
||||
git: {{ gitrepo }}
|
||||
- git: {{ gitrepo }}
|
||||
|
||||
SSH configuration:
|
||||
file.managed:
|
||||
|
|
@ -73,7 +73,7 @@ SSH configuration:
|
|||
- require:
|
||||
- file: {{ app_home }}/.ssh
|
||||
- require_in:
|
||||
git: {{ gitrepo }}
|
||||
- git: {{ gitrepo }}
|
||||
{% endif %}
|
||||
|
||||
{{ checkout }}:
|
||||
|
|
@ -167,8 +167,8 @@ update-{{ gvaappname }}-pip:
|
|||
{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
|
||||
{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
|
||||
|
||||
{% set servicename = gvaappname + "-celery-worker" %}
|
||||
{% set amqp_user = grains['gnuviechadmin']['amqpuser'] -%}
|
||||
{% set servicename = "{}-celery-worker".format(gvaappname) %}
|
||||
{% set amqp_user = salt['pillar.get']('gnuviechadmin:{}:amqpuser'.format(gvaappname)) -%}
|
||||
{{ gvaapp_base(gvaappname, servicename ) }}
|
||||
/etc/default/{{ gvaappname }}:
|
||||
file.managed:
|
||||
|
|
@ -180,14 +180,15 @@ update-{{ gvaappname }}-pip:
|
|||
- context:
|
||||
virtualenv: {{ venv }}
|
||||
checkout: {{ checkout }}
|
||||
broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin-queues:users:' + amqp_user + ':password') }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
|
||||
broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin-queues:users:{}:password'.format(amqp_user)) }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
|
||||
result_url: redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0
|
||||
- watch_in:
|
||||
- service: {{ servicename }}
|
||||
|
||||
/etc/systemd/system/{{ servicename }}.service:
|
||||
file.managed:
|
||||
- user: root
|
||||
- group: root
|
||||
- group: {{ app_group }}
|
||||
- mode: 0640
|
||||
- source: salt://gnuviechadmin/celery-worker.service
|
||||
- template: jinja
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{% set gvaappname = salt['grains.get']('gnuviechadmin:appname') %}
|
||||
{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}
|
||||
{% set purpose = "for LDAP data management" %}
|
||||
{% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
|
||||
include:
|
||||
|
|
@ -20,4 +20,4 @@ base-ldap-objects:
|
|||
- source: salt://gnuviechadmin/gvaldap/create_base_ldap_objects.sh
|
||||
- template: jinja
|
||||
- runas: root
|
||||
- unless: ldapsearch -Y EXTERNAL -H ldapi:// -b "{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn') }}" "cn={{ salt['pillar.get']('gnuviechadmin:ldap_admin_user') }}" | grep -q numEntries
|
||||
- unless: ldapsearch -Y EXTERNAL -H ldapi:// -b "{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn') }}" "cn={{ salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_user') }}" | grep -q numEntries
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
DJANGO_SETTINGS_MODULE="gvaldap.settings"
|
||||
GVALDAP_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:admin_email') }}"
|
||||
GVALDAP_ADMIN_NAME="{{ salt['pillar.get']('gnuviechadmin-gvaldap:admin_name') }}"
|
||||
GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin-gvaldap:allowed_hosts') }}"
|
||||
GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_group') }}"
|
||||
GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_user') }}"
|
||||
GVALDAP_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin:admin_email') }}"
|
||||
GVALDAP_ADMIN_NAME="{{ salt['pillar.get']('gnuviechadmin:admin_name') }}"
|
||||
GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin:gvaldap:allowed_hosts') }}"
|
||||
GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn_groups') }}"
|
||||
GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn_users') }}"
|
||||
GVALDAP_BROKER_URL="{{ broker_url }}"
|
||||
GVALDAP_RESULTS_REDIS_URL="{{ 'redis://:{}@{}/0'.format(salt['pillar.get']('gnviechadmin:redis_password'), salt['pillar.get']('gnuviechadmin:redis_host')) }}"
|
||||
GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_password' ) }}"
|
||||
GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_url') }}"
|
||||
GVALDAP_LDAP_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_user') }}"
|
||||
GVALDAP_SECRETKEY="{{ salt['pillar.get']('gnuviechadmin-gvaldap:django_secret_key') }}"
|
||||
GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:server_email') }}"
|
||||
GVALDAP_RESULTS_REDIS_URL="{{ result_url }}"
|
||||
GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_password' ) }}"
|
||||
GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin:ldap_url') }}"
|
||||
GVALDAP_LDAP_USER="{{ salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_user') }}"
|
||||
GVALDAP_SECRETKEY="{{ salt['pillar.get']('gnuviechadmin:gvaldap:django_secret_key') }}"
|
||||
GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin:server_email') }}"
|
||||
|
|
|
|||
|
|
@ -3,10 +3,10 @@
|
|||
set -e
|
||||
|
||||
{% set base_dn = salt['pillar.get']('gnuviechadmin:ldap_base_dn') %}
|
||||
{% set ldap_admin_user = salt['pillar.get']('gnuviechadmin:ldap_admin_user') %}
|
||||
{% set ldap_groups_ou = salt['pillar.get']('gnuviechadmin:ldap_groups_ou') %}
|
||||
{% set ldap_users_ou = salt['pillar.get']('gnuviechadmin:ldap_users_ou') %}
|
||||
{% set ldap_admin_password = salt['pillar.get']('gnuviechadmin:ldap_admin_password') %}
|
||||
{% set ldap_admin_user = salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_user') %}
|
||||
{% set ldap_admin_password = salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_password') %}
|
||||
{% set ldap_groups_ou = salt['pillar.get']('gnuviechadmin:gvaldap:ldap_groups_ou') %}
|
||||
{% set ldap_users_ou = salt['pillar.get']('gnuviechadmin:gvaldap:ldap_users_ou') %}
|
||||
|
||||
# setup password hashing for cleartext input
|
||||
ldapadd -v -H ldapi:// -Y EXTERNAL -f /etc/ldap/schema/ppolicy.ldif
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{% set gvaappname = salt['grains.get']('gnuviechadmin:appname') %}
|
||||
{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}
|
||||
{% set purpose = "for website configuration management" %}
|
||||
{% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
|
||||
include:
|
||||
|
|
@ -13,5 +13,8 @@ include:
|
|||
- user: root
|
||||
- group: root
|
||||
- source: salt://gnuviechadmin/{{ gvaappname }}/sudoers
|
||||
- template: jinja
|
||||
- context:
|
||||
app_user: {{ salt['grains.get']('gnuviechadmin:user', gvaappname) }}
|
||||
- require:
|
||||
- pkg: sudo
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
GVAWEB_BROKER_URL="{{ broker_url }}"
|
||||
GVAWEB_RESULTS_REDIS_URL="{{ 'redis://:{}@{}/0'.format(salt['pillar.get']('gnviechadmin:redis_password'), salt['pillar.get']('gnuviechadmin:redis_host')) }}"
|
||||
GVAWEB_NGINX_SITES_AVAILABLE="{{ salt['pillar.get']('gnuviechadmin-gvaweb:nginx_sites_available', '/etc/nginx/sites-available') }}"
|
||||
GVAWEB_NGINX_SITES_ENABLED="{{ salt['pillar.get']('gnuviechadmin-gvaweb:nginx_sites_enabled', '/etc/nginx/sites-enabled') }}"
|
||||
GVAWEB_PHPFPM_POOL="{{ salt['pillar.get']('gnuviechadmin-gvaweb:phpfpm_pool', '/etc/php5/fpm/pool.d') }}"
|
||||
GVAWEB_WWWUSER_MOUNT="{{ salt['pillar.get']('gnuviechadmin-gvaweb:wwwuser_mount', '/srv/wwwfiles') }}"
|
||||
GVAWEB_RESULTS_REDIS_URL="{{ result_url }}"
|
||||
GVAWEB_NGINX_SITES_AVAILABLE="{{ salt['pillar.get']('gnuviechadmin:gvaweb:nginx_sites_available', '/etc/nginx/sites-available') }}"
|
||||
GVAWEB_NGINX_SITES_ENABLED="{{ salt['pillar.get']('gnuviechadmin:gvaweb:nginx_sites_enabled', '/etc/nginx/sites-enabled') }}"
|
||||
GVAWEB_WWWUSER_MOUNT="{{ salt['pillar.get']('gnuviechadmin:gvaweb:wwwuser_mount', '/srv/wwwfiles') }}"
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
Cmnd_Alias GVAWEB_CMDS = /usr/bin/install, /bin/rm, /bin/ln, /bin/systemctl
|
||||
|
||||
gvaweb ALL = (root) NOPASSWD: GVAWEB_CMDS
|
||||
{{ app_user }} ALL = (root) NOPASSWD: GVAWEB_CMDS
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ fi
|
|||
|
||||
# set a fancy prompt (non-color, unless we know we "want" color)
|
||||
case "$TERM" in
|
||||
xterm-color) color_prompt=yes;;
|
||||
xterm-color|*-256color) color_prompt=yes;;
|
||||
esac
|
||||
|
||||
# uncomment for a colored prompt, if the terminal has the capability; turned
|
||||
|
|
@ -111,7 +111,3 @@ if ! shopt -oq posix; then
|
|||
. /etc/bash_completion
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f ~/.bash_functions ]; then
|
||||
. ~/.bash_functions
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in New Issue