Move some of the gvaldap and gvaweb data to pillars

pillar/gnuviechadmin/gva.sls

@@ -0,0 +1,9 @@
+include:
+  - gnuviechadmin
+  - gnuviechadmin.queues.common
+
+gnuviechadmin:
+  appname: gva
+  gva:
+    django_secret_key: yBnbG4azhNaTxIW0/Rv2dEij9PcVU1KVR//1bR6LujmLBnZJw8OOrEi2dIqz3pyOdG8=
+

pillar/gnuviechadmin/gvaldap.sls

@@ -2,17 +2,22 @@ include:
   - gnuviechadmin
   - gnuviechadmin.queues.common
   - gnuviechadmin.queues.gvaldap
-  - ldapserver
 
 gnuviechadmin:
-  component:
-    name: gvaldap
-    amqp_user: ldap
-  ldap_admin_user: ldapadmin
-  ldap_admin_password: NnVnGoWBVw6BKb9DhTwHAz0ICrdiDy+HL1A6F2Rz
   allowed_hosts: 127.0.0.1,gvaldap.local,localhost
+  appname: gvaldap
+  server_email: gvaldap@gnuviech-server.de
+  admin_email: jan@dittberner.info
+  admin_name: Jan Dittberner
   gvaldap:
-    git_url: https://git.dittberner.info/gnuviech/gvaldap.git
-    git_branch: master
+    ldap_groups_ou: groups
+    ldap_users_ou: users
+    allowed_hosts: localhost,ldap
+    amqp_user: ldap
     celery_module: ldaptasks
     django_secret_key: IyOiTDt2DMo4gBVTwZ+E2p+mI1S/rNzZVIFlSr6TpgtxtsJODOVWHaxgVW3FqGZVaFU=
+    fullname: LDAP
+    git_branch: master
+    git_url: https://git.dittberner.info/gnuviech/gvaldap.git
+    ldap_admin_password: NnVnGoWBVw6BKb9DhTwHAz0ICrdiDy+HL1A6F2Rz
+    ldap_admin_user: ldapadmin

pillar/gnuviechadmin/gvaweb.sls

@@ -4,10 +4,10 @@ include:
   - gnuviechadmin.queues.gvaweb
 
 gnuviechadmin:
-  component:
-    name: gvaweb
-    amqp_user: web
+  appname: gvaweb
   gvaweb:
+    amqp_user: web
+    fullname: Web
     git_url: https://git.dittberner.info/gnuviech/gvaweb.git
     git_branch: master
     celery_module: webtasks

pillar/gnuviechadmin/init.sls

@@ -1,3 +1,6 @@
+include:
+  - gnuviechadmin.redis
+
 gnuviechadmin:
   ssh_known_hosts: |
       nextgit.gnuviech-server.de ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBESb6Q0nyvx82wJ0S6Jx7ZvY6wJzuwqh2zWOlXzLDcor8Pu5iLqUn5GywS0ooyl3Hkyn983R6Zdr49zgTroRwQA=
@@ -12,15 +15,12 @@ gnuviechadmin:
   osuserprefix: usr
   osuserhomedirbase: /home
   osuserdefaultshell: /usr/bin/rssh
-  uploadserver: gvafile.local
-  ldap_domain: gva.local
-  ldap_url: ldap://gvaldap.local
+  uploadserver: file
   ldap_base_dn: dc=gva,dc=local
-  ldap_groups_ou: groups
-  ldap_users_ou: users
-  redis_password: j2gfWeACPrj0R2xkgv4KAznCM9nCuUb4
-  redis_host: gva.local
-  django_secret_key: yBnbG4azhNaTxIW0/Rv2dEij9PcVU1KVR//1bR6LujmLBnZJw8OOrEi2dIqz3pyOdG8=
+  ldap_base_dn_groups: ou=groups,dc=gva,dc=local
+  ldap_base_dn_users: ou=groups,dc=gva,dc=local
+  ldap_domain: gva.local
+  ldap_url: ldap://ldap
   machines:
     gva.local:
       ip: 172.16.3.2

pillar/gnuviechadmin/redis.sls

@@ -0,0 +1,3 @@
+gnuviechadmin:
+  redis_password: j2gfWeACPrj0R2xkgv4KAznCM9nCuUb4
+  redis_host: mq

pillar/top.sls

@@ -1,12 +1,10 @@
 base:
-  '*':
-    - gnuviechadmin
-{% for role in ('database', 'queues', 'webinterface', 'gvaldap', 'gvafile', 'gvamysql', 'gvapgsql', 'gvaweb') %}
+{%- for role in ('database', 'redis', 'queues', 'gva', 'gvaldap', 'gvafile', 'gvamysql', 'gvapgsql', 'gvaweb') %}
   'roles:gnuviechadmin.{{ role }}':
     - match: grain
     - gnuviechadmin.{{ role }}
 {% endfor %}
-{% for role in ('fileserver', 'ldapclient') %}
+{% for role in ('fileserver', 'ldapserver', 'ldapclient') %}
   'roles:{{ role }}':
     - match: grain
     - {{ role }}

states/base/init.sls

@@ -1,6 +1,3 @@
-deb http://httpredir.debian.org/debian {{ salt['grains.get']('oscodename', 'buster') }} main:
-  pkgrepo.absent
-
 debian-repo:
   pkgrepo.managed:
     - humanname: Debian
@@ -19,6 +16,11 @@ debian-security-repo:
     - name: deb http://security.debian.org/ {{ salt['grains.get']('oscodename', 'buster') }}/updates main
     - file: /etc/apt/sources.list
 
+httpredir-debian-repo:
+  pkgrepo.absent:
+    - name: deb http://httpredir.debian.org/debian {{ salt['grains.get']('oscodename', 'buster') }} main
+    - file: /etc/apt/sources.list
+
 backports-repo:
   pkgrepo.managed:
     - humanname: Debian backports

states/gnuviechadmin/gvaapp_macros.sls

@@ -4,7 +4,7 @@
 {% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}
 {% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}
 
-{% set appfullname = 'GNUViech Admin {} User'.format(grains['gnuviechadmin']['fullname']) -%}
+{% set appfullname = 'GNUViech Admin {} User'.format(salt['pillar.get']('gnuviechadmin:{}:fullname'.format(gvaappname))) -%}
 {% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
 {% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
 {% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
@@ -46,7 +46,7 @@ SSH Deployment Key:
     - requires:
       - file: {{ app_home }}/.ssh
     - require_in:
-        git: {{ gitrepo }}
+      - git: {{ gitrepo }}
 
 SSH known hosts configuration:
   file.managed:
@@ -58,7 +58,7 @@ SSH known hosts configuration:
     - require:
       - file: {{ app_home }}/.ssh
     - require_in:
-        git: {{ gitrepo }}
+      - git: {{ gitrepo }}
 
 SSH configuration:
   file.managed:
@@ -73,7 +73,7 @@ SSH configuration:
     - require:
       - file: {{ app_home }}/.ssh
     - require_in:
-        git: {{ gitrepo }}
+      - git: {{ gitrepo }}
 {% endif %}
 
 {{ checkout }}:
@@ -167,8 +167,8 @@ update-{{ gvaappname }}-pip:
 {% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
 {% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
 
-{% set servicename = gvaappname + "-celery-worker" %}
-{% set amqp_user = grains['gnuviechadmin']['amqpuser'] -%}
+{% set servicename = "{}-celery-worker".format(gvaappname) %}
+{% set amqp_user = salt['pillar.get']('gnuviechadmin:{}:amqpuser'.format(gvaappname)) -%}
 {{ gvaapp_base(gvaappname, servicename ) }}
 /etc/default/{{ gvaappname }}:
   file.managed:
@@ -180,14 +180,15 @@ update-{{ gvaappname }}-pip:
     - context:
         virtualenv: {{ venv }}
         checkout: {{ checkout }}
-        broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin-queues:users:' + amqp_user + ':password') }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
+        broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin-queues:users:{}:password'.format(amqp_user)) }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
+        result_url: redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0
     - watch_in:
       - service: {{ servicename }}
 
 /etc/systemd/system/{{ servicename }}.service:
   file.managed:
     - user: root
-    - group: root
+    - group: {{ app_group }}
     - mode: 0640
     - source: salt://gnuviechadmin/celery-worker.service
     - template: jinja

states/gnuviechadmin/gvaldap.sls

@@ -1,4 +1,4 @@
-{% set gvaappname = salt['grains.get']('gnuviechadmin:appname') %}
+{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}
 {% set purpose = "for LDAP data management" %}
 {% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
 include:
@@ -20,4 +20,4 @@ base-ldap-objects:
     - source: salt://gnuviechadmin/gvaldap/create_base_ldap_objects.sh
     - template: jinja
     - runas: root
-    - unless: ldapsearch -Y EXTERNAL -H ldapi:// -b "{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn') }}" "cn={{ salt['pillar.get']('gnuviechadmin:ldap_admin_user') }}" | grep -q numEntries
+    - unless: ldapsearch -Y EXTERNAL -H ldapi:// -b "{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn') }}" "cn={{ salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_user') }}" | grep -q numEntries

states/gnuviechadmin/gvaldap/celery-worker.env

@@ -1,13 +1,13 @@
 DJANGO_SETTINGS_MODULE="gvaldap.settings"
-GVALDAP_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:admin_email') }}"
-GVALDAP_ADMIN_NAME="{{ salt['pillar.get']('gnuviechadmin-gvaldap:admin_name') }}"
-GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin-gvaldap:allowed_hosts') }}"
-GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_group') }}"
-GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_user') }}"
+GVALDAP_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin:admin_email') }}"
+GVALDAP_ADMIN_NAME="{{ salt['pillar.get']('gnuviechadmin:admin_name') }}"
+GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin:gvaldap:allowed_hosts') }}"
+GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn_groups') }}"
+GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn_users') }}"
 GVALDAP_BROKER_URL="{{ broker_url }}"
-GVALDAP_RESULTS_REDIS_URL="{{ 'redis://:{}@{}/0'.format(salt['pillar.get']('gnviechadmin:redis_password'), salt['pillar.get']('gnuviechadmin:redis_host')) }}"
-GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_password' ) }}"
-GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_url') }}"
-GVALDAP_LDAP_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_user') }}"
-GVALDAP_SECRETKEY="{{ salt['pillar.get']('gnuviechadmin-gvaldap:django_secret_key') }}"
-GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:server_email') }}"
+GVALDAP_RESULTS_REDIS_URL="{{ result_url }}"
+GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_password' ) }}"
+GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin:ldap_url') }}"
+GVALDAP_LDAP_USER="{{ salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_user') }}"
+GVALDAP_SECRETKEY="{{ salt['pillar.get']('gnuviechadmin:gvaldap:django_secret_key') }}"
+GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin:server_email') }}"

states/gnuviechadmin/gvaldap/create_base_ldap_objects.sh

@@ -3,10 +3,10 @@
 set -e
 
 {% set base_dn = salt['pillar.get']('gnuviechadmin:ldap_base_dn') %}
-{% set ldap_admin_user = salt['pillar.get']('gnuviechadmin:ldap_admin_user') %}
-{% set ldap_groups_ou = salt['pillar.get']('gnuviechadmin:ldap_groups_ou') %}
-{% set ldap_users_ou = salt['pillar.get']('gnuviechadmin:ldap_users_ou') %}
-{% set ldap_admin_password = salt['pillar.get']('gnuviechadmin:ldap_admin_password') %}
+{% set ldap_admin_user = salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_user') %}
+{% set ldap_admin_password = salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_password') %}
+{% set ldap_groups_ou = salt['pillar.get']('gnuviechadmin:gvaldap:ldap_groups_ou') %}
+{% set ldap_users_ou = salt['pillar.get']('gnuviechadmin:gvaldap:ldap_users_ou') %}
 
 # setup password hashing for cleartext input
 ldapadd -v -H ldapi:// -Y EXTERNAL -f /etc/ldap/schema/ppolicy.ldif

states/gnuviechadmin/gvaweb.sls

@@ -1,4 +1,4 @@
-{% set gvaappname = salt['grains.get']('gnuviechadmin:appname') %}
+{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}
 {% set purpose = "for website configuration management" %}
 {% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
 include:
@@ -13,5 +13,8 @@ include:
     - user: root
     - group: root
     - source: salt://gnuviechadmin/{{ gvaappname }}/sudoers
+    - template: jinja
+    - context:
+        app_user: {{ salt['grains.get']('gnuviechadmin:user', gvaappname) }}
     - require:
       - pkg: sudo

states/gnuviechadmin/gvaweb/celery-worker.env

@@ -1,6 +1,5 @@
 GVAWEB_BROKER_URL="{{ broker_url }}"
-GVAWEB_RESULTS_REDIS_URL="{{ 'redis://:{}@{}/0'.format(salt['pillar.get']('gnviechadmin:redis_password'), salt['pillar.get']('gnuviechadmin:redis_host')) }}"
-GVAWEB_NGINX_SITES_AVAILABLE="{{ salt['pillar.get']('gnuviechadmin-gvaweb:nginx_sites_available', '/etc/nginx/sites-available') }}"
-GVAWEB_NGINX_SITES_ENABLED="{{ salt['pillar.get']('gnuviechadmin-gvaweb:nginx_sites_enabled', '/etc/nginx/sites-enabled') }}"
-GVAWEB_PHPFPM_POOL="{{ salt['pillar.get']('gnuviechadmin-gvaweb:phpfpm_pool', '/etc/php5/fpm/pool.d') }}"
-GVAWEB_WWWUSER_MOUNT="{{ salt['pillar.get']('gnuviechadmin-gvaweb:wwwuser_mount', '/srv/wwwfiles') }}"
+GVAWEB_RESULTS_REDIS_URL="{{ result_url }}"
+GVAWEB_NGINX_SITES_AVAILABLE="{{ salt['pillar.get']('gnuviechadmin:gvaweb:nginx_sites_available', '/etc/nginx/sites-available') }}"
+GVAWEB_NGINX_SITES_ENABLED="{{ salt['pillar.get']('gnuviechadmin:gvaweb:nginx_sites_enabled', '/etc/nginx/sites-enabled') }}"
+GVAWEB_WWWUSER_MOUNT="{{ salt['pillar.get']('gnuviechadmin:gvaweb:wwwuser_mount', '/srv/wwwfiles') }}"

states/gnuviechadmin/gvaweb/sudoers

@@ -1,3 +1,3 @@
 Cmnd_Alias GVAWEB_CMDS = /usr/bin/install, /bin/rm, /bin/ln, /bin/systemctl
 
-gvaweb  ALL = (root) NOPASSWD: GVAWEB_CMDS
+{{ app_user }}  ALL = (root) NOPASSWD: GVAWEB_CMDS

states/vagrant/bashrc

@@ -37,7 +37,7 @@ fi
 
 # set a fancy prompt (non-color, unless we know we "want" color)
 case "$TERM" in
-    xterm-color) color_prompt=yes;;
+    xterm-color|*-256color) color_prompt=yes;;
 esac
 
 # uncomment for a colored prompt, if the terminal has the capability; turned
@@ -111,7 +111,3 @@ if ! shopt -oq posix; then
     . /etc/bash_completion
   fi
 fi
-
-if [ -f ~/.bash_functions ]; then
-    . ~/.bash_functions
-fi