Move some of the gvaldap and gvaweb data to pillars

states/base/init.sls

@@ -1,6 +1,3 @@
-deb http://httpredir.debian.org/debian {{ salt['grains.get']('oscodename', 'buster') }} main:
-  pkgrepo.absent
-
 debian-repo:
   pkgrepo.managed:
     - humanname: Debian
@@ -19,6 +16,11 @@ debian-security-repo:
     - name: deb http://security.debian.org/ {{ salt['grains.get']('oscodename', 'buster') }}/updates main
     - file: /etc/apt/sources.list
 
+httpredir-debian-repo:
+  pkgrepo.absent:
+    - name: deb http://httpredir.debian.org/debian {{ salt['grains.get']('oscodename', 'buster') }} main
+    - file: /etc/apt/sources.list
+
 backports-repo:
   pkgrepo.managed:
     - humanname: Debian backports

states/gnuviechadmin/gvaapp_macros.sls

@@ -4,7 +4,7 @@
 {% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}
 {% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}
 
-{% set appfullname = 'GNUViech Admin {} User'.format(grains['gnuviechadmin']['fullname']) -%}
+{% set appfullname = 'GNUViech Admin {} User'.format(salt['pillar.get']('gnuviechadmin:{}:fullname'.format(gvaappname))) -%}
 {% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
 {% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
 {% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
@@ -46,7 +46,7 @@ SSH Deployment Key:
     - requires:
       - file: {{ app_home }}/.ssh
     - require_in:
-        git: {{ gitrepo }}
+      - git: {{ gitrepo }}
 
 SSH known hosts configuration:
   file.managed:
@@ -58,7 +58,7 @@ SSH known hosts configuration:
     - require:
       - file: {{ app_home }}/.ssh
     - require_in:
-        git: {{ gitrepo }}
+      - git: {{ gitrepo }}
 
 SSH configuration:
   file.managed:
@@ -73,7 +73,7 @@ SSH configuration:
     - require:
       - file: {{ app_home }}/.ssh
     - require_in:
-        git: {{ gitrepo }}
+      - git: {{ gitrepo }}
 {% endif %}
 
 {{ checkout }}:
@@ -167,8 +167,8 @@ update-{{ gvaappname }}-pip:
 {% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
 {% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
 
-{% set servicename = gvaappname + "-celery-worker" %}
-{% set amqp_user = grains['gnuviechadmin']['amqpuser'] -%}
+{% set servicename = "{}-celery-worker".format(gvaappname) %}
+{% set amqp_user = salt['pillar.get']('gnuviechadmin:{}:amqpuser'.format(gvaappname)) -%}
 {{ gvaapp_base(gvaappname, servicename ) }}
 /etc/default/{{ gvaappname }}:
   file.managed:
@@ -180,14 +180,15 @@ update-{{ gvaappname }}-pip:
     - context:
         virtualenv: {{ venv }}
         checkout: {{ checkout }}
-        broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin-queues:users:' + amqp_user + ':password') }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
+        broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin-queues:users:{}:password'.format(amqp_user)) }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
+        result_url: redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0
     - watch_in:
       - service: {{ servicename }}
 
 /etc/systemd/system/{{ servicename }}.service:
   file.managed:
     - user: root
-    - group: root
+    - group: {{ app_group }}
     - mode: 0640
     - source: salt://gnuviechadmin/celery-worker.service
     - template: jinja

states/gnuviechadmin/gvaldap.sls

@@ -1,4 +1,4 @@
-{% set gvaappname = salt['grains.get']('gnuviechadmin:appname') %}
+{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}
 {% set purpose = "for LDAP data management" %}
 {% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
 include:
@@ -20,4 +20,4 @@ base-ldap-objects:
     - source: salt://gnuviechadmin/gvaldap/create_base_ldap_objects.sh
     - template: jinja
     - runas: root
-    - unless: ldapsearch -Y EXTERNAL -H ldapi:// -b "{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn') }}" "cn={{ salt['pillar.get']('gnuviechadmin:ldap_admin_user') }}" | grep -q numEntries
+    - unless: ldapsearch -Y EXTERNAL -H ldapi:// -b "{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn') }}" "cn={{ salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_user') }}" | grep -q numEntries

states/gnuviechadmin/gvaldap/celery-worker.env

@@ -1,13 +1,13 @@
 DJANGO_SETTINGS_MODULE="gvaldap.settings"
-GVALDAP_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:admin_email') }}"
-GVALDAP_ADMIN_NAME="{{ salt['pillar.get']('gnuviechadmin-gvaldap:admin_name') }}"
-GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin-gvaldap:allowed_hosts') }}"
-GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_group') }}"
-GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:basedn_user') }}"
+GVALDAP_ADMIN_EMAIL="{{ salt['pillar.get']('gnuviechadmin:admin_email') }}"
+GVALDAP_ADMIN_NAME="{{ salt['pillar.get']('gnuviechadmin:admin_name') }}"
+GVALDAP_ALLOWED_HOSTS="{{ salt['pillar.get']('gnuviechadmin:gvaldap:allowed_hosts') }}"
+GVALDAP_BASEDN_GROUP="{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn_groups') }}"
+GVALDAP_BASEDN_USER="{{ salt['pillar.get']('gnuviechadmin:ldap_base_dn_users') }}"
 GVALDAP_BROKER_URL="{{ broker_url }}"
-GVALDAP_RESULTS_REDIS_URL="{{ 'redis://:{}@{}/0'.format(salt['pillar.get']('gnviechadmin:redis_password'), salt['pillar.get']('gnuviechadmin:redis_host')) }}"
-GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_password' ) }}"
-GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_url') }}"
-GVALDAP_LDAP_USER="{{ salt['pillar.get']('gnuviechadmin-gvaldap:ldap_user') }}"
-GVALDAP_SECRETKEY="{{ salt['pillar.get']('gnuviechadmin-gvaldap:django_secret_key') }}"
-GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin-gvaldap:server_email') }}"
+GVALDAP_RESULTS_REDIS_URL="{{ result_url }}"
+GVALDAP_LDAP_PASSWORD="{{ salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_password' ) }}"
+GVALDAP_LDAP_URL="{{ salt['pillar.get']('gnuviechadmin:ldap_url') }}"
+GVALDAP_LDAP_USER="{{ salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_user') }}"
+GVALDAP_SECRETKEY="{{ salt['pillar.get']('gnuviechadmin:gvaldap:django_secret_key') }}"
+GVALDAP_SERVER_EMAIL="{{ salt['pillar.get']('gnuviechadmin:server_email') }}"

states/gnuviechadmin/gvaldap/create_base_ldap_objects.sh

@@ -3,10 +3,10 @@
 set -e
 
 {% set base_dn = salt['pillar.get']('gnuviechadmin:ldap_base_dn') %}
-{% set ldap_admin_user = salt['pillar.get']('gnuviechadmin:ldap_admin_user') %}
-{% set ldap_groups_ou = salt['pillar.get']('gnuviechadmin:ldap_groups_ou') %}
-{% set ldap_users_ou = salt['pillar.get']('gnuviechadmin:ldap_users_ou') %}
-{% set ldap_admin_password = salt['pillar.get']('gnuviechadmin:ldap_admin_password') %}
+{% set ldap_admin_user = salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_user') %}
+{% set ldap_admin_password = salt['pillar.get']('gnuviechadmin:gvaldap:ldap_admin_password') %}
+{% set ldap_groups_ou = salt['pillar.get']('gnuviechadmin:gvaldap:ldap_groups_ou') %}
+{% set ldap_users_ou = salt['pillar.get']('gnuviechadmin:gvaldap:ldap_users_ou') %}
 
 # setup password hashing for cleartext input
 ldapadd -v -H ldapi:// -Y EXTERNAL -f /etc/ldap/schema/ppolicy.ldif

states/gnuviechadmin/gvaweb.sls

@@ -1,4 +1,4 @@
-{% set gvaappname = salt['grains.get']('gnuviechadmin:appname') %}
+{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}
 {% set purpose = "for website configuration management" %}
 {% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
 include:
@@ -13,5 +13,8 @@ include:
     - user: root
     - group: root
     - source: salt://gnuviechadmin/{{ gvaappname }}/sudoers
+    - template: jinja
+    - context:
+        app_user: {{ salt['grains.get']('gnuviechadmin:user', gvaappname) }}
     - require:
       - pkg: sudo

states/gnuviechadmin/gvaweb/celery-worker.env

@@ -1,6 +1,5 @@
 GVAWEB_BROKER_URL="{{ broker_url }}"
-GVAWEB_RESULTS_REDIS_URL="{{ 'redis://:{}@{}/0'.format(salt['pillar.get']('gnviechadmin:redis_password'), salt['pillar.get']('gnuviechadmin:redis_host')) }}"
-GVAWEB_NGINX_SITES_AVAILABLE="{{ salt['pillar.get']('gnuviechadmin-gvaweb:nginx_sites_available', '/etc/nginx/sites-available') }}"
-GVAWEB_NGINX_SITES_ENABLED="{{ salt['pillar.get']('gnuviechadmin-gvaweb:nginx_sites_enabled', '/etc/nginx/sites-enabled') }}"
-GVAWEB_PHPFPM_POOL="{{ salt['pillar.get']('gnuviechadmin-gvaweb:phpfpm_pool', '/etc/php5/fpm/pool.d') }}"
-GVAWEB_WWWUSER_MOUNT="{{ salt['pillar.get']('gnuviechadmin-gvaweb:wwwuser_mount', '/srv/wwwfiles') }}"
+GVAWEB_RESULTS_REDIS_URL="{{ result_url }}"
+GVAWEB_NGINX_SITES_AVAILABLE="{{ salt['pillar.get']('gnuviechadmin:gvaweb:nginx_sites_available', '/etc/nginx/sites-available') }}"
+GVAWEB_NGINX_SITES_ENABLED="{{ salt['pillar.get']('gnuviechadmin:gvaweb:nginx_sites_enabled', '/etc/nginx/sites-enabled') }}"
+GVAWEB_WWWUSER_MOUNT="{{ salt['pillar.get']('gnuviechadmin:gvaweb:wwwuser_mount', '/srv/wwwfiles') }}"

states/gnuviechadmin/gvaweb/sudoers

@@ -1,3 +1,3 @@
 Cmnd_Alias GVAWEB_CMDS = /usr/bin/install, /bin/rm, /bin/ln, /bin/systemctl
 
-gvaweb  ALL = (root) NOPASSWD: GVAWEB_CMDS
+{{ app_user }}  ALL = (root) NOPASSWD: GVAWEB_CMDS

states/vagrant/bashrc

@@ -37,7 +37,7 @@ fi
 
 # set a fancy prompt (non-color, unless we know we "want" color)
 case "$TERM" in
-    xterm-color) color_prompt=yes;;
+    xterm-color|*-256color) color_prompt=yes;;
 esac
 
 # uncomment for a colored prompt, if the terminal has the capability; turned
@@ -111,7 +111,3 @@ if ! shopt -oq posix; then
     . /etc/bash_completion
   fi
 fi
-
-if [ -f ~/.bash_functions ]; then
-    . ~/.bash_functions
-fi