Setup gvafile using new mechanisms

This commit is contained in:
Jan Dittberner 2020-03-04 16:20:34 +01:00
parent 50cbea2abe
commit ed4e371ccb
6 changed files with 103 additions and 26 deletions

View file

@ -4,9 +4,15 @@ include:
- gnuviechadmin.queues.gvafile
gnuviechadmin:
component:
name: gvafile
appname: gvafile
gvafile:
amqp_user: file
sftp_directory: /home/www
mail_directory: /home/mail
sftp_authkeys_directory: /srv/sftp/authorized_keys
celery_module: fileservertasks
fullname: File Server
git_branch: master
git_url: https://git.dittberner.info/gnuviech/gvafile.git
mail_directory: /home/mail
web_directory: /home/www
sftp_authkeys_directory: /srv/sftp/authorized_keys
sftp_chroot: /srv/sftp
sftp_group: sftponly

View file

@ -1,3 +1,85 @@
{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}
{% set purpose = "for file server configuration management" %}
{% set mail_directory = salt['pillar.get']('gnuviechadmin:gvafile:mail_directory', '/home/mail') %}
{% set web_directory = salt['pillar.get']('gnuviechadmin:gvafile:web_directory', '/home/www') %}
{% set nfs_root = salt['pillar.get']('nfsserver:nfsroot', '/srv/nfs4') %}
{% set sftp_chroot = salt['pillar.get']('gnuviechadmin:gvafile:sftp_chroot', '/srv/sftp') %}
{% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
include:
- gnuviechadmin.base
- gnuviechadmin.celery
- base
- python.pipenv
- python.virtualenv
- nfsserver
{{ mail_directory }}:
file.directory:
- user: root
- group: root
- mode: 0751
{{ web_directory }}:
file.directory:
- user: root
- group: root
- mode: 0751
{{ sftp_chroot }}:
file.directory:
- user: root
- group: root
- mode: 0755
{{ sftp_chroot }}/home:
file.directory:
- user: root
- group: root
- mode: 0751
- require:
- file: {{ sftp_chroot }}
bind_mount_nfs_mail:
mount.fstab_present:
- name: {{ mail_directory }}
- fs_file: {{ nfs_root }}/mail
- fs_vfstype: none
- fs_mntops: bind
- require:
- file: {{ mail_directory }}
- file: {{ nfs_root }}/mail
- watch_in:
- service: nfs-kernel-server
bind_mount_nfs_web:
mount.fstab_present:
- name: {{ web_directory }}
- fs_file: {{ nfs_root }}/web
- fs_vfstype: none
- fs_mntops: bind
- require:
- file: {{ web_directory }}
- file: {{ nfs_root }}/web
- watch_in:
- service: nfs-kernel-server
bind_mount_sftp_chroot:
mount.fstab_present:
- name: {{ web_directory }}
- fs_file: {{ sftp_chroot }}/home
- fs_vfstype: none
- fs_mntops: bind
- require:
- file: {{ web_directory }}
- file: {{ sftp_chroot }}/home
{{ create_celery_worker(gvaappname, purpose) }}
/etc/sudoers.d/{{ gvaappname }}:
file.managed:
- user: root
- group: root
- source: salt://gnuviechadmin/{{ gvaappname }}/sudoers
- template: jinja
- context:
app_user: {{ salt['grains.get']('gnuviechadmin:user', gvaappname) }}
- require:
- pkg: sudo

View file

@ -0,0 +1,5 @@
GVAFILE_BROKER_URL="{{ broker_url }}"
GVAFILE_RESULTS_REDIS_URL="{{ result_url }}"
GVAFILE_SFTP_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:gvafile:web_directory') }}"
GVAFILE_MAIL_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:gvafile:mail_directory') }}"
GVAFILE_SFTP_AUTHKEYS_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:gvafile:sftp_authkeys_directory') }}"

View file

@ -1,12 +0,0 @@
#!/bin/sh
set -ex
. {{ home }}/gvasettings.sh
unset LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY \
LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT \
LC_IDENTIFICATION LC_ALL
cd {{ appdir }}
{{ virtualenv }}/bin/celery worker -A gvafile -Q file --loglevel=INFO

View file

@ -1,7 +0,0 @@
#!/bin/sh
export GVAFILE_BROKER_URL='{{ broker_url }}'
export GVAFILE_RESULTS_REDIS_URL="redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0"
export GVAFILE_SFTP_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:sftp_directory') }}"
export GVAFILE_MAIL_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:mail_directory') }}"
export GVAFILE_SFTP_AUTHKEYS_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:sftp_authkeys_directory') }}"

View file

@ -0,0 +1,3 @@
Cmnd_Alias GVAFILE_CMDS = /usr/bin/install, /usr/bin/setfacl, /bin/rm, /usr/sbin/setquota
{{ app_user }} ALL = (root) NOPASSWD: GVAFILE_CMDS