Setup gvafile using new mechanisms
This commit is contained in:
parent
50cbea2abe
commit
ed4e371ccb
6 changed files with 103 additions and 26 deletions
|
|
@ -4,9 +4,15 @@ include:
|
||||||
- gnuviechadmin.queues.gvafile
|
- gnuviechadmin.queues.gvafile
|
||||||
|
|
||||||
gnuviechadmin:
|
gnuviechadmin:
|
||||||
component:
|
appname: gvafile
|
||||||
name: gvafile
|
gvafile:
|
||||||
amqp_user: file
|
amqp_user: file
|
||||||
sftp_directory: /home/www
|
celery_module: fileservertasks
|
||||||
|
fullname: File Server
|
||||||
|
git_branch: master
|
||||||
|
git_url: https://git.dittberner.info/gnuviech/gvafile.git
|
||||||
mail_directory: /home/mail
|
mail_directory: /home/mail
|
||||||
|
web_directory: /home/www
|
||||||
sftp_authkeys_directory: /srv/sftp/authorized_keys
|
sftp_authkeys_directory: /srv/sftp/authorized_keys
|
||||||
|
sftp_chroot: /srv/sftp
|
||||||
|
sftp_group: sftponly
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,85 @@
|
||||||
|
{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}
|
||||||
|
{% set purpose = "for file server configuration management" %}
|
||||||
|
{% set mail_directory = salt['pillar.get']('gnuviechadmin:gvafile:mail_directory', '/home/mail') %}
|
||||||
|
{% set web_directory = salt['pillar.get']('gnuviechadmin:gvafile:web_directory', '/home/www') %}
|
||||||
|
{% set nfs_root = salt['pillar.get']('nfsserver:nfsroot', '/srv/nfs4') %}
|
||||||
|
{% set sftp_chroot = salt['pillar.get']('gnuviechadmin:gvafile:sftp_chroot', '/srv/sftp') %}
|
||||||
|
{% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
|
||||||
include:
|
include:
|
||||||
- gnuviechadmin.base
|
- base
|
||||||
- gnuviechadmin.celery
|
- python.pipenv
|
||||||
|
- python.virtualenv
|
||||||
|
- nfsserver
|
||||||
|
|
||||||
|
{{ mail_directory }}:
|
||||||
|
file.directory:
|
||||||
|
- user: root
|
||||||
|
- group: root
|
||||||
|
- mode: 0751
|
||||||
|
|
||||||
|
{{ web_directory }}:
|
||||||
|
file.directory:
|
||||||
|
- user: root
|
||||||
|
- group: root
|
||||||
|
- mode: 0751
|
||||||
|
|
||||||
|
{{ sftp_chroot }}:
|
||||||
|
file.directory:
|
||||||
|
- user: root
|
||||||
|
- group: root
|
||||||
|
- mode: 0755
|
||||||
|
|
||||||
|
{{ sftp_chroot }}/home:
|
||||||
|
file.directory:
|
||||||
|
- user: root
|
||||||
|
- group: root
|
||||||
|
- mode: 0751
|
||||||
|
- require:
|
||||||
|
- file: {{ sftp_chroot }}
|
||||||
|
|
||||||
|
bind_mount_nfs_mail:
|
||||||
|
mount.fstab_present:
|
||||||
|
- name: {{ mail_directory }}
|
||||||
|
- fs_file: {{ nfs_root }}/mail
|
||||||
|
- fs_vfstype: none
|
||||||
|
- fs_mntops: bind
|
||||||
|
- require:
|
||||||
|
- file: {{ mail_directory }}
|
||||||
|
- file: {{ nfs_root }}/mail
|
||||||
|
- watch_in:
|
||||||
|
- service: nfs-kernel-server
|
||||||
|
|
||||||
|
bind_mount_nfs_web:
|
||||||
|
mount.fstab_present:
|
||||||
|
- name: {{ web_directory }}
|
||||||
|
- fs_file: {{ nfs_root }}/web
|
||||||
|
- fs_vfstype: none
|
||||||
|
- fs_mntops: bind
|
||||||
|
- require:
|
||||||
|
- file: {{ web_directory }}
|
||||||
|
- file: {{ nfs_root }}/web
|
||||||
|
- watch_in:
|
||||||
|
- service: nfs-kernel-server
|
||||||
|
|
||||||
|
bind_mount_sftp_chroot:
|
||||||
|
mount.fstab_present:
|
||||||
|
- name: {{ web_directory }}
|
||||||
|
- fs_file: {{ sftp_chroot }}/home
|
||||||
|
- fs_vfstype: none
|
||||||
|
- fs_mntops: bind
|
||||||
|
- require:
|
||||||
|
- file: {{ web_directory }}
|
||||||
|
- file: {{ sftp_chroot }}/home
|
||||||
|
|
||||||
|
{{ create_celery_worker(gvaappname, purpose) }}
|
||||||
|
|
||||||
|
/etc/sudoers.d/{{ gvaappname }}:
|
||||||
|
file.managed:
|
||||||
|
- user: root
|
||||||
|
- group: root
|
||||||
|
- source: salt://gnuviechadmin/{{ gvaappname }}/sudoers
|
||||||
|
- template: jinja
|
||||||
|
- context:
|
||||||
|
app_user: {{ salt['grains.get']('gnuviechadmin:user', gvaappname) }}
|
||||||
|
- require:
|
||||||
|
- pkg: sudo
|
||||||
|
|
|
||||||
5
states/gnuviechadmin/gvafile/celery-worker.env
Normal file
5
states/gnuviechadmin/gvafile/celery-worker.env
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
GVAFILE_BROKER_URL="{{ broker_url }}"
|
||||||
|
GVAFILE_RESULTS_REDIS_URL="{{ result_url }}"
|
||||||
|
GVAFILE_SFTP_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:gvafile:web_directory') }}"
|
||||||
|
GVAFILE_MAIL_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:gvafile:mail_directory') }}"
|
||||||
|
GVAFILE_SFTP_AUTHKEYS_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:gvafile:sftp_authkeys_directory') }}"
|
||||||
|
|
@ -1,12 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
. {{ home }}/gvasettings.sh
|
|
||||||
|
|
||||||
unset LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY \
|
|
||||||
LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT \
|
|
||||||
LC_IDENTIFICATION LC_ALL
|
|
||||||
|
|
||||||
cd {{ appdir }}
|
|
||||||
{{ virtualenv }}/bin/celery worker -A gvafile -Q file --loglevel=INFO
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
export GVAFILE_BROKER_URL='{{ broker_url }}'
|
|
||||||
export GVAFILE_RESULTS_REDIS_URL="redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0"
|
|
||||||
export GVAFILE_SFTP_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:sftp_directory') }}"
|
|
||||||
export GVAFILE_MAIL_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:mail_directory') }}"
|
|
||||||
export GVAFILE_SFTP_AUTHKEYS_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:sftp_authkeys_directory') }}"
|
|
||||||
3
states/gnuviechadmin/gvafile/sudoers
Normal file
3
states/gnuviechadmin/gvafile/sudoers
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
Cmnd_Alias GVAFILE_CMDS = /usr/bin/install, /usr/bin/setfacl, /bin/rm, /usr/sbin/setquota
|
||||||
|
|
||||||
|
{{ app_user }} ALL = (root) NOPASSWD: GVAFILE_CMDS
|
||||||
Loading…
Reference in a new issue