Setup gvafile using new mechanisms
This commit is contained in:
parent
50cbea2abe
commit
ed4e371ccb
6 changed files with 103 additions and 26 deletions
|
@ -4,9 +4,15 @@ include:
|
|||
- gnuviechadmin.queues.gvafile
|
||||
|
||||
gnuviechadmin:
|
||||
component:
|
||||
name: gvafile
|
||||
appname: gvafile
|
||||
gvafile:
|
||||
amqp_user: file
|
||||
sftp_directory: /home/www
|
||||
celery_module: fileservertasks
|
||||
fullname: File Server
|
||||
git_branch: master
|
||||
git_url: https://git.dittberner.info/gnuviech/gvafile.git
|
||||
mail_directory: /home/mail
|
||||
web_directory: /home/www
|
||||
sftp_authkeys_directory: /srv/sftp/authorized_keys
|
||||
sftp_chroot: /srv/sftp
|
||||
sftp_group: sftponly
|
||||
|
|
|
@ -1,3 +1,85 @@
|
|||
{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}
|
||||
{% set purpose = "for file server configuration management" %}
|
||||
{% set mail_directory = salt['pillar.get']('gnuviechadmin:gvafile:mail_directory', '/home/mail') %}
|
||||
{% set web_directory = salt['pillar.get']('gnuviechadmin:gvafile:web_directory', '/home/www') %}
|
||||
{% set nfs_root = salt['pillar.get']('nfsserver:nfsroot', '/srv/nfs4') %}
|
||||
{% set sftp_chroot = salt['pillar.get']('gnuviechadmin:gvafile:sftp_chroot', '/srv/sftp') %}
|
||||
{% from 'gnuviechadmin/gvaapp_macros.sls' import create_celery_worker with context %}
|
||||
include:
|
||||
- gnuviechadmin.base
|
||||
- gnuviechadmin.celery
|
||||
- base
|
||||
- python.pipenv
|
||||
- python.virtualenv
|
||||
- nfsserver
|
||||
|
||||
{{ mail_directory }}:
|
||||
file.directory:
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 0751
|
||||
|
||||
{{ web_directory }}:
|
||||
file.directory:
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 0751
|
||||
|
||||
{{ sftp_chroot }}:
|
||||
file.directory:
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 0755
|
||||
|
||||
{{ sftp_chroot }}/home:
|
||||
file.directory:
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 0751
|
||||
- require:
|
||||
- file: {{ sftp_chroot }}
|
||||
|
||||
bind_mount_nfs_mail:
|
||||
mount.fstab_present:
|
||||
- name: {{ mail_directory }}
|
||||
- fs_file: {{ nfs_root }}/mail
|
||||
- fs_vfstype: none
|
||||
- fs_mntops: bind
|
||||
- require:
|
||||
- file: {{ mail_directory }}
|
||||
- file: {{ nfs_root }}/mail
|
||||
- watch_in:
|
||||
- service: nfs-kernel-server
|
||||
|
||||
bind_mount_nfs_web:
|
||||
mount.fstab_present:
|
||||
- name: {{ web_directory }}
|
||||
- fs_file: {{ nfs_root }}/web
|
||||
- fs_vfstype: none
|
||||
- fs_mntops: bind
|
||||
- require:
|
||||
- file: {{ web_directory }}
|
||||
- file: {{ nfs_root }}/web
|
||||
- watch_in:
|
||||
- service: nfs-kernel-server
|
||||
|
||||
bind_mount_sftp_chroot:
|
||||
mount.fstab_present:
|
||||
- name: {{ web_directory }}
|
||||
- fs_file: {{ sftp_chroot }}/home
|
||||
- fs_vfstype: none
|
||||
- fs_mntops: bind
|
||||
- require:
|
||||
- file: {{ web_directory }}
|
||||
- file: {{ sftp_chroot }}/home
|
||||
|
||||
{{ create_celery_worker(gvaappname, purpose) }}
|
||||
|
||||
/etc/sudoers.d/{{ gvaappname }}:
|
||||
file.managed:
|
||||
- user: root
|
||||
- group: root
|
||||
- source: salt://gnuviechadmin/{{ gvaappname }}/sudoers
|
||||
- template: jinja
|
||||
- context:
|
||||
app_user: {{ salt['grains.get']('gnuviechadmin:user', gvaappname) }}
|
||||
- require:
|
||||
- pkg: sudo
|
||||
|
|
5
states/gnuviechadmin/gvafile/celery-worker.env
Normal file
5
states/gnuviechadmin/gvafile/celery-worker.env
Normal file
|
@ -0,0 +1,5 @@
|
|||
GVAFILE_BROKER_URL="{{ broker_url }}"
|
||||
GVAFILE_RESULTS_REDIS_URL="{{ result_url }}"
|
||||
GVAFILE_SFTP_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:gvafile:web_directory') }}"
|
||||
GVAFILE_MAIL_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:gvafile:mail_directory') }}"
|
||||
GVAFILE_SFTP_AUTHKEYS_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:gvafile:sftp_authkeys_directory') }}"
|
|
@ -1,12 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -ex
|
||||
|
||||
. {{ home }}/gvasettings.sh
|
||||
|
||||
unset LANG LANGUAGE LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY \
|
||||
LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT \
|
||||
LC_IDENTIFICATION LC_ALL
|
||||
|
||||
cd {{ appdir }}
|
||||
{{ virtualenv }}/bin/celery worker -A gvafile -Q file --loglevel=INFO
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
export GVAFILE_BROKER_URL='{{ broker_url }}'
|
||||
export GVAFILE_RESULTS_REDIS_URL="redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0"
|
||||
export GVAFILE_SFTP_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:sftp_directory') }}"
|
||||
export GVAFILE_MAIL_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:mail_directory') }}"
|
||||
export GVAFILE_SFTP_AUTHKEYS_DIRECTORY="{{ salt['pillar.get']('gnuviechadmin:sftp_authkeys_directory') }}"
|
3
states/gnuviechadmin/gvafile/sudoers
Normal file
3
states/gnuviechadmin/gvafile/sudoers
Normal file
|
@ -0,0 +1,3 @@
|
|||
Cmnd_Alias GVAFILE_CMDS = /usr/bin/install, /usr/bin/setfacl, /bin/rm, /usr/sbin/setquota
|
||||
|
||||
{{ app_user }} ALL = (root) NOPASSWD: GVAFILE_CMDS
|
Loading…
Reference in a new issue