Commit graph

64 commits

Author SHA1 Message Date
18f0061ee4 Make gva run with Poetry and logging 2023-05-06 14:42:50 +02:00
3ab7cc2e4c Sort env files to allow easier merges 2020-04-10 13:48:25 +02:00
078fa1dbff Sort variables to simplify merges 2020-04-10 11:58:56 +02:00
fa6878e481 Sort keys in pillar files for easier merging 2020-04-10 10:44:37 +02:00
c033201caf Sort queue user names 2020-04-05 20:36:47 +02:00
4a5beef868 Remove obsolete gnuviechadmin.webinterface 2020-04-05 20:36:28 +02:00
44c9dac77d Build DN for ldap admin user
This commit makes sure to use a proper distinguished name (DN) for the ldap
user used for LDAP modifications.
2020-04-04 15:02:45 +02:00
f5be5b7e0f Ensure that the acl package is installed
The acl package is required for running setfacl. This commit ensures that
the package is installed on NFS servers.
2020-04-04 14:48:40 +02:00
2833b78c8a Implement salt states for gva webinterface
- setup listener and pg_hba.conf for PostgreSQL server
- add state code for gva
- add macros for nginx and uwsgi with Python 3 support
- add pillar data for gva
2020-03-07 18:26:52 +01:00
7e246ec1a0 Add MySQL patch for bug in Salt version 3000 2020-03-04 20:54:45 +01:00
288acee379 Python 3 compatibility for custom states 2020-03-04 19:33:23 +01:00
bcb92e483d Setup gvamysql using new mechanisms 2020-03-04 19:32:22 +01:00
3b48b4a455 Setup gvapgsql using new mechanisms 2020-03-04 17:48:06 +01:00
ed4e371ccb Setup gvafile using new mechanisms 2020-03-04 17:48:01 +01:00
50cbea2abe Add state for NFS server 2020-03-04 16:20:20 +01:00
9e50cc7a7f Merge line from upstream redis configuration 2020-03-04 16:19:15 +01:00
040a75d997 Use hostname for ldap and mq 2020-03-04 15:08:38 +01:00
a3dd83f4da Setup redis and rabbitmq, fix gvaldap and gvaweb
This commit takes care of making rabbitmq and redis work on a messaging
server. The configuration of gvaldap and gvaweb has been adapted to make
both applications work with actual running rabbitmq and redis.
2020-03-04 15:02:58 +01:00
dd43bd4b31 Move some of the gvaldap and gvaweb data to pillars 2020-03-04 14:03:35 +01:00
2da305fb5f Update salt state for gvaweb
This commit improves the gvaweb celery worker setup based on the work
that has been done for gvaldap before. Old files have been removed and
the setup uses the macros from gnuviechadmin/gvaapp_macros.sls.
2020-03-04 00:49:58 +01:00
7381b5bfd8 Implement proper provisioning for gvaldap
- merge improvements from the internal saltstack repository
- define dummy secrets in the pillars
- use systemd to setup the gvaldap celery worker
2020-03-04 00:10:16 +01:00
8d78388915 Remove unused bootstrap.sh.tmpl 2020-03-03 22:15:27 +01:00
738107b523 Streamline base state extract vagrant specifics
- manage all wanted apt repositories
- move vagrant specific stuff to vagrant state
- use better password for slapd
2020-03-03 17:24:56 +01:00
c4dcf12a0a Move webserver configuration to nginx state 2017-08-20 13:56:10 +02:00
9a557fa69f Add salt state and pillar data for gvaweb 2017-08-20 13:34:17 +02:00
87d2af1a8a Add salt states for gvapgsql 2017-08-20 12:55:04 +02:00
f08deff9b5 Add Vagrant and salt automation for gvamysql 2016-09-25 17:29:52 +02:00
b90230997c Protect /etc/salt/grains
Make sure that the permissions of /etc/salt/grains only allow access for the
root user.
2016-09-25 17:27:42 +02:00
cf6dd52186 Unset locale variables for celery worker launch
Celery has problems when non-ASCII characters are included in log messages
(i.e. from called system commands). Therefore environment variables that
influence the locale setting are reset before running the celery worker.
2016-09-25 16:35:04 +02:00
06d63c111b Use correct directory for /srv/sftp/home 2016-09-25 16:31:28 +02:00
231976d1dc Make fileserver setup deterministic
Create the home directories before trying to bind mount them to /srv/nfs4
subdirectories. Remove unneeded acl parameter that lead to rewrites of
/etc/fstab for every salt run.
2016-09-25 13:50:53 +02:00
91ed2ae12c Ignore PyCharm files 2016-09-25 01:10:45 +02:00
ef7fbd0afd Use cmd with runas parameter
Replace the deprecated user and group parameters with runas to fix
deprecation warnings.
2016-09-24 23:53:49 +02:00
95b2e521eb Setup backports and ensure python-cryptography
Make sure that the jessie-backports repository is available and that the
python-cryptography package from that repository is used.
2016-09-24 23:52:37 +02:00
ae4389759d Add python-cryptography from backports
This commit makes sure that a recent enough python-cryptography version
is installed before the first salt highstate run.
2016-09-24 23:50:52 +02:00
b72b6c960d Add fileserver and ldapclient sls 2016-09-24 21:51:59 +02:00
1cf93b8f30 Port rsa_key and x509_certificate to cryptography 2016-09-24 21:51:02 +02:00
56fc0d65b8 Add needed keys for the gvafile settings 2016-02-07 23:03:20 +01:00
9101abcefd Add libjpeg-dev to webinterfaces states
The documentation build uses sphinxcontrib-blockdiag to build block
diagrams. The pillow package needed by this packaged requires
libjpeg-dev for compilation.
2016-02-07 23:01:48 +01:00
7ec29b9ce2 Make gvafile deployment work
This commit refactors to gnuviechadmin.base state by moving the Django
specific parts into gnuviechadmin.django that is now used by
gnuviechadmin.gvaldap and gnuviechadmin.webinterface. The script
templates gnuviechadmin/gvafile/run_celery.sh and
gnuviechadmin/gvafile/settings.sh have been added.
2016-02-06 14:23:05 +01:00
1bb9742751 Setup initial gvafile pillar and state data 2016-02-06 13:54:57 +01:00
3fd146215f Rename roots to states
This commit renames the roots directory to states because it contains
salt states.
2016-01-31 21:16:14 +01:00
cade234963 Switch result backend to redis
The AMQP result backend proved as impractical, this commit switches to
redis instead. The redis server is setup on the webinterface host but
can be configured on another host.
2016-01-31 21:15:35 +01:00
199df8228b Rename bootstrap.sh to bootstrap.sh.tmpl
bootstrap.sh came from the gva project and is only a template now. This
template can be used for other components.
2016-01-31 21:12:49 +01:00
b5e28bf507 Switch result backend to redis
The AMQP result backend proved as impractical, this commit switches to
redis instead. The redis server is setup on the webinterface host but
can be configured on another host.
2016-01-31 21:08:32 +01:00
e582e4a6c4 Move host information to pillar data 2016-01-31 21:08:32 +01:00
2ff2a8174c Synchronize salt configuration with gvaldap 2016-01-31 21:08:32 +01:00
e8da0baf70 Use separate AMQP vhost for tests 2016-01-31 21:08:32 +01:00
8396a0788d Improve salt setup
This commit improves the salt setup of the Vagrant box:
- Salt output is reduced to log level warning
- Hosts entries are created for the internal IPs of all planned gva
  component VMs
- .bashrc and a .bash_functions sourced from it are now managed for the
  vagrant user
- the VM name has been changed to gva.local
- recent salt versions do not depend on m2crypto anymore, therefore it
  is now installed before x509certificate functions are called
- the rabbitmq_vhost for gva is now setup before any users are created
  because the previous implementation was broken with recent salt
  versions
- the gnuviechadmin-locale-data-compile step has been simplified because
  Django 1.9's compilemessages takes care of recursive .mo file
  compilation
- pillar data has been separated by role (especially queue permissions
  and credentials)
- salt configuration is now unified with gvaldap
2016-01-31 21:08:32 +01:00
6fa4662bfd Update system during provisioning 2016-01-31 21:08:32 +01:00