Commit graph

37 commits

Author SHA1 Message Date
b90230997c Protect /etc/salt/grains
Make sure that the permissions of /etc/salt/grains only allow access for the
root user.
2016-09-25 17:27:42 +02:00
cf6dd52186 Unset locale variables for celery worker launch
Celery has problems when non-ASCII characters are included in log messages
(i.e. from called system commands). Therefore environment variables that
influence the locale setting are reset before running the celery worker.
2016-09-25 16:35:04 +02:00
06d63c111b Use correct directory for /srv/sftp/home 2016-09-25 16:31:28 +02:00
231976d1dc Make fileserver setup deterministic
Create the home directories before trying to bind mount them to /srv/nfs4
subdirectories. Remove unneeded acl parameter that lead to rewrites of
/etc/fstab for every salt run.
2016-09-25 13:50:53 +02:00
91ed2ae12c Ignore PyCharm files 2016-09-25 01:10:45 +02:00
ef7fbd0afd Use cmd with runas parameter
Replace the deprecated user and group parameters with runas to fix
deprecation warnings.
2016-09-24 23:53:49 +02:00
95b2e521eb Setup backports and ensure python-cryptography
Make sure that the jessie-backports repository is available and that the
python-cryptography package from that repository is used.
2016-09-24 23:52:37 +02:00
ae4389759d Add python-cryptography from backports
This commit makes sure that a recent enough python-cryptography version
is installed before the first salt highstate run.
2016-09-24 23:50:52 +02:00
b72b6c960d Add fileserver and ldapclient sls 2016-09-24 21:51:59 +02:00
1cf93b8f30 Port rsa_key and x509_certificate to cryptography 2016-09-24 21:51:02 +02:00
56fc0d65b8 Add needed keys for the gvafile settings 2016-02-07 23:03:20 +01:00
9101abcefd Add libjpeg-dev to webinterfaces states
The documentation build uses sphinxcontrib-blockdiag to build block
diagrams. The pillow package needed by this packaged requires
libjpeg-dev for compilation.
2016-02-07 23:01:48 +01:00
7ec29b9ce2 Make gvafile deployment work
This commit refactors to gnuviechadmin.base state by moving the Django
specific parts into gnuviechadmin.django that is now used by
gnuviechadmin.gvaldap and gnuviechadmin.webinterface. The script
templates gnuviechadmin/gvafile/run_celery.sh and
gnuviechadmin/gvafile/settings.sh have been added.
2016-02-06 14:23:05 +01:00
1bb9742751 Setup initial gvafile pillar and state data 2016-02-06 13:54:57 +01:00
3fd146215f Rename roots to states
This commit renames the roots directory to states because it contains
salt states.
2016-01-31 21:16:14 +01:00
cade234963 Switch result backend to redis
The AMQP result backend proved as impractical, this commit switches to
redis instead. The redis server is setup on the webinterface host but
can be configured on another host.
2016-01-31 21:15:35 +01:00
199df8228b Rename bootstrap.sh to bootstrap.sh.tmpl
bootstrap.sh came from the gva project and is only a template now. This
template can be used for other components.
2016-01-31 21:12:49 +01:00
b5e28bf507 Switch result backend to redis
The AMQP result backend proved as impractical, this commit switches to
redis instead. The redis server is setup on the webinterface host but
can be configured on another host.
2016-01-31 21:08:32 +01:00
e582e4a6c4 Move host information to pillar data 2016-01-31 21:08:32 +01:00
2ff2a8174c Synchronize salt configuration with gvaldap 2016-01-31 21:08:32 +01:00
e8da0baf70 Use separate AMQP vhost for tests 2016-01-31 21:08:32 +01:00
8396a0788d Improve salt setup
This commit improves the salt setup of the Vagrant box:
- Salt output is reduced to log level warning
- Hosts entries are created for the internal IPs of all planned gva
  component VMs
- .bashrc and a .bash_functions sourced from it are now managed for the
  vagrant user
- the VM name has been changed to gva.local
- recent salt versions do not depend on m2crypto anymore, therefore it
  is now installed before x509certificate functions are called
- the rabbitmq_vhost for gva is now setup before any users are created
  because the previous implementation was broken with recent salt
  versions
- the gnuviechadmin-locale-data-compile step has been simplified because
  Django 1.9's compilemessages takes care of recursive .mo file
  compilation
- pillar data has been separated by role (especially queue permissions
  and credentials)
- salt configuration is now unified with gvaldap
2016-01-31 21:08:32 +01:00
6fa4662bfd Update system during provisioning 2016-01-31 21:08:32 +01:00
4f1d14dcc6 Set vim as default editor
Use the alternatives system to set vim as default editor.
2016-01-31 21:08:32 +01:00
2d3934c082 enable line numbers in vim 2016-01-31 21:08:32 +01:00
ef7a8dfccf add host alias mq 2016-01-31 21:08:32 +01:00
a03137c8a2 setup vimrc file for vagrant user 2016-01-31 21:08:32 +01:00
fedd0b95f2 enable rabbitmq management and add admin permissions
- allow database creation for gnuviechadmin user in local deployments to
  allow test runs
- set administrator tag for gnuviechadmin user in rabbitmq
- add all permissions on gnuviechadmin vhost to gnuviechadmin user
- enable rabbitmq management plugin
2016-01-31 21:08:32 +01:00
6c9caec8d6 make settings configurable via pillar, default to local 2016-01-31 21:08:32 +01:00
a6e795684f fix locale compilation, use variables for paths
- install gettext
- define and use variables checkout, home and appdir
2016-01-31 21:08:32 +01:00
f5f373ec76 manage screenrc and set hostname in vagrant box 2016-01-31 21:08:32 +01:00
1ae6c1e855 finish vagrant configuration
- ignore collected assets
- setup virtualenv and environment variables
- import additional salt state modules
2016-01-31 21:08:32 +01:00
f5945b9849 add PostgreSQL database and message queues to vagrant box 2016-01-31 21:08:32 +01:00
f111fcc090 setup default nginx ssl/security configuration for vagrant 2016-01-31 21:08:32 +01:00
da472f9009 setup vagrant box roles and nginx package 2016-01-31 21:08:32 +01:00
724a4a9823 setup salt provisioning for vagrant 2016-01-31 21:08:32 +01:00
addc6e9241 Initial commit 2016-01-31 21:07:44 +01:00