{% macro gvaapp_base(gvaappname, servicename) -%} include: - python.pipenv - python.virtualenv {% set app_home = salt['grains.get']('gnuviechadmin:home', '/home/{}'.format(gvaappname)) %} {% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %} {% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %} {% set venv = "{}/{}-venv".format(app_home, gvaappname) -%} {% set appfullname = 'GNUViech Admin {} User'.format(grains['gnuviechadmin']['fullname']) -%} {% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %} {% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%} {% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%} {% set deployment_key = '{}/.ssh/id_deployment'.format(app_home) -%} {{ gvaappname }}-group: group.present: - name: {{ app_group }} {{ gvaappname }}-user: user.present: - name: {{ app_user }} - home: {{ app_home }} - shell: /bin/bash - fullname: {{ appfullname }} - groups: - {{ app_group }} alias.present: - target: root gvabase-dependencies: pkg.installed: - name: build-essential {% if update_git %} {{ app_home }}/.ssh: file.directory: - user: {{ app_user }} - group: {{ app_group }} - mode: 0700 - require: - user: {{ gvaappname }}-user SSH Deployment Key: cmd.run: - name: ssh-keygen -t ed25519 -C "Deployment key for {{ gvaappname }}" -N "" -f {{ deployment_key }} - creates: {{ deployment_key }} - runas: {{ app_user }} - requires: - file: {{ app_home }}/.ssh - require_in: git: {{ gitrepo }} SSH known hosts configuration: file.managed: - name: {{ app_home }}/.ssh/known_hosts - user: {{ app_user }} - group: {{ app_group }} - mode: 0600 - contents_pillar: gnuviechadmin:ssh_known_hosts - require: - file: {{ app_home }}/.ssh - require_in: git: {{ gitrepo }} SSH configuration: file.managed: - name: {{ app_home }}/.ssh/config - user: {{ app_user }} - group: {{ app_group }} - mode: 0600 - source: salt://gnuviechadmin/ssh_deploy_config - template: jinja - context: key: {{ deployment_key }} - require: - file: {{ app_home }}/.ssh - require_in: git: {{ gitrepo }} {% endif %} {{ checkout }}: file.directory: - user: {{ app_user }} - group: {{ app_group }} - mode: 0755 - require: - user: {{ gvaappname }}-user {% if update_git %} {{ gitrepo }}: git.latest: - user: {{ app_user }} - target: {{ checkout }} - rev: {{ salt['pillar.get']('gnuviechadmin:{}:git_branch'.format(gvaappname), 'production') }} - require: - file: {{ checkout }} - watch_in: - cmd: {{ gvaappname }}-requirements - service: {{ servicename }} {% endif %} rm -rf {{ venv }}: cmd.run: - runas: {{ app_user }} - unless: test -f {{ venv }}/bin/python3 - require: - user: {{ gvaappname }}-user create-{{ gvaappname }}-venv: cmd.run: - name: python3 -m virtualenv --python=python3 {{ venv }} - runas: {{ app_user }} - unless: test -f {{ venv }}/bin/pip3 - require: - user: {{ gvaappname }}-user - python3-virtualenv-packages - watch_in: - cmd: update-{{ gvaappname }}-pip update-{{ gvaappname }}-pip: cmd.wait: - name: {{ venv }}/bin/python3 -m pip install -U pip - runas: {{ app_user }} - require: - user: {{ gvaappname }}-user {{ venv }}: file.directory: - user: {{ app_user }} - group: {{ app_group }} - require: - cmd: create-{{ gvaappname }}-venv - watch_in: - cmd: {{ gvaappname }}-requirements {{ gvaappname }}-requirements: cmd.wait: - name: /usr/local/bin/pipenv install --deploy - runas: {{ app_user }} - cwd: {{ checkout }} - env: - VIRTUAL_ENV: "{{ venv }}" - PIPENV_HIDE_EMOJIS: 1 - PIPENV_NOSPIN: 1 - PIPENV_COLORBLIND: 1 - LC_ALL: C.UTF-8 - LANG: C.UTF-8 - require: - cmd: install_pipenv - file: {{ venv }} {%- if update_git %} - git: {{ gitrepo }} {%- else %} - file: {{ checkout }} {%- endif %} - pkg: gvabase-dependencies - unless: test $(find {{ venv }} -type f -cnewer Pipfile.lock \! -name '*.pyc'|wc -l) -gt 0 - watch_in: - service: {{ servicename }} {% endmacro %} {% macro create_celery_worker(gvaappname, purpose) %} {% set app_home = salt['grains.get']('gnuviechadmin:home', '/home/{}'.format(gvaappname)) %} {% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %} {% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %} {% set venv = "{}/{}-venv".format(app_home, gvaappname) -%} {% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%} {% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%} {% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %} {% set servicename = gvaappname + "-celery-worker" %} {% set amqp_user = grains['gnuviechadmin']['amqpuser'] -%} {{ gvaapp_base(gvaappname, servicename ) }} /etc/default/{{ gvaappname }}: file.managed: - user: root - group: root - mode: 0640 - source: salt://gnuviechadmin/{{ gvaappname }}/celery-worker.env - template: jinja - context: virtualenv: {{ venv }} checkout: {{ checkout }} broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin-queues:users:' + amqp_user + ':password') }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }} - watch_in: - service: {{ servicename }} /etc/systemd/system/{{ servicename }}.service: file.managed: - user: root - group: root - mode: 0640 - source: salt://gnuviechadmin/celery-worker.service - template: jinja - context: virtualenv: {{ venv }} checkout: {{ checkout }} app_user: {{ app_user }} appname: {{ gvaappname }} celery_module: {{ salt['pillar.get']('gnuviechadmin:{}:celery_module'.format(gvaappname), gvaappname) }} amqpname: {{ amqp_user }} description: Gnuviechadmin celery worker {{ purpose|default(gvaappname) }} - watch_in: - service: {{ servicename }} {{ servicename }}: service.running: - enable: True - require: - file: {{ venv }} {%- if update_git %} - git: {{ gitrepo }} {%- else %} - file: {{ checkout }} {%- endif %} - file: /etc/systemd/system/{{ servicename }}.service - watch: - cmd: {{ gvaappname }}-requirements {%- if update_git %} - git: {{ gitrepo }} {%- endif %} {% endmacro %}