Jan Dittberner
2833b78c8a
- setup listener and pg_hba.conf for PostgreSQL server - add state code for gva - add macros for nginx and uwsgi with Python 3 support - add pillar data for gva
129 lines
4.5 KiB
Plaintext
129 lines
4.5 KiB
Plaintext
{% set gvaappname = salt['pillar.get']('gnuviechadmin:appname') %}
|
|
{% set app_home = salt['grains.get']('gnuviechadmin:home', '/home/{}'.format(gvaappname)) %}
|
|
{% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %}
|
|
{% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}
|
|
{% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}
|
|
|
|
{% set amqp_user = salt['pillar.get']('gnuviechadmin:{}:amqp_user'.format(gvaappname), gvaappname) -%}
|
|
{% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
|
|
{% set domainname = salt['pillar.get']('gnuviechadmin:{}:domainname'.format(gvaappname), 'service.localhost') %}
|
|
{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
|
|
{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
|
|
|
|
{% from 'gnuviechadmin/gvaapp_macros.sls' import gvaapp_base with context %}
|
|
include:
|
|
- base
|
|
- python.pipenv
|
|
- python.virtualenv
|
|
- uwsgi.python3
|
|
|
|
{{ gvaapp_base(gvaappname, 'uwsgi') }}
|
|
|
|
{{ gvaappname }}-dependencies:
|
|
pkg.installed:
|
|
- pkgs:
|
|
- libpq-dev
|
|
- require_in:
|
|
- cmd: {{ gvaappname }}-requirements
|
|
|
|
gettext:
|
|
pkg.installed
|
|
|
|
{{ checkout }}/.env:
|
|
file.managed:
|
|
- user: {{ app_user }}
|
|
- group: {{ app_group }}
|
|
- mode: 0640
|
|
- source: salt://gnuviechadmin/{{ gvaappname }}/env-vars
|
|
- template: jinja
|
|
- context:
|
|
gvaappname: {{ gvaappname }}
|
|
broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin:queues:users:{}:password'.format(amqp_user)) }}@{{ salt['pillar.get']('gnuviechadmin:amqp_host', 'mq') }}/{{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
|
|
result_url: redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0
|
|
- require:
|
|
- user: {{ gvaappname }}-user
|
|
- group: {{ gvaappname }}-group
|
|
- file: {{ checkout }}
|
|
|
|
{% for command in ['migrate --noinput', 'collectstatic --noinput', 'compilemessages'] %}
|
|
{{ gvaappname }}-manage-{{ command }}:
|
|
cmd.wait:
|
|
- name: /usr/local/bin/pipenv run python3 manage.py {{ command }}
|
|
- runas: {{ app_user }}
|
|
- cwd: {{ checkout }}/gnuviechadmin
|
|
- env:
|
|
- VIRTUAL_ENV: "{{ venv }}"
|
|
- LC_ALL: C.UTF-8
|
|
- LANG: C.UTF-8
|
|
- watch:
|
|
- cmd: {{ gvaappname }}-requirements
|
|
- file: {{ checkout }}/.env
|
|
{%- if update_git %}
|
|
- git: {{ gitrepo }}
|
|
{%- endif %}
|
|
{% endfor %}
|
|
|
|
/etc/uwsgi/apps-available/{{ gvaappname }}.ini:
|
|
file.managed:
|
|
- user: root
|
|
- group: {{ app_group }}
|
|
- mode: 0640
|
|
- source: salt://gnuviechadmin/{{ gvaappname }}/uwsgi.ini
|
|
- template: jinja
|
|
- context:
|
|
gvaappname: {{ gvaappname }}
|
|
broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin:queues:users:{}:password'.format(amqp_user)) }}@{{ salt['pillar.get']('gnuviechadmin:amqp_host', 'mq') }}/{{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
|
|
result_url: redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0
|
|
workdir: {{ checkout }}/gnuviechadmin
|
|
venv: {{ venv }}
|
|
- require:
|
|
- pkg: uwsgi
|
|
- require_in:
|
|
- service: uwsgi
|
|
- watch_in:
|
|
- service: uwsgi
|
|
|
|
/etc/uwsgi/apps-enabled/{{ gvaappname }}.ini:
|
|
file.symlink:
|
|
- target: /etc/uwsgi/apps-available/{{ gvaappname }}.ini
|
|
- require:
|
|
- file: /etc/uwsgi/apps-available/{{ gvaappname }}.ini
|
|
- require_in:
|
|
- service: uwsgi
|
|
|
|
{% set letsencrypt = salt['pillar.get']('gnuviechadmin:{}:letsencrypt'.format(gvaappname), False) %}
|
|
{% if not letsencrypt %}
|
|
python3-cryptography:
|
|
pkg.installed
|
|
|
|
{% from 'webserver/sslcert.macros.sls' import key_cert with context %}
|
|
{{ key_cert(domainname) }}
|
|
{% endif %}
|
|
|
|
/etc/nginx/sites-available/{{ domainname }}:
|
|
file.managed:
|
|
- user: root
|
|
- group: root
|
|
- mode: 0640
|
|
- source: salt://gnuviechadmin/{{ gvaappname }}/app.nginx
|
|
- template: jinja
|
|
- context:
|
|
domainname: {{ domainname }}
|
|
checkout: {{ checkout }}
|
|
letsencrypt: {{ letsencrypt }}
|
|
appname: {{ gvaappname }}
|
|
- require:
|
|
- pkg: nginx
|
|
- watch_in:
|
|
- service: nginx
|
|
|
|
/etc/nginx/sites-enabled/{{ domainname }}:
|
|
file.symlink:
|
|
- target: /etc/nginx/sites-available/{{ domainname }}
|
|
- require:
|
|
- file: /etc/nginx/sites-available/{{ domainname }}
|
|
- file: /etc/uwsgi/apps-enabled/{{ gvaappname }}.ini
|
|
- service: uwsgi
|
|
- watch_in:
|
|
- service: nginx
|