gvasalt/states/gnuviechadmin/gvaapp_macros.sls
Jan Dittberner 2833b78c8a Implement salt states for gva webinterface
- setup listener and pg_hba.conf for PostgreSQL server
- add state code for gva
- add macros for nginx and uwsgi with Python 3 support
- add pillar data for gva
2020-03-07 18:26:52 +01:00

238 lines
7.4 KiB
Text

{% macro gvaapp_base(gvaappname, servicename) -%}
{% set app_home = salt['grains.get']('gnuviechadmin:home', '/home/{}'.format(gvaappname)) %}
{% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %}
{% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}
{% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}
{% set appfullname = 'GNUViech Admin {} User'.format(salt['pillar.get']('gnuviechadmin:{}:fullname'.format(gvaappname))) -%}
{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
{% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
{% set deployment_key = '{}/.ssh/id_deployment'.format(app_home) -%}
{% for host in salt['pillar.get']('gnuviechadmin:machines', {}) %}
{% if host != salt['grains.get']('host') %}
{{ host }}:
host.present:
- ip: {{ salt['pillar.get']('gnuviechadmin:machines:{}:ip'.format(host)) }}
{% if salt['pillar.get']('gnuviechadmin:machines:{}:names'.format(host)) %}
- names:
{% for machine in salt['pillar.get']('gnuviechadmin:machines:{}:names'.format(host)) %}
- {{ machine }}
{% endfor %}
{% endif %}
{% endif %}
{% endfor %}
{{ gvaappname }}-group:
group.present:
- name: {{ app_group }}
{{ gvaappname }}-user:
user.present:
- name: {{ app_user }}
- home: {{ app_home }}
- shell: /bin/bash
- fullname: {{ appfullname }}
- groups:
- {{ app_group }}
- require:
- group: {{ gvaappname }}-group
alias.present:
- target: root
gvabase-dependencies:
pkg.installed:
- name: build-essential
{% if update_git %}
{{ app_home }}/.ssh:
file.directory:
- user: {{ app_user }}
- group: {{ app_group }}
- mode: 0700
- require:
- user: {{ gvaappname }}-user
SSH Deployment Key:
cmd.run:
- name: ssh-keygen -t ed25519 -C "Deployment key for {{ gvaappname }}" -N "" -f {{ deployment_key }}
- creates: {{ deployment_key }}
- runas: {{ app_user }}
- requires:
- file: {{ app_home }}/.ssh
- require_in:
- git: {{ gitrepo }}
SSH known hosts configuration:
file.managed:
- name: {{ app_home }}/.ssh/known_hosts
- user: {{ app_user }}
- group: {{ app_group }}
- mode: 0600
- contents_pillar: gnuviechadmin:ssh_known_hosts
- require:
- file: {{ app_home }}/.ssh
- require_in:
- git: {{ gitrepo }}
SSH configuration:
file.managed:
- name: {{ app_home }}/.ssh/config
- user: {{ app_user }}
- group: {{ app_group }}
- mode: 0600
- source: salt://gnuviechadmin/ssh_deploy_config
- template: jinja
- context:
key: {{ deployment_key }}
- require:
- file: {{ app_home }}/.ssh
- require_in:
- git: {{ gitrepo }}
{% endif %}
{{ checkout }}:
file.directory:
- user: {{ app_user }}
- group: {{ app_group }}
- mode: 0755
- require:
- user: {{ gvaappname }}-user
{% if update_git %}
{{ gitrepo }}:
git.latest:
- user: {{ app_user }}
- target: {{ checkout }}
- rev: {{ salt['pillar.get']('gnuviechadmin:{}:git_branch'.format(gvaappname), 'production') }}
- require:
- file: {{ checkout }}
- watch_in:
- cmd: {{ gvaappname }}-requirements
- service: {{ servicename }}
{% endif %}
rm -rf {{ venv }}:
cmd.run:
- runas: {{ app_user }}
- unless: test -f {{ venv }}/bin/python3
- require:
- user: {{ gvaappname }}-user
create-{{ gvaappname }}-venv:
cmd.run:
- name: python3 -m virtualenv --python=python3 {{ venv }}
- runas: {{ app_user }}
- unless: test -f {{ venv }}/bin/pip3
- require:
- user: {{ gvaappname }}-user
- python3-virtualenv-packages
- watch_in:
- cmd: update-{{ gvaappname }}-pip
update-{{ gvaappname }}-pip:
cmd.wait:
- name: {{ venv }}/bin/python3 -m pip install -U pip
- runas: {{ app_user }}
- require:
- user: {{ gvaappname }}-user
{{ venv }}:
file.directory:
- user: {{ app_user }}
- group: {{ app_group }}
- require:
- cmd: create-{{ gvaappname }}-venv
- watch_in:
- cmd: {{ gvaappname }}-requirements
{{ gvaappname }}-requirements:
cmd.wait:
- name: /usr/local/bin/pipenv install --deploy
- runas: {{ app_user }}
- cwd: {{ checkout }}
- env:
- VIRTUAL_ENV: "{{ venv }}"
- PIPENV_HIDE_EMOJIS: 1
- PIPENV_NOSPIN: 1
- PIPENV_COLORBLIND: 1
- LC_ALL: C.UTF-8
- LANG: C.UTF-8
- require:
- cmd: install_pipenv
- file: {{ venv }}
{%- if update_git %}
- git: {{ gitrepo }}
{%- else %}
- file: {{ checkout }}
{%- endif %}
- pkg: gvabase-dependencies
- unless: test $(find {{ venv }} -type f -cnewer Pipfile.lock \! -name '*.pyc'|wc -l) -gt 0
- watch_in:
- service: {{ servicename }}
{% endmacro %}
{% macro create_celery_worker(gvaappname, purpose) %}
{% set app_home = salt['grains.get']('gnuviechadmin:home', '/home/{}'.format(gvaappname)) %}
{% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %}
{% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}
{% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}
{% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
{% set servicename = "{}-celery-worker".format(gvaappname) %}
{% set amqp_user = salt['pillar.get']('gnuviechadmin:{}:amqp_user'.format(gvaappname)) -%}
{{ gvaapp_base(gvaappname, servicename) }}
/etc/default/{{ gvaappname }}:
file.managed:
- user: root
- group: root
- mode: 0640
- source: salt://gnuviechadmin/{{ gvaappname }}/celery-worker.env
- template: jinja
- context:
virtualenv: {{ venv }}
checkout: {{ checkout }}
broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin:queues:users:{}:password'.format(amqp_user)) }}@{{ salt['pillar.get']('gnuviechadmin:amqp_host', 'mq') }}/{{ salt['pillar.get']('gnuviechadmin:queues:vhost') }}
result_url: redis://:{{ salt['pillar.get']('gnuviechadmin:redis_password') }}@{{ salt['pillar.get']('gnuviechadmin:redis_host') }}/0
- watch_in:
- service: {{ servicename }}
/etc/systemd/system/{{ servicename }}.service:
file.managed:
- user: root
- group: {{ app_group }}
- mode: 0640
- source: salt://gnuviechadmin/celery-worker.service
- template: jinja
- context:
virtualenv: {{ venv }}
checkout: {{ checkout }}
app_user: {{ app_user }}
appname: {{ gvaappname }}
celery_module: {{ salt['pillar.get']('gnuviechadmin:{}:celery_module'.format(gvaappname), gvaappname) }}
amqpname: {{ amqp_user }}
description: Gnuviechadmin celery worker {{ purpose|default(gvaappname) }}
- watch_in:
- service: {{ servicename }}
{{ servicename }}:
service.running:
- enable: True
- require:
- file: {{ venv }}
{%- if update_git %}
- git: {{ gitrepo }}
{%- else %}
- file: {{ checkout }}
{%- endif %}
- file: /etc/systemd/system/{{ servicename }}.service
- watch:
- cmd: {{ gvaappname }}-requirements
{%- if update_git %}
- git: {{ gitrepo }}
{%- endif %}
{% endmacro %}