gvasalt/states/gnuviechadmin/gvaapp_macros.sls
Jan Dittberner 2da305fb5f Update salt state for gvaweb
This commit improves the gvaweb celery worker setup based on the work
that has been done for gvaldap before. Old files have been removed and
the setup uses the macros from gnuviechadmin/gvaapp_macros.sls.
2020-03-04 00:49:58 +01:00

221 lines
6.6 KiB
Text

{% macro gvaapp_base(gvaappname, servicename) -%}
{% set app_home = salt['grains.get']('gnuviechadmin:home', '/home/{}'.format(gvaappname)) %}
{% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %}
{% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}
{% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}
{% set appfullname = 'GNUViech Admin {} User'.format(grains['gnuviechadmin']['fullname']) -%}
{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
{% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
{% set deployment_key = '{}/.ssh/id_deployment'.format(app_home) -%}
{{ gvaappname }}-group:
group.present:
- name: {{ app_group }}
{{ gvaappname }}-user:
user.present:
- name: {{ app_user }}
- home: {{ app_home }}
- shell: /bin/bash
- fullname: {{ appfullname }}
- groups:
- {{ app_group }}
alias.present:
- target: root
gvabase-dependencies:
pkg.installed:
- name: build-essential
{% if update_git %}
{{ app_home }}/.ssh:
file.directory:
- user: {{ app_user }}
- group: {{ app_group }}
- mode: 0700
- require:
- user: {{ gvaappname }}-user
SSH Deployment Key:
cmd.run:
- name: ssh-keygen -t ed25519 -C "Deployment key for {{ gvaappname }}" -N "" -f {{ deployment_key }}
- creates: {{ deployment_key }}
- runas: {{ app_user }}
- requires:
- file: {{ app_home }}/.ssh
- require_in:
git: {{ gitrepo }}
SSH known hosts configuration:
file.managed:
- name: {{ app_home }}/.ssh/known_hosts
- user: {{ app_user }}
- group: {{ app_group }}
- mode: 0600
- contents_pillar: gnuviechadmin:ssh_known_hosts
- require:
- file: {{ app_home }}/.ssh
- require_in:
git: {{ gitrepo }}
SSH configuration:
file.managed:
- name: {{ app_home }}/.ssh/config
- user: {{ app_user }}
- group: {{ app_group }}
- mode: 0600
- source: salt://gnuviechadmin/ssh_deploy_config
- template: jinja
- context:
key: {{ deployment_key }}
- require:
- file: {{ app_home }}/.ssh
- require_in:
git: {{ gitrepo }}
{% endif %}
{{ checkout }}:
file.directory:
- user: {{ app_user }}
- group: {{ app_group }}
- mode: 0755
- require:
- user: {{ gvaappname }}-user
{% if update_git %}
{{ gitrepo }}:
git.latest:
- user: {{ app_user }}
- target: {{ checkout }}
- rev: {{ salt['pillar.get']('gnuviechadmin:{}:git_branch'.format(gvaappname), 'production') }}
- require:
- file: {{ checkout }}
- watch_in:
- cmd: {{ gvaappname }}-requirements
- service: {{ servicename }}
{% endif %}
rm -rf {{ venv }}:
cmd.run:
- runas: {{ app_user }}
- unless: test -f {{ venv }}/bin/python3
- require:
- user: {{ gvaappname }}-user
create-{{ gvaappname }}-venv:
cmd.run:
- name: python3 -m virtualenv --python=python3 {{ venv }}
- runas: {{ app_user }}
- unless: test -f {{ venv }}/bin/pip3
- require:
- user: {{ gvaappname }}-user
- python3-virtualenv-packages
- watch_in:
- cmd: update-{{ gvaappname }}-pip
update-{{ gvaappname }}-pip:
cmd.wait:
- name: {{ venv }}/bin/python3 -m pip install -U pip
- runas: {{ app_user }}
- require:
- user: {{ gvaappname }}-user
{{ venv }}:
file.directory:
- user: {{ app_user }}
- group: {{ app_group }}
- require:
- cmd: create-{{ gvaappname }}-venv
- watch_in:
- cmd: {{ gvaappname }}-requirements
{{ gvaappname }}-requirements:
cmd.wait:
- name: /usr/local/bin/pipenv install --deploy
- runas: {{ app_user }}
- cwd: {{ checkout }}
- env:
- VIRTUAL_ENV: "{{ venv }}"
- PIPENV_HIDE_EMOJIS: 1
- PIPENV_NOSPIN: 1
- PIPENV_COLORBLIND: 1
- LC_ALL: C.UTF-8
- LANG: C.UTF-8
- require:
- cmd: install_pipenv
- file: {{ venv }}
{%- if update_git %}
- git: {{ gitrepo }}
{%- else %}
- file: {{ checkout }}
{%- endif %}
- pkg: gvabase-dependencies
- unless: test $(find {{ venv }} -type f -cnewer Pipfile.lock \! -name '*.pyc'|wc -l) -gt 0
- watch_in:
- service: {{ servicename }}
{% endmacro %}
{% macro create_celery_worker(gvaappname, purpose) %}
{% set app_home = salt['grains.get']('gnuviechadmin:home', '/home/{}'.format(gvaappname)) %}
{% set app_user = salt['grains.get']('gnuviechadmin:user', gvaappname) %}
{% set app_group = salt['grains.get']('gnuviechadmin:group', gvaappname) %}
{% set venv = "{}/{}-venv".format(app_home, gvaappname) -%}
{% set checkout = salt['grains.get']('gnuviechadmin:checkout', '/srv/{}'.format(gvaappname)) -%}
{% set gitrepo = salt['pillar.get']('gnuviechadmin:{}:git_url'.format(gvaappname), 'git:gnuviech/{}.git'.format(gvaappname)) -%}
{% set update_git = salt['grains.get']('gnuviechadmin:update_git', True) %}
{% set servicename = gvaappname + "-celery-worker" %}
{% set amqp_user = grains['gnuviechadmin']['amqpuser'] -%}
{{ gvaapp_base(gvaappname, servicename ) }}
/etc/default/{{ gvaappname }}:
file.managed:
- user: root
- group: root
- mode: 0640
- source: salt://gnuviechadmin/{{ gvaappname }}/celery-worker.env
- template: jinja
- context:
virtualenv: {{ venv }}
checkout: {{ checkout }}
broker_url: amqp://{{ amqp_user }}:{{ salt['pillar.get']('gnuviechadmin-queues:users:' + amqp_user + ':password') }}@mq/{{ salt['pillar.get']('gnuviechadmin-queues:vhost') }}
- watch_in:
- service: {{ servicename }}
/etc/systemd/system/{{ servicename }}.service:
file.managed:
- user: root
- group: root
- mode: 0640
- source: salt://gnuviechadmin/celery-worker.service
- template: jinja
- context:
virtualenv: {{ venv }}
checkout: {{ checkout }}
app_user: {{ app_user }}
appname: {{ gvaappname }}
celery_module: {{ salt['pillar.get']('gnuviechadmin:{}:celery_module'.format(gvaappname), gvaappname) }}
amqpname: {{ amqp_user }}
description: Gnuviechadmin celery worker {{ purpose|default(gvaappname) }}
- watch_in:
- service: {{ servicename }}
{{ servicename }}:
service.running:
- enable: True
- require:
- file: {{ venv }}
{%- if update_git %}
- git: {{ gitrepo }}
{%- else %}
- file: {{ checkout }}
{%- endif %}
- file: /etc/systemd/system/{{ servicename }}.service
- watch:
- cmd: {{ gvaappname }}-requirements
{%- if update_git %}
- git: {{ gitrepo }}
{%- endif %}
{% endmacro %}