Page MenuHomeDevCentral
Files F11775910

D3698.id9587.diff
No OneTemporary
Actions

D3698.id9587.diff
View Options

diff --git a/GIDs b/GIDs
--- a/GIDs
+++ b/GIDs
@@ -14,3 +14,4 @@
9001 salt
9002 deploy
9003 web
+9018 rhyne-wyse
diff --git a/UIDs b/UIDs
--- a/UIDs
+++ b/UIDs
@@ -11,6 +11,7 @@
8000 web-admin
9001 salt
9002 deploy
+9018 rhyne-wyse
8900 zr LEGACY
# Web app
diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -244,6 +244,9 @@
- ops/secrets/espacewin/bugzilla/mysql
- ops/secrets/espacewin/bugzilla/mysql_root
+ reports:
+ - ops/secrets/nasqueron/rhyne-wyse/salt
+
saas-mediawiki:
- ops/secrets/dbserver/cluster-B/users/saas-mediawiki
- ops/secrets/nasqueron/mediawiki/secret_key
diff --git a/pillar/nodes/nodes.sls b/pillar/nodes/nodes.sls
--- a/pillar/nodes/nodes.sls
+++ b/pillar/nodes/nodes.sls
@@ -311,6 +311,7 @@
- netbox
- prometheus
- redis
+ - reports
- saas-nextcloud
- netbox
- webserver-alkane
diff --git a/roles/reports/init.sls b/roles/reports/init.sls
--- a/roles/reports/init.sls
+++ b/roles/reports/init.sls
@@ -7,3 +7,4 @@
include:
- .reports
+ - .rhyne-wyse
diff --git a/roles/reports/rhyne-wyse/account.sls b/roles/reports/rhyne-wyse/account.sls
new file mode 100644
--- /dev/null
+++ b/roles/reports/rhyne-wyse/account.sls
@@ -0,0 +1,30 @@
+# -------------------------------------------------------------
+# Salt — Nasqueron Reports
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+rhyne_wyse_group:
+ group.present:
+ - name: rhyne-wyse
+ - gid: 9018
+
+rhyne_wyse_user:
+ user.present:
+ - name: rhyne-wyse
+ - uid: 9018
+ - shell: /bin/sh
+ - groups:
+ - nasquenautes
+ - system: True
+ - require:
+ - group: rhyne_wyse_group
+
+/var/run/rhyne-wyse:
+ file.directory:
+ - user: rhyne-wyse
+ - group: nasquenautes
+ - mode: 770
+ - require:
+ - user: rhyne_wyse_user
diff --git a/roles/reports/rhyne-wyse/config.sls b/roles/reports/rhyne-wyse/config.sls
new file mode 100644
--- /dev/null
+++ b/roles/reports/rhyne-wyse/config.sls
@@ -0,0 +1,63 @@
+# -------------------------------------------------------------
+# Salt — Nasqueron Reports
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/usr/local/etc/secrets/rhyne-wyse.yaml:
+ file.managed:
+ - source: salt://roles/reports/rhyne-wyse/files/secrets.conf
+ - user: rhyne-wyse
+ - mode: 400
+ - makedirs: True
+ - template: jinja
+ - context:
+ vault:
+ approle: {{ salt["credentials.read_secret"]("nasqueron/rhyne-wyse/salt") }}
+ addr: {{ pillar["nasqueron_services"]["vault_url"] }}
+
+/var/db/rhyne-wyse:
+ file.directory:
+ - user: rhyne-wyse
+ - group: nasquenautes
+ - dir_mode: 775
+ - file_mode: 664
+ - recurse:
+ - group
+ - mode
+
+# -------------------------------------------------------------
+# Configuration files maintained in the "reports" repository
+#
+# As pywikibot checks ownership of the configuration file,
+# we need to copy it instead of symlink it.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/var/run/rhyne-wyse/conf:
+ file.symlink:
+ - target: /opt/nasqueron-reports/tools/rhyne-wyse/conf
+
+/var/run/rhyne-wyse/families:
+ file.directory:
+ - user: rhyne-wyse
+ - group: nasquenautes
+ - dir_mode: 775
+
+/var/run/rhyne-wyse/families/agora_family.py:
+ file.managed:
+ - source: /opt/nasqueron-reports/tools/rhyne-wyse/families/agora_family.py
+ - user: rhyne-wyse
+ - group: nasquenautes
+ - mode: 664
+
+/var/run/rhyne-wyse/user-config.py:
+ file.managed:
+ - source: /opt/nasqueron-reports/tools/rhyne-wyse/user-config.py
+ - user: rhyne-wyse
+ - group: nasquenautes
+ - mode: 644
diff --git a/roles/reports/rhyne-wyse/files/build.sh b/roles/reports/rhyne-wyse/files/build.sh
new file mode 100755
--- /dev/null
+++ b/roles/reports/rhyne-wyse/files/build.sh
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+# -------------------------------------------------------------
+# Install Rhyne-Wyse in a virtual environment
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: BSD-2-Clause
+# Source file: roles/reports/rhyne-wyse/files/build.sh
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+set -e
+
+VENV=/opt/rhyne-wyse/venv
+TOOLS_ROOT_DIR=/opt/nasqueron-reports/tools
+
+# -------------------------------------------------------------
+# Initialize virtual environment
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+python3 -m venv $VENV
+. $VENV/bin/activate
+pip install --upgrade pip
+
+pip install setuptools build
+
+# -------------------------------------------------------------
+# Build and install components
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+build_package_for_tool() {
+ cd "$TOOLS_ROOT_DIR/$1"
+ python3 -m build
+
+ latest_package=$(find dist -name '*.whl' | sort | tail -n1)
+ if [ -z "$latest_package" ]; then
+ echo "[$1] No build artifact found in dist/" >&2
+ exit 1
+ fi
+
+ pip install "$latest_package"
+}
+
+build_package_for_tool secretsmith
+build_package_for_tool nasqueron-reports
+build_package_for_tool rhyne-wyse
diff --git a/roles/reports/rhyne-wyse/files/rhyne-wyse.cron b/roles/reports/rhyne-wyse/files/rhyne-wyse.cron
new file mode 100644
--- /dev/null
+++ b/roles/reports/rhyne-wyse/files/rhyne-wyse.cron
@@ -0,0 +1,18 @@
+# -------------------------------------------------------------
+# Rhyne-Wyse crontab
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/reports/rhyne-wyse/files/rhyne-wyse.cron
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+MAILTO=ops@nasqueron.org
+
+02 15 * * * rhyne-wyse /usr/local/bin/rhyne-wyse
diff --git a/roles/reports/rhyne-wyse/files/rhyne-wyse.sh b/roles/reports/rhyne-wyse/files/rhyne-wyse.sh
new file mode 100755
--- /dev/null
+++ b/roles/reports/rhyne-wyse/files/rhyne-wyse.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# -------------------------------------------------------------
+# Rhyne-Wyse
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/reports/rhyne-wyse/files/rhyne-wyse.sh
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+set -e
+
+LOG=/var/log/rhyne-wyse.log
+WORKDIR=/var/run/rhyne-wyse
+
+# -------------------------------------------------------------
+# Task :: update Agora reports
+#
+# Logging is configured at bot level to output to stderr
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+cd $WORKDIR
+
+. /opt/rhyne-wyse/venv/bin/activate
+update-agora-reports >> $LOG 2>&1
diff --git a/roles/reports/rhyne-wyse/files/secrets.conf b/roles/reports/rhyne-wyse/files/secrets.conf
new file mode 100644
--- /dev/null
+++ b/roles/reports/rhyne-wyse/files/secrets.conf
@@ -0,0 +1,24 @@
+# -------------------------------------------------------------
+# Rhyne-Wyse :: Vault configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: BSD-2-Clause
+# Source file: roles/reports/rhyne-wyse/files/secrets.conf
+# Format: secretsmith
+# -------------------------------------------------------------
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+vault:
+ server:
+ url: {{ vault.addr }}
+ verify: /usr/local/share/certs/nasqueron-vault-ca.crt
+
+ auth:
+ method: approle
+ role_id: {{ vault.approle.role_id }}
+ secret_id: {{ vault.approle.secret_id }}
diff --git a/roles/reports/rhyne-wyse/files/syslog/rhyne-wyse.conf b/roles/reports/rhyne-wyse/files/syslog/rhyne-wyse.conf
new file mode 100644
--- /dev/null
+++ b/roles/reports/rhyne-wyse/files/syslog/rhyne-wyse.conf
@@ -0,0 +1,17 @@
+# -------------------------------------------------------------
+# Rhyne-Wyse newsyslog config
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/reports/rhyne-wyse/files/syslog/rhyne-wyse.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# logfilename [owner:group] mode count size when flags
+/var/log/rhyne-wyse.log rhyne-wyse:nasquenautes 664 90 * @T00 BC
diff --git a/roles/reports/init.sls b/roles/reports/rhyne-wyse/init.sls
copy from roles/reports/init.sls
copy to roles/reports/rhyne-wyse/init.sls
--- a/roles/reports/init.sls
+++ b/roles/reports/rhyne-wyse/init.sls
@@ -6,4 +6,7 @@
# -------------------------------------------------------------
include:
- - .reports
+ - .account
+ - .software
+ - .config
+ - .service
diff --git a/roles/reports/rhyne-wyse/service.sls b/roles/reports/rhyne-wyse/service.sls
new file mode 100644
--- /dev/null
+++ b/roles/reports/rhyne-wyse/service.sls
@@ -0,0 +1,39 @@
+# -------------------------------------------------------------
+# Salt — Nasqueron Reports
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import services with context %}
+
+# -------------------------------------------------------------
+# Wrapper to call the service
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/usr/local/bin/rhyne-wyse:
+ file.managed:
+ - source: salt://roles/reports/rhyne-wyse/files/rhyne-wyse.sh
+ - mode: 755
+
+# -------------------------------------------------------------
+# Log
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/usr/local/etc/newsyslog.conf.d/rhyne-wyse.conf:
+ file.managed:
+ - source: salt://roles/reports/rhyne-wyse/files/syslog/rhyne-wyse.conf
+
+rhyne_wyse_newsyslog_run:
+ cmd.run:
+ - name: newsyslog -NC
+ - creates: /var/log/rhyne-wyse.log
+
+# -------------------------------------------------------------
+# Cron
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/usr/local/etc/cron.d/rhyne-wyse:
+ file.managed:
+ - source: salt://roles/reports/rhyne-wyse/files/rhyne-wyse.cron
+ - makedirs: True
diff --git a/roles/reports/rhyne-wyse/software.sls b/roles/reports/rhyne-wyse/software.sls
new file mode 100644
--- /dev/null
+++ b/roles/reports/rhyne-wyse/software.sls
@@ -0,0 +1,21 @@
+# -------------------------------------------------------------
+# Salt — Nasqueron Reports
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+/opt/rhyne-wyse:
+ file.directory:
+ - user: builder
+ - group: deployment
+
+# -------------------------------------------------------------
+# Virtual Environment
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+rhyne_wyse_venv:
+ cmd.script:
+ - name: salt://roles/reports/rhyne-wyse/files/build.sh
+ - runas: builder
+ - creates: /opt/rhyne-wyse/venv/bin/activate

File Metadata

Mime Type
text/plain
Expires
Mon, Sep 22, 10:10 (13 h, 5 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3004666
Default Alt Text
D3698.id9587.diff (12 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator