diff --git a/PORTS b/PORTS --- a/PORTS +++ b/PORTS @@ -1,8 +1,3 @@ -reserved-for-legacy-docker-migration-high-priority - 23080 Phabricator HTTP - River Sector - 35080 Phabricator HTTP - Wolfplex - 36080 Phabricator HTTP - Zed - reserved-for-legacy-docker-migration-medium-priority 3000 Mastodon public HTTP 4000 Mastodon streaming HTTP @@ -27,12 +22,15 @@ 20080 Nasqueron API - Docker registry API 22220 Phabricator Aphlict (client) 22221 Phabricator Aphlict (admin) + 23080 Phabricator HTTP - River Sector 24080 Tommy HTTP - CI 24180 Tommy HTTP - CD 25080 Auth Grove HTTP 31080 Phabricator HTTP - DevCentral 33080 Bugzilla HTTP - Espace Win 34080 Etherpad + 35080 Phabricator HTTP - Wolfplex + 36080 Phabricator HTTP - Zed 38080 Jenkins HTTP - CD 39080 Cachet HTTP 42080 Jenkins HTTP - CI diff --git a/pillar/credentials/zr.sls b/pillar/credentials/zr.sls --- a/pillar/credentials/zr.sls +++ b/pillar/credentials/zr.sls @@ -29,6 +29,16 @@ api: 125 # + # Credentials used by Nasqueron members private services + # + + dereckson: + + # River Sector + phabricator: + mysql: 133 + + # # Credentials used by Espace Win services # @@ -37,3 +47,25 @@ # bugzilla.espace-win.org bugzilla: mysql: 131 + + # + # Credentials used by Wolfplex services + # + + wolfplex: + + # phabricator.wolfplex.be + phabricator: + mysql: 135 + mailgun: 138 + + # + # Credentials used by Zed services + # + + zed: + + # code.zed.dereckson.be + phabricator: + mysql: 134 + sendgrid: 45 diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls --- a/pillar/paas/docker.sls +++ b/pillar/paas/docker.sls @@ -216,6 +216,7 @@ # Infrastructure and development services phabricator: + # Nasqueron instance devcentral: app_port: 31080 host: devcentral.nasqueron.org @@ -228,7 +229,54 @@ - server.nasqueron.org - serveur.nasqueron.org - serveurs.nasqueron.org + mailer: mailgun + credentials: + mysql: zed.phabricator.mysql static_host: phabricator-files-for-devcentral-nasqueron.spacetechnology.net + title: Nasqueron DevCentral + mysql_link: acquisitariat + skip_container: True + + # Private instance for Dereckson + river_sector: + app_port: 23080 + host: river-sector.dereckson.be + static_host: phabricator-files-for-river-sector.nasqueron.org + mailer: _ + credentials: + mysql: dereckson.phabricator.mysql + storage: + namespace: river_sector + title: River Sector + mysql_link: acquisitariat + + # Wolfplex instance + wolfplex_phab: + app_port: 35080 + host: phabricator.wolfplex.be + static_host: phabricator-files-for-wolfplex.nasqueron.org + mailer: mailgun + credentials: + mailgun: wolfplex.phabricator.mailgun + mysql: wolfplex.phabricator.mysql + storage: + namespace: wolfphab + title: Wolfplex Phabricator + mysql_link: acquisitariat + + # Zed instance + zed_code: + app_port: 36080 + host: code.zed.dereckson.be + static_host: phabricator-files-for-zed.nasqueron.org + mailer: sendgrid + credentials: + mysql: zed.phabricator.mysql + sendgrid: zed.phabricator.sendgrid + storage: + namespace: zedphab + title: Zed + mysql_link: acquisitariat aphlict: aphlict: diff --git a/roles/paas-docker/containers/phabricator.sls b/roles/paas-docker/containers/phabricator.sls --- a/roles/paas-docker/containers/phabricator.sls +++ b/roles/paas-docker/containers/phabricator.sls @@ -10,12 +10,13 @@ {% set containers = pillar['docker_containers'][grains['id']] %} {% for instance, container in containers['phabricator'].items() %} +{% set create_container = "skip_container" not in container or not container['skip_container'] %} # ------------------------------------------------------------- # Storage directory # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -/srv/{{ instance }}: +/srv/phabricator/{{ instance }}: file.directory: - user: 431 - group: 433 @@ -24,12 +25,61 @@ {% if has_selinux %} selinux_context_{{ instance }}_data: selinux.fcontext_policy_present: - - name: /srv/{{ instance }} + - name: /srv/phabricator/{{ instance }} - sel_type: container_file_t selinux_context_{{ instance }}_data_applied: selinux.fcontext_policy_applied: - - name: /srv/{{ instance }} + - name: /srv/phabricator/{{ instance }} +{% endif %} + +# ------------------------------------------------------------- +# Container +# +# /!\ DEVCENTRAL DEPLOYMENT ISSUE /!\ +# +# We've currently a chicken or egg problem here: the zr +# credentials source is the Nasqueron Phabricator instance, +# DevCentral. As such, we can't provision it through this block. +# +# This is blocked by secrets migration to Vault. +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +{% if create_container %} + +{{ instance }}: + docker_container.running: + - detach: True + - interactive: True + - image: nasqueron/phabricator + - binds: + - /srv/phabricator/{{ instance }}/conf:/opt/phabricator/conf + - /srv/phabricator/{{ instance }}/repo:/var/repo + - environment: + PHABRICATOR_URL: https://{{ container['host'] }} + PHABRICATOR_TITLE: {{ container['title'] }} + PHABRICATOR_DOMAIN: {{ container['host'] }} + PHABRICATOR_ALT_FILE_DOMAIN: https://{{ container['static_host'] }} + + DB_USER: {{ salt['zr.get_username'](container['credentials']['mysql']) }} + DB_PASS: {{ salt['zr.get_password'](container['credentials']['mysql']) }} + PHABRICATOR_STORAGE_NAMESPACE: {{ container['storage']['namespace'] }} + + {% if container['mailer'] == 'sendgrid' %} + PHABRICATOR_USE_SENDGRID: 1 + PHABRICATOR_SENDGRID_APIUSER: {{ salt['zr.get_username'](container['credentials']['sendgrid']) }} + PHABRICATOR_SENDGRID_APIKEY: {{ salt['zr.get_password'](container['credentials']['sendgrid']) }} + {% elif container['mailer'] == 'mailgun' %} + PHABRICATOR_USE_MAILGUN: 1 + PHABRICATOR_MAILGUN_APIKEY: {{ salt['zr.get_token'](container['credentials']['mailgun']) }} + {% endif %} + + - links: {{ container['mysql_link'] }}:mysql + - ports: + - 80 + - ports_bindings: + - {{ container['app_port'] }}:80 + {% endif %} {% endfor %} diff --git a/roles/phabricator/containers/Makefile b/roles/phabricator/containers/Makefile --- a/roles/phabricator/containers/Makefile +++ b/roles/phabricator/containers/Makefile @@ -2,6 +2,5 @@ PREFIX=/usr/local install: - ${INSTALL} files/run-wolfphab.sh ${PREFIX}/bin/run-wolfphab ${INSTALL} files/run-devcentral.sh ${PREFIX}/bin/run-devcentral ${INSTALL} files/run-aphlict.sh ${PREFIX}/bin/run-aphlict diff --git a/roles/phabricator/containers/files/run-wolfphab.sh b/roles/phabricator/containers/files/run-wolfphab.sh deleted file mode 100755 --- a/roles/phabricator/containers/files/run-wolfphab.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/bin/sh - -# ------------------------------------------------------------- -# Phabricator — Wolfplex instance -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -# Author: Sébastien Santoro aka Dereckson -# Project: Nasqueron -# Created: 2015-10-25 -# Description: Phabricator instance for Nasqueron -# License: Trivial work, not eligible to copyright -# Image: nasqueron/phabricator -# Source file: roles/phabricator/containers/files/run-wolfphab.sh -# ------------------------------------------------------------- -# -# -# This file is managed by our rOPS SaltStack repository. -# -# Changes to this file may cause incorrect behavior -# and will be lost if the state is redeployed. -# - -# ------------------------------------------------------------- -# Container parameters -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -INSTANCE_NAME=wolfphab -PORT=35080 -DOMAIN=phabricator.wolfplex.be -DATA_DIRECTORY=/srv/data/$INSTANCE_NAME -MYSQL_INSTANCE=acquisitariat -MYSQL_NAMESPACE=wolfphab - -# ------------------------------------------------------------- -# Phabricator parameters -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -PHABRICATOR_URL=https://$DOMAIN -PHABRICATOR_TITLE="Wolfplex Phabricator" -PHABRICATOR_ALT_FILE_DOMAIN="https://phabricator-files-for-wolfplex.nasqueron.org" - -# ------------------------------------------------------------- -# Ensure container isn't already running -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -docker-container-status $INSTANCE_NAME > /dev/null -if [ "$?" -lt 2 ]; then - echo "Container is already running." - echo "To force relaunch, try docker stop $INSTANCE_NAME ; docker rm $INSTANCE_NAME ; $0" - exit 1 -fi - -# ------------------------------------------------------------- -# Container launch -# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -docker run -t -d \ - --link $MYSQL_INSTANCE:mysql \ - -v $DATA_DIRECTORY/repo:/var/repo \ - -v $DATA_DIRECTORY/conf:/opt/phabricator/conf \ - -p $PORT:80 \ - -e PHABRICATOR_URL=$PHABRICATOR_URL \ - -e PHABRICATOR_TITLE="$PHABRICATOR_TITLE" \ - -e PHABRICATOR_ALT_FILE_DOMAIN="$PHABRICATOR_ALT_FILE_DOMAIN" \ - -e PHABRICATOR_STORAGE_NAMESPACE="$MYSQL_NAMESPACE" \ - --name $INSTANCE_NAME nasqueron/phabricator - -docker exec $INSTANCE_NAME sh -c 'cd /opt/phabricator && \ - bin/config set mysql.host mysql && \ - bin/config set mysql.pass $MYSQL_ENV_MYSQL_ROOT_PASSWORD && \ - bin/config set storage.default-namespace $PHABRICATOR_STORAGE_NAMESPACE && \ - bin/config set phabricator.base-uri $PHABRICATOR_URL && \ - bin/config set security.alternate-file-domain "$PHABRICATOR_ALT_FILE_DOMAIN" && \ - bin/config set mailgun.domain $DOMAIN && \ - rm -f /etc/nginx/sites-enabled/default && \ - chown -R app /var/repo' - -# Fixes bug phd doesn't run at the very first container launch -docker exec $INSTANCE_NAME sv restart phd - -echo "Deployment done at `date`." -exit 0