Page MenuHomeDevCentral
Files F12297699

No OneTemporary
Actions

View Options

diff --git a/GIDs b/GIDs
index 7f56c1e..b74bbcb 100644
--- a/GIDs
+++ b/GIDs
@@ -1,16 +1,17 @@
827 chaton-dev
828 deployment
829 nasqueron-irc
835 opensearch
836 opendkim
842 nasqueron-dev-docker
1001 netbox
3001 ops
#3002 is intentionally left unassigned
3003 deployment
3004 mediawiki
3005 nasquenautes
6000 mailbox
9001 salt
9002 deploy
9003 web
+9018 rhyne-wyse
diff --git a/UIDs b/UIDs
index fa89de9..7b1429e 100644
--- a/UIDs
+++ b/UIDs
@@ -1,18 +1,19 @@
830 odderon
831 builder
832 chaton LEGACY
833 viperserv
834 tc2
835 opensearch
836 opendkim
1001 netbox
3004 mediawiki
6000 mailbox
8000 web-admin
9001 salt
9002 deploy
+9018 rhyne-wyse
8900 zr LEGACY
# Web app
12000 web-org-nasqueron-mail
12001 web-org-nasqueron-mail-admin
diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
index 1d9879d..a632338 100644
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -1,298 +1,301 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Vault configuration
#
# :: vault_policies_path: path on vault server where to store policies
#
# :: vault_policies_source: path to fetch policies from
# if starting by salt://, from salt files server
#
# :: vault_mount_paths: translates secrets paths in policies paths
#
# Generally, Vault paths are the same for policies and data access.
#
# For kv secrets engine, version 2, writing and reading versions
# of a kv value are prefixed with the data/ path.
#
# credentials.build_policies_by_node will use this dictionary
# to be able to rewrite secrets paths in data paths.
#
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vault_policies_path: /srv/policies/vault
vault_policies_source: /srv/policies/vault
vault_mount_paths:
ops/secrets: ops/data/secrets
ops/privacy: ops/data/privacy
apps: apps/data
# -------------------------------------------------------------
# Vault policies to deploy as-is, i.e., without templating.
#
# Entries of vault_policies must match a .hcl file in
# the roles /vault/policies/files folder.
#
# If you need a template, create a new pillar entry instead
# and add the parsing logic either:
# - directly to roles/vault/policies/
#
# - through _modules/credentials.py for policies to apply
# to Salt nodes, like e.g., vault_secrets_by_role
#
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vault_policies:
- admin
- airflow
- salt-primary
- sentry
- vault_bootstrap
- viperserv
# -------------------------------------------------------------
# Vault policies for Salt itself
#
# The policy attached to the login method (e.g., approle)
# used by the Salt primary server to log in to Vault.
#
# Source is the name of a policy managed by the vault_policies
# section. Target is the name of the policy attached.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vault_salt_primary_policy:
source: salt-primary
target: salt
# -------------------------------------------------------------
# Vault full policies to include by role
#
# Declare the extra policies each node needs.
#
# In addition to those extra policies, the vault_secrets_by_role
# will be parsed for the keys.
#
# IMPORTANT: as grains['roles'] can be modified by the node,
# roles are extracted directly from the pillar.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vault_extra_policies_by_role:
salt-primary:
- salt-primary
# -------------------------------------------------------------
# Vault secrets by role
#
# Paths of the keys the specified role needs access to.
#
# Avoid * notation as this namespace is shared between Vault
# and the applications. As such, only secrets the Salt nodes
# need in a state they need to deploy should be listed here.
#
# Use %%node%% as variable for node name.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vault_secrets_by_role:
devserver:
- ops/secrets/dbserver/windriver-mariadb/users/*
- ops/secrets/dbserver/windriver-pgsql/users/*
- ops/secrets/nasqueron/notifications/notifications-cli/%%node%%
- ops/secrets/nasqueron/deploy/deploy_keys/alken-orin
- ops/secrets/nasqueron/deploy/deploy_keys/by_repo/bitbucket/dereckson/www
- ops/secrets/nasqueron/deploy/deploy_keys/by_repo/bitbucket/ewosp/www
- ops/secrets/nasqueron/deploy/deploy_keys/by_repo/github/wolfplex/api-www
mailserver:
- ops/secrets/dbserver/cluster-A/users/mailManagement
- ops/secrets/dbserver/cluster-A/users/dovecot
- ops/secrets/dbserver/cluster-A/users/postfix
- ops/secrets/mailserver/security
netbox:
- ops/secrets/dbserver/windriver-pgsql/users/netbox
- ops/secrets/nasqueron/netbox/key
opensearch:
- ops/secrets/nasqueron/opensearch/infra-logs/internal_users/admin
- ops/secrets/nasqueron/opensearch/infra-logs/internal_users/dashboards
paas-docker-prod:
#
# Personal data or personally identifiable information (PII)
# related to Nasqueron Operations SIG members.
#
- ops/privacy/ops-cidr
#
# Credentials used by Nasqueron services
# Format: ops/secrets/nasqueron/service/<...>
#
- ops/secrets/nasqueron/acquisitariat/mysql
- ops/secrets/nasqueron/airflow/admin_account
- ops/secrets/nasqueron/airflow/fernet
- ops/secrets/nasqueron/airflow/sentry
- ops/secrets/dbserver/cluster-A/users/airflow
- ops/secrets/nasqueron/auth-grove/mysql
- ops/secrets/nasqueron/cachet/app_key
- ops/secrets/nasqueron/cachet/mysql
- ops/secrets/nasqueron/devcentral/mailgun
- ops/secrets/nasqueron/devcentral/mail_local
- ops/secrets/nasqueron/devcentral/mysql
- ops/secrets/nasqueron/etherpad/api
- ops/secrets/nasqueron/etherpad/mysql
- ops/secrets/nasqueron/etherpad/users/dereckson
- ops/secrets/nasqueron/notifications/broker
- ops/secrets/nasqueron/notifications/mailgun
- ops/secrets/nasqueron/notifications/sentry
- ops/secrets/nasqueron/notifications/credentials/github/nasqueron
- ops/secrets/nasqueron/notifications/credentials/github/wolfplex
- ops/secrets/nasqueron/notifications/credentials/github/keruald
- ops/secrets/nasqueron/notifications/credentials/github/trustspace
- ops/secrets/nasqueron/notifications/credentials/github/eglide
- ops/secrets/nasqueron/notifications/credentials/phabricator/nasqueron
- apps/notifications-center/dockerhub/notifications
- apps/notifications-center/dockerhub/auth-grove
- ops/secrets/nasqueron/penpot/github
- ops/secrets/nasqueron/penpot/postgresql
- ops/secrets/nasqueron/penpot/secret_key
- ops/secrets/nasqueron/pixelfed/app_key
- ops/secrets/nasqueron/pixelfed/mailgun
- ops/secrets/nasqueron/pixelfed/mysql
- ops/secrets/nasqueron/rabbitmq/white-rabbit/erlang-cookie
- ops/secrets/nasqueron/rabbitmq/white-rabbit/root
- ops/secrets/nasqueron/reports/acquisitariat
- ops/secrets/nasqueron/sentry/app_key
- ops/secrets/nasqueron/sentry/geoipupdate
- ops/secrets/nasqueron/sentry/postgresql
- ops/secrets/nasqueron/sentry/vault
#
# Credentials used by Nasqueron members private services
# Format: <username>/<service>/<type>
#
- ops/secrets/dereckson/phabricator/mysql
#
# Credentials used by projects hosted by Nasqueron
# Format: <project name>/<service>/<type>
#
- ops/secrets/dbserver/cluster-A/users/corspat
- ops/secrets/espacewin/phpbb/mysql_root
- ops/secrets/wolfplex/phabricator/mailgun
- ops/secrets/wolfplex/phabricator/mysql
- ops/secrets/zed/phabricator/mysql
- ops/secrets/zed/phabricator/sendgrid
paas-docker-dev:
#
# Credentials used by Nasqueron services
# Format: ops/secrets/nasqueron/service/<...>
#
- ops/secrets/nasqueron/airflow/admin_account
- ops/secrets/nasqueron/airflow/fernet
- ops/secrets/nasqueron/airflow/sentry
- ops/secrets/nasqueron/airflow/vault
- ops/secrets/dbserver/cluster-A/users/airflow
- ops/secrets/nasqueron/orbeon/oxf.crypto.password
- ops/secrets/nasqueron/orbeon/users/dereckson
- ops/secrets/dbserver/cluster-A/users/orbeon
- ops/secrets/nasqueron/rabbitmq/orange-rabbit/erlang-cookie
- ops/secrets/nasqueron/rabbitmq/orange-rabbit/root
- ops/secrets/nasqueron/rabbitmq/orange-rabbit/notifications
- ops/secrets/nasqueron/notifications/sentry
#
# Credentials used by projects hosted by Nasqueron
# Format: <project name>/<service>/<type>
#
- ops/secrets/espacewin/bugzilla/mysql
- ops/secrets/espacewin/bugzilla/mysql_root
+ reports:
+ - ops/secrets/nasqueron/rhyne-wyse/salt
+
saas-mediawiki:
- ops/secrets/dbserver/cluster-B/users/saas-mediawiki
- ops/secrets/nasqueron/mediawiki/secret_key
saas-wordpress:
- ops/secrets/dbserver/cluster-B/users/dereckson_blog
- ops/secrets/dereckson/wordpress/secrets
viperserv:
- ops/secrets/nasqueron/viperserv/vault
webserver-alkane-prod:
- ops/secrets/dbserver/cluster-B/users/dereckson_www
- ops/secrets/dbserver/cluster-B/users/zed
- ops/secrets/nasqueron/deploy/deploy_keys/by_repo/github/hypership/content_users
- ops/secrets/zed/hypership/secret_key
#
# Wolfplex credentials
#
- ops/secrets/nasqueron/etherpad/api
webserver-alkane-dev:
- ops/secrets/dbserver/cluster-B/users/dereckson_www51
webserver-legacy:
#
# Wolfplex credentials
#
- ops/secrets/nasqueron/etherpad/api
# -------------------------------------------------------------
# Vault secrets by dbserver cluster
#
# Paths of the keys the specified role needs access to.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vault_secrets_by_dbserver_cluster:
# Main PostgreSQL cluster
A:
- ops/secrets/dbserver/cluster-A/users/*
# Main MariaDB cluster - Alkane PaaS, ViperServ
B:
- ops/secrets/dbserver/cluster-B/users/*
diff --git a/pillar/nodes/nodes.sls b/pillar/nodes/nodes.sls
index 57d5b3f..7ab0d7e 100644
--- a/pillar/nodes/nodes.sls
+++ b/pillar/nodes/nodes.sls
@@ -1,373 +1,374 @@
# -------------------------------------------------------------
# Salt — Nodes
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-10-20
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
nodes_aliases:
netmasks:
intranought: &intranought_netmask 255.255.255.240
nodes:
##
## Forest: Nasqueron
## Semantic field: https://devcentral.nasqueron.org/P27
##
cloudhugger:
forest: nasqueron-infra
hostname: cloudhugger.nasqueron.org
roles:
- opensearch
network:
ipv6_tunnel: False
canonical_public_ipv4: 188.165.200.229
interfaces:
eno1:
device: eno1
ipv4:
address: 188.165.200.229
netmask: 255.255.255.0
gateway: 188.165.200.254
ipv6:
address: fe80::ec4:7aff:fe6a:36e8
prefix: 64
gateway: fe80::ee30:91ff:fee0:df80
complector:
forest: nasqueron-infra
hostname: complector.nasqueron.org
roles:
- vault
- salt-primary
zfs:
pool: zroot
network:
ipv6_tunnel: False
interfaces:
intranought:
device: vmx0
ipv4:
address: 172.27.27.7
netmask: *intranought_netmask
gateway: 172.27.27.1
db-A-001:
forest: nasqueron-infra
hostname: db-A-001.nasqueron.drake
roles:
- dbserver-pgsql
zfs:
pool: arcology
dbserver:
cluster: A
network:
ipv6_tunnel: False
interfaces:
intranought:
device: vmx0
ipv4:
address: 172.27.27.8
netmask: *intranought_netmask
gateway: 172.27.27.1
db-B-001:
forest: nasqueron-infra
hostname: db-B-001.nasqueron.drake
roles:
- dbserver-mysql
zfs:
pool: arcology
dbserver:
cluster: B
network:
ipv6_tunnel: False
interfaces:
intranought:
device: vmx0
ipv4:
address: 172.27.27.9
netmask: *intranought_netmask
gateway: 172.27.27.1
dns-001:
forest: nasqueron-infra
hostname: dns-001.nasqueron.org
roles:
- dns
zfs:
pool: arcology
network:
interfaces:
public:
device: vmx0
ipv4:
address: 178.32.70.109
netmask: 255.255.255.255
ipv6:
address: 2001:41d0:303:d971::1057:da7a
gateway: 2001:41d0:303:d9ff:ff:ff:ff:ff
prefix: 56
flags:
- hello_ipv6_ovh
intranought:
device: vmx1
ipv4:
address: 172.27.27.2
netmask: *intranought_netmask
gateway: 172.27.27.1
dwellers:
forest: nasqueron-dev-docker
hostname: dwellers.nasqueron.org
roles:
- paas-lxc
- paas-docker
- paas-docker-dev
- mastodon
flags:
install_docker_devel_tools: True
network:
ipv6_tunnel: True
canonical_public_ipv4: 51.255.124.11
interfaces:
public:
device: ens192
uuid: 6e05ebea-f2fd-4ca1-a21f-78a778664d8c
ipv4:
address: 51.255.124.11
netmask: *intranought_netmask
gateway: 51.210.99.254
intranought:
device: ens224
uuid: 8e8ca793-b2eb-46d8-9266-125aba6d06c4
ipv4:
address: 172.27.27.4
netmask: *intranought_netmask
gateway: 172.27.27.1
docker-002:
forest: nasqueron-infra
hostname: docker-002.nasqueron.org
roles:
- paas-docker
- paas-docker-prod
network:
ipv6_tunnel: True
canonical_public_ipv4: 51.255.124.9
interfaces:
public:
device: ens192
uuid: d55e0fec-f90b-3014-a458-9067ff8f2520
ipv4:
address: 51.255.124.10
netmask: *intranought_netmask
gateway: 51.210.99.254
intranought:
device: ens224
uuid: 57c04bcc-929b-3177-a2e3-88f84f210721
ipv4:
address: 172.27.27.5
netmask: *intranought_netmask
gateway: 172.27.27.1
hervil:
forest: nasqueron-infra
hostname: hervil.nasqueron.drake
network:
interfaces:
vmx0:
device: vmx0
ipv4:
address: 172.27.27.3
netmask: *intranought_netmask
gateway: 172.27.27.1
vmx1:
device: vmx1
ipv4:
address: 178.32.70.108
netmask: 255.255.255.255
roles:
- mailserver
- webserver-core
- webserver-alkane
router-001:
forest: nasqueron-infra
hostname: router-001.nasqueron.org
roles:
- router
network:
ipv6_tunnel: False
canonical_public_ipv4: 51.255.124.8
interfaces:
public:
device: vmx0
ipv4:
address: 51.255.124.8
netmask: *intranought_netmask
gateway: 51.210.99.254
ipv6:
address: 2001:41d0:303:d971::6a7e
gateway: 2001:41d0:303:d9ff:ff:ff:ff:ff
prefix: 64
flags:
- ipv4_ovh_failover
intranought:
device: vmx1
ipv4:
address: 172.27.27.1
netmask: *intranought_netmask
web-001:
forest: nasqueron-infra
hostname: web-001.nasqueron.org
roles:
- webserver-alkane
- webserver-alkane-prod
- saas-mediawiki
- saas-wordpress
network:
ipv6_tunnel: False
canonical_public_ipv4: 51.255.124.10
interfaces:
intranought:
device: vmx0
ipv4:
address: 172.27.27.10
netmask: *intranought_netmask
gateway: 172.27.27.1
public:
device: vmx1
ipv4:
address: 51.255.124.10
netmask: 255.255.255.255
gateway: 51.210.99.254
ipv6:
address: 2001:41d0:303:d971::517e:c0de
gateway: 2001:41d0:303:d9ff:ff:ff:ff:ff
prefix: 56
flags:
- ipv4_ovh_failover
- hello_ipv6_ovh
ysul:
forest: nasqueron-dev
hostname: ysul.nasqueron.org
roles:
- devserver
- dbserver-mysql
- viperserv
- webserver-legacy
zfs:
pool: arcology
network:
ipv6_tunnel: True
ipv6_gateway: 2001:470:1f12:9e1::1
canonical_public_ipv4: 212.83.187.132
interfaces:
igb0:
device: igb0
ipv4:
address: 163.172.49.16
netmask: 255.255.255.0
gateway: 163.172.49.1
aliases:
- 212.83.187.132
windriver:
forest: nasqueron-dev
hostname: windriver.nasqueron.org
roles:
- builder
- devserver
- dbserver-mysql
- dbserver-pgsql
- dns
- grafana
- netbox
- prometheus
- redis
+ - reports
- saas-nextcloud
- netbox
- webserver-alkane
- webserver-alkane-dev
zfs:
pool: arcology
network:
ipv6_tunnel: False
canonical_public_ipv4: 195.154.30.15
interfaces:
private_network:
device: ix0
ipv4:
address: 10.91.207.15
netmask: 255.255.255.0
igb0:
device: igb0
ipv4:
address: 195.154.30.15
netmask: 255.255.255.0
gateway: 195.154.30.1
ipv6:
address: 2001:bc8:2e84:700::da7a:7001
gateway: fe80::a293:51ff:feb7:55ef
prefix: 56
flags:
- ipv6_dhcp_duid
##
## Forest: Eglide
## Semantic field: ? (P27 used for "Eglide" too)
##
## This forest is intended to separate credentials
## between Eglide and Nasqueron servers.
##
eglide:
forest: eglide
hostname: eglide.org
roles:
- shellserver
network:
ipv6_tunnel: True
canonical_public_ipv4: 51.159.150.221
interfaces:
ens2:
device: ens2
ipv4:
address: 51.159.150.221
gateway: ""
flags:
# This interface is configured by cloud-init
- skip_interface_configuration
fixes:
rsyslog_xconsole: True
diff --git a/roles/reports/init.sls b/roles/reports/init.sls
index be74770..e38d269 100644
--- a/roles/reports/init.sls
+++ b/roles/reports/init.sls
@@ -1,9 +1,10 @@
# -------------------------------------------------------------
# Salt — Nasqueron Reports
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- .reports
+ - .rhyne-wyse
diff --git a/roles/reports/rhyne-wyse/account.sls b/roles/reports/rhyne-wyse/account.sls
new file mode 100644
index 0000000..af8f9ab
--- /dev/null
+++ b/roles/reports/rhyne-wyse/account.sls
@@ -0,0 +1,30 @@
+# -------------------------------------------------------------
+# Salt — Nasqueron Reports
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+rhyne_wyse_group:
+ group.present:
+ - name: rhyne-wyse
+ - gid: 9018
+
+rhyne_wyse_user:
+ user.present:
+ - name: rhyne-wyse
+ - uid: 9018
+ - shell: /bin/sh
+ - groups:
+ - nasquenautes
+ - system: True
+ - require:
+ - group: rhyne_wyse_group
+
+/var/run/rhyne-wyse:
+ file.directory:
+ - user: rhyne-wyse
+ - group: nasquenautes
+ - mode: 770
+ - require:
+ - user: rhyne_wyse_user
diff --git a/roles/reports/rhyne-wyse/config.sls b/roles/reports/rhyne-wyse/config.sls
new file mode 100644
index 0000000..474b82c
--- /dev/null
+++ b/roles/reports/rhyne-wyse/config.sls
@@ -0,0 +1,63 @@
+# -------------------------------------------------------------
+# Salt — Nasqueron Reports
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/usr/local/etc/secrets/rhyne-wyse.yaml:
+ file.managed:
+ - source: salt://roles/reports/rhyne-wyse/files/secrets.conf
+ - user: rhyne-wyse
+ - mode: 400
+ - makedirs: True
+ - template: jinja
+ - context:
+ vault:
+ approle: {{ salt["credentials.read_secret"]("nasqueron/rhyne-wyse/salt") }}
+ addr: {{ pillar["nasqueron_services"]["vault_url"] }}
+
+/var/db/rhyne-wyse:
+ file.directory:
+ - user: rhyne-wyse
+ - group: nasquenautes
+ - dir_mode: 775
+ - file_mode: 664
+ - recurse:
+ - group
+ - mode
+
+# -------------------------------------------------------------
+# Configuration files maintained in the "reports" repository
+#
+# As pywikibot checks ownership of the configuration file,
+# we need to copy it instead of symlink it.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/var/run/rhyne-wyse/conf:
+ file.symlink:
+ - target: /opt/nasqueron-reports/tools/rhyne-wyse/conf
+
+/var/run/rhyne-wyse/families:
+ file.directory:
+ - user: rhyne-wyse
+ - group: nasquenautes
+ - dir_mode: 775
+
+/var/run/rhyne-wyse/families/agora_family.py:
+ file.managed:
+ - source: /opt/nasqueron-reports/tools/rhyne-wyse/families/agora_family.py
+ - user: rhyne-wyse
+ - group: nasquenautes
+ - mode: 664
+
+/var/run/rhyne-wyse/user-config.py:
+ file.managed:
+ - source: /opt/nasqueron-reports/tools/rhyne-wyse/user-config.py
+ - user: rhyne-wyse
+ - group: nasquenautes
+ - mode: 644
diff --git a/roles/reports/rhyne-wyse/files/build.sh b/roles/reports/rhyne-wyse/files/build.sh
new file mode 100755
index 0000000..79f11d1
--- /dev/null
+++ b/roles/reports/rhyne-wyse/files/build.sh
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+# -------------------------------------------------------------
+# Install Rhyne-Wyse in a virtual environment
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: BSD-2-Clause
+# Source file: roles/reports/rhyne-wyse/files/build.sh
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+set -e
+
+VENV=/opt/rhyne-wyse/venv
+TOOLS_ROOT_DIR=/opt/nasqueron-reports/tools
+
+# -------------------------------------------------------------
+# Initialize virtual environment
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+python3 -m venv $VENV
+. $VENV/bin/activate
+pip install --upgrade pip
+
+pip install setuptools build
+
+# -------------------------------------------------------------
+# Build and install components
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+build_package_for_tool() {
+ cd "$TOOLS_ROOT_DIR/$1"
+ python3 -m build
+
+ latest_package=$(find dist -name '*.whl' | sort | tail -n1)
+ if [ -z "$latest_package" ]; then
+ echo "[$1] No build artifact found in dist/" >&2
+ exit 1
+ fi
+
+ pip install "$latest_package"
+}
+
+build_package_for_tool secretsmith
+build_package_for_tool nasqueron-reports
+build_package_for_tool rhyne-wyse
diff --git a/roles/reports/rhyne-wyse/files/rhyne-wyse.cron b/roles/reports/rhyne-wyse/files/rhyne-wyse.cron
new file mode 100644
index 0000000..10d4db6
--- /dev/null
+++ b/roles/reports/rhyne-wyse/files/rhyne-wyse.cron
@@ -0,0 +1,18 @@
+# -------------------------------------------------------------
+# Rhyne-Wyse crontab
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/reports/rhyne-wyse/files/rhyne-wyse.cron
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+MAILTO=ops@nasqueron.org
+
+02 15 * * * rhyne-wyse /usr/local/bin/rhyne-wyse
diff --git a/roles/reports/rhyne-wyse/files/rhyne-wyse.sh b/roles/reports/rhyne-wyse/files/rhyne-wyse.sh
new file mode 100755
index 0000000..a6f0ee9
--- /dev/null
+++ b/roles/reports/rhyne-wyse/files/rhyne-wyse.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# -------------------------------------------------------------
+# Rhyne-Wyse
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/reports/rhyne-wyse/files/rhyne-wyse.sh
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+set -e
+
+LOG=/var/log/rhyne-wyse.log
+WORKDIR=/var/run/rhyne-wyse
+
+# -------------------------------------------------------------
+# Task :: update Agora reports
+#
+# Logging is configured at bot level to output to stderr
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+cd $WORKDIR
+
+. /opt/rhyne-wyse/venv/bin/activate
+update-agora-reports >> $LOG 2>&1
diff --git a/roles/reports/rhyne-wyse/files/secrets.conf b/roles/reports/rhyne-wyse/files/secrets.conf
new file mode 100644
index 0000000..3a115df
--- /dev/null
+++ b/roles/reports/rhyne-wyse/files/secrets.conf
@@ -0,0 +1,24 @@
+# -------------------------------------------------------------
+# Rhyne-Wyse :: Vault configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: BSD-2-Clause
+# Source file: roles/reports/rhyne-wyse/files/secrets.conf
+# Format: secretsmith
+# -------------------------------------------------------------
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+vault:
+ server:
+ url: {{ vault.addr }}
+ verify: /usr/local/share/certs/nasqueron-vault-ca.crt
+
+ auth:
+ method: approle
+ role_id: {{ vault.approle.role_id }}
+ secret_id: {{ vault.approle.secret_id }}
diff --git a/roles/reports/rhyne-wyse/files/syslog/rhyne-wyse.conf b/roles/reports/rhyne-wyse/files/syslog/rhyne-wyse.conf
new file mode 100644
index 0000000..9636ae3
--- /dev/null
+++ b/roles/reports/rhyne-wyse/files/syslog/rhyne-wyse.conf
@@ -0,0 +1,17 @@
+# -------------------------------------------------------------
+# Rhyne-Wyse newsyslog config
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/reports/rhyne-wyse/files/syslog/rhyne-wyse.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# logfilename [owner:group] mode count size when flags
+/var/log/rhyne-wyse.log rhyne-wyse:nasquenautes 664 90 * @T00 BC
diff --git a/roles/reports/init.sls b/roles/reports/rhyne-wyse/init.sls
similarity index 86%
copy from roles/reports/init.sls
copy to roles/reports/rhyne-wyse/init.sls
index be74770..78d4f1c 100644
--- a/roles/reports/init.sls
+++ b/roles/reports/rhyne-wyse/init.sls
@@ -1,9 +1,12 @@
# -------------------------------------------------------------
# Salt — Nasqueron Reports
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- - .reports
+ - .account
+ - .software
+ - .config
+ - .service
diff --git a/roles/reports/rhyne-wyse/service.sls b/roles/reports/rhyne-wyse/service.sls
new file mode 100644
index 0000000..6dbb5e9
--- /dev/null
+++ b/roles/reports/rhyne-wyse/service.sls
@@ -0,0 +1,39 @@
+# -------------------------------------------------------------
+# Salt — Nasqueron Reports
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import services with context %}
+
+# -------------------------------------------------------------
+# Wrapper to call the service
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/usr/local/bin/rhyne-wyse:
+ file.managed:
+ - source: salt://roles/reports/rhyne-wyse/files/rhyne-wyse.sh
+ - mode: 755
+
+# -------------------------------------------------------------
+# Log
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/usr/local/etc/newsyslog.conf.d/rhyne-wyse.conf:
+ file.managed:
+ - source: salt://roles/reports/rhyne-wyse/files/syslog/rhyne-wyse.conf
+
+rhyne_wyse_newsyslog_run:
+ cmd.run:
+ - name: newsyslog -NC
+ - creates: /var/log/rhyne-wyse.log
+
+# -------------------------------------------------------------
+# Cron
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/usr/local/etc/cron.d/rhyne-wyse:
+ file.managed:
+ - source: salt://roles/reports/rhyne-wyse/files/rhyne-wyse.cron
+ - makedirs: True
diff --git a/roles/reports/rhyne-wyse/software.sls b/roles/reports/rhyne-wyse/software.sls
new file mode 100644
index 0000000..368bf1b
--- /dev/null
+++ b/roles/reports/rhyne-wyse/software.sls
@@ -0,0 +1,21 @@
+# -------------------------------------------------------------
+# Salt — Nasqueron Reports
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+/opt/rhyne-wyse:
+ file.directory:
+ - user: builder
+ - group: deployment
+
+# -------------------------------------------------------------
+# Virtual Environment
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+rhyne_wyse_venv:
+ cmd.script:
+ - name: salt://roles/reports/rhyne-wyse/files/build.sh
+ - runas: builder
+ - creates: /opt/rhyne-wyse/venv/bin/activate

File Metadata

Mime Type
text/x-diff
Expires
Wed, Oct 22, 12:53 (1 d, 11 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3092181
Default Alt Text
(32 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator