Page MenuHomeDevCentral
Files F24682792

No OneTemporary
Actions

View Options

diff --git a/README.md b/README.md
index eec1cb4..536f33c 100644
--- a/README.md
+++ b/README.md
@@ -1,84 +1,84 @@
Nasqueron operations
====================
-Welcome to **[rOPS](https://devcentral.nasqueron.org/diffusion/OPS/)**, the Nasqueron operations repository.
+Welcome to **[rOPS](https://devcentral.nasqueron.org/diffusion/OPS/)**,
+the Nasqueron operations repository.
----------
Introduction
------------
Nasqueron infrastructure servers support our budding community
of creative people, writers, developers and thinkers.
Nasqueron follows the principle of "Infrastructure as Code"
to offer documentation, reproducibility, transparency and
to allow external contributions.
It contains:
- server configuration
- deployment information for our applications and services
We mainly rely on [SaltStack](https://docs.saltstack.com/en/latest/contents.html)
for deployment and automation.
Scope
-----
New services on our Docker engine (currently Dwellers) should be
deployed through this repository.
The [Eglide](http://www.eglide.org/) service is fully managed
through this repository.
Legacy services are in migration.
Structure
---------
Services are organized in roles and units.
* Roles: a role is a goal a service accomplishes (e.g. mailserver, paas-docker)
* Units: an unit is a component needed to achieve this goal
(e.g. an userland software collection, a nginx server)
Directories follow `roles/<role>/<unit>`.
If configuration files for an unit should be stored,
a subfolder `files` is created at unit level.
The `pillar/ ` folder contains data about Eglide users,
The repository contains a legacy scripts folder, not handled by Salt,
and a config/forum for one set of our Discourse configuration.
They can be migrated to the role/unit structure.
Contribute
----------
Contributions are welcome to this repository, especially if you wish to:
1. improve our infrastructure
2. install or configure something on a Nasqueron server
3. install or configure something on a project we manage (like Eglide)
4. help to migrate services to Salt
You can follow this [contributor guide](https://agora.nasqueron.org/How%20to%20contribute%20code)
to send a commit for review. This procedure is open to everyone.
Issues can be reported on the [#Servers component](https://devcentral.nasqueron.org/tag/servers/)
on DevCentral, the Nasqueron Phabricator instance.
Support for contributors is provided on Freenode #nasqueron-ops.
License
-------
A lot of configuration as code is trivial, and so ineligible for copyright per
[threshold of originality](https://en.wikipedia.org/wiki/Threshold_of_originality)
When this is not the case, the code is licensed under
[BSD-2-Clause](https://opensource.org/licenses/BSD-2-Clause)
if not otherwise specified.
-
diff --git a/pillar/viperserv/bots.sls b/pillar/viperserv/bots.sls
index 1d491a9..621c904 100644
--- a/pillar/viperserv/bots.sls
+++ b/pillar/viperserv/bots.sls
@@ -1,46 +1,45 @@
-# To regenerate the list of scripts in a folder, try:
-# find . -type f -name '*.tcl' | grep -v tests/ | grep -v Maintenance/ | grep -v ForUsers/ | grep -v PreSurfBoard | sed 's@\./@ - @'
+# To regenerate the list of scripts in a folder, try `make list` from rVIPER.
viperserv_accounts:
viperserv:
fullname: ViperServ
uid: 833
tc2:
fullname: Tau Ceti Central
uid: 834
viperserv_bots:
Daeghrefn:
realname: https://daeghrefn.nasqueron.org
scripts:
- Daeghrefn/Time.tcl
- Daeghrefn/Wolfplex.tcl
- Daeghrefn/Server.tcl
- Daeghrefn/Last.fm.tcl
- Daeghrefn/Wikimedia.tcl
- Daeghrefn/Bureautique.tcl
- Daeghrefn/Communication.tcl
- Daeghrefn/GIS.tcl
- Daeghrefn/Tools.tcl
- Daeghrefn/Channel.tcl
- vendor/oauth.tcl
- vendor/proxycheck.tcl
modules:
- transfer
- filesys
- seen
Wearg:
realname: RabbitMQ broker client
scripts:
- Wearg/Broker.tcl
- Wearg/Notifications.tcl
# This one should be last as it initializes
# startup components, with broker/Notifications
# dependencies
- Wearg/Time.tcl
TC2:
realname: Tau Ceti Central
runas: tc2
scripts:
- TC2/Time.tcl
- TC2/Server.tcl
diff --git a/roles/mailserver/systemd-unit/files/lxc-container-mailserver-start.sh b/roles/mailserver/systemd-unit/files/lxc-container-mailserver-start.sh
index 9f6e35e..ad5f08a 100755
--- a/roles/mailserver/systemd-unit/files/lxc-container-mailserver-start.sh
+++ b/roles/mailserver/systemd-unit/files/lxc-container-mailserver-start.sh
@@ -1,48 +1,50 @@
#!/bin/sh
# -------------------------------------------------------------
# Nasqueron mail services
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2015-12-16
# License: Trivial work, not eligible to copyright
# Source file: roles/mailserver/systemd-unit/files/lxc-container-mailserver-start.sh
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
-#Let systemd launch a lxc mail container through /usr/lib/systemd/system/lxc-container-mailserver.service
+#Let systemd launch a lxc mail container through
+#/usr/lib/systemd/system/lxc-container-mailserver.service
+#
#Start a lxc container, and create iptable rules
IPTABLES="/usr/sbin/iptables"
LXC_START="/usr/bin/lxc-start"
CONTAINER_NAME="mailserver"
HOST_INTERFACE="ens192"
DOCKER_INTERFACE="docker0"
HOST_IP="212.129.32.223"
CONTAINER_IP="10.0.3.8"
PORTS="25 110 143 465 587"
DOCKER_PORTS="25 143 465 587"
NGINX_PORT="21080"
$LXC_START -n $CONTAINER_NAME -d
#Web rules
for PORT in $PORTS
do
$IPTABLES -t nat -I PREROUTING -i $HOST_INTERFACE -p TCP -d $HOST_IP/32 --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT
done
#Need 80 port for main nginx
$IPTABLES -t nat -I PREROUTING -i $HOST_INTERFACE -p TCP -d $HOST_IP/32 --dport $NGINX_PORT -j DNAT --to-destination $CONTAINER_IP:80
#Docker rules
for PORT in $DOCKER_PORTS
do
$IPTABLES -t nat -I PREROUTING -i $DOCKER_INTERFACE -p TCP -d $HOST_IP/32 --dport $PORT -j DNAT --to-destination $CONTAINER_IP:$PORT
done
diff --git a/roles/paas-docker/systemd-unit/files/get-containers-list.sh b/roles/paas-docker/systemd-unit/files/get-containers-list.sh
index b7d7ff7..ecd246d 100755
--- a/roles/paas-docker/systemd-unit/files/get-containers-list.sh
+++ b/roles/paas-docker/systemd-unit/files/get-containers-list.sh
@@ -1,46 +1,47 @@
#!/usr/bin/env bash
# -------------------------------------------------------------
# PaaS Docker
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-01-30
# License: Trivial work, not eligible to copyright
# Source file: roles/paas-docker/systemd-unit/files/get-containers-list.sh
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
## Read /etc/containers.conf and recover docker’s names into an array.
## get-containers-list [--reverse]
file='/etc/containers.conf'
if [[ ! -f "$file" ]]; then
echo "$file : does not exists "
exit 1
elif [[ ! -r "$file" ]]; then
echo "$file : can not read "
fi
# Get names in an array
-# 21:42 <geirha> since bash 4, you can use mapfile instead of that while read loop. mapfile -t array < "$file"
+# 21:42 <geirha> since bash 4, you can use mapfile instead of that
+# while read loop. mapfile -t array < "$file"
mapfile -t array < "$file"
# Test argument to know in wich order return names
if [[ $1 == "--reverse" ]]; then
for ((i="${#array[*]}" - 1; i >= 0; i--)); do
echo "${array[i]}"
done
elif [[ -z "$1" ]]; then
for ((i=0; i < "${#array[*]}"; i++)); do
echo "${array[i]}"
done
else
echo "$1 is not a valid argument"
fi
diff --git a/roles/webserver-content/README.md b/roles/webserver-content/README.md
index 10567b5..df61159 100644
--- a/roles/webserver-content/README.md
+++ b/roles/webserver-content/README.md
@@ -1,65 +1,65 @@
# Webserver content
## Goal of this role
This role provisions the `/var/wwwroot` folder with the website content,
when there is a custom logic to prepare it, like a specific Git repository
to clone, or a build process to follow.
This roles does NOT describe web server configuration,
which is done in other `webserver-` roles.
## Structure
This role doesn't follow the role/unit folder hierarchy.
Instead, it follows a tld/domain/subdomain.sls logic.
For example, the folder for the `*.acme.tld` sites will be `tld/acme`.
This structure goal is to play nice with the Salt include syntax, as dots
are a directory separator.
The bipbip.acme.tld site will be described in `tld/acme/bipbip.sls` file.
## Add a new domain
1. Create a new folder hierarchy for the domain
2. Include a `init.sls` file for your subdomains
3. Declare the new domain in pillar/webserver/sites.sls
- 4. Regenerate the role index with utils/generate-webcontent-index.py (or make)
- utils/generate-webcontent-index.py > roles/webserver-content/init.sls
+ 4. Regenerate the role index with `make` (from repository root)
+
For example the tld/acme/init.sls file could be:
```
include:
- .www
- .acme
```
Alphabetical order is followed, but www is generally first.
In the pillar file, website are assigned to a role.
If you wish to deploy all the sites on one role, you can directly include
the folder, and your init.sls will do the rest.
If not, two strategies exist: you can use node.filter_by_role in your
init.sls too or perhaps more simply you can document in init.sls this
roles can't be deployed directly, and make references to sls files in
the pillar (without final .sls extension).
For example to deploy bipbip.acme.tld (`tld/acme/bipbip.sls`) on servers
with the shellserver role:
```
shellserver:
- .tld/acme/bibpip
```
## Prune old files
If you need to prune a former website, you can add
the directory to the /hotfixes/old-directories.sls state.
There is no need to revert your commit when the
directories or files are deleted.
diff --git a/scripts/byOS/Fedora/new-partition.sh b/scripts/byOS/Fedora/new-partition.sh
index 4711267..acebdec 100755
--- a/scripts/byOS/Fedora/new-partition.sh
+++ b/scripts/byOS/Fedora/new-partition.sh
@@ -1,34 +1,36 @@
#!/bin/sh
#
# Adds a new partition to a device mapper volume group
#
-# Usage ..... new-partition <device> <volume group> <logical volume name> [mounting point]
+# Usage ..... new-partition <device> <volume group>
+# <logical volume name> [mounting point]
# Example ... new-partition /dev/sdb1 centos_dwellers wharf /wharf
# (or) new-partition /dev/sdb1 centos_dwellers wharf
#
# If mounting point is omitted, disk is mounted in /<logical volume name>
#
# Parses arguments
if [ $# -lt 3 ] || [ $# -gt 4 ]; then
- echo 'Usage: new-partition <device> <volume group> <logical volume name> [mounting point]'
+ echo 'Usage: new-partition <device> <volume group>'
+ echo ' <logical volume name> [mounting point]'
exit 1
fi
DEVICE=$1
VG=$2
LVNAME=$3
if [ $# -eq 4 ]; then
MOUNTING_POINT=$4
else
MOUNTING_POINT=/$LVNAME
fi
pvcreate "$DEVICE"
vgextend "$VG" "$DEVICE"
lvcreate -l 100%FREE -n "$LVNAME" "$VG"
mkfs -t xfs "/dev/$VG/$LVNAME"
echo "/dev/mapper/$VG-$LVNAME $MOUNTING_POINT xfs defaults 1 2" >> /etc/ftab
mount "$MOUNTING_POINT"

File Metadata

Mime Type
text/x-diff
Expires
Sat, Mar 7, 01:55 (23 h, 21 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3500330
Default Alt Text
(11 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator