Page MenuHomeDevCentral
Files F3607290

D2761.id7019.diff
No OneTemporary
Actions

D2761.id7019.diff
View Options

diff --git a/PORTS b/PORTS
--- a/PORTS
+++ b/PORTS
@@ -41,6 +41,7 @@
44080 Hound
# 45080 should be reserved for OpenGrok to compare with Hound
47080 Jenkins HTTP - Test
+ 48080 Vault - Test
50000 Jenkins controller's port for JNLP-based Jenkins agents - CD
52000 Jenkins controller's port for JNLP-based Jenkins agents - Test
55000 Jenkins controller's port for JNKP-based Jenkins agents - CI
diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -9,6 +9,7 @@
docker_aliases:
- &ipv4_docker001 51.255.124.9
- &ipv4_docker001_restricted 51.255.124.9
+ - &ipv4_dwellers_restricted 172.27.27.4
# -------------------------------------------------------------
# Images
@@ -27,6 +28,11 @@
# Core services
- nasqueron/mysql:5.7
+ # Notifications Dev
+ - nasqueron/notifications
+ - nasqueron/rabbitmq
+ - hashicorp/vault
+
docker-001:
# Core services
- library/postgres
@@ -83,6 +89,8 @@
subnet: 172.21.3.0/24
jenkinsTest:
subnet: 172.21.5.0/24
+ notificationsTest:
+ subnet: 172.21.6.0/24
docker-001:
cd:
subnet: 172.18.1.0/24
@@ -194,6 +202,38 @@
mastodon_sidekiq_1:
realm: nasqueron
+ #
+ # Notifications Test
+ #
+
+ notifications:
+ notifications:
+ host: notifications.notifications-test.nasqueron.org
+ app_port: 37080
+ network: notificationsTest
+ broker: notifications_mq
+ credentials:
+ broker: nasqueron.notifications.broker
+ mailgun: nasqueron.notifications.mailgun
+ sentry:
+ realm: nasqueron
+ project_id: 2
+ credential: nasqueron.notifications.sentry
+
+ rabbitmq:
+ orange-rabbit:
+ ip: *ipv4_dwellers_restricted
+ host: orange-rabbit.notifications-test.nasqueron.org
+ app_port: 15672
+ network: notificationsTest
+
+ vault:
+ vault-notif:
+ ip: *ipv4_dwellers_restricted
+ host: vault.notifications-test.nasqueron.org
+ app_port: 48080
+ network: notificationsTest
+
#
# Current production engine
#
diff --git a/roles/paas-docker/containers/files/vault/vault.hcl b/roles/paas-docker/containers/files/vault/vault.hcl
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/files/vault/vault.hcl
@@ -0,0 +1,31 @@
+# -------------------------------------------------------------
+# Vault configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/paas-docker/containers/files/vault/vault.hcl
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+
+listener "tcp" {
+ address = "0.0.0.0:8200"
+
+ tls_cert_file = "/vault/config/certificates/fullchain.pem"
+ tls_key_file = "/vault/config/certificates/private.key"
+}
+
+storage "raft" {
+ path = "/vault/storage"
+ node_id = "{{ id }}"
+}
+
+disable_mlock = true
+
+ui = true
diff --git a/roles/paas-docker/containers/notifications.sls b/roles/paas-docker/containers/notifications.sls
--- a/roles/paas-docker/containers/notifications.sls
+++ b/roles/paas-docker/containers/notifications.sls
@@ -20,16 +20,27 @@
# Docker volume (/data/notifications/storage)
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+{% if "network" in container %}
+{% set broker = container['broker'] %}
+{% else %}
+{% set broker = "mq" %}
+{% endif %}
+
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/notifications
- binds: /srv/notifications/storage:/var/wwwroot/default/storage
+ {% if "network" in container %}
+ - networks:
+ - {{ container['network'] }}
+ {% else %}
- links:
- {{ container['broker_link'] }}:mq
+ {% endif %}
- environment:
- - BROKER_HOST: mq
+ - BROKER_HOST: {{ broker }}
- BROKER_USERNAME: {{ salt['zr.get_username'](container['credentials']['broker']) }}
- BROKER_PASSWORD: {{ salt['zr.get_password'](container['credentials']['broker']) }}
- BROKER_VHOST: dev
diff --git a/roles/paas-docker/containers/vault.sls b/roles/paas-docker/containers/vault.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/containers/vault.sls
@@ -0,0 +1,75 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set has_selinux = salt["grains.get"]("selinux:enabled", False) %}
+{% set containers = pillar["docker_containers"][grains["id"]] %}
+
+{% for instance, container in containers["vault"].items() %}
+
+# -------------------------------------------------------------
+# Storage directory
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% for dir in ["config", "config/certificates", "storage"] %}
+
+/srv/vault/{{ instance }}/{{ dir }}:
+ file.directory:
+ - user: 100
+ - group: 1000
+ - makedirs: True
+
+{% endfor %}
+
+/srv/vault/{{ instance }}/config/vault.hcl:
+ file.managed:
+ - source: salt://roles/paas-docker/containers/files/vault/vault.hcl
+ - mode: 644
+ - template: jinja
+ - context:
+ id: {{ instance }}
+
+{% if has_selinux %}
+selinux_context_vault_data_{{ instance }}:
+ selinux.fcontext_policy_present:
+ - name: /srv/vault/{{ instance }}
+ - sel_type: container_file_t
+
+selinux_context_vault_data_applied_{{ instance }}:
+ selinux.fcontext_policy_applied:
+ - name: /srv/vault/{{ instance }}
+ - recursive: True
+{% endif %}
+
+# -------------------------------------------------------------
+# Container
+#
+# Image: nasqueron/vault
+# Description: Vault
+# Services used: Docker volume
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: nasqueron/vault
+ - cap_add:
+ - IPC_LOCK
+ - binds:
+ - /srv/vault/{{ instance }}/config:/vault/config
+ - /srv/vault/{{ instance }}/storage:/vault/storage
+ - networks:
+ - {{ container["network"] }}
+ - environment:
+ - VAULT_CLUSTER_INTERFACE: eth0
+ - VAULT_REDIRECT_INTERFACE: eth0
+ - ports:
+ - 8200
+ - port_bindings:
+ - {{ container["ip"] }}:{{ container["app_port"] }}:8200
+
+{% endfor %}
diff --git a/roles/paas-docker/nginx/files/vhosts/vault.conf b/roles/paas-docker/nginx/files/vhosts/vault.conf
new file mode 100644
--- /dev/null
+++ b/roles/paas-docker/nginx/files/vhosts/vault.conf
@@ -0,0 +1 @@
+{% include 'roles/paas-docker/nginx/files/vhosts/_default.conf' %}

File Metadata

Mime Type
text/plain
Expires
Tue, Oct 1, 08:20 (21 h, 53 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2168060
Default Alt Text
D2761.id7019.diff (7 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator