Page MenuHomeDevCentral
Files F3608328

D2354.id7005.diff
No OneTemporary
Actions

D2354.id7005.diff
View Options

diff --git a/pillar/notifications/config.sls b/pillar/notifications/config.sls
new file mode 100644
--- /dev/null
+++ b/pillar/notifications/config.sls
@@ -0,0 +1,152 @@
+# -------------------------------------------------------------
+# Notifications center
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2020-09-30
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Credentials
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+notifications_credentials:
+ services:
+
+ # Nasqueron
+
+ - gate: GitHub
+ door: Nasqueron
+ secret: {{ salt['zr.get_token'](153) }}
+
+ - gate: GitHub
+ door: Wolfplex
+ secret: {{ salt['zr.get_token'](156) }}
+
+ - gate: GitHub
+ door: Keruald
+ secret: {{ salt['zr.get_token'](157) }}
+
+ - gate: GitHub
+ door: TrustSpace
+ secret: {{ salt['zr.get_token'](158) }}
+
+ - gate: GitHub
+ door: Eglide
+ secret: {{ salt['zr.get_token'](159) }}
+
+ - gate: Phabricator
+ door: Nasqueron
+ instance: https://devcentral.nasqueron.org
+ secret: {{ salt['zr.get_token'](154) }}
+ api_token: {{ salt['zr.get_token'](155) }}
+
+# Docker Hub build triggers URL can't currently been automated easily.
+
+# -------------------------------------------------------------
+# Payload analyzer configuration
+#
+# The content of notifications_configuration will be split
+# into folders and JSON files, converted from YAML objects.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+notifications_configuration:
+ GitHubPayloadAnalyzer:
+ default: &default
+ administrativeGroup: orgz
+ defaultGroup: ''
+ map: []
+
+ Nasqueron:
+ administrativeGroup: orgz
+ defaultGroup: nasqueron
+ map:
+ - group: docker
+ items:
+ - docker-*
+
+ - group: tasacora
+ items:
+ - tasacora-*
+
+ - group: devtools
+ items:
+ - notifications
+ - notifications-cli-client
+
+ - group: ops
+ items:
+ - decommission
+ - discourse-config
+ - ftp
+ - operations
+ - servers-*
+ - zemke-rhyne
+
+ JenkinsPayloadAnalyzer:
+ default:
+ defaultGroup: ci
+ map: []
+ notifyOnlyOnFailure: []
+
+ Nasqueron:
+ defaultGroup: ci
+ map:
+ - group: wikidata
+ items:
+ - deploy-irc-daeghrefn-wikidata
+
+ - group: ops
+ items:
+ - deploy-website-*
+ - test-prod-env
+
+ - group: devtools
+ items:
+ - test-notifications-*
+
+ notifyOnlyOnFailure:
+ - test-prod-env
+
+ PhabricatorPayloadAnalyzer:
+ default: *default
+
+ Nasqueron:
+ administrativeGroup: orgz
+ defaultGroup: nasqueron
+ map:
+ - group: docker
+ items:
+ - Docker images
+ - Nasqueron Docker deployment squad
+ words:
+ - Docker
+
+ - group: tasacora
+ items:
+ - Tasacora
+ words:
+ - Tasacora
+ - cartography
+
+ - group: trustspace
+ items:
+ - TrustSpace
+
+ - group: ops
+ items:
+ - Continous integration and delivery
+ - IPv6
+ - Mail
+ - Message queues
+ - Murasil
+ - Nasqueron security operations squad
+ - Servers
+ - Ops-sprint-*
+ - Salt
+ words:
+ - Ysul
+ - Dwellers
+ - Eglide
+ - pkg audit
+ wordsAreStrong: true
diff --git a/pillar/top.sls b/pillar/top.sls
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -27,6 +27,7 @@
docker-001:
- credentials.zr
+ - notifications.config
- paas.docker
- saas.jenkins
- saas.phpbb
diff --git a/roles/paas-docker/containers/notifications.sls b/roles/paas-docker/containers/notifications.sls
--- a/roles/paas-docker/containers/notifications.sls
+++ b/roles/paas-docker/containers/notifications.sls
@@ -6,10 +6,52 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
{% set containers = pillar['docker_containers'][grains['id']] %}
{% for instance, container in containers['notifications'].items() %}
+ # -------------------------------------------------------------
+ # Storage directory
+ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/{{ instance }}/storage:
+ file.directory:
+ - user: 431
+ - group: 433
+ - makedirs: True
+
+/srv/{{ instance }}/storage/app/credentials.json:
+ file.managed:
+ - user: 431
+ - group: 433
+ - makedirs: True
+ - contents: |
+ {{ pillar['notifications_credentials'] | json }}
+
+{% for folder, configs in salt['pillar.get']("notifications_configuration", {}).items() %}
+{% for config_file, config in configs.items() %}
+/srv/{{ instance }}/storage/app/{{ folder }}/{{ config_file }}.json:
+ file.managed:
+ - user: 431
+ - group: 433
+ - makedirs: True
+ - contents: |
+ {{ config | json }}
+{% endfor %}
+{% endfor %}
+
+{% if has_selinux %}
+selinux_context_notifications_data_{{ instance }}:
+ selinux.fcontext_policy_present:
+ - name: /srv/{{ instance }}/storage
+ - sel_type: container_file_t
+
+selinux_context_notifications_data_applied_{{ instance }}:
+ selinux.fcontext_policy_applied:
+ - name: /srv/{{ instance }}/storage
+{% endif %}
+
# -------------------------------------------------------------
# Container
#
@@ -17,7 +59,7 @@
# Description: Listen to webhooks, fire notifications to
# the broker. Used for CI / IRC notifications.
# Services used: RabbitMQ broker (white-rabbit)
-# Docker volume (/data/notifications/storage)
+# Docker volume (/srv/notifications/storage)
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
@@ -25,7 +67,7 @@
- detach: True
- interactive: True
- image: nasqueron/notifications
- - binds: /srv/notifications/storage:/var/wwwroot/default/storage
+ - binds: /srv/{{ instance }}/storage:/var/wwwroot/default/storage
- links:
- {{ container['broker_link'] }}:mq
- environment:

File Metadata

Mime Type
text/plain
Expires
Tue, Oct 1, 14:24 (20 h, 9 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2168527
Default Alt Text
D2354.id7005.diff (6 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator