Page MenuHomeDevCentral
Files F3695142

D3094.id7911.diff
No OneTemporary
Actions

D3094.id7911.diff
View Options

diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -87,6 +87,11 @@
devserver:
- ops/secrets/nasqueron/notifications/notifications-cli/%%node%%
+ - ops/secrets/nasqueron/deploy/deploy_keys/alken-orin
+ - ops/secrets/nasqueron/deploy/deploy_keys/by_repo/bitbucket/dereckson/www
+ - ops/secrets/nasqueron/deploy/deploy_keys/by_repo/bitbucket/ewosp/www
+ - ops/secrets/nasqueron/deploy/deploy_keys/by_repo/github/wolfplex/api-www
+
opensearch:
- ops/secrets/nasqueron.opensearch.infra-logs.internal_users.admin
- ops/secrets/nasqueron.opensearch.infra-logs.internal_users.dashboards
diff --git a/pillar/webserver/wwwroot51.sls b/pillar/webserver/wwwroot51.sls
--- a/pillar/webserver/wwwroot51.sls
+++ b/pillar/webserver/wwwroot51.sls
@@ -7,21 +7,41 @@
wwwroot51_basedir: /var/51-wwwroot
+wwwroot51_identities:
+ alken-orin:
+ secret: secrets/nasqueron/deploy/deploy_keys/alken-orin
+ path: /opt/salt/security/id_alken_orin_ed25519
+
+ deploy-key-bitbucket-dereckson-www:
+ secret: secrets/nasqueron/deploy/deploy_keys/by_repo/bitbucket/dereckson/www
+ path: /opt/salt/security/id_bitbucket_dereckson_www
+
+ deploy-key-bitbucket-espacewin-www:
+ secret: secrets/nasqueron/deploy/deploy_keys/by_repo/bitbucket/ewosp/www
+ path: /opt/salt/security/id_bitbucket_espacewin_www
+
+ deploy-key-github-wolfplex-api-www:
+ secret: secrets/nasqueron/deploy/deploy_keys/by_repo/github/wolfplex/api-www
+ path: /opt/salt/security/id_github_wolfplex_api_www
+
wwwroot51_directories:
api:
user: dereckson
group: dereckson
repository: ssh://vcs@devcentral.nasqueron.org:5022/source/api.git
+ identity: alken-orin
dereckson-www:
user: dereckson
group: dereckson
repository: git@bitbucket.org:dereckson/www.dereckson.be.git
+ identity: deploy-key-bitbucekt-dereckson-www
espacewin-www:
user: dereckson
group: dereckson
repository: git@bitbucket.org:ewosp/www.espace-win.org.git
+ identity: deploy-key-bitbucket-espacewin-www
mediawiki-dereckson:
user: dereckson
@@ -35,18 +55,22 @@
user: dereckson
group: mediawiki
repository: ssh://vcs@devcentral.nasqueron.org:5022/source/saas-mediawiki.git
+ identity: alken-orin
tools:
user: dereckson
group: dereckson
repository: ssh://vcs@devcentral.nasqueron.org:5022/source/tools.git
+ identity: alken-orin
wolfplex-api:
user: dereckson
group: dereckson
repository: git@github.com:wolfplex/api-www.git
+ identity: deploy-key-github-wolfplex-api-www
www:
user: dereckson
group: dereckson
repository: ssh://vcs@devcentral.nasqueron.org:5022/source/www.git
+ identity: alken-orin
diff --git a/roles/devserver/webserver-wwwroot51/credentials.sls b/roles/devserver/webserver-wwwroot51/credentials.sls
new file mode 100644
--- /dev/null
+++ b/roles/devserver/webserver-wwwroot51/credentials.sls
@@ -0,0 +1,30 @@
+# -------------------------------------------------------------
+# Salt — Webserver wwwroot51 content
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+/opt/salt/security:
+ file.directory:
+ - user: deploy
+ - makedirs: True
+ - mode: 700
+
+{% for _, identity in pillar.get("wwwroot51_identities", {}).items() %}
+
+{{ identity["path"] }}:
+ file.managed:
+ - user: deploy
+ - mode: 400
+ - contents: {{ salt["credentials.get_password"](identity["secret"]) }}
+ - show_changes: False
+
+{{ identity["path"] }}.pub:
+ file.managed:
+ - user: deploy
+ - mode: 444
+ - contents: {{ salt["credentials.get_username"](identity["secret"]) }}
+ - show_changes: False
+
+{% endfor %}
diff --git a/roles/devserver/webserver-wwwroot51/init.sls b/roles/devserver/webserver-wwwroot51/init.sls
--- a/roles/devserver/webserver-wwwroot51/init.sls
+++ b/roles/devserver/webserver-wwwroot51/init.sls
@@ -2,66 +2,9 @@
# Salt — Webserver wwwroot51 content
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
-# Created: 2018-02-11
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set basedir = pillar['wwwroot51_basedir'] %}
-
-# -------------------------------------------------------------
-# Base directory
-#
-# If ZFS is available, create a volume with frequent snapshots
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-{{ basedir }}:
- file.directory:
- - dir_mode: 711
-
-{% if salt['node.has']('zfs:pool') %}
-{% set tank = salt['node.get']("zfs:pool") %}
-
-{{ tank }}/wwwroot51:
- zfs.filesystem_present:
- - properties:
- mountpoint: {{ basedir }}
- compression: zstd
- "com.sun:auto-snapshot": "true"
-
-{% endif %}
-
-# -------------------------------------------------------------
-# 51 sites
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-{% for sitename, site in pillar['wwwroot51_directories'].items() %}
-{{ basedir }}/{{ sitename }}:
- file.directory:
- - dir_mode: 711
-{% if 'repository' not in site %}
- - user: {{ site['user'] }}
- - group: {{ site['group'] }}
-{% else %}
- # Credentials belong to deploy user
- - user: deploy
-
- git.latest:
- - name: {{ site['repository'] }}
- - target: {{ basedir }}/{{ sitename }}
- - user: deploy
- - identity: /opt/salt/security/id_ed25519
- - update_head: False
-
-fix_rights_{{ basedir }}/{{ sitename }}:
- file.directory:
- - name: {{ basedir }}/{{ sitename }}
- - user: {{ site['user'] }}
- - group: {{ site['group'] }}
- - recurse:
- - user
- - group
- - onchanges:
- - git: {{ basedir }}/{{ sitename }}
-
-{% endif %}
-{% endfor %}
+include:
+ - .credentials
+ - .sites
diff --git a/roles/devserver/webserver-wwwroot51/init.sls b/roles/devserver/webserver-wwwroot51/sites.sls
copy from roles/devserver/webserver-wwwroot51/init.sls
copy to roles/devserver/webserver-wwwroot51/sites.sls
--- a/roles/devserver/webserver-wwwroot51/init.sls
+++ b/roles/devserver/webserver-wwwroot51/sites.sls
@@ -2,7 +2,6 @@
# Salt — Webserver wwwroot51 content
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
-# Created: 2018-02-11
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
@@ -34,6 +33,8 @@
# 51 sites
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+{% set identities = pillar["wwwroot51_identities"] %}
+
{% for sitename, site in pillar['wwwroot51_directories'].items() %}
{{ basedir }}/{{ sitename }}:
file.directory:
@@ -49,7 +50,7 @@
- name: {{ site['repository'] }}
- target: {{ basedir }}/{{ sitename }}
- user: deploy
- - identity: /opt/salt/security/id_ed25519
+ - identity: {{ identities[site["identity"]]["path"] }}
- update_head: False
fix_rights_{{ basedir }}/{{ sitename }}:

File Metadata

Mime Type
text/plain
Expires
Sun, Oct 27, 21:34 (22 h, 11 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2218570
Default Alt Text
D3094.id7911.diff (7 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator