Page MenuHomeDevCentral
Files F3714831

D2354.id7126.diff
No OneTemporary
Actions

D2354.id7126.diff
View Options

diff --git a/_modules/notifications.py b/_modules/notifications.py
new file mode 100644
--- /dev/null
+++ b/_modules/notifications.py
@@ -0,0 +1,28 @@
+# -------------------------------------------------------------
+# Salt — Node execution module
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Description: Build Notifications center configuration
+# License: BSD-2-Clause
+# -------------------------------------------------------------
+
+
+import copy
+
+
+def get_credentials():
+ try:
+ services = __pillar__["notifications_credentials"]["services"]
+ except KeyError:
+ services = []
+
+ return {"services": [_build_service_config(service) for service in services]}
+
+
+def _build_service_config(service):
+ built_service = copy.deepcopy(service)
+
+ if "secret" in service:
+ built_service["secret"] = __salt__["credentials.get_token"](service["secret"])
+
+ return built_service
diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -110,6 +110,13 @@
- ops/secrets/nasqueron.notifications.mailgun
- ops/secrets/nasqueron.notifications.sentry
+ - ops/secrets/nasqueron.notifications.credentials_github_nasqueron
+ - ops/secrets/nasqueron.notifications.credentials_github_wolfplex
+ - ops/secrets/nasqueron.notifications.credentials_github_keruald
+ - ops/secrets/nasqueron.notifications.credentials_github_trustspace
+ - ops/secrets/nasqueron.notifications.credentials_github_eglide
+ - ops/secrets/nasqueron.notifications.credentials_phabricator_nasqueron
+
- ops/secrets/nasqueron.pixelfed.app_key
- ops/secrets/nasqueron.pixelfed.mailgun
- ops/secrets/nasqueron.pixelfed.mysql
diff --git a/pillar/notifications/config.sls b/pillar/notifications/config.sls
new file mode 100644
--- /dev/null
+++ b/pillar/notifications/config.sls
@@ -0,0 +1,153 @@
+# -------------------------------------------------------------
+# Notifications center
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Credentials
+#
+# The secret key value is the Vault key path for this secret,
+# it will be passed to the credentials.get_token method.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+notifications_credentials:
+ services:
+
+ # Nasqueron
+
+ - gate: GitHub
+ door: Nasqueron
+ secret: nasqueron.notifications.credentials_github_nasqueron
+
+ - gate: GitHub
+ door: Wolfplex
+ secret: nasqueron.notifications.credentials_github_wolfplex
+
+ - gate: GitHub
+ door: Keruald
+ secret: nasqueron.notifications.credentials_github_keruald
+
+ - gate: GitHub
+ door: TrustSpace
+ secret: nasqueron.notifications.credentials_github_trustspace
+
+ - gate: GitHub
+ door: Eglide
+ secret: nasqueron.notifications.credentials_github_eglide
+
+ - gate: Phabricator
+ door: Nasqueron
+ instance: https://devcentral.nasqueron.org
+ secret: nasqueron.notifications.credentials_phabricator_nasqueron
+
+# Docker Hub build triggers URL can't currently been automated easily.
+
+# -------------------------------------------------------------
+# Payload analyzer configuration
+#
+# The content of notifications_configuration will be split
+# into folders and JSON files, converted from YAML objects.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+notifications_configuration:
+ GitHubPayloadAnalyzer:
+ default: &default
+ administrativeGroup: orgz
+ defaultGroup: ''
+ map: []
+
+ Nasqueron:
+ administrativeGroup: orgz
+ defaultGroup: nasqueron
+ map:
+ - group: docker
+ items:
+ - docker-*
+
+ - group: tasacora
+ items:
+ - tasacora-*
+
+ - group: devtools
+ items:
+ - notifications
+ - notifications-cli-client
+
+ - group: ops
+ items:
+ - decommission
+ - discourse-config
+ - ftp
+ - operations
+ - servers-*
+ - zemke-rhyne
+
+ JenkinsPayloadAnalyzer:
+ default:
+ defaultGroup: ci
+ map: []
+ notifyOnlyOnFailure: []
+
+ Nasqueron:
+ defaultGroup: ci
+ map:
+ - group: wikidata
+ items:
+ - deploy-irc-daeghrefn-wikidata
+
+ - group: ops
+ items:
+ - deploy-website-*
+ - test-prod-env
+
+ - group: devtools
+ items:
+ - test-notifications-*
+
+ notifyOnlyOnFailure:
+ - test-prod-env
+
+ PhabricatorPayloadAnalyzer:
+ default: *default
+
+ Nasqueron:
+ administrativeGroup: orgz
+ defaultGroup: nasqueron
+ map:
+ - group: docker
+ items:
+ - Docker images
+ - Nasqueron Docker deployment squad
+ words:
+ - Docker
+
+ - group: tasacora
+ items:
+ - Tasacora
+ words:
+ - Tasacora
+ - cartography
+
+ - group: trustspace
+ items:
+ - TrustSpace
+
+ - group: ops
+ items:
+ - Continous integration and delivery
+ - IPv6
+ - Mail
+ - Message queues
+ - Murasil
+ - Nasqueron security operations squad
+ - Servers
+ - Ops-sprint-*
+ - Salt
+ words:
+ - Ysul
+ - Dwellers
+ - Eglide
+ - pkg audit
+ wordsAreStrong: true
diff --git a/pillar/top.sls b/pillar/top.sls
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -27,6 +27,7 @@
docker-001:
- credentials.zr
+ - notifications.config
- paas.docker
- saas.jenkins
- saas.phpbb
diff --git a/roles/paas-docker/containers/notifications.sls b/roles/paas-docker/containers/notifications.sls
--- a/roles/paas-docker/containers/notifications.sls
+++ b/roles/paas-docker/containers/notifications.sls
@@ -6,10 +6,52 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
{% set containers = pillar['docker_containers'][grains['id']] %}
{% for instance, container in containers['notifications'].items() %}
+ # -------------------------------------------------------------
+ # Storage directory
+ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/srv/{{ instance }}/storage:
+ file.directory:
+ - user: 431
+ - group: 433
+ - makedirs: True
+
+/srv/{{ instance }}/storage/app/credentials.json:
+ file.managed:
+ - user: 431
+ - group: 433
+ - makedirs: True
+ - contents: |
+ {{ salt['notifications.get_credentials']() | json }}
+
+{% for folder, configs in salt['pillar.get']("notifications_configuration", {}).items() %}
+{% for config_file, config in configs.items() %}
+/srv/{{ instance }}/storage/app/{{ folder }}/{{ config_file }}.json:
+ file.managed:
+ - user: 431
+ - group: 433
+ - makedirs: True
+ - contents: |
+ {{ config | json }}
+{% endfor %}
+{% endfor %}
+
+{% if has_selinux %}
+selinux_context_notifications_data_{{ instance }}:
+ selinux.fcontext_policy_present:
+ - name: /srv/{{ instance }}/storage
+ - sel_type: container_file_t
+
+selinux_context_notifications_data_applied_{{ instance }}:
+ selinux.fcontext_policy_applied:
+ - name: /srv/{{ instance }}/storage
+{% endif %}
+
# -------------------------------------------------------------
# Container
#
@@ -17,7 +59,7 @@
# Description: Listen to webhooks, fire notifications to
# the broker. Used for CI / IRC notifications.
# Services used: RabbitMQ broker (white-rabbit)
-# Docker volume (/data/notifications/storage)
+# Docker volume (/srv/notifications/storage)
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
@@ -25,7 +67,7 @@
- detach: True
- interactive: True
- image: nasqueron/notifications
- - binds: /srv/notifications/storage:/var/wwwroot/default/storage
+ - binds: /srv/{{ instance }}/storage:/var/wwwroot/default/storage
- links:
- {{ container['broker_link'] }}:mq
- environment:

File Metadata

Mime Type
text/plain
Expires
Tue, Nov 5, 20:50 (1 h, 13 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2230823
Default Alt Text
D2354.id7126.diff (8 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator