Page MenuHomeDevCentral

D2862.id7312.diff
No OneTemporary

D2862.id7312.diff

diff --git a/_modules/paas_docker.py b/_modules/paas_docker.py
--- a/_modules/paas_docker.py
+++ b/_modules/paas_docker.py
@@ -29,6 +29,21 @@
return image
+def get_images():
+ """
+ A function to get the list of images used on a Docker engine.
+
+ Example:
+
+ salt docker-002 paas_docker.get_images
+ """
+ images = __pillar__.get("docker_images", [])
+
+ # Workaround for a merge issue for lists:
+ # Salt Tower concatenates them, a set will dedup them.
+ return set(images)
+
+
def get_subnets():
"""
A function to get the Docker subnets list.
@@ -38,7 +53,7 @@
salt * paas_docker.get_subnets
"""
try:
- networks = __pillar__["docker_networks"][__grains__["id"]]
+ networks = __pillar__["docker_networks"]
except KeyError:
networks = {}
@@ -52,7 +67,7 @@
def _get_containers():
try:
- return __pillar__["docker_containers"][__grains__["id"]]
+ return __pillar__["docker_containers"]
except KeyError:
return {}
diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -7,523 +7,11 @@
# -------------------------------------------------------------
docker_aliases:
- - &ipv4_docker002 51.255.124.9
- - &ipv4_docker002_restricted 172.27.27.5
-
-# -------------------------------------------------------------
-# Images
-#
-# You can append a :tag (by default, latest is used).
-#
-# It's not possible to specify Docker library images only by final name.
-# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker_images:
- '*':
- - certbot/certbot
-
- dwellers:
- # Core services
- - nasqueron/mysql:5.7
-
- docker-002:
- # Core services
- - library/postgres
- - library/redis:3.2-alpine
- - library/registry
- - nasqueron/mysql
- - nasqueron/rabbitmq
-
- # ACME DNS server
- - joohoi/acme-dns
-
- # Nasqueron services
- - nasqueron/auth-grove
-
- # Nasqueron API microservices
- - nasqueron/docker-registry-api
- - nasqueron/api-datasources
-
- # Infrastructure and development services
- - nasqueron/aphlict
- - nasqueron/cachet
- - nasqueron/etherpad:production
- - nasqueron/notifications
- - nasqueron/phabricator
- - ghcr.io/hound-search/hound
-
- # Continuous deployment jobs
- - jenkins/jenkins
- - nasqueron/jenkins-agent-node
- - nasqueron/jenkins-agent-php
- - nasqueron/jenkins-agent-php:7.4.23
- - nasqueron/jenkins-agent-rust
- - nasqueron/tommy
-
- # Pixelfed
- - nasqueron/pixelfed
-
- # Sentry
- - library/sentry
- - tianon/exim4
-
- # Hauk
- - bilde2910/hauk
-
-# -------------------------------------------------------------
-# Networks
-#
-# Containers can be grouped by network, instead to use links.
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker_networks:
- dwellers:
- bugzilla:
- subnet: 172.21.3.0/24
- jenkinsTest:
- subnet: 172.21.5.0/24
- docker-002:
- cd:
- subnet: 172.18.1.0/24
- ci:
- subnet: 172.18.2.0/24
- sentry:
- subnet: 172.18.3.0/24
-
-# -------------------------------------------------------------
-# Docker engine configuration
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker_daemon:
- docker-002:
- data-root: /srv/docker
- dwellers:
- data-root: /srv/docker
- group: nasqueron-dev-docker
-
-# -------------------------------------------------------------
-# Containers
-#
-# The docker_containers entry allow to declare
-# containers by image by servers
-#
-# The hierarchy is so as following.
-#
-# docker_containers:
-# server with the Docker engine:
-# service codename:
-# instance name:
-# container properties
-#
-# The service codename must match a state file in
-# the roles/paas-docker/containers/ directory.
-#
-# The container will be run with the specified instance name.
-#
-# **nginx**
-#
-# The container properties can also describe the information
-# needed to configure nginx with the host and app_port key.
-#
-# In such case, a matching vhost file should be declared as
-# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker_containers:
-
- #
- # Dwellers is the engine for Mastodon and CI intelligent bus services
- #
- dwellers:
-
- #
- # Core services
- #
-
- mysql:
- bugzilla_db:
- network: bugzilla
- version: 5.7
- credentials:
- root: espacewin.bugzilla.mysql_root
-
- #
- # Bugzilla
- #
-
- bugzilla:
- ew_bugzilla:
- host: bugzilla.espace-win.org
- app_port: 33080
- network: bugzilla
- mysql:
- host: bugzilla_db
- db: EspaceWin_Bugs
- credential: espacewin.bugzilla.mysql
-
- #
- # Jenkins
- #
-
- jenkins:
- jenkins_test:
- realm: test
- host: jenkins.test.nasqueron.org
- app_port: 47080
- jnlp_port: 52000
-
- jenkins_agent:
- zosso:
- image_flavour: php
- realm: test
-
- #
- # Mastodon
- #
-
- # Mastodon is currently deployed manually through docker-compose
- # and not yet integrated to the platform. This declaration is
- # currently only used for extra utilities deployment.
-
- mastodon_sidekiq:
- mastodon_sidekiq_1:
- realm: nasqueron
-
- #
- # Production engine
- #
- docker-002:
-
- #
- # Core services
- #
-
- mysql:
- acquisitariat:
- credentials:
- root: nasqueron.acquisitariat.mysql
- phpbb_db:
- credentials:
- root: espacewin.phpbb.mysql_root
-
- postgresql:
- sentry_db:
- image: nasqueron/postgres-sentry
- credential: nasqueron.sentry.postgresql
-
- memcached:
- sentry_memcached:
- version: 1.6.9-alpine
- network: sentry
+ - &ipv4_docker001 51.255.124.9
+ - &ipv4_docker001_restricted 51.255.124.9
- redis:
- sentry_redis:
- network: sentry
- pixelfed_redis: {}
-
- registry:
- registry:
- host: registry.nasqueron.org
- app_port: 5000
- allowed_ips:
- # Localhost
- - 127.0.0.1
-
- # Dwellers
- - 172.27.27.4
-
- # docker-002
- - 172.27.27.5
-
- rabbitmq:
- white-rabbit:
- ip: *ipv4_docker002_restricted
- host: white-rabbit.nasqueron.org
- app_port: 15672
- credentials:
- erlang_cookie: nasqueron/rabbitmq/white-rabbit/erlang-cookie
- root: nasqueron/rabbitmq/white-rabbit/root
-
- #
- # Phabricator
- #
-
- phabricator:
- # Nasqueron instance
- devcentral:
- app_port: 31080
- host: devcentral.nasqueron.org
- aliases:
- - phabricator.nasqueron.org
- blogs:
- servers:
- host: servers.nasqueron.org
- aliases:
- - server.nasqueron.org
- - serveur.nasqueron.org
- - serveurs.nasqueron.org
- mailer: mailgun
- credentials:
- mysql: zed.phabricator.mysql
- static_host: devcentral.nasqueron-user-content.org
- title: Nasqueron DevCentral
- mysql_link: acquisitariat
- skip_container: True
-
- # Private instance for Dereckson
- river_sector:
- app_port: 23080
- host: river-sector.dereckson.be
- static_host: river-sector.nasqueron-user-content.org
- mailer: _
- credentials:
- mysql: dereckson.phabricator.mysql
- storage:
- namespace: river_sector
- title: River Sector
- mysql_link: acquisitariat
-
- # Wolfplex instance
- wolfplex_phab:
- app_port: 35080
- host: phabricator.wolfplex.org
- aliases:
- - phabricator.wolfplex.be
- static_host: wolfplex.phabricator.nasqueron-user-content.org
- mailer: mailgun
- credentials:
- mailgun: wolfplex.phabricator.mailgun
- mysql: wolfplex.phabricator.mysql
- storage:
- namespace: wolfphab
- title: Wolfplex Phabricator
- mysql_link: acquisitariat
-
- # Zed instance
- zed_code:
- app_port: 36080
- host: code.zed.dereckson.be
- static_host: zed.phabricator.nasqueron-user-content.org
- mailer: sendgrid
- credentials:
- mysql: zed.phabricator.mysql
- sendgrid: zed.phabricator.sendgrid
- storage:
- namespace: zedphab
- title: Zed
- mysql_link: acquisitariat
-
- aphlict:
- aphlict:
- ports:
- client: 22280
- admin: 22281
-
- #
- # Notifications center
- #
-
- notifications:
- notifications:
- host: notifications.nasqueron.org
- app_port: 37080
- broker_link: white-rabbit
- credentials:
- broker: nasqueron.notifications.broker
- mailgun: nasqueron.notifications.mailgun
- sentry:
- realm: nasqueron
- project_id: 2
- credential: nasqueron.notifications.sentry
-
- #
- # Community and development services
- #
-
- etherpad:
- pad:
- app_port: 34080
- host: pad.nasqueron.org
- aliases:
- - pad.wolfplex.org
- - pad.wolfplex.be
- credential: nasqueron.etherpad.api
- mysql_link: acquisitariat
-
- # Hauk
- hauk:
- hauk:
- app_port: 43080
- host: geo.nasqueron.org
- api_entry_point: /hauk
-
- #
- # Let's Encrypt
- #
-
- acme_dns:
- acme:
- ip: *ipv4_docker002
- app_port: 41080
- host: acme.nasqueron.org
- nsadmin: ops.nasqueron.org
-
- #
- # CI and CD
- #
-
- jenkins:
- jenkins_cd:
- realm: cd
- host: cd.nasqueron.org
- app_port: 38080
- jnlp_port: 50000
- jenkins_ci:
- realm: ci
- host: ci.nasqueron.org
- app_port: 42080
- jnlp_port: 55000
-
- jenkins_agent:
- # Agents for CD
-
- apsile: &php_for_cd
- image_flavour: php
- realm: cd
-
- elapsi: *php_for_cd
-
- rust_brown:
- image_flavour: rust
- realm: cd
-
- yarabokin:
- image_flavour: node
- realm: cd
-
- # Agents for CI
-
- zateki: &php_for_ci
- image_flavour: php
- realm: ci
-
- zenerre:
- <<: *php_for_ci
- version: 7.4.23
-
- tommy:
- tommy_ci:
- app_port: 24080
- host: builds.nasqueron.org
- aliases:
- - build.nasqueron.org
- jenkins_url: https://ci.nasqueron.org
- jenkins_multi_branch: True
-
- tommy_cd:
- # No host definition, as this dashboard is mounted on infra.nasqueron.org
- app_port: 24180
- jenkins_url: https://cd.nasqueron.org
-
- #
- # Infrastructure and development services
- #
-
- hound:
- hound:
- app_port: 44080
- host: code.nasqueron.org
- github_account: nasqueron
-
- cachet:
- cachet:
- app_port: 39080
- host: status.nasqueron.org
- credential: nasqueron.cachet.mysql
- app_key: nasqueron.cachet.app_key
- mysql_link: acquisitariat
-
- auth-grove:
- login:
- app_port: 25080
- host: login.nasqueron.org
- credential: nasqueron.auth-grove.mysql
- mysql_link: acquisitariat
-
- # API microservices
-
- docker-registry-api:
- api-docker-registry:
- app_port: 20080
- api_entry_point: /docker/registry
- registry_instance: registry
-
- api-datasources:
- api-datasources:
- app_port: 19080
- api_entry_point: /datasources
-
- # phpBB SaaS
- # The SaaS uses a MySQL instance, declared in the MySQL section.
-
- # Openfire
- openfire:
- openfire:
- ip: *ipv4_docker002
- app_port: 9090
- host: xmpp.nasqueron.org
-
- # Other subservices for XMPP
- # listening to their own subdomain
- aliases:
- - conference.nasqueron.org
-
- # Pixelfed
- pixelfed:
- pixelfed:
- app_port: 30080
- host: photos.nasqueron.org
- aliases:
- - photo.nasqueron.org
- links:
- mysql: acquisitariat
- redis: pixelfed_redis
- credentials:
- app_key: nasqueron.pixelfed.app_key
- mailgun: nasqueron.pixelfed.mailgun
- mysql: nasqueron.pixelfed.mysql
- app:
- title: Nasqueron Photos
- max_album_length: 16
-
- # Sentry
- # The Sentry instance uses a Redis and a PostgreSQL instance,
- # declared above.
- exim:
- sentry_smtp:
- mailname: mx.sentry.nasqueron.org
- network: sentry
-
- sentry:
- sentry_web_1:
- app_port: 26080
- host: sentry.nasqueron.org
-
- # As an instance is divided between a web, a cron and a worker
- # containers, we need an identified to share a data volume.
- realm: nasqueron
- network: sentry
-
- sentry_worker:
- sentry_worker_1:
- realm: nasqueron
- network: sentry
-
- sentry_cron:
- sentry_cron:
- realm: nasqueron
- network: sentry
+ - &ipv4_docker002 51.255.124.10
+ - &ipv4_docker002_restricted 172.27.27.5
# -------------------------------------------------------------
# Monitoring
@@ -580,19 +68,3 @@
# - 15692 # Prometheus metrics (rabbitmq_prometheus plugin port)
# - 61613 # STOMP
# - 61614 # STOMP with TLS
-
-xmpp_ports:
- - 3478
- - 5222 # Client to server
- - 5223 # Client to server (Encrypted (legacy-mode) connections)
- - 5229 # Flash Cross Domain
- - 5262 # Connections managers
- - 5269 # Server to server
- - 5270 # Server to server (Encrypted (legacy-mode) connections)
- - 5275 # External components
- - 5276 # External components (Encrypted (legacy-mode) connections)
- - 7070 # HTTP binding
- - 7443 # HTTP binding with TLS
- - 7777 # File transfer proxy
- - 9090 # Web administration server
- - 9091 # Web administration server with TLS
diff --git a/pillar/paas/docker/docker-002/jenkins.sls b/pillar/paas/docker/docker-002/jenkins.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/docker-002/jenkins.sls
@@ -0,0 +1,82 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Jenkins
+# -------------------------------------------------------------
+
+docker_networks:
+ cd:
+ subnet: 172.18.1.0/24
+ ci:
+ subnet: 172.18.2.0/24
+
+docker_images:
+ - jenkins/jenkins
+ - nasqueron/jenkins-agent-node
+ - nasqueron/jenkins-agent-php
+ - nasqueron/jenkins-agent-php:7.4.23
+ - nasqueron/jenkins-agent-rust
+ - nasqueron/tommy
+
+docker_containers:
+
+ jenkins:
+ jenkins_cd:
+ realm: cd
+ host: cd.nasqueron.org
+ app_port: 38080
+ jnlp_port: 50000
+
+ jenkins_ci:
+ realm: ci
+ host: ci.nasqueron.org
+ app_port: 42080
+ jnlp_port: 55000
+
+ jenkins_agent:
+
+ #
+ # Agents for CD
+ #
+
+ apsile: &php_for_cd
+ image_flavour: php
+ realm: cd
+
+ elapsi: *php_for_cd
+
+ rust_brown:
+ image_flavour: rust
+ realm: cd
+
+ yarabokin:
+ image_flavour: node
+ realm: cd
+
+ #
+ # Agents for CI
+ #
+
+ zateki: &php_for_ci
+ image_flavour: php
+ realm: ci
+
+ zenerre:
+ <<: *php_for_ci
+ version: 7.4.23
+
+ tommy:
+ tommy_cd:
+ # No host definition, as this dashboard is mounted on infra.nasqueron.org
+ app_port: 24180
+ jenkins_url: https://cd.nasqueron.org
+
+ tommy_ci:
+ app_port: 24080
+ host: builds.nasqueron.org
+ aliases:
+ - build.nasqueron.org
+ jenkins_url: https://ci.nasqueron.org
+ jenkins_multi_branch: True
diff --git a/pillar/paas/docker/docker-002/main.sls b/pillar/paas/docker/docker-002/main.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/docker-002/main.sls
@@ -0,0 +1,315 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+docker_aliases:
+ - &ipv4_docker002 51.255.124.9
+ - &ipv4_docker002_restricted 172.27.27.5
+
+# -------------------------------------------------------------
+# Images
+#
+# You can append a :tag (by default, latest is used).
+#
+# It's not possible to specify Docker library images only by final name.
+# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_images:
+ - certbot/certbot
+
+ # Core services
+ - library/postgres
+ - library/redis:3.2-alpine
+ - library/registry
+ - nasqueron/mysql
+ - nasqueron/mysql:5.7
+ - nasqueron/rabbitmq
+
+ # ACME DNS server
+ - joohoi/acme-dns
+
+ # Nasqueron services
+ - nasqueron/auth-grove
+
+ # Nasqueron API microservices
+ - nasqueron/docker-registry-api
+ - nasqueron/api-datasources
+
+ # Infrastructure and development services
+ - nasqueron/aphlict
+ - nasqueron/cachet
+ - nasqueron/etherpad:production
+ - nasqueron/notifications
+ - nasqueron/phabricator
+ - ghcr.io/hound-search/hound
+
+ # Pixelfed
+ - nasqueron/pixelfed
+
+ # Hauk
+ - bilde2910/hauk
+
+# -------------------------------------------------------------
+# Docker engine configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_daemon:
+ data-root: /srv/docker
+
+# -------------------------------------------------------------
+# Containers
+#
+# The docker_containers entry allow to declare containers
+# by service. Generally a service matches an image.
+#
+# The hierarchy is so as following.
+#
+# docker_containers:
+# service codename:
+# instance name:
+# container properties
+#
+# The service codename must match a state file in
+# the roles/paas-docker/containers/ directory.
+#
+# The container will be run with the specified instance name.
+#
+# **nginx**
+#
+# The container properties can also describe the information
+# needed to configure nginx with the host and app_port key.
+#
+# In such case, a matching vhost file should be declared as
+# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_containers:
+
+ #
+ # Core services
+ #
+
+ mysql:
+ acquisitariat:
+ credentials:
+ root: nasqueron.acquisitariat.mysql
+ phpbb_db:
+ credentials:
+ root: espacewin.phpbb.mysql_root
+
+ redis:
+ pixelfed_redis: {}
+
+ registry:
+ registry:
+ host: registry.nasqueron.org
+ app_port: 5000
+ allowed_ips:
+ # Localhost
+ - 127.0.0.1
+
+ # Dwellers
+ - 172.27.27.4
+
+ # docker-002
+ - 172.27.27.5
+
+ rabbitmq:
+ white-rabbit:
+ ip: *ipv4_docker002_restricted
+ host: white-rabbit.nasqueron.org
+ app_port: 15672
+ credentials:
+ erlang_cookie: nasqueron/rabbitmq/white-rabbit/erlang-cookie
+ root: nasqueron/rabbitmq/white-rabbit/root
+
+ #
+ # Phabricator
+ #
+
+ phabricator:
+ # Nasqueron instance
+ devcentral:
+ app_port: 31080
+ host: devcentral.nasqueron.org
+ aliases:
+ - phabricator.nasqueron.org
+ blogs:
+ servers:
+ host: servers.nasqueron.org
+ aliases:
+ - server.nasqueron.org
+ - serveur.nasqueron.org
+ - serveurs.nasqueron.org
+ mailer: mailgun
+ credentials:
+ mysql: zed.phabricator.mysql
+ static_host: devcentral.nasqueron-user-content.org
+ title: Nasqueron DevCentral
+ mysql_link: acquisitariat
+ skip_container: True
+
+ # Private instance for Dereckson
+ river_sector:
+ app_port: 23080
+ host: river-sector.dereckson.be
+ static_host: river-sector.nasqueron-user-content.org
+ mailer: _
+ credentials:
+ mysql: dereckson.phabricator.mysql
+ storage:
+ namespace: river_sector
+ title: River Sector
+ mysql_link: acquisitariat
+
+ # Wolfplex instance
+ wolfplex_phab:
+ app_port: 35080
+ host: phabricator.wolfplex.org
+ aliases:
+ - phabricator.wolfplex.be
+ static_host: wolfplex.phabricator.nasqueron-user-content.org
+ mailer: mailgun
+ credentials:
+ mailgun: wolfplex.phabricator.mailgun
+ mysql: wolfplex.phabricator.mysql
+ storage:
+ namespace: wolfphab
+ title: Wolfplex Phabricator
+ mysql_link: acquisitariat
+
+ # Zed instance
+ zed_code:
+ app_port: 36080
+ host: code.zed.dereckson.be
+ static_host: zed.phabricator.nasqueron-user-content.org
+ mailer: sendgrid
+ credentials:
+ mysql: zed.phabricator.mysql
+ sendgrid: zed.phabricator.sendgrid
+ storage:
+ namespace: zedphab
+ title: Zed
+ mysql_link: acquisitariat
+
+ aphlict:
+ aphlict:
+ ports:
+ client: 22280
+ admin: 22281
+
+ #
+ # Notifications center
+ #
+
+ notifications:
+ notifications:
+ host: notifications.nasqueron.org
+ app_port: 37080
+ broker_link: white-rabbit
+ credentials:
+ broker: nasqueron.notifications.broker
+ mailgun: nasqueron.notifications.mailgun
+ sentry:
+ realm: nasqueron
+ project_id: 2
+ credential: nasqueron.notifications.sentry
+
+ #
+ # Community and development services
+ #
+
+ etherpad:
+ pad:
+ app_port: 34080
+ host: pad.nasqueron.org
+ aliases:
+ - pad.wolfplex.org
+ - pad.wolfplex.be
+ credential: nasqueron.etherpad.api
+ mysql_link: acquisitariat
+
+ # Hauk
+ hauk:
+ hauk:
+ app_port: 43080
+ host: geo.nasqueron.org
+ api_entry_point: /hauk
+
+ #
+ # Let's Encrypt
+ #
+
+ acme_dns:
+ acme:
+ ip: *ipv4_docker002
+ app_port: 41080
+ host: acme.nasqueron.org
+ nsadmin: ops.nasqueron.org
+
+ #
+ # CI and CD
+ #
+
+ #
+ # Infrastructure and development services
+ #
+
+ hound:
+ hound:
+ app_port: 44080
+ host: code.nasqueron.org
+ github_account: nasqueron
+
+ cachet:
+ cachet:
+ app_port: 39080
+ host: status.nasqueron.org
+ credential: nasqueron.cachet.mysql
+ app_key: nasqueron.cachet.app_key
+ mysql_link: acquisitariat
+
+ auth-grove:
+ login:
+ app_port: 25080
+ host: login.nasqueron.org
+ credential: nasqueron.auth-grove.mysql
+ mysql_link: acquisitariat
+
+ # API microservices
+
+ docker-registry-api:
+ api-docker-registry:
+ app_port: 20080
+ api_entry_point: /docker/registry
+ registry_instance: registry
+
+ api-datasources:
+ api-datasources:
+ app_port: 19080
+ api_entry_point: /datasources
+
+ # phpBB SaaS
+ # The SaaS uses a MySQL instance, declared in the MySQL section.
+
+ # Pixelfed
+ pixelfed:
+ pixelfed:
+ app_port: 30080
+ host: photos.nasqueron.org
+ aliases:
+ - photo.nasqueron.org
+ links:
+ mysql: acquisitariat
+ redis: pixelfed_redis
+ credentials:
+ app_key: nasqueron.pixelfed.app_key
+ mailgun: nasqueron.pixelfed.mailgun
+ mysql: nasqueron.pixelfed.mysql
+ app:
+ title: Nasqueron Photos
+ max_album_length: 16
diff --git a/pillar/paas/docker/docker-002/openfire.sls b/pillar/paas/docker/docker-002/openfire.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/docker-002/openfire.sls
@@ -0,0 +1,47 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Openfire XMPP server
+# -------------------------------------------------------------
+
+docker_aliases:
+ - &ipv4_docker002 51.255.124.9
+ - &ipv4_docker002_restricted 172.27.27.5
+
+docker_images:
+ - nasqueron/openfire
+
+docker_containers:
+ # Openfire
+ openfire:
+ openfire:
+ ip: *ipv4_docker002
+ app_port: 9090
+ host: xmpp.nasqueron.org
+
+ # Other subservices for XMPP
+ # listening to their own subdomain
+ aliases:
+ - conference.nasqueron.org
+
+ # -------------------------------------------------------------
+ # Ports listened
+ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+xmpp_ports:
+ - 3478 # VoIP STUN (Session Traversal Utilities for NAT)
+ - 5222 # Client to server
+ - 5223 # Client to server (Encrypted (legacy-mode) connections)
+ - 5229 # Flash Cross Domain
+ - 5262 # Connections managers
+ - 5269 # Server to server
+ - 5270 # Server to server (Encrypted (legacy-mode) connections)
+ - 5275 # External components
+ - 5276 # External components (Encrypted (legacy-mode) connections)
+ - 7070 # HTTP binding
+ - 7443 # HTTP binding with TLS
+ - 7777 # File transfer proxy
+ - 9090 # Web administration server
+ - 9091 # Web administration server with TLS
diff --git a/pillar/paas/docker/docker-002/sentry.sls b/pillar/paas/docker/docker-002/sentry.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/docker-002/sentry.sls
@@ -0,0 +1,65 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Sentry
+# -------------------------------------------------------------
+
+docker_networks:
+ sentry:
+ subnet: 172.18.3.0/24
+
+docker_images:
+ - library/postgres
+ - library/redis:3.2-alpine
+ - library/sentry
+ - tianon/exim4
+
+docker_containers:
+
+ #
+ # Core services used by Sentry
+ #
+
+ exim:
+ sentry_smtp:
+ mailname: mx.sentry.nasqueron.org
+ network: sentry
+
+ memcached:
+ sentry_memcached:
+ version: 1.6.9-alpine
+ network: sentry
+
+ redis:
+ sentry_redis:
+ network: sentry
+
+ postgresql:
+ sentry_db:
+ credential: nasqueron.sentry.postgresql
+
+ #
+ # Services maintained by Sentry
+ #
+
+ sentry:
+ sentry_web_1:
+ app_port: 26080
+ host: sentry.nasqueron.org
+
+ # As an instance is divided between a web, a cron and a worker
+ # containers, we need an identified to share a data volume.
+ realm: nasqueron
+ network: sentry
+
+ sentry_worker:
+ sentry_worker_1:
+ realm: nasqueron
+ network: sentry
+
+ sentry_cron:
+ sentry_cron:
+ realm: nasqueron
+ network: sentry
diff --git a/pillar/paas/docker/dwellers/main.sls b/pillar/paas/docker/dwellers/main.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/dwellers/main.sls
@@ -0,0 +1,127 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Images
+#
+# You can append a :tag (by default, latest is used).
+#
+# It's not possible to specify Docker library images only by final name.
+# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_images:
+ - certbot/certbot
+
+ # Core service
+ - nasqueron/mysql:5.7
+
+ # Continuous deployment jobs
+ - jenkins/jenkins
+ - nasqueron/jenkins-agent-php
+
+# -------------------------------------------------------------
+# Networks
+#
+# Containers can be grouped by network, instead to use links.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_networks:
+ bugzilla:
+ subnet: 172.21.3.0/24
+ jenkinsTest:
+ subnet: 172.21.5.0/24
+
+# -------------------------------------------------------------
+# Docker engine configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_daemon:
+ data-root: /srv/docker
+ group: nasqueron-dev-docker
+
+# -------------------------------------------------------------
+# Containers
+#
+# The docker_containers entry allow to declare
+# containers by image by servers
+#
+# The hierarchy is so as following.
+#
+# docker_containers:
+# service codename:
+# instance name:
+# container properties
+#
+# The service codename must match a state file in
+# the roles/paas-docker/containers/ directory.
+#
+# The container will be run with the specified instance name.
+#
+# **nginx**
+#
+# The container properties can also describe the information
+# needed to configure nginx with the host and app_port key.
+#
+# In such case, a matching vhost file should be declared as
+# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_containers:
+
+ #
+ # Core services
+ #
+
+ mysql:
+ bugzilla_db:
+ network: bugzilla
+ version: 5.7
+ credentials:
+ root: espacewin.bugzilla.mysql_root
+
+ #
+ # Bugzilla
+ #
+
+ bugzilla:
+ ew_bugzilla:
+ host: bugzilla.espace-win.org
+ app_port: 33080
+ network: bugzilla
+ mysql:
+ host: bugzilla_db
+ db: EspaceWin_Bugs
+ credential: espacewin.bugzilla.mysql
+
+ #
+ # Jenkins
+ #
+
+ jenkins:
+ jenkins_test:
+ realm: test
+ host: jenkins.test.nasqueron.org
+ app_port: 47080
+ jnlp_port: 52000
+
+ jenkins_agent:
+ zosso:
+ image_flavour: php
+ realm: test
+
+ #
+ # Mastodon
+ #
+
+ # Mastodon is currently deployed manually through docker-compose
+ # and not yet integrated to the platform. This declaration is
+ # currently only used for extra utilities deployment.
+
+ mastodon_sidekiq:
+ mastodon_sidekiq_1:
+ realm: nasqueron
diff --git a/roles/paas-docker/containers/init.sls b/pillar/tower.sls
copy from roles/paas-docker/containers/init.sls
copy to pillar/tower.sls
--- a/roles/paas-docker/containers/init.sls
+++ b/pillar/tower.sls
@@ -1,18 +1,12 @@
# -------------------------------------------------------------
-# Salt — Provision Docker engine
+# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
-# Created: 2018-03-11
# License: Trivial work, not eligible to copyright
+# Description: External pillar to configure pillar stanza
+# by pillar, grain or option value
+# Reference: https://github.com/jgraichen/salt-tower
# -------------------------------------------------------------
-{% set services = salt['node.filter_by_name']('docker_containers') %}
-
-{% if services %}
-
-include:
-{% for service in services %}
- - .{{ service }}
-{% endfor %}
-
-{% endif %}
+base:
+ - paas/docker/{{ minion_id }}/*.sls
diff --git a/roles/paas-docker/containers/acme_dns.sls b/roles/paas-docker/containers/acme_dns.sls
--- a/roles/paas-docker/containers/acme_dns.sls
+++ b/roles/paas-docker/containers/acme_dns.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['acme_dns'].items() %}
+{% for instance, container in pillar['docker_containers']['acme_dns'].items() %}
# -------------------------------------------------------------
# Storage directory
diff --git a/roles/paas-docker/containers/aphlict.sls b/roles/paas-docker/containers/aphlict.sls
--- a/roles/paas-docker/containers/aphlict.sls
+++ b/roles/paas-docker/containers/aphlict.sls
@@ -6,9 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['aphlict'].items() %}
+{% for instance, container in pillar['docker_containers']['aphlict'].items() %}
# -------------------------------------------------------------
# Container
diff --git a/roles/paas-docker/containers/api-datasources.sls b/roles/paas-docker/containers/api-datasources.sls
--- a/roles/paas-docker/containers/api-datasources.sls
+++ b/roles/paas-docker/containers/api-datasources.sls
@@ -6,9 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['api-datasources'].items() %}
+{% for instance, container in pillar['docker_containers']['api-datasources'].items() %}
# -------------------------------------------------------------
# Container
diff --git a/roles/paas-docker/containers/auth-grove.sls b/roles/paas-docker/containers/auth-grove.sls
--- a/roles/paas-docker/containers/auth-grove.sls
+++ b/roles/paas-docker/containers/auth-grove.sls
@@ -11,9 +11,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['auth-grove'].items() %}
+{% for instance, container in pillar['docker_containers']['auth-grove'].items() %}
# -------------------------------------------------------------
# Data directory
diff --git a/roles/paas-docker/containers/bugzilla.sls b/roles/paas-docker/containers/bugzilla.sls
--- a/roles/paas-docker/containers/bugzilla.sls
+++ b/roles/paas-docker/containers/bugzilla.sls
@@ -6,9 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['bugzilla'].items() %}
+{% for instance, container in pillar['docker_containers']['bugzilla'].items() %}
# -------------------------------------------------------------
# Container
diff --git a/roles/paas-docker/containers/cachet.sls b/roles/paas-docker/containers/cachet.sls
--- a/roles/paas-docker/containers/cachet.sls
+++ b/roles/paas-docker/containers/cachet.sls
@@ -6,9 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['cachet'].items() %}
+{% for instance, container in pillar['docker_containers']['cachet'].items() %}
# -------------------------------------------------------------
# Container
diff --git a/roles/paas-docker/containers/docker-registry-api.sls b/roles/paas-docker/containers/docker-registry-api.sls
--- a/roles/paas-docker/containers/docker-registry-api.sls
+++ b/roles/paas-docker/containers/docker-registry-api.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['docker-registry-api'].items() %}
+{% for instance, container in pillar['docker_containers']['docker-registry-api'].items() %}
# -------------------------------------------------------------
# Container
diff --git a/roles/paas-docker/containers/etherpad.sls b/roles/paas-docker/containers/etherpad.sls
--- a/roles/paas-docker/containers/etherpad.sls
+++ b/roles/paas-docker/containers/etherpad.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['etherpad'].items() %}
+{% for instance, container in pillar['docker_containers']['etherpad'].items() %}
# -------------------------------------------------------------
# Storage directory
diff --git a/roles/paas-docker/containers/exim.sls b/roles/paas-docker/containers/exim.sls
--- a/roles/paas-docker/containers/exim.sls
+++ b/roles/paas-docker/containers/exim.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['exim'].items() %}
+{% for instance, container in pillar['docker_containers']['exim'].items() %}
# -------------------------------------------------------------
# Data directory
diff --git a/roles/paas-docker/containers/hauk.sls b/roles/paas-docker/containers/hauk.sls
--- a/roles/paas-docker/containers/hauk.sls
+++ b/roles/paas-docker/containers/hauk.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['hauk'].items() %}
+{% for instance, container in pillar['docker_containers']['hauk'].items() %}
# -------------------------------------------------------------
# Storage directory
diff --git a/roles/paas-docker/containers/hound.sls b/roles/paas-docker/containers/hound.sls
--- a/roles/paas-docker/containers/hound.sls
+++ b/roles/paas-docker/containers/hound.sls
@@ -6,8 +6,6 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
# -------------------------------------------------------------
# Configuration provider
@@ -19,7 +17,7 @@
- mode: 755
-{% for instance, container in containers['hound'].items() %}
+{% for instance, container in pillar['docker_containers']['hound'].items() %}
# -------------------------------------------------------------
# Home directory
diff --git a/roles/paas-docker/containers/init.sls b/roles/paas-docker/containers/init.sls
--- a/roles/paas-docker/containers/init.sls
+++ b/roles/paas-docker/containers/init.sls
@@ -6,7 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set services = salt['node.filter_by_name']('docker_containers') %}
+{% set services = pillar.get('docker_containers', {}) %}
{% if services %}
diff --git a/roles/paas-docker/containers/jenkins.sls b/roles/paas-docker/containers/jenkins.sls
--- a/roles/paas-docker/containers/jenkins.sls
+++ b/roles/paas-docker/containers/jenkins.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['jenkins'].items() %}
+{% for instance, container in pillar['docker_containers']['jenkins'].items() %}
{% set realm = pillar['jenkins_realms'][container['realm']] %}
{% set home = "/srv/jenkins/" + container['realm'] + "/jenkins_home" %}
diff --git a/roles/paas-docker/containers/jenkins_agent.sls b/roles/paas-docker/containers/jenkins_agent.sls
--- a/roles/paas-docker/containers/jenkins_agent.sls
+++ b/roles/paas-docker/containers/jenkins_agent.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['jenkins_agent'].items() %}
+{% for instance, container in pillar['docker_containers']['jenkins_agent'].items() %}
{% set realm = pillar['jenkins_realms'][container['realm']] %}
{% set home = "/srv/jenkins/" + container['realm'] + "/agents_homes/" + instance %}
diff --git a/roles/paas-docker/containers/mastodon_sidekiq.sls b/roles/paas-docker/containers/mastodon_sidekiq.sls
--- a/roles/paas-docker/containers/mastodon_sidekiq.sls
+++ b/roles/paas-docker/containers/mastodon_sidekiq.sls
@@ -6,8 +6,6 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
# -------------------------------------------------------------
# Extra utilities
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -25,7 +23,7 @@
# Provision extra utilities
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance in containers['mastodon_sidekiq'] %}
+{% for instance in pillar['docker_containers']['mastodon_sidekiq'] %}
provision_clear_video_queue_{{ instance }}:
cmd.run:
diff --git a/roles/paas-docker/containers/memcached.sls b/roles/paas-docker/containers/memcached.sls
--- a/roles/paas-docker/containers/memcached.sls
+++ b/roles/paas-docker/containers/memcached.sls
@@ -6,9 +6,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['memcached'].items() %}
+{% for instance, container in pillar['docker_containers']['memcached'].items() %}
{% set image = salt['paas_docker.get_image']("memcached", container) %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/containers/mysql.sls b/roles/paas-docker/containers/mysql.sls
--- a/roles/paas-docker/containers/mysql.sls
+++ b/roles/paas-docker/containers/mysql.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['mysql'].items() %}
+{% for instance, container in pillar['docker_containers']['mysql'].items() %}
{% set image = salt['paas_docker.get_image']("nasqueron/mysql", container) %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/containers/notifications.sls b/roles/paas-docker/containers/notifications.sls
--- a/roles/paas-docker/containers/notifications.sls
+++ b/roles/paas-docker/containers/notifications.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['notifications'].items() %}
+{% for instance, container in pillar['docker_containers']['notifications'].items() %}
# -------------------------------------------------------------
# Storage directory
diff --git a/roles/paas-docker/containers/openfire.sls b/roles/paas-docker/containers/openfire.sls
--- a/roles/paas-docker/containers/openfire.sls
+++ b/roles/paas-docker/containers/openfire.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['openfire'].items() %}
+{% for instance, container in pillar['docker_containers']['openfire'].items() %}
# -------------------------------------------------------------
# Storage directory
diff --git a/roles/paas-docker/containers/phabricator.sls b/roles/paas-docker/containers/phabricator.sls
--- a/roles/paas-docker/containers/phabricator.sls
+++ b/roles/paas-docker/containers/phabricator.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['phabricator'].items() %}
+{% for instance, container in pillar['docker_containers']['phabricator'].items() %}
{% set create_container = "skip_container" not in container or not container['skip_container'] %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/containers/pixelfed.sls b/roles/paas-docker/containers/pixelfed.sls
--- a/roles/paas-docker/containers/pixelfed.sls
+++ b/roles/paas-docker/containers/pixelfed.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['pixelfed'].items() %}
+{% for instance, container in pillar['docker_containers']['pixelfed'].items() %}
# -------------------------------------------------------------
# Data directory
diff --git a/roles/paas-docker/containers/postgresql.sls b/roles/paas-docker/containers/postgresql.sls
--- a/roles/paas-docker/containers/postgresql.sls
+++ b/roles/paas-docker/containers/postgresql.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['postgresql'].items() %}
+{% for instance, container in pillar['docker_containers']['postgresql'].items() %}
{% set image = salt['paas_docker.get_image']("library/postgres", container) %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/containers/rabbitmq.sls b/roles/paas-docker/containers/rabbitmq.sls
--- a/roles/paas-docker/containers/rabbitmq.sls
+++ b/roles/paas-docker/containers/rabbitmq.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['rabbitmq'].items() %}
+{% for instance, container in pillar['docker_containers']['rabbitmq'].items() %}
# -------------------------------------------------------------
# Storage directory
diff --git a/roles/paas-docker/containers/redis.sls b/roles/paas-docker/containers/redis.sls
--- a/roles/paas-docker/containers/redis.sls
+++ b/roles/paas-docker/containers/redis.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['redis'].items() %}
+{% for instance, container in pillar['docker_containers']['redis'].items() %}
{% set image = salt['paas_docker.get_image']("library/redis", container) %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/containers/registry.sls b/roles/paas-docker/containers/registry.sls
--- a/roles/paas-docker/containers/registry.sls
+++ b/roles/paas-docker/containers/registry.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['registry'].items() %}
+{% for instance, container in pillar['docker_containers']['registry'].items() %}
# -------------------------------------------------------------
# Data directory
diff --git a/roles/paas-docker/containers/sentry.sls b/roles/paas-docker/containers/sentry.sls
--- a/roles/paas-docker/containers/sentry.sls
+++ b/roles/paas-docker/containers/sentry.sls
@@ -7,7 +7,6 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
# -------------------------------------------------------------
# Data directory
@@ -48,7 +47,7 @@
# Web application
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance, container in containers['sentry'].items() %}
+{% for instance, container in pillar['docker_containers']['sentry'].items() %}
{% set args = pillar['sentry_realms'][container['realm']] %}
@@ -80,7 +79,7 @@
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for service in ['worker', 'cron'] %}
-{% for instance, container in containers['sentry_' + service].items() %}
+{% for instance, container in pillar['docker_containers']['sentry_' + service].items() %}
{% set args = pillar['sentry_realms'][container['realm']] %}
diff --git a/roles/paas-docker/containers/tommy.sls b/roles/paas-docker/containers/tommy.sls
--- a/roles/paas-docker/containers/tommy.sls
+++ b/roles/paas-docker/containers/tommy.sls
@@ -6,9 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['tommy'].items() %}
+{% for instance, container in pillar['docker_containers']['tommy'].items() %}
# -------------------------------------------------------------
# Container
diff --git a/roles/paas-docker/docker/config.sls b/roles/paas-docker/docker/config.sls
--- a/roles/paas-docker/docker/config.sls
+++ b/roles/paas-docker/docker/config.sls
@@ -9,13 +9,12 @@
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
-# Configure lvm profile
+# Configure Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['id'] in pillar['docker_daemon'] %}
-
-{% set daemon = pillar['docker_daemon'][grains['id']] %}
+{% set daemon = pillar['docker_daemon'] %}
+{% if daemon %}
{{ dirs.etc }}/docker/daemon.json:
file.managed:
- source: salt://roles/paas-docker/docker/files/daemon.json.jinja
@@ -23,5 +22,4 @@
- mode: 644
- context:
daemon: {{ daemon }}
-
{% endif %}
diff --git a/roles/paas-docker/docker/images.sls b/roles/paas-docker/docker/images.sls
--- a/roles/paas-docker/docker/images.sls
+++ b/roles/paas-docker/docker/images.sls
@@ -6,7 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set images = salt['node.filter_by_name']('docker_images') %}
+{% set images = salt['paas_docker.get_images']() %}
# -------------------------------------------------------------
# Fetch Docker images
diff --git a/roles/paas-docker/docker/networks.sls b/roles/paas-docker/docker/networks.sls
--- a/roles/paas-docker/docker/networks.sls
+++ b/roles/paas-docker/docker/networks.sls
@@ -6,7 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set networks = salt['pillar.get']("docker_networks:" + grains['id'], {}) %}
+{% set networks = pillar.get("docker_networks", {}) %}
# -------------------------------------------------------------
# Bridge networks
diff --git a/roles/paas-docker/nginx/config.sls b/roles/paas-docker/nginx/config.sls
--- a/roles/paas-docker/nginx/config.sls
+++ b/roles/paas-docker/nginx/config.sls
@@ -7,7 +7,7 @@
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
-{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], {}) %}
+{% set containers = pillar.get('docker_containers', {}) %}
# -------------------------------------------------------------
# Base folder

File Metadata

Mime Type
text/plain
Expires
Mon, Nov 18, 18:42 (12 h, 49 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2250960
Default Alt Text
D2862.id7312.diff (52 KB)

Event Timeline