Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3752378
D2862.id7312.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
52 KB
Referenced Files
None
Subscribers
None
D2862.id7312.diff
View Options
diff --git a/_modules/paas_docker.py b/_modules/paas_docker.py
--- a/_modules/paas_docker.py
+++ b/_modules/paas_docker.py
@@ -29,6 +29,21 @@
return image
+def get_images():
+ """
+ A function to get the list of images used on a Docker engine.
+
+ Example:
+
+ salt docker-002 paas_docker.get_images
+ """
+ images = __pillar__.get("docker_images", [])
+
+ # Workaround for a merge issue for lists:
+ # Salt Tower concatenates them, a set will dedup them.
+ return set(images)
+
+
def get_subnets():
"""
A function to get the Docker subnets list.
@@ -38,7 +53,7 @@
salt * paas_docker.get_subnets
"""
try:
- networks = __pillar__["docker_networks"][__grains__["id"]]
+ networks = __pillar__["docker_networks"]
except KeyError:
networks = {}
@@ -52,7 +67,7 @@
def _get_containers():
try:
- return __pillar__["docker_containers"][__grains__["id"]]
+ return __pillar__["docker_containers"]
except KeyError:
return {}
diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -7,523 +7,11 @@
# -------------------------------------------------------------
docker_aliases:
- - &ipv4_docker002 51.255.124.9
- - &ipv4_docker002_restricted 172.27.27.5
-
-# -------------------------------------------------------------
-# Images
-#
-# You can append a :tag (by default, latest is used).
-#
-# It's not possible to specify Docker library images only by final name.
-# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker_images:
- '*':
- - certbot/certbot
-
- dwellers:
- # Core services
- - nasqueron/mysql:5.7
-
- docker-002:
- # Core services
- - library/postgres
- - library/redis:3.2-alpine
- - library/registry
- - nasqueron/mysql
- - nasqueron/rabbitmq
-
- # ACME DNS server
- - joohoi/acme-dns
-
- # Nasqueron services
- - nasqueron/auth-grove
-
- # Nasqueron API microservices
- - nasqueron/docker-registry-api
- - nasqueron/api-datasources
-
- # Infrastructure and development services
- - nasqueron/aphlict
- - nasqueron/cachet
- - nasqueron/etherpad:production
- - nasqueron/notifications
- - nasqueron/phabricator
- - ghcr.io/hound-search/hound
-
- # Continuous deployment jobs
- - jenkins/jenkins
- - nasqueron/jenkins-agent-node
- - nasqueron/jenkins-agent-php
- - nasqueron/jenkins-agent-php:7.4.23
- - nasqueron/jenkins-agent-rust
- - nasqueron/tommy
-
- # Pixelfed
- - nasqueron/pixelfed
-
- # Sentry
- - library/sentry
- - tianon/exim4
-
- # Hauk
- - bilde2910/hauk
-
-# -------------------------------------------------------------
-# Networks
-#
-# Containers can be grouped by network, instead to use links.
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker_networks:
- dwellers:
- bugzilla:
- subnet: 172.21.3.0/24
- jenkinsTest:
- subnet: 172.21.5.0/24
- docker-002:
- cd:
- subnet: 172.18.1.0/24
- ci:
- subnet: 172.18.2.0/24
- sentry:
- subnet: 172.18.3.0/24
-
-# -------------------------------------------------------------
-# Docker engine configuration
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker_daemon:
- docker-002:
- data-root: /srv/docker
- dwellers:
- data-root: /srv/docker
- group: nasqueron-dev-docker
-
-# -------------------------------------------------------------
-# Containers
-#
-# The docker_containers entry allow to declare
-# containers by image by servers
-#
-# The hierarchy is so as following.
-#
-# docker_containers:
-# server with the Docker engine:
-# service codename:
-# instance name:
-# container properties
-#
-# The service codename must match a state file in
-# the roles/paas-docker/containers/ directory.
-#
-# The container will be run with the specified instance name.
-#
-# **nginx**
-#
-# The container properties can also describe the information
-# needed to configure nginx with the host and app_port key.
-#
-# In such case, a matching vhost file should be declared as
-# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker_containers:
-
- #
- # Dwellers is the engine for Mastodon and CI intelligent bus services
- #
- dwellers:
-
- #
- # Core services
- #
-
- mysql:
- bugzilla_db:
- network: bugzilla
- version: 5.7
- credentials:
- root: espacewin.bugzilla.mysql_root
-
- #
- # Bugzilla
- #
-
- bugzilla:
- ew_bugzilla:
- host: bugzilla.espace-win.org
- app_port: 33080
- network: bugzilla
- mysql:
- host: bugzilla_db
- db: EspaceWin_Bugs
- credential: espacewin.bugzilla.mysql
-
- #
- # Jenkins
- #
-
- jenkins:
- jenkins_test:
- realm: test
- host: jenkins.test.nasqueron.org
- app_port: 47080
- jnlp_port: 52000
-
- jenkins_agent:
- zosso:
- image_flavour: php
- realm: test
-
- #
- # Mastodon
- #
-
- # Mastodon is currently deployed manually through docker-compose
- # and not yet integrated to the platform. This declaration is
- # currently only used for extra utilities deployment.
-
- mastodon_sidekiq:
- mastodon_sidekiq_1:
- realm: nasqueron
-
- #
- # Production engine
- #
- docker-002:
-
- #
- # Core services
- #
-
- mysql:
- acquisitariat:
- credentials:
- root: nasqueron.acquisitariat.mysql
- phpbb_db:
- credentials:
- root: espacewin.phpbb.mysql_root
-
- postgresql:
- sentry_db:
- image: nasqueron/postgres-sentry
- credential: nasqueron.sentry.postgresql
-
- memcached:
- sentry_memcached:
- version: 1.6.9-alpine
- network: sentry
+ - &ipv4_docker001 51.255.124.9
+ - &ipv4_docker001_restricted 51.255.124.9
- redis:
- sentry_redis:
- network: sentry
- pixelfed_redis: {}
-
- registry:
- registry:
- host: registry.nasqueron.org
- app_port: 5000
- allowed_ips:
- # Localhost
- - 127.0.0.1
-
- # Dwellers
- - 172.27.27.4
-
- # docker-002
- - 172.27.27.5
-
- rabbitmq:
- white-rabbit:
- ip: *ipv4_docker002_restricted
- host: white-rabbit.nasqueron.org
- app_port: 15672
- credentials:
- erlang_cookie: nasqueron/rabbitmq/white-rabbit/erlang-cookie
- root: nasqueron/rabbitmq/white-rabbit/root
-
- #
- # Phabricator
- #
-
- phabricator:
- # Nasqueron instance
- devcentral:
- app_port: 31080
- host: devcentral.nasqueron.org
- aliases:
- - phabricator.nasqueron.org
- blogs:
- servers:
- host: servers.nasqueron.org
- aliases:
- - server.nasqueron.org
- - serveur.nasqueron.org
- - serveurs.nasqueron.org
- mailer: mailgun
- credentials:
- mysql: zed.phabricator.mysql
- static_host: devcentral.nasqueron-user-content.org
- title: Nasqueron DevCentral
- mysql_link: acquisitariat
- skip_container: True
-
- # Private instance for Dereckson
- river_sector:
- app_port: 23080
- host: river-sector.dereckson.be
- static_host: river-sector.nasqueron-user-content.org
- mailer: _
- credentials:
- mysql: dereckson.phabricator.mysql
- storage:
- namespace: river_sector
- title: River Sector
- mysql_link: acquisitariat
-
- # Wolfplex instance
- wolfplex_phab:
- app_port: 35080
- host: phabricator.wolfplex.org
- aliases:
- - phabricator.wolfplex.be
- static_host: wolfplex.phabricator.nasqueron-user-content.org
- mailer: mailgun
- credentials:
- mailgun: wolfplex.phabricator.mailgun
- mysql: wolfplex.phabricator.mysql
- storage:
- namespace: wolfphab
- title: Wolfplex Phabricator
- mysql_link: acquisitariat
-
- # Zed instance
- zed_code:
- app_port: 36080
- host: code.zed.dereckson.be
- static_host: zed.phabricator.nasqueron-user-content.org
- mailer: sendgrid
- credentials:
- mysql: zed.phabricator.mysql
- sendgrid: zed.phabricator.sendgrid
- storage:
- namespace: zedphab
- title: Zed
- mysql_link: acquisitariat
-
- aphlict:
- aphlict:
- ports:
- client: 22280
- admin: 22281
-
- #
- # Notifications center
- #
-
- notifications:
- notifications:
- host: notifications.nasqueron.org
- app_port: 37080
- broker_link: white-rabbit
- credentials:
- broker: nasqueron.notifications.broker
- mailgun: nasqueron.notifications.mailgun
- sentry:
- realm: nasqueron
- project_id: 2
- credential: nasqueron.notifications.sentry
-
- #
- # Community and development services
- #
-
- etherpad:
- pad:
- app_port: 34080
- host: pad.nasqueron.org
- aliases:
- - pad.wolfplex.org
- - pad.wolfplex.be
- credential: nasqueron.etherpad.api
- mysql_link: acquisitariat
-
- # Hauk
- hauk:
- hauk:
- app_port: 43080
- host: geo.nasqueron.org
- api_entry_point: /hauk
-
- #
- # Let's Encrypt
- #
-
- acme_dns:
- acme:
- ip: *ipv4_docker002
- app_port: 41080
- host: acme.nasqueron.org
- nsadmin: ops.nasqueron.org
-
- #
- # CI and CD
- #
-
- jenkins:
- jenkins_cd:
- realm: cd
- host: cd.nasqueron.org
- app_port: 38080
- jnlp_port: 50000
- jenkins_ci:
- realm: ci
- host: ci.nasqueron.org
- app_port: 42080
- jnlp_port: 55000
-
- jenkins_agent:
- # Agents for CD
-
- apsile: &php_for_cd
- image_flavour: php
- realm: cd
-
- elapsi: *php_for_cd
-
- rust_brown:
- image_flavour: rust
- realm: cd
-
- yarabokin:
- image_flavour: node
- realm: cd
-
- # Agents for CI
-
- zateki: &php_for_ci
- image_flavour: php
- realm: ci
-
- zenerre:
- <<: *php_for_ci
- version: 7.4.23
-
- tommy:
- tommy_ci:
- app_port: 24080
- host: builds.nasqueron.org
- aliases:
- - build.nasqueron.org
- jenkins_url: https://ci.nasqueron.org
- jenkins_multi_branch: True
-
- tommy_cd:
- # No host definition, as this dashboard is mounted on infra.nasqueron.org
- app_port: 24180
- jenkins_url: https://cd.nasqueron.org
-
- #
- # Infrastructure and development services
- #
-
- hound:
- hound:
- app_port: 44080
- host: code.nasqueron.org
- github_account: nasqueron
-
- cachet:
- cachet:
- app_port: 39080
- host: status.nasqueron.org
- credential: nasqueron.cachet.mysql
- app_key: nasqueron.cachet.app_key
- mysql_link: acquisitariat
-
- auth-grove:
- login:
- app_port: 25080
- host: login.nasqueron.org
- credential: nasqueron.auth-grove.mysql
- mysql_link: acquisitariat
-
- # API microservices
-
- docker-registry-api:
- api-docker-registry:
- app_port: 20080
- api_entry_point: /docker/registry
- registry_instance: registry
-
- api-datasources:
- api-datasources:
- app_port: 19080
- api_entry_point: /datasources
-
- # phpBB SaaS
- # The SaaS uses a MySQL instance, declared in the MySQL section.
-
- # Openfire
- openfire:
- openfire:
- ip: *ipv4_docker002
- app_port: 9090
- host: xmpp.nasqueron.org
-
- # Other subservices for XMPP
- # listening to their own subdomain
- aliases:
- - conference.nasqueron.org
-
- # Pixelfed
- pixelfed:
- pixelfed:
- app_port: 30080
- host: photos.nasqueron.org
- aliases:
- - photo.nasqueron.org
- links:
- mysql: acquisitariat
- redis: pixelfed_redis
- credentials:
- app_key: nasqueron.pixelfed.app_key
- mailgun: nasqueron.pixelfed.mailgun
- mysql: nasqueron.pixelfed.mysql
- app:
- title: Nasqueron Photos
- max_album_length: 16
-
- # Sentry
- # The Sentry instance uses a Redis and a PostgreSQL instance,
- # declared above.
- exim:
- sentry_smtp:
- mailname: mx.sentry.nasqueron.org
- network: sentry
-
- sentry:
- sentry_web_1:
- app_port: 26080
- host: sentry.nasqueron.org
-
- # As an instance is divided between a web, a cron and a worker
- # containers, we need an identified to share a data volume.
- realm: nasqueron
- network: sentry
-
- sentry_worker:
- sentry_worker_1:
- realm: nasqueron
- network: sentry
-
- sentry_cron:
- sentry_cron:
- realm: nasqueron
- network: sentry
+ - &ipv4_docker002 51.255.124.10
+ - &ipv4_docker002_restricted 172.27.27.5
# -------------------------------------------------------------
# Monitoring
@@ -580,19 +68,3 @@
# - 15692 # Prometheus metrics (rabbitmq_prometheus plugin port)
# - 61613 # STOMP
# - 61614 # STOMP with TLS
-
-xmpp_ports:
- - 3478
- - 5222 # Client to server
- - 5223 # Client to server (Encrypted (legacy-mode) connections)
- - 5229 # Flash Cross Domain
- - 5262 # Connections managers
- - 5269 # Server to server
- - 5270 # Server to server (Encrypted (legacy-mode) connections)
- - 5275 # External components
- - 5276 # External components (Encrypted (legacy-mode) connections)
- - 7070 # HTTP binding
- - 7443 # HTTP binding with TLS
- - 7777 # File transfer proxy
- - 9090 # Web administration server
- - 9091 # Web administration server with TLS
diff --git a/pillar/paas/docker/docker-002/jenkins.sls b/pillar/paas/docker/docker-002/jenkins.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/docker-002/jenkins.sls
@@ -0,0 +1,82 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Jenkins
+# -------------------------------------------------------------
+
+docker_networks:
+ cd:
+ subnet: 172.18.1.0/24
+ ci:
+ subnet: 172.18.2.0/24
+
+docker_images:
+ - jenkins/jenkins
+ - nasqueron/jenkins-agent-node
+ - nasqueron/jenkins-agent-php
+ - nasqueron/jenkins-agent-php:7.4.23
+ - nasqueron/jenkins-agent-rust
+ - nasqueron/tommy
+
+docker_containers:
+
+ jenkins:
+ jenkins_cd:
+ realm: cd
+ host: cd.nasqueron.org
+ app_port: 38080
+ jnlp_port: 50000
+
+ jenkins_ci:
+ realm: ci
+ host: ci.nasqueron.org
+ app_port: 42080
+ jnlp_port: 55000
+
+ jenkins_agent:
+
+ #
+ # Agents for CD
+ #
+
+ apsile: &php_for_cd
+ image_flavour: php
+ realm: cd
+
+ elapsi: *php_for_cd
+
+ rust_brown:
+ image_flavour: rust
+ realm: cd
+
+ yarabokin:
+ image_flavour: node
+ realm: cd
+
+ #
+ # Agents for CI
+ #
+
+ zateki: &php_for_ci
+ image_flavour: php
+ realm: ci
+
+ zenerre:
+ <<: *php_for_ci
+ version: 7.4.23
+
+ tommy:
+ tommy_cd:
+ # No host definition, as this dashboard is mounted on infra.nasqueron.org
+ app_port: 24180
+ jenkins_url: https://cd.nasqueron.org
+
+ tommy_ci:
+ app_port: 24080
+ host: builds.nasqueron.org
+ aliases:
+ - build.nasqueron.org
+ jenkins_url: https://ci.nasqueron.org
+ jenkins_multi_branch: True
diff --git a/pillar/paas/docker/docker-002/main.sls b/pillar/paas/docker/docker-002/main.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/docker-002/main.sls
@@ -0,0 +1,315 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+docker_aliases:
+ - &ipv4_docker002 51.255.124.9
+ - &ipv4_docker002_restricted 172.27.27.5
+
+# -------------------------------------------------------------
+# Images
+#
+# You can append a :tag (by default, latest is used).
+#
+# It's not possible to specify Docker library images only by final name.
+# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_images:
+ - certbot/certbot
+
+ # Core services
+ - library/postgres
+ - library/redis:3.2-alpine
+ - library/registry
+ - nasqueron/mysql
+ - nasqueron/mysql:5.7
+ - nasqueron/rabbitmq
+
+ # ACME DNS server
+ - joohoi/acme-dns
+
+ # Nasqueron services
+ - nasqueron/auth-grove
+
+ # Nasqueron API microservices
+ - nasqueron/docker-registry-api
+ - nasqueron/api-datasources
+
+ # Infrastructure and development services
+ - nasqueron/aphlict
+ - nasqueron/cachet
+ - nasqueron/etherpad:production
+ - nasqueron/notifications
+ - nasqueron/phabricator
+ - ghcr.io/hound-search/hound
+
+ # Pixelfed
+ - nasqueron/pixelfed
+
+ # Hauk
+ - bilde2910/hauk
+
+# -------------------------------------------------------------
+# Docker engine configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_daemon:
+ data-root: /srv/docker
+
+# -------------------------------------------------------------
+# Containers
+#
+# The docker_containers entry allow to declare containers
+# by service. Generally a service matches an image.
+#
+# The hierarchy is so as following.
+#
+# docker_containers:
+# service codename:
+# instance name:
+# container properties
+#
+# The service codename must match a state file in
+# the roles/paas-docker/containers/ directory.
+#
+# The container will be run with the specified instance name.
+#
+# **nginx**
+#
+# The container properties can also describe the information
+# needed to configure nginx with the host and app_port key.
+#
+# In such case, a matching vhost file should be declared as
+# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_containers:
+
+ #
+ # Core services
+ #
+
+ mysql:
+ acquisitariat:
+ credentials:
+ root: nasqueron.acquisitariat.mysql
+ phpbb_db:
+ credentials:
+ root: espacewin.phpbb.mysql_root
+
+ redis:
+ pixelfed_redis: {}
+
+ registry:
+ registry:
+ host: registry.nasqueron.org
+ app_port: 5000
+ allowed_ips:
+ # Localhost
+ - 127.0.0.1
+
+ # Dwellers
+ - 172.27.27.4
+
+ # docker-002
+ - 172.27.27.5
+
+ rabbitmq:
+ white-rabbit:
+ ip: *ipv4_docker002_restricted
+ host: white-rabbit.nasqueron.org
+ app_port: 15672
+ credentials:
+ erlang_cookie: nasqueron/rabbitmq/white-rabbit/erlang-cookie
+ root: nasqueron/rabbitmq/white-rabbit/root
+
+ #
+ # Phabricator
+ #
+
+ phabricator:
+ # Nasqueron instance
+ devcentral:
+ app_port: 31080
+ host: devcentral.nasqueron.org
+ aliases:
+ - phabricator.nasqueron.org
+ blogs:
+ servers:
+ host: servers.nasqueron.org
+ aliases:
+ - server.nasqueron.org
+ - serveur.nasqueron.org
+ - serveurs.nasqueron.org
+ mailer: mailgun
+ credentials:
+ mysql: zed.phabricator.mysql
+ static_host: devcentral.nasqueron-user-content.org
+ title: Nasqueron DevCentral
+ mysql_link: acquisitariat
+ skip_container: True
+
+ # Private instance for Dereckson
+ river_sector:
+ app_port: 23080
+ host: river-sector.dereckson.be
+ static_host: river-sector.nasqueron-user-content.org
+ mailer: _
+ credentials:
+ mysql: dereckson.phabricator.mysql
+ storage:
+ namespace: river_sector
+ title: River Sector
+ mysql_link: acquisitariat
+
+ # Wolfplex instance
+ wolfplex_phab:
+ app_port: 35080
+ host: phabricator.wolfplex.org
+ aliases:
+ - phabricator.wolfplex.be
+ static_host: wolfplex.phabricator.nasqueron-user-content.org
+ mailer: mailgun
+ credentials:
+ mailgun: wolfplex.phabricator.mailgun
+ mysql: wolfplex.phabricator.mysql
+ storage:
+ namespace: wolfphab
+ title: Wolfplex Phabricator
+ mysql_link: acquisitariat
+
+ # Zed instance
+ zed_code:
+ app_port: 36080
+ host: code.zed.dereckson.be
+ static_host: zed.phabricator.nasqueron-user-content.org
+ mailer: sendgrid
+ credentials:
+ mysql: zed.phabricator.mysql
+ sendgrid: zed.phabricator.sendgrid
+ storage:
+ namespace: zedphab
+ title: Zed
+ mysql_link: acquisitariat
+
+ aphlict:
+ aphlict:
+ ports:
+ client: 22280
+ admin: 22281
+
+ #
+ # Notifications center
+ #
+
+ notifications:
+ notifications:
+ host: notifications.nasqueron.org
+ app_port: 37080
+ broker_link: white-rabbit
+ credentials:
+ broker: nasqueron.notifications.broker
+ mailgun: nasqueron.notifications.mailgun
+ sentry:
+ realm: nasqueron
+ project_id: 2
+ credential: nasqueron.notifications.sentry
+
+ #
+ # Community and development services
+ #
+
+ etherpad:
+ pad:
+ app_port: 34080
+ host: pad.nasqueron.org
+ aliases:
+ - pad.wolfplex.org
+ - pad.wolfplex.be
+ credential: nasqueron.etherpad.api
+ mysql_link: acquisitariat
+
+ # Hauk
+ hauk:
+ hauk:
+ app_port: 43080
+ host: geo.nasqueron.org
+ api_entry_point: /hauk
+
+ #
+ # Let's Encrypt
+ #
+
+ acme_dns:
+ acme:
+ ip: *ipv4_docker002
+ app_port: 41080
+ host: acme.nasqueron.org
+ nsadmin: ops.nasqueron.org
+
+ #
+ # CI and CD
+ #
+
+ #
+ # Infrastructure and development services
+ #
+
+ hound:
+ hound:
+ app_port: 44080
+ host: code.nasqueron.org
+ github_account: nasqueron
+
+ cachet:
+ cachet:
+ app_port: 39080
+ host: status.nasqueron.org
+ credential: nasqueron.cachet.mysql
+ app_key: nasqueron.cachet.app_key
+ mysql_link: acquisitariat
+
+ auth-grove:
+ login:
+ app_port: 25080
+ host: login.nasqueron.org
+ credential: nasqueron.auth-grove.mysql
+ mysql_link: acquisitariat
+
+ # API microservices
+
+ docker-registry-api:
+ api-docker-registry:
+ app_port: 20080
+ api_entry_point: /docker/registry
+ registry_instance: registry
+
+ api-datasources:
+ api-datasources:
+ app_port: 19080
+ api_entry_point: /datasources
+
+ # phpBB SaaS
+ # The SaaS uses a MySQL instance, declared in the MySQL section.
+
+ # Pixelfed
+ pixelfed:
+ pixelfed:
+ app_port: 30080
+ host: photos.nasqueron.org
+ aliases:
+ - photo.nasqueron.org
+ links:
+ mysql: acquisitariat
+ redis: pixelfed_redis
+ credentials:
+ app_key: nasqueron.pixelfed.app_key
+ mailgun: nasqueron.pixelfed.mailgun
+ mysql: nasqueron.pixelfed.mysql
+ app:
+ title: Nasqueron Photos
+ max_album_length: 16
diff --git a/pillar/paas/docker/docker-002/openfire.sls b/pillar/paas/docker/docker-002/openfire.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/docker-002/openfire.sls
@@ -0,0 +1,47 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Openfire XMPP server
+# -------------------------------------------------------------
+
+docker_aliases:
+ - &ipv4_docker002 51.255.124.9
+ - &ipv4_docker002_restricted 172.27.27.5
+
+docker_images:
+ - nasqueron/openfire
+
+docker_containers:
+ # Openfire
+ openfire:
+ openfire:
+ ip: *ipv4_docker002
+ app_port: 9090
+ host: xmpp.nasqueron.org
+
+ # Other subservices for XMPP
+ # listening to their own subdomain
+ aliases:
+ - conference.nasqueron.org
+
+ # -------------------------------------------------------------
+ # Ports listened
+ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+xmpp_ports:
+ - 3478 # VoIP STUN (Session Traversal Utilities for NAT)
+ - 5222 # Client to server
+ - 5223 # Client to server (Encrypted (legacy-mode) connections)
+ - 5229 # Flash Cross Domain
+ - 5262 # Connections managers
+ - 5269 # Server to server
+ - 5270 # Server to server (Encrypted (legacy-mode) connections)
+ - 5275 # External components
+ - 5276 # External components (Encrypted (legacy-mode) connections)
+ - 7070 # HTTP binding
+ - 7443 # HTTP binding with TLS
+ - 7777 # File transfer proxy
+ - 9090 # Web administration server
+ - 9091 # Web administration server with TLS
diff --git a/pillar/paas/docker/docker-002/sentry.sls b/pillar/paas/docker/docker-002/sentry.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/docker-002/sentry.sls
@@ -0,0 +1,65 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Sentry
+# -------------------------------------------------------------
+
+docker_networks:
+ sentry:
+ subnet: 172.18.3.0/24
+
+docker_images:
+ - library/postgres
+ - library/redis:3.2-alpine
+ - library/sentry
+ - tianon/exim4
+
+docker_containers:
+
+ #
+ # Core services used by Sentry
+ #
+
+ exim:
+ sentry_smtp:
+ mailname: mx.sentry.nasqueron.org
+ network: sentry
+
+ memcached:
+ sentry_memcached:
+ version: 1.6.9-alpine
+ network: sentry
+
+ redis:
+ sentry_redis:
+ network: sentry
+
+ postgresql:
+ sentry_db:
+ credential: nasqueron.sentry.postgresql
+
+ #
+ # Services maintained by Sentry
+ #
+
+ sentry:
+ sentry_web_1:
+ app_port: 26080
+ host: sentry.nasqueron.org
+
+ # As an instance is divided between a web, a cron and a worker
+ # containers, we need an identified to share a data volume.
+ realm: nasqueron
+ network: sentry
+
+ sentry_worker:
+ sentry_worker_1:
+ realm: nasqueron
+ network: sentry
+
+ sentry_cron:
+ sentry_cron:
+ realm: nasqueron
+ network: sentry
diff --git a/pillar/paas/docker/dwellers/main.sls b/pillar/paas/docker/dwellers/main.sls
new file mode 100644
--- /dev/null
+++ b/pillar/paas/docker/dwellers/main.sls
@@ -0,0 +1,127 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Images
+#
+# You can append a :tag (by default, latest is used).
+#
+# It's not possible to specify Docker library images only by final name.
+# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_images:
+ - certbot/certbot
+
+ # Core service
+ - nasqueron/mysql:5.7
+
+ # Continuous deployment jobs
+ - jenkins/jenkins
+ - nasqueron/jenkins-agent-php
+
+# -------------------------------------------------------------
+# Networks
+#
+# Containers can be grouped by network, instead to use links.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_networks:
+ bugzilla:
+ subnet: 172.21.3.0/24
+ jenkinsTest:
+ subnet: 172.21.5.0/24
+
+# -------------------------------------------------------------
+# Docker engine configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_daemon:
+ data-root: /srv/docker
+ group: nasqueron-dev-docker
+
+# -------------------------------------------------------------
+# Containers
+#
+# The docker_containers entry allow to declare
+# containers by image by servers
+#
+# The hierarchy is so as following.
+#
+# docker_containers:
+# service codename:
+# instance name:
+# container properties
+#
+# The service codename must match a state file in
+# the roles/paas-docker/containers/ directory.
+#
+# The container will be run with the specified instance name.
+#
+# **nginx**
+#
+# The container properties can also describe the information
+# needed to configure nginx with the host and app_port key.
+#
+# In such case, a matching vhost file should be declared as
+# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_containers:
+
+ #
+ # Core services
+ #
+
+ mysql:
+ bugzilla_db:
+ network: bugzilla
+ version: 5.7
+ credentials:
+ root: espacewin.bugzilla.mysql_root
+
+ #
+ # Bugzilla
+ #
+
+ bugzilla:
+ ew_bugzilla:
+ host: bugzilla.espace-win.org
+ app_port: 33080
+ network: bugzilla
+ mysql:
+ host: bugzilla_db
+ db: EspaceWin_Bugs
+ credential: espacewin.bugzilla.mysql
+
+ #
+ # Jenkins
+ #
+
+ jenkins:
+ jenkins_test:
+ realm: test
+ host: jenkins.test.nasqueron.org
+ app_port: 47080
+ jnlp_port: 52000
+
+ jenkins_agent:
+ zosso:
+ image_flavour: php
+ realm: test
+
+ #
+ # Mastodon
+ #
+
+ # Mastodon is currently deployed manually through docker-compose
+ # and not yet integrated to the platform. This declaration is
+ # currently only used for extra utilities deployment.
+
+ mastodon_sidekiq:
+ mastodon_sidekiq_1:
+ realm: nasqueron
diff --git a/roles/paas-docker/containers/init.sls b/pillar/tower.sls
copy from roles/paas-docker/containers/init.sls
copy to pillar/tower.sls
--- a/roles/paas-docker/containers/init.sls
+++ b/pillar/tower.sls
@@ -1,18 +1,12 @@
# -------------------------------------------------------------
-# Salt — Provision Docker engine
+# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
-# Created: 2018-03-11
# License: Trivial work, not eligible to copyright
+# Description: External pillar to configure pillar stanza
+# by pillar, grain or option value
+# Reference: https://github.com/jgraichen/salt-tower
# -------------------------------------------------------------
-{% set services = salt['node.filter_by_name']('docker_containers') %}
-
-{% if services %}
-
-include:
-{% for service in services %}
- - .{{ service }}
-{% endfor %}
-
-{% endif %}
+base:
+ - paas/docker/{{ minion_id }}/*.sls
diff --git a/roles/paas-docker/containers/acme_dns.sls b/roles/paas-docker/containers/acme_dns.sls
--- a/roles/paas-docker/containers/acme_dns.sls
+++ b/roles/paas-docker/containers/acme_dns.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['acme_dns'].items() %}
+{% for instance, container in pillar['docker_containers']['acme_dns'].items() %}
# -------------------------------------------------------------
# Storage directory
diff --git a/roles/paas-docker/containers/aphlict.sls b/roles/paas-docker/containers/aphlict.sls
--- a/roles/paas-docker/containers/aphlict.sls
+++ b/roles/paas-docker/containers/aphlict.sls
@@ -6,9 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['aphlict'].items() %}
+{% for instance, container in pillar['docker_containers']['aphlict'].items() %}
# -------------------------------------------------------------
# Container
diff --git a/roles/paas-docker/containers/api-datasources.sls b/roles/paas-docker/containers/api-datasources.sls
--- a/roles/paas-docker/containers/api-datasources.sls
+++ b/roles/paas-docker/containers/api-datasources.sls
@@ -6,9 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['api-datasources'].items() %}
+{% for instance, container in pillar['docker_containers']['api-datasources'].items() %}
# -------------------------------------------------------------
# Container
diff --git a/roles/paas-docker/containers/auth-grove.sls b/roles/paas-docker/containers/auth-grove.sls
--- a/roles/paas-docker/containers/auth-grove.sls
+++ b/roles/paas-docker/containers/auth-grove.sls
@@ -11,9 +11,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['auth-grove'].items() %}
+{% for instance, container in pillar['docker_containers']['auth-grove'].items() %}
# -------------------------------------------------------------
# Data directory
diff --git a/roles/paas-docker/containers/bugzilla.sls b/roles/paas-docker/containers/bugzilla.sls
--- a/roles/paas-docker/containers/bugzilla.sls
+++ b/roles/paas-docker/containers/bugzilla.sls
@@ -6,9 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['bugzilla'].items() %}
+{% for instance, container in pillar['docker_containers']['bugzilla'].items() %}
# -------------------------------------------------------------
# Container
diff --git a/roles/paas-docker/containers/cachet.sls b/roles/paas-docker/containers/cachet.sls
--- a/roles/paas-docker/containers/cachet.sls
+++ b/roles/paas-docker/containers/cachet.sls
@@ -6,9 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['cachet'].items() %}
+{% for instance, container in pillar['docker_containers']['cachet'].items() %}
# -------------------------------------------------------------
# Container
diff --git a/roles/paas-docker/containers/docker-registry-api.sls b/roles/paas-docker/containers/docker-registry-api.sls
--- a/roles/paas-docker/containers/docker-registry-api.sls
+++ b/roles/paas-docker/containers/docker-registry-api.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['docker-registry-api'].items() %}
+{% for instance, container in pillar['docker_containers']['docker-registry-api'].items() %}
# -------------------------------------------------------------
# Container
diff --git a/roles/paas-docker/containers/etherpad.sls b/roles/paas-docker/containers/etherpad.sls
--- a/roles/paas-docker/containers/etherpad.sls
+++ b/roles/paas-docker/containers/etherpad.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['etherpad'].items() %}
+{% for instance, container in pillar['docker_containers']['etherpad'].items() %}
# -------------------------------------------------------------
# Storage directory
diff --git a/roles/paas-docker/containers/exim.sls b/roles/paas-docker/containers/exim.sls
--- a/roles/paas-docker/containers/exim.sls
+++ b/roles/paas-docker/containers/exim.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['exim'].items() %}
+{% for instance, container in pillar['docker_containers']['exim'].items() %}
# -------------------------------------------------------------
# Data directory
diff --git a/roles/paas-docker/containers/hauk.sls b/roles/paas-docker/containers/hauk.sls
--- a/roles/paas-docker/containers/hauk.sls
+++ b/roles/paas-docker/containers/hauk.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['hauk'].items() %}
+{% for instance, container in pillar['docker_containers']['hauk'].items() %}
# -------------------------------------------------------------
# Storage directory
diff --git a/roles/paas-docker/containers/hound.sls b/roles/paas-docker/containers/hound.sls
--- a/roles/paas-docker/containers/hound.sls
+++ b/roles/paas-docker/containers/hound.sls
@@ -6,8 +6,6 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
# -------------------------------------------------------------
# Configuration provider
@@ -19,7 +17,7 @@
- mode: 755
-{% for instance, container in containers['hound'].items() %}
+{% for instance, container in pillar['docker_containers']['hound'].items() %}
# -------------------------------------------------------------
# Home directory
diff --git a/roles/paas-docker/containers/init.sls b/roles/paas-docker/containers/init.sls
--- a/roles/paas-docker/containers/init.sls
+++ b/roles/paas-docker/containers/init.sls
@@ -6,7 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set services = salt['node.filter_by_name']('docker_containers') %}
+{% set services = pillar.get('docker_containers', {}) %}
{% if services %}
diff --git a/roles/paas-docker/containers/jenkins.sls b/roles/paas-docker/containers/jenkins.sls
--- a/roles/paas-docker/containers/jenkins.sls
+++ b/roles/paas-docker/containers/jenkins.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['jenkins'].items() %}
+{% for instance, container in pillar['docker_containers']['jenkins'].items() %}
{% set realm = pillar['jenkins_realms'][container['realm']] %}
{% set home = "/srv/jenkins/" + container['realm'] + "/jenkins_home" %}
diff --git a/roles/paas-docker/containers/jenkins_agent.sls b/roles/paas-docker/containers/jenkins_agent.sls
--- a/roles/paas-docker/containers/jenkins_agent.sls
+++ b/roles/paas-docker/containers/jenkins_agent.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['jenkins_agent'].items() %}
+{% for instance, container in pillar['docker_containers']['jenkins_agent'].items() %}
{% set realm = pillar['jenkins_realms'][container['realm']] %}
{% set home = "/srv/jenkins/" + container['realm'] + "/agents_homes/" + instance %}
diff --git a/roles/paas-docker/containers/mastodon_sidekiq.sls b/roles/paas-docker/containers/mastodon_sidekiq.sls
--- a/roles/paas-docker/containers/mastodon_sidekiq.sls
+++ b/roles/paas-docker/containers/mastodon_sidekiq.sls
@@ -6,8 +6,6 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
# -------------------------------------------------------------
# Extra utilities
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
@@ -25,7 +23,7 @@
# Provision extra utilities
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance in containers['mastodon_sidekiq'] %}
+{% for instance in pillar['docker_containers']['mastodon_sidekiq'] %}
provision_clear_video_queue_{{ instance }}:
cmd.run:
diff --git a/roles/paas-docker/containers/memcached.sls b/roles/paas-docker/containers/memcached.sls
--- a/roles/paas-docker/containers/memcached.sls
+++ b/roles/paas-docker/containers/memcached.sls
@@ -6,9 +6,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['memcached'].items() %}
+{% for instance, container in pillar['docker_containers']['memcached'].items() %}
{% set image = salt['paas_docker.get_image']("memcached", container) %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/containers/mysql.sls b/roles/paas-docker/containers/mysql.sls
--- a/roles/paas-docker/containers/mysql.sls
+++ b/roles/paas-docker/containers/mysql.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['mysql'].items() %}
+{% for instance, container in pillar['docker_containers']['mysql'].items() %}
{% set image = salt['paas_docker.get_image']("nasqueron/mysql", container) %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/containers/notifications.sls b/roles/paas-docker/containers/notifications.sls
--- a/roles/paas-docker/containers/notifications.sls
+++ b/roles/paas-docker/containers/notifications.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['notifications'].items() %}
+{% for instance, container in pillar['docker_containers']['notifications'].items() %}
# -------------------------------------------------------------
# Storage directory
diff --git a/roles/paas-docker/containers/openfire.sls b/roles/paas-docker/containers/openfire.sls
--- a/roles/paas-docker/containers/openfire.sls
+++ b/roles/paas-docker/containers/openfire.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['openfire'].items() %}
+{% for instance, container in pillar['docker_containers']['openfire'].items() %}
# -------------------------------------------------------------
# Storage directory
diff --git a/roles/paas-docker/containers/phabricator.sls b/roles/paas-docker/containers/phabricator.sls
--- a/roles/paas-docker/containers/phabricator.sls
+++ b/roles/paas-docker/containers/phabricator.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['phabricator'].items() %}
+{% for instance, container in pillar['docker_containers']['phabricator'].items() %}
{% set create_container = "skip_container" not in container or not container['skip_container'] %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/containers/pixelfed.sls b/roles/paas-docker/containers/pixelfed.sls
--- a/roles/paas-docker/containers/pixelfed.sls
+++ b/roles/paas-docker/containers/pixelfed.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['pixelfed'].items() %}
+{% for instance, container in pillar['docker_containers']['pixelfed'].items() %}
# -------------------------------------------------------------
# Data directory
diff --git a/roles/paas-docker/containers/postgresql.sls b/roles/paas-docker/containers/postgresql.sls
--- a/roles/paas-docker/containers/postgresql.sls
+++ b/roles/paas-docker/containers/postgresql.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['postgresql'].items() %}
+{% for instance, container in pillar['docker_containers']['postgresql'].items() %}
{% set image = salt['paas_docker.get_image']("library/postgres", container) %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/containers/rabbitmq.sls b/roles/paas-docker/containers/rabbitmq.sls
--- a/roles/paas-docker/containers/rabbitmq.sls
+++ b/roles/paas-docker/containers/rabbitmq.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['rabbitmq'].items() %}
+{% for instance, container in pillar['docker_containers']['rabbitmq'].items() %}
# -------------------------------------------------------------
# Storage directory
diff --git a/roles/paas-docker/containers/redis.sls b/roles/paas-docker/containers/redis.sls
--- a/roles/paas-docker/containers/redis.sls
+++ b/roles/paas-docker/containers/redis.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['redis'].items() %}
+{% for instance, container in pillar['docker_containers']['redis'].items() %}
{% set image = salt['paas_docker.get_image']("library/redis", container) %}
# -------------------------------------------------------------
diff --git a/roles/paas-docker/containers/registry.sls b/roles/paas-docker/containers/registry.sls
--- a/roles/paas-docker/containers/registry.sls
+++ b/roles/paas-docker/containers/registry.sls
@@ -7,9 +7,8 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['registry'].items() %}
+{% for instance, container in pillar['docker_containers']['registry'].items() %}
# -------------------------------------------------------------
# Data directory
diff --git a/roles/paas-docker/containers/sentry.sls b/roles/paas-docker/containers/sentry.sls
--- a/roles/paas-docker/containers/sentry.sls
+++ b/roles/paas-docker/containers/sentry.sls
@@ -7,7 +7,6 @@
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
# -------------------------------------------------------------
# Data directory
@@ -48,7 +47,7 @@
# Web application
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance, container in containers['sentry'].items() %}
+{% for instance, container in pillar['docker_containers']['sentry'].items() %}
{% set args = pillar['sentry_realms'][container['realm']] %}
@@ -80,7 +79,7 @@
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for service in ['worker', 'cron'] %}
-{% for instance, container in containers['sentry_' + service].items() %}
+{% for instance, container in pillar['docker_containers']['sentry_' + service].items() %}
{% set args = pillar['sentry_realms'][container['realm']] %}
diff --git a/roles/paas-docker/containers/tommy.sls b/roles/paas-docker/containers/tommy.sls
--- a/roles/paas-docker/containers/tommy.sls
+++ b/roles/paas-docker/containers/tommy.sls
@@ -6,9 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['tommy'].items() %}
+{% for instance, container in pillar['docker_containers']['tommy'].items() %}
# -------------------------------------------------------------
# Container
diff --git a/roles/paas-docker/docker/config.sls b/roles/paas-docker/docker/config.sls
--- a/roles/paas-docker/docker/config.sls
+++ b/roles/paas-docker/docker/config.sls
@@ -9,13 +9,12 @@
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
-# Configure lvm profile
+# Configure Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['id'] in pillar['docker_daemon'] %}
-
-{% set daemon = pillar['docker_daemon'][grains['id']] %}
+{% set daemon = pillar['docker_daemon'] %}
+{% if daemon %}
{{ dirs.etc }}/docker/daemon.json:
file.managed:
- source: salt://roles/paas-docker/docker/files/daemon.json.jinja
@@ -23,5 +22,4 @@
- mode: 644
- context:
daemon: {{ daemon }}
-
{% endif %}
diff --git a/roles/paas-docker/docker/images.sls b/roles/paas-docker/docker/images.sls
--- a/roles/paas-docker/docker/images.sls
+++ b/roles/paas-docker/docker/images.sls
@@ -6,7 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set images = salt['node.filter_by_name']('docker_images') %}
+{% set images = salt['paas_docker.get_images']() %}
# -------------------------------------------------------------
# Fetch Docker images
diff --git a/roles/paas-docker/docker/networks.sls b/roles/paas-docker/docker/networks.sls
--- a/roles/paas-docker/docker/networks.sls
+++ b/roles/paas-docker/docker/networks.sls
@@ -6,7 +6,7 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set networks = salt['pillar.get']("docker_networks:" + grains['id'], {}) %}
+{% set networks = pillar.get("docker_networks", {}) %}
# -------------------------------------------------------------
# Bridge networks
diff --git a/roles/paas-docker/nginx/config.sls b/roles/paas-docker/nginx/config.sls
--- a/roles/paas-docker/nginx/config.sls
+++ b/roles/paas-docker/nginx/config.sls
@@ -7,7 +7,7 @@
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
-{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], {}) %}
+{% set containers = pillar.get('docker_containers', {}) %}
# -------------------------------------------------------------
# Base folder
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Mon, Nov 18, 18:42 (12 h, 49 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2250960
Default Alt Text
D2862.id7312.diff (52 KB)
Attached To
Mode
D2862: Adopt Salt Tower to merge pillar files
Attached
Detach File
Event Timeline
Log In to Comment