Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3769163
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
35 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/roles/core/network/routes.sls b/roles/core/network/routes.sls
index e90298e..69df078 100644
--- a/roles/core/network/routes.sls
+++ b/roles/core/network/routes.sls
@@ -1,40 +1,40 @@
# -------------------------------------------------------------
# Salt — Network
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "roles/core/network/map.jinja" import routes_config with context %}
# -------------------------------------------------------------
# Routes
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ routes_config["config_path"] }}:
file.managed:
- source: salt://roles/core/network/files/{{ routes_config["source_path"] }}
- makedirs: True
- template: jinja
- context:
routes: {{ salt["node.get_routes"]() }}
# -------------------------------------------------------------
# Systemd unit for Linux systems using our /etc/routes.conf
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if routes_config["provider"] == "custom-service" %}
/usr/sbin/routes:
file.managed:
- source: salt://roles/core/network/files/Linux/routes.sh
- - mode: 0755
+ - mode: 755
/etc/systemd/system/routes.service:
file.managed:
- source: salt://roles/core/network/files/Linux/routes.service
service.running:
- name: routes
- enable: true
{% endif %}
diff --git a/roles/core/rc/init.sls b/roles/core/rc/init.sls
index 3cde42b..4af0c43 100644
--- a/roles/core/rc/init.sls
+++ b/roles/core/rc/init.sls
@@ -1,34 +1,34 @@
# -------------------------------------------------------------
# Salt — RC
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Eglide
# Created: 2016-06-15
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set use_zfs = salt['node.has']('zfs:pool') %}
# -------------------------------------------------------------
# IPv6
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if grains['os_family'] == 'Debian' %}
rc:
file.managed:
- name : /etc/rc.local
- source: salt://roles/core/rc/files/rc.local.sh
- - mode: 0755
+ - mode: 755
{% endif %}
# -------------------------------------------------------------
# Periodic tasks configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if grains['os'] == 'FreeBSD' %}
/etc/periodic.conf:
file.managed:
- source: salt://roles/core/rc/files/periodic.conf
- template: jinja
- context:
use_zfs: {{ use_zfs }}
{% endif %}
diff --git a/roles/core/users/init.sls b/roles/core/users/init.sls
index 189a412..088ea99 100644
--- a/roles/core/users/init.sls
+++ b/roles/core/users/init.sls
@@ -1,135 +1,135 @@
# -------------------------------------------------------------
# Salt — Provision users accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-11-09
# Description: Adds and revokes user accounts, in the relevant
# groups and with their stable SSH keys.
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Table of contents
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
#
# :: Disabled accounts
# :: ZFS (before user account creation)
# :: Active accounts
# :: ZFS (after user account creation)
# :: Groups
# :: SSH keys
#
# -------------------------------------------------------------
{% from "map.jinja" import dirs, shells with context %}
{% set users = salt['forest.get_users']() %}
{% set zfs_tank = salt['node.get']("zfs:pool") %}
# -------------------------------------------------------------
# Disabled accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for username in pillar.get('revokedusers') %}
{{ username }}:
user.absent
{% endfor %}
# -------------------------------------------------------------
# ZFS datasets
#
# Where ZFS is available, home directories are created as separate
# datasets. That has several benefits, like allowing users to create
# snapshots or manage backups.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if zfs_tank %}
zfs_home_permissions_sets:
cmd.run:
- name: |
zfs allow -s @local allow,clone,create,diff,hold,mount,promote,receive,release,rollback,snapshot,send {{ zfs_tank }}{{ dirs.home }}
zfs allow -s @descendent allow,clone,create,diff,destroy,hold,mount,promote,receive,release,rename,rollback,snapshot,send {{ zfs_tank }}{{ dirs.home }}
touch {{ dirs.home }}/.zfs-permissions-set
- creates: {{ dirs.home }}/.zfs-permissions-set
{% for username in users %}
{% set home_directory = zfs_tank + dirs['home'] + '/' + username %}
{{ home_directory }}:
zfs.filesystem_present
zfs_permissions_home_local_{{ username }}:
cmd.run:
- name: zfs allow -lu {{ username }} @local {{ home_directory }}
- require:
- user: {{ username }}
- onchanges:
- zfs: {{ home_directory }}
zfs_permissions_home_descendant_{{ username }}:
cmd.run:
- name: zfs allow -du {{ username }} @descendent {{ home_directory }}
- require:
- user: {{ username }}
- onchanges:
- zfs: {{ home_directory }}
/home/{{ username }}:
file.directory:
- user: {{ username }}
- group: {{ username }}
- - dir_mode: 0700
+ - dir_mode: 700
- require:
- user: {{ username }}
{% endfor %}
{% endif %}
# -------------------------------------------------------------
# Active accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for username, user in users.items() %}
{{ username }}:
user.present:
- fullname: {{ user['fullname'] }}
- shell: {{ shells[user['shell']|default('bash')] }}
- uid: {{ user['uid'] }}
- loginclass: {{ user['class']|default('english') }}
{% endfor %}
# -------------------------------------------------------------
# Groups
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for groupname, group in salt['forest.get_groups']().items() %}
group_{{ groupname }}:
group.present:
- name: {{ groupname }}
- gid: {{ group['gid'] }}
- members: {{ group['members'] }}
{% endfor %}
# -------------------------------------------------------------
# SSH keys
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for username, user in users.items() %}
/home/{{ username }}/.ssh:
file.directory:
- user: {{ username }}
- group: {{ username }}
- dir_mode: 700
/home/{{ username }}/.ssh/authorized_keys:
file.managed:
- source: salt://roles/core/users/files/authorized_keys
- user: {{ username }}
- group: {{ username }}
- mode: 600
- template: jinja
- context:
keys: {{ user['ssh_keys']|default([]) }}
{% endfor %}
diff --git a/roles/devserver/userland-home/homefiles.sls b/roles/devserver/userland-home/homefiles.sls
index 21b93ab..6c51a7b 100644
--- a/roles/devserver/userland-home/homefiles.sls
+++ b/roles/devserver/userland-home/homefiles.sls
@@ -1,67 +1,67 @@
# -------------------------------------------------------------
# Salt — Provision dotfiles and other personal content
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-08
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
{% set triplet = salt['rust.get_rustc_triplet']() %}
{% for username, user in salt['forest.get_users']().items() %}
{% set tasks = user.get('devserver_tasks', []) %}
{% if 'deploy_dotfiles' in tasks %}
dotfiles_to_devserver_{{ username }}:
file.recurse:
- name: /home/{{ username }}
- source: salt://roles/devserver/userland-home/files/{{ username }}
- include_empty: True
- clean: False
- user: {{ username }}
- group: {{ username }}
{% endif %}
{% if 'deploy_nanotab' in tasks %}
/home/{{ username }}/bin/nanotab:
file.managed:
- source: salt://roles/devserver/userland-home/files/_tasks/nanotab.sh
- user: {{ username }}
- group: {{ username }}
- - mode: 0755
+ - mode: 755
/home/{{ username }}/.config/nano/nanorc-tab:
nano.config_autogenerated:
- nanorc_dir: {{ dirs.share }}/nano
- extra_settings:
- unset tabstospaces
{% endif %}
{% if 'install_rustup' in tasks %}
{% set rustup_path = '/home/' + username + '/.cargo/bin/rustup' %}
devserver_rustup_{{ username }}:
cmd.run:
- name: rustup-init -y
- runas: {{ username }}
- creates: {{ rustup_path }}
{% for toolchain in ['stable', 'nightly'] %}
devserver_rustup_{{ toolchain }}_{{ username }}:
cmd.run:
- name: {{ rustup_path }} install {{ toolchain }}
- runas: {{ username }}
- creates: /home/{{ username }}/.rustup/toolchains/{{ toolchain }}-{{ triplet }}
{% endfor %}
{% endif %}
{% if 'install_diesel' in tasks %}
devserver_diesel_{{ username }}:
cmd.run:
- name: /home/{{ username }}/.cargo/bin/cargo install diesel_cli --no-default-features --features postgres,sqlite
- runas: {{ username }}
- creates: /home/{{ username }}/.cargo/bin/diesel
{% endif %}
{% endfor %}
diff --git a/roles/devserver/userland-software/dev.sls b/roles/devserver/userland-software/dev.sls
index 3eb5bfe..daec943 100644
--- a/roles/devserver/userland-software/dev.sls
+++ b/roles/devserver/userland-software/dev.sls
@@ -1,168 +1,168 @@
# -------------------------------------------------------------
# Salt — Provision dev software
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-10-20
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs, packages, packages_prefixes with context %}
# -------------------------------------------------------------
# C/C++
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_c:
pkg.installed:
- pkgs:
- {{ packages.boost }}
- cmocka
- {{ packages.librabbitmq }}
# -------------------------------------------------------------
# Java
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_java:
pkg.installed:
- pkgs:
- openjdk8
- apache-ant
- maven
# -------------------------------------------------------------
# .Net languages
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_dotnet:
pkg.installed:
- pkgs:
- mono
# -------------------------------------------------------------
# Node
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_node:
pkg.installed:
- pkgs:
- {{ packages.node }}
- npm
devserver_node_packages:
npm.installed:
- pkgs:
- bower
- browserify
- csslint
- eslint
- gulp
- grunt
- jscs
- jshint
- jsonlint
- react-tools
- require:
- pkg: devserver_software_dev_node
# -------------------------------------------------------------
# PHP
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_php:
pkg.installed:
- pkgs:
- {{ packages.phpunit }}
- {{ packages_prefixes.pecl }}ast
# -------------------------------------------------------------
# Python
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_python:
pkg.installed:
- pkgs:
# Modern Python 3 packages
- {{ packages_prefixes.python3 }}beautifulsoup
# Legacy packages
- {{ packages_prefixes.python2 }}nltk
- {{ packages_prefixes.python2 }}numpy
- {{ packages_prefixes.python2 }}virtualenv
# -------------------------------------------------------------
# Ruby
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_ruby:
pkg.installed:
- pkgs:
- {{ packages_prefixes.rubygem }}rubocop
# -------------------------------------------------------------
# Rust
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_rust:
pkg.installed:
- pkgs:
- rust
{{ dirs.bin }}/rustup-init:
file.managed:
- source: salt://roles/devserver/userland-software/files/rustup-init.sh
- - mode: 0755
+ - mode: 755
# -------------------------------------------------------------
# Shell
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_shell:
pkg.installed:
- pkgs:
- hs-ShellCheck
# -------------------------------------------------------------
# TCL
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_tcl:
pkg.installed:
- pkgs:
- rlwrap
- tcllib
- tclsoap
- {{ packages.tcltls }}
- {{ packages.tdom }}
# -------------------------------------------------------------
# Web development
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_web:
pkg.installed:
- pkgs:
- memcached
# -------------------------------------------------------------
# Tools like code review utilities
#
# Arcanist is installed in the Phabricator states
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_misctools:
pkg.installed:
- pkgs:
- git-review
# -------------------------------------------------------------
# MediaWiki development
#
# Include tools for some extensions like ProofreadPage
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
devserver_software_dev_mediawiki:
pkg.installed:
- pkgs:
- netpbm
- {{ packages['djvulibre'] }}
diff --git a/roles/freebsd-repo/signing-key/init.sls b/roles/freebsd-repo/signing-key/init.sls
index 7f20f5c..90345fc 100644
--- a/roles/freebsd-repo/signing-key/init.sls
+++ b/roles/freebsd-repo/signing-key/init.sls
@@ -1,41 +1,41 @@
# -------------------------------------------------------------
# Salt — FreeBSD repository
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "roles/freebsd-repo/map.jinja" import repo with context %}
# -------------------------------------------------------------
# Create key directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ repo.signing_key_dir }}:
file.directory:
- makedirs: True
- user: builder
# -------------------------------------------------------------
# Generate a public/private key pair
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
signing_key_generate_private:
cmd.run:
- name: openssl genrsa -out repo.key 4096
- cwd: {{ repo.signing_key_dir }}
- creates: {{ repo.signing_key_dir }}/repo.key
- runas: builder
signing_key_generate_public:
cmd.run:
- name: openssl rsa -in repo.key -out repo.pub -pubout
- cwd: {{ repo.signing_key_dir }}
- creates: {{ repo.signing_key_dir }}/repo.pub
- runas: builder
{{ repo.signing_key_dir }}/repo.key:
file.managed:
- replace: False
- - mode: 0400
+ - mode: 400
- user: builder
diff --git a/roles/opensearch/dashboards/config.sls b/roles/opensearch/dashboards/config.sls
index 6a9883a..4b52cf7 100644
--- a/roles/opensearch/dashboards/config.sls
+++ b/roles/opensearch/dashboards/config.sls
@@ -1,23 +1,23 @@
# -------------------------------------------------------------
# Salt — Provision OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# -------------------------------------------------------------
{% set config = salt['opensearch.get_config']() %}
# -------------------------------------------------------------
# OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/opt/opensearch-dashboards/config/opensearch_dashboards.yml:
file.managed:
- source: salt://roles/opensearch/dashboards/files/opensearch_dashboards.yml.jinja
- user: opensearch
- group: opensearch
- - mode: 0600
+ - mode: 600
- template: jinja
- context:
config: {{ config }}
username: {{ salt['zr.get_username'](config['users']['dashboards']) }}
password: {{ salt['zr.get_password'](config['users']['dashboards']) }}
diff --git a/roles/opensearch/dashboards/service.sls b/roles/opensearch/dashboards/service.sls
index 39a6efd..f8dbc09 100644
--- a/roles/opensearch/dashboards/service.sls
+++ b/roles/opensearch/dashboards/service.sls
@@ -1,31 +1,31 @@
# -------------------------------------------------------------
# Salt — Provision OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# systemd
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% from "map.jinja" import services with context %}
# -------------------------------------------------------------
# Unit configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if services['manager'] == 'systemd' %}
opensearch_dashboards_unit:
file.managed:
- name: /etc/systemd/system/dashboards.service
- source: salt://roles/opensearch/dashboards/files/dashboards.service
- - mode: 0644
+ - mode: 644
service.running:
- name: dashboards
- enable: true
- watch:
- file: opensearch_dashboards_unit
{% endif %}
diff --git a/roles/opensearch/opensearch/config.sls b/roles/opensearch/opensearch/config.sls
index 217405e..ee2869e 100644
--- a/roles/opensearch/opensearch/config.sls
+++ b/roles/opensearch/opensearch/config.sls
@@ -1,79 +1,79 @@
# -------------------------------------------------------------
# Salt — Provision OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# -------------------------------------------------------------
{% set config = salt['opensearch.get_config']() %}
# -------------------------------------------------------------
# OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/opt/opensearch/config/opensearch.yml:
file.managed:
- source: salt://roles/opensearch/opensearch/files/opensearch.conf
- user: opensearch
- group: opensearch
- template: jinja
- context:
config: {{ config }}
/opt/opensearch/config/jvm.options:
file.managed:
- source: salt://roles/opensearch/opensearch/files/jvm.options
- user: opensearch
- group: opensearch
- template: jinja
- context:
heap_size: {{ config['heap_size'] }}
# -------------------------------------------------------------
# TLS certificates
#
# This method is based on OpenSearch Ansible playbook to
# generate self-signed certificates for node to node (transport)
# communication, and for the rest API.
#
# The certificates are generated by Search Guard Offline TLS Tool.
#
# This should only run on one node, then provisioned everywhere.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/usr/local/dl/search-guard-tlstool.zip:
file.managed:
- source: https://maven.search-guard.com/search-guard-tlstool/1.8/search-guard-tlstool-1.8.zip
- source_hash: f59f963c7ee28d557849ccde297660a3c593a6bf3531d7852fb9ab8b4fc7597e
/opt/tlstool:
file.directory:
- - mode: 0700
+ - mode: 700
archive.extracted:
- source: /usr/local/dl/search-guard-tlstool.zip
- enforce_toplevel: False
/opt/tlstool/config/tlsconfig.yml:
file.managed:
- source: salt://roles/opensearch/opensearch/files/tlsconfig.yml.jinja
- template: jinja
- context:
config: {{ config }}
domain_name: {{ grains['domain'] }}
node_full_domain_name: {{ grains['fqdn'] }}
opensearch_generate_certificates:
cmd.run:
- name: /opt/tlstool/tools/sgtlstool.sh -c /opt/tlstool/config/tlsconfig.yml -ca -crt -t /opt/tlstool/config/
- env:
JAVA_HOME: /opt/opensearch/jdk
- creates: /opt/tlstool/config/root-ca.pem
{% for certificate in salt['opensearch.list_certificates']() %}
opensearch_deploy_certificate_{{ certificate }}:
cmd.run:
- name: install --mode=0600 --owner=opensearch {{ certificate }}.pem {{ certificate }}.key /opt/opensearch/config
- cwd: /opt/tlstool/config
- creates: /opt/opensearch/config/{{ certificate }}.pem
{% endfor %}
diff --git a/roles/opensearch/opensearch/security.sls b/roles/opensearch/opensearch/security.sls
index d81d6dc..a1176aa 100644
--- a/roles/opensearch/opensearch/security.sls
+++ b/roles/opensearch/opensearch/security.sls
@@ -1,35 +1,35 @@
# -------------------------------------------------------------
# Salt — Provision OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set config = salt['opensearch.get_config']() %}
# -------------------------------------------------------------
# Security plugin
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/opt/opensearch/plugins/opensearch-security/securityconfig/internal_users.yml:
file.managed:
- source: salt://roles/opensearch/opensearch/files/internal_users.yml.jinja
- user: opensearch
- group: opensearch
- - mode: 0600
+ - mode: 600
- template: jinja
- context:
users:
{% for user, credential in config['users'].items() %}
{{ user }}:
username: {{ salt['zr.get_username'](credential) }}
password: {{ salt['zr.get_password'](credential) }}
{% endfor %}
opensearch_security_initialize:
cmd.script:
- source: salt://roles/opensearch/opensearch/files/security_initialize.sh
- args: {{ config['network_host'] }}
- env:
JAVA_HOME: /opt/opensearch/jdk
- creates: /opt/opensearch/plugins/opensearch-security/securityconfig/.initialized
diff --git a/roles/opensearch/opensearch/service.sls b/roles/opensearch/opensearch/service.sls
index c3a0b92..aa2bc8e 100644
--- a/roles/opensearch/opensearch/service.sls
+++ b/roles/opensearch/opensearch/service.sls
@@ -1,31 +1,31 @@
# -------------------------------------------------------------
# Salt — Provision OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# systemd
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% from "map.jinja" import services with context %}
# -------------------------------------------------------------
# Unit configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if services['manager'] == 'systemd' %}
opensearch_unit:
file.managed:
- name: /etc/systemd/system/opensearch.service
- source: salt://roles/opensearch/opensearch/files/opensearch.service
- - mode: 0644
+ - mode: 644
service.running:
- name: opensearch
- enable: true
- watch:
- file: opensearch_unit
{% endif %}
diff --git a/roles/opensearch/opensearch/software.sls b/roles/opensearch/opensearch/software.sls
index 5f9afc4..6f0de94 100644
--- a/roles/opensearch/opensearch/software.sls
+++ b/roles/opensearch/opensearch/software.sls
@@ -1,77 +1,77 @@
# -------------------------------------------------------------
# Salt — Provision OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import shells with context %}
# -------------------------------------------------------------
# User account
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
opensearch_group:
group.present:
- name: opensearch
- gid: 835
opensearch_user:
user.present:
- name: opensearch
- fullname: OpenSearch
- uid: 835
- gid: opensearch
- home: /opt/opensearch
- shell: {{ shells['bash'] }}
# -------------------------------------------------------------
# Download and extract tarballs
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/usr/local/dl:
file.directory
{% if grains['kernel'] == 'Linux' and grains['cpuarch'] == 'x86_64' %}
{% for product, info in pillar['opensearch_products'].items() %}
{% set distname = product + "-" + info['version'] %}
/usr/local/dl/{{ distname }}.tar.gz:
file.managed:
- source: https://artifacts.opensearch.org/releases/bundle/{{ product }}/{{ info['version'] }}/{{ distname }}-linux-x64.tar.gz
- source_hash: {{ info['hash'] }}
/opt/{{ product }}:
file.directory:
- user: opensearch
- group: opensearch
extract_opensearch_{{ product }}:
archive.extracted:
- name: /opt/{{ product }}
- source: /usr/local/dl/{{ distname }}.tar.gz
- user: opensearch
- group: opensearch
- enforce_toplevel: False
- options: --strip 1
{% endfor %}
{% endif %}
/opt/opensearch/plugins/opensearch-security/tools/hash.sh:
file.managed:
- - mode: 0755
+ - mode: 755
# -------------------------------------------------------------
# Cleanup legacy versions
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for product, versions in pillar['opensearch_legacy_products'].items() %}
{% for version in versions %}
/usr/local/dl/{{ product }}-{{ version }}.tar.gz:
file.absent
{% endfor %}
{% endfor %}
diff --git a/roles/opensearch/opensearch/wrapper.sls b/roles/opensearch/opensearch/wrapper.sls
index 01fc616..9bb5823 100644
--- a/roles/opensearch/opensearch/wrapper.sls
+++ b/roles/opensearch/opensearch/wrapper.sls
@@ -1,32 +1,32 @@
# -------------------------------------------------------------
# Salt — Provision OpenSearch
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set config = salt['opensearch.get_config']() %}
# -------------------------------------------------------------
# Wrapper for curl
# Admin client for OpenSearch
#
# https://opensearch.org/docs/latest/opensearch/install/important-settings/
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/usr/local/bin/es-query:
file.managed:
- source: salt://roles/opensearch/opensearch/files/es-query.sh.jinja
- - mode: 0755
+ - mode: 755
- template: jinja
- context:
url: https://{{ config['network_host'] }}:9200
/root/.opensearch-account:
file.managed:
- source: salt://roles/opensearch/opensearch/files/account.conf
- - mode: 0600
+ - mode: 600
- template: jinja
- context:
username: {{ salt['zr.get_username'](config['users']['admin']) }}
password: {{ salt['zr.get_password'](config['users']['admin']) }}
diff --git a/roles/paas-docker/monitoring/init.sls b/roles/paas-docker/monitoring/init.sls
index d9a0762..7913bcc 100644
--- a/roles/paas-docker/monitoring/init.sls
+++ b/roles/paas-docker/monitoring/init.sls
@@ -1,68 +1,68 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
# Install a modern Python interpreter on CentOS/Rocky 7/8
#
# Our checks uses subprocess features to capture output,
# and as such won't work correctly on Python 3.6.
#
# Provide python3.9 as python3 is safe as:
# - Salt RPM package hardcode a version, e.g. #!/usr/bin/python3.6
# - systems scripts like dnf use #!/usr/libexec/platform-python
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if grains["pythonversion"] < [3, 9] %}
{% if grains["os_family"] == "RedHat" %}
epel_repositories:
pkg.installed:
- pkgs:
- epel-release
- epel-next-release
python_packages:
pkg.installed:
- pkgs:
- python39
- python39-pyyaml
- python39-requests
- require:
- pkg: epel_repositories
/etc/alternatives/python3:
file.symlink:
- target: /usr/bin/python3.9
- require:
- pkg: python_packages
{% endif %}
{% endif %}
# -------------------------------------------------------------
# Platform checks
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
platform-checks:
pip.installed
# -------------------------------------------------------------
# Health check configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ dirs.etc }}/monitoring/checks.yml:
file.managed:
- source: salt://roles/paas-docker/monitoring/files/checks.yml.jinja
- makedirs: True
- - mode: 0644
+ - mode: 644
- template: jinja
- context:
checks:
- {{ salt['paas_docker.get_health_checks']() }}
- check_docker_containers: {{ salt['paas_docker.list_containers']() }}
diff --git a/roles/shellserver/odderon/service.sls b/roles/shellserver/odderon/service.sls
index 3712d70..da2b6eb 100644
--- a/roles/shellserver/odderon/service.sls
+++ b/roles/shellserver/odderon/service.sls
@@ -1,36 +1,36 @@
# -------------------------------------------------------------
# Salt — Deploy Odderon unit (darkbot)
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-01-25
# Description: Darkbot unit (Freenode)
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import services with context %}
# -------------------------------------------------------------
# Unit configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if services['manager'] == 'systemd' %}
odderon_unit:
file.managed:
- name: /etc/systemd/system/odderon.service
- source: salt://roles/shellserver/odderon/files/odderon.service
- - mode: 0644
+ - mode: 644
module.run:
- service.force_reload:
- name: odderon
- onchanges:
- file: odderon_unit
odderon_running:
service.running:
- name: odderon
- enable: true
- watch:
- module: odderon_unit
{% endif %}
diff --git a/roles/webserver-core/letsencrypt/service.sls b/roles/webserver-core/letsencrypt/service.sls
index d1884d5..8ed4a16 100644
--- a/roles/webserver-core/letsencrypt/service.sls
+++ b/roles/webserver-core/letsencrypt/service.sls
@@ -1,44 +1,44 @@
# -------------------------------------------------------------
# Salt — Let's encrypt certificates
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-04-27
# Description: Provide a renewal service
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import services with context %}
# -------------------------------------------------------------
# Renew script
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/usr/local/sbin/letsencrypt-renewal:
file.managed:
- source: salt://roles/webserver-core/letsencrypt/files/letsencrypt-renewal.sh
- - mode: 0755
+ - mode: 755
# -------------------------------------------------------------
# Unit configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if services['manager'] == 'systemd' %}
letsencrypt_renew_unit:
file.managed:
- name: /etc/systemd/system/letsencrypt-renew.service
- source: salt://roles/webserver-core/letsencrypt/files/letsencrypt-renew.service
- - mode: 0644
+ - mode: 644
module.run:
- service.force_reload:
- name: letsencrypt-renew
- onchanges:
- file: letsencrypt_renew_unit
letsencrypt_renew_enable:
service.enabled:
- name: letsencrypt-renew
- watch:
- module: letsencrypt_renew_unit
{% endif %}
diff --git a/roles/webserver-legacy/php-sites/php.sls b/roles/webserver-legacy/php-sites/php.sls
index f16dd5e..2fda642 100644
--- a/roles/webserver-legacy/php-sites/php.sls
+++ b/roles/webserver-legacy/php-sites/php.sls
@@ -1,43 +1,43 @@
# -------------------------------------------------------------
# Salt — Provision PHP websites — php-fpm pools
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
# PHP global configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ dirs.etc }}/php.ini:
file.managed:
- source: salt://roles/webserver-legacy/php-sites/files/php.ini
{% for build in pillar['php_custom_builds'] %}
/opt/php/{{ build }}/lib/php.ini:
file.managed:
- source: salt://roles/webserver-legacy/php-sites/files/php.ini
{% endfor %}
# -------------------------------------------------------------
# Sessions directories
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/tmp/php:
file.directory:
- mode: 1770
- group: web
/var/tmp/php/sessions:
file.directory:
- mode: 1770
- group: web
{% for fqdn, site in pillar['web_php_sites'].items() %}
/var/tmp/php/sessions/{{ fqdn }}:
file.directory:
- - mode: 0700
+ - mode: 700
- user: {{ site['user'] }}
{% endfor %}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Mon, Nov 25, 13:20 (1 d, 6 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2260239
Default Alt Text
(35 KB)
Attached To
Mode
rOPS Nasqueron Operations
Attached
Detach File
Event Timeline
Log In to Comment