Page MenuHomeDevCentral
Files F3936990

D1921.id4863.diff
No OneTemporary
Actions

D1921.id4863.diff
View Options

diff --git a/PORTS b/PORTS
--- a/PORTS
+++ b/PORTS
@@ -1,8 +1,3 @@
-reserved-for-legacy-docker-migration-high-priority
- 23080 Phabricator HTTP - River Sector
- 35080 Phabricator HTTP - Wolfplex
- 36080 Phabricator HTTP - Zed
-
reserved-for-legacy-docker-migration-medium-priority
3000 Mastodon public HTTP
4000 Mastodon streaming HTTP
@@ -27,12 +22,15 @@
20080 Nasqueron API - Docker registry API
22220 Phabricator Aphlict (client)
22221 Phabricator Aphlict (admin)
+ 23080 Phabricator HTTP - River Sector
24080 Tommy HTTP - CI
24180 Tommy HTTP - CD
25080 Auth Grove HTTP
31080 Phabricator HTTP - DevCentral
33080 Bugzilla HTTP - Espace Win
34080 Etherpad
+ 35080 Phabricator HTTP - Wolfplex
+ 36080 Phabricator HTTP - Zed
38080 Jenkins HTTP - CD
39080 Cachet HTTP
42080 Jenkins HTTP - CI
diff --git a/pillar/credentials/zr.sls b/pillar/credentials/zr.sls
--- a/pillar/credentials/zr.sls
+++ b/pillar/credentials/zr.sls
@@ -28,6 +28,16 @@
# This API key is used by Wolfplex API to access to the pad lists
api: 125
+ #
+ # Credentials used by Nasqueron members private services
+ #
+
+ dereckson:
+
+ # River Sector
+ phabricator:
+ mysql: 133
+
#
# Credentials used by Espace Win services
#
@@ -37,3 +47,25 @@
# bugzilla.espace-win.org
bugzilla:
mysql: 131
+
+ #
+ # Credentials used by Wolfplex services
+ #
+
+ wolfplex:
+
+ # phabricator.wolfplex.be
+ phabricator:
+ mysql: 135
+ mailgun: 138
+
+ #
+ # Credentials used by Zed services
+ #
+
+ zed:
+
+ # code.zed.dereckson.be
+ phabricator:
+ mysql: 134
+ sendgrid: 45
diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -216,6 +216,7 @@
# Infrastructure and development services
phabricator:
+ # Nasqueron instance
devcentral:
app_port: 31080
host: devcentral.nasqueron.org
@@ -228,7 +229,54 @@
- server.nasqueron.org
- serveur.nasqueron.org
- serveurs.nasqueron.org
+ mailer: mailgun
+ credentials:
+ mysql: zed.phabricator.mysql
static_host: phabricator-files-for-devcentral-nasqueron.spacetechnology.net
+ title: Nasqueron DevCentral
+ mysql_link: acquisitariat
+ skip_container: True
+
+ # Private instance for Dereckson
+ river_sector:
+ app_port: 23080
+ host: river-sector.dereckson.be
+ static_host: phabricator-files-for-river-sector.nasqueron.org
+ mailer: _
+ credentials:
+ mysql: dereckson.phabricator.mysql
+ storage:
+ namespace: river_sector
+ title: River Sector
+ mysql_link: acquisitariat
+
+ # Wolfplex instance
+ wolfplex_phab:
+ app_port: 35080
+ host: phabricator.wolfplex.be
+ static_host: phabricator-files-for-wolfplex.nasqueron.org
+ mailer: mailgun
+ credentials:
+ mailgun: wolfplex.phabricator.mailgun
+ mysql: wolfplex.phabricator.mysql
+ storage:
+ namespace: wolfphab
+ title: Wolfplex Phabricator
+ mysql_link: acquisitariat
+
+ # Zed instance
+ zed_code:
+ app_port: 36080
+ host: code.zed.dereckson.be
+ static_host: phabricator-files-for-zed.nasqueron.org
+ mailer: sendgrid
+ credentials:
+ mysql: zed.phabricator.mysql
+ sendgrid: zed.phabricator.sendgrid
+ storage:
+ namespace: zedphab
+ title: Zed
+ mysql_link: acquisitariat
aphlict:
aphlict:
diff --git a/roles/paas-docker/containers/phabricator.sls b/roles/paas-docker/containers/phabricator.sls
--- a/roles/paas-docker/containers/phabricator.sls
+++ b/roles/paas-docker/containers/phabricator.sls
@@ -10,12 +10,13 @@
{% set containers = pillar['docker_containers'][grains['id']] %}
{% for instance, container in containers['phabricator'].items() %}
+{% set create_container = "skip_container" not in container or not container['skip_container'] %}
# -------------------------------------------------------------
# Storage directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-/srv/{{ instance }}:
+/srv/phabricator/{{ instance }}:
file.directory:
- user: 431
- group: 433
@@ -24,12 +25,61 @@
{% if has_selinux %}
selinux_context_{{ instance }}_data:
selinux.fcontext_policy_present:
- - name: /srv/{{ instance }}
+ - name: /srv/phabricator/{{ instance }}
- sel_type: container_file_t
selinux_context_{{ instance }}_data_applied:
selinux.fcontext_policy_applied:
- - name: /srv/{{ instance }}
+ - name: /srv/phabricator/{{ instance }}
+{% endif %}
+
+# -------------------------------------------------------------
+# Container
+#
+# /!\ DEVCENTRAL DEPLOYMENT ISSUE /!\
+#
+# We've currently a chicken or egg problem here: the zr
+# credentials source is the Nasqueron Phabricator instance,
+# DevCentral. As such, we can't provision it through this block.
+#
+# This is blocked by secrets migration to Vault.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if create_container %}
+
+{{ instance }}:
+ docker_container.running:
+ - detach: True
+ - interactive: True
+ - image: nasqueron/phabricator
+ - binds:
+ - /srv/phabricator/{{ instance }}/conf:/opt/phabricator/conf
+ - /srv/phabricator/{{ instance }}/repo:/var/repo
+ - environment:
+ PHABRICATOR_URL: https://{{ container['host'] }}
+ PHABRICATOR_TITLE: {{ container['title'] }}
+ PHABRICATOR_DOMAIN: {{ container['host'] }}
+ PHABRICATOR_ALT_FILE_DOMAIN: https://{{ container['static_host'] }}
+
+ DB_USER: {{ salt['zr.get_username'](container['credentials']['mysql']) }}
+ DB_PASS: {{ salt['zr.get_password'](container['credentials']['mysql']) }}
+ PHABRICATOR_STORAGE_NAMESPACE: {{ container['storage']['namespace'] }}
+
+ {% if container['mailer'] == 'sendgrid' %}
+ PHABRICATOR_USE_SENDGRID: 1
+ PHABRICATOR_SENDGRID_APIUSER: {{ salt['zr.get_username'](container['credentials']['sendgrid']) }}
+ PHABRICATOR_SENDGRID_APIKEY: {{ salt['zr.get_password'](container['credentials']['sendgrid']) }}
+ {% elif container['mailer'] == 'mailgun' %}
+ PHABRICATOR_USE_MAILGUN: 1
+ PHABRICATOR_MAILGUN_APIKEY: {{ salt['zr.get_token'](container['credentials']['mailgun']) }}
+ {% endif %}
+
+ - links: {{ container['mysql_link'] }}:mysql
+ - ports:
+ - 80
+ - ports_bindings:
+ - {{ container['app_port'] }}:80
+
{% endif %}
{% endfor %}
diff --git a/roles/phabricator/containers/Makefile b/roles/phabricator/containers/Makefile
--- a/roles/phabricator/containers/Makefile
+++ b/roles/phabricator/containers/Makefile
@@ -2,6 +2,5 @@
PREFIX=/usr/local
install:
- ${INSTALL} files/run-wolfphab.sh ${PREFIX}/bin/run-wolfphab
${INSTALL} files/run-devcentral.sh ${PREFIX}/bin/run-devcentral
${INSTALL} files/run-aphlict.sh ${PREFIX}/bin/run-aphlict
diff --git a/roles/phabricator/containers/files/run-wolfphab.sh b/roles/phabricator/containers/files/run-wolfphab.sh
deleted file mode 100755
--- a/roles/phabricator/containers/files/run-wolfphab.sh
+++ /dev/null
@@ -1,81 +0,0 @@
-#!/bin/sh
-
-# -------------------------------------------------------------
-# Phabricator — Wolfplex instance
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Author: Sébastien Santoro aka Dereckson
-# Project: Nasqueron
-# Created: 2015-10-25
-# Description: Phabricator instance for Nasqueron
-# License: Trivial work, not eligible to copyright
-# Image: nasqueron/phabricator
-# Source file: roles/phabricator/containers/files/run-wolfphab.sh
-# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is managed by our rOPS SaltStack repository.
-#
-# Changes to this file may cause incorrect behavior
-# and will be lost if the state is redeployed.
-# </auto-generated>
-
-# -------------------------------------------------------------
-# Container parameters
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-INSTANCE_NAME=wolfphab
-PORT=35080
-DOMAIN=phabricator.wolfplex.be
-DATA_DIRECTORY=/srv/data/$INSTANCE_NAME
-MYSQL_INSTANCE=acquisitariat
-MYSQL_NAMESPACE=wolfphab
-
-# -------------------------------------------------------------
-# Phabricator parameters
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-PHABRICATOR_URL=https://$DOMAIN
-PHABRICATOR_TITLE="Wolfplex Phabricator"
-PHABRICATOR_ALT_FILE_DOMAIN="https://phabricator-files-for-wolfplex.nasqueron.org"
-
-# -------------------------------------------------------------
-# Ensure container isn't already running
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker-container-status $INSTANCE_NAME > /dev/null
-if [ "$?" -lt 2 ]; then
- echo "Container is already running."
- echo "To force relaunch, try docker stop $INSTANCE_NAME ; docker rm $INSTANCE_NAME ; $0"
- exit 1
-fi
-
-# -------------------------------------------------------------
-# Container launch
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker run -t -d \
- --link $MYSQL_INSTANCE:mysql \
- -v $DATA_DIRECTORY/repo:/var/repo \
- -v $DATA_DIRECTORY/conf:/opt/phabricator/conf \
- -p $PORT:80 \
- -e PHABRICATOR_URL=$PHABRICATOR_URL \
- -e PHABRICATOR_TITLE="$PHABRICATOR_TITLE" \
- -e PHABRICATOR_ALT_FILE_DOMAIN="$PHABRICATOR_ALT_FILE_DOMAIN" \
- -e PHABRICATOR_STORAGE_NAMESPACE="$MYSQL_NAMESPACE" \
- --name $INSTANCE_NAME nasqueron/phabricator
-
-docker exec $INSTANCE_NAME sh -c 'cd /opt/phabricator && \
- bin/config set mysql.host mysql && \
- bin/config set mysql.pass $MYSQL_ENV_MYSQL_ROOT_PASSWORD && \
- bin/config set storage.default-namespace $PHABRICATOR_STORAGE_NAMESPACE && \
- bin/config set phabricator.base-uri $PHABRICATOR_URL && \
- bin/config set security.alternate-file-domain "$PHABRICATOR_ALT_FILE_DOMAIN" && \
- bin/config set mailgun.domain $DOMAIN && \
- rm -f /etc/nginx/sites-enabled/default && \
- chown -R app /var/repo'
-
-# Fixes bug phd doesn't run at the very first container launch
-docker exec $INSTANCE_NAME sv restart phd
-
-echo "Deployment done at `date`."
-exit 0

File Metadata

Mime Type
text/plain
Expires
Tue, Dec 24, 14:35 (19 h, 37 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2314050
Default Alt Text
D1921.id4863.diff (10 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator