Page MenuHomeDevCentral

D3302.id8502.diff
No OneTemporary

D3302.id8502.diff

diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -95,8 +95,8 @@
- ops/secrets/nasqueron/deploy/deploy_keys/by_repo/github/wolfplex/api-www
opensearch:
- - ops/secrets/nasqueron.opensearch.infra-logs.internal_users.admin
- - ops/secrets/nasqueron.opensearch.infra-logs.internal_users.dashboards
+ - ops/secrets/nasqueron/opensearch/infra-logs/internal_users/admin
+ - ops/secrets/nasqueron/opensearch/infra-logs/internal_users/dashboards
paas-docker-prod:
@@ -112,80 +112,73 @@
# Format: ops/secrets/nasqueron/service/<...>
#
+ - ops/secrets/nasqueron/acquisitariat/mysql
+
- ops/secrets/nasqueron/airflow/admin_account
- ops/secrets/nasqueron/airflow/fernet
- ops/secrets/nasqueron/airflow/sentry
- ops/secrets/dbserver/cluster-A/users/airflow
+ - ops/secrets/nasqueron/auth-grove/mysql
+
+ - ops/secrets/nasqueron/cachet/app_key
+ - ops/secrets/nasqueron/cachet/mysql
+
+ - ops/secrets/nasqueron/etherpad/api
- ops/secrets/nasqueron/etherpad/mysql
- ops/secrets/nasqueron/etherpad/users/dereckson
+ - ops/secrets/nasqueron/notifications/broker
+ - ops/secrets/nasqueron/notifications/mailgun
+ - ops/secrets/nasqueron/notifications/sentry
+
+ - ops/secrets/nasqueron/notifications/credentials/github/nasqueron
+ - ops/secrets/nasqueron/notifications/credentials/github/wolfplex
+ - ops/secrets/nasqueron/notifications/credentials/github/keruald
+ - ops/secrets/nasqueron/notifications/credentials/github/trustspace
+ - ops/secrets/nasqueron/notifications/credentials/github/eglide
+ - ops/secrets/nasqueron/notifications/credentials/phabricator/nasqueron
+
+ - apps/notifications-center/dockerhub/notifications
+ - apps/notifications-center/dockerhub/auth-grove
+
- ops/secrets/nasqueron/penpot/github
- ops/secrets/nasqueron/penpot/postgresql
- ops/secrets/nasqueron/penpot/secret_key
+ - ops/secrets/nasqueron/pixelfed/app_key
+ - ops/secrets/nasqueron/pixelfed/mailgun
+ - ops/secrets/nasqueron/pixelfed/mysql
+
- ops/secrets/nasqueron/rabbitmq/white-rabbit/erlang-cookie
- ops/secrets/nasqueron/rabbitmq/white-rabbit/root
+ - ops/secrets/nasqueron/sentry/app_key
- ops/secrets/nasqueron/sentry/geoipupdate
-
- #
- # Credentials used by Nasqueron services
- # Format: ops/secrets/nasqueron.<service>.<type>
- #
-
- - ops/secrets/nasqueron.acquisitariat.mysql
-
- - ops/secrets/nasqueron.auth-grove.mysql
-
- - ops/secrets/nasqueron.cachet.app_key
- - ops/secrets/nasqueron.cachet.mysql
-
- - ops/secrets/nasqueron.etherpad.api
-
- - ops/secrets/nasqueron.notifications.broker
- - ops/secrets/nasqueron.notifications.mailgun
- - ops/secrets/nasqueron.notifications.sentry
-
- - ops/secrets/nasqueron.notifications.credentials_github_nasqueron
- - ops/secrets/nasqueron.notifications.credentials_github_wolfplex
- - ops/secrets/nasqueron.notifications.credentials_github_keruald
- - ops/secrets/nasqueron.notifications.credentials_github_trustspace
- - ops/secrets/nasqueron.notifications.credentials_github_eglide
- - ops/secrets/nasqueron.notifications.credentials_phabricator_nasqueron
-
- - apps/notifications-center/dockerhub/notifications
- - apps/notifications-center/dockerhub/auth-grove
-
- - ops/secrets/nasqueron.pixelfed.app_key
- - ops/secrets/nasqueron.pixelfed.mailgun
- - ops/secrets/nasqueron.pixelfed.mysql
-
- - ops/secrets/nasqueron.sentry.app_key
- - ops/secrets/nasqueron.sentry.postgresql
- - ops/secrets/nasqueron.sentry.vault
+ - ops/secrets/nasqueron/sentry/postgresql
+ - ops/secrets/nasqueron/sentry/vault
#
# Credentials used by Nasqueron members private services
- # Format: <username>.<service>.<type>
+ # Format: <username>/<service>/<type>
#
- - ops/secrets/dereckson.phabricator.mysql
+ - ops/secrets/dereckson/phabricator/mysql
#
# Credentials used by projects hosted by Nasqueron
- # Format: <project name>.<service>.<type>
+ # Format: <project name>/<service>/<type>
#
- ops/secrets/dbserver/cluster-A/users/corspat
- - ops/secrets/espacewin.phpbb.mysql_root
+ - ops/secrets/espacewin/phpbb/mysql_root
- - ops/secrets/wolfplex.phabricator.mailgun
- - ops/secrets/wolfplex.phabricator.mysql
+ - ops/secrets/wolfplex/phabricator/mailgun
+ - ops/secrets/wolfplex/phabricator/mysql
- - ops/secrets/zed.phabricator.mysql
- - ops/secrets/zed.phabricator.sendgrid
+ - ops/secrets/zed/phabricator/mysql
+ - ops/secrets/zed/phabricator/sendgrid
paas-docker-dev:
@@ -208,15 +201,15 @@
- ops/secrets/nasqueron/rabbitmq/orange-rabbit/root
- ops/secrets/nasqueron/rabbitmq/orange-rabbit/notifications
- - ops/secrets/nasqueron.notifications.sentry
+ - ops/secrets/nasqueron/notifications/sentry
#
# Credentials used by projects hosted by Nasqueron
- # Format: <project name>.<service>.<type>
+ # Format: <project name>/<service>/<type>
#
- - ops/secrets/espacewin.bugzilla.mysql
- - ops/secrets/espacewin.bugzilla.mysql_root
+ - ops/secrets/espacewin/bugzilla/mysql
+ - ops/secrets/espacewin/bugzilla/mysql_root
saas-mediawiki:
- ops/secrets/dbserver/cluster-B/users/saas-mediawiki
@@ -228,7 +221,7 @@
- ops/secrets/dereckson/wordpress/secrets
viperserv:
- - ops/secrets/nasqueron.viperserv.vault
+ - ops/secrets/nasqueron/viperserv/vault
webserver-alkane-prod:
- ops/secrets/dbserver/cluster-B/users/dereckson_www
@@ -242,7 +235,7 @@
# Wolfplex credentials
#
- - ops/secrets/nasqueron.etherpad.api
+ - ops/secrets/nasqueron/etherpad/api
webserver-alkane-dev:
- ops/secrets/dbserver/cluster-B/users/dereckson_www51
@@ -253,7 +246,7 @@
# Wolfplex credentials
#
- - ops/secrets/nasqueron.etherpad.api
+ - ops/secrets/nasqueron/etherpad/api
# -------------------------------------------------------------
# Vault secrets by dbserver cluster
diff --git a/pillar/notifications/config.sls b/pillar/notifications/config.sls
--- a/pillar/notifications/config.sls
+++ b/pillar/notifications/config.sls
@@ -19,28 +19,28 @@
- gate: GitHub
door: Nasqueron
- secret: nasqueron.notifications.credentials_github_nasqueron
+ secret: nasqueron/notifications/credentials/github/nasqueron
- gate: GitHub
door: Wolfplex
- secret: nasqueron.notifications.credentials_github_wolfplex
+ secret: nasqueron/notifications/credentials/github/wolfplex
- gate: GitHub
door: Keruald
- secret: nasqueron.notifications.credentials_github_keruald
+ secret: nasqueron/notifications/credentials/github/keruald
- gate: GitHub
door: TrustSpace
- secret: nasqueron.notifications.credentials_github_trustspace
+ secret: nasqueron/notifications/credentials/github/trustspace
- gate: GitHub
door: Eglide
- secret: nasqueron.notifications.credentials_github_eglide
+ secret: nasqueron/notifications/credentials/github/eglide
- gate: Phabricator
door: Nasqueron
instance: https://devcentral.nasqueron.org
- secret: nasqueron.notifications.credentials_phabricator_nasqueron
+ secret: nasqueron/notifications/credentials/phabricator/nasqueron
# -------------------------------------------------------------
# Docker Hub build triggers
diff --git a/pillar/opensearch/clusters.sls b/pillar/opensearch/clusters.sls
--- a/pillar/opensearch/clusters.sls
+++ b/pillar/opensearch/clusters.sls
@@ -14,6 +14,6 @@
nodes:
- cloudhugger
users:
- admin: nasqueron.opensearch.infra-logs.internal_users.admin
- dashboards: nasqueron.opensearch.infra-logs.internal_users.dashboards
+ admin: nasqueron/opensearch/infra-logs/internal_users/admin
+ dashboards: nasqueron/opensearch/infra-logs/internal_users/dashboards
heap_size: 26G
diff --git a/pillar/paas/docker/docker-002/etherpad.sls b/pillar/paas/docker/docker-002/etherpad.sls
--- a/pillar/paas/docker/docker-002/etherpad.sls
+++ b/pillar/paas/docker/docker-002/etherpad.sls
@@ -16,7 +16,7 @@
aliases:
- pad.wolfplex.org
- pad.wolfplex.be
- credential: nasqueron.etherpad.api
+ credential: nasqueron/etherpad/api
mysql_link: acquisitariat
etherpad_settings:
diff --git a/pillar/paas/docker/docker-002/main.sls b/pillar/paas/docker/docker-002/main.sls
--- a/pillar/paas/docker/docker-002/main.sls
+++ b/pillar/paas/docker/docker-002/main.sls
@@ -95,10 +95,10 @@
mysql:
acquisitariat:
credentials:
- root: nasqueron.acquisitariat.mysql
+ root: nasqueron/acquisitariat/mysql
phpbb_db:
credentials:
- root: espacewin.phpbb.mysql_root
+ root: espacewin/phpbb/mysql_root
redis:
pixelfed_redis: {}
@@ -146,7 +146,7 @@
- serveurs.nasqueron.org
mailer: mailgun
credentials:
- mysql: zed.phabricator.mysql
+ mysql: zed/phabricator/mysql
static_host: devcentral.nasqueron-user-content.org
title: Nasqueron DevCentral
mysql_link: acquisitariat
@@ -159,7 +159,7 @@
static_host: river-sector.nasqueron-user-content.org
mailer: _
credentials:
- mysql: dereckson.phabricator.mysql
+ mysql: dereckson/phabricator/mysql
storage:
namespace: river_sector
title: River Sector
@@ -174,8 +174,8 @@
static_host: wolfplex.phabricator.nasqueron-user-content.org
mailer: mailgun
credentials:
- mailgun: wolfplex.phabricator.mailgun
- mysql: wolfplex.phabricator.mysql
+ mailgun: wolfplex/phabricator/mailgun
+ mysql: wolfplex/phabricator/mysql
storage:
namespace: wolfphab
title: Wolfplex Phabricator
@@ -188,8 +188,8 @@
static_host: zed.phabricator.nasqueron-user-content.org
mailer: sendgrid
credentials:
- mysql: zed.phabricator.mysql
- sendgrid: zed.phabricator.sendgrid
+ mysql: zed/phabricator/mysql
+ sendgrid: zed/phabricator/sendgrid
storage:
namespace: zedphab
title: Zed
@@ -211,12 +211,12 @@
app_port: 37080
broker_link: white-rabbit
credentials:
- broker: nasqueron.notifications.broker
- mailgun: nasqueron.notifications.mailgun
+ broker: nasqueron/notifications/broker
+ mailgun: nasqueron/notifications/mailgun
sentry:
realm: nasqueron
project_id: 2
- credential: nasqueron.notifications.sentry
+ credential: nasqueron/notifications/sentry
#
# Community and development services
@@ -258,15 +258,15 @@
cachet:
app_port: 39080
host: status.nasqueron.org
- credential: nasqueron.cachet.mysql
- app_key: nasqueron.cachet.app_key
+ credential: nasqueron/cachet/mysql
+ app_key: nasqueron/cachet/app_key
mysql_link: acquisitariat
auth-grove:
login:
app_port: 25080
host: login.nasqueron.org
- credential: nasqueron.auth-grove.mysql
+ credential: nasqueron/auth-grove/mysql
mysql_link: acquisitariat
# API microservices
@@ -296,9 +296,9 @@
mysql: acquisitariat
redis: pixelfed_redis
credentials:
- app_key: nasqueron.pixelfed.app_key
- mailgun: nasqueron.pixelfed.mailgun
- mysql: nasqueron.pixelfed.mysql
+ app_key: nasqueron/pixelfed/app_key
+ mailgun: nasqueron/pixelfed/mailgun
+ mysql: nasqueron/pixelfed/mysql
app:
title: Nasqueron Photos
max_album_length: 16
diff --git a/pillar/paas/docker/docker-002/sentry.sls b/pillar/paas/docker/docker-002/sentry.sls
--- a/pillar/paas/docker/docker-002/sentry.sls
+++ b/pillar/paas/docker/docker-002/sentry.sls
@@ -43,7 +43,7 @@
postgresql:
sentry_db:
image: nasqueron/postgres-sentry
- credential: nasqueron.sentry.postgresql
+ credential: nasqueron/sentry/postgresql
network: sentry
#
@@ -247,9 +247,9 @@
symbolicator: sentry_symbolicator
web: sentry_web
credentials:
- secret_key: nasqueron.sentry.app_key
- postgresql: nasqueron.sentry.postgresql
- vault: nasqueron.sentry.vault
+ secret_key: nasqueron/sentry/app_key
+ postgresql: nasqueron/sentry/postgresql
+ vault: nasqueron/sentry/vault
hostname: sentry.nasqueron.org
email_from: noreply@sentry.nasqueron.org
diff --git a/pillar/paas/docker/dwellers/main.sls b/pillar/paas/docker/dwellers/main.sls
--- a/pillar/paas/docker/dwellers/main.sls
+++ b/pillar/paas/docker/dwellers/main.sls
@@ -82,7 +82,7 @@
network: bugzilla
version: 5.7
credentials:
- root: espacewin.bugzilla.mysql_root
+ root: espacewin/bugzilla/mysql_root
#
# Bugzilla
@@ -96,7 +96,7 @@
mysql:
host: bugzilla_db
db: EspaceWin_Bugs
- credential: espacewin.bugzilla.mysql
+ credential: espacewin/bugzilla/mysql
#
# Jenkins
diff --git a/pillar/paas/docker/dwellers/notifications.sls b/pillar/paas/docker/dwellers/notifications.sls
--- a/pillar/paas/docker/dwellers/notifications.sls
+++ b/pillar/paas/docker/dwellers/notifications.sls
@@ -48,5 +48,5 @@
sentry:
realm: nasqueron
project_id: 2
- credential: nasqueron.notifications.sentry
+ credential: nasqueron/notifications/sentry
environment: integration
diff --git a/pillar/saas/rabbitmq.sls b/pillar/saas/rabbitmq.sls
--- a/pillar/saas/rabbitmq.sls
+++ b/pillar/saas/rabbitmq.sls
@@ -148,7 +148,7 @@
users:
# Notifications center server and clients
- notifications: ops/secrets/nasqueron.notifications.broker
+ notifications: ops/secrets/nasqueron/notifications/broker
wearg: apps/viperserv/broker
notifications-ysul: ops/secrets/nasqueron/notifications/notifications-cli/ysul
notifications-windriver: ops/secrets/nasqueron/notifications/notifications-cli/windriver
diff --git a/roles/vault/policies/files/sentry.hcl b/roles/vault/policies/files/sentry.hcl
--- a/roles/vault/policies/files/sentry.hcl
+++ b/roles/vault/policies/files/sentry.hcl
@@ -17,10 +17,10 @@
capabilities = [ "read" ]
}
-path "ops/data/secrets/nasqueron.sentry.app_key" {
+path "ops/data/secrets/nasqueron/sentry/app_key" {
capabilities = [ "read" ]
}
-path "ops/data/secrets/nasqueron.sentry.postgresql" {
+path "ops/data/secrets/nasqueron/sentry/postgresql" {
capabilities = [ "read" ]
}
diff --git a/roles/viperserv/eggdrop/config.sls b/roles/viperserv/eggdrop/config.sls
--- a/roles/viperserv/eggdrop/config.sls
+++ b/roles/viperserv/eggdrop/config.sls
@@ -65,7 +65,7 @@
host: {{ pillar["nasqueron_services"]["db-B"] }}
database: Nasqueron
vault:
- approle: {{ salt['credentials.read_secret']('nasqueron.viperserv.vault') }}
+ approle: {{ salt['credentials.read_secret']('nasqueron/viperserv/vault') }}
addr: {{ pillar["nasqueron_services"]["vault_url"] }}
{% for botname, bot in pillar['viperserv_bots'].items() %}
diff --git a/roles/webserver-content/org/wolfplex/api.sls b/roles/webserver-content/org/wolfplex/api.sls
--- a/roles/webserver-content/org/wolfplex/api.sls
+++ b/roles/webserver-content/org/wolfplex/api.sls
@@ -22,7 +22,7 @@
- show_changes: False
- context:
secrets:
- etherpad.api.key: {{ salt['credentials.get_token']("nasqueron.etherpad.api") }}
+ etherpad.api.key: {{ salt['credentials.get_token']("nasqueron/etherpad/api") }}
# -------------------------------------------------------------
# Base part

File Metadata

Mime Type
text/plain
Expires
Sat, Dec 28, 21:36 (19 m, 26 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2319594
Default Alt Text
D3302.id8502.diff (15 KB)

Event Timeline