Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3766787
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
10 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/_modules/zr.py b/_modules/zr.py
index f821db5..2eff59c 100644
--- a/_modules/zr.py
+++ b/_modules/zr.py
@@ -1,67 +1,90 @@
# -*- coding: utf-8 -*-
# -------------------------------------------------------------
# Salt — Zemke-Rhyne module
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-09-11
# Description: Fetch Zemke-Rhyne credentials
# License: BSD-2-Clause
# -------------------------------------------------------------
from salt.utils.path import which as path_which
def __virtual__():
'''
Only load if zr exists on the system
'''
return path_which('zr') is not None,\
"The Zemke-Rhyne execution module cannot be loaded: zr not installed."
-def _assert_stricly_positive_integer(value):
+def _build_pillar_key(expression):
+ return "zr_credentials:" + expression.replace(".", ":")
+
+
+def _get_credential_id_from_pillar_key(expression):
+ '''Gets credentials id from a dot pillar path, e.g. nasqueron.foo.bar'''
+ key = _build_pillar_key(expression)
+ return __salt__['pillar.get'](key)
+
+
+def get_credential_id(expression):
try:
- number = int(value)
+ # Case I - expression is an integer
+ number = int(expression)
+
if number < 1:
raise ValueError(
- value, "A strictly positive integer was expected.")
+ expression, "A strictly positive integer was expected.")
+
+ return number
except ValueError:
- raise
+ # Case II - expression is a pillar key
+ id = _get_credential_id_from_pillar_key(expression)
+
+ if id is None:
+ raise ValueError(expression, "Pillar key not found")
+ return id
-def get_password(credential_id):
+
+def get_password(credential_expression):
"""
A function to fetch credential through Zemke-Rhyne
CLI Example:
salt equatower zr.get_password 124
- :param credential_id: The credential number (K...) in Phabricator
+ :param credential_expression: The credential number (K...) in Phabricator
+ or a key in zr_credentials pillar entry
:return: The secret value
"""
- _assert_stricly_positive_integer(credential_id)
+ credential_id = get_credential_id(credential_expression)
zr_command = "zr getcredentials {0}".format(credential_id)
return __salt__['cmd.shell'](zr_command)
-def get_username(credential_id):
+def get_username(credential_expression):
"""
A function to fetch the username associated to a credential
through Zemke-Rhyne
CLI Example:
salt equatower zr.get_username 124
- :param credential_id: The credential number (K...) in Phabricator
+ :param credential_expression: The credential number (K...) in Phabricator
+ or a key in zr_credentials pillar entry
+
:return: The username
"""
- _assert_stricly_positive_integer(credential_id)
+ credential_id = get_credential_id(credential_expression)
zr_command = "zr getcredentials {0} username".format(credential_id)
return __salt__['cmd.shell'](zr_command)
diff --git a/pillar/credentials/zr.sls b/pillar/credentials/zr.sls
new file mode 100644
index 0000000..6fb9c16
--- /dev/null
+++ b/pillar/credentials/zr.sls
@@ -0,0 +1,24 @@
+# -------------------------------------------------------------
+# Salt configuration for Nasqueron servers
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2018-09-12
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+zr_credentials:
+
+ #
+ # Credentials used by Nasqueron services
+ #
+
+ nasqueron:
+
+ # status.nasqueron.org
+ cachet:
+ mysql: 47
+
+ # pad.nasqueron.org
+ etherpad:
+ # This API key is used by Wolfplex API to access to the pad lists
+ api: 125
diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
index 6eac03a..72f4be1 100644
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -1,201 +1,201 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
docker_aliases:
- &ipv4_equatower 51.255.124.10
# -------------------------------------------------------------
# Images
#
# You can append a :tag (by default, latest is used).
#
# It's not possible to specify Docker library images only by final name.
# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_images:
'*':
- certbot/certbot
dwellers:
# Core services
- nasqueron/rabbitmq
# Infrastructure and development services
- dereckson/cachet
- nasqueron/notifications
equatower:
# Core services
- nasqueron/mysql
# Infrastructure and development services
- nasqueron/aphlict
- nasqueron/etherpad:production
- nasqueron/phabricator
# Continuous deployment jobs
- jenkinsci/jenkins
- nasqueron/jenkins-slave-php
# phpBB SaaS
- nasqueron/mysql
# -------------------------------------------------------------
# Networks
#
# Containers can be grouped by network, instead to use links.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_networks:
equatower:
cd:
subnet: 172.18.1.0/24
# -------------------------------------------------------------
# Containers
#
# The docker_containers entry allow to declare
# containers by image by servers
#
# The hierarchy is so as following.
#
# docker_containers:
# server with the Docker engine:
# service codename:
# instance name:
# container properties
#
# The service codename must match a state file in
# the roles/paas-docker/containers/ directory.
#
# The container will be run with the specified instance name.
#
# **nginx**
#
# The container properties can also describe the information
# needed to configure nginx with the host and app_port key.
#
# In such case, a matching vhost file should be declared as
# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_containers:
#
# Equatower is the current production engine
#
equatower:
#
# Core services
#
mysql:
acquisitariat: {}
phpbb_db: {}
#
# CD
#
jenkins:
jenkins_cd:
realm: cd
host: cd.nasqueron.org
app_port: 38080
jnlp_port: 50000
jenkins_slave:
# Slaves for CD
apsile: &php_for_cd
image: php
realm: cd
elapsi: *php_for_cd
# Infrastructure and development services
phabricator:
devcentral:
app_port: 31080
host: devcentral.nasqueron.org
aliases:
- phabricator.nasqueron.org
blogs:
servers:
host: servers.nasqueron.org
aliases:
- server.nasqueron.org
- serveur.nasqueron.org
- serveurs.nasqueron.org
static_host: phabricator-files-for-devcentral-nasqueron.spacetechnology.net
aphlict:
aphlict:
ports:
client: 22280
admin: 22281
cachet:
cachet:
app_port: 39080
host: status.nasqueron.org
- credential: 47
+ credential: nasqueron.cachet.mysql
mysql_link: acquisitariat
etherpad:
pad:
app_port: 34080
host: pad.nasqueron.org
aliases:
- pad.wolfplex.org
- pad.wolfplex.be
- credential: 125
+ credential: nasqueron.etherpad.api
mysql_link: acquisitariat
# phpBB SaaS
# The SaaS uses a MySQL instance, declared in the MySQL section.
# Openfire
openfire:
openfire:
ip: *ipv4_equatower
app_port: 9090
host: xmpp.nasqueron.org
# -------------------------------------------------------------
# Ports listened by XMPP
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
xmpp_ports:
- 3478
- 5222 # Client to server
- 5223 # Client to server (Encrypted (legacy-mode) connections)
- 5262 # Connections managers
- 5269 # Server to server
- 5275 # External components
- 5276 # External components (Encrypted (legacy-mode) connections)
- 7070 # HTTP binding
- 7443 # HTTP binding with TLS
- 7777 # File transfer proxy
- 9090 # Web administration server
- 9091 # Web administration server with TLS
# -------------------------------------------------------------
# Zemke-Rhyne clients
#
# This section should list all the Docker engines server
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
zr_clients:
- key: 2
allowedConnectionFrom:
- 172.27.26.49
- dwellers.nasqueron.drake
- dwellers.nasqueron.org
restrictCommand:
comment: Zemke-Rhyne
- key: 123
allowedConnectionFrom:
- equatower.nasqueron.org
restrictCommand:
comment: Zemke-Rhyne
diff --git a/pillar/top.sls b/pillar/top.sls
index a6ba77c..a6fc488 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -1,33 +1,34 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
base:
'*':
- core.users
- core.groups
- certificates.certificates
- nodes.nodes
- nodes.forests
- hotfixes.roles
- webserver.sites
dwellers:
- paas.docker
eglide:
- shellserver.quassel
equatower:
+ - credentials.zr
- paas.docker
- saas.jenkins
- saas.phpbb
ysul:
- devserver.repos
- paas.docker
- saas.mediawiki
- viperserv.bots
- viperserv.fantoir
- webserver.labs
- webserver.wwwroot51
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sun, Nov 24, 19:44 (8 h, 50 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2257322
Default Alt Text
(10 KB)
Attached To
Mode
rOPS Nasqueron Operations
Attached
Detach File
Event Timeline
Log In to Comment