Page MenuHomeDevCentral
Files F3766125

No OneTemporary
Actions

View Options

diff --git a/_modules/paas_docker.py b/_modules/paas_docker.py
index 1a593ff..73241ef 100644
--- a/_modules/paas_docker.py
+++ b/_modules/paas_docker.py
@@ -1,110 +1,125 @@
# -*- coding: utf-8 -*-
# -------------------------------------------------------------
# Salt — PaaS Docker execution module
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-10-07
# Description: Functions related to data format conversions
# License: BSD-2-Clause
# -------------------------------------------------------------
def get_image(default_image, args):
"""
A function to output a pillar key in JSON.
State Example::
{% image = salt['paas_docker.get_image']("nasqueron/mysql", container) %}
"""
image = default_image
if "image" in args:
image = args["image"]
if "version" in args:
image += ":" + str(args["version"])
return image
+def list_images():
+ """
+ A function to get the list of images used on a Docker engine.
+
+ Example:
+
+ salt docker-002 paas_docker.list_images
+ """
+ images = __pillar__.get("docker_images", [])
+
+ # Workaround for a merge issue for lists:
+ # Salt Tower concatenates them, a set will dedup them.
+ return set(images)
+
+
def get_subnets():
"""
A function to get the Docker subnets list.
CLI Example:
salt * paas_docker.get_subnets
"""
try:
- networks = __pillar__["docker_networks"][__grains__["id"]]
+ networks = __pillar__["docker_networks"]
except KeyError:
networks = {}
# Defined Docker subnet
subnets = [network["subnet"] for network in networks.values()]
# Default Docker subnet
subnets.append("172.17.0.0/16")
return subnets
def _get_containers():
try:
- return __pillar__["docker_containers"][__grains__["id"]]
+ return __pillar__["docker_containers"]
except KeyError:
return {}
def list_containers():
"""
A function to list all the containers provisionned on a Docker engine.
This function uses the pillar docker_containers as authoritative source,
so it documents the expected configuration, not the actual containers
running. That allows to compare both states.
CLI Example:
salt * paas_docker.list_containers
"""
return [
key
for service, service_containers in _get_containers().items()
for key in service_containers.keys()
]
# -------------------------------------------------------------
# Monitoring
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
def _get_health_check_url(check_type, container, url):
if check_type[-6:] == "_proxy":
return f"https://{container['host']}{url}"
return f"http://localhost:{container['app_port']}{url}"
def get_health_checks():
"""
A function to get a dictionary with health checks
for known containers to use with our monitoring.
CLI Example:
salt * paas_docker.get_health_checks
"""
containers = _get_containers()
monitoring = __pillar__["docker_containers_monitoring"]
return {
check_type: {
instance: _get_health_check_url(check_type, container, url)
for service, url in monitoring[check_type].items()
for instance, container in containers.get(service, {}).items()
}
for check_type in monitoring.keys()
}
diff --git a/_tests/data/paas_docker.yaml b/_tests/data/paas_docker.yaml
index 937c27e..c59f937 100644
--- a/_tests/data/paas_docker.yaml
+++ b/_tests/data/paas_docker.yaml
@@ -1,7 +1,15 @@
docker_networks:
egladil:
cd:
subnet: 172.18.1.0/24
ci:
subnet: 172.18.2.0/24
voidserver: {}
+
+docker_images:
+ # This duplicate allows to ensure uniqueness
+ - foo
+ - foo
+
+ - bar
+ - quux
diff --git a/_tests/modules/test_paas_docker.py b/_tests/modules/test_paas_docker.py
index a0d6106..0323384 100755
--- a/_tests/modules/test_paas_docker.py
+++ b/_tests/modules/test_paas_docker.py
@@ -1,59 +1,64 @@
#!/usr/bin/env python3
from importlib.machinery import SourceFileLoader
import unittest
salt_test_case = SourceFileLoader("salt_test_case", "salt_test_case.py").load_module()
docker = SourceFileLoader("docker", "../_modules/paas_docker.py").load_module()
class Testinstance(unittest.TestCase, salt_test_case.SaltTestCase):
def setUp(self):
self.initialize_mocks()
self.instance = docker
self.mock_pillar("data/paas_docker.yaml")
self.mock_grains()
self.grains["id"] = "egladil"
def test_get_image(self):
container = {"image": "foo", "version": "42"}
self.assertEqual("foo:42", docker.get_image("not_foo", container))
+ def test_list_images(self):
+ expected = {"foo", "bar", "quux"}
+
+ self.assertEqual(expected, docker.list_images())
+
def test_get_image_without_version(self):
container = {
"image": "foo",
}
self.assertEqual("foo", docker.get_image("not_foo", container))
def test_get_image_without_image(self):
container = {"version": "42"}
self.assertEqual("not_foo:42", docker.get_image("not_foo", container))
def test_get_image_without_anything(self):
self.assertEqual("not_foo", docker.get_image("not_foo", {}))
def test_get_image_with_numeric_version(self):
container = {"image": "foo", "version": 2.5}
self.assertEqual("foo:2.5", docker.get_image("not_foo", container))
def test_get_subnets(self):
expected = ["172.18.1.0/24", "172.18.2.0/24", "172.17.0.0/16"]
self.assertEqual(expected, docker.get_subnets())
def test_get_subnets_when_none_are_defined(self):
# Only the default Docker one
expected = ["172.17.0.0/16"]
self.grains["id"] = "voidserver"
self.assertEqual(expected, docker.get_subnets())
if __name__ == "__main__":
unittest.main()
diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
index 9a1d58a..ebb6a64 100644
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -1,598 +1,63 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-docker_aliases:
- - &ipv4_docker002 51.255.124.9
- - &ipv4_docker002_restricted 172.27.27.5
-
-# -------------------------------------------------------------
-# Images
-#
-# You can append a :tag (by default, latest is used).
-#
-# It's not possible to specify Docker library images only by final name.
-# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker_images:
- '*':
- - certbot/certbot
-
- dwellers:
- # Core services
- - nasqueron/mysql:5.7
-
- docker-002:
- # Core services
- - library/postgres
- - library/redis:3.2-alpine
- - library/registry
- - nasqueron/mysql
- - nasqueron/rabbitmq
-
- # ACME DNS server
- - joohoi/acme-dns
-
- # Nasqueron services
- - nasqueron/auth-grove
-
- # Nasqueron API microservices
- - nasqueron/docker-registry-api
- - nasqueron/api-datasources
-
- # Infrastructure and development services
- - nasqueron/aphlict
- - nasqueron/cachet
- - nasqueron/etherpad:production
- - nasqueron/notifications
- - nasqueron/phabricator
- - ghcr.io/hound-search/hound
-
- # Continuous deployment jobs
- - jenkins/jenkins
- - nasqueron/jenkins-agent-node
- - nasqueron/jenkins-agent-php
- - nasqueron/jenkins-agent-php:7.4.23
- - nasqueron/jenkins-agent-rust
- - nasqueron/tommy
-
- # Pixelfed
- - nasqueron/pixelfed
-
- # Sentry
- - library/sentry
- - tianon/exim4
-
- # Hauk
- - bilde2910/hauk
-
-# -------------------------------------------------------------
-# Networks
-#
-# Containers can be grouped by network, instead to use links.
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker_networks:
- dwellers:
- bugzilla:
- subnet: 172.21.3.0/24
- jenkinsTest:
- subnet: 172.21.5.0/24
- docker-002:
- cd:
- subnet: 172.18.1.0/24
- ci:
- subnet: 172.18.2.0/24
- sentry:
- subnet: 172.18.3.0/24
-
-# -------------------------------------------------------------
-# Docker engine configuration
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker_daemon:
- docker-002:
- data-root: /srv/docker
- dwellers:
- data-root: /srv/docker
- group: nasqueron-dev-docker
-
-# -------------------------------------------------------------
-# Containers
-#
-# The docker_containers entry allow to declare
-# containers by image by servers
-#
-# The hierarchy is so as following.
-#
-# docker_containers:
-# server with the Docker engine:
-# service codename:
-# instance name:
-# container properties
-#
-# The service codename must match a state file in
-# the roles/paas-docker/containers/ directory.
-#
-# The container will be run with the specified instance name.
-#
-# **nginx**
-#
-# The container properties can also describe the information
-# needed to configure nginx with the host and app_port key.
-#
-# In such case, a matching vhost file should be declared as
-# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-docker_containers:
-
- #
- # Dwellers is the engine for Mastodon and CI intelligent bus services
- #
- dwellers:
-
- #
- # Core services
- #
-
- mysql:
- bugzilla_db:
- network: bugzilla
- version: 5.7
- credentials:
- root: espacewin.bugzilla.mysql_root
-
- #
- # Bugzilla
- #
-
- bugzilla:
- ew_bugzilla:
- host: bugzilla.espace-win.org
- app_port: 33080
- network: bugzilla
- mysql:
- host: bugzilla_db
- db: EspaceWin_Bugs
- credential: espacewin.bugzilla.mysql
-
- #
- # Jenkins
- #
-
- jenkins:
- jenkins_test:
- realm: test
- host: jenkins.test.nasqueron.org
- app_port: 47080
- jnlp_port: 52000
-
- jenkins_agent:
- zosso:
- image_flavour: php
- realm: test
-
- #
- # Mastodon
- #
-
- # Mastodon is currently deployed manually through docker-compose
- # and not yet integrated to the platform. This declaration is
- # currently only used for extra utilities deployment.
-
- mastodon_sidekiq:
- mastodon_sidekiq_1:
- realm: nasqueron
-
- #
- # Production engine
- #
- docker-002:
-
- #
- # Core services
- #
-
- mysql:
- acquisitariat:
- credentials:
- root: nasqueron.acquisitariat.mysql
- phpbb_db:
- credentials:
- root: espacewin.phpbb.mysql_root
-
- postgresql:
- sentry_db:
- image: nasqueron/postgres-sentry
- credential: nasqueron.sentry.postgresql
-
- memcached:
- sentry_memcached:
- version: 1.6.9-alpine
- network: sentry
-
- redis:
- sentry_redis:
- network: sentry
- pixelfed_redis: {}
-
- registry:
- registry:
- host: registry.nasqueron.org
- app_port: 5000
- allowed_ips:
- # Localhost
- - 127.0.0.1
-
- # Dwellers
- - 172.27.27.4
-
- # docker-002
- - 172.27.27.5
-
- rabbitmq:
- white-rabbit:
- ip: *ipv4_docker002_restricted
- host: white-rabbit.nasqueron.org
- app_port: 15672
- credentials:
- erlang_cookie: nasqueron/rabbitmq/white-rabbit/erlang-cookie
- root: nasqueron/rabbitmq/white-rabbit/root
-
- #
- # Phabricator
- #
-
- phabricator:
- # Nasqueron instance
- devcentral:
- app_port: 31080
- host: devcentral.nasqueron.org
- aliases:
- - phabricator.nasqueron.org
- blogs:
- servers:
- host: servers.nasqueron.org
- aliases:
- - server.nasqueron.org
- - serveur.nasqueron.org
- - serveurs.nasqueron.org
- mailer: mailgun
- credentials:
- mysql: zed.phabricator.mysql
- static_host: devcentral.nasqueron-user-content.org
- title: Nasqueron DevCentral
- mysql_link: acquisitariat
- skip_container: True
-
- # Private instance for Dereckson
- river_sector:
- app_port: 23080
- host: river-sector.dereckson.be
- static_host: river-sector.nasqueron-user-content.org
- mailer: _
- credentials:
- mysql: dereckson.phabricator.mysql
- storage:
- namespace: river_sector
- title: River Sector
- mysql_link: acquisitariat
-
- # Wolfplex instance
- wolfplex_phab:
- app_port: 35080
- host: phabricator.wolfplex.org
- aliases:
- - phabricator.wolfplex.be
- static_host: wolfplex.phabricator.nasqueron-user-content.org
- mailer: mailgun
- credentials:
- mailgun: wolfplex.phabricator.mailgun
- mysql: wolfplex.phabricator.mysql
- storage:
- namespace: wolfphab
- title: Wolfplex Phabricator
- mysql_link: acquisitariat
-
- # Zed instance
- zed_code:
- app_port: 36080
- host: code.zed.dereckson.be
- static_host: zed.phabricator.nasqueron-user-content.org
- mailer: sendgrid
- credentials:
- mysql: zed.phabricator.mysql
- sendgrid: zed.phabricator.sendgrid
- storage:
- namespace: zedphab
- title: Zed
- mysql_link: acquisitariat
-
- aphlict:
- aphlict:
- ports:
- client: 22280
- admin: 22281
-
- #
- # Notifications center
- #
-
- notifications:
- notifications:
- host: notifications.nasqueron.org
- app_port: 37080
- broker_link: white-rabbit
- credentials:
- broker: nasqueron.notifications.broker
- mailgun: nasqueron.notifications.mailgun
- sentry:
- realm: nasqueron
- project_id: 2
- credential: nasqueron.notifications.sentry
-
- #
- # Community and development services
- #
-
- etherpad:
- pad:
- app_port: 34080
- host: pad.nasqueron.org
- aliases:
- - pad.wolfplex.org
- - pad.wolfplex.be
- credential: nasqueron.etherpad.api
- mysql_link: acquisitariat
-
- # Hauk
- hauk:
- hauk:
- app_port: 43080
- host: geo.nasqueron.org
- api_entry_point: /hauk
-
- #
- # Let's Encrypt
- #
-
- acme_dns:
- acme:
- ip: *ipv4_docker002
- app_port: 41080
- host: acme.nasqueron.org
- nsadmin: ops.nasqueron.org
-
- #
- # CI and CD
- #
-
- jenkins:
- jenkins_cd:
- realm: cd
- host: cd.nasqueron.org
- app_port: 38080
- jnlp_port: 50000
- jenkins_ci:
- realm: ci
- host: ci.nasqueron.org
- app_port: 42080
- jnlp_port: 55000
-
- jenkins_agent:
- # Agents for CD
-
- apsile: &php_for_cd
- image_flavour: php
- realm: cd
-
- elapsi: *php_for_cd
-
- rust_brown:
- image_flavour: rust
- realm: cd
-
- yarabokin:
- image_flavour: node
- realm: cd
-
- # Agents for CI
-
- zateki: &php_for_ci
- image_flavour: php
- realm: ci
-
- zenerre:
- <<: *php_for_ci
- version: 7.4.23
-
- tommy:
- tommy_ci:
- app_port: 24080
- host: builds.nasqueron.org
- aliases:
- - build.nasqueron.org
- jenkins_url: https://ci.nasqueron.org
- jenkins_multi_branch: True
-
- tommy_cd:
- # No host definition, as this dashboard is mounted on infra.nasqueron.org
- app_port: 24180
- jenkins_url: https://cd.nasqueron.org
-
- #
- # Infrastructure and development services
- #
-
- hound:
- hound:
- app_port: 44080
- host: code.nasqueron.org
- github_account: nasqueron
-
- cachet:
- cachet:
- app_port: 39080
- host: status.nasqueron.org
- credential: nasqueron.cachet.mysql
- app_key: nasqueron.cachet.app_key
- mysql_link: acquisitariat
-
- auth-grove:
- login:
- app_port: 25080
- host: login.nasqueron.org
- credential: nasqueron.auth-grove.mysql
- mysql_link: acquisitariat
-
- # API microservices
-
- docker-registry-api:
- api-docker-registry:
- app_port: 20080
- api_entry_point: /docker/registry
- registry_instance: registry
-
- api-datasources:
- api-datasources:
- app_port: 19080
- api_entry_point: /datasources
-
- # phpBB SaaS
- # The SaaS uses a MySQL instance, declared in the MySQL section.
-
- # Openfire
- openfire:
- openfire:
- ip: *ipv4_docker002
- app_port: 9090
- host: xmpp.nasqueron.org
-
- # Other subservices for XMPP
- # listening to their own subdomain
- aliases:
- - conference.nasqueron.org
-
- # Pixelfed
- pixelfed:
- pixelfed:
- app_port: 30080
- host: photos.nasqueron.org
- aliases:
- - photo.nasqueron.org
- links:
- mysql: acquisitariat
- redis: pixelfed_redis
- credentials:
- app_key: nasqueron.pixelfed.app_key
- mailgun: nasqueron.pixelfed.mailgun
- mysql: nasqueron.pixelfed.mysql
- app:
- title: Nasqueron Photos
- max_album_length: 16
-
- # Sentry
- # The Sentry instance uses a Redis and a PostgreSQL instance,
- # declared above.
- exim:
- sentry_smtp:
- mailname: mx.sentry.nasqueron.org
- network: sentry
-
- sentry:
- sentry_web_1:
- app_port: 26080
- host: sentry.nasqueron.org
-
- # As an instance is divided between a web, a cron and a worker
- # containers, we need an identified to share a data volume.
- realm: nasqueron
- network: sentry
-
- sentry_worker:
- sentry_worker_1:
- realm: nasqueron
- network: sentry
-
- sentry_cron:
- sentry_cron:
- realm: nasqueron
- network: sentry
-
# -------------------------------------------------------------
# Monitoring
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_containers_monitoring:
# Go to URL, check it's an HTTP 200 response
check_http_200:
acme_dns: /health
cachet: /api/v1/ping
hound: /healthz
# Test a regular URL for services without health check
api-datasources: /datasources
etherpad: /stats
hauk: /
jenkins: /login
registry: /
# Go to URL, check it's an HTTP 200 response code + "ALIVE" as content
check_http_200_alive:
auth-grove: /status
docker-registry-api: /status
notifications: /status
tommy: /status
# Same than check_http_200, but we need to query the proxy
check_http_200_proxy:
openfire: /login.jsp
pixelfed: /api/nodeinfo/2.0.json
# Same than check_http_200_alive, but we need to query the proxy
check_http_200_alive_proxy:
phabricator: /status
# -------------------------------------------------------------
# Ports listened by known applications
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
rabbitmq_ports:
- 4369 # epmd, Erlang peer discovery service used by RabbitMQ and CLI tools
- 5671 # AMQP with TLS (AMQPS)
- 5672 # AMQP
- 15672 # Management UI, HTTP API, rabbitmqadmin (management plugin port)
- 25672 # Erlang distribution server port - Federation, rabbitmqctl
# Not implemented ports, as we don't use those protocols:
#
# - 1883 # MQTT
# - 8883 # MQTT with TLS
# - 15674 # STOMP over a WebSocket connection (rabbitmq_web_stomp plugin port)
# - 15675 # MQTT over a WebSocket connection (rabbitmq_web_mqtt plugin port)
# - 15692 # Prometheus metrics (rabbitmq_prometheus plugin port)
# - 61613 # STOMP
# - 61614 # STOMP with TLS
-
-xmpp_ports:
- - 3478
- - 5222 # Client to server
- - 5223 # Client to server (Encrypted (legacy-mode) connections)
- - 5229 # Flash Cross Domain
- - 5262 # Connections managers
- - 5269 # Server to server
- - 5270 # Server to server (Encrypted (legacy-mode) connections)
- - 5275 # External components
- - 5276 # External components (Encrypted (legacy-mode) connections)
- - 7070 # HTTP binding
- - 7443 # HTTP binding with TLS
- - 7777 # File transfer proxy
- - 9090 # Web administration server
- - 9091 # Web administration server with TLS
diff --git a/pillar/paas/docker/docker-002/jenkins.sls b/pillar/paas/docker/docker-002/jenkins.sls
new file mode 100644
index 0000000..a0c9ab0
--- /dev/null
+++ b/pillar/paas/docker/docker-002/jenkins.sls
@@ -0,0 +1,82 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Jenkins
+# -------------------------------------------------------------
+
+docker_networks:
+ cd:
+ subnet: 172.18.1.0/24
+ ci:
+ subnet: 172.18.2.0/24
+
+docker_images:
+ - jenkins/jenkins
+ - nasqueron/jenkins-agent-node
+ - nasqueron/jenkins-agent-php
+ - nasqueron/jenkins-agent-php:7.4.23
+ - nasqueron/jenkins-agent-rust
+ - nasqueron/tommy
+
+docker_containers:
+
+ jenkins:
+ jenkins_cd:
+ realm: cd
+ host: cd.nasqueron.org
+ app_port: 38080
+ jnlp_port: 50000
+
+ jenkins_ci:
+ realm: ci
+ host: ci.nasqueron.org
+ app_port: 42080
+ jnlp_port: 55000
+
+ jenkins_agent:
+
+ #
+ # Agents for CD
+ #
+
+ apsile: &php_for_cd
+ image_flavour: php
+ realm: cd
+
+ elapsi: *php_for_cd
+
+ rust_brown:
+ image_flavour: rust
+ realm: cd
+
+ yarabokin:
+ image_flavour: node
+ realm: cd
+
+ #
+ # Agents for CI
+ #
+
+ zateki: &php_for_ci
+ image_flavour: php
+ realm: ci
+
+ zenerre:
+ <<: *php_for_ci
+ version: 7.4.23
+
+ tommy:
+ tommy_cd:
+ # No host definition, as this dashboard is mounted on infra.nasqueron.org
+ app_port: 24180
+ jenkins_url: https://cd.nasqueron.org
+
+ tommy_ci:
+ app_port: 24080
+ host: builds.nasqueron.org
+ aliases:
+ - build.nasqueron.org
+ jenkins_url: https://ci.nasqueron.org
+ jenkins_multi_branch: True
diff --git a/pillar/paas/docker/docker-002/main.sls b/pillar/paas/docker/docker-002/main.sls
new file mode 100644
index 0000000..05c36a3
--- /dev/null
+++ b/pillar/paas/docker/docker-002/main.sls
@@ -0,0 +1,315 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+docker_aliases:
+ - &ipv4_docker002 51.255.124.9
+ - &ipv4_docker002_restricted 172.27.27.5
+
+# -------------------------------------------------------------
+# Images
+#
+# You can append a :tag (by default, latest is used).
+#
+# It's not possible to specify Docker library images only by final name.
+# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_images:
+ - certbot/certbot
+
+ # Core services
+ - library/postgres
+ - library/redis:3.2-alpine
+ - library/registry
+ - nasqueron/mysql
+ - nasqueron/mysql:5.7
+ - nasqueron/rabbitmq
+
+ # ACME DNS server
+ - joohoi/acme-dns
+
+ # Nasqueron services
+ - nasqueron/auth-grove
+
+ # Nasqueron API microservices
+ - nasqueron/docker-registry-api
+ - nasqueron/api-datasources
+
+ # Infrastructure and development services
+ - nasqueron/aphlict
+ - nasqueron/cachet
+ - nasqueron/etherpad:production
+ - nasqueron/notifications
+ - nasqueron/phabricator
+ - ghcr.io/hound-search/hound
+
+ # Pixelfed
+ - nasqueron/pixelfed
+
+ # Hauk
+ - bilde2910/hauk
+
+# -------------------------------------------------------------
+# Docker engine configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_daemon:
+ data-root: /srv/docker
+
+# -------------------------------------------------------------
+# Containers
+#
+# The docker_containers entry allow to declare containers
+# by service. Generally a service matches an image.
+#
+# The hierarchy is so as following.
+#
+# docker_containers:
+# service codename:
+# instance name:
+# container properties
+#
+# The service codename must match a state file in
+# the roles/paas-docker/containers/ directory.
+#
+# The container will be run with the specified instance name.
+#
+# **nginx**
+#
+# The container properties can also describe the information
+# needed to configure nginx with the host and app_port key.
+#
+# In such case, a matching vhost file should be declared as
+# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_containers:
+
+ #
+ # Core services
+ #
+
+ mysql:
+ acquisitariat:
+ credentials:
+ root: nasqueron.acquisitariat.mysql
+ phpbb_db:
+ credentials:
+ root: espacewin.phpbb.mysql_root
+
+ redis:
+ pixelfed_redis: {}
+
+ registry:
+ registry:
+ host: registry.nasqueron.org
+ app_port: 5000
+ allowed_ips:
+ # Localhost
+ - 127.0.0.1
+
+ # Dwellers
+ - 172.27.27.4
+
+ # docker-002
+ - 172.27.27.5
+
+ rabbitmq:
+ white-rabbit:
+ ip: *ipv4_docker002_restricted
+ host: white-rabbit.nasqueron.org
+ app_port: 15672
+ credentials:
+ erlang_cookie: nasqueron/rabbitmq/white-rabbit/erlang-cookie
+ root: nasqueron/rabbitmq/white-rabbit/root
+
+ #
+ # Phabricator
+ #
+
+ phabricator:
+ # Nasqueron instance
+ devcentral:
+ app_port: 31080
+ host: devcentral.nasqueron.org
+ aliases:
+ - phabricator.nasqueron.org
+ blogs:
+ servers:
+ host: servers.nasqueron.org
+ aliases:
+ - server.nasqueron.org
+ - serveur.nasqueron.org
+ - serveurs.nasqueron.org
+ mailer: mailgun
+ credentials:
+ mysql: zed.phabricator.mysql
+ static_host: devcentral.nasqueron-user-content.org
+ title: Nasqueron DevCentral
+ mysql_link: acquisitariat
+ skip_container: True
+
+ # Private instance for Dereckson
+ river_sector:
+ app_port: 23080
+ host: river-sector.dereckson.be
+ static_host: river-sector.nasqueron-user-content.org
+ mailer: _
+ credentials:
+ mysql: dereckson.phabricator.mysql
+ storage:
+ namespace: river_sector
+ title: River Sector
+ mysql_link: acquisitariat
+
+ # Wolfplex instance
+ wolfplex_phab:
+ app_port: 35080
+ host: phabricator.wolfplex.org
+ aliases:
+ - phabricator.wolfplex.be
+ static_host: wolfplex.phabricator.nasqueron-user-content.org
+ mailer: mailgun
+ credentials:
+ mailgun: wolfplex.phabricator.mailgun
+ mysql: wolfplex.phabricator.mysql
+ storage:
+ namespace: wolfphab
+ title: Wolfplex Phabricator
+ mysql_link: acquisitariat
+
+ # Zed instance
+ zed_code:
+ app_port: 36080
+ host: code.zed.dereckson.be
+ static_host: zed.phabricator.nasqueron-user-content.org
+ mailer: sendgrid
+ credentials:
+ mysql: zed.phabricator.mysql
+ sendgrid: zed.phabricator.sendgrid
+ storage:
+ namespace: zedphab
+ title: Zed
+ mysql_link: acquisitariat
+
+ aphlict:
+ aphlict:
+ ports:
+ client: 22280
+ admin: 22281
+
+ #
+ # Notifications center
+ #
+
+ notifications:
+ notifications:
+ host: notifications.nasqueron.org
+ app_port: 37080
+ broker_link: white-rabbit
+ credentials:
+ broker: nasqueron.notifications.broker
+ mailgun: nasqueron.notifications.mailgun
+ sentry:
+ realm: nasqueron
+ project_id: 2
+ credential: nasqueron.notifications.sentry
+
+ #
+ # Community and development services
+ #
+
+ etherpad:
+ pad:
+ app_port: 34080
+ host: pad.nasqueron.org
+ aliases:
+ - pad.wolfplex.org
+ - pad.wolfplex.be
+ credential: nasqueron.etherpad.api
+ mysql_link: acquisitariat
+
+ # Hauk
+ hauk:
+ hauk:
+ app_port: 43080
+ host: geo.nasqueron.org
+ api_entry_point: /hauk
+
+ #
+ # Let's Encrypt
+ #
+
+ acme_dns:
+ acme:
+ ip: *ipv4_docker002
+ app_port: 41080
+ host: acme.nasqueron.org
+ nsadmin: ops.nasqueron.org
+
+ #
+ # CI and CD
+ #
+
+ #
+ # Infrastructure and development services
+ #
+
+ hound:
+ hound:
+ app_port: 44080
+ host: code.nasqueron.org
+ github_account: nasqueron
+
+ cachet:
+ cachet:
+ app_port: 39080
+ host: status.nasqueron.org
+ credential: nasqueron.cachet.mysql
+ app_key: nasqueron.cachet.app_key
+ mysql_link: acquisitariat
+
+ auth-grove:
+ login:
+ app_port: 25080
+ host: login.nasqueron.org
+ credential: nasqueron.auth-grove.mysql
+ mysql_link: acquisitariat
+
+ # API microservices
+
+ docker-registry-api:
+ api-docker-registry:
+ app_port: 20080
+ api_entry_point: /docker/registry
+ registry_instance: registry
+
+ api-datasources:
+ api-datasources:
+ app_port: 19080
+ api_entry_point: /datasources
+
+ # phpBB SaaS
+ # The SaaS uses a MySQL instance, declared in the MySQL section.
+
+ # Pixelfed
+ pixelfed:
+ pixelfed:
+ app_port: 30080
+ host: photos.nasqueron.org
+ aliases:
+ - photo.nasqueron.org
+ links:
+ mysql: acquisitariat
+ redis: pixelfed_redis
+ credentials:
+ app_key: nasqueron.pixelfed.app_key
+ mailgun: nasqueron.pixelfed.mailgun
+ mysql: nasqueron.pixelfed.mysql
+ app:
+ title: Nasqueron Photos
+ max_album_length: 16
diff --git a/pillar/paas/docker/docker-002/openfire.sls b/pillar/paas/docker/docker-002/openfire.sls
new file mode 100644
index 0000000..5a2157e
--- /dev/null
+++ b/pillar/paas/docker/docker-002/openfire.sls
@@ -0,0 +1,47 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Openfire XMPP server
+# -------------------------------------------------------------
+
+docker_aliases:
+ - &ipv4_docker002 51.255.124.9
+ - &ipv4_docker002_restricted 172.27.27.5
+
+docker_images:
+ - nasqueron/openfire
+
+docker_containers:
+ # Openfire
+ openfire:
+ openfire:
+ ip: *ipv4_docker002
+ app_port: 9090
+ host: xmpp.nasqueron.org
+
+ # Other subservices for XMPP
+ # listening to their own subdomain
+ aliases:
+ - conference.nasqueron.org
+
+ # -------------------------------------------------------------
+ # Ports listened
+ # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+xmpp_ports:
+ - 3478 # VoIP STUN (Session Traversal Utilities for NAT)
+ - 5222 # Client to server
+ - 5223 # Client to server (Encrypted (legacy-mode) connections)
+ - 5229 # Flash Cross Domain
+ - 5262 # Connections managers
+ - 5269 # Server to server
+ - 5270 # Server to server (Encrypted (legacy-mode) connections)
+ - 5275 # External components
+ - 5276 # External components (Encrypted (legacy-mode) connections)
+ - 7070 # HTTP binding
+ - 7443 # HTTP binding with TLS
+ - 7777 # File transfer proxy
+ - 9090 # Web administration server
+ - 9091 # Web administration server with TLS
diff --git a/pillar/paas/docker/docker-002/sentry.sls b/pillar/paas/docker/docker-002/sentry.sls
new file mode 100644
index 0000000..bfff949
--- /dev/null
+++ b/pillar/paas/docker/docker-002/sentry.sls
@@ -0,0 +1,65 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Service: Sentry
+# -------------------------------------------------------------
+
+docker_networks:
+ sentry:
+ subnet: 172.18.3.0/24
+
+docker_images:
+ - library/postgres
+ - library/redis:3.2-alpine
+ - library/sentry
+ - tianon/exim4
+
+docker_containers:
+
+ #
+ # Core services used by Sentry
+ #
+
+ exim:
+ sentry_smtp:
+ mailname: mx.sentry.nasqueron.org
+ network: sentry
+
+ memcached:
+ sentry_memcached:
+ version: 1.6.9-alpine
+ network: sentry
+
+ redis:
+ sentry_redis:
+ network: sentry
+
+ postgresql:
+ sentry_db:
+ credential: nasqueron.sentry.postgresql
+
+ #
+ # Services maintained by Sentry
+ #
+
+ sentry:
+ sentry_web_1:
+ app_port: 26080
+ host: sentry.nasqueron.org
+
+ # As an instance is divided between a web, a cron and a worker
+ # containers, we need an identified to share a data volume.
+ realm: nasqueron
+ network: sentry
+
+ sentry_worker:
+ sentry_worker_1:
+ realm: nasqueron
+ network: sentry
+
+ sentry_cron:
+ sentry_cron:
+ realm: nasqueron
+ network: sentry
diff --git a/pillar/paas/docker/dwellers/main.sls b/pillar/paas/docker/dwellers/main.sls
new file mode 100644
index 0000000..5e95d8c
--- /dev/null
+++ b/pillar/paas/docker/dwellers/main.sls
@@ -0,0 +1,127 @@
+# -------------------------------------------------------------
+# Salt — Provision Docker engine
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Images
+#
+# You can append a :tag (by default, latest is used).
+#
+# It's not possible to specify Docker library images only by final name.
+# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_images:
+ - certbot/certbot
+
+ # Core service
+ - nasqueron/mysql:5.7
+
+ # Continuous deployment jobs
+ - jenkins/jenkins
+ - nasqueron/jenkins-agent-php
+
+# -------------------------------------------------------------
+# Networks
+#
+# Containers can be grouped by network, instead to use links.
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_networks:
+ bugzilla:
+ subnet: 172.21.3.0/24
+ jenkinsTest:
+ subnet: 172.21.5.0/24
+
+# -------------------------------------------------------------
+# Docker engine configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_daemon:
+ data-root: /srv/docker
+ group: nasqueron-dev-docker
+
+# -------------------------------------------------------------
+# Containers
+#
+# The docker_containers entry allow to declare
+# containers by image by servers
+#
+# The hierarchy is so as following.
+#
+# docker_containers:
+# service codename:
+# instance name:
+# container properties
+#
+# The service codename must match a state file in
+# the roles/paas-docker/containers/ directory.
+#
+# The container will be run with the specified instance name.
+#
+# **nginx**
+#
+# The container properties can also describe the information
+# needed to configure nginx with the host and app_port key.
+#
+# In such case, a matching vhost file should be declared as
+# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+docker_containers:
+
+ #
+ # Core services
+ #
+
+ mysql:
+ bugzilla_db:
+ network: bugzilla
+ version: 5.7
+ credentials:
+ root: espacewin.bugzilla.mysql_root
+
+ #
+ # Bugzilla
+ #
+
+ bugzilla:
+ ew_bugzilla:
+ host: bugzilla.espace-win.org
+ app_port: 33080
+ network: bugzilla
+ mysql:
+ host: bugzilla_db
+ db: EspaceWin_Bugs
+ credential: espacewin.bugzilla.mysql
+
+ #
+ # Jenkins
+ #
+
+ jenkins:
+ jenkins_test:
+ realm: test
+ host: jenkins.test.nasqueron.org
+ app_port: 47080
+ jnlp_port: 52000
+
+ jenkins_agent:
+ zosso:
+ image_flavour: php
+ realm: test
+
+ #
+ # Mastodon
+ #
+
+ # Mastodon is currently deployed manually through docker-compose
+ # and not yet integrated to the platform. This declaration is
+ # currently only used for extra utilities deployment.
+
+ mastodon_sidekiq:
+ mastodon_sidekiq_1:
+ realm: nasqueron
diff --git a/roles/paas-docker/containers/init.sls b/pillar/tower.sls
similarity index 52%
copy from roles/paas-docker/containers/init.sls
copy to pillar/tower.sls
index 2f1b045..c60573e 100644
--- a/roles/paas-docker/containers/init.sls
+++ b/pillar/tower.sls
@@ -1,18 +1,12 @@
# -------------------------------------------------------------
-# Salt — Provision Docker engine
+# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
-# Created: 2018-03-11
# License: Trivial work, not eligible to copyright
+# Description: External pillar to configure pillar stanza
+# by pillar, grain or option value
+# Reference: https://github.com/jgraichen/salt-tower
# -------------------------------------------------------------
-{% set services = salt['node.filter_by_name']('docker_containers') %}
-
-{% if services %}
-
-include:
-{% for service in services %}
- - .{{ service }}
-{% endfor %}
-
-{% endif %}
+base:
+ - paas/docker/{{ minion_id }}/*.sls
diff --git a/roles/paas-docker/containers/acme_dns.sls b/roles/paas-docker/containers/acme_dns.sls
index bec1cf9..0e1fbd3 100644
--- a/roles/paas-docker/containers/acme_dns.sls
+++ b/roles/paas-docker/containers/acme_dns.sls
@@ -1,73 +1,72 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2020-02-04
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['acme_dns'].items() %}
+{% for instance, container in pillar['docker_containers']['acme_dns'].items() %}
# -------------------------------------------------------------
# Storage directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/{{ instance }}:
file.directory:
- makedirs: True
/srv/{{ instance }}/etc:
file.directory
/srv/{{ instance }}/lib:
file.directory
{% if has_selinux %}
selinux_context_acme_dns_data:
selinux.fcontext_policy_present:
- name: /srv/{{ instance }}
- sel_type: container_file_t
selinux_context_acme_dns_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/{{ instance }}
{% endif %}
# -------------------------------------------------------------
# Configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/{{ instance }}/etc/config.cfg:
file.managed:
- source: salt://roles/paas-docker/containers/files/acme/config.cfg
- template: jinja
- context:
ip: {{ container['ip'] }}
domain: {{ container['host'] }}
nsadmin: {{ container['nsadmin'] }}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: joohoi/acme-dns
- binds:
- /srv/{{ instance }}/etc:/etc/acme-dns:ro
- /srv/{{ instance }}/lib:/var/lib/acme-dns
- ports:
- 53
- 53/udp
- 80
- port_bindings:
- 53:53
- 53:53/udp
- 127.0.0.1:{{ container['app_port'] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/aphlict.sls b/roles/paas-docker/containers/aphlict.sls
index b00eab0..4c59be9 100644
--- a/roles/paas-docker/containers/aphlict.sls
+++ b/roles/paas-docker/containers/aphlict.sls
@@ -1,33 +1,31 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-09-07
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['aphlict'].items() %}
+{% for instance, container in pillar['docker_containers']['aphlict'].items() %}
# -------------------------------------------------------------
# Container
#
# Image: nasqueron/aphlict
# Description: Node application to get real time notifications
# through websockets for Phabricator instances.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/aphlict
- ports:
- 22280
- 22281
- port_bindings:
- {{ container['ports']['client'] }}:22280
- {{ container['ports']['admin'] }}:22281
{% endfor %}
diff --git a/roles/paas-docker/containers/api-datasources.sls b/roles/paas-docker/containers/api-datasources.sls
index 450a985..a312713 100644
--- a/roles/paas-docker/containers/api-datasources.sls
+++ b/roles/paas-docker/containers/api-datasources.sls
@@ -1,29 +1,27 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2020-06-02
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['api-datasources'].items() %}
+{% for instance, container in pillar['docker_containers']['api-datasources'].items() %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/api-datasources
- env:
- API_ENTRY_POINT: {{ container['api_entry_point'] }}
- ports:
- 80
- port_bindings:
- {{ container['app_port'] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/auth-grove.sls b/roles/paas-docker/containers/auth-grove.sls
index d9a991e..3085ceb 100644
--- a/roles/paas-docker/containers/auth-grove.sls
+++ b/roles/paas-docker/containers/auth-grove.sls
@@ -1,65 +1,64 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-05-21
# License: Trivial work, not eligible to copyright
# Description: SSO for Nasqueron services.
# Image: nasqueron/auth-grove
# Services used: MySQL server (acquisitariat)
# Docker volume (/data/login/storage)
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['auth-grove'].items() %}
+{% for instance, container in pillar['docker_containers']['auth-grove'].items() %}
# -------------------------------------------------------------
# Data directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/{{ instance }}/storage:
file.directory:
- user: 431
- group: 433
- makedirs: True
{% if has_selinux %}
selinux_context_{{ instance }}_data:
selinux.fcontext_policy_present:
- name: /srv/{{ instance }}/storage
- sel_type: container_file_t
selinux_context_{{ instance }}_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/{{ instance }}/storage
{% endif %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/auth-grove
- links: {{ container['mysql_link'] }}:mysql
- environment:
- DB_DRIVER: mysql
- DB_HOST: mysql
- DB_PORT: 3306
- DB_DATABASE: {{ instance }}
- DB_USERNAME: {{ salt['credentials.get_username'](container['credential']) }}
- DB_PASSWORD: {{ salt['credentials.get_password'](container['credential']) }}
- CANONICAL_URL: https://{{ container['host'] }}
- TRUST_ALL_PROXIES: 1
- binds: /srv/{{ instance }}/storage:/var/wwwroot/default/storage
- ports:
- 80
- port_bindings:
- 127.0.0.1:{{ container['app_port'] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/bugzilla.sls b/roles/paas-docker/containers/bugzilla.sls
index 808c8a3..7b21fe9 100644
--- a/roles/paas-docker/containers/bugzilla.sls
+++ b/roles/paas-docker/containers/bugzilla.sls
@@ -1,35 +1,33 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-10-07
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['bugzilla'].items() %}
+{% for instance, container in pillar['docker_containers']['bugzilla'].items() %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/bugzilla
- networks:
- {{ container['network'] }}
- environment:
DB_HOST: {{ container['mysql']['host'] }}
DB_DATABASE: {{ container['mysql']['db'] }}
DB_USER: {{ salt['credentials.get_username'](container['credential']) }}
DB_PASSWORD: {{ salt['credentials.get_password'](container['credential']) }}
BUGZILLA_URL: https://{{ container['host'] }}/
- ports:
- 80
- port_bindings:
- {{ container['app_port'] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/cachet.sls b/roles/paas-docker/containers/cachet.sls
index 20ccb3c..fc4edc8 100644
--- a/roles/paas-docker/containers/cachet.sls
+++ b/roles/paas-docker/containers/cachet.sls
@@ -1,43 +1,41 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-12-15
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['cachet'].items() %}
+{% for instance, container in pillar['docker_containers']['cachet'].items() %}
# -------------------------------------------------------------
# Container
#
# Image: dereckson/cachet
# Description: PHP application to offer server status
# information
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/cachet:latest
- links: {{ container['mysql_link'] }}:mysql
- environment:
- DB_DRIVER: mysql
- DB_HOST: mysql
- DB_PORT: 3306
- DB_DATABASE: cachet
- DB_USERNAME: {{ salt['credentials.get_username'](container['credential']) }}
- DB_PASSWORD: {{ salt['credentials.get_password'](container['credential']) }}
- APP_KEY: {{ salt['credentials.get_token'](container['app_key']) }}
- APP_LOG: errorlog
- APP_DEBUG: "false"
- ports:
- 8000
- port_bindings:
- {{ container['app_port'] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/docker-registry-api.sls b/roles/paas-docker/containers/docker-registry-api.sls
index 56c5210..459ae3c 100644
--- a/roles/paas-docker/containers/docker-registry-api.sls
+++ b/roles/paas-docker/containers/docker-registry-api.sls
@@ -1,29 +1,28 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-09-18
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['docker-registry-api'].items() %}
+{% for instance, container in pillar['docker_containers']['docker-registry-api'].items() %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/docker-registry-api
- binds: /srv/{{ container['registry_instance'] }}:/var/lib/registry
- ports:
- 8000
- port_bindings:
- {{ container['app_port'] }}:8000
{% endfor %}
diff --git a/roles/paas-docker/containers/etherpad.sls b/roles/paas-docker/containers/etherpad.sls
index 567173b..3351bde 100644
--- a/roles/paas-docker/containers/etherpad.sls
+++ b/roles/paas-docker/containers/etherpad.sls
@@ -1,72 +1,71 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-06-18
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['etherpad'].items() %}
+{% for instance, container in pillar['docker_containers']['etherpad'].items() %}
# -------------------------------------------------------------
# Storage directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/{{ instance }}:
file.directory:
- user: 9001
- makedirs: True
{% if has_selinux %}
selinux_context_{{ instance }}_data:
selinux.fcontext_policy_present:
- name: /srv/{{ instance }}
- sel_type: container_file_t
selinux_context_{{ instance }}_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/{{ instance }}
{% endif %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/etherpad:production
- links: {{ container['mysql_link'] }}:mysql
- binds: /srv/{{ instance }}/var:/opt/etherpad-lite/var
- ports:
- 9001
- port_bindings:
- {{ container['app_port'] }}:9001
# -------------------------------------------------------------
# API key
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% set api_key_path = "/srv/" + instance + "/APIKEY.txt" %}
{{ api_key_path }}:
file.managed:
- mode: 400
- user: 9001
- show_changes: False
- contents: {{ salt['credentials.get_token'](container['credential']) }}
deploy_api_key_{{ instance }}:
cmd.run:
- name: |
docker cp {{ api_key_path }} {{ instance }}:opt/etherpad-lite/APIKEY.txt
docker restart {{ instance }}
- onchanges:
- docker_container: {{ instance }}
- file: {{ api_key_path }}
{% endfor %}
diff --git a/roles/paas-docker/containers/exim.sls b/roles/paas-docker/containers/exim.sls
index 18140d3..24fa014 100644
--- a/roles/paas-docker/containers/exim.sls
+++ b/roles/paas-docker/containers/exim.sls
@@ -1,73 +1,72 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-11-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['exim'].items() %}
+{% for instance, container in pillar['docker_containers']['exim'].items() %}
# -------------------------------------------------------------
# Data directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/exim/{{ instance }}:
file.directory:
- user: 999
- group: 999
- makedirs: True
{% for subdir in ['spool', 'log'] %}
/srv/exim/{{ instance }}/{{ subdir }}:
file.directory:
- user: 999
- group: 999
{% endfor %}
{% if 'mailname' in container %}
/srv/exim/{{ instance }}/mailname:
file.managed:
- contents: {{ container['mailname'] }}
{% endif %}
{% if has_selinux %}
selinux_context_{{ instance }}_exim_data:
selinux.fcontext_policy_present:
- name: /srv/exim/{{ instance }}
- sel_type: container_file_t
selinux_context_{{ instance }}_exim_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/exim/{{ instance }}
{% endif %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: tianon/exim4
- binds:
{% if 'mailname' in container %}
- /srv/exim/{{ instance }}/mailname:/etc/mailname:ro
{% endif %}
- /srv/exim/{{ instance }}/spool:/var/spool/exim4
- /srv/exim/{{ instance }}/log:/var/log/exim4
{% if 'host' in container %}
- hostname: {{ container['mailname'] }}
{% endif %}
{% if 'network' in container %}
- networks:
- {{ container['network'] }}
{% endif %}
{% endfor %}
diff --git a/roles/paas-docker/containers/hauk.sls b/roles/paas-docker/containers/hauk.sls
index c05d119..a4f3ed2 100644
--- a/roles/paas-docker/containers/hauk.sls
+++ b/roles/paas-docker/containers/hauk.sls
@@ -1,62 +1,61 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2021-07-30
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['hauk'].items() %}
+{% for instance, container in pillar['docker_containers']['hauk'].items() %}
# -------------------------------------------------------------
# Storage directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/hauk/{{ instance }}:
file.directory:
- user: 9001
- makedirs: True
/srv/hauk/{{ instance }}/config.php:
file.managed:
- source: salt:///roles/paas-docker/containers/files/hauk/config.php.jinja
- template: jinja
- mode: 644
- context:
url: https://{{ container['host'] }}{{ container['api_entry_point'] }}/
{% if has_selinux %}
selinux_context_{{ instance }}_data:
selinux.fcontext_policy_present:
- name: /srv/hauk/{{ instance }}
- sel_type: container_file_t
selinux_context_{{ instance }}_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/hauk/{{ instance }}
{% endif %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: bilde2910/hauk
- binds: /srv/hauk/{{ instance }}:/etc/hauk
- ports:
- 80
- port_bindings:
- {{ container['app_port'] }}:80
# Prevent the container from using swap
# Privacy: data is so only stored on RAM, not on disk
- mem_limit: 256m
- memswap_limit: 256m
{% endfor %}
diff --git a/roles/paas-docker/containers/hound.sls b/roles/paas-docker/containers/hound.sls
index 6c6ef0d..c127813 100644
--- a/roles/paas-docker/containers/hound.sls
+++ b/roles/paas-docker/containers/hound.sls
@@ -1,75 +1,73 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
# -------------------------------------------------------------
# Configuration provider
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/usr/local/bin/hound-generate-config:
file.managed:
- source: salt://roles/paas-docker/containers/files/hound/generate-config.py
- mode: 755
-{% for instance, container in containers['hound'].items() %}
+{% for instance, container in pillar['docker_containers']['hound'].items() %}
# -------------------------------------------------------------
# Home directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/hound/{{ instance }}:
file.directory:
- makedirs: True
{% if has_selinux %}
selinux_context_{{ instance }}_data:
selinux.fcontext_policy_present:
- name: /srv/hound/{{ instance }}
- sel_type: container_file_t
selinux_context_{{ instance }}_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/hound/{{ instance }}
{% endif %}
# -------------------------------------------------------------
# Configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% set repos_path = "/srv/hound/" + instance + "/repos.txt" %}
{% set config_path = "/srv/hound/" + instance + "/config.json" %}
hound_{{ instance }}_repositories:
cmd.run:
- name: docker run --rm nasqueron/devtools github/list-repositories.py {{ container['github_account'] }} -b > {{ repos_path }}
- creates: {{ repos_path }}
hound_{{ instance }}_config:
cmd.run:
- name: hound-generate-config {{ container['github_account'] }} < {{ repos_path }} > {{ config_path }}
- creates: {{ config_path }}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: ghcr.io/hound-search/hound
- binds: /srv/hound/{{ instance }}:/data
- ports:
- 6080
- port_bindings:
- {{ container['app_port'] }}:6080
{% endfor %}
diff --git a/roles/paas-docker/containers/init.sls b/roles/paas-docker/containers/init.sls
index 2f1b045..7042803 100644
--- a/roles/paas-docker/containers/init.sls
+++ b/roles/paas-docker/containers/init.sls
@@ -1,18 +1,18 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-11
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set services = salt['node.filter_by_name']('docker_containers') %}
+{% set services = pillar.get('docker_containers', {}) %}
{% if services %}
include:
{% for service in services %}
- .{{ service }}
{% endfor %}
{% endif %}
diff --git a/roles/paas-docker/containers/jenkins.sls b/roles/paas-docker/containers/jenkins.sls
index ad3f483..89cfb69 100644
--- a/roles/paas-docker/containers/jenkins.sls
+++ b/roles/paas-docker/containers/jenkins.sls
@@ -1,57 +1,56 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-11
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['jenkins'].items() %}
+{% for instance, container in pillar['docker_containers']['jenkins'].items() %}
{% set realm = pillar['jenkins_realms'][container['realm']] %}
{% set home = "/srv/jenkins/" + container['realm'] + "/jenkins_home" %}
# -------------------------------------------------------------
# Home directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ home }}:
file.directory:
- user: 1000
- group: 1000
- makedirs: True
{% if has_selinux %}
selinux_context_jenkins_home_{{ instance }}:
selinux.fcontext_policy_present:
- name: {{ home }}
- sel_type: container_file_t
selinux_context_jenkins_home_applied_{{ instance }}:
selinux.fcontext_policy_applied:
- name: {{ home }}
{% endif %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: jenkins/jenkins
- binds: {{ home }}:/var/jenkins_home
- networks:
- {{ realm['network'] }}
- ports:
- 8080
- 50000
- port_bindings:
- {{ container['app_port'] }}:8080 # HTTP
- {{ container['jnlp_port'] }}:50000 # Jenkins controller's port for JNLP-based Jenkins agents
{% endfor %}
diff --git a/roles/paas-docker/containers/jenkins_agent.sls b/roles/paas-docker/containers/jenkins_agent.sls
index 72d6bfb..85b941f 100644
--- a/roles/paas-docker/containers/jenkins_agent.sls
+++ b/roles/paas-docker/containers/jenkins_agent.sls
@@ -1,64 +1,63 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-16
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['jenkins_agent'].items() %}
+{% for instance, container in pillar['docker_containers']['jenkins_agent'].items() %}
{% set realm = pillar['jenkins_realms'][container['realm']] %}
{% set home = "/srv/jenkins/" + container['realm'] + "/agents_homes/" + instance %}
{% set image = pillar['jenkins_images'][container['image_flavour']] %}
{% set image = salt['paas_docker.get_image'](image, container) %}
# -------------------------------------------------------------
# Home directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ home }}:
file.directory:
- user: 431
- group: 433
- makedirs: True
{% if has_selinux %}
selinux_context_jenkins_agent_{{ instance }}_home:
selinux.fcontext_policy_present:
- name: {{ home }}
- sel_type: container_file_t
selinux_context_jenkins_agent_{{ instance }}_home_applied:
selinux.fcontext_policy_applied:
- name: {{ home }}
{% endif %}
{{ home }}/.ssh:
file.directory:
- user: 431
- group: 433
{{ home }}/.ssh/authorized_keys:
file.managed:
- contents: {{ realm['ssh_key'] }}
- user: 431
- group: 433
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: {{ image }}
- binds: {{ home }}:/home/app
- networks:
- {{ realm['network'] }}
{% endfor %}
diff --git a/roles/paas-docker/containers/mastodon_sidekiq.sls b/roles/paas-docker/containers/mastodon_sidekiq.sls
index 6828a29..0450fe9 100644
--- a/roles/paas-docker/containers/mastodon_sidekiq.sls
+++ b/roles/paas-docker/containers/mastodon_sidekiq.sls
@@ -1,36 +1,34 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-12-08
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
# -------------------------------------------------------------
# Extra utilities
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/mastodon/extra_utilities:
file.directory:
- makedirs: True
/srv/mastodon/extra_utilities/clear-video-queue:
file.managed:
- source: salt://roles/paas-docker/containers/files/mastodon/clear-video-queue.py
- mode: 755
# -------------------------------------------------------------
# Provision extra utilities
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance in containers['mastodon_sidekiq'] %}
+{% for instance in pillar['docker_containers']['mastodon_sidekiq'] %}
provision_clear_video_queue_{{ instance }}:
cmd.run:
- name: docker cp /srv/mastodon/extra_utilities/clear-video-queue {{ instance }}:/usr/bin/clear-video-queue
- require:
- file: /srv/mastodon/extra_utilities/clear-video-queue
{% endfor %}
diff --git a/roles/paas-docker/containers/memcached.sls b/roles/paas-docker/containers/memcached.sls
index 8fadf34..f89ca98 100644
--- a/roles/paas-docker/containers/memcached.sls
+++ b/roles/paas-docker/containers/memcached.sls
@@ -1,33 +1,32 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['memcached'].items() %}
+{% for instance, container in pillar['docker_containers']['memcached'].items() %}
{% set image = salt['paas_docker.get_image']("memcached", container) %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: {{ image }}
- healthcheck:
Test:
- CMD-SHELL
- echo stats | nc 127.0.0.1 11211
Interval: 30000000000
{% if 'network' in container %}
- networks:
- {{ container['network'] }}
{% endif %}
{% endfor %}
diff --git a/roles/paas-docker/containers/mysql.sls b/roles/paas-docker/containers/mysql.sls
index 15ae9d9..2ee635f 100644
--- a/roles/paas-docker/containers/mysql.sls
+++ b/roles/paas-docker/containers/mysql.sls
@@ -1,54 +1,53 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-27
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['mysql'].items() %}
+{% for instance, container in pillar['docker_containers']['mysql'].items() %}
{% set image = salt['paas_docker.get_image']("nasqueron/mysql", container) %}
# -------------------------------------------------------------
# Home directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/{{ instance }}/mysql:
file.directory:
- user: 999
- group: 999
- makedirs: True
{% if has_selinux %}
selinux_context_{{ instance }}_mysql_data:
selinux.fcontext_policy_present:
- name: /srv/{{ instance }}/mysql
- sel_type: container_file_t
selinux_context_{{ instance }}_mysql_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/{{ instance }}/mysql
{% endif %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: {{ image }}
- binds: /srv/{{ instance }}/mysql:/var/lib/mysql
- environment:
MYSQL_ROOT_PASSWORD: {{ salt['credentials.get_password'](container['credentials']['root']) }}
{% if 'network' in container %}
- networks:
- {{ container['network'] }}
{% endif %}
- cap_add:
- SYS_NICE # T1672
{% endfor %}
diff --git a/roles/paas-docker/containers/notifications.sls b/roles/paas-docker/containers/notifications.sls
index 559a99b..07d66d6 100644
--- a/roles/paas-docker/containers/notifications.sls
+++ b/roles/paas-docker/containers/notifications.sls
@@ -1,87 +1,86 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-01-23
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['notifications'].items() %}
+{% for instance, container in pillar['docker_containers']['notifications'].items() %}
# -------------------------------------------------------------
# Storage directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/{{ instance }}/storage:
file.directory:
- user: 431
- group: 433
- makedirs: True
/srv/{{ instance }}/storage/app/credentials.json:
file.managed:
- user: 431
- group: 433
- makedirs: True
- show_changes: False
- contents: |
{{ salt['notifications.get_credentials']() | json }}
{% for folder, configs in salt['pillar.get']("notifications_configuration", {}).items() %}
{% for config_file, config in configs.items() %}
/srv/{{ instance }}/storage/app/{{ folder }}/{{ config_file }}.json:
file.managed:
- user: 431
- group: 433
- makedirs: True
- contents: |
{{ config | json }}
{% endfor %}
{% endfor %}
{% if has_selinux %}
selinux_context_notifications_data_{{ instance }}:
selinux.fcontext_policy_present:
- name: /srv/{{ instance }}/storage
- sel_type: container_file_t
selinux_context_notifications_data_applied_{{ instance }}:
selinux.fcontext_policy_applied:
- name: /srv/{{ instance }}/storage
{% endif %}
# -------------------------------------------------------------
# Container
#
# Image: nasqueron/notifications
# Description: Listen to webhooks, fire notifications to
# the broker. Used for CI / IRC notifications.
# Services used: RabbitMQ broker (white-rabbit)
# Docker volume (/srv/notifications/storage)
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/notifications
- binds: /srv/{{ instance }}/storage:/var/wwwroot/default/storage
- links:
- {{ container['broker_link'] }}:mq
- environment:
- BROKER_HOST: mq
- BROKER_USERNAME: {{ salt['credentials.get_username'](container['credentials']['broker']) }}
- BROKER_PASSWORD: {{ salt['credentials.get_password'](container['credentials']['broker']) }}
- BROKER_VHOST: dev
- MAILGUN_DOMAIN: {{ salt['credentials.get_username'](container['credentials']['mailgun']) }}
- MAILGUN_APIKEY: {{ salt['credentials.get_password'](container['credentials']['mailgun']) }}
- ports:
- 80
- port_bindings:
- {{ container['app_port'] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/openfire.sls b/roles/paas-docker/containers/openfire.sls
index 6e56906..bd649ae 100644
--- a/roles/paas-docker/containers/openfire.sls
+++ b/roles/paas-docker/containers/openfire.sls
@@ -1,62 +1,61 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-06-18
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['openfire'].items() %}
+{% for instance, container in pillar['docker_containers']['openfire'].items() %}
# -------------------------------------------------------------
# Storage directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/{{ instance }}:
file.directory:
- user: 999
- group: 999
- makedirs: True
{% if has_selinux %}
selinux_context_openfire_data:
selinux.fcontext_policy_present:
- name: /srv/{{ instance }}
- sel_type: container_file_t
selinux_context_openfire_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/{{ instance }}
{% endif %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/openfire
- binds: /srv/{{ instance }}:/var/lib/openfire
- hostname: {{ container['host'] }}
- ports: {{ pillar['xmpp_ports'] }}
- port_bindings:
{% for port in pillar['xmpp_ports'] %}
- {{ container['ip'] }}:{{ port }}:{{ port }}
{% endfor %}
# -------------------------------------------------------------
# Certificate propagation
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/letsencrypt/etc/renewal/{{ container['host'] }}.conf:
file.append:
- text:
- "# Propagate certificates to Openfire container"
- post-hook = openfire propagate-certificate {{ instance }} {{ container['host'] }}
{% endfor %}
diff --git a/roles/paas-docker/containers/phabricator.sls b/roles/paas-docker/containers/phabricator.sls
index 5541b3a..f2e8293 100644
--- a/roles/paas-docker/containers/phabricator.sls
+++ b/roles/paas-docker/containers/phabricator.sls
@@ -1,83 +1,82 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-09-06
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['phabricator'].items() %}
+{% for instance, container in pillar['docker_containers']['phabricator'].items() %}
{% set create_container = "skip_container" not in container or not container['skip_container'] %}
# -------------------------------------------------------------
# Storage directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/phabricator/{{ instance }}:
file.directory:
- user: 431
- group: 433
- makedirs: True
{% if has_selinux %}
selinux_context_{{ instance }}_data:
selinux.fcontext_policy_present:
- name: /srv/phabricator/{{ instance }}
- sel_type: container_file_t
selinux_context_{{ instance }}_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/phabricator/{{ instance }}
{% endif %}
# -------------------------------------------------------------
# Container
#
# /!\ DEVCENTRAL DEPLOYMENT ISSUE /!\
#
# The DevCentral container is currently not managed
# by a reproducible Dockerfile. As such, this container
# is deployed manually from the registry. See T1547.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if create_container %}
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/phabricator
- binds:
- /srv/phabricator/{{ instance }}/conf:/opt/phabricator/conf
- /srv/phabricator/{{ instance }}/repo:/var/repo
- environment:
PHABRICATOR_URL: https://{{ container['host'] }}
PHABRICATOR_TITLE: {{ container['title'] }}
PHABRICATOR_DOMAIN: {{ container['host'] }}
PHABRICATOR_ALT_FILE_DOMAIN: https://{{ container['static_host'] }}
DB_USER: {{ salt['credentials.get_username'](container['credentials']['mysql']) }}
DB_PASS: {{ salt['credentials.get_password'](container['credentials']['mysql']) }}
PHABRICATOR_STORAGE_NAMESPACE: {{ container['storage']['namespace'] }}
{% if container['mailer'] == 'sendgrid' %}
PHABRICATOR_USE_SENDGRID: 1
PHABRICATOR_SENDGRID_APIUSER: {{ salt['credentials.get_username'](container['credentials']['sendgrid']) }}
PHABRICATOR_SENDGRID_APIKEY: {{ salt['credentials.get_password'](container['credentials']['sendgrid']) }}
{% elif container['mailer'] == 'mailgun' %}
PHABRICATOR_USE_MAILGUN: 1
PHABRICATOR_MAILGUN_APIKEY: {{ salt['credentials.get_token'](container['credentials']['mailgun']) }}
{% endif %}
- links: {{ container['mysql_link'] }}:mysql
- ports:
- 80
- port_bindings:
- {{ container['app_port'] }}:80
{% endif %}
{% endfor %}
diff --git a/roles/paas-docker/containers/pixelfed.sls b/roles/paas-docker/containers/pixelfed.sls
index aee0b53..f9730b1 100644
--- a/roles/paas-docker/containers/pixelfed.sls
+++ b/roles/paas-docker/containers/pixelfed.sls
@@ -1,100 +1,99 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-11-12
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['pixelfed'].items() %}
+{% for instance, container in pillar['docker_containers']['pixelfed'].items() %}
# -------------------------------------------------------------
# Data directory
#
# The uid/gid pair depends of the image base:
#
# - library/php + fpm: 82:85
# - library/php + Apache: 33:33
# - nasqueron/nginx-php7-fpm: 431:433
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/{{ instance }}/storage:
file.directory:
- user: 431
- group: 433
- makedirs: True
{% if has_selinux %}
selinux_context_{{ instance }}_data:
selinux.fcontext_policy_present:
- name: /srv/{{ instance }}/storage
- sel_type: container_file_t
selinux_context_{{ instance }}_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/{{ instance }}/storage
{% endif %}
# -------------------------------------------------------------
# Web container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/pixelfed
- links:
- {{ container['links']['redis'] }}:redis
- {{ container['links']['mysql'] }}:mysql
- environment:
- DB_DRIVER: mysql
- DB_HOST: mysql
- DB_PORT: 3306
- DB_DATABASE: {{ instance }}
- DB_USERNAME: {{ salt['credentials.get_username'](container['credentials']['mysql']) }}
- DB_PASSWORD: {{ salt['credentials.get_password'](container['credentials']['mysql']) }}
# Port must be defined, as Docker link populates REDIS_PORT to tcp://...:6379
# That gives the following rather strange connection string:
# tcp://redis:tcp://172.17.0.29:6379
- REDIS_HOST: redis
- REDIS_PORT: 6379
- APP_DOMAIN: {{ container['host'] }}
- APP_KEY: {{ salt['credentials.get_token'](container['credentials']['app_key']) }}
- APP_NAME: {{ container['app']['title'] }}
- APP_URL: https://{{ container['host'] }}
- BROADCAST_DRIVER: redis
- CACHE_DRIVER: redis
- QUEUE_DRIVER: redis
- LOG_CHANNEL: 'daily'
- MAIL_DRIVER: smtp
- MAIL_HOST: smtp.eu.mailgun.org
- MAIL_PORT: 587
- MAIL_USERNAME: {{ salt['credentials.get_username'](container['credentials']['mailgun']) }}
- MAIL_PASSWORD: {{ salt['credentials.get_password'](container['credentials']['mailgun']) }}
- MAIL_FROM_ADDRESS: no-reply@{{ container['host'] }}
- MAIL_FROM_NAME: {{ container['app']['title'] }}
- SESSION_DRIVER: redis
- SESSION_DOMAIN: {{ container['host'] }}
- SESSION_SECURE_COOKIE: true
- TRUST_PROXIES: '*'
- HTTPS: 1
- MAX_ALBUM_LENGTH: {{ container['app']['max_album_length'] }}
- binds: /srv/{{ instance }}/storage:/var/wwwroot/default/storage
- ports:
- 80
- port_bindings:
- {{ container['app_port'] }}:80
{% endfor %}
diff --git a/roles/paas-docker/containers/postgresql.sls b/roles/paas-docker/containers/postgresql.sls
index 2700c0b..2e77515 100644
--- a/roles/paas-docker/containers/postgresql.sls
+++ b/roles/paas-docker/containers/postgresql.sls
@@ -1,56 +1,55 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-11-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['postgresql'].items() %}
+{% for instance, container in pillar['docker_containers']['postgresql'].items() %}
{% set image = salt['paas_docker.get_image']("library/postgres", container) %}
# -------------------------------------------------------------
# Home directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/{{ instance }}/postgresql:
file.directory:
- user: 999
- group: 999
- makedirs: True
{% if has_selinux %}
selinux_context_{{ instance }}_postgresql_data:
selinux.fcontext_policy_present:
- name: /srv/{{ instance }}/postgresql
- sel_type: container_file_t
selinux_context_{{ instance }}_postgresql_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/{{ instance }}/postgresql
{% endif %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: {{ image }}
- binds: /srv/{{ instance }}/postgresql:/var/lib/postgresql/data
- environment:
POSTGRES_USER: {{ salt['credentials.get_username'](container['credential']) }}
POSTGRES_PASSWORD: {{ salt['credentials.get_password'](container['credential']) }}
{% if 'network' in container %}
- networks:
- {{ container['network'] }}
{% endif %}
{% endfor %}
diff --git a/roles/paas-docker/containers/rabbitmq.sls b/roles/paas-docker/containers/rabbitmq.sls
index 7308406..a16ddae 100644
--- a/roles/paas-docker/containers/rabbitmq.sls
+++ b/roles/paas-docker/containers/rabbitmq.sls
@@ -1,77 +1,76 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2020-09-30
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['rabbitmq'].items() %}
+{% for instance, container in pillar['docker_containers']['rabbitmq'].items() %}
# -------------------------------------------------------------
# Storage directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/rabbitmq/{{ instance }}/lib:
file.directory:
- user: 999
- group: 999
- makedirs: True
/srv/rabbitmq/{{ instance }}/lib/.erlang.cookie:
file.managed:
- user: 999
- group: 999
- mode: 400
- show_changes: False
- contents: {{ salt['credentials.get_token'](container['credentials']['erlang_cookie']) }}
{% if has_selinux %}
selinux_context_rabbitmq_data_{{ instance }}:
selinux.fcontext_policy_present:
- name: /srv/rabbitmq/{{ instance }}/lib
- sel_type: container_file_t
selinux_context_rabbitmq_data_applied_{{ instance }}:
selinux.fcontext_policy_applied:
- name: /srv/rabbitmq/{{ instance }}/lib
{% endif %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/rabbitmq
- binds:
- /srv/rabbitmq/{{ instance }}/lib:/var/lib/rabbitmq
- hostname: {{ container['host'] }}
- ports: {{ pillar['rabbitmq_ports'] }}
- port_bindings:
{% for port in pillar['rabbitmq_ports'] %}
- {{ container['ip'] }}:{{ port }}:{{ port }}
{% endfor %}
# -------------------------------------------------------------
# Credentials
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
rabbitmq_{{ instance }}_root_password:
cmd.script:
- source: salt://roles/paas-docker/containers/files/rabbitmq/add_user_root.sh.jinja
- template: jinja
- context:
instance: {{ instance }}
password: {{ salt['credentials.get_token'](container['credentials']['root']) }}
- require:
- {{ instance }}
- creates: /srv/rabbitmq/{{ instance }}/.auth-configured
{% endfor %}
diff --git a/roles/paas-docker/containers/redis.sls b/roles/paas-docker/containers/redis.sls
index ac3430e..451ccb2 100644
--- a/roles/paas-docker/containers/redis.sls
+++ b/roles/paas-docker/containers/redis.sls
@@ -1,61 +1,60 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-10-30
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['redis'].items() %}
+{% for instance, container in pillar['docker_containers']['redis'].items() %}
{% set image = salt['paas_docker.get_image']("library/redis", container) %}
# -------------------------------------------------------------
# Data directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/redis/{{ instance }}:
file.directory:
- user: 999
- group: 999
- makedirs: True
{% if has_selinux %}
selinux_context_{{ instance }}_redis_data:
selinux.fcontext_policy_present:
- name: /srv/redis/{{ instance }}
- sel_type: container_file_t
selinux_context_{{ instance }}_redis_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/redis/{{ instance }}
{% endif %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: {{ image }}
- binds: /srv/redis/{{ instance }}:/data
- healthcheck:
Test: redis-cli ping
Interval: 30000000000
{% if 'network' in container %}
- networks:
- {{ container['network'] }}
{% endif %}
{% endfor %}
# -------------------------------------------------------------
# Host preparation
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
vm.overcommit_memory:
sysctl.present:
- value: 1
diff --git a/roles/paas-docker/containers/registry.sls b/roles/paas-docker/containers/registry.sls
index d54adfd..a2cfbce 100644
--- a/roles/paas-docker/containers/registry.sls
+++ b/roles/paas-docker/containers/registry.sls
@@ -1,48 +1,47 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-09-18
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
-{% for instance, container in containers['registry'].items() %}
+{% for instance, container in pillar['docker_containers']['registry'].items() %}
# -------------------------------------------------------------
# Data directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/{{ instance }}:
file.directory:
- makedirs: True
{% if has_selinux %}
selinux_context_{{ instance }}:
selinux.fcontext_policy_present:
- name: /srv/{{ instance }}
- sel_type: container_file_t
selinux_context_{{ instance }}_applied:
selinux.fcontext_policy_applied:
- name: /srv/{{ instance }}
{% endif %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: library/registry
- binds: /srv/{{ instance }}:/var/lib/registry
- ports:
- 5000
- port_bindings:
- 127.0.0.1:{{ container['app_port'] }}:5000 # HTTP
{% endfor %}
diff --git a/roles/paas-docker/containers/sentry.sls b/roles/paas-docker/containers/sentry.sls
index 1c923fa..ef92b52 100644
--- a/roles/paas-docker/containers/sentry.sls
+++ b/roles/paas-docker/containers/sentry.sls
@@ -1,98 +1,97 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-12-15
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
-{% set containers = pillar['docker_containers'][grains['id']] %}
# -------------------------------------------------------------
# Data directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for realm, args in pillar['sentry_realms'].items() %}
/srv/sentry/{{ realm }}:
file.directory:
- user: 999
- group: 999
- makedirs: True
/srv/sentry/{{ realm }}/bin/sentry:
file.managed:
- source: salt://roles/paas-docker/containers/files/sentry/sentry.sh.jinja
- template: jinja
- mode: 755
- makedirs: True
- context:
links: {{ args['links'] }}
credential_key: {{ args['credential'] }}
{% if has_selinux %}
selinux_context_{{ realm }}_sentry_data:
selinux.fcontext_policy_present:
- name: /srv/sentry/{{ realm }}
- sel_type: container_file_t
selinux_context_{{ realm }}_sentry_data_applied:
selinux.fcontext_policy_applied:
- name: /srv/sentry/{{ realm }}
{% endif %}
{% endfor %}
# -------------------------------------------------------------
# Web application
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance, container in containers['sentry'].items() %}
+{% for instance, container in pillar['docker_containers']['sentry'].items() %}
{% set args = pillar['sentry_realms'][container['realm']] %}
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: library/sentry
- binds: &binds /srv/sentry/{{ container['realm'] }}:/var/lib/sentry/files
- links: &links
- {{ args['links']['postgresql'] }}:postgres
- {{ args['links']['redis'] }}:redis
- {{ args['links']['smtp'] }}:smtp
- environment: &env
- SENTRY_SECRET_KEY: {{ salt['credentials.get_token'](args['credential']) }}
- SENTRY_FILESTORE_DIR:
- SENTRY_USE_SSL: 1
- SENTRY_SERVER_EMAIL: {{ args['email_from'] }}
- SENTRY_FILESTORE_DIR: /var/lib/sentry/files
- ports:
- 80
- port_bindings:
- {{ container['app_port'] }}:9000
{% endfor %}
# -------------------------------------------------------------
# Services containers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for service in ['worker', 'cron'] %}
-{% for instance, container in containers['sentry_' + service].items() %}
+{% for instance, container in pillar['docker_containers']['sentry_' + service].items() %}
{% set args = pillar['sentry_realms'][container['realm']] %}
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: library/sentry
- binds: *binds
- links: *links
- environment: *env
- command: run {{ service }}
{% endfor %}
{% endfor %}
diff --git a/roles/paas-docker/containers/tommy.sls b/roles/paas-docker/containers/tommy.sls
index 9973eb5..d8b4a5b 100644
--- a/roles/paas-docker/containers/tommy.sls
+++ b/roles/paas-docker/containers/tommy.sls
@@ -1,33 +1,31 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-09-20
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set containers = pillar['docker_containers'][grains['id']] %}
-
-{% for instance, container in containers['tommy'].items() %}
+{% for instance, container in pillar['docker_containers']['tommy'].items() %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/tommy
- environment:
- JENKINS_URL: {{ container['jenkins_url'] }}
{% if "jenkins_multi_branch" in container %}
# We don't use default value, as Ruby idea of truthy is pretty large, including 0
- JENKINS_MULTI_BRANCH: {{ container['jenkins_multi_branch'] }}
{% endif %}
- ports:
- 4567
- port_bindings:
- {{ container['app_port'] }}:4567 # HTTP
{% endfor %}
diff --git a/roles/paas-docker/docker/config.sls b/roles/paas-docker/docker/config.sls
index 9e406fa..a02d8c1 100644
--- a/roles/paas-docker/docker/config.sls
+++ b/roles/paas-docker/docker/config.sls
@@ -1,27 +1,25 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-09-18
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
-# Configure lvm profile
+# Configure Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['id'] in pillar['docker_daemon'] %}
-
-{% set daemon = pillar['docker_daemon'][grains['id']] %}
+{% set daemon = pillar['docker_daemon'] %}
+{% if daemon %}
{{ dirs.etc }}/docker/daemon.json:
file.managed:
- source: salt://roles/paas-docker/docker/files/daemon.json.jinja
- template: jinja
- mode: 644
- context:
daemon: {{ daemon }}
-
{% endif %}
diff --git a/roles/paas-docker/docker/images.sls b/roles/paas-docker/docker/images.sls
index c2ced9a..0c972d7 100644
--- a/roles/paas-docker/docker/images.sls
+++ b/roles/paas-docker/docker/images.sls
@@ -1,18 +1,18 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set images = salt['node.filter_by_name']('docker_images') %}
+{% set images = salt['paas_docker.list_images']() %}
# -------------------------------------------------------------
# Fetch Docker images
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for image in images %}
{{ image }}:
docker_image.present
{% endfor %}
diff --git a/roles/paas-docker/docker/networks.sls b/roles/paas-docker/docker/networks.sls
index ecbb948..385b664 100644
--- a/roles/paas-docker/docker/networks.sls
+++ b/roles/paas-docker/docker/networks.sls
@@ -1,23 +1,23 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-09-11
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% set networks = salt['pillar.get']("docker_networks:" + grains['id'], {}) %}
+{% set networks = pillar.get("docker_networks", {}) %}
# -------------------------------------------------------------
# Bridge networks
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for network, args in networks.items() %}
docker_network_{{ network }}:
docker_network.present:
- name: {{ network }}
- driver: bridge
- subnet: {{ args['subnet'] }}
{% endfor %}
diff --git a/roles/paas-docker/nginx/config.sls b/roles/paas-docker/nginx/config.sls
index 9b371e6..194ec3b 100644
--- a/roles/paas-docker/nginx/config.sls
+++ b/roles/paas-docker/nginx/config.sls
@@ -1,85 +1,85 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-16
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
-{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], {}) %}
+{% set containers = pillar.get('docker_containers', {}) %}
# -------------------------------------------------------------
# Base folder
#
# :: general configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ dirs.etc }}/nginx/nginx.conf:
file.managed:
- source: salt://roles/paas-docker/nginx/files/nginx.conf
nginx_dhparams:
cmd.run:
- name: openssl dhparam -out {{ dirs.etc }}/nginx/dhparams.pem 2048
- creates: {{ dirs.etc }}/nginx/dhparams.pem
# -------------------------------------------------------------
# includes folder
#
# :: general configuration
# :: application-specific code
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ dirs.etc }}/nginx/includes:
file.recurse:
- source: salt://roles/paas-docker/nginx/files/includes
- dir_mode: 755
- file_mode: 644
# -------------------------------------------------------------
# vhosts folder
#
# :: fallback when a domain isn't found
# :: server cover page
# :: containers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ dirs.etc }}/nginx/vhosts:
file.directory:
- dir_mode: 755
{{ dirs.etc }}/nginx/vhosts/000-fallback.conf:
file.managed:
- source: salt://roles/paas-docker/nginx/files/vhosts/base/fallback.conf
{{ dirs.etc }}/nginx/vhosts/001-server.conf:
file.managed:
- source: salt://roles/paas-docker/nginx/files/vhosts/base/server.conf
- template: jinja
- context:
fqdn: {{ grains['fqdn'] }}
ipv4: {{ grains['ipv4'] | join(" ") }}
ipv6: "{{ salt['node.get_ipv6_list']() }}"
{% for service, instances in containers.items() %}
{% for instance, container in instances.items() %}
{% if 'host' in container %}
{{ dirs.etc }}/nginx/vhosts/{{ service }}/{{ instance }}.conf:
file.managed:
- source: salt://roles/paas-docker/nginx/files/vhosts/{{ service }}.conf
- mode: 644
- makedirs: True
- template: jinja
- context:
fqdn: {{ container['host'] }}
app_port: {{ container['app_port'] }}
aliases: {{ container['aliases'] | default('', true) | join(" ") }}
# If the nginx configuration needs more key,
# pass directly the container dictionary.
args: {{ container }}
{% endif %}
{% endfor %}
{% endfor %}

File Metadata

Mime Type
text/x-diff
Expires
Sun, Nov 24, 16:34 (9 m, 33 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2258433
Default Alt Text
(104 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator