Page MenuHomeDevCentral
Files F11726281

No OneTemporary
Actions

View Options

diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls
index 8db906d..2711ddc 100644
--- a/pillar/paas/docker.sls
+++ b/pillar/paas/docker.sls
@@ -1,203 +1,203 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
docker_aliases:
- &ipv4_equatower 51.255.124.10
# -------------------------------------------------------------
# Images
#
# You can append a :tag (by default, latest is used).
#
# It's not possible to specify Docker library images only by final name.
# See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_images:
'*':
- certbot/certbot
dwellers:
# Core services
- nasqueron/rabbitmq
# Infrastructure and development services
- dereckson/cachet
- nasqueron/notifications
equatower:
# Core services
- nasqueron/mysql
# Infrastructure and development services
- nasqueron/aphlict
- nasqueron/etherpad
- nasqueron/phabricator
# Continuous deployment jobs
- jenkinsci/jenkins
- nasqueron/jenkins-slave-php
# phpBB SaaS
- nasqueron/mysql
# -------------------------------------------------------------
# Networks
#
# Containers can be grouped by network, instead to use links.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_networks:
equatower:
cd:
subnet: 172.18.1.0/24
# -------------------------------------------------------------
# Containers
#
# The docker_containers entry allow to declare
# containers by image by servers
#
# The hierarchy is so as following.
#
# docker_containers:
# server with the Docker engine:
# service codename:
# instance name:
# container properties
#
# The service codename must match a state file in
# the roles/paas-docker/containers/ directory.
#
# The container will be run with the specified instance name.
#
# **nginx**
#
# The container properties can also describe the information
# needed to configure nginx with the host and app_port key.
#
# In such case, a matching vhost file should be declared as
# roles/paas-docker/nginx/files/vhosts/<service codename>.sls
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
docker_containers:
#
# Equatower is the current production engine
#
equatower:
#
# Core services
#
mysql:
acquisitariat: {}
phpbb_db: {}
#
# CD
#
jenkins:
jenkins_cd:
+ realm: cd
host: cd.nasqueron.org
- network: cd
app_port: 38080
jnlp_port: 50000
jenkins_slave:
# Slaves for CD
apsile:
- network: cd
+ realm: cd
elapsi:
- network: cd
+ realm: cd
# Infrastructure and development services
phabricator:
devcentral:
app_port: 31080
host: devcentral.nasqueron.org
aliases:
- phabricator.nasqueron.org
blogs:
servers:
host: servers.nasqueron.org
aliases:
- server.nasqueron.org
- serveur.nasqueron.org
- serveurs.nasqueron.org
static_host: phabricator-files-for-devcentral-nasqueron.spacetechnology.net
aphlict:
aphlict:
ports:
client: 22280
admin: 22281
cachet:
cachet:
app_port: 39080
host: status.nasqueron.org
credential: 47
mysql_link: acquisitariat
etherpad:
pad:
app_port: 34080
host: pad.nasqueron.org
aliases:
- pad.wolfplex.org
- pad.wolfplex.be
mysql_link: acquisitariat
plugins:
- ep_ether-o-meter
- ep_author_neat
# phpBB SaaS
# The SaaS uses a MySQL instance, declared in the MySQL section.
# Openfire
openfire:
openfire:
ip: *ipv4_equatower
app_port: 9090
host: xmpp.nasqueron.org
# -------------------------------------------------------------
# Ports listened by XMPP
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
xmpp_ports:
- 3478
- 5222 # Client to server
- 5223 # Client to server (Encrypted (legacy-mode) connections)
- 5262 # Connections managers
- 5269 # Server to server
- 5275 # External components
- 5276 # External components (Encrypted (legacy-mode) connections)
- 7070 # HTTP binding
- 7443 # HTTP binding with TLS
- 7777 # File transfer proxy
- 9090 # Web administration server
- 9091 # Web administration server with TLS
# -------------------------------------------------------------
# Zemke-Rhyne clients
#
# This section should list all the Docker engines server
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
zr_clients:
- key: 2
allowedConnectionFrom:
- 172.27.26.49
- dwellers.nasqueron.drake
- dwellers.nasqueron.org
restrictCommand:
comment: Zemke-Rhyne
- key: 123
allowedConnectionFrom:
- equatower.nasqueron.org
restrictCommand:
comment: Zemke-Rhyne
diff --git a/pillar/saas/jenkins.sls b/pillar/saas/jenkins.sls
new file mode 100644
index 0000000..472e4bb
--- /dev/null
+++ b/pillar/saas/jenkins.sls
@@ -0,0 +1,16 @@
+# -------------------------------------------------------------
+# Salt — Jenkins instances
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2018-09-11
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Jenkins realms
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+jenkins_realms:
+ cd:
+ ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiWLxPzS8X6NraVwsK95gFGe1pIuz+K0n7aw81nabcf jenkins-master-equatower-cd
+ network: cd
diff --git a/pillar/top.sls b/pillar/top.sls
index 0a40f0b..a6ba77c 100644
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -1,32 +1,33 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
base:
'*':
- core.users
- core.groups
- certificates.certificates
- nodes.nodes
- nodes.forests
- hotfixes.roles
- webserver.sites
dwellers:
- paas.docker
eglide:
- shellserver.quassel
equatower:
- paas.docker
+ - saas.jenkins
- saas.phpbb
ysul:
- devserver.repos
- paas.docker
- saas.mediawiki
- viperserv.bots
- viperserv.fantoir
- webserver.labs
- webserver.wwwroot51
diff --git a/roles/paas-docker/containers/files/jenkins_slave/authorized_keys b/roles/paas-docker/containers/files/jenkins_slave/authorized_keys
deleted file mode 100644
index 67bbd57..0000000
--- a/roles/paas-docker/containers/files/jenkins_slave/authorized_keys
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiWLxPzS8X6NraVwsK95gFGe1pIuz+K0n7aw81nabcf jenkins-master-equatower-cd
diff --git a/roles/paas-docker/containers/jenkins.sls b/roles/paas-docker/containers/jenkins.sls
index 777dcdb..fe35e76 100644
--- a/roles/paas-docker/containers/jenkins.sls
+++ b/roles/paas-docker/containers/jenkins.sls
@@ -1,54 +1,57 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-11
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
{% set containers = pillar['docker_containers'][grains['id']] %}
{% for instance, container in containers['jenkins'].items() %}
+{% set realm = pillar['jenkins_realms'][container['realm']] %}
+{% set home = "/srv/jenkins/" + container['realm'] + "/jenkins_home" %}
+
# -------------------------------------------------------------
# Home directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-/srv/{{ instance }}/jenkins_home:
+{{ home }}:
file.directory:
- user: 1000
- group: 1000
- makedirs: True
{% if has_selinux %}
selinux_context_jenkins_home:
selinux.fcontext_policy_present:
- - name: /srv/{{ instance }}/jenkins_home
+ - name: {{ home }}
- sel_type: svirt_sandbox_file_t
selinux_context_jenkins_home_applied:
selinux.fcontext_policy_applied:
- - name: /srv/{{ instance }}/jenkins_home
+ - name: {{ home }}
{% endif %}
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: jenkinsci/jenkins
- - binds: /srv/{{ instance }}/jenkins_home:/var/jenkins_home
+ - binds: {{ home }}:/var/jenkins_home
- networks:
- - {{ container['network'] }}
+ - {{ realm['network'] }}
- ports:
- 8080
- 50000
- port_bindings:
- {{ container['app_port'] }}:8080 # HTTP
- {{ container['jnlp_port'] }}:50000 # Jenkins master's port for JNLP-based Jenkins agents
{% endfor %}
diff --git a/roles/paas-docker/containers/jenkins_slave.sls b/roles/paas-docker/containers/jenkins_slave.sls
index bbfbbdb..0ac2493 100644
--- a/roles/paas-docker/containers/jenkins_slave.sls
+++ b/roles/paas-docker/containers/jenkins_slave.sls
@@ -1,57 +1,62 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-16
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
{% set containers = pillar['docker_containers'][grains['id']] %}
+{% for instance, container in containers['jenkins_slave'].items() %}
+
+{% set realm = pillar['jenkins_realms'][container['realm']] %}
+{% set home = "/srv/jenkins/" + container['realm'] + "/slaves_homes/" + instance %}
+
# -------------------------------------------------------------
# Home directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-/srv/jenkins/slave_home:
+{{ home }}:
file.directory:
- user: 431
- group: 433
- makedirs: True
{% if has_selinux %}
-selinux_context_jenkins_slave_home:
+selinux_context_jenkins_slave_{{ instance }}_home:
selinux.fcontext_policy_present:
- - name: /srv/jenkins/slave_home
+ - name: {{ home }}
- sel_type: svirt_sandbox_file_t
-selinux_context_jenkins_slave_home_applied:
+selinux_context_jenkins_slave_{{ instance }}_home_applied:
selinux.fcontext_policy_applied:
- - name: /srv/jenkins/slave_home
+ - name: {{ home }}
{% endif %}
-/srv/jenkins/slave_home/.ssh:
+{{ home }}/.ssh:
file.directory:
- user: 431
- group: 433
-/srv/jenkins/slave_home/.ssh/authorized_keys:
+{{ home }}/.ssh/authorized_keys:
file.managed:
- - source: salt://roles/paas-docker/containers/files/jenkins_slave/authorized_keys
+ - contents: {{ realm['ssh_key'] }}
- user: 431
- group: 433
# -------------------------------------------------------------
# Container
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance, container in containers['jenkins_slave'].items() %}
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/jenkins-slave-php
- - binds: /srv/jenkins/slave_home:/home/app
+ - binds: {{ home }}:/home/app
- networks:
- - {{ container['network'] }}
+ - {{ realm['network'] }}
+
{% endfor %}

File Metadata

Mime Type
text/x-diff
Expires
Fri, Sep 19, 02:18 (1 d, 10 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2992064
Default Alt Text
(12 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator