Page MenuHomeDevCentral

D2874.id7324.diff
No OneTemporary

D2874.id7324.diff

diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -105,6 +105,8 @@
- ops/secrets/nasqueron/rabbitmq/white-rabbit/erlang-cookie
- ops/secrets/nasqueron/rabbitmq/white-rabbit/root
+ - ops/secrets/nasqueron/sentry/geoipupdate
+
#
# Credentials used by Nasqueron services
# Format: ops/secrets/nasqueron.<service>.<type>
diff --git a/roles/paas-docker/salt/files/credential.sh b/roles/paas-docker/salt/files/credential.sh
--- a/roles/paas-docker/salt/files/credential.sh
+++ b/roles/paas-docker/salt/files/credential.sh
@@ -15,8 +15,17 @@
# </auto-generated>
if [ "$#" -eq 0 ]; then
- echo "Usage: $0 <credential key>" 1>&2;
+ echo "Usage: $0 <credential key> [username]" 1>&2;
exit 1
fi
-sudo salt-call credentials.get_password "$1" --out=json | jq -r .local
+if [ "$#" -eq 1 ]; then
+ METHOD=credentials.get_password
+elif [ "$2" = "username" ]; then
+ METHOD=credentials.get_username
+else
+ echo "Unknown accessor option: $2" 1>&2;
+ exit 2
+fi
+
+sudo salt-call $METHOD "$1" --out=json | jq -r .local
diff --git a/roles/paas-docker/salt/files/credential.sh b/roles/paas-docker/wrappers/files/geoipupdate.sh
copy from roles/paas-docker/salt/files/credential.sh
copy to roles/paas-docker/wrappers/files/geoipupdate.sh
--- a/roles/paas-docker/salt/files/credential.sh
+++ b/roles/paas-docker/wrappers/files/geoipupdate.sh
@@ -1,10 +1,11 @@
#!/bin/sh
+
# -------------------------------------------------------------
# PaaS Docker
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
-# Source file: roles/paas-docker/salt/files/credential.sh
+# Source file: roles/paas-docker/wrappers/files/geoipupdate.sh
# -------------------------------------------------------------
#
# <auto-generated>
@@ -14,9 +15,13 @@
# and will be lost if the state is redeployed.
# </auto-generated>
-if [ "$#" -eq 0 ]; then
- echo "Usage: $0 <credential key>" 1>&2;
- exit 1
-fi
+GEOIPUPDATE_ACCOUNT_ID=$(credential nasqueron/sentry/geoipupdate username)
+GEOIPUPDATE_LICENSE_KEY=$(credential nasqueron/sentry/geoipupdate)
-sudo salt-call credentials.get_password "$1" --out=json | jq -r .local
+docker run \
+ -e GEOIPUPDATE_ACCOUNT_ID="$GEOIPUPDATE_ACCOUNT_ID" \
+ -e GEOIPUPDATE_LICENSE_KEY="$GEOIPUPDATE_LICENSE_KEY" \
+ -e GEOIPUPDATE_EDITION_IDS="GeoLite2-ASN GeoLite2-City GeoLite2-Country" \
+ -e GEOIPUPDATE_PRESERVE_FILE_TIMES=1 \
+ -v /srv/geoip:/usr/share/GeoIP \
+ maxmindinc/geoipupdate
diff --git a/roles/paas-docker/wrappers/init.sls b/roles/paas-docker/wrappers/init.sls
--- a/roles/paas-docker/wrappers/init.sls
+++ b/roles/paas-docker/wrappers/init.sls
@@ -12,7 +12,7 @@
# Wrapper binaries
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for command in ['certbot', 'jenkins', 'phpbb', 'mysql', 'sentry', 'openfire'] %}
+{% for command in ['certbot', 'jenkins', 'phpbb', 'mysql', 'sentry', 'openfire', 'geoipupdate'] %}
{{ dirs.bin }}/{{ command }}:
file.managed:
- source: salt://roles/paas-docker/wrappers/files/{{ command }}.sh
@@ -25,3 +25,23 @@
- source: salt://roles/paas-docker/wrappers/files/{{ command }}.py
- mode: 755
{% endfor %}
+
+# -------------------------------------------------------------
+# Required directories
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+
+/srv/geoip:
+ file.directory
+
+{% if has_selinux %}
+selinux_context_geoip_data:
+ selinux.fcontext_policy_present:
+ - name: /srv/geoip
+ - sel_type: container_file_t
+
+selinux_context_geoip_data_applied:
+ selinux.fcontext_policy_applied:
+ - name: /srv/geoip
+{% endif %}

File Metadata

Mime Type
text/plain
Expires
Sun, Nov 24, 07:10 (14 h, 24 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2259678
Default Alt Text
D2874.id7324.diff (3 KB)

Event Timeline