Page MenuHomeDevCentral
Files F12239442

No OneTemporary
Actions

View Options

diff --git a/_modules/node.py b/_modules/node.py
index 91c86ff..a956999 100644
--- a/_modules/node.py
+++ b/_modules/node.py
@@ -1,175 +1,175 @@
# -*- coding: utf-8 -*-
# -------------------------------------------------------------
# Salt — Node execution module
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-10-21
# Description: Functions related to the nodes pillar entry
# License: BSD-2-Clause
# -------------------------------------------------------------
from salt.exceptions import CommandExecutionError, SaltCloudConfigError
def _get_all_nodes():
return __pillar__.get('nodes', {})
def get_all_properties(nodename=None):
'''
A function to get a node pillar configuration.
CLI Example:
salt * node.get_all_properties
'''
if nodename is None:
nodename = __grains__['id']
all_nodes = _get_all_nodes()
if nodename not in all_nodes:
raise CommandExecutionError(
SaltCloudConfigError(
"Node {0} not declared in pillar.".format(nodename)
)
)
return all_nodes[nodename]
def get(key, nodename=None):
'''
A function to get a node pillar configuration key.
CLI Example:
salt * node.get hostname
'''
return _get_property(key, nodename, None)
def _explode_key(k): return k.split(':')
def _get_first_key(k): return _explode_key(k)[0]
def _strip_first_key(k): return ':'.join(_explode_key(k)[1:])
def _get_property(key, nodename, default_value, parent=None):
if parent is None:
parent = get_all_properties(nodename)
if ':' in key:
first_key = _get_first_key(key)
if first_key in parent:
return _get_property(
_strip_first_key(key), nodename,
default_value, parent[first_key]
)
elif key in parent:
return parent[key]
return default_value
def list(key, nodename=None):
'''
A function to get a node pillar configuration.
Returns a list if found, or an empty list if not found.
CLI Example:
salt * node.list network:ipv4_aliases
'''
return _get_property(key, nodename, [])
def has(key, nodename=None):
'''
A function to get a node pillar configuration.
Returns a boolean, False if not found.
CLI Example:
salt * node.has network:ipv6_tunnel
'''
value = _get_property(key, nodename, False)
return bool(value)
def has_role(role, nodename=None):
'''
A function to determine if a node has the specified role.
Returns a boolean, False if not found.
CLI Example:
salt * node.has_role devserver
'''
return role in list('roles', nodename)
def filter_by_role(pillar_key, nodename=None):
'''
A function to filter a dictionary by roles.
The dictionary must respect the following structure:
- keys are role to check the current node against
- values are list of items
Returns a list, extending all the filtered lists.
CLI Example:
salt * node.filter_by_role web_content_sls
'''
roles = list('roles', nodename)
dictionary = __pillar__.get(pillar_key, {})
filtered_list = []
- for role, items in dictionary.iteritems():
+ for role, items in dictionary.items():
if role in roles:
filtered_list.extend(items)
return filtered_list
def has_web_content(content, nodename=None):
return content in filter_by_role('web_content_sls', nodename)
def get_wwwroot(nodename=None):
'''
A function to determine the wwwroot folder to use.
Returns a string depending of the FQDN.
CLI Example:
salt * node.get_wwwroot
'''
hostname = _get_property("hostname", nodename, None)
if hostname is None:
raise CommandExecutionError(
SaltCloudConfigError(
"Node {0} doesn't have a hostname property".format(nodename)
)
)
if hostname.count('.') < 2:
return "wwwroot/{0}/www".format(hostname)
fqdn = hostname.split(".")
return "wwwroot/{1}/{0}".format(
".".join(fqdn[0:-2]),
".".join(fqdn[-2:])
)
diff --git a/roles/bastion/yubico/authorized_yubikeys.sls b/roles/bastion/yubico/authorized_yubikeys.sls
index 5058179..c02632f 100644
--- a/roles/bastion/yubico/authorized_yubikeys.sls
+++ b/roles/bastion/yubico/authorized_yubikeys.sls
@@ -1,24 +1,24 @@
# -------------------------------------------------------------
# Salt — Bastion - Yubikeys
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-02-18
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% for username, user in salt['forest.get_users']().iteritems() %}
+{% for username, user in salt['forest.get_users']().items() %}
{% if 'yubico_keys' in user %}
/home/{{ username }}/.yubico:
file.directory:
- user: {{ username }}
- mode: 700
/home/{{ username }}/.yubico/authorized_yubikeys:
file.managed:
- user: {{ username }}
- mode: 600
- contents: {{ username + ':' + ':'.join(user['yubico_keys']) }}
{% endif %}
{% endfor %}
diff --git a/roles/core/users/init.sls b/roles/core/users/init.sls
index 0bcfde0..28949fd 100644
--- a/roles/core/users/init.sls
+++ b/roles/core/users/init.sls
@@ -1,79 +1,79 @@
# -------------------------------------------------------------
# Salt — Provision users accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-11-09
# Description: Adds and revokes user accounts, in the relevant
# groups and with their stable SSH keys.
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Table of contents
# -------------------------------------------------------------
#
# :: Disabled accounts
#  :: Active accounts
#  :: Groups
# :: SSH keys
#
# -------------------------------------------------------------
{% from "map.jinja" import shells with context %}
# -------------------------------------------------------------
# Disabled accounts
# -------------------------------------------------------------
{% for username in pillar.get('revokedusers') %}
{{ username }}:
user.absent
{% endfor %}
# -------------------------------------------------------------
# Active accounts
# -------------------------------------------------------------
-{% for username, user in salt['forest.get_users']().iteritems() %}
+{% for username, user in salt['forest.get_users']().items() %}
{{ username }}:
user.present:
- fullname: {{ user['fullname'] }}
- shell: {{ shells[user['shell']|default('bash')] }}
- uid: {{ user['uid'] }}
{% endfor %}
# -------------------------------------------------------------
# Groups
# -------------------------------------------------------------
-{% for groupname, group in salt['forest.get_groups']().iteritems() %}
+{% for groupname, group in salt['forest.get_groups']().items() %}
group_{{ groupname }}:
group.present:
- name: {{ groupname }}
- gid: {{ group['gid'] }}
- members: {{ group['members'] }}
{% endfor %}
# -------------------------------------------------------------
# SSH keys
# -------------------------------------------------------------
-{% for username, user in salt['forest.get_users']().iteritems() %}
+{% for username, user in salt['forest.get_users']().items() %}
/home/{{ username }}/.ssh:
file.directory:
- user: {{ username }}
- group: {{ username }}
- dir_mode: 700
/home/{{ username}}/.ssh/authorized_keys:
file.managed:
- source: salt://roles/core/users/files/authorized_keys
- user: {{ username }}
- group: {{ username }}
- mode: 600
- template: jinja
- context:
keys: {{ user['ssh_keys']|default([]) }}
{% endfor %}
diff --git a/roles/devserver/webserver-wwwroot51/init.sls b/roles/devserver/webserver-wwwroot51/init.sls
index da1148a..11674a6 100644
--- a/roles/devserver/webserver-wwwroot51/init.sls
+++ b/roles/devserver/webserver-wwwroot51/init.sls
@@ -1,34 +1,34 @@
# -------------------------------------------------------------
# Salt — Webserver wwwroot51 content
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-02-11
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set basedir = pillar['wwwroot51_basedir'] %}
# -------------------------------------------------------------
# Base directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ basedir }}:
file.directory:
- dir_mode: 711
# -------------------------------------------------------------
# 51 sites
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for sitename, site in pillar['wwwroot51_directories'].iteritems() %}
+{% for sitename, site in pillar['wwwroot51_directories'].items() %}
{{ basedir }}/{{ sitename }}:
file.directory:
- dir_mode: 711
- user: {{ site['user'] }}
- group: {{ site['group'] }}
git.latest:
- name: {{ site['repository'] }}
- target: {{ basedir }}/{{ sitename }}
- user: {{ site['user'] }}
- update_head: False
{% endfor %}
diff --git a/roles/viperserv/account/init.sls b/roles/viperserv/account/init.sls
index 8e78d0d..34cc9c8 100644
--- a/roles/viperserv/account/init.sls
+++ b/roles/viperserv/account/init.sls
@@ -1,47 +1,47 @@
# -------------------------------------------------------------
# Salt — Deploy ViperServ (eggdrop)
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-11-14
# Description: Eggdrop on Freenode
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
# Service accounts
# -------------------------------------------------------------
-{% for username, user in pillar['viperserv_accounts'].iteritems() %}
+{% for username, user in pillar['viperserv_accounts'].items() %}
viperserv_account_{{ username }}:
user.present:
- name: {{ username }}
- fullname: {{ user['fullname'] }}
- uid: {{ user['uid'] }}
- gid: nasqueron-irc
- home: /var/run/{{ username }}
/var/run/{{ username }}:
file.directory:
- user: {{ user['uid'] }}
- group: nasqueron-irc
- dir_mode: 711
{% endfor %}
# -------------------------------------------------------------
# Sudo capabilities
#
# Members of nasqueron-irc should be able to sudo -u viperserv …
# -------------------------------------------------------------
viperserv_sudo_capabilities_file:
file.managed:
- name: {{ dirs.etc }}/sudoers.d/viperserv
- source: salt://roles/viperserv/account/files/viperserv.sudoers
- template: jinja
- context:
- accounts: {{ pillar['viperserv_accounts'].keys() }}
- bots: {{ pillar['viperserv_bots'].keys() }}
+ accounts: {{ pillar['viperserv_accounts'] }}
+ bots: {{ pillar['viperserv_bots'] }}
diff --git a/roles/viperserv/eggdrop/config.sls b/roles/viperserv/eggdrop/config.sls
index 56af7e6..8527e05 100644
--- a/roles/viperserv/eggdrop/config.sls
+++ b/roles/viperserv/eggdrop/config.sls
@@ -1,88 +1,88 @@
# -------------------------------------------------------------
# Salt — Deploy eggdrop park
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-11-14
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Directory for configuration
#
# Each bot gets a directory to store userlist, chanlist, motd,
# and specific configuration file.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for botname, bot in pillar['viperserv_bots'].iteritems() %}
+{% for botname, bot in pillar['viperserv_bots'].items() %}
/srv/viperserv/{{ botname }}:
file.directory:
- user: {{ bot['runas'] | default('viperserv') }}
- group: nasqueron-irc
- dir_mode: 770
{% endfor %}
# -------------------------------------------------------------
# Logs
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for botname, bot in pillar['viperserv_bots'].iteritems() %}
+{% for botname, bot in pillar['viperserv_bots'].items() %}
/srv/viperserv/logs/{{ botname }}.log:
file.managed:
- user: {{ bot['runas'] | default('viperserv') }}
- group: nasqueron-irc
- mode: 660
{% endfor %}
# -------------------------------------------------------------
# Configuration files
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/viperserv/core.conf:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/eggdrop-core.conf
- user: viperserv
- group: nasqueron-irc
/srv/viperserv/.credentials:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/dot.credentials
- user: viperserv
- group: nasqueron-irc
- replace: False
- mode: 660
-{% for botname, bot in pillar['viperserv_bots'].iteritems() %}
+{% for botname, bot in pillar['viperserv_bots'].items() %}
/srv/viperserv/{{ botname }}/eggdrop.conf:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/eggdrop-bot.conf
- user: {{ bot['runas'] | default('viperserv') }}
- group: nasqueron-irc
- mode: 755
- template: jinja
- context:
botname: {{ botname }}
realname: {{ bot['realname'] | default(botname) }}
scripts: {{ bot['scripts'] }}
modules: {{ bot['modules'] | default([]) }}
/srv/viperserv/{{ botname }}/motd:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/motd/{{ botname }}
- user: {{ bot['runas'] | default('viperserv') }}
- group: nasqueron-irc
/srv/viperserv/{{ botname }}/banner:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/banner
- user: {{ bot['runas'] | default('viperserv') }}
- group: nasqueron-irc
- template: jinja
- context:
bot: {{ botname }}
server: {{ grains['id'] }}
{% endfor %}
diff --git a/roles/viperserv/eggdrop/service.sls b/roles/viperserv/eggdrop/service.sls
index c235f97..5adb409 100644
--- a/roles/viperserv/eggdrop/service.sls
+++ b/roles/viperserv/eggdrop/service.sls
@@ -1,48 +1,48 @@
# -------------------------------------------------------------
# Salt — Deploy eggdrop park
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-11-19
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set bots = ' '.join(pillar['viperserv_bots'].keys()) %}
# -------------------------------------------------------------
# Install service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if grains['os'] == 'FreeBSD' %}
/usr/local/etc/rc.d/eggdrop:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/rc/eggdrop
- mode: 755
{% endif %}
# -------------------------------------------------------------
# Configure service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if grains['os'] == 'FreeBSD' %}
/etc/rc.conf.d/eggdrop:
file.directory
/etc/rc.conf.d/eggdrop/instances:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/rc/instances
- template: jinja
- context:
bots: {{ bots }}
-{% for botname, bot in pillar['viperserv_bots'].iteritems() %}
+{% for botname, bot in pillar['viperserv_bots'].items() %}
/etc/rc.conf.d/eggdrop/{{ botname }}:
file.managed:
- source: salt://roles/viperserv/eggdrop/files/rc/per_instance
- template: jinja
- context:
runas: {{ bot['runas'] | default('') }}
botname: {{ botname }}
{% endfor %}
{% endif %}
diff --git a/roles/webserver-legacy/php-sites/account.sls b/roles/webserver-legacy/php-sites/account.sls
index fb9d534..04a5969 100644
--- a/roles/webserver-legacy/php-sites/account.sls
+++ b/roles/webserver-legacy/php-sites/account.sls
@@ -1,22 +1,22 @@
# -------------------------------------------------------------
# Salt — Provision PHP websites
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Sites user accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for domain, site in pillar['web_php_sites'].iteritems() %}
+{% for domain, site in pillar['web_php_sites'].items() %}
web_account_{{ site['user'] }}:
user.present:
- name: {{ site['user' ]}}
- fullname: {{ domain }}
- gid: web
- system: True
- home: /var/run/web/{{ domain }}
{% endfor %}
diff --git a/roles/webserver-legacy/php-sites/files.sls b/roles/webserver-legacy/php-sites/files.sls
index d577ec4..6d44fb0 100644
--- a/roles/webserver-legacy/php-sites/files.sls
+++ b/roles/webserver-legacy/php-sites/files.sls
@@ -1,28 +1,28 @@
# -------------------------------------------------------------
# Salt — Provision PHP websites
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Sites content
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for domain, site in pillar['web_php_sites'].iteritems() %}
+{% for domain, site in pillar['web_php_sites'].items() %}
{% if 'target' in site %}
{{ site['target'] }}:
file.recurse:
- source: salt://{{ site['source'] }}
- exclude_pat: E@.git
- include_empty: True
- dir_mode: 711
- file_mode: keep
- user: {{ site['user'] }}
- group: web
{% endif %}
{% endfor %}
diff --git a/roles/webserver-legacy/php-sites/files/php-fpm-pool.conf b/roles/webserver-legacy/php-sites/files/php-fpm-pool.conf
index 8adb120..cef9dfa 100644
--- a/roles/webserver-legacy/php-sites/files/php-fpm-pool.conf
+++ b/roles/webserver-legacy/php-sites/files/php-fpm-pool.conf
@@ -1,38 +1,38 @@
; -------------------------------------------------------------
; php-fpm pool configuration
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
; Project: Nasqueron
; License: Trivial work, not eligible to copyright
; Source file: roles/webserver-legacy/php-sites/files/php-fpm-pool.conf
; -------------------------------------------------------------
;
; <auto-generated>
; This file is managed by our rOPS SaltStack repository.
;
; Changes to this file may cause incorrect behavior
; and will be lost if the state is redeployed.
; </auto-generated>
[{{ user }}]
listen = /var/run/web/{{ fqdn }}/php-fpm.sock
listen.owner = {{ user }}
listen.group = web
listen.mode = 0666
user = {{ user }}
group = web
pm = ondemand
pm.max_children = 10
pm.process_idle_timeout = 10s
pm.max_requests = 200
catch_workers_output = yes
php_admin_value[error_log] = /var/log/www/{{ domain }}/{{ subdomain }}-php.log
php_flag[display_errors] = {{ display_errors }}
php_flag[display_startup_errors] = {{ display_errors }}
php_admin_flag[log_errors] = on
-{%- for key, value in env.iteritems() %}
+{%- for key, value in env.items() %}
env["{{ key }}"] = {{ value }}
{% endfor -%}
diff --git a/roles/webserver-legacy/php-sites/php-fpm.sls b/roles/webserver-legacy/php-sites/php-fpm.sls
index b1db3a8..b0e6588 100644
--- a/roles/webserver-legacy/php-sites/php-fpm.sls
+++ b/roles/webserver-legacy/php-sites/php-fpm.sls
@@ -1,91 +1,91 @@
# -------------------------------------------------------------
# Salt — Provision PHP websites — php-fpm pools
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
# -------------------------------------------------------------
# Configuration : instances
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for instance, config in pillar['php_fpm_instances'].iteritems() %}
+{% for instance, config in pillar['php_fpm_instances'].items() %}
php-fpm_config_{{ instance }}:
file.managed:
- name: {{ dirs.etc }}/php-fpm.d/{{ instance }}.conf
- source: salt://roles/webserver-legacy/php-sites/files/php-fpm.conf
- template: jinja
- context:
instance: {{ instance }}
{{ dirs.etc }}/php-fpm.d/{{ instance }}-pools:
file.directory
{% endfor %}
# -------------------------------------------------------------
# Configuration : pools
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% for fqdn, site in pillar['web_php_sites'].iteritems() %}
+{% for fqdn, site in pillar['web_php_sites'].items() %}
php-fpm_pool_{{ site['user'] }}:
file.managed:
- name: {{ dirs.etc }}/php-fpm.d/prod-pools/{{ site['user'] }}.conf
- source: salt://roles/webserver-legacy/php-sites/files/php-fpm-pool.conf
- template: jinja
- context:
fqdn: {{ fqdn }}
domain: {{ site['domain'] }}
subdomain: {{ site['subdomain'] }}
user: {{ site['user' ]}}
display_errors: {{ site['display_errors']|default('off') }}
env : {{ site['env']|default({}) }}
/var/log/www/{{ site['domain' ]}}/{{ site['subdomain' ]}}-php.log:
file.managed:
- user: {{ site['user'] }}
- group: web
- chmod: 600
{% endfor %}
# -------------------------------------------------------------
# Service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if grains['os'] == 'FreeBSD' %}
{% set instances = " ".join(pillar['php_fpm_instances'].keys()) %}
# roles/webserver-legacy/php-sites/files/rc/php-fpm
/usr/local/etc/rc.d/php-fpm:
file.managed:
- source: salt://roles/webserver-legacy/php-sites/files/rc/php-fpm
- mode: 755
/etc/rc.conf.d/php_fpm:
file.directory
/etc/rc.conf.d/php_fpm/instances:
file.managed:
- source: salt://roles/webserver-legacy/php-sites/files/rc/instances
- template: jinja
- context:
instances: {{ instances }}
-{% for instance, config in pillar['php_fpm_instances'].iteritems() %}
+{% for instance, config in pillar['php_fpm_instances'].items() %}
/etc/rc.conf.d/php_fpm/{{ instance }}:
file.managed:
- source: salt://roles/webserver-legacy/php-sites/files/rc/per_instance
- template: jinja
- context:
instance: {{ instance }}
command: {{ config['command'] | default('') }}
{% endfor %}
{% endif %}

File Metadata

Mime Type
text/x-diff
Expires
Sat, Oct 11, 21:42 (23 h, 40 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3064123
Default Alt Text
(23 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator