Page MenuHomeDevCentral

No OneTemporary

diff --git a/Makefile b/Makefile
index 42c1103..a84885c 100644
--- a/Makefile
+++ b/Makefile
@@ -1,67 +1,58 @@
# -------------------------------------------------------------
# Salt - Operations repository
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Description: Allow to generate repository or API content
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
HOST_NAME != hostname -s
HOST_DOMAIN != hostname -d
API_DIR=/var/wwwroot/$(HOST_DOMAIN)/$(HOST_NAME)/datasources/infra
RM=rm -f
MKDIR=mkdir -p
MV=mv
# -------------------------------------------------------------
# Main targets
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
_default: repo
all: repo api
clean: clean-repo clean-api
test:
(cd _tests && make)
# -------------------------------------------------------------
# Build targets - repository
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-repo: roles/webserver-content/init.sls \
- roles/webserver-core/nginx/files/ocsp-ca-certs.pem \
+repo: roles/webserver-core/nginx/files/ocsp-ca-certs.pem \
.git/hooks/pre-commit
-webserver-content-index: clean-webserver-content-index roles/webserver-content/init.sls
-
-roles/webserver-content/init.sls:
- utils/generate-webcontent-index.py > roles/webserver-content/init.sls
-
roles/webserver-core/nginx/files/ocsp-ca-certs.pem:
utils/generate-ocsp-bundle.sh > roles/webserver-core/nginx/files/ocsp-ca-certs.pem
.git/hooks/pre-commit:
pre-commit install
-clean-webserver-content-index:
- ${RM} roles/webserver-content/init.sls
-
-clean-repo: clean-webserver-content-index
+clean-repo:
${RM} .git/hooks/pre-commit
${RM} roles/webserver-core/nginx/files/ocsp-ca-certs.pem
# -------------------------------------------------------------
# Build targets - API
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
api: $(API_DIR)/all-states.json
$(API_DIR)/all-states.json:
${MKDIR} ${API_DIR}
utils/show-local-states.py > ${API_DIR}/all-states.json
clean-api:
${RM} ${API_DIR}/all-states.json
diff --git a/_modules/node.py b/_modules/node.py
index 39973b8..5a85ff1 100644
--- a/_modules/node.py
+++ b/_modules/node.py
@@ -1,438 +1,434 @@
# -*- coding: utf-8 -*-
# -------------------------------------------------------------
# Salt — Node execution module
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-10-21
# Description: Functions related to the nodes' pillar entry
# License: BSD-2-Clause
# -------------------------------------------------------------
from salt.exceptions import CommandExecutionError, SaltCloudConfigError
from salt._compat import ipaddress
DEPLOY_ROLES = [
"devserver",
"salt-primary",
"viperserv",
"webserver-alkane",
"webserver-legacy",
]
def _get_all_nodes():
return __pillar__.get("nodes", {})
def get_all_properties(nodename=None):
"""
A function to get a node pillar configuration.
CLI Example:
salt * node.get_all_properties
"""
if nodename is None:
nodename = __grains__["id"]
all_nodes = _get_all_nodes()
if nodename not in all_nodes:
raise CommandExecutionError(
SaltCloudConfigError("Node {0} not declared in pillar.".format(nodename))
)
return all_nodes[nodename]
def get(key, nodename=None):
"""
A function to get a node pillar configuration key.
CLI Example:
salt * node.get hostname
"""
return _get_property(key, nodename, None)
def _explode_key(k):
return k.split(":")
def _get_first_key(k):
return _explode_key(k)[0]
def _strip_first_key(k):
return ":".join(_explode_key(k)[1:])
def _get_property(key, nodename, default_value, parent=None):
if parent is None:
parent = get_all_properties(nodename)
if ":" in key:
first_key = _get_first_key(key)
if first_key in parent:
return _get_property(
_strip_first_key(key), nodename, default_value, parent[first_key]
)
elif key in parent:
return parent[key]
return default_value
def get_list(key, nodename=None):
"""
A function to get a node pillar configuration.
Returns a list if found, or an empty list if not found.
CLI Example:
salt * node.list network:ipv4_aliases
"""
return _get_property(key, nodename, [])
def has(key, nodename=None):
"""
A function to get a node pillar configuration.
Returns a boolean, False if not found.
CLI Example:
salt * node.has network:ipv6_tunnel
"""
value = _get_property(key, nodename, False)
return bool(value)
def has_role(role, nodename=None):
"""
A function to determine if a node has the specified role.
Returns a boolean, False if not found.
CLI Example:
salt * node.has_role devserver
"""
return role in get_list("roles", nodename)
def filter_by_role(pillar_key, nodename=None):
"""
A function to filter a dictionary by roles.
The dictionary must respect the following structure:
- keys are role to check the current node against
- values are list of items
If a key '*' is also present, it will be included
for every role.
Returns a list, extending all the filtered lists.
CLI Example:
salt * node.filter_by_role web_content_sls
"""
roles = get_list("roles", nodename)
dictionary = __pillar__.get(pillar_key, {})
filtered_list = []
for role, items in dictionary.items():
if role == "*" or role in roles:
filtered_list.extend(items)
return filtered_list
def filter_by_name(pillar_key, nodename=None):
"""
A function to filter a dictionary by node name.
The dictionary must respect the following structure:
- keys are names to check the current node against
- values are list of items
If a key '*' is also present, it will be included
for every node.
Returns a list, extending all the filtered lists.
CLI Example:
salt * node.filter_by_name mars
"""
if nodename is None:
nodename = __grains__["id"]
dictionary = __pillar__.get(pillar_key, {})
filtered_list = []
for name, items in dictionary.items():
if name == "*" or name == nodename:
filtered_list.extend(items)
return filtered_list
def has_deployment(nodename=None):
"""
A function to determine if this server does continuous delivery.
"""
return any(role in DEPLOY_ROLES for role in get_list("roles", nodename))
-def has_web_content(content, nodename=None):
- return content in filter_by_role("web_content_sls", nodename)
-
-
def get_wwwroot(nodename=None):
"""
A function to determine the wwwroot folder to use.
Returns a string depending on the FQDN.
CLI Example:
salt * node.get_wwwroot
"""
hostname = _get_property("hostname", nodename, None)
if hostname is None:
raise CommandExecutionError(
SaltCloudConfigError(
"Node {0} doesn't have a hostname property".format(nodename)
)
)
if hostname.count(".") < 2:
return "wwwroot/{0}/www".format(hostname)
fqdn = hostname.split(".")
return "wwwroot/{1}/{0}".format(".".join(fqdn[0:-2]), ".".join(fqdn[-2:]))
def get_ipv6_list():
"""
A function to get a list of IPv6, enclosed by [].
Returns a string depending on the IPv6 currently assigned.
CLI Example:
salt * node.get_ipv6_list
"""
ipv6 = __grains__.get("ipv6")
return " ".join(["[" + ip + "]" for ip in ipv6])
def resolve_network():
"""
A function to determine canonical properties of networks
from the nodes pillar.
CLI Example:
salt * node.resolve_network
"""
network = {
"ipv4_address": "",
"ipv4_gateway": "",
}
private_network = network.copy()
is_private_network_stable = True
interfaces = _get_property("network:interfaces", __grains__["id"], {})
for interface_name, interface in interfaces.items():
if "ipv4" not in interface:
continue
ipv4 = interface["ipv4"]["address"]
if ipaddress.ip_address(ipv4).is_private:
target = private_network
else:
target = network
if target["ipv4_address"] != "":
continue
target["ipv4_address"] = ipv4
try:
target["ipv4_gateway"] = interface["ipv4"]["gateway"]
except KeyError:
pass
if network["ipv4_address"] == "":
main_network = private_network
else:
main_network = network
if private_network["ipv4_address"] == "":
is_private_network_stable = False
tunnels = resolve_gre_tunnels()
if tunnels:
tunnel = tunnels[0]
private_network = {
"ipv4_address": tunnel["src"],
"ipv4_gateway": tunnel["gateway"],
}
return main_network | {
"private_ipv4_address": private_network["ipv4_address"],
"private_ipv4_gateway": private_network["ipv4_gateway"],
"is_private_network_stable": is_private_network_stable,
}
def _resolve_gre_tunnels_for_router(network, netmask):
tunnels = []
for node, tunnel in __pillar__.get(f"{network}_gre_tunnels", {}).items():
tunnels.append(
{
"network": network,
"description": f"{network}_to_{node}",
"interface": tunnel["router"]["interface"],
"src": tunnel["router"]["addr"],
"dst": tunnel["node"]["addr"],
"netmask": netmask,
"icann_src": get("network")["canonical_public_ipv4"],
"icann_dst": get("network", node)["canonical_public_ipv4"],
}
)
return tunnels
def resolve_gre_tunnels():
"""
A function to get the GRE tunnels for a node
CLI Example:
salt * node.resolve_gre_tunnels
"""
gre_tunnels = []
for network, network_args in __pillar__.get("networks", {}).items():
if __grains__["id"] == network_args["router"]:
gre_tunnels += _resolve_gre_tunnels_for_router(
network, network_args["netmask"]
)
continue
tunnel = __salt__["pillar.get"](f"{network}_gre_tunnels:{__grains__['id']}")
if not tunnel:
continue
gre_tunnels.append(
{
"network": network,
"description": f"{network}_via_{network_args['router']}",
"interface": tunnel["node"].get("interface", "gre0"),
"src": tunnel["node"]["addr"],
"dst": tunnel["router"]["addr"],
"netmask": network_args["netmask"],
"gateway": network_args["default_gateway"],
"icann_src": get("network")["canonical_public_ipv4"],
"icann_dst": get("network", network_args["router"])[
"canonical_public_ipv4"
],
}
)
return gre_tunnels
def get_gateway(network):
# For tunnels, gateway is the tunnel endpoint
tunnel = __salt__["pillar.get"](f"{network}_gre_tunnels:{__grains__['id']}")
if tunnel:
return tunnel["router"]["addr"]
return __salt__["pillar.get"](f"networks:{network}:default_gateway")
def _get_static_route(cidr, gateway):
if __grains__["os_family"] == "FreeBSD":
return f"-net {cidr} {gateway}"
if __grains__["kernel"] == "Linux":
return f"{cidr} via {gateway}"
raise ValueError("No static route implementation for " + __grains__["os_family"])
def _get_default_route(gateway):
if __grains__["os_family"] == "FreeBSD":
return f"default {gateway}"
if __grains__["kernel"] == "Linux":
return f"default via {gateway}"
raise ValueError("No static route implementation for " + __grains__["os_family"])
def _get_interface_route(ip, interface):
if __grains__["os_family"] == "FreeBSD":
return f"-net {ip}/32 -interface {interface}"
if __grains__["kernel"] == "Linux":
return f"{ip} dev {interface}"
raise ValueError("No static route implementation for " + __grains__["os_family"])
def _get_routes_for_private_networks():
"""
Every node, excepted the routeur, should have a route
for the private network CIDR to the router.
For GRE tunnels, the gateway is the tunnel endpoint.
In other cases, the gateway is the main router (private) IP.
"""
routes = {}
for network, network_args in __pillar__.get("networks", {}).items():
if network_args["router"] == __grains__["id"]:
continue
gateway = get_gateway(network)
routes[f"private_{network}"] = _get_static_route(network_args["cidr"], gateway)
return routes
def get_routes():
routes = {}
interfaces = _get_property("network:interfaces", __grains__["id"], {})
for interface_name, interface in interfaces.items():
flags = interface.get("flags", [])
if "gateway" in interface.get("ipv4", {}):
gateway = interface["ipv4"]["gateway"]
if "ipv4_ovh_failover" in flags:
routes[f"{interface_name}_gateway"] = _get_interface_route(
gateway, interface["device"]
)
if __grains__["os_family"] != "RedHat":
# On RHEL/CentOS/Rocky, legacy network scripts take care of this with GATEWAY=
routes[f"{interface_name}_default"] = _get_default_route(gateway)
routes.update(_get_routes_for_private_networks())
return routes
diff --git a/_tests/modules/test_node.py b/_tests/modules/test_node.py
index 8b195d6..4980efd 100755
--- a/_tests/modules/test_node.py
+++ b/_tests/modules/test_node.py
@@ -1,156 +1,148 @@
#!/usr/bin/env python3
from importlib.machinery import SourceFileLoader
from unittest_data_provider import data_provider
import unittest
salt_test_case = SourceFileLoader("salt_test_case", "salt_test_case.py").load_module()
node = SourceFileLoader("node", "../_modules/node.py").load_module()
class Testinstance(unittest.TestCase, salt_test_case.SaltTestCase):
def setUp(self):
self.initialize_mocks()
self.instance = node
self.mock_pillar("data/forests.yaml")
self.mock_grains()
self.grains["id"] = "egladil"
def test_get_wwwroot(self):
self.assertEqual("wwwroot/lothlorien.forest/egladil", node.get_wwwroot())
self.assertEqual("wwwroot/entwash.node/www", node.get_wwwroot("entwash"))
- def test_has_web_content(self):
- self.assertTrue(node.has_web_content(".ll/carasgaladhon"))
- self.assertFalse(node.has_web_content(".arda/onodlo"))
-
- self.assertTrue(node.has_web_content(".arda/onodlo", "entwash"))
-
- self.assertFalse(node.has_web_content("notexisting"))
-
def test_filter_by_role(self):
node_key = self.grains["id"]
self.assertEqual(["Caras Galadhon"], node.filter_by_role("items_by_role"))
self.assertEqual(["Onodlo"], node.filter_by_role("items_by_role", "entwash"))
# No role
self.pillar["nodes"][node_key]["roles"] = []
self.assertEqual([], node.filter_by_role("items_by_role"))
# More than one role
self.pillar["nodes"][node_key]["roles"] = ["border", "treecity"]
self.assertEqual(
["Caras Galadhon", "Onodlo"], sorted(node.filter_by_role("items_by_role"))
)
def test_filter_by_role_with_star(self):
node_key = self.grains["id"]
self.assertEqual(
["Air", "Caras Galadhon"], node.filter_by_role("items_by_role_with_star")
)
self.assertEqual(
["Air", "Onodlo"], node.filter_by_role("items_by_role_with_star", "entwash")
)
# No role
self.pillar["nodes"][node_key]["roles"] = []
self.assertEqual(["Air"], node.filter_by_role("items_by_role_with_star"))
# More than one role
self.pillar["nodes"][node_key]["roles"] = ["border", "treecity"]
self.assertEqual(
["Air", "Caras Galadhon", "Onodlo"],
sorted(node.filter_by_role("items_by_role_with_star")),
)
def test_filter_by_name(self):
self.assertEqual(["Caras Galadhon"], node.filter_by_name("items_by_name"))
self.assertEqual(
["Caras Galadhon"], node.filter_by_name("items_by_name", "egladil")
)
self.grains["id"] = "entwash"
self.assertEqual([], node.filter_by_name("items_by_name"))
def test_filter_by_name_with_star(self):
self.assertEqual(
["Air", "Caras Galadhon"], node.filter_by_name("items_by_name_with_star")
)
self.assertEqual(
["Air", "Caras Galadhon"],
node.filter_by_name("items_by_name_with_star", "egladil"),
)
self.grains["id"] = "entwash"
self.assertEqual(["Air"], node.filter_by_name("items_by_name_with_star"))
def test_get_ipv6_list(self):
self.grains["ipv6"] = [
"::1",
"2001:470:1f13:ce7:ca5:cade:fab:1e",
"2001:470:1f12:ce7::2",
]
self.assertEqual(
"[::1] [2001:470:1f13:ce7:ca5:cade:fab:1e] [2001:470:1f12:ce7::2]",
node.get_ipv6_list(),
)
resolved_networks = lambda: (
(
"egladil",
{
"ipv4_address": "1.2.3.4",
"ipv4_gateway": "1.2.3.254",
},
),
(
"entwash",
{
"ipv4_address": "10.100.0.5",
"ipv4_gateway": "10.100.0.1",
},
),
)
@data_provider(resolved_networks)
def test_resolve_network(self, id, expected):
self.grains["id"] = id
self.assertEqual(expected, node.resolve_network())
def test_resolve_network_without_gateway(self):
expected = {
"ipv4_address": "10.100.0.5",
"ipv4_gateway": "",
}
self.grains["id"] = "entwash"
del self.pillar["nodes"]["entwash"]["network"]["interfaces"]["net02"]["ipv4"][
"gateway"
]
self.assertEqual(expected, node.resolve_network())
def test_resolve_network_without_any_network(self):
expected = {
"ipv4_address": "",
"ipv4_gateway": "",
}
self.grains["id"] = "entwash"
del self.pillar["nodes"]["entwash"]["network"]
self.assertEqual(expected, node.resolve_network())
if __name__ == "__main__":
unittest.main()
diff --git a/pillar/tower.sls b/pillar/tower.sls
index c96c8c9..c794de6 100644
--- a/pillar/tower.sls
+++ b/pillar/tower.sls
@@ -1,15 +1,17 @@
# -------------------------------------------------------------
# Salt configuration for Nasqueron servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# Description: External pillar to configure pillar stanza
# by pillar, grain or option value
# Reference: https://github.com/jgraichen/salt-tower
# -------------------------------------------------------------
base:
- paas/alkane/{{ minion_id }}/*.sls
- paas/docker/{{ minion_id }}/*.sls
- saas/nextcloud/{{ minion_id }}/*.sls
+
+ - webserver/{{ minion_id }}/*.sls
diff --git a/pillar/webserver/dwellers/content.sls b/pillar/webserver/dwellers/content.sls
new file mode 100644
index 0000000..30ce801
--- /dev/null
+++ b/pillar/webserver/dwellers/content.sls
@@ -0,0 +1,15 @@
+# -------------------------------------------------------------
+# Salt — Sites to provision
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# States
+#
+# Sites with states documenting how to build them
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+web_content_sls:
+ - .org/nasqueron/social
diff --git a/pillar/webserver/eglide/content.sls b/pillar/webserver/eglide/content.sls
new file mode 100644
index 0000000..1395538
--- /dev/null
+++ b/pillar/webserver/eglide/content.sls
@@ -0,0 +1,15 @@
+# -------------------------------------------------------------
+# Salt — Sites to provision
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# States
+#
+# Sites with states documenting how to build them
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+web_content_sls:
+ - .org/eglide
diff --git a/pillar/webserver/sites.sls b/pillar/webserver/sites.sls
index 4c70f0f..7764247 100644
--- a/pillar/webserver/sites.sls
+++ b/pillar/webserver/sites.sls
@@ -1,69 +1,27 @@
# -------------------------------------------------------------
# Salt — Sites to provision on the legacy web server
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-# -------------------------------------------------------------
-# States
-#
-# Sites with states documenting how to build them
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-web_content_sls:
- #
- # Eglide
- #
- shellserver:
- # Directly managed by Eglide project
- - .org/eglide
-
- #
- # Nasqueron servers
- #
- mastodon:
- - .org/nasqueron/social
-
- webserver-legacy: &legacy_to_migrate_to_alkane
- # Nasqueron members
- - .be/dereckson
-
- # Projects hosted
- - .space/hypership
-
- # Directly managed by Nasqueron
- - .org/nasqueron/api
- - .org/nasqueron/autoconfig
- - .org/nasqueron/daeghrefn
- - .org/nasqueron/docs
- - .org/nasqueron/infra
- - .org/nasqueron/labs
- - .org/nasqueron/rain
-
- # Wolfplex Hackerspace
- - .org/wolfplex/api
- - .org/wolfplex/www
-
- webserver-alkane: *legacy_to_migrate_to_alkane
-
# -------------------------------------------------------------
# Sites deployed through Jenkins CD
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_content_jenkins_cd:
webserver-legacy:
- api
- assets
- autoconfig
- docker
- docs
- launch
- www
# -------------------------------------------------------------
# Tweaks
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
web_autochmod:
- /var/wwwroot/dereckson.be/www
diff --git a/roles/webserver-content/init.sls b/pillar/webserver/web-001/content.sls
similarity index 70%
copy from roles/webserver-content/init.sls
copy to pillar/webserver/web-001/content.sls
index 03be2f7..e8b0afa 100644
--- a/roles/webserver-content/init.sls
+++ b/pillar/webserver/web-001/content.sls
@@ -1,28 +1,26 @@
# -------------------------------------------------------------
-# Salt — Webserver content
+# Salt — Sites to provision
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is auto-generated by running
-# `make webserver-content-index`.
-# </auto-generated>
-include:
+web_content_sls:
+ # Nasqueron members
- .be/dereckson
- - .org/eglide
+
+ # Projects hosted
+ - .space/hypership
+
+ # Directly managed by Nasqueron
- .org/nasqueron/api
- .org/nasqueron/autoconfig
- .org/nasqueron/daeghrefn
- .org/nasqueron/docs
- .org/nasqueron/infra
- .org/nasqueron/labs
- .org/nasqueron/rain
- - .org/nasqueron/social
+
+ # Wolfplex Hackerspace
- .org/wolfplex/api
- .org/wolfplex/www
- - .space/hypership
-
- - ._generic
diff --git a/pillar/webserver/windriver/content.sls b/pillar/webserver/windriver/content.sls
new file mode 100644
index 0000000..71f7ed5
--- /dev/null
+++ b/pillar/webserver/windriver/content.sls
@@ -0,0 +1,14 @@
+# -------------------------------------------------------------
+# Salt — Sites to provision
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# States
+#
+# Sites with states documenting how to build them
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+web_content_sls: []
diff --git a/roles/webserver-content/README.md b/roles/webserver-content/README.md
index 6fac11d..257f413 100644
--- a/roles/webserver-content/README.md
+++ b/roles/webserver-content/README.md
@@ -1,68 +1,63 @@
# Webserver content
## Goal of this role
This role provisions the `/var/wwwroot` folder with the website content,
when there is a custom logic to prepare it, like a specific Git repository
to clone, or a build process to follow.
These roles does NOT describe web server configuration,
which is done in other `webserver-` roles.
## Structure
This role doesn't follow the role/unit folder hierarchy.
Instead, it follows a tld/domain/subdomain.sls logic.
For example, the folder for the `*.acme.tld` sites will be `tld/acme`.
This structure goal is to play nice with the Salt include syntax, as dots
are a directory separator.
The bipbip.acme.tld site will be described in `tld/acme/bipbip.sls` file.
The _generic folder offers common solutions to generic problems
like provision a .env file with database credentials or secret key.
## Add a new domain
1. Create a new folder hierarchy for the domain
2. Include a `init.sls` file for your subdomains
- 3. Declare the new domain in pillar/webserver/sites.sls
- 4. Regenerate the role index with `make` (from repository root)
-
+ 3. Declare the new domain in pillar/webserver
For example the tld/acme/init.sls file could be:
```
include:
- .www
- .acme
```
Alphabetical order is followed, but www is generally first.
In the pillar file, website are assigned to a role.
If you wish to deploy all the sites on one role, you can directly include
the folder, and your init.sls will do the rest.
-If not, two strategies exist: you can use node.filter_by_role in your
-init.sls too or perhaps more simply you can document in init.sls these
-roles can't be deployed directly, and make references to sls files in
-the pillar (without final .sls extension).
+If not, you can list the path to the subdomain file, without the .sls extension.
For example to deploy bipbip.acme.tld (`tld/acme/bipbip.sls`) on servers
with the shellserver role:
```
shellserver:
- .tld/acme/bibpip
```
## Prune old files
If you need to prune a former website, you can add
the directory to the /hotfixes/old-directories.sls state.
There is no need to revert your commit when the
directories or files are deleted.
diff --git a/roles/webserver-content/be/dereckson/assets.sls b/roles/webserver-content/be/dereckson/assets.sls
index dbd479e..4daae9b 100644
--- a/roles/webserver-content/be/dereckson/assets.sls
+++ b/roles/webserver-content/be/dereckson/assets.sls
@@ -1,29 +1,25 @@
# -------------------------------------------------------------
# Salt — Provision assets.dereckson.be website
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: DcK Area
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".org/nasqueron/assets") %}
-
# -------------------------------------------------------------
# Deploy /opt/staging/wwwroot/d.be/assets to assets.d.be
#
# !!! WARNING !!!
# This folder could contain non staged resources. As such,
# clean must be let at False.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/wwwroot/dereckson.be/assets:
file.recurse:
- source: salt://wwwroot/dereckson.be/assets
- exclude_pat: E@.git
- include_empty: True
- clean: False
- dir_mode: 755
- file_mode: 644
- user: dereckson.be
- group: web
-
-{% endif %}
diff --git a/roles/webserver-content/init.sls b/roles/webserver-content/init.sls
index 03be2f7..8384bb3 100644
--- a/roles/webserver-content/init.sls
+++ b/roles/webserver-content/init.sls
@@ -1,28 +1,13 @@
# -------------------------------------------------------------
# Salt — Webserver content
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-#
-# <auto-generated>
-# This file is auto-generated by running
-# `make webserver-content-index`.
-# </auto-generated>
include:
- - .be/dereckson
- - .org/eglide
- - .org/nasqueron/api
- - .org/nasqueron/autoconfig
- - .org/nasqueron/daeghrefn
- - .org/nasqueron/docs
- - .org/nasqueron/infra
- - .org/nasqueron/labs
- - .org/nasqueron/rain
- - .org/nasqueron/social
- - .org/wolfplex/api
- - .org/wolfplex/www
- - .space/hypership
+ {% for state in pillar["web_content_sls"] %}
+ - {{ state }}
+ {% endfor %}
- ._generic
diff --git a/roles/webserver-content/org/eglide/www.sls b/roles/webserver-content/org/eglide/www.sls
index 8373e32..0536ac9 100644
--- a/roles/webserver-content/org/eglide/www.sls
+++ b/roles/webserver-content/org/eglide/www.sls
@@ -1,38 +1,36 @@
# -------------------------------------------------------------
# Salt — Provision www.eglide.org website
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Eglide
# Created: 2016-09-12
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".org/eglide") %}
-
# -------------------------------------------------------------
# Deploy /opt/staging/wwwroot/eglide.org/www to www.eglide.org
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% set wwwroot = salt['node.get_wwwroot']() %}
{% set wwwuser = "www-data" %}
{% set wwwgroup = "www-data" %}
/var/{{ wwwroot }}:
file.directory:
- user: {{ wwwuser }}
- group: {{ wwwgroup }}
- dir_mode: 711
- makedirs: True
wwwroot_server:
file.recurse:
- name: /var/{{ wwwroot }}
- source: salt://{{ wwwroot }}
- exclude_pat: E@.git
- include_empty: True
- clean: True
- user: {{ wwwuser }}
- group: {{ wwwgroup }}
- dir_mode: 711
- file_mode: 644
{% endif %}
diff --git a/roles/webserver-content/org/nasqueron/api.sls b/roles/webserver-content/org/nasqueron/api.sls
index 5e6bd4c..eccea82 100644
--- a/roles/webserver-content/org/nasqueron/api.sls
+++ b/roles/webserver-content/org/nasqueron/api.sls
@@ -1,69 +1,65 @@
# -------------------------------------------------------------
# Salt — Provision api.nasqueron.org website
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".org/nasqueron/api") %}
-
# -------------------------------------------------------------
# Base part from rOPS
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/wwwroot/nasqueron.org/api:
file.recurse:
- source: salt://wwwroot/nasqueron.org/api
- exclude_pat: E@.git
- include_empty: True
- clean: False
- dir_mode: 755
- file_mode: 644
- user: deploy
- group: web
# -------------------------------------------------------------
# API micro services are deployed to /srv/api
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/api:
file.directory:
- user: deploy
- group: web
- dir_mode: 755
/srv/api/data:
file.directory:
- user: deploy
- group: web
- dir_mode: 755
# -------------------------------------------------------------
# /servers-log micro service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/srv/api/servers-log:
file.recurse:
- source: salt://software/api/serverslog
- exclude_pat: E@.git
- include_empty: True
- clean: False
- dir_mode: 755
- file_mode: 644
- user: deploy
- group: web
api_servers_log_dependencies:
cmd.run:
- name: composer install
- runas: deploy
- cwd: /srv/api/servers-log
- creates: /srv/api/servers-log/vendor
/srv/api/data/servers-log-all.json:
file.managed:
- user: web-org-nasqueron-api-serverslog
- mode: 644
- replace: False
-
-{% endif %}
diff --git a/roles/webserver-content/org/nasqueron/autoconfig.sls b/roles/webserver-content/org/nasqueron/autoconfig.sls
index 88a65bb..4a1854e 100644
--- a/roles/webserver-content/org/nasqueron/autoconfig.sls
+++ b/roles/webserver-content/org/nasqueron/autoconfig.sls
@@ -1,29 +1,25 @@
# -------------------------------------------------------------
# Salt — Provision autoconfig.nasqueron.org website
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".org/nasqueron/autoconfig") %}
-
# -------------------------------------------------------------
# Base directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/wwwroot/nasqueron.org/autoconfig:
file.directory:
- user: deploy
- group: web
- dir_mode: 755
# -------------------------------------------------------------
# Deploy through Jenkins CD
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
www_autoconfig_build:
module.run:
- name: jenkins.build_job
- m_name: deploy-website-nasqueron-www1-autoconfig
-
-{% endif %}
diff --git a/roles/webserver-content/org/nasqueron/daeghrefn.sls b/roles/webserver-content/org/nasqueron/daeghrefn.sls
index f89b309..2669b2e 100644
--- a/roles/webserver-content/org/nasqueron/daeghrefn.sls
+++ b/roles/webserver-content/org/nasqueron/daeghrefn.sls
@@ -1,29 +1,25 @@
# -------------------------------------------------------------
# Salt — Provision daeghrefn.nasqueron.org website
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".org/nasqueron/rain") %}
-
# -------------------------------------------------------------
# Base directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/wwwroot/nasqueron.org/daeghrefn:
file.directory:
- user: deploy
- group: web
- dir_mode: 755
# -------------------------------------------------------------
# Deploy rRAIN
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
www_daeghrefn_build:
module.run:
- name: jenkins.build_job
- m_name: deploy-website-nasqueron-www1-daeghrefn
-
-{% endif %}
diff --git a/roles/webserver-content/org/nasqueron/docs.sls b/roles/webserver-content/org/nasqueron/docs.sls
index 7ad3610..57cf043 100644
--- a/roles/webserver-content/org/nasqueron/docs.sls
+++ b/roles/webserver-content/org/nasqueron/docs.sls
@@ -1,101 +1,97 @@
# -------------------------------------------------------------
# Salt — Provision docs.nasqueron.org website
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".org/nasqueron/docs") %}
-
{% from "map.jinja" import dirs, packages with context %}
# -------------------------------------------------------------
# Base directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/wwwroot/nasqueron.org/docs:
file.directory:
- user: deploy
- group: web
- dir_mode: 755
# -------------------------------------------------------------
# Software to build the docs
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sphinx:
pkg.installed:
- name: {{ packages.sphinx }}
{{ dirs.bin }}/deploy-docker-registry-api-doc:
file.managed:
- source: salt://roles/webserver-content/org/nasqueron/files/deploy-docker-registry-api-doc.sh
- user: deploy
- mode: 755
# -------------------------------------------------------------
# Deploy rDWWW as docs.n.o homepage and assets
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
www_docs_build:
module.run:
- name: jenkins.build_job
- m_name: deploy-website-nasqueron-www1-docs
# -------------------------------------------------------------
# Deploy a rSW docs dir HTML build to docs.n.o/salt-wrapper
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/wwwroot/nasqueron.org/docs/salt-wrapper:
file.directory:
- user: deploy
- group: web
- dir_mode: 755
salt_wrapper_doc_build:
cmd.script:
- source: salt://roles/webserver-content/org/nasqueron/files/build-docs-salt-wrapper.sh
- args: /var/wwwroot/nasqueron.org/docs/salt-wrapper
- cwd: /tmp
- runas: deploy
- require:
- file: /var/wwwroot/nasqueron.org/docs/salt-wrapper
- pkg: sphinx
# -------------------------------------------------------------
# Deploy a rLF docs dir HTML build to docs.n.o/limiting-factor
#
# Job: https://cd.nasqueron.org/job/limiting-factor-doc/
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/wwwroot/nasqueron.org/docs/limiting-factor/rust:
file.directory:
- user: deploy
- group: web
- dir_mode: 755
- makedirs: True
limiting_factor_doc_build:
module.run:
- name: jenkins.build_job
- m_name: limiting-factor-doc
# -------------------------------------------------------------
# Deploy a rAPIREG docs dir HTML build to docs.n.o/docker-registry-api
#
# Job: https://cd.nasqueron.org/job/docker-registry-api-doc/
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/wwwroot/nasqueron.org/docs/docker-registry-api/rust:
file.directory:
- user: deploy
- group: web
- dir_mode: 755
- makedirs: True
docker_registry_api_doc_build:
module.run:
- name: jenkins.build_job
- m_name: docker-registry-api
-
-{% endif %}
diff --git a/roles/webserver-content/org/nasqueron/infra.sls b/roles/webserver-content/org/nasqueron/infra.sls
index 888d5c9..1ab2ac4 100644
--- a/roles/webserver-content/org/nasqueron/infra.sls
+++ b/roles/webserver-content/org/nasqueron/infra.sls
@@ -1,29 +1,25 @@
# -------------------------------------------------------------
# Salt — Provision infra.nasqueron.org website
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".org/nasqueron/infra") %}
-
# -------------------------------------------------------------
# Base directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/wwwroot/nasqueron.org/infra:
file.directory:
- user: deploy
- group: web
- dir_mode: 755
# -------------------------------------------------------------
# Deploy rRAIN
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
www_infra_build:
module.run:
- name: jenkins.build_job
- m_name: deploy-website-nasqueron-www1-infra
-
-{% endif %}
diff --git a/roles/webserver-content/org/nasqueron/labs.sls b/roles/webserver-content/org/nasqueron/labs.sls
index 289938b..8f6317b 100644
--- a/roles/webserver-content/org/nasqueron/labs.sls
+++ b/roles/webserver-content/org/nasqueron/labs.sls
@@ -1,48 +1,44 @@
# -------------------------------------------------------------
# Salt — Provision labs.nasqueron.org website
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".org/nasqueron/labs") %}
-
# -------------------------------------------------------------
# Base directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/wwwroot/nasqueron.org/labs:
file.directory:
- user: deploy
- group: web
- dir_mode: 755
labs_base_directory_content:
file.recurse:
- name: /var/wwwroot/nasqueron.org/labs
- source: salt://wwwroot/nasqueron.org/labs/public
- exclude_pat: E@.git
- user: deploy
- group: web
- dir_mode: 755
- file_mode: 644
- clean: False
# -------------------------------------------------------------
# Labs directories
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for lab in pillar['web_labs'] %}
labs_lab_directory_{{ lab }}:
file.recurse:
- name: /var/wwwroot/nasqueron.org/labs/{{ lab }}
- source: salt://software/{{ lab }}
- exclude_pat: E@.git
- user: deploy
- group: web
- dir_mode: 755
- file_mode: 644
- clean: False
{% endfor %}
-
-{% endif %}
diff --git a/roles/webserver-content/org/nasqueron/rain.sls b/roles/webserver-content/org/nasqueron/rain.sls
index 9606901..c2437e8 100644
--- a/roles/webserver-content/org/nasqueron/rain.sls
+++ b/roles/webserver-content/org/nasqueron/rain.sls
@@ -1,29 +1,25 @@
# -------------------------------------------------------------
# Salt — Provision rain.nasqueron.org website
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".org/nasqueron/rain") %}
-
# -------------------------------------------------------------
# Base directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/wwwroot/nasqueron.org/rain:
file.directory:
- user: deploy
- group: web
- dir_mode: 755
# -------------------------------------------------------------
# Deploy rRAIN
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
www_rain_build:
module.run:
- name: jenkins.build_job
- m_name: deploy-website-nasqueron-www1-rain
-
-{% endif %}
diff --git a/roles/webserver-content/org/nasqueron/social.sls b/roles/webserver-content/org/nasqueron/social.sls
index f7d702f..6a6ac3d 100644
--- a/roles/webserver-content/org/nasqueron/social.sls
+++ b/roles/webserver-content/org/nasqueron/social.sls
@@ -1,20 +1,16 @@
# -------------------------------------------------------------
# Salt — Provision social.nasqueron.org public directories
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-10-13
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".org/nasqueron/social") %}
-
/srv/data/mastodon/public/support:
file.recurse:
- source: salt://wwwroot/nasqueron.org/mastodon/support
- exclude_pat: E@.git
- include_empty: True
- clean: True
- dir_mode: 711
- file_mode: 644
-
-{% endif %}
diff --git a/roles/webserver-content/org/wolfplex/api.sls b/roles/webserver-content/org/wolfplex/api.sls
index 9f3c7be..f739924 100644
--- a/roles/webserver-content/org/wolfplex/api.sls
+++ b/roles/webserver-content/org/wolfplex/api.sls
@@ -1,60 +1,56 @@
# -------------------------------------------------------------
# Salt — Provision api.wolfplex.org website
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Wolfplex
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".org/wolfplex/api") %}
-
# -------------------------------------------------------------
# Data store
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/dataroot/wolfplex/secrets.json:
file.managed:
- source: salt://roles/webserver-content/org/wolfplex/files/secrets.json.jinja2
- mode: 400
- user: web-org-wolfplex-www
- group: web
- makedirs: True
- template: jinja
- show_changes: False
- context:
secrets:
etherpad.api.key: {{ salt['credentials.get_token']("nasqueron/etherpad/api") }}
# -------------------------------------------------------------
# Base part
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/wwwroot/wolfplex.org/api:
file.recurse:
- source: salt://wwwroot/wolfplex.org/api
- exclude_pat: E@.git
- include_empty: True
- clean: False
- dir_mode: 755
- file_mode: 644
- user: web-org-wolfplex-www
- group: web
# -------------------------------------------------------------
# Deployment
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
wolfplex_api_dependencies:
cmd.run:
- name: composer install
- runas: web-org-wolfplex-www
- cwd: /var/wwwroot/wolfplex.org/api
- creates: /var/wwwroot/wolfplex.org/api/vendor
wolfplex_api_kibaone_accents:
cmd.run:
- name: make
- runas: web-org-wolfplex-www
- cwd: /var/wwwroot/wolfplex.org/api/design/kibaone/accents
- creates: /var/wwwroot/wolfplex.org/api/design/kibaone/accents/index.json
-
-{% endif %}
diff --git a/roles/webserver-content/org/wolfplex/www.sls b/roles/webserver-content/org/wolfplex/www.sls
index 7376ded..3393d95 100644
--- a/roles/webserver-content/org/wolfplex/www.sls
+++ b/roles/webserver-content/org/wolfplex/www.sls
@@ -1,27 +1,23 @@
# -------------------------------------------------------------
# Salt — Provision www.wolfplex.org static subdirectories
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-22
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".org/wolfplex/www") %}
-
/var/wwwroot/wolfplex.org/www/2013:
file.recurse:
- source: salt://software/wolfplex/web-campaigns-2013
- exclude_pat: E@.git
- include_empty: True
- clean: True
- dir_mode: 755
- file_mode: 644
- user: wolfplex.org
- group: web
/var/dataroot/wolfplex:
file.directory:
- user: web-org-wolfplex-www
- group: web
-
-{% endif %}
diff --git a/roles/webserver-content/space/hypership/www.sls b/roles/webserver-content/space/hypership/www.sls
index dba4a72..51ad36f 100644
--- a/roles/webserver-content/space/hypership/www.sls
+++ b/roles/webserver-content/space/hypership/www.sls
@@ -1,68 +1,64 @@
# -------------------------------------------------------------
# Salt — Hypership
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Zed
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-{% if salt['node.has_web_content'](".space/hypership") %}
-
/var/dataroot/zed:
file.directory:
- user: deploy
# -------------------------------------------------------------
# Content
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if not salt["file.directory_exists"]("/var/dataroot/zed/content/.git") %}
zed_content:
file.directory:
- name: /var/dataroot/zed/content
- user: deploy
- mode: 755
git.latest:
- name: https://github.com/hypership/content.git
- target: /var/dataroot/zed/content
- user: deploy
{% endif %}
{% if not salt["file.directory_exists"]("/var/dataroot/zed/content/users") %}
zed_content_private:
file.directory:
- name: /var/dataroot/zed/content/users
- user: deploy
- mode: 711
git.latest:
- name: git@github.com:hypership/content_users.git
- target: /var/dataroot/zed/content/users
- user: deploy
- identity: {{ pillar["wwwroot_identities"]["deploy-key-github-hypership-content_users"]["path"] }}
- update_head: False
{% endif %}
zed_content_rights:
file.directory:
- name: /var/dataroot/zed/content
- user: web-space-hypership-www
- recurse:
- user
- group
# -------------------------------------------------------------
# Cache
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
/var/dataroot/zed/cache:
file.directory:
- user: web-space-hypership-www
{% for subdir in ['compiled', 'openid', 'sessions'] %}
/var/dataroot/zed/cache/{{ subdir }}:
file.directory:
- user: web-space-hypership-www
{% endfor %}
-
-{% endif %}

File Metadata

Mime Type
text/x-diff
Expires
Thu, Dec 26, 16:38 (1 d, 8 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2315275
Default Alt Text
(50 KB)

Event Timeline