diff --git a/_modules/zr.py b/_modules/zr.py index f821db5..2eff59c 100644 --- a/_modules/zr.py +++ b/_modules/zr.py @@ -1,67 +1,90 @@ # -*- coding: utf-8 -*- # ------------------------------------------------------------- # Salt — Zemke-Rhyne module # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Project: Nasqueron # Created: 2018-09-11 # Description: Fetch Zemke-Rhyne credentials # License: BSD-2-Clause # ------------------------------------------------------------- from salt.utils.path import which as path_which def __virtual__(): ''' Only load if zr exists on the system ''' return path_which('zr') is not None,\ "The Zemke-Rhyne execution module cannot be loaded: zr not installed." -def _assert_stricly_positive_integer(value): +def _build_pillar_key(expression): + return "zr_credentials:" + expression.replace(".", ":") + + +def _get_credential_id_from_pillar_key(expression): + '''Gets credentials id from a dot pillar path, e.g. nasqueron.foo.bar''' + key = _build_pillar_key(expression) + return __salt__['pillar.get'](key) + + +def get_credential_id(expression): try: - number = int(value) + # Case I - expression is an integer + number = int(expression) + if number < 1: raise ValueError( - value, "A strictly positive integer was expected.") + expression, "A strictly positive integer was expected.") + + return number except ValueError: - raise + # Case II - expression is a pillar key + id = _get_credential_id_from_pillar_key(expression) + + if id is None: + raise ValueError(expression, "Pillar key not found") + return id -def get_password(credential_id): + +def get_password(credential_expression): """ A function to fetch credential through Zemke-Rhyne CLI Example: salt equatower zr.get_password 124 - :param credential_id: The credential number (K...) in Phabricator + :param credential_expression: The credential number (K...) in Phabricator + or a key in zr_credentials pillar entry :return: The secret value """ - _assert_stricly_positive_integer(credential_id) + credential_id = get_credential_id(credential_expression) zr_command = "zr getcredentials {0}".format(credential_id) return __salt__['cmd.shell'](zr_command) -def get_username(credential_id): +def get_username(credential_expression): """ A function to fetch the username associated to a credential through Zemke-Rhyne CLI Example: salt equatower zr.get_username 124 - :param credential_id: The credential number (K...) in Phabricator + :param credential_expression: The credential number (K...) in Phabricator + or a key in zr_credentials pillar entry + :return: The username """ - _assert_stricly_positive_integer(credential_id) + credential_id = get_credential_id(credential_expression) zr_command = "zr getcredentials {0} username".format(credential_id) return __salt__['cmd.shell'](zr_command) diff --git a/pillar/credentials/zr.sls b/pillar/credentials/zr.sls new file mode 100644 index 0000000..6fb9c16 --- /dev/null +++ b/pillar/credentials/zr.sls @@ -0,0 +1,24 @@ +# ------------------------------------------------------------- +# Salt configuration for Nasqueron servers +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# Project: Nasqueron +# Created: 2018-09-12 +# License: Trivial work, not eligible to copyright +# ------------------------------------------------------------- + +zr_credentials: + + # + # Credentials used by Nasqueron services + # + + nasqueron: + + # status.nasqueron.org + cachet: + mysql: 47 + + # pad.nasqueron.org + etherpad: + # This API key is used by Wolfplex API to access to the pad lists + api: 125 diff --git a/pillar/paas/docker.sls b/pillar/paas/docker.sls index 6eac03a..72f4be1 100644 --- a/pillar/paas/docker.sls +++ b/pillar/paas/docker.sls @@ -1,201 +1,201 @@ # ------------------------------------------------------------- # Salt — Provision Docker engine # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Project: Nasqueron # Created: 2018-03-10 # License: Trivial work, not eligible to copyright # ------------------------------------------------------------- docker_aliases: - &ipv4_equatower 51.255.124.10 # ------------------------------------------------------------- # Images # # You can append a :tag (by default, latest is used). # # It's not possible to specify Docker library images only by final name. # See https://docs.saltstack.com/en/latest/ref/states/all/salt.states.docker_image.html # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - docker_images: '*': - certbot/certbot dwellers: # Core services - nasqueron/rabbitmq # Infrastructure and development services - dereckson/cachet - nasqueron/notifications equatower: # Core services - nasqueron/mysql # Infrastructure and development services - nasqueron/aphlict - nasqueron/etherpad:production - nasqueron/phabricator # Continuous deployment jobs - jenkinsci/jenkins - nasqueron/jenkins-slave-php # phpBB SaaS - nasqueron/mysql # ------------------------------------------------------------- # Networks # # Containers can be grouped by network, instead to use links. # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - docker_networks: equatower: cd: subnet: 172.18.1.0/24 # ------------------------------------------------------------- # Containers # # The docker_containers entry allow to declare # containers by image by servers # # The hierarchy is so as following. # # docker_containers: # server with the Docker engine: # service codename: # instance name: # container properties # # The service codename must match a state file in # the roles/paas-docker/containers/ directory. # # The container will be run with the specified instance name. # # **nginx** # # The container properties can also describe the information # needed to configure nginx with the host and app_port key. # # In such case, a matching vhost file should be declared as # roles/paas-docker/nginx/files/vhosts/.sls # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - docker_containers: # # Equatower is the current production engine # equatower: # # Core services # mysql: acquisitariat: {} phpbb_db: {} # # CD # jenkins: jenkins_cd: realm: cd host: cd.nasqueron.org app_port: 38080 jnlp_port: 50000 jenkins_slave: # Slaves for CD apsile: &php_for_cd image: php realm: cd elapsi: *php_for_cd # Infrastructure and development services phabricator: devcentral: app_port: 31080 host: devcentral.nasqueron.org aliases: - phabricator.nasqueron.org blogs: servers: host: servers.nasqueron.org aliases: - server.nasqueron.org - serveur.nasqueron.org - serveurs.nasqueron.org static_host: phabricator-files-for-devcentral-nasqueron.spacetechnology.net aphlict: aphlict: ports: client: 22280 admin: 22281 cachet: cachet: app_port: 39080 host: status.nasqueron.org - credential: 47 + credential: nasqueron.cachet.mysql mysql_link: acquisitariat etherpad: pad: app_port: 34080 host: pad.nasqueron.org aliases: - pad.wolfplex.org - pad.wolfplex.be - credential: 125 + credential: nasqueron.etherpad.api mysql_link: acquisitariat # phpBB SaaS # The SaaS uses a MySQL instance, declared in the MySQL section. # Openfire openfire: openfire: ip: *ipv4_equatower app_port: 9090 host: xmpp.nasqueron.org # ------------------------------------------------------------- # Ports listened by XMPP # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - xmpp_ports: - 3478 - 5222 # Client to server - 5223 # Client to server (Encrypted (legacy-mode) connections) - 5262 # Connections managers - 5269 # Server to server - 5275 # External components - 5276 # External components (Encrypted (legacy-mode) connections) - 7070 # HTTP binding - 7443 # HTTP binding with TLS - 7777 # File transfer proxy - 9090 # Web administration server - 9091 # Web administration server with TLS # ------------------------------------------------------------- # Zemke-Rhyne clients # # This section should list all the Docker engines server # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - zr_clients: - key: 2 allowedConnectionFrom: - 172.27.26.49 - dwellers.nasqueron.drake - dwellers.nasqueron.org restrictCommand: comment: Zemke-Rhyne - key: 123 allowedConnectionFrom: - equatower.nasqueron.org restrictCommand: comment: Zemke-Rhyne diff --git a/pillar/top.sls b/pillar/top.sls index a6ba77c..a6fc488 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -1,33 +1,34 @@ # ------------------------------------------------------------- # Salt configuration for Nasqueron servers # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Project: Nasqueron # Created: 2016-04-10 # License: Trivial work, not eligible to copyright # ------------------------------------------------------------- base: '*': - core.users - core.groups - certificates.certificates - nodes.nodes - nodes.forests - hotfixes.roles - webserver.sites dwellers: - paas.docker eglide: - shellserver.quassel equatower: + - credentials.zr - paas.docker - saas.jenkins - saas.phpbb ysul: - devserver.repos - paas.docker - saas.mediawiki - viperserv.bots - viperserv.fantoir - webserver.labs - webserver.wwwroot51