Skip to content

CIRCLE / salt

Go to a project
Commit 35408bb7 by Bach Dániel
Options

Merge branch 'feature-centos' into 'master' 

Feature centos 🚧

 selinux

🚧 openvswitch

Closes #6

Closes #5

Closes #2

See merge request !1
parents 939f7679 c525473a
Showing with 670 additions and 144 deletions
salt/agentdriver/configuration.sls
......@@ -13,16 +13,32 @@
- user: root
- group: root
{% if grains['os_family'] == 'RedHat' %}
/etc/systemd/system/agentdriver.service:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/agentdriver/miscellaneous/agentdriver.service
{% else %}
/etc/init/agentdriver.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/agentdriver/miscellaneous/agentdriver.conf
{% endif %}
{% if grains['os_family'] == 'RedHat' %}
incrond:
{% else %}
incron:
{% endif %}
service:
- reload: true
- enable: true
- running
- watch:
- file: /etc/incron.d/agentdriver
\ No newline at end of file
- file: /etc/incron.d/agentdriver
salt/agentdriver/init.sls
......@@ -6,14 +6,21 @@ include:
agentdriver:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- ntp
- incron
{% if grains['os_family'] == 'RedHat' %}
- libmemcached-devel
- python-devel
- python-virtualenvwrapper
- zlib-devel
{% else %}
- libmemcached-dev
- zlib1g-dev
- python-dev
- virtualenvwrapper
- zlib1g-dev
{% endif %}
- require_in:
- git: gitrepo_agentdriver
- virtualenv: virtualenv_agentdriver
......@@ -21,11 +28,19 @@ agentdriver:
- present
- name: {{ pillar['user'] }}
- gid_from_name: True
- shell: /bin/bash
- groups:
{% if grains['os_family'] == 'RedHat' %}
- wheel
{% else %}
- sudo
{% endif %}
- require_in:
- git: gitrepo_agentdriver
- virtualenv: virtualenv_agentdriver
service:
- running
- enable: true
- watch:
- pkg: agentdriver
- sls: agentdriver.gitrepo
......
salt/graphite/configuration.sls
......@@ -16,6 +16,24 @@ requirements:
- require:
- user: {{ pillar['graphite']['user'] }}
{% if grains['os_family'] == 'RedHat' %}
/etc/systemd/system/graphite.service:
file.managed:
- user: root
- group: root
- template: jinja
- source: salt://graphite/files/graphite.service
/etc/systemd/system/graphite-carbon.service:
file.managed:
- user: root
- group: root
- template: jinja
- source: salt://graphite/files/graphite-carbon.service
{% else %}
/etc/init/graphite.conf:
file.managed:
- user: root
......@@ -29,6 +47,7 @@ requirements:
- group: root
- template: jinja
- source: salt://graphite/files/graphite-carbon.conf
{% endif %}
/opt/graphite:
file.directory:
......
salt/graphite/files/graphite-carbon.service 0 → 100644
[Unit]
Description=Graphite Carbon
After=network.target
[Service]
User={{ pillar['graphite']['user'] }}
Group={{ pillar['graphite']['user'] }}
Environment=PYTHONPATH=/opt/graphite/lib GRAPHITE_ROOT=/opt/graphite
WorkingDirectory=/opt/graphite/bin/
ExecStart=/bin/bash -c "source /etc/profile; workon graphite; exec twistd --nodaemon --reactor=epoll --no_save carbon-cache"
Restart=always
[Install]
WantedBy=multi-user.target
salt/graphite/files/graphite-unicode-fix.diff 0 → 100644
diff --git a/render/evaluator.py b/render/evaluator.py
index 70490a2..ee7cfd1 100644
--- a/render/evaluator.py
+++ b/render/evaluator.py
@@ -37,7 +37,7 @@ def evaluateTokens(requestContext, tokens):
return float(tokens.number.scientific[0])
elif tokens.string:
- return str(tokens.string)[1:-1]
+ return unicode(tokens.string)[1:-1]
elif tokens.boolean:
return tokens.boolean[0] == 'true'
diff --git a/render/glyph.py b/render/glyph.py
index a2cc893..7daadce 100644
--- a/render/glyph.py
+++ b/render/glyph.py
@@ -181,7 +181,7 @@ class Graph:
self.drawRectangle( 0, 0, self.width, self.height )
if 'colorList' in params:
- colorList = unquote_plus( str(params['colorList']) ).split(',')
+ colorList = unquote_plus( unicode(params['colorList']) ).split(',')
else:
colorList = self.defaultColorList
self.colors = itertools.cycle( colorList )
@@ -572,7 +572,7 @@ class LineGraph(Graph):
if 'yUnitSystem' not in params:
params['yUnitSystem'] = 'si'
else:
- params['yUnitSystem'] = str(params['yUnitSystem']).lower()
+ params['yUnitSystem'] = unicode(params['yUnitSystem']).lower()
if params['yUnitSystem'] not in UnitSystems.keys():
params['yUnitSystem'] = 'si'
@@ -630,11 +630,11 @@ class LineGraph(Graph):
self.setColor( self.foregroundColor )
if params.get('title'):
- self.drawTitle( str(params['title']) )
+ self.drawTitle( unicode(params['title']) )
if params.get('vtitle'):
- self.drawVTitle( str(params['vtitle']) )
+ self.drawVTitle( unicode(params['vtitle']) )
if self.secondYAxis and params.get('vtitleRight'):
- self.drawVTitle( str(params['vtitleRight']), rightAlign=True )
+ self.drawVTitle( unicode(params['vtitleRight']), rightAlign=True )
self.setFont()
if not params.get('hideLegend', len(self.data) > settings.LEGEND_MAX_ITEMS):
@@ -1582,7 +1582,7 @@ class PieGraph(Graph):
if slice['value'] < 10 and slice['value'] != int(slice['value']):
label = "%.2f" % slice['value']
else:
- label = str(int(slice['value']))
+ label = unicode(int(slice['value']))
extents = self.getExtents(label)
theta = slice['midAngle']
x = self.x0 + (self.radius / 2.0 * math.cos(theta))
diff --git a/render/hashing.py b/render/hashing.py
index 6575650..45f1bfe 100644
--- a/render/hashing.py
+++ b/render/hashing.py
@@ -49,7 +49,7 @@ def stripControlChars(string):
def compactHash(string):
hash = md5()
- hash.update(string)
+ hash.update(string.encode('utf-8'))
return hash.hexdigest()
salt/graphite/files/graphite.service 0 → 100644
[Unit]
Description=Graphite
After=network.target
[Service]
User={{ pillar['graphite']['user'] }}
Group={{ pillar['graphite']['user'] }}
WorkingDirectory=/opt/graphite/webapp/graphite
ExecStart=/bin/bash -c "source /etc/profile; workon graphite; exec python manage.py runserver [::]:8081"
Restart=always
[Install]
WantedBy=multi-user.target
salt/graphite/init.sls
......@@ -6,11 +6,18 @@ include:
graphite:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- ntp
{% if grains['os_family'] == 'RedHat' %}
- pycairo
- python-devel
- python-virtualenvwrapper
{% else %}
- python-cairo
- python-dev
- virtualenvwrapper
{% endif %}
- require:
- user: {{ pillar['graphite']['user'] }}
- require_in:
......@@ -24,7 +31,9 @@ graphite:
service:
- running
- enable: True
graphite-carbon:
service:
- running
- enable: True
salt/graphite/virtualenv.sls
......@@ -14,6 +14,25 @@ global-site-packages:
- require:
- virtualenv: virtualenv_graphite
unicode-fix-diff:
file.managed:
- name: /home/{{pillar['graphite']['user'] }}/graphite-unicode-fix.diff
- template: jinja
- source: salt://graphite/files/graphite-unicode-fix.diff
- user: {{ pillar['graphite']['user'] }}
- group: {{ pillar['graphite']['user'] }}
unicode-fix:
cmd.run:
- user: {{ pillar['graphite']['user'] }}
- cwd: /opt/graphite/webapp/graphite
- name: patch -N -p1 < /home/{{pillar['graphite']['user'] }}/graphite-unicode-fix.diff
- onlyif: patch -N --dry-run --silent -p1 < /home/{{pillar['graphite']['user'] }}/graphite-unicode-fix.diff
- require:
- virtualenv: virtualenv_graphite
- user: {{ pillar['graphite']['user'] }}
- file: unicode-fix-diff
salt://graphite/files/syncdb.sh:
cmd.script:
- template: jinja
......
salt/manager/configuration.sls
......@@ -8,27 +8,52 @@ manager_postactivate:
portal.conf:
file.managed:
{% if pillar['deployment_type'] == 'production' %}
- name: /etc/init/portal-uwsgi.conf
{% if grains['os_family'] == 'RedHat' %}
- name: /etc/systemd/system/portal.service
{% else %}
- name: /etc/init/portal.conf
{% endif %}
- user: root
- group: root
- template: jinja
{% if grains['os_family'] == 'RedHat' %}
{% if pillar['deployment_type'] == 'production' %}
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/portal-uwsgi.service
{% else %}
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/portal.service
{% endif %}
{% else %}
{% if pillar['deployment_type'] == 'production' %}
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/portal-uwsgi.conf
{% else %}
- name: /etc/init/portal.conf
{% else %}
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/portal.conf
{% endif %}
{% endif %}
{% if grains['os_family'] == 'RedHat' %}
/etc/systemd/system/manager.service:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/portal.conf
{% endif %}
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/manager.service
/etc/systemd/system/managercelery@.service:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/managercelery@.service
{% else %}
/etc/init/manager.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/manager.conf
/etc/init/mancelery.conf:
file.managed:
- user: root
......@@ -49,6 +74,7 @@ portal.conf:
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/slowcelery.conf
{% endif %}
salt://manager/files/init.sh:
cmd.script:
......
salt/manager/files/nginx-default-site.conf 0 → 100644
ignore_invalid_headers on;
server {
listen 443 ssl default;
ssl on;
ssl_certificate /etc/ssl/certs/circle.pem;
ssl_certificate_key /etc/ssl/certs/circle.pem;
{% if pillar['deployment_type'] == "production" %}
location /media {
alias /home/{{ pillar['user'] }}/circle/circle/media; # your Django project's media files
}
location /static {
alias /home/{{ pillar['user'] }}/circle/circle/static_collected; # your Django project's static files
}
{% endif %}
location /doc {
alias /home/cloud/circle-website/_build/html;
}
location / {
{% if pillar['deployment_type'] == "production" %}
uwsgi_pass unix:///tmp/uwsgi.sock;
include /etc/nginx/uwsgi_params; # or the uwsgi_params you installed manually
{% else %}
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_Host;
proxy_set_header X-Forwarded-Protocol https;
{% endif %}
}
location /vnc/ {
proxy_pass http://localhost:9999;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 80 default;
rewrite ^ https://$host/; # permanent;
}
salt/manager/files/nginx.conf
ignore_invalid_headers on;
server {
listen 443 ssl default;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
{% if pillar['deployment_type'] == "production" %}
location /media {
alias /home/{{ pillar['user'] }}/circle/circle/media; # your Django project's media files
}
location /static {
alias /home/{{ pillar['user'] }}/circle/circle/static_collected; # your Django project's static files
}
{% endif %}
location /doc {
alias /home/cloud/circle-website/_build/html;
}
location / {
{% if pillar['deployment_type'] == "production" %}
uwsgi_pass unix:///tmp/uwsgi.sock;
include /etc/nginx/uwsgi_params; # or the uwsgi_params you installed manually
{% else %}
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_Host;
proxy_set_header X-Forwarded-Protocol https;
{% endif %}
}
location /vnc/ {
proxy_pass http://localhost:9999;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /run/nginx.pid;
server {
listen 80 default;
rewrite ^ https://$host/; # permanent;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
index index.html index.htm;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
salt/manager/files/pg_hba.conf 0 → 100644
# TYPE DATABASE USER ADDRESS METHOD
# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
salt/manager/files/postactivate
......@@ -3,6 +3,7 @@ export AMQP_URI='amqp://{{ pillar['amqp']['user'] }}:{{ pillar['amqp']['password
export CACHE_URI='{{ pillar['cache'] }}'
export DJANGO_SETTINGS_MODULE='circle.settings.{{ pillar['deployment_type'] }}'
export DJANGO_TIME_ZONE=UTC
export DJANGO_DB_HOST='localhost'
export DJANGO_DB_PASSWORD='{{ pillar['database']['password'] }}'
export DJANGO_FIREWALL_SETTINGS='{"dns_ip": "8.8.8.8", "dns_hostname":
......
salt/manager/files/syncdb.sh
#!/bin/bash
sudo stop manager >/dev/null 2>&1
sudo stop portal >/dev/null 2>&1
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/activate >/dev/null 2>&1
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate >/dev/null 2>&1
MANAGE="python /home/{{ pillar['user'] }}/circle/circle/manage.py"
OUT=$( ($MANAGE syncdb --noinput &&
$MANAGE migrate acl &&
$MANAGE migrate firewall &&
$MANAGE migrate storage &&
$MANAGE syncdb --migrate --noinput &&
$MANAGE migrate vm --merge) 2>&1)
OUT=$( $MANAGE migrate 2>&1)
if [ $? -ne 0 ]; then
/usr/bin/python -c "import sys; import json; sys.stdout.write(json.dumps({'changed': False, 'comment': sys.stdin.read()}) + '\n')" <<< "$OUT"
exit 1
fi
COUNT=$(/bin/egrep "Migrating forwards to" -c <<< "$OUT")
COUNT=$(/bin/egrep " *Applying " -c <<< "$OUT")
if [ $? -eq 0 ]; then
CHANGED=yes
else
......
salt/manager/init.sls
......@@ -11,39 +11,75 @@ include:
manager:
pkg.installed:
- pkgs:
- virtualenvwrapper
- postgresql
- git
- python-pip
- python-dev
- libpq-dev
- ntp
- rabbitmq-server
- memcached
- gettext
- wget
- swig
{% if grains['os_family'] == 'RedHat' %}
- libmemcached-devel
- postgresql-devel
- postgresql-libs
- postgresql-server
- libxml2-devel
- libxslt-devel
- python-devel
- python-virtualenvwrapper
{% else %}
- libmemcached-dev
- libpq-dev
- libxml2-dev
- libxslt1-dev
- libmemcached-dev
- swig
- python-dev
- virtualenvwrapper
{% endif %}
- require_in:
- service: postgres_service
user:
- present
- name: {{ pillar['user'] }}
- gid_from_name: True
- shell: /bin/bash
- groups:
{% if grains['os_family'] == 'RedHat' %}
- wheel
{% else %}
- sudo
{% endif %}
service:
- running
- enable: True
- watch:
- file: manager_postactivate
{% if grains['os_family'] == 'RedHat' %}
- file: /etc/systemd/system/manager.service
- file: /etc/systemd/system/managercelery@.service
{% else %}
- file: /etc/init/manager.conf
- file: /etc/init/mancelery.conf
- file: /etc/init/moncelery.conf
- file: /etc/init/slowcelery.conf
{% endif %}
- sls: manager.gitrepo
portal:
service:
- running
- enable: True
- watch:
- file: manager_postactivate
- file: portal.conf
- sls: manager.gitrepo
memcached:
service:
- running
- enable: True
- require:
- pkg: manager
salt/manager/nginx.sls
nginx:
service.running:
- enable: True
- require:
- pkg: nginx
- cmd: circlecert
- file: nginxdefault
{% if grains['os_family'] == 'RedHat' %}
- file: nginxconf
{% endif %}
pkg:
- installed
pkgrepo.managed:
- ppa: nginx/stable
- require_in:
- pkg: nginx
circlecert:
cmd.run:
- name: ./make-dummy-cert circle.pem
- cwd: /etc/ssl/certs/
- creates: /etc/ssl/certs/circle.pem
{% if grains['os_family'] == 'RedHat' %}
nginx_selinux:
pkg.installed:
- pkgs:
- policycoreutils
- policycoreutils-python
selinux.boolean:
- name: httpd_can_network_connect
- value: True
- persist: True
- require:
- pkg: nginx_selinux
{% endif %}
nginxdefault:
file.managed:
{% if grains['os_family'] == 'RedHat' %}
- name: /etc/nginx/conf.d/default.conf
{% else %}
- name: /etc/nginx/sites-enabled/default
{% endif %}
- template: jinja
- source: salt://manager/files/nginx-default-site.conf
- user: root
- group: root
- require:
- pkg: nginx
{% if grains['os_family'] == 'RedHat' %}
nginxconf:
file.managed:
- name: /etc/nginx/nginx.conf
- template: jinja
- source: salt://manager/files/nginx.conf
- user: root
- group: root
- require:
- pkg: nginx
{% endif %}
salt/manager/pipeline.sls
{% if grains['os'] == 'Ubuntu' %}
nodejs-legacy:
pkg.installed
{% endif %}
npm:
{% if grains['os'] == 'Ubuntu' %}
pkg.installed:
- require:
- pkg: nodejs-legacy
{% else %}
pkg.installed
{% endif %}
bower:
npm.installed:
......
salt/manager/postgres.sls
{% if grains['os_family'] == 'RedHat' %}
postgresql_initdb:
cmd.run:
- cwd: /
- user: root
- name: postgresql-setup initdb
- unless: test -f /var/lib/pgsql/data/postgresql.conf
- env:
LC_ALL: C.UTF-8
file.managed:
- name: /var/lib/pgsql/data/pg_hba.conf
- template: jinja
- source: salt://manager/files/pg_hba.conf
- user: postgres
- group: postgres
- mode: 600
- require:
- cmd: postgresql_initdb
{% endif %}
postgres_service:
service.running:
- name: postgresql
- enable: True
{% if grains['os_family'] == 'RedHat' %}
- require:
- file: postgresql_initdb
{% endif %}
dbuser:
postgres_user.present:
......
salt/manager/rabbitmq.sls
rabbitmq-server:
pkg.installed:
- name: rabbitmq-server
{% if grains['os_family'] == 'RedHat' %}
file.managed:
- name: /etc/rabbitmq/rabbitmq-env.conf
- contents: RABBITMQ_DIST_PORT=5671
{% endif %}
service.running:
- enable: True
- require:
- pkg: rabbitmq-server
{% if grains['os_family'] == 'RedHat' %}
- file: rabbitmq-server
{% endif %}
rabbitmq_user:
rabbitmq_user.present:
- name: {{ pillar['amqp']['user'] }}
- password: {{ pillar['amqp']['password'] }}
- require:
- service: rabbitmq-server
virtual_host:
rabbitmq_vhost.present:
- name: {{ pillar['amqp']['vhost']}}
- user: {{ pillar['amqp']['user'] }}
- conf: .*
- write: .*
- read: .*
rabbitmq_vhost.present:
- name: {{ pillar['amqp']['vhost']}}
- user: {{ pillar['amqp']['user'] }}
- conf: .*
- write: .*
- read: .*
- require:
- service: rabbitmq-server
salt/manager/virtualenv.sls
include:
- common
# m2crypto workaround
# /usr/include/openssl/opensslconf.h:31: Error: CPP #error
# ""This openssl-devel package does not work your architecture?"".
# Use the -cpperraswarn option to continue swig processing.
{% if grains['os_family'] == 'RedHat' %}
m2crypto_swig_env:
environ.setenv:
- name: SWIG_FEATURES
- value: -D__x86_64__
{% endif %}
virtualenv_manager:
virtualenv.managed:
- name: /home/{{ pillar['user'] }}/.virtualenvs/circle
......@@ -10,6 +22,9 @@ virtualenv_manager:
- no_chown: true
- require:
- git: gitrepo
{% if grains['os_family'] == 'RedHat' %}
- environ: m2crypto_swig_env
{% endif %}
salt://manager/files/syncdb.sh:
cmd.script:
......
salt/monitor-client/configuration.sls
......@@ -6,9 +6,20 @@
- group: {{ pillar['user'] }}
- mode: 700
{% if grains['os_family'] == 'RedHat' %}
/etc/systemd/system/monitor-client.service:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/monitor-client/miscellaneous/monitor-client.service
{% else %}
/etc/init/monitor-client.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/monitor-client/miscellaneous/monitor-client.conf
{% endif %}
salt/monitor-client/init.sls
......@@ -6,17 +6,23 @@ include:
monitor-client:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- ntp
- wget
{% if grains['os_family'] == 'RedHat' %}
- python-devel
- python-virtualenvwrapper
{% else %}
- python-dev
- virtualenvwrapper
{% endif %}
- require_in:
- git: gitrepo_monitor-client
- virtualenv: virtualenv_monitor-client
service:
- running
- enable: True
- watch:
- pkg: monitor-client
- sls: monitor-client.gitrepo
......
salt/storagedriver/configuration.sls
......@@ -6,6 +6,23 @@
- group: {{ pillar['user'] }}
- mode: 700
{% if grains['os_family'] == 'RedHat' %}
/etc/systemd/system/storagecelery@.service:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/storagedriver/miscellaneous/storagecelery@.service
/etc/systemd/system/storage.service:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/storagedriver/miscellaneous/storage.service
{% else %}
/etc/init/storagecelery.conf:
file.managed:
- user: root
......@@ -19,6 +36,7 @@
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/storagedriver/miscellaneous/storage.conf
{% endif %}
/datastore:
file.directory:
......
salt/storagedriver/init.sls
......@@ -7,14 +7,22 @@ include:
storagedriver:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- python-dev
- libmemcached-dev
- ntp
- zlib1g-dev
{% if grains['os_family'] == 'RedHat' %}
- libmemcached-devel
- python-devel
- python-virtualenvwrapper
- qemu-img
- zlib-devel
{% else %}
- libmemcached-dev
- python-dev
- qemu-utils
- virtualenvwrapper
- zlib1g-dev
{% endif %}
- require_in:
- git: gitrepo_storagedriver
- virtualenv: virtualenv_storagedriver
......@@ -22,6 +30,7 @@ storagedriver:
storage:
service:
- running
- enable: True
- watch:
- pkg: storagedriver
- sls: storagedriver.gitrepo
......
salt/vmdriver/configuration.sls
......@@ -6,26 +6,38 @@
- group: {{ pillar['user'] }}
- mode: 700
/etc/init/vmcelery.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/vmdriver/miscellaneous/vmcelery.conf
{% set service_dir = "/etc/systemd/system/" if grains['os_family'] == 'RedHat' else "/etc/init/" %}
{% set service_files = (("vmcelery@.service", "netcelery@.service", "node.service")
if grains['os_family'] == 'RedHat' else
("vmcelery.service", "netcelery.service", "node.service")) %}
/etc/init/netcelery.conf:
{% for file in service_files %}
{{ service_dir ~ file }}:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/vmdriver/miscellaneous/netcelery.conf
- source: file:///home/{{ pillar['user'] }}/vmdriver/miscellaneous/{{ file }}
{% endfor %}
/etc/init/node.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/vmdriver/miscellaneous/node.conf
{% if grains['os_family'] == 'RedHat' %}
openvswitch:
pkg.installed:
- sources:
- openvswitch: salt://vmdriver/files/openvswitch-2.3.1-1.x86_64.rpm
cmd.run:
- name: mkdir /etc/openvswitch; restorecon -R /etc/openvswitch/
- creates: /etc/openvswitch
- require:
- pkg: openvswitch
service:
- running
- enable: True
- require:
- cmd: openvswitch
- required_in:
- cmd: ovs-bridge
{% endif %}
ovs-bridge:
cmd.run:
......
salt/vmdriver/files/10.virt.rules 0 → 100644
polkit.addRule(function(action, subject) {
polkit.log("action=" + action);
polkit.log("subject=" + subject);
var now = new Date();
polkit.log("now=" + now)
if ((action.id == "org.libvirt.unix.manage" || action.id == "org.libvirt.unix.monitor") && subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
return null;
});
salt/vmdriver/files/vmdriver.te 0 → 100644
module vmdriver 1.0;
require {
type virt_var_lib_t;
type svirt_tcg_t;
class sock_file { create unlink };
class dir { write remove_name add_name };
}
#============= svirt_tcg_t ==============
allow svirt_tcg_t virt_var_lib_t:dir { write remove_name add_name };
allow svirt_tcg_t virt_var_lib_t:sock_file { create unlink };
salt/vmdriver/init.sls
......@@ -7,36 +7,55 @@ include:
vmdriver:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- python-dev
- python-augeas
- ntp
- wget
- qemu-kvm
{% if grains['os_family'] == 'RedHat' %}
- libmemcached-devel
- libvirt
- libvirt-daemon
- libvirt-daemon-kvm
- libvirt-python
- libxml2-devel
- libxslt-devel
- python-devel
- python-virtualenvwrapper
- qemu-img
- zlib-devel
{% else %}
- libmemcached-dev
- libvirt-bin
- libxml2-dev
- libxslt1-dev
- openvswitch-common
- openvswitch-switch
- openvswitch-controller
- libvirt-bin
- python-dev
- python-libvirt
- libxml2-dev
- libmemcached-dev
- libxslt1-dev
- zlib1g-dev
- qemu-kvm
- virtualenvwrapper
- qemu-utils
- zlib1g-dev
{% endif %}
- require_in:
- file: /etc/default/libvirt-bin
{% if grains['os_family'] == 'RedHat' %}
- service: libvirtd
{% else %}
- file: /etc/apparmor.d/libvirt/TEMPLATE
- file: /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
- file: /var/lib/libvirt/serial
- augeas: libvirtconf
- service: libvirt-bin
{% endif %}
- augeas: libvirtconf
- git: gitrepo_vmdriver
- virtualenv: virtualenv_vmdriver
node:
service:
- running
- enable: True
- watch:
- pkg: vmdriver
- sls: vmdriver.gitrepo
......
salt/vmdriver/libvirt.sls
......@@ -10,13 +10,58 @@ libvirtconf:
file.append:
- text: libvirtd_opts="-d -l"
{% if grains['os_family'] == 'RedHat' %}
libvirtd:
{% else %}
libvirt-bin:
{% endif %}
service:
- running
- watch:
- file: /etc/default/libvirt-bin
- augeas: libvirtconf
{% if grains['os_family'] == 'RedHat' %}
/usr/bin/kvm:
file.symlink:
- target: /usr/libexec/qemu-kvm
/etc/polkit-1/rules.d/10.virt.rules:
file.managed:
- source: salt://vmdriver/files/10.virt.rules
- template: jinja
- mode: 644
polkit:
service:
- running
- watch:
- file: /etc/polkit-1/rules.d/10.virt.rules
/root/vmdriver.te:
file.managed:
- source: salt://vmdriver/files/vmdriver.te
- template: jinja
- mode: 644
selinux_pkgs:
pkg.installed:
- pkgs:
- policycoreutils
- policycoreutils-python
vmdriver_semodule:
cmd.run:
- cwd: /root
- user: root
- name: checkmodule -M -m -o vmdriver.mod vmdriver.te; semodule_package -o vmdriver.pp -m vmdriver.mod; semodule -i vmdriver.pp
- unless: semodule -l |grep -qs ^vmdriver
- require:
- file: /root/vmdriver.te
- pkg: selinux_pkgs
{% else %}
/etc/apparmor.d/libvirt/TEMPLATE:
file.managed:
- source: salt://vmdriver/files/apparmor-libvirt
......@@ -36,10 +81,15 @@ apparmor:
- watch:
- file: /etc/apparmor.d/libvirt/TEMPLATE
- file: /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
{% endif %}
/var/lib/libvirt/serial:
file.directory:
- makedirs: True
{% if grains['os_family'] == 'RedHat' %}
- user: qemu
{% else %}
- user: libvirt-qemu
{% endif %}
- group: kvm
- mode: 755
salt/vmdriver/virtualenv.sls
......@@ -5,38 +5,12 @@ virtualenv_vmdriver:
- runas: {{ pillar['user'] }}
- no_chown: true
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirtmod_qemu.so:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirtmod_qemu.so
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirtmod.so:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirtmod.so
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirt_qemu.py:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirt_qemu.py
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirt.py:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirt.py
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirt_qemu.pyc:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirt_qemu.pyc
- require:
- virtualenv: virtualenv_vmdriver
{% set libvirt_dir = "/usr/lib64/python2.7/site-packages/" if grains['os_family'] == 'RedHat' else "/usr/lib/python2.7/dist-packages/" %}
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirt.pyc:
{% for file in ("libvirtmod_qemu.so", "libvirtmod.so", "libvirt_qemu.py", "libvirt.py", "libvirt_qemu.pyc", "libvirt.pyc") %}
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/{{ file }}:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirt.pyc
- target: {{ libvirt_dir + file }}
- require:
- virtualenv: virtualenv_vmdriver
{% endfor %}
salt/vncproxy/configuration.sls
......@@ -6,9 +6,20 @@
- group: {{ pillar['user'] }}
- mode: 700
{% if grains['os_family'] == 'RedHat' %}
/etc/systemd/system/vncproxy.service:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/vncproxy/miscellaneous/vncproxy.service
{% else %}
/etc/init/vncproxy.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/vncproxy/miscellaneous/vncproxy.conf
{% endif %}
salt/vncproxy/init.sls
......@@ -6,18 +6,27 @@ include:
vncproxy:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- ntp
- wget
{% if grains['os_family'] == 'RedHat' %}
- libffi-devel
- openssl-devel
- python-devel
- python-virtualenvwrapper
{% else %}
- libffi-dev
- libssl-dev
- python-dev
- virtualenvwrapper
{% endif %}
- require_in:
- git: gitrepo_vncproxy
- virtualenv: virtualenv_vncproxy
service:
- running
- enable: True
- watch:
- pkg: vncproxy
- sls: vncproxy.gitrepo
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment