pax_global_header 0000666 0000000 0000000 00000000064 12462436021 0014512 g ustar 00root root 0000000 0000000 52 comment=902c7b08279baddf0f0e1ee4ffed79e3d4f8f183
salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/ 0000775 0000000 0000000 00000000000 12462436021 0025755 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/.gitignore 0000664 0000000 0000000 00000000017 12462436021 0027743 0 ustar 00root root 0000000 0000000 *.swp
*.swo
*~
salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/README 0000664 0000000 0000000 00000006711 12462436021 0026642 0 ustar 00root root 0000000 0000000 #Circle Project Salt Installer
## Install Salt
```bash
sudo add-apt-repository ppa:saltstack/salt
sudo apt-get update
sudo apt-get install salt-minion
```
## Configure salt
Open the salt minion configuration
```bash
sudo vim /etc/salt/minion
```
Add these lines:
```bash
file_client: local
file_roots:
base:
- /home/cloud/salt/salt
pillar_roots:
base:
- /home/cloud/salt/pillar
```
## Get the installer
Clone circle installer git repository into cloud home
```bash
git clone git@git.ik.bme.hu:circle/salt.git
```
## Change variables
Modify installer.sls file
```
sudo vim salt/pillar/installer.sls
```
Most used variables
* **admin_user**: user name to login in as admin on the site
* **admin_pass**: password to login in as admin on the site
* time zone: the server's time zone, format is region/city
* nfs
* server: nfs server's hostname
* network: nfs server's network to access files
* directory: this directory will be shared
* storagedriver:
* **queue_name***: storage host name
* fwdriver
* **queue_name***: the server's hostname
* **gateway***: the server's gateway
* **external_net***: the server's network
* **external_if**: the server's network interface
> **`*`** These variables need to be configured. Use `hostname`, `ifconfig`, `route -n` to get network information.
## Install Circle
Run the following installation command:
```bash
sudo salt-call state.sls allinone
```
###Current issues
####`#1` Gateway problem
```
cd circle/circle/
workon circle
./manage.py firewall_restart
# get eth0 MAC address
ifconfig
sudo -i
ifconfig net hw ether
```
####`#2` Nginx problem
Delete configuration file duplication and restart nginx
```
sudo rm /etc/nginx/sites-enabled/default
sudo service nginx restart
```
#### Open firewall
```
sudo ufw allow 443
sudo ufw allow 80
```
## Quickstart - Standalone Node
###Login
Log in into the Circle website with admin (the site is accessable on the 443 port). Name and password is in the `salt/pillar/installer.sls`.
### Create Node
To run virtual machines, we need to create nodes - and add to the system. Click on the new icon in the dashboard, Nodes menu.
####Configure Node
To standalone configuration, type the current machine's hostname to Host/name, MAC address to Host/MAC, IP to HOST/IP. Choose managed-vm as VLAN.
####Activate Node
Click on the 'Activate' icon to use the Node.
### Start Virtual Machine
To create new Virtual Machine, we use Templates - images based on previously saved VMs. Currently we haven't got any template - so let's create a new one. Click on Templates/new icon and choose 'Create a new base VM without disk'.
#### Configure Template
Set name, CPU and RAM settings, architecture. Check in the boot menu box, select network and lease, write down, which operating system will you use. Finally, create a template.
> The rows marked with astersk need to be filled.
![configure standalone node](images/configure_node.jpg)
#### Add disk
Currently we don't have any disks attached to our VM. To add, click on the Resources menu, 'create disk' icon, set the name and size.
![disk setup](images/disk.jpg)
#### Attach ISO
To install an OS, we can use ISO images, to boot from. Click on 'download disk' and type the ISO's URL.
![download iso](images/iso.jpg)
###Start Virtual Machine
Finally, we can run the machine. Click on 'deploy' and start it. You can choose, on which node do you want to run.
![ubuntu 14.04](images/ubuntu.png)
salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar/ 0000775 0000000 0000000 00000000000 12462436021 0027240 5 ustar 00root root 0000000 0000000 agent.sls 0000664 0000000 0000000 00000000124 12462436021 0030777 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar agent:
repo_name: https://git.ik.bme.hu/circle/agent.git
repo_revision: master
agentdriver.sls 0000664 0000000 0000000 00000000137 12462436021 0032217 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar agentdriver:
repo_name: https://git.ik.bme.hu/circle/agentdriver.git
repo_revision: master
amqp.sls 0000664 0000000 0000000 00000000310 12462436021 0030634 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar amqp:
user: cloud
password: password
host: localhost
port: 5672
vhost: circle
graphite:
user: monitor
password: monitor
host: localhost
port: 5672
vhost: monitor
queue: monitor
common.sls 0000664 0000000 0000000 00000000622 12462436021 0031174 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar user: cloud
cache: pylibmc://127.0.0.1:11211/
proxy_secret: xooquageire7uX1
secret_key: Ga4aex3Eesohngo
timezone: Europe/Budapest
deployment_type: local
admin_user: admin
admin_pass: 4j23oihreehfd
database:
name: circle
user: circle
password: hoGei6paiN0ieda
graphite:
secret_key: ahf2aim7ahLeo8n
nfs:
enabled: false
server: localhost
network: 192.168.1.0/24
directory: /datastore
firewall.sls 0000664 0000000 0000000 00000000540 12462436021 0031510 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar fwdriver:
repo_name: https://git.ik.bme.hu/circle/fwdriver.git
repo_revision: master
user: fw
queue_name: cloud
portal_ip: 192.168.1.1
portal_netmask: 255.255.255.0
vm_net: 192.168.2.254/24
management_net: 192.168.1.254/24
external_net: 10.0.0.97/16
gateway: 10.0.255.254
external_if: eth0
trunk_if: linkb
management_if: ethy
installer.sls 0000664 0000000 0000000 00000001463 12462436021 0031705 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar #user: cloud
#proxy_secret: xooquageire7uX1
#secret_key: Ga4aex3Eesohngo
#timezone: Europe/Budapest
#deployment_type: local
#admin_user: admin
#admin_pass: 4j23oihreehfd
#database:
# name: circle
# user: circle
# password: hoGei6paiN0ieda
#amqp:
# user: cloud
# password: password
# host: 127.0.0.1
# port: 5672
# vhost: circle
#graphite:
# user: monitor
# password: monitor
# host: 127.0.0.1
# port: 5672
# vhost: monitor
# queue: monitor
# secret_key: ahf2aim7ahLeo8n
#cache: pylibmc://127.0.0.1:11211/
#nfs:
# enabled: true
# server: localhost
# network: 192.168.1.0/24
# directory: /datastore
#storagedriver:
# queue_name: cloud
#fwdriver:
# queue_name: cloud-1115
# gateway: 10.0.255.254
# external_net: 10.0.0.115/16
# external_if: eth0
# trunk_if: linkb
# management_if: ethy
manager.sls 0000664 0000000 0000000 00000000131 12462436021 0031311 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar manager:
repo_name: https://git.ik.bme.hu/circle/cloud.git
repo_revision: master
monitor-client.sls 0000664 0000000 0000000 00000000145 12462436021 0032647 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar monitor-client:
repo_name: https://git.ik.bme.hu/circle/monitor-client.git
repo_revision: master
node.sls 0000664 0000000 0000000 00000000472 12462436021 0030634 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar user: cloud
amqp:
user: cloud
password: password
host: 192.168.120.1
port: 5672
vhost: circle
graphite:
user: monitor
password: monitor
host: 192.168.120.1
port: 5672
vhost: monitor
queue: monitor
cache: pylibmc://192.168.120.1:11211/
nfs:
server: 192.168.120.1
directory: /datastore
storagedriver.sls 0000664 0000000 0000000 00000000177 12462436021 0032571 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar storagedriver:
repo_name: https://git.ik.bme.hu/circle/storagedriver.git
repo_revision: master
queue_name: storageserver
top.sls 0000664 0000000 0000000 00000000321 12462436021 0030502 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar base:
'*':
- vmdriver
- amqp
- agentdriver
- agent
- storagedriver
- vncproxy
- monitor-client
- vmdriver
- firewall
- manager
- common
- installer
- node
vmdriver.sls 0000664 0000000 0000000 00000000131 12462436021 0031535 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar vmdriver:
repo_name: https://git.ik.bme.hu/circle/vmdriver.git
repo_revision: master
vncproxy.sls 0000664 0000000 0000000 00000000131 12462436021 0031567 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/pillar vncproxy:
repo_name: https://git.ik.bme.hu/circle/vncproxy.git
repo_revision: master
salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/ 0000775 0000000 0000000 00000000000 12462436021 0026720 5 ustar 00root root 0000000 0000000 agentdriver/ 0000775 0000000 0000000 00000000000 12462436021 0031153 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt configuration.sls 0000664 0000000 0000000 00000001123 12462436021 0034542 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/agentdriver /home/{{ pillar['user'] }}/.virtualenvs/agentdriver/bin/postactivate:
file.managed:
- source: salt://agentdriver/files/postactivate
- template: jinja
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- mode: 700
/etc/incron.d/agentdriver:
file.managed:
- source: salt://agentdriver/files/agentdriver.incron
- template: jinja
- user: root
- group: root
/etc/init/agentdriver.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/agentdriver/miscellaneous/agentdriver.conf
files/ 0000775 0000000 0000000 00000000000 12462436021 0032255 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/agentdriver agentdriver.incron 0000664 0000000 0000000 00000000115 12462436021 0035776 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/agentdriver/files /var/lib/libvirt/serial IN_CREATE setfacl -m u:{{ pillar['user'] }}:rw $@/$#
postactivate 0000664 0000000 0000000 00000000325 12462436021 0034706 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/agentdriver/files export AMQP_URI=amqp://{{ pillar['amqp']['user'] }}:{{ pillar['amqp']['password'] }}@{{ pillar['amqp']['host'] }}:{{ pillar['amqp']['port'] }}/{{ pillar['amqp']['vhost'] }}
export CACHE_URI={{ pillar['cache'] }}
gitrepo.sls 0000664 0000000 0000000 00000000475 12462436021 0033355 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/agentdriver include:
- common
gitrepo_agentdriver:
git.latest:
- name: {{ pillar['agentdriver']['repo_name'] }}
- rev: {{ pillar['agentdriver']['repo_revision'] }}
- target: /home/{{ pillar['user'] }}/agentdriver
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- require:
- pkg: git
init.sls 0000664 0000000 0000000 00000001320 12462436021 0032635 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/agentdriver include:
- agentdriver.gitrepo
- agentdriver.virtualenv
- agentdriver.configuration
agentdriver:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- ntp
- incron
- libmemcached-dev
- zlib1g-dev
- python-dev
- require_in:
- git: gitrepo_agentdriver
- virtualenv: virtualenv_agentdriver
user:
- present
- name: {{ pillar['user'] }}
- gid_from_name: True
- require_in:
- git: gitrepo_agentdriver
- virtualenv: virtualenv_agentdriver
service:
- running
- watch:
- pkg: agentdriver
- sls: agentdriver.gitrepo
- sls: agentdriver.virtualenv
- sls: agentdriver.configuration
virtualenv.sls 0000664 0000000 0000000 00000000361 12462436021 0034075 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/agentdriver virtualenv_agentdriver:
virtualenv.managed:
- name: /home/{{ pillar['user'] }}/.virtualenvs/agentdriver
- requirements: /home/{{ pillar['user'] }}/agentdriver/requirements.txt
- runas: {{ pillar['user'] }}
- no_chown: true
allinone.sls 0000664 0000000 0000000 00000000212 12462436021 0031160 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt include:
- agentdriver
- graphite
- manager
- monitor-client
- storagedriver
- vmdriver
- vncproxy
- fwdriver
- network
common.sls 0000664 0000000 0000000 00000000026 12462436021 0030652 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt git:
pkg.installed
fwdriver/ 0000775 0000000 0000000 00000000000 12462436021 0030471 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt configuration.sls 0000664 0000000 0000000 00000003340 12462436021 0034063 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/fwdriver /home/{{ pillar['fwdriver']['user'] }}/.virtualenvs/fw/bin/postactivate:
file.managed:
- source: salt://fwdriver/files/postactivate
- template: jinja
- user: {{ pillar['fwdriver']['user'] }}
- group: {{ pillar['fwdriver']['user'] }}
- mode: 700
/etc/init/firewall.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['fwdriver']['user'] }}/fwdriver/miscellaneous/firewall.conf
/etc/init/firewall-init.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['fwdriver']['user'] }}/fwdriver/miscellaneous/firewall-init.conf
/etc/dhcp/dhcpd.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: salt://fwdriver/files/dhcpd.conf
/etc/dhcp/dhcpd.conf.generated:
file.managed:
- user: {{ pillar['fwdriver']['user'] }}
- group: {{ pillar['fwdriver']['user'] }}
/etc/init/isc-dhcp-server.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: salt://fwdriver/files/isc-dhcp-server.conf
/etc/init.d/isc-dhcp-server:
file.symlink:
- target: /lib/init/upstart-job
- force: True
isc-dhcp-server:
service:
- running
- watch:
- file: /etc/dhcp/dhcpd.conf
- file: /etc/dhcp/dhcpd.conf.generated
- file: /etc/init/isc-dhcp-server.conf
- file: /etc/init.d/isc-dhcp-server
/etc/sysctl.d/60-circle-firewall.conf:
file.managed:
- user: root
- group: root
- contents: "net.ipv4.ip_forward=1\nnet.ipv6.conf.all.forwarding=1"
/etc/sudoers.d/fwdriver:
file.managed:
- user: root
- group: root
- mode: 400
- template: jinja
- source: salt://fwdriver/files/sudoers
files/ 0000775 0000000 0000000 00000000000 12462436021 0031573 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/fwdriver dhcpd.conf 0000664 0000000 0000000 00000000210 12462436021 0033515 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/fwdriver/files ddns-update-style none;
default-lease-time 60000;
max-lease-time 720000;
log-facility local7;
include "/etc/dhcp/dhcpd.conf.generated";
isc-dhcp-server.conf 0000664 0000000 0000000 00000003537 12462436021 0035450 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/fwdriver/files description "ISC DHCP IPv4 server"
author "Stéphane Graber "
start on runlevel [2345]
stop on runlevel [!2345]
pre-start script
if [ ! -f /etc/default/isc-dhcp-server ]; then
echo "/etc/default/isc-dhcp-server does not exist! - Aborting..."
echo "Run 'dpkg-reconfigure isc-dhcp-server' to fix the problem."
stop
exit 0
fi
. /etc/default/isc-dhcp-server
if [ -f /etc/ltsp/dhcpd.conf ]; then
CONFIG_FILE=/etc/ltsp/dhcpd.conf
else
CONFIG_FILE=/etc/dhcp/dhcpd.conf
fi
if [ ! -f $CONFIG_FILE ]; then
echo "$CONFIG_FILE does not exist! - Aborting..."
echo "Please create and configure $CONFIG_FILE to fix the problem."
stop
exit 0
fi
if ! ip netns exec fw dhcpd -user dhcpd -group dhcpd -t -q -4 -cf $CONFIG_FILE > /dev/null 2>&1; then
echo "dhcpd self-test failed. Please fix the config file."
echo "The error was: "
ip netns exec fw dhcpd -user dhcpd -group dhcpd -t -4 -cf $CONFIG_FILE
stop
exit 0
fi
end script
respawn
script
if [ -f /etc/ltsp/dhcpd.conf ]; then
CONFIG_FILE=/etc/ltsp/dhcpd.conf
else
CONFIG_FILE=/etc/dhcp/dhcpd.conf
fi
. /etc/default/isc-dhcp-server
# Allow dhcp server to write lease and pid file as 'dhcpd' user
mkdir -p /var/run/dhcp-server
chown dhcpd:dhcpd /var/run/dhcp-server
# The leases files need to be root:root even when dropping privileges
[ -e /var/lib/dhcp/dhcpd.leases ] || touch /var/lib/dhcp/dhcpd.leases
chown root:root /var/lib/dhcp /var/lib/dhcp/dhcpd.leases
if [ -e /var/lib/dhcp/dhcpd.leases~ ]; then
chown root:root /var/lib/dhcp/dhcpd.leases~
fi
exec ip netns exec fw dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/dhcp-server/dhcpd.pid -cf $CONFIG_FILE $INTERFACES
end script
postactivate 0000664 0000000 0000000 00000000407 12462436021 0034225 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/fwdriver/files export GATEWAY={{ pillar['fwdriver']['gateway'] }}
export AMQP_URI=amqp://{{ pillar['amqp']['user'] }}:{{ pillar['amqp']['password'] }}@{{ pillar['amqp']['host'] }}:{{ pillar['amqp']['port'] }}/{{ pillar['amqp']['vhost'] }}
export CACHE_URI={{ pillar['cache'] }}
sudoers 0000664 0000000 0000000 00000000537 12462436021 0033207 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/fwdriver/files {{ pillar['fwdriver']['user'] }} ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw ip addr *, /sbin/ip netns exec fw ip ro *, /sbin/ip netns exec fw ip link *, /sbin/ip netns exec fw ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw iptables-restore -c, /sbin/ip netns exec fw ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link *
gitrepo.sls 0000664 0000000 0000000 00000000525 12462436021 0032667 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/fwdriver include:
- common
gitrepo_fwdriver:
git.latest:
- name: {{ pillar['fwdriver']['repo_name'] }}
- rev: {{ pillar['fwdriver']['repo_revision'] }}
- target: /home/{{ pillar['fwdriver']['user'] }}/fwdriver
- user: {{ pillar['fwdriver']['user'] }}
- group: {{ pillar['fwdriver']['user'] }}
- require:
- pkg: git
init.sls 0000664 0000000 0000000 00000001546 12462436021 0032165 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/fwdriver include:
- fwdriver.gitrepo
- fwdriver.virtualenv
- fwdriver.configuration
firewall:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- python-dev
- libmemcached-dev
- ntp
- openvswitch-switch
- openvswitch-controller
- iptables
- ipset
- isc-dhcp-server
- require:
- user: {{ pillar['fwdriver']['user'] }}
- require_in:
- git: gitrepo_fwdriver
- virtualenv: virtualenv_fwdriver
- service: isc-dhcp-server
user:
- present
- name: {{ pillar['fwdriver']['user'] }}
- gid_from_name: True
service:
- running
- require:
- service: firewall-init
- watch:
- pkg: firewall
- sls: fwdriver.gitrepo
- sls: fwdriver.virtualenv
- sls: fwdriver.configuration
firewall-init:
service:
- running
virtualenv.sls 0000664 0000000 0000000 00000000406 12462436021 0033413 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/fwdriver virtualenv_fwdriver:
virtualenv.managed:
- name: /home/{{ pillar['fwdriver']['user'] }}/.virtualenvs/fw
- requirements: /home/{{ pillar['fwdriver']['user'] }}/fwdriver/requirements.txt
- runas: {{ pillar['fwdriver']['user'] }}
- no_chown: true
graphite/ 0000775 0000000 0000000 00000000000 12462436021 0030444 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt configuration.sls 0000664 0000000 0000000 00000004065 12462436021 0034043 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite postactivate:
file.managed:
- name: /home/{{ pillar['graphite']['user'] }}/.virtualenvs/graphite/bin/postactivate
- source: salt://graphite/files/postactivate
- template: jinja
- user: {{ pillar['graphite']['user'] }}
- group: {{ pillar['graphite']['user'] }}
- mode: 700
requirements:
file.managed:
- name: /home/{{ pillar['graphite']['user'] }}/requirements.txt
- source: salt://graphite/files/requirements.txt
- user: {{ pillar['graphite']['user'] }}
- group: {{ pillar['graphite']['user'] }}
- require:
- user: {{ pillar['graphite']['user'] }}
/etc/init/graphite.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: salt://graphite/files/graphite.conf
/etc/init/graphite-carbon.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: salt://graphite/files/graphite-carbon.conf
/opt/graphite:
file.directory:
- makedirs: True
- user: {{ pillar['graphite']['user'] }}
- group: {{ pillar['graphite']['user'] }}
- require:
- user: {{ pillar['graphite']['user'] }}
/opt/graphite/conf/carbon.conf:
file.managed:
- source: salt://graphite/files/carbon.conf
- user: {{ pillar['graphite']['user'] }}
- group: {{ pillar['graphite']['user'] }}
- template: jinja
- makedirs: True
- require:
- user: {{ pillar['graphite']['user'] }}
/opt/graphite/conf/storage-schemas.conf:
file.managed:
- name: /opt/graphite/conf/storage-schemas.conf
- source: salt://graphite/files/storage-schemas.conf
- user: {{ pillar['graphite']['user'] }}
- group: {{ pillar['graphite']['user'] }}
- makedirs: True
- require:
- user: {{ pillar['graphite']['user'] }}
/opt/graphite/webapp/graphite/local_settings.py:
file.managed:
- source: salt://graphite/files/local_settings.py
- user: {{ pillar['graphite']['user'] }}
- group: {{ pillar['graphite']['user'] }}
- template: jinja
- makedirs: True
- require:
- user: {{ pillar['graphite']['user'] }}
files/ 0000775 0000000 0000000 00000000000 12462436021 0031546 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite carbon.conf 0000664 0000000 0000000 00000037073 12462436021 0033673 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite/files [cache]
# Configure carbon directories.
#
# OS environment variables can be used to tell carbon where graphite is
# installed, where to read configuration from and where to write data.
#
# GRAPHITE_ROOT - Root directory of the graphite installation.
# Defaults to ../
# GRAPHITE_CONF_DIR - Configuration directory (where this file lives).
# Defaults to $GRAPHITE_ROOT/conf/
# GRAPHITE_STORAGE_DIR - Storage directory for whipser/rrd/log/pid files.
# Defaults to $GRAPHITE_ROOT/storage/
#
# To change other directory paths, add settings to this file. The following
# configuration variables are available with these default values:
#
# STORAGE_DIR = $GRAPHITE_STORAGE_DIR
# LOCAL_DATA_DIR = STORAGE_DIR/whisper/
# WHITELISTS_DIR = STORAGE_DIR/lists/
# CONF_DIR = STORAGE_DIR/conf/
# LOG_DIR = STORAGE_DIR/log/
# PID_DIR = STORAGE_DIR/
#
# For FHS style directory structures, use:
#
# STORAGE_DIR = /var/lib/carbon/
# CONF_DIR = /etc/carbon/
# LOG_DIR = /var/log/carbon/
# PID_DIR = /var/run/
#
#LOCAL_DATA_DIR = /opt/graphite/storage/whisper/
# Enable daily log rotation. If disabled, a kill -HUP can be used after a manual rotate
ENABLE_LOGROTATION = True
# Specify the user to drop privileges to
# If this is blank carbon runs as the user that invokes it
# This user must have write access to the local data directory
USER =
#
# NOTE: The above settings must be set under [relay] and [aggregator]
# to take effect for those daemons as well
# Limit the size of the cache to avoid swapping or becoming CPU bound.
# Sorts and serving cache queries gets more expensive as the cache grows.
# Use the value "inf" (infinity) for an unlimited cache size.
MAX_CACHE_SIZE = inf
# Limits the number of whisper update_many() calls per second, which effectively
# means the number of write requests sent to the disk. This is intended to
# prevent over-utilizing the disk and thus starving the rest of the system.
# When the rate of required updates exceeds this, then carbon's caching will
# take effect and increase the overall throughput accordingly.
MAX_UPDATES_PER_SECOND = 500
# If defined, this changes the MAX_UPDATES_PER_SECOND in Carbon when a
# stop/shutdown is initiated. This helps when MAX_UPDATES_PER_SECOND is
# relatively low and carbon has cached a lot of updates; it enables the carbon
# daemon to shutdown more quickly.
# MAX_UPDATES_PER_SECOND_ON_SHUTDOWN = 1000
# Softly limits the number of whisper files that get created each minute.
# Setting this value low (like at 50) is a good way to ensure your graphite
# system will not be adversely impacted when a bunch of new metrics are
# sent to it. The trade off is that it will take much longer for those metrics'
# database files to all get created and thus longer until the data becomes usable.
# Setting this value high (like "inf" for infinity) will cause graphite to create
# the files quickly but at the risk of slowing I/O down considerably for a while.
MAX_CREATES_PER_MINUTE = 50
LINE_RECEIVER_INTERFACE = 0.0.0.0
LINE_RECEIVER_PORT = 2003
# Set this to True to enable the UDP listener. By default this is off
# because it is very common to run multiple carbon daemons and managing
# another (rarely used) port for every carbon instance is not fun.
ENABLE_UDP_LISTENER = False
UDP_RECEIVER_INTERFACE = 0.0.0.0
UDP_RECEIVER_PORT = 2003
PICKLE_RECEIVER_INTERFACE = 0.0.0.0
PICKLE_RECEIVER_PORT = 2004
# Set to false to disable logging of successful connections
LOG_LISTENER_CONNECTIONS = True
# Per security concerns outlined in Bug #817247 the pickle receiver
# will use a more secure and slightly less efficient unpickler.
# Set this to True to revert to the old-fashioned insecure unpickler.
USE_INSECURE_UNPICKLER = False
CACHE_QUERY_INTERFACE = 0.0.0.0
CACHE_QUERY_PORT = 7002
# Set this to False to drop datapoints received after the cache
# reaches MAX_CACHE_SIZE. If this is True (the default) then sockets
# over which metrics are received will temporarily stop accepting
# data until the cache size falls below 95% MAX_CACHE_SIZE.
USE_FLOW_CONTROL = True
# By default, carbon-cache will log every whisper update and cache hit. This can be excessive and
# degrade performance if logging on the same volume as the whisper data is stored.
LOG_UPDATES = False
LOG_CACHE_HITS = False
LOG_CACHE_QUEUE_SORTS = True
# The thread that writes metrics to disk can use on of the following strategies
# determining the order in which metrics are removed from cache and flushed to
# disk. The default option preserves the same behavior as has been historically
# available in version 0.9.10.
#
# sorted - All metrics in the cache will be counted and an ordered list of
# them will be sorted according to the number of datapoints in the cache at the
# moment of the list's creation. Metrics will then be flushed from the cache to
# disk in that order.
#
# max - The writer thread will always pop and flush the metric from cache
# that has the most datapoints. This will give a strong flush preference to
# frequently updated metrics and will also reduce random file-io. Infrequently
# updated metrics may only ever be persisted to disk at daemon shutdown if
# there are a large number of metrics which receive very frequent updates OR if
# disk i/o is very slow.
#
# naive - Metrics will be flushed from the cache to disk in an unordered
# fashion. This strategy may be desirable in situations where the storage for
# whisper files is solid state, CPU resources are very limited or deference to
# the OS's i/o scheduler is expected to compensate for the random write
# pattern.
#
CACHE_WRITE_STRATEGY = sorted
# On some systems it is desirable for whisper to write synchronously.
# Set this option to True if you'd like to try this. Basically it will
# shift the onus of buffering writes from the kernel into carbon's cache.
WHISPER_AUTOFLUSH = False
# By default new Whisper files are created pre-allocated with the data region
# filled with zeros to prevent fragmentation and speed up contiguous reads and
# writes (which are common). Enabling this option will cause Whisper to create
# the file sparsely instead. Enabling this option may allow a large increase of
# MAX_CREATES_PER_MINUTE but may have longer term performance implications
# depending on the underlying storage configuration.
# WHISPER_SPARSE_CREATE = False
# Only beneficial on linux filesystems that support the fallocate system call.
# It maintains the benefits of contiguous reads/writes, but with a potentially
# much faster creation speed, by allowing the kernel to handle the block
# allocation and zero-ing. Enabling this option may allow a large increase of
# MAX_CREATES_PER_MINUTE. If enabled on an OS or filesystem that is unsupported
# this option will gracefully fallback to standard POSIX file access methods.
WHISPER_FALLOCATE_CREATE = True
# Enabling this option will cause Whisper to lock each Whisper file it writes
# to with an exclusive lock (LOCK_EX, see: man 2 flock). This is useful when
# multiple carbon-cache daemons are writing to the same files
# WHISPER_LOCK_WRITES = False
# Set this to True to enable whitelisting and blacklisting of metrics in
# CONF_DIR/whitelist and CONF_DIR/blacklist. If the whitelist is missing or
# empty, all metrics will pass through
# USE_WHITELIST = False
# By default, carbon itself will log statistics (such as a count,
# metricsReceived) with the top level prefix of 'carbon' at an interval of 60
# seconds. Set CARBON_METRIC_INTERVAL to 0 to disable instrumentation
# CARBON_METRIC_PREFIX = carbon
# CARBON_METRIC_INTERVAL = 60
# Enable AMQP if you want to receve metrics using an amqp broker
# ENABLE_AMQP = False
# Verbose means a line will be logged for every metric received
# useful for testing
# AMQP_VERBOSE = False
# AMQP_HOST = localhost
# AMQP_PORT = 5672
# AMQP_VHOST = /
# AMQP_USER = guest
# AMQP_PASSWORD = guest
# AMQP_EXCHANGE = graphite
# AMQP_METRIC_NAME_IN_BODY = False
ENABLE_AMQP = True
# Verbose means a line will be logged for every metric received
# useful for testing
AMQP_VERBOSE = False
AMQP_HOST = {{ pillar['graphite']['host'] }}
AMQP_PORT = {{ pillar['graphite']['port'] }}
AMQP_VHOST = {{ pillar['graphite']['vhost'] }}
AMQP_USER = {{ pillar['graphite']['user'] }}
AMQP_PASSWORD = {{ pillar['graphite']['password'] }}
AMQP_EXCHANGE = {{ pillar['graphite']['queue'] }}
AMQP_METRIC_NAME_IN_BODY = True
# The manhole interface allows you to SSH into the carbon daemon
# and get a python interpreter. BE CAREFUL WITH THIS! If you do
# something like time.sleep() in the interpreter, the whole process
# will sleep! This is *extremely* helpful in debugging, assuming
# you are familiar with the code. If you are not, please don't
# mess with this, you are asking for trouble :)
#
# ENABLE_MANHOLE = False
# MANHOLE_INTERFACE = 127.0.0.1
# MANHOLE_PORT = 7222
# MANHOLE_USER = admin
# MANHOLE_PUBLIC_KEY = ssh-rsa AAAAB3NzaC1yc2EAAAABiwAaAIEAoxN0sv/e4eZCPpi3N3KYvyzRaBaMeS2RsOQ/cDuKv11dlNzVeiyc3RFmCv5Rjwn/lQ79y0zyHxw67qLyhQ/kDzINc4cY41ivuQXm2tPmgvexdrBv5nsfEpjs3gLZfJnyvlcVyWK/lId8WUvEWSWHTzsbtmXAF2raJMdgLTbQ8wE=
# Patterns for all of the metrics this machine will store. Read more at
# http://en.wikipedia.org/wiki/Advanced_Message_Queuing_Protocol#Bindings
#
# Example: store all sales, linux servers, and utilization metrics
# BIND_PATTERNS = sales.#, servers.linux.#, #.utilization
#
# Example: store everything
# BIND_PATTERNS = #
# To configure special settings for the carbon-cache instance 'b', uncomment this:
#[cache:b]
#LINE_RECEIVER_PORT = 2103
#PICKLE_RECEIVER_PORT = 2104
#CACHE_QUERY_PORT = 7102
# and any other settings you want to customize, defaults are inherited
# from [carbon] section.
# You can then specify the --instance=b option to manage this instance
[relay]
#LINE_RECEIVER_INTERFACE = 0.0.0.0
#LINE_RECEIVER_PORT = 2013
PICKLE_RECEIVER_INTERFACE = 0.0.0.0
PICKLE_RECEIVER_PORT = 2014
# Set to false to disable logging of successful connections
LOG_LISTENER_CONNECTIONS = True
# Carbon-relay has several options for metric routing controlled by RELAY_METHOD
#
# Use relay-rules.conf to route metrics to destinations based on pattern rules
#RELAY_METHOD = rules
#
# Use consistent-hashing for even distribution of metrics between destinations
#RELAY_METHOD = consistent-hashing
#
# Use consistent-hashing but take into account an aggregation-rules.conf shared
# by downstream carbon-aggregator daemons. This will ensure that all metrics
# that map to a given aggregation rule are sent to the same carbon-aggregator
# instance.
# Enable this for carbon-relays that send to a group of carbon-aggregators
#RELAY_METHOD = aggregated-consistent-hashing
RELAY_METHOD = rules
# If you use consistent-hashing you can add redundancy by replicating every
# datapoint to more than one machine.
REPLICATION_FACTOR = 1
# This is a list of carbon daemons we will send any relayed or
# generated metrics to. The default provided would send to a single
# carbon-cache instance on the default port. However if you
# use multiple carbon-cache instances then it would look like this:
#
# DESTINATIONS = 127.0.0.1:2004:a, 127.0.0.1:2104:b
#
# The general form is IP:PORT:INSTANCE where the :INSTANCE part is
# optional and refers to the "None" instance if omitted.
#
# Note that if the destinations are all carbon-caches then this should
# exactly match the webapp's CARBONLINK_HOSTS setting in terms of
# instances listed (order matters!).
#
# If using RELAY_METHOD = rules, all destinations used in relay-rules.conf
# must be defined in this list
DESTINATIONS = 127.0.0.1:2004
# This defines the maximum "message size" between carbon daemons.
# You shouldn't need to tune this unless you really know what you're doing.
MAX_DATAPOINTS_PER_MESSAGE = 500
MAX_QUEUE_SIZE = 10000
# Set this to False to drop datapoints when any send queue (sending datapoints
# to a downstream carbon daemon) hits MAX_QUEUE_SIZE. If this is True (the
# default) then sockets over which metrics are received will temporarily stop accepting
# data until the send queues fall below 80% MAX_QUEUE_SIZE.
USE_FLOW_CONTROL = True
# Set this to True to enable whitelisting and blacklisting of metrics in
# CONF_DIR/whitelist and CONF_DIR/blacklist. If the whitelist is missing or
# empty, all metrics will pass through
# USE_WHITELIST = False
# By default, carbon itself will log statistics (such as a count,
# metricsReceived) with the top level prefix of 'carbon' at an interval of 60
# seconds. Set CARBON_METRIC_INTERVAL to 0 to disable instrumentation
# CARBON_METRIC_PREFIX = carbon
# CARBON_METRIC_INTERVAL = 60
[aggregator]
LINE_RECEIVER_INTERFACE = 0.0.0.0
LINE_RECEIVER_PORT = 2023
PICKLE_RECEIVER_INTERFACE = 0.0.0.0
PICKLE_RECEIVER_PORT = 2024
# Set to false to disable logging of successful connections
LOG_LISTENER_CONNECTIONS = True
# If set true, metric received will be forwarded to DESTINATIONS in addition to
# the output of the aggregation rules. If set false the carbon-aggregator will
# only ever send the output of aggregation.
FORWARD_ALL = True
# This is a list of carbon daemons we will send any relayed or
# generated metrics to. The default provided would send to a single
# carbon-cache instance on the default port. However if you
# use multiple carbon-cache instances then it would look like this:
#
# DESTINATIONS = 127.0.0.1:2004:a, 127.0.0.1:2104:b
#
# The format is comma-delimited IP:PORT:INSTANCE where the :INSTANCE part is
# optional and refers to the "None" instance if omitted.
#
# Note that if the destinations are all carbon-caches then this should
# exactly match the webapp's CARBONLINK_HOSTS setting in terms of
# instances listed (order matters!).
DESTINATIONS = 127.0.0.1:2004
# If you want to add redundancy to your data by replicating every
# datapoint to more than one machine, increase this.
REPLICATION_FACTOR = 1
# This is the maximum number of datapoints that can be queued up
# for a single destination. Once this limit is hit, we will
# stop accepting new data if USE_FLOW_CONTROL is True, otherwise
# we will drop any subsequently received datapoints.
MAX_QUEUE_SIZE = 10000
# Set this to False to drop datapoints when any send queue (sending datapoints
# to a downstream carbon daemon) hits MAX_QUEUE_SIZE. If this is True (the
# default) then sockets over which metrics are received will temporarily stop accepting
# data until the send queues fall below 80% MAX_QUEUE_SIZE.
USE_FLOW_CONTROL = True
# This defines the maximum "message size" between carbon daemons.
# You shouldn't need to tune this unless you really know what you're doing.
MAX_DATAPOINTS_PER_MESSAGE = 500
# This defines how many datapoints the aggregator remembers for
# each metric. Aggregation only happens for datapoints that fall in
# the past MAX_AGGREGATION_INTERVALS * intervalSize seconds.
MAX_AGGREGATION_INTERVALS = 5
# By default (WRITE_BACK_FREQUENCY = 0), carbon-aggregator will write back
# aggregated data points once every rule.frequency seconds, on a per-rule basis.
# Set this (WRITE_BACK_FREQUENCY = N) to write back all aggregated data points
# every N seconds, independent of rule frequency. This is useful, for example,
# to be able to query partially aggregated metrics from carbon-cache without
# having to first wait rule.frequency seconds.
# WRITE_BACK_FREQUENCY = 0
# Set this to True to enable whitelisting and blacklisting of metrics in
# CONF_DIR/whitelist and CONF_DIR/blacklist. If the whitelist is missing or
# empty, all metrics will pass through
# USE_WHITELIST = False
# By default, carbon itself will log statistics (such as a count,
# metricsReceived) with the top level prefix of 'carbon' at an interval of 60
# seconds. Set CARBON_METRIC_INTERVAL to 0 to disable instrumentation
# CARBON_METRIC_PREFIX = carbon
# CARBON_METRIC_INTERVAL = 60
graphite-carbon.conf 0000664 0000000 0000000 00000000761 12462436021 0035466 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite/files description "CIRCLE Cloud Graphite monitoring server"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
respawn limit 30 30
setgid {{ pillar['graphite']['user'] }}
setuid {{ pillar['graphite']['user'] }}
env HOME=/home/{{ pillar['graphite']['user'] }}
env GRAPHITE_ROOT=/opt/graphite
env PYTHONPATH=/opt/graphite/lib
script
. $HOME/.virtualenvs/graphite/local/bin/activate
cd /opt/graphite/bin/
exec twistd --nodaemon --reactor=epoll --no_save carbon-cache
end script
graphite.conf 0000664 0000000 0000000 00000000645 12462436021 0034225 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite/files description "CIRCLE Cloud Graphite monitoring server"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
respawn limit 30 30
setgid {{ pillar['graphite']['user'] }}
setuid {{ pillar['graphite']['user'] }}
env HOME=/home/{{ pillar['graphite']['user'] }}
script
. $HOME/.virtualenvs/graphite/local/bin/activate
cd /opt/graphite/webapp/graphite
exec python manage.py runserver [::]:8081
end script
local_settings.py 0000664 0000000 0000000 00000020146 12462436021 0035135 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite/files ## Graphite local_settings.py
# Edit this file to customize the default Graphite webapp settings
#
# Additional customizations to Django settings can be added to this file as well
#####################################
# General Configuration #
#####################################
# Set this to a long, random unique string to use as a secret key for this
# install. This key is used for salting of hashes used in auth tokens,
# CRSF middleware, cookie storage, etc. This should be set identically among
# instances if used behind a load balancer.
SECRET_KEY = "{{ pillar['graphite']['secret_key'] }}"
# In Django 1.5+ set this to the list of hosts your graphite instances is
# accessible as. See:
# https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-ALLOWED_HOSTS
#ALLOWED_HOSTS = [ '*' ]
# Set your local timezone (Django's default is America/Chicago)
# If your graphs appear to be offset by a couple hours then this probably
# needs to be explicitly set to your local timezone.
TIME_ZONE = "{{ pillar['timezone'] }}"
# Override this to provide documentation specific to your Graphite deployment
#DOCUMENTATION_URL = "http://graphite.readthedocs.org/"
# Logging
#LOG_RENDERING_PERFORMANCE = True
#LOG_CACHE_PERFORMANCE = True
#LOG_METRIC_ACCESS = True
# Enable full debug page display on exceptions (Internal Server Error pages)
#DEBUG = True
# If using RRD files and rrdcached, set to the address or socket of the daemon
#FLUSHRRDCACHED = 'unix:/var/run/rrdcached.sock'
# This lists the memcached servers that will be used by this webapp.
# If you have a cluster of webapps you should ensure all of them
# have the *exact* same value for this setting. That will maximize cache
# efficiency. Setting MEMCACHE_HOSTS to be empty will turn off use of
# memcached entirely.
#
# You should not use the loopback address (127.0.0.1) here if using clustering
# as every webapp in the cluster should use the exact same values to prevent
# unneeded cache misses. Set to [] to disable caching of images and fetched data
#MEMCACHE_HOSTS = ['10.10.10.10:11211', '10.10.10.11:11211', '10.10.10.12:11211']
#DEFAULT_CACHE_DURATION = 60 # Cache images and data for 1 minute
#####################################
# Filesystem Paths #
#####################################
# Change only GRAPHITE_ROOT if your install is merely shifted from /opt/graphite
# to somewhere else
#GRAPHITE_ROOT = '/opt/graphite'
# Most installs done outside of a separate tree such as /opt/graphite will only
# need to change these three settings. Note that the default settings for each
# of these is relative to GRAPHITE_ROOT
#CONF_DIR = '/opt/graphite/conf'
#STORAGE_DIR = '/opt/graphite/storage'
#CONTENT_DIR = '/opt/graphite/webapp/content'
# To further or fully customize the paths, modify the following. Note that the
# default settings for each of these are relative to CONF_DIR and STORAGE_DIR
#
## Webapp config files
#DASHBOARD_CONF = '/opt/graphite/conf/dashboard.conf'
#GRAPHTEMPLATES_CONF = '/opt/graphite/conf/graphTemplates.conf'
## Data directories
# NOTE: If any directory is unreadable in DATA_DIRS it will break metric browsing
#WHISPER_DIR = '/opt/graphite/storage/whisper'
#RRD_DIR = '/opt/graphite/storage/rrd'
#DATA_DIRS = [WHISPER_DIR, RRD_DIR] # Default: set from the above variables
#LOG_DIR = '/opt/graphite/storage/log/webapp'
#INDEX_FILE = '/opt/graphite/storage/index' # Search index file
#####################################
# Email Configuration #
#####################################
# This is used for emailing rendered Graphs
# Default backend is SMTP
#EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
#EMAIL_HOST = 'localhost'
#EMAIL_PORT = 25
#EMAIL_HOST_USER = ''
#EMAIL_HOST_PASSWORD = ''
#EMAIL_USE_TLS = False
# To drop emails on the floor, enable the Dummy backend:
#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
#####################################
# Authentication Configuration #
#####################################
## LDAP / ActiveDirectory authentication setup
#USE_LDAP_AUTH = True
#LDAP_SERVER = "ldap.mycompany.com"
#LDAP_PORT = 389
# OR
#LDAP_URI = "ldaps://ldap.mycompany.com:636"
#LDAP_SEARCH_BASE = "OU=users,DC=mycompany,DC=com"
#LDAP_BASE_USER = "CN=some_readonly_account,DC=mycompany,DC=com"
#LDAP_BASE_PASS = "readonly_account_password"
#LDAP_USER_QUERY = "(username=%s)" #For Active Directory use "(sAMAccountName=%s)"
#
# If you want to further customize the ldap connection options you should
# directly use ldap.set_option to set the ldap module's global options.
# For example:
#
#import ldap
#ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
#ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, "/etc/ssl/ca")
#ldap.set_option(ldap.OPT_X_TLS_CERTFILE, "/etc/ssl/mycert.pem")
#ldap.set_option(ldap.OPT_X_TLS_KEYFILE, "/etc/ssl/mykey.pem")
# See http://www.python-ldap.org/ for further details on these options.
## REMOTE_USER authentication. See: https://docs.djangoproject.com/en/dev/howto/auth-remote-user/
#USE_REMOTE_USER_AUTHENTICATION = True
# Override the URL for the login link (e.g. for django_openid_auth)
#LOGIN_URL = '/account/login'
##########################
# Database Configuration #
##########################
# By default sqlite is used. If you cluster multiple webapps you will need
# to setup an external database (such as MySQL) and configure all of the webapp
# instances to use the same database. Note that this database is only used to store
# Django models such as saved graphs, dashboards, user preferences, etc.
# Metric data is not stored here.
#
# DO NOT FORGET TO RUN 'manage.py syncdb' AFTER SETTING UP A NEW DATABASE
#
# The following built-in database engines are available:
# django.db.backends.postgresql # Removed in Django 1.4
# django.db.backends.postgresql_psycopg2
# django.db.backends.mysql
# django.db.backends.sqlite3
# django.db.backends.oracle
#
# The default is 'django.db.backends.sqlite3' with file 'graphite.db'
# located in STORAGE_DIR
#
#DATABASES = {
# 'default': {
# 'NAME': '/opt/graphite/storage/graphite.db',
# 'ENGINE': 'django.db.backends.sqlite3',
# 'USER': '',
# 'PASSWORD': '',
# 'HOST': '',
# 'PORT': ''
# }
#}
#
#########################
# Cluster Configuration #
#########################
# (To avoid excessive DNS lookups you want to stick to using IP addresses only in this entire section)
#
# This should list the IP address (and optionally port) of the webapp on each
# remote server in the cluster. These servers must each have local access to
# metric data. Note that the first server to return a match for a query will be
# used.
#CLUSTER_SERVERS = ["10.0.2.2:80", "10.0.2.3:80"]
## These are timeout values (in seconds) for requests to remote webapps
#REMOTE_STORE_FETCH_TIMEOUT = 6 # Timeout to fetch series data
#REMOTE_STORE_FIND_TIMEOUT = 2.5 # Timeout for metric find requests
#REMOTE_STORE_RETRY_DELAY = 60 # Time before retrying a failed remote webapp
#REMOTE_FIND_CACHE_DURATION = 300 # Time to cache remote metric find results
## Remote rendering settings
# Set to True to enable rendering of Graphs on a remote webapp
#REMOTE_RENDERING = True
# List of IP (and optionally port) of the webapp on each remote server that
# will be used for rendering. Note that each rendering host should have local
# access to metric data or should have CLUSTER_SERVERS configured
#RENDERING_HOSTS = []
#REMOTE_RENDER_CONNECT_TIMEOUT = 1.0
# If you are running multiple carbon-caches on this machine (typically behind a relay using
# consistent hashing), you'll need to list the ip address, cache query port, and instance name of each carbon-cache
# instance on the local machine (NOT every carbon-cache in the entire cluster). The default cache query port is 7002
# and a common scheme is to use 7102 for instance b, 7202 for instance c, etc.
#
# You *should* use 127.0.0.1 here in most cases
#CARBONLINK_HOSTS = ["127.0.0.1:7002:a", "127.0.0.1:7102:b", "127.0.0.1:7202:c"]
#CARBONLINK_TIMEOUT = 1.0
#####################################
# Additional Django Settings #
#####################################
# Uncomment the following line for direct access to Django settings such as
# MIDDLEWARE_CLASSES or APPS
#from graphite.app_settings import *
postactivate 0000664 0000000 0000000 00000000325 12462436021 0034177 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite/files export AMQP_URI=amqp://{{ pillar['amqp']['user'] }}:{{ pillar['amqp']['password'] }}@{{ pillar['amqp']['host'] }}:{{ pillar['amqp']['port'] }}/{{ pillar['amqp']['vhost'] }}
export CACHE_URI={{ pillar['cache'] }}
requirements.txt 0000664 0000000 0000000 00000000177 12462436021 0035037 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite/files Django==1.5
Twisted<12.0
python-memcached
txAMQP
simplejson
django-tagging
gunicorn
pytz
pyparsing
whisper
carbon
graphite-web
storage-schemas.conf 0000664 0000000 0000000 00000000162 12462436021 0035501 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite/files [carbon]
pattern = ^carbon\.
retentions = 60:90d
[default]
pattern = .*
retentions = 60s:1d,240s:1w,1h:30d,6h:1y
syncdb.sh 0000664 0000000 0000000 00000000311 12462436021 0033357 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite/files #!/bin/bash
su - {{ pillar['graphite']['user'] }}
source /home/{{ pillar['graphite']['user'] }}/.virtualenvs/graphite/bin/activate;
cd /opt/graphite/webapp/graphite/
python manage.py syncdb --noinput
init.sls 0000664 0000000 0000000 00000001051 12462436021 0032127 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite include:
- graphite.rabbitmq
- graphite.virtualenv
- graphite.configuration
graphite:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- ntp
- python-cairo
- require:
- user: {{ pillar['graphite']['user'] }}
- require_in:
- virtualenv: virtualenv_graphite
- service: graphite
- service: graphite-carbon
user:
- present
- name: {{ pillar['graphite']['user'] }}
- gid_from_name: True
service:
- running
graphite-carbon:
service:
- running
rabbitmq.sls 0000664 0000000 0000000 00000000735 12462436021 0032775 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite rabbitmq-server_monitor:
pkg.installed:
- name: rabbitmq-server
service:
- name: rabbitmq-server
- running
rabbitmq_user_monitor:
rabbitmq_user.present:
- name: {{ pillar['graphite']['user'] }}
- password: {{ pillar['graphite']['password'] }}
virtual_host_monitor:
rabbitmq_vhost.present:
- name: {{ pillar['graphite']['vhost']}}
- user: {{ pillar['graphite']['user'] }}
- conf: .*
- write: .*
- read: .*
virtualenv.sls 0000664 0000000 0000000 00000001466 12462436021 0033375 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/graphite virtualenv_graphite:
virtualenv.managed:
- name: /home/{{ pillar['graphite']['user'] }}/.virtualenvs/graphite
- requirements: /home/{{ pillar['graphite']['user'] }}/requirements.txt
- runas: {{ pillar['graphite']['user'] }}
- require:
- user: {{ pillar['graphite']['user'] }}
- file: /home/{{ pillar['graphite']['user'] }}/requirements.txt
- file: /opt/graphite
global-site-packages:
file.absent:
- name: /home/{{pillar['graphite']['user'] }}/.virtualenvs/graphite/lib/python2.7/no-global-site-packages.txt
- require:
- virtualenv: virtualenv_graphite
salt://graphite/files/syncdb.sh:
cmd.script:
- template: jinja
- user: {{ pillar['graphite']['user'] }}
- require:
- virtualenv: virtualenv_graphite
- user: {{ pillar['graphite']['user'] }}
salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager/0000775 0000000 0000000 00000000000 12462436021 0030332 5 ustar 00root root 0000000 0000000 agentgit.sls 0000664 0000000 0000000 00000000416 12462436021 0032601 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager include:
- common
agentgit:
git.latest:
- name: {{ pillar['agent']['repo_name'] }}
- rev: {{ pillar['agent']['repo_revision'] }}
- target: /home/{{ pillar['user'] }}/agent/agent-linux
- runas: {{ pillar['user'] }}
- require:
- pkg: git
configuration.sls 0000664 0000000 0000000 00000003301 12462436021 0033642 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager manager_postactivate:
file.managed:
- name: /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate
- source: salt://manager/files/postactivate
- template: jinja
- user: {{ pillar['user'] }}
- mode: 700
portal.conf:
file.managed:
{% if pillar['deployment_type'] == 'production' %}
- name: /etc/init/portal-uwsgi.conf
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/portal-uwsgi.conf
{% else %}
- name: /etc/init/portal.conf
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/portal.conf
{% endif %}
/etc/init/manager.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/manager.conf
/etc/init/mancelery.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/mancelery.conf
/etc/init/moncelery.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/moncelery.conf
/etc/init/slowcelery.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/circle/miscellaneous/slowcelery.conf
salt://manager/files/init.sh:
cmd.script:
- template: jinja
- user: {{ pillar['user'] }}
- stateful: true
- require:
- virtualenv: virtualenv_manager
- file: /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate
- user: {{ pillar['user'] }}
files/ 0000775 0000000 0000000 00000000000 12462436021 0031355 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager compile.sh 0000664 0000000 0000000 00000001363 12462436021 0033344 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager/files #!/bin/bash
cd /home/{{ pillar['user'] }}/circle/circle/
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/activate
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate
MANAGE="python /home/{{ pillar['user'] }}/circle/circle/manage.py"
bower install
$MANAGE compileless
$MANAGE compilejsi18n -o dashboard/static/jsi18n
COLLECTED=$($MANAGE collectstatic --noinput |
awk '/static files copied to/ {print $1}')
OLD_SHA=$(sha1sum locale/hu/LC_MESSAGES/*.mo)
$MANAGE compilemessages
NEW_SHA=$(sha1sum locale/hu/LC_MESSAGES/*.mo)
echo "$COLLECTED $NEW_SHA $OLD_SHA"
if [ "$NEW_SHA" != "$OLD_SHA" -o "$COLLECTED" -ne 0 ]; then
CHANGED=yes
else
CHANGED=no
fi
echo "changed=$CHANGED comment='copied: $COLLECTED'"
init.sh 0000664 0000000 0000000 00000001367 12462436021 0032663 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager/files #!/bin/bash
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/activate
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate
{% set fw = pillar['fwdriver'] %}
exec python /home/{{ pillar['user'] }}/circle/circle/manage.py init \
--portal-ip={{ fw['portal_ip'] }} \
--external-net={{ fw['external_net'] }} \
--management-net={{ fw['management_net'] }} \
--vm-net={{ fw['vm_net'] }} \
--admin-user={{ pillar['admin_user'] }} \
--admin-pass={{ pillar['admin_pass'] }} \
--datastore-queue={{ pillar['storagedriver']['queue_name'] }} \
--firewall-queue={{ fw['queue_name'] }} \
--external-if={{ fw['external_if'] }} \
--management-if={{ fw['management_if'] }} \
--trunk-if={{ fw['trunk_if'] }}
nginx.conf 0000664 0000000 0000000 00000002750 12462436021 0033353 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager/files ignore_invalid_headers on;
server {
listen 443 ssl default;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
{% if pillar['deployment_type'] == "production" %}
location /media {
alias /home/{{ pillar['user'] }}/circle/circle/media; # your Django project's media files
}
location /static {
alias /home/{{ pillar['user'] }}/circle/circle/static_collected; # your Django project's static files
}
{% endif %}
location /doc {
alias /home/cloud/circle-website/_build/html;
}
location / {
{% if pillar['deployment_type'] == "production" %}
uwsgi_pass unix:///tmp/uwsgi.sock;
include /etc/nginx/uwsgi_params; # or the uwsgi_params you installed manually
{% else %}
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_Host;
proxy_set_header X-Forwarded-Protocol https;
{% endif %}
}
location /vnc/ {
proxy_pass http://localhost:9999;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
server {
listen 80 default;
rewrite ^ https://$host/; # permanent;
}
postactivate 0000664 0000000 0000000 00000003311 12462436021 0034004 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager/files # DO NOT EDIT THIS FILE
export AMQP_URI='amqp://{{ pillar['amqp']['user'] }}:{{ pillar['amqp']['password'] }}@{{ pillar['amqp']['host'] }}:{{ pillar['amqp']['port'] }}/{{ pillar['amqp']['vhost'] }}'
export CACHE_URI='{{ pillar['cache'] }}'
export DJANGO_SETTINGS_MODULE='circle.settings.{{ pillar['deployment_type'] }}'
export DJANGO_DB_HOST='localhost'
export DJANGO_DB_PASSWORD='{{ pillar['database']['password'] }}'
export DJANGO_FIREWALL_SETTINGS='{"dns_ip": "8.8.8.8", "dns_hostname":
"localhost", "dns_ttl": "300", "reload_sleep": "10",
"rdns_ip": "8.8.8.8", "default_vlangroup": "portforward"}'
export DJANGO_ALLOWED_HOSTS='*'
export DJANGO_MEMCACHED='localhost:11211'
#export DJANGO_SAML=TRUE
#export DJANGO_URL='<%= @django_url %>'
#export DJANGO_SAML_ATTRIBUTE_MAPPING='{"mail": ["email"], "sn": ["last_name"], "eduPersonPrincipalName": ["username"], "givenName": ["first_name"]}'
#export DJANGO_SAML_GROUP_OWNER_ATTRIBUTES='eduPersonScopedAffiliation'
#export DJANGO_SAML_GROUP_ATTRIBUTES='eduPersonScopedAffiliation'
export GRAPHITE_HOST='localhost'
export GRAPHITE_PORT='8081'
export GRAPHITE_HOST='{{ pillar['graphite']['host'] }}'
export GRAPHITE_AMQP_PORT='{{ pillar['graphite']['port'] }}'
export GRAPHITE_AMQP_USER='{{ pillar['graphite']['user'] }}'
export GRAPHITE_AMQP_PASSWORD='{{ pillar['graphite']['password'] }}'
export GRAPHITE_AMQP_QUEUE='{{ pillar['graphite']['queue'] }}'
export GRAPHITE_AMQP_VHOST='{{ pillar['graphite']['vhost'] }}'
export SECRET_KEY='{{ pillar['secret_key'] }}'
export PROXY_SECRET='{{ pillar['proxy_secret'] }}'
export DEFAULT_FROM_EMAIL='root@localhost'
#LOCAL="/home//.virtualenvs/circle/bin/postactivate.local"
#test -f "$LOCAL" && . "$LOCAL"
syncdb.sh 0000664 0000000 0000000 00000001607 12462436021 0033177 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager/files #!/bin/bash
sudo stop manager >/dev/null 2>&1
sudo stop portal >/dev/null 2>&1
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/activate >/dev/null 2>&1
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate >/dev/null 2>&1
MANAGE="python /home/{{ pillar['user'] }}/circle/circle/manage.py"
OUT=$( ($MANAGE syncdb --noinput &&
$MANAGE migrate acl &&
$MANAGE migrate firewall &&
$MANAGE migrate storage &&
$MANAGE syncdb --migrate --noinput &&
$MANAGE migrate vm --merge) 2>&1)
if [ $? -ne 0 ]; then
/usr/bin/python -c "import sys; import json; sys.stdout.write(json.dumps({'changed': False, 'comment': sys.stdin.read()}) + '\n')" <<< "$OUT"
exit 1
fi
COUNT=$(/bin/egrep "Migrating forwards to" -c <<< "$OUT")
if [ $? -eq 0 ]; then
CHANGED=yes
else
CHANGED=no
fi
echo "changed=$CHANGED comment='Migrated: $COUNT'"
gitrepo.sls 0000664 0000000 0000000 00000000406 12462436021 0032447 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager include:
- common
gitrepo:
git.latest:
- name: {{ pillar['manager']['repo_name'] }}
- rev: {{ pillar['manager']['repo_revision'] }}
- target: /home/{{ pillar['user'] }}/circle
- runas: {{ pillar['user'] }}
- require:
- pkg: git
init.sls 0000664 0000000 0000000 00000001635 12462436021 0031746 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager include:
- manager.pipeline
- manager.gitrepo
- manager.agentgit
- manager.postgres
- manager.rabbitmq
- manager.virtualenv
- manager.configuration
- manager.nginx
manager:
pkg.installed:
- pkgs:
- virtualenvwrapper
- postgresql
- git
- python-pip
- python-dev
- libpq-dev
- ntp
- rabbitmq-server
- memcached
- gettext
- wget
- libxml2-dev
- libxslt1-dev
- libmemcached-dev
- swig
- require_in:
- service: postgres_service
user:
- present
- name: {{ pillar['user'] }}
- gid_from_name: True
service:
- running
- watch:
- file: manager_postactivate
- file: /etc/init/manager.conf
- file: /etc/init/mancelery.conf
- file: /etc/init/moncelery.conf
- file: /etc/init/slowcelery.conf
- sls: manager.gitrepo
portal:
service:
- running
nginx.sls 0000664 0000000 0000000 00000000464 12462436021 0032125 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager nginx:
pkg:
- installed
pkgrepo.managed:
- ppa: nginx/stable
- require_in:
- pkg: nginx
file.managed:
- name: /etc/nginx/conf.d/default.conf
- template: jinja
- source: salt://manager/files/nginx.conf
- user: root
- group: root
- require:
- pkg: nginx
pipeline.sls 0000664 0000000 0000000 00000000414 12462436021 0032602 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager nodejs-legacy:
pkg.installed
npm:
pkg.installed:
- require:
- pkg: nodejs-legacy
bower:
npm.installed:
- require:
- pkg: npm
less:
npm.installed:
- require:
- pkg: npm
yuglify:
npm.installed:
- require:
- pkg: npm
postgres.sls 0000664 0000000 0000000 00000001112 12462436021 0032637 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager postgres_service:
service.running:
- name: postgresql
dbuser:
postgres_user.present:
- name: {{ pillar['database']['user'] }}
- password: {{ pillar['database']['password'] }}
- runas: postgres
- require:
- service: postgresql
database:
postgres_database.present:
- name: {{ pillar['database']['name'] }}
- encoding: UTF8
- lc_ctype: en_US.UTF8
- lc_collate: en_US.UTF8
- template: template0
- owner: {{ pillar['database']['user'] }}
- runas: postgres
- require:
- service: postgresql
- postgres_user: dbuser
rabbitmq.sls 0000664 0000000 0000000 00000000631 12462436021 0032577 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager rabbitmq-server:
pkg.installed:
- name: rabbitmq-server
service:
- running
rabbitmq_user:
rabbitmq_user.present:
- name: {{ pillar['amqp']['user'] }}
- password: {{ pillar['amqp']['password'] }}
virtual_host:
rabbitmq_vhost.present:
- name: {{ pillar['amqp']['vhost']}}
- user: {{ pillar['amqp']['user'] }}
- conf: .*
- write: .*
- read: .*
virtualenv.sls 0000664 0000000 0000000 00000001657 12462436021 0033206 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/manager include:
- common
virtualenv_manager:
virtualenv.managed:
- name: /home/{{ pillar['user'] }}/.virtualenvs/circle
- requirements: /home/{{ pillar['user'] }}/circle/requirements/{{ pillar['deployment_type'] }}.txt
- runas: {{ pillar['user'] }}
- cwd: /home/{{ pillar['user'] }}/circle/
- no_chown: true
- require:
- git: gitrepo
salt://manager/files/syncdb.sh:
cmd.script:
- template: jinja
- user: {{ pillar['user'] }}
- stateful: true
- require:
- virtualenv: virtualenv_manager
- file: /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate
- user: {{ pillar['user'] }}
salt://manager/files/compile.sh:
cmd.script:
- template: jinja
- user: {{ pillar['user'] }}
- stateful: true
- require:
- virtualenv: virtualenv_manager
- file: /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate
- user: {{ pillar['user'] }}
monitor-client/ 0000775 0000000 0000000 00000000000 12462436021 0031604 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt configuration.sls 0000664 0000000 0000000 00000000703 12462436021 0035176 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/monitor-client /home/{{ pillar['user'] }}/.virtualenvs/monitor-client/bin/postactivate:
file.managed:
- source: salt://monitor-client/files/postactivate
- template: jinja
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- mode: 700
/etc/init/monitor-client.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/monitor-client/miscellaneous/monitor-client.conf
files/ 0000775 0000000 0000000 00000000000 12462436021 0032706 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/monitor-client postactivate 0000664 0000000 0000000 00000000560 12462436021 0035340 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/monitor-client/files export GRAPHITE_HOST='{{ pillar['graphite']['host'] }}'
export GRAPHITE_PORT='{{ pillar['graphite']['port'] }}'
export GRAPHITE_AMQP_USER='{{ pillar['graphite']['user'] }}'
export GRAPHITE_AMQP_PASSWORD='{{ pillar['graphite']['password'] }}'
export GRAPHITE_AMQP_QUEUE='{{ pillar['graphite']['queue'] }}'
export GRAPHITE_AMQP_VHOST='{{ pillar['graphite']['vhost'] }}'
gitrepo.sls 0000664 0000000 0000000 00000000511 12462436021 0033775 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/monitor-client include:
- common
gitrepo_monitor-client:
git.latest:
- name: {{ pillar['monitor-client']['repo_name'] }}
- rev: {{ pillar['monitor-client']['repo_revision'] }}
- target: /home/{{ pillar['user'] }}/monitor-client
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- require:
- pkg: git
init.sls 0000664 0000000 0000000 00000001021 12462436021 0033264 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/monitor-client include:
- monitor-client.gitrepo
- monitor-client.virtualenv
- monitor-client.configuration
monitor-client:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- ntp
- wget
- python-dev
- require_in:
- git: gitrepo_monitor-client
- virtualenv: virtualenv_monitor-client
service:
- running
- watch:
- pkg: monitor-client
- sls: monitor-client.gitrepo
- sls: monitor-client.virtualenv
- sls: monitor-client.configuration
virtualenv.sls 0000664 0000000 0000000 00000000372 12462436021 0034530 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/monitor-client virtualenv_monitor-client:
virtualenv.managed:
- name: /home/{{ pillar['user'] }}/.virtualenvs/monitor-client
- requirements: /home/{{ pillar['user'] }}/monitor-client/requirements.txt
- runas: {{ pillar['user'] }}
- no_chown: true
salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/network/0000775 0000000 0000000 00000000000 12462436021 0030411 5 ustar 00root root 0000000 0000000 files/ 0000775 0000000 0000000 00000000000 12462436021 0031434 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/network reload_firewall.sh 0000664 0000000 0000000 00000000341 12462436021 0035121 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/network/files #!/bin/bash
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/activate
source /home/{{ pillar['user'] }}/.virtualenvs/circle/bin/postactivate
python /home/{{ pillar['user'] }}/circle/circle/manage.py reload_firewall
init.sls 0000664 0000000 0000000 00000002550 12462436021 0032022 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/network ovs-if:
cmd.run:
- name: ovs-vsctl add-port cloud man0 tag=3 -- set Interface man0 type=internal
- unless: ovs-vsctl list-ifaces cloud | grep "^man0$"
linka:
network.managed:
- enabled: True
- type: eth
- proto: manual
- pre_up_cmds:
- ip link add linka type veth peer name linkb
- /etc/init.d/openvswitch-switch restart
- /usr/bin/ovs-vsctl --if-exists del-port cloud linka
- /usr/bin/ovs-vsctl --may-exist add-port cloud linka
- ip link set linka up
- ip link set linkb up
- post_down_cmds:
- ip link del linka
{{ pillar['fwdriver']['external_if'] }}:
network.managed:
- enabled: True
- type: eth
- proto: manual
man0:
network.managed:
- enabled: True
- type: eth
- proto: static
- ipaddr: {{ pillar['fwdriver']['portal_ip'] }}
- netmask: {{ pillar['fwdriver']['portal_netmask'] }}
- gateway: {{ pillar['fwdriver']['management_net'].split('/')[0] }}
- dns:
- 8.8.8.8
- 8.8.4.4
- pre_up_cmds:
- /etc/init.d/openvswitch-switch restart
- require:
- cmd: ovs-if
firewall2:
service:
- name: firewall
- running
- require:
- network: man0
salt://network/files/reload_firewall.sh:
cmd.script:
- template: jinja
- user: {{ pillar['user'] }}
- require:
- service: firewall2
- network: linka
nfs-client/ 0000775 0000000 0000000 00000000000 12462436021 0030703 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt init.sls 0000664 0000000 0000000 00000000466 12462436021 0032377 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/nfs-client nfs-client:
pkg.installed:
- pkgs:
- nfs-common
- require_in:
- mount: /datastore
/datastore:
mount.mounted:
- device: {{ pillar['nfs']['server'] }}:/datastore
- fstype: nfs
- opts: rw,nfsvers=3,noatime
- dump: 0
- pass_num: 2
- persist: True
- mkmnt: True
salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/node.sls0000664 0000000 0000000 00000000120 12462436021 0030361 0 ustar 00root root 0000000 0000000 include:
- agentdriver
- monitor-client
- vmdriver
- nfs-client
storagedriver/ 0000775 0000000 0000000 00000000000 12462436021 0031521 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt configuration.sls 0000664 0000000 0000000 00000001353 12462436021 0035115 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/storagedriver /home/{{ pillar['user'] }}/.virtualenvs/storagedriver/bin/postactivate:
file.managed:
- source: salt://storagedriver/files/postactivate
- template: jinja
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- mode: 700
/etc/init/storagecelery.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/storagedriver/miscellaneous/storagecelery.conf
/etc/init/storage.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/storagedriver/miscellaneous/storage.conf
/datastore:
file.directory:
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- mode: 755
files/ 0000775 0000000 0000000 00000000000 12462436021 0032623 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/storagedriver agentdriver.incron 0000664 0000000 0000000 00000000115 12462436021 0036344 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/storagedriver/files /var/lib/libvirt/serial IN_CREATE setfacl -m u:{{ pillar['user'] }}:rw $@/$#
exports.tmpl 0000664 0000000 0000000 00000000171 12462436021 0035224 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/storagedriver/files {{ pillar['nfs']['directory'] }} {{ pillar['nfs']['network'] }}(rw,async,insecure,no_subtree_check,no_root_squash)
postactivate 0000664 0000000 0000000 00000000325 12462436021 0035254 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/storagedriver/files export AMQP_URI=amqp://{{ pillar['amqp']['user'] }}:{{ pillar['amqp']['password'] }}@{{ pillar['amqp']['host'] }}:{{ pillar['amqp']['port'] }}/{{ pillar['amqp']['vhost'] }}
export CACHE_URI={{ pillar['cache'] }}
gitrepo.sls 0000664 0000000 0000000 00000000505 12462436021 0033715 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/storagedriver include:
- common
gitrepo_storagedriver:
git.latest:
- name: {{ pillar['storagedriver']['repo_name'] }}
- rev: {{ pillar['storagedriver']['repo_revision'] }}
- target: /home/{{ pillar['user'] }}/storagedriver
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- require:
- pkg: git
init.sls 0000664 0000000 0000000 00000001141 12462436021 0033204 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/storagedriver include:
- storagedriver.gitrepo
- storagedriver.virtualenv
- storagedriver.configuration
- storagedriver.nfs-server
storagedriver:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- python-dev
- libmemcached-dev
- ntp
- zlib1g-dev
- qemu-utils
- require_in:
- git: gitrepo_storagedriver
- virtualenv: virtualenv_storagedriver
storage:
service:
- running
- watch:
- pkg: storagedriver
- sls: storagedriver.gitrepo
- sls: storagedriver.virtualenv
- sls: storagedriver.configuration
nfs-server.sls 0000664 0000000 0000000 00000000550 12462436021 0034336 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/storagedriver {% if pillar['nfs']['enabled'] %}
nfs-server:
service:
- name: nfs-kernel-server
- running
- watch:
- file: /etc/exports
pkg.installed:
- name: nfs-kernel-server
/etc/exports:
file:
- append
- template: jinja
- sources:
- salt://storagedriver/files/exports.tmpl
- require:
- pkg: nfs-server
{% endif %}
virtualenv.sls 0000664 0000000 0000000 00000000402 12462436021 0034437 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/storagedriver virtualenv_storagedriver:
virtualenv.managed:
- name: /home/{{ pillar['user'] }}/.virtualenvs/storagedriver
- requirements: /home/{{ pillar['user'] }}/storagedriver/requirements/production.txt
- runas: {{ pillar['user'] }}
- no_chown: true
salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/top.sls 0000664 0000000 0000000 00000000027 12462436021 0030244 0 ustar 00root root 0000000 0000000 base:
'*':
- vim
vmdriver/ 0000775 0000000 0000000 00000000000 12462436021 0030477 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt configuration.sls 0000664 0000000 0000000 00000002033 12462436021 0034067 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vmdriver /home/{{ pillar['user'] }}/.virtualenvs/vmdriver/bin/postactivate:
file.managed:
- source: salt://vmdriver/files/postactivate
- template: jinja
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- mode: 700
/etc/init/vmcelery.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/vmdriver/miscellaneous/vmcelery.conf
/etc/init/netcelery.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/vmdriver/miscellaneous/netcelery.conf
/etc/init/node.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/vmdriver/miscellaneous/node.conf
ovs-bridge:
cmd.run:
- name: ovs-vsctl add-br cloud
- unless: ovs-vsctl list-br | grep "^cloud$"
/etc/sudoers.d/netdriver:
file.managed:
- source: salt://vmdriver/files/sudoers
- template: jinja
- user: root
- group: root
- mode: 600
files/ 0000775 0000000 0000000 00000000000 12462436021 0031601 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vmdriver apparmor-libvirt 0000664 0000000 0000000 00000000333 12462436021 0035015 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vmdriver/files #
# This profile is for the domain whose UUID matches this file.
#
#include
profile LIBVIRT_TEMPLATE {
#include
/var/lib/libvirt/serial/** rwk,
/dev/vhost-net rw,
}
postactivate 0000664 0000000 0000000 00000000451 12462436021 0034232 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vmdriver/files export AMQP_URI=amqp://{{ pillar['amqp']['user'] }}:{{ pillar['amqp']['password'] }}@{{ pillar['amqp']['host'] }}:{{ pillar['amqp']['port'] }}/{{ pillar['amqp']['vhost'] }}
export CACHE_URI={{ pillar['cache'] }}
export LIBVIRT_URI=qemu:///system
export HYPERVISOR_TYPE=kvm
export NATIVE_OVS=True
sudoers 0000664 0000000 0000000 00000000147 12462436021 0033212 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vmdriver/files {{ pillar['user'] }} ALL = (ALL) NOPASSWD: /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /sbin/ip link set *
usr.lib.libvirt.virt-aa-helper 0000664 0000000 0000000 00000003470 12462436021 0037377 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vmdriver/files # Last Modified: Mon Jul 06 17:22:37 2009
#include
/usr/lib/libvirt/virt-aa-helper {
#include
#include
# needed for searching directories
capability dac_override,
capability dac_read_search,
# needed for when disk is on a network filesystem
network inet,
deny @{PROC}/[0-9]*/mounts r,
@{PROC}/[0-9]*/net/psched r,
owner @{PROC}/[0-9]*/status r,
@{PROC}/filesystems r,
# for hostdev
/sys/devices/ r,
/sys/devices/** r,
/sys/bus/usb/devices/ r,
/sys/bus/usb/devices/** r,
deny /dev/sd* r,
deny /dev/dm-* r,
deny /dev/mapper/ r,
deny /dev/mapper/* r,
/usr/lib/libvirt/virt-aa-helper mr,
/sbin/apparmor_parser Ux,
/etc/apparmor.d/libvirt/* r,
/etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,
# For backingstore, virt-aa-helper needs to peek inside the disk image, so
# allow access to non-hidden files in @{HOME} as well as storage pools, and
# removable media and filesystems, and certain file extentions. A
# virt-aa-helper failure when checking a disk for backinsgstore is non-fatal
# (but obviously the backingstore won't be added).
audit deny @{HOME}/.* mrwkl,
audit deny @{HOME}/.*/ rw,
audit deny @{HOME}/.*/** mrwkl,
@{HOME}/ r,
@{HOME}/** r,
@{HOME}/.Private/** mrwlk,
@{HOMEDIRS}/.ecryptfs/*/.Private/** mrwlk,
/var/lib/libvirt/images/ r,
/var/lib/libvirt/images/** r,
/var/lib/nova/images/** r,
/var/lib/nova/instances/_base/** r,
/var/lib/nova/instances/snapshots/** r,
/var/lib/eucalyptus/instances/**/disk* r,
/var/lib/eucalyptus/instances/**/loader* r,
/var/lib/uvtool/libvirt/images/** r,
/{media,mnt,opt,srv}/** r,
/**.img r,
/**.qcow{,2} r,
/**.qed r,
/**.vmdk r,
/**.[iI][sS][oO] r,
/**/disk{,.*} r,
/datastore/** r,
}
gitrepo.sls 0000664 0000000 0000000 00000000461 12462436021 0032674 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vmdriver include:
- common
gitrepo_vmdriver:
git.latest:
- name: {{ pillar['vmdriver']['repo_name'] }}
- rev: {{ pillar['vmdriver']['repo_revision'] }}
- target: /home/{{ pillar['user'] }}/vmdriver
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- require:
- pkg: git
init.sls 0000664 0000000 0000000 00000001761 12462436021 0032172 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vmdriver include:
- vmdriver.libvirt
- vmdriver.gitrepo
- vmdriver.virtualenv
- vmdriver.configuration
vmdriver:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- python-dev
- python-augeas
- ntp
- wget
- openvswitch-common
- openvswitch-switch
- openvswitch-controller
- libvirt-bin
- python-libvirt
- libxml2-dev
- libmemcached-dev
- libxslt1-dev
- zlib1g-dev
- qemu-kvm
- qemu-utils
- require_in:
- file: /etc/default/libvirt-bin
- file: /etc/apparmor.d/libvirt/TEMPLATE
- file: /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
- file: /var/lib/libvirt/serial
- augeas: libvirtconf
- service: libvirt-bin
- git: gitrepo_vmdriver
- virtualenv: virtualenv_vmdriver
node:
service:
- running
- watch:
- pkg: vmdriver
- sls: vmdriver.gitrepo
- sls: vmdriver.virtualenv
- sls: vmdriver.configuration
libvirt.sls 0000664 0000000 0000000 00000001711 12462436021 0032675 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vmdriver libvirtconf:
augeas.setvalue:
- prefix: /files/etc/libvirt/libvirtd.conf
- changes:
- listen_tcp: 1
- listen_tls: 0
- auth_tcp: "none"
/etc/default/libvirt-bin:
file.append:
- text: libvirtd_opts="-d -l"
libvirt-bin:
service:
- running
- watch:
- file: /etc/default/libvirt-bin
- augeas: libvirtconf
/etc/apparmor.d/libvirt/TEMPLATE:
file.managed:
- source: salt://vmdriver/files/apparmor-libvirt
- template: jinja
- mode: 644
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper:
file.managed:
- source: salt://vmdriver/files/usr.lib.libvirt.virt-aa-helper
- template: jinja
- mode: 644
apparmor:
service:
- reload: true
- running
- watch:
- file: /etc/apparmor.d/libvirt/TEMPLATE
- file: /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
/var/lib/libvirt/serial:
file.directory:
- makedirs: True
- user: libvirt-qemu
- group: kvm
- mode: 755
virtualenv.sls 0000664 0000000 0000000 00000003103 12462436021 0033416 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vmdriver virtualenv_vmdriver:
virtualenv.managed:
- name: /home/{{ pillar['user'] }}/.virtualenvs/vmdriver
- requirements: /home/{{ pillar['user'] }}/vmdriver/requirements/production.txt
- runas: {{ pillar['user'] }}
- no_chown: true
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirtmod_qemu.so:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirtmod_qemu.so
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirtmod.so:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirtmod.so
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirt_qemu.py:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirt_qemu.py
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirt.py:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirt.py
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirt_qemu.pyc:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirt_qemu.pyc
- require:
- virtualenv: virtualenv_vmdriver
/home/{{ pillar['user'] }}/.virtualenvs/vmdriver/lib/python2.7/site-packages/libvirt.pyc:
file.symlink:
- target: /usr/lib/python2.7/dist-packages/libvirt.pyc
- require:
- virtualenv: virtualenv_vmdriver
vncproxy/ 0000775 0000000 0000000 00000000000 12462436021 0030531 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt configuration.sls 0000664 0000000 0000000 00000000645 12462436021 0034130 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vncproxy /home/{{ pillar['user'] }}/.virtualenvs/vncproxy/bin/postactivate:
file.managed:
- source: salt://vncproxy/files/postactivate
- template: jinja
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- mode: 700
/etc/init/vncproxy.conf:
file.managed:
- user: root
- group: root
- template: jinja
- source: file:///home/{{ pillar['user'] }}/vncproxy/miscellaneous/vncproxy.conf
files/ 0000775 0000000 0000000 00000000000 12462436021 0031633 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vncproxy postactivate 0000664 0000000 0000000 00000000061 12462436021 0034261 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vncproxy/files export PROXY_SECRET={{ pillar['proxy_secret'] }}
gitrepo.sls 0000664 0000000 0000000 00000000461 12462436021 0032726 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vncproxy include:
- common
gitrepo_vncproxy:
git.latest:
- name: {{ pillar['vncproxy']['repo_name'] }}
- rev: {{ pillar['vncproxy']['repo_revision'] }}
- target: /home/{{ pillar['user'] }}/vncproxy
- user: {{ pillar['user'] }}
- group: {{ pillar['user'] }}
- require:
- pkg: git
init.sls 0000664 0000000 0000000 00000000750 12462436021 0032221 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vncproxy include:
- vncproxy.gitrepo
- vncproxy.virtualenv
- vncproxy.configuration
vncproxy:
pkg.installed:
- pkgs:
- virtualenvwrapper
- git
- python-pip
- ntp
- wget
- libffi-dev
- libssl-dev
- require_in:
- git: gitrepo_vncproxy
- virtualenv: virtualenv_vncproxy
service:
- running
- watch:
- pkg: vncproxy
- sls: vncproxy.gitrepo
- sls: vncproxy.virtualenv
- sls: vncproxy.configuration
virtualenv.sls 0000664 0000000 0000000 00000000350 12462436021 0033451 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/vncproxy virtualenv_vncproxy:
virtualenv.managed:
- name: /home/{{ pillar['user'] }}/.virtualenvs/vncproxy
- requirements: /home/{{ pillar['user'] }}/vncproxy/requirements.txt
- runas: {{ pillar['user'] }}
- no_chown: true
salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/win/ 0000775 0000000 0000000 00000000000 12462436021 0027515 5 ustar 00root root 0000000 0000000 repo/ 0000775 0000000 0000000 00000000000 12462436021 0030403 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/win 7zip/ 0000775 0000000 0000000 00000000000 12462436021 0031274 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/win/repo init.sls 0000664 0000000 0000000 00000000532 12462436021 0032762 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/win/repo/7zip 7zip:
9.20.00.0:
installer: 'http://hivelocity.dl.sourceforge.net/project/sevenzip/7-Zip/9.20/7z920-x64.msi'
full_name: '7-Zip 9.20 (x64 edition)'
reboot: False
install_flags: ' /q '
msiexec: True
uninstaller: 'http://hivelocity.dl.sourceforge.net/project/sevenzip/7-Zip/9.20/7z920-x64.msi'
uninstall_flags: ' /qn'
msysgit/ 0000775 0000000 0000000 00000000000 12462436021 0032102 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/win/repo init.sls 0000664 0000000 0000000 00000000572 12462436021 0033574 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/win/repo/msysgit msysgit:
1.9.4-preview20140815:
installer: 'https://github.com/msysgit/msysgit/releases/download/Git-1.9.4-preview20140815/Git-1.9.4-preview20140815.exe'
install_flags: ' /VERYSILENT /NOREBOOT'
full_name: 'Git version 1.9.4-preview20140815'
reboot: False
uninstaller: 'C:\Program Files (x86)\Git\unins000.exe'
uninstall_flags: ' /VERYSILENT /NOREBOOT'
python2/ 0000775 0000000 0000000 00000000000 12462436021 0032006 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/win/repo init.sls 0000664 0000000 0000000 00000000502 12462436021 0033471 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/win/repo/python2 python2:
2.7.8150:
full_name: 'Python 2.7.8 (64-bit)'
msiexec: True
installer: 'https://www.python.org/ftp/python/2.7.8/python-2.7.8.amd64.msi'
install_flags: '/qn /norestart'
uninstaller: 'https://www.python.org/ftp/python/2.7.8/python-2.7.8.amd64.msi'
uninstall_flags: '/qn'
reboot: False
winrepo.p 0000664 0000000 0000000 00000001774 12462436021 0032260 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/win/repo repo7zip9.20.00.0install_flags /q msiexecïuninstall_flags /qnfull_name7-Zip 9.20 (x64 edition)installer Nhttp://hivelocity.dl.sourceforge.net/project/sevenzip/7-Zip/9.20/7z920-x64.msiuninstaller Nhttp://hivelocity.dl.sourceforge.net/project/sevenzip/7-Zip/9.20/7z920-x64.msireboot§msysgit1.9.4-preview20140815install_flags /VERYSILENT /NOREBOOTuninstall_flags /VERYSILENT /NOREBOOTfull_name !Git version 1.9.4-preview20140815installer lhttps://github.com/msysgit/msysgit/releases/download/Git-1.9.4-preview20140815/Git-1.9.4-preview20140815.exeuninstaller 'C:\Program Files (x86)\Git\unins000.exereboot§python22.7.8150install_flags/qn /norestartmsiexecïuninstall_flags/qnfull_namePython 2.7.8 (64-bit)installer >https://www.python.org/ftp/python/2.7.8/python-2.7.8.amd64.msiuninstaller >https://www.python.org/ftp/python/2.7.8/python-2.7.8.amd64.msireboot¨name_map7-Zip 9.20 (x64 edition)7zipPython 2.7.8 (64-bit)python2 !Git version 1.9.4-preview20140815msysgit winagent/ 0000775 0000000 0000000 00000000000 12462436021 0030455 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt files/ 0000775 0000000 0000000 00000000000 12462436021 0031557 5 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/winagent distutils.cfg 0000664 0000000 0000000 00000000033 12462436021 0034260 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/winagent/files [build]
compiler = mingw32
init.sls 0000664 0000000 0000000 00000004627 12462436021 0032154 0 ustar 00root root 0000000 0000000 salt-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183-902c7b08279baddf0f0e1ee4ffed79e3d4f8f183/salt/winagent msysgit:
pkg.installed
python2:
pkg.installed
7zip:
pkg.installed
get-pip.py:
file.managed:
- name: c:/get-pip.py
- source: https://raw.githubusercontent.com/pypa/pip/master/contrib/get-pip.py
- source_hash: md5=515f9476562994aa997df488c6c6c080
ez_setup.py:
file.managed:
- name: c:/ez_setup.py
- source: https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py
- source_hash: md5=4cfc24855347d1e01a73ff38830455b4
mingwget.zip:
file.managed:
- name: c:/mingwget.zip
- source: http://heanet.dl.sourceforge.net/project/mingw/Installer/mingw-get/mingw-get-0.6.2-beta-20131004-1/mingw-get-0.6.2-mingw32-beta-20131004-1-bin.zip
- source_hash: md5=971778e9330ae006aaeb2d63344be5f3
psutil.exe:
file.managed:
- name: c:/psutil.exe
- source: https://pypi.python.org/packages/2.7/p/psutil/psutil-2.1.3.win32-py2.7.exe
- source_hash: md5=57ded53eb8082c438f626c9e0de3357a
distutils.cfg:
file.managed:
- name: C:\python27\Lib\distutils\distutils.cfg
- source: salt://winagent/files/distutils.cfg
- template: jinja
getpip:
cmd.run:
- name: c:/python27/python.exe c:/get-pip.py
- unless: which pip
- require:
- pkg: python2
- file: get-pip.py
- reload_modules: True
easy_install:
cmd.run:
- name: c:/python27/python.exe c:/ez_setup.py > nul
- unless: which pip
- require:
- pkg: python2
- file: ez_setup.py
- reload_modules: True
unzip-mingw:
cmd.run:
- name: '"c:/Program Files/7-zip/7z.exe" x -o"C:\MinGW" -y c:/mingwget.zip'
- require:
- pkg: 7zip
- file: mingwget.zip
install_gcc:
cmd.run:
- name: 'c:\MinGW\bin\mingw-get install gcc'
- require:
- cmd: unzip-mingw
- win_path: 'C:\MinGW\bin'
pywin32:
file.managed:
- name: 'C:/pywin32.exe'
- source: http://softlayer-ams.dl.sourceforge.net/project/pywin32/pywin32/Build%20219/pywin32-219.win32-py2.7.exe
- source_hash: md5=f270e9f88155f649fc1a6c2f85aa128d
install_pywin32:
cmd.run:
- name: 'c:/Python27/Scripts/easy_install c:/pywin32.exe'
- require:
- file: pywin32
git_clone:
cmd.run:
- name: '"C:\Program Files (x86)\Git\bin\git.exe" clone {{ pillar['agent']['repo_name'] }} c:/agent'
- require:
- pkg: msysgit
pyinstaller_agent:
cmd.run:
- name: 'pyinstaller -F --hidden-import pkg_resources --hidden-import infi agent-winservice.py'
- cwd: 'c:/agent'