From 6ff8918ccb07a8e1964db5eb2bbeb6b6e2340277 Mon Sep 17 00:00:00 2001 From: Stasiek Michalski Date: Jan 22 2020 16:26:30 +0000 Subject: Configure jekyll --- diff --git a/pillar/id/jekyll_infra_opensuse_org.sls b/pillar/id/jekyll_infra_opensuse_org.sls index ea5e0b7..0c04e65 100644 --- a/pillar/id/jekyll_infra_opensuse_org.sls +++ b/pillar/id/jekyll_infra_opensuse_org.sls @@ -5,6 +5,7 @@ grains: - news.o.o - planet.o.o roles: + - jekyll_master - web_jekyll reboot_safe: yes salt_cluster: opensuse diff --git a/pillar/role/jekyll_master.sls b/pillar/role/jekyll_master.sls new file mode 100644 index 0000000..21d14f8 --- /dev/null +++ b/pillar/role/jekyll_master.sls @@ -0,0 +1,12 @@ +{% if salt['grains.get']('include_secrets', True) %} +include: + - secrets.role.jekyll_master +{% endif %} + +profile: + web_jekyll: + git_repos: + news.opensuse.org: + repo: https://github.com/openSUSE/news-o-o.git + planet.opensuse.org: + repo: https://github.com/hellcp/planet-o-o.git diff --git a/pillar/role/web_jekyll.sls b/pillar/role/web_jekyll.sls index 5dc3bec..93ee96d 100644 --- a/pillar/role/web_jekyll.sls +++ b/pillar/role/web_jekyll.sls @@ -51,3 +51,8 @@ nginx: - error_log: /var/log/nginx/{{ website }}.error.log enabled: True {% endfor %} + +profile: + web_jekyll: + ssh_pubkey: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJVddqh51YNoPglOnSZ9BpYH1nXzBV5ahbu0yncyL+6s web_jekyll@salt' + websites: {{ websites }} diff --git a/pillar/secrets/role/jekyll_master.sls b/pillar/secrets/role/jekyll_master.sls new file mode 100644 index 0000000..3fa084e --- /dev/null +++ b/pillar/secrets/role/jekyll_master.sls @@ -0,0 +1,88 @@ +#!yaml|gpg + +profile: + web_jekyll: + ssh_private_key: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/9FcRRwjVI49YbxiAZs3Gp5CfC47fA3SI4LhpXHT/VrJto + z/eHLLtUHd7P30Kr2wnUU+9Hq+ySe3Glkp+B4drZfT98Qn/3N850umAdnh6VALPS + ejju4ZsBKI8PD7sLlPeBFDPHy3DFgTV2us8rovkdTDfEH2Ny7WssmRVaj0WqiDDp + wUY/vsfvo8kuucpLpYYq6+RnT943otWCfG5xrrwf5AVmDVQnDX2lI46fpnciUz5r + 6svMmq/gyXR4kNRkxj26fVWYWq6pF/sGjE7A9NIrk0jHODm2oVhtx1x2/4JWZHiw + pozcwZ7JefExVShKedPr1L7FUP2Nr8Yq/qW2U/jZs5FghJjm6CJ8kEEp10zLl+Yc + bU9aZbAs5C1rzEzzDC5M5Kfoy7xafwPQF2arzpLqqa2NhwI5VqtqtBtfCU5aLLWX + 0/e2AjB7Lqv9IC8/euEGslqqA/XtRTtyXnMqY7PuKPkRhehBJu4Os2uvSXFQgch7 + 4ICUvJxVHpp+OC0digvKvDssrZXpMRDRtOjRyf+kywt+cgM57OBTEn23Z8ciQDSv + 4UT9nP8k6bqHimMeU1vpmDRszcMjjQOQdGSe4stqOS9G9P+oEZGjHCCASk+CTj7G + 7zH0AvTV4dsC1OKJhnnzGiYc2cuOM2Zoap2jo6l6ksBb5vauL9eeFxuG/q40rwIP + /j9XfSid6RlAMRSvP9iMPmRYyFxvLbhOFmSmPflGre8r9ArTWRT+ZQhoc0eo1R6O + QSc7N/0FV9LMK9LeqWJNHYGa93nI3XXnJav8QSqQ4hJ1PZadls2GqAR/z62Q9cxb + 6M7az95wdwvDnwE74cUFx86uz3QhaB1cuy47qkHh3wFgUXkS1KzVUY+5AIVul0Eo + 06otjO/jTGhH0UpCF0xlVIq2d8G9J1S1Qfs3wwqxuxr1S6xoM6yWMRoR6FMNHMt0 + FSokaRfxQuLvfjpntoBwEKPrZAQyC31IJYz+KnH9OThftld3YDnABdKdZ+EGle5J + I4yKKLdksBggSL9RqNZ5UiWrCLOc2pxsnz1MCBHLWTWhbXG5cwUHx2oQuPeTZqj1 + 3YiLThDplYlBPMBbdBORbg4PR3cLEcnak44XpKRfc2kTrxU00T5jn7gzzNlaV3VT + /0utcH8WDq+DiQSu8yUCpxkPzgAscX8YpbMuyGmqDZQPsYyWs4S/mYUYDlPBhCAx + hBRodFHno7VCFll5jS/XuHDPlelrkD+IVIZlF+LUmXKEkR/Wx2WvHzwOsCZM+9gR + cfEWGuLuYXaBsKoSp1+PB32o96TgSQ/ruEcUrsZO5AMOlFoA7Eay4TQ9mfGfvdsI + 1x89o79hzDvRf3+CZK4D4CvtoZy9IvnKRRlHFyyEVhkhhQIMA8amgupjyC8cAQ/+ + OocMyQK4OAnT/xyhQDPCWcMbCOTYcHAkre8xe8a0lmeD3Lm5+CJNS2TE+1ixWmWz + Tin0hUBRvC/LpWv7N33PhOzShQb+g1XTODd6uPWTS/PuORLfNP4252+nrRZLPym0 + 4EUBQ5X9RcFWV/hYC9Xyxxfxs/18ASZdqt2yYCRVEp2b4NN/Xgua4EA3AIwvQ/rB + ulEkcgUBnZbVh6rwBHl0sqHtYNuiO3TdTPH31icPDbsVxzym1+plfWCorNxSXBif + MByh7fa29g4GvwZeIddrNw1z3N9yJyiWIHMj6Wgv8AlPC0XvT+roYV8gaeodzX1z + 9KFDq6c8piufzGw4vWCJznbz9a5adim09jOynnkHvYUKT6kQOgdr5ow25lLXiLBS + lNyjp4AXo6c2GYi0GW83GQzY9Kowq689smfUpE8gJYzemESN8yyln1IfbNVmgsq/ + /XrJQHQ8gWF1AlKAB+KgKskmAWByoQKoDuhyGp45atxNoTcXC3p0YKuiXGQ6Eyco + mC7sZSX1lIm0YhHCKvRGWMqr82QGY0VlWyt0Cm6wZnDph6pwZt5EuxOAtQ6xmH/B + cOiE7UGbtjWkDLQEedpus+St0s8lPNY8atAOxyKrc+iq33UCDCOYOn5Kxb9i5Zhr + jsNLmnzXPgZrime6IF1ZGiSdDpXm2H9DnK72FNMid+qFAQ4DslgfDDfB4G8QA/9C + DH+d+0B0lcyhKI/miWo8hVu2dDmZiYZgBlTjh90oJZ6NIJw3EgfDgyKI2wpzPjC9 + /6Ox4+5DQX7pCZcPSJzccNazn8LiaFNWAD+Vx7mqKxubsZ+Bm0JQOkrBeffpKzfB + YjTXOIoHaPBCjcnUem9EgINDY7NjVPNpkSFA/L0wBgQAp2zIutzMU/W/Axd6DSpU + KKazd98vFbXbqiGjZSifzFz/SQNacwDrgwBrhj/QkjSLX9cCBVrE54n9XA31DIML + eiQ+YKDn8eIx5LuWit0+ZDa58/lEIYCpw7fIyuu+YF/o1BlW3E3b/VvLxeS3QAMQ + zhjV5ZEfnD/nU5mQasKr+lWFAg4DiLcKbyvsTOYQB/9t+Pi5Fk/9kVUM50p5qKei + N1baw4Pm/J3fc3RlhK0ZnEk5BFpWnrkZHVp8iRXtm8IRPYyXeofa8uRHZLTF5Rwm + 7hrltcZ+C4lmzWzPO3waZI7AB+gvZnV5FrGthv1PnUi9JdHFPQy9LdI1KTQmwChK + 17mbUrMhJeNWPQAopcPAuktkN8w9deiD07N10Xavhq91LNjc0c9cw2FD95M3LIH2 + jGwo2Wp1+3w6pbidVovMs+fN9d8+txLMPtVxREumYSecjSTQHNCg7ZCwy9qL4Ls1 + +G7tCByOrpZyyguGAEUkJmjpLJuT+lrRNEEq6QwJTgc9vgXf+5Lzlv/U3fOpY/sG + B/9WHM2TN2DA42iK6UG8Oa6YOYRtzhfynzCvzVCEYtSpDMZrg73QjgJyzEOi4uf3 + orzOdWV/lxYGyRzpSZHWnUHV55TuMeTP20ZlHIG9jnMy1gLxeCexid3VOopLrOtz + UOAYGsm0pNaCJJc77/+PiXshYumFmhYcjsQbb0AOoXbu4fpL5CjtFuh//qkuoa0S + LXd5T+Z+ZNTPhDw1pJcgjB/TyC6Uz6Pg7bf9kJexq3OR4hcnVNAoMz5gcUJpctTg + xIA0e2G6GCmk5gCoybIfXYwHf/m6/7hRp2henK0lA/vEdydCInvgiDhMP0rc8nWt + tDe30pLQNnWowxxPeFSDo+tRhQIMA1tQWD9t5xGsAQ//ZEoDzi6vHCsat01Ctm/6 + D0tXmn+2Taf7SRb9S8oHwfmNcN0yDuo4CTNUwQxhA6hdk5GcBJ83WzYZf5hGOaPb + JAEzXYc8mJkpsrZVoyX/MmlABlEUF8Z51HOosSg2zyVjHZfMqNQYF8m6JwleAYmY + ZrF2AiPy4lr13lRtRW1sJlEIMd+y+65BrXLFCABfesVS5aqu98aV8/l8fDRPCMnG + cZlrpYxthcvBlxpWXskJlUybyDk0Cjw/p67SVQcdoGtjqr/F2thEHld+DxYrzEKf + ibzDRjCqIhQlI5EE6cZgkrwxjycYxrOPezR34dhToRShr1Aq0JMv+Y594YlzvvXt + vrjEK81Wew9dQqWOHyR0lly3SEmOqnk6etJ+K7lknPqLsD5fwoOxFgIWZc99LwpR + Y65pmjLxCqeRt3fxElgirvrAbYeHVcr7nyq+xviATZAmcLXoVgbWdrloa1bHq2K3 + tBUG95jtnyS7vi6d1l+STciN5RTmxwFY/PTtIpV5QMUddcENuI/CO3YI6RN6OmrJ + ApppUxaR8t0GV5YPxLqvSL3YgpKl1JkMuktJBTXiT+pusFWwxAzTI/DlMsDBoGSy + iatVFGw0/tn/rUypY0H+WdVbnAosamvgGD88cjry/zp32w96GhpZxswrnK4ZoqZz + eU5YVW5QFBnFSNBHghB465aFAgwDrPDOChusaZEBEACEiqKrxbOOQ0nBoapZDWC/ + /+aRzivSReSi5I7LHKkn2Y2RV+fjQkkr+f5iVP9/dUdqWk2HOn0BC+px2kgg8TYa + dybr415M3DW50w1QM5BUw0VdZj/7Sx9qh0saxcDvUSU4KVJ5wl3tvgelVToOwgNM + I6iyCt8NTaje65/RBqFGBoeNw40OBBfk9YYQRmIog4hrWuEEgCd+IeJuTuo2T+on + ytaNJ+h3j3g6glLG+Gz9ZAeUagmJAZniyALIkDY7twle37hUCfiX54dINeBJOpsX + dOgQa5LcuV95kxsfJyeMbKFSrhqvbcr83xt9g3UMfSF8Cl9IMiyKKovZes2HYkY6 + KXeENavcxKu7zvvU7D7SWSjM0tbA394E/j4oZIisPFSbXndC8h+BEGJukYnbjvGD + z2zuNZ1jNLC+Z7N1LLRotl4o1Skanw31kyQSmJNRHXz86YsIM9yD+B0+COWLUzsA + th0HGVnrDcWBSCOfPlGCG5pwUo0Uh9d4TeS25i+OqnnS8QXoMJg4mYsLL3nWmJOL + fGCD4LL7x57gfd7gCDeI3CWOmoq92XjFcGfBFVk5/6xeQHd5Cdakc0ZQ9wPkGFDn + +rEsyoLoRpKi0YWQcz2BDTKA82/d2HHwUg0sjjqcdOON4LhMX7kWgSf4meXPuZx0 + iTgHAv9qpcehM4/+nedxlNLAjAG/MCcF8McYrP8pOjRsaWSUTjZpY/bxPtQ6waAq + vymYpyps8IXTKqOebp4lLe75vKv/CdOF/NpXbOH6k3ZtuOLAV7neqx+5rXVlIsIG + ENWKdBqbvPhkII+mBjo211Yt1rT0hsbrVSzRk1NCGuKdCQSGeAd7oBMP7++Nu0zS + 3e7uKaUQA+zhOoUzmJgS1I4o7+P79yg9tBCvbaPaAIzGx2cV9BM7JkrtQLacTn2F + 0CSLs1RDHM0bIeJh72RMIP81vCVRgPNHFX8LUU6jlWU6w5QAH2OBwl4koyy9OPsU + 2rRQltFJW8FRFi7UF+V/9teDgws3iGG50vDD6ZlwG9fsqjc/AxTRMxqjIbQTEo1e + S/jGeTrE0zO/hwxd4BF8Gr6ZfNK3WUW/leH1fL9x7Xpxx8lw1CMGTrxGvS7C+WVC + K4iffPURTuxtsVemiu/c + =og1L + -----END PGP MESSAGE----- diff --git a/salt/profile/jekyll/docroot.sls b/salt/profile/jekyll/docroot.sls new file mode 100644 index 0000000..ca4e5c9 --- /dev/null +++ b/salt/profile/jekyll/docroot.sls @@ -0,0 +1,7 @@ +{% set websites = salt['pillar.get']('profile:web_jekyll:websites') %} + +{% for website in websites %} +/srv/www/vhosts/{{ website }}.opensuse.org: + file.directory: + - user: web_jekyll +{% endfor %} diff --git a/salt/profile/jekyll/files/git_pull_and_update.sh b/salt/profile/jekyll/files/git_pull_and_update.sh new file mode 100644 index 0000000..6aa42c0 --- /dev/null +++ b/salt/profile/jekyll/files/git_pull_and_update.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# managed by salt - do not edit + +BASEDIR=/home/web_jekyll/git +DESTDIR=/home/web_jekyll/jekyll + +GIT_DIRS='{% for dir in git_dirs.keys() %} + {{ dir }} +{%- endfor %}' + +# update all git repos, exit if one of them fails (better outdated than inconsistent) +cd "$BASEDIR" || exit 1 +for dir in $GIT_DIRS ; do + cd "$BASEDIR/$dir" && git pull -q || exit 1 +done + +# sync to all servers +cd $BASEDIR || exit 1 +for dir in $GIT_DIRS ; do + cd "$BASEDIR/$dir" && rm -r vendor && bundle install --deployment && bundle exec jekyll build -d "$DESTDIR/$dir/" || exit 1 +done + +# sync to all servers +cd $DESTDIR || exit 1 +for dir in *.opensuse.org ; do + rsync -az --exclude '.git' --delete-after "$@" -e ssh "$DESTDIR/$dir/" "web_jekyll@jekyll.infra.opensuse.org:/srv/www/vhosts/$dir/" +done + +# vim: ts=4 expandtab diff --git a/salt/profile/jekyll/master.sls b/salt/profile/jekyll/master.sls new file mode 100644 index 0000000..b271ea8 --- /dev/null +++ b/salt/profile/jekyll/master.sls @@ -0,0 +1,62 @@ +{% set git_repos = salt['pillar.get']('profile:web_jekyll:git_repos') %} + +# Using rubygem() provides, because the rubygem packages have the ruby version in the package name +jekyll_master_pgks: + pkg.installed: + - pkgs: + - git + - rsync + - rubygem\(jekyll\) + +/home/web_jekyll/.ssh/id_ed25519: + file.managed: + - contents_pillar: profile:web_jekyll:ssh_private_key + - mode: 600 + - user: web_jekyll + +/home/web_jekyll/.ssh/known_hosts: + file.managed: + - contents_pillar: profile:web_jekyll:ssh_known_hosts + - mode: 644 + - user: root + +/home/web_jekyll/bin: + file.directory: + - user: root + +/home/web_jekyll/bin/fetch_build_and_rsync_jekyll: + cron.present: + - user: web_jekyll + - minute: 0 + file.managed: + - context: + git_dirs: {{ git_repos }} + - mode: 755 + - source: salt://profile/jekyll/files/git_pull_and_update.sh + - template: jinja + - user: root + +/home/web_jekyll/git: + file.directory: + - user: web_jekyll + +/home/web_jekyll/jekyll: + file.directory: + - user: web_jekyll + +# clone git repos +{% for dir, data in git_repos.items() %} +{{ data.repo }}: + # salt 2018.3.3 introduced git.cloned - switch once our salt is new enough + git.latest: + - branch: {{ data.get('branch', 'master') }} + - target: /home/web_jekyll/git/{{ dir }} + # When checking out a non-default branch, salt will create a local branch based on HEAD by default. + # We need to specify "rev" to ensure we get the branch we want, and to make it tracking the branch from origin. + - rev: {{ data.get('branch', 'master') }} + - user: web_jekyll + +/home/web_jekyll/jekyll/{{ dir }}: + file.directory: + - user: web_jekyll +{% endfor %} diff --git a/salt/profile/jekyll/user.sls b/salt/profile/jekyll/user.sls new file mode 100644 index 0000000..fb20869 --- /dev/null +++ b/salt/profile/jekyll/user.sls @@ -0,0 +1,23 @@ +{% set roles = salt['grains.get']('roles', []) %} + +web_jekyll: + user.present: + - createhome: False + - home: /home/web_jekyll + - shell: /bin/bash + +/home/web_jekyll: + file.directory: + - user: root + +/home/web_jekyll/.ssh: + file.directory: + - user: root + +{% if 'web_jekyll' in roles %} +/home/web_jekyll/.ssh/authorized_keys: + file.managed: + - contents_pillar: profile:web_jekyll:ssh_pubkey + - mode: 644 + - user: root +{% endif %} diff --git a/salt/role/jekyll_master.sls b/salt/role/jekyll_master.sls new file mode 100644 index 0000000..364801d --- /dev/null +++ b/salt/role/jekyll_master.sls @@ -0,0 +1,3 @@ +include: + - profile.jekyll.user + - profile.jekyll.master diff --git a/salt/role/web_jekyll.sls b/salt/role/web_jekyll.sls index a5b1924..1a8cc5b 100644 --- a/salt/role/web_jekyll.sls +++ b/salt/role/web_jekyll.sls @@ -1,2 +1,4 @@ include: - profile.web.server.nginx + - profile.jekyll.user + - profile.jekyll.docroot