diff --git a/pillar/role/jekyll_master.sls b/pillar/role/jekyll_master.sls index 4d3f4bb..fc0198d 100644 --- a/pillar/role/jekyll_master.sls +++ b/pillar/role/jekyll_master.sls @@ -1,6 +1,6 @@ {% if salt['grains.get']('include_secrets', True) %} include: - - secrets.role.static_master + - secrets.role.jekyll_master {% endif %} profile: @@ -10,3 +10,7 @@ profile: repo: https://github.com/openSUSE/news-o-o.git planet.opensuse.org: repo: https://github.com/hellcp/planet-o-o.git + server_list: + - jekyll.infra.opensuse.org + ssh_known_hosts: | + 192.168.47.61,jekyll.infra.opensuse.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDIQrbRoDfhX4IYr5qALDKfslpvvJ8SJRLBqkUiHifEq05SMbsqWxoylIYrQRvHw5v0jl3UNWgISWRZ1AtBDVVQ= diff --git a/pillar/role/web_jekyll.sls b/pillar/role/web_jekyll.sls index 93ee96d..9df8168 100644 --- a/pillar/role/web_jekyll.sls +++ b/pillar/role/web_jekyll.sls @@ -54,5 +54,5 @@ nginx: profile: web_jekyll: - ssh_pubkey: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJVddqh51YNoPglOnSZ9BpYH1nXzBV5ahbu0yncyL+6s web_jekyll@salt' + ssh_pubkey: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINNg3043py2Oe/LfLU0+mE+ehe7gI3e2QajbSUI6p4Zm web_jekyll@salt' websites: {{ websites }} diff --git a/pillar/secrets/role/jekyll_master.sls b/pillar/secrets/role/jekyll_master.sls new file mode 100644 index 0000000..13777f0 --- /dev/null +++ b/pillar/secrets/role/jekyll_master.sls @@ -0,0 +1,88 @@ +#!yaml|gpg + +profile: + web_jekyll: + ssh_private_key: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/+IR8z+kAXdw2yc5JeDryTK8l6qzTZFgcDrTrklGIg/zOj + 7JO94D+D05LuEeXqNexFM/4hKNNo7Z9FIDAmx+PfTTcw4bnHtEBQ3FGlMmIcgxok + XJoIOtcZNyoHq3t40VDmJq4+p9XCAdXqQvuWOkydzAF2Gi3ZD65EgL1EKNTHtvJe + Flb41S2M+ktlLs/TboYTYMaVhZpQsI9MjF+GDQyQbTadoXNQEOuIt4+qLYir1LZt + Mq499ujf3JfsLcTYvv9ki2VYK1Kvbi7RsJNewh/4HCPbw/SCMAPnAWCnWtFuFRZz + StcOk5oteF46pGVSgdHnbf8n+kHSapFk12x3NA66X7SHxrsm40qlr2Rw4mY4QCH3 + L1kJAWMXWAZkdcipL08jgeu8WHDelXGxsa+iqAkEFwPKkYdpgnkWHrhw/EbTEX+o + bIBz7l6pt/SpXA7NaSGkXhyBV8M6Vss8KmHG/IK7aIWc/ZdyQAGLct03dXXB1GGr + 5cwSUJ/L3PypNtev4L4WI8lHXedUrI94xetTuSdlmHoRr8xu5mt12tjf0NxSMCjw + mpJWjrag3yLT/RqCoqflVPN1Cjl4nmEkb40AfrSyKzGmbB+n3+EHjnZwkUGS7P3B + dqDF5ieY+8VBJ9+TV8Z+r+x9b7BKRGahKrMfQiFU90wCt1kf9Lj/51ETwwSWbAEP + /As9pKHgJCJ+I+j/DcrDtmCYPqsn2P1sHXk3leE6RjERPsHJLq3PZbwkGGN84g0c + NfOb0ZHnnAwTC9ofHb3X4yjtVwz49NCDmzL0qZeHjDLOvt5JEAsOTtwZlpK2uaHa + 2+oWct662pQ6fmlzygfGsJgYlWkSGp8xTEwjp/PHLoSTCyOj7MrZgLSxZxAAMjCu + d9N+rUdvgN9c9nSeSXRikGCkyo3N4ymS/QGAQeD+n0pHtxjYFlGKXDd41QsDQvsb + oQWafnyXtcwYFIfEncdf0uO4XriSyLoH4aqZ5sT7OGxLBi3+VqvPlav8eDsgbIo1 + +E+mEbiX1QBM57MM57trGjG3A7TnMiCKTSkRmV18ivol+TETFVRkdkSjJnnapRmU + eange17GLWMEMbIMmvtd+zMuzhl9aJ/xlY7r1XEOAOSl+NjSxnA8pTct0VTcQ4l/ + PJqyQ4lKqbVPA9id+Bid1b8aY+7VZ6ufBvq6sp9sAJahmUTjJYQ7EGt3lo3iBkI9 + 6P2grB88zAHEBuIo8qnxLeP46+nlLZO0jf20N3iXK8CWxV7k3VMVDEqH5/JCbQG3 + 7sUED8OeKGCf62adtbjVYkE0Ul8xaGzFvf8WeEVF68HaX7yWbu4NFomOSJqWnE+6 + 56fqC92mKs7cEyaG65iPLtRRjfsoxguOEiG4D89UQCArhQIMA8amgupjyC8cAQ// + ZNutiWSUNFOHowoejRpPxL2cT1GmHzyJshD6eGUCa+t3/ugZmbHlZ7WvkeckX9W0 + mbVn74OZAeHpXtX6ZFcWN4geWlI6LuA+3hZKWdBJlviKt/ptbx/+YWqnbme18wRW + tyvR1rw2VLkmFecRqd/cKKajIbtRHT+eVC3kA/CrwJZu7nel5hJpSvtNKUgtigJU + VdLy5c9ECtZnl3K78e3EHzi1PytSOPRG3pCL69SsE033bZgpun4t4Gn0nIQheivO + 0jDI7htplmj0T5XRH/t3pNWS1h2z8Y1qzMdQbY+SXsoKtHgyBj+gBNscMBh9KaLL + lOSkmtgkr/5Goq/9rRoM+LSkoUyxpN0Y4slgFUC/xL2+JVoj8bvw1HWsZnnu8naZ + DJdActwt7JOLjFbX9cHR9FOBcOlQXNDAsSNtr81ksUcWeBga0IHg9fh1PmabO1gR + LU4Mt6lN1s8j8CZ2QC48oKf/yo4kDYpvSsnOo7bF785HHDIx7j2XkCUityv4k2D1 + hV5NR6wUN8B5xcTdA8yVuy63M4KIsfwA1Iu6xBfBKvDmyS5SWeoAWtNjgj9Q7O83 + IPxrA3EbTN5rDMQXlTk/3VfrS/pzjv7NUgl4O4eDxFgUyNYH96AenI7BtBigwaDe + 5mmp3vfA8bWFa4uZsmmKrpS97p936TWkhN1Rn64ApMCFAQ4DslgfDDfB4G8QA/40 + N0tUmS6pf0VFqBVz+3/3LIhazzuflQ8q/eOBaXUQ9hueB/8Y/j5DcKvRmM7N4tWg + rZT5eghjW2ci5xFMt7b7/31Pwzmwmj0kTUhtXsigZtaN3BKZVKiFQVj0/xvoAcUh + bCK3YOoNIL1tblTLVmVnYuGHs/F8QEjWTewCUJYX5wP9GZWjSligEiAqWtqQZzll + VJtV1DsuDd8Rtf0DTXvL+rEDqFtY0iUKtqltVkH1lv100BY8g7aNn7rauTW1AFq5 + lepSCpFriOnRI9KLHF4d1BjhI8wkZB5Kia+l6tspcsjug/KeqcVzrIA76oYGSERJ + SOagRdSpw2FkASnxqXd3pFyFAg4DiLcKbyvsTOYQCACFeu1QUGL4m+Ssk0rTjULi + MAlaUAiXPX4sv73Bfj3cUXj3rnJAoD9EMuxq9ahb0ypgGoss762PqKGZS5jzIEZf + RxAkh9SUqmf8Q24SxlNPvu7oxXUpY//TSemh3WrzdBl2urhQFQL2QKBf6ERp+hNo + KD/vA7We3q6DNOGVRNgQqlP48wttC9uTn8+3urdMA53ef+xUTkEfb/z8d39ReAkH + OcTgopL9+GQTOP7pnAkK1wKsvT40eZE0WP3cG6jTKYiiGPEjav2Bb9nbEqY/Va0J + yRbyuZ37/bBZS1n7QE0PiNNj8jgGQiBTuj4v6FpiEjffiTg45TVxqoehQQsIwffk + B/4kqgEd/byNE5PCKOuLeuLCQbuJ7i+uUTe01Cz5AmB1u5nm24F9EeuW5iKMy0TF + ZLrNqatnYGL8xsJ2ECYgFF8eQ5ZJrFt3DbMTf/NmQfbCRN6wCb/NAyqkiUL0zxXX + /VoYkGh9Jb4UB8Q6yizDQOE7Gp03hJzvDounrzNAt5dtJkB3AOBpMtCC52/eA10g + CoyPCnCPpGrfTUrGeHw0yEXzNOCy8R+2PLO4Wlit9q9CHmueIiMYMvsbhOhO9lhK + vbZ2+4B+FT6srmlDn1ChXKCkVvGkZk1ky00enE2TD7fK3Cei+JtjQ1SLOmWmEyNE + NDNGZHqfYo0T2Oh4f03ju4llhQIMA1tQWD9t5xGsAQ/8C8bXSa4tvNqWs2UDDkJe + CpgeonA8Dd+hbqpvOnp2osJaYZWQsm/2h1wx5mx7qJOe4cuztlmwx3PQcntvAk72 + yUzpm4FW/G5SGXe/ZhfvstSUNMM7YzizSjLZkXlTjI5RS26mlkk/+aVhyzDukOSc + C2tASli9crRrbi1xp1et+xp1ZRfQIMKf7yjazRNBD4o3o4ZcG61wumJ2Xn9hdyf9 + 4GlGBDZf1/NfvlAczl1W5lBmh7pD+vTUnhkTMIi3OtIyARQpB6JnsPDvGhp993LT + 6A0VlIH/Oe5siN6mA0RwCEYO25E6YQcU48h3uzYdYXcRFz6vKM39igrjqmqcLuwy + BZevkQk+dtcd5SbRJ4G1kSSyUepspIeG1es7a0V4glvo1mxCz3xEcLJQIrARF7ta + 5J2LIdVpOEDQzwrPXtCd/u9MCyFrpalKdTCnTyFqOPtxxaFB82cnOCsLYV4m/cTQ + jD+rYrg9k69Pe2ecVILL7luEFr1Cy905nPlyJqrMz6YyjH0KCZzTjfOL6SJhPAmL + 8u0yAoejrt1OuDNWAAWDqQx+Poxan+lqWmETHgSkAb3fhMXpSk0mWLpU+5axdqCS + hvRE3ZWk+frAMNfrd9lJ5M9KNQqwYik3kx7XvfgUyWLl6sLM9CPcWyTEg83byspM + HVySjVIaa/5e7J9C9WDoqrGFAgwDrPDOChusaZEBD/9jXOsFCc/VxYX8Z2m8tYFz + qijwmxfqqjxjtQ5NNDNY4RN+7BSOvDt1BnJ38zLNU+U/3TDddQADdGMOVoaXs75i + 8eXROgtRS43JMS/LljqOb0WEZrKJ5+HJeKSGcfnbK83afAUwQIpsZIH4PmDmlA6V + kB4vi30iojIFW/9MZo2rDkot14JiBRJdyvkhUyY9p+Q/aQPUb76naZpnCM7U5aJt + imJTJTcDpSWPZPZPq/+4yzRhe8z/UIkl6Yka13ltRppKCEbJjEwellGwoJdHMjOr + VN0D4DlippwuVzZE5QH20nOizvWUGrzYgjemPnDowXlHT6Ml2N6xP0JUl4CjCBBj + gk+p6OukFOOuxOyIiV3StiQb9dr2ghjzYv0Jp5ZqLpmbH469ro12a0A7F4O35/41 + 0aqzb0jfC90qePqY8HfssXJTM2oYuoxj/C1iPw8T3eyMAaU+jIpWGp13ZH5+xMwB + jdYzUkdAYW89wPJKmWV6lSRGZYt2tBmK7IFLiVuez8gmlo5/WJX1dDA4gD/CXKwq + nF9KbGW7jhLUMJ+Glc0m0GaUIzwZqG3UTVuZzoBF9zTNbTIgYKBt2f2vkucNW6b6 + 9CIN4a7FivPkna5XdwCoRpkZFkW1bfPrxLPrTIeC8JC4m4bMuxnVxXLRtVLy7iRw + 438RkWyKVWBJoaHFJn4RRdLAiQE4+n/pWIqHVFwSDc29qFieKtP/TLvv/P34jbny + VUgEshkZ/iuNLYFXAUjbT6eX+8N2Tc5n5yrxn+Nl2FF5OmPcbf5CHZuUdZc3LjTT + 9WO9WvtBmxxKESrhJin+NSAgSdpGR86WMRXlx5NwryEoTsAhYK3fqx3uzrnJlojR + g+yWJbiYEg1g3Y09so/TrV535T9uCvC1zsmdMzmWm9YQ8mvMvy+jIZ8g3yvye0Fv + feQQETDa8GaPmc+EFZR9r7NP74/uf5/kgaMhNRASyurh3z4nv0Bwjv1lS3ODe3tx + lfg6z4JVjGtDwWZb49Lj7D5OftIwcrGRVZoo0/OqfIKUv4jqmXTmi8Lk9HZG91/V + yo4Y9FKtaSBUhd1sFxdgC5oJM1DpfTIfDbDswVd6qPAmdJdveTgh3FqRYmUmouVx + GWu7SkFCidWECqdV + =lIhx + -----END PGP MESSAGE----- diff --git a/salt/profile/jekyll/docroot.sls b/salt/profile/jekyll/docroot.sls index ca4e5c9..7fcf746 100644 --- a/salt/profile/jekyll/docroot.sls +++ b/salt/profile/jekyll/docroot.sls @@ -1,5 +1,8 @@ {% set websites = salt['pillar.get']('profile:web_jekyll:websites') %} +/srv/www/vhosts/: + file.directory + {% for website in websites %} /srv/www/vhosts/{{ website }}.opensuse.org: file.directory: diff --git a/salt/profile/jekyll/files/git_pull_and_update.sh b/salt/profile/jekyll/files/git_pull_and_update.sh index 6aa42c0..9331704 100644 --- a/salt/profile/jekyll/files/git_pull_and_update.sh +++ b/salt/profile/jekyll/files/git_pull_and_update.sh @@ -5,6 +5,10 @@ BASEDIR=/home/web_jekyll/git DESTDIR=/home/web_jekyll/jekyll +SERVERS='{% for server in server_list %} + {{ server }} +{%- endfor %}' + GIT_DIRS='{% for dir in git_dirs.keys() %} {{ dir }} {%- endfor %}' @@ -18,13 +22,15 @@ done # sync to all servers cd $BASEDIR || exit 1 for dir in $GIT_DIRS ; do - cd "$BASEDIR/$dir" && rm -r vendor && bundle install --deployment && bundle exec jekyll build -d "$DESTDIR/$dir/" || exit 1 + cd "$BASEDIR/$dir" && rm -rf vendor && bundle install --deployment && bundle exec jekyll build -d "$DESTDIR/$dir/" || exit 1 done # sync to all servers cd $DESTDIR || exit 1 for dir in *.opensuse.org ; do - rsync -az --exclude '.git' --delete-after "$@" -e ssh "$DESTDIR/$dir/" "web_jekyll@jekyll.infra.opensuse.org:/srv/www/vhosts/$dir/" + for server in $SERVERS ; do + rsync -az --exclude '.git' --delete-after "$@" -e ssh "$DESTDIR/$dir/" "web_jekyll@$server:/srv/www/vhosts/$dir/" + done done # vim: ts=4 expandtab diff --git a/salt/profile/jekyll/master.sls b/salt/profile/jekyll/master.sls index 658fc3c..1b3b306 100644 --- a/salt/profile/jekyll/master.sls +++ b/salt/profile/jekyll/master.sls @@ -1,16 +1,19 @@ {% set git_repos = salt['pillar.get']('profile:web_jekyll:git_repos') %} -# Using rubygem() provides, because the rubygem packages have the ruby version in the package name jekyll_master_pgks: pkg.installed: - pkgs: - git - rsync - - rubygem\(jekyll\) + # To find out the package name in the repo, run `zypper se --provides rubygem\(bundler\)` + - ruby2.5-rubygem-bundler + - ruby-devel + # Needed for planet to work with its database + - sqlite3-devel /home/web_jekyll/.ssh/id_ed25519: file.managed: - - contents_pillar: profile:web_static:ssh_private_key + - contents_pillar: profile:web_jekyll:ssh_private_key - mode: 600 - user: web_jekyll @@ -31,6 +34,7 @@ jekyll_master_pgks: file.managed: - context: git_dirs: {{ git_repos }} + server_list: {{ pillar['profile']['web_static']['server_list'] }} - mode: 755 - source: salt://profile/jekyll/files/git_pull_and_update.sh - template: jinja