_grains/map.jinja: {% set host_text, domain_text = salt['grains.get']('id').partition('.')[::2] %} {% set host_list = host_text.split("-") %} {% set domain_list = domain_text.split(".") %} {% set host_items_count = host_list|length %} {% if host_items_count == 2 %} {% set component = host_list[0] %} {% set host_id = host_list[1] %} {% set host_combo = host_list[0] %} {% elif host_items_count == 3 %} {% set component = host_list[0] %} {% set cluster = host_list[1] %} {% set host_id = host_list[2] %} {% set host_combo = host_list[0] + '-' + host_list[1] %} {% elif host_items_count == 4 %} {% set component = host_list[0] %} {% set cluster = host_list[1] %} {% set role = host_list[2] %} {% set host_id = host_list[3] %} {% set host_combo = host_list[0] + '-' + host_list[1] + '-' + host_list[2] %} {% elif host_items_count == 5 %} {% set component = host_list[0] %} {% set cluster = host_list[1] %} {% set role = host_list[2] %} {% set codename = host_list[3] %} {% set host_id = host_list[4] %} {% set host_combo = host_list[0] + '-' + host_list[1] + '-' + host_list[2] %} {% endif %} {% set domain_items_count = domain_list|length %} {% if domain_items_count >= 5 %} {% set env = domain_list[0] %} {% set region = domain_list[1] %} {% set provider = domain_list[2] %} {% set root_domain = ".".join(domain_list[3:]) %} {% endif %} {% if root_domain == 'acme-dev.com' %} {% set account = 'development' %} {% elif root_domain == 'acme-prod.com' %} {% set account = 'production' %} {% endif %} {% if component and cluster %} {% set component_cluster = component + '-' + cluster %} {% endif %} {% if component and role %} {% set component_role = component + '-' + role %} {% endif %} {% if component and cluster and role %} {% set component_cluster_role = component + '-' + cluster + '-' + role %} {% endif %} {% if component and cluster and env %} {% set component_cluster_env = component + '-' + cluster + '-' + env %} {% endif %} {% if component and cluster and env and region %} {% set component_cluster_env_region = component + '-' + cluster + '-' + env + '-' + region %} {% endif %} {% if cluster and env and region %} {% set cluster_env_region = cluster + '-' + env + '-' + region %} {% endif %} pillars/top.sls: {% import '_grains/map.jinja' as grain %} base: '*': {% if grain.component == 'dns' %} - bind {% endif %} - ldap _macros/pillars.sls: {% macro check_pillars(pillars, formula) %} {% for name in pillars -%} {% set title = name|replace(':', '_') %} {{ formula }}_{{ title }}: test.check_pillar: - present: {{ name }} {% endfor %} {% endmacro %} _macros/pkgs.sls: {% macro package_installer(name,package_list,latest,sources,reload_modules) %} {% if package_list %} {{ name }}_pkgs: {% if latest|default(False) %} pkg.latest: {% else %} pkg.installed: {% endif %} {% if sources|default(False) %} - sources: {% else %} - pkgs: {% endif %} {% for pkg in package_list %} - {{ pkg }} {% endfor %} {% if reload_modules|default(False) %} - reload_modules: True {% endif %} {% endif %} {% endmacro %} _macros/users.sls: {% from 'accounts/map.jinja' import accounts with context %} {% macro create_system_user(account,data_dir,sudo,createhome,public_key,password) %} {{ account.user }}_group: group.present: - name: {{ account.group }} - gid: {{ account.uid }} {{ account.user }}_user: user.present: - name: {{ account.user }} - uid: {{ account.uid }} - gid: {{ account.uid }} {% if sudo|default(False) %} - groups: - {{ accounts.sudo_group }} {% endif %} - fullname: {{ account.fullname }} {% if password|default(False) %} - password: {{ account.password_hash }} {% endif %} - shell: {{ account.shell }} - home: {{ data_dir }} - system: True - createhome: {{ createhome|default(False) }} {% if public_key|default(False) %} ssh_auth.present: - user: {{ account.user }} - name: {{ public_key }} {% endif %} {% endmacro %} systemd/map.jinja {% load_yaml as defaults %} config: dir: /etc/systemd/system state: name: systemd {% endload %} {% set systemd = salt['pillar.get'](defaults.state.name, default=defaults, merge=True) %} application/map.jinja: {% import '_grains/map.jinja' as grain %} {% from 'mongodb/map.jinja' import mongodb with context %} {% from 'systemd/map.jinja' import systemd with context %} {% set name = 'application' %} {% load_yaml as defaults %} account: fullname: {{ name }} group: {{ name }} shell: /bin/false user: {{ name }} uid: 12000 bin: dir: /data/{{ name }}/bin file: {{ name }} config: dir: /data/{{ name }}/server file: config.json data: dir: /data/{{ name }} datasources: mongodb: connector: mongodb database: application hostname: {{ grains['fqdn'] }} name: mongodb password: {{ mongodb.common.app.password }} port: {{ mongodb.mongod.port }} protocol: mongodb server: auto_reconnect: 'true' reconnecttries: 86400 reconnectinterval: 1000 user: {{ mongodb.common.app.user }} log: dir: /var/log/{{ name }} pkgs: - {{ name }}: salt://{{ name }}/files/artifacts/{{ name }}-0.0.1_amd64.deb pid: dir: /var/run/{{ name }} file: {{ name }}.pid pillars: - mongodb:{{ grain.region }}:{{ grain.env }}:{{ grain.cluster }}:common:app:password repo: name: {{ name }} settings: port: 3004 service: name: {{ name }} sources: True state: name: {{ name }} systemd: config: dir: {{ systemd.config.dir }} file: {{ name }}.service {% endload %} {% set toplevel = salt['pillar.get'](defaults.state.name, default=defaults, merge=True) %} {% set region_env_cluster = salt['pillar.get'](defaults.state.name ~ ':' ~ grain.region ~ ':' ~ grain.env ~ ':' ~ grain.cluster, default=toplevel, merge=True) %} {% load_yaml as datasources_mongodb_url %} url: {{ region_env_cluster.datasources.mongodb.protocol }}://{{ region_env_cluster.datasources.mongodb.user }}:{{ region_env_cluster.datasources.mongodb.password }}@{{ region_env_cluster.datasources.mongodb.hostname }}/{{ region_env_cluster.datasources.mongodb.database }}?authSource={{ mongodb.common.admin.database }} {% endload %} {% do region_env_cluster['datasources']['mongodb'].update(datasources_mongodb_url) %} {% set application = region_env_cluster %} application/init.sls: include: - nodejs - application.pillars - application.users - application.pkgs - application.files - application.services application/pillars.sls: {% from '_macros/pillars.sls' import check_pillars with context %} {% from 'application/map.jinja' import application with context %} {{ check_pillars(application.pillars, application.state.name) }} application/users.sls: {% from '_macros/users.sls' import create_system_user with context %} {% from 'application/map.jinja' import application with context %} {{ create_system_user(application.account, application.data.dir) }} application/pkgs.sls: {% from '_macros/pkgs.sls' import package_installer with context %} {% from 'application/map.jinja' import application with context %} {{ package_installer('application', application.pkgs, false, application.sources) }} application/files.sls: {% from 'application/map.jinja' import application with context %} application_bin_file: file.managed: - name: {{ application.bin.dir }}/{{ application.bin.file }} - user: root - group: root - mode: 0755 application_log_dir: file.directory: - name: {{ application.log.dir }} - user: {{ application.account.user }} - group: {{ application.account.group }} - mode: 0755 application_pid_dir: file.directory: - name: {{ application.pid.dir }} - user: {{ application.account.user }} - group: {{ application.account.group }} - mode: 0755 application_systemd_config_file: file.managed: - name: {{ application.systemd.config.dir }}/{{ application.systemd.config.file }} - source: salt://application/files{{ application.systemd.config.dir }}/{{ application.systemd.config.file }} - user: root - group: root - mode: 0644 - template: jinja application_config_file: file.managed: - name: {{ application.config.dir }}/{{ application.config.file }} - source: salt://application/files{{ application.config.dir }}/{{ application.config.file }} - user: root - group: root - mode: 0644 - template: jinja application/services.sls: {% from 'application/map.jinja' import application with context %} application_service: module.wait: - name: service.systemctl_reload - watch: - file: application_systemd_config_file service.running: - name: {{ application.service.name }} - enable: True - watch: - pkg: application_pkgs - file: application_config_dir - file: application_systemd_config_file