Base Rundeck server configuration Change-Id: I321cc9be2bc33f2a2bb824a97703c43baa488092

commit: 9e8290c7218803bd1070c666019bab6b2ea406d1 [log] [tgz]
author: Ilya Kharin <ikharin@mirantis.com> Fri Apr 14 18:52:09 2017 +0400
committer: Ilya Kharin <ikharin@mirantis.com> Mon Apr 17 18:57:39 2017 +0400
tree: 5eabdb3dfb5df3ec2dbad60a887394843ae92e53
parent: 1510e2cbf3e6a96fe10be13f0693402488e67bad [diff]
diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
new file mode 100644
index 0000000..66f9d6c
--- /dev/null
+++ b/metadata/service/server/single.yml

@@ -0,0 +1,24 @@
+applications:
+  - rundeck
+classes:
+  - service.rundeck.support
+parameters:
+  _param:
+    rundeck_admin_username: admin
+    rundeck_admin_password: password
+    rundeck_admin_token: password
+  rundeck:
+    server:
+      enabled: true
+      users:
+        admin:
+          username: ${_param:rundeck_admin_username}
+          password: ${_param:rundeck_admin_password}
+          roles:
+            - user
+            - admin
+            - architect
+            - deploy
+            - build
+      tokens:
+        admin: ${_param:rundeck_admin_token}

diff --git a/rundeck/files/framework.properties b/rundeck/files/framework.properties
new file mode 100644
index 0000000..9b47b69
--- /dev/null
+++ b/rundeck/files/framework.properties

@@ -0,0 +1,31 @@
+{% from "rundeck/map.jinja" import server with context %}
+{% from "rundeck/map.jinja" import make_url with context %}
+
+{%- set admin = server.users.admin %}
+
+framework.server.username={{ admin.username }}
+framework.server.password={{ admin.password }}
+
+framework.server.hostname={{ server.api.hostname }}
+framework.server.name={{ server.api.hostname }}
+framework.server.port={{ server.api.port }}
+
+{%- set server_url = make_url(server.api) %}
+
+framework.rundeck.url={{ server_url }}
+framework.server.url={{ server_url }}
+
+framework.ssh.user={{ server.ssh.user }}
+framework.ssh.keypath=/var/lib/rundeck/.ssh/id_rsa
+framework.ssh.timeout={{ server.ssh.timeout }}
+
+rdeck.base=/var/lib/rundeck
+
+framework.projects.dir=/var/rundeck/projects
+framework.etc.dir=/etc/rundeck
+framework.var.dir=/var/lib/rundeck/var
+framework.tmp.dir=/var/lib/rundeck/var/tmp
+framework.logs.dir=/var/lib/rundeck/logs
+framework.libext.dir=/var/lib/rundeck/libext
+
+rundeck.tokens.file=/etc/rundeck/tokens.properties

diff --git a/rundeck/files/realm.properties b/rundeck/files/realm.properties
new file mode 100644
index 0000000..c6430fd
--- /dev/null
+++ b/rundeck/files/realm.properties

@@ -0,0 +1,5 @@
+{% from "rundeck/map.jinja" import server with context %}
+
+{%- for user in server.users.values() %}
+{{ user.username }}:{{ user.password }},{{ user.roles|join(',') }}
+{%- endfor %}

diff --git a/rundeck/files/rundeck-config.properties b/rundeck/files/rundeck-config.properties
new file mode 100644
index 0000000..66a7681
--- /dev/null
+++ b/rundeck/files/rundeck-config.properties

@@ -0,0 +1,12 @@
+{% from "rundeck/map.jinja" import server with context %}
+{% from "rundeck/map.jinja" import make_url with context %}
+
+rdeck.base=/var/lib/rundeck
+
+grails.serverURL={{ make_url(server.api) }}
+
+loglevel.default=INFO
+rss.enabled=false
+
+dataSource.dbCreate = update
+dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true

diff --git a/rundeck/files/tokens.properties b/rundeck/files/tokens.properties
new file mode 100644
index 0000000..f84426e
--- /dev/null
+++ b/rundeck/files/tokens.properties

@@ -0,0 +1,5 @@
+{% from "rundeck/map.jinja" import server with context %}
+
+{%- for token_name, token in server.tokens.iteritems() %}
+{{ token_name }}:{{ token }}
+{%- endfor %}

diff --git a/rundeck/map.jinja b/rundeck/map.jinja
index e69de29..143d47a 100644
--- a/rundeck/map.jinja
+++ b/rundeck/map.jinja

@@ -0,0 +1,26 @@
+{%- set server = salt['grains.filter_by']({
+  'Debian': {
+    'home_dir': '/var/lib/rundeck',
+    'root_dir': '/srv/rundeck',
+    'secure': False,
+    'user': {
+      'name': 'rundeck',
+      'group': 'rundeck',
+    },
+    'ssh': {
+      'user': 'rundeck',
+      'timeout': 60000,
+    },
+    'api': {
+        'port': 4440,
+        'https': False,
+    },
+    'users': {},
+    'tokens': {},
+  },
+}, merge=salt['pillar.get']('rundeck:server')) %}
+
+{% macro make_url(endpoint) -%}
+{%- if endpoint.get('https', False) -%}https://{%- else -%}http://{%- endif -%}
+{{ endpoint.hostname }}:{{ endpoint.port }}
+{%- endmacro %}

diff --git a/rundeck/server/init.sls b/rundeck/server/init.sls
index e69de29..1657b67 100644
--- a/rundeck/server/init.sls
+++ b/rundeck/server/init.sls

@@ -0,0 +1,100 @@
+{% from "rundeck/map.jinja" import server with context %}
+{%- if server.enabled|default(False) %}
+
+rundeck_group:
+  group.present:
+    - name: {{ server.user.group }}
+    {%- if server.user.gid is defined %}
+    - gid: {{ server.user.gid }}
+    {%- endif %}
+    - system: True
+
+rundeck_user:
+  user.present:
+    - name: {{ server.user.name }}
+    - home: {{ server.home_dir }}
+    - shell: /bin/bash
+    {%- if server.user.uid is defined %}
+    - uid: {{ server.user.uid }}
+    {%- endif %}
+    {%- if server.user.gid is defined %}
+    - gid: {{ server.user.gid }}
+    {%- endif %}
+    - system: True
+    - groups:
+      - rundeck
+    - require:
+      - group: rundeck_group
+
+rundeck_home_dir:
+  file.directory:
+    - name: {{ server.home_dir }}
+    - user: rundeck
+    - group: rundeck
+    - mode: 755
+    - require:
+      - user: rundeck_user
+
+rundeck_root_dir:
+  file.directory:
+    - name: {{ server.root_dir }}
+    - user: rundeck
+    - group: rundeck
+    - mode: 755
+    - require:
+      - user: rundeck_user
+
+rundeck_config_dir:
+  file.directory:
+    - name: {{ server.root_dir }}/config
+    - user: rundeck
+    - group: rundeck
+    - mode: 755
+    - require:
+      - user: rundeck_user
+
+rundeck_framework_properties:
+  file.managed:
+    - name: {{ server.root_dir }}/config/framework.properties
+    - source: salt://rundeck/files/framework.properties
+    - template: jinja
+    - user: rundeck
+    - group: rundeck
+    - mode: 640
+    - require:
+      - file: rundeck_config_dir
+
+rundeck_tokens_properties:
+  file.managed:
+    - name: {{ server.root_dir }}/config/tokens.properties
+    - source: salt://rundeck/files/tokens.properties
+    - template: jinja
+    - user: rundeck
+    - group: rundeck
+    - mode: 640
+    - require:
+      - file: rundeck_config_dir
+
+rundeck_realm_properties:
+  file.managed:
+    - name: {{ server.root_dir }}/config/realm.properties
+    - source: salt://rundeck/files/realm.properties
+    - template: jinja
+    - user: rundeck
+    - group: rundeck
+    - mode: 640
+    - require:
+      - file: rundeck_config_dir
+
+rundeck_rundeck_properties:
+  file.managed:
+    - name: {{ server.root_dir }}/config/rundeck-config.properties
+    - source: salt://rundeck/files/rundeck-config.properties
+    - template: jinja
+    - user: rundeck
+    - group: rundeck
+    - mode: 640
+    - require:
+      - file: rundeck_config_dir
+
+{%- endif %}
commit	9e8290c7218803bd1070c666019bab6b2ea406d1	[log] [tgz]
author	Ilya Kharin <ikharin@mirantis.com>	Fri Apr 14 18:52:09 2017 +0400
committer	Ilya Kharin <ikharin@mirantis.com>	Mon Apr 17 18:57:39 2017 +0400
tree	5eabdb3dfb5df3ec2dbad60a887394843ae92e53
parent	1510e2cbf3e6a96fe10be13f0693402488e67bad [diff]