diff --git a/bundles/powerdnsadmin/files/config.py b/bundles/powerdnsadmin/files/config.py new file mode 100644 index 0000000..53a70bb --- /dev/null +++ b/bundles/powerdnsadmin/files/config.py @@ -0,0 +1,14 @@ +SALT = '${repo.vault.decrypt('encrypt$gAAAAABfidFVqVEgWvlXgP-GSQUgVtcTxzoZx2G8VYWHaGKRpgaLDchlTRcKwqgvfG5orNpXt7aDd5i2aehi6cvIlxYNdL87twfVhDLBDho8j-Uz5Vga8-9cEzEZULl5pFCIcRlYUCKyEIOcdXSaLCM3p8pGjrh-O8_g49rbADKmLFoJx2vVTVs=')}' +SECRET_KEY = '${repo.vault.password_for('{} powerdnsadmin secret_key'.format(node.name))}' +BIND_ADDRESS = '127.0.0.1' +PORT = 9191 +OFFLINE_MODE = True + +SQLA_DB_USER = 'powerdnsadmin' +SQLA_DB_PASSWORD = '${node.metadata['postgresql']['users']['powerdnsadmin']['password']}' +SQLA_DB_HOST = '127.0.0.1' +SQLA_DB_NAME = 'powerdnsadmin' +SQLALCHEMY_TRACK_MODIFICATIONS = True +SQLALCHEMY_DATABASE_URI = 'postgresql://' + SQLA_DB_USER + ':' + SQLA_DB_PASSWORD + '@' + SQLA_DB_HOST + '/' + SQLA_DB_NAME + +SAML_ENABLED = False diff --git a/bundles/powerdnsadmin/files/powerdnsadmin.service b/bundles/powerdnsadmin/files/powerdnsadmin.service new file mode 100644 index 0000000..3f7eb31 --- /dev/null +++ b/bundles/powerdnsadmin/files/powerdnsadmin.service @@ -0,0 +1,14 @@ +[Unit] +Description=PowerDNS-Admin +After=network.target postgresql.service + +[Service] +User=powerdnsadmin +Group=powerdnsadmin +Environment=FLASK_CONF=/opt/powerdnsadmin/config.py +WorkingDirectory=/opt/powerdnsadmin/src +ExecStartPre=-/bin/chown powerdnsadmin:powerdnsadmin /opt/powerdnsadmin/src/powerdnsadmin/static +ExecStart=/opt/powerdnsadmin/venv/bin/gunicorn 'powerdnsadmin:create_app()' + +[Install] +WantedBy=multi-user.target diff --git a/bundles/powerdnsadmin/items.py b/bundles/powerdnsadmin/items.py new file mode 100644 index 0000000..2d1802b --- /dev/null +++ b/bundles/powerdnsadmin/items.py @@ -0,0 +1,87 @@ +assert node.has_bundle('nodejs') +assert node.has_bundle('postgresql') + +directories = { + '/opt/powerdnsadmin/src': {}, +} + +git_deploy = { + '/opt/powerdnsadmin/src': { + 'repo': 'https://github.com/ngoduykhanh/PowerDNS-Admin.git', + 'rev': 'master', + 'triggers': { + 'action:powerdnsadmin_install_deps', + 'action:powerdnsadmin_upgrade_database', + 'action:powerdnsadmin_compile_assets', + 'svc_systemd:powerdnsadmin:restart', + }, + }, +} + +files = { + '/opt/powerdnsadmin/config.py': { + 'content_type': 'mako', + }, + '/etc/systemd/system/powerdnsadmin.service': { + 'triggers': { + 'action:systemd-reload', + }, + }, +} + +actions = { + 'powerdnsadmin_create_virtualenv': { + 'command': '/usr/bin/python3 -m virtualenv -p python3 /opt/powerdnsadmin/venv/', + 'unless': 'test -d /opt/powerdnsadmin/venv/', + 'needs': { + 'directory:/opt/powerdnsadmin', # provided by bundle:users + }, + }, + 'powerdnsadmin_install_deps': { + 'triggered': True, + 'command': '/opt/powerdnsadmin/venv/bin/pip install -r /opt/powerdnsadmin/src/requirements.txt', + 'needs': { + 'action:powerdnsadmin_create_virtualenv', + 'pkg_apt:', + }, + }, + 'powerdnsadmin_install_deps': { + 'triggered': True, + 'command': '/opt/powerdnsadmin/venv/bin/pip install -r /opt/powerdnsadmin/src/requirements.txt', + 'needs': { + 'action:powerdnsadmin_create_virtualenv', + 'pkg_apt:', + }, + }, + 'powerdnsadmin_upgrade_database': { + 'triggered': True, + 'command': 'FLASK_CONF=/opt/powerdnsadmin/config.py FLASK_APP=/opt/powerdnsadmin/src/powerdnsadmin/__init__.py /opt/powerdnsadmin/venv/bin/flask db upgrade', + # TODO unless + 'needs': { + 'action:powerdnsadmin_install_deps', + 'bundle:postgresql', + 'pkg_apt:', + }, + }, + 'powerdnsadmin_compile_assets': { + 'triggered': True, + 'command': 'cd /opt/powerdnsadmin/src && yarn install --pure-lockfile && FLASK_APP=/opt/powerdnsadmin/src/powerdnsadmin/__init__.py /opt/powerdnsadmin/venv/bin/flask assets build', + 'needs': { + 'action:powerdnsadmin_install_deps', + 'pkg_apt:', + }, + }, +} + +svc_systemd = { + 'powerdnsadmin': { + 'needs': { + 'file:/opt/powerdnsadmin/config.py', + 'file:/etc/systemd/system/powerdnsadmin.service', + 'git_deploy:/opt/powerdnsadmin/src', + 'action:powerdnsadmin_install_deps', + 'action:powerdnsadmin_upgrade_database', + 'action:powerdnsadmin_compile_assets', + }, + }, +} diff --git a/bundles/powerdnsadmin/metadata.py b/bundles/powerdnsadmin/metadata.py new file mode 100644 index 0000000..aeb3562 --- /dev/null +++ b/bundles/powerdnsadmin/metadata.py @@ -0,0 +1,35 @@ +defaults = { + 'apt': { + 'packages': { + 'default-libmysqlclient-dev': {}, + 'libffi-dev': {}, + 'libldap2-dev': {}, + 'libsasl2-dev': {}, + 'libssl-dev': {}, + 'libxml2-dev': {}, + 'libxmlsec1-dev': {}, + 'libxslt1-dev': {}, + 'pkg-config': {}, + 'python3-psycopg2': {}, + 'python3-wheel': {}, + }, + }, + 'users': { + 'powerdnsadmin': { + 'home': '/opt/powerdnsadmin', + }, + }, + 'postgresql': { + 'users': { + 'powerdnsadmin': { + 'password': repo.vault.password_for('{} postgresql powerdnsadmin'.format(node.name)), + }, + }, + 'databases': { + 'powerdnsadmin': { + 'owner': 'powerdnsadmin', + }, + }, + }, + +} diff --git a/nodes/gce/bind01.py b/nodes/gce/bind01.py index abe38f3..cb99b5c 100644 --- a/nodes/gce/bind01.py +++ b/nodes/gce/bind01.py @@ -1,7 +1,11 @@ -# ns-3.kunbox.net +# ns-1.kunbox.net # Frankfurt, Germany nodes['gce.bind01'] = { + 'bundles': { + 'nodejs', + 'powerdnsadmin', + }, 'groups': { 'dns', },