Commit 61687747 authored by Steve Weber's avatar Steve Weber
Browse files

rt1188402

parent 7ebb16a7
{% set rt_title='#1188402: create VM for Ubuntu 20 arch master' %}
{% set host='ubuntu2004-amd64' %}
{% set domain='math.private.uwaterloo.ca' %}
{% set fqdn=host + '.' + domain %}
{% set iprange='172.27.7_vlan422' %}
{% set vlan='422' %}
{{fqdn}}:
cloud_instance.present:
- profile: mfcf_salt-template-generic-linux
- profile_overrides:
resourcepool: salt_unassigned
folder: salt_staging
memory: 16GB
num_cpus: 4
devices:
network:
Network adapter 1:
name: VM-Data{{vlan}}
switch_type: distributed
#Network adapter 2:
# name: VM-Data140
# switch_type: distributed
disk:
Hard disk 1:
size: 100
thin_provision: True
- infoblox_host_record:
{{fqdn}}: {{salt.mfcf_tools.format_infoblox_helper(fqdn, ip=salt.mfcf_tools.nextavailableip(iprange), mac='{0[vm][devices][Network adapter 1][macAddress]}', bootfile='uefi')|json}}
- mfcf_inventory_host_record:
{{fqdn}}:
unit: MATH
equipmentType: Computer-Virtual
room:
barcode:
#-- general --
model:
vendor:
found:
#(RO)entered
purchaseOrder:
purchaseCost:
serialNumber:
fixedAssetTag:
warrantyStart:
warrantyStop:
accountNumber:
authUser:
adminContact:
purpose: production server
comments: '{{rt}}'
#-- hardware --
operatingSystem: Linux
processor:
cpuModel:
numberOfCPUs: 4
numberOfCores:
speed:
memory: 16 GB
#-- support --
groups: mfcf-staff
special: Normal
supportClass: All
sponsorCode: Math-Tech600
policyEight: Restricted
#-- machine room mapping (manual)
#-- maintenance
contractBegins:
contractEnds:
contractCost:
contractPurchaseOrder:
contractVendor:
contractAFF:
contractQuoteNumber:
#-- dns --
dns_admin: dns-math-admin@math.uwaterloo.ca
dns_contact: dns-math-admin@math.uwaterloo.ca
inv_mac: [
{
'macAddress': '{0[vm][devices][Network adapter 1][macAddress]}',
'macName': 'eth0',
},
]
inv_dns: [
{
'hostDomainName': '{{host}}',
'domain': '{{domain}}',
'ipAddress': '{0[dns][{{fqdn}}][ipv4addrs][0][ipv4addr]}',
'ipPurpose': 'primary',
'macAddress': '{0[vm][devices][Network adapter 1][macAddress]}',
},
]
<!DOCTYPE html>
<html>
<head>
<meta content="text/html;charset=utf-8" http-equiv="Content-Type">
<meta content="utf-8" http-equiv="encoding">
<title>Issue</title>
</head>
<body>
<h1>Oops</h1>
<p>Sorry, because of maintainance or an issue this service is temporarily offline.</p>
<p>We are likely aware of the issue and actively working on the solution.</p>
<p>Please reload this page or try again in 15 minutes.<p>
</body>
<pre>
,
,-. _,---._ __ / \
/ ) .-' `./ / \
( ( ,' `/ /|
\ `-" \'\ / |
`. , \ \ / |
/`. ,'-`----Y |
( ; | '
| ,-. ,-' | /
| | ( | | /
) | \ `.___________|/
`--' `--'
</pre>
</html>
# salt managed
{{ vars.htpasswd_content }}
<!DOCTYPE html>
<html>
<head>
<title>Issue</title>
</head>
<body>
<h1>Oops</h1>
<p>Sorry, because of maintainance or an issue this service is temporarily offline.</p>
<p>We are likely aware of the issue and actively working on the solution.</p>
<p>Please reload this page or try again in 15 minutes.<p>
</body>
<pre>
,
,-. _,---._ __ / \
/ ) .-' `./ / \
( ( ,' `/ /|
\ `-" \'\ / |
`. , \ \ / |
/`. ,'-`----Y |
( ; | '
| ,-. ,-' | /
| | ( | | /
) | \ `.___________|/
`--' `--'
</pre>
</html>
{%- from 'uwl/nginx/init.sls' import vars as _nginx -%}
user {{_nginx.user}};
worker_processes auto;
pid {{_nginx.pid}};
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1000;
}
http {
include mime.types;
default_type application/octet-stream;
# send logs to journal
error_log stderr;
access_log syslog:server=unix:/dev/log;
gzip on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
upstream backend {
server 127.0.0.1:8000;
}
server {
listen 80;
server_name {{vars.server_name}};
return 307 https://$server_name$request_uri;
}
# configuration of the server
server {
listen 443 ssl;
server_name {{vars.server_name}};
charset utf-8;
ssl_certificate {{vars.ssl_certificate_pem}};
ssl_certificate_key {{vars.ssl_certificate_key}};
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_ciphers 'AES128+EECDH:EECDH+AESGCM:AES256+EECDH';
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
# fix: 400 Request Header Or Cookie Too Large
large_client_header_buffers 4 16k;
# max upload size
client_max_body_size 75M;
client_body_timeout 10;
client_header_timeout 10;
# hide nginx version headers
server_tokens off;
location /media {
alias {{vars.dir_vol}}/media;
}
location /static {
alias {{vars.dir_vol}}/static;
}
{% if vars.favicon %}
location = /favicon.ico {
alias {{vars.favicon}};
}
{%- endif %}
{%- if vars.error_page %}
error_page 404 504 502 /custom_error.html;
location = /custom_error.html {
root /usr/share/nginx/html;
internal;
}
{%- endif %}
location / {
{%- if vars.htpasswd_enabled %}
auth_basic "Admin Access";
auth_basic_user_file {{vars.htpasswd_path}};
{%- endif %}
gzip_proxied any;
add_header Front-End-Https on;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains";
#add_header Content-Security-Policy "default-src https: http: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:";
#add_header Content-Security-Policy-Report-Only "default-src https: http: 'unsafe-inline' 'unsafe-eval';";
add_header X-Nginx-Cache $upstream_cache_status;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Cache-Status $upstream_cache_status;
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
# ------ VARS ------
{% from 'uwl/nginx/init.sls' import vars as _nginx %}
{% load_yaml as vars %}
default:
config_file: {{_nginx.config_file}}
source: salt://{{tpldir}}/_data/nginx.conf
#server_name: {{grains.fqdn}}
ssl_certificate_key: /etc/ssl/private/ssl-cert-snakeoil.key
ssl_certificate_pem: /etc/ssl/certs/ssl-cert-snakeoil.pem
uwsgi_pass: 127.0.0.1:8000
error_page: {{_nginx.http_root}}/custom_error.html
error_page_source: salt://{{tpldir}}/_data/error.html
favicon: {{_nginx.http_root}}/custom_favicon.ico
favicon_source: salt://{{tpldir}}/_data/favicon.ico
htpasswd_enabled: True
htpasswd_path: /etc/htpasswd
htpasswd_content: |
qa:{PLAIN}qa
{% endload %}
{% set vars = salt.uwl.solve_vars(vars, tplfile) %}
# ------------------
include:
- {{_nginx.sls}}
{% if vars.error_page %}
{{sls}} error_page:
file.managed:
- name: {{vars.error_page}}
- source: {{vars.error_page_source}}
- template: jinja
- context:
vars: {{vars|json}}
- mode: '0644'
{%- endif %}
{%- if vars.htpasswd_enabled %}
{{sls}} htpasswd:
file.managed:
- name: {{vars.htpasswd_path}}
- template: jinja
- contents: {{vars.htpasswd_content}}
- context:
vars: {{vars|json}}
- mode: '0644'
- watch_in:
- service: {{_nginx.sls}}
{%- endif %}
{% if vars.favicon %}
{{sls}} - favicon:
file.managed:
- name: {{vars.favicon}}
- source: {{vars.favicon_source}}
- template: jinja
- context:
vars: {{vars|json}}
- mode: '0644'
- watch_in:
- service: {{_nginx.sls}}
{%- endif %}
{{sls}} config:
file.managed:
- name: {{vars.config_file}}
- source: {{vars.source}}
- template: jinja
- context:
vars: {{vars|json}}
- mode: '0644'
- watch_in:
- service: {{_nginx.sls}}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment