├── .gitignore ├── data └── salt │ ├── pillars │ ├── base │ │ ├── ssh │ │ │ └── init.sls │ │ ├── top.sls │ │ ├── salt │ │ │ └── init.sls │ │ └── runbook │ │ │ ├── init.sls │ │ │ └── servers │ │ │ └── salt.sls │ └── runbook │ │ ├── mandrill │ │ └── init.sls │ │ ├── stathat │ │ └── init.sls │ │ ├── redis │ │ └── init.sls │ │ ├── mailchimp │ │ └── init.sls │ │ ├── runbook │ │ ├── bridge │ │ │ ├── init.sls │ │ │ └── mgmt.sls │ │ ├── actions │ │ │ └── broker │ │ │ │ └── init.sls │ │ ├── monitors │ │ │ ├── broker │ │ │ │ └── init.sls │ │ │ └── control │ │ │ │ └── init.sls │ │ └── web │ │ │ └── init.sls │ │ ├── rethinkdb │ │ └── init.sls │ │ ├── general │ │ ├── hosts.sls │ │ └── init.sls │ │ └── top.sls │ ├── states │ ├── base │ │ ├── users │ │ │ ├── init.sls │ │ │ ├── config │ │ │ │ └── .vimrc │ │ │ └── devops.sls │ │ ├── pip │ │ │ └── init.sls │ │ ├── timezone │ │ │ └── init.sls │ │ ├── git │ │ │ └── init.sls │ │ ├── unzip │ │ │ └── init.sls │ │ ├── wget │ │ │ └── init.sls │ │ ├── screen │ │ │ └── init.sls │ │ ├── iotop │ │ │ └── init.sls │ │ ├── iptables │ │ │ └── init.sls │ │ ├── manpages │ │ │ └── init.sls │ │ ├── telnet │ │ │ └── init.sls │ │ ├── rdiff-backup │ │ │ └── init.sls │ │ ├── salt │ │ │ ├── config │ │ │ │ └── etc │ │ │ │ │ ├── salt │ │ │ │ │ ├── master.d │ │ │ │ │ │ ├── logging.conf │ │ │ │ │ │ ├── file_ignore_regex.conf │ │ │ │ │ │ ├── file_roots.conf │ │ │ │ │ │ ├── pillar_roots.conf │ │ │ │ │ │ ├── salt-api.conf │ │ │ │ │ │ └── reactor.conf │ │ │ │ │ └── minion.d │ │ │ │ │ │ └── master.conf │ │ │ │ │ └── cron.d │ │ │ │ │ ├── salt-batchstate │ │ │ │ │ └── salt-provisionnew │ │ │ ├── init.sls │ │ │ └── master.sls │ │ ├── vimrc │ │ │ ├── config │ │ │ │ └── root │ │ │ │ │ └── .vimrc │ │ │ └── init.sls │ │ ├── ntpd │ │ │ └── init.sls │ │ ├── sysdig │ │ │ ├── config │ │ │ │ └── etc │ │ │ │ │ └── apt │ │ │ │ │ ├── sources.list.d │ │ │ │ │ └── draios.list │ │ │ │ │ └── trusted.gpg.d │ │ │ │ │ └── draios.gpg │ │ │ └── init.sls │ │ ├── groups │ │ │ ├── config │ │ │ │ └── etc │ │ │ │ │ └── sudoers.d │ │ │ │ │ └── devops.conf │ │ │ └── init.sls │ │ ├── datadir │ │ │ └── init.sls │ │ ├── scripts │ │ │ ├── init.sls │ │ │ └── config │ │ │ │ └── root │ │ │ │ └── scripts │ │ │ │ ├── docker-kill.sh │ │ │ │ ├── docker-clean.sh │ │ │ │ ├── solo.py │ │ │ │ ├── copy-truncate.py │ │ │ │ └── compare_dirs.py │ │ ├── ssh │ │ │ └── init.sls │ │ ├── swap │ │ │ └── init.sls │ │ ├── nagios-scripts │ │ │ └── init.sls │ │ ├── sysstat │ │ │ ├── config │ │ │ │ └── etc │ │ │ │ │ ├── cron.d │ │ │ │ │ └── sysstat │ │ │ │ │ ├── sysstat │ │ │ │ │ └── sysstat │ │ │ │ │ └── default │ │ │ │ │ └── sysstat │ │ │ └── init.sls │ │ ├── dockerio │ │ │ └── init.sls │ │ └── top.sls │ └── runbook │ │ ├── runbook │ │ ├── web │ │ │ ├── config │ │ │ │ ├── nginx │ │ │ │ │ ├── conf.d │ │ │ │ │ │ └── uwsgi.conf │ │ │ │ │ ├── globals │ │ │ │ │ │ ├── uwsgi.conf │ │ │ │ │ │ └── htmlglobal.conf │ │ │ │ │ ├── sites-enabled │ │ │ │ │ │ ├── status.conf │ │ │ │ │ │ ├── httpsonlytemplate.conf │ │ │ │ │ │ └── uwsgitemplate.conf │ │ │ │ │ └── nginx.conf │ │ │ │ ├── uwsgi.cfg │ │ │ │ ├── stunnel-client.tmpl │ │ │ │ ├── actioner.yml │ │ │ │ ├── genstatic.py │ │ │ │ ├── supervisord.conf │ │ │ │ ├── Dockerfile │ │ │ │ └── web.cfg │ │ │ └── init.sls │ │ ├── actions │ │ │ ├── broker │ │ │ │ ├── config │ │ │ │ │ ├── broker.yml │ │ │ │ │ ├── stunnel-server.tmpl │ │ │ │ │ ├── supervisord.conf │ │ │ │ │ └── Dockerfile │ │ │ │ └── init.sls │ │ │ └── actioner │ │ │ │ ├── config │ │ │ │ ├── stunnel-client.tmpl │ │ │ │ ├── supervisord.conf │ │ │ │ ├── Dockerfile │ │ │ │ └── actioner.yml │ │ │ │ └── init.sls │ │ ├── monitors │ │ │ ├── broker │ │ │ │ ├── config │ │ │ │ │ ├── broker.yml │ │ │ │ │ ├── stunnel-server.tmpl │ │ │ │ │ ├── supervisord.conf │ │ │ │ │ └── Dockerfile │ │ │ │ └── init.sls │ │ │ ├── worker │ │ │ │ ├── config │ │ │ │ │ ├── worker.yml │ │ │ │ │ ├── stunnel-client.tmpl │ │ │ │ │ ├── supervisord.conf │ │ │ │ │ └── Dockerfile │ │ │ │ └── init.sls │ │ │ └── control │ │ │ │ ├── config │ │ │ │ ├── stunnel-client.tmpl │ │ │ │ ├── control.yml │ │ │ │ ├── supervisord.conf │ │ │ │ └── Dockerfile │ │ │ │ └── init.sls │ │ ├── init.sls │ │ └── bridge │ │ │ ├── config │ │ │ ├── mgmtrun.sh │ │ │ ├── stunnel-client.tmpl │ │ │ ├── supervisord.conf │ │ │ ├── Dockerfile │ │ │ └── bridge.yml │ │ │ └── init.sls │ │ ├── supervisor │ │ ├── config │ │ │ ├── etc │ │ │ │ └── cron.d │ │ │ │ │ └── docker-kill │ │ │ └── supervisord.tmpl │ │ └── init.sls │ │ ├── appgroups │ │ └── rethinkdb.sls │ │ ├── certs │ │ ├── init.sls │ │ ├── redis.sls │ │ ├── rethink.sls │ │ ├── web.sls │ │ ├── bridge.sls │ │ ├── actions │ │ │ ├── broker │ │ │ │ └── init.sls │ │ │ └── actioner │ │ │ │ └── init.sls │ │ ├── monitors │ │ │ ├── broker │ │ │ │ └── init.sls │ │ │ ├── control │ │ │ │ └── init.sls │ │ │ └── worker │ │ │ │ └── init.sls │ │ └── config │ │ │ └── data │ │ │ └── ssl │ │ │ ├── cert.pem │ │ │ └── key.pem │ │ ├── appusers │ │ └── rethinkdb.sls │ │ ├── redis │ │ ├── config │ │ │ ├── stunnel-server.tmpl │ │ │ ├── supervisord.conf │ │ │ ├── Dockerfile │ │ │ └── redis.conf │ │ └── init.sls │ │ ├── rethinkdb │ │ ├── config │ │ │ ├── stunnel-server.tmpl │ │ │ ├── stunnel-client.tmpl │ │ │ ├── rethink.tmpl │ │ │ ├── supervisord.conf │ │ │ └── Dockerfile │ │ └── init.sls │ │ └── top.sls │ └── reactor │ ├── minions │ └── key │ │ ├── accept.sls │ │ ├── delete.sls │ │ └── init.sls │ ├── cmd │ ├── run.sls │ └── script.sls │ ├── init.sls │ ├── services │ ├── stop.sls │ ├── reload.sls │ ├── start.sls │ ├── restart.sls │ └── init.sls │ └── states │ └── highstate.sls ├── .gitattributes ├── servers.yaml ├── copyit.sh ├── README.md ├── Vagrantfile └── LICENSE /.gitignore: -------------------------------------------------------------------------------- 1 | .vagrant 2 | runbook-secretops 3 | -------------------------------------------------------------------------------- /data/salt/pillars/base/ssh/init.sls: -------------------------------------------------------------------------------- 1 | ssh_port: 22 2 | -------------------------------------------------------------------------------- /data/salt/states/base/users/init.sls: -------------------------------------------------------------------------------- 1 | ubuntu: 2 | user.absent 3 | -------------------------------------------------------------------------------- /data/salt/states/base/pip/init.sls: -------------------------------------------------------------------------------- 1 | python-pip: 2 | pkg.installed 3 | -------------------------------------------------------------------------------- /data/salt/states/base/timezone/init.sls: -------------------------------------------------------------------------------- 1 | GMT: 2 | timezone.system 3 | -------------------------------------------------------------------------------- /data/salt/states/base/git/init.sls: -------------------------------------------------------------------------------- 1 | git: 2 | pkg: 3 | - installed 4 | -------------------------------------------------------------------------------- /data/salt/states/base/unzip/init.sls: -------------------------------------------------------------------------------- 1 | unzip: 2 | pkg: 3 | - installed 4 | -------------------------------------------------------------------------------- /data/salt/states/base/wget/init.sls: -------------------------------------------------------------------------------- 1 | wget: 2 | pkg: 3 | - installed 4 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/mandrill/init.sls: -------------------------------------------------------------------------------- 1 | mandrill: 2 | api_key: update_me 3 | -------------------------------------------------------------------------------- /data/salt/states/base/screen/init.sls: -------------------------------------------------------------------------------- 1 | screen: 2 | pkg: 3 | - installed 4 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.py linguist-language=Python 2 | *.sls linguist-language=SaltStack 3 | -------------------------------------------------------------------------------- /data/salt/states/base/iotop/init.sls: -------------------------------------------------------------------------------- 1 | iotop: 2 | pkg: 3 | - installed 4 | 5 | 6 | -------------------------------------------------------------------------------- /data/salt/states/base/iptables/init.sls: -------------------------------------------------------------------------------- 1 | iptables: 2 | pkg: 3 | - installed 4 | -------------------------------------------------------------------------------- /data/salt/states/base/manpages/init.sls: -------------------------------------------------------------------------------- 1 | manpages: 2 | pkg: 3 | - installed 4 | -------------------------------------------------------------------------------- /data/salt/states/base/telnet/init.sls: -------------------------------------------------------------------------------- 1 | 2 | telnet: 3 | pkg: 4 | - installed 5 | -------------------------------------------------------------------------------- /data/salt/states/base/rdiff-backup/init.sls: -------------------------------------------------------------------------------- 1 | rdiff-backup: 2 | pkg: 3 | - installed 4 | -------------------------------------------------------------------------------- /data/salt/states/base/salt/config/etc/salt/master.d/logging.conf: -------------------------------------------------------------------------------- 1 | log_level_logfile: info 2 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/stathat/init.sls: -------------------------------------------------------------------------------- 1 | stathat_ezkey: updateme 2 | stathat_env: Develop 3 | -------------------------------------------------------------------------------- /data/salt/states/base/users/config/.vimrc: -------------------------------------------------------------------------------- 1 | set tabstop=2 2 | set shiftwidth=2 3 | set expandtab 4 | -------------------------------------------------------------------------------- /data/salt/pillars/base/top.sls: -------------------------------------------------------------------------------- 1 | base: 2 | '*': 3 | - ssh 4 | - salt 5 | # - runbook 6 | -------------------------------------------------------------------------------- /data/salt/states/base/vimrc/config/root/.vimrc: -------------------------------------------------------------------------------- 1 | set tabstop=2 2 | set shiftwidth=2 3 | set expandtab 4 | -------------------------------------------------------------------------------- /data/salt/pillars/base/salt/init.sls: -------------------------------------------------------------------------------- 1 | saltmasters: 2 | - 192.168.36.14 3 | saltapi: 4 | port: 9000 5 | -------------------------------------------------------------------------------- /data/salt/states/base/ntpd/init.sls: -------------------------------------------------------------------------------- 1 | ntp: 2 | pkg: 3 | - installed 4 | service: 5 | - running 6 | -------------------------------------------------------------------------------- /data/salt/pillars/base/runbook/init.sls: -------------------------------------------------------------------------------- 1 | include: 2 | - runbook.servers.{{ grains['nodename']|replace(".","_") }} 3 | -------------------------------------------------------------------------------- /data/salt/states/base/salt/config/etc/salt/master.d/file_ignore_regex.conf: -------------------------------------------------------------------------------- 1 | file_ignore_regex: 2 | - '/\.git($|/)' 3 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/redis/init.sls: -------------------------------------------------------------------------------- 1 | redis: 2 | exposed_port: 6379 3 | local_port: 6380 4 | pass: N33dmoarR3di5 5 | -------------------------------------------------------------------------------- /data/salt/states/base/sysdig/config/etc/apt/sources.list.d/draios.list: -------------------------------------------------------------------------------- 1 | deb http://download.draios.com/stable/deb stable-$(ARCH)/ 2 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/nginx/conf.d/uwsgi.conf: -------------------------------------------------------------------------------- 1 | upstream runweb { 2 | server unix://tmp/crweb.sock; 3 | } 4 | -------------------------------------------------------------------------------- /data/salt/states/runbook/supervisor/config/etc/cron.d/docker-kill: -------------------------------------------------------------------------------- 1 | * * * * * root /root/scripts/docker-kill.sh 2>&1 > /dev/null 2 | -------------------------------------------------------------------------------- /data/salt/states/base/groups/config/etc/sudoers.d/devops.conf: -------------------------------------------------------------------------------- 1 | ## Give DevOps A Power Level of 9000 2 | %devops ALL=(ALL:ALL) ALL 3 | -------------------------------------------------------------------------------- /data/salt/states/runbook/appgroups/rethinkdb.sls: -------------------------------------------------------------------------------- 1 | rethinkdb-group: 2 | group.present: 3 | - name: rethinkdb 4 | - gid: 600 5 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/mailchimp/init.sls: -------------------------------------------------------------------------------- 1 | mailchimp: 2 | api_key: update_me 3 | list_id: 123456 4 | api_url: http://localhost/stuff 5 | -------------------------------------------------------------------------------- /data/salt/states/base/salt/config/etc/salt/minion.d/master.conf: -------------------------------------------------------------------------------- 1 | master: 2 | {% for master in saltmasters %} 3 | - {{ master }} 4 | {% endfor %} 5 | -------------------------------------------------------------------------------- /data/salt/states/base/salt/config/etc/cron.d/salt-batchstate: -------------------------------------------------------------------------------- 1 | */5 * * * * root /root/scripts/solo.py -port=65000 /usr/bin/salt -b 1 '*' state.highstate > /dev/null 2>&1 2 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/nginx/globals/uwsgi.conf: -------------------------------------------------------------------------------- 1 | location / { 2 | uwsgi_read_timeout 30; 3 | include uwsgi_params; 4 | uwsgi_pass runweb; 5 | } 6 | -------------------------------------------------------------------------------- /data/salt/states/base/salt/config/etc/salt/master.d/file_roots.conf: -------------------------------------------------------------------------------- 1 | file_roots: 2 | base: 3 | - /data/salt/states/base 4 | runbook: 5 | - /data/salt/states/runbook 6 | -------------------------------------------------------------------------------- /data/salt/states/base/datadir/init.sls: -------------------------------------------------------------------------------- 1 | /data: 2 | file.directory: 3 | - user: root 4 | - group: root 5 | - file_mode: 644 6 | - dir_mode: 755 7 | - makedirs: True 8 | -------------------------------------------------------------------------------- /data/salt/states/base/salt/config/etc/salt/master.d/pillar_roots.conf: -------------------------------------------------------------------------------- 1 | pillar_roots: 2 | base: 3 | - /data/salt/pillars/base 4 | runbook: 5 | - /data/salt/pillars/runbook 6 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/runbook/bridge/init.sls: -------------------------------------------------------------------------------- 1 | bridge: 2 | queues: 3 | dc01: dc1queue 4 | dc02: dc2queue 5 | dc03: dc3queue 6 | dc04: dc4queue 7 | dc05: dc5queue 8 | -------------------------------------------------------------------------------- /data/salt/states/base/sysdig/config/etc/apt/trusted.gpg.d/draios.gpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Runbook/runbook-ops/HEAD/data/salt/states/base/sysdig/config/etc/apt/trusted.gpg.d/draios.gpg -------------------------------------------------------------------------------- /data/salt/states/base/vimrc/init.sls: -------------------------------------------------------------------------------- 1 | /root/.vimrc: 2 | file: 3 | - managed 4 | - source: salt://vimrc/config/root/.vimrc 5 | - user: root 6 | - group: root 7 | - mode: 644 8 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/actions/broker/config/broker.yml: -------------------------------------------------------------------------------- 1 | sink_ip: 127.0.0.1 2 | sink_port: {{ local_sink_port }} 3 | sink_worker_port: {{ local_actioner_port }} 4 | use_syslog: False 5 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/runbook/actions/broker/init.sls: -------------------------------------------------------------------------------- 1 | action_broker: 2 | exposed_sink_port: 5900 3 | exposed_actioner_port: 5901 4 | local_sink_port: 6000 5 | local_actioner_port: 6001 6 | -------------------------------------------------------------------------------- /data/salt/states/base/salt/config/etc/cron.d/salt-provisionnew: -------------------------------------------------------------------------------- 1 | */10 * * * * root /root/scripts/solo.py -port=65001 /usr/bin/salt-ssh --priv=/root/.ssh/id_rsa '*' -i state.sls salt > /dev/null 2>&1 2 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/runbook/monitors/broker/init.sls: -------------------------------------------------------------------------------- 1 | monitor_broker: 2 | exposed_control_port: 5700 3 | exposed_worker_port: 5701 4 | local_control_port: 5800 5 | local_worker_port: 5801 6 | -------------------------------------------------------------------------------- /data/salt/states/runbook/certs/init.sls: -------------------------------------------------------------------------------- 1 | /data/ssl: 2 | file.recurse: 3 | - source: salt://certs/config/data/ssl 4 | - user: root 5 | - group: root 6 | - dir_mode: 700 7 | - file_mode: 600 8 | -------------------------------------------------------------------------------- /data/salt/states/runbook/certs/redis.sls: -------------------------------------------------------------------------------- 1 | /data/redis/config/ssl: 2 | file.recurse: 3 | - source: salt://certs/config/data/ssl 4 | - user: root 5 | - group: root 6 | - dir_mode: 700 7 | - file_mode: 600 8 | -------------------------------------------------------------------------------- /data/salt/pillars/base/runbook/servers/salt.sls: -------------------------------------------------------------------------------- 1 | webhooks: 2 | reboot: 3 | url: http://example.com/reboot 4 | key: asdflkjasdlfjasklj 5 | general: 6 | url: http://example.com/general 7 | key: asdflkjasdlfjasklj 8 | -------------------------------------------------------------------------------- /data/salt/states/runbook/certs/rethink.sls: -------------------------------------------------------------------------------- 1 | /data/rethinkdb/config/ssl: 2 | file.recurse: 3 | - source: salt://certs/config/data/ssl 4 | - user: root 5 | - group: root 6 | - dir_mode: 700 7 | - file_mode: 600 8 | -------------------------------------------------------------------------------- /data/salt/states/runbook/certs/web.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/web/config/ssl: 2 | file.recurse: 3 | - source: salt://certs/config/data/ssl 4 | - user: root 5 | - group: root 6 | - dir_mode: 700 7 | - file_mode: 600 8 | -------------------------------------------------------------------------------- /data/salt/states/runbook/certs/bridge.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/bridge/config/ssl: 2 | file.recurse: 3 | - source: salt://certs/config/data/ssl 4 | - user: root 5 | - group: root 6 | - dir_mode: 700 7 | - file_mode: 600 8 | -------------------------------------------------------------------------------- /data/salt/states/runbook/certs/actions/broker/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/actions/broker/config/ssl: 2 | file.recurse: 3 | - source: salt://certs/config/data/ssl 4 | - user: root 5 | - group: root 6 | - dir_mode: 700 7 | - file_mode: 600 8 | -------------------------------------------------------------------------------- /data/salt/states/base/salt/config/etc/salt/master.d/salt-api.conf: -------------------------------------------------------------------------------- 1 | rest_cherrypy: 2 | port: {{ saltapi['port'] }} 3 | host: 0.0.0.0 4 | ssl_crt: /data/ssl/cert.pem 5 | ssl_key: /data/ssl/key.pem 6 | webhook_disable_auth: True 7 | webhook_url: /hook 8 | -------------------------------------------------------------------------------- /data/salt/states/runbook/certs/actions/actioner/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/actions/actioner/config/ssl: 2 | file.recurse: 3 | - source: salt://certs/config/data/ssl 4 | - user: root 5 | - group: root 6 | - dir_mode: 700 7 | - file_mode: 600 8 | -------------------------------------------------------------------------------- /data/salt/states/runbook/certs/monitors/broker/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/monitors/broker/config/ssl: 2 | file.recurse: 3 | - source: salt://certs/config/data/ssl 4 | - user: root 5 | - group: root 6 | - dir_mode: 700 7 | - file_mode: 600 8 | -------------------------------------------------------------------------------- /data/salt/states/runbook/certs/monitors/control/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/monitors/control/config/ssl: 2 | file.recurse: 3 | - source: salt://certs/config/data/ssl 4 | - user: root 5 | - group: root 6 | - dir_mode: 700 7 | - file_mode: 600 8 | -------------------------------------------------------------------------------- /data/salt/states/runbook/certs/monitors/worker/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/monitors/worker/config/ssl: 2 | file.recurse: 3 | - source: salt://certs/config/data/ssl 4 | - user: root 5 | - group: root 6 | - dir_mode: 700 7 | - file_mode: 600 8 | -------------------------------------------------------------------------------- /data/salt/reactor/minions/key/accept.sls: -------------------------------------------------------------------------------- 1 | {% set postdata = data.get('post', {}) %} 2 | 3 | {% if postdata.secretkey == "PICKSOMETHINGBETTERPLZKTHX" %} 4 | minion_key_accept: 5 | wheel.key.accept: 6 | - match: '{{ postdata.minion }}' 7 | {% endif %} 8 | 9 | -------------------------------------------------------------------------------- /data/salt/reactor/minions/key/delete.sls: -------------------------------------------------------------------------------- 1 | {% set postdata = data.get('post', {}) %} 2 | 3 | {% if postdata.secretkey == "PICKSOMETHINGBETTERPLZKTHX" %} 4 | minion_key_delete: 5 | wheel.key.delete: 6 | - match: '{{ postdata.minion }}' 7 | {% endif %} 8 | 9 | -------------------------------------------------------------------------------- /data/salt/states/runbook/appusers/rethinkdb.sls: -------------------------------------------------------------------------------- 1 | rethinkuser: 2 | user.present: 3 | - name: rethinkdb 4 | - fullname: RethinkDB 5 | - shell: /usr/sbin/nologin 6 | - home: /home/rethinkdb 7 | - createhome: True 8 | - uid: 3000 9 | - gid: 600 10 | -------------------------------------------------------------------------------- /data/salt/states/base/scripts/init.sls: -------------------------------------------------------------------------------- 1 | /root/scripts: 2 | file.recurse: 3 | - source: salt://scripts/config/root/scripts 4 | - user: root 5 | - group: root 6 | - file_mode: 750 7 | - dir_mode: 750 8 | - include_empty: True 9 | - makedirs: True 10 | -------------------------------------------------------------------------------- /data/salt/states/runbook/supervisor/config/supervisord.tmpl: -------------------------------------------------------------------------------- 1 | [program:{{ container['name'] }}] 2 | command = /usr/bin/docker run --rm=True {{ container['docker_args'] }} 3 | autostart = true 4 | autorestart = true 5 | startretries = 9999999 6 | user = root 7 | group = root 8 | umask = 022 9 | -------------------------------------------------------------------------------- /data/salt/reactor/minions/key/init.sls: -------------------------------------------------------------------------------- 1 | {% set postdata = data.get('post', {}) %} 2 | 3 | {% if postdata.secretkey == "PICKSOMETHINGBETTERPLZKTHX" %} 4 | minion_key_{{ postdata.function }}: 5 | wheel.key.{{ postdata.function }}: 6 | - match: '{{ postdata.minion }}' 7 | {% endif %} 8 | 9 | -------------------------------------------------------------------------------- /data/salt/states/base/groups/init.sls: -------------------------------------------------------------------------------- 1 | devops: 2 | group.present: 3 | - gid: 700 4 | - order: 3 5 | 6 | /etc/sudoers.d/devops: 7 | file.managed: 8 | - source: salt://groups/config/etc/sudoers.d/devops.conf 9 | - user: root 10 | - group: root 11 | - mode: 440 12 | -------------------------------------------------------------------------------- /data/salt/states/base/ssh/init.sls: -------------------------------------------------------------------------------- 1 | ssh: 2 | service: 3 | - running 4 | - enable: True 5 | - watch: 6 | - file: /etc/ssh/sshd_config 7 | 8 | /etc/ssh/sshd_config: 9 | file.replace: 10 | - pattern: | 11 | Port 22 12 | - repl: | 13 | Port {{ pillar['ssh_port'] }} 14 | 15 | -------------------------------------------------------------------------------- /data/salt/states/base/swap/init.sls: -------------------------------------------------------------------------------- 1 | make_a_swap: 2 | cmd.run: 3 | - name: | 4 | dd if=/dev/zero of=/.swap bs=1M count=4096 && mkswap /.swap 5 | - unless: file /.swap 2>&1 | grep -q "swap file" 6 | 7 | /.swap: 8 | mount.swap: 9 | - persist: True 10 | - require: 11 | - cmd: make_a_swap 12 | -------------------------------------------------------------------------------- /data/salt/states/runbook/redis/config/stunnel-server.tmpl: -------------------------------------------------------------------------------- 1 | cert = /config/cert.pem 2 | key = /config/key.pem 3 | foreground = yes 4 | socket = l:TCP_NODELAY=1 5 | socket = r:TCP_NODELAY=1 6 | TIMEOUTclose = 0 7 | 8 | [redis-{{ exposed_port }}] 9 | accept = 0.0.0.0:{{ exposed_port }} 10 | connect = 127.0.0.1:{{ local_port }} 11 | -------------------------------------------------------------------------------- /data/salt/states/runbook/supervisor/init.sls: -------------------------------------------------------------------------------- 1 | supervisor: 2 | pkg: 3 | - installed 4 | service: 5 | - running 6 | - enable: True 7 | 8 | /etc/cron.d/docker-kill: 9 | file.managed: 10 | - source: salt://supervisor/config/etc/cron.d/docker-kill 11 | - user: root 12 | - group: root 13 | - mode: 644 14 | -------------------------------------------------------------------------------- /data/salt/states/base/nagios-scripts/init.sls: -------------------------------------------------------------------------------- 1 | nagios-plugins-basic: 2 | pkg: 3 | - installed 4 | 5 | /usr/lib/nagios/plugins/check_logfiles: 6 | file.managed: 7 | - source: salt://nagios-scripts/deploy/usr/lib/nagios/plugins/check_logfiles 8 | - mode: 755 9 | - user: root 10 | - group: root 11 | - makedirs: True 12 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/broker/config/broker.yml: -------------------------------------------------------------------------------- 1 | ## Broker Configuration 2 | ## zMQ 3 | broker_ip: 127.0.0.1 4 | broker_control_port: {{ local_control_port }} 5 | broker_worker_port: {{ local_worker_port }} 6 | ## StatHat EZ Key 7 | stathat_key: {{ stathat_ezkey }} 8 | envname: [{{ stathat_env }}] 9 | ## Logging 10 | use_syslog: False 11 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook: 2 | file.directory: 3 | - user: root 4 | - group: root 5 | - mode: 700 6 | 7 | runbook_source: 8 | git.latest: 9 | - name: https://github.com/Runbook/runbook.git 10 | - rev: {{ pillar['git_branch'] }} 11 | - target: /data/runbook/code 12 | - require: 13 | - file: /data/runbook 14 | -------------------------------------------------------------------------------- /data/salt/reactor/cmd/run.sls: -------------------------------------------------------------------------------- 1 | {% set postdata = data.get('post', {}) %} 2 | 3 | {% if postdata.secretkey == "PICKSOMETHINGBETTERPLZKTHX" %} 4 | command_run: 5 | cmd.cmd.run: 6 | - tgt: '{{ postdata.tgt }}' 7 | {% if "matcher" in postdata %} 8 | - expr_form: {{ postdata.matcher }} 9 | {% endif %} 10 | - arg: 11 | - {{ postdata.args }} 12 | {% endif %} 13 | 14 | -------------------------------------------------------------------------------- /data/salt/reactor/init.sls: -------------------------------------------------------------------------------- 1 | {% set postdata = data.get('post', {}) %} 2 | 3 | {% if postdata.secretkey == "PICKSOMETHINGBETTERPLZKTHX" %} 4 | generic_init: 5 | cmd.{{ postdata.module }}: 6 | - tgt: '{{ postdata.tgt }}' 7 | {% if "matcher" in postdata %} 8 | - expr_form: {{ postdata.matcher }} 9 | {% endif %} 10 | - arg: 11 | - {{ postdata.args }} 12 | {% endif %} 13 | 14 | -------------------------------------------------------------------------------- /data/salt/reactor/services/stop.sls: -------------------------------------------------------------------------------- 1 | {% set postdata = data.get('post', {}) %} 2 | 3 | {% if postdata.secretkey == "PICKSOMETHINGBETTERPLZKTHX" %} 4 | services_stop: 5 | cmd.service.stop: 6 | - tgt: '{{ postdata.tgt }}' 7 | {% if "matcher" in postdata %} 8 | - expr_form: {{ postdata.matcher }} 9 | {% endif %} 10 | - arg: 11 | - {{ postdata.args }} 12 | {% endif %} 13 | 14 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/runbook/web/init.sls: -------------------------------------------------------------------------------- 1 | web: 2 | secret_key: update_me 3 | password_salt: update_me 4 | salty_password: update_me 5 | salt: update_me 6 | local_port: 8000 7 | stripe_pubkey: update_me 8 | asm_privkey: update_me 9 | stripe_privkey: update_me 10 | stripe_url: update_me 11 | asm_url: update_me 12 | zones: 13 | dc1queue: DevZone 1 14 | dc2queue: DevZone 2 15 | -------------------------------------------------------------------------------- /data/salt/reactor/services/reload.sls: -------------------------------------------------------------------------------- 1 | {% set postdata = data.get('post', {}) %} 2 | 3 | {% if postdata.secretkey == "PICKSOMETHINGBETTERPLZKTHX" %} 4 | services_reload: 5 | cmd.service.reload: 6 | - tgt: '{{ postdata.tgt }}' 7 | {% if "matcher" in postdata %} 8 | - expr_form: {{ postdata.matcher }} 9 | {% endif %} 10 | - arg: 11 | - {{ postdata.args }} 12 | {% endif %} 13 | 14 | -------------------------------------------------------------------------------- /data/salt/reactor/services/start.sls: -------------------------------------------------------------------------------- 1 | {% set postdata = data.get('post', {}) %} 2 | 3 | {% if postdata.secretkey == "PICKSOMETHINGBETTERPLZKTHX" %} 4 | services_start: 5 | cmd.service.start: 6 | - tgt: '{{ postdata.tgt }}' 7 | {% if "matcher" in postdata %} 8 | - expr_form: {{ postdata.matcher }} 9 | {% endif %} 10 | - arg: 11 | - {{ postdata.args }} 12 | {% endif %} 13 | 14 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/rethinkdb/init.sls: -------------------------------------------------------------------------------- 1 | rethink: 2 | db: "crdb" 3 | authkey: "RethinkDatabases" 4 | cluster: 5 | 192.168.36.12: 29015 6 | 192.168.36.13: 29016 7 | cluster_exposed_ports: 8 | rethinkdb-redis-dev-dc01-001: 29015 9 | rethinkdb-redis-dev-dc02-001: 29016 10 | cluster_local_ports: 11 | rethinkdb-redis-dev-dc01-001: 29115 12 | rethinkdb-redis-dev-dc02-001: 29116 13 | -------------------------------------------------------------------------------- /data/salt/reactor/services/restart.sls: -------------------------------------------------------------------------------- 1 | {% set postdata = data.get('post', {}) %} 2 | 3 | {% if postdata.secretkey == "PICKSOMETHINGBETTERPLZKTHX" %} 4 | services_restart: 5 | cmd.service.restart: 6 | - tgt: '{{ postdata.tgt }}' 7 | {% if "matcher" in postdata %} 8 | - expr_form: {{ postdata.matcher }} 9 | {% endif %} 10 | - arg: 11 | - {{ postdata.args }} 12 | {% endif %} 13 | 14 | -------------------------------------------------------------------------------- /data/salt/reactor/services/init.sls: -------------------------------------------------------------------------------- 1 | {% set postdata = data.get('post', {}) %} 2 | 3 | {% if postdata.secretkey == "PICKSOMETHINGBETTERPLZKTHX" %} 4 | service_init: 5 | cmd.service.{{ postdata.function }}: 6 | - tgt: '{{ postdata.tgt }}' 7 | {% if "matcher" in postdata %} 8 | - expr_form: {{ postdata.matcher }} 9 | {% endif %} 10 | - arg: 11 | - {{ postdata.args }} 12 | {% endif %} 13 | 14 | -------------------------------------------------------------------------------- /data/salt/reactor/cmd/script.sls: -------------------------------------------------------------------------------- 1 | {% set postdata = data.get('post', {}) %} 2 | 3 | {% if postdata.secretkey == "PICKSOMETHINGBETTERPLZKTHX" %} 4 | command_script: 5 | cmd.cmd.script: 6 | - tgt: '{{ postdata.tgt }}' 7 | {% if "matcher" in postdata %} 8 | - expr_form: {{ postdata.matcher }} 9 | {% endif %} 10 | - arg: 11 | - {{ postdata.script }} 12 | - {{ postdata.args }} 13 | {% endif %} 14 | 15 | -------------------------------------------------------------------------------- /data/salt/states/runbook/rethinkdb/config/stunnel-server.tmpl: -------------------------------------------------------------------------------- 1 | cert = /config/cert.pem 2 | key = /config/key.pem 3 | foreground = yes 4 | socket = l:TCP_NODELAY=1 5 | socket = r:TCP_NODELAY=1 6 | TIMEOUTclose = 0 7 | 8 | [rethink-{{ cluster_exposed_port }}] 9 | accept = 0.0.0.0:{{ cluster_exposed_port }} 10 | connect = 127.0.0.1:{{ cluster_local_port }} 11 | 12 | [rethink-28015] 13 | accept = 0.0.0.0:28015 14 | connect = 127.0.0.1:28115 15 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/general/hosts.sls: -------------------------------------------------------------------------------- 1 | hosts: 2 | {% if "dev" in grains['nodename'] %} 3 | {% if "dc01" in grains['nodename'] %} 4 | redis: 192.168.36.12 5 | monitor_broker: 6 | - 192.168.36.15 7 | {% endif %} 8 | {% if "dc02" in grains['nodename'] %} 9 | redis: 192.168.36.13 10 | monitor_broker: 11 | - 192.168.36.16 12 | {% endif %} 13 | actionbroker: 14 | - 192.168.36.15 15 | - 192.168.36.16 16 | {% endif %} 17 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/nginx/sites-enabled/status.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 127.0.0.1:9000; 3 | 4 | #Add a server_name entry for each mapped domain 5 | server_name localhost; 6 | 7 | ## 8 | # Status Page 9 | ## 10 | location /nginx_status { 11 | stub_status on; 12 | access_log off; 13 | allow 127.0.0.1; 14 | deny all; 15 | } 16 | 17 | root /usr/share/nginx/html/; 18 | } 19 | -------------------------------------------------------------------------------- /data/salt/reactor/states/highstate.sls: -------------------------------------------------------------------------------- 1 | {% set postdata = data.get('post', {}) %} 2 | 3 | {% if postdata.secretkey == "PICKSOMETHINGBETTERPLZKTHX" %} 4 | state_highstate: 5 | cmd.state.highstate: 6 | - tgt: '{{ postdata.tgt }}' 7 | {% if "matcher" in postdata %} 8 | - expr_form: {{ postdata.matcher }} 9 | {% endif %} 10 | {% if "args" in postdata %} 11 | - arg: 12 | - {{ postdata.args }} 13 | {% endif %} 14 | {% endif %} 15 | 16 | -------------------------------------------------------------------------------- /data/salt/states/runbook/rethinkdb/config/stunnel-client.tmpl: -------------------------------------------------------------------------------- 1 | cert = /config/cert.pem 2 | key = /config/key.pem 3 | foreground = yes 4 | client = yes 5 | socket = l:TCP_NODELAY=1 6 | socket = r:TCP_NODELAY=1 7 | TIMEOUTclose = 0 8 | 9 | {% for host, port in rethink_cluster.iteritems() %} 10 | {% if port != cluster_exposed_port %} 11 | [rethink-{{ host }}] 12 | accept = 127.0.0.1:{{ port }} 13 | connect = {{ host }}:{{ port }} 14 | {% endif %} 15 | {% endfor %} 16 | -------------------------------------------------------------------------------- /data/salt/states/base/sysstat/config/etc/cron.d/sysstat: -------------------------------------------------------------------------------- 1 | # The first element of the path is a directory where the debian-sa1 2 | # script is located 3 | PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin 4 | 5 | # Activity reports every 5 minutes everyday 6 | */5 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1 7 | 8 | # Additional run at 23:59 to rotate the statistics file 9 | 59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2 10 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/uwsgi.cfg: -------------------------------------------------------------------------------- 1 | [uwsgi] 2 | base = /src/web 3 | 4 | #location of the flask application file 5 | file = /src/web/web.py 6 | 7 | #uwsgi varible only, does not relate to your flask application 8 | callable = app 9 | 10 | #uwsgi plugins 11 | plugins = http,python 12 | 13 | pythonpath = %(base) 14 | #http = 127.0.0.1:8000 15 | socket = /tmp/crweb.sock 16 | chmod-socket = 666 17 | master = 1 18 | harakiri = 30 19 | need-app 20 | workers = 8 21 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/worker/config/worker.yml: -------------------------------------------------------------------------------- 1 | ## Worker Configuration 2 | ## zMQ 3 | broker_ip: 127.0.0.1 4 | broker_worker_port: {{ monitor_broker['local_worker_port'] }} 5 | ## StatHat EZ Key 6 | stathat_ez_key: {{ stathat_ezkey }} 7 | envname: [{{ stathat_env }}] 8 | ## Sink Config 9 | sink_ip: 127.0.0.1 10 | sink_port: {{ action_broker['local_sink_port'] }} 11 | ## Logging 12 | use_syslog: False 13 | ## Crypto 14 | crypto_key: "{{ runbook['crypto_key'] }}" 15 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/bridge/config/mgmtrun.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ## Management Script Runner for Production Docker instances 3 | # Start Stunnel 4 | # Run provided script 5 | 6 | ## Start Stunnel 7 | /usr/bin/stunnel4 /config/stunnel-client.conf & 8 | STUNNEL_PID=$(echo $$) 9 | 10 | ## Wait for Stunnel to Connect 11 | sleep 15 12 | 13 | ## Start Script 14 | echo "Running: $*" 15 | /usr/bin/python $* 16 | 17 | ## Clean up Stunnel 18 | echo "Killing Stunnel" 19 | kill $STUNNEL_PID 20 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/actions/broker/config/stunnel-server.tmpl: -------------------------------------------------------------------------------- 1 | cert = /config/cert.pem 2 | key = /config/key.pem 3 | foreground = yes 4 | socket = l:TCP_NODELAY=1 5 | socket = r:TCP_NODELAY=1 6 | TIMEOUTclose = 0 7 | 8 | 9 | [broker-{{ exposed_actioner_port }}] 10 | accept = 0.0.0.0:{{ exposed_actioner_port }} 11 | connect = 127.0.0.1:{{ local_actioner_port }} 12 | 13 | [broker-{{ exposed_sink_port }}] 14 | accept = 0.0.0.0:{{ exposed_sink_port }} 15 | connect = 127.0.0.1:{{ local_sink_port }} 16 | -------------------------------------------------------------------------------- /data/salt/states/base/dockerio/init.sls: -------------------------------------------------------------------------------- 1 | docker.io: 2 | pkgrepo: 3 | - managed 4 | - humanname: Docker Repo 5 | - name: deb https://get.docker.com/ubuntu docker main 6 | - keyserver: keyserver.ubuntu.com 7 | - keyid: 36A1D7869245C8950F966E92D8576A8BA88D21E9 8 | pkg: 9 | - installed 10 | 11 | docker: 12 | service: 13 | - running 14 | - enable: True 15 | 16 | docker-py: 17 | pip.installed: 18 | - name: docker-py < 0.5 19 | - require: 20 | - pkg: python-pip 21 | 22 | -------------------------------------------------------------------------------- /data/salt/states/base/scripts/config/root/scripts/docker-kill.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ## Quick and dirty saolution to clean up containers for supervisor 3 | ## Docker will restart containers but we want them to be managed by supervisor 4 | ## so some manual clean up may be required 5 | 6 | ## Get List of Container ID's 7 | CONTAINERS=$(/usr/bin/docker ps -a | grep Exited | awk '{print $1}') 8 | 9 | ## For each container id remove it 10 | for CID in $CONTAINERS 11 | do 12 | /usr/bin/docker rm --force $CID 13 | done 14 | -------------------------------------------------------------------------------- /data/salt/states/base/scripts/config/root/scripts/docker-clean.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ## Quicky Script to completely remove docker containers and images 3 | ## Very destructive only run if you know 4 | 5 | echo "Cleaning up containers" 6 | for container in `/usr/bin/docker ps -qa` 7 | do 8 | /usr/bin/docker rm --force $container 9 | done 10 | echo "----------------------------------" 11 | echo "Cleaning up images" 12 | for image in `/usr/bin/docker images -q` 13 | do 14 | /usr/bin/docker rmi --force $image 15 | done 16 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/broker/config/stunnel-server.tmpl: -------------------------------------------------------------------------------- 1 | cert = /config/cert.pem 2 | key = /config/key.pem 3 | foreground = yes 4 | socket = l:TCP_NODELAY=1 5 | socket = r:TCP_NODELAY=1 6 | TIMEOUTclose = 0 7 | 8 | [broker-worker-{{ exposed_worker_port }}] 9 | accept = 0.0.0.0:{{ exposed_worker_port }} 10 | connect = 127.0.0.1:{{ local_worker_port }} 11 | 12 | [broker-control-{{ exposed_control_port }}] 13 | accept = 0.0.0.0:{{ exposed_control_port }} 14 | connect = 127.0.0.1:{{ local_control_port }} 15 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/stunnel-client.tmpl: -------------------------------------------------------------------------------- 1 | cert = /config/cert.pem 2 | key = /config/key.pem 3 | foreground = yes 4 | client = yes 5 | socket = l:TCP_NODELAY=1 6 | socket = r:TCP_NODELAY=1 7 | TIMEOUTclose = 0 8 | 9 | [rethink-client] 10 | accept = 127.0.0.1:28015 11 | {% for host, port in rethink['cluster'].iteritems() %} 12 | connect = {{ host }}:28015 13 | {% endfor %} 14 | 15 | [redis-client] 16 | accept = 127.0.0.1:{{ redis['local_port'] }} 17 | connect = {{ hosts['redis'] }}:{{ redis['exposed_port'] }} 18 | -------------------------------------------------------------------------------- /data/salt/states/base/sysstat/config/etc/sysstat/sysstat: -------------------------------------------------------------------------------- 1 | # sysstat configuration file. 2 | 3 | # How long to keep log files (in days). 4 | # Used by sa2(8) script 5 | # If value is greater than 28, then log files are kept in 6 | # multiple directories, one for each month. 7 | HISTORY=31 8 | 9 | # Compress (using gzip or bzip2) sa and sar files older than (in days): 10 | COMPRESSAFTER=5 11 | 12 | # Parameters for the system activity data collector (see sadc manual page) 13 | # which are used for the generation of log files. 14 | SADC_OPTIONS="" 15 | 16 | -------------------------------------------------------------------------------- /data/salt/states/base/users/devops.sls: -------------------------------------------------------------------------------- 1 | testuser: 2 | user.present: 3 | - fullname: Sample User 4 | - shell: /bin/bash 5 | - home: /home/testuser 6 | - createhome: True 7 | - uid: 4001 8 | - gid: 100 9 | - password: SAMPLEONLYTHISSHOULDBEASALTENCRYPTEDVALUE 10 | - enforce_password: True 11 | - groups: 12 | - adm 13 | - devops 14 | - users 15 | 16 | /home/testuser/.vimrc: 17 | file.managed: 18 | - source: salt://users/config/.vimrc 19 | - user: testuser 20 | - group: devops 21 | - mode: 644 22 | -------------------------------------------------------------------------------- /data/salt/states/base/top.sls: -------------------------------------------------------------------------------- 1 | base: 2 | '*': 3 | - pip 4 | - swap 5 | - datadir 6 | - dockerio 7 | - git 8 | - groups 9 | - iotop 10 | - iptables 11 | - manpages 12 | - nagios-scripts 13 | - ntpd 14 | - rdiff-backup 15 | - salt 16 | - screen 17 | - scripts 18 | - ssh 19 | - sysdig 20 | - sysstat 21 | - telnet 22 | - timezone 23 | - unzip 24 | - users 25 | - users.devops 26 | - vimrc 27 | - wget 28 | 'salt*': 29 | - salt.master 30 | 'all*': 31 | - salt.master 32 | -------------------------------------------------------------------------------- /data/salt/states/runbook/rethinkdb/config/rethink.tmpl: -------------------------------------------------------------------------------- 1 | directory=/data/rethinkdb/data/instances/{{ dbpath }} 2 | canonical-address=127.0.0.1:{{ cluster_exposed_port }} 3 | canonical-address=127.0.0.1:{{ cluster_local_port }} 4 | cache-size=768 5 | bind=all 6 | cluster-port={{ cluster_local_port }} 7 | driver-port=28115 8 | {% for host, port in rethink_cluster.iteritems() %} 9 | {% set myport = cluster_exposed_port %} 10 | {% if port != myport %} 11 | join=127.0.0.1:{{ port }} 12 | {% endif %} 13 | {% endfor %} 14 | server-name={{ server_name|replace("-", "_")|replace(".", "_") }} 15 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/general/init.sls: -------------------------------------------------------------------------------- 1 | {% if "dev" in grains['nodename'] %} 2 | git_branch: develop 3 | {% elif "staging" in grains['nodename'] %} 4 | git_branch: staging 5 | {% elif "prod" in grains['nodename'] %} 6 | git_branch: master 7 | {% endif %} 8 | {% if "dc01" in grains['nodename'] %} 9 | datacenter: dc01 10 | {% elif "dc02" in grains['nodename'] %} 11 | datacenter: dc02 12 | {% elif "dc03" in grains['nodename'] %} 13 | datacenter: dc03 14 | {% elif "dc04" in grains['nodename'] %} 15 | datacenter: dc04 16 | {% elif "dc05" in grains['nodename'] %} 17 | datacenter: dc05 18 | {% endif %} 19 | 20 | -------------------------------------------------------------------------------- /data/salt/states/base/sysstat/init.sls: -------------------------------------------------------------------------------- 1 | sysstat: 2 | pkg: 3 | - installed 4 | 5 | /etc/default/sysstat: 6 | file.managed: 7 | - source: salt://sysstat/config/etc/default/sysstat 8 | - user: root 9 | - group: root 10 | - mode: 644 11 | 12 | /etc/cron.d/sysstat: 13 | file.managed: 14 | - source: salt://sysstat/config/etc/cron.d/sysstat 15 | - user: root 16 | - group: root 17 | - mode: 644 18 | 19 | /etc/sysstat/sysstat: 20 | file.managed: 21 | - source: salt://sysstat/config/etc/sysstat/sysstat 22 | - user: root 23 | - group: root 24 | - mode: 644 25 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/control/config/stunnel-client.tmpl: -------------------------------------------------------------------------------- 1 | cert = /config/cert.pem 2 | key = /config/key.pem 3 | foreground = yes 4 | client = yes 5 | socket = l:TCP_NODELAY=1 6 | socket = r:TCP_NODELAY=1 7 | TIMEOUTclose = 0 8 | 9 | 10 | [redis-client] 11 | accept = 127.0.0.1:{{ redis['local_port'] }} 12 | connect = {{ hosts['redis'] }}:{{ redis['exposed_port'] }} 13 | 14 | [monitorbroker-client-{{ monitor_broker['local_control_port'] }}] 15 | accept = 127.0.0.1:{{ monitor_broker['local_control_port'] }} 16 | {% for host in hosts['monitor_broker'] %} 17 | connect = {{ host }}:{{ monitor_broker['exposed_control_port'] }} 18 | {% endfor %} 19 | -------------------------------------------------------------------------------- /data/salt/states/base/sysstat/config/etc/default/sysstat: -------------------------------------------------------------------------------- 1 | # 2 | # Default settings for /etc/init.d/sysstat, /etc/cron.d/sysstat 3 | # and /etc/cron.daily/sysstat files 4 | # 5 | 6 | # Should sadc collect system activity informations? Valid values 7 | # are "true" and "false". Please do not put other values, they 8 | # will be overwritten by debconf! 9 | ENABLED="true" 10 | 11 | # Additional options passed to sa1 by /etc/init.d/sysstat 12 | # and /etc/cron.d/sysstat 13 | # By default contains the `-S DISK' option responsible for 14 | # generating disk statisitcs. 15 | SA1_OPTIONS="-S DISK" 16 | 17 | # Additional options passed to sa2 by /etc/cron.daily/sysstat. 18 | SA2_OPTIONS="" 19 | 20 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/control/config/control.yml: -------------------------------------------------------------------------------- 1 | ## Control Configuration 2 | stathat_key: {{ stathat_ezkey }} 3 | envname: [{{ stathat_env }}] 4 | control_appname: {{ control['intervals'][interval]['appname'] }} 5 | sleep: {{ control['intervals'][interval]['sleep'] }} 6 | queue: {{ control['intervals'][interval]['queue'] }} 7 | zone: {{ control['zones'][general['datacenter']] }} 8 | ## zMQ 9 | broker_ip: 127.0.0.1 10 | broker_control_port: {{ monitor_broker['local_control_port'] }} 11 | ## Redis Config 12 | redis_host: 127.0.0.1 13 | redis_port: {{ redis['local_port'] }} 14 | redis_db: 0 15 | redis_password: {{ redis['pass'] }} 16 | ## Logging 17 | use_syslog: False 18 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/nginx/sites-enabled/httpsonlytemplate.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 8080; 3 | 4 | #Add a server_name entry for each mapped domain 5 | server_name {{ domain }} *.{{ domain }}; 6 | 7 | return 301 https://$host$request_uri; 8 | } 9 | 10 | server { 11 | listen 8443 ssl; 12 | 13 | #Add a server_name entry for each mapped domain 14 | server_name {{ domain }} *.{{ domain }}; 15 | 16 | ssl_certificate /config/cert.pem; 17 | ssl_certificate_key /config/key.pem; 18 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 19 | 20 | root /data/{{ webuser }}/public_html; 21 | 22 | ## Include extra configuration 23 | include globals/htmlglobal.conf; 24 | } 25 | -------------------------------------------------------------------------------- /data/salt/states/base/sysdig/init.sls: -------------------------------------------------------------------------------- 1 | /etc/apt/trusted.gpg.d/draios.gpg: 2 | file.managed: 3 | - source: salt://sysdig/config/etc/apt/trusted.gpg.d/draios.gpg 4 | - user: root 5 | - group: root 6 | - mode: 644 7 | 8 | /etc/apt/sources.list.d/draios.list: 9 | file.managed: 10 | - source: salt://sysdig/config/etc/apt/sources.list.d/draios.list 11 | - user: root 12 | - group: root 13 | - mode: 644 14 | 15 | linux-headers-{{ grains['kernelrelease'] }}: 16 | pkg: 17 | - installed 18 | 19 | sysdig: 20 | pkg: 21 | - installed 22 | - require: 23 | - file: /etc/apt/trusted.gpg.d/draios.gpg 24 | - file: /etc/apt/sources.list.d/draios.list 25 | - pkg: linux-headers-{{ grains['kernelrelease'] }} 26 | -------------------------------------------------------------------------------- /data/salt/states/runbook/redis/config/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon = true 3 | 4 | [program:stunnel-server] 5 | command = /usr/bin/stunnel4 /config/stunnel-server.conf 6 | priority = 1 7 | autostart = true 8 | autorestart = true 9 | user = root 10 | group = root 11 | umask = 022 12 | stdout_logfile = /dev/stdout 13 | stdout_logfile_maxbytes = 0 14 | stderr_logfile = /dev/stderr 15 | stderr_logfile_maxbytes = 0 16 | 17 | [program:redis] 18 | command = /usr/local/bin/redis-server /config/redis.conf 19 | priority = 2 20 | autostart = true 21 | autorestart = true 22 | user = root 23 | group = root 24 | umask = 022 25 | stdout_logfile = /dev/stdout 26 | stdout_logfile_maxbytes = 0 27 | stderr_logfile = /dev/stderr 28 | stderr_logfile_maxbytes = 0 29 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/nginx/sites-enabled/uwsgitemplate.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 8080; 3 | 4 | #Add a server_name entry for each mapped domain 5 | server_name {{ domain }} *.{{ domain }}; 6 | 7 | return 301 https://$host$request_uri; 8 | } 9 | 10 | server { 11 | listen 8443 ssl; 12 | 13 | #Add a server_name entry for each mapped domain 14 | server_name {{ domain }} *.{{ domain }}; 15 | 16 | ssl_certificate /config/cert.pem; 17 | ssl_certificate_key /config/key.pem; 18 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 19 | 20 | location /static { 21 | alias /data/{{ static_user }}/public_html/static; 22 | } 23 | 24 | ## Include extra security 25 | include globals/uwsgi.conf; 26 | 27 | } 28 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/worker/config/stunnel-client.tmpl: -------------------------------------------------------------------------------- 1 | cert = /config/cert.pem 2 | key = /config/key.pem 3 | foreground = yes 4 | client = yes 5 | socket = l:TCP_NODELAY=1 6 | socket = r:TCP_NODELAY=1 7 | TIMEOUTclose = 0 8 | 9 | 10 | [monitorbroker-client-{{ monitor_broker['local_worker_port'] }}] 11 | accept = 127.0.0.1:{{ monitor_broker['local_worker_port'] }} 12 | {% for host in hosts['monitor_broker'] %} 13 | connect = {{ host }}:{{ monitor_broker['exposed_worker_port'] }} 14 | {% endfor %} 15 | 16 | [actionbroker-client-{{ action_broker['local_sink_port'] }}] 17 | accept = 127.0.0.1:{{ action_broker['local_sink_port'] }} 18 | {% for host in hosts['actionbroker'] %} 19 | connect = {{ host }}:{{ action_broker['exposed_sink_port'] }} 20 | {% endfor %} 21 | -------------------------------------------------------------------------------- /data/salt/states/base/salt/config/etc/salt/master.d/reactor.conf: -------------------------------------------------------------------------------- 1 | reactor: 2 | ## Minions 3 | - 'salt/netapi/hook/minions/key/base': 4 | - /data/salt/reactor/minions/key/init.sls 5 | - 'salt/netapi/hook/minions/key/accept': 6 | - /data/salt/reactor/minions/key/accept.sls 7 | - 'salt/netapi/hook/minions/key/delete': 8 | - /data/salt/reactor/minions/key/delete.sls 9 | ## Services 10 | - 'salt/netapi/hook/services/reload': 11 | - /data/salt/reactor/services/reload.sls 12 | - 'salt/netapi/hook/services/restart': 13 | - /data/salt/reactor/services/restart.sls 14 | - 'salt/netapi/hook/services/start': 15 | - /data/salt/reactor/services/start.sls 16 | ## States 17 | - 'salt/netapi/hook/states/highstate': 18 | - /data/salt/reactor/states/highstate.sls 19 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/bridge/config/stunnel-client.tmpl: -------------------------------------------------------------------------------- 1 | cert = /config/cert.pem 2 | key = /config/key.pem 3 | foreground = yes 4 | client = yes 5 | socket = l:TCP_NODELAY=1 6 | socket = r:TCP_NODELAY=1 7 | TIMEOUTclose = 0 8 | 9 | 10 | [rethink-client] 11 | accept = 127.0.0.1:28015 12 | {% for host, port in rethink['cluster'].iteritems() %} 13 | connect = {{ host }}:28015 14 | {% endfor %} 15 | 16 | [redis-client] 17 | accept = 127.0.0.1:{{ redis['local_port'] }} 18 | connect = {{ hosts['redis'] }}:{{ redis['exposed_port'] }} 19 | 20 | [actionbroker-client-{{ action_broker['local_sink_port'] }}] 21 | accept = 127.0.0.1:{{ action_broker['local_sink_port'] }} 22 | {% for host in hosts['actionbroker'] %} 23 | connect = {{ host }}:{{ action_broker['exposed_sink_port'] }} 24 | {% endfor %} 25 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/actions/actioner/config/stunnel-client.tmpl: -------------------------------------------------------------------------------- 1 | cert = /config/cert.pem 2 | key = /config/key.pem 3 | foreground = yes 4 | client = yes 5 | socket = l:TCP_NODELAY=1 6 | socket = r:TCP_NODELAY=1 7 | TIMEOUTclose = 0 8 | 9 | [rethink-client] 10 | accept = 127.0.0.1:28015 11 | {% for host, port in rethink['cluster'].iteritems() %} 12 | connect = {{ host }}:28015 13 | {% endfor %} 14 | 15 | [redis-client] 16 | accept = 127.0.0.1:{{ redis['local_port'] }} 17 | connect = {{ hosts['redis'] }}:{{ redis['exposed_port'] }} 18 | 19 | [actionbroker-client-{{ action_broker['local_actioner_port'] }}] 20 | accept = 127.0.0.1:{{ action_broker['local_actioner_port'] }} 21 | {% for host in hosts['actionbroker'] %} 22 | connect = {{ host }}:{{ action_broker['exposed_actioner_port'] }} 23 | {% endfor %} 24 | -------------------------------------------------------------------------------- /data/salt/states/base/salt/init.sls: -------------------------------------------------------------------------------- 1 | salt-minion: 2 | pkgrepo: 3 | - managed 4 | - humanname: SaltStack Repo 5 | - name: deb http://ppa.launchpad.net/saltstack/salt/ubuntu {{ grains['lsb_distrib_codename'] }} main 6 | - dist: {{ grains['lsb_distrib_codename'] }} 7 | - key_url: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4759FA960E27C0A6 8 | pkg: 9 | - latest 10 | service: 11 | - running 12 | - enable: True 13 | - watch: 14 | - file: /etc/salt/minion.d/master.conf 15 | 16 | /etc/salt/minion.d/master.conf: 17 | file.managed: 18 | - source: salt://salt/config/etc/salt/minion.d/master.conf 19 | - user: root 20 | - group: root 21 | - mode: 640 22 | - template: jinja 23 | - context: 24 | saltmasters: {{ pillar['saltmasters'] }} 25 | 26 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/actions/broker/config/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon = true 3 | 4 | [program:stunnel-server] 5 | command = /usr/bin/stunnel4 /config/stunnel-server.conf 6 | priority = 1 7 | autostart = true 8 | autorestart = true 9 | startretries = 9999999 10 | user = root 11 | group = root 12 | umask = 022 13 | stdout_logfile = /dev/stdout 14 | stdout_logfile_maxbytes = 0 15 | stderr_logfile = /dev/stderr 16 | stderr_logfile_maxbytes = 0 17 | 18 | [program:broker] 19 | command = /src/actions/broker.py /config/broker.yml 20 | priority = 2 21 | autostart = true 22 | autorestart = true 23 | startretries = 9999999 24 | user = runapp 25 | group = users 26 | umask = 022 27 | stdout_logfile = /dev/stdout 28 | stdout_logfile_maxbytes = 0 29 | stderr_logfile = /dev/stderr 30 | stderr_logfile_maxbytes = 0 31 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/broker/config/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon = true 3 | 4 | [program:stunnel-server] 5 | command = /usr/bin/stunnel4 /config/stunnel-server.conf 6 | priority = 1 7 | autostart = true 8 | autorestart = true 9 | startretries = 9999999 10 | user = root 11 | group = root 12 | umask = 022 13 | stdout_logfile = /dev/stdout 14 | stdout_logfile_maxbytes = 0 15 | stderr_logfile = /dev/stderr 16 | stderr_logfile_maxbytes = 0 17 | 18 | [program:broker] 19 | command = /src/monitors/broker.py /config/broker.yml 20 | priority = 2 21 | autostart = true 22 | autorestart = true 23 | startretries = 9999999 24 | user = runapp 25 | group = users 26 | umask = 022 27 | stdout_logfile = /dev/stdout 28 | stdout_logfile_maxbytes = 0 29 | stderr_logfile = /dev/stderr 30 | stderr_logfile_maxbytes = 0 31 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/bridge/config/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon = true 3 | 4 | [program:stunnel-client] 5 | command = /usr/bin/stunnel4 /config/stunnel-client.conf 6 | priority = 1 7 | autostart = true 8 | autorestart = true 9 | startretries = 9999999 10 | user = root 11 | group = root 12 | umask = 022 13 | stdout_logfile = /dev/stdout 14 | stdout_logfile_maxbytes = 0 15 | stderr_logfile = /dev/stderr 16 | stderr_logfile_maxbytes = 0 17 | 18 | [program:bridge] 19 | command = /src/bridge/bridge.py /config/bridge.yml 20 | directory = /src/bridge/ 21 | priority = 2 22 | autostart = true 23 | autorestart = true 24 | startsecs = 60 25 | startretries = 9999999 26 | user = runapp 27 | group = users 28 | umask = 022 29 | stdout_logfile = /dev/stdout 30 | stdout_logfile_maxbytes = 0 31 | stderr_logfile = /dev/stderr 32 | stderr_logfile_maxbytes = 0 33 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/control/config/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon = true 3 | 4 | [program:stunnel-client] 5 | command = /usr/bin/stunnel4 /config/stunnel-client.conf 6 | priority = 1 7 | autostart = true 8 | autorestart = true 9 | startretries = 9999999 10 | user = root 11 | group = root 12 | umask = 022 13 | stdout_logfile = /dev/stdout 14 | stdout_logfile_maxbytes = 0 15 | stderr_logfile = /dev/stderr 16 | stderr_logfile_maxbytes = 0 17 | 18 | [program:{{ appdetails['appname'] }}] 19 | command = /src/monitors/control.py /config/{{ appdetails['appname'] }}.yml 20 | priority = 2 21 | autostart = true 22 | autorestart = true 23 | startretries = 9999999 24 | user = runapp 25 | group = users 26 | umask = 022 27 | stdout_logfile = /dev/stdout 28 | stdout_logfile_maxbytes = 0 29 | stderr_logfile = /dev/stderr 30 | stderr_logfile_maxbytes = 0 31 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/worker/config/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon = true 3 | 4 | [program:stunnel-client] 5 | command = /usr/bin/stunnel4 /config/stunnel-client.conf 6 | priority = 1 7 | autostart = true 8 | autorestart = true 9 | startretries = 9999999 10 | user = root 11 | group = root 12 | umask = 022 13 | stdout_logfile = /dev/stdout 14 | stdout_logfile_maxbytes = 0 15 | stderr_logfile = /dev/stderr 16 | stderr_logfile_maxbytes = 0 17 | 18 | [program:worker] 19 | process_name = %(program_name)s_%(process_num)02d 20 | command = /src/monitors/worker.py /config/worker.yml 21 | directory = /code/ 22 | numprocs = 20 23 | priority = 2 24 | autostart = true 25 | autorestart = true 26 | startretries = 9999999 27 | user = runapp 28 | group = users 29 | umask = 022 30 | stdout_logfile = /dev/stdout 31 | stdout_logfile_maxbytes = 0 32 | stderr_logfile = /dev/stderr 33 | stderr_logfile_maxbytes = 0 34 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/actions/actioner/config/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon = true 3 | 4 | [program:stunnel-client] 5 | command = /usr/bin/stunnel4 /config/stunnel-client.conf 6 | priority = 1 7 | autostart = true 8 | autorestart = true 9 | startretries = 9999999 10 | user = root 11 | group = root 12 | umask = 022 13 | stdout_logfile = /dev/stdout 14 | stdout_logfile_maxbytes = 0 15 | stderr_logfile = /dev/stderr 16 | stderr_logfile_maxbytes = 0 17 | 18 | [program:crbridge-actioner] 19 | process_name = %(program_name)s_%(process_num)02d 20 | command = /src/actions/actioner.py /config/actioner.yml 21 | directory = /src/actions 22 | numprocs = 20 23 | priority = 2 24 | autostart = true 25 | autorestart = true 26 | startretries = 9999999 27 | user = runapp 28 | group = users 29 | umask = 022 30 | stdout_logfile = /dev/stdout 31 | stdout_logfile_maxbytes = 0 32 | stderr_logfile = /dev/stderr 33 | stderr_logfile_maxbytes = 0 34 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/bridge/config/Dockerfile: -------------------------------------------------------------------------------- 1 | ## Pull base image 2 | FROM runbook/runbook:{{ git_branch }} 3 | 4 | MAINTAINER Benjamin Cane 5 | 6 | # Install required packages 7 | RUN \ 8 | sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && \ 9 | apt-get update && \ 10 | apt-get -y upgrade && \ 11 | apt-get install -y stunnel supervisor git 12 | RUN rm -rf /var/lib/apt/lists/* 13 | 14 | RUN useradd -g users runapp 15 | 16 | # Create working directories 17 | RUN mkdir -p /code /config /data 18 | 19 | # Copy Configurations 20 | ADD config/bridge.yml /config/bridge.yml 21 | ADD config/stunnel-client.conf /config/stunnel-client.conf 22 | ADD config/supervisord.conf /config/supervisord.conf 23 | ADD config/ssl/key.pem /config/key.pem 24 | ADD config/ssl/cert.pem /config/cert.pem 25 | ADD config/mgmtrun.sh /code/mgmtrun.sh 26 | 27 | # Reset Perms 28 | RUN chown -R runapp:users /config /code /src 29 | 30 | # Command to run 31 | CMD /usr/bin/supervisord -c /config/supervisord.conf 32 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/runbook/monitors/control/init.sls: -------------------------------------------------------------------------------- 1 | control: 2 | intervals: 3 | 5seccheck: 4 | appname: 5second-control 5 | queue: 5seccheck 6 | sleep: 5 7 | 30seccheck: 8 | appname: 30second-control 9 | queue: 30seccheck 10 | sleep: 30 11 | 2mincheck: 12 | appname: 2minute-control 13 | queue: 2mincheck 14 | sleep: 120 15 | 5mincheck: 16 | appname: 5minute-control 17 | queue: 5mincheck 18 | sleep: 300 19 | 30mincheck: 20 | appname: 30minute-control 21 | queue: 30mincheck 22 | sleep: 1800 23 | zones: 24 | {% if "dev" in grains['nodename'] %} 25 | dc01: Development Zone 1 26 | dc02: Development Zone 2 27 | {% elif "staging" in grains['nodename'] %} 28 | dc01: Staging Zone 1 29 | dc02: Staging Zone 2 30 | {% elif "prod" in grains['nodename'] %} 31 | dc01: DigitalOcean - NYC 32 | dc02: DigitalOcean - SFO 33 | {% else %} 34 | dc01: Development Zone 1 35 | {% endif %} 36 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/worker/config/Dockerfile: -------------------------------------------------------------------------------- 1 | ## Pull base image 2 | FROM runbook/runbook:{{ git_branch }} 3 | 4 | MAINTAINER Benjamin Cane 5 | 6 | # Install required packages 7 | RUN \ 8 | sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && \ 9 | apt-get update && \ 10 | apt-get -y upgrade && \ 11 | apt-get install -y stunnel supervisor git 12 | RUN rm -rf /var/lib/apt/lists/* 13 | 14 | RUN useradd -g users runapp 15 | 16 | # Create working directories 17 | RUN mkdir -p /code /config 18 | 19 | # Copy Configurations 20 | ADD config/worker.yml /config/worker.yml 21 | ADD config/stunnel-client.conf /config/stunnel-client.conf 22 | ADD config/supervisord.conf /config/supervisord.conf 23 | ADD config/ssl/key.pem /config/key.pem 24 | ADD config/ssl/cert.pem /config/cert.pem 25 | 26 | RUN git clone https://github.com/Runbook/runbook.io.git --branch {{ git_branch }} 27 | RUN cp -R runbook.io/* / 28 | 29 | RUN chown -R runapp:users /config /code /src 30 | 31 | # Command to run 32 | CMD /usr/bin/supervisord -c /config/supervisord.conf 33 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/runbook/bridge/mgmt.sls: -------------------------------------------------------------------------------- 1 | schedule: 2 | purge-history: 3 | function: cmd.run 4 | minutes: 30 5 | args: 6 | - /usr/bin/docker run --rm=True bridge /code/mgmtrun.sh /src/bridge/mgmtscripts/purge_history.py /config/bridge.yml 7 | purge-events: 8 | function: cmd.run 9 | minutes: 30 10 | args: 11 | - /usr/bin/docker run --rm=True bridge /code/mgmtrun.sh /src/bridge/mgmtscripts/purge_events.py /config/bridge.yml 12 | mailchimp_subscribe: 13 | function: cmd.run 14 | minutes: 15 15 | args: 16 | - /usr/bin/docker run --rm=True bridge /code/mgmtrun.sh /src/bridge/mgmtscripts/mailchimp_subscribe.py /config/bridge.yml 17 | get_stats: 18 | function: cmd.run 19 | minutes: 60 20 | args: 21 | - /usr/bin/docker run --rm=True bridge /code/mgmtrun.sh /src/bridge/mgmtscripts/get_stats.py /config/bridge.yml 22 | create_db: 23 | function: cmd.run 24 | minutes: 60 25 | args: 26 | - /usr/bin/docker run --rm=True bridge /code/mgmtrun.sh /src/bridge/mgmtscripts/create_db.py --travis /config/bridge.yml 27 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/actions/actioner/config/Dockerfile: -------------------------------------------------------------------------------- 1 | ## Pull base image 2 | FROM runbook/runbook:{{ git_branch }} 3 | 4 | MAINTAINER Benjamin Cane 5 | 6 | # Install required packages 7 | RUN \ 8 | sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && \ 9 | apt-get update && \ 10 | apt-get -y upgrade && \ 11 | apt-get install -y stunnel supervisor git 12 | RUN rm -rf /var/lib/apt/lists/* 13 | 14 | RUN useradd -g users runapp 15 | 16 | # Create working directories 17 | RUN mkdir -p /code /config 18 | 19 | # Copy Configurations 20 | ADD config/actioner.yml /config/actioner.yml 21 | ADD config/stunnel-client.conf /config/stunnel-client.conf 22 | ADD config/supervisord.conf /config/supervisord.conf 23 | ADD config/ssl/key.pem /config/key.pem 24 | ADD config/ssl/cert.pem /config/cert.pem 25 | 26 | 27 | RUN git clone https://github.com/Runbook/runbook.io.git --branch {{ git_branch }} 28 | RUN cp -R runbook.io/* / 29 | 30 | RUN chown -R runapp:users /config /code /src 31 | 32 | # Command to run 33 | CMD /usr/bin/supervisord -c /config/supervisord.conf 34 | -------------------------------------------------------------------------------- /servers.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: web-dev-dc02-001 3 | box: ubuntu/trusty64 4 | ram: 512 5 | ip: 192.168.36.10 6 | - name: web-dev-dc01-001 7 | box: ubuntu/trusty64 8 | ram: 512 9 | ip: 192.168.36.11 10 | - name: rethinkdb-redis-dev-dc01-001 11 | box: ubuntu/trusty64 12 | ram: 512 13 | ip: 192.168.36.12 14 | - name: rethinkdb-redis-dev-dc02-001 15 | box: ubuntu/trusty64 16 | ram: 512 17 | ip: 192.168.36.13 18 | - name: salt 19 | box: ubuntu/trusty64 20 | ram: 1024 21 | ip: 192.168.36.14 22 | - name: control-bridge-monitorbroker-actionbroker-dev-dc01-001 23 | box: ubuntu/trusty64 24 | ram: 512 25 | ip: 192.168.36.15 26 | - name: control-bridge-monitorbroker-actionbroker-dev-dc02-001 27 | box: ubuntu/trusty64 28 | ram: 512 29 | ip: 192.168.36.16 30 | - name: worker-actioner-dev-dc01-001 31 | box: ubuntu/trusty64 32 | ram: 512 33 | ip: 192.168.36.17 34 | - name: worker-actioner-dev-dc02-001 35 | box: ubuntu/trusty64 36 | ram: 512 37 | ip: 192.168.36.18 38 | - name: rethinkdb-dev-dc01-002 39 | box: ubuntu/trusty64 40 | ram: 512 41 | ip: 192.168.36.19 42 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/bridge/config/bridge.yml: -------------------------------------------------------------------------------- 1 | ## Bridge Configuration 2 | stathat_key: {{ stathat_ezkey }} 3 | envname: {{ stathat_env }} 4 | dbqueue: {{ bridge['queues'][general['datacenter']] }} 5 | sleep: 30 6 | ## Redis Config 7 | redis_host: 127.0.0.1 8 | redis_port: {{ redis['local_port'] }} 9 | redis_db: 0 10 | redis_password: {{ redis['pass'] }} 11 | ## Rethink Config 12 | rethink_host: 127.0.0.1 13 | rethink_port: 28015 14 | rethink_authkey: {{ rethink['authkey'] }} 15 | rethink_db: "crdb" 16 | ## Sink Config 17 | sink_ip: 127.0.0.1 18 | sink_port: {{ action_broker['local_sink_port'] }} 19 | ## Events Retention 20 | events_retention: 3888000 21 | ## History Retention 22 | history_retention: 18000 23 | ## MailChimp 24 | mailchimp_api_key: {{ mailchimp['api_key'] }} 25 | mailchimp_list_id: {{ mailchimp['list_id'] }} 26 | mailchimp_api_url: {{ mailchimp['api_url'] }} 27 | ## Mandrill 28 | mandrill_api_url: "https://mandrillapp.com/api/1.0/" 29 | mandrill_api_key: {{ mandrill['api_key'] }} 30 | ## Logging 31 | use_syslog: False 32 | ## Crypto 33 | crypto_key: "{{ runbook['crypto_key'] }}" 34 | -------------------------------------------------------------------------------- /data/salt/states/runbook/rethinkdb/config/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon = true 3 | 4 | [program:stunnel-server] 5 | command = /usr/bin/stunnel4 /config/stunnel-server.conf 6 | priority = 1 7 | autostart = true 8 | autorestart = true 9 | user = root 10 | group = root 11 | umask = 022 12 | stdout_logfile = /dev/stdout 13 | stdout_logfile_maxbytes = 0 14 | stderr_logfile = /dev/stderr 15 | stderr_logfile_maxbytes = 0 16 | 17 | [program:stunnel-client] 18 | command = /usr/bin/stunnel4 /config/stunnel-client.conf 19 | priority = 2 20 | autostart = true 21 | autorestart = true 22 | user = root 23 | group = root 24 | umask = 022 25 | stdout_logfile = /dev/stdout 26 | stdout_logfile_maxbytes = 0 27 | stderr_logfile = /dev/stderr 28 | stderr_logfile_maxbytes = 0 29 | 30 | [program:rethink] 31 | command = /usr/bin/rethinkdb --config-file /config/rethink.conf 32 | priority = 3 33 | autostart = true 34 | autorestart = true 35 | user = root 36 | group = root 37 | umask = 022 38 | stdout_logfile = /dev/stdout 39 | stdout_logfile_maxbytes = 0 40 | stderr_logfile = /dev/stderr 41 | stderr_logfile_maxbytes = 0 42 | -------------------------------------------------------------------------------- /data/salt/states/base/salt/master.sls: -------------------------------------------------------------------------------- 1 | salt-master: 2 | pkg: 3 | - latest 4 | service: 5 | - running 6 | - enable: True 7 | 8 | salt-api: 9 | pkg: 10 | - latest 11 | service: 12 | - running 13 | - enable: True 14 | 15 | {% set configs = ['logging.conf', 'file_ignore_regex.conf', 'file_roots.conf', 'pillar_roots.conf', 'salt-api.conf', 'reactor.conf'] %} 16 | {% for file in configs %} 17 | /etc/salt/master.d/{{ file }}: 18 | file.managed: 19 | - source: salt://salt/config/etc/salt/master.d/{{ file }} 20 | - user: root 21 | - group: root 22 | - mode: 644 23 | - template: jinja 24 | - context: 25 | saltapi: {{ pillar['saltapi'] }} 26 | {% endfor %} 27 | 28 | 29 | /etc/cron.d/salt-batchstate: 30 | file: 31 | - managed 32 | - source: salt://salt/config/etc/cron.d/salt-batchstate 33 | - user: root 34 | - group: root 35 | - mode: 644 36 | 37 | /etc/cron.d/salt-provisionnew: 38 | file: 39 | - managed 40 | - source: salt://salt/config/etc/cron.d/salt-provisionnew 41 | - user: root 42 | - group: root 43 | - mode: 644 44 | -------------------------------------------------------------------------------- /copyit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z $1 ] 4 | then 5 | echo "`basename $0` environment" 6 | exit 1 7 | else 8 | ENVIRONMENT=$1 9 | SKIPPULL=0 10 | if [ $2 == "--skippull" ] 11 | then 12 | SKIPPULL=1 13 | fi 14 | fi 15 | 16 | cd /root/runbook-ops 17 | if [ $? -ne 0 ] 18 | then 19 | echo "Error: Changing directory to runbook-ops" 20 | exit 1 21 | fi 22 | 23 | if [ $SKIPPULL -eq 0 ] 24 | then 25 | git checkout $ENVIRONMENT && git pull && cp -vR /root/runbook-ops/* / 26 | else 27 | git checkout $ENVIRONMENT && cp -vR /root/runbook-ops/* / 28 | fi 29 | if [ $? -ne 0 ] 30 | then 31 | echo "Error: Pulling latest data" 32 | exit 1 33 | fi 34 | 35 | cd /root/runbook-secretops 36 | if [ $? -ne 0 ] 37 | then 38 | echo "Error: Changing directory to runbook-ops" 39 | exit 1 40 | fi 41 | 42 | if [ $SKIPPULL -eq 0 ] 43 | then 44 | git checkout $ENVIRONMENT && git pull && cp -vR /root/runbook-secretops/* / 45 | else 46 | git checkout $ENVIRONMENT && cp -vR /root/runbook-secretops/* / 47 | fi 48 | if [ $? -ne 0 ] 49 | then 50 | echo "Error: Pulling latest data" 51 | exit 1 52 | fi 53 | 54 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/actions/broker/config/Dockerfile: -------------------------------------------------------------------------------- 1 | ## Pull base image 2 | FROM runbook/runbook:{{ git_branch }} 3 | 4 | MAINTAINER Benjamin Cane 5 | 6 | # Install required packages 7 | RUN \ 8 | sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && \ 9 | apt-get update && \ 10 | apt-get -y upgrade && \ 11 | apt-get install -y stunnel supervisor git 12 | RUN rm -rf /var/lib/apt/lists/* 13 | 14 | RUN useradd -g users runapp 15 | 16 | # Create working directories 17 | RUN mkdir -p /code /config 18 | 19 | # Copy Configurations 20 | ADD config/broker.yml /config/broker.yml 21 | ADD config/stunnel-server.conf /config/stunnel-server.conf 22 | ADD config/supervisord.conf /config/supervisord.conf 23 | ADD config/ssl/key.pem /config/key.pem 24 | ADD config/ssl/cert.pem /config/cert.pem 25 | 26 | RUN git clone https://github.com/Runbook/runbook.io.git --branch {{ git_branch }} 27 | RUN cp -R runbook.io/* / 28 | RUN chown -R runapp:users /config /code 29 | 30 | EXPOSE {{ exposed_sink_port }} 31 | EXPOSE {{ exposed_actioner_port }} 32 | 33 | # Command to run 34 | CMD /usr/bin/supervisord -c /config/supervisord.conf 35 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/broker/config/Dockerfile: -------------------------------------------------------------------------------- 1 | ## Pull base image 2 | FROM runbook/runbook:{{ git_branch }} 3 | 4 | MAINTAINER Benjamin Cane 5 | 6 | # Install required packages 7 | RUN \ 8 | sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && \ 9 | apt-get update && \ 10 | apt-get -y upgrade && \ 11 | apt-get install -y stunnel supervisor git 12 | RUN rm -rf /var/lib/apt/lists/* 13 | 14 | RUN useradd -g users runapp 15 | 16 | # Create working directories 17 | RUN mkdir -p /code /config 18 | 19 | # Copy Configurations 20 | ADD config/broker.yml /config/broker.yml 21 | ADD config/stunnel-server.conf /config/stunnel-server.conf 22 | ADD config/supervisord.conf /config/supervisord.conf 23 | ADD config/ssl/key.pem /config/key.pem 24 | ADD config/ssl/cert.pem /config/cert.pem 25 | 26 | RUN chown -R runapp:users /config /code /src 27 | 28 | RUN git clone https://github.com/Runbook/runbook.io.git --branch {{ git_branch }} 29 | RUN cp -R runbook.io/* / 30 | 31 | EXPOSE {{ exposed_control_port }} 32 | EXPOSE {{ exposed_worker_port }} 33 | 34 | # Command to run 35 | CMD /usr/bin/supervisord -c /config/supervisord.conf 36 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/control/config/Dockerfile: -------------------------------------------------------------------------------- 1 | ## Pull base image 2 | FROM runbook/runbook:{{ git_branch }} 3 | 4 | MAINTAINER Benjamin Cane 5 | 6 | # Install required packages 7 | RUN \ 8 | sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && \ 9 | apt-get update && \ 10 | apt-get -y upgrade && \ 11 | apt-get install -y stunnel supervisor git 12 | RUN rm -rf /var/lib/apt/lists/* 13 | 14 | RUN useradd -g users runapp 15 | 16 | # Create working directories 17 | RUN mkdir -p /code /config 18 | 19 | # Copy Configurations 20 | ADD config/stunnel-client.conf /config/stunnel-client.conf 21 | {% for queue,appdetails in control['intervals'].iteritems() %} 22 | ADD config/supervisord-{{ appdetails['appname'] }}.conf /config/supervisord-{{ appdetails['appname'] }}.conf 23 | ADD config/{{ appdetails['appname'] }}.yml /config/{{ appdetails['appname'] }}.yml 24 | {% endfor %} 25 | ADD config/ssl/key.pem /config/key.pem 26 | ADD config/ssl/cert.pem /config/cert.pem 27 | 28 | RUN git clone https://github.com/Runbook/runbook.io.git --branch {{ git_branch }} 29 | RUN cp -R runbook.io/* / 30 | 31 | RUN chown -R runapp:users /config /code /src 32 | 33 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/actioner.yml: -------------------------------------------------------------------------------- 1 | stathat_key: {{ stathat_ezkey }} 2 | envname: {{ stathat_env }} 3 | ## Redis Config 4 | redis_host: 127.0.0.1 5 | redis_port: {{ redis['local_port'] }} 6 | redis_db: 0 7 | redis_password: {{ redis['pass'] }} 8 | ## Rethink Config 9 | rethink_host: 127.0.0.1 10 | rethink_port: 28015 11 | rethink_authkey: {{ rethink['authkey'] }} 12 | rethink_db: "crdb" 13 | ## Sink Config 14 | sink_ip: 127.0.0.1 15 | sink_port: {{ action_broker['local_sink_port'] }} 16 | sink_worker_port: {{ action_broker['local_actioner_port'] }} 17 | ## Maximum time for monitor execution 18 | max_monitor_time: 600 19 | default_actions: 20 | - logit-monitor 21 | - logit-events 22 | - chstatus 23 | - timetracking 24 | reaction_meta: 25 | - logit-reaction 26 | - update-lastrun 27 | ## History Retention 28 | history_retention: 18000 29 | ## MailChimp 30 | mailchimp_api_key: {{ mailchimp['api_key'] }} 31 | mailchimp_list_id: {{ mailchimp['list_id'] }} 32 | mailchimp_api_url: {{ mailchimp['api_url'] }} 33 | ## Mandrill 34 | mandrill_api_url: "https://mandrillapp.com/api/1.0/" 35 | mandrill_api_key: {{ mandrill['api_key'] }} 36 | ## Logging 37 | use_syslog: False 38 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Runbook 2 | 3 | ## What is Runbook 4 | 5 | [Runbook](https://runbook.io) is an open source monitoring service that allows you to perform automated "reactions" when issues are detected. Giving you the ability to automatically resolve DevOps alerts with zero human interaction. 6 | 7 | Simply put, Runbook is what you would get if Nagios and IFTTT had a baby. 8 | 9 | ## Documentation 10 | 11 | Developer and User docs can be found in the [docs](docs/) directory and on [ReadTheDocs](https://runbook.readthedocs.org). 12 | 13 | ## This Repo 14 | 15 | This repository contains configurations and scripts necessary for running Runbooks production environment. If you are looking for the code that runs Runbook check out our main [repository](https://github.com/asm-products/cloudroutes-service). 16 | 17 | This repo is designed to be self sufficent development environment, all sensitive information has been scrubbed and is kept in a secret repository. 18 | 19 | **Important Files:** 20 | * `data/salt` - Saltstack states/pillars/reactor configurations 21 | * `Vagrantfile` - Vagrant file for launching a development environment 22 | * `server.yml` - YAML configuration file containing development vagrant servers 23 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/nginx/globals/htmlglobal.conf: -------------------------------------------------------------------------------- 1 | port_in_redirect off; 2 | server_name_in_redirect off; 3 | index index.html index.xml index.htm; 4 | 5 | location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { 6 | expires max; 7 | log_not_found off; 8 | } 9 | 10 | location = /favicon.ico { 11 | log_not_found off; 12 | access_log off; 13 | } 14 | 15 | location = /robots.txt { 16 | allow all; 17 | log_not_found off; 18 | access_log off; 19 | } 20 | 21 | # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). 22 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 23 | location ~ /\. { 24 | deny all; 25 | } 26 | 27 | # Don't cache uris containing the following segments 28 | if ($request_uri ~* "(/feed/|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { 29 | set $cache_uri 'NULL'; 30 | } 31 | 32 | location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { 33 | access_log off; log_not_found off; expires max; 34 | } 35 | 36 | location ~ /\. { 37 | deny all; 38 | access_log off; 39 | log_not_found off; 40 | } 41 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/actions/actioner/config/actioner.yml: -------------------------------------------------------------------------------- 1 | stathat_key: {{ stathat_ezkey }} 2 | envname: {{ stathat_env }} 3 | ## Redis Config 4 | redis_host: 127.0.0.1 5 | redis_port: {{ redis['local_port'] }} 6 | redis_db: 0 7 | redis_password: {{ redis['pass'] }} 8 | ## Rethink Config 9 | rethink_host: 127.0.0.1 10 | rethink_port: 28015 11 | rethink_authkey: {{ rethink['authkey'] }} 12 | rethink_db: "crdb" 13 | ## Sink Config 14 | sink_ip: 127.0.0.1 15 | sink_port: {{ action_broker['local_sink_port'] }} 16 | sink_worker_port: {{ action_broker['local_actioner_port'] }} 17 | ## Maximum time for monitor execution 18 | max_monitor_time: 600 19 | default_actions: 20 | - logit-monitor 21 | - logit-events 22 | - chstatus 23 | - timetracking 24 | reaction_meta: 25 | - logit-reaction 26 | - update-lastrun 27 | ## History Retention 28 | history_retention: 18000 29 | ## MailChimp 30 | mailchimp_api_key: {{ mailchimp['api_key'] }} 31 | mailchimp_list_id: {{ mailchimp['list_id'] }} 32 | mailchimp_api_url: {{ mailchimp['api_url'] }} 33 | ## Mandrill 34 | mandrill_api_url: "https://mandrillapp.com/api/1.0/" 35 | mandrill_api_key: {{ mandrill['api_key'] }} 36 | ## Logging 37 | use_syslog: False 38 | ## Crypto 39 | crypto_key: "{{ runbook['crypto_key'] }}" 40 | -------------------------------------------------------------------------------- /data/salt/pillars/runbook/top.sls: -------------------------------------------------------------------------------- 1 | runbook: 2 | '*': 3 | - general 4 | - general.hosts 5 | - stathat 6 | '*rethinkdb*': 7 | - rethinkdb 8 | '*redis*': 9 | - redis 10 | '*control*': 11 | - runbook.monitors.broker 12 | - runbook.monitors.control 13 | - redis 14 | '*monitorbroker*': 15 | - runbook.monitors.broker 16 | '*worker*': 17 | - runbook.runbook 18 | - runbook.monitors.broker 19 | '*actionbroker*': 20 | - runbook.actions.broker 21 | '*actioner*': 22 | - runbook.actions.broker 23 | - runbook.runbook 24 | - rethinkdb 25 | - redis 26 | - mailchimp 27 | - mandrill 28 | '*bridge*': 29 | - runbook.actions.broker 30 | - runbook.bridge 31 | - runbook.bridge.mgmt 32 | - runbook.runbook 33 | - rethinkdb 34 | - redis 35 | - mailchimp 36 | - mandrill 37 | '*web*': 38 | - redis 39 | - rethinkdb 40 | - mailchimp 41 | - mandrill 42 | - runbook.web 43 | - runbook.runbook 44 | '*all*': 45 | - rethinkdb 46 | - redis 47 | - runbook.runbook 48 | - runbook.monitors.broker 49 | - runbook.monitors.control 50 | - runbook.actions.broker 51 | - mailchimp 52 | - mandrill 53 | - runbook.bridge 54 | - runbook.bridge.mgmt 55 | - runbook.web 56 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/genstatic.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # Generate static html files from uwsgi service 3 | # Benjamin Cane - 2014/11/02 4 | 5 | import requests as r 6 | import os 7 | import sys 8 | 9 | 10 | headers = { 'host' : 'dash.runbook.io' } 11 | url = 'https://localhost:8443' 12 | endpoints = [ 13 | '/', 14 | '/pages/tos', 15 | '/pages/monitors', 16 | '/pages/pricing', 17 | '/pages/reactions', 18 | '/pages/faq' 19 | ] 20 | output = "/data/runstatic/public_html" 21 | replacements = { 22 | 'href="/login"' : 'href="https://dash.runbook.io/login"', 23 | 'href="/signup"' : 'href="https://dash.runbook.io/signup"', 24 | } 25 | 26 | for uri in endpoints: 27 | req = r.get(url = url + uri, headers=headers, verify=False) 28 | print("Got status code %d while fetching %s") % (req.status_code, uri) 29 | if req.status_code == 200: 30 | path = output + uri 31 | if not os.path.isdir(path): 32 | os.makedirs(path) 33 | print("Writing to %s") % path + "/index.html" 34 | fh = open(path + "/index.html", "w") 35 | text = req.text 36 | for replace in replacements.keys(): 37 | text = text.replace(replace, replacements[replace]) 38 | fh.write(text) 39 | fh.close() 40 | else: 41 | print("Skipping %s") % uri 42 | sys.exit(1) 43 | -------------------------------------------------------------------------------- /data/salt/states/base/scripts/config/root/scripts/solo.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -s 2 | # 3 | # solo v1.6 4 | # Prevents multiple cron instances from running simultaneously. 5 | # 6 | # Copyright 2007-2013 Timothy Kay 7 | # http://timkay.com/solo/ 8 | # 9 | # It is free software; you can redistribute it and/or modify it under the terms of either: 10 | # 11 | # a) the GNU General Public License as published by the Free Software Foundation; 12 | # either version 1 (http://dev.perl.org/licenses/gpl1.html), or (at your option) 13 | # any later version (http://www.fsf.org/licenses/licenses.html#GNUGPL), or 14 | # 15 | # b) the "Artistic License" (http://dev.perl.org/licenses/artistic.html), or 16 | # 17 | # c) the MIT License (http://opensource.org/licenses/MIT) 18 | # 19 | 20 | use Socket; 21 | 22 | alarm $timeout if $timeout; 23 | 24 | $port =~ /^\d+$/ or $noport or die "Usage: $0 -port=PORT COMMAND\n"; 25 | 26 | if ($port) 27 | { 28 | $addr = pack(CnC, 127, $<, 1); 29 | print "solo: bind ", join(".", unpack(C4, $addr)), ":$port\n" if $verbose; 30 | 31 | $^F = 10; # unset close-on-exec 32 | 33 | socket(SOLO, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die "socket: $!"; 34 | bind(SOLO, sockaddr_in($port, $addr)) or $silent? exit: die "solo($port): $!\n"; 35 | } 36 | 37 | sleep $sleep if $sleep; 38 | 39 | exec @ARGV; 40 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes 4; 3 | pid /var/run/nginx.pid; 4 | daemon off; 5 | 6 | events { 7 | worker_connections 1024; 8 | multi_accept on; 9 | } 10 | 11 | http { 12 | sendfile on; 13 | tcp_nopush on; 14 | tcp_nodelay on; 15 | server_tokens off; 16 | include mime.types; 17 | default_type application/octet-stream; 18 | index index.php index.htm index.xml index.html redirect.php; 19 | client_max_body_size 10m; 20 | types_hash_max_size 2048; 21 | server_names_hash_bucket_size 64; 22 | 23 | #Tuning for Varnish 24 | keepalive_timeout 30; 25 | keepalive_requests 1000; 26 | 27 | open_file_cache max=1000 inactive=20s; 28 | open_file_cache_valid 30s; 29 | open_file_cache_min_uses 2; 30 | open_file_cache_errors on; 31 | 32 | #Gzip 33 | gzip on; 34 | gzip_vary on; 35 | gzip_proxied any; 36 | gzip_comp_level 6; 37 | gzip_buffers 16 8k; 38 | gzip_http_version 1.1; 39 | gzip_disable "MSIE [1-6].(?!.*SV1)"; 40 | gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext 41 | image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon; 42 | 43 | ## 44 | # Core Configs 45 | ## 46 | include /etc/nginx/conf.d/*; 47 | 48 | ## 49 | # Virtual Host Configs 50 | ## 51 | include /etc/nginx/sites-enabled/*; 52 | 53 | } 54 | 55 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon = true 3 | 4 | [program:stunnel-client] 5 | command = /usr/bin/stunnel4 /config/stunnel-client.conf 6 | priority = 1 7 | autostart = true 8 | autorestart = true 9 | startretries = 9999999 10 | user = root 11 | group = root 12 | umask = 022 13 | stdout_logfile = /dev/stdout 14 | stdout_logfile_maxbytes = 0 15 | stderr_logfile = /dev/stderr 16 | stderr_logfile_maxbytes = 0 17 | 18 | [program:nginx] 19 | command = /usr/sbin/nginx 20 | priority = 2 21 | autostart = true 22 | autorestart = true 23 | startretries = 9999999 24 | user = root 25 | group = root 26 | directory = /code 27 | umask = 022 28 | stdout_logfile = /dev/stdout 29 | stdout_logfile_maxbytes = 0 30 | stderr_logfile = /dev/stderr 31 | stderr_logfile_maxbytes = 0 32 | 33 | [program:uwsgi] 34 | command = /usr/bin/uwsgi --ini /config/uwsgi.cfg 35 | autostart = true 36 | autorestart = true 37 | startretries = 9999999 38 | user = runapp 39 | group = users 40 | directory = /code 41 | umask = 022 42 | stdout_logfile = /dev/stdout 43 | stdout_logfile_maxbytes = 0 44 | stderr_logfile = /dev/stderr 45 | stderr_logfile_maxbytes = 0 46 | stopsignal=QUIT 47 | 48 | [program:genstatic] 49 | command = /usr/bin/python /code/genstatic.py 50 | autostart = true 51 | autorestart = unexpected 52 | startretries = 999999 53 | user = runapp 54 | group = users 55 | directory = /data/runstatic/public_html 56 | umask = 022 57 | stdout_logfile = /dev/stdout 58 | stdout_logfile_maxbytes = 0 59 | stderr_logfile = /dev/stderr 60 | stderr_logfile_maxbytes = 0 61 | -------------------------------------------------------------------------------- /data/salt/states/runbook/top.sls: -------------------------------------------------------------------------------- 1 | runbook: 2 | '*': 3 | - certs 4 | - supervisor 5 | '*rethinkdb*': 6 | - appusers.rethinkdb 7 | - appgroups.rethinkdb 8 | - certs.rethink 9 | - rethinkdb 10 | '*redis*': 11 | - certs.redis 12 | - redis 13 | '*web*': 14 | - runbook 15 | - runbook.web 16 | - certs.web 17 | '*bridge*': 18 | - runbook 19 | - runbook.bridge 20 | - certs.bridge 21 | '*control*': 22 | - runbook 23 | - runbook.monitors.control 24 | - certs.monitors.control 25 | '*monitorbroker*': 26 | - runbook 27 | - runbook.monitors.broker 28 | - certs.monitors.broker 29 | '*worker*': 30 | - runbook 31 | - runbook.monitors.worker 32 | - certs.monitors.worker 33 | '*actioner*': 34 | - runbook 35 | - runbook.actions.actioner 36 | - certs.actions.actioner 37 | '*actionbroker*': 38 | - runbook 39 | - runbook.actions.broker 40 | - certs.actions.broker 41 | '*all*': 42 | - runbook 43 | - appusers.rethinkdb 44 | - appgroups.rethinkdb 45 | - certs.rethink 46 | - rethinkdb 47 | - certs.redis 48 | - redis 49 | - runbook.web 50 | - certs.web 51 | - runbook.bridge 52 | - certs.bridge 53 | - runbook.monitors.control 54 | - certs.monitors.control 55 | - runbook.monitors.broker 56 | - certs.monitors.broker 57 | - certs.monitors.worker 58 | - runbook.actions.actioner 59 | - certs.actions.actioner 60 | - runbook.actions.broker 61 | - certs.actions.broker 62 | - runbook.monitors.worker 63 | -------------------------------------------------------------------------------- /data/salt/states/runbook/redis/config/Dockerfile: -------------------------------------------------------------------------------- 1 | ## Redis Dockerfile for use with Runbook.io 2 | # This docker container implements redis with stunnel 3 | # stunnel is used to create encrypted communication between docker instances 4 | 5 | FROM ubuntu:latest 6 | 7 | MAINTAINER Benjamin Cane 8 | 9 | RUN \ 10 | sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && \ 11 | apt-get update && \ 12 | apt-get -y upgrade && \ 13 | apt-get install -y build-essential && \ 14 | apt-get install -y software-properties-common && \ 15 | apt-get install -y byobu curl git htop man unzip vim wget 16 | RUN apt-get install -y python-dev python-pip 17 | 18 | # Install Redis (stolen from Dockerfile/Redis) 19 | RUN \ 20 | cd /tmp && \ 21 | wget http://download.redis.io/redis-stable.tar.gz && \ 22 | tar xvzf redis-stable.tar.gz && \ 23 | cd redis-stable && \ 24 | make && \ 25 | make install && \ 26 | cp -f src/redis-sentinel /usr/local/bin && \ 27 | mkdir -p /etc/redis && \ 28 | cp -f *.conf /etc/redis && \ 29 | rm -rf /tmp/redis-stable* 30 | 31 | # Install stunnel and supervisor 32 | RUN apt-get update 33 | RUN apt-get install -y stunnel supervisor 34 | 35 | # Deploy Config files 36 | RUN mkdir -p /config /data/redis 37 | ADD config/supervisord.conf /config/supervisord.conf 38 | ADD config/stunnel-server.conf /config/stunnel-server.conf 39 | ADD config/redis.conf /config/redis.conf 40 | ADD config/ssl/key.pem /config/key.pem 41 | ADD config/ssl/cert.pem /config/cert.pem 42 | 43 | # Expose Ports 44 | EXPOSE {{ exposed_port }} 45 | EXPOSE {{ local_port }} 46 | 47 | # Run process 48 | CMD /usr/bin/supervisord -c /config/supervisord.conf 49 | -------------------------------------------------------------------------------- /data/salt/states/runbook/rethinkdb/config/Dockerfile: -------------------------------------------------------------------------------- 1 | ## RethinkDB Dockerfile for use with Runbook.io 2 | # This docker container implements rethinkdb with stunnel 3 | # stunnel is used to create encrypted communication between docker instances 4 | 5 | FROM ubuntu:latest 6 | 7 | MAINTAINER Benjamin Cane 8 | 9 | RUN \ 10 | sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && \ 11 | apt-get update && \ 12 | apt-get -y upgrade && \ 13 | apt-get install -y build-essential && \ 14 | apt-get install -y software-properties-common && \ 15 | apt-get install -y byobu curl git htop man unzip vim wget 16 | RUN apt-get install -y python-dev python-pip 17 | 18 | # Install RethinkDB. 19 | RUN \ 20 | echo "deb http://download.rethinkdb.com/apt `lsb_release -cs` main" > /etc/apt/sources.list.d/rethinkdb.list && \ 21 | wget -O- http://download.rethinkdb.com/apt/pubkey.gpg | apt-key add - && \ 22 | apt-get update && \ 23 | apt-get install -y rethinkdb 24 | 25 | # Install stunnel and supervisor 26 | RUN apt-get install -y stunnel supervisor 27 | 28 | # Deploy Config files 29 | RUN mkdir -p /config /data/rethinkdb/data/instances/{{ instance }} 30 | ADD config/supervisord.conf /config/supervisord.conf 31 | ADD config/rethink.conf /config/rethink.conf 32 | ADD config/stunnel-server.conf /config/stunnel-server.conf 33 | ADD config/stunnel-client.conf /config/stunnel-client.conf 34 | ADD config/ssl/key.pem /config/key.pem 35 | ADD config/ssl/cert.pem /config/cert.pem 36 | 37 | # Expose Ports 38 | EXPOSE {{ cluster_exposed_port }} 39 | EXPOSE {{ cluster_local_port }} 40 | EXPOSE 28015 41 | EXPOSE 8080 42 | 43 | # Run process 44 | CMD /usr/bin/supervisord -c /config/supervisord.conf 45 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/Dockerfile: -------------------------------------------------------------------------------- 1 | ## Pull base image 2 | FROM runbook/runbook:{{ git_branch }} 3 | 4 | MAINTAINER Benjamin Cane 5 | 6 | # Install required packages 7 | RUN \ 8 | sed -i 's/# \(.*multiverse$\)/\1/g' /etc/apt/sources.list && \ 9 | apt-get update && \ 10 | apt-get -y upgrade && \ 11 | apt-get install -y stunnel supervisor nginx uwsgi uwsgi-plugin-python git 12 | RUN rm -rf /var/lib/apt/lists/* 13 | 14 | RUN useradd -g users runapp 15 | 16 | # Create working directories 17 | RUN mkdir -p /code /config /data 18 | RUN mkdir -p /data/runstatic/public_html 19 | 20 | # Copy Configurations 21 | ADD config/web.cfg /src/web/instance/web.cfg 22 | ADD config/stunnel-client.conf /config/stunnel-client.conf 23 | ADD config/supervisord.conf /config/supervisord.conf 24 | ADD config/ssl/key.pem /config/key.pem 25 | ADD config/ssl/cert.pem /config/cert.pem 26 | ADD config/nginx/nginx.conf /etc/nginx/nginx.conf 27 | ADD config/nginx/conf.d/uwsgi.conf /etc/nginx/conf.d/uwsgi.conf 28 | ADD config/nginx/globals/htmlglobal.conf /etc/nginx/globals/htmlglobal.conf 29 | ADD config/nginx/globals/uwsgi.conf /etc/nginx/globals/uwsgi.conf 30 | ADD config/nginx/sites-enabled/dash.runbook.io.conf /etc/nginx/sites-enabled/dash.runbook.io.conf 31 | ADD config/nginx/sites-enabled/dash.cloudrout.es.conf /etc/nginx/sites-enabled/dash.cloudrout.es.conf 32 | ADD config/nginx/sites-enabled/cloudrout.es.conf /etc/nginx/sites-enabled/cloudrout.es.conf 33 | ADD config/nginx/sites-enabled/runbook.io.conf /etc/nginx/sites-enabled/runbook.io.conf 34 | ADD config/uwsgi.cfg /config/uwsgi.cfg 35 | ADD config/genstatic.py /code/genstatic.py 36 | 37 | # Install requirements 38 | RUN chown -R runapp:users /code /config /data/runstatic /src/web 39 | 40 | RUN git clone https://github.com/Runbook/runbook.io.git --branch {{ git_branch }} 41 | RUN cp -R runbook.io/* / 42 | 43 | RUN cp -R /src/web/static /data/runstatic/public_html/ 44 | 45 | # Command to run 46 | CMD /usr/bin/supervisord -c /config/supervisord.conf 47 | -------------------------------------------------------------------------------- /Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # # vi: set ft=ruby : 3 | 4 | # Specify minimum Vagrant version and Vagrant API version 5 | Vagrant.require_version ">= 1.6.0" 6 | VAGRANTFILE_API_VERSION = "2" 7 | 8 | # Require YAML module 9 | require 'yaml' 10 | 11 | # Read YAML file with box details 12 | servers = YAML.load_file('servers.yaml') 13 | 14 | # Create boxes 15 | Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| 16 | 17 | # Iterate through entries in YAML file 18 | servers.each do |servers| 19 | config.vm.define servers["name"] do |srv| 20 | srv.vm.box = servers["box"] 21 | srv.vm.hostname = servers["name"] 22 | srv.vm.network "private_network", ip: servers["ip"] 23 | 24 | if servers["name"] == "salt" 25 | srv.vm.provision "shell", 26 | inline: "curl -L https://bootstrap.saltstack.com -o install_salt.sh && sh install_salt.sh -M" 27 | srv.vm.provision "shell", 28 | inline: "echo 'open_mode: True' >> /etc/salt/master.d/open_mode.conf" 29 | srv.vm.synced_folder "./", "/root/runbook-ops" 30 | srv.vm.synced_folder "runbook-secretops", "/root/runbook-secretops" 31 | srv.vm.provision "shell", 32 | inline: "/root/runbook-ops/copyit.sh develop --skippull" 33 | srv.vm.provision "shell", 34 | inline: "cp /root/runbook-ops/data/salt/states/base/salt/config/etc/salt/master.d/*roots.conf /etc/salt/master.d/" 35 | srv.vm.provision "shell", 36 | inline: "service salt-master restart" 37 | else 38 | srv.vm.provision "shell", 39 | inline: "echo 192.168.36.14 salt >> /etc/hosts" 40 | srv.vm.provision "shell", 41 | inline: "curl -L https://bootstrap.saltstack.com -o install_salt.sh && sh install_salt.sh" 42 | end 43 | srv.vm.provision "shell", 44 | inline: "salt-call state.highstate" 45 | srv.vm.provider :virtualbox do |vb| 46 | vb.name = servers["name"] 47 | vb.memory = servers["ram"] 48 | # vb.gui = true 49 | end 50 | end 51 | end 52 | end 53 | -------------------------------------------------------------------------------- /data/salt/states/runbook/certs/config/data/ssl/cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIF/TCCA+WgAwIBAgIJALI0eRbmtkaJMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD 3 | VQQGEwJVUzEQMA4GA1UECAwHQXJpem9uYTEQMA4GA1UEBwwHUGhvZW5peDETMBEG 4 | A1UECgwKUnVuYm9vay5pbzEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxEzARBgNVBAMM 5 | CnJ1bmJvb2suaW8xITAfBgkqhkiG9w0BCQEWEm5vcmVwbHlAcnVuYm9vay5pbzAe 6 | Fw0xNTAxMDUwNzI2MDZaFw0yODA5MTMwNzI2MDZaMIGUMQswCQYDVQQGEwJVUzEQ 7 | MA4GA1UECAwHQXJpem9uYTEQMA4GA1UEBwwHUGhvZW5peDETMBEGA1UECgwKUnVu 8 | Ym9vay5pbzEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxEzARBgNVBAMMCnJ1bmJvb2su 9 | aW8xITAfBgkqhkiG9w0BCQEWEm5vcmVwbHlAcnVuYm9vay5pbzCCAiIwDQYJKoZI 10 | hvcNAQEBBQADggIPADCCAgoCggIBAMDqXUHs4LxBEAZpTEQSRCI7zw/aDpvYiquH 11 | orPL/IrZn+JgS7F/FBv3uwyXeDn6qbvpaAcexadoSkTUntqXnRr4kNeFOQNwvl5B 12 | MNIWenyIRfvx5IffiHcrme+KUMI/VkFXaI4IcpwPqGNjNZnNQilU0RZrV9PUuZ5J 13 | c0l8XAgwFiqOUdYg0ular9+Q34P8PBs7PnzydyYsxsH9Jxtp3hieLUOYd9ye1IUS 14 | I3u3Gep/rF8HXLlb/I0GgR8ZHnTT9+NsMEeP+FYXtv2q+3VqxLD1WxOkHjteWtAg 15 | x+MC4Iq3+hDoSnx6srppiHf81wEqt7hveCsQW4v3MAF+WNqgaUFsRoUN25/9sWVC 16 | 6g1U3yj1IoCj7Jsdq+5P1xiKkq+UlClcLnXeNe0QvWS+pnlg8fmEQWRFq4BvnVqw 17 | x31XAMYKcS6e/rCKZlJFNBqyvNb35O1LrM7h+AcBXc0HWEee5DHRLaoyUrgKdDmq 18 | Pw3MvrO466Wa8bmTFhHas2907UA7DsmnseczMI48apqeVJ+2bDED6qGPpxfKpsWV 19 | Oeutj/zOCpECGkUtLhIfNEUVcY61u9TBiKuTjsHozme3KPhPPDQxyDlxeRfOx+nD 20 | 19v0xLszNM4/j7NZiOB05pJVT8miN8TA5q0K5uXX8v6kfJBuSXzEpnsDB+DjmzLR 21 | hz222kTVAgMBAAGjUDBOMB0GA1UdDgQWBBS9rFVW1krzigtDwJ7PnAtZVRheHzAf 22 | BgNVHSMEGDAWgBS9rFVW1krzigtDwJ7PnAtZVRheHzAMBgNVHRMEBTADAQH/MA0G 23 | CSqGSIb3DQEBCwUAA4ICAQBZ3131d9fLJ4rufcNFE6YqpHt8EWi+kXqpp+hTVhV1 24 | Kdl7/H44L3Bu3SZEHUyMV2KNtveEtWH3aE0sKYy8MQ1e3pkZAen6T7SEYI6ZLKdX 25 | HZ01aF0CY7Sls3WlwTsEJjIBRxIIzInwGCDQBIzEkXW9MUu6QWksMSkGCChHZjit 26 | ohPEm7ofS8gEnbsD0u6V3d2aPIm68TH/MjlcwjcZ1sST/kUfilddJ1dre+BmwhDt 27 | 3y0lVauAdGfkKxbjFnFxy7JoO28S8s2FMVmyMDPQ+eimfIl2p1Jb9TwPxzqBxSAm 28 | r9qqIcFA0BPrgL5fryXBGt9gUXGWF84Y9GWGx5qtT8YBt531dDG/LDy8nUwAwCmH 29 | Q+pSDPHkTdj3NMESKR5AD9vq49oECJIa2AfWTySoK5ezUF4lt5CwwmKHl79rGZVh 30 | +qgXse/qykj5aX576dmmrlhcDH/mEu0FZZqR81DaSBeaV53PBJPfGUU4pCTFZOof 31 | 5zOAymBZup5gTtv3f5bQT8wEj/pZ9gHsB9uMC+mKyFCtr1PSuNHpBetl7UMWlZb0 32 | X4bkOEnL4Kw5+LwppRwZ2CPyubG63/XOIGzwUvPzZUoFbmIRNOSkuVthFw/hP3/L 33 | WPfUtaP5dYgVVf2FOWZvSSe0qUef5IKzMUdXEI3PqrnIslbuoUoJ/lmDTKW9UXSZ 34 | 0w== 35 | -----END CERTIFICATE----- 36 | -------------------------------------------------------------------------------- /data/salt/states/base/scripts/config/root/scripts/copy-truncate.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #### This script will take a log file from cmdline 3 | #### copy the file and then truncate the original 4 | #### To be used with find or other commands 5 | #### --------------------------------------------- 6 | #### Benjamin Cane - 04/29/2013 7 | 8 | ## Import modules 9 | import sys, getopt, os 10 | from shutil import copy2 11 | from subprocess import call 12 | 13 | ## Gather cmdline vars and process them 14 | def main(argv): 15 | retention = 0 16 | gzip = 0 17 | try: 18 | opts, args = getopt.getopt(argv, "r:gh", ["retention=","gzip"]) 19 | except getopt.GetoptError: 20 | print("Usage: copy-truncate.py -r [retention] -g") 21 | print("Usage: copy-truncate.py -retention=NUM --gzip") 22 | sys.exit(2) 23 | for opt, arg in opts: 24 | if opt == '-h': 25 | print("Usage: copy-truncate.py -r [retention] -g") 26 | print("Usage: copy-truncate.py -retention=NUM --gzip") 27 | sys.exit(2) 28 | elif opt in ('-r', '--retention'): 29 | retention = int(arg) 30 | elif opt in ('-g', '--gzip'): 31 | gzip = 1 32 | return retention, gzip, args 33 | 34 | ## Define a custom copy function to not repeat tasks 35 | def myCopy(oldfile, newfile, gzip): 36 | if os.path.isfile(oldfile): 37 | print("%s -> %s") % (oldfile, newfile) 38 | copy2(oldfile, newfile) 39 | if gzip == 1: 40 | try: 41 | call(["gzip", "-f", newfile]) 42 | except: 43 | print("Could not gzip file %s") % newfile 44 | else: 45 | print("%s does not exist") % oldfile 46 | 47 | ## Initialize 48 | if __name__ == "__main__": 49 | global vars 50 | ret, gzip, args = main(sys.argv[1:]) 51 | 52 | ## For each file 53 | for file in args: 54 | ## Only run if file exists 55 | if os.path.isfile(file): 56 | ## Determin Number of files to keep 57 | numbers = range(1,ret) 58 | ## Oldest to Newest 59 | numbers.sort(reverse=True) 60 | for number in numbers: 61 | filenum = number - 1 62 | ## Add .gz extention 63 | if gzip == 1: 64 | newfile = file + "." + str(number) + ".gz" 65 | oldfile = file + "." + str(filenum) + ".gz" 66 | else: 67 | newfile = file + "." + str(number) 68 | oldfile = file + "." + str(filenum) 69 | myCopy(oldfile, newfile, 0) 70 | ## Copy 71 | newfile = file + "." + str("0") 72 | myCopy(file, newfile, gzip) 73 | ## Truncate 74 | fh = open(file, "w") 75 | fh.close() 76 | else: 77 | print("%s does not exist") % file 78 | -------------------------------------------------------------------------------- /data/salt/states/runbook/certs/config/data/ssl/key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJKQIBAAKCAgEAwOpdQezgvEEQBmlMRBJEIjvPD9oOm9iKq4eis8v8itmf4mBL 3 | sX8UG/e7DJd4Ofqpu+loBx7Fp2hKRNSe2pedGviQ14U5A3C+XkEw0hZ6fIhF+/Hk 4 | h9+IdyuZ74pQwj9WQVdojghynA+oY2M1mc1CKVTRFmtX09S5nklzSXxcCDAWKo5R 5 | 1iDS6Vqv35Dfg/w8Gzs+fPJ3JizGwf0nG2neGJ4tQ5h33J7UhRIje7cZ6n+sXwdc 6 | uVv8jQaBHxkedNP342wwR4/4Vhe2/ar7dWrEsPVbE6QeO15a0CDH4wLgirf6EOhK 7 | fHqyummId/zXASq3uG94KxBbi/cwAX5Y2qBpQWxGhQ3bn/2xZULqDVTfKPUigKPs 8 | mx2r7k/XGIqSr5SUKVwudd417RC9ZL6meWDx+YRBZEWrgG+dWrDHfVcAxgpxLp7+ 9 | sIpmUkU0GrK81vfk7UuszuH4BwFdzQdYR57kMdEtqjJSuAp0Oao/Dcy+s7jrpZrx 10 | uZMWEdqzb3TtQDsOyaex5zMwjjxqmp5Un7ZsMQPqoY+nF8qmxZU5662P/M4KkQIa 11 | RS0uEh80RRVxjrW71MGIq5OOwejOZ7co+E88NDHIOXF5F87H6cPX2/TEuzM0zj+P 12 | s1mI4HTmklVPyaI3xMDmrQrm5dfy/qR8kG5JfMSmewMH4OObMtGHPbbaRNUCAwEA 13 | AQKCAgAetS+jDtG3JaQnYRuCumWeDWcoXs10gUORikWb2RyZ/Yo1vp5N4qyQxx4/ 14 | It1AXWYnQ0AL4hoUS8WGr1GZ+ghIAskLhWlN4uRqnHXo+ysEJ6z8LcTy2+IdFhOq 15 | zZmNUgeo3wEFmtKjhNqI94HQuZuOeLHPn8abMYFacNapG+KKax0cKQtdylvISWc1 16 | bxolKEFpFEUeHnpY2UfKGUHgWzm/MW6DFAIAXEf35qs/RiYZ7bjCZ6ma18mbqS1k 17 | hdsTPap3yQDmY0Rkb+Hw/waH6jbk9ClLNxSY3qwV9SHcQNj9O8vSZSd2KRHKGoJe 18 | lyCiTupvsU6vjCsGXJKHqlT6eA5I1M2y28dqIJTdhbi+nArV/UjaRlBXw8NeMR8W 19 | RKdhap5q+PUMvtA6Jb54aa0HP0K3XA1a1cuVo9dwLevDnnJw4w2trqDiAhTGydpr 20 | T42S4W+FaZVlmzLER22YD4OTU2MU+riMiASJBaui7yEm5YWP5gsmj3ckSKomYnan 21 | Ag/jk0eU6uAxcV0s2+stssL4qIutegrZ2CLX9YXp5z5p5yysRIJuyCSCioIpKdg+ 22 | dy15CWKMJmi40/r4ZRTW5oKNhFZ19NaOfHfLUuyPESmp7nnKc3wjFI/Pj/GZyPUp 23 | e3e7yD+ve4P2yQuThsssnlUvglkNUSaTkHmR7bh+hfm/fzcJAQKCAQEA7RUs7zsr 24 | kYv2bCrNQ8RCelkw34lelnuGzZOFOylbh1x0pcWWE73/s2odGHKwqMB7i6bh11kF 25 | 6yYRpmibFDin4PozNJuuH12//U0qaWPWxDQHi6DOUwJzT8CRkIDXsz9yRCNF8hay 26 | a+1upJH2lCaJW0eqQ5C3Rx2Bb2T2FBHPYUtslbddoFtloYygR7qzf14GCIbge5oT 27 | xc9nHDewpzwWHFAg6snQJ/B2GEIhggMCD0ziNftvgdLgNUWbgrPoAoCh/1h/q2lN 28 | 52rLbS5TU20e9020DWnsKS2zEM8vX1GDRIltQinLFJHIoJ/HSCdeiKsbvMzCeuRT 29 | HPpc6OIdSxlvwwKCAQEA0E7/Jp69QcQa8nh4GLnebXcQkqeaRI9f8ET28s5636z3 30 | rDNV4VDWDWiHDoKugPrAv/KvHUf9R63DaX0URJif/YZG5IhLYEQI5CR0wOJdSAyb 31 | UXNJLo639X6eeuABaxf6gCTpu+OnIrsyBZNr3ftescldoglb0q8qBhQhmzDlx22R 32 | OxSKtpi8aAUBdNFlpnVIrp7yejfPl714EFzm3PB6sJUOdRLxgsT6wDyJSImi3LnO 33 | M9+1FSyoX/hnzb8sZoyYM7MthxXhMvMOsFyycVlauvSu/RILg5EfY7l8d4iyvAZ+ 34 | 4GuM1Ur9WrHCHwl3/omT0r+w5gy4yYN62rMgl/YHhwKCAQAgvvgB4w5VgBt9PTw0 35 | y/rSo1cYyQSDjHRGGMYiMcgunhqOewgLmgajZVi3c7/qzwtBcr9m2yjyHcP6VCB3 36 | Xovxix1fetFGC9Dkz6+39s5HM1iHdKKK3J/IuDRi3Sjt3SmPN8AFfBUQyy6pFHAW 37 | bmwya2edBXQLIowqMqu6ges+6QgKddU8vOMAuUe6IJOCWB5FNzvyVom8nLUFNLv1 38 | nVsAdiDVzSIvIgtttlSifH/gVSI5io0QRWwqb37XQroc/l9hwXuA1X6pJBsM7YUc 39 | 1MmeJuFjqOmxllpRTAyjAcM7yC+LH/Ko2Kn5ZZhE4wsvnVKrdSy3hKnmKr6CfBjH 40 | sq+5AoIBAQCtO+UJUx4FYXcfinwl4/1Mf6YysFulBK8+e7v7NSgOeCQI+zBCjx1U 41 | TUd0E83XybEecE6dRU8nmyRVyAVg/qSfDFpMl+RHjIzwXjkSZ643yvQoCn4jz+DA 42 | sqpNeZj0XR6gDxKqhKpsQc1Zwb4E/5VCuTm7FZldXvrNz1QbYdDVxxLuVSj+rYqR 43 | 3wfVBIdKpWLqhZkVdvCXOqRsxzXfK8Z8r5k0V6qtm+8Ei9OHlZ7xfTw0+6f2kgr8 44 | tPJusrvUFLxG0o3cN5/u5R+kH5LunObNb8tO/wDAS6IVJx6RsgciQyykqgyXHSQR 45 | lp7ffNpjvjpHG8+boZzTSRqUYj+K4LplAoIBAQC9HCBsCUcLIKbA53Stqx1rD9L0 46 | gCGOloy5k7iOYl+XVxQN5AnEiFrOVf/ghKL1GgeCG06/Fdq0YUnuP6hNOSE+bIVg 47 | wMK/sfOiB2IrSiD0X1ctPHkWm6Btz+gg0M+aowcLRdkflJHVu3ttk46oXjW5LBQ5 48 | 5lC7+nhgaBKn+BN3Q8MX/f3pTUisfnkg7xNTqbaegGnZ/iH78HJ+RJtfkXHTJ/dN 49 | o8t+SensIkUzcP4A6dD1AovPUjSYdI/1EDvMjnw76U68sS2cRYKGePhNs8meukLf 50 | HWiwmcIPgwbr3CtYzQlWNCprppRaghflwun0XFURQaofGFbIGDoW5DAZDlVZ 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /data/salt/states/runbook/redis/init.sls: -------------------------------------------------------------------------------- 1 | /data/redis/data: 2 | file.directory: 3 | - user: root 4 | - group: root 5 | - mode: 750 6 | - makedirs: True 7 | 8 | /data/redis/config/redis.conf: 9 | file.managed: 10 | - source: salt://redis/config/redis.conf 11 | - user: root 12 | - group: root 13 | - mode: 640 14 | - makedirs: True 15 | - template: jinja 16 | - context: 17 | port: {{ pillar['redis']['local_port'] }} 18 | redis_pass: {{ pillar['redis']['pass'] }} 19 | 20 | /data/redis/config/stunnel-server.conf: 21 | file.managed: 22 | - source: salt://redis/config/stunnel-server.tmpl 23 | - user: root 24 | - group: root 25 | - mode: 640 26 | - makedirs: True 27 | - template: jinja 28 | - context: 29 | exposed_port: {{ pillar['redis']['exposed_port'] }} 30 | local_port: {{ pillar['redis']['local_port'] }} 31 | 32 | /data/redis/config/supervisord.conf: 33 | file.managed: 34 | - source: salt://redis/config/supervisord.conf 35 | - user: root 36 | - group: root 37 | - mode: 640 38 | - makedirs: True 39 | 40 | /data/redis/Dockerfile: 41 | file.managed: 42 | - source: salt://redis/config/Dockerfile 43 | - user: root 44 | - group: root 45 | - mode: 640 46 | - makedirs: True 47 | - template: jinja 48 | - context: 49 | exposed_port: {{ pillar['redis']['exposed_port'] }} 50 | local_port: {{ pillar['redis']['local_port'] }} 51 | 52 | # Stop and Remove current redis container 53 | redis-stop: 54 | cmd.wait: 55 | - name: /usr/bin/docker rm --force --volumes=false redis 56 | - onlyif: /usr/bin/docker ps | /bin/grep -q "redis" 57 | - order: 102 58 | - watch: 59 | - file: /data/redis/Dockerfile 60 | - file: /data/redis/config/redis.conf 61 | - file: /data/redis/config/stunnel-server.conf 62 | - file: /data/redis/config/supervisord.conf 63 | - file: /data/redis/config/ssl 64 | 65 | # Build redis image 66 | redis-build: 67 | cmd.wait: 68 | - name: /usr/bin/docker build -t runbook-redis /data/redis 69 | - order: 103 70 | - require: 71 | - pkg: docker.io 72 | - watch: 73 | - file: /data/redis/Dockerfile 74 | - file: /data/redis/config/redis.conf 75 | - file: /data/redis/config/stunnel-server.conf 76 | - file: /data/redis/config/supervisord.conf 77 | - file: /data/redis/config/ssl 78 | 79 | ## Build if image isn't present 80 | redis-build2: 81 | cmd.run: 82 | - name: /usr/bin/docker build -t runbook-redis /data/redis 83 | - unless: /usr/bin/docker images | grep -q "runbook-redis" 84 | - require: 85 | - file: /data/redis/Dockerfile 86 | - file: /data/redis/config/redis.conf 87 | - file: /data/redis/config/stunnel-server.conf 88 | - file: /data/redis/config/supervisord.conf 89 | - file: /data/redis/config/ssl 90 | 91 | /etc/supervisor/conf.d/redis.conf: 92 | file.managed: 93 | - source: salt://supervisor/config/supervisord.tmpl 94 | - user: root 95 | - group: root 96 | - mode: 640 97 | - require: 98 | - pkg: supervisor 99 | - template: jinja 100 | - context: 101 | container: 102 | name: redis 103 | docker_args: -p "{{ pillar['redis']['exposed_port'] }}:{{ pillar['redis']['exposed_port'] }}" -v "/data/redis:/data/redis" --name "redis" runbook-redis 104 | 105 | supervisor-redis: 106 | service.running: 107 | - name: supervisor 108 | - watch: 109 | - file: /etc/supervisor/conf.d/redis.conf 110 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/worker/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/monitors/worker/config: 2 | file.directory: 3 | - user: root 4 | - group: root 5 | - mode: 700 6 | - makedirs: True 7 | 8 | /data/runbook/monitors/worker/config/worker.yml: 9 | file.managed: 10 | - source: salt://runbook/monitors/worker/config/worker.yml 11 | - user: root 12 | - group: root 13 | - mode: 640 14 | - makedirs: True 15 | - template: jinja 16 | - context: 17 | monitor_broker: {{ pillar['monitor_broker'] }} 18 | action_broker: {{ pillar['action_broker'] }} 19 | stathat_env: {{ pillar['stathat_env'] }} 20 | stathat_ezkey: {{ pillar['stathat_ezkey'] }} 21 | runbook: {{ pillar['runbook'] }} 22 | 23 | /data/runbook/monitors/worker/config/stunnel-client.conf: 24 | file.managed: 25 | - source: salt://runbook/monitors/worker/config/stunnel-client.tmpl 26 | - user: root 27 | - group: root 28 | - mode: 640 29 | - makedirs: True 30 | - template: jinja 31 | - context: 32 | monitor_broker: {{ pillar['monitor_broker'] }} 33 | action_broker: {{ pillar['action_broker'] }} 34 | hosts: {{ pillar['hosts'] }} 35 | 36 | 37 | /data/runbook/monitors/worker/Dockerfile: 38 | file.managed: 39 | - source: salt://runbook/monitors/worker/config/Dockerfile 40 | - user: root 41 | - group: root 42 | - mode: 640 43 | - makedirs: True 44 | - template: jinja 45 | - context: 46 | git_branch: {{ pillar['git_branch'] }} 47 | 48 | /data/runbook/monitors/worker/config/supervisord.conf: 49 | file.managed: 50 | - source: salt://runbook/monitors/worker/config/supervisord.conf 51 | - user: root 52 | - group: root 53 | - mode: 640 54 | - makedirs: True 55 | 56 | # Stop and Remove current container 57 | monitorworker-stop: 58 | cmd.wait: 59 | - name: /usr/bin/docker rm --force monitorworker 60 | - onlyif: /usr/bin/docker ps | /bin/grep -q "monitorworker" 61 | - order: 112 62 | - watch: 63 | - git: runbook_source 64 | - file: /data/runbook/monitors/worker/Dockerfile 65 | - file: /data/runbook/monitors/worker/config/worker.yml 66 | - file: /data/runbook/monitors/worker/config/stunnel-client.conf 67 | - file: /data/runbook/monitors/worker/config/supervisord.conf 68 | - file: /data/runbook/monitors/worker/config/ssl 69 | 70 | # Build image 71 | monitorworker: 72 | cmd.wait: 73 | - name: /usr/bin/docker kill monitorworker; /usr/bin/docker rmi --force monitorworker; /usr/bin/docker build -t monitorworker --no-cache=True /data/runbook/monitors/worker 74 | - order: 113 75 | - require: 76 | - pkg: docker.io 77 | - watch: 78 | - git: runbook_source 79 | - cmd: monitorworker-stop 80 | - file: /data/runbook/monitors/worker/Dockerfile 81 | - file: /data/runbook/monitors/worker/config/worker.yml 82 | - file: /data/runbook/monitors/worker/config/stunnel-client.conf 83 | - file: /data/runbook/monitors/worker/config/supervisord.conf 84 | - file: /data/runbook/monitors/worker/config/ssl 85 | 86 | ## Build if image isn't present 87 | monitorworker-build2: 88 | cmd.run: 89 | - name: /usr/bin/docker build -t monitorworker --no-cache=True /data/runbook/monitors/worker 90 | - unless: /usr/bin/docker images | grep -q "monitorworker" 91 | - require: 92 | - git: runbook_source 93 | - cmd: monitorworker-stop 94 | - file: /data/runbook/monitors/worker/Dockerfile 95 | - file: /data/runbook/monitors/worker/config/worker.yml 96 | - file: /data/runbook/monitors/worker/config/stunnel-client.conf 97 | - file: /data/runbook/monitors/worker/config/supervisord.conf 98 | - file: /data/runbook/monitors/worker/config/ssl 99 | 100 | /etc/supervisor/conf.d/monitorworker.conf: 101 | file.managed: 102 | - source: salt://supervisor/config/supervisord.tmpl 103 | - user: root 104 | - group: root 105 | - mode: 640 106 | - require: 107 | - pkg: supervisor 108 | - template: jinja 109 | - context: 110 | container: 111 | name: monitorworker 112 | docker_args: --name monitorworker monitorworker 113 | 114 | supervisor-monitorworker: 115 | service.running: 116 | - name: supervisor 117 | - watch: 118 | - file: /etc/supervisor/conf.d/monitorworker.conf 119 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/actions/actioner/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/actions/actioner/config: 2 | file.directory: 3 | - user: root 4 | - group: root 5 | - mode: 700 6 | - makedirs: True 7 | 8 | /data/runbook/actions/actioner/data: 9 | file.directory: 10 | - user: root 11 | - group: root 12 | - mode: 700 13 | - makedirs: True 14 | 15 | /data/runbook/actions/actioner/config/actioner.yml: 16 | file.managed: 17 | - source: salt://runbook/actions/actioner/config/actioner.yml 18 | - user: root 19 | - group: root 20 | - mode: 640 21 | - makedirs: True 22 | - template: jinja 23 | - context: 24 | action_broker: {{ pillar['action_broker'] }} 25 | redis: {{ pillar['redis'] }} 26 | rethink: {{ pillar['rethink'] }} 27 | runbook: {{ pillar['runbook'] }} 28 | stathat_env: {{ pillar['stathat_env'] }} 29 | stathat_ezkey: {{ pillar['stathat_ezkey'] }} 30 | mailchimp: {{ pillar['mailchimp'] }} 31 | mandrill: {{ pillar['mandrill'] }} 32 | 33 | /data/runbook/actions/actioner/config/stunnel-client.conf: 34 | file.managed: 35 | - source: salt://runbook/actions/actioner/config/stunnel-client.tmpl 36 | - user: root 37 | - group: root 38 | - mode: 640 39 | - makedirs: True 40 | - template: jinja 41 | - context: 42 | action_broker: {{ pillar['action_broker'] }} 43 | rethink: {{ pillar['rethink'] }} 44 | redis: {{ pillar['redis'] }} 45 | hosts: {{ pillar['hosts'] }} 46 | 47 | 48 | /data/runbook/actions/actioner/Dockerfile: 49 | file.managed: 50 | - source: salt://runbook/actions/actioner/config/Dockerfile 51 | - user: root 52 | - group: root 53 | - mode: 640 54 | - makedirs: True 55 | - template: jinja 56 | - context: 57 | git_branch: {{ pillar['git_branch'] }} 58 | 59 | /data/runbook/actions/actioner/config/supervisord.conf: 60 | file.managed: 61 | - source: salt://runbook/actions/actioner/config/supervisord.conf 62 | - user: root 63 | - group: root 64 | - mode: 640 65 | - makedirs: True 66 | 67 | # Stop and Remove current container 68 | actioner-stop: 69 | cmd.wait: 70 | - name: /usr/bin/docker rm --force actioner 71 | - onlyif: /usr/bin/docker ps | /bin/grep -q "actioner" 72 | - order: 142 73 | - watch: 74 | - git: runbook_source 75 | - file: /data/runbook/actions/actioner/Dockerfile 76 | - file: /data/runbook/actions/actioner/config/actioner.yml 77 | - file: /data/runbook/actions/actioner/config/stunnel-client.conf 78 | - file: /data/runbook/actions/actioner/config/supervisord.conf 79 | - file: /data/runbook/actions/actioner/config/ssl 80 | 81 | # Build image 82 | actioner: 83 | cmd.wait: 84 | - name: /usr/bin/docker kill actioner; /usr/bin/docker rmi --force actioner; /usr/bin/docker build -t actioner --no-cache=True /data/runbook/actions/actioner 85 | - order: 143 86 | - require: 87 | - pkg: docker.io 88 | - watch: 89 | - git: runbook_source 90 | - cmd: actioner-stop 91 | - file: /data/runbook/actions/actioner/Dockerfile 92 | - file: /data/runbook/actions/actioner/config/actioner.yml 93 | - file: /data/runbook/actions/actioner/config/stunnel-client.conf 94 | - file: /data/runbook/actions/actioner/config/supervisord.conf 95 | - file: /data/runbook/actions/actioner/config/ssl 96 | 97 | ## Build if image isn't present 98 | actioner-build2: 99 | cmd.run: 100 | - name: /usr/bin/docker build -t actioner --no-cache=True /data/runbook/actions/actioner 101 | - unless: /usr/bin/docker images | grep -q "actioner" 102 | - require: 103 | - git: runbook_source 104 | - file: /data/runbook/actions/actioner/Dockerfile 105 | - file: /data/runbook/actions/actioner/config/actioner.yml 106 | - file: /data/runbook/actions/actioner/config/stunnel-client.conf 107 | - file: /data/runbook/actions/actioner/config/supervisord.conf 108 | - file: /data/runbook/actions/actioner/config/ssl 109 | 110 | /etc/supervisor/conf.d/actioner.conf: 111 | file.managed: 112 | - source: salt://supervisor/config/supervisord.tmpl 113 | - user: root 114 | - group: root 115 | - mode: 640 116 | - require: 117 | - pkg: supervisor 118 | - template: jinja 119 | - context: 120 | container: 121 | name: actioner 122 | docker_args: --name actioner actioner 123 | 124 | supervisor-actioner: 125 | service.running: 126 | - name: supervisor 127 | - watch: 128 | - file: /etc/supervisor/conf.d/actioner.conf 129 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/bridge/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/bridge/config: 2 | file.directory: 3 | - user: root 4 | - group: root 5 | - mode: 700 6 | - makedirs: True 7 | 8 | /data/runbook/bridge/config/bridge.yml: 9 | file.managed: 10 | - source: salt://runbook/bridge/config/bridge.yml 11 | - user: root 12 | - group: root 13 | - mode: 640 14 | - makedirs: True 15 | - template: jinja 16 | - context: 17 | action_broker: {{ pillar['action_broker'] }} 18 | bridge: {{ pillar['bridge'] }} 19 | redis: {{ pillar['redis'] }} 20 | rethink: {{ pillar['rethink'] }} 21 | runbook: {{ pillar['runbook'] }} 22 | stathat_env: {{ pillar['stathat_env'] }} 23 | stathat_ezkey: {{ pillar['stathat_ezkey'] }} 24 | mailchimp: {{ pillar['mailchimp'] }} 25 | mandrill: {{ pillar['mandrill'] }} 26 | general: 27 | datacenter: {{ pillar['datacenter'] }} 28 | 29 | /data/runbook/bridge/config/stunnel-client.conf: 30 | file.managed: 31 | - source: salt://runbook/bridge/config/stunnel-client.tmpl 32 | - user: root 33 | - group: root 34 | - mode: 640 35 | - makedirs: True 36 | - template: jinja 37 | - context: 38 | action_broker: {{ pillar['action_broker'] }} 39 | rethink: {{ pillar['rethink'] }} 40 | redis: {{ pillar['redis'] }} 41 | hosts: {{ pillar['hosts'] }} 42 | 43 | 44 | /data/runbook/bridge/Dockerfile: 45 | file.managed: 46 | - source: salt://runbook/bridge/config/Dockerfile 47 | - user: root 48 | - group: root 49 | - mode: 640 50 | - makedirs: True 51 | - template: jinja 52 | - context: 53 | git_branch: {{ pillar['git_branch'] }} 54 | 55 | /data/runbook/bridge/config/supervisord.conf: 56 | file.managed: 57 | - source: salt://runbook/bridge/config/supervisord.conf 58 | - user: root 59 | - group: root 60 | - mode: 640 61 | - makedirs: True 62 | 63 | /data/runbook/bridge/config/mgmtrun.sh: 64 | file.managed: 65 | - source: salt://runbook/bridge/config/mgmtrun.sh 66 | - user: root 67 | - group: root 68 | - mode: 750 69 | - makedirs: True 70 | 71 | # Stop and Remove current container 72 | bridge-stop: 73 | cmd.wait: 74 | - name: /usr/bin/docker rm --force bridge 75 | - onlyif: /usr/bin/docker ps | /bin/grep -q "bridge" 76 | - order: 142 77 | - stateful: False 78 | - watch: 79 | - git: runbook_source 80 | - file: /data/runbook/bridge/Dockerfile 81 | - file: /data/runbook/bridge/config/bridge.yml 82 | - file: /data/runbook/bridge/config/stunnel-client.conf 83 | - file: /data/runbook/bridge/config/supervisord.conf 84 | - file: /data/runbook/bridge/config/mgmtrun.sh 85 | - file: /data/runbook/bridge/config/ssl 86 | 87 | # Build image 88 | bridge: 89 | cmd.wait: 90 | - name: /usr/bin/docker kill bridge; /usr/bin/docker rmi --force bridge; /usr/bin/docker build -t bridge --no-cache=True /data/runbook/bridge 91 | - order: 143 92 | - require: 93 | - pkg: docker.io 94 | - watch: 95 | - git: runbook_source 96 | - cmd: bridge-stop 97 | - file: /data/runbook/bridge/Dockerfile 98 | - file: /data/runbook/bridge/config/bridge.yml 99 | - file: /data/runbook/bridge/config/stunnel-client.conf 100 | - file: /data/runbook/bridge/config/supervisord.conf 101 | - file: /data/runbook/bridge/config/mgmtrun.sh 102 | - file: /data/runbook/bridge/config/ssl 103 | 104 | ## Build if image isn't present 105 | bridge-build2: 106 | cmd.run: 107 | - name: /usr/bin/docker build -t bridge --no-cache=True /data/runbook/bridge 108 | - unless: /usr/bin/docker images | grep -q "bridge" 109 | - require: 110 | - git: runbook_source 111 | - cmd: bridge-stop 112 | - file: /data/runbook/bridge/Dockerfile 113 | - file: /data/runbook/bridge/config/bridge.yml 114 | - file: /data/runbook/bridge/config/stunnel-client.conf 115 | - file: /data/runbook/bridge/config/supervisord.conf 116 | - file: /data/runbook/bridge/config/mgmtrun.sh 117 | - file: /data/runbook/bridge/config/ssl 118 | 119 | /etc/supervisor/conf.d/bridge.conf: 120 | file.managed: 121 | - source: salt://supervisor/config/supervisord.tmpl 122 | - user: root 123 | - group: root 124 | - mode: 640 125 | - require: 126 | - pkg: supervisor 127 | - template: jinja 128 | - context: 129 | container: 130 | name: bridge 131 | docker_args: --name bridge bridge 132 | 133 | supervisor-bridge: 134 | service.running: 135 | - name: supervisor 136 | - watch: 137 | - file: /etc/supervisor/conf.d/bridge.conf 138 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/broker/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/monitors/broker/config: 2 | file.directory: 3 | - user: root 4 | - group: root 5 | - mode: 700 6 | - makedirs: True 7 | 8 | /data/runbook/monitors/broker/config/broker.yml: 9 | file.managed: 10 | - source: salt://runbook/monitors/broker/config/broker.yml 11 | - user: root 12 | - group: root 13 | - mode: 640 14 | - makedirs: True 15 | - template: jinja 16 | - context: 17 | local_control_port: {{ pillar['monitor_broker']['local_control_port'] }} 18 | local_worker_port: {{ pillar['monitor_broker']['local_worker_port'] }} 19 | stathat_env: {{ pillar['stathat_env'] }} 20 | stathat_ezkey: {{ pillar['stathat_ezkey'] }} 21 | 22 | /data/runbook/monitors/broker/config/stunnel-server.conf: 23 | file.managed: 24 | - source: salt://runbook/monitors/broker/config/stunnel-server.tmpl 25 | - user: root 26 | - group: root 27 | - mode: 640 28 | - makedirs: True 29 | - template: jinja 30 | - context: 31 | exposed_control_port: {{ pillar['monitor_broker']['exposed_control_port'] }} 32 | local_control_port: {{ pillar['monitor_broker']['local_control_port'] }} 33 | exposed_worker_port: {{ pillar['monitor_broker']['exposed_worker_port'] }} 34 | local_worker_port: {{ pillar['monitor_broker']['local_worker_port'] }} 35 | 36 | 37 | /data/runbook/monitors/broker/Dockerfile: 38 | file.managed: 39 | - source: salt://runbook/monitors/broker/config/Dockerfile 40 | - user: root 41 | - group: root 42 | - mode: 640 43 | - makedirs: True 44 | - template: jinja 45 | - context: 46 | exposed_control_port: {{ pillar['monitor_broker']['exposed_control_port'] }} 47 | local_control_port: {{ pillar['monitor_broker']['local_control_port'] }} 48 | exposed_worker_port: {{ pillar['monitor_broker']['exposed_worker_port'] }} 49 | local_worker_port: {{ pillar['monitor_broker']['local_worker_port'] }} 50 | git_branch: {{ pillar['git_branch'] }} 51 | 52 | /data/runbook/monitors/broker/config/supervisord.conf: 53 | file.managed: 54 | - source: salt://runbook/monitors/broker/config/supervisord.conf 55 | - user: root 56 | - group: root 57 | - mode: 640 58 | - makedirs: True 59 | 60 | # Stop and Remove current container 61 | monitorbroker-stop: 62 | cmd.wait: 63 | - name: /usr/bin/docker rm --force monitorbroker 64 | - onlyif: /usr/bin/docker ps | /bin/grep -q "monitorbroker" 65 | - order: 112 66 | - watch: 67 | - git: runbook_source 68 | - file: /data/runbook/monitors/broker/Dockerfile 69 | - file: /data/runbook/monitors/broker/config/broker.yml 70 | - file: /data/runbook/monitors/broker/config/stunnel-server.conf 71 | - file: /data/runbook/monitors/broker/config/supervisord.conf 72 | - file: /data/runbook/monitors/broker/config/ssl 73 | 74 | # Build image 75 | monitorbroker: 76 | cmd.wait: 77 | - name: /usr/bin/docker kill monitorbroker; /usr/bin/docker rmi --force monitorbroker; /usr/bin/docker build -t monitorbroker --no-cache=True /data/runbook/monitors/broker 78 | - order: 113 79 | - require: 80 | - pkg: docker.io 81 | - watch: 82 | - git: runbook_source 83 | - cmd: monitorbroker-stop 84 | - file: /data/runbook/monitors/broker/Dockerfile 85 | - file: /data/runbook/monitors/broker/config/broker.yml 86 | - file: /data/runbook/monitors/broker/config/stunnel-server.conf 87 | - file: /data/runbook/monitors/broker/config/supervisord.conf 88 | - file: /data/runbook/monitors/broker/config/ssl 89 | 90 | ## Build if image isn't present 91 | monitorbroker-build2: 92 | cmd.run: 93 | - name: /usr/bin/docker build -t monitorbroker --no-cache=True /data/runbook/monitors/broker 94 | - unless: /usr/bin/docker images | grep -q "monitorbroker" 95 | - require: 96 | - git: runbook_source 97 | - cmd: monitorbroker-stop 98 | - file: /data/runbook/monitors/broker/Dockerfile 99 | - file: /data/runbook/monitors/broker/config/broker.yml 100 | - file: /data/runbook/monitors/broker/config/stunnel-server.conf 101 | - file: /data/runbook/monitors/broker/config/supervisord.conf 102 | - file: /data/runbook/monitors/broker/config/ssl 103 | 104 | /etc/supervisor/conf.d/monitorbroker.conf: 105 | file.managed: 106 | - source: salt://supervisor/config/supervisord.tmpl 107 | - user: root 108 | - group: root 109 | - mode: 640 110 | - require: 111 | - pkg: supervisor 112 | - template: jinja 113 | - context: 114 | container: 115 | name: monitorbroker 116 | docker_args: -p "{{ pillar['monitor_broker']['exposed_control_port'] }}:{{ pillar['monitor_broker']['exposed_control_port'] }}" -p "{{ pillar['monitor_broker']['exposed_worker_port'] }}:{{ pillar['monitor_broker']['exposed_worker_port'] }}" --name monitorbroker monitorbroker 117 | 118 | supervisor-monitorbroker: 119 | service.running: 120 | - name: supervisor 121 | - watch: 122 | - file: /etc/supervisor/conf.d/monitorbroker.conf 123 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/actions/broker/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/actions/broker/config: 2 | file.directory: 3 | - user: root 4 | - group: root 5 | - mode: 700 6 | - makedirs: True 7 | 8 | /data/runbook/actions/broker/data: 9 | file.directory: 10 | - user: root 11 | - group: root 12 | - mode: 700 13 | - makedirs: True 14 | 15 | /data/runbook/actions/broker/config/broker.yml: 16 | file.managed: 17 | - source: salt://runbook/actions/broker/config/broker.yml 18 | - user: root 19 | - group: root 20 | - mode: 640 21 | - makedirs: True 22 | - template: jinja 23 | - context: 24 | local_sink_port: {{ pillar['action_broker']['local_sink_port'] }} 25 | local_actioner_port: {{ pillar['action_broker']['local_actioner_port'] }} 26 | stathat_env: {{ pillar['stathat_env'] }} 27 | stathat_ezkey: {{ pillar['stathat_ezkey'] }} 28 | 29 | /data/runbook/actions/broker/config/stunnel-server.conf: 30 | file.managed: 31 | - source: salt://runbook/actions/broker/config/stunnel-server.tmpl 32 | - user: root 33 | - group: root 34 | - mode: 640 35 | - makedirs: True 36 | - template: jinja 37 | - context: 38 | exposed_sink_port: {{ pillar['action_broker']['exposed_sink_port'] }} 39 | local_sink_port: {{ pillar['action_broker']['local_sink_port'] }} 40 | exposed_actioner_port: {{ pillar['action_broker']['exposed_actioner_port'] }} 41 | local_actioner_port: {{ pillar['action_broker']['local_actioner_port'] }} 42 | 43 | 44 | /data/runbook/actions/broker/Dockerfile: 45 | file.managed: 46 | - source: salt://runbook/actions/broker/config/Dockerfile 47 | - user: root 48 | - group: root 49 | - mode: 640 50 | - makedirs: True 51 | - template: jinja 52 | - context: 53 | exposed_sink_port: {{ pillar['action_broker']['exposed_sink_port'] }} 54 | local_sink_port: {{ pillar['action_broker']['local_sink_port'] }} 55 | exposed_actioner_port: {{ pillar['action_broker']['exposed_actioner_port'] }} 56 | local_actioner_port: {{ pillar['action_broker']['local_actioner_port'] }} 57 | git_branch: {{ pillar['git_branch'] }} 58 | 59 | /data/runbook/actions/broker/config/supervisord.conf: 60 | file.managed: 61 | - source: salt://runbook/actions/broker/config/supervisord.conf 62 | - user: root 63 | - group: root 64 | - mode: 640 65 | - makedirs: True 66 | 67 | # Stop and Remove current container 68 | actionbroker-stop: 69 | cmd.wait: 70 | - name: /usr/bin/docker rm --force actionbroker 71 | - onlyif: /usr/bin/docker ps | /bin/grep -q "actionbroker" 72 | - order: 122 73 | - watch: 74 | - git: runbook_source 75 | - file: /data/runbook/actions/broker/Dockerfile 76 | - file: /data/runbook/actions/broker/config/broker.yml 77 | - file: /data/runbook/actions/broker/config/stunnel-server.conf 78 | - file: /data/runbook/actions/broker/config/supervisord.conf 79 | - file: /data/runbook/actions/broker/config/ssl 80 | 81 | # Build image 82 | actionbroker: 83 | cmd.wait: 84 | - name: /usr/bin/docker kill actionbroker; /usr/bin/docker rmi --force actionbroker; /usr/bin/docker build -t actionbroker --no-cache=True /data/runbook/actions/broker 85 | - order: 123 86 | - require: 87 | - pkg: docker.io 88 | - watch: 89 | - git: runbook_source 90 | - cmd: actionbroker-stop 91 | - file: /data/runbook/actions/broker/Dockerfile 92 | - file: /data/runbook/actions/broker/config/broker.yml 93 | - file: /data/runbook/actions/broker/config/stunnel-server.conf 94 | - file: /data/runbook/actions/broker/config/supervisord.conf 95 | - file: /data/runbook/actions/broker/config/ssl 96 | 97 | ## Build if image isn't present 98 | actionbroker-build2: 99 | cmd.run: 100 | - name: /usr/bin/docker build -t actionbroker --no-cache=True /data/runbook/actions/broker 101 | - unless: /usr/bin/docker images | grep -q "actionbroker" 102 | - require: 103 | - cmd: actionbroker-stop 104 | - file: /data/runbook/actions/broker/Dockerfile 105 | - file: /data/runbook/actions/broker/config/broker.yml 106 | - file: /data/runbook/actions/broker/config/stunnel-server.conf 107 | - file: /data/runbook/actions/broker/config/supervisord.conf 108 | - file: /data/runbook/actions/broker/config/ssl 109 | 110 | /etc/supervisor/conf.d/actionbroker.conf: 111 | file.managed: 112 | - source: salt://supervisor/config/supervisord.tmpl 113 | - user: root 114 | - group: root 115 | - mode: 640 116 | - require: 117 | - pkg: supervisor 118 | - template: jinja 119 | - context: 120 | container: 121 | name: actionbroker 122 | docker_args: -p "{{ pillar['action_broker']['exposed_sink_port'] }}:{{ pillar['action_broker']['exposed_sink_port'] }}" -p "{{ pillar['action_broker']['exposed_actioner_port'] }}:{{ pillar['action_broker']['exposed_actioner_port'] }}" --name actionbroker actionbroker 123 | 124 | supervisor-actionbroker: 125 | service.running: 126 | - name: supervisor 127 | - watch: 128 | - file: /etc/supervisor/conf.d/actionbroker.conf 129 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/monitors/control/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/monitors/control/config: 2 | file.directory: 3 | - user: root 4 | - group: root 5 | - mode: 700 6 | - makedirs: True 7 | 8 | /data/runbook/monitors/control/config/stunnel-client.conf: 9 | file.managed: 10 | - source: salt://runbook/monitors/control/config/stunnel-client.tmpl 11 | - user: root 12 | - group: root 13 | - mode: 640 14 | - makedirs: True 15 | - template: jinja 16 | - context: 17 | monitor_broker: {{ pillar['monitor_broker'] }} 18 | redis: {{ pillar['redis'] }} 19 | hosts: {{ pillar['hosts'] }} 20 | 21 | /data/runbook/monitors/control/Dockerfile: 22 | file.managed: 23 | - source: salt://runbook/monitors/control/config/Dockerfile 24 | - user: root 25 | - group: root 26 | - mode: 640 27 | - makedirs: True 28 | - template: jinja 29 | - context: 30 | git_branch: {{ pillar['git_branch'] }} 31 | control: {{ pillar['control'] }} 32 | 33 | 34 | {% for queue,appdetails in pillar['control']['intervals'].iteritems() %} 35 | 36 | /data/runbook/monitors/control/config/{{ appdetails['appname'] }}.yml: 37 | file.managed: 38 | - source: salt://runbook/monitors/control/config/control.yml 39 | - user: root 40 | - group: root 41 | - mode: 640 42 | - makedirs: True 43 | - template: jinja 44 | - context: 45 | monitor_broker: {{ pillar['monitor_broker'] }} 46 | redis: {{ pillar['redis'] }} 47 | control: {{ pillar['control'] }} 48 | general: 49 | datacenter: {{ pillar['datacenter'] }} 50 | interval: {{ queue }} 51 | stathat_env: {{ pillar['stathat_env'] }} 52 | stathat_ezkey: {{ pillar['stathat_ezkey'] }} 53 | 54 | /data/runbook/monitors/control/config/supervisord-{{ appdetails['appname'] }}.conf: 55 | file.managed: 56 | - source: salt://runbook/monitors/control/config/supervisord.conf 57 | - user: root 58 | - group: root 59 | - mode: 640 60 | - makedirs: True 61 | - template: jinja 62 | - context: 63 | appdetails: {{ appdetails }} 64 | 65 | # Stop and Remove current container 66 | {{ appdetails['appname'] }}-stop: 67 | cmd.wait: 68 | - name: /usr/bin/docker rm --force {{ appdetails['appname'] }} 69 | - onlyif: /usr/bin/docker ps | /bin/grep -q "{{ appdetails['appname'] }}" 70 | - order: 142 71 | - stateful: False 72 | - watch: 73 | - git: runbook_source 74 | - file: /data/runbook/monitors/control/Dockerfile 75 | - file: /data/runbook/monitors/control/config/{{ appdetails['appname'] }}.yml 76 | - file: /data/runbook/monitors/control/config/supervisord-{{ appdetails['appname'] }}.conf 77 | - file: /data/runbook/monitors/control/config/stunnel-client.conf 78 | - file: /data/runbook/monitors/control/config/ssl 79 | 80 | /etc/supervisor/conf.d/{{ appdetails['appname'] }}.conf: 81 | file.managed: 82 | - source: salt://supervisor/config/supervisord.tmpl 83 | - user: root 84 | - group: root 85 | - mode: 640 86 | - require: 87 | - pkg: supervisor 88 | - template: jinja 89 | - context: 90 | container: 91 | name: {{ appdetails['appname'] }} 92 | docker_args: --name {{ appdetails['appname'] }} control /usr/bin/supervisord -c /config/supervisord-{{ appdetails['appname'] }}.conf 93 | 94 | 95 | {% endfor %} 96 | 97 | # Build image 98 | control: 99 | cmd.wait: 100 | - name: /usr/bin/docker kill control; /usr/bin/docker rmi --force control; /usr/bin/docker build -t control --no-cache=True /data/runbook/monitors/control 101 | - order: 143 102 | - require: 103 | - pkg: docker.io 104 | - watch: 105 | - git: runbook_source 106 | {% for queue,appdetails in pillar['control']['intervals'].iteritems() %} 107 | - file: /data/runbook/monitors/control/config/{{ appdetails['appname'] }}.yml 108 | - file: /data/runbook/monitors/control/config/supervisord-{{ appdetails['appname'] }}.conf 109 | {% endfor %} 110 | - file: /data/runbook/monitors/control/Dockerfile 111 | - file: /data/runbook/monitors/control/config/stunnel-client.conf 112 | - file: /data/runbook/monitors/control/config/ssl 113 | 114 | 115 | ## Build if image isn't present 116 | control-build2: 117 | cmd.run: 118 | - name: /usr/bin/docker build -t control --no-cache=True /data/runbook/monitors/control 119 | - unless: /usr/bin/docker images | grep -q "control" 120 | - require: 121 | - git: runbook_source 122 | {% for queue,appdetails in pillar['control']['intervals'].iteritems() %} 123 | - file: /data/runbook/monitors/control/config/{{ appdetails['appname'] }}.yml 124 | - file: /data/runbook/monitors/control/config/supervisord-{{ appdetails['appname'] }}.conf 125 | {% endfor %} 126 | - file: /data/runbook/monitors/control/Dockerfile 127 | - file: /data/runbook/monitors/control/config/stunnel-client.conf 128 | - file: /data/runbook/monitors/control/config/ssl 129 | 130 | 131 | supervisor-control: 132 | service.running: 133 | - name: supervisor 134 | - watch: 135 | {% for queue,appdetails in pillar['control']['intervals'].iteritems() %} 136 | - file: /etc/supervisor/conf.d/{{ appdetails['appname'] }}.conf 137 | {% endfor %} 138 | -------------------------------------------------------------------------------- /data/salt/states/runbook/rethinkdb/init.sls: -------------------------------------------------------------------------------- 1 | rethinkdb: 2 | pkgrepo: 3 | - managed 4 | - humanname: RethinkDB Repo 5 | - name: deb http://download.rethinkdb.com/apt {{ grains['lsb_distrib_codename'] }} main 6 | - dist: {{ grains['lsb_distrib_codename'] }} 7 | - key_url: http://download.rethinkdb.com/apt/pubkey.gpg 8 | pkg: 9 | - installed 10 | - require: 11 | - user: rethinkdb 12 | - group: rethinkdb 13 | service: 14 | - dead 15 | - enable: False 16 | 17 | /data/rethinkdb-data/instances/{{ pillar['rethink']['db'] }}: 18 | file.directory: 19 | - user: root 20 | - group: root 21 | - mode: 750 22 | - makedirs: True 23 | 24 | /data/rethinkdb/config/rethink.conf: 25 | file.managed: 26 | - source: salt://rethinkdb/config/rethink.tmpl 27 | - user: root 28 | - group: root 29 | - mode: 640 30 | - makedirs: True 31 | - template: jinja 32 | - context: 33 | rethink_cluster: {{ pillar['rethink']['cluster'] }} 34 | dbpath: {{ pillar['rethink']['db'] }} 35 | cluster_exposed_port: {{ pillar['rethink']['cluster_exposed_ports'][grains['nodename']] }} 36 | cluster_local_port: {{ pillar['rethink']['cluster_local_ports'][grains['nodename']] }} 37 | server_name: {{ grains['nodename'] }}-{{ pillar['rethink']['cluster_exposed_ports'][grains['nodename']] }} 38 | 39 | /data/rethinkdb/config/stunnel-server.conf: 40 | file.managed: 41 | - source: salt://rethinkdb/config/stunnel-server.tmpl 42 | - user: root 43 | - group: root 44 | - mode: 640 45 | - makedirs: True 46 | - template: jinja 47 | - context: 48 | cluster_exposed_port: {{ pillar['rethink']['cluster_exposed_ports'][grains['nodename']] }} 49 | cluster_local_port: {{ pillar['rethink']['cluster_local_ports'][grains['nodename']] }} 50 | 51 | /data/rethinkdb/config/stunnel-client.conf: 52 | file.managed: 53 | - source: salt://rethinkdb/config/stunnel-client.tmpl 54 | - user: root 55 | - group: root 56 | - mode: 640 57 | - makedirs: True 58 | - template: jinja 59 | - context: 60 | cluster_local_port: {{ pillar['rethink']['cluster_local_ports'][grains['nodename']] }} 61 | cluster_exposed_port: {{ pillar['rethink']['cluster_exposed_ports'][grains['nodename']] }} 62 | rethink_cluster: {{ pillar['rethink']['cluster'] }} 63 | 64 | /data/rethinkdb/config/supervisord.conf: 65 | file.managed: 66 | - source: salt://rethinkdb/config/supervisord.conf 67 | - user: root 68 | - group: root 69 | - mode: 640 70 | - makedirs: True 71 | 72 | /data/rethinkdb/Dockerfile: 73 | file.managed: 74 | - source: salt://rethinkdb/config/Dockerfile 75 | - user: root 76 | - group: root 77 | - mode: 640 78 | - makedirs: True 79 | - template: jinja 80 | - context: 81 | cluster_exposed_port: {{ pillar['rethink']['cluster_exposed_ports'][grains['nodename']] }} 82 | cluster_local_port: {{ pillar['rethink']['cluster_local_ports'][grains['nodename']] }} 83 | instance: {{ pillar['rethink']['db'] }} 84 | 85 | 86 | rethinkdb-stop: 87 | cmd.wait: 88 | - name: /usr/bin/docker rm --force --volumes=false rethinkdb 89 | - onlyif: /usr/bin/docker ps | /bin/grep -q "rethinkdb" 90 | - order: 91 91 | - watch: 92 | - file: /data/rethinkdb/Dockerfile 93 | - file: /data/rethinkdb/config/rethink.conf 94 | - file: /data/rethinkdb/config/stunnel-client.conf 95 | - file: /data/rethinkdb/config/stunnel-server.conf 96 | - file: /data/rethinkdb/config/supervisord.conf 97 | - file: /data/rethinkdb/config/ssl 98 | 99 | rethinkdb-build: 100 | cmd.wait: 101 | - name: /usr/bin/docker build -t runbook-rethinkdb /data/rethinkdb 102 | - order: 93 103 | - require: 104 | - pkg: docker.io 105 | - watch: 106 | - file: /data/rethinkdb/Dockerfile 107 | - file: /data/rethinkdb/config/rethink.conf 108 | - file: /data/rethinkdb/config/stunnel-client.conf 109 | - file: /data/rethinkdb/config/stunnel-server.conf 110 | - file: /data/rethinkdb/config/supervisord.conf 111 | - file: /data/rethinkdb/config/ssl 112 | 113 | ## Build if image isn't present 114 | rethinkdb-build2: 115 | cmd.run: 116 | - name: /usr/bin/docker build -t runbook-rethinkdb /data/rethinkdb 117 | - unless: /usr/bin/docker images | grep -q "rethinkdb" 118 | - require: 119 | - file: /data/rethinkdb/Dockerfile 120 | - file: /data/rethinkdb/config/rethink.conf 121 | - file: /data/rethinkdb/config/stunnel-client.conf 122 | - file: /data/rethinkdb/config/stunnel-server.conf 123 | - file: /data/rethinkdb/config/supervisord.conf 124 | - file: /data/rethinkdb/config/ssl 125 | 126 | /etc/supervisor/conf.d/rethinkdb.conf: 127 | file.managed: 128 | - source: salt://supervisor/config/supervisord.tmpl 129 | - user: root 130 | - group: root 131 | - mode: 640 132 | - require: 133 | - pkg: supervisor 134 | - template: jinja 135 | - context: 136 | container: 137 | name: rethinkdb 138 | docker_args: -p "28015:28015" -p "{{ pillar['rethink']['cluster_exposed_ports'][grains['nodename']] }}:{{ pillar['rethink']['cluster_exposed_ports'][grains['nodename']] }}" -p "127.0.0.1:8080:8080" -p "127.0.0.1:{{ pillar['rethink']['cluster_local_ports'][grains['nodename']] }}:{{ pillar['rethink']['cluster_local_ports'][grains['nodename']] }}" -v "/data/rethinkdb-data:/data/rethinkdb/data" --name rethinkdb runbook-rethinkdb 139 | 140 | supervisor-rethinkdb: 141 | service.running: 142 | - name: supervisor 143 | - watch: 144 | - file: /etc/supervisor/conf.d/rethinkdb.conf 145 | -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/config/web.cfg: -------------------------------------------------------------------------------- 1 | ## Keys and Salts 2 | SECRET_KEY = "{{ web['secret_key'] }}" 3 | SECURITY_PASSWORD_SALT = "{{ web['password_salt'] }}" 4 | PASSWORD_SALT = "{{ web['salty_password'] }}" 5 | SALT = "{{ web['salt'] }}" 6 | 7 | CRYPTO_KEY = "{{ runbook['crypto_key'] }}" 8 | CRYPTO_ENABLED = True 9 | 10 | ## Service Info 11 | BIND_IP = "0.0.0.0" 12 | BIND_PORT = {{ web['local_port'] }} 13 | CSRF_ENABLED = True 14 | DEBUG = True 15 | 16 | ## DB Connectivity 17 | DBHOST = "127.0.0.1" 18 | DBPORT = "28015" 19 | DATABASE = "crdb" 20 | DBAUTHKEY = "{{ rethink['authkey'] }}" 21 | 22 | ## Misc 23 | COOKIE_TIMEOUT = "864000" 24 | ENVNAME = "{{ stathat_env }}" 25 | PRESERVE_CONTEXT_ON_EXCEPTION = False 26 | 27 | ## StatHat 28 | STATHAT_EZ_KEY = "{{ stathat_ezkey }}" 29 | 30 | ## Stripe info 31 | DEFAULT_PAYMENTS = "Stripe" 32 | STRIPE_PUBKEY = "{{ web['stripe_pubkey'] }}" 33 | STRIPE_PRIVATE_KEY = "{{ web['stripe_privkey'] }}" 34 | STRIPE_PAYMENTS_URL = "{{ web['stripe_url'] }}" 35 | 36 | ## Static Pages 37 | STATIC_PAGES = { 38 | 'tos' : 'tos.html', 39 | 'monitors' : 'monitors.html', 40 | 'reactions' : 'reactions.html', 41 | 'pricing' : 'pricing.html', 42 | 'faq' : 'faq.html' 43 | } 44 | 45 | ## Available Package 46 | PACKAGES = { 47 | 'lite' : { 48 | 'choices' : { 49 | ('30mincheck', 'Every 30 Minutes'), 50 | ('5mincheck', 'Every 5 Minutes'), 51 | }, 52 | 'reaction_multiplier' : 5, 53 | 'data_retention' : 43200, 54 | 'acttype' : "Lite", 55 | 'subscription' : 'Free', 56 | 'upgraded' : False 57 | }, 58 | 'pending' : { 59 | 'choices' : { 60 | }, 61 | 'reaction_multiplier' : 0, 62 | 'data_retention' : 43200, 63 | 'acttype' : "Pending", 64 | 'subscription' : 'Pending', 65 | 'upgraded' : False 66 | }, 67 | 'free' : { 68 | 'choices' : { 69 | ('30mincheck', 'Every 30 Minutes'), 70 | ('5mincheck', 'Every 5 Minutes'), 71 | }, 72 | 'reaction_multiplier' : 5, 73 | 'data_retention' : 43200, 74 | 'acttype' : "Lite", 75 | 'subscription' : 'Free', 76 | 'upgraded' : False 77 | }, 78 | 'lite-v2' : { 79 | 'choices' : { 80 | ('30mincheck', 'Every 30 Minutes'), 81 | ('5mincheck', 'Every 5 Minutes'), 82 | }, 83 | 'reaction_multiplier' : 2, 84 | 'data_retention' : 43200, 85 | 'acttype' : "Lite", 86 | 'subscription' : 'Free', 87 | 'upgraded' : False 88 | }, 89 | 'beta-pro' : { 90 | 'choices' : { 91 | ('30mincheck', 'Every 30 Minutes'), 92 | ('5mincheck', 'Every 5 Minutes'), 93 | ('2mincheck', 'Every 2 Minutes'), 94 | }, 95 | 'reaction_multiplier' : 2, 96 | 'data_retention' : 43200, 97 | 'acttype' : "Promotional", 98 | 'subscription' : 'Free', 99 | 'upgraded' : False 100 | }, 101 | 'pro' : { 102 | 'choices' : { 103 | ('30mincheck', 'Every 30 Minutes'), 104 | ('5mincheck', 'Every 5 Minutes'), 105 | ('2mincheck', 'Every 2 Minutes'), 106 | ('30seccheck', 'Every 30 Seconds') 107 | }, 108 | 'reaction_multiplier' : 5, 109 | 'data_retention' : 604800, 110 | 'acttype' : "Pro", 111 | 'subscription' : 'Free', 112 | 'upgraded' : True 113 | }, 114 | 'proplus' : { 115 | 'choices' : { 116 | ('30mincheck', 'Every 30 Minutes'), 117 | ('5mincheck', 'Every 5 Minutes'), 118 | ('2mincheck', 'Every 2 Minutes'), 119 | ('30seccheck', 'Every 30 Seconds'), 120 | ('5seccheck', 'Every 5 Seconds') 121 | }, 122 | 'reaction_multiplier' : 10, 123 | 'data_retention' : 604800, 124 | 'acttype' : "ProPlus", 125 | 'subscription' : 'Free', 126 | 'upgraded' : True 127 | }, 128 | 'enterprise' : { 129 | 'choices' : { 130 | ('30mincheck', 'Every 30 Minutes'), 131 | ('5mincheck', 'Every 5 Minutes'), 132 | ('2mincheck', 'Every 2 Minutes'), 133 | ('30seccheck', 'Every 30 Seconds'), 134 | ('5seccheck', 'Every 5 Seconds') 135 | }, 136 | 'reaction_multiplier' : 999999, 137 | 'data_retention' : 604800, 138 | 'acttype' : "Enterprise", 139 | 'subscription' : 'Free', 140 | 'upgraded' : True 141 | }, 142 | } 143 | DEFAULT_PACKAGE = "pending" 144 | SUBSCRIPTIONS = { 145 | 'default' : { 146 | 'cost': 4.99, 147 | 'interval': 'month' 148 | }, 149 | 'pro_yearly_2' : { 150 | 'cost' : 49.99, 151 | 'interval': 'year' 152 | }, 153 | 'pro_monthly_2' : { 154 | 'cost' : 4.99, 155 | 'interval': 'month' 156 | }, 157 | 'proplus_yearly_2' : { 158 | 'cost' : 89.99, 159 | 'interval': 'year' 160 | }, 161 | 'proplus_monthly_2' : { 162 | 'cost' : 8.99, 163 | 'interval': 'month' 164 | }, 165 | 'Free' : { 166 | 'cost': 0.00, 167 | 'interval': 'month' 168 | }, 169 | 'ec663ba0-c8a9-446a-95b3-0ddbe34d1e85_runbook_499_monthly' : { 170 | 'cost': 4.99, 171 | 'interval': 'month' 172 | }, 173 | 'ec663ba0-c8a9-446a-95b3-0ddbe34d1e85_runbook_4999_yearly' : { 174 | 'cost': 49.99, 175 | 'interval': 'year' 176 | }, 177 | 'cloudroutes_cr_yearly_2' : { 178 | 'cost': 9.00, 179 | 'interval': 'year' 180 | }, 181 | 'pro_yearly' : { 182 | 'cost' : 49.99, 183 | 'interval': 'year' 184 | }, 185 | 'pro_monthly' : { 186 | 'cost' : 4.99, 187 | 'interval': 'month' 188 | }, 189 | 'pro_plus_yearly' : { 190 | 'cost' : 89.99, 191 | 'interval': 'year' 192 | }, 193 | 'pro_plus_monthly' : { 194 | 'cost' : 8.99, 195 | 'interval': 'month' 196 | }, 197 | 'pro_orig_yearly' : { 198 | 'cost' : 9.00, 199 | 'interval': 'year' 200 | }, 201 | 'pro_orig_monthly' : { 202 | 'cost' : 1.00, 203 | 'interval': 'month' 204 | }, 205 | 'cloudroutes_cr_monthly' : { 206 | 'cost': 1.00, 207 | 'interval': 'month' 208 | } 209 | } 210 | DATACENTERS = { 211 | 'choices' : { 212 | {% for key,value in web['zones'].iteritems() %} 213 | ("{{ key }}", "{{ value }}"), 214 | {% endfor %} 215 | } 216 | } 217 | -------------------------------------------------------------------------------- /data/salt/states/base/scripts/config/root/scripts/compare_dirs.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | #### This script will take two directories from cmdline 3 | #### and compare files that exist in both 4 | #### -------------------------------------------------- 5 | #### Benjamin Cane - 06/04/2013 6 | 7 | ############################################################ 8 | ## Import Modules 9 | 10 | import os 11 | import sys 12 | import filecmp 13 | import difflib 14 | import re 15 | import time 16 | 17 | 18 | 19 | ############################################################ 20 | ## Define Functions 21 | 22 | def compare_file(filename, dir1, dir2, outdir): 23 | """ Compare files using difflib """ 24 | ## Open files and readlines 25 | file1 = dir1 + "/" + filename 26 | file2 = dir2 + "/" + filename 27 | f1 = open(file1, "r") 28 | f2 = open(file2, "r") 29 | text1 = f1.readlines(2) 30 | text2 = f2.readlines(2) 31 | 32 | ## Open output file 33 | outfile = outdir + "/" + filename 34 | create_outdir(outfile) 35 | outfh = open(outfile, "w") 36 | 37 | ## Diff text1 and text2 and print output to outfile 38 | for output in difflib.context_diff(text1, text2, fromfile=file1, tofile=file2): 39 | outfh.write(output) 40 | 41 | ## Close Files 42 | f1.close() 43 | f2.close() 44 | outfh.close() 45 | 46 | 47 | def gather_dirs(dir1, dir2): 48 | """ Gather a list of unique directories from dir1 and dir2 """ 49 | dirlist = [] 50 | ## Strings for removing dir1 and dir2 from oswalk output 51 | s1 = "^" + dir1 + "/" 52 | s2 = "^" + dir2 + "/" 53 | 54 | ## Use os.walk() to find all directories and files 55 | for root, dlist, flist in os.walk(dir1): 56 | 57 | for d in dlist: 58 | directory = root + "/" + d 59 | ## Remove base directory from string 60 | directory = re.sub(s1, "", directory) 61 | 62 | ## Check if in dirlist already 63 | if not directory in dirlist: 64 | dirlist.append(directory) 65 | 66 | ## Use os.walk() to find all directories and files 67 | for root, dlist, flist in os.walk(dir2): 68 | 69 | for d in dlist: 70 | directory = root + "/" + d 71 | ## Remove base directory from string 72 | directory = re.sub(s2, "", directory) 73 | 74 | ## Check if in dirlist already 75 | if not directory in dirlist: 76 | dirlist.append(directory) 77 | 78 | ## Sort list before returning 79 | dirlist.sort() 80 | return dirlist 81 | 82 | 83 | def compare_dir(directory, dir1, dir2): 84 | difflist = [] 85 | leftlist = [] 86 | rightlist = [] 87 | directory1 = dir1 + "/" + directory 88 | directory2 = dir2 + "/" + directory 89 | 90 | ## Check if directories exist then run dircmp 91 | if check_isdir(directory1, directory2): 92 | compare = filecmp.dircmp(directory1, directory2) 93 | 94 | ## Generate list of common differing files 95 | for name in compare.diff_files: 96 | f = directory + "/" + name 97 | difflist.append(f) 98 | 99 | ## Generate list of files + dirs only in dir1 100 | for name in compare.left_only: 101 | leftlist.append(directory + "/" + name) 102 | 103 | ## Generate list of files + dirs only in dir2 104 | for name in compare.right_only: 105 | rightlist.append(directory + "/" + name) 106 | 107 | else: 108 | ## Check if directory1 exists 109 | if os.path.isdir(directory1): 110 | leftlist.append(directory) 111 | ## Or if directory2 exists 112 | elif os.path.isdir(directory2): 113 | rightlist.append(directory) 114 | else: 115 | print("I don't know how %s got here...") % directory 116 | 117 | return difflist, leftlist, rightlist 118 | 119 | 120 | def check_isdir(dir1, dir2): 121 | """ Check if 2 directories exist """ 122 | if not os.path.isdir(dir1): 123 | return False 124 | elif not os.path.isdir(dir2): 125 | return False 126 | else: 127 | return True 128 | 129 | 130 | def create_outdir(filename): 131 | """ Create directory path on disk from filename """ 132 | ## Get path 133 | path = "/".join(filename.split("/")[:-1]) 134 | if os.path.isdir(path) is False: 135 | ## Create Path 136 | os.makedirs(path) 137 | 138 | 139 | def summary_file(mylist, output): 140 | """ Create a summary_file for provided list""" 141 | filename = output + "." + time.strftime("%m.%d.%Y-%X-%Z.txt") 142 | fh = open(filename, "w") 143 | for item in mylist: 144 | fh.write(item + "\n") 145 | fh.close 146 | print("Created Summary file: %s") % filename 147 | 148 | 149 | 150 | ############################################################ 151 | ## Validate and Gather cmdline vars 152 | 153 | ## Validate 154 | if len(sys.argv) != 4: 155 | print('Invalid Arguments: %s dir1 dir2 outdir') % str(sys.argv[0]) 156 | sys.exit(2) 157 | 158 | ## Set Vars 159 | dir1, dir2, outdir = sys.argv[1:] 160 | 161 | 162 | 163 | ############################################################ 164 | ## Start executing 165 | 166 | ## Check if directories exist first 167 | if check_isdir(dir1, dir2): 168 | filelist = [] 169 | rightlist = [] 170 | leftlist = [] 171 | 172 | ## Gather a list of directories in dir1 and dir2 173 | dirlist = gather_dirs(dir1, dir2) 174 | 175 | ## For each directory see whats diff and unique 176 | for directory in dirlist: 177 | flist, llist, rlist = compare_dir(directory, dir1, dir2) 178 | for f in flist: 179 | filelist.append(f) 180 | for l in llist: 181 | leftlist.append(l) 182 | for r in rlist: 183 | rightlist.append(r) 184 | 185 | ## For each differing file create a diff file 186 | for f in filelist: 187 | compare_file(f, dir1, dir2, outdir) 188 | 189 | ## Start screen output 190 | print("Comparision Finished Please check the contents of %s") % outdir 191 | print("-" * 25) 192 | 193 | ## Create a list of differing files 194 | difffile = outdir + "/" + "diff-files" 195 | summary_file(filelist, difffile) 196 | 197 | ## Create a list of files in dir2 only 198 | leftfile = outdir + "/" + "leftonly" 199 | summary_file(leftlist, leftfile) 200 | 201 | ## Create a list of files in dir2 only 202 | rightfile = outdir + "/" + "rightonly" 203 | summary_file(rightlist, rightfile) 204 | 205 | print("-" * 25) 206 | ## Print Quick Summary to Screen 207 | print("Number of differing files: %s") % len(filelist) 208 | print("Number of files only in %s: %s") % (dir1, len(leftlist)) 209 | print("Number of files only in %s: %s") % (dir2, len(rightlist)) 210 | 211 | else: 212 | print("Let's try again with valid directories?") 213 | print("One of your arguments was not a directory") 214 | sys.exit(2) -------------------------------------------------------------------------------- /data/salt/states/runbook/runbook/web/init.sls: -------------------------------------------------------------------------------- 1 | /data/runbook/web/config: 2 | file.directory: 3 | - user: root 4 | - group: root 5 | - mode: 700 6 | - makedirs: True 7 | 8 | /data/runbook/web/config/nginx: 9 | file.recurse: 10 | - source: salt://runbook/web/config/nginx 11 | - user: root 12 | - group: root 13 | - file_mode: 640 14 | - dir_mode: 750 15 | - include_empty: True 16 | 17 | /data/runbook/web/config/web.cfg: 18 | file.managed: 19 | - source: salt://runbook/web/config/web.cfg 20 | - user: root 21 | - group: root 22 | - mode: 640 23 | - makedirs: True 24 | - template: jinja 25 | - context: 26 | web: {{ pillar['web'] }} 27 | redis: {{ pillar['redis'] }} 28 | rethink: {{ pillar['rethink'] }} 29 | runbook: {{ pillar['runbook'] }} 30 | stathat_env: {{ pillar['stathat_env'] }} 31 | stathat_ezkey: {{ pillar['stathat_ezkey'] }} 32 | mailchimp: {{ pillar['mailchimp'] }} 33 | mandrill: {{ pillar['mandrill'] }} 34 | 35 | /data/runbook/web/config/stunnel-client.conf: 36 | file.managed: 37 | - source: salt://runbook/web/config/stunnel-client.tmpl 38 | - user: root 39 | - group: root 40 | - mode: 640 41 | - makedirs: True 42 | - template: jinja 43 | - context: 44 | rethink: {{ pillar['rethink'] }} 45 | redis: {{ pillar['redis'] }} 46 | hosts: {{ pillar['hosts'] }} 47 | 48 | 49 | /data/runbook/web/Dockerfile: 50 | file.managed: 51 | - source: salt://runbook/web/config/Dockerfile 52 | - user: root 53 | - group: root 54 | - mode: 640 55 | - makedirs: True 56 | - template: jinja 57 | - context: 58 | git_branch: {{ pillar['git_branch'] }} 59 | 60 | /data/runbook/web/config/supervisord.conf: 61 | file.managed: 62 | - source: salt://runbook/web/config/supervisord.conf 63 | - user: root 64 | - group: root 65 | - mode: 640 66 | - makedirs: True 67 | 68 | /data/runbook/web/config/uwsgi.cfg: 69 | file.managed: 70 | - source: salt://runbook/web/config/uwsgi.cfg 71 | - user: root 72 | - group: root 73 | - mode: 640 74 | - makedirs: True 75 | 76 | /data/runbook/web/config/genstatic.py: 77 | file.managed: 78 | - source: salt://runbook/web/config/genstatic.py 79 | - user: root 80 | - group: root 81 | - mode: 640 82 | - makedirs: True 83 | 84 | 85 | /data/runbook/web/config/nginx/sites-enabled/cloudrout.es.conf: 86 | file.managed: 87 | - source: salt://runbook/web/config/nginx/sites-enabled/httpsonlytemplate.conf 88 | - user: root 89 | - group: root 90 | - mode: 644 91 | - template: jinja 92 | - context: 93 | domain: cloudrout.es 94 | webuser: runstatic 95 | 96 | 97 | /data/runbook/web/config/nginx/sites-enabled/runbook.io.conf: 98 | file.managed: 99 | - source: salt://runbook/web/config/nginx/sites-enabled/httpsonlytemplate.conf 100 | - user: root 101 | - group: root 102 | - mode: 644 103 | - template: jinja 104 | - context: 105 | domain: runbook.io 106 | webuser: runstatic 107 | 108 | /data/runbook/web/config/nginx/sites-enabled/dash.cloudrout.es.conf: 109 | file.managed: 110 | - source: salt://runbook/web/config/nginx/sites-enabled/uwsgitemplate.conf 111 | - user: root 112 | - group: root 113 | - mode: 644 114 | - template: jinja 115 | - context: 116 | domain: dash.cloudrout.es 117 | webuser: runapp 118 | static_user: runstatic 119 | 120 | 121 | /data/runbook/web/config/nginx/sites-enabled/dash.runbook.io.conf: 122 | file.managed: 123 | - source: salt://runbook/web/config/nginx/sites-enabled/uwsgitemplate.conf 124 | - user: root 125 | - group: root 126 | - mode: 644 127 | - template: jinja 128 | - context: 129 | domain: dash.runbook.io 130 | webuser: runapp 131 | static_user: runstatic 132 | 133 | # Stop and Remove current container 134 | web-stop: 135 | cmd.wait: 136 | - name: /usr/bin/docker rm --force web 137 | - onlyif: /usr/bin/docker ps | /bin/grep -q "web" 138 | - order: 142 139 | - require: 140 | - pkg: docker.io 141 | - service: docker 142 | - watch: 143 | - git: runbook_source 144 | - file: /data/runbook/web/Dockerfile 145 | - file: /data/runbook/web/config/web.cfg 146 | - file: /data/runbook/web/config/stunnel-client.conf 147 | - file: /data/runbook/web/config/supervisord.conf 148 | - file: /data/runbook/web/config/uwsgi.cfg 149 | - file: /data/runbook/web/config/ssl 150 | - file: /data/runbook/web/config/nginx/sites-enabled/dash.runbook.io.conf 151 | - file: /data/runbook/web/config/nginx/sites-enabled/runbook.io.conf 152 | - file: /data/runbook/web/config/nginx/sites-enabled/dash.cloudrout.es.conf 153 | - file: /data/runbook/web/config/nginx/sites-enabled/cloudrout.es.conf 154 | 155 | # Build image 156 | web: 157 | cmd.wait: 158 | - name: /usr/bin/docker kill web; /usr/bin/docker rmi --force web; /usr/bin/docker build -t web --no-cache=True /data/runbook/web 159 | - order: 143 160 | - require: 161 | - pkg: docker.io 162 | - service: docker 163 | - watch: 164 | - git: runbook_source 165 | - cmd: web-stop 166 | - file: /data/runbook/web/Dockerfile 167 | - file: /data/runbook/web/config/web.cfg 168 | - file: /data/runbook/web/config/stunnel-client.conf 169 | - file: /data/runbook/web/config/supervisord.conf 170 | - file: /data/runbook/web/config/ssl 171 | - file: /data/runbook/web/config/nginx/sites-enabled/dash.runbook.io.conf 172 | - file: /data/runbook/web/config/nginx/sites-enabled/runbook.io.conf 173 | - file: /data/runbook/web/config/nginx/sites-enabled/dash.cloudrout.es.conf 174 | - file: /data/runbook/web/config/nginx/sites-enabled/cloudrout.es.conf 175 | 176 | ## Build if image isn't present 177 | web-build2: 178 | cmd.run: 179 | - name: /usr/bin/docker build -t web --no-cache=True /data/runbook/web 180 | - unless: /usr/bin/docker images | grep -q "web" 181 | - require: 182 | - git: runbook_source 183 | - cmd: web-stop 184 | - file: /data/runbook/web/Dockerfile 185 | - file: /data/runbook/web/config/web.cfg 186 | - file: /data/runbook/web/config/stunnel-client.conf 187 | - file: /data/runbook/web/config/supervisord.conf 188 | - file: /data/runbook/web/config/ssl 189 | - file: /data/runbook/web/config/nginx/sites-enabled/dash.runbook.io.conf 190 | - file: /data/runbook/web/config/nginx/sites-enabled/runbook.io.conf 191 | - file: /data/runbook/web/config/nginx/sites-enabled/dash.cloudrout.es.conf 192 | - file: /data/runbook/web/config/nginx/sites-enabled/cloudrout.es.conf 193 | 194 | /etc/supervisor/conf.d/web.conf: 195 | file.managed: 196 | - source: salt://supervisor/config/supervisord.tmpl 197 | - user: root 198 | - group: root 199 | - mode: 640 200 | - require: 201 | - pkg: supervisor 202 | - template: jinja 203 | - context: 204 | container: 205 | name: web 206 | docker_args: -p 443:8443 -p 80:8080 --name web web 207 | 208 | supervisor-web: 209 | service.running: 210 | - name: supervisor 211 | - watch: 212 | - file: /etc/supervisor/conf.d/web.conf 213 | -------------------------------------------------------------------------------- /data/salt/states/runbook/redis/config/redis.conf: -------------------------------------------------------------------------------- 1 | # Redis configuration file example 2 | 3 | # Note on units: when memory size is needed, it is possible to specify 4 | # it in the usual form of 1k 5GB 4M and so forth: 5 | # 6 | # 1k => 1000 bytes 7 | # 1kb => 1024 bytes 8 | # 1m => 1000000 bytes 9 | # 1mb => 1024*1024 bytes 10 | # 1g => 1000000000 bytes 11 | # 1gb => 1024*1024*1024 bytes 12 | # 13 | # units are case insensitive so 1GB 1Gb 1gB are all the same. 14 | 15 | # By default Redis does not run as a daemon. Use 'yes' if you need it. 16 | # Note that Redis will write a pid file in /var/run/redis.pid when daemonized. 17 | daemonize no 18 | 19 | # When running daemonized, Redis writes a pid file in /var/run/redis.pid by 20 | # default. You can specify a custom pid file location here. 21 | pidfile /var/run/redis/redis-server.pid 22 | 23 | # Accept connections on the specified port, default is 6379. 24 | # If port 0 is specified Redis will not listen on a TCP socket. 25 | port {{ port }} 26 | 27 | # If you want you can bind a single interface, if the bind option is not 28 | # specified all the interfaces will listen for incoming connections. 29 | # 30 | bind 127.0.0.1 31 | 32 | # Specify the path for the unix socket that will be used to listen for 33 | # incoming connections. There is no default, so Redis will not listen 34 | # on a unix socket when not specified. 35 | # 36 | # unixsocket /var/run/redis/redis.sock 37 | # unixsocketperm 755 38 | 39 | # Close the connection after a client is idle for N seconds (0 to disable) 40 | timeout 0 41 | 42 | # TCP keepalive. 43 | # 44 | # If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence 45 | # of communication. This is useful for two reasons: 46 | # 47 | # 1) Detect dead peers. 48 | # 2) Take the connection alive from the point of view of network 49 | # equipment in the middle. 50 | # 51 | # On Linux, the specified value (in seconds) is the period used to send ACKs. 52 | # Note that to close the connection the double of the time is needed. 53 | # On other kernels the period depends on the kernel configuration. 54 | # 55 | # A reasonable value for this option is 60 seconds. 56 | tcp-keepalive 0 57 | 58 | # Specify the server verbosity level. 59 | # This can be one of: 60 | # debug (a lot of information, useful for development/testing) 61 | # verbose (many rarely useful info, but not a mess like the debug level) 62 | # notice (moderately verbose, what you want in production probably) 63 | # warning (only very important / critical messages are logged) 64 | loglevel notice 65 | 66 | # Specify the log file name. Also 'stdout' can be used to force 67 | # Redis to log on the standard output. Note that if you use standard 68 | # output for logging but daemonize, logs will be sent to /dev/null 69 | logfile stdout 70 | 71 | # To enable logging to the system logger, just set 'syslog-enabled' to yes, 72 | # and optionally update the other syslog parameters to suit your needs. 73 | # syslog-enabled no 74 | 75 | # Specify the syslog identity. 76 | # syslog-ident redis 77 | 78 | # Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7. 79 | # syslog-facility local0 80 | 81 | # Set the number of databases. The default database is DB 0, you can select 82 | # a different one on a per-connection basis using SELECT where 83 | # dbid is a number between 0 and 'databases'-1 84 | databases 16 85 | 86 | ################################ SNAPSHOTTING ################################# 87 | # 88 | # Save the DB on disk: 89 | # 90 | # save 91 | # 92 | # Will save the DB if both the given number of seconds and the given 93 | # number of write operations against the DB occurred. 94 | # 95 | # In the example below the behaviour will be to save: 96 | # after 900 sec (15 min) if at least 1 key changed 97 | # after 300 sec (5 min) if at least 10 keys changed 98 | # after 60 sec if at least 10000 keys changed 99 | # 100 | # Note: you can disable saving at all commenting all the "save" lines. 101 | # 102 | # It is also possible to remove all the previously configured save 103 | # points by adding a save directive with a single empty string argument 104 | # like in the following example: 105 | # 106 | # save "" 107 | 108 | save 900 1 109 | save 300 10 110 | save 60 10000 111 | 112 | # By default Redis will stop accepting writes if RDB snapshots are enabled 113 | # (at least one save point) and the latest background save failed. 114 | # This will make the user aware (in an hard way) that data is not persisting 115 | # on disk properly, otherwise chances are that no one will notice and some 116 | # distater will happen. 117 | # 118 | # If the background saving process will start working again Redis will 119 | # automatically allow writes again. 120 | # 121 | # However if you have setup your proper monitoring of the Redis server 122 | # and persistence, you may want to disable this feature so that Redis will 123 | # continue to work as usually even if there are problems with disk, 124 | # permissions, and so forth. 125 | stop-writes-on-bgsave-error yes 126 | 127 | # Compress string objects using LZF when dump .rdb databases? 128 | # For default that's set to 'yes' as it's almost always a win. 129 | # If you want to save some CPU in the saving child set it to 'no' but 130 | # the dataset will likely be bigger if you have compressible values or keys. 131 | rdbcompression yes 132 | 133 | # Since version 5 of RDB a CRC64 checksum is placed at the end of the file. 134 | # This makes the format more resistant to corruption but there is a performance 135 | # hit to pay (around 10%) when saving and loading RDB files, so you can disable it 136 | # for maximum performances. 137 | # 138 | # RDB files created with checksum disabled have a checksum of zero that will 139 | # tell the loading code to skip the check. 140 | rdbchecksum yes 141 | 142 | # The filename where to dump the DB 143 | dbfilename dump.rdb 144 | 145 | # The working directory. 146 | # 147 | # The DB will be written inside this directory, with the filename specified 148 | # above using the 'dbfilename' configuration directive. 149 | # 150 | # The Append Only File will also be created inside this directory. 151 | # 152 | # Note that you must specify a directory here, not a file name. 153 | dir /data/redis 154 | 155 | ################################# REPLICATION ################################# 156 | 157 | # Master-Slave replication. Use slaveof to make a Redis instance a copy of 158 | # another Redis server. Note that the configuration is local to the slave 159 | # so for example it is possible to configure the slave to save the DB with a 160 | # different interval, or to listen to another port, and so on. 161 | # 162 | # slaveof 163 | 164 | # If the master is password protected (using the "requirepass" configuration 165 | # directive below) it is possible to tell the slave to authenticate before 166 | # starting the replication synchronization process, otherwise the master will 167 | # refuse the slave request. 168 | # 169 | # masterauth 170 | 171 | # When a slave loses its connection with the master, or when the replication 172 | # is still in progress, the slave can act in two different ways: 173 | # 174 | # 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will 175 | # still reply to client requests, possibly with out of date data, or the 176 | # data set may just be empty if this is the first synchronization. 177 | # 178 | # 2) if slave-serve-stale-data is set to 'no' the slave will reply with 179 | # an error "SYNC with master in progress" to all the kind of commands 180 | # but to INFO and SLAVEOF. 181 | # 182 | slave-serve-stale-data yes 183 | 184 | # You can configure a slave instance to accept writes or not. Writing against 185 | # a slave instance may be useful to store some ephemeral data (because data 186 | # written on a slave will be easily deleted after resync with the master) but 187 | # may also cause problems if clients are writing to it because of a 188 | # misconfiguration. 189 | # 190 | # Since Redis 2.6 by default slaves are read-only. 191 | # 192 | # Note: read only slaves are not designed to be exposed to untrusted clients 193 | # on the internet. It's just a protection layer against misuse of the instance. 194 | # Still a read only slave exports by default all the administrative commands 195 | # such as CONFIG, DEBUG, and so forth. To a limited extend you can improve 196 | # security of read only slaves using 'rename-command' to shadow all the 197 | # administrative / dangerous commands. 198 | slave-read-only yes 199 | 200 | # Slaves send PINGs to server in a predefined interval. It's possible to change 201 | # this interval with the repl_ping_slave_period option. The default value is 10 202 | # seconds. 203 | # 204 | # repl-ping-slave-period 10 205 | 206 | # The following option sets a timeout for both Bulk transfer I/O timeout and 207 | # master data or ping response timeout. The default value is 60 seconds. 208 | # 209 | # It is important to make sure that this value is greater than the value 210 | # specified for repl-ping-slave-period otherwise a timeout will be detected 211 | # every time there is low traffic between the master and the slave. 212 | # 213 | # repl-timeout 60 214 | 215 | # Disable TCP_NODELAY on the slave socket after SYNC? 216 | # 217 | # If you select "yes" Redis will use a smaller number of TCP packets and 218 | # less bandwidth to send data to slaves. But this can add a delay for 219 | # the data to appear on the slave side, up to 40 milliseconds with 220 | # Linux kernels using a default configuration. 221 | # 222 | # If you select "no" the delay for data to appear on the slave side will 223 | # be reduced but more bandwidth will be used for replication. 224 | # 225 | # By default we optimize for low latency, but in very high traffic conditions 226 | # or when the master and slaves are many hops away, turning this to "yes" may 227 | # be a good idea. 228 | repl-disable-tcp-nodelay no 229 | 230 | # The slave priority is an integer number published by Redis in the INFO output. 231 | # It is used by Redis Sentinel in order to select a slave to promote into a 232 | # master if the master is no longer working correctly. 233 | # 234 | # A slave with a low priority number is considered better for promotion, so 235 | # for instance if there are three slaves with priority 10, 100, 25 Sentinel will 236 | # pick the one wtih priority 10, that is the lowest. 237 | # 238 | # However a special priority of 0 marks the slave as not able to perform the 239 | # role of master, so a slave with priority of 0 will never be selected by 240 | # Redis Sentinel for promotion. 241 | # 242 | # By default the priority is 100. 243 | slave-priority 100 244 | 245 | ################################## SECURITY ################################### 246 | 247 | # Require clients to issue AUTH before processing any other 248 | # commands. This might be useful in environments in which you do not trust 249 | # others with access to the host running redis-server. 250 | # 251 | # This should stay commented out for backward compatibility and because most 252 | # people do not need auth (e.g. they run their own servers). 253 | # 254 | # Warning: since Redis is pretty fast an outside user can try up to 255 | # 150k passwords per second against a good box. This means that you should 256 | # use a very strong password otherwise it will be very easy to break. 257 | # 258 | requirepass {{ redis_pass }} 259 | 260 | # Command renaming. 261 | # 262 | # It is possible to change the name of dangerous commands in a shared 263 | # environment. For instance the CONFIG command may be renamed into something 264 | # hard to guess so that it will still be available for internal-use tools 265 | # but not available for general clients. 266 | # 267 | # Example: 268 | # 269 | # rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52 270 | # 271 | # It is also possible to completely kill a command by renaming it into 272 | # an empty string: 273 | # 274 | # rename-command CONFIG "" 275 | # 276 | # Please note that changing the name of commands that are logged into the 277 | # AOF file or transmitted to slaves may cause problems. 278 | 279 | ################################### LIMITS #################################### 280 | 281 | # Set the max number of connected clients at the same time. By default 282 | # this limit is set to 10000 clients, however if the Redis server is not 283 | # able to configure the process file limit to allow for the specified limit 284 | # the max number of allowed clients is set to the current file limit 285 | # minus 32 (as Redis reserves a few file descriptors for internal uses). 286 | # 287 | # Once the limit is reached Redis will close all the new connections sending 288 | # an error 'max number of clients reached'. 289 | # 290 | # maxclients 10000 291 | 292 | # Don't use more memory than the specified amount of bytes. 293 | # When the memory limit is reached Redis will try to remove keys 294 | # accordingly to the eviction policy selected (see maxmemmory-policy). 295 | # 296 | # If Redis can't remove keys according to the policy, or if the policy is 297 | # set to 'noeviction', Redis will start to reply with errors to commands 298 | # that would use more memory, like SET, LPUSH, and so on, and will continue 299 | # to reply to read-only commands like GET. 300 | # 301 | # This option is usually useful when using Redis as an LRU cache, or to set 302 | # an hard memory limit for an instance (using the 'noeviction' policy). 303 | # 304 | # WARNING: If you have slaves attached to an instance with maxmemory on, 305 | # the size of the output buffers needed to feed the slaves are subtracted 306 | # from the used memory count, so that network problems / resyncs will 307 | # not trigger a loop where keys are evicted, and in turn the output 308 | # buffer of slaves is full with DELs of keys evicted triggering the deletion 309 | # of more keys, and so forth until the database is completely emptied. 310 | # 311 | # In short... if you have slaves attached it is suggested that you set a lower 312 | # limit for maxmemory so that there is some free RAM on the system for slave 313 | # output buffers (but this is not needed if the policy is 'noeviction'). 314 | # 315 | # maxmemory 316 | 317 | # MAXMEMORY POLICY: how Redis will select what to remove when maxmemory 318 | # is reached. You can select among five behaviors: 319 | # 320 | # volatile-lru -> remove the key with an expire set using an LRU algorithm 321 | # allkeys-lru -> remove any key accordingly to the LRU algorithm 322 | # volatile-random -> remove a random key with an expire set 323 | # allkeys-random -> remove a random key, any key 324 | # volatile-ttl -> remove the key with the nearest expire time (minor TTL) 325 | # noeviction -> don't expire at all, just return an error on write operations 326 | # 327 | # Note: with any of the above policies, Redis will return an error on write 328 | # operations, when there are not suitable keys for eviction. 329 | # 330 | # At the date of writing this commands are: set setnx setex append 331 | # incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd 332 | # sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby 333 | # zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby 334 | # getset mset msetnx exec sort 335 | # 336 | # The default is: 337 | # 338 | # maxmemory-policy volatile-lru 339 | 340 | # LRU and minimal TTL algorithms are not precise algorithms but approximated 341 | # algorithms (in order to save memory), so you can select as well the sample 342 | # size to check. For instance for default Redis will check three keys and 343 | # pick the one that was used less recently, you can change the sample size 344 | # using the following configuration directive. 345 | # 346 | # maxmemory-samples 3 347 | 348 | ############################## APPEND ONLY MODE ############################### 349 | 350 | # By default Redis asynchronously dumps the dataset on disk. This mode is 351 | # good enough in many applications, but an issue with the Redis process or 352 | # a power outage may result into a few minutes of writes lost (depending on 353 | # the configured save points). 354 | # 355 | # The Append Only File is an alternative persistence mode that provides 356 | # much better durability. For instance using the default data fsync policy 357 | # (see later in the config file) Redis can lose just one second of writes in a 358 | # dramatic event like a server power outage, or a single write if something 359 | # wrong with the Redis process itself happens, but the operating system is 360 | # still running correctly. 361 | # 362 | # AOF and RDB persistence can be enabled at the same time without problems. 363 | # If the AOF is enabled on startup Redis will load the AOF, that is the file 364 | # with the better durability guarantees. 365 | # 366 | # Please check http://redis.io/topics/persistence for more information. 367 | 368 | appendonly no 369 | 370 | # The name of the append only file (default: "appendonly.aof") 371 | # appendfilename appendonly.aof 372 | 373 | # The fsync() call tells the Operating System to actually write data on disk 374 | # instead to wait for more data in the output buffer. Some OS will really flush 375 | # data on disk, some other OS will just try to do it ASAP. 376 | # 377 | # Redis supports three different modes: 378 | # 379 | # no: don't fsync, just let the OS flush the data when it wants. Faster. 380 | # always: fsync after every write to the append only log . Slow, Safest. 381 | # everysec: fsync only one time every second. Compromise. 382 | # 383 | # The default is "everysec", as that's usually the right compromise between 384 | # speed and data safety. It's up to you to understand if you can relax this to 385 | # "no" that will let the operating system flush the output buffer when 386 | # it wants, for better performances (but if you can live with the idea of 387 | # some data loss consider the default persistence mode that's snapshotting), 388 | # or on the contrary, use "always" that's very slow but a bit safer than 389 | # everysec. 390 | # 391 | # More details please check the following article: 392 | # http://antirez.com/post/redis-persistence-demystified.html 393 | # 394 | # If unsure, use "everysec". 395 | 396 | # appendfsync always 397 | appendfsync everysec 398 | # appendfsync no 399 | 400 | # When the AOF fsync policy is set to always or everysec, and a background 401 | # saving process (a background save or AOF log background rewriting) is 402 | # performing a lot of I/O against the disk, in some Linux configurations 403 | # Redis may block too long on the fsync() call. Note that there is no fix for 404 | # this currently, as even performing fsync in a different thread will block 405 | # our synchronous write(2) call. 406 | # 407 | # In order to mitigate this problem it's possible to use the following option 408 | # that will prevent fsync() from being called in the main process while a 409 | # BGSAVE or BGREWRITEAOF is in progress. 410 | # 411 | # This means that while another child is saving, the durability of Redis is 412 | # the same as "appendfsync none". In practical terms, this means that it is 413 | # possible to lose up to 30 seconds of log in the worst scenario (with the 414 | # default Linux settings). 415 | # 416 | # If you have latency problems turn this to "yes". Otherwise leave it as 417 | # "no" that is the safest pick from the point of view of durability. 418 | no-appendfsync-on-rewrite no 419 | 420 | # Automatic rewrite of the append only file. 421 | # Redis is able to automatically rewrite the log file implicitly calling 422 | # BGREWRITEAOF when the AOF log size grows by the specified percentage. 423 | # 424 | # This is how it works: Redis remembers the size of the AOF file after the 425 | # latest rewrite (if no rewrite has happened since the restart, the size of 426 | # the AOF at startup is used). 427 | # 428 | # This base size is compared to the current size. If the current size is 429 | # bigger than the specified percentage, the rewrite is triggered. Also 430 | # you need to specify a minimal size for the AOF file to be rewritten, this 431 | # is useful to avoid rewriting the AOF file even if the percentage increase 432 | # is reached but it is still pretty small. 433 | # 434 | # Specify a percentage of zero in order to disable the automatic AOF 435 | # rewrite feature. 436 | 437 | auto-aof-rewrite-percentage 100 438 | auto-aof-rewrite-min-size 64mb 439 | 440 | ################################ LUA SCRIPTING ############################### 441 | 442 | # Max execution time of a Lua script in milliseconds. 443 | # 444 | # If the maximum execution time is reached Redis will log that a script is 445 | # still in execution after the maximum allowed time and will start to 446 | # reply to queries with an error. 447 | # 448 | # When a long running script exceed the maximum execution time only the 449 | # SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be 450 | # used to stop a script that did not yet called write commands. The second 451 | # is the only way to shut down the server in the case a write commands was 452 | # already issue by the script but the user don't want to wait for the natural 453 | # termination of the script. 454 | # 455 | # Set it to 0 or a negative value for unlimited execution without warnings. 456 | lua-time-limit 5000 457 | 458 | ################################## SLOW LOG ################################### 459 | 460 | # The Redis Slow Log is a system to log queries that exceeded a specified 461 | # execution time. The execution time does not include the I/O operations 462 | # like talking with the client, sending the reply and so forth, 463 | # but just the time needed to actually execute the command (this is the only 464 | # stage of command execution where the thread is blocked and can not serve 465 | # other requests in the meantime). 466 | # 467 | # You can configure the slow log with two parameters: one tells Redis 468 | # what is the execution time, in microseconds, to exceed in order for the 469 | # command to get logged, and the other parameter is the length of the 470 | # slow log. When a new command is logged the oldest one is removed from the 471 | # queue of logged commands. 472 | 473 | # The following time is expressed in microseconds, so 1000000 is equivalent 474 | # to one second. Note that a negative number disables the slow log, while 475 | # a value of zero forces the logging of every command. 476 | slowlog-log-slower-than 10000 477 | 478 | # There is no limit to this length. Just be aware that it will consume memory. 479 | # You can reclaim memory used by the slow log with SLOWLOG RESET. 480 | slowlog-max-len 128 481 | 482 | ############################### ADVANCED CONFIG ############################### 483 | 484 | # Hashes are encoded using a memory efficient data structure when they have a 485 | # small number of entries, and the biggest entry does not exceed a given 486 | # threshold. These thresholds can be configured using the following directives. 487 | hash-max-ziplist-entries 512 488 | hash-max-ziplist-value 64 489 | 490 | # Similarly to hashes, small lists are also encoded in a special way in order 491 | # to save a lot of space. The special representation is only used when 492 | # you are under the following limits: 493 | list-max-ziplist-entries 512 494 | list-max-ziplist-value 64 495 | 496 | # Sets have a special encoding in just one case: when a set is composed 497 | # of just strings that happens to be integers in radix 10 in the range 498 | # of 64 bit signed integers. 499 | # The following configuration setting sets the limit in the size of the 500 | # set in order to use this special memory saving encoding. 501 | set-max-intset-entries 512 502 | 503 | # Similarly to hashes and lists, sorted sets are also specially encoded in 504 | # order to save a lot of space. This encoding is only used when the length and 505 | # elements of a sorted set are below the following limits: 506 | zset-max-ziplist-entries 128 507 | zset-max-ziplist-value 64 508 | 509 | # Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in 510 | # order to help rehashing the main Redis hash table (the one mapping top-level 511 | # keys to values). The hash table implementation Redis uses (see dict.c) 512 | # performs a lazy rehashing: the more operation you run into an hash table 513 | # that is rehashing, the more rehashing "steps" are performed, so if the 514 | # server is idle the rehashing is never complete and some more memory is used 515 | # by the hash table. 516 | # 517 | # The default is to use this millisecond 10 times every second in order to 518 | # active rehashing the main dictionaries, freeing memory when possible. 519 | # 520 | # If unsure: 521 | # use "activerehashing no" if you have hard latency requirements and it is 522 | # not a good thing in your environment that Redis can reply form time to time 523 | # to queries with 2 milliseconds delay. 524 | # 525 | # use "activerehashing yes" if you don't have such hard requirements but 526 | # want to free memory asap when possible. 527 | activerehashing yes 528 | 529 | # The client output buffer limits can be used to force disconnection of clients 530 | # that are not reading data from the server fast enough for some reason (a 531 | # common reason is that a Pub/Sub client can't consume messages as fast as the 532 | # publisher can produce them). 533 | # 534 | # The limit can be set differently for the three different classes of clients: 535 | # 536 | # normal -> normal clients 537 | # slave -> slave clients and MONITOR clients 538 | # pubsub -> clients subcribed to at least one pubsub channel or pattern 539 | # 540 | # The syntax of every client-output-buffer-limit directive is the following: 541 | # 542 | # client-output-buffer-limit 543 | # 544 | # A client is immediately disconnected once the hard limit is reached, or if 545 | # the soft limit is reached and remains reached for the specified number of 546 | # seconds (continuously). 547 | # So for instance if the hard limit is 32 megabytes and the soft limit is 548 | # 16 megabytes / 10 seconds, the client will get disconnected immediately 549 | # if the size of the output buffers reach 32 megabytes, but will also get 550 | # disconnected if the client reaches 16 megabytes and continuously overcomes 551 | # the limit for 10 seconds. 552 | # 553 | # By default normal clients are not limited because they don't receive data 554 | # without asking (in a push way), but just after a request, so only 555 | # asynchronous clients may create a scenario where data is requested faster 556 | # than it can read. 557 | # 558 | # Instead there is a default limit for pubsub and slave clients, since 559 | # subscribers and slaves receive data in a push fashion. 560 | # 561 | # Both the hard or the soft limit can be disabled by setting them to zero. 562 | client-output-buffer-limit normal 0 0 0 563 | client-output-buffer-limit slave 256mb 64mb 60 564 | client-output-buffer-limit pubsub 32mb 8mb 60 565 | 566 | # Redis calls an internal function to perform many background tasks, like 567 | # closing connections of clients in timeot, purging expired keys that are 568 | # never requested, and so forth. 569 | # 570 | # Not all tasks are perforemd with the same frequency, but Redis checks for 571 | # tasks to perform accordingly to the specified "hz" value. 572 | # 573 | # By default "hz" is set to 10. Raising the value will use more CPU when 574 | # Redis is idle, but at the same time will make Redis more responsive when 575 | # there are many keys expiring at the same time, and timeouts may be 576 | # handled with more precision. 577 | # 578 | # The range is between 1 and 500, however a value over 100 is usually not 579 | # a good idea. Most users should use the default of 10 and raise this up to 580 | # 100 only in environments where very low latency is required. 581 | hz 10 582 | 583 | # When a child rewrites the AOF file, if the following option is enabled 584 | # the file will be fsync-ed every 32 MB of data generated. This is useful 585 | # in order to commit the file to the disk more incrementally and avoid 586 | # big latency spikes. 587 | aof-rewrite-incremental-fsync yes 588 | 589 | ################################## INCLUDES ################################### 590 | 591 | # Include one or more other config files here. This is useful if you 592 | # have a standard template that goes to all Redis server but also need 593 | # to customize a few per-server settings. Include files can include 594 | # other files, so use this wisely. 595 | # 596 | # include /path/to/local.conf 597 | # include /path/to/other.conf 598 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU AFFERO GENERAL PUBLIC LICENSE 2 | Version 3, 19 November 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU Affero General Public License is a free, copyleft license for 11 | software and other kinds of works, specifically designed to ensure 12 | cooperation with the community in the case of network server software. 13 | 14 | The licenses for most software and other practical works are designed 15 | to take away your freedom to share and change the works. By contrast, 16 | our General Public Licenses are intended to guarantee your freedom to 17 | share and change all versions of a program--to make sure it remains free 18 | software for all its users. 19 | 20 | When we speak of free software, we are referring to freedom, not 21 | price. Our General Public Licenses are designed to make sure that you 22 | have the freedom to distribute copies of free software (and charge for 23 | them if you wish), that you receive source code or can get it if you 24 | want it, that you can change the software or use pieces of it in new 25 | free programs, and that you know you can do these things. 26 | 27 | Developers that use our General Public Licenses protect your rights 28 | with two steps: (1) assert copyright on the software, and (2) offer 29 | you this License which gives you legal permission to copy, distribute 30 | and/or modify the software. 31 | 32 | A secondary benefit of defending all users' freedom is that 33 | improvements made in alternate versions of the program, if they 34 | receive widespread use, become available for other developers to 35 | incorporate. Many developers of free software are heartened and 36 | encouraged by the resulting cooperation. However, in the case of 37 | software used on network servers, this result may fail to come about. 38 | The GNU General Public License permits making a modified version and 39 | letting the public access it on a server without ever releasing its 40 | source code to the public. 41 | 42 | The GNU Affero General Public License is designed specifically to 43 | ensure that, in such cases, the modified source code becomes available 44 | to the community. It requires the operator of a network server to 45 | provide the source code of the modified version running there to the 46 | users of that server. Therefore, public use of a modified version, on 47 | a publicly accessible server, gives the public access to the source 48 | code of the modified version. 49 | 50 | An older license, called the Affero General Public License and 51 | published by Affero, was designed to accomplish similar goals. This is 52 | a different license, not a version of the Affero GPL, but Affero has 53 | released a new version of the Affero GPL which permits relicensing under 54 | this license. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | TERMS AND CONDITIONS 60 | 61 | 0. Definitions. 62 | 63 | "This License" refers to version 3 of the GNU Affero General Public License. 64 | 65 | "Copyright" also means copyright-like laws that apply to other kinds of 66 | works, such as semiconductor masks. 67 | 68 | "The Program" refers to any copyrightable work licensed under this 69 | License. Each licensee is addressed as "you". "Licensees" and 70 | "recipients" may be individuals or organizations. 71 | 72 | To "modify" a work means to copy from or adapt all or part of the work 73 | in a fashion requiring copyright permission, other than the making of an 74 | exact copy. The resulting work is called a "modified version" of the 75 | earlier work or a work "based on" the earlier work. 76 | 77 | A "covered work" means either the unmodified Program or a work based 78 | on the Program. 79 | 80 | To "propagate" a work means to do anything with it that, without 81 | permission, would make you directly or secondarily liable for 82 | infringement under applicable copyright law, except executing it on a 83 | computer or modifying a private copy. Propagation includes copying, 84 | distribution (with or without modification), making available to the 85 | public, and in some countries other activities as well. 86 | 87 | To "convey" a work means any kind of propagation that enables other 88 | parties to make or receive copies. Mere interaction with a user through 89 | a computer network, with no transfer of a copy, is not conveying. 90 | 91 | An interactive user interface displays "Appropriate Legal Notices" 92 | to the extent that it includes a convenient and prominently visible 93 | feature that (1) displays an appropriate copyright notice, and (2) 94 | tells the user that there is no warranty for the work (except to the 95 | extent that warranties are provided), that licensees may convey the 96 | work under this License, and how to view a copy of this License. If 97 | the interface presents a list of user commands or options, such as a 98 | menu, a prominent item in the list meets this criterion. 99 | 100 | 1. Source Code. 101 | 102 | The "source code" for a work means the preferred form of the work 103 | for making modifications to it. "Object code" means any non-source 104 | form of a work. 105 | 106 | A "Standard Interface" means an interface that either is an official 107 | standard defined by a recognized standards body, or, in the case of 108 | interfaces specified for a particular programming language, one that 109 | is widely used among developers working in that language. 110 | 111 | The "System Libraries" of an executable work include anything, other 112 | than the work as a whole, that (a) is included in the normal form of 113 | packaging a Major Component, but which is not part of that Major 114 | Component, and (b) serves only to enable use of the work with that 115 | Major Component, or to implement a Standard Interface for which an 116 | implementation is available to the public in source code form. A 117 | "Major Component", in this context, means a major essential component 118 | (kernel, window system, and so on) of the specific operating system 119 | (if any) on which the executable work runs, or a compiler used to 120 | produce the work, or an object code interpreter used to run it. 121 | 122 | The "Corresponding Source" for a work in object code form means all 123 | the source code needed to generate, install, and (for an executable 124 | work) run the object code and to modify the work, including scripts to 125 | control those activities. However, it does not include the work's 126 | System Libraries, or general-purpose tools or generally available free 127 | programs which are used unmodified in performing those activities but 128 | which are not part of the work. For example, Corresponding Source 129 | includes interface definition files associated with source files for 130 | the work, and the source code for shared libraries and dynamically 131 | linked subprograms that the work is specifically designed to require, 132 | such as by intimate data communication or control flow between those 133 | subprograms and other parts of the work. 134 | 135 | The Corresponding Source need not include anything that users 136 | can regenerate automatically from other parts of the Corresponding 137 | Source. 138 | 139 | The Corresponding Source for a work in source code form is that 140 | same work. 141 | 142 | 2. Basic Permissions. 143 | 144 | All rights granted under this License are granted for the term of 145 | copyright on the Program, and are irrevocable provided the stated 146 | conditions are met. This License explicitly affirms your unlimited 147 | permission to run the unmodified Program. The output from running a 148 | covered work is covered by this License only if the output, given its 149 | content, constitutes a covered work. This License acknowledges your 150 | rights of fair use or other equivalent, as provided by copyright law. 151 | 152 | You may make, run and propagate covered works that you do not 153 | convey, without conditions so long as your license otherwise remains 154 | in force. You may convey covered works to others for the sole purpose 155 | of having them make modifications exclusively for you, or provide you 156 | with facilities for running those works, provided that you comply with 157 | the terms of this License in conveying all material for which you do 158 | not control copyright. Those thus making or running the covered works 159 | for you must do so exclusively on your behalf, under your direction 160 | and control, on terms that prohibit them from making any copies of 161 | your copyrighted material outside their relationship with you. 162 | 163 | Conveying under any other circumstances is permitted solely under 164 | the conditions stated below. Sublicensing is not allowed; section 10 165 | makes it unnecessary. 166 | 167 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 168 | 169 | No covered work shall be deemed part of an effective technological 170 | measure under any applicable law fulfilling obligations under article 171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 172 | similar laws prohibiting or restricting circumvention of such 173 | measures. 174 | 175 | When you convey a covered work, you waive any legal power to forbid 176 | circumvention of technological measures to the extent such circumvention 177 | is effected by exercising rights under this License with respect to 178 | the covered work, and you disclaim any intention to limit operation or 179 | modification of the work as a means of enforcing, against the work's 180 | users, your or third parties' legal rights to forbid circumvention of 181 | technological measures. 182 | 183 | 4. Conveying Verbatim Copies. 184 | 185 | You may convey verbatim copies of the Program's source code as you 186 | receive it, in any medium, provided that you conspicuously and 187 | appropriately publish on each copy an appropriate copyright notice; 188 | keep intact all notices stating that this License and any 189 | non-permissive terms added in accord with section 7 apply to the code; 190 | keep intact all notices of the absence of any warranty; and give all 191 | recipients a copy of this License along with the Program. 192 | 193 | You may charge any price or no price for each copy that you convey, 194 | and you may offer support or warranty protection for a fee. 195 | 196 | 5. Conveying Modified Source Versions. 197 | 198 | You may convey a work based on the Program, or the modifications to 199 | produce it from the Program, in the form of source code under the 200 | terms of section 4, provided that you also meet all of these conditions: 201 | 202 | a) The work must carry prominent notices stating that you modified 203 | it, and giving a relevant date. 204 | 205 | b) The work must carry prominent notices stating that it is 206 | released under this License and any conditions added under section 207 | 7. This requirement modifies the requirement in section 4 to 208 | "keep intact all notices". 209 | 210 | c) You must license the entire work, as a whole, under this 211 | License to anyone who comes into possession of a copy. This 212 | License will therefore apply, along with any applicable section 7 213 | additional terms, to the whole of the work, and all its parts, 214 | regardless of how they are packaged. This License gives no 215 | permission to license the work in any other way, but it does not 216 | invalidate such permission if you have separately received it. 217 | 218 | d) If the work has interactive user interfaces, each must display 219 | Appropriate Legal Notices; however, if the Program has interactive 220 | interfaces that do not display Appropriate Legal Notices, your 221 | work need not make them do so. 222 | 223 | A compilation of a covered work with other separate and independent 224 | works, which are not by their nature extensions of the covered work, 225 | and which are not combined with it such as to form a larger program, 226 | in or on a volume of a storage or distribution medium, is called an 227 | "aggregate" if the compilation and its resulting copyright are not 228 | used to limit the access or legal rights of the compilation's users 229 | beyond what the individual works permit. Inclusion of a covered work 230 | in an aggregate does not cause this License to apply to the other 231 | parts of the aggregate. 232 | 233 | 6. Conveying Non-Source Forms. 234 | 235 | You may convey a covered work in object code form under the terms 236 | of sections 4 and 5, provided that you also convey the 237 | machine-readable Corresponding Source under the terms of this License, 238 | in one of these ways: 239 | 240 | a) Convey the object code in, or embodied in, a physical product 241 | (including a physical distribution medium), accompanied by the 242 | Corresponding Source fixed on a durable physical medium 243 | customarily used for software interchange. 244 | 245 | b) Convey the object code in, or embodied in, a physical product 246 | (including a physical distribution medium), accompanied by a 247 | written offer, valid for at least three years and valid for as 248 | long as you offer spare parts or customer support for that product 249 | model, to give anyone who possesses the object code either (1) a 250 | copy of the Corresponding Source for all the software in the 251 | product that is covered by this License, on a durable physical 252 | medium customarily used for software interchange, for a price no 253 | more than your reasonable cost of physically performing this 254 | conveying of source, or (2) access to copy the 255 | Corresponding Source from a network server at no charge. 256 | 257 | c) Convey individual copies of the object code with a copy of the 258 | written offer to provide the Corresponding Source. This 259 | alternative is allowed only occasionally and noncommercially, and 260 | only if you received the object code with such an offer, in accord 261 | with subsection 6b. 262 | 263 | d) Convey the object code by offering access from a designated 264 | place (gratis or for a charge), and offer equivalent access to the 265 | Corresponding Source in the same way through the same place at no 266 | further charge. You need not require recipients to copy the 267 | Corresponding Source along with the object code. If the place to 268 | copy the object code is a network server, the Corresponding Source 269 | may be on a different server (operated by you or a third party) 270 | that supports equivalent copying facilities, provided you maintain 271 | clear directions next to the object code saying where to find the 272 | Corresponding Source. Regardless of what server hosts the 273 | Corresponding Source, you remain obligated to ensure that it is 274 | available for as long as needed to satisfy these requirements. 275 | 276 | e) Convey the object code using peer-to-peer transmission, provided 277 | you inform other peers where the object code and Corresponding 278 | Source of the work are being offered to the general public at no 279 | charge under subsection 6d. 280 | 281 | A separable portion of the object code, whose source code is excluded 282 | from the Corresponding Source as a System Library, need not be 283 | included in conveying the object code work. 284 | 285 | A "User Product" is either (1) a "consumer product", which means any 286 | tangible personal property which is normally used for personal, family, 287 | or household purposes, or (2) anything designed or sold for incorporation 288 | into a dwelling. In determining whether a product is a consumer product, 289 | doubtful cases shall be resolved in favor of coverage. For a particular 290 | product received by a particular user, "normally used" refers to a 291 | typical or common use of that class of product, regardless of the status 292 | of the particular user or of the way in which the particular user 293 | actually uses, or expects or is expected to use, the product. A product 294 | is a consumer product regardless of whether the product has substantial 295 | commercial, industrial or non-consumer uses, unless such uses represent 296 | the only significant mode of use of the product. 297 | 298 | "Installation Information" for a User Product means any methods, 299 | procedures, authorization keys, or other information required to install 300 | and execute modified versions of a covered work in that User Product from 301 | a modified version of its Corresponding Source. The information must 302 | suffice to ensure that the continued functioning of the modified object 303 | code is in no case prevented or interfered with solely because 304 | modification has been made. 305 | 306 | If you convey an object code work under this section in, or with, or 307 | specifically for use in, a User Product, and the conveying occurs as 308 | part of a transaction in which the right of possession and use of the 309 | User Product is transferred to the recipient in perpetuity or for a 310 | fixed term (regardless of how the transaction is characterized), the 311 | Corresponding Source conveyed under this section must be accompanied 312 | by the Installation Information. But this requirement does not apply 313 | if neither you nor any third party retains the ability to install 314 | modified object code on the User Product (for example, the work has 315 | been installed in ROM). 316 | 317 | The requirement to provide Installation Information does not include a 318 | requirement to continue to provide support service, warranty, or updates 319 | for a work that has been modified or installed by the recipient, or for 320 | the User Product in which it has been modified or installed. Access to a 321 | network may be denied when the modification itself materially and 322 | adversely affects the operation of the network or violates the rules and 323 | protocols for communication across the network. 324 | 325 | Corresponding Source conveyed, and Installation Information provided, 326 | in accord with this section must be in a format that is publicly 327 | documented (and with an implementation available to the public in 328 | source code form), and must require no special password or key for 329 | unpacking, reading or copying. 330 | 331 | 7. Additional Terms. 332 | 333 | "Additional permissions" are terms that supplement the terms of this 334 | License by making exceptions from one or more of its conditions. 335 | Additional permissions that are applicable to the entire Program shall 336 | be treated as though they were included in this License, to the extent 337 | that they are valid under applicable law. If additional permissions 338 | apply only to part of the Program, that part may be used separately 339 | under those permissions, but the entire Program remains governed by 340 | this License without regard to the additional permissions. 341 | 342 | When you convey a copy of a covered work, you may at your option 343 | remove any additional permissions from that copy, or from any part of 344 | it. (Additional permissions may be written to require their own 345 | removal in certain cases when you modify the work.) You may place 346 | additional permissions on material, added by you to a covered work, 347 | for which you have or can give appropriate copyright permission. 348 | 349 | Notwithstanding any other provision of this License, for material you 350 | add to a covered work, you may (if authorized by the copyright holders of 351 | that material) supplement the terms of this License with terms: 352 | 353 | a) Disclaiming warranty or limiting liability differently from the 354 | terms of sections 15 and 16 of this License; or 355 | 356 | b) Requiring preservation of specified reasonable legal notices or 357 | author attributions in that material or in the Appropriate Legal 358 | Notices displayed by works containing it; or 359 | 360 | c) Prohibiting misrepresentation of the origin of that material, or 361 | requiring that modified versions of such material be marked in 362 | reasonable ways as different from the original version; or 363 | 364 | d) Limiting the use for publicity purposes of names of licensors or 365 | authors of the material; or 366 | 367 | e) Declining to grant rights under trademark law for use of some 368 | trade names, trademarks, or service marks; or 369 | 370 | f) Requiring indemnification of licensors and authors of that 371 | material by anyone who conveys the material (or modified versions of 372 | it) with contractual assumptions of liability to the recipient, for 373 | any liability that these contractual assumptions directly impose on 374 | those licensors and authors. 375 | 376 | All other non-permissive additional terms are considered "further 377 | restrictions" within the meaning of section 10. If the Program as you 378 | received it, or any part of it, contains a notice stating that it is 379 | governed by this License along with a term that is a further 380 | restriction, you may remove that term. If a license document contains 381 | a further restriction but permits relicensing or conveying under this 382 | License, you may add to a covered work material governed by the terms 383 | of that license document, provided that the further restriction does 384 | not survive such relicensing or conveying. 385 | 386 | If you add terms to a covered work in accord with this section, you 387 | must place, in the relevant source files, a statement of the 388 | additional terms that apply to those files, or a notice indicating 389 | where to find the applicable terms. 390 | 391 | Additional terms, permissive or non-permissive, may be stated in the 392 | form of a separately written license, or stated as exceptions; 393 | the above requirements apply either way. 394 | 395 | 8. Termination. 396 | 397 | You may not propagate or modify a covered work except as expressly 398 | provided under this License. Any attempt otherwise to propagate or 399 | modify it is void, and will automatically terminate your rights under 400 | this License (including any patent licenses granted under the third 401 | paragraph of section 11). 402 | 403 | However, if you cease all violation of this License, then your 404 | license from a particular copyright holder is reinstated (a) 405 | provisionally, unless and until the copyright holder explicitly and 406 | finally terminates your license, and (b) permanently, if the copyright 407 | holder fails to notify you of the violation by some reasonable means 408 | prior to 60 days after the cessation. 409 | 410 | Moreover, your license from a particular copyright holder is 411 | reinstated permanently if the copyright holder notifies you of the 412 | violation by some reasonable means, this is the first time you have 413 | received notice of violation of this License (for any work) from that 414 | copyright holder, and you cure the violation prior to 30 days after 415 | your receipt of the notice. 416 | 417 | Termination of your rights under this section does not terminate the 418 | licenses of parties who have received copies or rights from you under 419 | this License. If your rights have been terminated and not permanently 420 | reinstated, you do not qualify to receive new licenses for the same 421 | material under section 10. 422 | 423 | 9. Acceptance Not Required for Having Copies. 424 | 425 | You are not required to accept this License in order to receive or 426 | run a copy of the Program. Ancillary propagation of a covered work 427 | occurring solely as a consequence of using peer-to-peer transmission 428 | to receive a copy likewise does not require acceptance. However, 429 | nothing other than this License grants you permission to propagate or 430 | modify any covered work. These actions infringe copyright if you do 431 | not accept this License. Therefore, by modifying or propagating a 432 | covered work, you indicate your acceptance of this License to do so. 433 | 434 | 10. Automatic Licensing of Downstream Recipients. 435 | 436 | Each time you convey a covered work, the recipient automatically 437 | receives a license from the original licensors, to run, modify and 438 | propagate that work, subject to this License. You are not responsible 439 | for enforcing compliance by third parties with this License. 440 | 441 | An "entity transaction" is a transaction transferring control of an 442 | organization, or substantially all assets of one, or subdividing an 443 | organization, or merging organizations. If propagation of a covered 444 | work results from an entity transaction, each party to that 445 | transaction who receives a copy of the work also receives whatever 446 | licenses to the work the party's predecessor in interest had or could 447 | give under the previous paragraph, plus a right to possession of the 448 | Corresponding Source of the work from the predecessor in interest, if 449 | the predecessor has it or can get it with reasonable efforts. 450 | 451 | You may not impose any further restrictions on the exercise of the 452 | rights granted or affirmed under this License. For example, you may 453 | not impose a license fee, royalty, or other charge for exercise of 454 | rights granted under this License, and you may not initiate litigation 455 | (including a cross-claim or counterclaim in a lawsuit) alleging that 456 | any patent claim is infringed by making, using, selling, offering for 457 | sale, or importing the Program or any portion of it. 458 | 459 | 11. Patents. 460 | 461 | A "contributor" is a copyright holder who authorizes use under this 462 | License of the Program or a work on which the Program is based. The 463 | work thus licensed is called the contributor's "contributor version". 464 | 465 | A contributor's "essential patent claims" are all patent claims 466 | owned or controlled by the contributor, whether already acquired or 467 | hereafter acquired, that would be infringed by some manner, permitted 468 | by this License, of making, using, or selling its contributor version, 469 | but do not include claims that would be infringed only as a 470 | consequence of further modification of the contributor version. For 471 | purposes of this definition, "control" includes the right to grant 472 | patent sublicenses in a manner consistent with the requirements of 473 | this License. 474 | 475 | Each contributor grants you a non-exclusive, worldwide, royalty-free 476 | patent license under the contributor's essential patent claims, to 477 | make, use, sell, offer for sale, import and otherwise run, modify and 478 | propagate the contents of its contributor version. 479 | 480 | In the following three paragraphs, a "patent license" is any express 481 | agreement or commitment, however denominated, not to enforce a patent 482 | (such as an express permission to practice a patent or covenant not to 483 | sue for patent infringement). To "grant" such a patent license to a 484 | party means to make such an agreement or commitment not to enforce a 485 | patent against the party. 486 | 487 | If you convey a covered work, knowingly relying on a patent license, 488 | and the Corresponding Source of the work is not available for anyone 489 | to copy, free of charge and under the terms of this License, through a 490 | publicly available network server or other readily accessible means, 491 | then you must either (1) cause the Corresponding Source to be so 492 | available, or (2) arrange to deprive yourself of the benefit of the 493 | patent license for this particular work, or (3) arrange, in a manner 494 | consistent with the requirements of this License, to extend the patent 495 | license to downstream recipients. "Knowingly relying" means you have 496 | actual knowledge that, but for the patent license, your conveying the 497 | covered work in a country, or your recipient's use of the covered work 498 | in a country, would infringe one or more identifiable patents in that 499 | country that you have reason to believe are valid. 500 | 501 | If, pursuant to or in connection with a single transaction or 502 | arrangement, you convey, or propagate by procuring conveyance of, a 503 | covered work, and grant a patent license to some of the parties 504 | receiving the covered work authorizing them to use, propagate, modify 505 | or convey a specific copy of the covered work, then the patent license 506 | you grant is automatically extended to all recipients of the covered 507 | work and works based on it. 508 | 509 | A patent license is "discriminatory" if it does not include within 510 | the scope of its coverage, prohibits the exercise of, or is 511 | conditioned on the non-exercise of one or more of the rights that are 512 | specifically granted under this License. You may not convey a covered 513 | work if you are a party to an arrangement with a third party that is 514 | in the business of distributing software, under which you make payment 515 | to the third party based on the extent of your activity of conveying 516 | the work, and under which the third party grants, to any of the 517 | parties who would receive the covered work from you, a discriminatory 518 | patent license (a) in connection with copies of the covered work 519 | conveyed by you (or copies made from those copies), or (b) primarily 520 | for and in connection with specific products or compilations that 521 | contain the covered work, unless you entered into that arrangement, 522 | or that patent license was granted, prior to 28 March 2007. 523 | 524 | Nothing in this License shall be construed as excluding or limiting 525 | any implied license or other defenses to infringement that may 526 | otherwise be available to you under applicable patent law. 527 | 528 | 12. No Surrender of Others' Freedom. 529 | 530 | If conditions are imposed on you (whether by court order, agreement or 531 | otherwise) that contradict the conditions of this License, they do not 532 | excuse you from the conditions of this License. If you cannot convey a 533 | covered work so as to satisfy simultaneously your obligations under this 534 | License and any other pertinent obligations, then as a consequence you may 535 | not convey it at all. For example, if you agree to terms that obligate you 536 | to collect a royalty for further conveying from those to whom you convey 537 | the Program, the only way you could satisfy both those terms and this 538 | License would be to refrain entirely from conveying the Program. 539 | 540 | 13. Remote Network Interaction; Use with the GNU General Public License. 541 | 542 | Notwithstanding any other provision of this License, if you modify the 543 | Program, your modified version must prominently offer all users 544 | interacting with it remotely through a computer network (if your version 545 | supports such interaction) an opportunity to receive the Corresponding 546 | Source of your version by providing access to the Corresponding Source 547 | from a network server at no charge, through some standard or customary 548 | means of facilitating copying of software. This Corresponding Source 549 | shall include the Corresponding Source for any work covered by version 3 550 | of the GNU General Public License that is incorporated pursuant to the 551 | following paragraph. 552 | 553 | Notwithstanding any other provision of this License, you have 554 | permission to link or combine any covered work with a work licensed 555 | under version 3 of the GNU General Public License into a single 556 | combined work, and to convey the resulting work. The terms of this 557 | License will continue to apply to the part which is the covered work, 558 | but the work with which it is combined will remain governed by version 559 | 3 of the GNU General Public License. 560 | 561 | 14. Revised Versions of this License. 562 | 563 | The Free Software Foundation may publish revised and/or new versions of 564 | the GNU Affero General Public License from time to time. Such new versions 565 | will be similar in spirit to the present version, but may differ in detail to 566 | address new problems or concerns. 567 | 568 | Each version is given a distinguishing version number. If the 569 | Program specifies that a certain numbered version of the GNU Affero General 570 | Public License "or any later version" applies to it, you have the 571 | option of following the terms and conditions either of that numbered 572 | version or of any later version published by the Free Software 573 | Foundation. If the Program does not specify a version number of the 574 | GNU Affero General Public License, you may choose any version ever published 575 | by the Free Software Foundation. 576 | 577 | If the Program specifies that a proxy can decide which future 578 | versions of the GNU Affero General Public License can be used, that proxy's 579 | public statement of acceptance of a version permanently authorizes you 580 | to choose that version for the Program. 581 | 582 | Later license versions may give you additional or different 583 | permissions. However, no additional obligations are imposed on any 584 | author or copyright holder as a result of your choosing to follow a 585 | later version. 586 | 587 | 15. Disclaimer of Warranty. 588 | 589 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 590 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 594 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 595 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 597 | 598 | 16. Limitation of Liability. 599 | 600 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 608 | SUCH DAMAGES. 609 | 610 | 17. Interpretation of Sections 15 and 16. 611 | 612 | If the disclaimer of warranty and limitation of liability provided 613 | above cannot be given local legal effect according to their terms, 614 | reviewing courts shall apply local law that most closely approximates 615 | an absolute waiver of all civil liability in connection with the 616 | Program, unless a warranty or assumption of liability accompanies a 617 | copy of the Program in return for a fee. 618 | 619 | END OF TERMS AND CONDITIONS 620 | 621 | How to Apply These Terms to Your New Programs 622 | 623 | If you develop a new program, and you want it to be of the greatest 624 | possible use to the public, the best way to achieve this is to make it 625 | free software which everyone can redistribute and change under these terms. 626 | 627 | To do so, attach the following notices to the program. It is safest 628 | to attach them to the start of each source file to most effectively 629 | state the exclusion of warranty; and each file should have at least 630 | the "copyright" line and a pointer to where the full notice is found. 631 | 632 | 633 | Copyright (C) 634 | 635 | This program is free software: you can redistribute it and/or modify 636 | it under the terms of the GNU Affero General Public License as published 637 | by the Free Software Foundation, either version 3 of the License, or 638 | (at your option) any later version. 639 | 640 | This program is distributed in the hope that it will be useful, 641 | but WITHOUT ANY WARRANTY; without even the implied warranty of 642 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 643 | GNU Affero General Public License for more details. 644 | 645 | You should have received a copy of the GNU Affero General Public License 646 | along with this program. If not, see . 647 | 648 | Also add information on how to contact you by electronic and paper mail. 649 | 650 | If your software can interact with users remotely through a computer 651 | network, you should also make sure that it provides a way for users to 652 | get its source. For example, if your program is a web application, its 653 | interface could display a "Source" link that leads users to an archive 654 | of the code. There are many ways you could offer source, and different 655 | solutions will be better for different programs; see section 13 for the 656 | specific requirements. 657 | 658 | You should also get your employer (if you work as a programmer) or school, 659 | if any, to sign a "copyright disclaimer" for the program, if necessary. 660 | For more information on this, and how to apply and follow the GNU AGPL, see 661 | . 662 | 663 | --------------------------------------------------------------------------------