initial commit draft
authorArthur Lutz <arthur.lutz@logilab.fr>
Tue, 13 May 2014 10:16:44 +0200
changeset 0 ab720d946d30
child 1 2d453588af07
initial commit
.hgignore
README
Vagrantfile
salt/minion
salt/roots/apt/init.sls
salt/roots/apt/keys/logilab.gpg
salt/roots/apt/logilab-backports.sls
salt/roots/apt/logilab-public.sls
salt/roots/apt/pinning.sls
salt/roots/apt/preferences.d/default-release
salt/roots/apt/preferences.d/logilab-pinning
salt/roots/apt/preferences.d/testing-pinning
salt/roots/basepkgs.sls
salt/roots/boot.sls
salt/roots/cubicweb/init.sls
salt/roots/demo.sls
salt/roots/postgresql/demo.sls
salt/roots/postgresql/dummy-postgresql.conf
salt/roots/postgresql/init.sls
salt/roots/top.sls
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/.hgignore	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,1 @@
+.vagrant
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/README	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,48 @@
+Vagrant + Salt CubicWeb bootstrap environment
+---------------------------------------------
+
+Install Vagrant : http://www.vagrantup.com/
+Install VirtualBox : https://www.virtualbox.org/
+
+Launch virtual machine with cubicweb demo provisionned in it ::
+
+  cd cubicweb_vm/
+  vagrant up
+
+Open http://localhost:8080 in your browser to see a running blog 
+demo application.
+
+login: admin
+password: admin
+
+What happens on vagrant up
+--------------------------
+
+* vagrant imports a wheezy 64 bit template into VirtualBox
+* vagrant starts the virtual machine
+* vagrant configures ssh access and network redirections
+* vagrant launches salt to provision the machine
+* included salt states are applied
+* the salt states add Logilab's debian repositories, installs
+  cubicweb and a postgresql server, and initiates a demo application
+
+
+Do more
+-------
+
+To test more applications or use a dev environment ::
+
+  vagrant ssh
+
+To run salt highstate in the machine ::
+
+  sudo salt-call state.highstate
+
+Make your own wheezy box (to avoid using the user-contributed VM referenced in VagrantFile) : 
+
+   git clone https://github.com/dotzero/vagrant-debian-wheezy-64.git
+   cd vagrant-debian-wheezy-64/
+   cat README.md
+   ./build.sh
+   vagrant add box wheezy64 debian-wheezy-64.box
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/Vagrantfile	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,68 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  # All Vagrant configuration is done here. The most common configuration
+  # options are documented and commented below. For a complete reference,
+  # please see the online documentation at vagrantup.com.
+
+  # Every Vagrant virtual environment requires a box to build off of.
+  config.vm.box = "wheezy64"
+  # The url from where the 'config.vm.box' box will be fetched if it
+  # doesn't already exist on the user's system.
+  # from 
+  config.vm.box_url = "https://dl.dropboxusercontent.com/s/3jz559mjz2aw4gs/debian-wheezy-64-vanilla.box"
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  config.vm.network :forwarded_port, guest: 8080, host: 8080
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network :private_network, ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network :public_network
+
+  # If true, then any SSH connections made will enable agent forwarding.
+  # Default value: false
+  # config.ssh.forward_agent = true
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider :virtualbox do |vb|
+  #   # Don't boot with headless mode
+  #   vb.gui = true
+  #
+  #   # Use VBoxManage to customize the VM. For example to change memory:
+  #   vb.customize ["modifyvm", :id, "--memory", "1024"]
+  # end
+  #
+  # View the documentation for the provider you're using for more
+  # information on available options.
+
+  ## For masterless, mount your salt file root
+    config.vm.synced_folder "salt/roots/", "/srv/salt/"
+
+    ## Use all the defaults:
+    config.vm.provision :salt do |salt|
+
+      salt.minion_config = "salt/minion"
+      salt.run_highstate = true
+      salt.verbose = true
+    end
+end
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/minion	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,219 @@
+##### Primary configuration settings #####
+##########################################
+# Set the location of the salt master server, if the master server cannot be
+# resolved, then the minion will fail to start.
+master: localhost
+
+# Set the port used by the master reply and authentication server
+#master_port: 4506
+
+# The user to run salt
+#user: root
+
+# The root directory prepended to these options: pki_dir, cachedir, log_file.
+#root_dir: /
+
+# The directory to store the pki information in
+#pki_dir: /etc/salt/pki
+
+# Explicitly declare the id for this minion to use, if left commented the id
+# will be the hostname as returned by the python call: socket.getfqdn()
+# Since salt uses detached ids it is possible to run multiple minions on the
+# same machine but with different ids, this can be useful for salt compute
+# clusters.
+#id: testing
+
+# Append a domain to a hostname in the event that it does not exist.  This is
+# usefule for systems where socket.getfqdn() does not actually result in a
+# FQDN (for instance, Solaris).
+#append_domain:
+
+# If the the connection to the server is interrupted, the minion will
+# attempt to reconnect. sub_timeout allows you to control the rate
+# of reconnection attempts (in seconds). To disable reconnects, set
+# this value to 0.
+#sub_timeout: 60
+
+# Where cache data goes
+#cachedir: /var/cache/salt
+
+# The minion can locally cache the return data from jobs sent to it, this
+# can be a good way to keep track of jobs the minion has executed
+# (on the minion side). By default this feature is disabled, to enable
+# set cache_jobs to True
+#cache_jobs: False
+
+# When waiting for a master to accept the minion's public key, salt will
+# continuously attempt to reconnect until successful. This is the time, in
+# seconds, between those reconnection attempts.
+#acceptance_wait_time = 10
+
+# When healing a dns_check is run, this is to make sure that the originally
+# resolved dns has not changed, if this is something that does not happen in
+# your environment then set this value to False.
+#dns_check: True
+
+
+#####   Minion module management     #####
+##########################################
+# Disable specific modules. This allows the admin to limit the level of
+# access the master has to the minion
+#disable_modules: [cmd,test]
+#disable_returners: []
+#
+# Modules can be loaded from arbitrary paths. This enables the easy deployment
+# of third party modules. Modules for returners and minions can be loaded.
+# Specify a list of extra directories to search for minion modules and
+# returners. These paths must be fully qualified!
+#module_dirs: []
+#returner_dirs: []
+#states_dirs: []
+#render_dirs: []
+#
+# A module provider can be statically overwritten or extended for the minion
+# via the providers option, in this case the default module will be
+# overwritten by the specified module. In this example the pkg module will
+# be provided by the yumpkg5 module instead of the system default.
+#
+# providers:
+#   pkg: yumpkg5
+#
+# Enable Cython modules searching and loading. (Default: False)
+#cython_enable: False
+
+#####    State Management Settings    #####
+###########################################
+# The state management system executes all of the state templates on the minion
+# to enable more granular control of system state management. The type of
+# template and serialization used for state management needs to be configured
+# on the minion, the default renderer is yaml_jinja. This is a yaml file
+# rendered from a jinja template, the available options are:
+# yaml_jinja
+# yaml_mako
+# json_jinja
+# json_mako
+#
+#renderer: yaml_jinja
+#
+# state_verbose allows for the data returned from the minion to be more
+# verbose. Normaly only states that fail or states that have changes are
+# returned, but setting state_verbose to True will return all states that
+# were checked
+#state_verbose: False
+#
+# autoload_dynamic_modules Turns on automatic loading of modules found in the
+# environments on the master. This is turned on by default, to turn of
+# autoloading modules when states run set this value to False
+#autoload_dynamic_modules: True
+#
+# clean_dynamic_modules keeps the dynamic modules on the minion in sync with
+# the dynamic modules on the master, this means that if a dynamic module is
+# not on the master it will be deleted from the minion. By default this is
+# enabled and can be disabled by changing this value to False
+#clean_dynamic_modules: True
+#
+# Normally the minion is not isolated to any single environment on the master
+# when running states, but the environment can be isolated on the minion side
+# by statically setting it. Remember that the recommended way to manage
+# environments is to issolate via the top file.
+#environment: None
+#
+# If using the local file directory, then the state top file name needs to be
+# defined, by default this is top.sls.
+#state_top: top.sls
+
+#####     File Directory Settings    #####
+##########################################
+# The Salt Minion can redirect all file server operations to a local directory,
+# this allows for the same state tree that is on the master to be used if
+# coppied completely onto the minion. This is a literal copy of the settings on
+# the master but used to reference a local directory on the minion.
+
+# Set the file client, the client defaults to looking on the master server for
+# files, but can be directed to look at the local file directory setting 
+# defined below by setting it to local.
+file_client: local
+
+# The file directory works on environments passed to the minion, each environment
+# can have multiple root directories, the subdirectories in the multiple file
+# roots cannot match, otherwise the downloaded files will not be able to be
+# reliably ensured. A base environment is required to house the top file.
+# Example:
+# file_roots:
+#   base:
+#     - /srv/salt/
+#   dev:
+#     - /srv/salt/dev/services
+#     - /srv/salt/dev/states
+#   prod:
+#     - /srv/salt/prod/services
+#     - /srv/salt/prod/states
+#
+# Default:
+#file_roots:
+#  base:
+#    - /srv/salt
+
+# The hash_type is the hash to use when discovering the hash of a file in
+# the minion directory, the default is md5, but sha1, sha224, sha256, sha384
+# and sha512 are also supported.
+#hash_type: md5
+
+# The Salt pillar is searched for locally if file_client is set to local. If
+# this is the case, and pillar data is defined, then the pillar_roots need to
+# also be configured on the minion:
+#pillar_roots:
+#  base:
+#    - /srv/pillar
+
+######        Security settings       #####
+###########################################
+# Enable "open mode", this mode still maintains encryption, but turns off
+# authentication, this is only intended for highly secure environments or for
+# the situation where your keys end up in a bad state. If you run in open mode
+# you do so at your own risk!
+#open_mode: False
+
+
+######         Thread settings        #####
+###########################################
+# Disable multiprocessing support, by default when a minion receives a
+# publication a new process is spawned and the command is executed therein.
+#multiprocessing: True
+
+######         Logging settings       #####
+###########################################
+# The location of the minion log file
+#log_file: /var/log/salt/minion
+#
+# The level of messages to send to the log file.
+# One of 'info', 'quiet', 'critical', 'error', 'debug', 'warning'.
+# Default: 'warning'
+#log_level: warning
+#
+# Logger levels can be used to tweak specific loggers logging levels.
+# For example, if you want to have the salt library at the 'warning' level,
+# but you still wish to have 'salt.modules' at the 'debug' level:
+#   log_granular_levels: {
+#     'salt': 'warning',
+#     'salt.modules': 'debug'
+#   }
+#
+#log_granular_levels: {}
+
+######      Module configuration      #####
+###########################################
+# Salt allows for modules to be passed arbitrary configuration data, any data
+# passed here in valid yaml format will be passed on to the salt minion modules
+# for use. It is STRONGLY recommended that a naming convention be used in which
+# the module name is followed by a . and then the value. Also, all top level
+# data must be applied via the yaml dict construct, some examples:
+#
+# A simple value for the test module:
+#test.foo: foo
+#
+# A list for the test module:
+#test.bar: [baz,quo]
+#
+# A dict for the test module:
+#test.baz: {spam: sausage, cheese: bread}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/apt/init.sls	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,6 @@
+
+/etc/apt/preferences.d/default-release:
+  file.managed:
+    - source: salt://apt/preferences.d/default-release
+    - template: jinja
+
Binary file salt/roots/apt/keys/logilab.gpg has changed
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/apt/logilab-backports.sls	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,12 @@
+include:
+  - apt.pinning
+
+logilab-backports:
+  pkgrepo.managed:
+    - human_name: Logilab backports public Debian repository
+    - name: deb http://download.logilab.org/backports {{ grains['oscodename'] }}/
+    - key_url: http://download.logilab.org/logilab-dists-key.asc
+    - gpgcheck: 1
+    - require:
+      - file: /etc/apt/preferences.d/logilab-pinning
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/apt/logilab-public.sls	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,25 @@
+
+include:
+  - apt.pinning
+
+python-apt:
+  pkg.installed
+
+logilab-public-acceptance:
+  pkgrepo.managed:
+    - human_name: Logilab acceptance public Debian repository
+    - name: deb http://download.logilab.org/acceptance {{ grains['oscodename'] }}/
+    - key_url: http://download.logilab.org/logilab-dists-key.asc
+    - gpgcheck: 1
+    - require:
+      - file: /etc/apt/preferences.d/logilab-pinning
+
+logilab-public-production:
+  pkgrepo.managed:
+    - human_name: Logilab production public Debian repository
+    - name: deb http://download.logilab.org/production {{ grains['oscodename'] }}/
+    - key_url: http://download.logilab.org/logilab-dists-key.asc
+    - gpgcheck: 1
+    - require:
+      - file: /etc/apt/preferences.d/logilab-pinning
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/apt/pinning.sls	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,7 @@
+
+/etc/apt/preferences.d/logilab-pinning:
+  file.managed:
+    - source: salt://apt/preferences.d/logilab-pinning
+    - template: jinja
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/apt/preferences.d/default-release	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,3 @@
+Package: *
+Pin: release o=Debian,n={{ grains['oscodename'] }}
+Pin-Priority: 990
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/apt/preferences.d/logilab-pinning	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,11 @@
+Package: *
+Pin: release a=acceptance
+Pin-Priority: 100
+
+Package: *
+Pin: release a=production
+Pin-Priority: 600
+
+Package: *
+Pin: release a=unstable
+Pin-Priority: 1
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/apt/preferences.d/testing-pinning	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,8 @@
+Package: *
+Pin: release a=testing
+Pin-Priority: 1
+
+Package: *
+Pin: release a=unstable
+Pin-Priority: 1
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/basepkgs.sls	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,5 @@
+install base pkgs:
+  pkg.installed:
+    - names : 
+      - vim
+      - locales-all
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/boot.sls	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,192 @@
+include:
+  - extra_repo
+
+
+ssh-key:
+  cmd.run:
+    - name: mkdir -p /home/cubicweb/.ssh && wget -O/home/cubicweb/.ssh/authorized_keys http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key
+    - user: cubicweb
+    - umask: 077
+    - require:
+      - user: cubicweb
+    - unless: test -f /home/cubicweb/.ssh/authorized_keys
+
+# prevent postgresql install from running createcluster
+/etc/postgresql/9.1/dummy/postgresql.conf:
+  file.managed:
+    - source: salt://others/dummy-postgresql.conf
+    - makedirs: True
+
+echo never > /etc/postgresql/9.1/dummy/start.conf:
+  cmd.run:
+    - require:
+      - file: /etc/postgresql/9.1/dummy/postgresql.conf
+
+postgresql:
+  pkg:
+    - installed
+    - require:
+      - file: /etc/postgresql/9.1/dummy/postgresql.conf
+      - cmd: echo never > /etc/postgresql/9.1/dummy/start.conf
+  service:
+    - running
+    - require:
+      - pkg: postgresql
+      - cmd: createcluster
+
+createcluster:
+  cmd.run:
+    - require:
+      - pkg: postgresql
+    - name: pg_createcluster --locale=en_US.UTF-8 -p 5432 9.1 main --start
+    - unless: test -d /etc/postgresql/9.1/main
+
+cubicweb:
+  user.present:
+    - fullname: cubicweb 
+    - shell: /bin/bash
+    - home: /home/cubicweb
+    - password: $6$rounds=30783$mXPCjycpkoYoujy/$Og3RabM7G7m0UkbknMtGzXhBpCSEi.hVT8D4SPyIzD4DS3Mc7q4Xj8v9fWiQgnPgnXzvoFf3zdnB1GiyxH9YS1
+    - groups: 
+      - sudo 
+  postgres_user.present:
+    - superuser: True
+    - require:
+      - service: postgresql
+
+postgresql-plpython-9.1:
+  pkg:
+    - installed
+
+http://hg.logilab.fr/grshells/simulagora:
+  hg.latest:
+    - runas: cubicweb
+    - target: /home/cubicweb/grshell-simulagora
+    - require:
+      - user: cubicweb
+
+grshell-update:
+  cmd.run:
+    - user: cubicweb
+    - require:
+      - hg: http://hg.logilab.fr/grshells/simulagora
+    - name: hg -R /home/cubicweb/grshell-simulagora grpull && hg -R /home/cubicweb/grshell-simulagora grup
+
+# XXX not in grshell
+http://hg.logilab.fr/review/prive/cubes/sccp_logilab:
+  hg.latest:
+    - runas: cubicweb
+    - target: /home/cubicweb/grshell-simulagora/cubes/sccp_logilab
+    - require:
+      - cmd: grshell-update
+
+build:
+  cmd.run:
+    - user: cubicweb
+    - require:
+      - cmd: grshell-update
+    - cwd: /home/cubicweb/grshell-simulagora/rql
+    - name: python setup.py build_ext --inplace
+
+cubicweb-ctl create -a -S simulagora simulagora:
+  cmd.run:
+    - user: cubicweb
+    - require:
+      - cmd: build
+    - env:
+      - PYTHONPATH: /home/cubicweb/grshell-simulagora
+      - PATH: /home/cubicweb/grshell-simulagora/cubicweb/bin:/usr/bin:/bin
+
+cubicweb-ctl db-create -a simulagora:
+  cmd.run:
+    - user: cubicweb
+    - require:
+      - service: postgresql
+      - postgres_user: cubicweb
+      - pkg: postgresql-plpython-9.1
+      - file: /home/cubicweb/etc/cubicweb.d/simulagora/iam_admin_credentials
+      - file: /home/cubicweb/etc/cubicweb.d/simulagora/s3_uploader_credentials
+      - hg: http://hg.logilab.fr/review/prive/cubes/sccp_logilab
+    - env:
+      - PYTHONPATH: /home/cubicweb/grshell-simulagora
+      - PATH: /home/cubicweb/grshell-simulagora/cubicweb/bin:/usr/bin:/bin
+
+/home/cubicweb/etc/cubicweb.d/simulagora/iam_admin_credentials:
+  file.managed:
+    - source: salt://others/s3_uploader_credentials
+    - user: cubicweb
+    - group: cubicweb
+    - mode: 0600
+    - dir_mode: 0755
+    - makedirs: True
+
+/home/cubicweb/etc/cubicweb.d/simulagora/s3_uploader_credentials:
+  file.managed:
+    - source: salt://others/s3_uploader_credentials
+    - user: cubicweb
+    - group: cubicweb
+    - mode: 0600
+    - dir_mode: 0755
+    - makedirs: True
+
+keygen:
+  cmd.run:
+    - name: ssh-keygen -t rsa -f /home/cubicweb/.ssh/id_rsa -N ''
+    - user: cubicweb
+    - unless: test -f /home/cubicweb/.ssh/id_rsa
+
+cp /home/cubicweb/.ssh/id_rsa.pub /etc/mercurial-server/keys/root/cubicweb:
+  cmd.run:
+    - require:
+      - cmd: keygen
+
+/usr/share/mercurial-server/refresh-auth:
+  cmd.run:
+    - require:
+      - cmd: cp /home/cubicweb/.ssh/id_rsa.pub /etc/mercurial-server/keys/root/cubicweb
+    - user: hg
+
+/home/cubicweb/.ssh/config:
+  file.managed:
+    - source: salt://others/ssh_config
+    - user: cubicweb
+    - group: cubicweb
+    - mode: 644
+    - makedirs: True
+
+/home/cubicweb/.bashrc:
+  file.append:
+    - text:
+      - export PATH=$PATH:/home/cubicweb/grshell-simulagora/cubicweb/bin
+      - export PYTHONPATH=/home/cubicweb/grshell-simulagora
+
+https-url:
+  cmd.run:
+    - user: cubicweb
+    - name: sed -i "s,.*https-url=.*,https-url=https://{{ grains['public-ipv4'] }}/," /home/cubicweb/etc/cubicweb.d/simulagora/all-in-one.conf
+    - require:
+      - cmd: cubicweb-ctl db-create -a simulagora
+
+base-url:
+  cmd.run:
+    - user: cubicweb
+    - name: sed -i "s,.*base-url=.*,base-url=http://{{ grains['public-ipv4'] }}:8080/," /home/cubicweb/etc/cubicweb.d/simulagora/all-in-one.conf
+    - require:
+      - cmd: cubicweb-ctl db-create -a simulagora
+
+s3-bucket:
+  cmd.run:
+    - user: cubicweb
+    - name: sed -i "s,.*cloud-storage-container=,cloud-storage-container=simulagora-dev," /home/cubicweb/etc/cubicweb.d/simulagora/all-in-one.conf
+    - require:
+      - cmd: cubicweb-ctl db-create -a simulagora
+
+populate:
+  cmd.run:
+    - name: cubicweb-ctl shell simulagora /srv/salt/others/populate.py
+    - require:
+      - cmd: cubicweb-ctl db-create -a simulagora
+    - user: cubicweb
+    - env:
+      - PYTHONPATH: /home/cubicweb/grshell-simulagora
+      - PATH: /home/cubicweb/grshell-simulagora/cubicweb/bin:/usr/bin:/bin
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/cubicweb/init.sls	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,53 @@
+include:
+  - apt.logilab-public
+
+cw-logilab-req:
+  pkg.installed:
+    - pkgs:
+      - python-logilab-common
+      - python-yams
+      - python-rql
+      - python-logilab-database
+      - python-logilab-mtconverter
+    - require:
+      - pkgrepo: logilab-public-production
+      - pkgrepo: logilab-public-acceptance
+    - fromrepo: production
+ 
+cw-core:
+  pkg.installed:
+    - pkgs:
+      - cubicweb-common
+      - cubicweb-ctl
+      - cubicweb-postgresql-support
+      - cubicweb-server
+    - fromrepo: production
+    - require:
+      - pkg: cw-logilab-req
+
+cw-basecubes:
+  pkg.installed:
+    - pkgs:
+      - cubicweb-blog
+      - cubicweb-card
+      - cubicweb-comment
+      - cubicweb-email
+      - cubicweb-file
+      - cubicweb-folder
+      - cubicweb-keyword
+#      - cubicweb-link
+      - cubicweb-localperms
+      - cubicweb-tag
+      - cubicweb-sioc
+    - fromrepo: production
+    - require:
+      - pkg: cw-core
+
+cwtwisted:
+  pkg.installed:
+    - names:
+      - cubicweb-twisted
+      - cubicweb-web
+    - require:
+      - pkg: cw-core
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/demo.sls	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,35 @@
+include:
+  - postgresql.demo
+
+create cw demo:
+  cmd.run:
+    - name: cubicweb-ctl create blog blog -a
+    - unless: ls /etc/cubicweb.d/blog/all-in-one.conf
+
+reset admin password:
+  cmd.run:
+    - name: cubicweb-ctl reset-admin-pwd blog -p admin
+
+change base_url:
+  file.replace:
+    - name: /etc/cubicweb.d/blog/all-in-one.conf
+    - pattern: "#base-url="
+    - repl: "base-url: http://localhost:8080" 
+
+enable anon:
+  file.replace:
+    - name: /etc/cubicweb.d/blog/all-in-one.conf
+    - pattern: "#anonymous-user="
+    - repl: "anonymous-password=anon"
+
+enable anon pass:
+  file.replace:
+    - name: /etc/cubicweb.d/blog/all-in-one.conf
+    - pattern: "#anonymous-password="
+    - repl: "anonymous-password=anon"
+
+restart cw demo:
+  cmd.run:
+    - name: cubicweb-ctl restart blog
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/postgresql/demo.sls	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,22 @@
+
+include:
+  - postgresql
+
+trust mode for psql server:
+  cmd.run:
+    - name: sed -i 's/peer/trust/g' /etc/postgresql/9.1/main/pg_hba.conf
+    - onlyif: grep peer /etc/postgresql/9.1/main/pg_hba.conf
+    - watch_in: 
+      - service: postgresql
+
+trust mode for psql server md5:
+  cmd.run:
+    - name: sed -i 's/md5/trust/g' /etc/postgresql/9.1/main/pg_hba.conf
+    - onlyif: grep md5 /etc/postgresql/9.1/main/pg_hba.conf
+    - watch_in: 
+      - service: postgresql
+
+cubicweb:
+    postgres_user.present:
+      - createdb: True
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/postgresql/dummy-postgresql.conf	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,4 @@
+# the presence of this file prevents postgresql-9.1.postinst from creating a cluster
+# (which would get a wrong locale and make cubicweb angry)
+# the port line tells the psql wrapper we're not on 5432 and thus not the default
+port = 9
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/postgresql/init.sls	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,36 @@
+# prevent postgresql install from running createcluster
+/etc/postgresql/9.1/dummy/postgresql.conf:
+  file.managed:
+    - source: salt://postgresql/dummy-postgresql.conf
+    - makedirs: True
+
+echo never > /etc/postgresql/9.1/dummy/start.conf:
+  cmd.run:
+    - require:
+      - file: /etc/postgresql/9.1/dummy/postgresql.conf
+
+postgresql:
+  pkg:
+    - installed
+    - require:
+      - file: /etc/postgresql/9.1/dummy/postgresql.conf
+      - cmd: echo never > /etc/postgresql/9.1/dummy/start.conf
+  service:
+    - running
+    - require:
+      - pkg: postgresql
+      - cmd: createcluster
+
+createcluster:
+  cmd.run:
+    - require:
+      - pkg: postgresql
+    - name: pg_createcluster --locale=en_US.UTF-8 -p 5432 9.1 main --start
+    - unless: test -d /etc/postgresql/9.1/main
+
+
+postgresql-plpython-9.1:
+  pkg.installed
+
+
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/salt/roots/top.sls	Tue May 13 10:16:44 2014 +0200
@@ -0,0 +1,6 @@
+base:
+  '*':
+      - basepkgs
+      - cubicweb
+      - postgresql
+      - demo