]>
Commit | Line | Data |
---|---|---|
851ca3c6 | 1 | class role::caldance ( |
a25b5f82 IB |
2 | String $user, |
3 | String $group, | |
4 | String $home, | |
5 | String $web_host, | |
6 | String $pg_user, | |
7 | String $pg_db, | |
8 | String $mail_from, | |
9 | String $smtp_host, | |
10 | String $smtp_port, | |
11 | Optional[String] $pg_hostname = "/run/postgresql", | |
12 | Optional[String] $pg_port = "5432", | |
13 | Optional[String] $caldance_version = undef, | |
14 | Optional[String] $caldance_sha256 = undef, | |
851ca3c6 | 15 | ) { |
a25b5f82 IB |
16 | $password_seed = lookup("base_installation::puppet_pass_seed") |
17 | $web_home = "/home/simon_descarpentries" | |
851ca3c6 IB |
18 | include "base_installation" |
19 | ||
20 | include "profile::tools" | |
21 | include "profile::postgresql" | |
22 | include "profile::apache" | |
23 | include "profile::redis" | |
d8f933bd | 24 | include "profile::monitoring" |
851ca3c6 IB |
25 | |
26 | ensure_packages(["python-pip", "python-virtualenv", "python-django"]) | |
b3ac23bb | 27 | |
a25b5f82 | 28 | $caldance_app = "${home}/app" |
d3948290 IB |
29 | $pg_password = generate_password(24, $password_seed, "postgres_caldance") |
30 | $secret_key = generate_password(24, $password_seed, "secret_key_caldance") | |
31 | ||
32 | $environment = { | |
33 | "DB_NAME" => $pg_db, | |
34 | "DB_USER" => $pg_user, | |
35 | "DB_PASSWORD" => $pg_password, | |
36 | "DB_HOST" => $pg_hostname, | |
37 | "DB_PORT" => $pg_port, | |
38 | "SECRET_KEY" => $secret_key, | |
39 | "DEBUG" => "False", | |
40 | "LOG_FILE" => "$home/caldev_django.log", | |
41 | "FROM_EMAIL" => $mail_from, | |
42 | "EMAIL_HOST" => $smtp_host, | |
43 | "EMAIL_PORT" => $smtp_port, | |
44 | } | |
45 | $shell_env = $environment.map |$key, $value| { "$key=$value" } | |
46 | $apache_env = $environment.map |$key, $value| { "CALDANCE_$key $value" } | |
47 | ||
48 | file { $home: | |
49 | mode => "0755", | |
50 | } | |
51 | file { "${home}/caldev_django.log": | |
52 | mode => "0664", | |
53 | owner => $user, | |
54 | group => "http", | |
d3948290 | 55 | } |
a25b5f82 IB |
56 | |
57 | file { $caldance_app: | |
58 | ensure => "directory", | |
59 | mode => "0755", | |
60 | owner => $user, | |
61 | group => $group, | |
62 | require => User["$user:"], | |
63 | } | |
64 | ||
65 | exec { "initialize_venv": | |
66 | user => $user, | |
67 | require => User["$user:"], | |
68 | command => "/usr/bin/virtualenv ${home}/virtualenv", | |
69 | creates => "${home}/virtualenv", | |
70 | } | |
71 | -> | |
72 | archive { "${home}/caldance_${caldance_version}.tar.gz": | |
73 | path => "${home}/caldance_${caldance_version}.tar.gz", | |
74 | source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz", | |
75 | checksum_type => "sha256", | |
76 | checksum => $caldance_sha256, | |
77 | cleanup => false, | |
78 | extract => true, | |
79 | user => $user, | |
80 | username => lookup("base_installation::ldap_cn"), | |
81 | password => generate_password(24, $password_seed, "ldap"), | |
82 | extract_path => $caldance_app, | |
83 | require => [User["$user:"], File[$caldance_app]], | |
84 | } ~> | |
85 | exec { "py-requirements": | |
86 | cwd => $caldance_app, | |
87 | user => $user, | |
d3948290 IB |
88 | environment => concat(["HOME=${home}"], $shell_env), |
89 | command => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt", | |
a25b5f82 IB |
90 | require => User["$user:"], |
91 | refreshonly => true, | |
92 | } ~> | |
93 | exec { "py-migrate": | |
94 | cwd => $caldance_app, | |
95 | user => $user, | |
d3948290 | 96 | environment => concat(["HOME=${home}"], $shell_env), |
a25b5f82 | 97 | command => "$caldance_app/manage.py migrate", |
d3948290 | 98 | require => [User["$user:"], File["$caldance_app/manage.py"]], |
a25b5f82 IB |
99 | refreshonly => true, |
100 | } ~> | |
101 | exec { "py-static": | |
102 | cwd => $caldance_app, | |
103 | user => $user, | |
d3948290 | 104 | environment => concat(["HOME=${home}"], $shell_env), |
a25b5f82 | 105 | command => "$caldance_app/manage.py collectstatic --no-input", |
d3948290 | 106 | require => [User["$user:"], File["$caldance_app/manage.py"]], |
a25b5f82 IB |
107 | refreshonly => true, |
108 | } ~> | |
109 | exec { "reload httpd": | |
110 | command => "/usr/bin/systemctl reload httpd", | |
d3948290 | 111 | require => [User["$user:"], File["$caldance_app/manage.py"]], |
a25b5f82 IB |
112 | refreshonly => true, |
113 | } | |
114 | ||
a25b5f82 IB |
115 | $python_path = "${home}/virtualenv/bin/python" |
116 | file { "$caldance_app/manage.py": | |
117 | owner => $user, | |
118 | group => $group, | |
119 | mode => "0755", | |
120 | content => template("role/caldance/manage.py.erb"), | |
121 | require => [ | |
122 | User["$user:"], | |
123 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], | |
124 | ], | |
125 | } | |
126 | ||
127 | profile::postgresql::master { "postgresql master for caldance": | |
128 | letsencrypt_host => $web_host, | |
129 | backup_hosts => ["backup-1"], | |
130 | } | |
131 | ||
132 | postgresql::server::db { $pg_db: | |
133 | user => $pg_user, | |
134 | password => postgresql_password($pg_user, $pg_password), | |
135 | } | |
136 | ||
b3ac23bb IB |
137 | # pour le script de génération de mdp |
138 | ensure_packages(["perl-digest-sha1"]) | |
139 | ||
a25b5f82 | 140 | ensure_packages(["postgis", "python-gdal", "ripgrep"]) |
b3ac23bb IB |
141 | file { "/usr/local/bin/ldap_ssha": |
142 | owner => "root", | |
143 | group => "root", | |
144 | mode => "0755", | |
145 | source => "puppet:///modules/base_installation/scripts/ldap_ssha", | |
146 | require => Package["perl-digest-sha1"], | |
147 | } | |
a25b5f82 IB |
148 | |
149 | sudo::conf { 'wheel_nopasswd': | |
150 | priority => 99, | |
151 | content => "%wheel ALL=(ALL) NOPASSWD: ALL", | |
152 | require => Package["sudo"], | |
153 | } | |
154 | ||
155 | ensure_packages(["mod_wsgi"]) | |
156 | class { 'apache::mod::wsgi': | |
d3948290 IB |
157 | wsgi_python_home => "${home}/virtualenv", |
158 | wsgi_python_path => $caldance_app, | |
a25b5f82 IB |
159 | require => Package["mod_wsgi"], |
160 | } | |
161 | class { 'apache::mod::authn_file': } | |
162 | class { 'apache::mod::authn_core': } | |
163 | class { 'apache::mod::authz_user': } | |
164 | class { 'apache::mod::auth_basic': } | |
165 | ||
166 | apache::vhost { $web_host: | |
167 | port => '443', | |
168 | docroot => false, | |
169 | manage_docroot => false, | |
170 | ssl => true, | |
171 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", | |
172 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", | |
173 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", | |
174 | require => Letsencrypt::Certonly[$web_host], | |
175 | directories => [ | |
176 | { | |
d3948290 | 177 | path => "$caldance_app/main_app", |
a25b5f82 IB |
178 | require => "all granted", |
179 | }, | |
180 | { | |
d3948290 | 181 | path => "$caldance_app/www/static", |
a25b5f82 IB |
182 | require => "all granted", |
183 | }, | |
184 | { | |
185 | path => "/", | |
186 | provider => "location", | |
187 | require => "valid-user", | |
188 | auth_type => "Basic", | |
189 | auth_name => "Authentification requise", | |
190 | auth_user_file => "$web_home/caldev/.htpasswd", | |
191 | }, | |
192 | ], | |
193 | aliases => [ | |
194 | { | |
195 | alias => "/static/", | |
d3948290 | 196 | path => "$caldance_app/www/static/", |
a25b5f82 IB |
197 | }, |
198 | ], | |
d3948290 IB |
199 | setenv => $apache_env, |
200 | wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" }; | |
a25b5f82 IB |
201 | default: * => $::profile::apache::apache_vhost_default; |
202 | } | |
851ca3c6 | 203 | } |