]>
Commit | Line | Data |
---|---|---|
851ca3c6 | 1 | class role::caldance ( |
a25b5f82 IB |
2 | String $user, |
3 | String $group, | |
4 | String $home, | |
5 | String $web_host, | |
6 | String $pg_user, | |
7 | String $pg_db, | |
8 | String $mail_from, | |
9 | String $smtp_host, | |
10 | String $smtp_port, | |
11 | Optional[String] $pg_hostname = "/run/postgresql", | |
12 | Optional[String] $pg_port = "5432", | |
13 | Optional[String] $caldance_version = undef, | |
14 | Optional[String] $caldance_sha256 = undef, | |
01d9e644 | 15 | Optional[Array] $cron_pip = [], |
851ca3c6 | 16 | ) { |
a25b5f82 | 17 | $password_seed = lookup("base_installation::puppet_pass_seed") |
851ca3c6 IB |
18 | include "base_installation" |
19 | ||
01d9e644 | 20 | include "profile::mail" |
851ca3c6 IB |
21 | include "profile::tools" |
22 | include "profile::postgresql" | |
23 | include "profile::apache" | |
24 | include "profile::redis" | |
d8f933bd | 25 | include "profile::monitoring" |
851ca3c6 | 26 | |
98ee93b9 | 27 | ensure_packages(["python-pip", "python-virtualenv", "python-django", "uwsgi-plugin-python"]) |
b3ac23bb | 28 | |
a25b5f82 | 29 | $caldance_app = "${home}/app" |
76fd3abc IB |
30 | $caldance_app_old = "${home}/app_old" |
31 | $caldance_app_tmp = "${home}/app_tmp" | |
d3948290 IB |
32 | $pg_password = generate_password(24, $password_seed, "postgres_caldance") |
33 | $secret_key = generate_password(24, $password_seed, "secret_key_caldance") | |
98ee93b9 | 34 | $socket = "/run/caldance/app.sock" |
d3948290 | 35 | |
76fd3abc IB |
36 | $uwsgi_path = "${home}/virtualenv/bin/uwsgi" |
37 | $python_path = "${home}/virtualenv/bin/python" | |
38 | ||
d3948290 IB |
39 | $environment = { |
40 | "DB_NAME" => $pg_db, | |
41 | "DB_USER" => $pg_user, | |
42 | "DB_PASSWORD" => $pg_password, | |
43 | "DB_HOST" => $pg_hostname, | |
44 | "DB_PORT" => $pg_port, | |
45 | "SECRET_KEY" => $secret_key, | |
46 | "DEBUG" => "False", | |
76fd3abc | 47 | "LOG_FILE" => "$home/caldance.log", |
3f485c9e | 48 | "MEDIA_ROOT" => "$home/media", |
d3948290 | 49 | } |
d3948290 IB |
50 | |
51 | file { $home: | |
52 | mode => "0755", | |
53 | } | |
76fd3abc IB |
54 | |
55 | file { $caldance_app_tmp: | |
56 | ensure => "directory", | |
57 | mode => "0755", | |
d3948290 | 58 | owner => $user, |
76fd3abc IB |
59 | group => $group, |
60 | require => User["$user:"], | |
d3948290 | 61 | } |
a25b5f82 IB |
62 | file { $caldance_app: |
63 | ensure => "directory", | |
64 | mode => "0755", | |
65 | owner => $user, | |
66 | group => $group, | |
67 | require => User["$user:"], | |
459e12d0 IB |
68 | } -> |
69 | file { "${home}/media": | |
70 | ensure => "directory", | |
71 | mode => "0755", | |
78df3a44 IB |
72 | owner => $user, |
73 | group => $group, | |
a25b5f82 IB |
74 | } |
75 | ||
76 | exec { "initialize_venv": | |
77 | user => $user, | |
78 | require => User["$user:"], | |
79 | command => "/usr/bin/virtualenv ${home}/virtualenv", | |
80 | creates => "${home}/virtualenv", | |
81 | } | |
82 | -> | |
83 | archive { "${home}/caldance_${caldance_version}.tar.gz": | |
84 | path => "${home}/caldance_${caldance_version}.tar.gz", | |
85 | source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz", | |
86 | checksum_type => "sha256", | |
87 | checksum => $caldance_sha256, | |
88 | cleanup => false, | |
89 | extract => true, | |
90 | user => $user, | |
91 | username => lookup("base_installation::ldap_cn"), | |
92 | password => generate_password(24, $password_seed, "ldap"), | |
76fd3abc IB |
93 | extract_path => $caldance_app_tmp, |
94 | require => [User["$user:"], File[$caldance_app_tmp]], | |
a25b5f82 IB |
95 | } ~> |
96 | exec { "py-requirements": | |
76fd3abc | 97 | cwd => $caldance_app_tmp, |
a25b5f82 | 98 | user => $user, |
931dddda | 99 | environment => ["HOME=${home}"], |
f22a16c8 | 100 | command => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt --upgrade", |
a25b5f82 IB |
101 | require => User["$user:"], |
102 | refreshonly => true, | |
103 | } ~> | |
76fd3abc IB |
104 | exec { "stop uwsgi application": |
105 | command => "/usr/bin/systemctl stop caldance-app.service || /usr/bin/true", | |
106 | require => [User["$user:"]], | |
a25b5f82 IB |
107 | refreshonly => true, |
108 | } ~> | |
76fd3abc IB |
109 | exec { "mv app_tmp": |
110 | cwd => $home, | |
a25b5f82 | 111 | user => $user, |
931dddda | 112 | environment => ["HOME=${home}"], |
76fd3abc IB |
113 | command => "/usr/bin/rm -rf $caldance_app_old && /usr/bin/mv $caldance_app $caldance_app_old && /usr/bin/mv $caldance_app_tmp $caldance_app && /usr/bin/mkdir $caldance_app_tmp", |
114 | require => [User["$user:"]], | |
a25b5f82 IB |
115 | refreshonly => true, |
116 | } ~> | |
76fd3abc IB |
117 | file { "$caldance_app/manage.py": |
118 | owner => $user, | |
119 | group => $group, | |
120 | mode => "0755", | |
121 | content => template("role/caldance/manage.py.erb"), | |
122 | require => [ | |
123 | User["$user:"], | |
124 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], | |
125 | ], | |
126 | } ~> | |
931dddda IB |
127 | file { "$caldance_app/manage": |
128 | owner => $user, | |
129 | group => $group, | |
130 | mode => "0755", | |
131 | content => template("role/caldance/manage.sh.erb"), | |
132 | require => [ | |
133 | User["$user:"], | |
76fd3abc | 134 | File["$caldance_app/manage.py"], |
931dddda IB |
135 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], |
136 | ], | |
76fd3abc | 137 | } ~> |
98ee93b9 IB |
138 | file { "$caldance_app/app.ini": |
139 | owner => $user, | |
140 | group => $group, | |
141 | mode => "0644", | |
142 | content => template("role/caldance/app.ini.erb"), | |
143 | require => [ | |
144 | User["$user:"], | |
145 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], | |
146 | ], | |
76fd3abc IB |
147 | } ~> |
148 | exec { "py-migrate": | |
149 | cwd => $caldance_app, | |
150 | user => $user, | |
151 | environment => ["HOME=${home}"], | |
152 | command => "$caldance_app/manage migrate", | |
153 | require => [User["$user:"], File["$caldance_app/manage"]], | |
154 | refreshonly => true, | |
155 | } ~> | |
156 | exec { "py-static": | |
157 | cwd => $caldance_app, | |
158 | user => $user, | |
159 | environment => ["HOME=${home}"], | |
160 | command => "$caldance_app/manage collectstatic --no-input", | |
161 | require => [User["$user:"], File["$caldance_app/manage"]], | |
162 | refreshonly => true, | |
163 | } ~> | |
164 | exec { "restart uwsgi application": | |
165 | command => "/usr/bin/systemctl restart caldance-app.service", | |
166 | require => [User["$user:"], File["$caldance_app/app.ini"]], | |
167 | refreshonly => true, | |
98ee93b9 IB |
168 | } |
169 | ||
a25b5f82 IB |
170 | profile::postgresql::master { "postgresql master for caldance": |
171 | letsencrypt_host => $web_host, | |
c5465178 | 172 | backup_hosts => [], |
a25b5f82 IB |
173 | } |
174 | ||
175 | postgresql::server::db { $pg_db: | |
176 | user => $pg_user, | |
177 | password => postgresql_password($pg_user, $pg_password), | |
178 | } | |
179 | ||
b3ac23bb IB |
180 | # pour le script de génération de mdp |
181 | ensure_packages(["perl-digest-sha1"]) | |
182 | ||
a25b5f82 | 183 | ensure_packages(["postgis", "python-gdal", "ripgrep"]) |
b3ac23bb IB |
184 | file { "/usr/local/bin/ldap_ssha": |
185 | owner => "root", | |
186 | group => "root", | |
187 | mode => "0755", | |
188 | source => "puppet:///modules/base_installation/scripts/ldap_ssha", | |
189 | require => Package["perl-digest-sha1"], | |
190 | } | |
a25b5f82 IB |
191 | |
192 | sudo::conf { 'wheel_nopasswd': | |
193 | priority => 99, | |
194 | content => "%wheel ALL=(ALL) NOPASSWD: ALL", | |
195 | require => Package["sudo"], | |
196 | } | |
197 | ||
198 | ensure_packages(["mod_wsgi"]) | |
199 | class { 'apache::mod::wsgi': | |
d3948290 IB |
200 | wsgi_python_home => "${home}/virtualenv", |
201 | wsgi_python_path => $caldance_app, | |
a25b5f82 IB |
202 | require => Package["mod_wsgi"], |
203 | } | |
204 | class { 'apache::mod::authn_file': } | |
205 | class { 'apache::mod::authn_core': } | |
206 | class { 'apache::mod::authz_user': } | |
207 | class { 'apache::mod::auth_basic': } | |
98ee93b9 IB |
208 | class { 'apache::mod::proxy': } |
209 | apache::mod { 'proxy_uwsgi': } | |
a25b5f82 IB |
210 | |
211 | apache::vhost { $web_host: | |
98ee93b9 IB |
212 | port => '443', |
213 | docroot => false, | |
214 | manage_docroot => false, | |
215 | ssl => true, | |
216 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", | |
217 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", | |
218 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", | |
219 | require => Letsencrypt::Certonly[$web_host], | |
220 | proxy_preserve_host => true, | |
221 | proxy_pass => [ | |
222 | { | |
223 | path => "/", | |
02a6bcd1 | 224 | url => "unix:$socket|uwsgi://caldance-app/", |
98ee93b9 IB |
225 | reverse_urls => [], |
226 | no_proxy_uris => [ "/media/", "/static/" ], | |
227 | } | |
228 | ], | |
229 | directories => [ | |
a25b5f82 | 230 | { |
d3948290 | 231 | path => "$caldance_app/main_app", |
a25b5f82 IB |
232 | require => "all granted", |
233 | }, | |
234 | { | |
d3948290 | 235 | path => "$caldance_app/www/static", |
a25b5f82 IB |
236 | require => "all granted", |
237 | }, | |
83341b3c IB |
238 | { |
239 | path => "$home/media", | |
240 | require => "all granted", | |
241 | options => ["-Indexes"], | |
242 | }, | |
a25b5f82 IB |
243 | { |
244 | path => "/", | |
245 | provider => "location", | |
246 | require => "valid-user", | |
247 | auth_type => "Basic", | |
248 | auth_name => "Authentification requise", | |
b1072a47 | 249 | auth_user_file => "$home/htpasswd", |
a25b5f82 IB |
250 | }, |
251 | ], | |
98ee93b9 | 252 | aliases => [ |
a25b5f82 IB |
253 | { |
254 | alias => "/static/", | |
d3948290 | 255 | path => "$caldance_app/www/static/", |
a25b5f82 | 256 | }, |
83341b3c IB |
257 | { |
258 | alias => "/media/", | |
259 | path => "$home/media/", | |
260 | }, | |
98ee93b9 IB |
261 | ]; |
262 | default: * => $::profile::apache::apache_vhost_default; | |
263 | } | |
264 | ||
265 | file { "/etc/systemd/system/caldance-app.service": | |
266 | mode => "0644", | |
267 | owner => "root", | |
268 | group => "root", | |
269 | content => template("role/caldance/caldance-app.service.erb"), | |
270 | require => File["$caldance_app/app.ini"], | |
271 | } -> | |
272 | service { "caldance-app": | |
273 | ensure => "running", | |
274 | enable => true | |
a25b5f82 | 275 | } |
01d9e644 | 276 | |
01d9e644 | 277 | cron::job { "list_outdated_pip_packages": |
441b866a | 278 | ensure => absent |
01d9e644 | 279 | } |
851ca3c6 | 280 | } |