]>
Commit | Line | Data |
---|---|---|
1 | class role::caldance ( | |
2 | String $user, | |
3 | String $group, | |
4 | String $home, | |
5 | String $web_host, | |
6 | String $pg_user, | |
7 | String $pg_db, | |
8 | String $mail_from, | |
9 | String $smtp_host, | |
10 | String $smtp_port, | |
11 | Optional[String] $pg_hostname = "/run/postgresql", | |
12 | Optional[String] $pg_port = "5432", | |
13 | Optional[String] $caldance_version = undef, | |
14 | Optional[String] $caldance_sha256 = undef, | |
15 | ) { | |
16 | $password_seed = lookup("base_installation::puppet_pass_seed") | |
17 | $web_home = "/home/simon_descarpentries" | |
18 | include "base_installation" | |
19 | ||
20 | include "profile::tools" | |
21 | include "profile::postgresql" | |
22 | include "profile::apache" | |
23 | include "profile::redis" | |
24 | include "profile::monitoring" | |
25 | ||
26 | ensure_packages(["python-pip", "python-virtualenv", "python-django"]) | |
27 | ||
28 | $caldance_app = "${home}/app" | |
29 | $pg_password = generate_password(24, $password_seed, "postgres_caldance") | |
30 | $secret_key = generate_password(24, $password_seed, "secret_key_caldance") | |
31 | ||
32 | $environment = { | |
33 | "DB_NAME" => $pg_db, | |
34 | "DB_USER" => $pg_user, | |
35 | "DB_PASSWORD" => $pg_password, | |
36 | "DB_HOST" => $pg_hostname, | |
37 | "DB_PORT" => $pg_port, | |
38 | "SECRET_KEY" => $secret_key, | |
39 | "DEBUG" => "False", | |
40 | "LOG_FILE" => "$home/caldev_django.log", | |
41 | "FROM_EMAIL" => $mail_from, | |
42 | "EMAIL_HOST" => $smtp_host, | |
43 | "EMAIL_PORT" => $smtp_port, | |
44 | } | |
45 | $shell_env = $environment.map |$key, $value| { "$key=$value" } | |
46 | $apache_env = $environment.map |$key, $value| { "CALDANCE_$key $value" } | |
47 | ||
48 | file { $home: | |
49 | mode => "0755", | |
50 | } | |
51 | file { "${home}/caldev_django.log": | |
52 | mode => "0664", | |
53 | owner => $user, | |
54 | group => "http", | |
55 | } | |
56 | ||
57 | file { $caldance_app: | |
58 | ensure => "directory", | |
59 | mode => "0755", | |
60 | owner => $user, | |
61 | group => $group, | |
62 | require => User["$user:"], | |
63 | } | |
64 | ||
65 | exec { "initialize_venv": | |
66 | user => $user, | |
67 | require => User["$user:"], | |
68 | command => "/usr/bin/virtualenv ${home}/virtualenv", | |
69 | creates => "${home}/virtualenv", | |
70 | } | |
71 | -> | |
72 | archive { "${home}/caldance_${caldance_version}.tar.gz": | |
73 | path => "${home}/caldance_${caldance_version}.tar.gz", | |
74 | source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz", | |
75 | checksum_type => "sha256", | |
76 | checksum => $caldance_sha256, | |
77 | cleanup => false, | |
78 | extract => true, | |
79 | user => $user, | |
80 | username => lookup("base_installation::ldap_cn"), | |
81 | password => generate_password(24, $password_seed, "ldap"), | |
82 | extract_path => $caldance_app, | |
83 | require => [User["$user:"], File[$caldance_app]], | |
84 | } ~> | |
85 | exec { "py-requirements": | |
86 | cwd => $caldance_app, | |
87 | user => $user, | |
88 | environment => concat(["HOME=${home}"], $shell_env), | |
89 | command => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt --upgrade", | |
90 | require => User["$user:"], | |
91 | refreshonly => true, | |
92 | } ~> | |
93 | exec { "py-migrate": | |
94 | cwd => $caldance_app, | |
95 | user => $user, | |
96 | environment => concat(["HOME=${home}"], $shell_env), | |
97 | command => "$caldance_app/manage.py migrate", | |
98 | require => [User["$user:"], File["$caldance_app/manage.py"]], | |
99 | refreshonly => true, | |
100 | } ~> | |
101 | exec { "py-static": | |
102 | cwd => $caldance_app, | |
103 | user => $user, | |
104 | environment => concat(["HOME=${home}"], $shell_env), | |
105 | command => "$caldance_app/manage.py collectstatic --no-input", | |
106 | require => [User["$user:"], File["$caldance_app/manage.py"]], | |
107 | refreshonly => true, | |
108 | } ~> | |
109 | exec { "reload httpd": | |
110 | command => "/usr/bin/systemctl reload httpd", | |
111 | require => [User["$user:"], File["$caldance_app/manage.py"]], | |
112 | refreshonly => true, | |
113 | } | |
114 | ||
115 | $python_path = "${home}/virtualenv/bin/python" | |
116 | file { "$caldance_app/manage.py": | |
117 | owner => $user, | |
118 | group => $group, | |
119 | mode => "0755", | |
120 | content => template("role/caldance/manage.py.erb"), | |
121 | require => [ | |
122 | User["$user:"], | |
123 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], | |
124 | ], | |
125 | } | |
126 | ||
127 | profile::postgresql::master { "postgresql master for caldance": | |
128 | letsencrypt_host => $web_host, | |
129 | backup_hosts => ["backup-1"], | |
130 | } | |
131 | ||
132 | postgresql::server::db { $pg_db: | |
133 | user => $pg_user, | |
134 | password => postgresql_password($pg_user, $pg_password), | |
135 | } | |
136 | ||
137 | # pour le script de génération de mdp | |
138 | ensure_packages(["perl-digest-sha1"]) | |
139 | ||
140 | ensure_packages(["postgis", "python-gdal", "ripgrep"]) | |
141 | file { "/usr/local/bin/ldap_ssha": | |
142 | owner => "root", | |
143 | group => "root", | |
144 | mode => "0755", | |
145 | source => "puppet:///modules/base_installation/scripts/ldap_ssha", | |
146 | require => Package["perl-digest-sha1"], | |
147 | } | |
148 | ||
149 | sudo::conf { 'wheel_nopasswd': | |
150 | priority => 99, | |
151 | content => "%wheel ALL=(ALL) NOPASSWD: ALL", | |
152 | require => Package["sudo"], | |
153 | } | |
154 | ||
155 | ensure_packages(["mod_wsgi"]) | |
156 | class { 'apache::mod::wsgi': | |
157 | wsgi_python_home => "${home}/virtualenv", | |
158 | wsgi_python_path => $caldance_app, | |
159 | require => Package["mod_wsgi"], | |
160 | } | |
161 | class { 'apache::mod::authn_file': } | |
162 | class { 'apache::mod::authn_core': } | |
163 | class { 'apache::mod::authz_user': } | |
164 | class { 'apache::mod::auth_basic': } | |
165 | ||
166 | apache::vhost { $web_host: | |
167 | port => '443', | |
168 | docroot => false, | |
169 | manage_docroot => false, | |
170 | ssl => true, | |
171 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", | |
172 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", | |
173 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", | |
174 | require => Letsencrypt::Certonly[$web_host], | |
175 | directories => [ | |
176 | { | |
177 | path => "$caldance_app/main_app", | |
178 | require => "all granted", | |
179 | }, | |
180 | { | |
181 | path => "$caldance_app/www/static", | |
182 | require => "all granted", | |
183 | }, | |
184 | { | |
185 | path => "/", | |
186 | provider => "location", | |
187 | require => "valid-user", | |
188 | auth_type => "Basic", | |
189 | auth_name => "Authentification requise", | |
190 | auth_user_file => "$web_home/caldev/.htpasswd", | |
191 | }, | |
192 | ], | |
193 | aliases => [ | |
194 | { | |
195 | alias => "/static/", | |
196 | path => "$caldance_app/www/static/", | |
197 | }, | |
198 | ], | |
199 | setenv => $apache_env, | |
200 | wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" }; | |
201 | default: * => $::profile::apache::apache_vhost_default; | |
202 | } | |
203 | } |