11 Optional[String] $pg_hostname = "/run/postgresql",
12 Optional[String] $pg_port = "5432",
13 Optional[String] $caldance_version = undef,
14 Optional[String] $caldance_sha256 = undef,
15 Optional[Array] $cron_pip = [],
17 $password_seed = lookup("base_installation::puppet_pass_seed")
18 include "base_installation"
20 include "profile::mail"
21 include "profile::tools"
22 include "profile::postgresql"
23 include "profile::apache"
24 include "profile::redis"
25 include "profile::monitoring"
27 ensure_packages(["python-pip", "python-virtualenv", "python-django", "uwsgi-plugin-python"])
29 $caldance_app = "${home}/app"
30 $pg_password = generate_password(24, $password_seed, "postgres_caldance")
31 $secret_key = generate_password(24, $password_seed, "secret_key_caldance")
32 $socket = "/run/caldance/app.sock"
36 "DB_USER" => $pg_user,
37 "DB_PASSWORD" => $pg_password,
38 "DB_HOST" => $pg_hostname,
39 "DB_PORT" => $pg_port,
40 "SECRET_KEY" => $secret_key,
42 "LOG_FILE" => "$home/caldev_django.log",
43 "MEDIA_ROOT" => "$home/media",
49 file { "${home}/caldev_django.log":
56 ensure => "directory",
60 require => User["$user:"],
62 file { "${home}/media":
63 ensure => "directory",
69 exec { "initialize_venv":
71 require => User["$user:"],
72 command => "/usr/bin/virtualenv ${home}/virtualenv",
73 creates => "${home}/virtualenv",
76 archive { "${home}/caldance_${caldance_version}.tar.gz":
77 path => "${home}/caldance_${caldance_version}.tar.gz",
78 source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz",
79 checksum_type => "sha256",
80 checksum => $caldance_sha256,
84 username => lookup("base_installation::ldap_cn"),
85 password => generate_password(24, $password_seed, "ldap"),
86 extract_path => $caldance_app,
87 require => [User["$user:"], File[$caldance_app]],
89 exec { "py-requirements":
92 environment => ["HOME=${home}"],
93 command => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt --upgrade",
94 require => User["$user:"],
100 environment => ["HOME=${home}"],
101 command => "$caldance_app/manage migrate",
102 require => [User["$user:"], File["$caldance_app/manage"]],
106 cwd => $caldance_app,
108 environment => ["HOME=${home}"],
109 command => "$caldance_app/manage collectstatic --no-input",
110 require => [User["$user:"], File["$caldance_app/manage"]],
113 exec { "restart uwsgi application":
114 command => "/usr/bin/systemctl restart caldance-app.service",
115 require => [User["$user:"], File["$caldance_app/app.ini"]],
119 $uwsgi_path = "${home}/virtualenv/bin/uwsgi"
120 $python_path = "${home}/virtualenv/bin/python"
121 file { "$caldance_app/manage":
125 content => template("role/caldance/manage.sh.erb"),
128 Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
132 file { "$caldance_app/app.ini":
136 content => template("role/caldance/app.ini.erb"),
139 Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
143 profile::postgresql::master { "postgresql master for caldance":
144 letsencrypt_host => $web_host,
145 backup_hosts => ["backup-1"],
148 postgresql::server::db { $pg_db:
150 password => postgresql_password($pg_user, $pg_password),
153 # pour le script de génération de mdp
154 ensure_packages(["perl-digest-sha1"])
156 ensure_packages(["postgis", "python-gdal", "ripgrep"])
157 file { "/usr/local/bin/ldap_ssha":
161 source => "puppet:///modules/base_installation/scripts/ldap_ssha",
162 require => Package["perl-digest-sha1"],
165 sudo::conf { 'wheel_nopasswd':
167 content => "%wheel ALL=(ALL) NOPASSWD: ALL",
168 require => Package["sudo"],
171 ensure_packages(["mod_wsgi"])
172 class { 'apache::mod::wsgi':
173 wsgi_python_home => "${home}/virtualenv",
174 wsgi_python_path => $caldance_app,
175 require => Package["mod_wsgi"],
177 class { 'apache::mod::authn_file': }
178 class { 'apache::mod::authn_core': }
179 class { 'apache::mod::authz_user': }
180 class { 'apache::mod::auth_basic': }
181 class { 'apache::mod::proxy': }
182 apache::mod { 'proxy_uwsgi': }
184 apache::vhost { $web_host:
187 manage_docroot => false,
189 ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
190 ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
191 ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
192 require => Letsencrypt::Certonly[$web_host],
193 proxy_preserve_host => true,
197 url => "unix:$socket|uwsgi://caldance-app/",
199 no_proxy_uris => [ "/media/", "/static/" ],
204 path => "$caldance_app/main_app",
205 require => "all granted",
208 path => "$caldance_app/www/static",
209 require => "all granted",
212 path => "$home/media",
213 require => "all granted",
214 options => ["-Indexes"],
218 provider => "location",
219 require => "valid-user",
220 auth_type => "Basic",
221 auth_name => "Authentification requise",
222 auth_user_file => "$home/htpasswd",
228 path => "$caldance_app/www/static/",
232 path => "$home/media/",
235 default: * => $::profile::apache::apache_vhost_default;
238 file { "/etc/systemd/system/caldance-app.service":
242 content => template("role/caldance/caldance-app.service.erb"),
243 require => File["$caldance_app/app.ini"],
245 service { "caldance-app":
250 $mailtos = join($cron_pip, ",")
251 cron::job { "list_outdated_pip_packages":
254 environment => ["HOME=${home}","MAILTO=${mailtos}"],
255 command => "${home}/virtualenv/bin/pip list --outdated",
258 require => Exec["initialize_venv"],