include "profile::redis"
include "profile::monitoring"
- ensure_packages(["python-pip", "python-virtualenv", "python-django"])
+ ensure_packages(["python-pip", "python-virtualenv", "python-django", "uwsgi-plugin-python"])
$caldance_app = "${home}/app"
+ $caldance_app_old = "${home}/app_old"
+ $caldance_app_tmp = "${home}/app_tmp"
$pg_password = generate_password(24, $password_seed, "postgres_caldance")
$secret_key = generate_password(24, $password_seed, "secret_key_caldance")
+ $socket = "/run/caldance/app.sock"
+
+ $uwsgi_path = "${home}/virtualenv/bin/uwsgi"
+ $python_path = "${home}/virtualenv/bin/python"
$environment = {
"DB_NAME" => $pg_db,
"DB_PORT" => $pg_port,
"SECRET_KEY" => $secret_key,
"DEBUG" => "False",
- "LOG_FILE" => "$home/caldev_django.log",
+ "LOG_FILE" => "$home/caldance.log",
"MEDIA_ROOT" => "$home/media",
- "FROM_EMAIL" => $mail_from,
- "EMAIL_HOST" => $smtp_host,
- "EMAIL_PORT" => $smtp_port,
}
- $shell_env = $environment.map |$key, $value| { "$key=$value" }
- $apache_env = $environment.map |$key, $value| { "CALDANCE_$key $value" }
file { $home:
mode => "0755",
}
- file { "${home}/caldev_django.log":
- mode => "0664",
+
+ file { $caldance_app_tmp:
+ ensure => "directory",
+ mode => "0755",
owner => $user,
- group => "http",
+ group => $group,
+ require => User["$user:"],
}
-
file { $caldance_app:
ensure => "directory",
mode => "0755",
file { "${home}/media":
ensure => "directory",
mode => "0755",
- owner => "http",
- group => "http",
+ owner => $user,
+ group => $group,
}
exec { "initialize_venv":
user => $user,
username => lookup("base_installation::ldap_cn"),
password => generate_password(24, $password_seed, "ldap"),
- extract_path => $caldance_app,
- require => [User["$user:"], File[$caldance_app]],
+ extract_path => $caldance_app_tmp,
+ require => [User["$user:"], File[$caldance_app_tmp]],
} ~>
exec { "py-requirements":
- cwd => $caldance_app,
+ cwd => $caldance_app_tmp,
user => $user,
- environment => concat(["HOME=${home}"], $shell_env),
+ environment => ["HOME=${home}"],
command => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt --upgrade",
require => User["$user:"],
refreshonly => true,
} ~>
- exec { "py-migrate":
- cwd => $caldance_app,
- user => $user,
- environment => concat(["HOME=${home}"], $shell_env),
- command => "$caldance_app/manage.py migrate",
- require => [User["$user:"], File["$caldance_app/manage.py"]],
+ exec { "stop uwsgi application":
+ command => "/usr/bin/systemctl stop caldance-app.service || /usr/bin/true",
+ require => [User["$user:"]],
refreshonly => true,
} ~>
- exec { "py-static":
- cwd => $caldance_app,
+ exec { "mv app_tmp":
+ cwd => $home,
user => $user,
- environment => concat(["HOME=${home}"], $shell_env),
- command => "$caldance_app/manage.py collectstatic --no-input",
- require => [User["$user:"], File["$caldance_app/manage.py"]],
+ environment => ["HOME=${home}"],
+ command => "/usr/bin/rm -rf $caldance_app_old && /usr/bin/mv $caldance_app $caldance_app_old && /usr/bin/mv $caldance_app_tmp $caldance_app && /usr/bin/mkdir $caldance_app_tmp",
+ require => [User["$user:"]],
refreshonly => true,
} ~>
- exec { "reload httpd":
- command => "/usr/bin/systemctl reload httpd",
- require => [User["$user:"], File["$caldance_app/manage.py"]],
- refreshonly => true,
- }
-
- $python_path = "${home}/virtualenv/bin/python"
file { "$caldance_app/manage.py":
owner => $user,
group => $group,
User["$user:"],
Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
],
+ } ~>
+ file { "$caldance_app/manage":
+ owner => $user,
+ group => $group,
+ mode => "0755",
+ content => template("role/caldance/manage.sh.erb"),
+ require => [
+ User["$user:"],
+ File["$caldance_app/manage.py"],
+ Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
+ ],
+ } ~>
+ file { "$caldance_app/app.ini":
+ owner => $user,
+ group => $group,
+ mode => "0644",
+ content => template("role/caldance/app.ini.erb"),
+ require => [
+ User["$user:"],
+ Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
+ ],
+ } ~>
+ exec { "py-migrate":
+ cwd => $caldance_app,
+ user => $user,
+ environment => ["HOME=${home}"],
+ command => "$caldance_app/manage migrate",
+ require => [User["$user:"], File["$caldance_app/manage"]],
+ refreshonly => true,
+ } ~>
+ exec { "py-static":
+ cwd => $caldance_app,
+ user => $user,
+ environment => ["HOME=${home}"],
+ command => "$caldance_app/manage collectstatic --no-input",
+ require => [User["$user:"], File["$caldance_app/manage"]],
+ refreshonly => true,
+ } ~>
+ exec { "restart uwsgi application":
+ command => "/usr/bin/systemctl restart caldance-app.service",
+ require => [User["$user:"], File["$caldance_app/app.ini"]],
+ refreshonly => true,
}
profile::postgresql::master { "postgresql master for caldance":
letsencrypt_host => $web_host,
- backup_hosts => ["backup-1"],
+ backup_hosts => [],
}
postgresql::server::db { $pg_db:
class { 'apache::mod::authn_core': }
class { 'apache::mod::authz_user': }
class { 'apache::mod::auth_basic': }
+ class { 'apache::mod::proxy': }
+ apache::mod { 'proxy_uwsgi': }
apache::vhost { $web_host:
- port => '443',
- docroot => false,
- manage_docroot => false,
- ssl => true,
- ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
- ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
- ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
- require => Letsencrypt::Certonly[$web_host],
- directories => [
+ port => '443',
+ docroot => false,
+ manage_docroot => false,
+ ssl => true,
+ ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
+ ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
+ ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
+ require => Letsencrypt::Certonly[$web_host],
+ proxy_preserve_host => true,
+ proxy_pass => [
+ {
+ path => "/",
+ url => "unix:$socket|uwsgi://caldance-app/",
+ reverse_urls => [],
+ no_proxy_uris => [ "/media/", "/static/" ],
+ }
+ ],
+ directories => [
{
path => "$caldance_app/main_app",
require => "all granted",
path => "$caldance_app/www/static",
require => "all granted",
},
+ {
+ path => "$home/media",
+ require => "all granted",
+ options => ["-Indexes"],
+ },
{
path => "/",
provider => "location",
auth_user_file => "$home/htpasswd",
},
],
- aliases => [
+ aliases => [
{
alias => "/static/",
path => "$caldance_app/www/static/",
},
- ],
- setenv => $apache_env,
- wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" };
- default: * => $::profile::apache::apache_vhost_default;
+ {
+ alias => "/media/",
+ path => "$home/media/",
+ },
+ ];
+ default: * => $::profile::apache::apache_vhost_default;
+ }
+
+ file { "/etc/systemd/system/caldance-app.service":
+ mode => "0644",
+ owner => "root",
+ group => "root",
+ content => template("role/caldance/caldance-app.service.erb"),
+ require => File["$caldance_app/app.ini"],
+ } ->
+ service { "caldance-app":
+ ensure => "running",
+ enable => true
}
- $mailtos = join($cron_pip, ",")
cron::job { "list_outdated_pip_packages":
- ensure => present,
- user => $user,
- environment => concat(["HOME=${home}","MAILTO=${mailtos}"], $shell_env),
- command => "${home}/virtualenv/bin/pip list --outdated",
- minute => "15",
- hour => "0",
- require => Exec["initialize_venv"],
+ ensure => absent
}
}