X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Frole%2Fmanifests%2Fcaldance.pp;h=374b251e0e68f1cfd567178060236f3ed92752f3;hb=76fd3abc7e4ba2f478f7e3d823b3ab8c8946b97c;hp=5bc39120841621630e5bd2ee78b975a773eb3983;hpb=c4d8476be02b98c00f74f14839656bcf15df2454;p=perso%2FImmae%2FProjets%2FPuppet.git diff --git a/modules/role/manifests/caldance.pp b/modules/role/manifests/caldance.pp index 5bc3912..374b251 100644 --- a/modules/role/manifests/caldance.pp +++ b/modules/role/manifests/caldance.pp @@ -24,11 +24,17 @@ class role::caldance ( include "profile::redis" include "profile::monitoring" - ensure_packages(["python-pip", "python-virtualenv", "python-django"]) + ensure_packages(["python-pip", "python-virtualenv", "python-django", "uwsgi-plugin-python"]) $caldance_app = "${home}/app" + $caldance_app_old = "${home}/app_old" + $caldance_app_tmp = "${home}/app_tmp" $pg_password = generate_password(24, $password_seed, "postgres_caldance") $secret_key = generate_password(24, $password_seed, "secret_key_caldance") + $socket = "/run/caldance/app.sock" + + $uwsgi_path = "${home}/virtualenv/bin/uwsgi" + $python_path = "${home}/virtualenv/bin/python" $environment = { "DB_NAME" => $pg_db, @@ -38,24 +44,21 @@ class role::caldance ( "DB_PORT" => $pg_port, "SECRET_KEY" => $secret_key, "DEBUG" => "False", - "LOG_FILE" => "$home/caldev_django.log", + "LOG_FILE" => "$home/caldance.log", "MEDIA_ROOT" => "$home/media", - "FROM_EMAIL" => $mail_from, - "EMAIL_HOST" => $smtp_host, - "EMAIL_PORT" => $smtp_port, } - $shell_env = $environment.map |$key, $value| { "$key=$value" } - $apache_env = $environment.map |$key, $value| { "CALDANCE_$key $value" } file { $home: mode => "0755", } - file { "${home}/caldev_django.log": - mode => "0664", + + file { $caldance_app_tmp: + ensure => "directory", + mode => "0755", owner => $user, - group => "http", + group => $group, + require => User["$user:"], } - file { $caldance_app: ensure => "directory", mode => "0755", @@ -66,8 +69,8 @@ class role::caldance ( file { "${home}/media": ensure => "directory", mode => "0755", - owner => "http", - group => "http", + owner => $user, + group => $group, } exec { "initialize_venv": @@ -87,40 +90,30 @@ class role::caldance ( user => $user, username => lookup("base_installation::ldap_cn"), password => generate_password(24, $password_seed, "ldap"), - extract_path => $caldance_app, - require => [User["$user:"], File[$caldance_app]], + extract_path => $caldance_app_tmp, + require => [User["$user:"], File[$caldance_app_tmp]], } ~> exec { "py-requirements": - cwd => $caldance_app, + cwd => $caldance_app_tmp, user => $user, - environment => concat(["HOME=${home}"], $shell_env), + environment => ["HOME=${home}"], command => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt --upgrade", require => User["$user:"], refreshonly => true, } ~> - exec { "py-migrate": - cwd => $caldance_app, - user => $user, - environment => concat(["HOME=${home}"], $shell_env), - command => "$caldance_app/manage.py migrate", - require => [User["$user:"], File["$caldance_app/manage.py"]], + exec { "stop uwsgi application": + command => "/usr/bin/systemctl stop caldance-app.service || /usr/bin/true", + require => [User["$user:"]], refreshonly => true, } ~> - exec { "py-static": - cwd => $caldance_app, + exec { "mv app_tmp": + cwd => $home, user => $user, - environment => concat(["HOME=${home}"], $shell_env), - command => "$caldance_app/manage.py collectstatic --no-input", - require => [User["$user:"], File["$caldance_app/manage.py"]], + environment => ["HOME=${home}"], + command => "/usr/bin/rm -rf $caldance_app_old && /usr/bin/mv $caldance_app $caldance_app_old && /usr/bin/mv $caldance_app_tmp $caldance_app && /usr/bin/mkdir $caldance_app_tmp", + require => [User["$user:"]], refreshonly => true, } ~> - exec { "reload httpd": - command => "/usr/bin/systemctl reload httpd", - require => [User["$user:"], File["$caldance_app/manage.py"]], - refreshonly => true, - } - - $python_path = "${home}/virtualenv/bin/python" file { "$caldance_app/manage.py": owner => $user, group => $group, @@ -130,11 +123,53 @@ class role::caldance ( User["$user:"], Archive[ "${home}/caldance_${caldance_version}.tar.gz"], ], + } ~> + file { "$caldance_app/manage": + owner => $user, + group => $group, + mode => "0755", + content => template("role/caldance/manage.sh.erb"), + require => [ + User["$user:"], + File["$caldance_app/manage.py"], + Archive[ "${home}/caldance_${caldance_version}.tar.gz"], + ], + } ~> + file { "$caldance_app/app.ini": + owner => $user, + group => $group, + mode => "0644", + content => template("role/caldance/app.ini.erb"), + require => [ + User["$user:"], + Archive[ "${home}/caldance_${caldance_version}.tar.gz"], + ], + } ~> + exec { "py-migrate": + cwd => $caldance_app, + user => $user, + environment => ["HOME=${home}"], + command => "$caldance_app/manage migrate", + require => [User["$user:"], File["$caldance_app/manage"]], + refreshonly => true, + } ~> + exec { "py-static": + cwd => $caldance_app, + user => $user, + environment => ["HOME=${home}"], + command => "$caldance_app/manage collectstatic --no-input", + require => [User["$user:"], File["$caldance_app/manage"]], + refreshonly => true, + } ~> + exec { "restart uwsgi application": + command => "/usr/bin/systemctl restart caldance-app.service", + require => [User["$user:"], File["$caldance_app/app.ini"]], + refreshonly => true, } profile::postgresql::master { "postgresql master for caldance": letsencrypt_host => $web_host, - backup_hosts => ["backup-1"], + backup_hosts => [], } postgresql::server::db { $pg_db: @@ -170,17 +205,28 @@ class role::caldance ( class { 'apache::mod::authn_core': } class { 'apache::mod::authz_user': } class { 'apache::mod::auth_basic': } + class { 'apache::mod::proxy': } + apache::mod { 'proxy_uwsgi': } apache::vhost { $web_host: - port => '443', - docroot => false, - manage_docroot => false, - ssl => true, - ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", - ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", - ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", - require => Letsencrypt::Certonly[$web_host], - directories => [ + port => '443', + docroot => false, + manage_docroot => false, + ssl => true, + ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", + ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", + ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", + require => Letsencrypt::Certonly[$web_host], + proxy_preserve_host => true, + proxy_pass => [ + { + path => "/", + url => "unix:$socket|uwsgi://caldance-app/", + reverse_urls => [], + no_proxy_uris => [ "/media/", "/static/" ], + } + ], + directories => [ { path => "$caldance_app/main_app", require => "all granted", @@ -189,6 +235,11 @@ class role::caldance ( path => "$caldance_app/www/static", require => "all granted", }, + { + path => "$home/media", + require => "all granted", + options => ["-Indexes"], + }, { path => "/", provider => "location", @@ -198,25 +249,32 @@ class role::caldance ( auth_user_file => "$home/htpasswd", }, ], - aliases => [ + aliases => [ { alias => "/static/", path => "$caldance_app/www/static/", }, - ], - setenv => $apache_env, - wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" }; - default: * => $::profile::apache::apache_vhost_default; + { + alias => "/media/", + path => "$home/media/", + }, + ]; + default: * => $::profile::apache::apache_vhost_default; + } + + file { "/etc/systemd/system/caldance-app.service": + mode => "0644", + owner => "root", + group => "root", + content => template("role/caldance/caldance-app.service.erb"), + require => File["$caldance_app/app.ini"], + } -> + service { "caldance-app": + ensure => "running", + enable => true } - $mailtos = join($cron_pip, ",") cron::job { "list_outdated_pip_packages": - ensure => present, - user => $user, - environment => concat(["HOME=${home}","MAILTO=${mailtos}"], $shell_env), - command => "${home}/virtualenv/bin/pip list --outdated", - minute => "15", - hour => "0", - require => Exec["initialize_venv"], + ensure => absent } }