include "profile::redis"
include "profile::monitoring"
- ensure_packages(["python-pip", "python-virtualenv", "python-django"])
+ ensure_packages(["python-pip", "python-virtualenv", "python-django", "uwsgi-plugin-python"])
$caldance_app = "${home}/app"
$pg_password = generate_password(24, $password_seed, "postgres_caldance")
$secret_key = generate_password(24, $password_seed, "secret_key_caldance")
+ $socket = "/run/caldance/app.sock"
$environment = {
"DB_NAME" => $pg_db,
"MEDIA_ROOT" => "$home/media",
}
$shell_env = $environment.map |$key, $value| { "$key=$value" }
- $apache_env = $environment.map |$key, $value| { "CALDANCE_$key $value" }
file { $home:
mode => "0755",
require => [User["$user:"], File["$caldance_app/manage.py"]],
refreshonly => true,
} ~>
- exec { "reload httpd":
- command => "/usr/bin/systemctl reload httpd",
- require => [User["$user:"], File["$caldance_app/manage.py"]],
+ exec { "restart uwsgi application":
+ command => "/usr/bin/systemctl restart caldance-app.service",
+ require => [User["$user:"], File["$caldance_app/app.ini"]],
refreshonly => true,
}
+ $uwsgi_path = "${home}/virtualenv/bin/uwsgi"
$python_path = "${home}/virtualenv/bin/python"
file { "$caldance_app/manage.py":
owner => $user,
],
}
+ file { "$caldance_app/app.ini":
+ owner => $user,
+ group => $group,
+ mode => "0644",
+ content => template("role/caldance/app.ini.erb"),
+ require => [
+ User["$user:"],
+ Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
+ ],
+ }
+
profile::postgresql::master { "postgresql master for caldance":
letsencrypt_host => $web_host,
backup_hosts => ["backup-1"],
class { 'apache::mod::authn_core': }
class { 'apache::mod::authz_user': }
class { 'apache::mod::auth_basic': }
+ class { 'apache::mod::proxy': }
+ apache::mod { 'proxy_uwsgi': }
apache::vhost { $web_host:
- port => '443',
- docroot => false,
- manage_docroot => false,
- ssl => true,
- ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
- ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
- ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
- require => Letsencrypt::Certonly[$web_host],
- additional_includes => "$home/caldance_env",
- directories => [
+ port => '443',
+ docroot => false,
+ manage_docroot => false,
+ ssl => true,
+ ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
+ ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
+ ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
+ require => Letsencrypt::Certonly[$web_host],
+ proxy_preserve_host => true,
+ proxy_pass => [
+ {
+ path => "/",
+ url => "unix:$socket|uwsgi://caldance-app",
+ reverse_urls => [],
+ no_proxy_uris => [ "/media/", "/static/" ],
+ }
+ ],
+ directories => [
{
path => "$caldance_app/main_app",
require => "all granted",
auth_user_file => "$home/htpasswd",
},
],
- aliases => [
+ aliases => [
{
alias => "/static/",
path => "$caldance_app/www/static/",
alias => "/media/",
path => "$home/media/",
},
- ],
- setenv => $apache_env,
- wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" };
- default: * => $::profile::apache::apache_vhost_default;
+ ];
+ default: * => $::profile::apache::apache_vhost_default;
+ }
+
+ file { "/etc/systemd/system/caldance-app.service":
+ mode => "0644",
+ owner => "root",
+ group => "root",
+ content => template("role/caldance/caldance-app.service.erb"),
+ require => File["$caldance_app/app.ini"],
+ } ->
+ service { "caldance-app":
+ ensure => "running",
+ enable => true
}
$mailtos = join($cron_pip, ",")
projects / perso / Immae / Projets / Puppet.git / commitdiff
