]>
Commit | Line | Data |
---|---|---|
851ca3c6 | 1 | class role::caldance ( |
a25b5f82 IB |
2 | String $user, |
3 | String $group, | |
4 | String $home, | |
5 | String $web_host, | |
6 | String $pg_user, | |
7 | String $pg_db, | |
8 | String $mail_from, | |
9 | String $smtp_host, | |
10 | String $smtp_port, | |
11 | Optional[String] $pg_hostname = "/run/postgresql", | |
12 | Optional[String] $pg_port = "5432", | |
13 | Optional[String] $caldance_version = undef, | |
14 | Optional[String] $caldance_sha256 = undef, | |
01d9e644 | 15 | Optional[Array] $cron_pip = [], |
851ca3c6 | 16 | ) { |
a25b5f82 | 17 | $password_seed = lookup("base_installation::puppet_pass_seed") |
851ca3c6 IB |
18 | include "base_installation" |
19 | ||
01d9e644 | 20 | include "profile::mail" |
851ca3c6 IB |
21 | include "profile::tools" |
22 | include "profile::postgresql" | |
23 | include "profile::apache" | |
24 | include "profile::redis" | |
d8f933bd | 25 | include "profile::monitoring" |
851ca3c6 | 26 | |
98ee93b9 | 27 | ensure_packages(["python-pip", "python-virtualenv", "python-django", "uwsgi-plugin-python"]) |
b3ac23bb | 28 | |
a25b5f82 | 29 | $caldance_app = "${home}/app" |
d3948290 IB |
30 | $pg_password = generate_password(24, $password_seed, "postgres_caldance") |
31 | $secret_key = generate_password(24, $password_seed, "secret_key_caldance") | |
98ee93b9 | 32 | $socket = "/run/caldance/app.sock" |
d3948290 IB |
33 | |
34 | $environment = { | |
35 | "DB_NAME" => $pg_db, | |
36 | "DB_USER" => $pg_user, | |
37 | "DB_PASSWORD" => $pg_password, | |
38 | "DB_HOST" => $pg_hostname, | |
39 | "DB_PORT" => $pg_port, | |
40 | "SECRET_KEY" => $secret_key, | |
41 | "DEBUG" => "False", | |
42 | "LOG_FILE" => "$home/caldev_django.log", | |
3f485c9e | 43 | "MEDIA_ROOT" => "$home/media", |
d3948290 | 44 | } |
d3948290 IB |
45 | |
46 | file { $home: | |
47 | mode => "0755", | |
48 | } | |
49 | file { "${home}/caldev_django.log": | |
50 | mode => "0664", | |
51 | owner => $user, | |
52 | group => "http", | |
d3948290 | 53 | } |
a25b5f82 IB |
54 | |
55 | file { $caldance_app: | |
56 | ensure => "directory", | |
57 | mode => "0755", | |
58 | owner => $user, | |
59 | group => $group, | |
60 | require => User["$user:"], | |
459e12d0 IB |
61 | } -> |
62 | file { "${home}/media": | |
63 | ensure => "directory", | |
64 | mode => "0755", | |
65 | owner => "http", | |
66 | group => "http", | |
a25b5f82 IB |
67 | } |
68 | ||
69 | exec { "initialize_venv": | |
70 | user => $user, | |
71 | require => User["$user:"], | |
72 | command => "/usr/bin/virtualenv ${home}/virtualenv", | |
73 | creates => "${home}/virtualenv", | |
74 | } | |
75 | -> | |
76 | archive { "${home}/caldance_${caldance_version}.tar.gz": | |
77 | path => "${home}/caldance_${caldance_version}.tar.gz", | |
78 | source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz", | |
79 | checksum_type => "sha256", | |
80 | checksum => $caldance_sha256, | |
81 | cleanup => false, | |
82 | extract => true, | |
83 | user => $user, | |
84 | username => lookup("base_installation::ldap_cn"), | |
85 | password => generate_password(24, $password_seed, "ldap"), | |
86 | extract_path => $caldance_app, | |
87 | require => [User["$user:"], File[$caldance_app]], | |
88 | } ~> | |
89 | exec { "py-requirements": | |
90 | cwd => $caldance_app, | |
91 | user => $user, | |
931dddda | 92 | environment => ["HOME=${home}"], |
f22a16c8 | 93 | command => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt --upgrade", |
a25b5f82 IB |
94 | require => User["$user:"], |
95 | refreshonly => true, | |
96 | } ~> | |
97 | exec { "py-migrate": | |
98 | cwd => $caldance_app, | |
99 | user => $user, | |
931dddda IB |
100 | environment => ["HOME=${home}"], |
101 | command => "$caldance_app/manage migrate", | |
102 | require => [User["$user:"], File["$caldance_app/manage"]], | |
a25b5f82 IB |
103 | refreshonly => true, |
104 | } ~> | |
105 | exec { "py-static": | |
106 | cwd => $caldance_app, | |
107 | user => $user, | |
931dddda IB |
108 | environment => ["HOME=${home}"], |
109 | command => "$caldance_app/manage collectstatic --no-input", | |
110 | require => [User["$user:"], File["$caldance_app/manage"]], | |
a25b5f82 IB |
111 | refreshonly => true, |
112 | } ~> | |
98ee93b9 IB |
113 | exec { "restart uwsgi application": |
114 | command => "/usr/bin/systemctl restart caldance-app.service", | |
115 | require => [User["$user:"], File["$caldance_app/app.ini"]], | |
a25b5f82 IB |
116 | refreshonly => true, |
117 | } | |
118 | ||
98ee93b9 | 119 | $uwsgi_path = "${home}/virtualenv/bin/uwsgi" |
a25b5f82 IB |
120 | $python_path = "${home}/virtualenv/bin/python" |
121 | file { "$caldance_app/manage.py": | |
122 | owner => $user, | |
123 | group => $group, | |
931dddda | 124 | mode => "0644", |
a25b5f82 IB |
125 | content => template("role/caldance/manage.py.erb"), |
126 | require => [ | |
127 | User["$user:"], | |
128 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], | |
129 | ], | |
130 | } | |
931dddda IB |
131 | file { "$caldance_app/manage": |
132 | owner => $user, | |
133 | group => $group, | |
134 | mode => "0755", | |
135 | content => template("role/caldance/manage.sh.erb"), | |
136 | require => [ | |
137 | User["$user:"], | |
138 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], | |
139 | ], | |
140 | } | |
a25b5f82 | 141 | |
98ee93b9 IB |
142 | file { "$caldance_app/app.ini": |
143 | owner => $user, | |
144 | group => $group, | |
145 | mode => "0644", | |
146 | content => template("role/caldance/app.ini.erb"), | |
147 | require => [ | |
148 | User["$user:"], | |
149 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], | |
150 | ], | |
151 | } | |
152 | ||
a25b5f82 IB |
153 | profile::postgresql::master { "postgresql master for caldance": |
154 | letsencrypt_host => $web_host, | |
155 | backup_hosts => ["backup-1"], | |
156 | } | |
157 | ||
158 | postgresql::server::db { $pg_db: | |
159 | user => $pg_user, | |
160 | password => postgresql_password($pg_user, $pg_password), | |
161 | } | |
162 | ||
b3ac23bb IB |
163 | # pour le script de génération de mdp |
164 | ensure_packages(["perl-digest-sha1"]) | |
165 | ||
a25b5f82 | 166 | ensure_packages(["postgis", "python-gdal", "ripgrep"]) |
b3ac23bb IB |
167 | file { "/usr/local/bin/ldap_ssha": |
168 | owner => "root", | |
169 | group => "root", | |
170 | mode => "0755", | |
171 | source => "puppet:///modules/base_installation/scripts/ldap_ssha", | |
172 | require => Package["perl-digest-sha1"], | |
173 | } | |
a25b5f82 IB |
174 | |
175 | sudo::conf { 'wheel_nopasswd': | |
176 | priority => 99, | |
177 | content => "%wheel ALL=(ALL) NOPASSWD: ALL", | |
178 | require => Package["sudo"], | |
179 | } | |
180 | ||
181 | ensure_packages(["mod_wsgi"]) | |
182 | class { 'apache::mod::wsgi': | |
d3948290 IB |
183 | wsgi_python_home => "${home}/virtualenv", |
184 | wsgi_python_path => $caldance_app, | |
a25b5f82 IB |
185 | require => Package["mod_wsgi"], |
186 | } | |
187 | class { 'apache::mod::authn_file': } | |
188 | class { 'apache::mod::authn_core': } | |
189 | class { 'apache::mod::authz_user': } | |
190 | class { 'apache::mod::auth_basic': } | |
98ee93b9 IB |
191 | class { 'apache::mod::proxy': } |
192 | apache::mod { 'proxy_uwsgi': } | |
a25b5f82 IB |
193 | |
194 | apache::vhost { $web_host: | |
98ee93b9 IB |
195 | port => '443', |
196 | docroot => false, | |
197 | manage_docroot => false, | |
198 | ssl => true, | |
199 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", | |
200 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", | |
201 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", | |
202 | require => Letsencrypt::Certonly[$web_host], | |
203 | proxy_preserve_host => true, | |
204 | proxy_pass => [ | |
205 | { | |
206 | path => "/", | |
02a6bcd1 | 207 | url => "unix:$socket|uwsgi://caldance-app/", |
98ee93b9 IB |
208 | reverse_urls => [], |
209 | no_proxy_uris => [ "/media/", "/static/" ], | |
210 | } | |
211 | ], | |
212 | directories => [ | |
a25b5f82 | 213 | { |
d3948290 | 214 | path => "$caldance_app/main_app", |
a25b5f82 IB |
215 | require => "all granted", |
216 | }, | |
217 | { | |
d3948290 | 218 | path => "$caldance_app/www/static", |
a25b5f82 IB |
219 | require => "all granted", |
220 | }, | |
83341b3c IB |
221 | { |
222 | path => "$home/media", | |
223 | require => "all granted", | |
224 | options => ["-Indexes"], | |
225 | }, | |
a25b5f82 IB |
226 | { |
227 | path => "/", | |
228 | provider => "location", | |
229 | require => "valid-user", | |
230 | auth_type => "Basic", | |
231 | auth_name => "Authentification requise", | |
b1072a47 | 232 | auth_user_file => "$home/htpasswd", |
a25b5f82 IB |
233 | }, |
234 | ], | |
98ee93b9 | 235 | aliases => [ |
a25b5f82 IB |
236 | { |
237 | alias => "/static/", | |
d3948290 | 238 | path => "$caldance_app/www/static/", |
a25b5f82 | 239 | }, |
83341b3c IB |
240 | { |
241 | alias => "/media/", | |
242 | path => "$home/media/", | |
243 | }, | |
98ee93b9 IB |
244 | ]; |
245 | default: * => $::profile::apache::apache_vhost_default; | |
246 | } | |
247 | ||
248 | file { "/etc/systemd/system/caldance-app.service": | |
249 | mode => "0644", | |
250 | owner => "root", | |
251 | group => "root", | |
252 | content => template("role/caldance/caldance-app.service.erb"), | |
253 | require => File["$caldance_app/app.ini"], | |
254 | } -> | |
255 | service { "caldance-app": | |
256 | ensure => "running", | |
257 | enable => true | |
a25b5f82 | 258 | } |
01d9e644 IB |
259 | |
260 | $mailtos = join($cron_pip, ",") | |
261 | cron::job { "list_outdated_pip_packages": | |
262 | ensure => present, | |
263 | user => $user, | |
931dddda | 264 | environment => ["HOME=${home}","MAILTO=${mailtos}"], |
01d9e644 IB |
265 | command => "${home}/virtualenv/bin/pip list --outdated", |
266 | minute => "15", | |
267 | hour => "0", | |
268 | require => Exec["initialize_venv"], | |
269 | } | |
851ca3c6 | 270 | } |