]>
Commit | Line | Data |
---|---|---|
851ca3c6 | 1 | class role::caldance ( |
a25b5f82 IB |
2 | String $user, |
3 | String $group, | |
4 | String $home, | |
5 | String $web_host, | |
6 | String $pg_user, | |
7 | String $pg_db, | |
8 | String $mail_from, | |
9 | String $smtp_host, | |
10 | String $smtp_port, | |
11 | Optional[String] $pg_hostname = "/run/postgresql", | |
12 | Optional[String] $pg_port = "5432", | |
13 | Optional[String] $caldance_version = undef, | |
14 | Optional[String] $caldance_sha256 = undef, | |
01d9e644 | 15 | Optional[Array] $cron_pip = [], |
851ca3c6 | 16 | ) { |
a25b5f82 | 17 | $password_seed = lookup("base_installation::puppet_pass_seed") |
851ca3c6 IB |
18 | include "base_installation" |
19 | ||
01d9e644 | 20 | include "profile::mail" |
851ca3c6 IB |
21 | include "profile::tools" |
22 | include "profile::postgresql" | |
23 | include "profile::apache" | |
24 | include "profile::redis" | |
d8f933bd | 25 | include "profile::monitoring" |
851ca3c6 IB |
26 | |
27 | ensure_packages(["python-pip", "python-virtualenv", "python-django"]) | |
b3ac23bb | 28 | |
a25b5f82 | 29 | $caldance_app = "${home}/app" |
d3948290 IB |
30 | $pg_password = generate_password(24, $password_seed, "postgres_caldance") |
31 | $secret_key = generate_password(24, $password_seed, "secret_key_caldance") | |
32 | ||
33 | $environment = { | |
34 | "DB_NAME" => $pg_db, | |
35 | "DB_USER" => $pg_user, | |
36 | "DB_PASSWORD" => $pg_password, | |
37 | "DB_HOST" => $pg_hostname, | |
38 | "DB_PORT" => $pg_port, | |
39 | "SECRET_KEY" => $secret_key, | |
40 | "DEBUG" => "False", | |
41 | "LOG_FILE" => "$home/caldev_django.log", | |
42 | "FROM_EMAIL" => $mail_from, | |
43 | "EMAIL_HOST" => $smtp_host, | |
44 | "EMAIL_PORT" => $smtp_port, | |
45 | } | |
46 | $shell_env = $environment.map |$key, $value| { "$key=$value" } | |
47 | $apache_env = $environment.map |$key, $value| { "CALDANCE_$key $value" } | |
48 | ||
49 | file { $home: | |
50 | mode => "0755", | |
51 | } | |
52 | file { "${home}/caldev_django.log": | |
53 | mode => "0664", | |
54 | owner => $user, | |
55 | group => "http", | |
d3948290 | 56 | } |
a25b5f82 IB |
57 | |
58 | file { $caldance_app: | |
59 | ensure => "directory", | |
60 | mode => "0755", | |
61 | owner => $user, | |
62 | group => $group, | |
63 | require => User["$user:"], | |
459e12d0 IB |
64 | } -> |
65 | file { "${home}/media": | |
66 | ensure => "directory", | |
67 | mode => "0755", | |
68 | owner => "http", | |
69 | group => "http", | |
a25b5f82 IB |
70 | } |
71 | ||
72 | exec { "initialize_venv": | |
73 | user => $user, | |
74 | require => User["$user:"], | |
75 | command => "/usr/bin/virtualenv ${home}/virtualenv", | |
76 | creates => "${home}/virtualenv", | |
77 | } | |
78 | -> | |
79 | archive { "${home}/caldance_${caldance_version}.tar.gz": | |
80 | path => "${home}/caldance_${caldance_version}.tar.gz", | |
81 | source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz", | |
82 | checksum_type => "sha256", | |
83 | checksum => $caldance_sha256, | |
84 | cleanup => false, | |
85 | extract => true, | |
86 | user => $user, | |
87 | username => lookup("base_installation::ldap_cn"), | |
88 | password => generate_password(24, $password_seed, "ldap"), | |
89 | extract_path => $caldance_app, | |
90 | require => [User["$user:"], File[$caldance_app]], | |
91 | } ~> | |
92 | exec { "py-requirements": | |
93 | cwd => $caldance_app, | |
94 | user => $user, | |
d3948290 | 95 | environment => concat(["HOME=${home}"], $shell_env), |
f22a16c8 | 96 | command => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt --upgrade", |
a25b5f82 IB |
97 | require => User["$user:"], |
98 | refreshonly => true, | |
99 | } ~> | |
100 | exec { "py-migrate": | |
101 | cwd => $caldance_app, | |
102 | user => $user, | |
d3948290 | 103 | environment => concat(["HOME=${home}"], $shell_env), |
a25b5f82 | 104 | command => "$caldance_app/manage.py migrate", |
d3948290 | 105 | require => [User["$user:"], File["$caldance_app/manage.py"]], |
a25b5f82 IB |
106 | refreshonly => true, |
107 | } ~> | |
108 | exec { "py-static": | |
109 | cwd => $caldance_app, | |
110 | user => $user, | |
d3948290 | 111 | environment => concat(["HOME=${home}"], $shell_env), |
a25b5f82 | 112 | command => "$caldance_app/manage.py collectstatic --no-input", |
d3948290 | 113 | require => [User["$user:"], File["$caldance_app/manage.py"]], |
a25b5f82 IB |
114 | refreshonly => true, |
115 | } ~> | |
459e12d0 IB |
116 | exec { "py-symlink-file": |
117 | cwd => $caldance_app, | |
118 | user => $user, | |
119 | environment => concat(["HOME=${home}"], $shell_env), | |
120 | command => "/usr/bin/ln -sf ${home}/media www/media", | |
121 | require => [User["$user:"], File["$caldance_app/manage.py"]], | |
122 | refreshonly => true, | |
123 | } ~> | |
a25b5f82 IB |
124 | exec { "reload httpd": |
125 | command => "/usr/bin/systemctl reload httpd", | |
d3948290 | 126 | require => [User["$user:"], File["$caldance_app/manage.py"]], |
a25b5f82 IB |
127 | refreshonly => true, |
128 | } | |
129 | ||
a25b5f82 IB |
130 | $python_path = "${home}/virtualenv/bin/python" |
131 | file { "$caldance_app/manage.py": | |
132 | owner => $user, | |
133 | group => $group, | |
134 | mode => "0755", | |
135 | content => template("role/caldance/manage.py.erb"), | |
136 | require => [ | |
137 | User["$user:"], | |
138 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], | |
139 | ], | |
140 | } | |
141 | ||
142 | profile::postgresql::master { "postgresql master for caldance": | |
143 | letsencrypt_host => $web_host, | |
144 | backup_hosts => ["backup-1"], | |
145 | } | |
146 | ||
147 | postgresql::server::db { $pg_db: | |
148 | user => $pg_user, | |
149 | password => postgresql_password($pg_user, $pg_password), | |
150 | } | |
151 | ||
b3ac23bb IB |
152 | # pour le script de génération de mdp |
153 | ensure_packages(["perl-digest-sha1"]) | |
154 | ||
a25b5f82 | 155 | ensure_packages(["postgis", "python-gdal", "ripgrep"]) |
b3ac23bb IB |
156 | file { "/usr/local/bin/ldap_ssha": |
157 | owner => "root", | |
158 | group => "root", | |
159 | mode => "0755", | |
160 | source => "puppet:///modules/base_installation/scripts/ldap_ssha", | |
161 | require => Package["perl-digest-sha1"], | |
162 | } | |
a25b5f82 IB |
163 | |
164 | sudo::conf { 'wheel_nopasswd': | |
165 | priority => 99, | |
166 | content => "%wheel ALL=(ALL) NOPASSWD: ALL", | |
167 | require => Package["sudo"], | |
168 | } | |
169 | ||
170 | ensure_packages(["mod_wsgi"]) | |
171 | class { 'apache::mod::wsgi': | |
d3948290 IB |
172 | wsgi_python_home => "${home}/virtualenv", |
173 | wsgi_python_path => $caldance_app, | |
a25b5f82 IB |
174 | require => Package["mod_wsgi"], |
175 | } | |
176 | class { 'apache::mod::authn_file': } | |
177 | class { 'apache::mod::authn_core': } | |
178 | class { 'apache::mod::authz_user': } | |
179 | class { 'apache::mod::auth_basic': } | |
180 | ||
181 | apache::vhost { $web_host: | |
182 | port => '443', | |
183 | docroot => false, | |
184 | manage_docroot => false, | |
185 | ssl => true, | |
186 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", | |
187 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", | |
188 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", | |
189 | require => Letsencrypt::Certonly[$web_host], | |
190 | directories => [ | |
191 | { | |
d3948290 | 192 | path => "$caldance_app/main_app", |
a25b5f82 IB |
193 | require => "all granted", |
194 | }, | |
195 | { | |
d3948290 | 196 | path => "$caldance_app/www/static", |
a25b5f82 IB |
197 | require => "all granted", |
198 | }, | |
199 | { | |
200 | path => "/", | |
201 | provider => "location", | |
202 | require => "valid-user", | |
203 | auth_type => "Basic", | |
204 | auth_name => "Authentification requise", | |
b1072a47 | 205 | auth_user_file => "$home/htpasswd", |
a25b5f82 IB |
206 | }, |
207 | ], | |
208 | aliases => [ | |
209 | { | |
210 | alias => "/static/", | |
d3948290 | 211 | path => "$caldance_app/www/static/", |
a25b5f82 IB |
212 | }, |
213 | ], | |
d3948290 IB |
214 | setenv => $apache_env, |
215 | wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" }; | |
a25b5f82 IB |
216 | default: * => $::profile::apache::apache_vhost_default; |
217 | } | |
01d9e644 IB |
218 | |
219 | $mailtos = join($cron_pip, ",") | |
220 | cron::job { "list_outdated_pip_packages": | |
221 | ensure => present, | |
222 | user => $user, | |
223 | environment => concat(["HOME=${home}","MAILTO=${mailtos}"], $shell_env), | |
224 | command => "${home}/virtualenv/bin/pip list --outdated", | |
225 | minute => "15", | |
226 | hour => "0", | |
227 | require => Exec["initialize_venv"], | |
228 | } | |
851ca3c6 | 229 | } |