[perso/Immae/Projets/Puppet.git] / modules / role / manifests / caldance.pp

class role::caldance (
  String           $user,
  String           $group,
  String           $home,
  String           $web_host,
  String           $pg_user,
  String           $pg_db,
  String           $mail_from,
  String           $smtp_host,
  String           $smtp_port,
  Optional[String] $pg_hostname      = "/run/postgresql",
  Optional[String] $pg_port          = "5432",
  Optional[String] $caldance_version = undef,
  Optional[String] $caldance_sha256  = undef,
) {
  $password_seed = lookup("base_installation::puppet_pass_seed")
  $web_home = "/home/simon_descarpentries"
  include "base_installation"

  include "profile::tools"
  include "profile::postgresql"
  include "profile::apache"
  include "profile::redis"
  include "profile::monitoring"

  ensure_packages(["python-pip", "python-virtualenv", "python-django"])

  $caldance_app = "${home}/app"

  file { $caldance_app:
    ensure  => "directory",
    mode    => "0755",
    owner   => $user,
    group   => $group,
    require => User["$user:"],
  }

  exec { "initialize_venv":
    user    => $user,
    require => User["$user:"],
    command => "/usr/bin/virtualenv ${home}/virtualenv",
    creates => "${home}/virtualenv",
  }
  ->
  archive { "${home}/caldance_${caldance_version}.tar.gz":
    path          => "${home}/caldance_${caldance_version}.tar.gz",
    source        => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz",
    checksum_type => "sha256",
    checksum      => $caldance_sha256,
    cleanup       => false,
    extract       => true,
    user          => $user,
    username      => lookup("base_installation::ldap_cn"),
    password      => generate_password(24, $password_seed, "ldap"),
    extract_path  => $caldance_app,
    require       => [User["$user:"], File[$caldance_app]],
  } ~>
  exec { "py-requirements":
    cwd         => $caldance_app,
    user        => $user,
    environment => ["HOME=${home}"],
    command     => "${home}/virtualenv/bin/pip install -r requirements.txt",
    require     => User["$user:"],
    refreshonly => true,
  } ~>
  exec { "py-migrate":
    cwd         => $caldance_app,
    user        => $user,
    environment => ["HOME=${home}"],
    command     => "$caldance_app/manage.py migrate",
    require     => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]],
    refreshonly => true,
  } ~>
  exec { "py-static":
    cwd         => $caldance_app,
    user        => $user,
    environment => ["HOME=${home}"],
    command     => "$caldance_app/manage.py collectstatic --no-input",
    require     => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]],
    refreshonly => true,
  } ~>
  exec { "reload httpd":
    command     => "/usr/bin/systemctl reload httpd",
    require     => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]],
    refreshonly => true,
  }

  $pg_password = generate_password(24, $password_seed, "postgres_caldance")
  $secret_key = generate_password(24, $password_seed, "secret_key_caldance")
  file { "$caldance_app/main_app/local_settings.py":
    owner   => $user,
    group   => $group,
    mode    => "0644",
    content => template("role/caldance/local_settings.py.erb"),
    require => [
      User["$user:"],
      Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
    ],
  }

  $python_path = "${home}/virtualenv/bin/python"
  file { "$caldance_app/manage.py":
    owner   => $user,
    group   => $group,
    mode    => "0755",
    content => template("role/caldance/manage.py.erb"),
    require => [
      User["$user:"],
      Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
    ],
  }

  profile::postgresql::master { "postgresql master for caldance":
    letsencrypt_host => $web_host,
    backup_hosts     => ["backup-1"],
  }

  postgresql::server::db { $pg_db:
    user     =>  $pg_user,
    password =>  postgresql_password($pg_user, $pg_password),
  }

  # pour le script de génération de mdp
  ensure_packages(["perl-digest-sha1"])

  ensure_packages(["postgis", "python-gdal", "ripgrep"])
  file { "/usr/local/bin/ldap_ssha":
    owner   => "root",
    group   => "root",
    mode    => "0755",
    source  => "puppet:///modules/base_installation/scripts/ldap_ssha",
    require => Package["perl-digest-sha1"],
  }

  sudo::conf { 'wheel_nopasswd':
    priority => 99,
    content  => "%wheel ALL=(ALL) NOPASSWD: ALL",
    require  => Package["sudo"],
  }

  ensure_packages(["mod_wsgi"])
  class { 'apache::mod::wsgi':
    wsgi_python_home => "$web_home/caldev_virtualenv",
    wsgi_python_path => "$web_home/caldev/www.cal-dance.com/",
    require          => Package["mod_wsgi"],
  }
  class { 'apache::mod::authn_file': }
  class { 'apache::mod::authn_core': }
  class { 'apache::mod::authz_user': }
  class { 'apache::mod::auth_basic': }

  apache::vhost { $web_host:
    port                => '443',
    docroot             => false,
    manage_docroot      => false,
    ssl                 => true,
    ssl_cert            => "/etc/letsencrypt/live/$web_host/cert.pem",
    ssl_key             => "/etc/letsencrypt/live/$web_host/privkey.pem",
    ssl_chain           => "/etc/letsencrypt/live/$web_host/chain.pem",
    require             => Letsencrypt::Certonly[$web_host],
    directories         => [
      {
        path    => "$web_home/caldev/www.cal-dance.com/main_app",
        require => "all granted",
      },
      {
        path    => "$web_home/caldev/www.cal-dance.com/www/static",
        require => "all granted",
      },
      {
        path           => "/",
        provider       => "location",
        require        => "valid-user",
        auth_type      => "Basic",
        auth_name      => "Authentification requise",
        auth_user_file => "$web_home/caldev/.htpasswd",
      },
    ],
    aliases             => [
      {
        alias => "/static/",
        path => "$web_home/caldev/www.cal-dance.com/www/static/",
      },
    ],
    wsgi_script_aliases => { "/" => "$web_home/caldev/www.cal-dance.com/main_app/wsgi.py" };
    default: *          => $::profile::apache::apache_vhost_default;
  }
}
Commit	Line	Data
851ca3c6	1	class role::caldance (
a25b5f82 IB	2	String $user,
	3	String $group,
	4	String $home,
	5	String $web_host,
	6	String $pg_user,
	7	String $pg_db,
	8	String $mail_from,
	9	String $smtp_host,
	10	String $smtp_port,
	11	Optional[String] $pg_hostname = "/run/postgresql",
	12	Optional[String] $pg_port = "5432",
	13	Optional[String] $caldance_version = undef,
	14	Optional[String] $caldance_sha256 = undef,
851ca3c6	15	) {
a25b5f82 IB	16	$password_seed = lookup("base_installation::puppet_pass_seed")
a25b5f82 IB	17	$web_home = "/home/simon_descarpentries"
851ca3c6 IB	18	include "base_installation"
	19
	20	include "profile::tools"
	21	include "profile::postgresql"
	22	include "profile::apache"
	23	include "profile::redis"
d8f933bd	24	include "profile::monitoring"
851ca3c6 IB	25
851ca3c6 IB	26	ensure_packages(["python-pip", "python-virtualenv", "python-django"])
b3ac23bb	27
a25b5f82 IB	28	$caldance_app = "${home}/app"
	29
	30	file { $caldance_app:
	31	ensure => "directory",
	32	mode => "0755",
	33	owner => $user,
	34	group => $group,
	35	require => User["$user:"],
	36	}
	37
	38	exec { "initialize_venv":
	39	user => $user,
	40	require => User["$user:"],
	41	command => "/usr/bin/virtualenv ${home}/virtualenv",
	42	creates => "${home}/virtualenv",
	43	}
	44	->
	45	archive { "${home}/caldance_${caldance_version}.tar.gz":
	46	path => "${home}/caldance_${caldance_version}.tar.gz",
	47	source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz",
	48	checksum_type => "sha256",
	49	checksum => $caldance_sha256,
	50	cleanup => false,
	51	extract => true,
	52	user => $user,
	53	username => lookup("base_installation::ldap_cn"),
	54	password => generate_password(24, $password_seed, "ldap"),
	55	extract_path => $caldance_app,
	56	require => [User["$user:"], File[$caldance_app]],
	57	} ~>
	58	exec { "py-requirements":
	59	cwd => $caldance_app,
	60	user => $user,
	61	environment => ["HOME=${home}"],
	62	command => "${home}/virtualenv/bin/pip install -r requirements.txt",
	63	require => User["$user:"],
	64	refreshonly => true,
	65	} ~>
	66	exec { "py-migrate":
	67	cwd => $caldance_app,
	68	user => $user,
	69	environment => ["HOME=${home}"],
	70	command => "$caldance_app/manage.py migrate",
	71	require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]],
	72	refreshonly => true,
	73	} ~>
	74	exec { "py-static":
	75	cwd => $caldance_app,
	76	user => $user,
	77	environment => ["HOME=${home}"],
	78	command => "$caldance_app/manage.py collectstatic --no-input",
	79	require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]],
	80	refreshonly => true,
	81	} ~>
	82	exec { "reload httpd":
	83	command => "/usr/bin/systemctl reload httpd",
	84	require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]],
	85	refreshonly => true,
	86	}
	87
	88	$pg_password = generate_password(24, $password_seed, "postgres_caldance")
	89	$secret_key = generate_password(24, $password_seed, "secret_key_caldance")
	90	file { "$caldance_app/main_app/local_settings.py":
	91	owner => $user,
92	group => $group,
93	mode => "0644",
94	content => template("role/caldance/local_settings.py.erb"),
95	require => [
96	User["$user:"],
97	Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
98	],
99	}
100
101	$python_path = "${home}/virtualenv/bin/python"
102	file { "$caldance_app/manage.py":
103	owner => $user,
104	group => $group,
105	mode => "0755",
106	content => template("role/caldance/manage.py.erb"),
107	require => [
108	User["$user:"],
109	Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
110	],
111	}
112
113	profile::postgresql::master { "postgresql master for caldance":
114	letsencrypt_host => $web_host,
115	backup_hosts => ["backup-1"],
116	}
117
118	postgresql::server::db { $pg_db:
119	user => $pg_user,
120	password => postgresql_password($pg_user, $pg_password),
121	}
122
b3ac23bb IB	123	# pour le script de génération de mdp
	124	ensure_packages(["perl-digest-sha1"])
	125
a25b5f82	126	ensure_packages(["postgis", "python-gdal", "ripgrep"])
b3ac23bb IB	127	file { "/usr/local/bin/ldap_ssha":
	128	owner => "root",
	129	group => "root",
	130	mode => "0755",
	131	source => "puppet:///modules/base_installation/scripts/ldap_ssha",
	132	require => Package["perl-digest-sha1"],
	133	}
a25b5f82 IB	134
	135	sudo::conf { 'wheel_nopasswd':
	136	priority => 99,
	137	content => "%wheel ALL=(ALL) NOPASSWD: ALL",
	138	require => Package["sudo"],
	139	}
	140
	141	ensure_packages(["mod_wsgi"])
	142	class { 'apache::mod::wsgi':
	143	wsgi_python_home => "$web_home/caldev_virtualenv",
	144	wsgi_python_path => "$web_home/caldev/www.cal-dance.com/",
	145	require => Package["mod_wsgi"],
	146	}
	147	class { 'apache::mod::authn_file': }
	148	class { 'apache::mod::authn_core': }
	149	class { 'apache::mod::authz_user': }
	150	class { 'apache::mod::auth_basic': }
	151
	152	apache::vhost { $web_host:
	153	port => '443',
	154	docroot => false,
	155	manage_docroot => false,
	156	ssl => true,
	157	ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
	158	ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
	159	ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
	160	require => Letsencrypt::Certonly[$web_host],
	161	directories => [
	162	{
	163	path => "$web_home/caldev/www.cal-dance.com/main_app",
	164	require => "all granted",
	165	},
	166	{
	167	path => "$web_home/caldev/www.cal-dance.com/www/static",
	168	require => "all granted",
	169	},
	170	{
	171	path => "/",
	172	provider => "location",
	173	require => "valid-user",
	174	auth_type => "Basic",
	175	auth_name => "Authentification requise",
	176	auth_user_file => "$web_home/caldev/.htpasswd",
	177	},
	178	],
	179	aliases => [
	180	{
	181	alias => "/static/",
	182	path => "$web_home/caldev/www.cal-dance.com/www/static/",
	183	},
	184	],
	185	wsgi_script_aliases => { "/" => "$web_home/caldev/www.cal-dance.com/main_app/wsgi.py" };
	186	default: * => $::profile::apache::apache_vhost_default;
	187	}
851ca3c6	188	}