]>
Commit | Line | Data |
---|---|---|
851ca3c6 | 1 | class role::caldance ( |
a25b5f82 IB |
2 | String $user, |
3 | String $group, | |
4 | String $home, | |
5 | String $web_host, | |
6 | String $pg_user, | |
7 | String $pg_db, | |
8 | String $mail_from, | |
9 | String $smtp_host, | |
10 | String $smtp_port, | |
11 | Optional[String] $pg_hostname = "/run/postgresql", | |
12 | Optional[String] $pg_port = "5432", | |
13 | Optional[String] $caldance_version = undef, | |
14 | Optional[String] $caldance_sha256 = undef, | |
851ca3c6 | 15 | ) { |
a25b5f82 IB |
16 | $password_seed = lookup("base_installation::puppet_pass_seed") |
17 | $web_home = "/home/simon_descarpentries" | |
851ca3c6 IB |
18 | include "base_installation" |
19 | ||
20 | include "profile::tools" | |
21 | include "profile::postgresql" | |
22 | include "profile::apache" | |
23 | include "profile::redis" | |
d8f933bd | 24 | include "profile::monitoring" |
851ca3c6 IB |
25 | |
26 | ensure_packages(["python-pip", "python-virtualenv", "python-django"]) | |
b3ac23bb | 27 | |
a25b5f82 IB |
28 | $caldance_app = "${home}/app" |
29 | ||
30 | file { $caldance_app: | |
31 | ensure => "directory", | |
32 | mode => "0755", | |
33 | owner => $user, | |
34 | group => $group, | |
35 | require => User["$user:"], | |
36 | } | |
37 | ||
38 | exec { "initialize_venv": | |
39 | user => $user, | |
40 | require => User["$user:"], | |
41 | command => "/usr/bin/virtualenv ${home}/virtualenv", | |
42 | creates => "${home}/virtualenv", | |
43 | } | |
44 | -> | |
45 | archive { "${home}/caldance_${caldance_version}.tar.gz": | |
46 | path => "${home}/caldance_${caldance_version}.tar.gz", | |
47 | source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz", | |
48 | checksum_type => "sha256", | |
49 | checksum => $caldance_sha256, | |
50 | cleanup => false, | |
51 | extract => true, | |
52 | user => $user, | |
53 | username => lookup("base_installation::ldap_cn"), | |
54 | password => generate_password(24, $password_seed, "ldap"), | |
55 | extract_path => $caldance_app, | |
56 | require => [User["$user:"], File[$caldance_app]], | |
57 | } ~> | |
58 | exec { "py-requirements": | |
59 | cwd => $caldance_app, | |
60 | user => $user, | |
61 | environment => ["HOME=${home}"], | |
62 | command => "${home}/virtualenv/bin/pip install -r requirements.txt", | |
63 | require => User["$user:"], | |
64 | refreshonly => true, | |
65 | } ~> | |
66 | exec { "py-migrate": | |
67 | cwd => $caldance_app, | |
68 | user => $user, | |
69 | environment => ["HOME=${home}"], | |
70 | command => "$caldance_app/manage.py migrate", | |
71 | require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]], | |
72 | refreshonly => true, | |
73 | } ~> | |
74 | exec { "py-static": | |
75 | cwd => $caldance_app, | |
76 | user => $user, | |
77 | environment => ["HOME=${home}"], | |
78 | command => "$caldance_app/manage.py collectstatic --no-input", | |
79 | require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]], | |
80 | refreshonly => true, | |
81 | } ~> | |
82 | exec { "reload httpd": | |
83 | command => "/usr/bin/systemctl reload httpd", | |
84 | require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]], | |
85 | refreshonly => true, | |
86 | } | |
87 | ||
88 | $pg_password = generate_password(24, $password_seed, "postgres_caldance") | |
89 | $secret_key = generate_password(24, $password_seed, "secret_key_caldance") | |
90 | file { "$caldance_app/main_app/local_settings.py": | |
91 | owner => $user, | |
92 | group => $group, | |
93 | mode => "0644", | |
94 | content => template("role/caldance/local_settings.py.erb"), | |
95 | require => [ | |
96 | User["$user:"], | |
97 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], | |
98 | ], | |
99 | } | |
100 | ||
101 | $python_path = "${home}/virtualenv/bin/python" | |
102 | file { "$caldance_app/manage.py": | |
103 | owner => $user, | |
104 | group => $group, | |
105 | mode => "0755", | |
106 | content => template("role/caldance/manage.py.erb"), | |
107 | require => [ | |
108 | User["$user:"], | |
109 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], | |
110 | ], | |
111 | } | |
112 | ||
113 | profile::postgresql::master { "postgresql master for caldance": | |
114 | letsencrypt_host => $web_host, | |
115 | backup_hosts => ["backup-1"], | |
116 | } | |
117 | ||
118 | postgresql::server::db { $pg_db: | |
119 | user => $pg_user, | |
120 | password => postgresql_password($pg_user, $pg_password), | |
121 | } | |
122 | ||
b3ac23bb IB |
123 | # pour le script de génération de mdp |
124 | ensure_packages(["perl-digest-sha1"]) | |
125 | ||
a25b5f82 | 126 | ensure_packages(["postgis", "python-gdal", "ripgrep"]) |
b3ac23bb IB |
127 | file { "/usr/local/bin/ldap_ssha": |
128 | owner => "root", | |
129 | group => "root", | |
130 | mode => "0755", | |
131 | source => "puppet:///modules/base_installation/scripts/ldap_ssha", | |
132 | require => Package["perl-digest-sha1"], | |
133 | } | |
a25b5f82 IB |
134 | |
135 | sudo::conf { 'wheel_nopasswd': | |
136 | priority => 99, | |
137 | content => "%wheel ALL=(ALL) NOPASSWD: ALL", | |
138 | require => Package["sudo"], | |
139 | } | |
140 | ||
141 | ensure_packages(["mod_wsgi"]) | |
142 | class { 'apache::mod::wsgi': | |
143 | wsgi_python_home => "$web_home/caldev_virtualenv", | |
144 | wsgi_python_path => "$web_home/caldev/www.cal-dance.com/", | |
145 | require => Package["mod_wsgi"], | |
146 | } | |
147 | class { 'apache::mod::authn_file': } | |
148 | class { 'apache::mod::authn_core': } | |
149 | class { 'apache::mod::authz_user': } | |
150 | class { 'apache::mod::auth_basic': } | |
151 | ||
152 | apache::vhost { $web_host: | |
153 | port => '443', | |
154 | docroot => false, | |
155 | manage_docroot => false, | |
156 | ssl => true, | |
157 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", | |
158 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", | |
159 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", | |
160 | require => Letsencrypt::Certonly[$web_host], | |
161 | directories => [ | |
162 | { | |
163 | path => "$web_home/caldev/www.cal-dance.com/main_app", | |
164 | require => "all granted", | |
165 | }, | |
166 | { | |
167 | path => "$web_home/caldev/www.cal-dance.com/www/static", | |
168 | require => "all granted", | |
169 | }, | |
170 | { | |
171 | path => "/", | |
172 | provider => "location", | |
173 | require => "valid-user", | |
174 | auth_type => "Basic", | |
175 | auth_name => "Authentification requise", | |
176 | auth_user_file => "$web_home/caldev/.htpasswd", | |
177 | }, | |
178 | ], | |
179 | aliases => [ | |
180 | { | |
181 | alias => "/static/", | |
182 | path => "$web_home/caldev/www.cal-dance.com/www/static/", | |
183 | }, | |
184 | ], | |
185 | wsgi_script_aliases => { "/" => "$web_home/caldev/www.cal-dance.com/main_app/wsgi.py" }; | |
186 | default: * => $::profile::apache::apache_vhost_default; | |
187 | } | |
851ca3c6 | 188 | } |