modules/role/manifests/caldance.pp

   1 class role::caldance (
   2   String           $user,
   3   String           $group,
   4   String           $home,
   5   String           $web_host,
   6   String           $pg_user,
   7   String           $pg_db,
   8   String           $mail_from,
   9   String           $smtp_host,
  10   String           $smtp_port,
  11   Optional[String] $pg_hostname      = "/run/postgresql",
  12   Optional[String] $pg_port          = "5432",
  13   Optional[String] $caldance_version = undef,
  14   Optional[String] $caldance_sha256  = undef,
  15 ) {
  16   $password_seed = lookup("base_installation::puppet_pass_seed")
  17   include "base_installation"
  18
  19   include "profile::tools"
  20   include "profile::postgresql"
  21   include "profile::apache"
  22   include "profile::redis"
  23   include "profile::monitoring"
  24
  25   ensure_packages(["python-pip", "python-virtualenv", "python-django"])
  26
  27   $caldance_app = "${home}/app"
  28   $pg_password = generate_password(24, $password_seed, "postgres_caldance")
  29   $secret_key = generate_password(24, $password_seed, "secret_key_caldance")
  30
  31   $environment = {
  32     "DB_NAME"     => $pg_db,
  33     "DB_USER"     => $pg_user,
  34     "DB_PASSWORD" => $pg_password,
  35     "DB_HOST"     => $pg_hostname,
  36     "DB_PORT"     => $pg_port,
  37     "SECRET_KEY"  => $secret_key,
  38     "DEBUG"       => "False",
  39     "LOG_FILE"    => "$home/caldev_django.log",
  40     "FROM_EMAIL"  => $mail_from,
  41     "EMAIL_HOST"  => $smtp_host,
  42     "EMAIL_PORT"  => $smtp_port,
  43   }
  44   $shell_env = $environment.map |$key, $value| { "$key=$value" }
  45   $apache_env = $environment.map |$key, $value| { "CALDANCE_$key   $value" }
  46
  47   file { $home:
  48     mode => "0755",
  49   }
  50   file { "${home}/caldev_django.log":
  51     mode    => "0664",
  52     owner   => $user,
  53     group   => "http",
  54   }
  55
  56   file { $caldance_app:
  57     ensure  => "directory",
  58     mode    => "0755",
  59     owner   => $user,
  60     group   => $group,
  61     require => User["$user:"],
  62   }
  63
  64   exec { "initialize_venv":
  65     user    => $user,
  66     require => User["$user:"],
  67     command => "/usr/bin/virtualenv ${home}/virtualenv",
  68     creates => "${home}/virtualenv",
  69   }
  70   ->
  71   archive { "${home}/caldance_${caldance_version}.tar.gz":
  72     path          => "${home}/caldance_${caldance_version}.tar.gz",
  73     source        => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz",
  74     checksum_type => "sha256",
  75     checksum      => $caldance_sha256,
  76     cleanup       => false,
  77     extract       => true,
  78     user          => $user,
  79     username      => lookup("base_installation::ldap_cn"),
  80     password      => generate_password(24, $password_seed, "ldap"),
  81     extract_path  => $caldance_app,
  82     require       => [User["$user:"], File[$caldance_app]],
  83   } ~>
  84   exec { "py-requirements":
  85     cwd         => $caldance_app,
  86     user        => $user,
  87     environment => concat(["HOME=${home}"], $shell_env),
  88     command     => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt --upgrade",
  89     require     => User["$user:"],
  90     refreshonly => true,
  91   } ~>
  92   exec { "py-migrate":
  93     cwd         => $caldance_app,
  94     user        => $user,
  95     environment => concat(["HOME=${home}"], $shell_env),
  96     command     => "$caldance_app/manage.py migrate",
  97     require     => [User["$user:"], File["$caldance_app/manage.py"]],
  98     refreshonly => true,
  99   } ~>
 100   exec { "py-static":
 101     cwd         => $caldance_app,
 102     user        => $user,
 103     environment => concat(["HOME=${home}"], $shell_env),
 104     command     => "$caldance_app/manage.py collectstatic --no-input",
 105     require     => [User["$user:"], File["$caldance_app/manage.py"]],
 106     refreshonly => true,
 107   } ~>
 108   exec { "reload httpd":
 109     command     => "/usr/bin/systemctl reload httpd",
 110     require     => [User["$user:"], File["$caldance_app/manage.py"]],
 111     refreshonly => true,
 112   }
 113
 114   $python_path = "${home}/virtualenv/bin/python"
 115   file { "$caldance_app/manage.py":
 116     owner   => $user,
 117     group   => $group,
 118     mode    => "0755",
 119     content => template("role/caldance/manage.py.erb"),
 120     require => [
 121       User["$user:"],
 122       Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
 123     ],
 124   }
 125
 126   profile::postgresql::master { "postgresql master for caldance":
 127     letsencrypt_host => $web_host,
 128     backup_hosts     => ["backup-1"],
 129   }
 130
 131   postgresql::server::db { $pg_db:
 132     user     =>  $pg_user,
 133     password =>  postgresql_password($pg_user, $pg_password),
 134   }
 135
 136   # pour le script de génération de mdp
 137   ensure_packages(["perl-digest-sha1"])
 138
 139   ensure_packages(["postgis", "python-gdal", "ripgrep"])
 140   file { "/usr/local/bin/ldap_ssha":
 141     owner   => "root",
 142     group   => "root",
 143     mode    => "0755",
 144     source  => "puppet:///modules/base_installation/scripts/ldap_ssha",
 145     require => Package["perl-digest-sha1"],
 146   }
 147
 148   sudo::conf { 'wheel_nopasswd':
 149     priority => 99,
 150     content  => "%wheel ALL=(ALL) NOPASSWD: ALL",
 151     require  => Package["sudo"],
 152   }
 153
 154   ensure_packages(["mod_wsgi"])
 155   class { 'apache::mod::wsgi':
 156     wsgi_python_home => "${home}/virtualenv",
 157     wsgi_python_path => $caldance_app,
 158     require          => Package["mod_wsgi"],
 159   }
 160   class { 'apache::mod::authn_file': }
 161   class { 'apache::mod::authn_core': }
 162   class { 'apache::mod::authz_user': }
 163   class { 'apache::mod::auth_basic': }
 164
 165   apache::vhost { $web_host:
 166     port                => '443',
 167     docroot             => false,
 168     manage_docroot      => false,
 169     ssl                 => true,
 170     ssl_cert            => "/etc/letsencrypt/live/$web_host/cert.pem",
 171     ssl_key             => "/etc/letsencrypt/live/$web_host/privkey.pem",
 172     ssl_chain           => "/etc/letsencrypt/live/$web_host/chain.pem",
 173     require             => Letsencrypt::Certonly[$web_host],
 174     directories         => [
 175       {
 176         path    => "$caldance_app/main_app",
 177         require => "all granted",
 178       },
 179       {
 180         path    => "$caldance_app/www/static",
 181         require => "all granted",
 182       },
 183       {
 184         path           => "/",
 185         provider       => "location",
 186         require        => "valid-user",
 187         auth_type      => "Basic",
 188         auth_name      => "Authentification requise",
 189         auth_user_file => "$home/htpasswd",
 190       },
 191     ],
 192     aliases             => [
 193       {
 194         alias => "/static/",
 195         path => "$caldance_app/www/static/",
 196       },
 197     ],
 198     setenv              => $apache_env,
 199     wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" };
 200     default: *          => $::profile::apache::apache_vhost_default;
 201   }
 202 }