]> git.immae.eu Git - perso/Immae/Projets/Puppet.git/blob - modules/role/manifests/caldance.pp
projects / perso / Immae / Projets / Puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add media root environment file
[perso/Immae/Projets/Puppet.git] / modules / role / manifests / caldance.pp
1 class role::caldance (
2 String $user,
3 String $group,
4 String $home,
5 String $web_host,
6 String $pg_user,
7 String $pg_db,
8 String $mail_from,
9 String $smtp_host,
10 String $smtp_port,
11 Optional[String] $pg_hostname = "/run/postgresql",
12 Optional[String] $pg_port = "5432",
13 Optional[String] $caldance_version = undef,
14 Optional[String] $caldance_sha256 = undef,
15 Optional[Array] $cron_pip = [],
16 ) {
17 $password_seed = lookup("base_installation::puppet_pass_seed")
18 include "base_installation"
19
20 include "profile::mail"
21 include "profile::tools"
22 include "profile::postgresql"
23 include "profile::apache"
24 include "profile::redis"
25 include "profile::monitoring"
26
27 ensure_packages(["python-pip", "python-virtualenv", "python-django"])
28
29 $caldance_app = "${home}/app"
30 $pg_password = generate_password(24, $password_seed, "postgres_caldance")
31 $secret_key = generate_password(24, $password_seed, "secret_key_caldance")
32
33 $environment = {
34 "DB_NAME" => $pg_db,
35 "DB_USER" => $pg_user,
36 "DB_PASSWORD" => $pg_password,
37 "DB_HOST" => $pg_hostname,
38 "DB_PORT" => $pg_port,
39 "SECRET_KEY" => $secret_key,
40 "DEBUG" => "False",
41 "LOG_FILE" => "$home/caldev_django.log",
42 "MEDIA_ROOT" => "$home/media",
43 "FROM_EMAIL" => $mail_from,
44 "EMAIL_HOST" => $smtp_host,
45 "EMAIL_PORT" => $smtp_port,
46 }
47 $shell_env = $environment.map |$key, $value| { "$key=$value" }
48 $apache_env = $environment.map |$key, $value| { "CALDANCE_$key $value" }
49
50 file { $home:
51 mode => "0755",
52 }
53 file { "${home}/caldev_django.log":
54 mode => "0664",
55 owner => $user,
56 group => "http",
57 }
58
59 file { $caldance_app:
60 ensure => "directory",
61 mode => "0755",
62 owner => $user,
63 group => $group,
64 require => User["$user:"],
65 } ->
66 file { "${home}/media":
67 ensure => "directory",
68 mode => "0755",
69 owner => "http",
70 group => "http",
71 }
72
73 exec { "initialize_venv":
74 user => $user,
75 require => User["$user:"],
76 command => "/usr/bin/virtualenv ${home}/virtualenv",
77 creates => "${home}/virtualenv",
78 }
79 ->
80 archive { "${home}/caldance_${caldance_version}.tar.gz":
81 path => "${home}/caldance_${caldance_version}.tar.gz",
82 source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz",
83 checksum_type => "sha256",
84 checksum => $caldance_sha256,
85 cleanup => false,
86 extract => true,
87 user => $user,
88 username => lookup("base_installation::ldap_cn"),
89 password => generate_password(24, $password_seed, "ldap"),
90 extract_path => $caldance_app,
91 require => [User["$user:"], File[$caldance_app]],
92 } ~>
93 exec { "py-requirements":
94 cwd => $caldance_app,
95 user => $user,
96 environment => concat(["HOME=${home}"], $shell_env),
97 command => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt --upgrade",
98 require => User["$user:"],
99 refreshonly => true,
100 } ~>
101 exec { "py-migrate":
102 cwd => $caldance_app,
103 user => $user,
104 environment => concat(["HOME=${home}"], $shell_env),
105 command => "$caldance_app/manage.py migrate",
106 require => [User["$user:"], File["$caldance_app/manage.py"]],
107 refreshonly => true,
108 } ~>
109 exec { "py-static":
110 cwd => $caldance_app,
111 user => $user,
112 environment => concat(["HOME=${home}"], $shell_env),
113 command => "$caldance_app/manage.py collectstatic --no-input",
114 require => [User["$user:"], File["$caldance_app/manage.py"]],
115 refreshonly => true,
116 } ~>
117 exec { "py-symlink-file":
118 cwd => $caldance_app,
119 user => $user,
120 environment => concat(["HOME=${home}"], $shell_env),
121 command => "/usr/bin/ln -sf ${home}/media www/media",
122 require => [User["$user:"], File["$caldance_app/manage.py"]],
123 refreshonly => true,
124 } ~>
125 exec { "reload httpd":
126 command => "/usr/bin/systemctl reload httpd",
127 require => [User["$user:"], File["$caldance_app/manage.py"]],
128 refreshonly => true,
129 }
130
131 $python_path = "${home}/virtualenv/bin/python"
132 file { "$caldance_app/manage.py":
133 owner => $user,
134 group => $group,
135 mode => "0755",
136 content => template("role/caldance/manage.py.erb"),
137 require => [
138 User["$user:"],
139 Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
140 ],
141 }
142
143 profile::postgresql::master { "postgresql master for caldance":
144 letsencrypt_host => $web_host,
145 backup_hosts => ["backup-1"],
146 }
147
148 postgresql::server::db { $pg_db:
149 user => $pg_user,
150 password => postgresql_password($pg_user, $pg_password),
151 }
152
153 # pour le script de génération de mdp
154 ensure_packages(["perl-digest-sha1"])
155
156 ensure_packages(["postgis", "python-gdal", "ripgrep"])
157 file { "/usr/local/bin/ldap_ssha":
158 owner => "root",
159 group => "root",
160 mode => "0755",
161 source => "puppet:///modules/base_installation/scripts/ldap_ssha",
162 require => Package["perl-digest-sha1"],
163 }
164
165 sudo::conf { 'wheel_nopasswd':
166 priority => 99,
167 content => "%wheel ALL=(ALL) NOPASSWD: ALL",
168 require => Package["sudo"],
169 }
170
171 ensure_packages(["mod_wsgi"])
172 class { 'apache::mod::wsgi':
173 wsgi_python_home => "${home}/virtualenv",
174 wsgi_python_path => $caldance_app,
175 require => Package["mod_wsgi"],
176 }
177 class { 'apache::mod::authn_file': }
178 class { 'apache::mod::authn_core': }
179 class { 'apache::mod::authz_user': }
180 class { 'apache::mod::auth_basic': }
181
182 apache::vhost { $web_host:
183 port => '443',
184 docroot => false,
185 manage_docroot => false,
186 ssl => true,
187 ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
188 ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
189 ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
190 require => Letsencrypt::Certonly[$web_host],
191 directories => [
192 {
193 path => "$caldance_app/main_app",
194 require => "all granted",
195 },
196 {
197 path => "$caldance_app/www/static",
198 require => "all granted",
199 },
200 {
201 path => "/",
202 provider => "location",
203 require => "valid-user",
204 auth_type => "Basic",
205 auth_name => "Authentification requise",
206 auth_user_file => "$home/htpasswd",
207 },
208 ],
209 aliases => [
210 {
211 alias => "/static/",
212 path => "$caldance_app/www/static/",
213 },
214 ],
215 setenv => $apache_env,
216 wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" };
217 default: * => $::profile::apache::apache_vhost_default;
218 }
219
220 $mailtos = join($cron_pip, ",")
221 cron::job { "list_outdated_pip_packages":
222 ensure => present,
223 user => $user,
224 environment => concat(["HOME=${home}","MAILTO=${mailtos}"], $shell_env),
225 command => "${home}/virtualenv/bin/pip list --outdated",
226 minute => "15",
227 hour => "0",
228 require => Exec["initialize_venv"],
229 }
230 }
My infrastructure configuration - Deprecated, replaced with Nix