modules/role/manifests/caldance.pp

   1 class role::caldance (
   2   String           $user,
   3   String           $group,
   4   String           $home,
   5   String           $web_host,
   6   String           $pg_user,
   7   String           $pg_db,
   8   String           $mail_from,
   9   String           $smtp_host,
  10   String           $smtp_port,
  11   Optional[String] $pg_hostname      = "/run/postgresql",
  12   Optional[String] $pg_port          = "5432",
  13   Optional[String] $caldance_version = undef,
  14   Optional[String] $caldance_sha256  = undef,
  15 ) {
  16   $password_seed = lookup("base_installation::puppet_pass_seed")
  17   $web_home = "/home/simon_descarpentries"
  18   include "base_installation"
  19
  20   include "profile::tools"
  21   include "profile::postgresql"
  22   include "profile::apache"
  23   include "profile::redis"
  24   include "profile::monitoring"
  25
  26   ensure_packages(["python-pip", "python-virtualenv", "python-django"])
  27
  28   $caldance_app = "${home}/app"
  29   $pg_password = generate_password(24, $password_seed, "postgres_caldance")
  30   $secret_key = generate_password(24, $password_seed, "secret_key_caldance")
  31
  32   $environment = {
  33     "DB_NAME"     => $pg_db,
  34     "DB_USER"     => $pg_user,
  35     "DB_PASSWORD" => $pg_password,
  36     "DB_HOST"     => $pg_hostname,
  37     "DB_PORT"     => $pg_port,
  38     "SECRET_KEY"  => $secret_key,
  39     "DEBUG"       => "False",
  40     "LOG_FILE"    => "$home/caldev_django.log",
  41     "FROM_EMAIL"  => $mail_from,
  42     "EMAIL_HOST"  => $smtp_host,
  43     "EMAIL_PORT"  => $smtp_port,
  44   }
  45   $shell_env = $environment.map |$key, $value| { "$key=$value" }
  46   $apache_env = $environment.map |$key, $value| { "CALDANCE_$key   $value" }
  47
  48   file { $home:
  49     mode => "0755",
  50   }
  51   file { "${home}/caldev_django.log":
  52     mode    => "0664",
  53     owner   => $user,
  54     group   => "http",
  55   }
  56
  57   file { $caldance_app:
  58     ensure  => "directory",
  59     mode    => "0755",
  60     owner   => $user,
  61     group   => $group,
  62     require => User["$user:"],
  63   }
  64
  65   exec { "initialize_venv":
  66     user    => $user,
  67     require => User["$user:"],
  68     command => "/usr/bin/virtualenv ${home}/virtualenv",
  69     creates => "${home}/virtualenv",
  70   }
  71   ->
  72   archive { "${home}/caldance_${caldance_version}.tar.gz":
  73     path          => "${home}/caldance_${caldance_version}.tar.gz",
  74     source        => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz",
  75     checksum_type => "sha256",
  76     checksum      => $caldance_sha256,
  77     cleanup       => false,
  78     extract       => true,
  79     user          => $user,
  80     username      => lookup("base_installation::ldap_cn"),
  81     password      => generate_password(24, $password_seed, "ldap"),
  82     extract_path  => $caldance_app,
  83     require       => [User["$user:"], File[$caldance_app]],
  84   } ~>
  85   exec { "py-requirements":
  86     cwd         => $caldance_app,
  87     user        => $user,
  88     environment => concat(["HOME=${home}"], $shell_env),
  89     command     => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt --upgrade",
  90     require     => User["$user:"],
  91     refreshonly => true,
  92   } ~>
  93   exec { "py-migrate":
  94     cwd         => $caldance_app,
  95     user        => $user,
  96     environment => concat(["HOME=${home}"], $shell_env),
  97     command     => "$caldance_app/manage.py migrate",
  98     require     => [User["$user:"], File["$caldance_app/manage.py"]],
  99     refreshonly => true,
 100   } ~>
 101   exec { "py-static":
 102     cwd         => $caldance_app,
 103     user        => $user,
 104     environment => concat(["HOME=${home}"], $shell_env),
 105     command     => "$caldance_app/manage.py collectstatic --no-input",
 106     require     => [User["$user:"], File["$caldance_app/manage.py"]],
 107     refreshonly => true,
 108   } ~>
 109   exec { "reload httpd":
 110     command     => "/usr/bin/systemctl reload httpd",
 111     require     => [User["$user:"], File["$caldance_app/manage.py"]],
 112     refreshonly => true,
 113   }
 114
 115   $python_path = "${home}/virtualenv/bin/python"
 116   file { "$caldance_app/manage.py":
 117     owner   => $user,
 118     group   => $group,
 119     mode    => "0755",
 120     content => template("role/caldance/manage.py.erb"),
 121     require => [
 122       User["$user:"],
 123       Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
 124     ],
 125   }
 126
 127   profile::postgresql::master { "postgresql master for caldance":
 128     letsencrypt_host => $web_host,
 129     backup_hosts     => ["backup-1"],
 130   }
 131
 132   postgresql::server::db { $pg_db:
 133     user     =>  $pg_user,
 134     password =>  postgresql_password($pg_user, $pg_password),
 135   }
 136
 137   # pour le script de génération de mdp
 138   ensure_packages(["perl-digest-sha1"])
 139
 140   ensure_packages(["postgis", "python-gdal", "ripgrep"])
 141   file { "/usr/local/bin/ldap_ssha":
 142     owner   => "root",
 143     group   => "root",
 144     mode    => "0755",
 145     source  => "puppet:///modules/base_installation/scripts/ldap_ssha",
 146     require => Package["perl-digest-sha1"],
 147   }
 148
 149   sudo::conf { 'wheel_nopasswd':
 150     priority => 99,
 151     content  => "%wheel ALL=(ALL) NOPASSWD: ALL",
 152     require  => Package["sudo"],
 153   }
 154
 155   ensure_packages(["mod_wsgi"])
 156   class { 'apache::mod::wsgi':
 157     wsgi_python_home => "${home}/virtualenv",
 158     wsgi_python_path => $caldance_app,
 159     require          => Package["mod_wsgi"],
 160   }
 161   class { 'apache::mod::authn_file': }
 162   class { 'apache::mod::authn_core': }
 163   class { 'apache::mod::authz_user': }
 164   class { 'apache::mod::auth_basic': }
 165
 166   apache::vhost { $web_host:
 167     port                => '443',
 168     docroot             => false,
 169     manage_docroot      => false,
 170     ssl                 => true,
 171     ssl_cert            => "/etc/letsencrypt/live/$web_host/cert.pem",
 172     ssl_key             => "/etc/letsencrypt/live/$web_host/privkey.pem",
 173     ssl_chain           => "/etc/letsencrypt/live/$web_host/chain.pem",
 174     require             => Letsencrypt::Certonly[$web_host],
 175     directories         => [
 176       {
 177         path    => "$caldance_app/main_app",
 178         require => "all granted",
 179       },
 180       {
 181         path    => "$caldance_app/www/static",
 182         require => "all granted",
 183       },
 184       {
 185         path           => "/",
 186         provider       => "location",
 187         require        => "valid-user",
 188         auth_type      => "Basic",
 189         auth_name      => "Authentification requise",
 190         auth_user_file => "$web_home/caldev/.htpasswd",
 191       },
 192     ],
 193     aliases             => [
 194       {
 195         alias => "/static/",
 196         path => "$caldance_app/www/static/",
 197       },
 198     ],
 199     setenv              => $apache_env,
 200     wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" };
 201     default: *          => $::profile::apache::apache_vhost_default;
 202   }
 203 }