11 Optional[String] $pg_hostname = "/run/postgresql",
12 Optional[String] $pg_port = "5432",
13 Optional[String] $caldance_version = undef,
14 Optional[String] $caldance_sha256 = undef,
15 Optional[Array] $cron_pip = [],
17 $password_seed = lookup("base_installation::puppet_pass_seed")
18 include "base_installation"
20 include "profile::mail"
21 include "profile::tools"
22 include "profile::postgresql"
23 include "profile::apache"
24 include "profile::redis"
25 include "profile::monitoring"
27 ensure_packages(["python-pip", "python-virtualenv", "python-django"])
29 $caldance_app = "${home}/app"
30 $pg_password = generate_password(24, $password_seed, "postgres_caldance")
31 $secret_key = generate_password(24, $password_seed, "secret_key_caldance")
35 "DB_USER" => $pg_user,
36 "DB_PASSWORD" => $pg_password,
37 "DB_HOST" => $pg_hostname,
38 "DB_PORT" => $pg_port,
39 "SECRET_KEY" => $secret_key,
41 "LOG_FILE" => "$home/caldev_django.log",
42 "FROM_EMAIL" => $mail_from,
43 "EMAIL_HOST" => $smtp_host,
44 "EMAIL_PORT" => $smtp_port,
46 $shell_env = $environment.map |$key, $value| { "$key=$value" }
47 $apache_env = $environment.map |$key, $value| { "CALDANCE_$key $value" }
52 file { "${home}/caldev_django.log":
59 ensure => "directory",
63 require => User["$user:"],
66 exec { "initialize_venv":
68 require => User["$user:"],
69 command => "/usr/bin/virtualenv ${home}/virtualenv",
70 creates => "${home}/virtualenv",
73 archive { "${home}/caldance_${caldance_version}.tar.gz":
74 path => "${home}/caldance_${caldance_version}.tar.gz",
75 source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz",
76 checksum_type => "sha256",
77 checksum => $caldance_sha256,
81 username => lookup("base_installation::ldap_cn"),
82 password => generate_password(24, $password_seed, "ldap"),
83 extract_path => $caldance_app,
84 require => [User["$user:"], File[$caldance_app]],
86 exec { "py-requirements":
89 environment => concat(["HOME=${home}"], $shell_env),
90 command => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt --upgrade",
91 require => User["$user:"],
97 environment => concat(["HOME=${home}"], $shell_env),
98 command => "$caldance_app/manage.py migrate",
99 require => [User["$user:"], File["$caldance_app/manage.py"]],
103 cwd => $caldance_app,
105 environment => concat(["HOME=${home}"], $shell_env),
106 command => "$caldance_app/manage.py collectstatic --no-input",
107 require => [User["$user:"], File["$caldance_app/manage.py"]],
110 exec { "reload httpd":
111 command => "/usr/bin/systemctl reload httpd",
112 require => [User["$user:"], File["$caldance_app/manage.py"]],
116 $python_path = "${home}/virtualenv/bin/python"
117 file { "$caldance_app/manage.py":
121 content => template("role/caldance/manage.py.erb"),
124 Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
128 profile::postgresql::master { "postgresql master for caldance":
129 letsencrypt_host => $web_host,
130 backup_hosts => ["backup-1"],
133 postgresql::server::db { $pg_db:
135 password => postgresql_password($pg_user, $pg_password),
138 # pour le script de génération de mdp
139 ensure_packages(["perl-digest-sha1"])
141 ensure_packages(["postgis", "python-gdal", "ripgrep"])
142 file { "/usr/local/bin/ldap_ssha":
146 source => "puppet:///modules/base_installation/scripts/ldap_ssha",
147 require => Package["perl-digest-sha1"],
150 sudo::conf { 'wheel_nopasswd':
152 content => "%wheel ALL=(ALL) NOPASSWD: ALL",
153 require => Package["sudo"],
156 ensure_packages(["mod_wsgi"])
157 class { 'apache::mod::wsgi':
158 wsgi_python_home => "${home}/virtualenv",
159 wsgi_python_path => $caldance_app,
160 require => Package["mod_wsgi"],
162 class { 'apache::mod::authn_file': }
163 class { 'apache::mod::authn_core': }
164 class { 'apache::mod::authz_user': }
165 class { 'apache::mod::auth_basic': }
167 apache::vhost { $web_host:
170 manage_docroot => false,
172 ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
173 ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
174 ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
175 require => Letsencrypt::Certonly[$web_host],
178 path => "$caldance_app/main_app",
179 require => "all granted",
182 path => "$caldance_app/www/static",
183 require => "all granted",
187 provider => "location",
188 require => "valid-user",
189 auth_type => "Basic",
190 auth_name => "Authentification requise",
191 auth_user_file => "$home/htpasswd",
197 path => "$caldance_app/www/static/",
200 setenv => $apache_env,
201 wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" };
202 default: * => $::profile::apache::apache_vhost_default;
205 $mailtos = join($cron_pip, ",")
206 cron::job { "list_outdated_pip_packages":
209 environment => concat(["HOME=${home}","MAILTO=${mailtos}"], $shell_env),
210 command => "${home}/virtualenv/bin/pip list --outdated",
213 require => Exec["initialize_venv"],