X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FProjets%2FPuppet.git;a=blobdiff_plain;f=modules%2Frole%2Fmanifests%2Fcaldance.pp;h=edf5790b25baa1c41879d296d4573b7b654aca7b;hp=2794e00ed519f82173cc5b807a612c9df5cc3901;hb=78df3a44178b9f807531e11c3f95329a8194a76b;hpb=459e12d0a5dc1984ae9642f6aa453f371d2d161f

diff --git a/modules/role/manifests/caldance.pp b/modules/role/manifests/caldance.pp
index 2794e00..edf5790 100644
--- a/modules/role/manifests/caldance.pp
+++ b/modules/role/manifests/caldance.pp
@@ -24,11 +24,12 @@ class role::caldance (
   include "profile::redis"
   include "profile::monitoring"
 
-  ensure_packages(["python-pip", "python-virtualenv", "python-django"])
+  ensure_packages(["python-pip", "python-virtualenv", "python-django", "uwsgi-plugin-python"])
 
   $caldance_app = "${home}/app"
   $pg_password = generate_password(24, $password_seed, "postgres_caldance")
   $secret_key = generate_password(24, $password_seed, "secret_key_caldance")
+  $socket = "/run/caldance/app.sock"
 
   $environment = {
     "DB_NAME"     => $pg_db,
@@ -39,12 +40,8 @@ class role::caldance (
     "SECRET_KEY"  => $secret_key,
     "DEBUG"       => "False",
     "LOG_FILE"    => "$home/caldev_django.log",
-    "FROM_EMAIL"  => $mail_from,
-    "EMAIL_HOST"  => $smtp_host,
-    "EMAIL_PORT"  => $smtp_port,
+    "MEDIA_ROOT"  => "$home/media",
   }
-  $shell_env = $environment.map |$key, $value| { "$key=$value" }
-  $apache_env = $environment.map |$key, $value| { "CALDANCE_$key   $value" }
 
   file { $home:
     mode => "0755",
@@ -65,8 +62,8 @@ class role::caldance (
   file { "${home}/media":
     ensure => "directory",
     mode   => "0755",
-    owner  => "http",
-    group  => "http",
+    owner  => $user,
+    group  => $group,
   }
 
   exec { "initialize_venv":
@@ -92,7 +89,7 @@ class role::caldance (
   exec { "py-requirements":
     cwd         => $caldance_app,
     user        => $user,
-    environment => concat(["HOME=${home}"], $shell_env),
+    environment => ["HOME=${home}"],
     command     => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt --upgrade",
     require     => User["$user:"],
     refreshonly => true,
@@ -100,39 +97,43 @@ class role::caldance (
   exec { "py-migrate":
     cwd         => $caldance_app,
     user        => $user,
-    environment => concat(["HOME=${home}"], $shell_env),
-    command     => "$caldance_app/manage.py migrate",
-    require     => [User["$user:"], File["$caldance_app/manage.py"]],
+    environment => ["HOME=${home}"],
+    command     => "$caldance_app/manage migrate",
+    require     => [User["$user:"], File["$caldance_app/manage"]],
     refreshonly => true,
   } ~>
   exec { "py-static":
     cwd         => $caldance_app,
     user        => $user,
-    environment => concat(["HOME=${home}"], $shell_env),
-    command     => "$caldance_app/manage.py collectstatic --no-input",
-    require     => [User["$user:"], File["$caldance_app/manage.py"]],
+    environment => ["HOME=${home}"],
+    command     => "$caldance_app/manage collectstatic --no-input",
+    require     => [User["$user:"], File["$caldance_app/manage"]],
     refreshonly => true,
   } ~>
-  exec { "py-symlink-file":
-    cwd         => $caldance_app,
-    user        => $user,
-    environment => concat(["HOME=${home}"], $shell_env),
-    command     => "/usr/bin/ln -sf ${home}/media www/media",
-    require     => [User["$user:"], File["$caldance_app/manage.py"]],
-    refreshonly => true,
-  } ~>
-  exec { "reload httpd":
-    command     => "/usr/bin/systemctl reload httpd",
-    require     => [User["$user:"], File["$caldance_app/manage.py"]],
+  exec { "restart uwsgi application":
+    command     => "/usr/bin/systemctl restart caldance-app.service",
+    require     => [User["$user:"], File["$caldance_app/app.ini"]],
     refreshonly => true,
   }
 
+  $uwsgi_path = "${home}/virtualenv/bin/uwsgi"
   $python_path = "${home}/virtualenv/bin/python"
-  file { "$caldance_app/manage.py":
+  file { "$caldance_app/manage":
     owner   => $user,
     group   => $group,
     mode    => "0755",
-    content => template("role/caldance/manage.py.erb"),
+    content => template("role/caldance/manage.sh.erb"),
+    require => [
+      User["$user:"],
+      Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
+    ],
+  }
+
+  file { "$caldance_app/app.ini":
+    owner   => $user,
+    group   => $group,
+    mode    => "0644",
+    content => template("role/caldance/app.ini.erb"),
     require => [
       User["$user:"],
       Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
@@ -177,17 +178,28 @@ class role::caldance (
   class { 'apache::mod::authn_core': }
   class { 'apache::mod::authz_user': }
   class { 'apache::mod::auth_basic': }
+  class { 'apache::mod::proxy': }
+  apache::mod { 'proxy_uwsgi': }
 
   apache::vhost { $web_host:
-    port                => '443',
-    docroot             => false,
-    manage_docroot      => false,
-    ssl                 => true,
-    ssl_cert            => "/etc/letsencrypt/live/$web_host/cert.pem",
-    ssl_key             => "/etc/letsencrypt/live/$web_host/privkey.pem",
-    ssl_chain           => "/etc/letsencrypt/live/$web_host/chain.pem",
-    require             => Letsencrypt::Certonly[$web_host],
-    directories         => [
+    port                 => '443',
+    docroot              => false,
+    manage_docroot       => false,
+    ssl                  => true,
+    ssl_cert             => "/etc/letsencrypt/live/$web_host/cert.pem",
+    ssl_key              => "/etc/letsencrypt/live/$web_host/privkey.pem",
+    ssl_chain            => "/etc/letsencrypt/live/$web_host/chain.pem",
+    require              => Letsencrypt::Certonly[$web_host],
+    proxy_preserve_host  => true,
+    proxy_pass           => [
+      {
+        path          => "/",
+        url           => "unix:$socket|uwsgi://caldance-app/",
+        reverse_urls  => [],
+        no_proxy_uris => [ "/media/", "/static/" ],
+      }
+    ],
+    directories          => [
       {
         path    => "$caldance_app/main_app",
         require => "all granted",
@@ -196,6 +208,11 @@ class role::caldance (
         path    => "$caldance_app/www/static",
         require => "all granted",
       },
+      {
+        path    => "$home/media",
+        require => "all granted",
+        options => ["-Indexes"],
+      },
       {
         path           => "/",
         provider       => "location",
@@ -205,22 +222,36 @@ class role::caldance (
         auth_user_file => "$home/htpasswd",
       },
     ],
-    aliases             => [
+    aliases              => [
       {
         alias => "/static/",
         path => "$caldance_app/www/static/",
       },
-    ],
-    setenv              => $apache_env,
-    wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" };
-    default: *          => $::profile::apache::apache_vhost_default;
+      {
+        alias => "/media/",
+        path => "$home/media/",
+      },
+    ];
+    default: *           => $::profile::apache::apache_vhost_default;
+  }
+
+  file { "/etc/systemd/system/caldance-app.service":
+    mode    => "0644",
+    owner   => "root",
+    group   => "root",
+    content => template("role/caldance/caldance-app.service.erb"),
+    require => File["$caldance_app/app.ini"],
+  } ->
+  service { "caldance-app":
+    ensure => "running",
+    enable => true
   }
 
   $mailtos = join($cron_pip, ",")
   cron::job { "list_outdated_pip_packages":
     ensure      => present,
     user        => $user,
-    environment => concat(["HOME=${home}","MAILTO=${mailtos}"], $shell_env),
+    environment => ["HOME=${home}","MAILTO=${mailtos}"],
     command     => "${home}/virtualenv/bin/pip list --outdated",
     minute      => "15",
     hour        => "0",