class role::caldance (
+ String $user,
+ String $group,
+ String $home,
+ String $web_host,
+ String $pg_user,
+ String $pg_db,
+ String $mail_from,
+ String $smtp_host,
+ String $smtp_port,
+ Optional[String] $pg_hostname = "/run/postgresql",
+ Optional[String] $pg_port = "5432",
+ Optional[String] $caldance_version = undef,
+ Optional[String] $caldance_sha256 = undef,
) {
+ $password_seed = lookup("base_installation::puppet_pass_seed")
+ $web_home = "/home/simon_descarpentries"
include "base_installation"
include "profile::tools"
ensure_packages(["python-pip", "python-virtualenv", "python-django"])
+ $caldance_app = "${home}/app"
+
+ file { $caldance_app:
+ ensure => "directory",
+ mode => "0755",
+ owner => $user,
+ group => $group,
+ require => User["$user:"],
+ }
+
+ exec { "initialize_venv":
+ user => $user,
+ require => User["$user:"],
+ command => "/usr/bin/virtualenv ${home}/virtualenv",
+ creates => "${home}/virtualenv",
+ }
+ ->
+ archive { "${home}/caldance_${caldance_version}.tar.gz":
+ path => "${home}/caldance_${caldance_version}.tar.gz",
+ source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz",
+ checksum_type => "sha256",
+ checksum => $caldance_sha256,
+ cleanup => false,
+ extract => true,
+ user => $user,
+ username => lookup("base_installation::ldap_cn"),
+ password => generate_password(24, $password_seed, "ldap"),
+ extract_path => $caldance_app,
+ require => [User["$user:"], File[$caldance_app]],
+ } ~>
+ exec { "py-requirements":
+ cwd => $caldance_app,
+ user => $user,
+ environment => ["HOME=${home}"],
+ command => "${home}/virtualenv/bin/pip install -r requirements.txt",
+ require => User["$user:"],
+ refreshonly => true,
+ } ~>
+ exec { "py-migrate":
+ cwd => $caldance_app,
+ user => $user,
+ environment => ["HOME=${home}"],
+ command => "$caldance_app/manage.py migrate",
+ require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]],
+ refreshonly => true,
+ } ~>
+ exec { "py-static":
+ cwd => $caldance_app,
+ user => $user,
+ environment => ["HOME=${home}"],
+ command => "$caldance_app/manage.py collectstatic --no-input",
+ require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]],
+ refreshonly => true,
+ } ~>
+ exec { "reload httpd":
+ command => "/usr/bin/systemctl reload httpd",
+ require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]],
+ refreshonly => true,
+ }
+
+ $pg_password = generate_password(24, $password_seed, "postgres_caldance")
+ $secret_key = generate_password(24, $password_seed, "secret_key_caldance")
+ file { "$caldance_app/main_app/local_settings.py":
+ owner => $user,
+ group => $group,
+ mode => "0644",
+ content => template("role/caldance/local_settings.py.erb"),
+ require => [
+ User["$user:"],
+ Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
+ ],
+ }
+
+ $python_path = "${home}/virtualenv/bin/python"
+ file { "$caldance_app/manage.py":
+ owner => $user,
+ group => $group,
+ mode => "0755",
+ content => template("role/caldance/manage.py.erb"),
+ require => [
+ User["$user:"],
+ Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
+ ],
+ }
+
+ profile::postgresql::master { "postgresql master for caldance":
+ letsencrypt_host => $web_host,
+ backup_hosts => ["backup-1"],
+ }
+
+ postgresql::server::db { $pg_db:
+ user => $pg_user,
+ password => postgresql_password($pg_user, $pg_password),
+ }
+
# pour le script de génération de mdp
ensure_packages(["perl-digest-sha1"])
+ ensure_packages(["postgis", "python-gdal", "ripgrep"])
file { "/usr/local/bin/ldap_ssha":
owner => "root",
group => "root",
source => "puppet:///modules/base_installation/scripts/ldap_ssha",
require => Package["perl-digest-sha1"],
}
+
+ sudo::conf { 'wheel_nopasswd':
+ priority => 99,
+ content => "%wheel ALL=(ALL) NOPASSWD: ALL",
+ require => Package["sudo"],
+ }
+
+ ensure_packages(["mod_wsgi"])
+ class { 'apache::mod::wsgi':
+ wsgi_python_home => "$web_home/caldev_virtualenv",
+ wsgi_python_path => "$web_home/caldev/www.cal-dance.com/",
+ require => Package["mod_wsgi"],
+ }
+ class { 'apache::mod::authn_file': }
+ class { 'apache::mod::authn_core': }
+ class { 'apache::mod::authz_user': }
+ class { 'apache::mod::auth_basic': }
+
+ apache::vhost { $web_host:
+ port => '443',
+ docroot => false,
+ manage_docroot => false,
+ ssl => true,
+ ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
+ ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
+ ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
+ require => Letsencrypt::Certonly[$web_host],
+ directories => [
+ {
+ path => "$web_home/caldev/www.cal-dance.com/main_app",
+ require => "all granted",
+ },
+ {
+ path => "$web_home/caldev/www.cal-dance.com/www/static",
+ require => "all granted",
+ },
+ {
+ path => "/",
+ provider => "location",
+ require => "valid-user",
+ auth_type => "Basic",
+ auth_name => "Authentification requise",
+ auth_user_file => "$web_home/caldev/.htpasswd",
+ },
+ ],
+ aliases => [
+ {
+ alias => "/static/",
+ path => "$web_home/caldev/www.cal-dance.com/www/static/",
+ },
+ ],
+ wsgi_script_aliases => { "/" => "$web_home/caldev/www.cal-dance.com/main_app/wsgi.py" };
+ default: * => $::profile::apache::apache_vhost_default;
+ }
}
projects / perso / Immae / Projets / Puppet.git / commitdiff
