Merge branch 'dev'

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-03-25 23:28:05 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-03-25 23:28:05 +0100
commit: 76b586ae2af1c176b5532203bf311c02ee97f908 (patch)
tree: 9a1da249d6a3e0fed69ffb56779ce9bce45f6175
parent: cae6a42ee4c8fd37cf14f0bcc96a5a9d4193e32c (diff)
parent: d3948290aadf6050d4ad89b4fb1be99c7451f0c8 (diff)
download: Puppet-76b586ae2af1c176b5532203bf311c02ee97f908.tar.gz
Puppet-76b586ae2af1c176b5532203bf311c02ee97f908.tar.zst
Puppet-76b586ae2af1c176b5532203bf311c02ee97f908.zip
4 files changed, 206 insertions, 0 deletions
diff --git a/environments/global/roles/caldance.yaml b/environments/global/roles/caldance.yaml
index 1dc7fa8..98382bf 100644
--- a/environments/global/roles/caldance.yaml
+++ b/environments/global/roles/caldance.yaml
@@ -2,3 +2,11 @@
 classes:
  role::caldance: ~
 letsencrypt::hosts: "%{lookup('base_installation::system_hostname')}"
+role::caldance::user: "caldance"
+role::caldance::group: "caldance"
+role::caldance::home: "/home/caldance"
+role::caldance::web_host: "%{lookup('base_installation::system_hostname')}"
+base_installation::system_users:
+  - username: "%{lookup('role::caldance::user')}"
+    system: true
+    password: "!!"
diff --git a/environments/integration/roles/caldance.yaml b/environments/integration/roles/caldance.yaml
new file mode 100644
index 0000000..6a8ef9a
--- /dev/null
+++ b/environments/integration/roles/caldance.yaml
@@ -0,0 +1,8 @@
+---
+role::caldance::caldance_version: ~ # Overriden in LDAP
+role::caldance::caldance_sha256: ~
+role::caldance::pg_db: "caldev"
+role::caldance::pg_user: "caldev"
+role::caldance::mail_from: "caldev-nepasrepondre@mail.immae.eu"
+role::caldance::smtp_host: "mail.immae.eu"
+role::caldance::smtp_port: "465"
diff --git a/modules/role/manifests/caldance.pp b/modules/role/manifests/caldance.pp
index 63dda1f..df8b56f 100644
--- a/modules/role/manifests/caldance.pp
+++ b/modules/role/manifests/caldance.pp
@@ -1,5 +1,20 @@
 class role::caldance (
+  String           $user,
+  String           $group,
+  String           $home,
+  String           $web_host,
+  String           $pg_user,
+  String           $pg_db,
+  String           $mail_from,
+  String           $smtp_host,
+  String           $smtp_port,
+  Optional[String] $pg_hostname      = "/run/postgresql",
+  Optional[String] $pg_port          = "5432",
+  Optional[String] $caldance_version = undef,
+  Optional[String] $caldance_sha256  = undef,
 ) {
+  $password_seed = lookup("base_installation::puppet_pass_seed")
+  $web_home = "/home/simon_descarpentries"
  include "base_installation"
  include "profile::tools"
@@ -10,9 +25,120 @@ class role::caldance (
  ensure_packages(["python-pip", "python-virtualenv", "python-django"])
+  $caldance_app = "${home}/app"
+  $pg_password = generate_password(24, $password_seed, "postgres_caldance")
+  $secret_key = generate_password(24, $password_seed, "secret_key_caldance")
+  $environment = {
+    "DB_NAME"     => $pg_db,
+    "DB_USER"     => $pg_user,
+    "DB_PASSWORD" => $pg_password,
+    "DB_HOST"     => $pg_hostname,
+    "DB_PORT"     => $pg_port,
+    "SECRET_KEY"  => $secret_key,
+    "DEBUG"       => "False",
+    "LOG_FILE"    => "$home/caldev_django.log",
+    "FROM_EMAIL"  => $mail_from,
+    "EMAIL_HOST"  => $smtp_host,
+    "EMAIL_PORT"  => $smtp_port,
+  }
+  $shell_env = $environment.map |$key, $value| { "$key=$value" }
+  $apache_env = $environment.map |$key, $value| { "CALDANCE_$key   $value" }
+  file { $home:
+    mode => "0755",
+  }
+  file { "${home}/caldev_django.log":
+    mode    => "0664",
+    owner   => $user,
+    group   => "http",
+    content => "",
+  }
+  file { $caldance_app:
+    ensure  => "directory",
+    mode    => "0755",
+    owner   => $user,
+    group   => $group,
+    require => User["$user:"],
+  }
+  exec { "initialize_venv":
+    user    => $user,
+    require => User["$user:"],
+    command => "/usr/bin/virtualenv ${home}/virtualenv",
+    creates => "${home}/virtualenv",
+  }
+  ->
+  archive { "${home}/caldance_${caldance_version}.tar.gz":
+    path          => "${home}/caldance_${caldance_version}.tar.gz",
+    source        => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz",
+    checksum_type => "sha256",
+    checksum      => $caldance_sha256,
+    cleanup       => false,
+    extract       => true,
+    user          => $user,
+    username      => lookup("base_installation::ldap_cn"),
+    password      => generate_password(24, $password_seed, "ldap"),
+    extract_path  => $caldance_app,
+    require       => [User["$user:"], File[$caldance_app]],
+  } ~>
+  exec { "py-requirements":
+    cwd         => $caldance_app,
+    user        => $user,
+    environment => concat(["HOME=${home}"], $shell_env),
+    command     => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt",
+    require     => User["$user:"],
+    refreshonly => true,
+  } ~>
+  exec { "py-migrate":
+    cwd         => $caldance_app,
+    user        => $user,
+    environment => concat(["HOME=${home}"], $shell_env),
+    command     => "$caldance_app/manage.py migrate",
+    require     => [User["$user:"], File["$caldance_app/manage.py"]],
+    refreshonly => true,
+  } ~>
+  exec { "py-static":
+    cwd         => $caldance_app,
+    user        => $user,
+    environment => concat(["HOME=${home}"], $shell_env),
+    command     => "$caldance_app/manage.py collectstatic --no-input",
+    require     => [User["$user:"], File["$caldance_app/manage.py"]],
+    refreshonly => true,
+  } ~>
+  exec { "reload httpd":
+    command     => "/usr/bin/systemctl reload httpd",
+    require     => [User["$user:"], File["$caldance_app/manage.py"]],
+    refreshonly => true,
+  }
+  $python_path = "${home}/virtualenv/bin/python"
+  file { "$caldance_app/manage.py":
+    owner   => $user,
+    group   => $group,
+    mode    => "0755",
+    content => template("role/caldance/manage.py.erb"),
+    require => [
+      User["$user:"],
+      Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
+    ],
+  }
+  profile::postgresql::master { "postgresql master for caldance":
+    letsencrypt_host => $web_host,
+    backup_hosts     => ["backup-1"],
+  }
+  postgresql::server::db { $pg_db:
+    user     =>  $pg_user,
+    password =>  postgresql_password($pg_user, $pg_password),
+  }
  # pour le script de génération de mdp
  ensure_packages(["perl-digest-sha1"])
+  ensure_packages(["postgis", "python-gdal", "ripgrep"])
  file { "/usr/local/bin/ldap_ssha":
    owner   => "root",
    group   => "root",
@@ -20,4 +146,59 @@ class role::caldance (
    source  => "puppet:///modules/base_installation/scripts/ldap_ssha",
    require => Package["perl-digest-sha1"],
  }
+  sudo::conf { 'wheel_nopasswd':
+    priority => 99,
+    content  => "%wheel ALL=(ALL) NOPASSWD: ALL",
+    require  => Package["sudo"],
+  }
+  ensure_packages(["mod_wsgi"])
+  class { 'apache::mod::wsgi':
+    wsgi_python_home => "${home}/virtualenv",
+    wsgi_python_path => $caldance_app,
+    require          => Package["mod_wsgi"],
+  }
+  class { 'apache::mod::authn_file': }
+  class { 'apache::mod::authn_core': }
+  class { 'apache::mod::authz_user': }
+  class { 'apache::mod::auth_basic': }
+  apache::vhost { $web_host:
+    port                => '443',
+    docroot             => false,
+    manage_docroot      => false,
+    ssl                 => true,
+    ssl_cert            => "/etc/letsencrypt/live/$web_host/cert.pem",
+    ssl_key             => "/etc/letsencrypt/live/$web_host/privkey.pem",
+    ssl_chain           => "/etc/letsencrypt/live/$web_host/chain.pem",
+    require             => Letsencrypt::Certonly[$web_host],
+    directories         => [
+      {
+        path    => "$caldance_app/main_app",
+        require => "all granted",
+      },
+      {
+        path    => "$caldance_app/www/static",
+        require => "all granted",
+      },
+      {
+        path           => "/",
+        provider       => "location",
+        require        => "valid-user",
+        auth_type      => "Basic",
+        auth_name      => "Authentification requise",
+        auth_user_file => "$web_home/caldev/.htpasswd",
+      },
+    ],
+    aliases             => [
+      {
+        alias => "/static/",
+        path => "$caldance_app/www/static/",
+      },
+    ],
+    setenv              => $apache_env,
+    wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" };
+    default: *          => $::profile::apache::apache_vhost_default;
+  }
 }
diff --git a/modules/role/templates/caldance/manage.py.erb b/modules/role/templates/caldance/manage.py.erb
new file mode 100644
index 0000000..dc06eab
--- /dev/null
+++ b/modules/role/templates/caldance/manage.py.erb
@@ -0,0 +1,9 @@
+#!<%= @python_path %> -O
+import os
+import sys
+if __name__ == "__main__":
+        os.environ.setdefault("DJANGO_SETTINGS_MODULE", "main_app.settings")
+        from django.core.management import execute_from_command_line
+        execute_from_command_line(sys.argv)
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-03-25 23:28:05 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-03-25 23:28:05 +0100
commit	76b586ae2af1c176b5532203bf311c02ee97f908 (patch)
tree	9a1da249d6a3e0fed69ffb56779ce9bce45f6175
parent	cae6a42ee4c8fd37cf14f0bcc96a5a9d4193e32c (diff)
parent	d3948290aadf6050d4ad89b4fb1be99c7451f0c8 (diff)
download	Puppet-76b586ae2af1c176b5532203bf311c02ee97f908.tar.gz Puppet-76b586ae2af1c176b5532203bf311c02ee97f908.tar.zst Puppet-76b586ae2af1c176b5532203bf311c02ee97f908.zip

diff --git a/environments/global/roles/caldance.yaml b/environments/global/roles/caldance.yaml index 1dc7fa8..98382bf 100644 --- a/environments/global/roles/caldance.yaml +++ b/environments/global/roles/caldance.yaml
@@ -2,3 +2,11 @@
2	classes:	2	classes:
3	role::caldance: ~	3	role::caldance: ~
4	letsencrypt::hosts: "%{lookup('base_installation::system_hostname')}"	4	letsencrypt::hosts: "%{lookup('base_installation::system_hostname')}"
		5	role::caldance::user: "caldance"
		6	role::caldance::group: "caldance"
		7	role::caldance::home: "/home/caldance"
		8	role::caldance::web_host: "%{lookup('base_installation::system_hostname')}"
		9	base_installation::system_users:
		10	- username: "%{lookup('role::caldance::user')}"
		11	system: true
		12	password: "!!"


diff --git a/environments/integration/roles/caldance.yaml b/environments/integration/roles/caldance.yaml new file mode 100644 index 0000000..6a8ef9a --- /dev/null +++ b/environments/integration/roles/caldance.yaml
@@ -0,0 +1,8 @@
		1	---
		2	role::caldance::caldance_version: ~ # Overriden in LDAP
		3	role::caldance::caldance_sha256: ~
		4	role::caldance::pg_db: "caldev"
		5	role::caldance::pg_user: "caldev"
		6	role::caldance::mail_from: "caldev-nepasrepondre@mail.immae.eu"
		7	role::caldance::smtp_host: "mail.immae.eu"
		8	role::caldance::smtp_port: "465"


diff --git a/modules/role/manifests/caldance.pp b/modules/role/manifests/caldance.pp index 63dda1f..df8b56f 100644 --- a/modules/role/manifests/caldance.pp +++ b/modules/role/manifests/caldance.pp
@@ -1,5 +1,20 @@
1	class role::caldance (	1	class role::caldance (
		2	String $user,
		3	String $group,
		4	String $home,
		5	String $web_host,
		6	String $pg_user,
		7	String $pg_db,
		8	String $mail_from,
		9	String $smtp_host,
		10	String $smtp_port,
		11	Optional[String] $pg_hostname = "/run/postgresql",
		12	Optional[String] $pg_port = "5432",
		13	Optional[String] $caldance_version = undef,
		14	Optional[String] $caldance_sha256 = undef,
2	) {	15	) {
		16	$password_seed = lookup("base_installation::puppet_pass_seed")
		17	$web_home = "/home/simon_descarpentries"
3	include "base_installation"	18	include "base_installation"
4		19
5	include "profile::tools"	20	include "profile::tools"
@@ -10,9 +25,120 @@ class role::caldance (
10		25
11	ensure_packages(["python-pip", "python-virtualenv", "python-django"])	26	ensure_packages(["python-pip", "python-virtualenv", "python-django"])
12		27
		28	$caldance_app = "${home}/app"
		29	$pg_password = generate_password(24, $password_seed, "postgres_caldance")
		30	$secret_key = generate_password(24, $password_seed, "secret_key_caldance")
		31
		32	$environment = {
		33	"DB_NAME" => $pg_db,
		34	"DB_USER" => $pg_user,
		35	"DB_PASSWORD" => $pg_password,
		36	"DB_HOST" => $pg_hostname,
		37	"DB_PORT" => $pg_port,
		38	"SECRET_KEY" => $secret_key,
		39	"DEBUG" => "False",
		40	"LOG_FILE" => "$home/caldev_django.log",
		41	"FROM_EMAIL" => $mail_from,
		42	"EMAIL_HOST" => $smtp_host,
		43	"EMAIL_PORT" => $smtp_port,
		44	}
		45	$shell_env = $environment.map \|$key, $value\| { "$key=$value" }
		46	$apache_env = $environment.map \|$key, $value\| { "CALDANCE_$key $value" }
		47
		48	file { $home:
		49	mode => "0755",
		50	}
		51	file { "${home}/caldev_django.log":
		52	mode => "0664",
		53	owner => $user,
		54	group => "http",
		55	content => "",
		56	}
		57
		58	file { $caldance_app:
		59	ensure => "directory",
		60	mode => "0755",
		61	owner => $user,
		62	group => $group,
		63	require => User["$user:"],
		64	}
		65
		66	exec { "initialize_venv":
		67	user => $user,
		68	require => User["$user:"],
		69	command => "/usr/bin/virtualenv ${home}/virtualenv",
		70	creates => "${home}/virtualenv",
		71	}
		72	->
		73	archive { "${home}/caldance_${caldance_version}.tar.gz":
		74	path => "${home}/caldance_${caldance_version}.tar.gz",
		75	source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz",
		76	checksum_type => "sha256",
		77	checksum => $caldance_sha256,
		78	cleanup => false,
		79	extract => true,
		80	user => $user,
		81	username => lookup("base_installation::ldap_cn"),
		82	password => generate_password(24, $password_seed, "ldap"),
		83	extract_path => $caldance_app,
		84	require => [User["$user:"], File[$caldance_app]],
		85	} ~>
		86	exec { "py-requirements":
		87	cwd => $caldance_app,
		88	user => $user,
		89	environment => concat(["HOME=${home}"], $shell_env),
		90	command => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt",
		91	require => User["$user:"],
		92	refreshonly => true,
		93	} ~>
		94	exec { "py-migrate":
		95	cwd => $caldance_app,
		96	user => $user,
		97	environment => concat(["HOME=${home}"], $shell_env),
		98	command => "$caldance_app/manage.py migrate",
		99	require => [User["$user:"], File["$caldance_app/manage.py"]],
		100	refreshonly => true,
		101	} ~>
		102	exec { "py-static":
		103	cwd => $caldance_app,
		104	user => $user,
		105	environment => concat(["HOME=${home}"], $shell_env),
		106	command => "$caldance_app/manage.py collectstatic --no-input",
		107	require => [User["$user:"], File["$caldance_app/manage.py"]],
		108	refreshonly => true,
		109	} ~>
		110	exec { "reload httpd":
		111	command => "/usr/bin/systemctl reload httpd",
		112	require => [User["$user:"], File["$caldance_app/manage.py"]],
		113	refreshonly => true,
		114	}
		115
		116	$python_path = "${home}/virtualenv/bin/python"
		117	file { "$caldance_app/manage.py":
		118	owner => $user,
		119	group => $group,
		120	mode => "0755",
		121	content => template("role/caldance/manage.py.erb"),
		122	require => [
		123	User["$user:"],
		124	Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
		125	],
		126	}
		127
		128	profile::postgresql::master { "postgresql master for caldance":
		129	letsencrypt_host => $web_host,
		130	backup_hosts => ["backup-1"],
		131	}
		132
		133	postgresql::server::db { $pg_db:
		134	user => $pg_user,
		135	password => postgresql_password($pg_user, $pg_password),
		136	}
		137
13	# pour le script de génération de mdp	138	# pour le script de génération de mdp
14	ensure_packages(["perl-digest-sha1"])	139	ensure_packages(["perl-digest-sha1"])
15		140
		141	ensure_packages(["postgis", "python-gdal", "ripgrep"])
16	file { "/usr/local/bin/ldap_ssha":	142	file { "/usr/local/bin/ldap_ssha":
17	owner => "root",	143	owner => "root",
18	group => "root",	144	group => "root",
@@ -20,4 +146,59 @@ class role::caldance (
20	source => "puppet:///modules/base_installation/scripts/ldap_ssha",	146	source => "puppet:///modules/base_installation/scripts/ldap_ssha",
21	require => Package["perl-digest-sha1"],	147	require => Package["perl-digest-sha1"],
22	}	148	}
		149
		150	sudo::conf { 'wheel_nopasswd':
		151	priority => 99,
		152	content => "%wheel ALL=(ALL) NOPASSWD: ALL",
		153	require => Package["sudo"],
		154	}
		155
		156	ensure_packages(["mod_wsgi"])
		157	class { 'apache::mod::wsgi':
		158	wsgi_python_home => "${home}/virtualenv",
		159	wsgi_python_path => $caldance_app,
		160	require => Package["mod_wsgi"],
		161	}
		162	class { 'apache::mod::authn_file': }
		163	class { 'apache::mod::authn_core': }
		164	class { 'apache::mod::authz_user': }
		165	class { 'apache::mod::auth_basic': }
		166
		167	apache::vhost { $web_host:
		168	port => '443',
		169	docroot => false,
		170	manage_docroot => false,
		171	ssl => true,
		172	ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
		173	ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
		174	ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
		175	require => Letsencrypt::Certonly[$web_host],
		176	directories => [
		177	{
		178	path => "$caldance_app/main_app",
		179	require => "all granted",
		180	},
		181	{
		182	path => "$caldance_app/www/static",
		183	require => "all granted",
		184	},
		185	{
		186	path => "/",
		187	provider => "location",
		188	require => "valid-user",
		189	auth_type => "Basic",
		190	auth_name => "Authentification requise",
		191	auth_user_file => "$web_home/caldev/.htpasswd",
		192	},
		193	],
		194	aliases => [
		195	{
		196	alias => "/static/",
		197	path => "$caldance_app/www/static/",
		198	},
		199	],
		200	setenv => $apache_env,
		201	wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" };
		202	default: * => $::profile::apache::apache_vhost_default;
		203	}
23	}	204	}


diff --git a/modules/role/templates/caldance/manage.py.erb b/modules/role/templates/caldance/manage.py.erb new file mode 100644 index 0000000..dc06eab --- /dev/null +++ b/modules/role/templates/caldance/manage.py.erb
@@ -0,0 +1,9 @@
		1	#!<%= @python_path %> -O
		2	import os
		3	import sys
		4
		5	if __name__ == "__main__":
		6	os.environ.setdefault("DJANGO_SETTINGS_MODULE", "main_app.settings")
		7
		8	from django.core.management import execute_from_command_line
		9	execute_from_command_line(sys.argv)