diff options
-rw-r--r-- | .gitmodules | 6 | ||||
-rw-r--r-- | environments/production/data/nodes/vps494082.yaml | 2 | ||||
m--------- | modules/archive | 0 | ||||
-rw-r--r-- | modules/aur/manifests/aura.pp | 4 | ||||
-rw-r--r-- | modules/aur/manifests/package.pp | 4 | ||||
m--------- | modules/nginx | 0 | ||||
-rw-r--r-- | modules/role/manifests/cryptoportfolio.pp | 165 | ||||
-rw-r--r-- | modules/role/templates/cryptoportfolio/api_conf.toml.erb | 16 | ||||
-rw-r--r-- | modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb | 14 | ||||
-rw-r--r-- | modules/role/templates/cryptoportfolio/static_conf.env.erb | 4 |
10 files changed, 205 insertions, 10 deletions
diff --git a/.gitmodules b/.gitmodules index e380041..e893f13 100644 --- a/.gitmodules +++ b/.gitmodules | |||
@@ -31,6 +31,12 @@ | |||
31 | [submodule "modules/postgresql"] | 31 | [submodule "modules/postgresql"] |
32 | path = modules/postgresql | 32 | path = modules/postgresql |
33 | url = git://git.immae.eu/github/puppetlabs/puppetlabs-postgresql.git | 33 | url = git://git.immae.eu/github/puppetlabs/puppetlabs-postgresql.git |
34 | [submodule "modules/nginx"] | ||
35 | path = modules/nginx | ||
36 | url = git://git.immae.eu/github/voxpupuli/puppet-nginx.git | ||
37 | [submodule "modules/archive"] | ||
38 | path = modules/archive | ||
39 | url = git://git.immae.eu/github/voxpupuli/puppet-archive.git | ||
34 | [submodule "python/ovh"] | 40 | [submodule "python/ovh"] |
35 | path = python/ovh | 41 | path = python/ovh |
36 | url = git://git.immae.eu/github/ovh/python-ovh | 42 | url = git://git.immae.eu/github/ovh/python-ovh |
diff --git a/environments/production/data/nodes/vps494082.yaml b/environments/production/data/nodes/vps494082.yaml index 1e14c8f..e9f2e54 100644 --- a/environments/production/data/nodes/vps494082.yaml +++ b/environments/production/data/nodes/vps494082.yaml | |||
@@ -1 +1,3 @@ | |||
1 | base_installation::system_hostname: cryptoportfolio.immae.eu | 1 | base_installation::system_hostname: cryptoportfolio.immae.eu |
2 | cryptoportfolio::front_version: v0.0.1 | ||
3 | cryptoportfolio::front_sha256: 1a2ec0d1d2b4c3efa7f7cae063c55dda174d058f31d8b6fb50f76492061d37f3 | ||
diff --git a/modules/archive b/modules/archive new file mode 160000 | |||
Subproject 9af5cad2bbaafe0498032c38a37835e4ccba7d2 | |||
diff --git a/modules/aur/manifests/aura.pp b/modules/aur/manifests/aura.pp index 1683cf8..3e06f0a 100644 --- a/modules/aur/manifests/aura.pp +++ b/modules/aur/manifests/aura.pp | |||
@@ -6,6 +6,10 @@ class aur::aura( | |||
6 | ensure => "present" | 6 | ensure => "present" |
7 | } | 7 | } |
8 | 8 | ||
9 | sudo::conf { 'aur-builder': | ||
10 | content => "aur-builder ALL=(root) NOPASSWD: /usr/bin/aura *" | ||
11 | } | ||
12 | |||
9 | ensure_packages(['base-devel'], { 'install_options' => '--needed' }) | 13 | ensure_packages(['base-devel'], { 'install_options' => '--needed' }) |
10 | ensure_packages(['gmp', 'pcre'], { 'install_options' => '--asdeps' }) | 14 | ensure_packages(['gmp', 'pcre'], { 'install_options' => '--asdeps' }) |
11 | 15 | ||
diff --git a/modules/aur/manifests/package.pp b/modules/aur/manifests/package.pp index 2fd346e..5b55f24 100644 --- a/modules/aur/manifests/package.pp +++ b/modules/aur/manifests/package.pp | |||
@@ -7,7 +7,7 @@ define aur::package ( | |||
7 | exec { "pacman::aur::install::${name}": | 7 | exec { "pacman::aur::install::${name}": |
8 | cwd => "/tmp", | 8 | cwd => "/tmp", |
9 | require => Class[aur::aura], | 9 | require => Class[aur::aura], |
10 | command => "/usr/bin/aura -A ${name}", | 10 | command => "/usr/bin/sudo /usr/bin/aura --noconfirm -A ${name}", |
11 | user => "aur-builder", | 11 | user => "aur-builder", |
12 | unless => "/usr/bin/aura -Qk ${name}", | 12 | unless => "/usr/bin/aura -Qk ${name}", |
13 | logoutput => 'on_failure', | 13 | logoutput => 'on_failure', |
@@ -18,7 +18,7 @@ define aur::package ( | |||
18 | exec { "pacman::aur::remove::${name}": | 18 | exec { "pacman::aur::remove::${name}": |
19 | cwd => "/tmp", | 19 | cwd => "/tmp", |
20 | require => Class[aur::aura], | 20 | require => Class[aur::aura], |
21 | command => "/usr/bin/aura -Rs ${name}", | 21 | command => "/usr/bin/sudo /usr/bin/aura --noconfirm -Rs ${name}", |
22 | user => "aur-builder", | 22 | user => "aur-builder", |
23 | onlyif => "/usr/bin/aura -Qi ${name}", | 23 | onlyif => "/usr/bin/aura -Qi ${name}", |
24 | logoutput => 'on_failure', | 24 | logoutput => 'on_failure', |
diff --git a/modules/nginx b/modules/nginx new file mode 160000 | |||
Subproject a7f40a8893e394cc57695ff81ea53254bcf1ff3 | |||
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index 4b03e16..0f26527 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp | |||
@@ -5,26 +5,175 @@ class role::cryptoportfolio { | |||
5 | 5 | ||
6 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | 6 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } |
7 | 7 | ||
8 | postgresql::server::db { 'cryptoportfolio': | 8 | $cf_pg_user = "cryptoportfolio" |
9 | user => 'cryptoportfolio', | 9 | $cf_pg_db = "cryptoportfolio" |
10 | password => postgresql_password('cryptoportfolio', generate_password(24, $password_seed, "postgres_cryptoportfolio")), | 10 | $cf_pg_password = generate_password(24, $password_seed, "postgres_cryptoportfolio") |
11 | $cf_pg_host = "localhost:5432" | ||
12 | |||
13 | $cf_user = "cryptoportfolio" | ||
14 | $cf_group = "cryptoportfolio" | ||
15 | $cf_home = "/opt/cryptoportfolio" | ||
16 | $cf_env = "prod" | ||
17 | $cf_front_app_host = "cryptoportfolio.immae.eu" | ||
18 | $cf_front_app_port = "" | ||
19 | $cf_front_app_ssl = "false" | ||
20 | $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" | ||
21 | $cf_front_app_api_workdir = "${cf_front_app}/cmd/app" | ||
22 | $cf_front_app_api_bin = "${cf_front_app_api_workdir}/cryptoportfolio-app" | ||
23 | $cf_front_app_api_conf = "${cf_home}/conf.toml" | ||
24 | $cf_front_app_api_secret = generate_password(24, $password_seed, "cryptoportfolio_api_secret") | ||
25 | |||
26 | $cf_front_app_static_conf = "${cf_front_app}/cmd/web/env/prod.env" | ||
27 | |||
28 | postgresql::server::db { $cf_pg_db: | ||
29 | user => $cf_pg_user, | ||
30 | password => postgresql_password($cf_pg_user, $cf_pg_password) | ||
11 | } | 31 | } |
12 | 32 | ||
13 | postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user': | 33 | postgresql::server::pg_hba_rule { 'allow localhost TCP access to cryptoportfolio user': |
14 | type => 'host', | 34 | type => 'host', |
15 | database => 'cryptoportfolio', | 35 | database => $cf_pg_db, |
16 | user => 'cryptoportfolio', | 36 | user => $cf_pg_user, |
17 | address => '127.0.0.1/32', | 37 | address => '127.0.0.1/32', |
18 | auth_method => 'md5', | 38 | auth_method => 'md5', |
19 | order => "b0", | 39 | order => "b0", |
20 | } | 40 | } |
21 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': | 41 | postgresql::server::pg_hba_rule { 'allow localhost ip6 TCP access to cryptoportfolio user': |
22 | type => 'host', | 42 | type => 'host', |
23 | database => 'cryptoportfolio', | 43 | database => $cf_pg_db, |
24 | user => 'cryptoportfolio', | 44 | user => $cf_pg_user, |
25 | address => '::1/128', | 45 | address => '::1/128', |
26 | auth_method => 'md5', | 46 | auth_method => 'md5', |
27 | order => "b0", | 47 | order => "b0", |
28 | } | 48 | } |
29 | ensure_packages("go") | 49 | |
50 | class { 'nginx': } | ||
51 | |||
52 | nginx::resource::server { $cf_front_app_host: | ||
53 | listen_port => 80, | ||
54 | proxy => 'http://localhost:8000', | ||
55 | } | ||
56 | |||
57 | user { $cf_user: | ||
58 | name => $cf_user, | ||
59 | ensure => "present", | ||
60 | managehome => true, | ||
61 | home => $cf_home, | ||
62 | system => true, | ||
63 | password => '!!', | ||
64 | } | ||
65 | |||
66 | $front_version = lookup("cryptoportfolio::front_version") |$key| { {} } | ||
67 | $front_sha256 = lookup("cryptoportfolio::front_sha256") |$key| { {} } | ||
68 | |||
69 | unless empty($front_version) { | ||
70 | ensure_packages(["go", "npm", "nodejs", "yarn"]) | ||
71 | |||
72 | file { [ | ||
73 | "${cf_home}/go/", | ||
74 | "${cf_home}/go/src", | ||
75 | "${cf_home}/go/src/immae.eu", | ||
76 | "${cf_home}/go/src/immae.eu/Immae", | ||
77 | "${cf_home}/go/src/immae.eu/Immae/Projets", | ||
78 | "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies", | ||
79 | "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio", | ||
80 | $cf_front_app]: | ||
81 | ensure => "directory", | ||
82 | mode => "0700", | ||
83 | owner => $cf_user, | ||
84 | group => $cf_group, | ||
85 | require => User[$cf_user], | ||
86 | } | ||
87 | |||
88 | archive { "${cf_home}/${front_version}.tar.gz": | ||
89 | path => "${cf_home}/${front_version}.tar.gz", | ||
90 | source => "https://git.immae.eu/releases/cryptoportfolio/front/front_${front_version}.tar.gz", | ||
91 | checksum_type => "sha256", | ||
92 | checksum => $front_sha256, | ||
93 | cleanup => false, | ||
94 | extract => true, | ||
95 | user => "cryptoportfolio", | ||
96 | extract_path => $cf_front_app, | ||
97 | require => [User[$cf_user], File[$cf_front_app]], | ||
98 | } | ||
99 | |||
100 | file { "${cf_home}/front": | ||
101 | ensure => "link", | ||
102 | target => $cf_front_app, | ||
103 | require => Archive["/opt/cryptoportfolio/${front_version}.tar.gz"] | ||
104 | } | ||
105 | |||
106 | exec { "go-get-dep": | ||
107 | user => $cf_user, | ||
108 | environment => ["HOME=${cf_home}"], | ||
109 | creates => "${cf_home}/go/bin/dep", | ||
110 | command => "/usr/bin/go get -u github.com/golang/dep/cmd/dep", | ||
111 | require => User[$cf_user], | ||
112 | } | ||
113 | |||
114 | exec { "go-cryptoportfolio-dependencies": | ||
115 | cwd => $cf_front_app, | ||
116 | user => $cf_user, | ||
117 | environment => ["HOME=${cf_home}"], | ||
118 | creates => "${cf_front_app}/vendor", | ||
119 | command => "${cf_home}/go/bin/dep ensure", | ||
120 | require => [Exec["go-get-dep"], Archive["${cf_home}/${front_version}.tar.gz"]], | ||
121 | } | ||
122 | |||
123 | exec { "go-cryptoportfolio-app": | ||
124 | cwd => $cf_front_app_api_workdir, | ||
125 | user => $cf_user, | ||
126 | environment => ["HOME=${cf_home}"], | ||
127 | creates => $cf_front_app_api_bin, | ||
128 | command => "/usr/bin/make build", | ||
129 | require => Exec["go-cryptoportfolio-dependencies"], | ||
130 | } | ||
131 | |||
132 | file { "/etc/systemd/system/cryptoportfolio-app.service": | ||
133 | mode => "0644", | ||
134 | owner => "root", | ||
135 | group => "root", | ||
136 | content => template("role/cryptoportfolio/cryptoportfolio-app.service.erb"), | ||
137 | } ~> exec { 'systemctl deamon-reload': | ||
138 | command => '/usr/bin/systemctl daemon-reload', | ||
139 | refreshonly => true | ||
140 | } | ||
141 | |||
142 | service { 'cryptoportfolio-app': | ||
143 | enable => true, | ||
144 | ensure => "running", | ||
145 | require => [File["/etc/systemd/system/cryptoportfolio-app.service"]], | ||
146 | } | ||
147 | |||
148 | file { $cf_front_app_api_conf: | ||
149 | owner => $cf_user, | ||
150 | group => $cf_group, | ||
151 | mode => "0600", | ||
152 | content => template("role/cryptoportfolio/api_conf.toml.erb"), | ||
153 | } | ||
154 | |||
155 | file { $cf_front_app_static_conf: | ||
156 | owner => $cf_user, | ||
157 | group => $cf_group, | ||
158 | mode => "0600", | ||
159 | content => template("role/cryptoportfolio/static_conf.env.erb"), | ||
160 | } | ||
161 | |||
162 | exec { "web-cryptoportfolio-dependencies": | ||
163 | cwd => "${cf_front_app}/cmd/web", | ||
164 | environment => ["HOME=${cf_home}"], | ||
165 | command => "/usr/bin/make install", | ||
166 | creates => "${cf_front_app}/cmd/web/node_modules", | ||
167 | require => [Package["npm"], Package["nodejs"], Package["yarn"]] | ||
168 | } | ||
169 | |||
170 | exec { "web-cryptoportfolio-build": | ||
171 | cwd => "${cf_front_app}/cmd/web", | ||
172 | environment => ["HOME=${cf_home}"], | ||
173 | command => "/usr/bin/make static ENV=${cf_env}", | ||
174 | creates => "${cf_front_app}/cmd/web/build/static", | ||
175 | require => [File[$cf_front_app_static_conf], Exec["web-cryptoportfolio-dependencies"]] | ||
176 | } | ||
177 | } | ||
178 | |||
30 | } | 179 | } |
diff --git a/modules/role/templates/cryptoportfolio/api_conf.toml.erb b/modules/role/templates/cryptoportfolio/api_conf.toml.erb new file mode 100644 index 0000000..13550c9 --- /dev/null +++ b/modules/role/templates/cryptoportfolio/api_conf.toml.erb | |||
@@ -0,0 +1,16 @@ | |||
1 | log_level="info" | ||
2 | mode="<%= @cf_env %>" | ||
3 | log_out="stdout" | ||
4 | |||
5 | [db] | ||
6 | user="<%= @cf_pg_user %>" | ||
7 | password="<%= @cf_pg_password %>" | ||
8 | database="<%= @cf_pg_db %>" | ||
9 | address="<%= @cf_pg_host %>" | ||
10 | |||
11 | [api] | ||
12 | domain="<%= @cf_front_app_host %>" | ||
13 | jwt_secret="<%= @cf_front_app_api_secret %>" | ||
14 | |||
15 | [app] | ||
16 | public_dir="../web/build/static" | ||
diff --git a/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb new file mode 100644 index 0000000..a521c0e --- /dev/null +++ b/modules/role/templates/cryptoportfolio/cryptoportfolio-app.service.erb | |||
@@ -0,0 +1,14 @@ | |||
1 | [Unit] | ||
2 | Description=Cryptoportfolio app | ||
3 | |||
4 | [Service] | ||
5 | Type=simple | ||
6 | |||
7 | WorkingDirectory=<%= @cf_front_app_api_workdir %> | ||
8 | User=<%= @cf_user %> | ||
9 | Group=<%= @cf_group %> | ||
10 | UMask=007 | ||
11 | |||
12 | ExecStart=<%= @cf_front_app_api_bin %> -conf <%= @cf_front_app_api_conf %> | ||
13 | |||
14 | Restart=on-failure | ||
diff --git a/modules/role/templates/cryptoportfolio/static_conf.env.erb b/modules/role/templates/cryptoportfolio/static_conf.env.erb new file mode 100644 index 0000000..db9759d --- /dev/null +++ b/modules/role/templates/cryptoportfolio/static_conf.env.erb | |||
@@ -0,0 +1,4 @@ | |||
1 | API_HOST="<%= @cf_front_app_host %>" | ||
2 | API_PORT="<%= @cf_front_app_port %>" | ||
3 | API_HTTPS="<%= @cf_front_app_ssl %>" | ||
4 | |||