aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--modules/role/manifests/caldance.pp72
-rw-r--r--modules/role/templates/caldance/app.ini.erb15
-rw-r--r--modules/role/templates/caldance/caldance-app.service.erb20
3 files changed, 87 insertions, 20 deletions
diff --git a/modules/role/manifests/caldance.pp b/modules/role/manifests/caldance.pp
index c99892e..f1debb6 100644
--- a/modules/role/manifests/caldance.pp
+++ b/modules/role/manifests/caldance.pp
@@ -24,11 +24,12 @@ class role::caldance (
24 include "profile::redis" 24 include "profile::redis"
25 include "profile::monitoring" 25 include "profile::monitoring"
26 26
27 ensure_packages(["python-pip", "python-virtualenv", "python-django"]) 27 ensure_packages(["python-pip", "python-virtualenv", "python-django", "uwsgi-plugin-python"])
28 28
29 $caldance_app = "${home}/app" 29 $caldance_app = "${home}/app"
30 $pg_password = generate_password(24, $password_seed, "postgres_caldance") 30 $pg_password = generate_password(24, $password_seed, "postgres_caldance")
31 $secret_key = generate_password(24, $password_seed, "secret_key_caldance") 31 $secret_key = generate_password(24, $password_seed, "secret_key_caldance")
32 $socket = "/run/caldance/app.sock"
32 33
33 $environment = { 34 $environment = {
34 "DB_NAME" => $pg_db, 35 "DB_NAME" => $pg_db,
@@ -42,7 +43,6 @@ class role::caldance (
42 "MEDIA_ROOT" => "$home/media", 43 "MEDIA_ROOT" => "$home/media",
43 } 44 }
44 $shell_env = $environment.map |$key, $value| { "$key=$value" } 45 $shell_env = $environment.map |$key, $value| { "$key=$value" }
45 $apache_env = $environment.map |$key, $value| { "CALDANCE_$key $value" }
46 46
47 file { $home: 47 file { $home:
48 mode => "0755", 48 mode => "0755",
@@ -111,12 +111,13 @@ class role::caldance (
111 require => [User["$user:"], File["$caldance_app/manage.py"]], 111 require => [User["$user:"], File["$caldance_app/manage.py"]],
112 refreshonly => true, 112 refreshonly => true,
113 } ~> 113 } ~>
114 exec { "reload httpd": 114 exec { "restart uwsgi application":
115 command => "/usr/bin/systemctl reload httpd", 115 command => "/usr/bin/systemctl restart caldance-app.service",
116 require => [User["$user:"], File["$caldance_app/manage.py"]], 116 require => [User["$user:"], File["$caldance_app/app.ini"]],
117 refreshonly => true, 117 refreshonly => true,
118 } 118 }
119 119
120 $uwsgi_path = "${home}/virtualenv/bin/uwsgi"
120 $python_path = "${home}/virtualenv/bin/python" 121 $python_path = "${home}/virtualenv/bin/python"
121 file { "$caldance_app/manage.py": 122 file { "$caldance_app/manage.py":
122 owner => $user, 123 owner => $user,
@@ -129,6 +130,17 @@ class role::caldance (
129 ], 130 ],
130 } 131 }
131 132
133 file { "$caldance_app/app.ini":
134 owner => $user,
135 group => $group,
136 mode => "0644",
137 content => template("role/caldance/app.ini.erb"),
138 require => [
139 User["$user:"],
140 Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
141 ],
142 }
143
132 profile::postgresql::master { "postgresql master for caldance": 144 profile::postgresql::master { "postgresql master for caldance":
133 letsencrypt_host => $web_host, 145 letsencrypt_host => $web_host,
134 backup_hosts => ["backup-1"], 146 backup_hosts => ["backup-1"],
@@ -167,18 +179,28 @@ class role::caldance (
167 class { 'apache::mod::authn_core': } 179 class { 'apache::mod::authn_core': }
168 class { 'apache::mod::authz_user': } 180 class { 'apache::mod::authz_user': }
169 class { 'apache::mod::auth_basic': } 181 class { 'apache::mod::auth_basic': }
182 class { 'apache::mod::proxy': }
183 apache::mod { 'proxy_uwsgi': }
170 184
171 apache::vhost { $web_host: 185 apache::vhost { $web_host:
172 port => '443', 186 port => '443',
173 docroot => false, 187 docroot => false,
174 manage_docroot => false, 188 manage_docroot => false,
175 ssl => true, 189 ssl => true,
176 ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", 190 ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
177 ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", 191 ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
178 ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", 192 ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
179 require => Letsencrypt::Certonly[$web_host], 193 require => Letsencrypt::Certonly[$web_host],
180 additional_includes => "$home/caldance_env", 194 proxy_preserve_host => true,
181 directories => [ 195 proxy_pass => [
196 {
197 path => "/",
198 url => "unix:$socket|uwsgi://caldance-app",
199 reverse_urls => [],
200 no_proxy_uris => [ "/media/", "/static/" ],
201 }
202 ],
203 directories => [
182 { 204 {
183 path => "$caldance_app/main_app", 205 path => "$caldance_app/main_app",
184 require => "all granted", 206 require => "all granted",
@@ -201,7 +223,7 @@ class role::caldance (
201 auth_user_file => "$home/htpasswd", 223 auth_user_file => "$home/htpasswd",
202 }, 224 },
203 ], 225 ],
204 aliases => [ 226 aliases => [
205 { 227 {
206 alias => "/static/", 228 alias => "/static/",
207 path => "$caldance_app/www/static/", 229 path => "$caldance_app/www/static/",
@@ -210,10 +232,20 @@ class role::caldance (
210 alias => "/media/", 232 alias => "/media/",
211 path => "$home/media/", 233 path => "$home/media/",
212 }, 234 },
213 ], 235 ];
214 setenv => $apache_env, 236 default: * => $::profile::apache::apache_vhost_default;
215 wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" }; 237 }
216 default: * => $::profile::apache::apache_vhost_default; 238
239 file { "/etc/systemd/system/caldance-app.service":
240 mode => "0644",
241 owner => "root",
242 group => "root",
243 content => template("role/caldance/caldance-app.service.erb"),
244 require => File["$caldance_app/app.ini"],
245 } ->
246 service { "caldance-app":
247 ensure => "running",
248 enable => true
217 } 249 }
218 250
219 $mailtos = join($cron_pip, ",") 251 $mailtos = join($cron_pip, ",")
diff --git a/modules/role/templates/caldance/app.ini.erb b/modules/role/templates/caldance/app.ini.erb
new file mode 100644
index 0000000..baf31ac
--- /dev/null
+++ b/modules/role/templates/caldance/app.ini.erb
@@ -0,0 +1,15 @@
1[uwsgi]
2chdir = <%= @caldance_app %>
3wsgi-file = main_app/wsgi.py
4
5master = true
6processes = 10
7gevent = 1000
8http-websockets = true
9
10socket = <%= @socket %>
11chmod-socket = 666
12vacuum = true
13
14die-on-term = true
15
diff --git a/modules/role/templates/caldance/caldance-app.service.erb b/modules/role/templates/caldance/caldance-app.service.erb
new file mode 100644
index 0000000..f5694bf
--- /dev/null
+++ b/modules/role/templates/caldance/caldance-app.service.erb
@@ -0,0 +1,20 @@
1[Unit]
2Description=Caldance application
3After=network.target
4
5[Service]
6WorkingDirectory=<%= @caldance_app %>
7
8<% @environment.each do |env, val| %>
9Environment=<%= env %>="<%= val %>"
10<% end %>
11EnvironmentFile=<%= @home %>/caldance_env
12Type=simple
13User=<%= @user %>
14Group=<%= @group %>
15ExecStart=<%= @uwsgi_path %> <%= @caldance_app %>/app.ini
16RuntimeDirectory=caldance
17
18[Install]
19WantedBy=multi-user.target
20