diff options
-rw-r--r-- | modules/role/manifests/caldance.pp | 72 | ||||
-rw-r--r-- | modules/role/templates/caldance/app.ini.erb | 15 | ||||
-rw-r--r-- | modules/role/templates/caldance/caldance-app.service.erb | 20 |
3 files changed, 87 insertions, 20 deletions
diff --git a/modules/role/manifests/caldance.pp b/modules/role/manifests/caldance.pp index c99892e..f1debb6 100644 --- a/modules/role/manifests/caldance.pp +++ b/modules/role/manifests/caldance.pp | |||
@@ -24,11 +24,12 @@ class role::caldance ( | |||
24 | include "profile::redis" | 24 | include "profile::redis" |
25 | include "profile::monitoring" | 25 | include "profile::monitoring" |
26 | 26 | ||
27 | ensure_packages(["python-pip", "python-virtualenv", "python-django"]) | 27 | ensure_packages(["python-pip", "python-virtualenv", "python-django", "uwsgi-plugin-python"]) |
28 | 28 | ||
29 | $caldance_app = "${home}/app" | 29 | $caldance_app = "${home}/app" |
30 | $pg_password = generate_password(24, $password_seed, "postgres_caldance") | 30 | $pg_password = generate_password(24, $password_seed, "postgres_caldance") |
31 | $secret_key = generate_password(24, $password_seed, "secret_key_caldance") | 31 | $secret_key = generate_password(24, $password_seed, "secret_key_caldance") |
32 | $socket = "/run/caldance/app.sock" | ||
32 | 33 | ||
33 | $environment = { | 34 | $environment = { |
34 | "DB_NAME" => $pg_db, | 35 | "DB_NAME" => $pg_db, |
@@ -42,7 +43,6 @@ class role::caldance ( | |||
42 | "MEDIA_ROOT" => "$home/media", | 43 | "MEDIA_ROOT" => "$home/media", |
43 | } | 44 | } |
44 | $shell_env = $environment.map |$key, $value| { "$key=$value" } | 45 | $shell_env = $environment.map |$key, $value| { "$key=$value" } |
45 | $apache_env = $environment.map |$key, $value| { "CALDANCE_$key $value" } | ||
46 | 46 | ||
47 | file { $home: | 47 | file { $home: |
48 | mode => "0755", | 48 | mode => "0755", |
@@ -111,12 +111,13 @@ class role::caldance ( | |||
111 | require => [User["$user:"], File["$caldance_app/manage.py"]], | 111 | require => [User["$user:"], File["$caldance_app/manage.py"]], |
112 | refreshonly => true, | 112 | refreshonly => true, |
113 | } ~> | 113 | } ~> |
114 | exec { "reload httpd": | 114 | exec { "restart uwsgi application": |
115 | command => "/usr/bin/systemctl reload httpd", | 115 | command => "/usr/bin/systemctl restart caldance-app.service", |
116 | require => [User["$user:"], File["$caldance_app/manage.py"]], | 116 | require => [User["$user:"], File["$caldance_app/app.ini"]], |
117 | refreshonly => true, | 117 | refreshonly => true, |
118 | } | 118 | } |
119 | 119 | ||
120 | $uwsgi_path = "${home}/virtualenv/bin/uwsgi" | ||
120 | $python_path = "${home}/virtualenv/bin/python" | 121 | $python_path = "${home}/virtualenv/bin/python" |
121 | file { "$caldance_app/manage.py": | 122 | file { "$caldance_app/manage.py": |
122 | owner => $user, | 123 | owner => $user, |
@@ -129,6 +130,17 @@ class role::caldance ( | |||
129 | ], | 130 | ], |
130 | } | 131 | } |
131 | 132 | ||
133 | file { "$caldance_app/app.ini": | ||
134 | owner => $user, | ||
135 | group => $group, | ||
136 | mode => "0644", | ||
137 | content => template("role/caldance/app.ini.erb"), | ||
138 | require => [ | ||
139 | User["$user:"], | ||
140 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], | ||
141 | ], | ||
142 | } | ||
143 | |||
132 | profile::postgresql::master { "postgresql master for caldance": | 144 | profile::postgresql::master { "postgresql master for caldance": |
133 | letsencrypt_host => $web_host, | 145 | letsencrypt_host => $web_host, |
134 | backup_hosts => ["backup-1"], | 146 | backup_hosts => ["backup-1"], |
@@ -167,18 +179,28 @@ class role::caldance ( | |||
167 | class { 'apache::mod::authn_core': } | 179 | class { 'apache::mod::authn_core': } |
168 | class { 'apache::mod::authz_user': } | 180 | class { 'apache::mod::authz_user': } |
169 | class { 'apache::mod::auth_basic': } | 181 | class { 'apache::mod::auth_basic': } |
182 | class { 'apache::mod::proxy': } | ||
183 | apache::mod { 'proxy_uwsgi': } | ||
170 | 184 | ||
171 | apache::vhost { $web_host: | 185 | apache::vhost { $web_host: |
172 | port => '443', | 186 | port => '443', |
173 | docroot => false, | 187 | docroot => false, |
174 | manage_docroot => false, | 188 | manage_docroot => false, |
175 | ssl => true, | 189 | ssl => true, |
176 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", | 190 | ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem", |
177 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", | 191 | ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem", |
178 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", | 192 | ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem", |
179 | require => Letsencrypt::Certonly[$web_host], | 193 | require => Letsencrypt::Certonly[$web_host], |
180 | additional_includes => "$home/caldance_env", | 194 | proxy_preserve_host => true, |
181 | directories => [ | 195 | proxy_pass => [ |
196 | { | ||
197 | path => "/", | ||
198 | url => "unix:$socket|uwsgi://caldance-app", | ||
199 | reverse_urls => [], | ||
200 | no_proxy_uris => [ "/media/", "/static/" ], | ||
201 | } | ||
202 | ], | ||
203 | directories => [ | ||
182 | { | 204 | { |
183 | path => "$caldance_app/main_app", | 205 | path => "$caldance_app/main_app", |
184 | require => "all granted", | 206 | require => "all granted", |
@@ -201,7 +223,7 @@ class role::caldance ( | |||
201 | auth_user_file => "$home/htpasswd", | 223 | auth_user_file => "$home/htpasswd", |
202 | }, | 224 | }, |
203 | ], | 225 | ], |
204 | aliases => [ | 226 | aliases => [ |
205 | { | 227 | { |
206 | alias => "/static/", | 228 | alias => "/static/", |
207 | path => "$caldance_app/www/static/", | 229 | path => "$caldance_app/www/static/", |
@@ -210,10 +232,20 @@ class role::caldance ( | |||
210 | alias => "/media/", | 232 | alias => "/media/", |
211 | path => "$home/media/", | 233 | path => "$home/media/", |
212 | }, | 234 | }, |
213 | ], | 235 | ]; |
214 | setenv => $apache_env, | 236 | default: * => $::profile::apache::apache_vhost_default; |
215 | wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" }; | 237 | } |
216 | default: * => $::profile::apache::apache_vhost_default; | 238 | |
239 | file { "/etc/systemd/system/caldance-app.service": | ||
240 | mode => "0644", | ||
241 | owner => "root", | ||
242 | group => "root", | ||
243 | content => template("role/caldance/caldance-app.service.erb"), | ||
244 | require => File["$caldance_app/app.ini"], | ||
245 | } -> | ||
246 | service { "caldance-app": | ||
247 | ensure => "running", | ||
248 | enable => true | ||
217 | } | 249 | } |
218 | 250 | ||
219 | $mailtos = join($cron_pip, ",") | 251 | $mailtos = join($cron_pip, ",") |
diff --git a/modules/role/templates/caldance/app.ini.erb b/modules/role/templates/caldance/app.ini.erb new file mode 100644 index 0000000..baf31ac --- /dev/null +++ b/modules/role/templates/caldance/app.ini.erb | |||
@@ -0,0 +1,15 @@ | |||
1 | [uwsgi] | ||
2 | chdir = <%= @caldance_app %> | ||
3 | wsgi-file = main_app/wsgi.py | ||
4 | |||
5 | master = true | ||
6 | processes = 10 | ||
7 | gevent = 1000 | ||
8 | http-websockets = true | ||
9 | |||
10 | socket = <%= @socket %> | ||
11 | chmod-socket = 666 | ||
12 | vacuum = true | ||
13 | |||
14 | die-on-term = true | ||
15 | |||
diff --git a/modules/role/templates/caldance/caldance-app.service.erb b/modules/role/templates/caldance/caldance-app.service.erb new file mode 100644 index 0000000..f5694bf --- /dev/null +++ b/modules/role/templates/caldance/caldance-app.service.erb | |||
@@ -0,0 +1,20 @@ | |||
1 | [Unit] | ||
2 | Description=Caldance application | ||
3 | After=network.target | ||
4 | |||
5 | [Service] | ||
6 | WorkingDirectory=<%= @caldance_app %> | ||
7 | |||
8 | <% @environment.each do |env, val| %> | ||
9 | Environment=<%= env %>="<%= val %>" | ||
10 | <% end %> | ||
11 | EnvironmentFile=<%= @home %>/caldance_env | ||
12 | Type=simple | ||
13 | User=<%= @user %> | ||
14 | Group=<%= @group %> | ||
15 | ExecStart=<%= @uwsgi_path %> <%= @caldance_app %>/app.ini | ||
16 | RuntimeDirectory=caldance | ||
17 | |||
18 | [Install] | ||
19 | WantedBy=multi-user.target | ||
20 | |||