aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--environments/global/roles/caldance.yaml8
-rw-r--r--environments/integration/roles/caldance.yaml8
-rw-r--r--modules/role/manifests/caldance.pp165
-rw-r--r--modules/role/templates/caldance/local_settings.py.erb25
-rw-r--r--modules/role/templates/caldance/manage.py.erb9
5 files changed, 215 insertions, 0 deletions
diff --git a/environments/global/roles/caldance.yaml b/environments/global/roles/caldance.yaml
index 1dc7fa8..98382bf 100644
--- a/environments/global/roles/caldance.yaml
+++ b/environments/global/roles/caldance.yaml
@@ -2,3 +2,11 @@
2classes: 2classes:
3 role::caldance: ~ 3 role::caldance: ~
4letsencrypt::hosts: "%{lookup('base_installation::system_hostname')}" 4letsencrypt::hosts: "%{lookup('base_installation::system_hostname')}"
5role::caldance::user: "caldance"
6role::caldance::group: "caldance"
7role::caldance::home: "/home/caldance"
8role::caldance::web_host: "%{lookup('base_installation::system_hostname')}"
9base_installation::system_users:
10 - username: "%{lookup('role::caldance::user')}"
11 system: true
12 password: "!!"
diff --git a/environments/integration/roles/caldance.yaml b/environments/integration/roles/caldance.yaml
new file mode 100644
index 0000000..6a8ef9a
--- /dev/null
+++ b/environments/integration/roles/caldance.yaml
@@ -0,0 +1,8 @@
1---
2role::caldance::caldance_version: ~ # Overriden in LDAP
3role::caldance::caldance_sha256: ~
4role::caldance::pg_db: "caldev"
5role::caldance::pg_user: "caldev"
6role::caldance::mail_from: "caldev-nepasrepondre@mail.immae.eu"
7role::caldance::smtp_host: "mail.immae.eu"
8role::caldance::smtp_port: "465"
diff --git a/modules/role/manifests/caldance.pp b/modules/role/manifests/caldance.pp
index 63dda1f..1cda69c 100644
--- a/modules/role/manifests/caldance.pp
+++ b/modules/role/manifests/caldance.pp
@@ -1,5 +1,20 @@
1class role::caldance ( 1class role::caldance (
2 String $user,
3 String $group,
4 String $home,
5 String $web_host,
6 String $pg_user,
7 String $pg_db,
8 String $mail_from,
9 String $smtp_host,
10 String $smtp_port,
11 Optional[String] $pg_hostname = "/run/postgresql",
12 Optional[String] $pg_port = "5432",
13 Optional[String] $caldance_version = undef,
14 Optional[String] $caldance_sha256 = undef,
2) { 15) {
16 $password_seed = lookup("base_installation::puppet_pass_seed")
17 $web_home = "/home/simon_descarpentries"
3 include "base_installation" 18 include "base_installation"
4 19
5 include "profile::tools" 20 include "profile::tools"
@@ -10,9 +25,105 @@ class role::caldance (
10 25
11 ensure_packages(["python-pip", "python-virtualenv", "python-django"]) 26 ensure_packages(["python-pip", "python-virtualenv", "python-django"])
12 27
28 $caldance_app = "${home}/app"
29
30 file { $caldance_app:
31 ensure => "directory",
32 mode => "0755",
33 owner => $user,
34 group => $group,
35 require => User["$user:"],
36 }
37
38 exec { "initialize_venv":
39 user => $user,
40 require => User["$user:"],
41 command => "/usr/bin/virtualenv ${home}/virtualenv",
42 creates => "${home}/virtualenv",
43 }
44 ->
45 archive { "${home}/caldance_${caldance_version}.tar.gz":
46 path => "${home}/caldance_${caldance_version}.tar.gz",
47 source => "https://release.immae.eu/caldance/caldance_${caldance_version}.tar.gz",
48 checksum_type => "sha256",
49 checksum => $caldance_sha256,
50 cleanup => false,
51 extract => true,
52 user => $user,
53 username => lookup("base_installation::ldap_cn"),
54 password => generate_password(24, $password_seed, "ldap"),
55 extract_path => $caldance_app,
56 require => [User["$user:"], File[$caldance_app]],
57 } ~>
58 exec { "py-requirements":
59 cwd => $caldance_app,
60 user => $user,
61 environment => ["HOME=${home}"],
62 command => "${home}/virtualenv/bin/pip install -r requirements.txt",
63 require => User["$user:"],
64 refreshonly => true,
65 } ~>
66 exec { "py-migrate":
67 cwd => $caldance_app,
68 user => $user,
69 environment => ["HOME=${home}"],
70 command => "$caldance_app/manage.py migrate",
71 require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]],
72 refreshonly => true,
73 } ~>
74 exec { "py-static":
75 cwd => $caldance_app,
76 user => $user,
77 environment => ["HOME=${home}"],
78 command => "$caldance_app/manage.py collectstatic --no-input",
79 require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]],
80 refreshonly => true,
81 } ~>
82 exec { "reload httpd":
83 command => "/usr/bin/systemctl reload httpd",
84 require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]],
85 refreshonly => true,
86 }
87
88 $pg_password = generate_password(24, $password_seed, "postgres_caldance")
89 $secret_key = generate_password(24, $password_seed, "secret_key_caldance")
90 file { "$caldance_app/main_app/local_settings.py":
91 owner => $user,
92 group => $group,
93 mode => "0644",
94 content => template("role/caldance/local_settings.py.erb"),
95 require => [
96 User["$user:"],
97 Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
98 ],
99 }
100
101 $python_path = "${home}/virtualenv/bin/python"
102 file { "$caldance_app/manage.py":
103 owner => $user,
104 group => $group,
105 mode => "0755",
106 content => template("role/caldance/manage.py.erb"),
107 require => [
108 User["$user:"],
109 Archive[ "${home}/caldance_${caldance_version}.tar.gz"],
110 ],
111 }
112
113 profile::postgresql::master { "postgresql master for caldance":
114 letsencrypt_host => $web_host,
115 backup_hosts => ["backup-1"],
116 }
117
118 postgresql::server::db { $pg_db:
119 user => $pg_user,
120 password => postgresql_password($pg_user, $pg_password),
121 }
122
13 # pour le script de génération de mdp 123 # pour le script de génération de mdp
14 ensure_packages(["perl-digest-sha1"]) 124 ensure_packages(["perl-digest-sha1"])
15 125
126 ensure_packages(["postgis", "python-gdal", "ripgrep"])
16 file { "/usr/local/bin/ldap_ssha": 127 file { "/usr/local/bin/ldap_ssha":
17 owner => "root", 128 owner => "root",
18 group => "root", 129 group => "root",
@@ -20,4 +131,58 @@ class role::caldance (
20 source => "puppet:///modules/base_installation/scripts/ldap_ssha", 131 source => "puppet:///modules/base_installation/scripts/ldap_ssha",
21 require => Package["perl-digest-sha1"], 132 require => Package["perl-digest-sha1"],
22 } 133 }
134
135 sudo::conf { 'wheel_nopasswd':
136 priority => 99,
137 content => "%wheel ALL=(ALL) NOPASSWD: ALL",
138 require => Package["sudo"],
139 }
140
141 ensure_packages(["mod_wsgi"])
142 class { 'apache::mod::wsgi':
143 wsgi_python_home => "$web_home/caldev_virtualenv",
144 wsgi_python_path => "$web_home/caldev/www.cal-dance.com/",
145 require => Package["mod_wsgi"],
146 }
147 class { 'apache::mod::authn_file': }
148 class { 'apache::mod::authn_core': }
149 class { 'apache::mod::authz_user': }
150 class { 'apache::mod::auth_basic': }
151
152 apache::vhost { $web_host:
153 port => '443',
154 docroot => false,
155 manage_docroot => false,
156 ssl => true,
157 ssl_cert => "/etc/letsencrypt/live/$web_host/cert.pem",
158 ssl_key => "/etc/letsencrypt/live/$web_host/privkey.pem",
159 ssl_chain => "/etc/letsencrypt/live/$web_host/chain.pem",
160 require => Letsencrypt::Certonly[$web_host],
161 directories => [
162 {
163 path => "$web_home/caldev/www.cal-dance.com/main_app",
164 require => "all granted",
165 },
166 {
167 path => "$web_home/caldev/www.cal-dance.com/www/static",
168 require => "all granted",
169 },
170 {
171 path => "/",
172 provider => "location",
173 require => "valid-user",
174 auth_type => "Basic",
175 auth_name => "Authentification requise",
176 auth_user_file => "$web_home/caldev/.htpasswd",
177 },
178 ],
179 aliases => [
180 {
181 alias => "/static/",
182 path => "$web_home/caldev/www.cal-dance.com/www/static/",
183 },
184 ],
185 wsgi_script_aliases => { "/" => "$web_home/caldev/www.cal-dance.com/main_app/wsgi.py" };
186 default: * => $::profile::apache::apache_vhost_default;
187 }
23} 188}
diff --git a/modules/role/templates/caldance/local_settings.py.erb b/modules/role/templates/caldance/local_settings.py.erb
new file mode 100644
index 0000000..4da53f6
--- /dev/null
+++ b/modules/role/templates/caldance/local_settings.py.erb
@@ -0,0 +1,25 @@
1import os
2DATABASES = {
3 'default': {
4 'ENGINE': 'django.contrib.gis.db.backends.postgis',
5 'NAME': '<%= @pg_db %>',
6 'USER': '<%= @pg_user %>',
7 'PASSWORD': u'<%= @pg_password %>',
8 'HOST': '<%= @pg_hostname %>',
9 'PORT': '<%= @pg_port %>',
10 }
11}
12
13# SECURITY WARNING: keep the secret key used in production secret!
14SECRET_KEY = os.environ.get('SECRET_KEY', '<%= @secret_key %>')
15DEBUG = False
16SECURE_HSTS_PRELOAD = True # moved from local settings as local runserver don't do SSL
17SECURE_HSTS_SECONDS = 1
18SECURE_SSL_REDIRECT = True
19LOG_FILE = '<%= @home %>/caldev_django.log'
20
21DEFAULT_FROM_EMAIL = '<%= @mail_from %>'
22EMAIL_USE_SSL = True
23EMAIL_HOST = "<%= @smtp_host %>"
24EMAIL_PORT = <%= @smtp_port %>
25
diff --git a/modules/role/templates/caldance/manage.py.erb b/modules/role/templates/caldance/manage.py.erb
new file mode 100644
index 0000000..dc06eab
--- /dev/null
+++ b/modules/role/templates/caldance/manage.py.erb
@@ -0,0 +1,9 @@
1#!<%= @python_path %> -O
2import os
3import sys
4
5if __name__ == "__main__":
6 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "main_app.settings")
7
8 from django.core.management import execute_from_command_line
9 execute_from_command_line(sys.argv)