diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/role/manifests/caldance.pp | 68 | ||||
-rw-r--r-- | modules/role/templates/caldance/local_settings.py.erb | 25 |
2 files changed, 42 insertions, 51 deletions
diff --git a/modules/role/manifests/caldance.pp b/modules/role/manifests/caldance.pp index 1cda69c..df8b56f 100644 --- a/modules/role/manifests/caldance.pp +++ b/modules/role/manifests/caldance.pp | |||
@@ -26,6 +26,34 @@ class role::caldance ( | |||
26 | ensure_packages(["python-pip", "python-virtualenv", "python-django"]) | 26 | ensure_packages(["python-pip", "python-virtualenv", "python-django"]) |
27 | 27 | ||
28 | $caldance_app = "${home}/app" | 28 | $caldance_app = "${home}/app" |
29 | $pg_password = generate_password(24, $password_seed, "postgres_caldance") | ||
30 | $secret_key = generate_password(24, $password_seed, "secret_key_caldance") | ||
31 | |||
32 | $environment = { | ||
33 | "DB_NAME" => $pg_db, | ||
34 | "DB_USER" => $pg_user, | ||
35 | "DB_PASSWORD" => $pg_password, | ||
36 | "DB_HOST" => $pg_hostname, | ||
37 | "DB_PORT" => $pg_port, | ||
38 | "SECRET_KEY" => $secret_key, | ||
39 | "DEBUG" => "False", | ||
40 | "LOG_FILE" => "$home/caldev_django.log", | ||
41 | "FROM_EMAIL" => $mail_from, | ||
42 | "EMAIL_HOST" => $smtp_host, | ||
43 | "EMAIL_PORT" => $smtp_port, | ||
44 | } | ||
45 | $shell_env = $environment.map |$key, $value| { "$key=$value" } | ||
46 | $apache_env = $environment.map |$key, $value| { "CALDANCE_$key $value" } | ||
47 | |||
48 | file { $home: | ||
49 | mode => "0755", | ||
50 | } | ||
51 | file { "${home}/caldev_django.log": | ||
52 | mode => "0664", | ||
53 | owner => $user, | ||
54 | group => "http", | ||
55 | content => "", | ||
56 | } | ||
29 | 57 | ||
30 | file { $caldance_app: | 58 | file { $caldance_app: |
31 | ensure => "directory", | 59 | ensure => "directory", |
@@ -58,46 +86,33 @@ class role::caldance ( | |||
58 | exec { "py-requirements": | 86 | exec { "py-requirements": |
59 | cwd => $caldance_app, | 87 | cwd => $caldance_app, |
60 | user => $user, | 88 | user => $user, |
61 | environment => ["HOME=${home}"], | 89 | environment => concat(["HOME=${home}"], $shell_env), |
62 | command => "${home}/virtualenv/bin/pip install -r requirements.txt", | 90 | command => "/usr/bin/sed -i -e '/GDAL/d' requirements.txt && ${home}/virtualenv/bin/pip install -r requirements.txt", |
63 | require => User["$user:"], | 91 | require => User["$user:"], |
64 | refreshonly => true, | 92 | refreshonly => true, |
65 | } ~> | 93 | } ~> |
66 | exec { "py-migrate": | 94 | exec { "py-migrate": |
67 | cwd => $caldance_app, | 95 | cwd => $caldance_app, |
68 | user => $user, | 96 | user => $user, |
69 | environment => ["HOME=${home}"], | 97 | environment => concat(["HOME=${home}"], $shell_env), |
70 | command => "$caldance_app/manage.py migrate", | 98 | command => "$caldance_app/manage.py migrate", |
71 | require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]], | 99 | require => [User["$user:"], File["$caldance_app/manage.py"]], |
72 | refreshonly => true, | 100 | refreshonly => true, |
73 | } ~> | 101 | } ~> |
74 | exec { "py-static": | 102 | exec { "py-static": |
75 | cwd => $caldance_app, | 103 | cwd => $caldance_app, |
76 | user => $user, | 104 | user => $user, |
77 | environment => ["HOME=${home}"], | 105 | environment => concat(["HOME=${home}"], $shell_env), |
78 | command => "$caldance_app/manage.py collectstatic --no-input", | 106 | command => "$caldance_app/manage.py collectstatic --no-input", |
79 | require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]], | 107 | require => [User["$user:"], File["$caldance_app/manage.py"]], |
80 | refreshonly => true, | 108 | refreshonly => true, |
81 | } ~> | 109 | } ~> |
82 | exec { "reload httpd": | 110 | exec { "reload httpd": |
83 | command => "/usr/bin/systemctl reload httpd", | 111 | command => "/usr/bin/systemctl reload httpd", |
84 | require => [User["$user:"], File["$caldance_app/manage.py"], File["$caldance_app/main_app/local_settings.py"]], | 112 | require => [User["$user:"], File["$caldance_app/manage.py"]], |
85 | refreshonly => true, | 113 | refreshonly => true, |
86 | } | 114 | } |
87 | 115 | ||
88 | $pg_password = generate_password(24, $password_seed, "postgres_caldance") | ||
89 | $secret_key = generate_password(24, $password_seed, "secret_key_caldance") | ||
90 | file { "$caldance_app/main_app/local_settings.py": | ||
91 | owner => $user, | ||
92 | group => $group, | ||
93 | mode => "0644", | ||
94 | content => template("role/caldance/local_settings.py.erb"), | ||
95 | require => [ | ||
96 | User["$user:"], | ||
97 | Archive[ "${home}/caldance_${caldance_version}.tar.gz"], | ||
98 | ], | ||
99 | } | ||
100 | |||
101 | $python_path = "${home}/virtualenv/bin/python" | 116 | $python_path = "${home}/virtualenv/bin/python" |
102 | file { "$caldance_app/manage.py": | 117 | file { "$caldance_app/manage.py": |
103 | owner => $user, | 118 | owner => $user, |
@@ -140,8 +155,8 @@ class role::caldance ( | |||
140 | 155 | ||
141 | ensure_packages(["mod_wsgi"]) | 156 | ensure_packages(["mod_wsgi"]) |
142 | class { 'apache::mod::wsgi': | 157 | class { 'apache::mod::wsgi': |
143 | wsgi_python_home => "$web_home/caldev_virtualenv", | 158 | wsgi_python_home => "${home}/virtualenv", |
144 | wsgi_python_path => "$web_home/caldev/www.cal-dance.com/", | 159 | wsgi_python_path => $caldance_app, |
145 | require => Package["mod_wsgi"], | 160 | require => Package["mod_wsgi"], |
146 | } | 161 | } |
147 | class { 'apache::mod::authn_file': } | 162 | class { 'apache::mod::authn_file': } |
@@ -160,11 +175,11 @@ class role::caldance ( | |||
160 | require => Letsencrypt::Certonly[$web_host], | 175 | require => Letsencrypt::Certonly[$web_host], |
161 | directories => [ | 176 | directories => [ |
162 | { | 177 | { |
163 | path => "$web_home/caldev/www.cal-dance.com/main_app", | 178 | path => "$caldance_app/main_app", |
164 | require => "all granted", | 179 | require => "all granted", |
165 | }, | 180 | }, |
166 | { | 181 | { |
167 | path => "$web_home/caldev/www.cal-dance.com/www/static", | 182 | path => "$caldance_app/www/static", |
168 | require => "all granted", | 183 | require => "all granted", |
169 | }, | 184 | }, |
170 | { | 185 | { |
@@ -179,10 +194,11 @@ class role::caldance ( | |||
179 | aliases => [ | 194 | aliases => [ |
180 | { | 195 | { |
181 | alias => "/static/", | 196 | alias => "/static/", |
182 | path => "$web_home/caldev/www.cal-dance.com/www/static/", | 197 | path => "$caldance_app/www/static/", |
183 | }, | 198 | }, |
184 | ], | 199 | ], |
185 | wsgi_script_aliases => { "/" => "$web_home/caldev/www.cal-dance.com/main_app/wsgi.py" }; | 200 | setenv => $apache_env, |
201 | wsgi_script_aliases => { "/" => "$caldance_app/main_app/wsgi.py" }; | ||
186 | default: * => $::profile::apache::apache_vhost_default; | 202 | default: * => $::profile::apache::apache_vhost_default; |
187 | } | 203 | } |
188 | } | 204 | } |
diff --git a/modules/role/templates/caldance/local_settings.py.erb b/modules/role/templates/caldance/local_settings.py.erb deleted file mode 100644 index 4da53f6..0000000 --- a/modules/role/templates/caldance/local_settings.py.erb +++ /dev/null | |||
@@ -1,25 +0,0 @@ | |||
1 | import os | ||
2 | DATABASES = { | ||
3 | 'default': { | ||
4 | 'ENGINE': 'django.contrib.gis.db.backends.postgis', | ||
5 | 'NAME': '<%= @pg_db %>', | ||
6 | 'USER': '<%= @pg_user %>', | ||
7 | 'PASSWORD': u'<%= @pg_password %>', | ||
8 | 'HOST': '<%= @pg_hostname %>', | ||
9 | 'PORT': '<%= @pg_port %>', | ||
10 | } | ||
11 | } | ||
12 | |||
13 | # SECURITY WARNING: keep the secret key used in production secret! | ||
14 | SECRET_KEY = os.environ.get('SECRET_KEY', '<%= @secret_key %>') | ||
15 | DEBUG = False | ||
16 | SECURE_HSTS_PRELOAD = True # moved from local settings as local runserver don't do SSL | ||
17 | SECURE_HSTS_SECONDS = 1 | ||
18 | SECURE_SSL_REDIRECT = True | ||
19 | LOG_FILE = '<%= @home %>/caldev_django.log' | ||
20 | |||
21 | DEFAULT_FROM_EMAIL = '<%= @mail_from %>' | ||
22 | EMAIL_USE_SSL = True | ||
23 | EMAIL_HOST = "<%= @smtp_host %>" | ||
24 | EMAIL_PORT = <%= @smtp_port %> | ||
25 | |||