VAGRANT

2020-11-16 18:41:23 +01:00 · 2020-11-16 18:41:23 +01:00 · 61032d1f60
commit 61032d1f60
parent 379ef8d1a6
7 changed files with 226 additions and 0 deletions
--- a/47
+++ b/47
@ -0,0 +1,47 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure(2) do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  config.vm.box = "ubuntu/focal64"
+
+  # On associe le port 80 dans la machine virtuelle avec le port 8080 de notre
+  # ordinateur, et le port 8000 avec le port 8000.
+  config.vm.network :forwarded_port, guest: 80, host: 8080
+  config.vm.network :forwarded_port, guest: 8000, host: 8000
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  # config.vm.provision "shell", inline: <<-SHELL
+  #   sudo apt-get update
+  #   sudo apt-get install -y apache2
+  # SHELL
+  config.vm.provision :shell, path: "provisioning/bootstrap.sh", args: ENV['PWD']
+end
--- a/annuaire/settings/vagrant.py
+++ b/annuaire/settings/vagrant.py
@ -0,0 +1,17 @@
+"""
+Settings pour le développement de l'annuaire avec vagrant.
+Essaie de rester le plus fidèle possible aux settings de production,
+avec des différences les plus minimes possibles.
+"""
+
+from .prod import *  # noqa
+
+DEBUG = True
+
+MEDIA_ROOT = "/srv/annuaire/media"
+STATIC_ROOT = "/srv/annuaire/static"
+
+EMAIL_BACKEND = "django.core.mail.backends.filebased.EmailBackend"
+EMAIL_FILE_PATH = "/var/mail/django"
+
+ALLOWED_HOSTS = ["127.0.0.1", "localhost", "0.0.0.0"]
--- a/provisioning/bootstrap.sh
+++ b/provisioning/bootstrap.sh
@ -0,0 +1,86 @@
+#!/bin/sh
+
+# Stop if an error is encountered
+set -e
+
+PROJECTNAME=$(basename $1)
+SETTINGS_MODULE="$PROJECTNAME.settings.vagrant"
+
+# Configuration de la base de données. Le mot de passe est constant car c'est
+# pour une installation de dév locale qui ne sera accessible que depuis la
+# machine virtuelle.
+DBUSER=$PROJECTNAME
+DBNAME=$PROJECTNAME
+DBPASSWD="O1LxCADDA6Px5SiKvifjvdp3DSjfbp"
+
+# Installation de paquets utiles.
+# Installe les paquets mentionnés dans `package.list`, en excluant les lignes
+# commençant par #.
+apt-get update && apt-get upgrade -y
+apt-get install -y $(awk '! /^ *#/' /vagrant/provisioning/package.list)
+
+# Postgresql
+# On teste si la db existe déjà pour ne pas essayer de la recréer
+DB_EXISTS=$(sudo -u postgres psql -lqt | cut -d \| -f 1 | grep -cw $DBNAME || true)
+if [ $DB_EXISTS -eq 0 ]
+then
+  sudo -u postgres createdb $DBNAME
+  sudo -u postgres createuser -SdR $DBUSER
+  sudo -u postgres psql -c "ALTER USER $DBUSER WITH PASSWORD '$DBPASSWD';"
+  sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DBNAME TO $DBUSER;"
+fi
+
+
+# Redis
+REDIS_PASSWD="dummy"
+redis-cli CONFIG SET requirepass $REDIS_PASSWD
+redis-cli -a $REDIS_PASSWD CONFIG REWRITE
+
+# Contenu statique
+mkdir -p /srv/$PROJECTNAME/static
+ln -sf /vagrant/media /srv/$PROJECTNAME/media
+chown -R vagrant:www-data /srv/$PROJECTNAME
+
+# Nginx
+rm -f /etc/nginx/sites-enabled/default
+sed "s/\_\_PROJECTNAME__/$PROJECTNAME/g" /vagrant/provisioning/nginx.conf > /etc/nginx/sites-enabled/$PROJECTNAME.conf
+systemctl reload nginx
+
+# Environnement virtuel python
+sudo -H -u vagrant python3 -m venv ~vagrant/venv
+sudo -H -u vagrant ~vagrant/venv/bin/pip install -U pip
+sudo -H -u vagrant ~vagrant/venv/bin/pip install -r /vagrant/requirements-prod.txt -r /vagrant/requirements-dev.txt
+
+# Préparation de Django
+cd /vagrant
+sudo -H -u vagrant \
+  DJANGO_SETTINGS_MODULE=$SETTINGS_MODULE \
+  bash -c ". ~/venv/bin/activate && bash provisioning/prepare_django.sh"
+/home/vagrant/venv/bin/python manage.py collectstatic --noinput --settings $SETTINGS_MODULE
+
+# Mails
+mkdir -p /var/mail/django
+chown -R vagrant:www-data /var/mail/django
+
+# Service files
+for file in /vagrant/provisioning/*.service
+do
+  # failsafe si aucun fichier .service n'existe
+  [ -f $file ] || break
+  SERVICE=$(basename $file)
+
+  # On copie en remplaçant si nécessaire le template
+  sed "s/\_\_PROJECTNAME__/$PROJECTNAME/g" $file > /etc/systemd/system/$SERVICE
+  systemctl enable $SERVICE
+  systemctl start $SERVICE
+done
+
+# Mise en place du .bash_profile pour tout configurer lors du `vagrant ssh`
+cat >> ~vagrant/.bashrc <<EOF
+export DJANGO_SETTINGS_MODULE=$SETTINGS_MODULE
+
+# Charge le virtualenv
+source ~/venv/bin/activate
+
+cd /vagrant
+EOF
--- a/provisioning/gunicorn.service
+++ b/provisioning/gunicorn.service
@ -0,0 +1,15 @@
+Description="Gunicorn"
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+User=vagrant
+Group=vagrant
+TimeoutSec=300
+WorkingDirectory=/vagrant
+Environment="DJANGO_SETTINGS_MODULE=__PROJECTNAME__.settings.vagrant"
+ExecStart=/home/vagrant/venv/bin/gunicorn --bind=unix:/tmp/gunicorn.sock __PROJECTNAME__.wsgi:application
+
+[Install]
+WantedBy=multi-user.target
--- a/provisioning/nginx.conf
+++ b/provisioning/nginx.conf
@ -0,0 +1,49 @@
+upstream app_server {
+  # fail_timeout=0 means we always retry an upstream even if it failed
+  # to return a good HTTP response
+
+  # for UNIX domain socket setups
+  server unix:/tmp/gunicorn.sock fail_timeout=0;
+
+  # for a TCP configuration
+  # server 192.168.0.7:8000 fail_timeout=0;
+}
+
+server {
+  # use 'listen 80 deferred;' for Linux
+  # use 'listen 80 accept_filter=httpready;' for FreeBSD
+  listen 80 deferred;
+  client_max_body_size 4G;
+
+  # set the correct host(s) for your site
+  server_name localhost;
+
+  keepalive_timeout 5;
+
+  # path for static files
+  root /srv/__PROJECTNAME__;
+
+  # Static files
+  location /static/ {
+    access_log off;
+  }
+
+  # Uploaded media
+  location /media/ {
+    access_log off;
+  }
+
+  location / {
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-SSL-Client-Serial $ssl_client_serial;
+    proxy_set_header X-SSL-Client-Verify $ssl_client_verify;
+    proxy_set_header X-SSL-Client-S-DN   $ssl_client_s_dn;
+    # we don't want nginx trying to do something clever with
+    # redirects, we set the Host: header above already.
+    proxy_redirect off;
+    proxy_pass http://app_server;
+  }
+}
--- a/provisioning/package.list
+++ b/provisioning/package.list
@ -0,0 +1,6 @@
+python3-pip python3-dev python3-venv 
+libpq-dev postgresql postgresql-contrib libjpeg-dev 
+build-essential nginx git redis-server
+
+# Needed for python-ldap
+libldap2-dev libsasl2-dev ldap-utils lcov
--- a/provisioning/prepare_django.sh
+++ b/provisioning/prepare_django.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Stop if an error is encountered.
+set -e
+
+python manage.py migrate