VAGRANT
This commit is contained in:
parent
379ef8d1a6
commit
61032d1f60
7 changed files with 226 additions and 0 deletions
47
Vagrantfile
vendored
Normal file
47
Vagrantfile
vendored
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
# -*- mode: ruby -*-
|
||||||
|
# vi: set ft=ruby :
|
||||||
|
|
||||||
|
# All Vagrant configuration is done below. The "2" in Vagrant.configure
|
||||||
|
# configures the configuration version (we support older styles for
|
||||||
|
# backwards compatibility). Please don't change it unless you know what
|
||||||
|
# you're doing.
|
||||||
|
Vagrant.configure(2) do |config|
|
||||||
|
# The most common configuration options are documented and commented below.
|
||||||
|
# For a complete reference, please see the online documentation at
|
||||||
|
# https://docs.vagrantup.com.
|
||||||
|
|
||||||
|
config.vm.box = "ubuntu/focal64"
|
||||||
|
|
||||||
|
# On associe le port 80 dans la machine virtuelle avec le port 8080 de notre
|
||||||
|
# ordinateur, et le port 8000 avec le port 8000.
|
||||||
|
config.vm.network :forwarded_port, guest: 80, host: 8080
|
||||||
|
config.vm.network :forwarded_port, guest: 8000, host: 8000
|
||||||
|
|
||||||
|
# Create a private network, which allows host-only access to the machine
|
||||||
|
# using a specific IP.
|
||||||
|
# config.vm.network "private_network", ip: "192.168.33.10"
|
||||||
|
|
||||||
|
# Provider-specific configuration so you can fine-tune various
|
||||||
|
# backing providers for Vagrant. These expose provider-specific options.
|
||||||
|
# Example for VirtualBox:
|
||||||
|
#
|
||||||
|
# config.vm.provider "virtualbox" do |vb|
|
||||||
|
# # Display the VirtualBox GUI when booting the machine
|
||||||
|
# vb.gui = true
|
||||||
|
#
|
||||||
|
# # Customize the amount of memory on the VM:
|
||||||
|
# vb.memory = "1024"
|
||||||
|
# end
|
||||||
|
#
|
||||||
|
# View the documentation for the provider you are using for more
|
||||||
|
# information on available options.
|
||||||
|
|
||||||
|
# Enable provisioning with a shell script. Additional provisioners such as
|
||||||
|
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
|
||||||
|
# documentation for more information about their specific syntax and use.
|
||||||
|
# config.vm.provision "shell", inline: <<-SHELL
|
||||||
|
# sudo apt-get update
|
||||||
|
# sudo apt-get install -y apache2
|
||||||
|
# SHELL
|
||||||
|
config.vm.provision :shell, path: "provisioning/bootstrap.sh", args: ENV['PWD']
|
||||||
|
end
|
17
annuaire/settings/vagrant.py
Normal file
17
annuaire/settings/vagrant.py
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
"""
|
||||||
|
Settings pour le développement de l'annuaire avec vagrant.
|
||||||
|
Essaie de rester le plus fidèle possible aux settings de production,
|
||||||
|
avec des différences les plus minimes possibles.
|
||||||
|
"""
|
||||||
|
|
||||||
|
from .prod import * # noqa
|
||||||
|
|
||||||
|
DEBUG = True
|
||||||
|
|
||||||
|
MEDIA_ROOT = "/srv/annuaire/media"
|
||||||
|
STATIC_ROOT = "/srv/annuaire/static"
|
||||||
|
|
||||||
|
EMAIL_BACKEND = "django.core.mail.backends.filebased.EmailBackend"
|
||||||
|
EMAIL_FILE_PATH = "/var/mail/django"
|
||||||
|
|
||||||
|
ALLOWED_HOSTS = ["127.0.0.1", "localhost", "0.0.0.0"]
|
86
provisioning/bootstrap.sh
Normal file
86
provisioning/bootstrap.sh
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Stop if an error is encountered
|
||||||
|
set -e
|
||||||
|
|
||||||
|
PROJECTNAME=$(basename $1)
|
||||||
|
SETTINGS_MODULE="$PROJECTNAME.settings.vagrant"
|
||||||
|
|
||||||
|
# Configuration de la base de données. Le mot de passe est constant car c'est
|
||||||
|
# pour une installation de dév locale qui ne sera accessible que depuis la
|
||||||
|
# machine virtuelle.
|
||||||
|
DBUSER=$PROJECTNAME
|
||||||
|
DBNAME=$PROJECTNAME
|
||||||
|
DBPASSWD="O1LxCADDA6Px5SiKvifjvdp3DSjfbp"
|
||||||
|
|
||||||
|
# Installation de paquets utiles.
|
||||||
|
# Installe les paquets mentionnés dans `package.list`, en excluant les lignes
|
||||||
|
# commençant par #.
|
||||||
|
apt-get update && apt-get upgrade -y
|
||||||
|
apt-get install -y $(awk '! /^ *#/' /vagrant/provisioning/package.list)
|
||||||
|
|
||||||
|
# Postgresql
|
||||||
|
# On teste si la db existe déjà pour ne pas essayer de la recréer
|
||||||
|
DB_EXISTS=$(sudo -u postgres psql -lqt | cut -d \| -f 1 | grep -cw $DBNAME || true)
|
||||||
|
if [ $DB_EXISTS -eq 0 ]
|
||||||
|
then
|
||||||
|
sudo -u postgres createdb $DBNAME
|
||||||
|
sudo -u postgres createuser -SdR $DBUSER
|
||||||
|
sudo -u postgres psql -c "ALTER USER $DBUSER WITH PASSWORD '$DBPASSWD';"
|
||||||
|
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DBNAME TO $DBUSER;"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# Redis
|
||||||
|
REDIS_PASSWD="dummy"
|
||||||
|
redis-cli CONFIG SET requirepass $REDIS_PASSWD
|
||||||
|
redis-cli -a $REDIS_PASSWD CONFIG REWRITE
|
||||||
|
|
||||||
|
# Contenu statique
|
||||||
|
mkdir -p /srv/$PROJECTNAME/static
|
||||||
|
ln -sf /vagrant/media /srv/$PROJECTNAME/media
|
||||||
|
chown -R vagrant:www-data /srv/$PROJECTNAME
|
||||||
|
|
||||||
|
# Nginx
|
||||||
|
rm -f /etc/nginx/sites-enabled/default
|
||||||
|
sed "s/\_\_PROJECTNAME__/$PROJECTNAME/g" /vagrant/provisioning/nginx.conf > /etc/nginx/sites-enabled/$PROJECTNAME.conf
|
||||||
|
systemctl reload nginx
|
||||||
|
|
||||||
|
# Environnement virtuel python
|
||||||
|
sudo -H -u vagrant python3 -m venv ~vagrant/venv
|
||||||
|
sudo -H -u vagrant ~vagrant/venv/bin/pip install -U pip
|
||||||
|
sudo -H -u vagrant ~vagrant/venv/bin/pip install -r /vagrant/requirements-prod.txt -r /vagrant/requirements-dev.txt
|
||||||
|
|
||||||
|
# Préparation de Django
|
||||||
|
cd /vagrant
|
||||||
|
sudo -H -u vagrant \
|
||||||
|
DJANGO_SETTINGS_MODULE=$SETTINGS_MODULE \
|
||||||
|
bash -c ". ~/venv/bin/activate && bash provisioning/prepare_django.sh"
|
||||||
|
/home/vagrant/venv/bin/python manage.py collectstatic --noinput --settings $SETTINGS_MODULE
|
||||||
|
|
||||||
|
# Mails
|
||||||
|
mkdir -p /var/mail/django
|
||||||
|
chown -R vagrant:www-data /var/mail/django
|
||||||
|
|
||||||
|
# Service files
|
||||||
|
for file in /vagrant/provisioning/*.service
|
||||||
|
do
|
||||||
|
# failsafe si aucun fichier .service n'existe
|
||||||
|
[ -f $file ] || break
|
||||||
|
SERVICE=$(basename $file)
|
||||||
|
|
||||||
|
# On copie en remplaçant si nécessaire le template
|
||||||
|
sed "s/\_\_PROJECTNAME__/$PROJECTNAME/g" $file > /etc/systemd/system/$SERVICE
|
||||||
|
systemctl enable $SERVICE
|
||||||
|
systemctl start $SERVICE
|
||||||
|
done
|
||||||
|
|
||||||
|
# Mise en place du .bash_profile pour tout configurer lors du `vagrant ssh`
|
||||||
|
cat >> ~vagrant/.bashrc <<EOF
|
||||||
|
export DJANGO_SETTINGS_MODULE=$SETTINGS_MODULE
|
||||||
|
|
||||||
|
# Charge le virtualenv
|
||||||
|
source ~/venv/bin/activate
|
||||||
|
|
||||||
|
cd /vagrant
|
||||||
|
EOF
|
15
provisioning/gunicorn.service
Normal file
15
provisioning/gunicorn.service
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
Description="Gunicorn"
|
||||||
|
After=syslog.target
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User=vagrant
|
||||||
|
Group=vagrant
|
||||||
|
TimeoutSec=300
|
||||||
|
WorkingDirectory=/vagrant
|
||||||
|
Environment="DJANGO_SETTINGS_MODULE=__PROJECTNAME__.settings.vagrant"
|
||||||
|
ExecStart=/home/vagrant/venv/bin/gunicorn --bind=unix:/tmp/gunicorn.sock __PROJECTNAME__.wsgi:application
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
49
provisioning/nginx.conf
Normal file
49
provisioning/nginx.conf
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
upstream app_server {
|
||||||
|
# fail_timeout=0 means we always retry an upstream even if it failed
|
||||||
|
# to return a good HTTP response
|
||||||
|
|
||||||
|
# for UNIX domain socket setups
|
||||||
|
server unix:/tmp/gunicorn.sock fail_timeout=0;
|
||||||
|
|
||||||
|
# for a TCP configuration
|
||||||
|
# server 192.168.0.7:8000 fail_timeout=0;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
# use 'listen 80 deferred;' for Linux
|
||||||
|
# use 'listen 80 accept_filter=httpready;' for FreeBSD
|
||||||
|
listen 80 deferred;
|
||||||
|
client_max_body_size 4G;
|
||||||
|
|
||||||
|
# set the correct host(s) for your site
|
||||||
|
server_name localhost;
|
||||||
|
|
||||||
|
keepalive_timeout 5;
|
||||||
|
|
||||||
|
# path for static files
|
||||||
|
root /srv/__PROJECTNAME__;
|
||||||
|
|
||||||
|
# Static files
|
||||||
|
location /static/ {
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Uploaded media
|
||||||
|
location /media/ {
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-SSL-Client-Serial $ssl_client_serial;
|
||||||
|
proxy_set_header X-SSL-Client-Verify $ssl_client_verify;
|
||||||
|
proxy_set_header X-SSL-Client-S-DN $ssl_client_s_dn;
|
||||||
|
# we don't want nginx trying to do something clever with
|
||||||
|
# redirects, we set the Host: header above already.
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_pass http://app_server;
|
||||||
|
}
|
||||||
|
}
|
6
provisioning/package.list
Normal file
6
provisioning/package.list
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
python3-pip python3-dev python3-venv
|
||||||
|
libpq-dev postgresql postgresql-contrib libjpeg-dev
|
||||||
|
build-essential nginx git redis-server
|
||||||
|
|
||||||
|
# Needed for python-ldap
|
||||||
|
libldap2-dev libsasl2-dev ldap-utils lcov
|
6
provisioning/prepare_django.sh
Normal file
6
provisioning/prepare_django.sh
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Stop if an error is encountered.
|
||||||
|
set -e
|
||||||
|
|
||||||
|
python manage.py migrate
|
Loading…
Reference in a new issue