cst1/kpsul
1
0
Fork 0
forked from DGNum/gestioCOF
Code Pull requests Activity

Merge branch 'kerl/fix_vagrant' into 'master'

Browse source 
Mise à jour du setup vagrant

See merge request klub-dev-ens/gestioCOF!475
This commit is contained in:
Ludovic Stephan 2020-12-07 20:56:09 +01:00
parent 479e751b7c 0ce1e62586
commit 340f8f16a7
14 changed files with 288 additions and 156 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
Vagrantfile vendored
View file

@ -1,47 +1,19 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
# Configuration de base pour GestioCOF.
# Voir https://docs.vagrantup.com pour plus d'informations.
Vagrant.configure(2) do |config|
# The most common configuration options are documented and commented below.
# For a complete reference, please see the online documentation at
# https://docs.vagrantup.com.
config.vm.box = "ubuntu/xenial64"
# On se base sur Debian 10 (Buster) pour avoir le même environnement qu'en
# production.
config.vm.box = "debian/contrib-buster64"
# On associe le port 80 dans la machine virtuelle avec le port 8080 de notre
# ordinateur, et le port 8000 avec le port 8000.
config.vm.network :forwarded_port, guest: 80, host: 8080
config.vm.network :forwarded_port, guest: 8000, host: 8000
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
# config.vm.provider "virtualbox" do |vb|
# # Display the VirtualBox GUI when booting the machine
# vb.gui = true
#
# # Customize the amount of memory on the VM:
# vb.memory = "1024"
# end
#
# View the documentation for the provider you are using for more
# information on available options.
# Enable provisioning with a shell script. Additional provisioners such as
# Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
# documentation for more information about their specific syntax and use.
# config.vm.provision "shell", inline: <<-SHELL
# sudo apt-get update
# sudo apt-get install -y apache2
# SHELL
# Le restes de la configuration (installation de paquets, etc) est géré un
# script shell.
config.vm.provision :shell, path: "provisioning/bootstrap.sh"
end

58
cof/settings/dev.py Normal file
View file

@ -0,0 +1,58 @@
"""Django local development settings."""
import os
from . import bds_prod
from .cof_prod import * # NOQA
from .cof_prod import INSTALLED_APPS, MIDDLEWARE, TESTING
# ---
# Merge COF and BDS configs
# ---
for app in bds_prod.INSTALLED_APPS:
if app not in INSTALLED_APPS:
INSTALLED_APPS.append(app)
# ---
# Tweaks for debug/local development
# ---
ALLOWED_HOSTS = []
DEBUG = True
EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
if TESTING:
PASSWORD_HASHERS = ["django.contrib.auth.hashers.MD5PasswordHasher"]
STATIC_URL = "/static/"
STATIC_ROOT = "/srv/gestiocof/static"
MEDIA_URL = "/media/"
MEDIA_ROOT = "/srv/gestiocof/media"
# ---
# Debug tool bar
# ---
def show_toolbar(request):
"""
On active la debug-toolbar en mode développement local sauf :
- dans l'admin où ça ne sert pas à grand chose;
- si la variable d'environnement DJANGO_NO_DDT est à 1 → ça permet de la désactiver
sans modifier ce fichier en exécutant `export DJANGO_NO_DDT=1` dans le terminal
qui lance `./manage.py runserver`.
Autre side effect de cette fonction : on ne fait pas la vérification de INTERNAL_IPS
que ferait la debug-toolbar par défaut, ce qui la fait fonctionner aussi à
l'intérieur de Vagrant (comportement non testé depuis un moment…)
"""
env_no_ddt = bool(os.environ.get("DJANGO_NO_DDT", None))
return DEBUG and not env_no_ddt and not request.path.startswith("/admin/")
if not TESTING:
INSTALLED_APPS += ["debug_toolbar"]
MIDDLEWARE = ["debug_toolbar.middleware.DebugToolbarMiddleware"] + MIDDLEWARE
DEBUG_TOOLBAR_CONFIG = {"SHOW_TOOLBAR_CALLBACK": show_toolbar}

153
provisioning/bootstrap.sh
View file

@ -1,74 +1,141 @@
#!/bin/sh
# Stop if an error is encountered
set -e
# Arête le script quand :
# - une erreur survient
# - on essaie d'utiliser une variable non définie
# - on essaie d'écraser un fichier avec une redirection (>).
set -euC
# Configuration de la base de données. Le mot de passe est constant car c'est
# Configuration de la base de données, redis, Django, etc.
# Tous les mots de passe sont constant et en clair dans le fichier car c'est
# pour une installation de dév locale qui ne sera accessible que depuis la
# machine virtuelle.
DBUSER="cof_gestion"
DBNAME="cof_gestion"
DBPASSWD="4KZt3nGPLVeWSvtBZPSM3fSzXpzEU4"
readonly DBUSER="cof_gestion"
readonly DBNAME="cof_gestion"
readonly DBPASSWD="4KZt3nGPLVeWSvtBZPSM3fSzXpzEU4"
readonly REDIS_PASSWD="dummy"
readonly DJANGO_SETTINGS_MODULE="cof.settings.dev"
# Installation de paquets utiles
apt-get update && apt-get upgrade -y
apt-get install -y python3-pip python3-dev python3-venv libpq-dev postgresql \
postgresql-contrib libjpeg-dev nginx git redis-server
# ---
# Installation des paquets systèmes
# ---
get_packages_list () {
sed 's/#.*$//' /vagrant/provisioning/packages.list | grep -v '^ *$'
}
# https://github.com/chef/bento/issues/661
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get -y upgrade
get_packages_list | xargs apt-get install -y
# ---
# Configuration de la base de données
# ---
# Postgresql
sudo -u postgres createdb $DBNAME
sudo -u postgres createuser -SdR $DBUSER
pg_user_exists () {
sudo -u postgres psql postgres -tAc \
"SELECT 1 FROM pg_roles WHERE rolname='$1'" \
| grep -q '^1$'
}
pg_db_exists () {
sudo -u postgres psql postgres -tAc \
"SELECT 1 FROM pg_database WHERE datname='$1'" \
| grep -q '^1$'
}
pg_db_exists "$DBNAME" || sudo -u postgres createdb "$DBNAME"
pg_user_exists "$DBUSER" || sudo -u postgres createuser -SdR "$DBUSER"
sudo -u postgres psql -c "ALTER USER $DBUSER WITH PASSWORD '$DBPASSWD';"
sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DBNAME TO $DBUSER;"
# Redis
REDIS_PASSWD="dummy"
redis-cli CONFIG SET requirepass $REDIS_PASSWD
redis-cli -a $REDIS_PASSWD CONFIG REWRITE
# ---
# Configuration de redis (pour django-channels)
# ---
# Contenu statique
# Redis
redis-cli CONFIG SET requirepass "$REDIS_PASSWD"
redis-cli -a "$REDIS_PASSWD" CONFIG REWRITE
# ---
# Préparation de Django
# ---
# Dossiers pour le contenu statique
mkdir -p /srv/gestiocof/media
mkdir -p /srv/gestiocof/static
chown -R ubuntu:www-data /srv/gestiocof
# Nginx
ln -s -f /vagrant/provisioning/nginx.conf /etc/nginx/sites-enabled/gestiocof.conf
rm -f /etc/nginx/sites-enabled/default
systemctl reload nginx
chown -R vagrant:www-data /srv/gestiocof
# Environnement virtuel python
sudo -H -u ubuntu python3 -m venv ~ubuntu/venv
sudo -H -u ubuntu ~ubuntu/venv/bin/pip install -U pip
sudo -H -u ubuntu ~ubuntu/venv/bin/pip install -r /vagrant/requirements-devel.txt
sudo -H -u vagrant python3 -m venv ~vagrant/venv
sudo -H -u vagrant ~vagrant/venv/bin/pip install -U pip
sudo -H -u vagrant ~vagrant/venv/bin/pip install \
-r /vagrant/requirements-prod.txt \
-r /vagrant/requirements-devel.txt \
# Préparation de Django
cd /vagrant
ln -s -f secret_example.py cof/settings/secret.py
sudo -H -u ubuntu \
DJANGO_SETTINGS_MODULE='cof.settings.dev' \
bash -c ". ~/venv/bin/activate && bash provisioning/prepare_django.sh"
/home/ubuntu/venv/bin/python manage.py collectstatic --noinput --settings cof.settings.dev
sudo -H -u vagrant \
DJANGO_SETTINGS_MODULE="$DJANGO_SETTINGS_MODULE"\
/bin/sh -c ". ~vagrant/venv/bin/activate && /bin/sh provisioning/prepare_django.sh"
~vagrant/venv/bin/python manage.py collectstatic \
--noinput \
--settings "$DJANGO_SETTINGS_MODULE"
# Installation du cron pour les mails de rappels
sudo -H -u ubuntu crontab provisioning/cron.dev
# Daphne + runworker
cp /vagrant/provisioning/daphne.service /etc/systemd/system/daphne.service
cp /vagrant/provisioning/worker.service /etc/systemd/system/worker.service
systemctl enable daphne.service
systemctl enable worker.service
systemctl start daphne.service
systemctl start worker.service
# ---
# Units systemd
# ---
# Mise en place du .bash_profile pour tout configurer lors du `vagrant ssh`
cat >> ~ubuntu/.bashrc <<EOF
# - Daphne fait tourner le serveur asgi
# - worker = https://channels.readthedocs.io/en/stable/topics/worker.html
# - Mails de rappels du BdA
# - Mails de revente du BdA
ln -sf /vagrant/provisioning/systemd/daphne.service /etc/systemd/system/daphne.service
ln -sf /vagrant/provisioning/systemd/worker.service /etc/systemd/system/worker.service
ln -sf /vagrant/provisioning/systemd/reventes.service /etc/systemd/system/reventes.service
ln -sf /vagrant/provisioning/systemd/rappels.service /etc/systemd/system/rappels.service
ln -sf /vagrant/provisioning/systemd/reventes.timer /etc/systemd/system/reventes.timer
ln -sf /vagrant/provisioning/systemd/rappels.timer /etc/systemd/system/rappels.timer
systemctl enable --now daphne.service
systemctl enable --now worker.service
systemctl enable rappels.timer
systemctl enable reventes.timer
# ---
# Configuration du shell de l'utilisateur 'vagrant' pour utiliser le bon fichier
# de settings et et bon virtualenv.
# ---
# On utilise .bash_aliases au lieu de .bashrc pour ne pas écraser la
# configuration par défaut.
rm -f ~vagrant/.bash_aliases
cat > ~vagrant/.bash_aliases <<EOF
# On utilise la version de développement de GestioCOF
export DJANGO_SETTINGS_MODULE='cof.settings.dev'
export DJANGO_SETTINGS_MODULE='$DJANGO_SETTINGS_MODULE'
# Charge le virtualenv
source ~/venv/bin/activate
. ~/venv/bin/activate
# On va dans /vagrant où se trouve le code de gestioCOF
cd /vagrant
EOF
# ---
# Configuration d'nginx
# ---
ln -s -f /vagrant/provisioning/nginx/gestiocof.conf /etc/nginx/sites-enabled/gestiocof.conf
rm -f /etc/nginx/sites-enabled/default
systemctl reload nginx

10
provisioning/cron.dev
View file

@ -1,10 +0,0 @@
# On utilise la version de développement de GestioCOF
DJANGO_SETTINGS_MODULE='cof.settings.dev'
# Identifiants MySQL
DBUSER="cof_gestion"
DBNAME="cof_gestion"
DBPASSWD="4KZt3nGPLVeWSvtBZPSM3fSzXpzEU4"
19 */12 * * * date >> /vagrant/rappels.log ; /ubuntu/home/venv/bin/python /vagrant/manage.py sendrappels >> /vagrant/rappels.log 2>&1
*/5 * * * * /ubuntu/home/venv/bin/python /vagrant/manage.py manage_revente >> /vagrant/reventes.log 2>&1

56
provisioning/nginx.conf
View file

@ -1,56 +0,0 @@
upstream gestiocof {
# Daphne listens on a unix socket
server unix:/srv/gestiocof/gestiocof.sock;
}
server {
listen 80;
server_name localhost;
root /srv/gestiocof/;
# / /gestion/
# /gestion /gestion/
rewrite ^/$ /gestion/;
rewrite ^/gestion$ /gestion/;
# Static files
location /static/ {
access_log off;
add_header Cache-Control "public";
expires 7d;
}
# Uploaded media
location /media/ {
access_log off;
add_header Cache-Control "public";
expires 7d;
}
location /gestion/ {
# A copy-paste of what we have in production
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-SSL-Client-Serial $ssl_client_serial;
proxy_set_header X-SSL-Client-Verify $ssl_client_verify;
proxy_set_header X-SSL-Client-S-DN $ssl_client_s_dn;
proxy_set_header Daphne-Root-Path /gestion;
location /gestion/ws/ {
# See http://nginx.org/en/docs/http/websocket.html
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://gestiocof/ws/;
}
location /gestion/ {
proxy_pass http://gestiocof;
}
}
}

42
provisioning/nginx/gestiocof.conf Normal file
View file

@ -0,0 +1,42 @@
upstream gestiocof {
# Daphne listens on a unix socket
server unix:/srv/gestiocof/gestiocof.sock;
}
server {
listen 80;
listen [::]:80;
server_name _;
root /srv/gestiocof/;
# Redirection:
rewrite ^/$ http://localhost:8080/gestion/ redirect;
rewrite ^/gestion$ http://localhost:8080/gestion/ redirect;
# Les pages statiques sont servies à part.
location /gestion/static { try_files $uri $uri/ =404; }
location /gestion/media { try_files $uri $uri/ =404; }
# On proxy-pass les requêtes vers les pages dynamiques à daphne
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-SSL-Client-Serial $ssl_client_serial;
proxy_set_header X-SSL-Client-Verify $ssl_client_verify;
proxy_set_header X-SSL-Client-S-DN $ssl_client_s_dn;
proxy_pass http://gestiocof;
}
# Pour les websockets :
# See http://nginx.org/en/docs/http/websocket.html.
location /ws/ {
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://gestiocof/ws/;
}
}

25
provisioning/packages.list Normal file
View file

@ -0,0 +1,25 @@
# Python
python3-pip
python3-dev
python3-venv
# Pour installer authens depuis git.eleves
git
# Postgres
libpq-dev
postgresql
postgresql-contrib
# Pour Pillow
libjpeg-dev
# Outils de prod
nginx # Test
redis-server
# Le LDAP
libldap2-dev
libsasl2-dev
slapd
ldap-utils

7
provisioning/prepare_django.sh
View file

@ -1,9 +1,8 @@
#!/bin/bash
#!/bin/sh
# Stop if an error is encountered.
set -e
set -euC
python manage.py migrate
python manage.py migrate --noinput
python manage.py sync_page_translation_fields
python manage.py update_translation_fields
python manage.py loaddata gestion sites articles

11
provisioning/daphne.service → provisioning/systemd/daphne.service
View file

@ -1,16 +1,17 @@
Description="GestioCOF"
Description="GestioCOF - Daphne"
After=syslog.target
After=network.target
[Service]
Type=simple
User=ubuntu
Group=ubuntu
User=vagrant
Group=vagrant
TimeoutSec=300
WorkingDirectory=/vagrant
Environment="DJANGO_SETTINGS_MODULE=cof.settings.dev"
ExecStart=/home/ubuntu/venv/bin/daphne -u /srv/gestiocof/gestiocof.sock \
cof.asgi:channel_layer
ExecStart=/home/vagrant/venv/bin/daphne \
-u /srv/gestiocof/gestiocof.sock \
cof.asgi:channel_layer
[Install]
WantedBy=multi-user.target

8
provisioning/systemd/rappels.service Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=Envoi des mails de rappel des spectales BdA
[Service]
Type=oneshot
User=vagrant
Environment="DJANGO_SETTINGS_MODULE=cof.settings.dev"
ExecStart=/home/vagrant/venv/bin/python /vagrant/manage.py sendrappels

9
provisioning/systemd/rappels.timer Normal file
View file

@ -0,0 +1,9 @@
[Unit]
Description=Envoi des mails de rappel des spectales BdA
[Timer]
OnBootSec=10min
OnUnitActiveSec=3h
[Install]
WantedBy=timers.target

8
provisioning/systemd/reventes.service Normal file
View file

@ -0,0 +1,8 @@
[Unit]
Description=Envoi des mails de BdA-Revente
[Service]
Type=oneshot
User=vagrant
Environment="DJANGO_SETTINGS_MODULE=cof.settings.dev"
ExecStart=/home/vagrant/venv/bin/python /vagrant/manage.py manage_reventes

9
provisioning/systemd/reventes.timer Normal file
View file

@ -0,0 +1,9 @@
[Unit]
Description=Envoi des mails de BdA-Revente
[Timer]
OnBootSec=15min
OnUnitActiveSec=15min
[Install]
WantedBy=timers.target

6
provisioning/worker.service → provisioning/systemd/worker.service
View file

@ -5,12 +5,12 @@ After=network.target
[Service]
Type=simple
User=ubuntu
Group=ubuntu
User=vagrant
Group=vagrant
TimeoutSec=300
WorkingDirectory=/vagrant
Environment="DJANGO_SETTINGS_MODULE=cof.settings.dev"
ExecStart=/home/ubuntu/venv/bin/python manage.py runworker
ExecStart=/home/vagrant/venv/bin/python manage.py runworker
[Install]
WantedBy=multi-user.target