diff --git a/Vagrantfile b/Vagrantfile index e12a45ed..f34653a5 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,47 +1,19 @@ # -*- mode: ruby -*- # vi: set ft=ruby : -# All Vagrant configuration is done below. The "2" in Vagrant.configure -# configures the configuration version (we support older styles for -# backwards compatibility). Please don't change it unless you know what -# you're doing. +# Configuration de base pour GestioCOF. +# Voir https://docs.vagrantup.com pour plus d'informations. Vagrant.configure(2) do |config| - # The most common configuration options are documented and commented below. - # For a complete reference, please see the online documentation at - # https://docs.vagrantup.com. - - config.vm.box = "ubuntu/xenial64" + # On se base sur Debian 10 (Buster) pour avoir le même environnement qu'en + # production. + config.vm.box = "debian/contrib-buster64" # On associe le port 80 dans la machine virtuelle avec le port 8080 de notre # ordinateur, et le port 8000 avec le port 8000. config.vm.network :forwarded_port, guest: 80, host: 8080 config.vm.network :forwarded_port, guest: 8000, host: 8000 - # Create a private network, which allows host-only access to the machine - # using a specific IP. - # config.vm.network "private_network", ip: "192.168.33.10" - - # Provider-specific configuration so you can fine-tune various - # backing providers for Vagrant. These expose provider-specific options. - # Example for VirtualBox: - # - # config.vm.provider "virtualbox" do |vb| - # # Display the VirtualBox GUI when booting the machine - # vb.gui = true - # - # # Customize the amount of memory on the VM: - # vb.memory = "1024" - # end - # - # View the documentation for the provider you are using for more - # information on available options. - - # Enable provisioning with a shell script. Additional provisioners such as - # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the - # documentation for more information about their specific syntax and use. - # config.vm.provision "shell", inline: <<-SHELL - # sudo apt-get update - # sudo apt-get install -y apache2 - # SHELL + # Le restes de la configuration (installation de paquets, etc) est géré un + # script shell. config.vm.provision :shell, path: "provisioning/bootstrap.sh" end diff --git a/cof/settings/dev.py b/cof/settings/dev.py new file mode 100644 index 00000000..7e1a63a8 --- /dev/null +++ b/cof/settings/dev.py @@ -0,0 +1,58 @@ +"""Django local development settings.""" +import os + +from . import bds_prod +from .cof_prod import * # NOQA +from .cof_prod import INSTALLED_APPS, MIDDLEWARE, TESTING + +# --- +# Merge COF and BDS configs +# --- + +for app in bds_prod.INSTALLED_APPS: + if app not in INSTALLED_APPS: + INSTALLED_APPS.append(app) + +# --- +# Tweaks for debug/local development +# --- + +ALLOWED_HOSTS = [] + +DEBUG = True +EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend" + +if TESTING: + PASSWORD_HASHERS = ["django.contrib.auth.hashers.MD5PasswordHasher"] + +STATIC_URL = "/static/" +STATIC_ROOT = "/srv/gestiocof/static" +MEDIA_URL = "/media/" +MEDIA_ROOT = "/srv/gestiocof/media" + + +# --- +# Debug tool bar +# --- + + +def show_toolbar(request): + """ + On active la debug-toolbar en mode développement local sauf : + - dans l'admin où ça ne sert pas à grand chose; + - si la variable d'environnement DJANGO_NO_DDT est à 1 → ça permet de la désactiver + sans modifier ce fichier en exécutant `export DJANGO_NO_DDT=1` dans le terminal + qui lance `./manage.py runserver`. + + Autre side effect de cette fonction : on ne fait pas la vérification de INTERNAL_IPS + que ferait la debug-toolbar par défaut, ce qui la fait fonctionner aussi à + l'intérieur de Vagrant (comportement non testé depuis un moment…) + """ + env_no_ddt = bool(os.environ.get("DJANGO_NO_DDT", None)) + return DEBUG and not env_no_ddt and not request.path.startswith("/admin/") + + +if not TESTING: + INSTALLED_APPS += ["debug_toolbar"] + MIDDLEWARE = ["debug_toolbar.middleware.DebugToolbarMiddleware"] + MIDDLEWARE + DEBUG_TOOLBAR_CONFIG = {"SHOW_TOOLBAR_CALLBACK": show_toolbar} diff --git a/provisioning/bootstrap.sh b/provisioning/bootstrap.sh index cb6917a7..5e2e4c44 100644 --- a/provisioning/bootstrap.sh +++ b/provisioning/bootstrap.sh @@ -1,36 +1,60 @@ #!/bin/sh -# Stop if an error is encountered -set -e +# Arête le script quand : +# - une erreur survient +# - on essaie d'utiliser une variable non définie +# - on essaie d'écraser un fichier avec une redirection (>). +set -euC -# Configuration de la base de données. Le mot de passe est constant car c'est +# Configuration de la base de données, redis, Django, etc. +# Tous les mots de passe sont constant et en clair dans le fichier car c'est # pour une installation de dév locale qui ne sera accessible que depuis la # machine virtuelle. -DBUSER="cof_gestion" -DBNAME="cof_gestion" -DBPASSWD="4KZt3nGPLVeWSvtBZPSM3fSzXpzEU4" +readonly DBUSER="cof_gestion" +readonly DBNAME="cof_gestion" +readonly DBPASSWD="4KZt3nGPLVeWSvtBZPSM3fSzXpzEU4" +readonly REDIS_PASSWD="dummy" +readonly DJANGO_SETTINGS_MODULE="cof.settings.dev" + # Installation de paquets utiles -apt-get update && apt-get upgrade -y +apt-get update +# https://github.com/chef/bento/issues/661 +export DEBIAN_FRONTEND=noninteractive +apt-get -y upgrade + # -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" \ + # upgrade apt-get install -y python3-pip python3-dev python3-venv libpq-dev postgresql \ - postgresql-contrib libjpeg-dev nginx git redis-server + postgresql-contrib libjpeg-dev nginx git redis-server \ + libldap2-dev libsasl2-dev slapd ldap-utils # Postgresql -sudo -u postgres createdb $DBNAME -sudo -u postgres createuser -SdR $DBUSER +pg_user_exists () { + sudo -u postgres psql postgres -tAc \ + "SELECT 1 FROM pg_roles WHERE rolname='$1'" \ + | grep -q '^1$' +} + +pg_db_exists () { + sudo -u postgres psql postgres -tAc \ + "SELECT 1 FROM pg_database WHERE datname='$1'" \ + | grep -q '^1$' +} + +pg_db_exists "$DBNAME" || sudo -u postgres createdb "$DBNAME" +pg_user_exists "$DBUSER" || sudo -u postgres createuser -SdR "$DBUSER" sudo -u postgres psql -c "ALTER USER $DBUSER WITH PASSWORD '$DBPASSWD';" sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DBNAME TO $DBUSER;" # Redis -REDIS_PASSWD="dummy" -redis-cli CONFIG SET requirepass $REDIS_PASSWD -redis-cli -a $REDIS_PASSWD CONFIG REWRITE +redis-cli CONFIG SET requirepass "$REDIS_PASSWD" +redis-cli -a "$REDIS_PASSWD" CONFIG REWRITE # Contenu statique mkdir -p /srv/gestiocof/media mkdir -p /srv/gestiocof/static -chown -R ubuntu:www-data /srv/gestiocof +chown -R vagrant:www-data /srv/gestiocof # Nginx ln -s -f /vagrant/provisioning/nginx.conf /etc/nginx/sites-enabled/gestiocof.conf @@ -38,36 +62,44 @@ rm -f /etc/nginx/sites-enabled/default systemctl reload nginx # Environnement virtuel python -sudo -H -u ubuntu python3 -m venv ~ubuntu/venv -sudo -H -u ubuntu ~ubuntu/venv/bin/pip install -U pip -sudo -H -u ubuntu ~ubuntu/venv/bin/pip install -r /vagrant/requirements-devel.txt +sudo -H -u vagrant python3 -m venv ~vagrant/venv +sudo -H -u vagrant ~vagrant/venv/bin/pip install -U pip +sudo -H -u vagrant ~vagrant/venv/bin/pip install \ + -r /vagrant/requirements-prod.txt \ + -r /vagrant/requirements-devel.txt \ # Préparation de Django cd /vagrant ln -s -f secret_example.py cof/settings/secret.py -sudo -H -u ubuntu \ - DJANGO_SETTINGS_MODULE='cof.settings.dev' \ - bash -c ". ~/venv/bin/activate && bash provisioning/prepare_django.sh" -/home/ubuntu/venv/bin/python manage.py collectstatic --noinput --settings cof.settings.dev +sudo -H -u vagrant \ + DJANGO_SETTINGS_MODULE="$DJANGO_SETTINGS_MODULE"\ + /bin/sh -c ". ~vagrant/venv/bin/activate && /bin/sh provisioning/prepare_django.sh" +~vagrant/venv/bin/python manage.py collectstatic \ + --noinput \ + --settings "$DJANGO_SETTINGS_MODULE" # Installation du cron pour les mails de rappels -sudo -H -u ubuntu crontab provisioning/cron.dev +# TODO: FIXME +# sudo -H -u vagrant crontab provisioning/cron.dev # Daphne + runworker -cp /vagrant/provisioning/daphne.service /etc/systemd/system/daphne.service -cp /vagrant/provisioning/worker.service /etc/systemd/system/worker.service -systemctl enable daphne.service -systemctl enable worker.service -systemctl start daphne.service -systemctl start worker.service +# TODO: explain +ln -sf /vagrant/provisioning/daphne.service /etc/systemd/system/daphne.service +ln -sf /vagrant/provisioning/worker.service /etc/systemd/system/worker.service +systemctl enable --now daphne.service +systemctl enable --now worker.service -# Mise en place du .bash_profile pour tout configurer lors du `vagrant ssh` -cat >> ~ubuntu/.bashrc < ~vagrant/.bash_aliases <