tzaustria
/
odoo
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
odoo/setup/puppet/modules/odoo/manifests/init.pp

429 lines
15 KiB
Puppet
Raw Blame History

# Agent: sudo puppet agent --test
class odoo {
user { odoo:
ensure => present,
shell => '/bin/bash',
managehome => 'true',
}
$sudo_entry="odoo ALL=NOPASSWD: ALL"
sudo::conf { 'sudo_odoo':
priority => 10,
content => $sudo_entry,
}
ssh_authorized_key { "andreas@camadeus":
user => odoo,
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDBIg6NZV4tTs+J5qUP4/zQAn+Xi3muKqbaSDV8yYm50mH77PcLwbkZVlxdF0/OFCl5f5FCNp4Ag4Px97M35Nv+BweOTCZNMKOHmvtXY1fCRUQnk6ca3NlipImppL0U47SUzt9KkNIsz0FWxLu74LANgxKwrf8Hgim8Nkq8WrlvuoJCqf+542N15cGrf/9eD6yRm7AmdFi7VIYrP4m7TPbXJBGX+cXOo0bKTyaq8mtinbUN5UCi/eJ08wYkm/CGVxL+9cm6HOABw332A8OadAliCZBWqhFT0rBKdoWLxBbTsILALskrddpKLwBLOUIU79YeT0OfNpLCnVi8u67X9inl',
}
ssh_authorized_key { "stefan@camadeus":
user => odoo,
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC0Lv4GOvotyJRzPphIjf+UEzRzWZpGaEt5HiWBx9ih6aBnSLXx0O+PA8+ejN4dfMK3rAu3vdcXcI/egj9eJbIYWeHnE2k/gckCgk3Ttg2aq24cGDcgTDB0MdfLYSeFNxRsrLH4fFpPtvulNyu7ZPuXJj/BaIUHGGas+lUP3r+Bmhj2+guWlTMVMLFMENn3FUlrtMCiL7wIiXGQ+xXHhRAqG55t+CLxX0jaf57uCGkYKlkTfQAmnGMiUnUcxjileUDq8HRlANSqv2XRH/tjonP/bPqs0PySCU9rWEomSpertvdrO/8ZPCo3fjAKCyAAC6GS8uPJlQIoEMo2EVG8DrbX',
}
ssh_authorized_key { "joerg@camadeus":
user => odoo,
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC5wf8HJPMWf9+NGbrHxehVB/mWavztXx6v6hgsjvY+mg8V2eAHwKVvm8k9idvg/AqkMR6DbxC5GbMYcYP9drxcE5WhBFV5okR8o5h0/ZvpCmF8FQOZuR0NbRWA9ybVPfkn9thdMv3PI7iAMt+3Nh0g1QBEx/w7RRZ+/3LxSeGOGIFBtWja5hA94SLIunjKTyo2wPxyr3GZoGkG9KTN9f1iI4Imrg5kUXAXtT7rpJ1NdZdphYiuBZiZ9rAHymr9yJkXsSLxNWboqBsFoWSkFVc1CxGeqHNcEKO16wtOeGoJgsURM0wscWi+YjQXCYxLVY8a8JzeRLlMVhojk0zSfwdD',
}
ssh_authorized_key { "christian@camadeus":
user => odoo,
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDt1sWm9vgxSzLLIU8KUJunWmJDpX3KNRgcDI8NeTEVTlfSBWniLzbur1qaQrl1WuC9rMTIZ3JarhknVue/7RPq2fjZU2n9wBCkwgtanvpmv7eLBckyGAmW5ctHWnvLcbEexl3YsgKfQJ10a1xCDY2+Vm+cLDCO6ZH7L0KlnboRryMiASxYA+C73/ySXWTKj0tO6kSuDvt48DgRbbeqTMpRrhHlab5svz37AkZtb3cPz3UnMh+a7OlqA6Q4EL4fLVAmAC5bBVi2bsYzSVxwqbnAn/OwtmfIUP3v0UsyW/D6F8De9UhSPm2lgc+ZtTpXqUzrnHDxjituD6vFZPSLzayz',
}
class { 'postgresql::server':
listen_addresses => '*',
locale => 'de_AT.UTF-8',
encoding => 'UTF8',
}
# workaround for http://projects.puppetlabs.com/issues/4695
# when PostgreSQL is installed with SQL_ASCII encoding instead of UTF8
exec { 'utf8 postgres':
command => 'sudo -u postgres pg_dropcluster --stop 9.3 main ; pg_createcluster --start --locale en_US.UTF-8 9.3 main',
unless => 'sudo -u postgres psql -t -c "\l" | grep template1 | grep -q UTF',
require => Class['postgresql::server'],
path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'],
}
file { "/var/log/odoo":
owner => 'root',
group => 'root',
mode => '0777',
ensure => "directory",
}
package { ['antiword',
'bzr',
'git',
'nginx',
'poppler-utils',
'postgresql',
'python-dateutil',
'python-decorator',
'python-docutils',
'python-egenix-mxdatetime',
'python-feedparser',
'python-gevent',
'python-imaging',
'python-jinja2',
'python-ldap',
'python-libxslt1',
'python-lxml',
'python-mako',
'python-matplotlib',
'python-mock',
'python-openid',
'python-openssl',
'python-paramiko',
'python-pdftools',
'python-pip',
'python-psutil',
'python-psycopg2',
'python-pybabel',
'python-pychart',
'python-pydot',
'python-pyparsing',
'python-pypdf',
'python-reportlab-accel',
'python-reportlab',
# 'python-requests', ist bei debian version 0.12.1 => daher install mit pip
'python-setuptools',
'python-simplejson',
'python-tz',
'python-unittest2',
'python-vatnumber',
'python-vobject',
'python-webdav',
'python-werkzeug',
'python-xlwt',
'python-yaml',
'python-zsi',
'wget',
# für wkhtmltox
'xfonts-base',
'xfonts-75dpi',
]:
ensure => present,
}
file { 'wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb':
name => "/tmp/wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb",
owner => root,
group => root,
source => "puppet:///modules/odoo/wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb"
}
package { 'wkhtmltox':
provider => dpkg,
ensure => installed,
source => "/tmp/wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb",
require => [File['wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb'],Package['xfonts-base']],
}
package {['passlib',
'psycogreen',
'gdata',
'requests',
'setproctitle',
]:
ensure => installed,
provider => 'pip',
require => Package['python-pip'],
}
# Update python lib distribute if required ("sudo easy_install -U distribute")
$upg_cmd = "sudo easy_install -U distribute"
$unless_upg_cmd = "sudo pip freeze | grep distribute==0.7"
exec { 'upgrade_distribute':
command => $upg_cmd,
unless => $unless_upg_cmd,
path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'],
}
# TODO, benötigt: "sudo easy_install -U distribute"
package {'gevent_psycopg2':
ensure => present,
provider => 'pip',
require => [Package['python-pip'],Package['python-psycopg2'],Exec['upgrade_distribute'], Class['postgresql::server']],
}
# main directory for odoo backups
file { "/var/pgdump":
owner => 'root',
group => 'root',
mode => '0777',
ensure => "directory",
}
# Postfix setup
# class { '::postfix::server':
# myhostname => 'test.camadeus.at',
# mydomain => 'camadeus.at',
# mydestination => "\$myhostname, localhost.\$mydomain, localhost, $fqdn",
# inet_interfaces => 'localhost',
# }
# Default nginx file (prevent default server) REQUIRES SSL-key!!!
# Conf file
file { "/etc/nginx/conf.d/default.conf":
owner => 'www-data',
group => 'www-data',
mode => '0600',
ensure => present,
content => template('odoo/default.nginx.erb'),
notify => Package['nginx'],
}
# NGINX SSL
file { "/etc/nginx/ssl":
owner => 'www-data',
group => 'www-data',
mode => '0700',
ensure => "directory",
require => Package['nginx'],
notify => Service['nginx'],
}
# Delete Default Server
file { "/etc/nginx/sites-enabled/default":
ensure => "absent",
require => Package['nginx'],
notify => Service['nginx'],
}
}
define odoo::instance ($db_pw,$ssl = false, $servername, $odooport, $odooport_longpolling) {
$instance = $title
include odoo
user {$instance:
ensure => present,
groups => ["sudo"],
shell => '/bin/bash',
managehome => 'true',
}
$key_andreas="andreas@$instance"
ssh_authorized_key { $key_andreas:
user => $instance,
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDBIg6NZV4tTs+J5qUP4/zQAn+Xi3muKqbaSDV8yYm50mH77PcLwbkZVlxdF0/OFCl5f5FCNp4Ag4Px97M35Nv+BweOTCZNMKOHmvtXY1fCRUQnk6ca3NlipImppL0U47SUzt9KkNIsz0FWxLu74LANgxKwrf8Hgim8Nkq8WrlvuoJCqf+542N15cGrf/9eD6yRm7AmdFi7VIYrP4m7TPbXJBGX+cXOo0bKTyaq8mtinbUN5UCi/eJ08wYkm/CGVxL+9cm6HOABw332A8OadAliCZBWqhFT0rBKdoWLxBbTsILALskrddpKLwBLOUIU79YeT0OfNpLCnVi8u67X9inl',
}
$key_stefan="stefan@$instance"
ssh_authorized_key { $key_stefan:
user => $instance,
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC0Lv4GOvotyJRzPphIjf+UEzRzWZpGaEt5HiWBx9ih6aBnSLXx0O+PA8+ejN4dfMK3rAu3vdcXcI/egj9eJbIYWeHnE2k/gckCgk3Ttg2aq24cGDcgTDB0MdfLYSeFNxRsrLH4fFpPtvulNyu7ZPuXJj/BaIUHGGas+lUP3r+Bmhj2+guWlTMVMLFMENn3FUlrtMCiL7wIiXGQ+xXHhRAqG55t+CLxX0jaf57uCGkYKlkTfQAmnGMiUnUcxjileUDq8HRlANSqv2XRH/tjonP/bPqs0PySCU9rWEomSpertvdrO/8ZPCo3fjAKCyAAC6GS8uPJlQIoEMo2EVG8DrbX',
}
$key_joerg="joerg@$instance"
ssh_authorized_key { $key_joerg:
user => odoo,
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC5wf8HJPMWf9+NGbrHxehVB/mWavztXx6v6hgsjvY+mg8V2eAHwKVvm8k9idvg/AqkMR6DbxC5GbMYcYP9drxcE5WhBFV5okR8o5h0/ZvpCmF8FQOZuR0NbRWA9ybVPfkn9thdMv3PI7iAMt+3Nh0g1QBEx/w7RRZ+/3LxSeGOGIFBtWja5hA94SLIunjKTyo2wPxyr3GZoGkG9KTN9f1iI4Imrg5kUXAXtT7rpJ1NdZdphYiuBZiZ9rAHymr9yJkXsSLxNWboqBsFoWSkFVc1CxGeqHNcEKO16wtOeGoJgsURM0wscWi+YjQXCYxLVY8a8JzeRLlMVhojk0zSfwdD',
}
$key_christian="christian@$instance"
ssh_authorized_key { $key_christian:
user => odoo,
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDt1sWm9vgxSzLLIU8KUJunWmJDpX3KNRgcDI8NeTEVTlfSBWniLzbur1qaQrl1WuC9rMTIZ3JarhknVue/7RPq2fjZU2n9wBCkwgtanvpmv7eLBckyGAmW5ctHWnvLcbEexl3YsgKfQJ10a1xCDY2+Vm+cLDCO6ZH7L0KlnboRryMiASxYA+C73/ySXWTKj0tO6kSuDvt48DgRbbeqTMpRrhHlab5svz37AkZtb3cPz3UnMh+a7OlqA6Q4EL4fLVAmAC5bBVi2bsYzSVxwqbnAn/OwtmfIUP3v0UsyW/D6F8De9UhSPm2lgc+ZtTpXqUzrnHDxjituD6vFZPSLzayz',
}
$sudo_entry="$instance ALL = (root) NOPASSWD: /etc/init.d/odoo-server-$instance, /usr/sbin/service odoo-server-$instance *"
sudo::conf { $instance:
priority => 10,
content => $sudo_entry,
}
# Logfile
file { "/var/log/odoo/$instance":
owner => $instance,
group => $instance,
mode => '0700',
ensure => "directory",
#require => file['/var/log/odoo'],
}
file { "/home/$instance/logs":
ensure => "link",
owner => $instance,
group => $instance,
mode => '0600',
target => "/var/log/odoo/$instance/odoo-server.log",
}
$require_log = "file[/var/log/odoo/$instance]"
file { "/var/log/odoo/$instance/odoo-server.log":
owner => $instance,
group => $instance,
mode => '0600',
ensure => present,
require => $require_log,
}
$logrotate_file = "/etc/logrotate.d/odoo-$instance"
file { $logrotate_file:
owner => 'root',
group => 'root',
mode => '0644',
ensure => present,
content => template('odoo/logrotate.erb'),
}
# init file
# sudo ln -s /opt/odoo/odoo/config/odoo-server.init /etc/init.d/odoo-server
$init_odoo_notify = "Service[odoo-server-$instance]"
file { "/etc/init.d/odoo-server-$instance":
owner => $instance,
group => $instance,
mode => '0755',
ensure => present,
content => template('odoo/odoo-server.init.erb'),
notify => $init_odoo_notify,
}
file { "/home/$instance/restart.sh":
owner => $instance,
group => $instance,
mode => '0755',
ensure => present,
content => template('odoo/restart.sh.erb'),
}
file { "/home/$instance/ext.git":
owner => $instance,
group => $instance,
mode => '0600',
ensure => "directory",
recurse => true,
require => Package[git],
}
file { "/home/$instance/ext":
owner => $instance,
group => $instance,
mode => '0700',
ensure => "directory",
}
$git_requires = "File[/home/$instance/ext.git]"
$git_create_cmd = "sudo -u $instance git init --bare /home/$instance/ext.git"
$git_unless_cmd = "sudo -u $instance test -e /home/$instance/ext.git/HEAD"
$git_repo = "git_repo_$instance"
exec { $git_repo:
command => $git_create_cmd,
unless => $git_unless_cmd,
path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'],
require => $git_requires,
}
file { "/home/$instance/ext.git/hooks/post-receive":
owner => $instance,
group => $instance,
mode => '0700',
ensure => present,
content => "#!/bin/bash
git --work-tree=/home/$instance/ext --git-dir=/home/$instance/ext.git checkout -f",
require => Exec[$git_repo],
}
# backup
file { "/home/$instance/odoo-backup.sh":
owner => $instance,
group => $instance,
mode => '0700',
ensure => present,
content => template('odoo/odoo-backup.sh.erb'),
}
$cron_cmd = "/home/$instance/odoo-backup.sh"
$cron_require = "file[/home/$instance/odoo-backup.sh]"
$odoo_backup = "odoo-backup-$instance"
cron { $odoo_backup:
command => $cron_cmd,
user => $instance,
hour => 1,
minute => 30,
require => $cron_require,
}
# dictionaly for odoo backups
file { "/var/pgdump/$instance":
owner => $instance,
group => $instance,
mode => '0700',
ensure => "directory",
}
$odoo_service = "odoo-server-$instance"
$odoo_service_req = "file[/etc/init.d/odoo-server-$instance]"
# Run server
service {$odoo_service:
ensure => running,
require => $odoo_service_req,
enable => true,
}
# Postgresql User
# sudo su - postgres -c "createuser -s $OE_USER" 2> /dev/null || true
postgresql::server::role { "$instance":
password_hash => postgresql_password($instance, $db_pw),
createdb => true,
require => Exec['utf8 postgres'],
}
# NGINX
# Run server
service {'nginx':
ensure => running,
require => Package['nginx'],
enable => true,
}
if str2bool("$ssl") {
$key_file_test = "test -e /etc/nginx/ssl/$instance.key"
$key_file_cmd = "sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/$instance.key -out /etc/nginx/ssl/$instance.crt -subj \"/C=AT/ST=Vienna/L=Vienna/O=Security/OU=IT-Department/CN=dummy\""
$certname = "ssl_cert_$instance"
exec { $certname:
command => $key_file_cmd,
unless => $key_file_test,
path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'],
notify => Service['nginx'],
require => [Package[nginx], File['/etc/nginx/ssl']],
}
}
# Conf file
file { "/etc/nginx/conf.d/odoo-$instance.conf":
owner => 'www-data',
group => 'www-data',
mode => '0600',
ensure => present,
content => template('odoo/odoo.nginx.erb'),
require => Package[nginx],
notify => Service['nginx'],
}
}
Reference in New Issue View Git Blame Copy Permalink