Puppet Class: sentry::wsgi

Defined in:
manifests/wsgi.pp

Overview

Class sentry::wsgi

Install an Apache virtual host, configure mod_wsgi, and run Sentry. HTTPS support is optional.

Paramaters

path: the virtualenv path for your Sentry installation publish_dsns: whether or not to make each Sentry application’s DSN

accessible via http(s)

ssl: whether or not to enable SSL support ssl_ca: the SSL CA file to use ssl_chain: the SSL chain file to use ssl_cert: the SSL public certificate to use ssl_key: the SSL private key to use vhost: the hostname at which Sentry will be accessible wsgi_processes: the number of mod_wsgi processes to use wsgi_threads: the number of mod_wsgi threads to use

Authors

Dan Sajner <dsajner@covermymeds.com> Scott Merrill <smerrill@covermymeds.com>

Copyright 2015 CoverMyMeds

Parameters:

  • path (Any) (defaults to: $sentry::path)
  • publish_dsns (Any) (defaults to: true)
  • ssl (Any) (defaults to: true)
  • ssl_ca (Any) (defaults to: $sentry::ssl_ca)
  • ssl_chain (Any) (defaults to: $sentry::ssl_chain)
  • ssl_cert (Any) (defaults to: $sentry::ssl_cert)
  • ssl_key (Any) (defaults to: $sentry::ssl_key)
  • vhost (Any) (defaults to: $sentry::vhost)
  • wsgi_processes (Any) (defaults to: $sentry::wsgi_processes)
  • wsgi_threads (Any) (defaults to: $sentry::wsgi_threads)


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# File 'manifests/wsgi.pp', line 28

class sentry::wsgi (
  $path           = $sentry::path,
  $publish_dsns   = true,
  $ssl            = true,
  $ssl_ca         = $sentry::ssl_ca,
  $ssl_chain      = $sentry::ssl_chain,
  $ssl_cert       = $sentry::ssl_cert,
  $ssl_key        = $sentry::ssl_key,
  $vhost          = $sentry::vhost,
  $wsgi_processes = $sentry::wsgi_processes,
  $wsgi_threads   = $sentry::wsgi_threads,
) {

  # this is a null declaration to ensure that the Apache module
  # doesn't try to helpfully create the docroot.
  #file{ $path: }

  class { '::apache':
    default_mods    => false,
    default_vhost   => false,
    purge_configs   => true,
    service_restart => '/usr/sbin/apachectl graceful',
    trace_enable    => 'Off',
  }
  include apache::mod::alias
  include apache::mod::deflate
  include apache::mod::rewrite
  include apache::mod::wsgi

  # we need to get the Python version in the form 'Python27' for use
  # in the `python-path` option of mod_wsgi
  $python = regsubst( $::python_version, '(\d)\.(\d).+', 'python\1.\2' )
  $python_path = "${path}/lib/${python}/site-packages/"

  $wsgi_options_hash = {
      user         => 'apache',
      group        => 'apache',
      processes    => $wsgi_processes,
      threads      => $wsgi_threads,
      display-name => 'wsgi_sentry',
      python-path  => $python_path,
  }

  # If desired, each application's DSN can be published at
  #   http(s)://your.sentry.server/dsn/app_name
  # The DSNs so published are not restricted in any way,
  # which means that anyone may access them.
  #
  # This may be used to allow applications to look up their DSN
  # automatically.  See the /examples/ directory for more.
  if $publish_dsns {
    # this contortion is to work around the fact that Puppet tries
    # to interpolate "$1" as a variable to dereference
    $alias_string = join( [ $path, 'dsn/$1'], '/')
    $aliases = [
      { aliasmatch => '^/dsn/([^/]+)$', path => $alias_string },
    ]
  } else {
    $aliases = undef
  }

  #lint:ignore:arrow_alignment
  apache::vhost { 'sentry':
    access_log_file             => 'sentry.log',
    access_log_format           => 'combined',
    aliases                     => $aliases,
    docroot                     => $path,
    error_log_file              => 'sentry-e.log',
    manage_docroot              => false,
    port                        => '443',
    servername                  => $vhost,
    ssl                         => $ssl,
    ssl_ca                      => $ssl_ca,
    ssl_chain                   => $ssl_chain,
    ssl_cert                    => $ssl_cert,
    ssl_key                     => $ssl_key,
    wsgi_daemon_process         => 'wsgi_sentry',
    wsgi_daemon_process_options => $wsgi_options_hash,
    wsgi_pass_authorization     => 'On',
    wsgi_process_group          => 'wsgi_sentry',
    wsgi_script_aliases         => { '/' => "${path}/app_init.wsgi", },
  }
  #lint:endignore

  file { "${path}/app_init.wsgi":
    ensure  => present,
    content => template('sentry/app_init.wsgi.erb'),
  }

}