def install_nginx():
"""
Install NGINX and make it use certs.
"""
if system.distrib_id() == 'Debian':
require_file(url='http://nginx.org/packages/keys/nginx_signing.key')
deb.add_apt_key('nginx_signing.key')
su_delete('nginx_signing.key')
url = 'http://nginx.org/packages/debian/'
distrib = 'squeeze'
if system.distrib_release().startswith('7'):
distrib = 'wheezy'
require.deb.source('nginx', url, distrib, 'nginx')
require.deb.package('nginx')
contents = PROXIED_SITE_TEMPLATE % {
'server_name': 'cozy',
'port': 443,
'proxy_url': 'http://127.0.0.1:9104'
}
require.files.file('/etc/nginx/conf.d/cozy.conf', contents=contents,
use_sudo=True)
service.restart('nginx')
else:
require.deb.ppa("ppa:nginx/stable")
require.nginx.site("cozy",
template_contents=PROXIED_SITE_TEMPLATE,
enabled=True,
port=443,
proxy_url='http://127.0.0.1:9104'
)
print(green("Nginx successfully installed."))
def setup(short_hostname):
deb.update_index()
install_fail2ban()
# HAProxy determines it's local name from hostname, and expects it
# to have a "peer lb-1 ld-1.helix-cloud.ca" section present.
# Thanks to the Debian HAProxy packaging team!
with open(files.haproxy_cfg) as fp:
cfg = fp.read()
if not re.search(r'^\s*peer\s+{}'.format(short_hostname),
cfg,
flags=re.MULTILINE):
abort("hostname does not match any set in HAProxy config!")
execute(set_hostname, short_hostname)
# Newer versions of HAProxy support "peers", which is good
require.deb.package('software-properties-common')
require.deb.ppa('ppa:vbernat/haproxy-1.7')
require.deb.package('haproxy')
# no such thing as \d in sed regex
sed('/etc/default/haproxy', 'ENABLED=[[:digit:]]', 'ENABLED=1')
put(files.haproxy_cfg, '/etc/haproxy/haproxy.cfg')
service.restart('haproxy')
def setup_docs_web_site(branch='master'):
"""Initialise an InaSAFE docs site where we host docs and pdf.
:param branch: Which branch of the documentation to build.
:type branch: str
"""
build_docs()
fabtools.require.deb.package('apache2')
apache_conf_template = 'inasafe-doc.conf.templ'
if not exists(web_directory):
require.directory('mkdir -p %s/pdf' % web_directory, True, 'web')
# TODO: Fix perms below
sudo('chown -R %s.%s %s' % ('web', 'web', web_directory))
apache_path = '/etc/apache2/sites-available/'
# Clone and replace tokens in apache conf
local_dir = os.path.dirname(__file__)
local_file = os.path.abspath(os.path.join(
local_dir,
'scripts',
apache_conf_template))
context = {
'server_name': 'inasafe.org', # Web Url e.g. foo.com
'web_master': '*****@*****.**', # email of web master
'document_root': web_directory, # Content root .e.g. /var/www
}
fastprint(green('Using %s for template' % local_file))
destination = '%s/inasafe-docs.conf' % apache_path
upload_template(
local_file,
destination,
context=context,
use_sudo=True)
with cd(code_path):
# Copy built Documentation to the Webserver path
run('cp -r docs/output/html/* %s' % web_directory)
run('cp -r docs/output/pdf %s' % web_directory)
run('cp scripts/.htaccess %s' % web_directory)
run('cp scripts/directory*.html %s/en/_static/' % web_directory)
# Add a hosts entry for local testing - only really useful for localhost
hosts = '/etc/hosts'
if not contains(hosts, 'inasafe-docs'):
append(hosts, '127.0.0.1 inasafe-doc.localhost', use_sudo=True)
require.apache.enable('inasafe-docs')
require.apache.disable('default')
sudo('a2enmod rewrite')
restart('apache2')
def change_authentication_method(sshd_cfg):
files.sed(sshd_cfg,
'#PasswordAuthentication yes',
'PasswordAuthentication no',
use_sudo=True)
service.restart('sshd')
def setup_docs_web_proxy():
"""Set up a mod proxy based vhost to forward web traffic to internal host.
If container_id is none, it will also install docker and set up the
entire documentation web site inside that docker container.
"""
require.directory(work_dir)
with cd(work_dir):
run('echo "fabgis" > requirements.txt')
setup_venv(work_dir)
container_id_file = 'fabgis.container.id'
if not exists(container_id_file):
setup_docker()
setup_remotely()
container_id = current_docker_container()
port_mappings = get_docker_port_mappings(container_id)
http_port = port_mappings[80]
fabtools.require.deb.package('apache2')
sudo('a2enmod proxy proxy_http')
context = {
'internal_host': env.host,
'internal_port': http_port,
'server_name': 'inasafe.org'
}
apache_conf_template = 'inasafe.org.mod_proxy.conf.templ'
apache_path = '/etc/apache2/sites-available'
# Clone and replace tokens in apache conf
local_dir = os.path.dirname(__file__)
local_file = os.path.abspath(os.path.join(
local_dir,
'scripts',
apache_conf_template))
fastprint(green('Using %s for template' % local_file))
destination = '%s/inasafe.org.conf' % apache_path
upload_template(
local_file,
destination,
context=context,
use_sudo=True)
require.apache.enable('inasafe.org')
restart('apache2')
def deploy():
info('[deploy] Starting Deploy: %s -> %s' % (env.app, env.host_string))
git_push()
with cd(env.app_path), shell_env(**env.shell_envs_dict):
ensure_packages()
one_offs()
supervisor.update_config()
supervisor.restart_process('all')
ft_service.restart('nginx')
success('[deploy] Finished Deploy: %s -> %s' % (env.app, env.host_string))
def munin_node():
key_path = os.path.join(os.path.dirname(__file__),
'../ssh_key_munin_node.pub')
require.deb.packages(['munin-node'])
require.users.user('dlce-munin-node',
shell='/bin/bash',
system=True,
ssh_public_keys=[key_path])
service.restart('munin-node')
def setup_docs_web_site(branch='master'):
"""Initialise an InaSAFE docs site where we host docs and pdf.
:param branch: Which branch of the documentation to build.
:type branch: str
"""
build_docs()
fabtools.require.deb.package('apache2')
apache_conf_template = 'inasafe-doc.conf.templ'
if not exists(web_directory):
require.directory('mkdir -p %s/pdf' % web_directory, True, 'web')
# TODO: Fix perms below
sudo('chown -R %s.%s %s' % ('web', 'web', web_directory))
apache_path = '/etc/apache2/sites-available/'
# Clone and replace tokens in apache conf
local_dir = os.path.dirname(__file__)
local_file = os.path.abspath(
os.path.join(local_dir, 'scripts', apache_conf_template))
context = {
'server_name': 'inasafe.org', # Web Url e.g. foo.com
'web_master': '*****@*****.**', # email of web master
'document_root': web_directory, # Content root .e.g. /var/www
}
fastprint(green('Using %s for template' % local_file))
destination = '%s/inasafe-docs.conf' % apache_path
upload_template(local_file, destination, context=context, use_sudo=True)
with cd(code_path):
# Copy built Documentation to the Webserver path
run('cp -r docs/output/html/* %s' % web_directory)
run('cp -r docs/output/pdf %s' % web_directory)
run('cp scripts/.htaccess %s' % web_directory)
run('cp scripts/directory*.html %s/en/_static/' % web_directory)
# Add a hosts entry for local testing - only really useful for localhost
hosts = '/etc/hosts'
if not contains(hosts, 'inasafe-docs'):
append(hosts, '127.0.0.1 inasafe-doc.localhost', use_sudo=True)
require.apache.enable('inasafe-docs')
require.apache.disable('default')
sudo('a2enmod rewrite')
restart('apache2')
def _update_varnish_sites(directory):
sites = run('find %s -mindepth 1 -maxdepth 1 -type f ' % directory,
combine_stderr=False).splitlines()
includes = ''.join('include "%s";\n' % s for s in sites)
# work around requrie.files(contents='') not replacing
contents = '# autogenerated\n%s' % includes
require.file('/etc/varnish/sites.vcl',
contents=contents,
use_sudo=True,
mode='644')
service.restart('varnish')
def reset_security_tokens():
'''
Reset all the security tokens for the Cozy (SSL certificates,
Controller token, CouchDB superuser)
'''
reset_cert()
reset_controller_token()
config_couchdb()
print(green('All the tokens have been reset.'))
restart_cozy()
service.restart('nginx')
def setup_docs_web_proxy():
"""Set up a mod proxy based vhost to forward web traffic to internal host.
If container_id is none, it will also install docker and set up the
entire documentation web site inside that docker container.
"""
require.directory(work_dir)
with cd(work_dir):
run('echo "fabgis" > requirements.txt')
setup_venv(work_dir)
container_id_file = 'fabgis.container.id'
if not exists(container_id_file):
setup_docker()
setup_remotely()
container_id = current_docker_container()
port_mappings = get_docker_port_mappings(container_id)
http_port = port_mappings[80]
fabtools.require.deb.package('apache2')
sudo('a2enmod proxy proxy_http')
context = {
'internal_host': env.host,
'internal_port': http_port,
'server_name': 'inasafe.org'
}
apache_conf_template = 'inasafe.org.mod_proxy.conf.templ'
apache_path = '/etc/apache2/sites-available'
# Clone and replace tokens in apache conf
local_dir = os.path.dirname(__file__)
local_file = os.path.abspath(
os.path.join(local_dir, 'scripts', apache_conf_template))
fastprint(green('Using %s for template' % local_file))
destination = '%s/inasafe.org.conf' % apache_path
upload_template(local_file,
destination,
context=context,
use_sudo=True)
require.apache.enable('inasafe.org')
restart('apache2')
def reset_security_tokens():
'''
Reset all the security tokens for the Cozy (SSL certificates,
Controller token, CouchDB superuser)
'''
reset_cert()
reset_controller_token()
config_couchdb()
print(green('All the tokens have been reset.'))
restart_cozy()
service.restart('nginx')
def restarted(service):
"""
Require a service to be restarted.
::
from fabtools import require
require.service.restarted('foo')
"""
if is_running(service):
restart(service)
else:
start(service)
def install_haibu():
"""
Setup Haibu Application Manager.
"""
with cd('/home/cozy/cozy-setup'):
cozydo('HOME=/home/cozy npm install')
sudo('cp paas.conf /etc/init/')
if not service.is_running("paas"):
service.start('paas')
else:
service.restart('paas')
print(green("Haibu successfully started"))
def nginx_setup():
upload_template(
filename='conf/nginx.conf',
destination='%(deploy_path)s/nginx_%(project_name)s.conf' % env,
context={
'project_name': env.project_name,
'static_path': env.static_path,
'media_path':env.media_path,
'log_path': env.log_path
},
use_jinja=True
)
sudo('ln -s -f %(deploy_path)s/nginx_%(project_name)s.conf '
'/etc/nginx/sites-enabled/%(project_name)s.conf' % env)
restart('nginx')
def setup_app(base_dir, port=8080):
require.deb.packages(['gcc'], update=True)
source_dir = os.path.join(base_dir, SOURCE_FOLDER)
require.files.directory(source_dir)
require.python.package('uwsgi')
require.python.virtualenv(base_dir)
sync(base_dir)
upload_template('conf/upstart.conf',
'/etc/init/myapp.conf',
context={
'app_name': APP_NAME,
'base_dir': base_dir,
'source_dir': source_dir,
'port': port
})
service.restart(APP_NAME)
def firewall(zones=None, interfaces=None, policy=None, rules=None,
routestopped=None, masq=None):
"""
Ensure that a firewall is configured.
Example::
from fabtools.shorewall import *
from fabtools import require
# We need a firewall with some custom rules
require.shorewall.firewall(
rules=[
Ping(),
SSH(),
HTTP(),
HTTPS(),
SMTP(),
rule(port=1234, source=hosts(['example.com'])),
]
)
"""
family = distrib_family()
if family != 'debian':
raise UnsupportedFamily(supported=['debian'])
require_deb_package('shorewall')
with watch(CONFIG_FILES) as config:
_zone_config(zones)
_interfaces_config(interfaces)
_policy_config(policy)
_rules_config(rules)
_routestopped_config(routestopped)
_masq_config(masq)
if config.changed:
puts("Shorewall configuration changed")
if is_started():
restart('shorewall')
with settings(hide('running'), shell_env()):
sed('/etc/default/shorewall', 'startup=0', 'startup=1', use_sudo=True)
def install_nginx():
'''
Install NGINX and make it use certs.
'''
if system.distrib_id() == 'Debian':
if not is_arm():
key_url = 'http://nginx.org/packages/keys/nginx_signing.key'
require.file(url=key_url)
deb.add_apt_key('nginx_signing.key')
su_delete('nginx_signing.key')
url = 'http://nginx.org/packages/debian/'
distrib = 'squeeze'
if system.distrib_release().startswith('7'):
distrib = 'wheezy'
elif system.distrib_release().startswith('8'):
distrib = 'jessie'
require.deb.source('nginx', url, distrib, 'nginx')
require.deb.package('nginx')
contents = PROXIED_SITE_TEMPLATE % {
'server_name': 'cozy',
'port': 443,
'proxy_url': 'http://127.0.0.1:9104'
}
require.files.file(
'/etc/nginx/conf.d/cozy.conf',
contents=contents,
use_sudo=True)
else:
require.deb.ppa('ppa:nginx/stable')
require.nginx.site(
'cozy',
template_contents=PROXIED_SITE_TEMPLATE,
enabled=True,
port=443,
proxy_url='http://127.0.0.1:9104'
)
delete_if_exists('/etc/nginx/conf.d/default.conf')
delete_if_exists('/etc/nginx/conf.d/example_ssl.conf')
delete_if_exists('/etc/nginx/sites-enabled/default')
service.restart('nginx')
print(green('Nginx successfully installed.'))
def firewall(zones=None, interfaces=None, policy=None, rules=None, routestopped=None, masq=None):
"""
Ensure that a firewall is configured.
Example::
from fabtools.shorewall import *
from fabtools import require
# We need a firewall with some custom rules
require.shorewall.firewall(
rules=[
Ping(),
SSH(),
HTTP(),
HTTPS(),
SMTP(),
rule(port=1234, source=hosts(['example.com'])),
]
)
"""
family = distrib_family()
if family != "debian":
raise UnsupportedFamily(supported=["debian"])
require_deb_package("shorewall")
with watch(CONFIG_FILES) as config:
_zone_config(zones)
_interfaces_config(interfaces)
_policy_config(policy)
_rules_config(rules)
_routestopped_config(routestopped)
_masq_config(masq)
if config.changed:
puts("Shorewall configuration changed")
if is_started():
restart("shorewall")
with settings(hide("running"), shell_env()):
sed("/etc/default/shorewall", "startup=0", "startup=1", use_sudo=True)
def install_ntp():
""" Installs and configures the NTP daemon """
# update apt index
update_index(quiet=False)
print(blue('Installing NTP daemon'))
utils.deb.install('ntp')
print(blue('Configuring NTP servers to use US pool zone'))
# patterns
before = 'ubuntu\.pool\.ntp\.org'
after = 'us\.pool\.ntp\.org'
# ntp configuration file
config_file = '/etc/ntp.conf'
sed(config_file, before, after, use_sudo=True)
print(blue('Restarting NTP server'))
service.restart('ntp')
def install_ntp():
""" Installs and configures the NTP daemon """
# update apt index
update_index(quiet=False)
print(blue('Installing NTP daemon'))
utils.deb.install('ntp')
print(blue('Configuring NTP servers to use US pool zone'))
# patterns
before = 'ubuntu\.pool\.ntp\.org'
after = 'us\.pool\.ntp\.org'
# ntp configuration file
config_file = '/etc/ntp.conf'
sed(config_file, before, after, use_sudo=True)
print(blue('Restarting NTP server'))
service.restart('ntp')
def install_nginx():
'''
Install NGINX and make it use certs.
'''
if system.distrib_id() == 'Debian':
if not is_arm():
key_url = 'http://nginx.org/packages/keys/nginx_signing.key'
require.file(url=key_url)
deb.add_apt_key('nginx_signing.key')
su_delete('nginx_signing.key')
url = 'http://nginx.org/packages/debian/'
distrib = 'squeeze'
if system.distrib_release().startswith('7'):
distrib = 'wheezy'
require.deb.source('nginx', url, distrib, 'nginx')
require.deb.package('nginx')
contents = PROXIED_SITE_TEMPLATE % {
'server_name': 'cozy',
'port': 443,
'proxy_url': 'http://127.0.0.1:9104'
}
require.files.file(
'/etc/nginx/conf.d/cozy.conf',
contents=contents,
use_sudo=True)
else:
require.deb.ppa('ppa:nginx/stable')
require.nginx.site(
'cozy',
template_contents=PROXIED_SITE_TEMPLATE,
enabled=True,
port=443,
proxy_url='http://127.0.0.1:9104'
)
delete_if_exists('/etc/nginx/conf.d/default.conf')
delete_if_exists('/etc/nginx/conf.d/example_ssl.conf')
delete_if_exists('/etc/nginx/sites-enabled/default')
service.restart('nginx')
print(green('Nginx successfully installed.'))
def munin_host():
host_tree = make_host_tree(APPS.hostnames)
app_watchlist = make_app_watchlist(APPS.values())
require.deb.packages(['munin', 'apache2'])
# Update WWW path:
files.sed(MUNIN_CFG,
'#htmldir /var/cache/munin/www',
'htmldir /var/www/munin',
use_sudo=True)
# Update notification settings:
files.sed(
MUNIN_CFG,
'#contact.someuser.command mail -s "Munin notification" [email protected]',
'contact.email.command mail -s "Munin Notification for ${var:host}" %s'
% APPS.defaults['error_email'],
use_sudo=True)
# Update host tree:
if not files.contains(MUNIN_CFG, host_tree):
files.append(MUNIN_CFG, host_tree, use_sudo=True)
# Write apache24 config:
# TODO: Check permissions of file.
sudo_upload_template('apache24.conf', '/etc/munin/apache24.conf')
# Prepare HTTP monitor:
sudo_upload_template('http-monitor',
'/usr/share/munin/plugins/http-monitor')
sudo('ln -s /usr/share/munin/plugins/http-monitor' +
' /etc/munin/plugins/http-monitor')
# Set URLs for HTTP monitoring:
sudo('touch /etc/munin/plugin-conf.d/zcustom')
files.append('/etc/munin/plugin-conf.d/zcustom',
app_watchlist,
use_sudo=True)
for s in ['munin-node', 'apache2']:
service.restart(s)
def restarted(service):
"""
Require a service to be restarted.
::
from fabtools import require
require.service.restarted('foo')
"""
if is_running(service):
if using_systemd():
systemd.restart(service)
else:
restart(service)
else:
if using_systemd():
systemd.start(service)
else:
start(service)
def _update_ssh_setting(sshd_config, name, value):
"""
Update a yes/no setting in the SSH config file
"""
with watch(sshd_config) as config_file:
# First try to change existing setting
sed(sshd_config,
r'^(\s*#\s*)?%s\s+(yes|no)' % name,
'%s %s' % (name, value),
use_sudo=True)
# Then append setting if it's still missing
_append(sshd_config,
'%s %s' % (name, value),
use_sudo=True)
if config_file.changed and is_running('ssh'):
restart('ssh')
def _update_ssh_setting(sshd_config, name, value):
"""
Update a yes/no setting in the SSH config file
"""
with watch(sshd_config) as config_file:
with shell_env():
# First try to change existing setting
sed(sshd_config,
r'^(\s*#\s*)?%s\s+(yes|no)' % name,
'%s %s' % (name, value),
use_sudo=True)
# Then append setting if it's still missing
_append(sshd_config, '%s %s' % (name, value), use_sudo=True)
if config_file.changed and is_running('ssh'):
restart('ssh')
def firewall(zones=None, interfaces=None, policy=None, rules=None,
routestopped=None, masq=None):
"""
Ensure that a firewall is configured.
Example::
from fabtools.shorewall import *
from fabtools import require
# We need a firewall with some custom rules
require.shorewall.firewall(
rules=[
Ping(),
SSH(),
HTTP(),
HTTPS(),
SMTP(),
rule(port=1234, source=hosts(['example.com'])),
]
)
"""
package('shorewall')
with watch(CONFIG_FILES) as config:
_zone_config(zones)
_interfaces_config(interfaces)
_policy_config(policy)
_rules_config(rules)
_routestopped_config(routestopped)
_masq_config(masq)
if config.changed:
puts("Shorewall configuration changed")
if is_started():
restart('shorewall')
with settings(hide('running')):
sed('/etc/default/shorewall', 'startup=0', 'startup=1', use_sudo=True)
def install_nginx():
"""
Install NGINX and make it use certs.
"""
require.arch.package("nginx")
contents = PROXIED_SITE_TEMPLATE % {"server_name": "cozy", "port": 443, "proxy_url": "http://127.0.0.1:9104"}
if files.exists("/etc/nginx/conf.d"):
require.files.file("/etc/nginx/conf.d/cozy.conf", contents=contents, use_sudo=True)
else:
config = NginxConfig()
config.load(sudo("cat /etc/nginx/nginx.conf"))
server = NginxConfig()
server.load(contents)
config.append(server[0], root=config.get_value(config.get(("http",))))
put(StringIO(config.gen_config()), "/etc/nginx/nginx.conf", use_sudo=True)
if files.exists("/etc/nginx/conf.d/default.conf"):
su_delete("/etc/nginx/conf.d/default.conf")
if files.exists("/etc/nginx/conf.d/example_ssl.conf"):
su_delete("/etc/nginx/conf.d/example_ssl.conf")
service.restart("nginx")
print(green("Nginx successfully installed."))
def setup_server():
set_language()
files.sed("/etc/ssh/sshd_config",
"StrictModes yes",
"StrictModes no",
use_sudo=True)
service.restart("ssh")
deb.upgrade()
deb.install([
"nginx", "uwsgi", "uwsgi-plugin-python", "uwsgi-plugin-python3",
"libpq-dev", "postgresql", "postgresql-contrib", "python-virtualenv",
"python-dev", "python3-dev"
],
update=True)
# Increase domain name limit
files.sed("/etc/nginx/nginx.conf",
"# server_names_hash_bucket_size 64;",
"server_names_hash_bucket_size 96;",
use_sudo=True)
nginx.disable("default")
def firewall(zones=None, interfaces=None, policy=None, rules=None,
routestopped=None, masq=None):
"""
Require a firewall
"""
package('shorewall')
with watch(CONFIG_FILES) as config:
_zone_config(zones)
_interfaces_config(interfaces)
_policy_config(policy)
_rules_config(rules)
_routestopped_config(routestopped)
_masq_config(masq)
if config.changed:
puts("Shorewall configuration changed")
if is_started():
restart('shorewall')
with settings(hide('running')):
sed('/etc/default/shorewall', 'startup=0', 'startup=1', use_sudo=True)
def setup_munin_node(munin_cfg):
hostname = run('hostname')
key_path = os.path.join(os.path.dirname(__file__),
'../ssh_key_munin_node.pub')
require.deb.packages(['munin-node'])
require.users.user('dlce-munin-node',
shell='/bin/bash',
system=True,
ssh_public_keys=key_path)
def fix_munin_cfg():
files.sed(munin_cfg,
'#host_name localhost.localdomain',
'host_name ' + hostname + '.clld.org',
use_sudo=True)
fix_munin_cfg()
service.restart('munin-node')
def cache(app):
"""require an app to be put behind varnish
"""
require.deb.package('varnish')
create_file_as_root('/etc/default/varnish', DEFAULT)
create_file_as_root('/etc/varnish/main.vcl', MAIN_VCL)
sites_vcl = '/etc/varnish/sites.vcl'
site_config = path('/etc/varnish/sites/{app.name}.vcl'.format(app=app))
include = 'include "%s";' % site_config
if exists(sites_vcl):
append(sites_vcl, include, use_sudo=True)
else:
create_file_as_root(sites_vcl, include + '\n')
require.files.directory(str(site_config.dirname()), use_sudo=True)
create_file_as_root(site_config, SITE_VCL_TEMPLATE.format(app=app))
service.restart('varnish')
create_file_as_root(
app.nginx_site,
SITE_TEMPLATE.format(**get_template_variables(App(app.name, 6081, domain=app.domain))))
service.reload('nginx')
def cache(app):
"""require an app to be put behind varnish
"""
require.deb.package('varnish')
create_file_as_root('/etc/default/varnish', DEFAULT)
create_file_as_root('/etc/varnish/main.vcl', MAIN_VCL)
sites_vcl = '/etc/varnish/sites.vcl'
site_config = path('/etc/varnish/sites/{app.name}.vcl'.format(app=app))
include = 'include "%s";' % site_config
if exists(sites_vcl):
append(sites_vcl, include, use_sudo=True)
else:
create_file_as_root(sites_vcl, include + '\n')
require.files.directory(str(site_config.dirname()), use_sudo=True)
create_file_as_root(site_config, SITE_VCL_TEMPLATE.format(app=app))
service.restart('varnish')
create_file_as_root(
app.nginx_site,
SITE_TEMPLATE.format(
**get_template_variables(App(app.name, 6081, domain=app.domain))))
service.reload('nginx')
def cache(app): # pragma: no cover
"""require an app to be put behind varnish
"""
require.deb.package('varnish')
create_file_as_root('/etc/default/varnish', DEFAULT)
create_file_as_root('/etc/varnish/main.vcl', MAIN_VCL)
sites_vcl = '/etc/varnish/sites.vcl'
site_config_dir = '/etc/varnish/sites'
site_config = '/'.join(site_config_dir, '{app.name}.vcl'.format(app=app))
include = 'include "%s";' % site_config
if exists(sites_vcl):
append(sites_vcl, include, use_sudo=True)
else:
create_file_as_root(sites_vcl, include + '\n')
require.files.directory(site_config_dir, use_sudo=True)
create_file_as_root(site_config, SITE_VCL_TEMPLATE.format(app=app))
service.restart('varnish')
template_vars = get_template_variables(App(app.name, 6081, domain=app.domain))
template_vars['SITE'] = True
upload_template_as_root(app.nginx_site, 'nginx-app.conf', template_vars)
service.reload('nginx')
def addRootFlask(webserver, appname):
"""
Add a flask webserver
:param webserver:
:param appname:
:return:
"""
hostdir = gethostdir()
# Create web directory
createDirectory(hostdir, webserver)
# Add a nginx
CONFIG_TPL = '''
server {
server_name %(server_name)s %(server_alias)s;
root %(docroot)s/%(server_name)s/www;
access_log %(docroot)s/%(server_name)s/log/access.log;
error_log %(docroot)s/%(server_name)s/log/error.log;
location / { try_files $uri @%(appname)s; }
location @%(appname)s {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/%(server_name)s_%(appname)s/socket;
}
}'''
require.nginx.site(
webserver, template_contents=CONFIG_TPL,
appname=appname,
server_alias='',
docroot=hostdir,
)
# Add a uwsgi
config_filename = '/etc/uwsgi/apps-available/%(webserver)s_%(appname)s.ini' % locals()
CONFIG_TPL = '''
[uwsgi]
uid = %(server_name)s
gid = %(server_name)s
callable = app
plugins = python
base = %(hostdir)s/%(server_name)s/www
pythonpath = %(hostdir)s/%(server_name)s/www/%(appname)s
virtualenv = %(hostdir)s/%(server_name)s/venv
wsgi-file = /data/backup/hosting/domotique/www/%(appname)s/sk_server.py
env = %(APPNAME)s_SETTINGS=/data/backup/hosting/domotique/conf/%(appname)s.cfg
logto = /var/log/uwsgi/%(server_name)s_%(appname)s.log
chmod-socket = 666
# Optional
emperor = /tmp
emperor-tyrant = true
cap = setgid,setuid
'''
template_file(config_filename,
template_contents=CONFIG_TPL,
template_source=None,
context={
'server_name': webserver,
'hostdir': hostdir,
'appname': appname,
'APPNAME': appname.upper()
}
)
active_uwsgi(webserver, appname)
service.restart('uwsgi')
service.restart('nginx')
require.network.host('127.0.0.1', webserver)
def on_change():
puts("Shorewall configuration changed")
if is_started():
restart('shorewall')
def remove_default_nginx():
sudo('rm /etc/nginx/sites-enabled/default')
restart('nginx')
def on_change():
puts("Shorewall configuration changed")
if is_started():
restart('shorewall')
def restart_app(service_name=SERVICE_NAME):
if service.is_running(SERVICE_NAME):
service.restart(SERVICE_NAME)
else:
service.start(SERVICE_NAME)
def addRootFlask(webserver, appname):
"""
Add a flask webserver
:param webserver:
:param appname:
:return:
"""
hostdir = gethostdir()
# Create web directory
createDirectory(hostdir, webserver)
# Add a nginx
CONFIG_TPL = '''
server {
server_name %(server_name)s %(server_alias)s;
root %(docroot)s/%(server_name)s/www;
access_log %(docroot)s/%(server_name)s/log/access.log;
error_log %(docroot)s/%(server_name)s/log/error.log;
location / { try_files $uri @%(appname)s; }
location @%(appname)s {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/app/%(server_name)s_%(appname)s/socket;
}
}'''
require.nginx.site(
webserver,
template_contents=CONFIG_TPL,
appname=appname,
server_alias='',
docroot=hostdir,
)
# Add a uwsgi
config_filename = '/etc/uwsgi/apps-available/%(webserver)s_%(appname)s.ini' % locals(
)
CONFIG_TPL = '''
[uwsgi]
uid = %(server_name)s
gid = %(server_name)s
callable = app
plugins = python
base = %(hostdir)s/%(server_name)s/www
pythonpath = %(hostdir)s/%(server_name)s/www/%(appname)s
virtualenv = %(hostdir)s/%(server_name)s/venv
wsgi-file = /data/backup/hosting/domotique/www/%(appname)s/sk_server.py
env = %(APPNAME)s_SETTINGS=/data/backup/hosting/domotique/conf/%(appname)s.cfg
logto = /var/log/uwsgi/%(server_name)s_%(appname)s.log
chmod-socket = 666
# Optional
emperor = /tmp
emperor-tyrant = true
cap = setgid,setuid
'''
template_file(config_filename,
template_contents=CONFIG_TPL,
template_source=None,
context={
'server_name': webserver,
'hostdir': hostdir,
'appname': appname,
'APPNAME': appname.upper()
})
active_uwsgi(webserver, appname)
service.restart('uwsgi')
service.restart('nginx')
require.network.host('127.0.0.1', webserver)
def restart(component):
if service.is_running(component):
service.restart(component)
else:
service.start(component)
def restart():
service.restart(service_name)
def restart_app(service_name=SERVICE_NAME):
if service.is_running(SERVICE_NAME):
service.restart(SERVICE_NAME)
else:
service.start(SERVICE_NAME)
