def update():
    # TODO: perform db backup
    with cd(env.code_path):
        cmd('git pull')
    virtualenv('python %s migrate' % env.manage_path)

    deploy_static_files()

    restart()
def deploy():
    cmd('mkdir -p %s %s %s %s' % (
            env.code_path, env.env_path, env.STATIC_ROOT, os.path.join(env.logs_path)))

    cmd('git clone %s %s' % (env.conf['repository'], env.code_path))

    # Provide data for Django settings
    # TODO: change the owner of this file
    put(StringIO.StringIO(json.dumps(env.conf, indent=4)),
            os.path.join(env.code_path, 'deployment', 'config.json'))

    # Create virtualenv
    cmd('virtualenv --no-site-packages %s' % env.env_path)

    virtualenv('pip install -r %s' % os.path.join(env.code_path, 'deployment', 'requirements.prod.txt'))

    # TODO: a hack until django 1.5 is released
    virtualenv('pip install --no-deps django-grappelli==2.4.3')

    # Create uwsgi settings and run the daemon
    file_from_template(os.path.join('..', 'templates', 'uwsgi.ini'),
            os.path.join(env.code_path, 'deployment', 'uwsgi.ini'), root=False)

    # TODO: use uWSGI Emperor
    file_from_template(os.path.join('..', 'templates', 'upstart'), '/etc/init/uwsgi.conf')

    # Nginx site configuration
    file_from_template(os.path.join('..', 'templates', 'nginx_website.conf'),
            '/etc/nginx/sites-available/%s' % env.conf['DOMAIN'])

    sudo('ln -s /etc/nginx/sites-available/%(domain)s /etc/nginx/sites-enabled/%(domain)s' % {
            'domain': env.conf['DOMAIN']})

    # Initialize database
    init_db()

    # TODO: supervisord config file

    deploy_static_files()

    restart()
def init():
    # Install libraries and applications
    sudo('aptitude -y update')
    sudo('aptitude -y upgrade')
    install_packages(*UBUNTU_PACKAGES)

    install_postgres()

    install_nginx()

    # Create user and make him sudoer
    sudo('useradd -s /bin/bash -d /home/%(user)s -m %(user)s -G sudo' % {
            'user': env.deploy_user, 'password': env.passwords[env.host_string]})

    sudo('passwd %s' % env.deploy_user)

    # Set default text editor
    cmd('echo "SELECTED_EDITOR=\"/usr/bin/mcedit\"" > /home/%s/.selected_editor' % env.deploy_user)
    sudo('echo "SELECTED_EDITOR=\"/usr/bin/mcedit\"" > /root/.selected_editor')

    # Generate ssh key
    cmd('mkdir /home/%s/.ssh' % env.deploy_user)
    cmd('ssh-keygen -t rsa -f /home/%s/.ssh/id_rsa -N %s -C "%s"' % (
            env.deploy_user, env.conf['SSH_KEY_PASSPHRASE'], env.conf['GITHUB_EMAIL']))

    # Wait until user adds the key to github
    print "\033[92mCopy the following public key and add it to the list of deploy keys on github\033[0m"
    cmd('cat /home/%s/.ssh/id_rsa.pub' % env.deploy_user)

    res = prompt('Have you added the key? (type "yes"): ')
    while res != 'yes':
        res = prompt('Have you added the key? (type "yes"): ')

    # Test access to repo
    with settings(warn_only=True):
        cmd('ssh -T [email protected]')

    prompt('Have you seen "You\'ve successfully authenticated" message above?')

    # Allow developers to login with ssh keys
    cmd('echo "%s" >> /home/%s/.ssh/authorized_keys' % ('\n'.join(env.conf['developers_ssh_pubkey']), env.deploy_user))
    sudo('mkdir -p /root/.ssh')
    sudo('echo -e "%s" >> /root/.ssh/authorized_keys' % '\n'.join(env.conf['developers_ssh_pubkey']))

    # TODO: after blocking password access env.passwords shouldn't be set
    # Prohibit ssh password authentication
    sudo('echo -e "\n\nChallengeResponseAuthentication no\nPasswordAuthentication no\nUsePAM no" >> /etc/ssh/sshd_config')
    sudo('reload ssh')