def enabled(config):
"""
Ensure link to /etc/nginx/sites-available/config exists and reload nginx
configuration if needed.
"""
enable(config)
reload_service('nginx')
def enabled(config):
"""
Ensure link to /etc/nginx/sites-available/config exists and reload nginx
configuration if needed.
"""
enable(config)
reload_service('nginx')
def enabled(config):
"""
Require an nginx site to be enabled.
This will cause nginx to reload its configuration.
::
from fabtools import require
require.nginx.enabled('mysite')
"""
enable(config)
reload_service('nginx')
def enabled(config):
"""
Require an nginx site to be enabled.
This will cause nginx to reload its configuration.
::
from fabtools import require
require.nginx.enabled('mysite')
"""
enable(config)
reload_service('nginx')
def require_nginx(ctx):
app = ctx['app']
with shell_env(SYSTEMD_PAGER=''):
require.nginx.server()
auth, admin_auth = http_auth(app)
# TODO: consider require.nginx.site
upload_app = functools.partial(
sudo_upload_template,
'nginx-app.conf',
context=ctx,
clld_dir=get_clld_dir(app.venv_dir) if app.stack == 'clld' else '',
auth=auth,
admin_auth=admin_auth)
sudo_upload_template('nginx-default.conf', dest=str(app.nginx_default_site), env=env)
if env.environment != 'test':
upload_app(dest=str(app.nginx_site))
nginx.enable(app.nginx_site.name)
else: # test environment
require.directory(str(app.nginx_location.parent), use_sudo=True)
upload_app(dest=str(app.nginx_location))
def create_domain(domain, password=None, version="3"):
unix_u, unix_p = create_user(domain, password)
with settings(user=unix_u, password=unix_p):
# Push ssh key
push_key()
# Create virtual env
create_venv("venv", version)
run("chmod 775 ~/")
files.append(filename=".bashrc", text="umask 002")
# Create site folder
run("mkdir site-dir")
run("mkdir site-dir/staticfiles")
# Create nginx log files
run("touch ~/nginx_access.log")
sudo("chgrp root nginx_access.log")
run("touch ~/nginx_error.log")
sudo("chgrp root nginx_error.log")
# Create uwsgi ini file and move to vassal directory
uwsgi_plugins = []
if version == "3":
uwsgi_plugins.append("python3")
if version == "2":
uwsgi_plugins.append("python2")
files.append(
"uwsgi.ini",
UWSGI_INI.format(domain=env.user,
plugins=", ".join(uwsgi_plugins)))
files2.symlink(
"/home/{user}/uwsgi.ini".format(user=env.user),
"/etc/uwsgi/apps-available/{user}.ini".format(user=env.user),
use_sudo=True)
files2.symlink(
"/etc/uwsgi/apps-available/{user}.ini".format(user=env.user),
"/etc/uwsgi/apps-enabled/{user}.ini".format(user=env.user),
use_sudo=True)
# Create nginx config file and enable
files.append("/etc/nginx/sites-available/{user}".format(user=env.user),
NGINX_CONF.format(domain=env.user),
use_sudo=True)
nginx.enable(env.user)
if unix_p == password:
psql_u, psql_p, psql_n = create_pgsql_user(username=env.user,
password=password)
else:
psql_u, psql_p, psql_n = create_pgsql_user(username=env.user)
files.append(
"README.txt",
README_FILE.format(
user_unix=unix_u,
pass_unix=unix_p,
user_pql=psql_u,
pass_pql=psql_p,
name_pql=psql_n,
))
def deploy(app, with_blog=None, with_alembic=False):
"""deploy the app"""
assert system.distrib_id() == 'Ubuntu'
lsb_codename = system.distrib_codename()
if lsb_codename != 'xenial':
raise ValueError('unsupported platform: %s' % lsb_codename)
# See whether the local appconfig clone is up-to-date with the remot master:
remote_repo = local('git ls-remote [email protected]:shh-dlce/appconfig.git HEAD | awk \'{ print $1}\'')
local_clone = local('git rev-parse HEAD')
if remote_repo != local_clone:
if confirm('Local appconfig clone is not up-to-date '
'with remote master, continue?', default=False):
print("Continuing deployment.")
else:
print("Deployment aborted.")
return
require.deb.packages(getattr(app, 'require_deb_%s' % lsb_codename) + app.require_deb)
require.users.user(app.name, create_home=True, shell='/bin/bash')
require.directory(str(app.www_dir), use_sudo=True)
require.directory(str(app.www_dir / 'files'), use_sudo=True)
require_logging(app.log_dir,
logrotate=app.logrotate,
access_log=app.access_log, error_log=app.error_log)
workers = 3 if app.workers > 3 and env.environment == 'test' else app.workers
with_blog = with_blog if with_blog is not None else app.with_blog
if env.environment != 'staging':
# Test and production instances are publicly accessible over HTTPS.
letsencrypt.require_certbot()
letsencrypt.require_cert(env.host)
if env.environment == 'production':
letsencrypt.require_cert(app)
ctx = template_context(app, workers=workers, with_blog=with_blog)
if app.stack == 'soundcomparisons': # pragma: no cover
require.git.working_copy(
'https://github.com/{0}/{1}.git'.format(app.github_org, app.github_repos),
path=str(app.home_dir / app.name),
use_sudo=True,
user=app.name)
require_bower(app, d=app.home_dir / app.name / 'site' / 'js')
require_grunt(app, d=app.home_dir / app.name / 'site' / 'js')
require_php(app)
require_mysql(app)
with shell_env(SYSTEMD_PAGER=''):
require.nginx.server()
sudo_upload_template('nginx-php-fpm-app.conf', str(app.nginx_site), app=app, env=env)
nginx.enable(app.name)
if env.environment == 'production':
# We only enable systemd services when deploying to production, because we don't want
# to start and run things like backup to CDSTAR from non-production systems.
systemd.enable(app, pathlib.Path(os.getcwd()) / 'systemd')
service.reload('nginx')
return
#
# Create a virtualenv for the app and install the app package in development mode, i.e. with
# repository working copy in /usr/venvs/<APP>/src
#
require_venv(
app.venv_dir,
require_packages=[app.app_pkg] + app.require_pip,
assets_name=app.name if app.stack == 'clld' else None)
#
# If some of the static assets are managed via bower, update them.
#
require_bower(app)
require_grunt(app)
require_nginx(ctx)
if app.stack == 'clld':
require_bibutils()
require_postgres(app)
require_config(app.config, app, ctx)
# if gunicorn runs, make it gracefully reload the app by sending HUP
# TODO: consider 'supervisorctl signal HUP $name' instead (xenial+)
sudo('( [ -f {0} ] && kill -0 $(cat {0}) 2> /dev/null '
'&& kill -HUP $(cat {0}) ) || echo no reload '.format(app.gunicorn_pid))
if not with_alembic and confirm('Recreate database?', default=False):
stop.execute_inner(app)
upload_sqldump(app)
elif exists(str(app.src_dir / 'alembic.ini')) and confirm('Upgrade database?', default=False):
# Note: stopping the app is not strictly necessary, because
# the alembic revisions run in separate transactions!
stop.execute_inner(app, maintenance_hours=app.deploy_duration)
alembic_upgrade_head(app, ctx)
pip_freeze(app)
start.execute_inner(app)
check(app)
if env.environment == 'production':
systemd.enable(app, pathlib.Path(os.getcwd()) / 'systemd')