def put_file(): with sudo(user='******'): put('README.md', '/tmp/foobarbaz') ls('/tmp/foobarbaz') run('cat /tmp/foobarbaz') put(StringIO('foobarbazéé'), '/tmp/foobarbaz') run('cat /tmp/foobarbaz')
def install_matomo(): token = os.environ.get('MATOMO_TOKEN') if not token: sys.exist('You need to provide $MATOMO_TOKEN env var') wget('https://raw.githubusercontent.com/matomo-org/matomo-log-analytics' '/master/import_logs.py', '/srv/tilery/src/matomo.py') cron = template('remote/run-matomo', matomo_token=token) put(cron, '/etc/cron.daily/run-matomo') run('chmod +x /etc/cron.daily/run-matomo')
def http(): conf = template('remote/gunicorn.conf', workers=config.workers) with sudo(): put(conf, '/srv/addok/gunicorn.conf') nginx_conf = template('remote/nginx.conf', domain=config.domain) with sudo(): put(nginx_conf, '/etc/nginx/sites-enabled/addok') # On LXC containers, somaxconn cannot be changed. This must be done on the # host machine. run(f'sudo sysctl -w net.core.somaxconn={config.connections} || exit 0') restart()
def letsencrypt(): """Configure letsencrypt.""" with sudo(): run('add-apt-repository --yes ppa:certbot/certbot') run('apt update') run('apt install -y certbot') mkdir('/var/www/letsencrypt/.well-known/acme-challenge') domains = ','.join(list(config.piano_domains) + list(config.forte_domains)) certbot_conf = template('remote/certbot.ini', domains=domains) put(certbot_conf, '/var/www/certbot.ini') run('certbot certonly -c /var/www/certbot.ini --non-interactive ' '--agree-tos')
def db(): """Create the database and the needed extensions.""" dest = '/ssd/postgresql' if not exists(dest): src = '/var/lib/postgresql' mv(src, dest) run(f'ln --symbolic --force {dest} {src}') chown('postgres:postgres', src) with sudo(user='******'): conf = template('remote/postgresql.conf', **config) put(conf, f'/etc/postgresql/{config.psql_version}/main/postgresql.conf') run('createuser tilery || exit 0') run('createdb tilery -O tilery || exit 0') run('psql tilery -c "CREATE EXTENSION IF NOT EXISTS postgis"')
def configure_munin(): psql_plugins = [ 'postgres_autovacuum', 'postgres_bgwriter', 'postgres_checkpoints', 'postgres_connections_db', 'postgres_users', 'postgres_xlog', 'nginx_status', 'nginx_request'] with sudo(), cd('/etc/munin'): put('remote/munin.conf', 'munin.conf') for plugin in Path('remote/munin').glob('*'): put(plugin, f'plugins/{plugin.name}') run(f'chmod +x plugins/{plugin.name}') for name in psql_plugins: run(f'ln --symbolic --force /usr/share/munin/plugins/{name} ' f'plugins/{name}') run('ln --symbolic --force /usr/share/munin/plugins/postgres_size_ ' 'plugins/postgres_size_tilery') restart(services='munin-node')
def import_data(remove_backup=False, push_mapping=False, no_screen=False): """Import OSM data.""" with sudo(user='******'), env(PGHOST='/var/run/postgresql/'): if push_mapping: put('mapping.yml', '/srv/tilery/mapping.yml') run('ls --full-time --time-style locale /srv/tilery/mapping.yml') if remove_backup: run('imposm import -config /srv/tilery/imposm.conf -removebackup') cmd = ('imposm import -diff -config /srv/tilery/imposm.conf ' '-read /srv/tilery/tmp/data.osm.pbf -overwritecache ' '-write -deployproduction 2>&1 | tee /tmp/imposm.log') if no_screen: run(cmd) else: with screen(name='import'): run(cmd) run('tail /tmp/imposm.log')
def configure_mod_tile(): with sudo(user='******'): mkdir('/srv/tilery/tmp/tiles') mkdir('/srv/tilery/renderd') with sudo(), cd('/etc/apache2/'): put('remote/tile.load', 'mods-available/tile.load') put('remote/tile.conf', 'mods-available/tile.conf') put('remote/apache.conf', 'sites-enabled/000-default.conf') put('remote/ports.conf', 'ports.conf') run('a2enmod tile')
def http(): """Configure Nginx and letsencrypt.""" # When we'll have a domain. put('remote/piano.conf', '/etc/nginx/snippets/piano.conf') put('remote/forte.conf', '/etc/nginx/snippets/forte.conf') put('remote/letsencrypt.conf', '/etc/nginx/snippets/letsencrypt.conf') put('remote/ssl.conf', '/etc/nginx/snippets/ssl.conf') domain = config.piano_domains[0] pempath = f'/etc/letsencrypt/live/{domain}/fullchain.pem' if exists(pempath): print(f'{pempath} found, using https configuration') conf = template('remote/nginx-https.conf', piano_domains=' '.join(config.piano_domains), forte_domains=' '.join(config.forte_domains), domain=domain) else: print(f'{pempath} not found, using http configuration') # Before letsencrypt. conf = template('remote/nginx-http.conf', piano_domains=' '.join(config.piano_domains), forte_domains=' '.join(config.forte_domains), domain=domain) put(conf, '/etc/nginx/sites-enabled/pianoforte.conf') restart(services='nginx')
def remotefile(connection): remote = '/tmp/usinetestget' put(BytesIO('foobarééœ'.encode()), remote) yield remote run(f'rm {remote}')
def deploy(): """Send config files.""" with sudo(user='******'): mkdir('/srv/tilery/pianoforte/data') put(config.source_dir / 'mapping.yml', '/srv/tilery/mapping.yml') imposm_conf = template('remote/imposm.conf', **config) put(imposm_conf, '/srv/tilery/imposm.conf') put('remote/renderd.conf', '/etc/renderd.conf') put(config.source_dir / 'dist/', '/srv/tilery/pianoforte/') put(config.source_dir / 'fonts/', '/srv/tilery/pianoforte/fonts') put(config.source_dir / 'icon/', '/srv/tilery/pianoforte/icon')
def service(name): with sudo(): put(f'remote/{name}.service', f'/etc/systemd/system/{name}.service') systemctl(f'enable {name}.service')
def deploy(): pip(f'install {" ".join(config.packages)} gunicorn --upgrade') put(str(config.settings), '/etc/addok/addok.conf') restart()
def test_dry_run(connection): remote = '/tmp/usinetestdryrun' usine.client.dry_run = True put(Path(__file__).parent / 'test.txt', remote) usine.client.dry_run = False assert not exists(remote)
def test_put_bytesio(connection): remote = '/tmp/usinetestput' put(BytesIO(b'foobar'), remote) assert run(f'cat {remote}').stdout == 'foobar' run(f'rm {remote}')
def install_goaccess(): put('remote/run-goaccess', '/etc/cron.hourly/run-goaccess') run('chmod +x /etc/cron.hourly/run-goaccess')
def test_put_bytesio_with_non_ascii_chars(connection): remote = '/tmp/usinetestput' put(BytesIO('foobarώ'.encode()), remote) assert run(f'cat {remote}').stdout == 'foobarώ' run(f'rm {remote}')
def service(): """Deploy/update the addok systemd service.""" conf = template('remote/addok.service', **config) put(conf, '/etc/systemd/system/addok.service') systemctl('enable addok.service')
def test_put_with_cd(connection): remote = 'usinetestput' with cd('/tmp'): put(str(Path(__file__).parent / 'test.txt'), remote) assert run(f'cat {remote}').stdout == 'foobarώ\r\n' run(f'rm {remote}')
def test_put_path_as_string(connection): remote = '/tmp/usinetestput' put(str(Path(__file__).parent / 'test.txt'), remote) assert run(f'cat {remote}').stdout == 'foobarώ\r\n' run(f'rm {remote}')
def test_put_stringio(connection): remote = '/tmp/usinetestput' put(StringIO('foobarώ'), remote) assert run(f'cat {remote}').stdout == 'foobarώ' run(f'rm {remote}')