def update():
# TODO: perform db backup
with cd(env.code_path):
cmd('git pull')
virtualenv('python %s migrate' % env.manage_path)
deploy_static_files()
restart()
def deploy():
cmd('mkdir -p %s %s %s %s' % (
env.code_path, env.env_path, env.STATIC_ROOT, os.path.join(env.logs_path)))
cmd('git clone %s %s' % (env.conf['repository'], env.code_path))
# Provide data for Django settings
# TODO: change the owner of this file
put(StringIO.StringIO(json.dumps(env.conf, indent=4)),
os.path.join(env.code_path, 'deployment', 'config.json'))
# Create virtualenv
cmd('virtualenv --no-site-packages %s' % env.env_path)
virtualenv('pip install -r %s' % os.path.join(env.code_path, 'deployment', 'requirements.prod.txt'))
# TODO: a hack until django 1.5 is released
virtualenv('pip install --no-deps django-grappelli==2.4.3')
# Create uwsgi settings and run the daemon
file_from_template(os.path.join('..', 'templates', 'uwsgi.ini'),
os.path.join(env.code_path, 'deployment', 'uwsgi.ini'), root=False)
# TODO: use uWSGI Emperor
file_from_template(os.path.join('..', 'templates', 'upstart'), '/etc/init/uwsgi.conf')
# Nginx site configuration
file_from_template(os.path.join('..', 'templates', 'nginx_website.conf'),
'/etc/nginx/sites-available/%s' % env.conf['DOMAIN'])
sudo('ln -s /etc/nginx/sites-available/%(domain)s /etc/nginx/sites-enabled/%(domain)s' % {
'domain': env.conf['DOMAIN']})
# Initialize database
init_db()
# TODO: supervisord config file
deploy_static_files()
restart()
def init():
# Install libraries and applications
sudo('aptitude -y update')
sudo('aptitude -y upgrade')
install_packages(*UBUNTU_PACKAGES)
install_postgres()
install_nginx()
# Create user and make him sudoer
sudo('useradd -s /bin/bash -d /home/%(user)s -m %(user)s -G sudo' % {
'user': env.deploy_user, 'password': env.passwords[env.host_string]})
sudo('passwd %s' % env.deploy_user)
# Set default text editor
cmd('echo "SELECTED_EDITOR=\"/usr/bin/mcedit\"" > /home/%s/.selected_editor' % env.deploy_user)
sudo('echo "SELECTED_EDITOR=\"/usr/bin/mcedit\"" > /root/.selected_editor')
# Generate ssh key
cmd('mkdir /home/%s/.ssh' % env.deploy_user)
cmd('ssh-keygen -t rsa -f /home/%s/.ssh/id_rsa -N %s -C "%s"' % (
env.deploy_user, env.conf['SSH_KEY_PASSPHRASE'], env.conf['GITHUB_EMAIL']))
# Wait until user adds the key to github
print "\033[92mCopy the following public key and add it to the list of deploy keys on github\033[0m"
cmd('cat /home/%s/.ssh/id_rsa.pub' % env.deploy_user)
res = prompt('Have you added the key? (type "yes"): ')
while res != 'yes':
res = prompt('Have you added the key? (type "yes"): ')
# Test access to repo
with settings(warn_only=True):
cmd('ssh -T [email protected]')
prompt('Have you seen "You\'ve successfully authenticated" message above?')
# Allow developers to login with ssh keys
cmd('echo "%s" >> /home/%s/.ssh/authorized_keys' % ('\n'.join(env.conf['developers_ssh_pubkey']), env.deploy_user))
sudo('mkdir -p /root/.ssh')
sudo('echo -e "%s" >> /root/.ssh/authorized_keys' % '\n'.join(env.conf['developers_ssh_pubkey']))
# TODO: after blocking password access env.passwords shouldn't be set
# Prohibit ssh password authentication
sudo('echo -e "\n\nChallengeResponseAuthentication no\nPasswordAuthentication no\nUsePAM no" >> /etc/ssh/sshd_config')
sudo('reload ssh')
