def haproxy():
"""
1. Build and Upload haproxy config
2. Restart haproxy
"""
click.echo("\nInstalling...\n")
if not exists('/etc/haproxy'):
sudo('apt-get update')
sudo('apt-get upgrade -y')
sudo('apt-get install -y haproxy')
# nginx remove default config
if exists('/etc/haproxy/haproxy.cfg'):
sudo('rm /etc/haproxy/haproxy.cfg')
# Main domain configuration
with cd('/etc/haproxy/'):
upload_template(
filename=src(req.parse("suarm"), "suarm/tmpl/haproxy.cfg"),
destination='/etc/haproxy/haproxy.cfg',
context={
"admin": {
"username": "******",
"password": "******"
},
"apps": env.apps,
"cluster": env.cluster
},
use_sudo=True,
)
def deps():
"""
Install all server dependencies.
"""
print("\nInstalling [project] dependencies...\n")
distro = run("lsb_release -sc", shell=True)
deps_file = src(req.parse("suarm"),
"suarm/scripts/system-%s.txt" % distro)
pkgs = local("grep -vE '^\s*\#' %s | tr '\n' ' '" % deps_file,
capture=True)
sudo("apt-get install -y %s" % pkgs)
sudo("apt-get install -y python-virtualenv python-pip")
db_engine = get_value(env.stage, "db_engine", default=DB_POSTGRESQL)
print("\nInstalling Dependencies for [database]...\n")
if db_engine == DB_POSTGRESQL:
sudo('apt-get install -y postgresql postgresql-contrib libpq-dev')
elif db_engine == DB_MYSQL:
sudo('apt-get install -y mysql-server libmysqlclient-dev')
print("\nInstalling Dependencies for [web server]...\n")
web_server = get_value(env.stage, "web_server", default=WS_NGINX)
if web_server == WS_NGINX:
sudo('apt-get install -y nginx')
elif web_server == WS_APACHE:
sudo('apt-get install -y apache2')
https = get_value(env.stage, "https", default=False)
if https:
sudo("apt-get install -y software-properties-common")
sudo("add-apt-repository -y ppa:certbot/certbot")
sudo('apt-get update')
sudo('apt-get install -y certbot')
def letsencrypt():
"""
1. Obtain certificates for apps
2. Setting Up autorenew logic
"""
with settings(hide('warnings'), warn_only=True):
sudo("service %s stop" % env.web_server)
if env.https:
# sudo("mkdir -p /etc/haproxy/certs")
sudo("certbot certonly \
--standalone \
--agree-tos \
--email %(email)s \
--domains \"%(domain)s\" \
--pre-hook \"service %(web_server)s stop\" \
--post-hook \"service %(web_server)s start\" \
" % {
"domain": env.domain,
"email": env.email,
})
sudo(
"bash -c 'cat /etc/letsencrypt/live/%(domain)s/fullchain.pem \
/etc/letsencrypt/live/%(domain)s/privkey.pem > /etc/haproxy/certs/%(domain)s.pem'"
% {
"domain": env.domain,
})
sudo("chmod -R go-rwx /etc/letsencrypt/live/%(domain)s" % {
"domain": env.domain,
})
# Copy renew.sh for cronjob
renew_name = "renew_%s_ssl.sh" % env.project
with cd('/usr/local/bin/'):
upload_template(
filename=src(req.parse("suarm"),
"suarm/scripts/le-renew.sh"),
destination='/usr/local/bin/%s' % renew_name,
context={
"domain": env.domain,
"service": env.web_server
},
use_sudo=True,
)
sudo("chmod u+x /usr/local/bin/%s" % renew_name)
sudo("/usr/local/bin/%s" % renew_name)
sudo("certbot renew")
repetition = '30 2 * * *'
cmd = '/usr/bin/certbot renew --renew-hook \"/usr/local/bin/%s\" >> /var/log/le-renewal.log' % \
renew_name
run('crontab -l | grep -v "%s" | crontab -' % cmd)
run('crontab -l | { cat; echo "%s %s"; } | crontab -' %
(repetition, cmd))
sudo("service %s start" % env.web_server)
else:
print("\n---> LE Skipped...!!!\n")
def git():
"""
1. Setup bare Git repo.
2. Create post-receive hook.
"""
with settings(hide('warnings'), warn_only=True):
if exists(HOME_PATH) is False:
sudo('mkdir %s' % HOME_PATH)
if exists(get_user_home(env.stage)) is False:
sudo("mkdir %s" % get_user_home(env.stage))
if exists(get_project_path(env.stage)) is False:
sudo("mkdir %s" % get_project_path(env.stage))
if exists(get_project_src(env.stage)) is False:
sudo("mkdir %s/src" % get_project_path(env.stage))
with cd(get_project_path(env.stage)):
sudo('mkdir -p %s.git' % env.project)
with cd('%s.git' % env.project):
sudo('git init --bare --shared')
with cd('hooks'):
upload_template(
filename=src(req.parse("suarm"),
"suarm/scripts/post-receive"),
destination=
"%(project_path)s/%(project_name)s.git/hooks" % {
"project_path": get_project_path(env.stage),
"project_name": env.project,
},
context={
"project_path": get_project_src(env.stage),
},
use_sudo=True,
)
sudo('chmod +x post-receive')
sudo(
'chown -R %(user)s:%(team)s %(project)s.git' % {
"user": make_user(env.project),
"team": make_team(env.project),
"project": env.project,
})
def supervisor():
"""
1. Create new supervisor config file.
2. Copy local config to remote config.
3. Register new command.
"""
with settings(hide('warnings'), warn_only=True):
if exists('/etc/supervisor/conf.d/%s.conf' % env.domain):
sudo('rm /etc/supervisor/conf.d/%s.conf' % env.domain)
with cd('/etc/supervisor/conf.d'):
upload_template(
filename=src(req.parse("suarm"),
"suarm/tmpl/django_supervisor.conf"),
destination='%s.conf' % env.domain,
context={
"project_name": env.project,
"project_path": get_project_src(env.stage),
"app_user": make_user(env.project),
},
use_sudo=True,
)
def gunicorn():
"""
1. Create new gunicorn start script
2. Copy local start script template redered to server
"""
with settings(hide('warnings'), warn_only=True):
sudo('rm -rf %s/bin' % get_project_src(env.stage))
sudo('mkdir -p %s/bin' % get_project_src(env.stage))
with cd('%s/bin' % get_project_src(env.stage)):
upload_template(
filename=src(req.parse("suarm"), "suarm/scripts/start.sh"),
destination='%s/bin/start.sh' % get_project_src(env.stage),
context={
"project_name": env.project,
"project_path": get_project_src(env.stage),
"app_user": make_user(env.project),
"app_group": make_team(env.project),
},
use_sudo=True,
)
sudo('chmod +x %s/bin/start.sh' % get_project_src(env.stage))