def install_nginx():
install_packages('nginx')
sudo('pip install uwsgi')
# Global configuration
sudo('cp /etc/nginx/nginx.conf /etc/nginx/nginx-prev.conf')
nginx_conf = open(os.path.normpath(
os.path.join(os.path.abspath(__file__), '..', '..', 'templates', 'nginx.conf')
))
put(nginx_conf, '/etc/nginx/nginx.conf')
sudo('rm -f /etc/nginx/sites-enabled/default')
def init():
# Install libraries and applications
sudo('aptitude -y update')
sudo('aptitude -y upgrade')
install_packages(*UBUNTU_PACKAGES)
install_postgres()
install_nginx()
# Create user and make him sudoer
sudo('useradd -s /bin/bash -d /home/%(user)s -m %(user)s -G sudo' % {
'user': env.deploy_user, 'password': env.passwords[env.host_string]})
sudo('passwd %s' % env.deploy_user)
# Set default text editor
cmd('echo "SELECTED_EDITOR=\"/usr/bin/mcedit\"" > /home/%s/.selected_editor' % env.deploy_user)
sudo('echo "SELECTED_EDITOR=\"/usr/bin/mcedit\"" > /root/.selected_editor')
# Generate ssh key
cmd('mkdir /home/%s/.ssh' % env.deploy_user)
cmd('ssh-keygen -t rsa -f /home/%s/.ssh/id_rsa -N %s -C "%s"' % (
env.deploy_user, env.conf['SSH_KEY_PASSPHRASE'], env.conf['GITHUB_EMAIL']))
# Wait until user adds the key to github
print "\033[92mCopy the following public key and add it to the list of deploy keys on github\033[0m"
cmd('cat /home/%s/.ssh/id_rsa.pub' % env.deploy_user)
res = prompt('Have you added the key? (type "yes"): ')
while res != 'yes':
res = prompt('Have you added the key? (type "yes"): ')
# Test access to repo
with settings(warn_only=True):
cmd('ssh -T [email protected]')
prompt('Have you seen "You\'ve successfully authenticated" message above?')
# Allow developers to login with ssh keys
cmd('echo "%s" >> /home/%s/.ssh/authorized_keys' % ('\n'.join(env.conf['developers_ssh_pubkey']), env.deploy_user))
sudo('mkdir -p /root/.ssh')
sudo('echo -e "%s" >> /root/.ssh/authorized_keys' % '\n'.join(env.conf['developers_ssh_pubkey']))
# TODO: after blocking password access env.passwords shouldn't be set
# Prohibit ssh password authentication
sudo('echo -e "\n\nChallengeResponseAuthentication no\nPasswordAuthentication no\nUsePAM no" >> /etc/ssh/sshd_config')
sudo('reload ssh')
def install_postgres():
install_packages('postgresql', 'postgresql-client', 'postgresql-server-dev-all')
# Create postgres user and database
sudo('createuser -l -E -S -D -R %s' % env.conf['database.USER'], user='******')
sudo('createdb -O %s %s' % (env.conf['database.USER'], env.conf['database.NAME']), user='******')
# Database settings recommended by Django
postgres_conf = {
'client_encoding': "'UTF8'",
'default_transaction_isolation': "'read committed'",
'timezone': "'UTC'",
}
for param, value in postgres_conf.iteritems():
sudo('echo "ALTER ROLE %s in DATABASE %s SET %s = %s;" | psql' % (
env.conf['database.USER'], env.conf['database.NAME'], param, value), user='******')
sudo('echo "ALTER USER %s WITH PASSWORD \'%s\';" | psql' % (
env.conf['database.USER'], env.conf['database.PASSWORD']), user='******')