def handle(self, *args, **options): # Configure firmware generation context = { 'db_name': options.get('db_name'), 'db_user': options.get('db_user'), 'db_password': options.get('db_password'), 'db_host': options.get('db_host'), 'db_port': options.get('db_port') } run('su postgres -c "psql -c \\"CREATE USER %(db_user)s PASSWORD \'%(db_password)s\';\\""' % context, err_codes=[0, 1]) run('su postgres -c "psql -c \\"CREATE DATABASE %(db_name)s OWNER %(db_user)s;\\""' % context, err_codes=[0, 1]) context.update( {'settings': os.path.join(get_project_root(), 'settings.py')}) if run("grep 'DATABASES' %(settings)s" % context, err_codes=[0, 1]).return_code == 0: # Update existing settings_file run("sed -i \"s/'ENGINE': '\w*',/'ENGINE': 'django.db.backends.postgresql_psycopg2',/\" %(settings)s" % context) run("sed -i \"s/'NAME': '.*',/'NAME': '%(db_name)s',/\" %(settings)s" % context) run("sed -i \"s/'USER': '******',/'USER': '******',/\" %(settings)s" % context) run("sed -i \"s/'PASSWORD': '******',/'PASSWORD': '******',/\" %(settings)s" % context) run("sed -i \"s/'HOST': '.*',/'HOST': '%(db_host)s',/\" %(settings)s" % context) run("sed -i \"s/'PORT': '.*',/'PORT': '%(db_port)s',/\" %(settings)s" % context) else: db_config = ( "DATABASES = {\n" " 'default': {\n" " 'ENGINE': 'django.db.backends.postgresql_psycopg2',\n" " 'NAME': '%(db_name)s',\n" " 'USER': '******',\n" " 'PASSWORD': '******',\n" " 'HOST': '%(db_host)s',\n" " 'PORT': '%(db_port)s',\n" " 'ATOMIC_REQUESTS': True,\n" " }\n" "}\n" % context) context.update({'db_config': db_config}) run('echo "%(db_config)s" >> %(settings)s' % context)
def update_settings(monkey_patch=None, **options): """ Warning this only works with a very simple setting format: NAME = value """ from django.conf import settings for name, value in options.iteritems(): if getattr(settings, name, None) != value: settings_file = os.path.join(get_project_root(), 'settings.py') context = { 'name': name, 'value': value if not isinstance(value, basestring) else "'%s'" % value, 'settings': settings_file, } if run("grep '^%(name)s *=' %(settings)s" % context, err_codes=[0,1]): # Update existing settings_file run("sed -i \"s#%(name)s *=.*#%(name)s = %(value)s#\" %(settings)s" % context) else: run("echo \"%(name)s = %(value)s\" >> %(settings)s" % context) # Monkeypatch controller settings to make available the change globally if monkey_patch is not None: module = import_module(monkey_patch) setattr(module, name, value)
def handle(self, *args, **options): # Configure firmware generation context = { 'db_name': options.get('db_name'), 'db_user': options.get('db_user'), 'db_password': options.get('db_password'), 'db_host': options.get('db_host'), 'db_port': options.get('db_port') } #Below 2 lines will be running where postgres container is running if os.path.exists('/home/vct/vct_true') is True: run('su postgres -c "psql -c \\"CREATE USER %(db_user)s PASSWORD \'%(db_password)s\';\\""' % context, err_codes=[0,1]) run('su postgres -c "psql -c \\"CREATE DATABASE %(db_name)s OWNER %(db_user)s;\\""' % context, err_codes=[0,1]) context.update({'settings': os.path.join(get_project_root(), 'settings.py')}) if run("grep 'DATABASES' %(settings)s" % context, err_codes=[0,1]).return_code == 0: # Update existing settings_file run("sed -i \"s/'ENGINE': '\w*',/'ENGINE': 'django.db.backends.postgresql_psycopg2',/\" %(settings)s" % context) run("sed -i \"s/'NAME': '.*',/'NAME': '%(db_name)s',/\" %(settings)s" % context) run("sed -i \"s/'USER': '******',/'USER': '******',/\" %(settings)s" % context) run("sed -i \"s/'PASSWORD': '******',/'PASSWORD': '******',/\" %(settings)s" % context) run("sed -i \"s/'HOST': '.*',/'HOST': '%(db_host)s',/\" %(settings)s" % context) run("sed -i \"s/'PORT': '.*',/'PORT': '%(db_port)s',/\" %(settings)s" % context) else: db_config = ( "DATABASES = {\n" " 'default': {\n" " 'ENGINE': 'django.db.backends.postgresql_psycopg2',\n" " 'NAME': '%(db_name)s',\n" " 'USER': '******',\n" " 'PASSWORD': '******',\n" " 'HOST': '%(db_host)s',\n" " 'PORT': '%(db_port)s',\n" " 'ATOMIC_REQUESTS': True,\n" " }\n" "}\n" % context) context.update({'db_config': db_config}) run('echo "%(db_config)s" >> %(settings)s' % context)
def handle(self, *args, **options): interactive = options.get('interactive') # Avoid import errors from nodes.models import Server server = Server.objects.first() context = { 'project_name': get_project_name(), 'project_root': get_project_root(), 'site_root': get_site_root(), 'media_root': settings.MEDIA_ROOT, 'static_root': settings.STATIC_ROOT, 'cert_path': ca.cert_path, 'cert_key_path': ca.priv_key_path, 'mgmt_addr': str(server.mgmt_net.addr), 'user': options.get('user'), 'group': options.get('group') or options.get('user'), 'home': expanduser("~%s" % options.get('user')), 'processes': int(options.get('processes')),} nginx_conf = ( 'server {\n' ' listen 80;\n' ' listen [::]:80 ipv6only=on;\n' ' rewrite ^/$ /admin;\n' ' client_max_body_size 500m;\n' ' location / {\n' ' uwsgi_pass unix:///var/run/uwsgi/app/%(project_name)s/socket;\n' ' include uwsgi_params;\n' ' }\n' ' location /media {\n' ' alias %(media_root)s;\n' ' expires 30d;\n' ' }\n' ' location /static {\n' ' alias %(static_root)s;\n' ' expires 30d;\n' ' }\n' '}\n' '\n' 'server {\n' ' listen [%(mgmt_addr)s]:443 default_server ssl;\n' ' ssl_certificate %(cert_path)s;\n' ' ssl_certificate_key %(cert_key_path)s;\n' ' rewrite ^/$ /admin;\n' ' client_max_body_size 50m;\n' ' location / {\n' ' uwsgi_pass unix:///var/run/uwsgi/app/%(project_name)s/socket;\n' ' include uwsgi_params;\n' ' }\n' ' location /media {\n' ' alias %(media_root)s;\n' ' expires 30d;\n' ' }\n' ' location /static {\n' ' alias %(static_root)s;\n' ' expires 30d;\n' ' }\n' '}\n') % context uwsgi_conf = ( '[uwsgi]\n' 'plugins = python\n' 'chdir = %(site_root)s\n' 'module = %(project_name)s.wsgi\n' 'master = true\n' 'processes = %(processes)d\n' 'chmod-socket = 664\n' 'stats = /run/uwsgi/%%(deb-confnamespace)/%%(deb-confname)/statsocket\n' 'vacuum = true\n' 'uid = %(user)s\n' 'gid = %(group)s\n' 'env = HOME=%(home)s\n') % context nginx = { 'file': '/etc/nginx/conf.d/%(project_name)s.conf' % context, 'conf': nginx_conf } uwsgi = { 'file': '/etc/uwsgi/apps-available/%(project_name)s.ini' % context, 'conf': uwsgi_conf } for extra_context in (nginx, uwsgi): context.update(extra_context) diff = run("echo '%(conf)s'|diff - %(file)s" % context, err_codes=[0,1,2]) if diff.return_code == 2: # File does not exist run("echo '%(conf)s' > %(file)s" % context) elif diff.return_code == 1: # File is different, save the old one if interactive: msg = ("\n\nFile %(file)s be updated, do you like to override " "it? (yes/no): " % context) confirm = input(msg) while 1: if confirm not in ('yes', 'no'): confirm = input('Please enter either "yes" or "no": ') continue if confirm == 'no': return break run("cp %(file)s %(file)s.save" % context) run("echo '%(conf)s' > %(file)s" % context) self.stdout.write("\033[1;31mA new version of %(file)s has been installed.\n " "The old version has been placed at %(file)s.save\033[m" % context) run('ln -s /etc/uwsgi/apps-available/%(project_name)s.ini /etc/uwsgi/apps-enabled/' % context, err_codes=[0,1]) # Give read permissions to cert key file run('chmod g+r %(cert_key_path)s' % context) # nginx should start after tincd current = "\$local_fs \$remote_fs \$network \$syslog" run('sed -i "s/ %s$/ %s \$named/g" /etc/init.d/nginx' % (current, current)) rotate = ( '/var/log/nginx/*.log {\n' ' daily\n' ' missingok\n' ' rotate 30\n' ' compress\n' ' delaycompress\n' ' notifempty\n' ' create 640 root adm\n' ' sharedscripts\n' ' postrotate\n' ' [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`\n' ' endscript\n' '}\n') run("echo '%s' > /etc/logrotate.d/nginx" % rotate) # Allow nginx to write to uwsgi socket run('adduser www-data %(group)s' % context)
def handle(self, *args, **options): interactive = options.get('interactive') # Avoid import errors from nodes.models import Server server = Server.objects.first() context = { 'project_name': get_project_name(), 'project_root': get_project_root(), 'site_root': get_site_root(), 'media_root': settings.MEDIA_ROOT, 'static_root': settings.STATIC_ROOT, 'cert_path': ca.cert_path, 'cert_key_path': ca.priv_key_path, 'mgmt_addr': str(server.mgmt_net.addr), 'user': options.get('user'), 'group': options.get('group') or options.get('user'), 'home': expanduser("~%s" % options.get('user')), 'processes': int(options.get('processes')), } nginx_conf = ( 'server {\n' ' listen 80;\n' ' listen [::]:80 ipv6only=on;\n' ' rewrite ^/$ /admin;\n' ' client_max_body_size 500m;\n' ' location / {\n' ' uwsgi_pass unix:///var/run/uwsgi/app/%(project_name)s/socket;\n' ' include uwsgi_params;\n' ' }\n' ' location /media {\n' ' alias %(media_root)s;\n' ' expires 30d;\n' ' }\n' ' location /static {\n' ' alias %(static_root)s;\n' ' expires 30d;\n' ' }\n' '}\n' '\n' 'server {\n' ' listen [%(mgmt_addr)s]:443 default_server ssl;\n' ' ssl_certificate %(cert_path)s;\n' ' ssl_certificate_key %(cert_key_path)s;\n' ' rewrite ^/$ /admin;\n' ' client_max_body_size 50m;\n' ' location / {\n' ' uwsgi_pass unix:///var/run/uwsgi/app/%(project_name)s/socket;\n' ' include uwsgi_params;\n' ' }\n' ' location /media {\n' ' alias %(media_root)s;\n' ' expires 30d;\n' ' }\n' ' location /static {\n' ' alias %(static_root)s;\n' ' expires 30d;\n' ' }\n' '}\n') % context uwsgi_conf = ( '[uwsgi]\n' 'plugins = python\n' 'chdir = %(site_root)s\n' 'module = %(project_name)s.wsgi\n' 'master = true\n' 'processes = %(processes)d\n' 'chmod-socket = 664\n' 'stats = /run/uwsgi/%%(deb-confnamespace)/%%(deb-confname)/statsocket\n' 'vacuum = true\n' 'uid = %(user)s\n' 'gid = %(group)s\n' 'env = HOME=%(home)s\n') % context nginx = { 'file': '/etc/nginx/conf.d/%(project_name)s.conf' % context, 'conf': nginx_conf } uwsgi = { 'file': '/etc/uwsgi/apps-available/%(project_name)s.ini' % context, 'conf': uwsgi_conf } for extra_context in (nginx, uwsgi): context.update(extra_context) diff = run("echo '%(conf)s'|diff - %(file)s" % context, err_codes=[0, 1, 2]) if diff.return_code == 2: # File does not exist run("echo '%(conf)s' > %(file)s" % context) elif diff.return_code == 1: # File is different, save the old one if interactive: msg = ( "\n\nFile %(file)s be updated, do you like to override " "it? (yes/no): " % context) confirm = input(msg) while 1: if confirm not in ('yes', 'no'): confirm = input( 'Please enter either "yes" or "no": ') continue if confirm == 'no': return break run("cp %(file)s %(file)s.save" % context) run("echo '%(conf)s' > %(file)s" % context) self.stdout.write( "\033[1;31mA new version of %(file)s has been installed.\n " "The old version has been placed at %(file)s.save\033[m" % context) run('ln -s /etc/uwsgi/apps-available/%(project_name)s.ini /etc/uwsgi/apps-enabled/' % context, err_codes=[0, 1]) # Disable default site run('rm -f /etc/nginx/sites-enabled/default') # Give read permissions to cert key file run('chmod g+r %(cert_key_path)s' % context) # nginx should start after tincd current = "\$local_fs \$remote_fs \$network \$syslog" run('sed -i "s/ %s$/ %s \$named/g" /etc/init.d/nginx' % (current, current)) rotate = ( '/var/log/nginx/*.log {\n' ' daily\n' ' missingok\n' ' rotate 30\n' ' compress\n' ' delaycompress\n' ' notifempty\n' ' create 640 root adm\n' ' sharedscripts\n' ' postrotate\n' ' [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`\n' ' endscript\n' '}\n') run("echo '%s' > /etc/logrotate.d/nginx" % rotate) # Allow nginx to write to uwsgi socket run('adduser www-data %(group)s' % context) # Restart nginx to apply new configuration and also uwsgi # to force reloading permissions (user added to a group) run('service nginx restart') run('service uwsgi restart')
def handle(self, *args, **options): interactive = options.get('interactive') # Avoid import errors from nodes.models import Server server = Server.objects.first() context = { 'project_name': get_project_name(), 'project_root': get_project_root(), 'site_root': get_site_root(), 'media_root': settings.MEDIA_ROOT, 'static_root': settings.STATIC_ROOT, 'cert_path': ca.cert_path, 'cert_key_path': ca.priv_key_path, 'mgmt_addr': str(server.mgmt_net.addr), 'user': options.get('user'), 'group': options.get('group') or options.get('user'), 'processes': int(options.get('processes')), 'threads': int(options.get('threads')) } apache_conf = ( 'WSGIDaemonProcess %(project_name)s user=%(user)s group=%(group)s processes=%(processes)d \\\n' ' threads=%(threads)d python-path=%(site_root)s \\\n' ' display-name=%%{GROUP}\n' 'WSGIProcessGroup %(project_name)s\n' 'WSGIScriptAlias / %(project_root)s/wsgi.py\n' 'WSGIPassAuthorization On\n\n' '<Directory %(project_root)s>\n' ' <Files wsgi.py>\n' ' Order deny,allow\n' ' Allow from all\n' ' </Files>\n' '</Directory>\n\n' 'Alias /media/ %(media_root)s/\n' 'Alias /static/ %(static_root)s/\n' '<Directory %(static_root)s>\n' ' ExpiresActive On\n' ' ExpiresByType image/gif A1209600\n' ' ExpiresByType image/jpeg A1209600\n' ' ExpiresByType image/png A1209600\n' ' ExpiresByType text/css A1209600\n' ' ExpiresByType text/javascript A1209600\n' ' ExpiresByType application/x-javascript A1209600\n' ' <FilesMatch "\.(css|js|gz|png|gif|jpe?g|flv|swf|ico|pdf|txt|html|htm)$">\n' ' ContentDigest On\n' ' FileETag MTime Size\n' ' </FilesMatch>\n' '</Directory>\n\n' 'RedirectMatch ^/$ /admin\n\n' '<VirtualHost [%(mgmt_addr)s]:443>\n' ' ServerName localhost\n' ' SSLEngine on\n' ' SSLCertificateFile %(cert_path)s\n' ' SSLCertificateKeyFile %(cert_key_path)s\n' ' SSLCACertificateFile %(cert_path)s\n' ' SSLVerifyClient None\n' '</VirtualHost>' % context ) context.update({ 'apache_conf': apache_conf, 'apache_conf_file': '/etc/apache2/conf.d/%(project_name)s.conf' % context }) # Apache 2.4 compatibility - feature #684 run('mkdir -p /etc/apache2/conf.d') run('mkdir -p /etc/apache2/conf-available') compat_conf = ( '# This enables configuration files in the legacy Apache directory.\n' 'IncludeOptional conf.d/*.conf\n' '\n' '# These correct access control to Controller files for Apache 2.4.\n' '<Directory %(project_root)s>\n' ' <Files wsgi.py>\n' ' Require all granted\n' ' </Files>\n' '</Directory>\n' '<Location /media>\n' ' Require all granted\n' '</Location>\n' '<Location /static>\n' ' Require all granted\n' '</Location>' % context ) context.update({ 'compat_conf': compat_conf, 'compat_conf_file': '/etc/apache2/conf-available/local-%(project_name)s-compat.conf' % context }) run("echo '%(compat_conf)s' > %(compat_conf_file)s" % context) # Store apache2 configuration keeping existing one (if any). diff = run("echo '%(apache_conf)s'|diff - %(apache_conf_file)s" % context, err_codes=[0,1,2]) if diff.return_code == 2: # File does not exist run("echo '%(apache_conf)s' > %(apache_conf_file)s" % context) elif diff.return_code == 1: # File is different, save the old one if interactive: msg = ("\n\nFile %(apache_conf_file)s should be updated, do " "you like to override it? (yes/no): " % context) confirm = input(msg) while 1: if confirm not in ('yes', 'no'): confirm = input('Please enter either "yes" or "no": ') continue if confirm == 'no': return break run("cp %(apache_conf_file)s %(apache_conf_file)s.\$save" % context) run("echo '%(apache_conf)s' > %(apache_conf_file)s" % context) self.stdout.write("\033[1;31mA new version of %(apache_conf_file)s " "has been installed.\n The old version has been placed at " "%(apache_conf_file)s.$save\033[m" % context) run('a2enmod wsgi') run('a2enmod expires') run('a2enmod deflate') run('a2enmod ssl') # catch 127 error 'command not found' for apache 2.2 installations run('a2enconf local-%(project_name)s-compat' % context, err_codes=[0, 127]) # Give read permissions to cert key file run('chmod g+r %(cert_key_path)s' % context)
def handle(self, *args, **options): interactive = options.get('interactive') # Avoid import errors from nodes.models import Server server = Server.objects.first() context = { 'project_name': get_project_name(), 'project_root': get_project_root(), 'site_root': get_site_root(), # TODO end with single / 'media_root': settings.MEDIA_ROOT, 'static_root': settings.STATIC_ROOT, 'cert_path': ca.cert_path, 'cert_key_path': ca.priv_key_path, 'mgmt_addr': str(server.mgmt_net.addr), 'user': options.get('user'), 'group': options.get('group') or options.get('user'), 'processes': int(options.get('processes')), 'threads': int(options.get('threads')) } apache_conf = ( 'WSGIDaemonProcess %(project_name)s user=%(user)s group=%(group)s processes=%(processes)d \\\n' ' threads=%(threads)d python-path=%(site_root)s \\\n' ' display-name=%%{GROUP}\n' 'WSGIProcessGroup %(project_name)s\n' 'WSGIScriptAlias / %(project_root)s/wsgi.py\n' 'WSGIPassAuthorization On\n\n' '<Directory %(project_root)s>\n' ' Require all granted\n' ' <Files wsgi.py>\n' ' Order deny,allow\n' ' Allow from all\n' ' </Files>\n' '</Directory>\n\n' 'Alias /media/ %(media_root)s/\n' 'Alias /static/ %(static_root)s/\n' '<Directory %(static_root)s>\n' ' Require all granted\n' ' ExpiresActive On\n' ' ExpiresByType image/gif A1209600\n' ' ExpiresByType image/jpeg A1209600\n' ' ExpiresByType image/png A1209600\n' ' ExpiresByType text/css A1209600\n' ' ExpiresByType text/javascript A1209600\n' ' ExpiresByType application/x-javascript A1209600\n' ' <FilesMatch "\.(css|js|gz|png|gif|jpe?g|flv|swf|ico|pdf|txt|html|htm)$">\n' ' ContentDigest On\n' ' FileETag MTime Size\n' ' </FilesMatch>\n' '</Directory>\n\n' 'RedirectMatch ^/$ /admin\n\n' '<VirtualHost [%(mgmt_addr)s]:443>\n' ' ServerName localhost\n' ' SSLEngine on\n' ' SSLCertificateFile %(cert_path)s\n' ' SSLCertificateKeyFile %(cert_key_path)s\n' ' SSLCACertificateFile %(cert_path)s\n' ' SSLVerifyClient None\n' '</VirtualHost>' % context) context.update({ 'apache_conf': apache_conf, 'apache_conf_file': '/etc/apache2/sites-enabled/%(project_name)s.conf' % context}) diff = run("echo '%(apache_conf)s'|diff - %(apache_conf_file)s" % context, err_codes=[0,1,2]) if diff.return_code == 2: # File does not exist run("echo '%(apache_conf)s' > %(apache_conf_file)s" % context) elif diff.return_code == 1: # File is different, save the old one if interactive: msg = ("\n\nFile %(apache_conf_file)s should be updated, do " "you like to override it? (yes/no): " % context) confirm = input(msg) while 1: if confirm not in ('yes', 'no'): confirm = input('Please enter either "yes" or "no": ') continue if confirm == 'no': return break run("cp %(apache_conf_file)s %(apache_conf_file)s.\$save" % context) run("echo '%(apache_conf)s' > %(apache_conf_file)s" % context) self.stdout.write("\033[1;31mA new version of %(apache_conf_file)s " "has been installed.\n The old version has been placed at " "%(apache_conf_file)s.$save\033[m" % context) # include_httpd = run("grep '^\s*Include\s\s*httpd.conf\s*' /etc/apache2/apache2.conf", err_codes=[0,1]) # if include_httpd.return_code == 1: # run("echo 'Include httpd.conf' >> /etc/apache2/apache2.conf") # run('a2ensite %s' % project_name) run('a2enmod wsgi') run('a2enmod expires') run('a2enmod deflate') run('a2enmod ssl') # Give upload file permissions to apache # username = run("stat -c %%U %(project_root)s" % context) # run('adduser www-data %s' % username) # run('chmod g+w %(media_root)s' % context) # Give read permissions to cert key file run('chmod g+r %(cert_key_path)s' % context)