def install_nginx(): """ Install NGINX and make it use certs. """ if system.distrib_id() == 'Debian': require_file(url='http://nginx.org/packages/keys/nginx_signing.key') deb.add_apt_key('nginx_signing.key') su_delete('nginx_signing.key') url = 'http://nginx.org/packages/debian/' distrib = 'squeeze' if system.distrib_release().startswith('7'): distrib = 'wheezy' require.deb.source('nginx', url, distrib, 'nginx') require.deb.package('nginx') contents = PROXIED_SITE_TEMPLATE % { 'server_name': 'cozy', 'port': 443, 'proxy_url': 'http://127.0.0.1:9104' } require.files.file('/etc/nginx/conf.d/cozy.conf', contents=contents, use_sudo=True) service.restart('nginx') else: require.deb.ppa("ppa:nginx/stable") require.nginx.site("cozy", template_contents=PROXIED_SITE_TEMPLATE, enabled=True, port=443, proxy_url='http://127.0.0.1:9104' ) print(green("Nginx successfully installed."))
def setup(short_hostname): deb.update_index() install_fail2ban() # HAProxy determines it's local name from hostname, and expects it # to have a "peer lb-1 ld-1.helix-cloud.ca" section present. # Thanks to the Debian HAProxy packaging team! with open(files.haproxy_cfg) as fp: cfg = fp.read() if not re.search(r'^\s*peer\s+{}'.format(short_hostname), cfg, flags=re.MULTILINE): abort("hostname does not match any set in HAProxy config!") execute(set_hostname, short_hostname) # Newer versions of HAProxy support "peers", which is good require.deb.package('software-properties-common') require.deb.ppa('ppa:vbernat/haproxy-1.7') require.deb.package('haproxy') # no such thing as \d in sed regex sed('/etc/default/haproxy', 'ENABLED=[[:digit:]]', 'ENABLED=1') put(files.haproxy_cfg, '/etc/haproxy/haproxy.cfg') service.restart('haproxy')
def setup_docs_web_site(branch='master'): """Initialise an InaSAFE docs site where we host docs and pdf. :param branch: Which branch of the documentation to build. :type branch: str """ build_docs() fabtools.require.deb.package('apache2') apache_conf_template = 'inasafe-doc.conf.templ' if not exists(web_directory): require.directory('mkdir -p %s/pdf' % web_directory, True, 'web') # TODO: Fix perms below sudo('chown -R %s.%s %s' % ('web', 'web', web_directory)) apache_path = '/etc/apache2/sites-available/' # Clone and replace tokens in apache conf local_dir = os.path.dirname(__file__) local_file = os.path.abspath(os.path.join( local_dir, 'scripts', apache_conf_template)) context = { 'server_name': 'inasafe.org', # Web Url e.g. foo.com 'web_master': '*****@*****.**', # email of web master 'document_root': web_directory, # Content root .e.g. /var/www } fastprint(green('Using %s for template' % local_file)) destination = '%s/inasafe-docs.conf' % apache_path upload_template( local_file, destination, context=context, use_sudo=True) with cd(code_path): # Copy built Documentation to the Webserver path run('cp -r docs/output/html/* %s' % web_directory) run('cp -r docs/output/pdf %s' % web_directory) run('cp scripts/.htaccess %s' % web_directory) run('cp scripts/directory*.html %s/en/_static/' % web_directory) # Add a hosts entry for local testing - only really useful for localhost hosts = '/etc/hosts' if not contains(hosts, 'inasafe-docs'): append(hosts, '127.0.0.1 inasafe-doc.localhost', use_sudo=True) require.apache.enable('inasafe-docs') require.apache.disable('default') sudo('a2enmod rewrite') restart('apache2')
def change_authentication_method(sshd_cfg): files.sed(sshd_cfg, '#PasswordAuthentication yes', 'PasswordAuthentication no', use_sudo=True) service.restart('sshd')
def setup_docs_web_proxy(): """Set up a mod proxy based vhost to forward web traffic to internal host. If container_id is none, it will also install docker and set up the entire documentation web site inside that docker container. """ require.directory(work_dir) with cd(work_dir): run('echo "fabgis" > requirements.txt') setup_venv(work_dir) container_id_file = 'fabgis.container.id' if not exists(container_id_file): setup_docker() setup_remotely() container_id = current_docker_container() port_mappings = get_docker_port_mappings(container_id) http_port = port_mappings[80] fabtools.require.deb.package('apache2') sudo('a2enmod proxy proxy_http') context = { 'internal_host': env.host, 'internal_port': http_port, 'server_name': 'inasafe.org' } apache_conf_template = 'inasafe.org.mod_proxy.conf.templ' apache_path = '/etc/apache2/sites-available' # Clone and replace tokens in apache conf local_dir = os.path.dirname(__file__) local_file = os.path.abspath(os.path.join( local_dir, 'scripts', apache_conf_template)) fastprint(green('Using %s for template' % local_file)) destination = '%s/inasafe.org.conf' % apache_path upload_template( local_file, destination, context=context, use_sudo=True) require.apache.enable('inasafe.org') restart('apache2')
def deploy(): info('[deploy] Starting Deploy: %s -> %s' % (env.app, env.host_string)) git_push() with cd(env.app_path), shell_env(**env.shell_envs_dict): ensure_packages() one_offs() supervisor.update_config() supervisor.restart_process('all') ft_service.restart('nginx') success('[deploy] Finished Deploy: %s -> %s' % (env.app, env.host_string))
def munin_node(): key_path = os.path.join(os.path.dirname(__file__), '../ssh_key_munin_node.pub') require.deb.packages(['munin-node']) require.users.user('dlce-munin-node', shell='/bin/bash', system=True, ssh_public_keys=[key_path]) service.restart('munin-node')
def setup_docs_web_site(branch='master'): """Initialise an InaSAFE docs site where we host docs and pdf. :param branch: Which branch of the documentation to build. :type branch: str """ build_docs() fabtools.require.deb.package('apache2') apache_conf_template = 'inasafe-doc.conf.templ' if not exists(web_directory): require.directory('mkdir -p %s/pdf' % web_directory, True, 'web') # TODO: Fix perms below sudo('chown -R %s.%s %s' % ('web', 'web', web_directory)) apache_path = '/etc/apache2/sites-available/' # Clone and replace tokens in apache conf local_dir = os.path.dirname(__file__) local_file = os.path.abspath( os.path.join(local_dir, 'scripts', apache_conf_template)) context = { 'server_name': 'inasafe.org', # Web Url e.g. foo.com 'web_master': '*****@*****.**', # email of web master 'document_root': web_directory, # Content root .e.g. /var/www } fastprint(green('Using %s for template' % local_file)) destination = '%s/inasafe-docs.conf' % apache_path upload_template(local_file, destination, context=context, use_sudo=True) with cd(code_path): # Copy built Documentation to the Webserver path run('cp -r docs/output/html/* %s' % web_directory) run('cp -r docs/output/pdf %s' % web_directory) run('cp scripts/.htaccess %s' % web_directory) run('cp scripts/directory*.html %s/en/_static/' % web_directory) # Add a hosts entry for local testing - only really useful for localhost hosts = '/etc/hosts' if not contains(hosts, 'inasafe-docs'): append(hosts, '127.0.0.1 inasafe-doc.localhost', use_sudo=True) require.apache.enable('inasafe-docs') require.apache.disable('default') sudo('a2enmod rewrite') restart('apache2')
def _update_varnish_sites(directory): sites = run('find %s -mindepth 1 -maxdepth 1 -type f ' % directory, combine_stderr=False).splitlines() includes = ''.join('include "%s";\n' % s for s in sites) # work around requrie.files(contents='') not replacing contents = '# autogenerated\n%s' % includes require.file('/etc/varnish/sites.vcl', contents=contents, use_sudo=True, mode='644') service.restart('varnish')
def reset_security_tokens(): ''' Reset all the security tokens for the Cozy (SSL certificates, Controller token, CouchDB superuser) ''' reset_cert() reset_controller_token() config_couchdb() print(green('All the tokens have been reset.')) restart_cozy() service.restart('nginx')
def setup_docs_web_proxy(): """Set up a mod proxy based vhost to forward web traffic to internal host. If container_id is none, it will also install docker and set up the entire documentation web site inside that docker container. """ require.directory(work_dir) with cd(work_dir): run('echo "fabgis" > requirements.txt') setup_venv(work_dir) container_id_file = 'fabgis.container.id' if not exists(container_id_file): setup_docker() setup_remotely() container_id = current_docker_container() port_mappings = get_docker_port_mappings(container_id) http_port = port_mappings[80] fabtools.require.deb.package('apache2') sudo('a2enmod proxy proxy_http') context = { 'internal_host': env.host, 'internal_port': http_port, 'server_name': 'inasafe.org' } apache_conf_template = 'inasafe.org.mod_proxy.conf.templ' apache_path = '/etc/apache2/sites-available' # Clone and replace tokens in apache conf local_dir = os.path.dirname(__file__) local_file = os.path.abspath( os.path.join(local_dir, 'scripts', apache_conf_template)) fastprint(green('Using %s for template' % local_file)) destination = '%s/inasafe.org.conf' % apache_path upload_template(local_file, destination, context=context, use_sudo=True) require.apache.enable('inasafe.org') restart('apache2')
def restarted(service): """ Require a service to be restarted. :: from fabtools import require require.service.restarted('foo') """ if is_running(service): restart(service) else: start(service)
def install_haibu(): """ Setup Haibu Application Manager. """ with cd('/home/cozy/cozy-setup'): cozydo('HOME=/home/cozy npm install') sudo('cp paas.conf /etc/init/') if not service.is_running("paas"): service.start('paas') else: service.restart('paas') print(green("Haibu successfully started"))
def nginx_setup(): upload_template( filename='conf/nginx.conf', destination='%(deploy_path)s/nginx_%(project_name)s.conf' % env, context={ 'project_name': env.project_name, 'static_path': env.static_path, 'media_path':env.media_path, 'log_path': env.log_path }, use_jinja=True ) sudo('ln -s -f %(deploy_path)s/nginx_%(project_name)s.conf ' '/etc/nginx/sites-enabled/%(project_name)s.conf' % env) restart('nginx')
def setup_app(base_dir, port=8080): require.deb.packages(['gcc'], update=True) source_dir = os.path.join(base_dir, SOURCE_FOLDER) require.files.directory(source_dir) require.python.package('uwsgi') require.python.virtualenv(base_dir) sync(base_dir) upload_template('conf/upstart.conf', '/etc/init/myapp.conf', context={ 'app_name': APP_NAME, 'base_dir': base_dir, 'source_dir': source_dir, 'port': port }) service.restart(APP_NAME)
def firewall(zones=None, interfaces=None, policy=None, rules=None, routestopped=None, masq=None): """ Ensure that a firewall is configured. Example:: from fabtools.shorewall import * from fabtools import require # We need a firewall with some custom rules require.shorewall.firewall( rules=[ Ping(), SSH(), HTTP(), HTTPS(), SMTP(), rule(port=1234, source=hosts(['example.com'])), ] ) """ family = distrib_family() if family != 'debian': raise UnsupportedFamily(supported=['debian']) require_deb_package('shorewall') with watch(CONFIG_FILES) as config: _zone_config(zones) _interfaces_config(interfaces) _policy_config(policy) _rules_config(rules) _routestopped_config(routestopped) _masq_config(masq) if config.changed: puts("Shorewall configuration changed") if is_started(): restart('shorewall') with settings(hide('running'), shell_env()): sed('/etc/default/shorewall', 'startup=0', 'startup=1', use_sudo=True)
def install_nginx(): ''' Install NGINX and make it use certs. ''' if system.distrib_id() == 'Debian': if not is_arm(): key_url = 'http://nginx.org/packages/keys/nginx_signing.key' require.file(url=key_url) deb.add_apt_key('nginx_signing.key') su_delete('nginx_signing.key') url = 'http://nginx.org/packages/debian/' distrib = 'squeeze' if system.distrib_release().startswith('7'): distrib = 'wheezy' elif system.distrib_release().startswith('8'): distrib = 'jessie' require.deb.source('nginx', url, distrib, 'nginx') require.deb.package('nginx') contents = PROXIED_SITE_TEMPLATE % { 'server_name': 'cozy', 'port': 443, 'proxy_url': 'http://127.0.0.1:9104' } require.files.file( '/etc/nginx/conf.d/cozy.conf', contents=contents, use_sudo=True) else: require.deb.ppa('ppa:nginx/stable') require.nginx.site( 'cozy', template_contents=PROXIED_SITE_TEMPLATE, enabled=True, port=443, proxy_url='http://127.0.0.1:9104' ) delete_if_exists('/etc/nginx/conf.d/default.conf') delete_if_exists('/etc/nginx/conf.d/example_ssl.conf') delete_if_exists('/etc/nginx/sites-enabled/default') service.restart('nginx') print(green('Nginx successfully installed.'))
def firewall(zones=None, interfaces=None, policy=None, rules=None, routestopped=None, masq=None): """ Ensure that a firewall is configured. Example:: from fabtools.shorewall import * from fabtools import require # We need a firewall with some custom rules require.shorewall.firewall( rules=[ Ping(), SSH(), HTTP(), HTTPS(), SMTP(), rule(port=1234, source=hosts(['example.com'])), ] ) """ family = distrib_family() if family != "debian": raise UnsupportedFamily(supported=["debian"]) require_deb_package("shorewall") with watch(CONFIG_FILES) as config: _zone_config(zones) _interfaces_config(interfaces) _policy_config(policy) _rules_config(rules) _routestopped_config(routestopped) _masq_config(masq) if config.changed: puts("Shorewall configuration changed") if is_started(): restart("shorewall") with settings(hide("running"), shell_env()): sed("/etc/default/shorewall", "startup=0", "startup=1", use_sudo=True)
def install_ntp(): """ Installs and configures the NTP daemon """ # update apt index update_index(quiet=False) print(blue('Installing NTP daemon')) utils.deb.install('ntp') print(blue('Configuring NTP servers to use US pool zone')) # patterns before = 'ubuntu\.pool\.ntp\.org' after = 'us\.pool\.ntp\.org' # ntp configuration file config_file = '/etc/ntp.conf' sed(config_file, before, after, use_sudo=True) print(blue('Restarting NTP server')) service.restart('ntp')
def install_nginx(): ''' Install NGINX and make it use certs. ''' if system.distrib_id() == 'Debian': if not is_arm(): key_url = 'http://nginx.org/packages/keys/nginx_signing.key' require.file(url=key_url) deb.add_apt_key('nginx_signing.key') su_delete('nginx_signing.key') url = 'http://nginx.org/packages/debian/' distrib = 'squeeze' if system.distrib_release().startswith('7'): distrib = 'wheezy' require.deb.source('nginx', url, distrib, 'nginx') require.deb.package('nginx') contents = PROXIED_SITE_TEMPLATE % { 'server_name': 'cozy', 'port': 443, 'proxy_url': 'http://127.0.0.1:9104' } require.files.file( '/etc/nginx/conf.d/cozy.conf', contents=contents, use_sudo=True) else: require.deb.ppa('ppa:nginx/stable') require.nginx.site( 'cozy', template_contents=PROXIED_SITE_TEMPLATE, enabled=True, port=443, proxy_url='http://127.0.0.1:9104' ) delete_if_exists('/etc/nginx/conf.d/default.conf') delete_if_exists('/etc/nginx/conf.d/example_ssl.conf') delete_if_exists('/etc/nginx/sites-enabled/default') service.restart('nginx') print(green('Nginx successfully installed.'))
def munin_host(): host_tree = make_host_tree(APPS.hostnames) app_watchlist = make_app_watchlist(APPS.values()) require.deb.packages(['munin', 'apache2']) # Update WWW path: files.sed(MUNIN_CFG, '#htmldir /var/cache/munin/www', 'htmldir /var/www/munin', use_sudo=True) # Update notification settings: files.sed( MUNIN_CFG, '#contact.someuser.command mail -s "Munin notification" [email protected]', 'contact.email.command mail -s "Munin Notification for ${var:host}" %s' % APPS.defaults['error_email'], use_sudo=True) # Update host tree: if not files.contains(MUNIN_CFG, host_tree): files.append(MUNIN_CFG, host_tree, use_sudo=True) # Write apache24 config: # TODO: Check permissions of file. sudo_upload_template('apache24.conf', '/etc/munin/apache24.conf') # Prepare HTTP monitor: sudo_upload_template('http-monitor', '/usr/share/munin/plugins/http-monitor') sudo('ln -s /usr/share/munin/plugins/http-monitor' + ' /etc/munin/plugins/http-monitor') # Set URLs for HTTP monitoring: sudo('touch /etc/munin/plugin-conf.d/zcustom') files.append('/etc/munin/plugin-conf.d/zcustom', app_watchlist, use_sudo=True) for s in ['munin-node', 'apache2']: service.restart(s)
def restarted(service): """ Require a service to be restarted. :: from fabtools import require require.service.restarted('foo') """ if is_running(service): if using_systemd(): systemd.restart(service) else: restart(service) else: if using_systemd(): systemd.start(service) else: start(service)
def _update_ssh_setting(sshd_config, name, value): """ Update a yes/no setting in the SSH config file """ with watch(sshd_config) as config_file: # First try to change existing setting sed(sshd_config, r'^(\s*#\s*)?%s\s+(yes|no)' % name, '%s %s' % (name, value), use_sudo=True) # Then append setting if it's still missing _append(sshd_config, '%s %s' % (name, value), use_sudo=True) if config_file.changed and is_running('ssh'): restart('ssh')
def _update_ssh_setting(sshd_config, name, value): """ Update a yes/no setting in the SSH config file """ with watch(sshd_config) as config_file: with shell_env(): # First try to change existing setting sed(sshd_config, r'^(\s*#\s*)?%s\s+(yes|no)' % name, '%s %s' % (name, value), use_sudo=True) # Then append setting if it's still missing _append(sshd_config, '%s %s' % (name, value), use_sudo=True) if config_file.changed and is_running('ssh'): restart('ssh')
def firewall(zones=None, interfaces=None, policy=None, rules=None, routestopped=None, masq=None): """ Ensure that a firewall is configured. Example:: from fabtools.shorewall import * from fabtools import require # We need a firewall with some custom rules require.shorewall.firewall( rules=[ Ping(), SSH(), HTTP(), HTTPS(), SMTP(), rule(port=1234, source=hosts(['example.com'])), ] ) """ package('shorewall') with watch(CONFIG_FILES) as config: _zone_config(zones) _interfaces_config(interfaces) _policy_config(policy) _rules_config(rules) _routestopped_config(routestopped) _masq_config(masq) if config.changed: puts("Shorewall configuration changed") if is_started(): restart('shorewall') with settings(hide('running')): sed('/etc/default/shorewall', 'startup=0', 'startup=1', use_sudo=True)
def install_nginx(): """ Install NGINX and make it use certs. """ require.arch.package("nginx") contents = PROXIED_SITE_TEMPLATE % {"server_name": "cozy", "port": 443, "proxy_url": "http://127.0.0.1:9104"} if files.exists("/etc/nginx/conf.d"): require.files.file("/etc/nginx/conf.d/cozy.conf", contents=contents, use_sudo=True) else: config = NginxConfig() config.load(sudo("cat /etc/nginx/nginx.conf")) server = NginxConfig() server.load(contents) config.append(server[0], root=config.get_value(config.get(("http",)))) put(StringIO(config.gen_config()), "/etc/nginx/nginx.conf", use_sudo=True) if files.exists("/etc/nginx/conf.d/default.conf"): su_delete("/etc/nginx/conf.d/default.conf") if files.exists("/etc/nginx/conf.d/example_ssl.conf"): su_delete("/etc/nginx/conf.d/example_ssl.conf") service.restart("nginx") print(green("Nginx successfully installed."))
def setup_server(): set_language() files.sed("/etc/ssh/sshd_config", "StrictModes yes", "StrictModes no", use_sudo=True) service.restart("ssh") deb.upgrade() deb.install([ "nginx", "uwsgi", "uwsgi-plugin-python", "uwsgi-plugin-python3", "libpq-dev", "postgresql", "postgresql-contrib", "python-virtualenv", "python-dev", "python3-dev" ], update=True) # Increase domain name limit files.sed("/etc/nginx/nginx.conf", "# server_names_hash_bucket_size 64;", "server_names_hash_bucket_size 96;", use_sudo=True) nginx.disable("default")
def firewall(zones=None, interfaces=None, policy=None, rules=None, routestopped=None, masq=None): """ Require a firewall """ package('shorewall') with watch(CONFIG_FILES) as config: _zone_config(zones) _interfaces_config(interfaces) _policy_config(policy) _rules_config(rules) _routestopped_config(routestopped) _masq_config(masq) if config.changed: puts("Shorewall configuration changed") if is_started(): restart('shorewall') with settings(hide('running')): sed('/etc/default/shorewall', 'startup=0', 'startup=1', use_sudo=True)
def setup_munin_node(munin_cfg): hostname = run('hostname') key_path = os.path.join(os.path.dirname(__file__), '../ssh_key_munin_node.pub') require.deb.packages(['munin-node']) require.users.user('dlce-munin-node', shell='/bin/bash', system=True, ssh_public_keys=key_path) def fix_munin_cfg(): files.sed(munin_cfg, '#host_name localhost.localdomain', 'host_name ' + hostname + '.clld.org', use_sudo=True) fix_munin_cfg() service.restart('munin-node')
def cache(app): """require an app to be put behind varnish """ require.deb.package('varnish') create_file_as_root('/etc/default/varnish', DEFAULT) create_file_as_root('/etc/varnish/main.vcl', MAIN_VCL) sites_vcl = '/etc/varnish/sites.vcl' site_config = path('/etc/varnish/sites/{app.name}.vcl'.format(app=app)) include = 'include "%s";' % site_config if exists(sites_vcl): append(sites_vcl, include, use_sudo=True) else: create_file_as_root(sites_vcl, include + '\n') require.files.directory(str(site_config.dirname()), use_sudo=True) create_file_as_root(site_config, SITE_VCL_TEMPLATE.format(app=app)) service.restart('varnish') create_file_as_root( app.nginx_site, SITE_TEMPLATE.format(**get_template_variables(App(app.name, 6081, domain=app.domain)))) service.reload('nginx')
def cache(app): """require an app to be put behind varnish """ require.deb.package('varnish') create_file_as_root('/etc/default/varnish', DEFAULT) create_file_as_root('/etc/varnish/main.vcl', MAIN_VCL) sites_vcl = '/etc/varnish/sites.vcl' site_config = path('/etc/varnish/sites/{app.name}.vcl'.format(app=app)) include = 'include "%s";' % site_config if exists(sites_vcl): append(sites_vcl, include, use_sudo=True) else: create_file_as_root(sites_vcl, include + '\n') require.files.directory(str(site_config.dirname()), use_sudo=True) create_file_as_root(site_config, SITE_VCL_TEMPLATE.format(app=app)) service.restart('varnish') create_file_as_root( app.nginx_site, SITE_TEMPLATE.format( **get_template_variables(App(app.name, 6081, domain=app.domain)))) service.reload('nginx')
def cache(app): # pragma: no cover """require an app to be put behind varnish """ require.deb.package('varnish') create_file_as_root('/etc/default/varnish', DEFAULT) create_file_as_root('/etc/varnish/main.vcl', MAIN_VCL) sites_vcl = '/etc/varnish/sites.vcl' site_config_dir = '/etc/varnish/sites' site_config = '/'.join(site_config_dir, '{app.name}.vcl'.format(app=app)) include = 'include "%s";' % site_config if exists(sites_vcl): append(sites_vcl, include, use_sudo=True) else: create_file_as_root(sites_vcl, include + '\n') require.files.directory(site_config_dir, use_sudo=True) create_file_as_root(site_config, SITE_VCL_TEMPLATE.format(app=app)) service.restart('varnish') template_vars = get_template_variables(App(app.name, 6081, domain=app.domain)) template_vars['SITE'] = True upload_template_as_root(app.nginx_site, 'nginx-app.conf', template_vars) service.reload('nginx')
def addRootFlask(webserver, appname): """ Add a flask webserver :param webserver: :param appname: :return: """ hostdir = gethostdir() # Create web directory createDirectory(hostdir, webserver) # Add a nginx CONFIG_TPL = ''' server { server_name %(server_name)s %(server_alias)s; root %(docroot)s/%(server_name)s/www; access_log %(docroot)s/%(server_name)s/log/access.log; error_log %(docroot)s/%(server_name)s/log/error.log; location / { try_files $uri @%(appname)s; } location @%(appname)s { include uwsgi_params; uwsgi_pass unix:/run/uwsgi/app/%(server_name)s_%(appname)s/socket; } }''' require.nginx.site( webserver, template_contents=CONFIG_TPL, appname=appname, server_alias='', docroot=hostdir, ) # Add a uwsgi config_filename = '/etc/uwsgi/apps-available/%(webserver)s_%(appname)s.ini' % locals() CONFIG_TPL = ''' [uwsgi] uid = %(server_name)s gid = %(server_name)s callable = app plugins = python base = %(hostdir)s/%(server_name)s/www pythonpath = %(hostdir)s/%(server_name)s/www/%(appname)s virtualenv = %(hostdir)s/%(server_name)s/venv wsgi-file = /data/backup/hosting/domotique/www/%(appname)s/sk_server.py env = %(APPNAME)s_SETTINGS=/data/backup/hosting/domotique/conf/%(appname)s.cfg logto = /var/log/uwsgi/%(server_name)s_%(appname)s.log chmod-socket = 666 # Optional emperor = /tmp emperor-tyrant = true cap = setgid,setuid ''' template_file(config_filename, template_contents=CONFIG_TPL, template_source=None, context={ 'server_name': webserver, 'hostdir': hostdir, 'appname': appname, 'APPNAME': appname.upper() } ) active_uwsgi(webserver, appname) service.restart('uwsgi') service.restart('nginx') require.network.host('127.0.0.1', webserver)
def on_change(): puts("Shorewall configuration changed") if is_started(): restart('shorewall')
def remove_default_nginx(): sudo('rm /etc/nginx/sites-enabled/default') restart('nginx')
def restart_app(service_name=SERVICE_NAME): if service.is_running(SERVICE_NAME): service.restart(SERVICE_NAME) else: service.start(SERVICE_NAME)
def addRootFlask(webserver, appname): """ Add a flask webserver :param webserver: :param appname: :return: """ hostdir = gethostdir() # Create web directory createDirectory(hostdir, webserver) # Add a nginx CONFIG_TPL = ''' server { server_name %(server_name)s %(server_alias)s; root %(docroot)s/%(server_name)s/www; access_log %(docroot)s/%(server_name)s/log/access.log; error_log %(docroot)s/%(server_name)s/log/error.log; location / { try_files $uri @%(appname)s; } location @%(appname)s { include uwsgi_params; uwsgi_pass unix:/run/uwsgi/app/%(server_name)s_%(appname)s/socket; } }''' require.nginx.site( webserver, template_contents=CONFIG_TPL, appname=appname, server_alias='', docroot=hostdir, ) # Add a uwsgi config_filename = '/etc/uwsgi/apps-available/%(webserver)s_%(appname)s.ini' % locals( ) CONFIG_TPL = ''' [uwsgi] uid = %(server_name)s gid = %(server_name)s callable = app plugins = python base = %(hostdir)s/%(server_name)s/www pythonpath = %(hostdir)s/%(server_name)s/www/%(appname)s virtualenv = %(hostdir)s/%(server_name)s/venv wsgi-file = /data/backup/hosting/domotique/www/%(appname)s/sk_server.py env = %(APPNAME)s_SETTINGS=/data/backup/hosting/domotique/conf/%(appname)s.cfg logto = /var/log/uwsgi/%(server_name)s_%(appname)s.log chmod-socket = 666 # Optional emperor = /tmp emperor-tyrant = true cap = setgid,setuid ''' template_file(config_filename, template_contents=CONFIG_TPL, template_source=None, context={ 'server_name': webserver, 'hostdir': hostdir, 'appname': appname, 'APPNAME': appname.upper() }) active_uwsgi(webserver, appname) service.restart('uwsgi') service.restart('nginx') require.network.host('127.0.0.1', webserver)
def restart(component): if service.is_running(component): service.restart(component) else: service.start(component)
def restart(): service.restart(service_name)