2020-02-14 21:31:08 +01:00
|
|
|
== Déploiement sur CentOS
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
|
|
|
|
yum update
|
|
|
|
|
groupadd --system webapps
|
|
|
|
|
groupadd --system gunicorn_sockets
|
2020-04-11 09:23:28 +02:00
|
|
|
useradd --system --gid webapps --shell /bin/bash --home /home/gwift gwift
|
|
|
|
|
mkdir -p /home/gwift
|
|
|
|
|
chown gwift:webapps /home/gwift
|
2020-02-14 21:31:08 +01:00
|
|
|
----
|
2020-02-10 11:13:24 +01:00
|
|
|
|
2020-02-14 21:31:08 +01:00
|
|
|
=== Installation des dépendances systèmes
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
|
|
|
|
yum install python36 git tree -y
|
|
|
|
|
|
|
|
|
|
# CentOS 7 ne dispose que de la version 3.7 d'SQLite. On a besoin d'une version 3.8 au minimum:
|
|
|
|
|
wget https://kojipkgs.fedoraproject.org//packages/sqlite/3.8.11/1.fc21/x86_64/sqlite-devel-3.8.11-1.fc21.x86_64.rpm
|
|
|
|
|
wget https://kojipkgs.fedoraproject.org//packages/sqlite/3.8.11/1.fc21/x86_64/sqlite-3.8.11-1.fc21.x86_64.rpm
|
|
|
|
|
sudo yum install sqlite-3.8.11-1.fc21.x86_64.rpm sqlite-devel-3.8.11-1.fc21.x86_64.rpm -y
|
|
|
|
|
----
|
|
|
|
|
|
2020-02-14 21:31:08 +01:00
|
|
|
=== Préparation de l'environnement utilisateur
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
2020-04-11 09:23:28 +02:00
|
|
|
su - gwift
|
2020-02-10 11:13:24 +01:00
|
|
|
cp /etc/skel/.bashrc .
|
|
|
|
|
cp /etc/skel/.bash_profile .
|
|
|
|
|
ssh-keygen
|
|
|
|
|
mkdir bin
|
|
|
|
|
mkdir .venvs
|
|
|
|
|
mkdir webapps
|
2020-04-11 09:23:28 +02:00
|
|
|
python3.6 -m venv .venvs/gwift
|
|
|
|
|
source .venvs/gwift/bin/activate
|
|
|
|
|
cd /home/gwift/webapps
|
|
|
|
|
git clone git@vmwmedtools:institutionnel/gwift.git
|
2020-02-10 11:13:24 +01:00
|
|
|
----
|
|
|
|
|
|
|
|
|
|
La clé SSH doit ensuite être renseignée au niveau du dépôt, afin de pouvoir y accéder.
|
|
|
|
|
|
|
|
|
|
A ce stade, on devrait déjà avoir quelque chose de fonctionnel en démarrant les commandes suivantes:
|
|
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
2020-04-11 09:23:28 +02:00
|
|
|
# en tant qu'utilisateur 'gwift'
|
2020-02-10 11:13:24 +01:00
|
|
|
|
2020-04-11 09:23:28 +02:00
|
|
|
source .venvs/gwift/bin/activate
|
2020-02-10 11:13:24 +01:00
|
|
|
pip install -U pip
|
|
|
|
|
pip install -r requirements/base.txt
|
|
|
|
|
pip install gunicorn
|
2020-04-11 09:23:28 +02:00
|
|
|
cd webapps/gwift
|
2020-02-10 11:13:24 +01:00
|
|
|
gunicorn config.wsgi:application --bind localhost:3000 --settings=config.settings_production
|
|
|
|
|
----
|
|
|
|
|
|
2020-02-14 21:31:08 +01:00
|
|
|
=== Configuration de l'application
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
|
|
|
|
SECRET_KEY=<set your secret key here>
|
|
|
|
|
ALLOWED_HOSTS=*
|
2020-04-11 09:23:28 +02:00
|
|
|
STATIC_ROOT=/var/www/gwift/static
|
2020-02-10 11:13:24 +01:00
|
|
|
----
|
|
|
|
|
|
2020-02-14 21:31:08 +01:00
|
|
|
=== Création des répertoires de logs
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
[source,text]
|
|
|
|
|
----
|
2020-04-11 09:23:28 +02:00
|
|
|
mkdir -p /var/www/gwift/static
|
2020-02-10 11:13:24 +01:00
|
|
|
----
|
|
|
|
|
|
2020-02-14 21:31:08 +01:00
|
|
|
=== Création du répertoire pour le socket
|
|
|
|
|
|
2020-04-11 09:23:28 +02:00
|
|
|
Dans le fichier `/etc/tmpfiles.d/gwift.conf`:
|
2020-02-10 11:13:24 +01:00
|
|
|
|
2020-02-14 21:31:08 +01:00
|
|
|
[source,text]
|
|
|
|
|
----
|
2020-04-11 09:23:28 +02:00
|
|
|
D /var/run/webapps 0775 gwift gunicorn_sockets -
|
2020-02-14 21:31:08 +01:00
|
|
|
----
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
Suivi de la création par systemd :
|
2020-02-14 21:31:08 +01:00
|
|
|
|
|
|
|
|
[source,text]
|
|
|
|
|
----
|
2020-02-10 11:13:24 +01:00
|
|
|
systemd-tmpfiles --create
|
2020-02-14 21:31:08 +01:00
|
|
|
----
|
2020-02-10 11:13:24 +01:00
|
|
|
|
2020-02-14 21:31:08 +01:00
|
|
|
=== Gunicorn
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
# defines settings for gunicorn
|
2020-04-11 09:23:28 +02:00
|
|
|
NAME="gwift"
|
|
|
|
|
DJANGODIR=/home/gwift/webapps/gwift
|
|
|
|
|
SOCKFILE=/var/run/webapps/gunicorn_gwift.sock
|
|
|
|
|
USER=gwift
|
2020-02-10 11:13:24 +01:00
|
|
|
GROUP=gunicorn_sockets
|
|
|
|
|
NUM_WORKERS=5
|
|
|
|
|
DJANGO_SETTINGS_MODULE=config.settings_production
|
|
|
|
|
DJANGO_WSGI_MODULE=config.wsgi
|
|
|
|
|
|
|
|
|
|
echo "Starting $NAME as `whoami`"
|
|
|
|
|
|
2020-04-11 09:23:28 +02:00
|
|
|
source /home/gwift/.venvs/gwift/bin/activate
|
2020-02-10 11:13:24 +01:00
|
|
|
cd $DJANGODIR
|
|
|
|
|
export DJANGO_SETTINGS_MODULE=$DJANGO_SETTINGS_MODULE
|
|
|
|
|
export PYTHONPATH=$DJANGODIR:$PYTHONPATH
|
|
|
|
|
|
|
|
|
|
exec gunicorn ${DJANGO_WSGI_MODULE}:application \
|
|
|
|
|
--name $NAME \
|
|
|
|
|
--workers $NUM_WORKERS \
|
|
|
|
|
--user $USER \
|
|
|
|
|
--bind=unix:$SOCKFILE \
|
|
|
|
|
--log-level=debug \
|
|
|
|
|
--log-file=-
|
|
|
|
|
----
|
|
|
|
|
|
2020-02-14 21:31:08 +01:00
|
|
|
=== Supervision
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
|
|
|
|
yum install supervisor -y
|
|
|
|
|
----
|
|
|
|
|
|
2020-04-11 09:23:28 +02:00
|
|
|
On crée ensuite le fichier `/etc/supervisord.d/gwift.ini`:
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
2020-04-11 09:23:28 +02:00
|
|
|
[program:gwift]
|
|
|
|
|
command=/home/gwift/bin/start_gunicorn.sh
|
|
|
|
|
user=gwift
|
|
|
|
|
stdout_logfile=/var/log/gwift/gwift.log
|
2020-02-10 11:13:24 +01:00
|
|
|
autostart=true
|
|
|
|
|
autorestart=unexpected
|
|
|
|
|
redirect_stdout=true
|
|
|
|
|
redirect_stderr=true
|
2020-02-14 21:31:08 +01:00
|
|
|
----
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
Et on crée les répertoires de logs, on démarre supervisord et on vérifie qu'il tourne correctement:
|
2020-02-14 21:31:08 +01:00
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
2020-04-11 09:23:28 +02:00
|
|
|
mkdir /var/log/gwift
|
|
|
|
|
chown gwift:nagios /var/log/gwift
|
2020-02-14 21:31:08 +01:00
|
|
|
|
2020-02-10 11:13:24 +01:00
|
|
|
systemctl enable supervisord
|
|
|
|
|
systemctl start supervisord.service
|
|
|
|
|
systemctl status supervisord.service
|
|
|
|
|
● supervisord.service - Process Monitoring and Control Daemon
|
|
|
|
|
Loaded: loaded (/usr/lib/systemd/system/supervisord.service; enabled; vendor preset: disabled)
|
|
|
|
|
Active: active (running) since Tue 2019-12-24 10:08:09 CET; 10s ago
|
|
|
|
|
Process: 2304 ExecStart=/usr/bin/supervisord -c /etc/supervisord.conf (code=exited, status=0/SUCCESS)
|
|
|
|
|
Main PID: 2310 (supervisord)
|
|
|
|
|
CGroup: /system.slice/supervisord.service
|
|
|
|
|
├─2310 /usr/bin/python /usr/bin/supervisord -c /etc/supervisord.conf
|
2020-04-11 09:23:28 +02:00
|
|
|
├─2313 /home/gwift/.venvs/gwift/bin/python3 /home/gwift/.venvs/gwift/bin/gunicorn config.wsgi:...
|
|
|
|
|
├─2317 /home/gwift/.venvs/gwift/bin/python3 /home/gwift/.venvs/gwift/bin/gunicorn config.wsgi:...
|
|
|
|
|
├─2318 /home/gwift/.venvs/gwift/bin/python3 /home/gwift/.venvs/gwift/bin/gunicorn config.wsgi:...
|
|
|
|
|
├─2321 /home/gwift/.venvs/gwift/bin/python3 /home/gwift/.venvs/gwift/bin/gunicorn config.wsgi:...
|
|
|
|
|
├─2322 /home/gwift/.venvs/gwift/bin/python3 /home/gwift/.venvs/gwift/bin/gunicorn config.wsgi:...
|
|
|
|
|
└─2323 /home/gwift/.venvs/gwift/bin/python3 /home/gwift/.venvs/gwift/bin/gunicorn config.wsgi:...
|
2020-02-10 11:13:24 +01:00
|
|
|
ls /var/run/webapps/
|
|
|
|
|
----
|
|
|
|
|
|
2020-02-16 21:11:51 +01:00
|
|
|
On peut aussi vérifier que l'application est en train de tourner, à l'aide de la commande `supervisorctl`:
|
|
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
|
|
|
|
$$$ supervisorctl status gwift
|
|
|
|
|
gwift RUNNING pid 31983, uptime 0:01:00
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Et pour gérer le démarrage ou l'arrêt, on peut passer par les commandes suivantes:
|
|
|
|
|
|
|
|
|
|
[source,bash]
|
|
|
|
|
----
|
|
|
|
|
$$$ supervisorctl stop gwift
|
|
|
|
|
gwift: stopped
|
|
|
|
|
root@ks3353535:/etc/supervisor/conf.d# supervisorctl start gwift
|
|
|
|
|
gwift: started
|
|
|
|
|
root@ks3353535:/etc/supervisor/conf.d# supervisorctl restart gwift
|
|
|
|
|
gwift: stopped
|
|
|
|
|
gwift: started
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
|
2020-02-14 21:31:08 +01:00
|
|
|
=== Ouverture des ports
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
[source,text]
|
|
|
|
|
----
|
|
|
|
|
firewall-cmd --permanent --zone=public --add-service=http
|
|
|
|
|
firewall-cmd --permanent --zone=public --add-service=https
|
|
|
|
|
firewall-cmd --reload
|
|
|
|
|
----
|
|
|
|
|
|
2020-02-14 21:31:08 +01:00
|
|
|
=== Installation d'Nginx
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
[source]
|
|
|
|
|
----
|
|
|
|
|
yum install nginx -y
|
|
|
|
|
usermod -a -G gunicorn_sockets nginx
|
|
|
|
|
----
|
|
|
|
|
|
2020-04-11 09:23:28 +02:00
|
|
|
On configure ensuite le fichier `/etc/nginx/conf.d/gwift.conf`:
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
----
|
2020-04-11 09:23:28 +02:00
|
|
|
upstream gwift_app {
|
|
|
|
|
server unix:/var/run/webapps/gunicorn_gwift.sock fail_timeout=0;
|
2020-02-10 11:13:24 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
server {
|
|
|
|
|
listen 80;
|
|
|
|
|
server_name <server_name>;
|
2020-04-11 09:23:28 +02:00
|
|
|
root /var/www/gwift;
|
|
|
|
|
error_log /var/log/nginx/gwift_error.log;
|
|
|
|
|
access_log /var/log/nginx/gwift_access.log;
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
client_max_body_size 4G;
|
|
|
|
|
keepalive_timeout 5;
|
|
|
|
|
|
|
|
|
|
gzip on;
|
|
|
|
|
gzip_comp_level 7;
|
|
|
|
|
gzip_proxied any;
|
|
|
|
|
gzip_types gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
location /static/ {
|
|
|
|
|
access_log off;
|
|
|
|
|
expires 30d;
|
|
|
|
|
add_header Pragma public;
|
|
|
|
|
add_header Cache-Control "public";
|
|
|
|
|
add_header Vary "Accept-Encoding";
|
|
|
|
|
try_files $uri $uri/ =404;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
|
proxy_set_header Host $http_host;
|
|
|
|
|
proxy_redirect off;
|
|
|
|
|
|
2020-04-11 09:23:28 +02:00
|
|
|
proxy_pass http://gwift_app;
|
2020-02-10 11:13:24 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
----
|
|
|
|
|
|
2020-02-14 21:31:08 +01:00
|
|
|
=== Configuration des sauvegardes
|
2020-02-10 11:13:24 +01:00
|
|
|
|
2020-02-14 21:31:08 +01:00
|
|
|
Les sauvegardes ont été configurées avec borg: `yum install borgbackup`.
|
2020-02-10 11:13:24 +01:00
|
|
|
|
2020-04-11 09:23:28 +02:00
|
|
|
C'est l'utilisateur gwift qui s'en occupe.
|
2020-02-10 11:13:24 +01:00
|
|
|
|
|
|
|
|
----
|
2020-04-11 09:23:28 +02:00
|
|
|
mkdir -p /home/gwift/borg-backups/
|
|
|
|
|
cd /home/gwift/borg-backups/
|
|
|
|
|
borg init gwift.borg -e=none
|
|
|
|
|
borg create gwift.borg::{now} ~/bin ~/webapps
|
2020-02-10 11:13:24 +01:00
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Et dans le fichier crontab :
|
|
|
|
|
|
|
|
|
|
----
|
2020-04-11 09:23:28 +02:00
|
|
|
0 23 * * * /home/gwift/bin/backup.sh
|
2020-02-14 21:31:08 +01:00
|
|
|
----
|
