forked from harikvpy/deploy-django
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcreate_py3_django_project_run_env.sh
316 lines (279 loc) · 10.7 KB
/
create_py3_django_project_run_env.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
#!/bin/bash
#
# Usage:
# $ create_django_project_run_env <appname>
# error exit function
function error_exit
{
echo "$1" 1>&2
exit 1
}
# check if we're being run as root
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit
fi
# conventional values that we'll use throughout the script
APPNAME=$1
DOMAINNAME=$2
GROUPNAME=webapps
# app folder name under /webapps/<appname>_project
APPFOLDER=$1_project
APPFOLDERPATH=/$GROUPNAME/$APPFOLDER
# prerequisite standard packages. If any of these are missing,
# script will attempt to install it. If installation fails, it will abort.
LINUX_PREREQ=('git' 'build-essential' 'python-dev' 'nginx' 'postgresql' 'libpq-dev' 'python-pip')
PYTHON_PREREQ=('virtualenv' 'supervisor')
# check appname was supplied as argument
if [ "$APPNAME" == "" ] || [ "$DOMAINNAME" == "" ]; then
echo "Usage:"
echo " $ create_django_project_run_env <project> <domain>"
echo
exit 1
fi
# test prerequisites
echo "Checking if required packages are installed..."
declare -a MISSING
for pkg in "${LINUX_PREREQ[@]}"
do
echo "Installing '$pkg'..."
apt-get -y install $pkg
if [ $? -ne 0 ]; then
echo "Error installing system package '$pkg'"
exit 1
fi
done
for ppkg in "${PYTHON_PREREQ[@]}"
do
echo "Installing Python package '$ppkg'..."
pip install $ppkg
if [ $? -ne 0 ]; then
echo "Error installing python package '$ppkg'"
exit 1
fi
done
if [ ${#MISSING[@]} -ne 0 ]; then
echo "Following required packages are missing, please install them first."
echo ${MISSING[*]}
exit 1
fi
echo "All required packages are installed!"
# create the app folder
echo "Creating app folder '$APPFOLDERPATH'..."
mkdir -p /$GROUPNAME/$APPFOLDER || error_exit "Could not create app folder"
# test the group 'webapps' exists, and if it doesn't create it
getent group $GROUPNAME
if [ $? -ne 0 ]; then
echo "Creating group '$GROUPNAME' for automation accounts..."
groupadd --system $GROUPNAME || error_exit "Could not create group 'webapps'"
fi
# create the app user account, same name as the appname
grep "$APPNAME:" /etc/passwd
if [ $? -ne 0 ]; then
echo "Creating automation user account '$APPNAME'..."
useradd --system --gid $GROUPNAME --shell /bin/bash --home $APPFOLDERPATH $APPNAME || error_exit "Could not create automation user account '$APPNAME'"
fi
# change ownership of the app folder to the newly created user account
echo "Setting ownership of $APPFOLDERPATH and its descendents to $APPNAME:$GROUPNAME..."
chown -R $APPNAME:$GROUPNAME $APPFOLDERPATH || error_exit "Error setting ownership"
# give group execution rights in the folder;
# TODO: is this necessary? why?
chmod g+x $APPFOLDERPATH || error_exit "Error setting group execute flag"
# install python virtualenv in the APPFOLDER
echo "Creating environment setup for django app..."
su -l $APPNAME << 'EOF'
pwd
echo "Setting up python virtualenv..."
virtualenv -p python3 . || error_exit "Error installing virtual environment to app folder"
source ./bin/activate
# upgrade pip
pip install --upgrade pip || error_exist "Error upgrading pip to the latest version"
# install prerequisite python packages for a django app using pip
echo "Installing base python packages for the app..."
# Standard django packages which will be installed. If any of these fail, script will abort
DJANGO_PKGS=('django' 'psycopg2' 'gunicorn' 'setproctitle')
for dpkg in "${DJANGO_PKGS[@]}"
do
echo "Installing $dpkg..."
pip install $dpkg || error_exit "Error installing $dpkg"
done
# create the default folders where we store django app's resources
echo "Creating static file folders..."
mkdir logs run ssl static media || error_exit "Error creating static folders"
EOF
# generate secret key
echo "Generating Django secret key..."
DJANGO_SECRET_KEY=`openssl rand -base64 48`
if [ $? -ne 0 ]; then
error_exit "Error creating secret key."
fi
echo $DJANGO_SECRET_KEY > $APPFOLDERPATH/.django_secret_key
chown $APPNAME:$GROUPNAME $APPFOLDERPATH/.django_secret_key
echo "Creating gunicorn startup script..."
cat > /tmp/prepare_env.sh << EOF
DJANGODIR=$APPFOLDERPATH/$APPNAME # Django project directory
DJANGO_SETTINGS_MODULE=$APPNAME.settings # settings file for the app
export DJANGO_SETTINGS_MODULE=\$DJANGO_SETTINGS_MODULE
export PYTHONPATH=\$DJANGODIR:\$PYTHONPATH
export SECRET_KEY=`cat $APPFOLDERPATH/.django_secret_key`
export DB_PASSWORD=`cat $APPFOLDERPATH/.django_db_password`
cd $APPFOLDERPATH
source ./bin/activate
EOF
mv /tmp/prepare_env.sh $APPFOLDERPATH
chown $APPNAME:$GROUPNAME $APPFOLDERPATH/prepare_env.sh
cat > /tmp/gunicorn_start.sh << EOF
#!/bin/bash
# Makes the following assumptions:
#
# 1. All applications are located in a subfolder within /webapps
# 2. Each app gets a dedicated subfolder <appname> under /webapps. This will
# be referred to as the app folder.
# 3. The group account 'webapps' exists and each app is to be executed
# under the user account <appname>.
# 4. The app folder and all its recursive contents are owned by
# <appname>:webapps.
# 5. The django app is stored under /webapps/<appname>/<appname> folder.
#
cd $APPFOLDERPATH
source ./prepare_env.sh
SOCKFILE=$APPFOLDERPATH/run/gunicorn.sock # we will communicte using this unix socket
USER=$APPNAME # the user to run as
GROUP=$GROUPNAME # the group to run as
NUM_WORKERS=3 # how many worker processes should Gunicorn spawn
DJANGO_WSGI_MODULE=$APPNAME.wsgi # WSGI module name
echo "Starting $APPNAME as \`whoami\`"
# Create the run directory if it doesn't exist
RUNDIR=\$(dirname \$SOCKFILE)
test -d \$RUNDIR || mkdir -p \$RUNDIR
# Start your Django Unicorn
# Programs meant to be run under supervisor should not daemonize themselves (do not use --daemon)
exec ./bin/gunicorn \${DJANGO_WSGI_MODULE}:application \
--name $APPNAME \
--workers \$NUM_WORKERS \
--user=\$USER --group=\$GROUP \
--bind=unix:\$SOCKFILE \
--log-level=debug \
--log-file=-
EOF
# move the script to app folder
mv /tmp/gunicorn_start.sh $APPFOLDERPATH
chown $APPNAME:$GROUPNAME $APPFOLDERPATH/gunicorn_start.sh
chmod u+x $APPFOLDERPATH/gunicorn_start.sh
# create the PostgreSQL database and associated role for the app
# Database and role name would be the same as the <appname> argument
echo "Creating secure password for database role..."
DBPASSWORD=`openssl rand -base64 32`
if [ $? -ne 0 ]; then
error_exit "Error creating secure password for database role."
fi
echo $DBPASSWORD > $APPFOLDERPATH/.django_db_password
chown $APPNAME:$GROUPNAME $APPFOLDERPATH/.django_db_password
echo "Creating PostgreSQL role '$APPNAME'..."
su postgres -c "createuser -S -D -R -w $APPNAME"
echo "Changing password of database role..."
su postgres -c "psql -c \"ALTER USER $APPNAME WITH PASSWORD '$DBPASSWORD';\""
echo "Creating PostgreSQL database '$APPNAME'..."
su postgres -c "createdb --owner $APPNAME $APPNAME"
# create nginx template in /etc/nginx/sites-available
mkdir -p /etc/nginx/sites-available
APPSERVERNAME=$APPNAME
APPSERVERNAME+=_gunicorn
cat > /etc/nginx/sites-available/$APPNAME.conf << EOF
upstream $APPSERVERNAME {
server unix:$APPFOLDERPATH/run/gunicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name $DOMAINNAME;
client_max_body_size 5M;
keepalive_timeout 5;
underscores_in_headers on;
access_log $APPFOLDERPATH/logs/nginx-access.log;
error_log $APPFOLDERPATH/logs/nginx-error.log;
location /media {
alias $APPFOLDERPATH/media;
}
location /static {
alias $APPFOLDERPATH/static;
}
location /static/admin {
alias $APPFOLDERPATH/lib/python3.5/site-packages/django/contrib/admin/static/admin/;
}
# This would redirect http site access to HTTPS. Uncomment to enable
#location / {
# rewrite ^ https://\$http_host\$request_uri? permanent;
#}
# To make the site pure HTTPS, comment the following section while
# uncommenting the above section. Also uncoment the HTTPS section
location / {
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header Host \$http_host;
proxy_redirect off;
proxy_pass http://$APPSERVERNAME;
}
}
# Uncomment this if you want to enable HTTPS access. Also, remember to install
# the site certificate, either purcahased or generated.
#server {
# listen 443 default ssl;
# server_name $DOMAINNAME;
#
# client_max_body_size 5M;
# keepalive_timeout 5;
#
# ssl_certificate /etc/nginx/ssl/cert_chain.crt;
# ssl_certificate_key $APPFOLDERPATH/ssl/$DOMAINNAME.key;
#
# access_log $APPFOLDERPATH/logs/nginx-access.log;
# error_log $APPFOLDERPATH/logs/nginx-error.log;
#
# location /media {
# alias $APPFOLDERPATH/media;
# }
# location /static {
# alias $APPFOLDERPATH/static;
# }
# location /static/admin {
# alias $APPFOLDERPATH/lib/python3.5/site-packages/django/contrib/admin/static/admin/;
# }
# location / {
# proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
# proxy_set_header Host \$http_host;
# proxy_set_header X-Forwarded-Proto \$scheme;
# proxy_redirect off;
# proxy_pass http://$APPSERVERNAME;
# }
#}
EOF
# make a symbolic link to the nginx conf file in sites-enabled
ln -s /etc/nginx/sites-available/$APPNAME.conf /etc/nginx/sites-enabled/$APPNAME
# copy supervisord.conf
cp ./supervisord.conf /etc || error_exit "Error copying supervisord.conf"
# create the supervisor application conf file
mkdir -p /etc/supervisor
cat > /etc/supervisor/$APPNAME.conf << EOF
[program:$APPNAME]
command = $APPFOLDERPATH/gunicorn_start.sh
user = $APPNAME
stdout_logfile = $APPFOLDERPATH/logs/gunicorn_supervisor.log
redirect_stderr = true
EOF
# create supervisord init.d script that can be controlled with service
echo "Setting up supervisor to autostart during bootup..."
cp ./supervisord /etc/init.d || error_exit "Error copying /etc/init.d/supervisord"
# enable execute flag on the script
chmod +x /etc/init.d/supervisord || error_exit "Error setting execute flag on supervisord"
# create the entries in runlevel folders to autostart supervisord
update-rc.d supervisord defaults || error_exit "Error configuring supervisord to autostart"
# now create a quasi django project that can be run using a GUnicorn script
echo "Installing quasi django project..."
su -l $APPNAME << EOF
source ./bin/activate
django-admin.py startproject $APPNAME
EOF
# now start the supervisord daemon
service supervisord start || error_exit "Error starting supervisord"
# reload nginx so that requests to domain are redirected to the gunicorn process
nginx -s reload || error_exit "Error reloading nginx. Check configuration files"
echo "Done!"