Skip to content

@makaimc /fabfile.py
Created

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
from fabric.api import *
from fabric.context_managers import cd
from fabric.operations import local as lrun, sudo
from fabric.contrib.files import sed
from fabric.utils import warn
from local_fabfile import root, prod, lh, SERVER_IP
def virtualenv(command, run_directory=''):
if run_directory == '':
run_directory = env.directory
with cd(run_directory):
sudo(env.activate + '&&' + command, user=env.user)
def apt_get(*packages):
sudo('apt-get -y --no-upgrade install %s' % ' '.join(packages), shell=False)
def create_privileged_group():
run('/usr/sbin/groupadd ' + env.user_group)
run('mv /etc/sudoers /etc/sudoers-backup')
run('(cat /etc/sudoers-backup ; echo "%' + env.user_group + \
' ALL=(ALL) ALL") > /etc/sudoers')
run('chmod 440 /etc/sudoers')
def create_privileged_user():
run('/usr/sbin/adduser ' + env.non_root_user)
run('/usr/sbin/usermod -a -G ' + env.user_group + ' ' + env.non_root_user)
run('mkdir /home/%s/.ssh' % env.non_root_user)
run('chown -R %s /home/%s/.ssh' % (env.non_root_user, env.non_root_user))
run('chgrp -R %s /home/%s/.ssh' % (env.user_group, env.non_root_user))
def install_pip():
"""
Install pip system-wide. Must be run as root.
"""
run('easy_install -U pip')
run('pip install --upgrade pip')
run('pip install -U virtualenv')
def rebuild_db():
run('mysql -u %s -p%s -e "drop database if exists %s"' % (env.db_user,
env.db_passwd, env.db_schema))
run('mysql -u %s -p%s -e "create database %s"' % (env.db_user,
env.db_passwd, env.db_schema))
virtualenv('python %smanage.py syncdb --noinput' % \
env.deploy_dir)
if env.load_fixtures != '':
virtualenv('python %smanage.py loaddata %s/%s' % \
(env.deploy_dir, env.deploy_dir, env.load_fixtures))
def dumpdata(filename):
proj_dir = env.directory + env.project_name
virtualenv('python ' + proj_dir + \
'/manage.py dumpdata auth.User auth.Group ' + env.dumpmodels + \
' ' + proj_dir + '/core/fixtures/' + filename)
def upload_keys(username):
local('scp ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys2 ' + \
username + '@' + SERVER_IP + ':~/.ssh')
def clone_repo():
with cd(env.directory):
run('git clone %s %s' % (env.git_repo, env.project_name))
run('chown -R %s %s' % (env.non_root_user, env.project_name))
run('chgrp -R %s %s' % (env.user_group, env.project_name))
def modify_firewall_rules():
run('/sbin/iptables -F')
run('cp /home/%s/%s/deploy/firewall/iptables.up.rules /etc/' % \
(env.non_root_user, env.project_name))
run('cp /home/%s/%s/deploy/firewall/iptables /etc/network/if-pre-up.d/' % \
(env.non_root_user, env.project_name))
run('chmod +x /etc/network/if-pre-up.d/iptables')
sed('/etc/ssh/sshd_config', '^Port 22', 'Port 8313')
# prevent root logins now that automated set up is complete
sed('/etc/ssh/sshd_config', '^PermitRootLogin yes', 'PermitRootLogin no')
run('/sbin/iptables-restore < /etc/iptables.up.rules')
run('service ssh restart')
def install_nginx():
"""
Install nginx and copy in configuration files. Depends on project source
code available in /home/[env.user]/[env.project_name]. Must be run as root.
"""
run('mv /etc/apt/sources.list /etc/apt/sources.list.bak')
run('(cat /etc/apt/sources.list.bak ; ' + \
'cat /home/%s/%s/deploy/nginx/sources.list ) > /etc/apt/sources.list' % \
(env.non_root_user, env.project_name))
run('apt-get install nginx')
run('cp /home/%s/%s/deploy/nginx/%s.conf /etc/nginx/conf.d/%s.conf' % \
(env.non_root_user, env.project_name, env.project_name, env.project_name))
run('rm /etc/nginx/sites-enabled/default')
def configure_supervisor():
run('service supervisor stop')
run('cp /home/%s/%s/deploy/supervisor/%s.conf /etc/supervisor/conf.d/' % \
(env.non_root_user, env.project_name, env.project_name))
run('service supervisor start')
def initial_root_setup():
"""
Set up commands meant to be run as soon as a blank Ubuntu 10.04 machine
is turned on.
"""
run('mkdir ~/.ssh')
upload_keys(env.root)
sed('/etc/ssh/sshd_config', '^UsePAM yes', 'UsePAM no')
sed('/etc/ssh/sshd_config', '^#PasswordAuthentication yes',
'PasswordAuthentication no')
sed('/etc/ssh/sshd_config', '^HostbasedAuthentication no',
'HostbasedAuthentication yes')
# update and install packages
run('apt-get update')
run('apt-get install -y git-core build-essential pip python-dev vim ' + \
'python-setuptools python-mysqldb libmysqlclient-dev supervisor ' + \
'libcurl4-openssl-dev python-pycurl')
#run('apt-get -y --force-yes upgrade')
# add group and user
create_privileged_group()
create_privileged_user()
# upload ssh keys for non-root user
upload_keys(env.non_root_user)
run('service ssh reload')
clone_repo()
install_pip()
install_nginx()
configure_supervisor()
run('mkdir -p /srv/www/%s/webapp/' % env.project_name)
modify_firewall_rules()
def install_mysql():
sudo('echo "mysql-server-5.0 mysql-server/root_password password ' \
'%s" | debconf-set-selections' % env.db_root_passwd)
sudo('echo "mysql-server-5.0 mysql-server/root_password_again password ' \
'%s" | debconf-set-selections' % env.db_root_passwd)
apt_get('mysql-server')
def mysql_create_user_and_schema():
run(('mysql -u %s -p%s -e "create user \'%s\'@\'localhost\' ' + \
'identified by \'%s\';"') % (env.db_root_user, env.db_root_passwd,
env.db_user, env.db_passwd))
run('mysql -u %s -p%s -e "grant all on *.* to \'%s\'@\'localhost\';"' % \
(env.db_root_user, env.db_root_passwd, env.db_user))
run(('mysql -u %s -p%s -e "grant all privileges on *.* to ' + \
'\'%s\'@\'localhost\';"') % (env.db_root_user, env.db_root_passwd,
env.db_user))
run('mysqladmin -u %s -p%s create %s' % (env.db_user, env.db_passwd,
env.db_schema))
def generate_ssl_cert():
with cd(env.directory):
sudo('openssl genrsa -des3 -out %s.key 4096' % env.project_name)
sudo('openssl req -new -key %s -out %s' % \
(env.project_name + '.key', env.project_name + '.csr'))
sudo('openssl x509 -req -days 730 -in ' + env.project_name + \
'.csr -signkey ' + env.project_name + '.key -out ' + \
env.project_name + '.crt')
sudo('chmod 600 %s.*' % env.project_name)
sudo('mv %s.* /etc/nginx/%s/' % (env.project_name, env.project_name))
def copy_ssl_cert():
sudo('cp ~/' + env.project_name + \
'/deploy/ssl/' + env.project_name + '.sslchain.crt ~/' + \
env.project_name + '/deploy/ssl/' + \
env.project_name + '.key /etc/nginx/' + env.project_name + '/')
def setup_git_user():
run('git config --global user.email "makaimc@gmail.com"')
run('git config --global user.name "Matthew Makai"')
def initial_prod_setup():
"""
Set up script meant to be run once after initial_root_setup is finished.
Must be prod user to set up properly.
"""
install_mysql()
mysql_create_user_and_schema()
run('cp ~/%s/deploy/deploy.sh ~/deploy.sh' % env.project_name)
run('cp ~/%s/deploy/vim/.vimrc ~/.vimrc' % env.project_name)
run('mkdir ~/venvs')
run('virtualenv --distribute ~/venvs/%s' % env.project_name)
virtualenv('pip install -r ~/%s/requirements.txt' % env.project_name)
sudo('mkdir /etc/nginx/%s' % env.project_name)
if env.generate_ssl_cert:
generate_ssl_cert()
if env.copy_ssl_certs:
copy_ssl_cert()
setup_git_user()
run('mv ~/%s/%s/local_settings_prod.py ~/%s/%s/local_settings.py' %
(env.project_name, env.project_name, env.project_name, env.project_name))
run('~/deploy.sh')
rebuild_db()
def deploy():
run(env.directory + 'deploy.sh')
from fabric.api import *
SERVER_IP = '' # remote server for deployment, ex: '50.116.62.11'
def lh():
env.hosts = [''] # ex: matt@localhost
env.db_user = '' # ex: sqladmin
env.db_passwd = ''
env.db_schema = '' # ex: appschema
env.directory = '' # ex: /home/matt/devel/py/
env.deploy_dir = '' # ex: /home/matt/devel/py/ec/
env.activate = '' # ex: source /home/matt/devel/venvs/app/bin/activate
env.dumpmodels = '' # ex: core.Excellian core.Title contacts.Contact
env.load_fixtures = '' # ex: core/fixtures/test-fixtures.json
env.generate_ssl_cert = False
env.copy_ssl_certs = False
def root():
common()
env.hosts = [env.root + '@' + SERVER_IP]
def prod():
common()
env.hosts = [env.non_root_user + '@' + SERVER_IP + ':8313']
def common():
env.root = 'root'
env.non_root_user = '' # appuser
env.user_group = '' # appusergroup
env.password = ''
env.directory = '' # ex: /home/app/
env.project_name = '' # ex: app
env.deploy_dir = '' # ex: /srv/www/app/webapp/
env.db_root_user = 'root'
env.db_root_passwd = ''
env.db_user = '' # ex: sqladmin
env.db_passwd = ''
env.db_schema = '' # ex: appschema
env.activate = '' # ex: source /home/app/venvs/app/bin/activate
env.git_repo = '' # ex: git@github.com:makaimc/app.git
env.dumpmodels = '' # ex: core.Excellian core.Title contacts.Contact
env.load_fixtures = '' # ex: core/fixtures/test-fixtures.json
env.generate_ssl_cert = False
env.copy_ssl_certs = True
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.