Django deployment and rpm+yum
Upcoming SlideShare
Loading in...5
×
 

Django deployment and rpm+yum

on

  • 512 views

 

Statistics

Views

Total Views
512
Views on SlideShare
491
Embed Views
21

Actions

Likes
0
Downloads
3
Comments
0

3 Embeds 21

http://localhost 18
http://www.slideee.com 2
http://eventifier.co 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Django deployment and rpm+yum Django deployment and rpm+yum Presentation Transcript

  • Django deployment and RPM+YUM by Walter Liu
  • Agenda ● Apache, WSGI, Django ● Django deployment/security note ● Using RPM and YUM
  • Apache+WSGI+Django
  • Why use Apache? runserver is not stable
  • WSGI Web Server Gateway Interface
  • Apache, WSGI, Django
  • Apache contain multi WSGI
  • Example WSGI parameters TraceEnable Off WSGIScriptAlias / /var/www/html/axx_service/wsgi.py WSGIPythonPath /var/www/html/axx_service/ WSGISocketPrefix /var/run/wsgi WSGIProcessGroup axxais WSGIDaemonProcess axxais processes=4 threads=16 maximum-requests=4096 display-name=%{GROUP} # no embedded mode for WSGI. for smaller memory and log message. WSGIRestrictEmbedded on <Directory "/var/www/html/axx_service/"> <Files wsgi.py> Order deny,allow Allow from all </Files> </Directory>
  • Questions?
  • Django deployment note
  • Deployment note ● ● ● ● ● ● ● DEBUG = False TEMPLATE_DEBUG = False 404 template 500 template Host static files Error alert e-mail (ADMINS, MANAGERS) Logging settings
  • Apache+wsgi: Host static files Alias /robots.txt /usr/local/wsgi/static/robots.txt Alias /favicon.ico /usr/local/wsgi/static/favicon.ico AliasMatch /([^/]*.css) /usr/local/wsgi/static/styles/$1 Alias /media/ /usr/local/wsgi/static/media/ <Directory /usr/local/wsgi/static> Order deny,allow Allow from all </Directory> WSGIScriptAlias / /usr/local/wsgi/scripts/myapp.wsgi <Directory /usr/local/wsgi/scripts> Order allow,deny Allow from all </Directory>
  • Django Security note ● ● ● ● SQL Injection protection (ORM) XSS protection Csrf protection (middleware) Clickjacking protection (middleware, default off) ● Possible weak points ○ Weak admin password ○ DEBUG = True ○ Secret Key
  • Questions?
  • Using RPM and YUM
  • Deployment is ? ● ● ● ● ● ● ● ● ● ssh to each host copy files remove files check file integrity [option] config file upgrade [option] POST: restart httpd [option] check service/security status [option] mock test .......
  • Using git? ● No remove files. (may lead to accidents) ● No other script action in update. ● Config files? ● Version report? (at least not easy to read.) ● Not for OPS ● No package dependency ● Not scalable for large deployment
  • Using RPM ● ● ● ● Ensure package version. Add/remove/update files. Pre/Post installation scripting. YUM for remote and repository
  • How to create RPM ● Prepare *.spec file ● Use rpmbuild to build rpm. (refer AIS)
  • RPM SPEC File
  • rpmbuild script
  • YUM server and repo RPM Now, setup a YUM server + repo RPM, and you may ● yum install pitlane ● yum install pitlane-worker ● yum update pitlane ● #rollback version with ● Auto-dependency
  • What left?
  • Concurrent command to hosts
  • omnitty vs. ssh-keygen ● omnitty ● ssh-key and scripting ● fabric + ssh-key
  • Omnitty
  • sshkey + scripting Example: pitlane_web.py update -> host_list = ...... -> for host in host_list: -> os.system("ssh $s yum update pitlane") How ● generate ssh public key ● copy/cat to target host .ssh/authorized_key
  • Fabric Based on sshkey Made for deployment.
  • Q&A