• Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
335
On Slideshare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Django deployment and RPM+YUM by Walter Liu
  • 2. Agenda ● Apache, WSGI, Django ● Django deployment/security note ● Using RPM and YUM
  • 3. Apache+WSGI+Django
  • 4. Why use Apache? runserver is not stable
  • 5. WSGI Web Server Gateway Interface
  • 6. Apache, WSGI, Django
  • 7. Apache contain multi WSGI
  • 8. Example WSGI parameters TraceEnable Off WSGIScriptAlias / /var/www/html/axx_service/wsgi.py WSGIPythonPath /var/www/html/axx_service/ WSGISocketPrefix /var/run/wsgi WSGIProcessGroup axxais WSGIDaemonProcess axxais processes=4 threads=16 maximum-requests=4096 display-name=%{GROUP} # no embedded mode for WSGI. for smaller memory and log message. WSGIRestrictEmbedded on <Directory "/var/www/html/axx_service/"> <Files wsgi.py> Order deny,allow Allow from all </Files> </Directory>
  • 9. Questions?
  • 10. Django deployment note
  • 11. Deployment note ● ● ● ● ● ● ● DEBUG = False TEMPLATE_DEBUG = False 404 template 500 template Host static files Error alert e-mail (ADMINS, MANAGERS) Logging settings
  • 12. Apache+wsgi: Host static files Alias /robots.txt /usr/local/wsgi/static/robots.txt Alias /favicon.ico /usr/local/wsgi/static/favicon.ico AliasMatch /([^/]*.css) /usr/local/wsgi/static/styles/$1 Alias /media/ /usr/local/wsgi/static/media/ <Directory /usr/local/wsgi/static> Order deny,allow Allow from all </Directory> WSGIScriptAlias / /usr/local/wsgi/scripts/myapp.wsgi <Directory /usr/local/wsgi/scripts> Order allow,deny Allow from all </Directory>
  • 13. Django Security note ● ● ● ● SQL Injection protection (ORM) XSS protection Csrf protection (middleware) Clickjacking protection (middleware, default off) ● Possible weak points ○ Weak admin password ○ DEBUG = True ○ Secret Key
  • 14. Questions?
  • 15. Using RPM and YUM
  • 16. Deployment is ? ● ● ● ● ● ● ● ● ● ssh to each host copy files remove files check file integrity [option] config file upgrade [option] POST: restart httpd [option] check service/security status [option] mock test .......
  • 17. Using git? ● No remove files. (may lead to accidents) ● No other script action in update. ● Config files? ● Version report? (at least not easy to read.) ● Not for OPS ● No package dependency ● Not scalable for large deployment
  • 18. Using RPM ● ● ● ● Ensure package version. Add/remove/update files. Pre/Post installation scripting. YUM for remote and repository
  • 19. How to create RPM ● Prepare *.spec file ● Use rpmbuild to build rpm. (refer AIS)
  • 20. RPM SPEC File
  • 21. rpmbuild script
  • 22. YUM server and repo RPM Now, setup a YUM server + repo RPM, and you may ● yum install pitlane ● yum install pitlane-worker ● yum update pitlane ● #rollback version with ● Auto-dependency
  • 23. What left?
  • 24. Concurrent command to hosts
  • 25. omnitty vs. ssh-keygen ● omnitty ● ssh-key and scripting ● fabric + ssh-key
  • 26. Omnitty
  • 27. sshkey + scripting Example: pitlane_web.py update -> host_list = ...... -> for host in host_list: -> os.system("ssh $s yum update pitlane") How ● generate ssh public key ● copy/cat to target host .ssh/authorized_key
  • 28. Fabric Based on sshkey Made for deployment.
  • 29. Q&A