Django deployment and
RPM+YUM
by Walter Liu
Agenda
● Apache, WSGI, Django
● Django deployment/security note
● Using RPM and YUM
Apache+WSGI+Django
Why use Apache?

runserver is not stable
WSGI

Web
Server
Gateway
Interface
Apache, WSGI, Django
Apache contain multi WSGI
Example WSGI parameters
TraceEnable Off
WSGIScriptAlias / /var/www/html/axx_service/wsgi.py
WSGIPythonPath /var/www/html/a...
Questions?
Django deployment note
Deployment note
●
●
●
●
●
●
●

DEBUG = False
TEMPLATE_DEBUG = False
404 template
500 template
Host static files
Error aler...
Apache+wsgi: Host static files
Alias /robots.txt /usr/local/wsgi/static/robots.txt
Alias /favicon.ico /usr/local/wsgi/stat...
Django Security note
●
●
●
●

SQL Injection protection (ORM)
XSS protection
Csrf protection (middleware)
Clickjacking prot...
Questions?
Using RPM and YUM
Deployment is ?
●
●
●
●
●
●
●
●
●

ssh to each host
copy files
remove files
check file integrity
[option] config file upgr...
Using git?
● No remove files.
(may lead to accidents)
● No other script action in update.
● Config files?
● Version report...
Using RPM
●
●
●
●

Ensure package version.
Add/remove/update files.
Pre/Post installation scripting.
YUM for remote and re...
How to create RPM
● Prepare *.spec file
● Use rpmbuild to build rpm. (refer AIS)
RPM SPEC File
rpmbuild script
YUM server and repo RPM
Now, setup a YUM server + repo RPM, and you
may
● yum install pitlane
● yum install pitlane-worker...
What left?
Concurrent command to
hosts
omnitty vs. ssh-keygen
● omnitty
● ssh-key and scripting
● fabric + ssh-key
Omnitty
sshkey + scripting
Example:
pitlane_web.py update
-> host_list = ......
-> for host in host_list:
->
os.system("ssh $s yum...
Fabric
Based on sshkey
Made for deployment.
Q&A
Django deployment and rpm+yum
Django deployment and rpm+yum
Django deployment and rpm+yum
Upcoming SlideShare
Loading in...5
×

Django deployment and rpm+yum

549

Published on

Published in: Technology, Design
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
549
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Django deployment and rpm+yum

  1. 1. Django deployment and RPM+YUM by Walter Liu
  2. 2. Agenda ● Apache, WSGI, Django ● Django deployment/security note ● Using RPM and YUM
  3. 3. Apache+WSGI+Django
  4. 4. Why use Apache? runserver is not stable
  5. 5. WSGI Web Server Gateway Interface
  6. 6. Apache, WSGI, Django
  7. 7. Apache contain multi WSGI
  8. 8. Example WSGI parameters TraceEnable Off WSGIScriptAlias / /var/www/html/axx_service/wsgi.py WSGIPythonPath /var/www/html/axx_service/ WSGISocketPrefix /var/run/wsgi WSGIProcessGroup axxais WSGIDaemonProcess axxais processes=4 threads=16 maximum-requests=4096 display-name=%{GROUP} # no embedded mode for WSGI. for smaller memory and log message. WSGIRestrictEmbedded on <Directory "/var/www/html/axx_service/"> <Files wsgi.py> Order deny,allow Allow from all </Files> </Directory>
  9. 9. Questions?
  10. 10. Django deployment note
  11. 11. Deployment note ● ● ● ● ● ● ● DEBUG = False TEMPLATE_DEBUG = False 404 template 500 template Host static files Error alert e-mail (ADMINS, MANAGERS) Logging settings
  12. 12. Apache+wsgi: Host static files Alias /robots.txt /usr/local/wsgi/static/robots.txt Alias /favicon.ico /usr/local/wsgi/static/favicon.ico AliasMatch /([^/]*.css) /usr/local/wsgi/static/styles/$1 Alias /media/ /usr/local/wsgi/static/media/ <Directory /usr/local/wsgi/static> Order deny,allow Allow from all </Directory> WSGIScriptAlias / /usr/local/wsgi/scripts/myapp.wsgi <Directory /usr/local/wsgi/scripts> Order allow,deny Allow from all </Directory>
  13. 13. Django Security note ● ● ● ● SQL Injection protection (ORM) XSS protection Csrf protection (middleware) Clickjacking protection (middleware, default off) ● Possible weak points ○ Weak admin password ○ DEBUG = True ○ Secret Key
  14. 14. Questions?
  15. 15. Using RPM and YUM
  16. 16. Deployment is ? ● ● ● ● ● ● ● ● ● ssh to each host copy files remove files check file integrity [option] config file upgrade [option] POST: restart httpd [option] check service/security status [option] mock test .......
  17. 17. Using git? ● No remove files. (may lead to accidents) ● No other script action in update. ● Config files? ● Version report? (at least not easy to read.) ● Not for OPS ● No package dependency ● Not scalable for large deployment
  18. 18. Using RPM ● ● ● ● Ensure package version. Add/remove/update files. Pre/Post installation scripting. YUM for remote and repository
  19. 19. How to create RPM ● Prepare *.spec file ● Use rpmbuild to build rpm. (refer AIS)
  20. 20. RPM SPEC File
  21. 21. rpmbuild script
  22. 22. YUM server and repo RPM Now, setup a YUM server + repo RPM, and you may ● yum install pitlane ● yum install pitlane-worker ● yum update pitlane ● #rollback version with ● Auto-dependency
  23. 23. What left?
  24. 24. Concurrent command to hosts
  25. 25. omnitty vs. ssh-keygen ● omnitty ● ssh-key and scripting ● fabric + ssh-key
  26. 26. Omnitty
  27. 27. sshkey + scripting Example: pitlane_web.py update -> host_list = ...... -> for host in host_list: -> os.system("ssh $s yum update pitlane") How ● generate ssh public key ● copy/cat to target host .ssh/authorized_key
  28. 28. Fabric Based on sshkey Made for deployment.
  29. 29. Q&A
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×