Django deployment and rpm+yum

1,115 views
840 views

Published on

Published in: Technology, Design
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,115
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Django deployment and rpm+yum

  1. 1. Django deployment and RPM+YUM by Walter Liu
  2. 2. Agenda ● Apache, WSGI, Django ● Django deployment/security note ● Using RPM and YUM
  3. 3. Apache+WSGI+Django
  4. 4. Why use Apache? runserver is not stable
  5. 5. WSGI Web Server Gateway Interface
  6. 6. Apache, WSGI, Django
  7. 7. Apache contain multi WSGI
  8. 8. Example WSGI parameters TraceEnable Off WSGIScriptAlias / /var/www/html/axx_service/wsgi.py WSGIPythonPath /var/www/html/axx_service/ WSGISocketPrefix /var/run/wsgi WSGIProcessGroup axxais WSGIDaemonProcess axxais processes=4 threads=16 maximum-requests=4096 display-name=%{GROUP} # no embedded mode for WSGI. for smaller memory and log message. WSGIRestrictEmbedded on <Directory "/var/www/html/axx_service/"> <Files wsgi.py> Order deny,allow Allow from all </Files> </Directory>
  9. 9. Questions?
  10. 10. Django deployment note
  11. 11. Deployment note ● ● ● ● ● ● ● DEBUG = False TEMPLATE_DEBUG = False 404 template 500 template Host static files Error alert e-mail (ADMINS, MANAGERS) Logging settings
  12. 12. Apache+wsgi: Host static files Alias /robots.txt /usr/local/wsgi/static/robots.txt Alias /favicon.ico /usr/local/wsgi/static/favicon.ico AliasMatch /([^/]*.css) /usr/local/wsgi/static/styles/$1 Alias /media/ /usr/local/wsgi/static/media/ <Directory /usr/local/wsgi/static> Order deny,allow Allow from all </Directory> WSGIScriptAlias / /usr/local/wsgi/scripts/myapp.wsgi <Directory /usr/local/wsgi/scripts> Order allow,deny Allow from all </Directory>
  13. 13. Django Security note ● ● ● ● SQL Injection protection (ORM) XSS protection Csrf protection (middleware) Clickjacking protection (middleware, default off) ● Possible weak points ○ Weak admin password ○ DEBUG = True ○ Secret Key
  14. 14. Questions?
  15. 15. Using RPM and YUM
  16. 16. Deployment is ? ● ● ● ● ● ● ● ● ● ssh to each host copy files remove files check file integrity [option] config file upgrade [option] POST: restart httpd [option] check service/security status [option] mock test .......
  17. 17. Using git? ● No remove files. (may lead to accidents) ● No other script action in update. ● Config files? ● Version report? (at least not easy to read.) ● Not for OPS ● No package dependency ● Not scalable for large deployment
  18. 18. Using RPM ● ● ● ● Ensure package version. Add/remove/update files. Pre/Post installation scripting. YUM for remote and repository
  19. 19. How to create RPM ● Prepare *.spec file ● Use rpmbuild to build rpm. (refer AIS)
  20. 20. RPM SPEC File
  21. 21. rpmbuild script
  22. 22. YUM server and repo RPM Now, setup a YUM server + repo RPM, and you may ● yum install pitlane ● yum install pitlane-worker ● yum update pitlane ● #rollback version with ● Auto-dependency
  23. 23. What left?
  24. 24. Concurrent command to hosts
  25. 25. omnitty vs. ssh-keygen ● omnitty ● ssh-key and scripting ● fabric + ssh-key
  26. 26. Omnitty
  27. 27. sshkey + scripting Example: pitlane_web.py update -> host_list = ...... -> for host in host_list: -> os.system("ssh $s yum update pitlane") How ● generate ssh public key ● copy/cat to target host .ssh/authorized_key
  28. 28. Fabric Based on sshkey Made for deployment.
  29. 29. Q&A

×