Changeset - 8ccec95cdfa5
Parent rev.
Child rev.
[Not reviewed]
0 2 0
Branko Majic (branko) - 7 years ago 2017-04-19 22:25:06
branko@majic.rs
MAR-98: Updated role reference documentation for wsgi_website role to include information about new parameter and mode of deployment. Updated usage instructions to mention pip requirements upgrade checks.
2 files changed with 76 insertions and 3 deletions:
docs/rolereference.rst
50
2
docs/usage.rst
26
1
0 comments (0 inline, 0 general)
docs/rolereference.rst
Show inline comments
 
@@ -287,6 +287,19 @@ The role implements the following:
 
  upgrades on daily basis. Mails are delivered to local ``root`` account, and
 
  can be redirected elsewhere via aliases. If using ``mail_forwarder`` or
 
  ``mail_server`` roles on the same server, aliases can be set-up through them.
 
* Sets-up system for performing checks on pip requirements files. Roles that
 
  want their requirements files checked should create a sub-directory inside of
 
  ``/etc/pip_check_requirements_upgrades``, and place ``.txt`` and ``.in`` files
 
  inside (with same base name). The ``.txt`` files should be standard
 
  requirements files with fixed versions (the ones installed by the role). The
 
  ``.in`` files should contain only the top-level packages (no
 
  dependencies). Avoid hard-coding versions in the ``.in`` file unless really
 
  needed. For packages where you want to stick to stable/LTS version branch, you
 
  should be able to use ``~=`` operator (for example ``django~=1.8.0``. Checks
 
  are implemented via `pip-tools <https://github.com/jazzband/pip-tools>`_ and a
 
  custom script that outputs diffs if upgrades are available. Script is run via
 
  cronjob on hourly basis, and any output will be delivered to local ``root``
 
  user.
 

			




	
	
	
		
 

			




	
	
	
		
 
Role dependencies

			




	
	
		
 
@@ -1690,11 +1703,11 @@ Parameters

			




	
	
	
		
 
  for calculating the user/group name for dedicated website user, as well as

			




	
	
	
		
 
  home directory of the website user (where data/code should be stored at).

			




	
	
	
		
 

			




	
	
	
		
 
**futures_version** (string, optional, ``3.0.5``)

			




	
	
	
		
 
**futures_version** (string, optional, ``3.1.1``)

			




	
	
	
		
 
  Version of ``futures`` package to deploy in virtual environment. Required by

			




	
	
	
		
 
  Gunicorn when using Python 2.7. Default version is tested with the test site.

			




	
	
	
		
 

			




	
	
	
		
 
**gunicorn_version** (string, optional, ``19.6.0``)

			




	
	
	
		
 
**gunicorn_version** (string, optional, ``19.7.1``)

			




	
	
	
		
 
  Version of Gunicorn to deploy in virtual environment for running the WSGI

			




	
	
	
		
 
  application. Default version is tested with the test site.

			




	
	
	
		
 

			




	
	
		
 
@@ -1755,6 +1768,32 @@ Parameters

			




	
	
	
		
 
  noted that in either case the value should be specsified relative to the

			




	
	
	
		
 
  ``code`` sub-directory. I.e. don't use full paths.

			




	
	
	
		
 

			




	
	
	
		
 
**wsgi_requirements** (list, optional, ``[]``)

			




	
	
	
		
 
  Complete list of pip requirements used for deploying Gunicorn. If specified,

			




	
	
	
		
 
  this list will be used to create requirements file and install Gunicorn and

			




	
	
	
		
 
  its dependencies from that one. This allows to have pinned packages for both

			




	
	
	
		
 
  Gunicorn, futures, and their dependencies.

			




	
	
	
		
 

			




	
	
	
		
 
  It should be noted that this installation method is meant primarily in case of

			




	
	
	
		
 
  roles that want to take advantage of upgrade checks for pip requirements

			




	
	
	
		
 
  files, and that employ `pip-tools <https://github.com/jazzband/pip-tools>`_.

			




	
	
	
		
 

			




	
	
	
		
 
  In addition to change of installation method, when this parameter is specified

			




	
	
	
		
 
  the role will deploy necessary files for running the pip requirements upgrade

			




	
	
	
		
 
  check (see the ``common`` role for description). For this a directory is

			




	
	
	
		
 
  created under ``/etc/pip_check_requirements_upgrades/FQDN``. The same

			




	
	
	
		
 
  directory should be used by dependant roles to deploy their own ``.in`` and

			




	
	
	
		
 
  ``.txt`` files. Make sure the file ownership is set to ``root:pipreqcheck``.

			




	
	
	
		
 

			




	
	
	
		
 
  Should you need to utilise the requirements file in some manner (other than

			




	
	
	
		
 
  checking for its upgrades), it will be also stored (and made accessible to

			




	
	
	
		
 
  application user/admin)) in application's home directory under the name

			




	
	
	
		
 
  ``.wsgi_requirements.txt``.

			




	
	
	
		
 

			




	
	
	
		
 
  To create complete requirements list, it is recommended to use `pip-tools

			




	
	
	
		
 
  <https://github.com/jazzband/pip-tools>`_ (the ``pip-compile`` utility) with

			




	
	
	
		
 
  ``gunicorn`` and ``futures`` in the ``.in.`` file.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Distribution compatibility

			




	
	
	
		
 
~~~~~~~~~~~~~~~~~~~~~~~~~~

			




	
	
		
 
@@ -1772,6 +1811,7 @@ running a bare Django project):

			




	
	
	
		
 

			




	
	
	
		
 
.. code-block:: yaml

			




	
	
	
		
 

			




	
	
	
		
 
    # Sample for a Django installation.

			




	
	
	
		
 
    - role: wsgi_website

			




	
	
	
		
 
      fqdn: django.example.com

			




	
	
	
		
 
      static_locations:

			




	
	
		
 
@@ -1800,6 +1840,14 @@ running a bare Django project):

			




	
	
	
		
 
      proxy_headers:

			




	
	
	
		
 
        Accept-Encoding: '""'

			




	
	
	
		
 

			




	
	
	
		
 
    # Use wsgi_requirements to deploy Gunicorn.

			




	
	
	
		
 
    - role: wsgi_website

			




	
	
	
		
 
      fqdn: wsgi.example.com

			




	
	
	
		
 
      wsgi_application: wsgi:main

			




	
	
	
		
 
      wsgi_requirements:

			




	
	
	
		
 
        - gunicorn==19.7.1

			




	
	
	
		
 
	- futures==3.1.1

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Database Server

			




	
	
	
		
 
---------------

			




        

    


    
    

    

        

                

                    docs/usage.rst
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -2183,7 +2183,32 @@ Another useful package you may want to look into is ``needrestart`` - which runs

			




	
	
	
		
 
as a hook during the upgrade process to detect any processes that seem to be

			




	
	
	
		
 
running with outdated libraries, allowing you to restart them as well. This

			




	
	
	
		
 
package is *not* installed by the ``common`` role out-of-the-box, but you can

			




	
	
	
		
 
easily do so by updating the ``common_packagtes`` setting.

			




	
	
	
		
 
easily do so by updating the ``common_packages`` setting.

			




	
	
	
		
 

			




	
	
	
		
 
In addition to system packages, the ``common`` role makes it easy to check if

			




	
	
	
		
 
any of the pip requirements files are outdated as well. It should be noted,

			




	
	
	
		
 
though, that this check does *not* verify the Python virtual environments

			




	
	
	
		
 
themselves.

			




	
	
	
		
 

			




	
	
	
		
 
This is primarily useful when you use `pip-tools

			




	
	
	
		
 
<https://github.com/jazzband/pip-tools>`_ for maintaining the requirements

			




	
	
	
		
 
files. In fact, I would both encourage you to utilise ``pip-tools`` for both

			




	
	
	
		
 
this purpose and for keeping the virtual environment in sync and up-to-date.

			




	
	
	
		
 

			




	
	
	
		
 
Roles that want to take advantage of this would:

			




	
	
	
		
 

			




	
	
	
		
 
- Create a sub-directory under ``/etc/pip_check_requirements_upgrades/``.

			




	
	
	
		
 
  ``/etc/pip_check_requirements_upgrades/FQDN``.

			




	
	
	
		
 
- Deploy ``.in`` and ``.txt`` files within the sub-directory (see ``pip-tools``

			




	
	
	
		
 
  docs for explanation of how the ``.in`` files work).

			




	
	
	
		
 
- Ensure the created sub-directory and files have ownership set to

			




	
	
	
		
 
  ``root:pipreqcheck``.

			




	
	
	
		
 

			




	
	
	
		
 
.. note::

			




	
	
	
		
 
   If you are using the ``wsgi_website`` role as dependency, simply set-up the

			




	
	
	
		
 
   ``wsgi_requirements`` parameter, and then deploy the ``.in`` and ``.txt``

			




	
	
	
		
 
   file into directory ``/etc/pip_check_requirements_upgrades/FQDN`` (this

			




	
	
	
		
 
   directory is automatically created when ``wsgi_requirements`` is specified).

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Where to go next?

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2023 by various authors & licensed under GPLv3.