Branko Majic (branko) - 4 years ago 2020-05-12 18:35:39
MAR-149: Updated usage documentation:

- Add warning that Majic Ansible Roles support only Python 3.
- Updated the Django Wiki deployment to use Python 3.
- Upgraded the Django Wiki deployment for use with Python 3.
- Removed one stale warning regarding compat links for MariDB devel
files (leftover from Jessie).
1 file changed with 111 insertions and 78 deletions:
@@ -25,12 +25,25 @@ By the end of following the instructions, you will have the following:
* Ansible server, used as controller for configuring and managing the
  remaining servers.
* Communications server, providing the LDAP, mail, and XMPP services.
* Web server, providing the web services.
* Backup server, used for storing all of the backups.

.. warning::
   Majic Ansible Roles support *only* Python 3 - both on the
   controller side and on the managed servers side.

   It is important to make sure that both the controller Python
   virtual environment used for Ansible *and* the interpreter for
   remote servers are *both* set-up to use Python 3.

   Python 3 is specified explicitly during virtual environment
   creation and in ``ansible.cfg`` configuration file
   (``interpreter_python`` option under ``defaults`` section).




For the set-up outlined in this usage guide you'll need the following:

@@ -113,26 +126,26 @@ Installing required packages

With the operating system installed, it is necessary to install a couple of
packages, and to prepare the environment a bit on the Ansible server:

1. Install the necessary system packages (using the ``root`` account)::

     apt-get install -y virtualenv virtualenvwrapper git python-pip python-dev libffi-dev libssl-dev
     apt-get install -y virtualenv virtualenvwrapper git python3-pip python3-dev libffi-dev libssl-dev


2. Set-up the virtual environment (using the ``ansible`` account):

   .. warning::
      If you are already logged-in as user ``ansible`` in the server, you will
      need to log-out and log-in again in order to be able to use
      ``virtualenvwrapper`` commands!


     mkdir ~/mysite/
     mkvirtualenv -a ~/mysite/ mysite
     mkvirtualenv -p /usr/bin/python3 -a ~/mysite/ mysite
     pip install -U pip setuptools
     pip install 'ansible~=2.9.0' dnspython

.. warning::
   The ``dnspython`` package is important since it is used internally via
   ``dig`` lookup plugin.
@@ -181,12 +194,13 @@ First of all, let's set-up some basic directory structure and configuration:


     force_handlers = True
     inventory = /home/ansible/mysite/hosts
     interpreter_python = /usr/bin/python3

     pipelining = True

2. Create directory where retry files will be stored at (so they woudln't
   pollute your home directory)::
@@ -315,13 +329,13 @@ servers ````, ````, and
more details.

If you need to, you can easily serve the preseed files from the Ansible server
with Python's built-in HTTP server::

  cd ~/mysite/preseed_files/
  python -m SimpleHTTPServer 8000
  python -m http.server 8000

Then you can point installer to the preseed file selecting the
``Advanced options -> Automated install`` (don't press ``ENTER`` yet),
then pressing ``TAB``, and appending the following at the end (just
fill-in the correct hostname - ``comms``, ``www``, or ``bak``)::

@@ -958,13 +972,13 @@ external addresses on those two servers goes through our anti-virus scanner.
4. Let's apply the changes::

     workon mysite && ansible-playbook playbooks/site.yml

5. After this you may want to test out sending mail via web or backup server's
   local SMTP to the root user (to see if the aliasing works), and to some
   external mail address to check if forwarding works correctly too. Run some
   external mail address to check if forwarding works correctly too. Run
   something similar to the following on your web server::

     swaks --to root@localhost --server localhost
     swaks --to YOUR_MAIL --server localhost

   If all went well, you should be able to see a new mail in John Doe's mailbox,
@@ -1460,13 +1474,12 @@ Before we start, here is a couple of useful pointers regarding the
          src: "/var/www/{{ tbg_version }}/public"
          path: "/var/www/"
          state: link
          owner: "admin-tbg_example_com"
          group: "web-tbg_example_com"
          mode: 02750
        become: yes
        become_user: admin-tbg_example_com

      - name: Install TBG dependencies
          command: install
@@ -1666,44 +1679,45 @@ on the safe side:
        - role: wsgi_website
          # In many cases you need to have some development packages available
          # in order to build Python packages installed via pip
            - build-essential
            - python-dev
            - python3-dev
            - libjpeg62-turbo
            - libjpeg-dev
            - libzip-dev
            - libtiff-dev
            - libfreetype6-dev
            - liblcms2-dev
            - libwebp-dev
            - libopenjp2-7-dev
            - libmariadb-client-lgpl-dev
            - libmariadb-client-lgpl-dev-compat
            - libpng16-16
            - libpng-dev
            - libmariadb-dev
            - libmariadb-dev-compat
          # Specify that Python 3 should be used for the application
          python_version: 3
          # Here we specify that anything accessing our website with "/static/"
          # URL should be treated as request to a static file, to be served
          # directly by Nginx instead of the WSGI server.
            - /static/
          # Again, not mandatory, but it is good to have some sort of policy
          # for assigning UIDs.
          uid: 2001
          admin_uid: 3001
          # These are additional packages that should be installed in the
          # virtual environment.
            - pillow
            - django==1.8.13
            - wiki
            - MySQL-python
            - django~=2.2.0
            - wiki~=0.5.0
            - mysqlclient
          # This is the name of the WSGI application to
          # serve. wiki_example_com.wsgi will be the Python "module" that is
          # accesed, while application is the object instantiated within it (the
          # application itself). The module is referenced relative to the code
          # directory (in our case /var/www/
          wsgi_application: wiki_example_com.wsgi:application
          # Specify explicitly requirements for installing Gunicorn.
            - gunicorn==20.0.4
        - role: database
          db_name: wiki
          db_password: wiki

3. Let's create a dedicated private key/certificate pair for the wiki website:

@@ -1768,13 +1782,12 @@ on the safe side:
          command: "{{ item }}"
          app_path: "/var/www/"
          virtualenv: "/var/www/"
        become: yes
        become_user: admin-wiki_example_com
          - syncdb
          - migrate
          - collectstatic

      - name: Deploy the superadmin creation script
          src: ""
@@ -1809,89 +1822,130 @@ on the safe side:

      Django settings for wiki_example_com project.

      For more information on this file, see

      For the full list of settings and their values, see

      # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
      import os
      BASE_DIR = os.path.dirname(os.path.dirname(__file__))

      from django.urls import reverse_lazy

      # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
      BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))

      # Quick-start development settings - unsuitable for production
      # See
      # See

      # SECURITY WARNING: keep the secret key used in production secret!
      SECRET_KEY = 'l^q+t$7h$ebls)v34+w9m9v4$n+^(9guxqntu&#cc4m&lfd-6_'
      SECRET_KEY = '8rok13az%bqtb=ya&s9sia_x*@@rhd9a%g=!6nh4tb!g14rlt^'

      # SECURITY WARNING: don't run with debug turned on in production!
      DEBUG = False

      TEMPLATE_DEBUG = False

      ALLOWED_HOSTS = ["", "localhost"]


      # Application definition



      MIDDLEWARE = [

      ROOT_URLCONF = 'wiki_example_com.urls'

      TEMPLATES = [
              'BACKEND': 'django.template.backends.django.DjangoTemplates',
              'DIRS': [],
              'APP_DIRS': True,
              'OPTIONS': {
                  'context_processors': [

      WSGI_APPLICATION = 'wiki_example_com.wsgi.application'


      # Database

      DATABASES = {
          'default': {
              'ENGINE': 'django.db.backends.mysql',
              'NAME': 'wiki',
              'USER': 'wiki',
              'PASSWORD': 'wiki',
              'HOST': '',
              'PORT': '3306',

      # Password validation

              'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
              'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
              'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
              'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',


      # Internationalization

      LANGUAGE_CODE = 'en-us'

      TIME_ZONE = 'Europe/Stockholm'

      USE_I18N = True
@@ -1899,50 +1953,33 @@ on the safe side:
      USE_L10N = True

      USE_TZ = True


      # Static files (CSS, JavaScript, Images)

      STATIC_URL = '/static/'

      STATIC_ROOT = '/var/www/'

      from django.conf import settings


      SITE_ID = 1

      LOGIN_REDIRECT_URL = reverse_lazy('wiki:get', kwargs={'path': ''})


      from django.conf.urls import patterns, include, url
      from wiki.urls import get_pattern as get_wiki_pattern
      from django_nyt.urls import get_pattern as get_nyt_pattern

      from django.contrib import admin
      from django.urls import path, include

      urlpatterns = patterns('',
          # Examples:
          # url(r'^$', 'wiki_example_com.views.home', name='home'),
          # url(r'^blog/', include('blog.urls')),
      urlpatterns = [
          path('notifications/', include('django_nyt.urls')),
          path('', include('wiki.urls'))

          url(r'^admin/', include(,

      urlpatterns += patterns('',
          (r'^notifications/', get_nyt_pattern()),
          (r'', get_wiki_pattern())


      #!/usr/bin/env python

@@ -1976,21 +2013,12 @@ on the safe side:
          - database_server
          - tbg
          - wiki

7. Apply the changes:

   .. warning::

      Due to `Debian Bug 766996
      <>`_ Majic Ansible
      Roles try to detect if you install ``libmariadb-client-lgpl-dev-compat``
      package, and create symbolic link from ``/usr/local/bin/mysql_config`` to
      ``/usr/bin/mariadb_config`` automatically. Otherwise the MySQL-python
      package will fail to build due to missing ``mysql_config`` binary.


     workon mysite && ansible-playbook playbooks/site.yml

8. At this point Django Wiki has been installed, and you should be able to open
   the URL (if you open , you
@@ -2234,13 +2262,18 @@ Genie*. So let's fix that one.
   .. warning::

      Make sure the addition is properly aligned in the yaml file to previous
      role dependency definitions.


   .. Small workaround for Sphinx not preserving leading spaces in
      case all lines have the same amount of leading spaces.

   .. code-block:: none
      :name: sphinx_workaround

        - role: backup
          when: enable_backup
          backup_patterns_filename: "tbg"
            - "/var/www/"
