Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
github copy of leastauthority.com
HTML Python JavaScript CSS Shell
Branch: master

Revert last commit (flapp_stderr is actually a FilePath).

Signed-off-by: Daira Hopwood <daira@leastauthority.com>
latest commit 41bd207b57
@daira daira authored
Failed to load latest commit information.
content blog_source render_blog.py result. Branch 'master' revision 7f165c64c…
devtools Add ./devtools/test_coverage.sh and add coverage output to .darcs-boring
docs rm more unused statmover code
lae_automation monitoring: retry nslookup once if it fails. refs #30
lae_site Rerender blog after removing Careers navlink.
lae_util Always send mail as UTF-8, avoiding duplicate Content-Type header. fi…
.gitignore Allow the rendered blog source to be checked in.
COPYING.GPL Add open-source licenses (same as Tahoe-LAFS).
COPYING.TGPPL.rst Add open-source licenses (same as Tahoe-LAFS).
README.deploy README.deploy: Begin documenting the process more specifically.
README.txt Add open-source licenses (same as Tahoe-LAFS).
analytics_check.py Correct the order of arguments in calls to monitoring_check.
analytics_check.sh Add .sh scripts for website_check and analytics_check.
check-miscaptures.py Add check-miscaptures.py.
compare_ssh_pubkeys.py Cleanup several details
confirm.py Complete confirmation email sender (only for non-PGP emails for now, …
create_bucket.py Split AWSCredentials arguments into separate accesskeyid and secretke…
create_stripe_bucket.py Remove command line secret leakage.
create_stripe_plan.py Update create_stripe_plan
ctab Add multiservercheck.sh and ctab.
delete_bucket.py Split AWSCredentials arguments into separate accesskeyid and secretke…
deploy.py Remove reference to /usr/bin/python warn about long wait.
deploy_infrastructure_server.py Change default infrastructure instance AMI and size, and add justifyi…
deploy_server.py deploy-server.py: the secrets file need not already exist.
full_signup.py Revert last commit (flapp_stderr is actually a FilePath).
full_signup.sh Kill hanging flappservice signups after 2 hours.
get_server_key_fingerprint.py apply review notes to get_server_key_fingerprint.py
git_ssh.sh Explicitly use the right private key for git.
list_hosts.py Move secret config files to ../secret_config (rather than ..).
makeserverinfo.py Move secret config files to ../secret_config (rather than ..).
manualPGPsignup_packer.sh Fix packer
manualPGPsignup_scper.sh remove need for SSH during PGP signup
multiservercheck.py Say which service is being monitored.
multiservercheck.sh Generalize multiservercheck to check both TLoS3 and S4.
multiserverupgrade.py Code to make multiserverupgrade.py delete statmover emissions (merged…
populate_not_yet_invited_s4_requester_emails.py populate file with not yet signed up emails
record_secrets.py Move secret config files to ../secret_config (rather than ..).
registergatherer.py Move secret config files to ../secret_config (rather than ..).
replace_server.py passes smoke tests
requirements.txt Update ./requirements.txt based on Daira's suggestion. This should cl…
runsite.sh move 2>&1 to line 18 of runsite.sh
runtests.sh Change order of tests for better readability.
setup_server.py Move secret config files to ../secret_config (rather than ..).
start.sh Change start.sh and runsite.sh in order to put nohup.out in ~website,…
test_email.py Refactor email sending to reduce duplicated config.
tumblr_static_cdq7a9y0rq8gc0c48s80oogww.png render blog
update_SSEC2_pubkeys.py Fix bit-rot in monitoring scripts.
update_production_blog.py Make variable names consistent, and fix confusion between workdir and…
update_testing_blog.py Make variable names consistent, and fix confusion between workdir and…
update_testing_leastauthority_repo.py Make variable names consistent, and fix confusion between workdir and…
verify.py Split AWSCredentials arguments into separate accesskeyid and secretke…
website_check.py Send website monitoring reports from info@ for now.
website_check.sh Add .sh scripts for website_check and analytics_check.

README.deploy

= leastauthority.com =

This website is a twisted web server with a set of static files.
In addition it has some web-application logic for interacting with
Amazon's services (AWS), such as devpay, ec2, and s3 on behalf of LAE
customers.


== Preparatory Configuration =

For this website to function correcly, Amazon Web Services (AWS) and
SSL certificates must also be correctly configured.

Configuring a correct deployment requires these steps:

0. FIXME: This procedure will be changing rapidly as we develop the site.  Please remember to update this list.
1. Sign up for Amazon devpay: http://aws.amazon.com/devpay/
1a. Enter the configuration necessary for the LAE product line.  This directly affects customer facing details and revenue flow.
1b. You will be asked for the "Product Redirect URL".  That will be "https://${deployment_hostname}/devpay-complete".  FIXME: URL handler is not implemented;  FIXME: https not yet configured.
1c. Enter the product code, product token, and purchase url in the configuration file as described below.  FIXME: Maybe all these do not need to be in the config file.  FIXME: only purchase url is currently implemented.
2. Configure SSL certificates.  FIXME: This is not implemented.
3. FIXME: Not implemented: configure the ec2 and s3 goo to auto-deploy tahoe services.


== Initial Webserver Deployment ==  XXX Should break this into two sections: Deploy EC2 and Deploy Webserver

1. Deploy the correct ec2 image.
2. Checkout the website repository into the correct place.
    The repo is at:
         - 'leastauthority.com:/home/website/leastauthority.com'
    By default /home/website is the parent repo.  This directory contains:
         - leastauthority.com/:  The parent directory of the server code
         - signup.furl:   The furl for the flappserver signup service
         - lae_site_config.json: Contains the available product info.
         - lae_automation_config.json:  Contains product secrets, credential paths.
3. Install the correct dependencies.
         - foolscap:  for the flappserver
         - jinja2:    handles webserver templates         
4. Set up the correct website user account.
         - 'website'
5. Checkout the website configuration repository for the target deployment environment.
         - 'leastauthority.com:/home/website'	 
6. Run the webserver.
         - You can do this by modifying: 'setuplocalserver.sh' to your system.  XXX Obviously much remains to be done here.
7. Ensure the instance has a static IP address.
8. Test the website in your browser by its IP address.
9. Update the DNS entry for the website host to point to the new IP address.


== Configuration File ==

This website requires a configuration file in the home directory of the
user which runs the webserver, named "lae_website_config.json" which is
in JSON format.  It must define these keys:

"purchase_url" :
This should be the "purchase URL" found on the devpay site after you
have set up a particular application and billing configuration.


== Upgrade ==

Follow the same steps as for "initial deployment", except you will have
a new instance with a new IP.  In the last step, you will cause new DNS
requests to target the new server instance.

Wait the appropriate amount of time before taking down the old instance
because remote browsers may be relying on cached DNS entries.
Something went wrong with that request. Please try again.