-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Beanstalk config #6
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall this looks 🌈 and I'm excited to see it working. There are a couple of comments I would like you to address before we merge this.
content: | | ||
# update mod_wsgi | ||
cd /tmp | ||
wget -q "https://github.com/GrahamDumpleton/mod_wsgi/archive/4.4.21.tar.gz" && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is wget from github really the preferred way of doing this? No package management system, no hash checking or anything to ensure that we're getting what we expect to get?
This is kind of YOLO for my tastes, especially with root ownership, but if it's the only option then 🤷♀️ I guess.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm hoping this changes with a newer release and we don't need it. But a lot of people seem to be using it.. https://serverfault.com/questions/884469/mod-wsgi-call-to-site-addsitedir-failed-on-aws-elastic-beanstalk-python-3
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK. I'll add a comment so future-us isn't confused about that.
content: | | ||
RewriteEngine On | ||
<If "-n '%{HTTP:X-Forwarded-Proto}' && %{HTTP:X-Forwarded-Proto} != 'https'"> | ||
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🎆 🍻
@@ -0,0 +1,6 @@ | |||
<Directory /opt/python/current/app/{{cookiecutter.project_name}}/staticfiles/> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this actually do what we expect or does the project name need to be filled in here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Silly copy and paste will fix
AddOutputFilterByType DEFLATE text/css | ||
# Level of compression (Highest 9 - Lowest 1) | ||
DeflateCompressionLevel 9 | ||
# Netscape 4.x has some problems. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the record, I don't really care about Netscape support ;)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OA + DISJ goals we gotta take everyone into consideration
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😁
.travis.yml
Outdated
deploy: | ||
provider: elasticbeanstalk | ||
access_key_id: AKIAI4BFBKEXWULNKVGQ | ||
secret_access_key: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm guessing we don't want this to be here. Do we have a strategy for having it NOT be here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is potentially okay since secret is encrypted, but I think we can encrypt both. Will double check
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah FYI: https://stackoverflow.com/questions/7678835/how-secure-are-amazon-aws-access-keys
Gonna ignore encrypting access key, and will just stick to secret encryption. Will create a different user with limited rights for deploying from Travis to beanstalk
hamlet/settings/aws.py
Outdated
|
||
# GENERAL CONFIGURATION | ||
# ----------------------------------------------------------------------------- | ||
#SET SECRET KEY IN .ebextensions config |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Helpful!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(Do we actually do that? How/where?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope, plan is no passes/etc in .ebextensions now will change
] | ||
|
||
private_ip = get_linux_ec2_private_ip() | ||
if private_ip: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
hamlet/settings/aws.py
Outdated
# STATIC FILE CONFIGURATION | ||
# ----------------------------------------------------------------------------- | ||
|
||
MIDDLEWARE += ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Whitenoise wants to be before most other middleware (http://whitenoise.evans.io/en/stable/) so this will need to be MIDDLEWARE.insert(1, 'whitenoise.middleware.WhiteNoiseMiddleware')
.
hamlet/settings/aws.py
Outdated
COMPRESS_OFFLINE = True | ||
|
||
#MODEL FILES STORED ON S3 | ||
MODELS_DIR = os.environ.get('MODELS_DIR') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you make sure docs/docs.md
contains info on whatever env needs to be set in order for all of this to work? (The docs file is horribly disorganized right now so you can just put it somewhere in the AWS stuff and I'll sort out the organization later.)
I think I got everything? Libraries CI/CD slowly becoming a reality? |
Includes: * test that we can autodeploy the beanstalk branch, then swap config to master * add bucket_name (not included with travis setup) * configure with restricted account for travis * update docs
f3aa902
to
27c6402
Compare
Current beanstalk config + Travis Deploy settings.