Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Ubuntu Xenial (16.04) on staging #3113

Merged
merged 12 commits into from Jul 3, 2019
Merged

Add support for Ubuntu Xenial (16.04) on staging #3113

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
f3302aa
Add support for Ubuntu Xenial (16.04) on staging
rbreslow Jun 26, 2019
2d19153
Add t3.micro to supported EC2 instance types
rbreslow Jul 1, 2019
feeb2ff
Remove deprecated stateFile imfile input parameter
hectcastro Jul 2, 2019
0ec76c6
Remove JSON based Windshaft log format
hectcastro Jul 2, 2019
5cce9fe
Remove the hostname from Nginx syslog entries
hectcastro Jul 2, 2019
a8c0f06
Set the real client IP vs. the load balancer IP
hectcastro Jul 2, 2019
1c69f9c
Make same work directory before service definition start swap
hectcastro Jul 2, 2019
9b1298a
adjust indentation, normalize quotes, apply autopep8
rbreslow Jul 2, 2019
4ae3643
fixup! adjust indentation, normalize quotes, apply autopep8
rbreslow Jul 2, 2019
211bf8d
parameterize VPC CIDR ranges and fix rwd
rbreslow Jul 2, 2019
a5c7e76
more syntax fixes
rbreslow Jul 2, 2019
a5d4e9e
Scope docker restart to mmw_mmw-rwd_1
rbreslow Jul 3, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion .gitignore
View file
Open in desktop
Expand Up @@ -90,7 +90,7 @@ _SUCCESS
.settings
.history
.idea

.vscode

# Emacs
\#*#
Expand Down
2 changes: 1 addition & 1 deletion deployment/ansible/roles/model-my-watershed.app/tasks/main.yml
View file
Open in desktop
@@ -1,6 +1,6 @@
---
- { include: configuration.yml }
- { include: app.yml, when: "['packer'] | is_in(group_names)" }
- { include: configuration.yml }
hectcastro marked this conversation as resolved.
Show resolved Hide resolved
- { include: dependencies.yml }
- { include: dev-and-test-dependencies.yml, when: "['development', 'test'] | some_are_in(group_names)" }
- { include: static-files.yml }
Expand Down
2 changes: 1 addition & 1 deletion deployment/ansible/roles/model-my-watershed.app/templates/gunicorn.py.j2
View file
Open in desktop
Expand Up @@ -12,7 +12,7 @@ preload_app = False
reload = True
{% else %}
accesslog = None
errorlog = "{{ app_gunicorn_log }}"
errorlog = "-"
rbreslow marked this conversation as resolved.
Show resolved Hide resolved
loglevel = 'info'
preload_app = True
reload = False
Expand Down
7 changes: 5 additions & 2 deletions deployment/ansible/roles/model-my-watershed.app/templates/nginx-app.conf.j2
View file
Open in desktop
Expand Up @@ -5,15 +5,18 @@ resolver_timeout 10s;

proxy_cache_path {{ nginx_cache_dir }} levels=1:2 keys_zone=OBSERVATION:10m max_size=100m;

set_real_ip_from 10.0.0.0/8;
hectcastro marked this conversation as resolved.
Show resolved Hide resolved
real_ip_header X-Forwarded-For;

server {
listen *:80;
server_name _;
client_max_body_size 5M;

root {{ app_home }}/static;

error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_app,severity=error;
access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_app,severity=info combined;
error_log syslog:server=unix:/dev/log,nohostname,facility=local7,tag=nginx_app,severity=error;
access_log syslog:server=unix:/dev/log,nohostname,facility=local7,tag=nginx_app,severity=info combined;

{% if ['packer'] | is_in(group_names) -%}
location = /version.txt {
Expand Down
1 change: 0 additions & 1 deletion deployment/ansible/roles/model-my-watershed.base/tasks/dependencies.yml
View file
Open in desktop
Expand Up @@ -14,4 +14,3 @@

- name: Install PostgreSQL client
apt: pkg=postgresql-client-{{ postgresql_version }}={{ postgresql_package_version }}

8 changes: 6 additions & 2 deletions deployment/ansible/roles/model-my-watershed.base/tasks/main.yml
View file
Open in desktop
@@ -1,3 +1,7 @@
---
- { include: configuration.yml }
- { include: dependencies.yml }
- import_tasks: configuration.yml

- import_tasks: dependencies.yml

- import_tasks: papertrail.yml
when: "['packer'] | is_in(group_names)"
8 changes: 8 additions & 0 deletions deployment/ansible/roles/model-my-watershed.base/tasks/papertrail.yml
View file
Open in desktop
@@ -0,0 +1,8 @@
- name: Download Papertrail root certificate
get_url:
url: https://papertrailapp.com/tools/papertrail-bundle.pem
dest: /etc/papertrail-bundle.pem
checksum: sha256:79ea479e9f329de7075c40154c591b51eb056d458bc4dff76d9a4b9c6c4f6d0b

- name: Install rsyslog TLS utils
apt: name=rsyslog-gnutls
3 changes: 3 additions & 0 deletions deployment/ansible/roles/model-my-watershed.celery-worker/handlers/main.yml
View file
Open in desktop
@@ -1,3 +1,6 @@
---
- name: Restart Celery
service: name=celeryd state=restarted

- name: Restart Syslog
service: name=rsyslog state=restarted
4 changes: 4 additions & 0 deletions deployment/ansible/roles/model-my-watershed.celery-worker/tasks/configuration.yml
View file
Open in desktop
Expand Up @@ -8,3 +8,7 @@
with_dict: "{{ app_config }}"
notify:
- Restart Celery

- name: Send all logs to syslog
template: src=celery-syslog.j2 dest=/etc/rsyslog.d/23-celery.conf
notify: Restart Syslog
2 changes: 1 addition & 1 deletion deployment/ansible/roles/model-my-watershed.celery-worker/tasks/main.yml
View file
Open in desktop
@@ -1,6 +1,6 @@
---
- { include: configuration.yml }
- { include: app.yml, when: "['packer'] | is_in(group_names)" }
- { include: configuration.yml }
- { include: dependencies.yml }
- { include: celery-user.yml }
- { include: celery-service.yml }
7 changes: 7 additions & 0 deletions deployment/ansible/roles/model-my-watershed.celery-worker/templates/celery-syslog.j2
View file
Open in desktop
@@ -0,0 +1,7 @@
module(load="imfile")

{% for id in range(0,celery_number_of_workers) %}
input(type="imfile"
File="/var/log/celery/*-worker{{ id }}.log"
Tag="celery-worker-{{ id }}")
{% endfor %}
7 changes: 5 additions & 2 deletions ...ment/ansible/roles/model-my-watershed.geoprocessing/templates/nginx-geoprocessing.conf.j2
View file
Open in desktop
@@ -1,9 +1,12 @@
set_real_ip_from 10.0.0.0/8;
real_ip_header X-Forwarded-For;

server {
listen *:80;
server_name _;

error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_app,severity=error;
access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_geop,severity=info combined;
error_log syslog:server=unix:/dev/log,nohostname,facility=local7,tag=nginx_app,severity=error;
access_log syslog:server=unix:/dev/log,nohostname,facility=local7,tag=nginx_geop,severity=info combined;

{% if ['packer'] | is_in(group_names) -%}
location /version.txt {
Expand Down
2 changes: 1 addition & 1 deletion deployment/ansible/roles/model-my-watershed.tiler/tasks/main.yml
View file
Open in desktop
@@ -1,5 +1,5 @@
---
- { include: configuration.yml }
- { include: app.yml, when: "['packer'] | is_in(group_names)" }
- { include: configuration.yml }
- { include: dependencies.yml }
- { include: reverse-proxy.yml }
7 changes: 5 additions & 2 deletions deployment/ansible/roles/model-my-watershed.tiler/templates/nginx-tiler.conf.j2
View file
Open in desktop
@@ -1,9 +1,12 @@
set_real_ip_from 10.0.0.0/8;
real_ip_header X-Forwarded-For;

server {
listen *:80;
server_name _;

error_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_tiler,severity=error;
access_log syslog:server=unix:/dev/log,facility=local7,tag=nginx_tiler,severity=info combined;
error_log syslog:server=unix:/dev/log,nohostname,facility=local7,tag=nginx_tiler,severity=error;
access_log syslog:server=unix:/dev/log,nohostname,facility=local7,tag=nginx_tiler,severity=info combined;

{% if ['packer'] | is_in(group_names) -%}
location = /version.txt {
Expand Down
49 changes: 42 additions & 7 deletions deployment/cfn/application.py
View file
Open in desktop
Expand Up @@ -71,6 +71,8 @@ class Application(StackNode):
'RollbarServerSideAccessToken':
['global:RollbarServerSideAccessToken'],
'ClientAppUserPassword': ['global:ClientAppUserPassword'],
'PapertrailHost': ['global:PapertrailHost'],
'PapertrailPort': ['global:PapertrailPort'],
}

DEFAULTS = {
Expand All @@ -94,10 +96,7 @@ class Application(StackNode):
def set_up_stack(self):
super(Application, self).set_up_stack()

tags = self.get_input('Tags').copy()
tags.update({'StackType': 'Application'})

self.default_tags = tags
self.default_tags = self.get_input('Tags').copy()
rbreslow marked this conversation as resolved.
Show resolved Hide resolved
self.region = self.get_input('Region')

self.add_description('Application server stack for MMW')
Expand Down Expand Up @@ -266,6 +265,16 @@ def set_up_stack(self):
Description='Password for the client apps django account',
), 'ClientAppUserPassword')

self.papertrail_host = self.add_parameter(Parameter(
'PapertrailHost', Type='String',
Description='Hostname for Papertrail log destination',
), 'PapertrailHost')

self.papertrail_port = self.add_parameter(Parameter(
'PapertrailPort', Type='String',
Description='Port for Papertrail log destination',
), 'PapertrailPort')

app_server_lb_security_group, \
app_server_security_group = self.create_security_groups()
app_server_lb, \
Expand Down Expand Up @@ -293,7 +302,10 @@ def get_recent_app_server_ami(self):
try:
app_server_ami_id = self.get_input('AppServerAMI')
except MKUnresolvableInputError:
app_server_ami_id = get_recent_ami(self.aws_profile, 'mmw-app-*')
filters = {'name': 'mmw-app-*'}

app_server_ami_id = get_recent_ami(self.aws_profile, filters=filters,
region=self.region)

return app_server_ami_id

Expand Down Expand Up @@ -350,7 +362,7 @@ def create_security_groups(self):
IpProtocol='tcp', CidrIp=ALLOW_ALL_CIDR, FromPort=p,
ToPort=p
)
for p in [HTTP, HTTPS]
for p in [HTTP, HTTPS, self.get_input('PapertrailPort')]
],
Tags=self.get_tags(Name=app_server_security_group_name)
))
Expand Down Expand Up @@ -621,7 +633,30 @@ def get_cloud_config(self, tile_distribution_endpoint):
' - path: /etc/mmw.d/env/MMW_CLIENT_APP_USER_PASSWORD\n',
' permissions: 0750\n',
' owner: root:mmw\n',
' content: ', Ref(self.client_app_user_password)]
' content: ', Ref(self.client_app_user_password), '\n',
'\n',
'rsyslog:\n',
' - $DefaultNetstreamDriverCAFile /etc/papertrail-bundle.pem # trust these CAs\n',
' - $PreserveFQDN off\n',
' - $ActionSendStreamDriver gtls # use gtls netstream driver\n',
' - $ActionSendStreamDriverMode 1 # require TLS\n',
' - $ActionSendStreamDriverAuthMode x509/name # authenticate by hostname\n',
' - $ActionSendStreamDriverPermittedPeer *.papertrailapp.com\n',
' - $ActionResumeInterval 10\n',
' - $ActionQueueSize 100000\n',
' - $ActionQueueDiscardMark 97500\n',
' - $ActionQueueHighWaterMark 80000\n',
' - $ActionQueueType LinkedList\n',
' - $ActionQueueFileName papertrailqueue\n',
' - $ActionQueueCheckpointInterval 100\n',
' - $ActionQueueMaxDiskSpace 2g\n',
' - $ActionResumeRetryCount -1\n',
' - $ActionQueueSaveOnShutdown on\n',
' - $ActionQueueTimeoutEnqueue 2\n',
' - $ActionQueueDiscardSeverity 0\n',
' - "*.* @@', Ref(self.papertrail_host), ':', Ref(
self.papertrail_port), '"\n',
'rsyslog_filename: 22-mmw-papertrail.conf\n']

def get_tags(self, **kwargs):
"""Helper method to return Troposphere tags + default tags
Expand Down