Ec2 deploy refactor

.gitignore

@@ -12,3 +12,4 @@ static/*
 chef/cookbooks/palewire/files/default/users/*
 chef/node.json
 newrelic.ini
+fabfile/env.py

chef/cookbooks/palewire/files/default/apache/apache2.conf

@@ -1,35 +1,28 @@
-ServerName elections.latimes.com
-LockFile ${APACHE_LOCK_DIR}/accept.lock
+ServerName datadesk
+Mutex file:${APACHE_LOCK_DIR} default
 PidFile ${APACHE_PID_FILE}
 Timeout 60
 KeepAlive Off
-StartServers          2
-MinSpareThreads       2
-MaxSpareThreads       4 
-ThreadLimit          10
-ThreadsPerChild      10
-MaxClients           160
-MaxRequestsPerChild   10000
+StartServers                2
+MinSpareThreads             2
+MaxSpareThreads             4
+ThreadLimit                 10
+ThreadsPerChild             10
+MaxRequestWorkers           160
+MaxConnectionsPerChild      10000
 User ${APACHE_RUN_USER}
 Group ${APACHE_RUN_GROUP}
 AccessFileName .htaccess
-<Files ~ "^\.ht">
-    Order allow,deny
-    Deny from all
-    Satisfy all
-</Files>
-DefaultType text/plain
 HostnameLookups Off
 ErrorLog ${APACHE_LOG_DIR}/error.log
 LogLevel warn
 Include mods-enabled/*.load
 Include mods-enabled/*.conf
-Include httpd.conf
 Include ports.conf
+Include sites-enabled/*
 LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%v %l %u %t \"%r\" %>s %b" comonvhost
 LogFormat "%{Referer}i -> %U" referer
-LogFormat "%{User-agent}i" agent
-Include conf.d/
-Include sites-enabled/
+LogFormat "%{User-agent}i" agent

chef/cookbooks/palewire/files/default/postgresql/create_postgis_template.sh

@@ -1,44 +1,11 @@
-#!/bin/bash
-
-GEOGRAPHY=0
 POSTGIS_SQL=postgis.sql
-
-# For Ubuntu 8.x and 9.x releases.
-if [ -d "/usr/share/postgresql-8.3-postgis" ]
-then
-    POSTGIS_SQL_PATH=/usr/share/postgresql-8.3-postgis
-    POSTGIS_SQL=lwpostgis.sql
-fi
-
-# For Ubuntu 10.04
-if [ -d "/usr/share/postgresql/8.4/contrib" ]
-then
-    POSTGIS_SQL_PATH=/usr/share/postgresql/8.4/contrib
-fi
-
-# For Ubuntu 10.10 (with PostGIS 1.5)
-if [ -d "/usr/share/postgresql/8.4/contrib/postgis-1.5" ]
-then
-    POSTGIS_SQL_PATH=/usr/share/postgresql/8.4/contrib/postgis-1.5
-    GEOGRAPHY=1
-fi
-
-# For Ubuntu 11.10 / Linux Mint 12 (with PostGIS 1.5)
-if [ -d "/usr/share/postgresql/9.1/contrib/postgis-1.5" ]
-then
-    POSTGIS_SQL_PATH=/usr/share/postgresql/9.1/contrib/postgis-1.5
-    GEOGRAPHY=1
-fi
+POSTGIS_SQL_PATH=/usr/share/postgresql/9.4/contrib/postgis-2.1
 
 createdb -E UTF8 template_postgis && \
 ( createlang -d template_postgis -l | grep plpgsql || createlang -d template_postgis plpgsql ) && \
 psql -d postgres -c "UPDATE pg_database SET datistemplate='true' WHERE datname='template_postgis';" && \
 psql -d template_postgis -f $POSTGIS_SQL_PATH/$POSTGIS_SQL && \
 psql -d template_postgis -f $POSTGIS_SQL_PATH/spatial_ref_sys.sql && \
 psql -d template_postgis -c "GRANT ALL ON geometry_columns TO PUBLIC;" && \
-psql -d template_postgis -c "GRANT ALL ON spatial_ref_sys TO PUBLIC;"
-
-if [ $GEOGRAPHY -eq 1 ]
-then
-    psql -d template_postgis -c "GRANT ALL ON geography_columns TO PUBLIC;"
-fi
+psql -d template_postgis -c "GRANT ALL ON spatial_ref_sys TO PUBLIC;" && \
+psql -d template_postgis -c "GRANT ALL ON geography_columns TO PUBLIC;"

chef/cookbooks/palewire/recipes/apache.rb

@@ -8,12 +8,11 @@
     :upgrade
 end
 
-# Restart apache
-service "apache2" do
-  enabled true
-  running true
-  supports :status => true, :restart => true, :start => true, :stop => true
-  action [:restart,]
+# install mod-rpaf so apache can use the X-Forwarded-For
+# header to see the real incoming IP addresses. This prevents server-status
+# from being publicly available
+package "libapache2-mod-rpaf" do
+    :upgrade
 end
 
 # Set the port for Apache since Varnish will be on :80
@@ -25,7 +24,6 @@
   variables({
      :apache_port => node[:apache_port]
   })
-  notifies :restart, resources(:service => "apache2")
 end
 
 # Set a virtual host file for each app
@@ -41,22 +39,27 @@
          :app_name => app[:name],
          :apps_user => node[:apps_user]
       })
-      notifies :restart, resources(:service => "apache2")
     end
 end
 
 cookbook_file "/etc/apache2/apache2.conf" do
-  source "apache/apache2.conf" 
+  source "apache/apache2.conf"
   mode 0640
   owner "root"
   group "root"
-  notifies :restart, resources(:service => "apache2")
 end
 
 bash "Remove default apache config" do
   user "root"
   group "root"
-  code "rm /etc/apache2/sites-enabled/000-default"
+  code "rm /etc/apache2/sites-enabled/000-default.conf"
   ignore_failure true
 end
 
+script "restart-apache" do
+  interpreter "bash"
+  user "root"
+  code <<-EOH
+    apachectl restart
+  EOH
+end

chef/cookbooks/palewire/recipes/apps.rb

@@ -48,37 +48,37 @@
 
 # Loop through all the apps we want to configure
 node[:apps].each do |app|
-    
+
     # Make the directory for the app
     virtualenv "/apps/#{app[:name]}" do
         owner node[:apps_user]
         group node[:apps_group]
         mode 0775
     end
-    
+
     # Make the directory for the repo
-    directory "/apps/#{app[:name]}/project" do
+    directory "/apps/#{app[:name]}/repo" do
         owner node[:apps_user]
         group node[:apps_group]
         mode 0775
     end
-    
+
     # Pull the git repo
-    git "/apps/#{app[:name]}/project"  do
+    git "/apps/#{app[:name]}/repo"  do
       repository app[:repo]
       reference "HEAD"
       revision app[:branch]
       user node[:apps_user]
       group node[:apps_group]
       action :sync
     end
-    
+
     # Install the virtualenv requirements
     script "Install Requirements" do
       interpreter "bash"
       user node[:apps_user]
       group node[:apps_group]
-      code "/apps/#{app[:name]}/bin/pip install -r /apps/#{app[:name]}/project/requirements.txt"
+      code "/apps/#{app[:name]}/bin/pip install -r /apps/#{app[:name]}/repo/requirements.txt"
     end
 
     # Create the database user

chef/cookbooks/palewire/recipes/pgpool.rb

@@ -9,7 +9,7 @@
   mode 0640
 end
 
-cookbook_file "/etc/postgresql/9.1/main/pg_hba.conf" do
+cookbook_file "/etc/postgresql/9.4/main/pg_hba.conf" do
   source "pgpool/pg_hba.conf"
   user "postgres"
   group "postgres"

chef/cookbooks/palewire/recipes/postgresql.rb

@@ -12,11 +12,11 @@
     :upgrade
 end
 
-package "postgresql-9.1-postgis" do
+package "postgresql-9.4-postgis-2.1" do
     :upgrade
 end
 
-package "postgresql-server-dev-9.1" do
+package "postgresql-server-dev-9.4" do
     :upgrade
 end
 

chef/cookbooks/palewire/templates/default/apache/ports.conf.erb

@@ -1,15 +1 @@
-NameVirtualHost *:<%= @apache_port %>
-Listen <%= @apache_port %>
-
-<IfModule mod_ssl.c>
-    # If you add NameVirtualHost *:443 here, you will also have to change
-    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
-    # to <VirtualHost *:443>
-    # Server Name Indication for SSL named virtual hosts is currently not
-    # supported by MSIE on Windows XP.
-    Listen 443
-</IfModule>
-
-<IfModule mod_gnutls.c>
-    Listen 443
-</IfModule>
+Listen <%= @apache_port %>

chef/cookbooks/palewire/templates/default/apache/vhost.erb

@@ -1,8 +1,15 @@
 <VirtualHost *:<%= @apache_port %>>
     ServerName <%= @server_name %>
     ServerAlias <%= @server_name %>
-    WSGIScriptAlias / /apps/<%= @app_name %>/project/apache/django.wsgi
-    WSGIDaemonProcess <%= @app_name %> user=<%= @apps_user %> display-name=%{GROUP} processes=2 threads=15
+    WSGIScriptAlias / /apps/<%= @app_name %>/repo/project/wsgi_prod.py
+    WSGIDaemonProcess <%= @app_name %> user=<%= @apps_user %> processes=2 threads=15 display-name=%{GROUP} python-path=/apps/<%= @app_name %>/lib/python2.7/site-packages/:/apps/<%= @app_name %>/repo/
     WSGIProcessGroup <%= @app_name %>
     WSGIApplicationGroup %{GLOBAL}
-</VirtualHost>
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+    <Directory /apps/<%= @app_name %>/repo/project/>
+        <Files wsgi_prod.py>
+            Require all granted
+        </Files>
+    </Directory>
+</VirtualHost>