-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add https support to server with defaulted key and cert. Closes #428.
- Loading branch information
1 parent
e078418
commit 97cbd79
Showing
16 changed files
with
445 additions
and
84 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,3 +6,6 @@ client | |
quipucords/db.sqlite3 | ||
node_modules | ||
package-lock.json | ||
|
||
logs | ||
*.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -53,6 +53,7 @@ coverage.xml | |
# Django stuff: | ||
*.log | ||
local_settings.py | ||
logs | ||
|
||
# Flask stuff: | ||
instance/ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
quipucords was written by Chris Hambridge <chambrid@redhat.com> | ||
and Noah Lavine <nlavine@redhat.com>. | ||
quipucords was written by Chris Hambridge <chambrid@redhat.com>, | ||
Noah Lavine <nlavine@redhat.com>, Kevan Holdaway<kholdawa@redhat.com>, | ||
and Ashley Aiken <aaiken@redhat.com>. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,25 +1,49 @@ | ||
FROM fedora:26 | ||
|
||
RUN yum -y groupinstall "Development tools" | ||
RUN yum -y install python-devel python-tools python3-devel python3-tools sshpass which | ||
RUN yum -y install python-devel python-tools python3-devel python3-tools sshpass which supervisor | ||
|
||
RUN pip install virtualenv | ||
RUN virtualenv -p python3 ~/venv | ||
|
||
# Create base directory | ||
RUN mkdir -p /app | ||
|
||
# Setup dependencies | ||
COPY requirements.txt /tmp/reqs.txt | ||
COPY requirements.txt /app/reqs.txt | ||
# Remove last 2 lines | ||
RUN sed -e :a -e '$d;N;2,3ba' -e 'P;D' /tmp/reqs.txt > /tmp/requirements.txt | ||
RUN . ~/venv/bin/activate;pip install -r /tmp/requirements.txt | ||
RUN sed -e :a -e '$d;N;2,3ba' -e 'P;D' /app/reqs.txt > /app/requirements.txt | ||
RUN . ~/venv/bin/activate;pip install -r /app/requirements.txt | ||
RUN . ~/venv/bin/activate;pip install coverage==3.6 | ||
RUN . ~/venv/bin/activate;pip install gunicorn==19.7.1 | ||
|
||
# Create /deploy | ||
RUN mkdir -p /deploy | ||
COPY deploy/gunicorn.conf.py /deploy | ||
COPY deploy/run.sh /deploy | ||
|
||
# Create /etc/ssl | ||
RUN mkdir -p /etc/ssl/ | ||
COPY deploy/ssl/* /etc/ssl/ | ||
VOLUME /etc/ssl | ||
|
||
# Create /var/logs | ||
RUN mkdir -p /var/logs | ||
VOLUME /var/logs | ||
|
||
# Copy server code | ||
COPY . /tmp/ | ||
WORKDIR /tmp/ | ||
COPY . /app/ | ||
WORKDIR /app/ | ||
|
||
# Initialize database & Collect static files | ||
RUN . ~/venv/bin/activate;make server-init server-static | ||
|
||
WORKDIR /app/quipucords | ||
|
||
# Initialize database | ||
RUN . ~/venv/bin/activate;python -V;make server-init | ||
ENV DJANGO_LOG_LEVEL=INFO | ||
ENV DJANGO_LOG_FORMATTER=verbose | ||
ENV DJANGO_LOG_HANDLERS=console,file | ||
ENV DJANGO_LOG_FILE=/var/logs/app.log | ||
|
||
EXPOSE 8000 | ||
CMD . ~/venv/bin/activate;python -V;python /tmp/quipucords/manage.py runserver 0.0.0.0:8000 | ||
EXPOSE 443 | ||
CMD /deploy/run.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,237 @@ | ||
"""Gunicorn configuration.""" | ||
# | ||
# Server socket | ||
# | ||
# bind - The socket to bind. | ||
# | ||
# A string of the form: 'HOST', 'HOST:PORT', 'unix:PATH'. | ||
# An IP is a valid HOST. | ||
# | ||
# backlog - The number of pending connections. This refers | ||
# to the number of clients that can be waiting to be | ||
# served. Exceeding this number results in the client | ||
# getting an error when attempting to connect. It should | ||
# only affect servers under significant load. | ||
# | ||
# Must be a positive integer. Generally set in the 64-2048 | ||
# range. | ||
# | ||
|
||
bind = '0.0.0.0:443' | ||
backlog = 2048 | ||
|
||
|
||
# | ||
# Worker processes | ||
# | ||
# workers - The number of worker processes that this server | ||
# should keep alive for handling requests. | ||
# | ||
# A positive integer generally in the 2-4 x $(NUM_CORES) | ||
# range. You'll want to vary this a bit to find the best | ||
# for your particular application's work load. | ||
# | ||
# worker_class - The type of workers to use. The default | ||
# sync class should handle most 'normal' types of work | ||
# loads. You'll want to read | ||
# http://docs.gunicorn.org/en/latest/design.html#choosing-a-worker-type | ||
# for information on when you might want to choose one | ||
# of the other worker classes. | ||
# | ||
# A string referring to a Python path to a subclass of | ||
# gunicorn.workers.base.Worker. The default provided values | ||
# can be seen at | ||
# http://docs.gunicorn.org/en/latest/settings.html#worker-class | ||
# | ||
# worker_connections - For the eventlet and gevent worker classes | ||
# this limits the maximum number of simultaneous clients that | ||
# a single process can handle. | ||
# | ||
# A positive integer generally set to around 1000. | ||
# | ||
# timeout - If a worker does not notify the master process in this | ||
# number of seconds it is killed and a new worker is spawned | ||
# to replace it. | ||
# | ||
# Generally set to thirty seconds. Only set this noticeably | ||
# higher if you're sure of the repercussions for sync workers. | ||
# For the non sync workers it just means that the worker | ||
# process is still communicating and is not tied to the length | ||
# of time required to handle a single request. | ||
# | ||
# keepalive - The number of seconds to wait for the next request | ||
# on a Keep-Alive HTTP connection. | ||
# | ||
# A positive integer. Generally set in the 1-5 seconds range. | ||
# | ||
|
||
workers = 1 | ||
worker_class = 'sync' | ||
worker_connections = 1000 | ||
timeout = 30 | ||
keepalive = 2 | ||
|
||
# | ||
# spew - Install a trace function that spews every line of Python | ||
# that is executed when running the server. This is the | ||
# nuclear option. | ||
# | ||
# True or False | ||
# | ||
|
||
spew = False | ||
|
||
# | ||
# Server mechanics | ||
# | ||
# daemon - Detach the main Gunicorn process from the controlling | ||
# terminal with a standard fork/fork sequence. | ||
# | ||
# True or False | ||
# | ||
# pidfile - The path to a pid file to write | ||
# | ||
# A path string or None to not write a pid file. | ||
# | ||
# user - Switch worker processes to run as this user. | ||
# | ||
# A valid user id (as an integer) or the name of a user that | ||
# can be retrieved with a call to pwd.getpwnam(value) or None | ||
# to not change the worker process user. | ||
# | ||
# group - Switch worker process to run as this group. | ||
# | ||
# A valid group id (as an integer) or the name of a user that | ||
# can be retrieved with a call to pwd.getgrnam(value) or None | ||
# to change the worker processes group. | ||
# | ||
# umask - A mask for file permissions written by Gunicorn. Note that | ||
# this affects unix socket permissions. | ||
# | ||
# A valid value for the os.umask(mode) call or a string | ||
# compatible with int(value, 0) (0 means Python guesses | ||
# the base, so values like "0", "0xFF", "0022" are valid | ||
# for decimal, hex, and octal representations) | ||
# | ||
# tmp_upload_dir - A directory to store temporary request data when | ||
# requests are read. This will most likely be disappearing soon. | ||
# | ||
# A path to a directory where the process owner can write. Or | ||
# None to signal that Python should choose one on its own. | ||
# | ||
|
||
daemon = False | ||
pidfile = None | ||
umask = 0 | ||
user = None | ||
group = None | ||
tmp_upload_dir = None | ||
|
||
# | ||
# Logging | ||
# | ||
# logfile - The path to a log file to write to. | ||
# | ||
# A path string. "-" means log to stdout. | ||
# | ||
# loglevel - The granularity of log output | ||
# | ||
# A string of "debug", "info", "warning", "error", "critical" | ||
# | ||
|
||
errorlog = '-' | ||
loglevel = 'info' | ||
accesslog = '-' | ||
access_log_format = '%(h)s %(l)s %(u)s %(t)s "%(r)s"' \ | ||
' %(s)s %(b)s "%(f)s" "%(a)s"' | ||
|
||
|
||
# Raw environment | ||
raw_env = [ | ||
'DJANGO_SETTINGS_MODULE=quipucords.settings' | ||
] | ||
|
||
# SSL configuration | ||
keyfile = '/etc/ssl/server.key' | ||
certfile = '/etc/ssl/server.crt' | ||
|
||
|
||
|
||
# | ||
# Process naming | ||
# | ||
# proc_name - A base to use with setproctitle to change the way | ||
# that Gunicorn processes are reported in the system process | ||
# table. This affects things like 'ps' and 'top'. If you're | ||
# going to be running more than one instance of Gunicorn you'll | ||
# probably want to set a name to tell them apart. This requires | ||
# that you install the setproctitle module. | ||
# | ||
# A string or None to choose a default of something like 'gunicorn'. | ||
# | ||
|
||
proc_name = None | ||
|
||
# | ||
# Server hooks | ||
# | ||
# post_fork - Called just after a worker has been forked. | ||
# | ||
# A callable that takes a server and worker instance | ||
# as arguments. | ||
# | ||
# pre_fork - Called just prior to forking the worker subprocess. | ||
# | ||
# A callable that accepts the same arguments as after_fork | ||
# | ||
# pre_exec - Called just prior to forking off a secondary | ||
# master process during things like config reloading. | ||
# | ||
# A callable that takes a server instance as the sole argument. | ||
# | ||
|
||
|
||
def post_fork(server, worker): | ||
"""After fork logging.""" | ||
server.log.info('Worker spawned (pid: %s)', worker.pid) | ||
|
||
|
||
def pre_fork(server, worker): | ||
"""Before fork logging.""" | ||
pass | ||
|
||
|
||
def pre_exec(server): | ||
"""Before exectution logging.""" | ||
server.log.info('Forked child, re-executing.') | ||
|
||
|
||
def when_ready(server): | ||
"""Notify when server is ready.""" | ||
server.log.info('Server is ready. Spawning workers') | ||
|
||
|
||
def worker_int(worker): | ||
"""Signal handling for worker.""" | ||
worker.log.info('worker received INT or QUIT signal') | ||
|
||
# get traceback info | ||
import threading | ||
import sys | ||
import traceback | ||
id2name = dict([(th.ident, th.name) for th in threading.enumerate()]) | ||
code = [] | ||
for threadId, stack in sys._current_frames().items(): | ||
code.append('\n# Thread: %s(%d)' % (id2name.get(threadId, ''), | ||
threadId)) | ||
for filename, lineno, name, line in traceback.extract_stack(stack): | ||
code.append('File: "%s", line %d, in %s' % (filename, | ||
lineno, name)) | ||
if line: | ||
code.append(' %s' % (line.strip())) | ||
worker.log.debug('\n'.join(code)) | ||
|
||
|
||
def worker_abort(worker): | ||
"""Abort logging for worker.""" | ||
worker.log.info('worker received SIGABRT signal') |
Oops, something went wrong.