Revision 0bf16f7f doc/source/install.rst
b/doc/source/install.rst | ||
---|---|---|
7 | 7 |
|
8 | 8 |
Debian Wheezy (x64) - Django 1.4.x |
9 | 9 |
================================== |
10 |
|
|
11 | 10 |
This guide assumes that installation is carried out in /srv/flowspy directory. If other directory is to be used, please change the corresponding configuration files. It is also assumed that the root user will perform every action. |
12 | 11 |
|
12 |
Upgrading from v<1.0.x |
|
13 |
---------------------- |
|
14 |
If upgrading from flowspy version <1.0.x pay attention to settings.py changes. Also, do not forget to run:: |
|
15 |
|
|
16 |
./manage.py migrate |
|
17 |
|
|
18 |
to catch-up with latest database changes. |
|
19 |
|
|
13 | 20 |
Required system packages |
14 | 21 |
------------------------ |
15 |
|
|
16 | 22 |
Update and install the required packages:: |
17 | 23 |
|
18 | 24 |
apt-get update |
... | ... | |
58 | 64 |
|
59 | 65 |
Application configuration |
60 | 66 |
========================= |
61 |
|
|
62 | 67 |
Copy settings.py.dist to settings.py:: |
63 | 68 |
|
64 | 69 |
cd flowspy |
... | ... | |
139 | 144 |
|
140 | 145 |
beanstalkd |
141 | 146 |
---------- |
142 |
|
|
143 | 147 |
Enable beanstalk by editting /etc/default/beanstalkd:: |
144 | 148 |
|
145 | 149 |
vim /etc/default/beanstalkd |
... | ... | |
152 | 156 |
|
153 | 157 |
gunicorn.d |
154 | 158 |
---------- |
155 |
|
|
156 |
create and edit /etc/gunicorn.d/fod:: |
|
159 |
Create and edit /etc/gunicorn.d/fod:: |
|
157 | 160 |
|
158 | 161 |
vim /etc/gunicorn.d/fod |
159 | 162 |
|
... | ... | |
166 | 169 |
'--bind=127.0.0.1:8081', |
167 | 170 |
'--workers=1', |
168 | 171 |
'--worker-class=egg:gunicorn#gevent', |
169 |
'--timeout=360',
|
|
172 |
'--timeout=30', |
|
170 | 173 |
'--log-level=debug', |
171 |
'--log-file=/tmp/fod.log',
|
|
174 |
'--log-file=/var/log/flowspy.log',
|
|
172 | 175 |
), |
173 | 176 |
} |
174 | 177 |
|
175 | 178 |
|
176 |
celery.d |
|
177 |
-------- |
|
178 |
|
|
179 |
celeryd |
|
180 |
------- |
|
179 | 181 |
Celery is used over beanstalkd to apply firewall rules in a serial manner so that locks are avoided on the flowspec capable device. In our setup celery runs via django. That is why the python-django-celery package was installed. |
180 | 182 |
|
183 |
Create the celeryd daemon at /etc/init.d/celeryd **if it does not already exist**:: |
|
184 |
|
|
185 |
vim /etc/init.d/celeryd |
|
186 |
|
|
187 |
The configuration should be:: |
|
188 |
|
|
189 |
#!/bin/sh -e |
|
190 |
# ============================================ |
|
191 |
# celeryd - Starts the Celery worker daemon. |
|
192 |
# ============================================ |
|
193 |
# |
|
194 |
# :Usage: /etc/init.d/celeryd {start|stop|force-reload|restart|try-restart|status} |
|
195 |
# :Configuration file: /etc/default/celeryd |
|
196 |
# |
|
197 |
# See http://docs.celeryq.org/en/latest/cookbook/daemonizing.html#init-script-celeryd |
|
198 |
|
|
199 |
|
|
200 |
### BEGIN INIT INFO |
|
201 |
# Provides: celeryd |
|
202 |
# Required-Start: $network $local_fs $remote_fs |
|
203 |
# Required-Stop: $network $local_fs $remote_fs |
|
204 |
# Default-Start: 2 3 4 5 |
|
205 |
# Default-Stop: 0 1 6 |
|
206 |
# Short-Description: celery task worker daemon |
|
207 |
# Description: Starts the Celery worker daemon for a single project. |
|
208 |
### END INIT INFO |
|
209 |
|
|
210 |
#set -e |
|
211 |
|
|
212 |
DEFAULT_PID_FILE="/var/run/celery/%n.pid" |
|
213 |
DEFAULT_LOG_FILE="/var/log/celery/%n.log" |
|
214 |
DEFAULT_LOG_LEVEL="INFO" |
|
215 |
DEFAULT_NODES="celery" |
|
216 |
DEFAULT_CELERYD="-m celery.bin.celeryd_detach" |
|
217 |
ENABLED="false" |
|
218 |
|
|
219 |
[ -r "$CELERY_DEFAULTS" ] && . "$CELERY_DEFAULTS" |
|
220 |
|
|
221 |
[ -r /etc/default/celeryd ] && . /etc/default/celeryd |
|
222 |
|
|
223 |
if [ "$ENABLED" != "true" ]; then |
|
224 |
echo "celery daemon disabled - see /etc/default/celeryd." |
|
225 |
exit 0 |
|
226 |
fi |
|
227 |
|
|
228 |
|
|
229 |
CELERYD_PID_FILE=${CELERYD_PID_FILE:-${CELERYD_PIDFILE:-$DEFAULT_PID_FILE}} |
|
230 |
CELERYD_LOG_FILE=${CELERYD_LOG_FILE:-${CELERYD_LOGFILE:-$DEFAULT_LOG_FILE}} |
|
231 |
CELERYD_LOG_LEVEL=${CELERYD_LOG_LEVEL:-${CELERYD_LOGLEVEL:-$DEFAULT_LOG_LEVEL}} |
|
232 |
CELERYD_MULTI=${CELERYD_MULTI:-"celeryd-multi"} |
|
233 |
CELERYD=${CELERYD:-$DEFAULT_CELERYD} |
|
234 |
CELERYCTL=${CELERYCTL:="celeryctl"} |
|
235 |
CELERYD_NODES=${CELERYD_NODES:-$DEFAULT_NODES} |
|
236 |
|
|
237 |
export CELERY_LOADER |
|
238 |
|
|
239 |
if [ -n "$2" ]; then |
|
240 |
CELERYD_OPTS="$CELERYD_OPTS $2" |
|
241 |
fi |
|
242 |
|
|
243 |
CELERYD_LOG_DIR=`dirname $CELERYD_LOG_FILE` |
|
244 |
CELERYD_PID_DIR=`dirname $CELERYD_PID_FILE` |
|
245 |
if [ ! -d "$CELERYD_LOG_DIR" ]; then |
|
246 |
mkdir -p $CELERYD_LOG_DIR |
|
247 |
fi |
|
248 |
if [ ! -d "$CELERYD_PID_DIR" ]; then |
|
249 |
mkdir -p $CELERYD_PID_DIR |
|
250 |
fi |
|
251 |
|
|
252 |
# Extra start-stop-daemon options, like user/group. |
|
253 |
if [ -n "$CELERYD_USER" ]; then |
|
254 |
DAEMON_OPTS="$DAEMON_OPTS --uid=$CELERYD_USER" |
|
255 |
chown "$CELERYD_USER" $CELERYD_LOG_DIR $CELERYD_PID_DIR |
|
256 |
fi |
|
257 |
if [ -n "$CELERYD_GROUP" ]; then |
|
258 |
DAEMON_OPTS="$DAEMON_OPTS --gid=$CELERYD_GROUP" |
|
259 |
chgrp "$CELERYD_GROUP" $CELERYD_LOG_DIR $CELERYD_PID_DIR |
|
260 |
fi |
|
261 |
|
|
262 |
if [ -n "$CELERYD_CHDIR" ]; then |
|
263 |
DAEMON_OPTS="$DAEMON_OPTS --workdir=\"$CELERYD_CHDIR\"" |
|
264 |
fi |
|
265 |
|
|
266 |
|
|
267 |
check_dev_null() { |
|
268 |
if [ ! -c /dev/null ]; then |
|
269 |
echo "/dev/null is not a character device!" |
|
270 |
exit 1 |
|
271 |
fi |
|
272 |
} |
|
273 |
|
|
274 |
|
|
275 |
export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" |
|
276 |
|
|
277 |
|
|
278 |
stop_workers () { |
|
279 |
$CELERYD_MULTI stop $CELERYD_NODES --pidfile="$CELERYD_PID_FILE" |
|
280 |
} |
|
281 |
|
|
282 |
|
|
283 |
start_workers () { |
|
284 |
$CELERYD_MULTI start $CELERYD_NODES $DAEMON_OPTS \ |
|
285 |
--pidfile="$CELERYD_PID_FILE" \ |
|
286 |
--logfile="$CELERYD_LOG_FILE" \ |
|
287 |
--loglevel="$CELERYD_LOG_LEVEL" \ |
|
288 |
--cmd="$CELERYD" \ |
|
289 |
$CELERYD_OPTS |
|
290 |
} |
|
291 |
|
|
292 |
|
|
293 |
restart_workers () { |
|
294 |
$CELERYD_MULTI restart $CELERYD_NODES $DAEMON_OPTS \ |
|
295 |
--pidfile="$CELERYD_PID_FILE" \ |
|
296 |
--logfile="$CELERYD_LOG_FILE" \ |
|
297 |
--loglevel="$CELERYD_LOG_LEVEL" \ |
|
298 |
--cmd="$CELERYD" \ |
|
299 |
$CELERYD_OPTS |
|
300 |
} |
|
301 |
|
|
302 |
|
|
303 |
|
|
304 |
case "$1" in |
|
305 |
start) |
|
306 |
check_dev_null |
|
307 |
start_workers |
|
308 |
;; |
|
309 |
|
|
310 |
stop) |
|
311 |
check_dev_null |
|
312 |
stop_workers |
|
313 |
;; |
|
314 |
|
|
315 |
reload|force-reload) |
|
316 |
echo "Use restart" |
|
317 |
;; |
|
318 |
|
|
319 |
status) |
|
320 |
$CELERYCTL status $CELERYCTL_OPTS |
|
321 |
;; |
|
322 |
|
|
323 |
restart) |
|
324 |
check_dev_null |
|
325 |
restart_workers |
|
326 |
;; |
|
327 |
|
|
328 |
try-restart) |
|
329 |
check_dev_null |
|
330 |
restart_workers |
|
331 |
;; |
|
332 |
|
|
333 |
*) |
|
334 |
echo "Usage: /etc/init.d/celeryd {start|stop|restart|try-restart|kill}" |
|
335 |
exit 1 |
|
336 |
;; |
|
337 |
esac |
|
338 |
|
|
339 |
exit 0 |
|
340 |
|
|
341 |
celeryd configuration |
|
342 |
--------------------- |
|
181 | 343 |
celeryd requires a /etc/default/celeryd file to be in place. |
182 | 344 |
Thus we are going to create this file (/etc/default/celeryd):: |
183 | 345 |
|
... | ... | |
203 | 365 |
|
204 | 366 |
# Extra arguments to celeryd |
205 | 367 |
#CELERYD_OPTS="--time-limit=300 --concurrency=8" |
206 |
CELERYD_OPTS="-E -B" |
|
368 |
CELERYD_OPTS="-E -B --schedule=/var/run/celery/celerybeat-schedule"
|
|
207 | 369 |
# Name of the celery config module. |
208 | 370 |
CELERY_CONFIG_MODULE="celeryconfig" |
209 | 371 |
|
210 | 372 |
# %n will be replaced with the nodename. |
211 |
CELERYD_LOG_FILE="$CELERYD_CHDIR/celery_var/log/celery/%n.log"
|
|
212 |
CELERYD_PID_FILE="$CELERYD_CHDIR/celery_var/run/celery/%n.pid"
|
|
373 |
CELERYD_LOG_FILE="/var/log/celery/%n.log"
|
|
374 |
CELERYD_PID_FILE="/var/run/celery/%n.pid"
|
|
213 | 375 |
|
214 | 376 |
# Workers should run as an unprivileged user. |
215 |
CELERYD_USER="user"
|
|
216 |
CELERYD_GROUP="users"
|
|
377 |
CELERYD_USER="celery"
|
|
378 |
CELERYD_GROUP="celery"
|
|
217 | 379 |
|
218 | 380 |
# Name of the projects settings module. |
219 | 381 |
export DJANGO_SETTINGS_MODULE="flowspy.settings" |
220 | 382 |
|
221 |
|
|
222 | 383 |
Apache |
223 | 384 |
------ |
224 | 385 |
Apache proxies gunicorn. Things are more flexible here as you may follow your own configuration and conventions. Create and edit /etc/apache2/sites-available/fod. You should set <server_name> and <admin_mail> along with your certificates. If under testing environment, you can use the provided snakeoil certs. If you do not intent to use Shibboleth delete or comment the corresponding configuration parts inside **Shibboleth configuration** :: |
... | ... | |
327 | 488 |
|
328 | 489 |
service gunicorn restart && service apache2 restart |
329 | 490 |
|
491 |
|
|
492 |
Propagate the flatpages |
|
493 |
======================= |
|
494 |
Inside the initial_data/fixtures_manual.xml file we have placed 4 flatpages (2 for Greek, 2 for English) with Information and Terms of Service about the service. |
|
495 |
To import the flatpages, run from root folder:: |
|
496 |
|
|
497 |
python manage.py loaddata initial_data/fixtures_manual.xml |
|
498 |
|
|
499 |
|
|
500 |
|
|
330 | 501 |
Testing the platform |
331 | 502 |
==================== |
332 | 503 |
Log in to the admin interface via https://<hostname>/admin. Go to Peer ranges and add a new range (part of/or a complete subnet), eg. 10.20.0.0/19 |
Also available in: Unified diff