/doc/source/install.rst - Diff - Firewall on Demand - Greek Research and Technology Network's projects

Revision 0bf16f7f doc/source/install.rst

     Debian Wheezy (x64) - Django 1.4.x
     ==================================
     This guide assumes that installation is carried out in /srv/flowspy directory. If other directory is to be used, please change the corresponding configuration files. It is also assumed that the root user will perform every action.
     Upgrading from v<1.0.x
     ----------------------
     If upgrading from flowspy version <1.0.x pay attention to settings.py changes. Also, do not forget to run::
        ./manage.py migrate
     to catch-up with latest database changes.
     Required system packages
     ------------------------
     Update and install the required packages::
     	apt-get update
-...
     Application configuration
     =========================
     Copy settings.py.dist to settings.py::
        cd flowspy
-...
     beanstalkd
     ----------
     Enable beanstalk by editting /etc/default/beanstalkd::
     	vim /etc/default/beanstalkd
-...
     gunicorn.d
     ----------
     create and edit /etc/gunicorn.d/fod::
     Create and edit /etc/gunicorn.d/fod::
     	vim /etc/gunicorn.d/fod
-...
                '--bind=127.0.0.1:8081',
                '--workers=1',
                '--worker-class=egg:gunicorn#gevent',
                '--timeout=360',
                '--timeout=30',
                '--log-level=debug',
                '--log-file=/tmp/fod.log',
                '--log-file=/var/log/flowspy.log',
            ),
+       }
     celery.d
     --------
     celeryd
     -------
     Celery is used over beanstalkd to apply firewall rules in a serial manner so that locks are avoided on the flowspec capable device. In our setup celery runs via django. That is why the python-django-celery package was installed.
     Create the celeryd daemon at /etc/init.d/celeryd **if it does not already exist**::
        vim /etc/init.d/celeryd
     The configuration should be::
        #!/bin/sh -e
        # ============================================
        #  celeryd - Starts the Celery worker daemon.
        # ============================================
+       #
        # :Usage: /etc/init.d/celeryd {start|stop|force-reload|restart|try-restart|status}
        # :Configuration file: /etc/default/celeryd
+       #
        # See http://docs.celeryq.org/en/latest/cookbook/daemonizing.html#init-script-celeryd
        ### BEGIN INIT INFO
        # Provides:          celeryd
        # Required-Start:    $network $local_fs $remote_fs
        # Required-Stop:     $network $local_fs $remote_fs
        # Default-Start:     2 3 4 5
        # Default-Stop:      0 1 6
        # Short-Description: celery task worker daemon
        # Description:       Starts the Celery worker daemon for a single project.
        ### END INIT INFO
        #set -e
        DEFAULT_PID_FILE="/var/run/celery/%n.pid"
        DEFAULT_LOG_FILE="/var/log/celery/%n.log"
        DEFAULT_LOG_LEVEL="INFO"
        DEFAULT_NODES="celery"
        DEFAULT_CELERYD="-m celery.bin.celeryd_detach"
        ENABLED="false"
        [ -r "$CELERY_DEFAULTS" ] && . "$CELERY_DEFAULTS"
        [ -r /etc/default/celeryd ] && . /etc/default/celeryd
        if [ "$ENABLED" != "true" ]; then
            echo "celery daemon disabled - see /etc/default/celeryd."
            exit 0
        fi
        CELERYD_PID_FILE=${CELERYD_PID_FILE:-${CELERYD_PIDFILE:-$DEFAULT_PID_FILE}}
        CELERYD_LOG_FILE=${CELERYD_LOG_FILE:-${CELERYD_LOGFILE:-$DEFAULT_LOG_FILE}}
        CELERYD_LOG_LEVEL=${CELERYD_LOG_LEVEL:-${CELERYD_LOGLEVEL:-$DEFAULT_LOG_LEVEL}}
        CELERYD_MULTI=${CELERYD_MULTI:-"celeryd-multi"}
        CELERYD=${CELERYD:-$DEFAULT_CELERYD}
        CELERYCTL=${CELERYCTL:="celeryctl"}
        CELERYD_NODES=${CELERYD_NODES:-$DEFAULT_NODES}
        export CELERY_LOADER
        if [ -n "$2" ]; then
            CELERYD_OPTS="$CELERYD_OPTS $2"
        fi
        CELERYD_LOG_DIR=`dirname $CELERYD_LOG_FILE`
        CELERYD_PID_DIR=`dirname $CELERYD_PID_FILE`
        if [ ! -d "$CELERYD_LOG_DIR" ]; then
            mkdir -p $CELERYD_LOG_DIR
        fi
        if [ ! -d "$CELERYD_PID_DIR" ]; then
            mkdir -p $CELERYD_PID_DIR
        fi
        # Extra start-stop-daemon options, like user/group.
        if [ -n "$CELERYD_USER" ]; then
            DAEMON_OPTS="$DAEMON_OPTS --uid=$CELERYD_USER"
            chown "$CELERYD_USER" $CELERYD_LOG_DIR $CELERYD_PID_DIR
        fi
        if [ -n "$CELERYD_GROUP" ]; then
            DAEMON_OPTS="$DAEMON_OPTS --gid=$CELERYD_GROUP"
            chgrp "$CELERYD_GROUP" $CELERYD_LOG_DIR $CELERYD_PID_DIR
        fi
        if [ -n "$CELERYD_CHDIR" ]; then
            DAEMON_OPTS="$DAEMON_OPTS --workdir=\"$CELERYD_CHDIR\""
        fi
        check_dev_null() {
            if [ ! -c /dev/null ]; then
                echo "/dev/null is not a character device!"
                exit 1
            fi
+       }
        export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
        stop_workers () {
            $CELERYD_MULTI stop $CELERYD_NODES --pidfile="$CELERYD_PID_FILE"
+       }
        start_workers () {
            $CELERYD_MULTI start $CELERYD_NODES $DAEMON_OPTS        \
                                 --pidfile="$CELERYD_PID_FILE"      \
                                 --logfile="$CELERYD_LOG_FILE"      \
                                 --loglevel="$CELERYD_LOG_LEVEL"    \
                                 --cmd="$CELERYD"                   \
                                 $CELERYD_OPTS
+       }
        restart_workers () {
            $CELERYD_MULTI restart $CELERYD_NODES $DAEMON_OPTS      \
                                   --pidfile="$CELERYD_PID_FILE"    \
                                   --logfile="$CELERYD_LOG_FILE"    \
                                   --loglevel="$CELERYD_LOG_LEVEL"  \
                                   --cmd="$CELERYD"                 \
                                   $CELERYD_OPTS
+       }
        case "$1" in
            start)
                check_dev_null
                start_workers
            ;;
            stop)
                check_dev_null
                stop_workers
            ;;
            reload|force-reload)
                echo "Use restart"
            ;;
            status)
                $CELERYCTL status $CELERYCTL_OPTS
            ;;
            restart)
                check_dev_null
                restart_workers
            ;;
            try-restart)
                check_dev_null
                restart_workers
            ;;
            *)
                echo "Usage: /etc/init.d/celeryd {start|stop|restart|try-restart|kill}"
                exit 1
            ;;
        esac
        exit 0
     celeryd configuration
     ---------------------
     celeryd requires a /etc/default/celeryd file to be in place.
     Thus we are going to create this file (/etc/default/celeryd)::
-...
        # Extra arguments to celeryd
        #CELERYD_OPTS="--time-limit=300 --concurrency=8"
        CELERYD_OPTS="-E -B"
        CELERYD_OPTS="-E -B --schedule=/var/run/celery/celerybeat-schedule"
        # Name of the celery config module.
        CELERY_CONFIG_MODULE="celeryconfig"
        # %n will be replaced with the nodename.
        CELERYD_LOG_FILE="$CELERYD_CHDIR/celery_var/log/celery/%n.log"
        CELERYD_PID_FILE="$CELERYD_CHDIR/celery_var/run/celery/%n.pid"
        CELERYD_LOG_FILE="/var/log/celery/%n.log"
        CELERYD_PID_FILE="/var/run/celery/%n.pid"
        # Workers should run as an unprivileged user.
        CELERYD_USER="user"
        CELERYD_GROUP="users"
        CELERYD_USER="celery"
        CELERYD_GROUP="celery"
        # Name of the projects settings module.
        export DJANGO_SETTINGS_MODULE="flowspy.settings"
     Apache
     ------
     Apache proxies gunicorn. Things are more flexible here as you may follow your own configuration and conventions. Create and edit /etc/apache2/sites-available/fod. You should set <server_name> and <admin_mail> along with your certificates. If under testing environment, you can use the provided snakeoil certs. If you do not intent to use Shibboleth delete or comment the corresponding configuration parts inside **Shibboleth configuration** ::
-...
     	service gunicorn restart && service apache2 restart
     Propagate the flatpages
     =======================
     Inside the initial_data/fixtures_manual.xml file we have placed 4 flatpages (2 for Greek, 2 for English) with Information and Terms of Service about the service.
     To import the flatpages, run from root folder::
        python manage.py loaddata initial_data/fixtures_manual.xml
     Testing the platform
     ====================
     Log in to the admin interface via https://<hostname>/admin. Go to Peer ranges and add a new range (part of/or a complete subnet), eg. 10.20.0.0/19

Also available in: Unified diff