entrouvert
/
hobo
16
0
Fork 0
Code Issues Pull Requests 18 Releases Activity

debian: packaging is multitenant only (#6712)

This commit is contained in:
Jérôme Schneider 2015-03-11 18:10:18 +01:00 committed by Frédéric Péters
parent 21c921e36d
commit 45334e828b
22 changed files with 128 additions and 566 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
debian/agent/README.Debian vendored
View File

@ -1,21 +1,5 @@
Hobo agent for Debian
=====================
First step configure sudo
--------------------------
1. Edit your sudo configuration with sudoers
2. If you want to deploy wcs-au-quotidien add this line::
hobo-agent ALL=(wcs-au-quotidien)NOPASSWD:/usr/sbin/wcsctl -f /etc/wcs/wcs-au-quotidien.cfg hobo_deploy
3. If you want to deploy Authentic 2 tenant add this line::
hobo-agent ALL=(authentic)NOPASSWD:/usr/bin/authentic2-multitenant-ctl deploy
4. If you want to deploy Combo tenant add this line::
hobo-agent ALL=(combo)NOPASSWD:/usr/bin/combo-multitenant-manage hobo_deploy
5. If you want to deploy Passerelle tenant add this line::
hobo-agent ALL=(passerelle)NOPASSWD:/usr/bin/passerelle-multitenant-manage hobo_deploy
Second step configure your agent
-------------------------------
1. Edit /etc/hobo-agent/settings.py (change BROKER_URL if distant)
2. Restart supervisor

4
debian/agent/settings.py vendored
View File

@ -19,5 +19,5 @@ AGENT_HOST_PATTERNS = None
WCS_MANAGE_COMMAND = 'sudo -u wcs-au-quotidien /usr/sbin/wcsctl -f /etc/wcs/wcs-au-quotidien.cfg'
AUTHENTIC_MANAGE_COMMAND = 'sudo -u authentic-multitenant /usr/bin/authentic2-multitenant-manage'
COMBO_MANAGE_COMMAND = 'sudo -u combo-multitenant /usr/bin/combo-multitenant-manage'
PASSERELLE_MANAGE_COMMAND = 'sudo -u passerelle-multitenant /usr/bin/passerelle-multitenant-manage'
COMBO_MANAGE_COMMAND = 'sudo -u combo /usr/bin/combo-manage'
PASSERELLE_MANAGE_COMMAND = 'sudo -u passerelle /usr/bin/passerelle-manage'

4
debian/agent/sudo-hobo-agent vendored
View File

@ -1,4 +1,4 @@
hobo-agent ALL=(wcs-au-quotidien)NOPASSWD:/usr/sbin/wcsctl -f /etc/wcs/wcs-au-quotidien.cfg hobo_deploy * -
hobo-agent ALL=(authentic-multitenant)NOPASSWD:/usr/bin/authentic2-multitenant-manage hobo_deploy * -
hobo-agent ALL=(combo-multitenant)NOPASSWD:/usr/bin/combo-multitenant-manage hobo_deploy * -
hobo-agent ALL=(passerelle-multitenant)NOPASSWD:/usr/bin/passerelle-multitenant-manage hobo_deploy * -
hobo-agent ALL=(combo)NOPASSWD:/usr/bin/combo-manage hobo_deploy * -
hobo-agent ALL=(passerelle)NOPASSWD:/usr/bin/passerelle-manage hobo_deploy * -

19
debian/control vendored
View File

@ -14,19 +14,6 @@ Description: Rapid Remote Deployment python module
Package: hobo
Architecture: all
Depends: python-hobo (= ${binary:Version}),
rabbitmq-server (>= 3.3),
erlang-nox (>= 1:17.1),
python-django (>= 1.7),
python-gadjo,
python-django-mellon (>= 1.2.11),
gunicorn
Recommends: nginx
Description: Rapid Remote Deployment Daemon
Warning install bleeding edge : https://www.rabbitmq.com/install-debian.html
Package: hobo-multitenant
Architecture: all
Depends: python-hobo (= ${binary:Version}),
python-django-tenant-schemas,
python-psycopg2,
@ -35,10 +22,10 @@ Depends: python-hobo (= ${binary:Version}),
python-django (>= 1.7),
python-gadjo,
python-django-mellon (>= 1.2.11),
python-memcache,
gunicorn
Recommends: nginx, postgresql
Description: Multitenant Rapid Remote Deployment Daemon
Warning install bleeding edge : https://www.rabbitmq.com/install-debian.html
Recommends: nginx, postgresql, memcached
Description: Rapid Remote Deployment Daemon
Package: hobo-agent
Architecture: all

8
debian/hobo-multitenant.dirs vendored
View File

@ -1,8 +0,0 @@
/etc/hobo-multitenant
/var/lib/hobo-multitenant/collected-static
/var/lib/hobo-multitenant/locale
/var/lib/hobo-multitenant/media
/var/lib/hobo-multitenant/static
/var/lib/hobo-multitenant/templates
/var/lib/hobo-multitenant/tenants
/var/log/hobo-multitenant

2
debian/hobo-multitenant.docs vendored
View File

@ -1,2 +0,0 @@
debian/multitenant/README.Debian
debian/rabbitmq/rabbitmq.config.example

194
debian/hobo-multitenant.init vendored
View File

@ -1,194 +0,0 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: hobo-multitenant
# Required-Start: $network $local_fs
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Portail admin
# Description: Portail admin
### END INIT INFO
# Author: Entr'ouvert <info@entrouvert.com>
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Portail admin"
NAME=hobo-multitenant
DAEMON=/usr/bin/gunicorn
RUN_DIR=/run/$NAME
PIDFILE=$RUN_DIR/$NAME.pid
LOG_DIR=/var/log/$NAME
SCRIPTNAME=/etc/init.d/$NAME
BIND=unix:$RUN_DIR/$NAME.sock
WORKERS=5
TIMEOUT=10
HOBO_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py
MANAGE_SCRIPT="/usr/bin/$NAME-manage"
USER=$NAME
GROUP=$NAME
# Exit if the package is not installed
[ -x $DAEMON ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
DAEMON_ARGS=${DAEMON_ARGS:-"--pid $PIDFILE \
--user $USER --group $GROUP \
--daemon \
--access-logfile $LOG_DIR/gunicorn-access.log \
--log-file $LOG_DIR/gunicorn-error.log \
--bind=$BIND \
--workers=$WORKERS \
--worker-class=sync \
--timeout=$TIMEOUT \
--name $NAME \
hobo.wsgi:application"}
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
# Create /run directory
if [ ! -d $RUN_DIR ]; then
install -d -m 755 -o $USER -g $GROUP $RUN_DIR
fi
# environment for wsgi
export HOBO_SETTINGS_FILE
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --exec $DAEMON -- \
$DAEMON_ARGS \
|| return 2
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
#
# If the daemon can reload its configuration without
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name `basename $DAEMON`
return 0
}
do_migrate() {
log_action_msg "Applying new migrations .."
su $USER -p -c "$MANAGE_SCRIPT migrate_schemas"
log_action_msg ".. done"
}
do_collectstatic() {
log_action_msg "Collect static files.."
su $USER -p -c "$MANAGE_SCRIPT collectstatic --noinput"
log_action_msg ".. done"
}
case "$1" in
start)
log_daemon_msg "Starting $DESC " "$NAME"
do_migrate
do_collectstatic
do_start
case "$?" in
0|1) log_end_msg 0 ;;
2) log_end_msg 1 ;;
esac
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) log_end_msg 0 ;;
2) log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
reload|force-reload)
#
# If do_reload() is not implemented then leave this commented out
# and leave 'force-reload' as an alias for 'restart'.
#
log_daemon_msg "Reloading $DESC" "$NAME"
do_collectstatic
do_migrate
do_reload
log_end_msg $?
;;
restart|force-reload)
#
# If the "reload" option is implemented then remove the
# 'force-reload' alias
#
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_migrate
do_collectstatic
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2
exit 3
;;
esac

4
debian/hobo-multitenant.install vendored
View File

@ -1,4 +0,0 @@
debian/multitenant/hobo-multitenant-manage /usr/bin
debian/multitenant/settings.py /etc/hobo-multitenant
debian/multitenant/debian_config.py /usr/lib/hobo-multitenant
debian/multitenant/nginx-example.conf /usr/share/doc/hobo-multitenant

50
debian/hobo-multitenant.postinst vendored
View File

@ -1,50 +0,0 @@
#! /bin/sh
set -e
NAME="hobo-multitenant"
USER=$NAME
GROUP=$NAME
CONFIG_DIR="/etc/$NAME"
case "$1" in
configure)
# make sure the administrative user exists
if ! getent passwd $USER >/dev/null; then
adduser --disabled-password --quiet --system \
--no-create-home --home /var/lib/$NAME \
--gecos "$NAME software user" --group $GROUP
fi
# ensure dirs ownership
chown $USER:$GROUP /var/log/$NAME
chown $USER:$GROUP /var/lib/$NAME/collected-static
chown $USER:$GROUP /var/lib/$NAME/tenants
# create a secret file
SECRET_FILE=$CONFIG_DIR/secret
if [ ! -f $SECRET_FILE ]; then
echo -n "Generating Django secret..." >&2
cat /dev/urandom | tr -dc [:alnum:]-_\!\%\^:\; | head -c70 > $SECRET_FILE
chown root:$GROUP $SECRET_FILE
chmod 0440 $SECRET_FILE
fi
# generate the certificates
if [ ! -f $CONFIG_DIR/key.cert ]; then
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out $CONFIG_DIR/key.cert
openssl req -x509 -new -out $CONFIG_DIR/cert.pem -subj '/CN=whocares' -key $CONFIG_DIR/key.cert -days 3650
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0

8
debian/hobo.dirs vendored
View File

@ -1,7 +1,5 @@
/etc/hobo
/var/lib/hobo/collected-static
/var/lib/hobo/locale
/var/lib/hobo/media
/var/lib/hobo/static
/var/lib/hobo/templates
/usr/lib/hobo
/var/lib/hobo/collectstatic
/var/lib/hobo/tenants
/var/log/hobo

10
debian/hobo.init vendored
View File

@ -5,14 +5,14 @@
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Portail admin
# Description: Portail admin
# Short-Description: Hobo server
# Description: Rapid Remote Deployment Daemon
### END INIT INFO
# Author: Entr'ouvert <info@entrouvert.com>
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Portail admin"
DESC="Hobo server"
NAME=hobo
DAEMON=/usr/bin/gunicorn
RUN_DIR=/run/$NAME
@ -21,7 +21,7 @@ LOG_DIR=/var/log/$NAME
SCRIPTNAME=/etc/init.d/$NAME
BIND=unix:$RUN_DIR/$NAME.sock
WORKERS=5
TIMEOUT=10
TIMEOUT=30
HOBO_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py
MANAGE_SCRIPT="/usr/bin/$NAME-manage"
@ -119,7 +119,7 @@ do_reload() {
do_migrate() {
log_action_msg "Applying new migrations .."
su $USER -p -c "$MANAGE_SCRIPT migrate --noinput"
su $USER -p -c "$MANAGE_SCRIPT migrate_schemas"
log_action_msg ".. done"
}

7
debian/hobo.install vendored
View File

@ -1,4 +1,3 @@
debian/server/hobo-manage /usr/bin
debian/server/settings.py /etc/hobo
debian/server/debian_config.py /usr/lib/hobo
debian/server/nginx-example.conf /usr/share/doc/hobo
debian/server/hobo-manage /usr/bin
debian/server/settings.py /etc/hobo
debian/server/debian_config.py /usr/lib/hobo

7
debian/hobo.postinst vendored
View File

@ -14,12 +14,12 @@ case "$1" in
if ! getent passwd $USER >/dev/null; then
adduser --disabled-password --quiet --system \
--no-create-home --home /var/lib/$NAME \
--gecos "$NAME software user" --group $GROUP
--gecos "Hobo user" --group $USER
fi
# ensure dirs ownership
chown $USER:$GROUP /var/log/$NAME
chown $USER:$GROUP /var/lib/$NAME/collected-static
chown $USER:$GROUP /var/lib/$NAME/media
chown $USER:$GROUP /var/lib/$NAME/collectstatic
chown $USER:$GROUP /var/lib/$NAME/tenants
# create a secret file
SECRET_FILE=$CONFIG_DIR/secret
if [ ! -f $SECRET_FILE ]; then
@ -27,6 +27,7 @@ case "$1" in
cat /dev/urandom | tr -dc [:alnum:]-_\!\%\^:\; | head -c70 > $SECRET_FILE
chown root:$GROUP $SECRET_FILE
chmod 0440 $SECRET_FILE
echo "Done" >&2
fi
;;

29
debian/multitenant/README.Debian vendored
View File

@ -1,29 +0,0 @@
Hobo multitenant server for Debian
==================================
First step: configure rabbitmq
------------------------------
1. Copy /usr/share/doc/hobo-multitenant/rabbitmq.config.example into /etc/rabbitmq/rabbitmq.config
2. Edit your /etc/rabbitmq/rabbitmq.config and change ssl certificates
3. Restart rabbitmq : service rabbitmq-server restart
4. Create your rabbitmq user::
rabbitmqctl change_password hobo <your password>
5. Add hobo user permission::
rabbitmqctl set_permissions hobo ".*" ".*" ".*"
Second step: create your tenant
------------------------------
hobo-multitenant-manage create_tenant <your hostname>
Third step: configure nginx
---------------------------
1. Copy /usr/share/doc/hobo/nginx-example.conf into /etc/nginx/sites-available/<your hostname>
2. Edit /etc/nginx/sites-available/<your hostname>
3. Enable your nginx vhost::
cd /etc/nginx/sites-enabled
ln -s ../sites-available/<your hostname>
3. Reload nginx

56
debian/multitenant/debian_config.py vendored
View File

@ -1,56 +0,0 @@
# This file is sourced by "execfile" from hobo.settings
import os
from django.conf import global_settings
PROJECT_NAME = 'hobo-multitenant'
ETC_DIR = '/etc/%s' % PROJECT_NAME
VAR_DIR = '/var/lib/%s' % PROJECT_NAME
STATIC_ROOT = os.path.join(VAR_DIR, 'collected-static')
STATICFILES_DIRS = (os.path.join(VAR_DIR, 'static'),) + STATICFILES_DIRS
TEMPLATE_DIRS = (os.path.join(VAR_DIR, 'templates'),) + TEMPLATE_DIRS
LOCALE_PATHS = (os.path.join(VAR_DIR, 'locale'),) + LOCALE_PATHS
DATABASES = {
'default': {
'ENGINE': 'tenant_schemas.postgresql_backend',
'NAME': 'hobo_multitenant'
}
}
DATABASE_ROUTERS = (
'tenant_schemas.routers.TenantSyncRouter',
)
TENANT_BASE = os.path.join(VAR_DIR, 'tenants')
TENANT_MODEL = 'multitenant.Tenant'
TENANT_TEMPLATE_DIRS = (TENANT_BASE,)
SHARED_APPS = (
'hobo.multitenant',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.messages',
'django.contrib.sessions',
'django.contrib.staticfiles',
'django.contrib.admin',
)
TENANT_APPS = INSTALLED_APPS
INSTALLED_APPS = ('hobo.multitenant',) + INSTALLED_APPS
TEMPLATE_LOADERS = ('hobo.multitenant.template_loader.FilesystemLoader',) + global_settings.TEMPLATE_LOADERS
MIDDLEWARE_CLASSES = (
'hobo.multitenant.middleware.TenantMiddleware',
'hobo.middleware.context.TemplateVarsMiddleware',
) + MIDDLEWARE_CLASSES
DEFAULT_FILE_STORAGE = 'hobo.multitenant.storage.TenantFileSystemStorage'
execfile(os.path.join(ETC_DIR, 'settings.py'))

26
debian/multitenant/hobo-multitenant-manage vendored
View File

@ -1,26 +0,0 @@
#!/bin/sh
NAME=hobo-multitenant
MANAGE="/usr/lib/hobo/manage.py"
# load Debian default configuration
export HOBO_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py
# check user
if test x$1 = x"--forceuser"
then
shift
elif test $(id -un) != "$NAME"
then
echo "error: must use $0 with user ${NAME}"
exit 1
fi
if test $# -eq 0
then
python ${MANAGE} help
exit 1
fi
python ${MANAGE} "$@"

51
debian/multitenant/nginx-example.conf vendored
View File

@ -1,51 +0,0 @@
server {
listen 443;
server_name hobo.example.org;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
access_log /var/log/nginx/hobo.example.org-access.log combined;
error_log /var/log/nginx/hobo.example.org-error.log;
location ~ ^/static/(.+)$ {
root /;
try_files /var/lib/hobo-multitenant/tenants/$host/$1
/var/lib/hobo-multitenant/collected-static/$1
=404;
}
location / {
proxy_pass http://unix:/var/run/hobo-multitenant/hobo-multitenant.sock;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Protocol ssl;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name hobo.example.org;
access_log /var/log/nginx/hobo.example.org-access.log combined;
error_log /var/log/nginx/hobo.example.org-error.log;
location ~ ^/static/(.+)$ {
root /;
try_files /var/lib/hobo-multitenant/tenants/$host/$1
/var/lib/hobo-multitenant/collected-static/$1
=404;
}
location / {
proxy_pass http://unix:/var/run/hobo-multitenant/hobo-multitenant.sock;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

55
debian/multitenant/settings.py vendored
View File

@ -1,55 +0,0 @@
# Configuration for hobo.
# You can override Hobo default settings here
# Hobo is a Django application: for the full list of settings and their
# values, see https://docs.djangoproject.com/en/1.7/ref/settings/
# For more information on settings see
# https://docs.djangoproject.com/en/1.7/topics/settings/
# WARNING! Quick-start development settings unsuitable for production!
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
# This file is sourced by "execfile" from /usr/lib/hobo-multitenant/debian_config.py
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = file('/etc/hobo-multitenant/secret').read()
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
TEMPLATE_DEBUG = False
ADMINS = (
# ('User 1', 'watchdog@example.net'),
# ('User 2', 'janitor@example.net'),
)
# ALLOWED_HOSTS must be correct in production!
# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
ALLOWED_HOSTS = [
'*',
]
# Databases
# Default: a local database named "hobo"
# https://docs.djangoproject.com/en/1.7/ref/settings/#databases
# Warning: don't change ENGINE
# DATABASES['default']['NAME'] = 'hobo-multitenant'
# DATABASES['default']['USER'] = 'hobo_multitenant'
# DATABASES['default']['PASSWORD'] = '******'
# DATABASES['default']['HOST'] = 'localhost'
# DATABASES['default']['PORT'] = '5432'
LANGUAGE_CODE = 'fr-fr'
TIME_ZONE = 'Europe/Paris'
# Email configuration
EMAIL_SUBJECT_PREFIX = '[Hobo] '
# SERVER_EMAIL = 'root@hobo.example.org'
# DEFAULT_FROM_EMAIL = 'webmaster@hobo.example.org'
# SMTP configuration
# EMAIL_HOST = 'localhost'
# EMAIL_HOST_USER = ''
# EMAIL_HOST_PASSWORD = ''
# EMAIL_PORT = 25

12
debian/server/README.Debian vendored
View File

@ -1,5 +1,5 @@
Hobo server for Debian
=====================
======================
First step: configure rabbitmq
------------------------------
@ -12,8 +12,14 @@ First step: configure rabbitmq
5. Add hobo user permission::
rabbitmqctl set_permissions hobo ".*" ".*" ".*"
Second step: configure nginx
----------------------------
Second step: create your tenant
------------------------------
hobo-manage create_tenant <your hostname>
Third step: configure nginx
---------------------------
1. Copy /usr/share/doc/hobo/nginx-example.conf into /etc/nginx/sites-available/<your hostname>
2. Edit /etc/nginx/sites-available/<your hostname>

78
debian/server/debian_config.py vendored
View File

@ -2,19 +2,83 @@
import os
ETC_DIR = '/etc/hobo'
VAR_DIR = '/var/lib/hobo'
from django.conf import global_settings
STATIC_ROOT = os.path.join(VAR_DIR, 'collected-static')
STATICFILES_DIRS = (os.path.join(VAR_DIR, 'static'),) + STATICFILES_DIRS
TEMPLATE_DIRS = (os.path.join(VAR_DIR, 'templates'),) + TEMPLATE_DIRS
LOCALE_PATHS = (os.path.join(VAR_DIR, 'locale'),) + LOCALE_PATHS
PROJECT_NAME = 'hobo'
ETC_DIR = '/etc/%s' % PROJECT_NAME
VAR_DIR = '/var/lib/%s' % PROJECT_NAME
STATIC_ROOT = os.path.join(VAR_DIR, 'collectstatic')
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'ENGINE': 'tenant_schemas.postgresql_backend',
'NAME': 'hobo'
}
}
DATABASE_ROUTERS = (
'tenant_schemas.routers.TenantSyncRouter',
)
TENANT_BASE = os.path.join(VAR_DIR, 'tenants')
TENANT_MODEL = 'multitenant.Tenant'
SHARED_APPS = (
'hobo.multitenant',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.messages',
'django.contrib.sessions',
'django.contrib.staticfiles',
'django.contrib.admin',
)
TENANT_APPS = INSTALLED_APPS
INSTALLED_APPS = ('hobo.multitenant',) + INSTALLED_APPS
TEMPLATE_LOADERS = (
'hobo.multitenant.template_loader.FilesystemLoader',
) + global_settings.TEMPLATE_LOADERS
TENANT_TEMPLATE_DIRS = (TENANT_BASE,)
TEMPLATE_CONTEXT_PROCESSORS = (
'django.core.context_processors.request',
) + global_settings.TEMPLATE_CONTEXT_PROCESSORS
MIDDLEWARE_CLASSES = (
'hobo.multitenant.middleware.TenantMiddleware',
'hobo.middleware.context.TemplateVarsMiddleware',
) + MIDDLEWARE_CLASSES
DEFAULT_FILE_STORAGE = 'hobo.multitenant.storage.TenantFileSystemStorage'
CACHES = {
'default': {
'BACKEND': 'hobo.multitenant.cache.TenantCache',
# add a real Django cache backend, with its parameters if needed
'REAL_BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = file('/etc/hobo/secret').read()
ADMINS = (
('root', 'root@localhost'),
)
DEBUG = False
TEMPLATE_DEBUG = False
EMAIL_SUBJECT_PREFIX = '[Hobo] '
# HTTPS
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True
execfile(os.path.join(ETC_DIR, 'settings.py'))

24
debian/server/nginx-example.conf vendored
View File

@ -1,6 +1,6 @@
server {
listen 443;
server_name hobo.example.org;
server_name *.hobo.example.org;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
@ -9,12 +9,15 @@ server {
access_log /var/log/nginx/hobo.example.org-access.log combined;
error_log /var/log/nginx/hobo.example.org-error.log;
location /static {
alias /var/lib/hobo/collected-static;
location ~ ^/static/(.+)$ {
root /;
try_files /var/lib/hobo/tenants/$host/$1
/var/lib/hobo/collectstatic/$1
=404;
}
location / {
proxy_pass http://unix:/var/run/hobo/hobo.sock;
proxy_pass http://unix:/run/hobo/hobo.sock;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Protocol ssl;
@ -26,20 +29,11 @@ server {
server {
listen 80;
server_name hobo.example.org;
server_name *.hobo.example.org;
access_log /var/log/nginx/hobo.example.org-access.log combined;
error_log /var/log/nginx/hobo.example.org-error.log;
location /static {
alias /var/lib/hobo/collected-static;
}
location / {
proxy_pass http://unix:/var/run/hobo/hobo.sock;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
return 301 https://$host$request_uri;
}

30
debian/server/settings.py vendored
View File

@ -11,18 +11,14 @@
# This file is sourced by "execfile" from /usr/lib/hobo/debian_config.py
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = file('/etc/hobo/secret').read()
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
TEMPLATE_DEBUG = False
# DEBUG = False
# TEMPLATE_DEBUG = False
ADMINS = (
# ('User 1', 'watchdog@example.net'),
# ('User 2', 'janitor@example.net'),
)
#ADMINS = (
# ('User 1', 'poulpe@example.org'),
# ('User 2', 'janitor@example.net'),
#)
# ALLOWED_HOSTS must be correct in production!
# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
@ -30,10 +26,14 @@ ALLOWED_HOSTS = [
'*',
]
# Hobo use a postgresql database by default
# If a tenant doesn't exist, the tenant middleware raise a 404 error. If you
# prefer to redirect to a specific site, use:
# TENANT_NOT_FOUND_REDIRECT_URL = 'http://www.example.net/'
# Databases
# Default: a local database named "hobo"
# https://docs.djangoproject.com/en/1.7/ref/settings/#databases
# DATABASES['default']['ENGINE'] = 'django.db.backends.postgresql_psycopg2'
# Warning: don't change ENGINE
# DATABASES['default']['NAME'] = 'hobo'
# DATABASES['default']['USER'] = 'hobo'
# DATABASES['default']['PASSWORD'] = '******'
@ -44,7 +44,7 @@ LANGUAGE_CODE = 'fr-fr'
TIME_ZONE = 'Europe/Paris'
# Email configuration
EMAIL_SUBJECT_PREFIX = '[Hobo] '
# EMAIL_SUBJECT_PREFIX = '[Hobo] '
# SERVER_EMAIL = 'root@hobo.example.org'
# DEFAULT_FROM_EMAIL = 'webmaster@hobo.example.org'
@ -53,3 +53,7 @@ EMAIL_SUBJECT_PREFIX = '[Hobo] '
# EMAIL_HOST_USER = ''
# EMAIL_HOST_PASSWORD = ''
# EMAIL_PORT = 25
# HTTPS
# CSRF_COOKIE_SECURE = True
# SESSION_COOKIE_SECURE = True