Skip to content

Deployment and production

Jump to bottom
Daniel Hnyk edited this page Jul 1, 2017 · 6 revisions

Deployment

There is a main folder, where there is a git repo from with origin from here. Then there is a bare.git repository, which has a post-receive hook which:

  1. on git push deployment master push to deploy/production/files
  2. on git push deployment beta push to deploy/beta/files

Gunicorn

Wagtail (basically django application) is ran by gunicorn. This script is invoked by script gunicorn-start.sh. If you run it from command line, you probably need to run it with sudo as a different user, e.g. sudo -E -u webdata bash bin/gunicorn-start.sh beta. You will need to have appropriate variables exported and python environment activated, so a workflow may look like this:

set -a
source bin/beta-env.sh
source .venv/bin/activate
sudo -E -u webdata bash bin/gunicorn-start.sh beta
set +a

nginx

The gunicorn process ran by the above creates a socket in run/$ENVIRONMENT-gunicorn.socket. Now we need a web server to serve it. For that we use nginx. Config used can be found in backups as production-efektivni-altruismus and it is not here for security reasons.

systemd

The gunicorn script is ran and appropriate nginx server part is enabled by a systemd unit. It can be again found in a backup script [email protected]. It can be ran e.g. by:

systemctl start [email protected]

DNS records

Our domain and DNS records are on wedos.cz under Daniel Hnyk's account.

Hosting details

Currently we run on freeVPS machine. 8 CPUs, 4GB RAM, 120 GB of space.

Backups

We have automatic backups every day at 1am by vpsfree. Can be recovered through VPS administration web (Daniel Hnyk).

OBSOLETE BACKUPS (NOT WORKING RIGHT NOW)

Data are backed up to google drive disk every day at 2:30 by this script. The folder with backups can be shared by e.g. this:

gdrive --service-account eacr-gdrive-creds.json share --type user --email "[email protected]" --role writer 0BwgpG_Gt2nWnTG4zQ1NlYnI2VTA

Only those with the credentials json file (currently only me, Daniel Hnyk) can manage sharing and download data.

I had to create new project in google console, enable API for google drive and export credentials in JSON then put these in ~/.config, build gdrive by go get github.com/prasmussen/gdrive and then use as is above. One more step was to create directory (see docs of gdrive). To list backups use:

gdrive --service-account eacr-gdrive-creds.json list --query " '0BwgpG_Gt2nWnTG4zQ1NlYnI2VTA' in parents"

Notes

When you change static files on production, you should call ./manage.py collectstatic.

Clone this wiki locally