website Changeset - 053504d099b8 · Conservancy Kallithea

Changeset - 053504d099b8

Parent rev.

Child rev.

[Not reviewed]

0 5 1

Ben Sturmfels (bsturmfels) - 7 months ago 2023-09-14 08:14:22
ben@sturm.com.au

Update "cleanup" and "update" services for Python 3

6 files changed with 32 insertions and 22 deletions:

README.md

systemd/README.md

systemd/conservancy-www-cleanup.service

systemd/conservancy-www-update.service

systemd/conservancy-www-update.sh

www/conservancy/settings.py

0 comments (0 inline, 0 general)

README.md

➞

Show inline comments

@@ ... / @@ -8,51 +8,44 @@ Contributing @@
 The canonical location for this repository is [on Conservancy’s
 Kallithea instance](https://k.sfconservancy.org/website).  Copies of
 this repository elsewhere, such as Github, are for backup purposes
 only..
 License
 -------
 # License
 The software included herein, such as the Python source files, are generally
 licensed [AGPLv3](AGPLv3)-or-later.  The Javascript is a hodgepodge of
 licensing, but all of it is compatible with [AGPLv3](AGPLv3)-or-later.  See
 the notices at the top of each Javascript file for licensing details.
 The content and text (such as the HTML files) is currently
 [CC-BY-SA-3.0](CC-By-SA-3.0).
 Server configuration
 --------------------
 # Server configuration
 conservancy's webserver runs on a machine called aspen.sfconservancy.org, which
 is a standard Debian installation.
 Conservancy's webserver runs on a standard Debian installation. For
 configuration requirements, see `deploy/ansible/install.yml`.
 The following packages are installed to make Django and Apache work on a
 squeeze install:
     $ aptitude install python-django apache2 sqlite3 python3-sqlite libapache2-mod-wsgi-py3
 Django setup
 ------------
 # Django setup
 . Make sure the Python module 'djangopw', with the global variable
    'djangoadmin_password' is somewhere importable in the default
    PYTHON_PATH.
 Local development
 ---------
 # Local development
 Python dependencies are tied to the versions available in Debian.
     python3 -m pip install -r requirements.txt
     cd www
     python manage.py runserver
 Deploying
 ---------
 # Deploying
 Changes pushed to the https://k.sfconservancy.org/website repository are
 automatically deployed to the production website by the `conservancy-www-update`
 SystemD timer. See `systemd/conservancy-www-update.timer` for details.

systemd/README.md

➞

Show inline comments

 new file 100644
 Install with:
     cp systemd/conservancy-www-*.{service,timer} /etc/systemd/system
     systemctl enable conservancy-www-cleanup.service
     systemctl start conservancy-www-cleanup.service
     systemctl enable conservancy-www-update.timer
     systemctl start conservancy-www-update.timer
 Monitor with:
     systemctl list-timers --all
     journalctl --catalog --follow --unit conservancy-www-update.service
 Updates will fail unless `/var/www/website` has a git upstream, so set that with:
     git remote add upstream https://k.sfconservancy.org/website
     git branch --set-upstream-to=upstream/master master

systemd/conservancy-www-cleanup.service

➞

Show inline comments

 [Unit]
 Description=Cleanup Conservancy website
 Before=apache2.service
 [Service]
 Type=oneshot
 User=www
 ExecStart=/usr/bin/python /var/www/website/www/manage.py clearsessions --verbosity 0
 User=www-data
 ExecStart=/usr/bin/python3 /var/www/website/www/manage.py clearsessions --verbosity 0
 SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
 CapabilityBoundingSet=
 NoNewPrivileges=true
 PrivateDevices=true

systemd/conservancy-www-update.service

➞

Show inline comments

 [Unit]
 Description=Update Conservancy website checkout
 [Service]
 Type=oneshot
 User=www
+User=www-data
 WorkingDirectory=/var/www/website
 ExecStart=/var/www/website/systemd/conservancy-www-update.sh
 SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
 CapabilityBoundingSet=
 NoNewPrivileges=true

systemd/conservancy-www-update.sh

➞

Show inline comments

@@ ... / @@ -27,11 +27,11 @@ git fetch --quiet --no-tags "$git_remote" "$git_refspec" @@
 if [ "$(git rev-parse "$PRODUCTION_BRANCH")" = "$(git rev-parse "$git_upstream")" ]; then
     exit 0
 fi
 exitcode=0
 git merge --quiet --ff-only "$git_remote" "$git_refspec"
-python2 -m compileall -q -x - www || exitcode=$?
+python3 -m compileall -q -x - www || exitcode=$?
 chgrp -R www-data www || exitcode=$?
 chmod -R g+rX-w,o+X-w www || exitcode=$?
 chmod -R o+r www/conservancy/static || exitcode=$?
 exit "$exitcode"

www/conservancy/settings.py

➞

Show inline comments

@@ ... / @@ -25,13 +25,13 @@ SITE_ID = 2 @@
 ROOT_URLCONF = 'conservancy.urls'
 FORCE_CANONICAL_HOSTNAME = False if DEBUG else 'sfconservancy.org'
 ALLOWED_HOSTS = [ 'www.sfconservancy.org', 'aspen.sfconservancy.org', 'sfconservancy.org',  '104.130.70.210' ]
 if DEBUG:
-    ALLOWED_HOSTS.append('localhost')
+    ALLOWED_HOSTS = ['*']
 REDIRECT_TABLE = {
     'www.sf-conservancy.org': 'sfconservancy.org',
+}
 LOGGING = {

0 comments (0 inline, 0 general)