deploy.rst 4.88 KB
Newer Older
1 2
Deploying CIRCLE
================
3

4 5 6 7 8 9 10 11 12 13 14 15
This tutorial describes the installation of a production environment. To
have a fully working environment, you have to set up the other components
as well. The full procedure is included in the :doc:`Puppet recipes
<puppet>` available for CIRCLE Cloud.

This component should normally deployed to a single head node.
This is the web-based entry point to the end users, and also the manager of
the compute and storage nodes.

Preparation
-----------

16
To get the project running, launch a new Ubuntu 14.04 machine, and
17 18 19 20 21 22 23 24 25 26 27
log in to it over SSH.


.. warning::
  If the first character of the hostname should not be a digit, because
  RabbitMQ won't work with it.

  The machine should have an :abbr:`fqdn (fully qualified domain name)`,
  which shoud be correctly printed by :kbd:`hostname -f`. You can achieve
  this with an IP address (e.g. 127.0.1.1) in :file:`/etc/hosts` having the
  short hostname as first, and the fqdn as second alias).
28

29 30 31 32 33 34 35 36 37

Setting up required software
----------------------------

Update the package lists, and install the required system software::

  sudo apt-get update
  sudo apt-get install --yes virtualenvwrapper postgresql git \
    python-pip rabbitmq-server libpq-dev python-dev ntp memcached \
38
    libmemcached-dev gettext wget pwgen nginx npm nodejs-legacy
39
  sudo npm -g install bower less yuglify
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91

Set up *PostgreSQL* to listen on localhost and restart it::

  sudo sed -i /etc/postgresql/9.1/main/postgresql.conf -e '/#listen_addresses/ s/^#//'
  sudo /etc/init.d/postgresql restart

Also, create a new database and user::

  pwgen 12 >pgpw
  sudo -u postgres createuser -S -D -R circle
  sudo -u postgres psql <<<"ALTER USER circle WITH PASSWORD '$(cat pgpw)';"
  sudo -u postgres createdb circle -O circle

Configure RabbitMQ: remove the guest user, add virtual host and user with
proper permissions::

  pwgen 12 >rmqpw
  sudo rabbitmqctl delete_user guest
  sudo rabbitmqctl add_vhost circle
  sudo rabbitmqctl add_user cloud $(cat rmqpw)
  sudo rabbitmqctl set_permissions -p circle cloud '.*' '.*' '.*'

Set up nginx to serve the CIRCLE portal. ::

  sudo tee /etc/nginx/conf.d/default.conf <<END
    ignore_invalid_headers   on;
    server {
        listen 443 ssl default;
        ssl on;
        ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
        ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
        location /static {
            alias ${PWD}/circle/static_collected;     # your Django project's static files
        }
        location / {
            uwsgi_pass  unix:///tmp/uwsgi.sock;
            include     /etc/nginx/uwsgi_params; # or the uwsgi_params you installed manually
        }
        location /vnc/ {
            proxy_pass http://localhost:9999;
            proxy_set_header X-Real-IP \$remote_addr;
            proxy_set_header Host \$host;
            proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
            # WebSocket support (nginx 1.4)
            proxy_http_version 1.1;
            proxy_set_header Upgrade \$http_upgrade;
            proxy_set_header Connection "upgrade";
        }
    }

    server {
      listen 80 default;
Kálmán Viktor committed
92
      rewrite ^ https://\$host/;  # permanent;
93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147
    }
  END
  sudo /etc/init.d/nginx restart

.. warning::
  For a production deployment, you should use certificates issued by a
  recognized certificate authority. Until you get it, you can use a
  self-signed one automatically generated by the package.

Setting up Circle itself
------------------------

Clone the git repository::

  git clone https://git.ik.bme.hu/circle/cloud.git circle

Set up *virtualenvwrapper* and the *virtual Python environment* for the
project::

  source /etc/bash_completion.d/virtualenvwrapper
  mkvirtualenv circle

Set up default Circle configuration and activate the virtual environment::

  cat >>/home/cloud/.virtualenvs/circle/bin/postactivate <<END
  export DJANGO_SETTINGS_MODULE=circle.settings.production
  export DJANGO_DB_HOST=localhost
  export DJANGO_DB_PASSWORD=$(cat pgpw)
  export DJANGO_FIREWALL_SETTINGS='{"dns_ip": "152.66.243.60", "dns_hostname":
              "localhost", "dns_ttl": "300", "reload_sleep": "10",
              "rdns_ip": "152.66.243.60", "default_vlangroup": "publikus"}'
  export AMQP_URI='amqp://cloud:$(cat rmqpw)@localhost:5672/circle'
  export CACHE_URI='pylibmc://127.0.0.1:11211/'
  END
  workon circle
  cd ~/circle

You should change DJANGO_FIREWALL_SETTINGS to your needs.

Install the required Python libraries to the virtual environment::

  pip install -r requirements.txt

Sync the database and create a superuser::

  circle/manage.py syncdb --all --noinput
  circle/manage.py migrate --fake
  circle/manage.py createsuperuser

Copy the init files to Upstart's config directory and start the manager and
the portal application server::

  sudo cp miscellaneous/mancelery.conf /etc/init/
  sudo start mancelery
  sudo cp miscellaneous/portal-uwsgi.conf /etc/init/
148
  sudo start portal-uwsgi