Capomastro

Merge lp:~ce-infrastructure/capomastro/capomastro-debug-1385217 into lp:~ubuntuone-hackers/capomastro/charm

  1. capomastro-debug-1385217
  2. Merge into charm
Proposed by Caio Begotti
Status: Superseded
Proposed branch: lp:~ce-infrastructure/capomastro/capomastro-debug-1385217
Merge into: lp:~ubuntuone-hackers/capomastro/charm
Diff against target: 108 lines (+46/-2)
5 files modified
README (+5/-0)
config.yaml (+9/-1)
hooks/config-changed (+17/-1)
inc/common (+4/-0)
templates/capomastro_local_settings.tmpl (+11/-0)
To merge this branch: bzr merge lp:~ce-infrastructure/capomastro/capomastro-debug-1385217
Reviewer Review Type Date Requested Status
Daniel Manrique (community) Needs Information
Review via email: mp+240485@code.launchpad.net

This proposal has been superseded by a proposal from 2014-11-03.

Description of the change

The comments in the original bug report are pretty self-explanatory but I hope this is not much different from how other charms turn on/off debugging :-)

To post a comment you must log in.
lp:~ce-infrastructure/capomastro/capomastro-debug-1385217 updated
50. By Caio Begotti

in case it is not so obvious how this bug affects new deployments

Revision history for this message
Daniel Manrique (roadmr) wrote :

Awesome!

I wonder if we could generate the django secret key automatically in the install charm, thus freeing the user from creating it manually. The key should be unique per-installation so that would make life a bit easier.

But if not, it's OK as long as we at least provide instructions on generating said django key, as otherwise we'll have the deployer waste 10 minutes googling how to do this :(

review: Needs Information
lp:~ce-infrastructure/capomastro/capomastro-debug-1385217 updated
51. By Caio Begotti

generates the app key only once per deployment and store it in its own config file

52. By Caio Begotti

since it is an one time generation we can simply do it ourselves and avoid waiting for the user to figure it out or whatever, so this is one more automation in the charm that saves time, but hopefully do not compromise any security

53. By Caio Begotti

argh!

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'README'
2--- README 2014-10-31 16:42:21 +0000
3+++ README 2014-11-03 17:53:56 +0000
4@@ -67,6 +67,11 @@
5
6 TODO: support the --config={capomastro,jenkins}.yaml option and document it.
7
8+Before deploying the charm please take a moment to update the sitename and the secret
9+key used inside it as without them your new Capomastro instance won't be totally
10+operational. Also, note that having the debug flag on will affect Django's default
11+security of the app because of a more flexible ALLOWED_HOSTS being used instead.
12+
13 Setup and deploy:
14
15 $ export JUJU_REPOSITORY=${PWD}/charms
16
17=== modified file 'config.yaml'
18--- config.yaml 2014-11-01 02:17:17 +0000
19+++ config.yaml 2014-11-03 17:53:56 +0000
20@@ -1,8 +1,16 @@
21 options:
22 debug:
23 type: boolean
24- default: True
25+ default: False
26 description: "Whether we should run on debug mode or not (avoid this in production)"
27+ sitename:
28+ default: "capomastro.canonical.com"
29+ type: string
30+ description: "Domain name that Capomastro will be accessed through"
31+ secretkey:
32+ default: ""
33+ type: string
34+ description: "Django's default secret key for the site"
35 port:
36 type: int
37 default: 80
38
39=== modified file 'hooks/config-changed'
40--- hooks/config-changed 2014-11-01 02:21:51 +0000
41+++ hooks/config-changed 2014-11-03 17:53:56 +0000
42@@ -17,7 +17,7 @@
43 fi
44
45 # jenkins' notification plugin's callback setting
46- sed -i --follow-symlinks "/NOTIFICATION_HOST/s/localhost/${private_address}/;s/8000/${port}/" ${app_config}
47+ jenkins_notification_host="${private_address}:${port}"
48
49 open-port ${port:=80}
50 fi
51@@ -63,6 +63,22 @@
52
53 #---------- django
54
55+export t_app_debug=${debug}
56+export t_app_secretkey=${django_secretkey}
57+export t_app_notification_host=${jenkins_notification_host}
58+
59+# this way we can force deployments to production
60+# without having the debugging flag turned on, or else
61+# it'll need some manual intervention anyway
62+if [ ${debug} = 'True' ]; then
63+ export t_app_allowed_hosts="'*', '${sitename}'"
64+else
65+ # if deploying into production but sitename is empty, assume a sane default
66+ export t_app_allowed_hosts="'${sitename}'"
67+fi
68+
69+cheetah fill --env --stdout templates/capomastro_local_settings.tmpl > ${app_config}
70+
71 if [ -x $(which capomastro) ]; then
72 juju-log "Initial database sync through Django (skipping superuser creation)..."
73 $(which capomastro) syncdb --noinput
74
75=== modified file 'inc/common'
76--- inc/common 2014-11-01 02:16:35 +0000
77+++ inc/common 2014-11-03 17:53:56 +0000
78@@ -8,6 +8,7 @@
79 # apache's site config
80 port=$(config-get port)
81 name=$(config-get name)
82+sitename=$(config-get sitename)
83
84 # misc, if needed
85 private_address=$(unit-get private-address)
86@@ -30,3 +31,6 @@
87 amqp_config="/etc/capomastro/amqp_settings"
88 app_config="/etc/capomastro/local_settings"
89 db_config="/etc/capomastro/db_settings"
90+
91+# capomastro stuff
92+django_secretkey=$(config-get secretkey)
93
94=== added file 'templates/capomastro_local_settings.tmpl'
95--- templates/capomastro_local_settings.tmpl 1970-01-01 00:00:00 +0000
96+++ templates/capomastro_local_settings.tmpl 2014-11-03 17:53:56 +0000
97@@ -0,0 +1,11 @@
98+# SECURITY WARNING: keep the secret key used in production secret!
99+SECRET_KEY = '${t_app_secretkey}'
100+
101+# SECURITY WARNING: don't run with debug turned on in production!
102+DEBUG = ${t_app_debug}
103+TEMPLATE_DEBUG = ${t_app_debug}
104+
105+ALLOWED_HOSTS = [${t_app_allowed_hosts}]
106+
107+# Note this should be a URL that Jenkins can access your Django application.
108+NOTIFICATION_HOST = "${t_app_notification_host}"

Subscribers

People subscribed via source and target branches