[damned-lies/oscp] Split out virtualenv image
- From: Bartłomiej Piotrowski <bpiotrowski src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [damned-lies/oscp] Split out virtualenv image
- Date: Wed, 25 Mar 2020 22:09:51 +0000 (UTC)
commit 7081d4dc68e858faa76ff4646786ae84c264b02b
Author: Bartłomiej Piotrowski <bpiotrowski gnome org>
Date: Wed Mar 25 23:09:17 2020 +0100
Split out virtualenv image
httpd/{ => app_data/httpd-cfg}/l10n.gnome.org.conf | 0
httpd_min/Dockerfile | 30 ++----------
httpd_min/app_data/httpd-cfg/l10n.gnome.org.conf | 13 ++---
httpd_min/django_static_collector.py | 31 ------------
httpd_min/entrypoint.sh | 11 +----
uwsgi/Dockerfile | 22 ++++-----
uwsgi/ssh_config | 5 --
uwsgi/uwsgi.ini | 5 +-
virtualenv/Dockerfile | 22 +++++++++
virtualenv/app_data/httpd-cfg/l10n.gnome.org.conf | 55 ++++++++++++++++++++++
virtualenv/entrypoint.sh | 23 +++++++++
{uwsgi => virtualenv}/local_settings.py | 7 ++-
12 files changed, 124 insertions(+), 100 deletions(-)
---
diff --git a/httpd/l10n.gnome.org.conf b/httpd/app_data/httpd-cfg/l10n.gnome.org.conf
similarity index 100%
rename from httpd/l10n.gnome.org.conf
rename to httpd/app_data/httpd-cfg/l10n.gnome.org.conf
diff --git a/httpd_min/Dockerfile b/httpd_min/Dockerfile
index e5fbd64f..e8a63b39 100644
--- a/httpd_min/Dockerfile
+++ b/httpd_min/Dockerfile
@@ -1,38 +1,18 @@
-FROM centos:7
-
-RUN INSTALL_PKGS="atlas-devel gcc-gfortran libffi-devel libtool-ltdl enchant \
- gettext gnome-doc-utils intltool itstool libicu-devel mariadb-devel \
- subversion translate-toolkit yelp-tools gcc-c++ \
- uwsgi uwsgi-plugin-python36 python36-devel wget" && \
- yum install -y epel-release && \
- yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS
-
-RUN mkdir -p /l10n && \
- git clone --depth 1 --branch master --single-branch
https://gitlab.gnome.org/Infrastructure/damned-lies.git /l10n/damnedlies
-
-WORKDIR /l10n/damnedlies
-RUN pip3 install -r requirements.txt
-RUN python3 manage.py collectstatic --noinput
-RUN python3 manage.py compile-trans
+FROM docker-registry.default.svc:5000/damned-lies/virtualenv
+RUN true
FROM centos/httpd-24-centos7
USER root
+RUN rm -f /opt/rh/httpd24/root/etc/httpd/conf.d/mod_security.conf
COPY --from=0 /l10n /l10n
-RUN mkdir -p /home/l10n/.ssh
-RUN ln -s /home/l10n/.ssh_secret/ssh-privatekey /home/l10n/.ssh/ssh-privatekey
-RUN ln -s /home/l10n/.ssh_secret/.gitconfig /home/l10n/.gitconfig
-RUN wget https://gitlab.gnome.org/Infrastructure/damned-lies/-/raw/oscp/uwsgi/ssh_config -O
/home/l10n/.ssh/config
-
RUN groupadd l10n -g 1000660000 && \
- useradd l10n -g 1000660000 -u 1000660000 -r -l -m && \
-ADD local_settings.py /l10n/damnedlies/damnedlies/local_settings.py
-RUN chown -R l10n:l10n /l10n
+ useradd l10n -g 1000660000 -u 1000660000 -r -l -M -d /l10n && \
+ chown -R l10n:l10n /l10n
ADD entrypoint.sh /entrypoint.sh
COPY app_data /opt/app-root/src
RUN chown -R 1000660000:1000660000 /opt/app-root/src
-RUN rm -f /opt/rh/httpd24/root/etc/httpd/conf.d/mod_security.conf
USER 1000660000
ENTRYPOINT ["/entrypoint.sh"]
diff --git a/httpd_min/app_data/httpd-cfg/l10n.gnome.org.conf
b/httpd_min/app_data/httpd-cfg/l10n.gnome.org.conf
index d9a207fe..d3dda83a 100644
--- a/httpd_min/app_data/httpd-cfg/l10n.gnome.org.conf
+++ b/httpd_min/app_data/httpd-cfg/l10n.gnome.org.conf
@@ -7,15 +7,10 @@
Alias /media /var/www/djamnedlies/data/media
Alias /robots.txt /l10n/damnedlies/static/robots.txt
- ProxyPass /HTML !
- ProxyPass /POT !
- ProxyPass /static !
- ProxyPass /media !
- ProxyPass /robots.txt !
-
- ProxyPreserveHost On
- ProxyPass / http://uwsgi.damned-lies.svc.cluster.local:8000/
- ProxyPassReverse / http://uwsgi.damned-lies.svc.cluster.local:8000/
+ # mod_wsgi
+ WSGIDaemonProcess l10n display-name=%{GROUP} processes=4 home=/l10n python-home=/l10n/venv
python-path=/l10n/damnedlies user=l10n group=l10n
+ WSGIProcessGroup l10n
+ WSGIScriptAlias / /l10n/damnedlies/damnedlies/wsgi.py
# Map .po and .pot files accordingly to the correct Content-Type,
# and also make sure they are rendered as utf-8.
diff --git a/httpd_min/entrypoint.sh b/httpd_min/entrypoint.sh
index 6ca61f59..d091e77d 100755
--- a/httpd_min/entrypoint.sh
+++ b/httpd_min/entrypoint.sh
@@ -8,16 +8,7 @@ sed -i "s/\$SECRET_KEY/${SECRET_KEY}/" /l10n/damnedlies/damnedlies/local_setting
sed -i "s/\$SENTRY_DSN/${SENTRY_DSN}/" /l10n/damnedlies/damnedlies/local_settings.py
sed -i "s/\$GITLAB_TOKEN/${GITLAB_TOKEN}/" /l10n/damnedlies/damnedlies/local_settings.py
-echo 'Populating .ssh for the l10n user'
-mkdir -p /home/l10n/.ssh
-ln -s /home/l10n/.ssh_secret/ssh-privatekey /home/l10n/.ssh/ssh-privatekey
-ln -s /home/l10n/.ssh_secret/.gitconfig /home/l10n/.gitconfig
-wget https://gitlab.gnome.org/Infrastructure/damned-lies/-/raw/oscp/uwsgi/ssh_config -O
/home/l10n/.ssh/config
-
-echo 'Generating static files'
-python3 manage.py collectstatic
-
echo 'Compiling translations'
-python3 manage.py compile-trans
+/l10n/venv/bin/python manage.py compile-trans
exec /usr/bin/run-httpd
diff --git a/uwsgi/Dockerfile b/uwsgi/Dockerfile
index 20ba2ce4..ad95c133 100644
--- a/uwsgi/Dockerfile
+++ b/uwsgi/Dockerfile
@@ -1,21 +1,15 @@
+FROM docker-registry.default.svc:5000/damned-lies/virtualenv
+RUN true
+
FROM centos:7
+COPY --from=0 /l10n /l10n
-RUN INSTALL_PKGS="atlas-devel gcc-gfortran libffi-devel libtool-ltdl enchant \
- gettext gnome-doc-utils intltool itstool libicu-devel mariadb-devel \
- subversion translate-toolkit yelp-tools gcc-c++ \
- uwsgi uwsgi-plugin-python36 python36-devel wget" && \
- yum install -y epel-release && \
- yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS
+RUN yum install -y epel-release && \
+ yum install -y uwsgi uwsgi-plugin-python36
RUN groupadd l10n -g 1000660000 && \
- useradd l10n -g 1000660000 -u 1000660000 -r -l -m && \
- mkdir -p /l10n && \
- git clone --depth 1 --branch master --single-branch
https://gitlab.gnome.org/Infrastructure/damned-lies.git /l10n/damnedlies
-ADD local_settings.py /l10n/damnedlies/damnedlies/local_settings.py
-RUN chown -R l10n:l10n /l10n
-
-WORKDIR /l10n/damnedlies
-RUN pip3 install -r requirements.txt
+ useradd l10n -g 1000660000 -u 1000660000 -r -l -M -d /l10n && \
+ chown -R l10n:l10n /l10n
ADD entrypoint.sh /entrypoint.sh
ADD uwsgi.ini /uwsgi.ini
diff --git a/uwsgi/uwsgi.ini b/uwsgi/uwsgi.ini
index 19971684..d0f317a8 100644
--- a/uwsgi/uwsgi.ini
+++ b/uwsgi/uwsgi.ini
@@ -1,10 +1,11 @@
[uwsgi]
module = damnedlies.wsgi:application
chdir = /l10n/damnedlies
+home = /l10n/venv
master = true
-processes = 5
-harakiri = 15
+processes = 4
+harakiri = 10
http-socket = 0.0.0.0:8000
uid=l10n
diff --git a/virtualenv/Dockerfile b/virtualenv/Dockerfile
new file mode 100644
index 00000000..a2239ab7
--- /dev/null
+++ b/virtualenv/Dockerfile
@@ -0,0 +1,22 @@
+FROM centos:7
+
+RUN INSTALL_PKGS="atlas-devel gcc-gfortran libffi-devel libtool-ltdl enchant \
+ gettext gnome-doc-utils intltool itstool libicu-devel mariadb-devel \
+ subversion translate-toolkit yelp-tools gcc-c++ python36 python36-devel" && \
+ yum install -y epel-release && \
+ yum -y --setopt=tsflags=nodocs install $INSTALL_PKGS
+
+RUN mkdir -p /l10n && \
+ git clone --depth 1 --branch master --single-branch
https://gitlab.gnome.org/Infrastructure/damned-lies.git /l10n/damnedlies
+
+ADD local_settings.py /l10n/damnedlies/damnedlies/local_settings.py
+
+WORKDIR /l10n/damnedlies
+RUN virtualenv /l10n/venv && \
+ /l10n/venv/bin/pip install -r requirements.txt
+RUN python3 manage.py collectstatic --noinput
+
+RUN mkdir -p /l10n/.ssh
+RUN ln -s /l10n/.ssh_secret/ssh-privatekey /l10n/.ssh/ssh-privatekey
+RUN ln -s /l10n/.ssh_secret/.gitconfig /l10n/.gitconfig
+RUN wget https://gitlab.gnome.org/Infrastructure/damned-lies/-/raw/oscp/uwsgi/ssh_config -O /l10n/.ssh/config
diff --git a/virtualenv/app_data/httpd-cfg/l10n.gnome.org.conf
b/virtualenv/app_data/httpd-cfg/l10n.gnome.org.conf
new file mode 100644
index 00000000..d9a207fe
--- /dev/null
+++ b/virtualenv/app_data/httpd-cfg/l10n.gnome.org.conf
@@ -0,0 +1,55 @@
+<VirtualHost *:8080>
+ ServerName l10n.gnome.org
+
+ Alias /HTML /var/www/djamnedlies/data/scratchdir/HTML
+ Alias /POT /var/www/djamnedlies/data/scratchdir/POT
+ Alias /static /l10n/damnedlies/static
+ Alias /media /var/www/djamnedlies/data/media
+ Alias /robots.txt /l10n/damnedlies/static/robots.txt
+
+ ProxyPass /HTML !
+ ProxyPass /POT !
+ ProxyPass /static !
+ ProxyPass /media !
+ ProxyPass /robots.txt !
+
+ ProxyPreserveHost On
+ ProxyPass / http://uwsgi.damned-lies.svc.cluster.local:8000/
+ ProxyPassReverse / http://uwsgi.damned-lies.svc.cluster.local:8000/
+
+ # Map .po and .pot files accordingly to the correct Content-Type,
+ # and also make sure they are rendered as utf-8.
+ AddCharset UTF-8 .po
+ AddCharset UTF-8 .pot
+ AddType text/plain .po
+ AddType text/plain .pot
+
+<DirectoryMatch "/l10n/damnedlies/(static|damnedlies)">
+ Options Indexes
+ Require all granted
+</DirectoryMatch>
+
+<Directory "/var/www/djamnedlies/data/media/upload">
+ Options Indexes
+ Require all granted
+</Directory>
+
+<DirectoryMatch "^/var/www/djamnedlies/data/scratchdir/(POT|HTML)">
+ Options Indexes
+ <RequireAll>
+ Require all granted
+ Require not ip 95.108.249.30
+ Require not ip 218.30.103.149
+ Require not ip 65.55.24.217
+ Require not ip 180.76.5.0/24
+ Require not ip 218.30.103.0/24
+ Require not ip 1.202.219.0/24
+ </RequireAll>
+</DirectoryMatch>
+</VirtualHost>
+
+<LocationMatch "^/vertimus">
+ <If "%{HTTP_USER_AGENT} =~ /Sogou web spider/">
+ Require all denied
+ </If>
+</LocationMatch>
diff --git a/virtualenv/entrypoint.sh b/virtualenv/entrypoint.sh
new file mode 100755
index 00000000..6ca61f59
--- /dev/null
+++ b/virtualenv/entrypoint.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+sed -i "s/\$DB_NAME/${DB_NAME}/" /l10n/damnedlies/damnedlies/local_settings.py
+sed -i "s/\$DB_USER/${DB_USER}/" /l10n/damnedlies/damnedlies/local_settings.py
+sed -i "s/\$DB_PASSWORD/${DB_PASSWORD}/" /l10n/damnedlies/damnedlies/local_settings.py
+sed -i "s/\$DB_HOST/${DB_HOST}/" /l10n/damnedlies/damnedlies/local_settings.py
+sed -i "s/\$SECRET_KEY/${SECRET_KEY}/" /l10n/damnedlies/damnedlies/local_settings.py
+sed -i "s/\$SENTRY_DSN/${SENTRY_DSN}/" /l10n/damnedlies/damnedlies/local_settings.py
+sed -i "s/\$GITLAB_TOKEN/${GITLAB_TOKEN}/" /l10n/damnedlies/damnedlies/local_settings.py
+
+echo 'Populating .ssh for the l10n user'
+mkdir -p /home/l10n/.ssh
+ln -s /home/l10n/.ssh_secret/ssh-privatekey /home/l10n/.ssh/ssh-privatekey
+ln -s /home/l10n/.ssh_secret/.gitconfig /home/l10n/.gitconfig
+wget https://gitlab.gnome.org/Infrastructure/damned-lies/-/raw/oscp/uwsgi/ssh_config -O
/home/l10n/.ssh/config
+
+echo 'Generating static files'
+python3 manage.py collectstatic
+
+echo 'Compiling translations'
+python3 manage.py compile-trans
+
+exec /usr/bin/run-httpd
diff --git a/uwsgi/local_settings.py b/virtualenv/local_settings.py
similarity index 89%
rename from uwsgi/local_settings.py
rename to virtualenv/local_settings.py
index 0b7a6750..75eb18cc 100644
--- a/uwsgi/local_settings.py
+++ b/virtualenv/local_settings.py
@@ -1,11 +1,11 @@
import os
-DEBUG = False
+DEBUG = True
STATIC_SERVE = False
USE_DJANGO_OPENID = False
ADMINS = (
- #('Claude Paroz', 'claude 2xlibre net'),
+ #('Claude Paroz', 'claude 2xlibre net'),
)
MANAGERS = ADMINS
@@ -24,8 +24,7 @@ DATABASES = {
}
}
SECRET_KEY = '$SECRET_KEY'
-#ALLOWED_HOSTS=['l10n.gnome.org', '8.43.85.13', '8.43.85.14']
-ALLOWED_HOSTS = ['*']
+ALLOWED_HOSTS=['l10n.gnome.org', '8.43.85.13', '8.43.85.14']
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
