misc updates

2024-09-05 13:04:42 -04:00 · 2024-09-05 13:04:42 -04:00 · ee6b331850
parent 231e6c3ace
commit ee6b331850
8 changed files with 35 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -46,3 +46,8 @@ In the future, the static inventory file may be replaced with a dynamic inventor
 One important aspect of the `hosts` file is that it defines the groups which a host or hosts are a part of.   
 Currently, there is  one prod host called `regluit-prod` which is a member of the `production` group, and another called `regluit-ondeck` in the `ondeck` group intended to be a build target that can be swapped in to production.
 These designations are important, as the `setup-prod` playbook specifically targets the `regluit-prod` host, and only that host will inherit the variables in `group_vars/production/`.   
+
+## Notes
+
+`sudo apt-get install mysql-client-8.0=8.0.19-0ubuntu5`
+`sudo apt-get install mysql-client-core-8.0=8.0.19-0ubuntu5'
--- a/group_vars/dev/vars.yml
+++ b/group_vars/dev/vars.yml
@ -11,7 +11,7 @@ server_name: "m.unglue.it"
 wsgi_home: "/opt/regluit/venv"
 wsgi_python_path: "/opt/regluit/venv/bin/python3"
 git_repo: "https://github.com/Gluejar/regluit.git"
-git_branch: "maintenance2022"
+git_branch: "maintenance-2024"
 le_endpoint: https://acme-v02.api.letsencrypt.org/directory
 #le_endpoint: https://acme-staging-v02.api.letsencrypt.org/directory
 alt_server_name: ""
--- a/group_vars/production/vars.yml
+++ b/group_vars/production/vars.yml
@ -25,7 +25,7 @@ mysql_db_host: "{{ vault_mysql_db_host }}"
 mysql_db_port: ""
 email_host: "{{ vault_email_host }}"
 email_port: 587
-default_from_email: "notices@gluejar.com"
+default_from_email: "unglueit@ebookfoundation.org"

 ### Variables in common.py ###
 common_keys:
@ -42,6 +42,7 @@ common_keys:
  ku_password:  "{{ vault_ku_password }}"
  stripe_pk:  "{{ vault_stripe_pk }}"
  stripe_sk:  "{{ vault_stripe_sk }}"
+  librarything_key: "{{ vault_librarything_key }}"

 ### Variables in host.py ### 
 host_keys:
--- a/roles/regluit_common/templates/common.py.j2
+++ b/roles/regluit_common/templates/common.py.j2
@ -13,3 +13,4 @@ MOBIGEN_URL = os.environ.get('MOBIGEN_URL', '') # https://host/mobigen
 MOBIGEN_USER_ID = os.environ.get('MOBIGEN_USER_ID', 'user')
 KU_EMAIL =  os.environ.get('KU_EMAIL', 'user@example.com')
 KU_PASSWORD = os.environ.get('KU_PASSWORD', 'abc123XYX')
+LIBRARYTHING_KEY = os.environ.get('LIBRARYTHING_KEY', 'abcdef1234567890abcdef1234567890')
--- a/roles/regluit_prod/templates/apache.conf.j2
+++ b/roles/regluit_prod/templates/apache.conf.j2
@ -27,7 +27,7 @@ SSLCertificateFile    /etc/ssl/certs/{{ server_name }}.crt
 SSLCertificateKeyFile /etc/ssl/private/server.key
 SSLCertificateChainFile /etc/ssl/certs/{{ server_name }}.ca-bundle

-WSGIDaemonProcess regluit processes=2 threads=20 python-eggs=/tmp/regluit-python-eggs
+WSGIDaemonProcess regluit processes=2 threads=10 python-eggs=/tmp/regluit-python-eggs
 WSGIScriptAlias / /opt/regluit/deploy/prod.wsgi

 # generated using https://mozilla.github.io/server-side-tls/ssl-config-generator/
@ -40,11 +40,14 @@ SSLHonorCipherOrder     on

 # HSTS (mod_headers is required) (15768000 seconds = 6 months)
 Header always add Strict-Transport-Security "max-age=15768000"
+<If "not tolower ( %{HTTP_HOST} ) in { '{{ server_name }}', '{{ alt_server_name }}' }">
+   Redirect permanent / https://{{ server_name }}/404.html
+</If>

 <Directory /opt/regluit/deploy>
  <Files prod.wsgi>
    Require all granted
-    Require expr tolower ( %{HTTP_HOST} ) in { "{{ server_name }}", "{{ alt_server_name }}" }
+    Require expr -n %{HTTP_HOST} && tolower ( %{HTTP_HOST} ) in { "{{ server_name }}", "{{ alt_server_name }}" }
  </Files>
 </Directory>

--- a/roles/regluit_prod/templates/celery/celerybeat.j2
+++ b/roles/regluit_prod/templates/celery/celerybeat.j2
@ -24,4 +24,4 @@ CELERYBEAT_LOG_LEVEL="INFO"

 CELERY_APP="regluit"

-CELERYBEAT_OPTS="--schedule=/var/run/celery/celerybeat-schedule"
+CELERYBEAT_OPTS="--schedule=/var/run/celery/celerybeat-schedule --concurrency=2"
--- a/roles/regluit_prod/templates/celery/celeryd.j2
+++ b/roles/regluit_prod/templates/celery/celeryd.j2
@ -7,6 +7,7 @@ CELERY_BIN="{{ project_path }}/{{ virtualenv_name }}/bin/celery"
 CELERYD_USER="celery"
 CELERYD_GROUP="celery"
 CELERYD_LOG_LEVEL="INFO"
+CELERYD_OPTS="--concurrency=8"

 VIRTUALENV_ACTIVATE="{{ project_path }}/{{ virtualenv_name }}/bin/activate"
 DJANGO_SETTINGS_MODULE="{{ django_settings_module }}"
--- a/roles/regluit_prod/templates/prod.py.j2
+++ b/roles/regluit_prod/templates/prod.py.j2
@ -57,6 +57,9 @@ LOGGING = {
        'brief': {
            'format': '%(asctime)s %(levelname)s %(name)s[%(funcName)s]: %(message)s',
        },
+        'dl': {
+            'format': '%(asctime)s : %(message)s',
+        },
    },
    'handlers': {
        'mail_admins': {
@ -75,6 +78,14 @@ LOGGING = {
            'backupCount': 5,
            'formatter': 'brief',
        },
+        'downloads': {
+            'level': 'INFO',
+            'class': 'logging.handlers.GroupWriteRotatingFileHandler',
+            'filename': join('/var/log/regluit', 'downloads.log'),
+            'maxBytes': 1024*1024*10, # 10 MB
+            'backupCount': 5,
+            'formatter': 'dl',
+        },
    },
    'loggers': {
        'django.request': {
@ -86,6 +97,11 @@ LOGGING = {
            'handlers': ['null'],
            'propagate': False,
        },
+        'regluit.downloads': {
+            'handlers': ['downloads'],
+            'level': 'INFO',
+            'propagate': False,
+        },
        '': {
            'handlers': ['file'],
            'level': 'WARNING',
@ -143,4 +159,6 @@ try:
 except ImportError:
    pass

-NOTIFICATION_LOCK_FILE = '/opt/regluit/.lock/send_notices'
+NOTIFICATION_LOCK_FILE = '/opt/regluit/.lock/send_notices'
+
+SERVER_LOG_DIR = '/var/log/apache2/'