misc updates

README.md

@@ -46,3 +46,8 @@ In the future, the static inventory file may be replaced with a dynamic inventor
 One important aspect of the `hosts` file is that it defines the groups which a host or hosts are a part of.   
 Currently, there is  one prod host called `regluit-prod` which is a member of the `production` group, and another called `regluit-ondeck` in the `ondeck` group intended to be a build target that can be swapped in to production.
 These designations are important, as the `setup-prod` playbook specifically targets the `regluit-prod` host, and only that host will inherit the variables in `group_vars/production/`.   
+
+## Notes
+
+`sudo apt-get install mysql-client-8.0=8.0.19-0ubuntu5`
+`sudo apt-get install mysql-client-core-8.0=8.0.19-0ubuntu5'

group_vars/dev/vars.yml

@@ -11,7 +11,7 @@ server_name: "m.unglue.it"
 wsgi_home: "/opt/regluit/venv"
 wsgi_python_path: "/opt/regluit/venv/bin/python3"
 git_repo: "https://github.com/Gluejar/regluit.git"
-git_branch: "maintenance2022"
+git_branch: "maintenance-2024"
 le_endpoint: https://acme-v02.api.letsencrypt.org/directory
 #le_endpoint: https://acme-staging-v02.api.letsencrypt.org/directory
 alt_server_name: ""

group_vars/production/vars.yml

@@ -25,7 +25,7 @@ mysql_db_host: "{{ vault_mysql_db_host }}"
 mysql_db_port: ""
 email_host: "{{ vault_email_host }}"
 email_port: 587
-default_from_email: "notices@gluejar.com"
+default_from_email: "unglueit@ebookfoundation.org"
 
 ### Variables in common.py ###
 common_keys:
@@ -42,6 +42,7 @@ common_keys:
   ku_password:  "{{ vault_ku_password }}"
   stripe_pk:  "{{ vault_stripe_pk }}"
   stripe_sk:  "{{ vault_stripe_sk }}"
+  librarything_key: "{{ vault_librarything_key }}"
 
 ### Variables in host.py ### 
 host_keys:

roles/regluit_common/templates/common.py.j2

@@ -13,3 +13,4 @@ MOBIGEN_URL = os.environ.get('MOBIGEN_URL', '') # https://host/mobigen
 MOBIGEN_USER_ID = os.environ.get('MOBIGEN_USER_ID', 'user')
 KU_EMAIL =  os.environ.get('KU_EMAIL', 'user@example.com')
 KU_PASSWORD = os.environ.get('KU_PASSWORD', 'abc123XYX')
+LIBRARYTHING_KEY = os.environ.get('LIBRARYTHING_KEY', 'abcdef1234567890abcdef1234567890')

roles/regluit_prod/templates/apache.conf.j2

@@ -27,7 +27,7 @@ SSLCertificateFile    /etc/ssl/certs/{{ server_name }}.crt
 SSLCertificateKeyFile /etc/ssl/private/server.key
 SSLCertificateChainFile /etc/ssl/certs/{{ server_name }}.ca-bundle
 
-WSGIDaemonProcess regluit processes=2 threads=20 python-eggs=/tmp/regluit-python-eggs
+WSGIDaemonProcess regluit processes=2 threads=10 python-eggs=/tmp/regluit-python-eggs
 WSGIScriptAlias / /opt/regluit/deploy/prod.wsgi
 
 # generated using https://mozilla.github.io/server-side-tls/ssl-config-generator/
@@ -40,11 +40,14 @@ SSLHonorCipherOrder     on
 
 # HSTS (mod_headers is required) (15768000 seconds = 6 months)
 Header always add Strict-Transport-Security "max-age=15768000"
+<If "not tolower ( %{HTTP_HOST} ) in { '{{ server_name }}', '{{ alt_server_name }}' }">
+   Redirect permanent / https://{{ server_name }}/404.html
+</If>
 
 <Directory /opt/regluit/deploy>
   <Files prod.wsgi>
     Require all granted
-    Require expr tolower ( %{HTTP_HOST} ) in { "{{ server_name }}", "{{ alt_server_name }}" }
+    Require expr -n %{HTTP_HOST} && tolower ( %{HTTP_HOST} ) in { "{{ server_name }}", "{{ alt_server_name }}" }
   </Files>
 </Directory>
 

roles/regluit_prod/templates/celery/celerybeat.j2

@@ -24,4 +24,4 @@ CELERYBEAT_LOG_LEVEL="INFO"
 
 CELERY_APP="regluit"
 
-CELERYBEAT_OPTS="--schedule=/var/run/celery/celerybeat-schedule"
+CELERYBEAT_OPTS="--schedule=/var/run/celery/celerybeat-schedule --concurrency=2"

roles/regluit_prod/templates/celery/celeryd.j2

@@ -7,6 +7,7 @@ CELERY_BIN="{{ project_path }}/{{ virtualenv_name }}/bin/celery"
 CELERYD_USER="celery"
 CELERYD_GROUP="celery"
 CELERYD_LOG_LEVEL="INFO"
+CELERYD_OPTS="--concurrency=8"
 
 VIRTUALENV_ACTIVATE="{{ project_path }}/{{ virtualenv_name }}/bin/activate"
 DJANGO_SETTINGS_MODULE="{{ django_settings_module }}"

roles/regluit_prod/templates/prod.py.j2

@@ -57,6 +57,9 @@ LOGGING = {
         'brief': {
             'format': '%(asctime)s %(levelname)s %(name)s[%(funcName)s]: %(message)s',
         },
+        'dl': {
+            'format': '%(asctime)s : %(message)s',
+        },
     },
     'handlers': {
         'mail_admins': {
@@ -75,6 +78,14 @@ LOGGING = {
             'backupCount': 5,
             'formatter': 'brief',
         },
+        'downloads': {
+            'level': 'INFO',
+            'class': 'logging.handlers.GroupWriteRotatingFileHandler',
+            'filename': join('/var/log/regluit', 'downloads.log'),
+            'maxBytes': 1024*1024*10, # 10 MB
+            'backupCount': 5,
+            'formatter': 'dl',
+        },
     },
     'loggers': {
         'django.request': {
@@ -86,6 +97,11 @@ LOGGING = {
             'handlers': ['null'],
             'propagate': False,
         },
+        'regluit.downloads': {
+            'handlers': ['downloads'],
+            'level': 'INFO',
+            'propagate': False,
+        },
         '': {
             'handlers': ['file'],
             'level': 'WARNING',
@@ -143,4 +159,6 @@ try:
 except ImportError:
     pass
 
-NOTIFICATION_LOCK_FILE = '/opt/regluit/.lock/send_notices'
+NOTIFICATION_LOCK_FILE = '/opt/regluit/.lock/send_notices'
+
+SERVER_LOG_DIR = '/var/log/apache2/'