-
Notifications
You must be signed in to change notification settings - Fork 4
Managing the production server
It's in /home/ascit/donut
, which is cloned from this repository.
There are some secret configuration files that must also be present for the app to run; they should be the same as in the development clones of the repository:
-
donut/config.py
: has configuration information for thedev
andprod
environments, e.g. database logins -
calendar.json
: has authorization information for the Google Calendar API
The production server (at http://35.162.204.135) uses Apache and mod_wsgi to run the Flask app.
The Apache configuration is in /etc/apache2/sites-available/000-default.conf
and the mod_wsgi configuration is /home/ascit/donut/donut.wsgi
.
To reload these configurations, run sudo service apache2 restart
.
The Flask (Apache) logs are written to /var/log/apache2/access.log
.
Apache and mod_wsgi error logs are written to /var/log/apache2/error.log
.
The production MariaDB database is donut
.
See donut/config.py
for the username and password.
The production server uses the virtualenv in /home/ascit/virtualenvs/donut-py3
.
To update the pip
modules, activate the virtualenv by running . /home/ascit/virtualenvs/donut-py3/bin/activate
in a shell and then run make update-packages
in the production code directory.
After years of sending plaintext passwords on legacy Donut, we finally have encryption! We are using Let's Encrypt to get those sweet sweet HTTPS certificates for free. HTTPS was set up initially with this command, which obtained a cert and reconfigured Apache automatically:
sudo certbot --apache -d beta.donut.caltech.edu -m [email protected] --agree-tos
The certificates are installed in /etc/letsencrypt
and the Apache HTTPS config is at /etc/apache2/sites-available/000-default-le-ssl.conf
.
The certificate expires every 3 months, and the following command is set up as a cron
job to renew it:
sudo certbot renew --post-hook 'service apache2 restart'
We should probably register it with a different email address when I'm no longer on devteam just in case the renewal script fails.
Hopefully this should never have to be done a second time, but just in case...
- Set up the tables in the prod DB. This requires removing the
donut_test
lines insql/reset.sql
and runningmysql --password=PASSWORD -u ascit donut < sql/reset.sql
. - Export and import legacy directory tables (Run
donut/modules/directory_search/utils/export_legacy.py
on legacy server anddonut/modules/directory_search/utils/import_legacy.py
on new server.) - Run this SQL on the prod DB:
INSERT INTO marketplace_categories (cat_title) VALUES ('Textbooks');
INSERT INTO groups(group_name, group_desc, type, newsgroups) VALUES
('ug', 'All undergrads', 'ug-auto', 1);
INSERT INTO positions(group_id, pos_name) VALUES ((SELECT group_id FROM groups WHERE group_name = 'ug'), 'Member');
INSERT INTO rooms (location, title, description) VALUES
('SAC 23', 'ASCIT Screening Room', 'A room for watching DVDs and videos'),
('SAC 13', 'Group Study Room', 'Group study room in the SAC'),
('SAC 14', 'Group Study Room', 'Group study room in the SAC'),
('SAC 4', 'Music Room', 'Music room in the SAC'),
('SAC 5', 'Music Room', 'Music room in the SAC'),
('SAC 5a', 'Music Room', 'Music room in the SAC'),
('SAC 7', 'Music Room', 'Music room in the SAC');