Skip to content

Managing the production server

Caleb Sander edited this page Mar 3, 2020 · 20 revisions

Where is the production code?

It's in /home/ascit/donut, which is cloned from this repository. There are some secret configuration files that must also be present for the app to run; they should be the same as in the development clones of the repository:

  • donut/config.py: has configuration information for the dev and prod environments, e.g. database logins
  • calendar.json: has authorization information for the Google Calendar API

Apache

The production server (at http://35.162.204.135) uses Apache and mod_wsgi to run the Flask app. The Apache configuration is in /etc/apache2/sites-available/000-default.conf and the mod_wsgi configuration is /home/ascit/donut/donut.wsgi. To reload these configurations, run sudo service apache2 restart.

Logs

The Flask (Apache) logs are written to /var/log/apache2/access.log. Apache and mod_wsgi error logs are written to /var/log/apache2/error.log.

Database

The production MariaDB database is donut. See donut/config.py for the username and password.

virtualenv

The production server uses the virtualenv in /home/ascit/virtualenvs/donut-py3. To update the pip modules, activate the virtualenv by running . /home/ascit/virtualenvs/donut-py3/bin/activate in a shell and then run make update-packages in the production code directory.

HTTPS

After years of sending plaintext passwords on legacy Donut, we finally have encryption! We are using Let's Encrypt to get those sweet sweet HTTPS certificates for free. HTTPS was set up initially with this command, which obtained a cert and reconfigured Apache automatically:

sudo certbot --apache -d beta.donut.caltech.edu -m [email protected] --agree-tos

The certificates are installed in /etc/letsencrypt and the Apache HTTPS config is at /etc/apache2/sites-available/000-default-le-ssl.conf. The certificate expires every 3 months, and the following command is set up as a cron job to renew it:

sudo certbot renew --post-hook 'service apache2 restart'

We should probably register it with a different email address when I'm no longer on devteam just in case the renewal script fails.

Initial configuration

Hopefully this should never have to be done a second time, but just in case...

  1. Set up the tables in the prod DB. This requires removing the donut_test lines in sql/reset.sql and running mysql --password=PASSWORD -u ascit donut < sql/reset.sql.
  2. Export and import legacy directory tables (Run donut/modules/directory_search/utils/export_legacy.py on legacy server and donut/modules/directory_search/utils/import_legacy.py on new server.)
  3. Run this SQL on the prod DB:
INSERT INTO marketplace_categories (cat_title) VALUES ('Textbooks');

INSERT INTO groups(group_name, group_desc, type, newsgroups) VALUES
('ug', 'All undergrads', 'ug-auto', 1);
INSERT INTO positions(group_id, pos_name) VALUES ((SELECT group_id FROM groups WHERE group_name = 'ug'), 'Member');

INSERT INTO rooms (location, title, description) VALUES 
	('SAC 23', 'ASCIT Screening Room', 'A room for watching DVDs and videos'), 
	('SAC 13', 'Group Study Room', 'Group study room in the SAC'), 
	('SAC 14', 'Group Study Room', 'Group study room in the SAC'), 
	('SAC 4', 'Music Room', 'Music room in the SAC'), 
	('SAC 5', 'Music Room', 'Music room in the SAC'), 
	('SAC 5a', 'Music Room', 'Music room in the SAC'), 
	('SAC 7', 'Music Room', 'Music room in the SAC');
Clone this wiki locally