From eb89cb56a502a27d8294285862443ed861d9a386 Mon Sep 17 00:00:00 2001 From: Philippe Luickx Date: Thu, 5 Oct 2017 11:18:22 +0300 Subject: [PATCH] Bugfixing and updated docs --- {{cookiecutter.project_slug}}/.gitignore | 1 + .../compose/production/django/entrypoint.sh | 2 +- .../config/settings/production.py | 4 --- .../docs/docker_ebs.rst | 30 +++++++++++-------- 4 files changed, 20 insertions(+), 17 deletions(-) diff --git a/{{cookiecutter.project_slug}}/.gitignore b/{{cookiecutter.project_slug}}/.gitignore index 8a9145f04..440b4c524 100644 --- a/{{cookiecutter.project_slug}}/.gitignore +++ b/{{cookiecutter.project_slug}}/.gitignore @@ -369,5 +369,6 @@ mailhog {% endif %} {% if cookiecutter.use_elasticbeanstalk_experimental == 'y' and cookiecutter.use_docker == 'y' -%} +# Environment variables for your Beanstalk deployment 01_envvars.config {% endif %} diff --git a/{{cookiecutter.project_slug}}/compose/production/django/entrypoint.sh b/{{cookiecutter.project_slug}}/compose/production/django/entrypoint.sh index ecae7dfb5..08cf04d23 100644 --- a/{{cookiecutter.project_slug}}/compose/production/django/entrypoint.sh +++ b/{{cookiecutter.project_slug}}/compose/production/django/entrypoint.sh @@ -9,11 +9,11 @@ set -o pipefail cmd="$@" +{% if cookiecutter.use_docker != 'y' or cookiecutter.use_elasticbeanstalk_experimental != 'y' %} # This entrypoint is used to play nicely with the current cookiecutter configuration. # Since docker-compose relies heavily on environment variables itself for configuration, we'd have to define multiple # environment variables just to support cookiecutter out of the box. That makes no sense, so this little entrypoint # does all this for us. -{% if cookiecutter.use_docker == 'y' and cookiecutter.use_elasticbeanstalk_experimental == 'y' %} export REDIS_URL=redis://redis:6379 # the official postgres image uses 'postgres' as default user if not set explictly. diff --git a/{{cookiecutter.project_slug}}/config/settings/production.py b/{{cookiecutter.project_slug}}/config/settings/production.py index ce0f30b60..01ff3a653 100644 --- a/{{cookiecutter.project_slug}}/config/settings/production.py +++ b/{{cookiecutter.project_slug}}/config/settings/production.py @@ -81,11 +81,7 @@ X_FRAME_OPTIONS = 'DENY' # ------------------------------------------------------------------------------ # Hosts/domain names that are valid for this site # See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts -{%- if cookiecutter.use_elasticbeanstalk_experimental == 'y' and cookiecutter.use_docker == 'y' -%} -ALLOWED_HOSTS = [env('DJANGO_ALLOWED_HOSTS', default='{{cookiecutter.domain_name}}')] -{% else %} ALLOWED_HOSTS = env.list('DJANGO_ALLOWED_HOSTS', default=['{{cookiecutter.domain_name}}', ]) -{% endif %} # END SITE CONFIGURATION diff --git a/{{cookiecutter.project_slug}}/docs/docker_ebs.rst b/{{cookiecutter.project_slug}}/docs/docker_ebs.rst index 97d24ea6d..e962a2180 100644 --- a/{{cookiecutter.project_slug}}/docs/docker_ebs.rst +++ b/{{cookiecutter.project_slug}}/docs/docker_ebs.rst @@ -47,6 +47,8 @@ You can also host your containers on a private container hub, e.g. (free tier op - https://cloud.google.com/container-engine/ - https://arukas.io/en/ +Docs at http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker.container.console.html +You can upload a .cfg file in the S3 bucket that the Beanstalk deploy created, that way you won't have any trouble with permissions. Update Dockerrun file --------------------- @@ -70,7 +72,6 @@ Environment variables can be set in multiple ways: - Through the CLI http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-configuration-methods-after.html#configuration-options-after-ebcli-ebsetenv - Through the console http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-configuration-methods-after.html#configuration-options-after-console-configpage - Through .ebextensions http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environment-configuration-methods-after.html#configuration-options-after-console-ebextensions -Note: EBS does not support list vars (as far as the author knows... if it does, please open a ticket) Local run @@ -88,7 +89,9 @@ RDS You can setup RDS for your production and development usage. * Production -Create an RDS instance through your EBS console http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.db.html +It is possible to create an RDS instance through your EBS console. http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.managing.db.html +However, it is recommended to create a RDS DB instance seperately and then link this to you EBS setup. This way both lifecycles are seperate and you can delete your EBS without losing your RDS. +http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.RDS.html * Development It is adviced to create a seperate development RDS instance for your local development. @@ -126,6 +129,11 @@ IAM ----- Using your root account for all AWS is a bad idea. Follow the recommendations in your "Security Status" section in the IAM dashboard. +You need following Policies attached to your user/group: +- AWSElasticBeanstalkReadOnlyAccess +- AWSElasticBeanstalkFullAccess +- AWSElasticBeanstalkService + S3 ----- As S3 is already the default for django-cookiecutter, nothing extra needs to be done here. @@ -175,8 +183,14 @@ http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/create_deploy_docker_ecs.h TODO ---- -- Celery -- Do we need something like Supervisor? +* Celery +Should Celery have it's own container? How does Celery behave when EBS boots up multiple containers, each with running Celery workers? + +CELERY +https://github.com/Maxbey/socialaggregator/blob/232690ef14ffbd7735297262ab6c26717bd53f05/aws/Dockerrun.aws.json +https://github.com/pogorelov-ss/django-elastic-beanstalk-docker-stack/blob/fb1e717ec3be0b7fef99497d4e27626386da100f/Dockerrun.aws.json + +* Do we need something like Supervisor on EBS? Troubleshooting --------------- @@ -190,11 +204,3 @@ For awsebcli to function, you need to install docker-py outside your virtual env * SECURE_SSL_REDIRECT The author didn't get it to run on production without setting up HTTPS certificates correctly, even with SECURE_SSL_REDIRECT set to False. - -Blocking sniffers -https://stackoverflow.com/questions/15238506/djangos-suspiciousoperation-invalid-http-host-header/17477436#17477436 - - -CELERY -https://github.com/Maxbey/socialaggregator/blob/232690ef14ffbd7735297262ab6c26717bd53f05/aws/Dockerrun.aws.json -https://github.com/pogorelov-ss/django-elastic-beanstalk-docker-stack/blob/fb1e717ec3be0b7fef99497d4e27626386da100f/Dockerrun.aws.json