Skip to content

DEPLOY.md

Latest commit

 

History

History
80 lines (76 loc) · 4.42 KB

DEPLOY.md

File metadata and controls

80 lines (76 loc) · 4.42 KB

Steps for deployment

  1. Create droplet on Digitalocean, specifying to use your SSH key at creation time (so it gets added in the root account automatically).

  2. Create a new A record teamsXX pointing to the IP address of the newly created droplet.

  3. Delete the CNAME record for the previous year.

  4. Open the console (via browser) logged in as root:

    1. adduser itacpc --home /home/itacpc (it will prompt you to choose a password)
    2. adduser itacpc sudo
    3. su itacpc
    4. mkdir ~/.ssh
    5. CTRL+D to logout back to root.
    6. Copy the right key from /root/.ssh/authorized_keys into /home/itacpc/.ssh/authorized_keys

  5. Close the browser console.

  6. Create a section in your laptop's ~.ssh/config file such as the following:

    Host teams
  User itacpc
  Hostname teamsXX.itacpc.it
  IdentityFile ~/.ssh/your_chosen_key_rsa

  7. Make sure that the identity you need to clone from github is added (e.g. ssh-add ~/.ssh/<file>).

  8. Log in from a normal terminal with ssh -A teams (the -A is to allow cloning from github).

  9. Update ubuntu sudo apt update && sudo apt upgrade.

  10. Run sudo apt install pipenv git postgresql nginx certbot python3-certbot-nginx.

  11. Clone this repository git clone git@github.com:itacpc/teams.git.

  12. Enter the repository and run pipenv install (it might be necessary to adapt the Pipfile if it doesn't work immediately).

  13. Log in as postgres by running sudo su - postgres, then:

    1. Create DB user itacpc with a password, by running: createuser -P itacpc
    2. Create DB itacpc owned by user itacpc, by running: createdb itacpc -O itacpc
    3. Exit back to the previous shell.

  14. Create the log file for Django sudo touch /var/log/django.log

  15. Make the log file writable sudo chown itacpc:www-data /var/log/django.log

  16. Create the static files folder for Django sudo mkdir /var/www/django

  17. Make the folder writable sudo chown itacpc:www-data /var/www/django/

  18. Enter the virtual environment pipenv shell, then:

    1. Run the migrations to initialize the DB python3 ./manage.py migrate.
    2. Load the universities python3 ./manage.py loaddata universities.
    3. Create a superuser python3 ./manage.py createsuperuser.
    4. Collect static files (CSS, flags, etc) DEBUG=False python3 ./manage.py collectstatic.
    5. Exit back to the previous shell.

  19. Create a .env file with this content:

    DEBUG = False
REGISTRATION_IS_CLOSED = False
CAN_DISCLOSE_CREDENTIALS = False
SECRET_KEY = "generate-a-new-secret-key-here"
EMAIL_HOST = mail-server-host-here
EMAIL_PORT = 587
EMAIL_HOST_USER = mail-server-user-here
EMAIL_HOST_PASSWORD = mail-server-password-here
DB_NAME = itacpc
DB_USER = itacpc
DB_PASSWORD = database-password-here
DB_HOST = 'localhost'
DB_PORT = ''

    You can generate a key via django-admin shell by running:

    from django.core.management.utils import get_random_secret_key
get_random_secret_key()

  20. Update itacpc/settings.py changing teamsXX.itacpc.it to the correct year.

  21. Update the systemd configuration in systemd/gunicorn.service with the correct Python virtual environment path.

  22. Copy the systemd configuration sudo cp systemd/* /etc/systemd/system/.

  23. Enable the systemd configuration sudo systemctl enable gunicorn --now.

  24. Update nginx/itacpc changing teamsXX.itacpc.it to the correct year.

  25. Copy the nginx configuration sudo cp nginx/itacpc /etc/nginx/sites-available/.

  26. Disable the default nginx configuration sudo rm /etc/nginx/sites-enabled/default.

  27. Enable the new nginx configuration sudo ln -s /etc/nginx/sites-available/itacpc /etc/nginx/sites-enabled/itacpc.

  28. Run certbot to fix HTTPS stuff: sudo certbot.

When the instance is not needed anymore (i.e. some time after the contest)

  1. Backup the teams database in the "dumpdata" JSON format that Django can export/import: ./manage.py dumpdata --all --output teams20XX_dumpdata.json
  2. Also backup in the Postgres format, just in case: pg_dump -f teams20XX_pgdump.sql
  3. Save these backup files in the manage/archive/teams-data folder.
  4. TODO: should we change nginx configuration to redirect teamsXX.itacpc.it to itacpc.it for a while? For SEO reasons? Probably not so important anyway.
  5. Delete the teamsXX DNS entry from Cloudflare.
  6. Destroy the droplet from Digitalocean.