Adding docs on server setup. See #30

Mark Lavin · Mark Lavin · commit f14fe4a3c531 · 2013-05-03T13:39:27.000-04:00
diff --git a/README.rst b/README.rst
@@ -57,92 +57,10 @@ You should now be able to run the development server::
     python manage.py runserver
 
 
-Setup repository
-------------------------
-
-Before your project can be deployed to a server, the code needs to be
-accessible in a git repository.
-
-1. Add your project code to a git repo, hosted somewhere your server can clone it from.
-
-2. Edit ``fabfile.py`` near the top and insert your repo's URL.  E.g., change this::
-
-    env.repo = u'' # FIXME: Add repo URL
-
-   to this::
-
-    env.repo = u'git@github.com:account/reponame.git'
-
-
-
-Server Provisioning
-------------------------
-
-The first step in creating a new server is to create users on the remote server. You
-will need root user access with passwordless sudo. How you specify this user will vary
-based on the hosting provider. EC2 and Vagrant use a private key file. Rackspace and
-Linode use a user/password combination.
-
-1. For each developer, add a user record along with their SSH key into the ``conf/pillar/devs.sls``.
-
-2. Set the project name in ``conf/pillar/project.sls`` and the environment's domain in
-    ``conf/pillar/<environment>/env.sls`` if it has not already been set.
-
-3. Add any environment secrets to the ``conf/pillar/<environment>/secrets.sls``. This file is not in the source
-    control by default but there are example ``secrets.ex`` files to use as a starting point.
-
-4. Provision the box using the Salt bootstrap::
-
-        fab -H <fresh-server-ip> -u <root-user> <environment> provision
-
-    This will provision the box for the initial deploy (create users and install/configure necessary pacakges).
-
-5. Add the IP to the appropriate environment function. You can now run the initial deploy::
-
-        fab <environment> deploy
-
-
-Vagrant Testing
-------------------------
-
-You can test the provisioning/deployment using `Vagrant <http://vagrantup.com/>`_.
-Using the Vagrantfile you can start up the VM. This requires the ``precise32`` box::
-
-    vagrant up
-
-With the VM up and running, you can create the necessary users.
-Put the developers' keys in ``conf/users`` as before, then
-use these commands to create the users. The location of the key file
-(/usr/lib/ruby/gems/1.8/gems/vagrant-1.0.2/keys/vagrant)
-may vary on your system. If installed via apt then this may be located in
-/usr/share/vagrant/keys/vagrant. Running ``locate keys/vagrant`` might
-help find it::
-
-    fab -H 33.33.33.10 -u vagrant -i /usr/lib/ruby/gems/1.8/gems/vagrant-1.0.2/keys/vagrant vagrant provision
-    fab vagrant deploy
-
-It is not necessary to reconfigure the SSH settings on the vagrant box.
-
-The vagrant box forwards
-port 80 in the VM to port 8080 on the host box. You can view the site
-by visiting localhost:8080 in your browser.
-
-You may also want to add::
-
-    33.33.33.10 dev.example.com
-
-to your hosts (/etc/hosts) file.
-
-You can stop the VM with ``vagrant halt`` and
-destroy the box completely to retest the provisioning with ``vagrant destroy``.
-
-For more information please review the Vagrant documentation.
-
-
 Deployment
 ------------------------
 
-For future deployments, you can deploy changes to a particular environment with
+You can deploy changes to a particular environment with
 the ``deploy`` command. This takes an optional branch name to deploy. If the branch
 is not given, it will use the default branch defined for this environment in
 ``env.branch``::
diff --git a/docs/provisioning.rst b/docs/provisioning.rst
@@ -0,0 +1,143 @@
+Server Provisioning
+========================
+
+
+Overview
+------------------------
+
+{{ project_name|title }} is deployed on the following stack.
+
+- OS: Ubuntu 12.04 LTS
+- Python: 2.7
+- Database: Postgres
+- Application Server: Gunicorn
+- Frontend Server: Nginx
+- Cache: Memcached
+
+These services are configured to run together on a single machine. Each environment
+(``staging`` or ``production``) should run on a separate machine. `Supervisord <http://supervisord.org/>`_
+manages the application server process.
+
+
+Initial Setup
+------------------------
+
+Before your project can be deployed to a server, the code needs to be
+accessible in a git repository. Once that is done you should update the ``env.repo`` in
+the ``fabfile.py``. E.g., change this::
+
+    env.repo = u'' # FIXME: Add repo URL
+
+to this::
+
+    env.repo = u'git@github.com:account/reponame.git'
+
+You also need to set the project name in `conf/pillar/project.sls``. This should
+match the ``env.project`` in ``fabfile.py``. For the environment you want to setup
+you will need to set the ``domain`` in ``conf/pillar/<environment>/env.sls``.
+
+You will also need add the developer's user names and SSH keys to ``conf/pillar/devs.sls``. Each
+user record should match the format::
+
+    example-user:
+      groups: [admin, login]
+      public_key:
+       - ssh-rsa <Full SSH Key would go here>
+
+Additional developers can be added later but you will need to create at least on user for
+yourself.
+
+
+Managing Secrets
+------------------------
+
+Secret information such as passwords and API keys should never be committed to the
+source repository. Instead aach environment manages is secrets in ``conf/pillar/<environment>/secrets.sls``.
+These ``secrets.sls`` files are excluded from the source control and need to be passed
+to the developers out of band. There are example files given in ``conf/pillar/<environment>/secrets.ex``.
+They have the format::
+
+    secrets:
+      DB_PASSWORD: 'XXXXXX'
+
+Each key/value pair given in the ``secrets`` dictionary will be added to the OS environment
+and can retrieved in the Python code via::
+
+    import os
+
+    password = os.environ['DB_PASSWORD']
+
+Secrets for other environments will not be available. That is the staging server
+will not have access to the production secrets. As such there is no need to namespace the
+secrets by their environment.
+
+
+Setup Checklist
+------------------------
+
+To summarize the steps above you can use the following checklist
+
+- ``env.repo`` is set in ``fabfile.py``
+- Developer user names and SSH keys have been added to ``conf/pillar/devs.sls``
+- Project name has been in ``conf/pillar/project.sls``
+- Environment domain name has been set in ``conf/pillar/<environment>/env.sls``
+- Environment secrets have been set in ``conf/pillar/<environment>/secrets.sls``
+
+
+Provision
+------------------------
+
+Once you have completed the above steps you are ready to provision a new server
+for a given environment. You will need to be able to connect to the server
+as a root user. How this is done will depend on where the server is hosted.
+VPS providers such as Linode will give you a username/password combination. Amazon's
+EC2 uses a private key. These credentials will be passed as command line arguments.::
+
+    # Template of the command
+    fab -H <fresh-server-ip> -u <root-user> <environment> provision
+    # Example of provisioning 33.33.33.10 as a staging machine
+    fab -H 33.33.33.10 -u root staging provision
+
+Behind the scenes this will rsync the states/pillars in ``conf`` over to the
+server as well as check out the base states from the `margarita <https://github.com/caktus/margarita>`_
+repo. It will then use the `masterless salt-minion <http://docs.saltstack.com/topics/tutorials/quickstart.html>`_
+to ensure the states are up to date.
+
+Note that because of the use of rsync it is possible to execute configuration changes which
+have not yet been committed to the repo. This can be handy for testing configuration
+changes and allows for the secrets to be excluded from the repo but it's a double-edged sword.
+You should be sure to commit any configuration changes to the repo when they are ready.
+
+Once a server has been created for its environment it should be added to the ``env.hosts``
+for the given environment. In our example we would add::
+
+    def staging():
+        env.environment = 'staging'
+        env.hosts = ['33.33.33.10', ]
+
+At this point we can run the first deploy::
+
+    fab staging deploy
+
+This will do the initial checkout of the repo source, install the Python requirements,
+run syncdb/migrate and collect the static resources.
+
+
+Updates
+------------------------
+
+During the life of the project you will likely need to make updates to the server
+configuration. This might include new secrets add to the pillar, new developers
+added to the project or new services which need to be installed. Configuration updates
+can be made by calling the ``provision`` command again.::
+
+    # Template of the command
+    fab <environment> provision
+    # Reprovision the staging server
+    fab staging provision
+
+In this case we do not need to connect as the root user. We connect as our developer
+user. We also do not need to specify the host. It will use the ``env.hosts`` previously
+set for this environment.
+
+For more information testing the provisioning see the doc:`vagrant guide </vagrant>`.
diff --git a/docs/server-setup.rst b/docs/server-setup.rst
@@ -0,0 +1,67 @@
+Server Setup
+========================
+
+
+Provisioning
+------------------------
+
+The server provisioning is managed using `Salt Stack <http://saltstack.com/>`_. The base
+states are managed in a `common repo <https://github.com/caktus/margarita>`_ and additional
+states specific to this project are contained within the ``conf`` directory at the root
+of the repository.
+
+For more information see the doc:`provisioning guide </provisioning>`.
+
+
+Layout
+------------------------
+
+Below is the server layout created by this provisioning process::
+
+    /var/www/
+        {{ project_name }}/
+        env/
+        log/
+        public/
+            static/
+            media/
+
+``/var/www/{{ project_name }}/`` contains source code of the project. ``/var/www/env/``
+is the `virtualenv <http://www.virtualenv.org/>`_ for Python requirements. ``/var/www/log/``
+stores the Nginx, Gunicorn and other logs used by the project. ``/var/www/public/``
+holds the static resources (css/js) for the project and the uploaded user media.
+``/var/www/public/static/`` and ``/var/www/public/media/`` map to the ``STATIC_ROOT`` and
+``MEDIA_ROOT`` settings.
+
+
+Deployment
+------------------------
+
+For deployment each developer connects to the server as their own user. Each developer
+has SSH access via their public key. These users are created/managed by the Salt
+provisioning. The deployment itself is automated with `Fabric <http://docs.fabfile.org/>`_.
+To deploy a developer simply runs::
+
+    # Deploy updates to staging
+    fab staging deploy
+    # Deploy updates to production
+    fab production deploy
+
+Each environment (``staging`` or ``production``) is tied to a particular Git branch managed
+by ``env.branch`` in the ``fabfile.py``. Deploying a different branch can be done by
+passing the branch name to the deploy command::
+
+    # Deploy new-feature to staging
+    fab staging deploy:new-feature
+
+Developers should coordinate to ensure that they do not deploy different branches on
+top of one another.
+
+New python requirements add to the ``requirements/`` files and new South migrations
+are detected by grepping the Git diff on deploy. This works fairly well but if they
+need to be manually updated that can be done via Fabric::
+
+    # Installs new requirements from requirements/production.txt
+    fab staging update_requirements
+    # Runs syncdb/migrate
+    fab staging syncdb
diff --git a/docs/vagrant.rst b/docs/vagrant.rst
@@ -0,0 +1,62 @@
+Vagrant Testing
+========================
+
+
+Starting the VM
+------------------------
+
+You can test the provisioning/deployment using `Vagrant <http://vagrantup.com/>`_.
+Using the included Vagrantfile you can start up the VM. This requires Vagrant 1.2+ and
+the ``precise32`` box. The box will be installed if you don't have it already.::
+
+    vagrant up
+
+The general provision workflow is the same as in the previous doc:`provisioning guide </provisioning>`
+so here are notes of the Vagrant specifics.
+
+
+Provisioning the VM
+------------------------
+
+The ``fabfile.py`` contains a ``vagrant`` environment with the VM's IP already added.
+The rest of the environment is made to match the ``staging`` environment. If you
+have already configured the ``conf/pillar/staing/env.sls`` and ``conf/pillar/staing/secrets.sls``
+then you can continue provisioning the VM.
+
+To connect to the VM for the first time you need to use the private key which ships
+with the Vagrant install. The location of the file may vary on your platform depending
+on which version you installed and how it was installed. You can use ``locate`` to find it::
+
+    # Example locate with output
+    $ locate keys/vagrant
+        /opt/vagrant/embedded/gems/gems/vagrant-1.2.2/keys/vagrant
+        /opt/vagrant/embedded/gems/gems/vagrant-1.2.2/keys/vagrant.pub
+
+You can then call the initial provision using this key location for the ``-i`` option::
+
+    fab -u vagrant -i /opt/vagrant/embedded/gems/gems/vagrant-1.2.2/keys/vagrant vagrant provision
+
+After that has finished you can run the initial deploy::
+
+    fab vagrant deploy
+
+
+Testing on the VM
+------------------------
+
+With the VM fully provisioned and deployed you can access the VM on localhost port 8089. Since
+the Nginx configuration will only listen for the domain name in ``conf/pillar/staing/env.sls``
+you will need to modify your ``/etc/hosts`` configuration to view it. You will need to add::
+
+    127.0.0.1 <domain>
+
+where ``<domain>`` matches the domain in ``conf/pillar/staing/env.sls``. For example lets use
+staging.example.com::
+
+    127.0.0.1 staging.example.com
+
+In your browser you can now view staging.example.com:8089 and see the VM running the full
+web stack.
+
+Note that this ``/etc/hosts`` entry will prevent you from accessing the true staging.example.com.
+When your testing is complete you should remove or comment out this entry.
