TurboGears Infrastructure SOP

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Imported from MoinMoin)
 
(redirect page to new infra-docs)
 
(11 intermediate revisions by 5 users not shown)
Line 1: Line 1:
= TurboGears - SOP =
+
{{header|infra}}
 +
{{shortcut|ISOP:TG}}
  
  
== Contact Information ==
+
This SOP has moved to the fedora Infrastructure SOP git repo. Please see the current document at: http://infrastructure.fedoraproject.org/infra/docs/turbogears.txt
Owner: Fedora Infrastructure Team
+
  
Contact: #fedora-admin
+
For changes, questions or comments, please contact anyone in the Fedora Infrastructure team.
  
Persons: abadger1999, ricky, lmacken
 
  
Location: Phoenix
+
[[Category:Infrastructure SOPs]]
 
+
Servers: app3 and app4, puppet1
+
 
+
Purpose: Provide Web In-House Web Applications for our users
+
 
+
== Description ==
+
 
+
We have many !TurboGears applications deployed in our infrastructure.  This SOP and the [[Infrastructure/SOP/Supervisor|  Supervisor SOP]]  are explain how !TurboGears apps are deployed.
+
 
+
== Deploying a new App ==
+
 
+
These instructions will help you setup a load balanced turbogears application that runs on a URL of the form:
+
<pre>
+
https://admin.fedoraproject.org/myapp
+
</pre>
+
 
+
Configuration of the new application is done on puppet1.  If you need to drop rpms of the application into the fedora infrastructure repository (because they are not available in Fedora), that presently occurs on lockbox.
+
 
+
=== Add RPMs to the Fedora Infrastructure Repo ===
+
1. Copy the rpms to lockbox
+
2. Sign the rpms with the Fedora Infrastructure Key
+
<pre>
+
rpm --add-sign foo-1.0-1.el5.*.rpm
+
</pre>
+
3. Copy the rpms to the repo directory
+
<pre>
+
mv foo-1.0-1.el5.src.rpm /netapp/app/fi-repo/el/5/SRPMS/
+
mv foo-1.0-1.el5.x86_64.rpm /netapp/app/fi-repo/el/5/x86_64/
+
</pre>
+
4. Run createrepo to regenerate the repo metadata
+
<pre>
+
cd /netapp/app/fi-repo/el/5/SRPMS/
+
sudo createrepo .
+
cd /netapp/app/fi-repo/el/5/x86_64/
+
sudo createrepo .
+
</pre>
+
 
+
{{ tableclass=note/| There are some [[PackagingDrafts/TGApps|  notes on packaging]] TG applications on the wiki.
+
}}
+
 
+
=== Configure the application ===
+
First log into puppet1 and checkout the repositories our configs are stored in:
+
<pre>
+
$ CVSROOT=/cvs/puppet cvs co manifests
+
$ CVSROOT=/cvs/puppet cvs co configs
+
</pre>
+
 
+
==== Create the manifest ====
+
1. cd manifests/services
+
2. create a file named myapp.pp with something similar to the following:
+
<pre>
+
class myapp-proxy inherits httpd {
+
apachefile { "/etc/httpd/conf.d/admin.fedoraproject.org/myapp.conf":
+
source => 'web/myapp-proxy.conf'
+
}
+
}
+
</pre>
+
This defines a class that we'll add to the proxy servers to send requests to the application running on the app servers.
+
<!-- Perhaps we could mention something about adding passwords in the private repo.
+
-->
+
3. Continue editing myapp.pp and add something like the following:
+
<pre>
+
class myapp-server inherits turbogears {
+
$myappDatabasePassword='XXXXXXXXXXXXX'
+
 
+
include supervisor
+
 
+
package { myapp:
+
ensure => latest,
+
}
+
templatefile { '/etc/myapp.cfg':
+
content => template('/var/lib/puppet/config/web/applications/myapp-prod.cfg.erb'),
+
notify => Service['supervisord'] ,
+
owner => 48,
+
mode => '640'
+
}
+
}
+
</pre>
+
This defines a server class that we'll add to the app servers.  The package definition uses the name of your application's rpm package to install from a yum repo and get required dependencies.  If you are developing and building the application yourself and have control over when new releases make it to the yum repo, set <code>ensure => latest</code> to automatically get the latest version otherwise set <code>ensure => present</code> so we can vette the latest releases before installing them on the server.
+
 
+
Now that we've defined the files and packages our app uses we need to define which machines the files and packages belong on.
+
 
+
1. cd ~/manifests/servergroups
+
2. If this application is going to run on the RHEL app servers edit appRhel.pp; if it's going to run on the Fedora app servers edit appFc.pp.  In either case we're just including the new server class in the file:
+
<pre>
+
class appRhel {
+
[...]
+
include pkgdb-server
+
include myapp-server
+
</pre>
+
3. Next edit the manifest for the proxy servers, proxy.pp:
+
<pre>
+
class proxy {
+
[...]
+
include pkgdb-proxy
+
include myapp-proxy
+
</pre>
+
 
+
That's it for the manifests, now we need to create the config files we reference in the manifest file.
+
 
+
==== Create the proxy config ====
+
1. cd ~/configs/web
+
2. create myapp-proxy.conf and put the following into the file:
+
<pre>
+
<Location /myapp>
+
RequestHeader set CP-Location /myapp
+
</Location>
+
 
+
<Location ~ /myapp/(static|tg_js)>
+
Header unset Set-Cookie
+
</Location>
+
 
+
RewriteEngine On
+
RewriteRule ^/myapp(.*)      balancer://myappCluster/myapp$1 [P]
+
</pre>
+
The first section tells !CherryPy that it's running under the /myapp/ directory.
+
 
+
The second, unsets cookies when requesting static resources.  If you have other directories of all static files (images, css, javascript, raw html, etc) include them in the regexp.  This will allow us to setup caching of these directories in the next step.
+
 
+
The last section makes all requests with /myapp as the base directory go to the servers setup in the balancer config file.
+
3. Edit balancer.conf to tell the proxy server what app servers to send requests to.  Add something like this:
+
<pre>
+
<Proxy balancer://myappCluster>
+
BalancerMember http://app3.fedora.phx.redhat.com:8089 timeout=3
+
BalancerMember http://app4.fedora.phx.redhat.com:8089 timeout=3
+
</Proxy>
+
</pre>
+
Currently we have two app servers running RHEL and two servers running Fedora.  If your application is going to run on the RHEL servers, use app1 and app2.  If it's going to run on Fedora, use app3 and app4.  The port number is the one that your !TurboGears app is listening on.  If you haven't allocated one yet, look at the [[InfrastructurePrivate/PortRegistry|  PortRegistry]]  to see what's available.  This port may also need to be added to the iptables rules in appFc.pp or appRhel.pp.
+
 
+
==== Caching ====
+
As mentioned in the last section, we have the ability to cache static files for our !TurboGears apps.
+
1. cd ~/configs/web/admin.fedoraproject.org/
+
2. edit modcache.conf and add a !CacheEnable line for every directory we can cache like so:
+
<pre>
+
CacheEnable disk /myapp/tg_js/
+
CacheEnable disk /myapp/static/
+
</pre>
+
Remember that if you list a directory in this file, you *must* unset any cookies on the page in the myapp-proxy.conf file.  If you don't the cache will distribute cookies for people's sessions to the wrong clients leading to people being logged in as someone else.
+
 
+
==== Application config file ====
+
The final piece is to create a config file template for your app.
+
1. cd ~/web/applications/
+
2. edit myapp-prod.cfg.erb
+
 
+
You should look at other application's config files and the one you've been using for testing locally.  A few things to note:
+
* This file is a template.  So using:
+
<pre>
+
<%= myappDatabasePassword %>
+
</pre>
+
will substitute the password from the config file into the template.  This keeps passwords out of the configs repository and thus keeps them from being logged to a publicly readable list.
+
* server.socket_port should be set to the same port you used in balancer.conf
+
* The following settings seem to yield reasonable performance.  These are good defaults until you have a chance to test and refine the settings:
+
<pre>
+
server.thread_pool=50
+
server.socket_queue_size=30
+
 
+
#sqlalchemy.pool_size=5
+
sqlalchemy.max_overflow=21
+
</pre>
+
* Remember to set <code>server.environment="production"</code> instead of <code>"development"</code>.
+
* Since the app will be running under /myapp, and behind a proxy, make sure the following are set correctly:
+
<pre>
+
server.webpath="/myapp"
+
base_url_filter.on = True
+
base_url_filter.use_x_forwarded_host = True
+
base_url_filter.base_url = "https://admin.fedoraproject.org/myapp"
+
</pre>
+
 
+
=== Configure supervisor ===
+
Supervisor starts our applications.
+
 
+
1. Log into puppet1
+
3. cd configs/web/applications
+
4. edit supervisord.conf.  You want to add a new entry similar to this:
+
<pre>
+
[program:MYAPP]
+
command=/usr/local/bin/startTurboGearsApp.sh /usr/sbin/start-MYAPP /etc/MYAPP.cfg
+
priority=9
+
autostart=true
+
autorestart=true
+
startsecs=10
+
startretries=5
+
stopsignal=TERM
+
stopwaitsecs=10
+
user=apache
+
</pre>
+
Modify the MYAPP entries to fit your application.
+
 
+
<code>[program:MYAPP] </code> should contain a short, lowercase version of your program name.  Supervisor commands will use this to identify your program (Like <code>supervisorctl restart myapp</code>).  For more information about these commands, see the [[Infrastructure/SOP/Supervisor|  Supervisor SOP]] .
+
 
+
<code>/usr/sbin/start-MYAPP</code> should be the path to the script you use to start your application.
+
 
+
<code>/etc/MYAPP.cfg</code> is the path to the config file you use with your application.
+
 
+
== Troubleshooting and Resolution ==
+
 
+
[COMMON ISSUES AND HOW TO FIX THEM]
+
rt
+

Latest revision as of 19:18, 19 December 2011

Infrastructure InfrastructureTeamN1.png
Shortcut:
ISOP:TG


This SOP has moved to the fedora Infrastructure SOP git repo. Please see the current document at: http://infrastructure.fedoraproject.org/infra/docs/turbogears.txt

For changes, questions or comments, please contact anyone in the Fedora Infrastructure team.