/cookiecutter-django

Primary LanguagePythonOtherNOASSERTION

Init a django project

Idea is to create it with a wonderful python tool called cookiecutter

Install prerequisites

if ! ( virtualenv --version 2>&1 >/dev/null );then echo "ERROR: install venv, on debian/ubuntu: apt install -y virtualenv,fi";fi
virtualenv --python=python3 ~/tools/cookiecutter
~/tools/cookiecutter/bin/pip install cookiecutter

Create back project

  • create on gitlab your project

  • then locally (replace with your values)

    cd ~/.cookiecutters/cookiecutter-django \
    && git fetch origin && git reset --hard origin/master \
    && cd -
cookiecutter --no-input -f -o ~/out_dir \
    https://github.com/corpusops/cookiecutter-django.git \
    name=foo \
    tld_domain=mydomain.com \
    git_server=git.foo.com \
    git_ns=bar \
    dev_port=40001 staging_port=40003 qa_host="" prod_port=40010
cd ~/out_dir
# review before commit
# for relative checkout to work, we need remote objects locally
git commit local -m "Add deploy"

  • Read cookiecutter.json for all options

  • notable options behaviors:

    • use_submodule_for_deploy_code=: copy deploy submodule inside project for a standalone deployment (no common deploy)
    • py_ver=X.Yy: python version to use
    • remove_cron=y: will remove cron image and related configuration
    • enable_cron=: will soft disable (comment crontab) without removing cron.
    • (qa|staging)_host=: will disable generation for this env
    • tests_(staging|tests)=: will disable those specific tests in CI
    • registry_is_gitlab_registry=y: act that registry is gitlab based and use token to register image against and autofill register_user and registry_password.
    • db_mode=<mode>: one of postgres|postgis|mysql
    • haproxy=y: generate haproxy related jobs

Fill ansible inventory

Generate ssh deploy key

cd local
ssh-keygen -t rsa -b 2048 -N '' -C deploy -f deploy

Generate vaults password file

export CORPUSOPS_VAULT_PASSWORD=SuperVerySecretPassword
.ansible/scripts/setup_vaults.sh
  • Also add that variable CORPUSOPS_VAULT_PASSWORD in the gitlab CI/CD variables
  • You would certainly also add REGISTRY_USER & REGISTRY_PASSWORD.

Move vault templates to their encrypted counterparts

For each file which needs to be crypted

# to find them
find .ansible/inventory/group_vars/|grep encrypt

Generate vaults

Also open and read both your project top README.md and the .ansible/README.md

You need to

  1. open in a editor:

    $EDITOR .ansible/inventory/group_vars/dev/default.movemetoencryptedvault.yml

  2. In another window/shell, use Ansible vault to create/edit that file without the "encrypted" in the filename and copy/paste/adapt the content

    .ansible/scripts/edit_vault.sh .ansible/inventory/group_vars/dev/default.yml

  3. Delete the original file

    rm -f .ansible/inventory/group_vars/dev/default.movemetoencryptedvault.yml
  • Wash, rince, repeat for each needing-to-be-encrypted vault.
  • ⚠️Please note⚠️: that you will need to put the previously generated ssh deploy key in all/default.yml

Init dev and and test locally

./control.sh init  # init conf files
./control.sh build django
./control.sh build  # will be faster as many images are based on django

Push to gitlab

  • Push to gitlab and run the dev job until it succeeds
  • Trigger the dev image release job until it succeeds

Deploy manually

  • Deploy manually one time to see everything is in place
    Remember:

    • Your local copy is synced as the working directory on target env (with exclusions, see playbooks)
    • The cops_django_docker_tag controls which docker image is deployed.
    .ansible/scripts/call_ansible.sh .ansible/playbooks/deploy_key_setup.yml
.ansible/scripts/call_ansible.sh -vvv .ansible/playbooks/ping.yml -l dev  # or staging
.ansible/scripts/call_ansible.sh -vvv .ansible/playbooks/app.yml \
     -e "{cops_django_docker_tag: dev}" -l dev  # or staging

Update project

You can regenerate at a later time the project

local/regen.sh  # and verify new files and updates