Merge pull request #21 from brysontyrrell/develop

RHEL instructions and resources

docs/setup/rhel.rst

@@ -0,0 +1,102 @@
+Installation on RHEL Server (7.5)
+-------------------------------------
+
+The following instructions are for setting up the patch server application on an
+RHEL 7.5 system using ``gunicorn`` and ``systemd``.
+
+.. warning::
+
+    These instructions do not cover securing your patch server with a TLS
+    certificate for HTTPS connections.
+
+Enable EPEL repository if needed:
+
+.. code-block:: bash
+
+    wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
+    sudo rpm -ivh epel-release-latest-7.noarch.rpm
+
+Install ``git``, ``httpd``, and ``pip`` on the system:
+
+.. code-block:: bash
+
+    sudo /bin/yum update -q
+    sudo /bin/yum install -y git httpd python-pip python-wheel python-virtualenv
+
+Clone the project repository to a temporary directory. ``cd`` into the
+``installation/rhel`` directory.
+
+.. code-block:: bash
+
+    /usr/bin/git clone https://github.com/brysontyrrell/PatchServer.git /tmp/patchserver
+    cd /tmp/patchserver/installation/rhel
+
+Run the ``quick_install.sh``.
+
+.. code-block:: bash
+
+    sudo bash quick_install.sh
+
+
+Once the script has completed you should be able to access the application using
+the IP address of the system at port ``5000``. You may have to allow TCP port 5000 through the firewall:
+
+.. code-block:: bash
+
+    sudo firewall-cmd --zone=public --add-port=5000/tcp
+
+Contents of ``quick_install.sh``
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. include:: ../../installation/rhel/quick_install.sh
+    :code: bash
+
+Use Nginx as a Reverse Proxy
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+.. note::
+
+    Running the patch server behind Nginx will allow you to configure the web
+    server for HTTPS.
+
+    To configure TLS, refer to the Nginx documentation available
+    `here <http://nginx.org/en/docs/http/configuring_https_servers.html>`_.
+
+Install Nginx on the system:
+
+.. code-block:: bash
+
+    sudo /bin/yum update -q
+    sudo /bin/yum install -y nginx
+
+Remove the default Nginx site:
+
+.. code-block:: bash
+
+    sudo rm /etc/nginx/sites-enabled/default
+
+Modify the `bind` value of ``/opt/patchserver/config.py`` to have ``gunicorn``
+bind the application to localhost at port ``5000``:
+
+.. code-block:: python
+
+    bind = "127.0.0.1:5000"
+
+Write the following to a new file called ``/etc/nginx/conf.d/patchserver.conf``:
+
+.. note::
+
+    This file can be found in the repository at ``installation/rhel/``
+
+.. include:: ../../installation/rhel/patchserver.conf
+    :code: python
+
+Restart ``nginx`` for the changes to take effect:
+
+.. code-block:: bash
+
+    sudo service nginx restart
+
+You should now be able to access the application using the IP address of the
+system at port ``80`` (this is the default HTTP port and you do not need to
+include it with the URL).

installation/rhel/config.py

@@ -0,0 +1,5 @@
+from multiprocessing import cpu_count
+
+bind = "0.0.0.0:5000"
+workers = 2
+threads = 2 * cpu_count()

installation/rhel/patchserver.conf

@@ -0,0 +1,12 @@
+upstream app_servers {
+    server 127.0.0.1:5000;
+}
+
+server {
+    listen 80;
+    server_name patchserver;
+
+    location / {
+        proxy_pass http://app_servers;
+    }
+}

installation/rhel/patchserver.service

@@ -0,0 +1,22 @@
+[Unit]
+Description=Patch Server daemon
+After=network.target
+
+[Service]
+PIDFile=/run/gunicorn/pid
+User=apache
+Group=apache
+RuntimeDirectory=gunicorn
+WorkingDirectory=/opt/patchserver
+ExecStart=/usr/local/patchserver-venv/bin/gunicorn \
+    --pid /run/gunicorn/pid \
+    --config /opt/patchserver/config.py \
+    --log-level info \
+    --access-logfile /opt/patchserver/access.log \
+    wsgi
+ExecReload=/bin/kill -s HUP $MAINPID
+ExecStop=/bin/kill -s TERM $MAINPID
+PrivateTmp=true
+
+[Install]
+WantedBy=multi-user.target

installation/rhel/quick_install.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+function bailout() {
+    echo "${1}: Exiting"
+    exit $2
+}
+
+# Create application directory
+/bin/mkdir -p /opt/patchserver || bailout "Unable to create /opt/patchserver" 1
+
+# Move required application files
+/bin/cp -r ../../{requirements.txt,patchserver} /opt/patchserver
+/bin/cp ./{config.py,wsgi.py} /opt/patchserver
+
+/bin/chown -R apache:apache /opt/patchserver
+
+/bin/cp ./patchserver.service /etc/systemd/system || bailout "Unable to copy patchserver.service" 2
+/bin/chown root:root /etc/systemd/system/patchserver.service
+/bin/chmod 644 /etc/systemd/system/patchserver.service
+
+
+# Create application virtual environment
+/bin/virtualenv -p python2.7 -q /usr/local/patchserver-venv || bailout "Unable to create virtual environment" 3
+
+# Install Python dependencies
+/usr/local/patchserver-venv/bin/pip install futures gunicorn -r /opt/patchserver/requirements.txt
+
+# Enable and start the service
+/usr/bin/systemctl enable patchserver.service
+/usr/bin/systemctl start patchserver.service
+
+# Verify the service has started
+/usr/bin/systemctl status patchserver.service

installation/rhel/wsgi.py

@@ -0,0 +1,12 @@
+import logging
+
+from patchserver.factory import create_app
+
+application = create_app()
+
+gunicorn_logger = logging.getLogger('gunicorn.error')
+
+for handler in gunicorn_logger.handlers:
+    application.logger.addHandler(handler)
+
+application.logger.setLevel(gunicorn_logger.level)