airavata-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcus Christie (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AIRAVATA-2581) Manually deploy Django version of dev seagrid
Date Wed, 18 Jul 2018 19:43:00 GMT

    [ https://issues.apache.org/jira/browse/AIRAVATA-2581?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16548314#comment-16548314
] 

Marcus Christie commented on AIRAVATA-2581:
-------------------------------------------

Setting up another Django portal:
{noformat}
As PGA user:
```
1002	 cd portals/
1004	 mkdir django-simvascular
1005	 cd django-simvascular/
1009	 git clone https://github.com/apache/airavata-django-portal.git
1010	 python3 -m venv venv
1011	 source venv/bin/activate
1012	 pip install -r airavata-django-portal/requirements.txt 
1014	 cd airavata-django-portal/
1015	 cp ../../django-seagrid/django-airavata-gateway/django_airavata/settings_local.py django_airavata/
1016	 vim django_airavata/
1018	 mkdir ../static
1019	 ./build_js.sh 
1031	 python manage.py collectstatic -i node_modules
```

As centos user:
```
834	 cd /etc/httpd/conf.d/
835	 ls
836	 cp django-seagrid.conf django-simvascular.conf
837	 sudo cp django-seagrid.conf django-simvascular.conf
838	 ls -la
839	 sudo vim django-simvascular.conf 
840	 sudo certbot --apache certonly -d beta.gateway.simvascular.org
841	 sudo vim django-simvascular.conf 
842	 sudo certbot --apache certonly -d beta.gateway.simvascular.org
843	 ls /etc/letsencrypt/
844	 sudo su -
845	 mv django-simvascular.conf django-simvascular.conf.bak
846	 sudo mv django-simvascular.conf django-simvascular.conf.bak
847	 sudo certbot --apache certonly -d beta.gateway.simvascular.org
848	 sudo mv django-simvascular.conf.bak django-simvascular.conf
849	 sudo vim django-simvascular.conf 
850	 sudo apachectl graceful
851	 service httpd restart
852	 sudo service httpd restart
853	 sudo systemctl status httpd
854	 sudo sealert -a /var/log/audit/audit.log
```

Troubleshooting:

# 403 Forbidden

Running:
```
sudo sealert -a /var/log/audit/audit.log
```

* SELinux is preventing /usr/sbin/httpd from read access on the file pyvenv.cfg.
* SELinux is preventing /usr/sbin/httpd from getattr access on the file /var/www/portals/django-simvascular/airavata-django-portal/django_airavata/wsgi.py.

If you want to allow httpd to have getattr access on the wsgi.py file
Then you need to change the label on /var/www/portals/django-simvascular/airavata-django-portal/django_airavata/wsgi.py
Do
# semanage fcontext -a -t FILE_TYPE '/var/www/portals/django-simvascular/airavata-django-portal/django_airavata/wsgi.py'


As PGA user
```
touch db.sqlite3
python manage.py migrate
python manage.py load_simvascular_data
```

As root user
```
558	 semanage fcontext -a -t httpd_sys_content_t "/var/www/portals/django-simvascular/venv(/.*)?"
559	 semanage fcontext -a -t httpd_sys_rw_content_t /var/www/portals/django-simvascular/airavata-django-portal/db.sqlite3
573	 semanage fcontext -a -t httpd_sys_content_t "/var/www/portals/django-simvascular/airavata-django-portal(/.*)?"
574	 restorecon -R /var/www/portals/django-simvascular/airavata-django-portal
575	 systemctl restart httpd
```

Need to order the rw of db.sqlite3 after the read only access:

```
/var/www/portals/django-simvascular/venv(/.*)?    system_u:object_r:httpd_sys_content_t:s0

/var/www/portals/django-simvascular/airavata-django-portal(/.*)?    system_u:object_r:httpd_sys_content_t:s0

/var/www/portals/django-simvascular/airavata-django-portal/db.sqlite3    system_u:object_r:httpd_sys_rw_content_t:s0
```

Funny enough, running the WSGIDaemonProcess with `user=pga group=pga` doesn't solve the db.sqlite3
problem by itself.

I ultimately went with this SELinux file configuration:
```
/var/www/portals/django-simvascular/venv(/.*)?    system_u:object_r:httpd_sys_content_t:s0
/var/www/portals/django-simvascular/airavata-django-portal(/.*)?    system_u:object_r:httpd_sys_rw_content_t:s0
```

Because of the pycache directories that get created, httpd also needs write access on airavata-django-portal.

vconf file:

```
<VirtualHost *:80>
    ServerName beta.gateway.simvascular.org

    ## Redirect all http traffic to https
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>
    ServerName beta.gateway.simvascular.org

    Alias /robots.txt /var/www/portals/django-simvascular/static/robots.txt
    Alias /favicon.ico /var/www/portals/django-simvascular/static/favicon.ico

    Alias /static/ /var/www/portals/django-simvascular/static/

    <Directory /var/www/portals/django-simvascular/static>
    Require all granted
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
    </Directory>

    WSGIDaemonProcess beta.gateway.simvascular.org display-name=%{GROUP} python-home=/var/www/portals/django-simvascular/venv
python-path=/var/www/portals/django-simvascular/airavata-django-portal processes=2 user=pga
group=pga
    WSGIProcessGroup beta.gateway.simvascular.org

    WSGIScriptAlias / /var/www/portals/django-simvascular/airavata-django-portal/django_airavata/wsgi.py

    <Directory /var/www/portals/django-simvascular/airavata-django-portal/django_airavata>
        <Files wsgi.py>
        Require all granted
        </Files>
    </Directory>

    ErrorLog /var/log/httpd/django-simvascular.error.log
    CustomLog /var/log/httpd/django-simvascular.requests.log combined

    SSLEngine on
    # Disable SSLv3 which is vulnerable to the POODLE attack
    SSLProtocol All -SSLv2 -SSLv3
    SSLCertificateFile /etc/letsencrypt/live/beta.gateway.simvascular.org/cert.pem
    SSLCertificateChainFile /etc/letsencrypt/live/beta.gateway.simvascular.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/beta.gateway.simvascular.org/privkey.pem
</VirtualHost>
```
{noformat}

> Manually deploy Django version of dev seagrid
> ---------------------------------------------
>
>                 Key: AIRAVATA-2581
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2581
>             Project: Airavata
>          Issue Type: Sub-task
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>            Priority: Major
>




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message