public-health-ch/README.md

165 lines
5.7 KiB
Markdown
Raw Normal View History

Public Health Schweiz
=====================
2017-10-23 07:42:52 +00:00
Website of the [Swiss Society for Public Health](http://public-health.ch), developed by [datalets,ch](http://datalets.ch) using the open source, [Django](https://www.djangoproject.com/)-based [Wagtail CMS](http://wagtail.io). The frontend is implemented by [moving water](http://www.movingwater.ch/) using [Bootstrap](https://getbootstrap.com) framework.
2017-04-25 14:05:02 +00:00
2017-05-05 14:10:24 +00:00
This project is open source under the [MIT License](LICENSE.md).
[![Dependency Status](https://dependencyci.com/github/datalets/public-health-ch/badge)](https://dependencyci.com/github/datalets/public-health-ch)
2016-12-12 22:43:20 +00:00
## Development environment
The easiest way to set up your machine would be to use [Vagrant](https://vagrantup.com), then in the project folder in the terminal type: `vagrant up`. Then when it is ready, follow instructions for *publichealth/static/org/archive-message.html#Database setup*.
To set up a full development environment, follow all these instructions.
**Frontend setup**
2017-05-09 14:57:54 +00:00
If not using Vagrant, you will need to have Ruby and SASS installed on your system, e.g.:
2016-12-14 09:43:06 +00:00
```
2017-05-09 14:57:54 +00:00
sudo apt-get install ruby-sass
2016-12-14 09:43:06 +00:00
```
2018-06-02 12:37:25 +00:00
Make sure a recent version of node.js (we recommend using [nave.sh](https://gipublichealth/static/org/archive-message.htmlthub.com/isaacs/nave)), then:
```
npm install -g bower grunt-cli
npm install
bower install
```
The first command (`..install -g..`) may require `sudo` if you installed node.js as a system package.
2018-07-13 05:48:32 +00:00
If you are only working on the frontend, you can start a local webserver and work on frontend assets without the backend setup described below. There is a `grunt browser-sync` setup for working with frontend assets.
2016-12-14 09:43:06 +00:00
**Backend setup**
2017-05-09 14:57:54 +00:00
If not using Vagrant: after installing Python 3, from the project folder, deploy system packages and create a virtual environment as detailed (for Ubuntu users) below:
2016-12-12 22:43:20 +00:00
```
2016-12-19 10:32:58 +00:00
sudo apt-get install python3-venv python3-dev libjpeg-dev
pyvenv env
. env/bin/activate
pip install -U pip
pip install -r requirements.txt
2017-05-09 14:57:54 +00:00
```
At this point your backup is ready to be deployed.
## Database setup
Once your installation is ready, you can get a blank database set up and add a user to login with.
2017-05-09 14:57:54 +00:00
If you are using Vagrant, enter the shell of your virtual machine now with `vagrant ssh`
Run these commands:
```
./manage.py migrate
./manage.py createsuperuser
2016-12-12 22:43:20 +00:00
```
2016-12-12 22:44:06 +00:00
2016-12-14 09:43:06 +00:00
You will be asked a few questions to create an administrator account.
**Starting up**
2016-12-14 09:43:06 +00:00
If you have one installed, also start your local redis server (`service redis start`).
2017-05-09 14:57:54 +00:00
After completing setup, you can use:
2016-12-14 09:43:06 +00:00
```
2017-05-03 06:51:43 +00:00
./manage.py runserver
2016-12-12 22:44:06 +00:00
```
2016-12-14 09:43:06 +00:00
2017-05-09 14:57:54 +00:00
(In a Vagrant shell, just use `djrun`)
2017-05-03 06:51:43 +00:00
Now access the admin panel with the user account you created earlier: http://localhost:8000/admin/
2017-03-03 17:13:31 +00:00
## Troubleshooting
- Issues with migrating database tables in SQLite during development? Try `./manage.py migrate --fake`
2017-03-27 21:32:32 +00:00
## Production notes
We use [Ansible](https://www.ansible.com) and [Docker Compose](https://docs.docker.com/compose/reference/overview/) for automated deployment.
2018-12-17 12:50:15 +00:00
To use Docker Compose to manually deploy the site, copy `ansible/roles/web/templates/docker-compose.j2` to `/docker-compose.yml` and fill in all `{{ variables }}`. This can also be done automatically in Ansible.
Install or update the following roles from [Ansible Galaxy](https://docs.ansible.com/ansible/latest/reference_appendices/galaxy.html) to use our scripts:
```
ansible-galaxy install \
dev-sec.nginx-hardening dev-sec.ssh-hardening dev-sec.os-hardening \
geerlingguy.nodejs geerlingguy.certbot
```
2017-05-03 22:28:59 +00:00
2018-12-18 00:05:58 +00:00
To check that the scripts and roles are correctly installed, use this command to do a "dry run":
```
ansible-playbook -s ansible/*.yaml -i ansible/inventories/production --syntax-check --list-tasks
```
2017-05-03 22:28:59 +00:00
2017-05-05 14:35:06 +00:00
To do production deployments, you need to obtain SSH and vault keys from your system administrator (who has followed the Ansible guide to set up a vault..), and place these in a `.keys` folder. To deploy a site:
```
2017-05-05 14:35:06 +00:00
ansible-playbook -s ansible/<*.yaml> -i ansible/inventories/production
```
For an update release with a specific version, use:
```
ansible-playbook -s ansible/site.yaml -i ansible/inventories/production --tags release -e gitversion=<v*.*.*>
```
We use a StackScript to deploy to Linode, the basic system set up is to have a user in the sudoers and docker group, and a few basic system packages ready.
For example, on Ubuntu:
2017-03-27 21:32:32 +00:00
2017-04-24 12:22:51 +00:00
```
apt-get install -q -y zip git nginx python-virtualenv python-dev
2017-04-24 12:22:51 +00:00
```
The order of deployment is:
- docker.yaml (base system)
- node.yaml
- site.yaml
- harden.yaml
2017-06-02 10:52:15 +00:00
- certbot.yaml
The last line adds support for Let's Encrypt, which you can configure and enable (updating your Nginx setup) with:
```
sudo /opt/certbot/certbot-auto --nginx certonly
```
If you do **not** wish to use SSL, delete the last part of your nginx site configuration (/etc/nginx/sites-enabled/...).
### Production releases
2017-04-26 13:37:15 +00:00
For further deployment and system maintenance we have a `Makefile` which automates Docker Compose tasks. This should be converted to use [Ansible Container](http://docs.ansible.com/ansible-container/getting_started.html). In the meantime, start a release with Ansible, then complete it using `make`, i.e.:
```
ansible-playbook -s ansible/site.yaml -i ansible/inventories/production --tags release
2017-04-26 13:57:01 +00:00
ssh -i .keys/ansible.pem ansible@<server-ip> "cd <release_dir> && make release"
2017-04-26 13:37:15 +00:00
```
2017-05-09 14:57:54 +00:00
2019-01-10 09:38:52 +00:00
This is already part of the normal release cycle, but if you wish to update the Docker images to the latest versions separately, use:
`make upgrade`
2017-05-09 14:57:54 +00:00
### Restoring a data backup
For development, it's handy to have access to a copy of the production data. To delete your local database and restore from a file backup, run:
```
rm publichealth-dev.sqlite3
python manage.py migrate
python manage.py loaddata publichealth.home.json
```
You might want to `createsuperuser` again at this point.