On this page we list the various steps needed for deployments. The first section contains the information pertaining to the initial deployment of the production server. The second section contains steps that need to be executed for each release. The last section contains additional steps to be performed for specific releases.
- Users / group
- Sudoers
- Setup yum repos
cat >/etc/yum.repos.d/nginx.repo <<EOT [nginx] name=nginx repo baseurl=https://nginx.org/packages/centos/\$releasever/\$basearch/ gpgcheck=0 enabled=1 EOT
- Install / setup postgreSQL 15
yum install centos-release-scl -y yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm yum install postgresql15 postgresql15-server postgresql15-devel -y cat >/etc/profile.d/pg_conf.sh <<EOF #!/bin/bash export PATH=/usr/pgsql-15/bin:\$PATH EOF export PATH=$PATH:/usr/pgsql-15/bin /usr/pgsql-15/bin/postgresql-15-setup initdb systemctl enable postgresql-15 systemctl start postgresql-15 cd / sudo -u postgres createdb fms sudo -u postgres createuser admin echo "alter user admin with encrypted password 'XXXXXX';" | sudo -u postgres psql echo "grant all privileges on database fms to admin ;" | sudo -u postgres psql echo "GRANT USAGE, CREATE ON SCHEMA public TO admin ;" | sudo -u postgres psql -d fms cat >/var/lib/pgsql/15/data/pg_hba.conf <<EOT # TYPE DATABASE USER ADDRESS METHOD # "local" is for Unix domain socket connections only #local all all md5 local all postgres peer # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 ident # Allow replication connections from localhost, by a user with the # replication privilege. local replication all peer host replication all 127.0.0.1/32 ident host replication all ::1/128 ident EOT service postgresql-15 restart
- Install essential packages
yum install git -y yum install -y gcc openssl-devel bzip2-devel libffi-devel
- Install Openssl 1.1.1u
cd /opt/ wget https://ftp.openssl.org/source/openssl-1.1.1u.tar.gz --no-check-certificate tar xzf openssl-1.1.1u.tar.gz cd openssl-1.1.1u ./config --prefix=/usr/local --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic make -j1 depend make -j2 make install_sw # To test /usr/local/bin/openssl version
- Install python 3.11.4
cd /opt wget https://www.python.org/ftp/python/3.11.4/Python-3.11.4.tgz tar xzf Python-3.11.4.tgz cd Python-3.11.4 ./configure --enable-optimizations --with-openssl=/usr/local -with-openssl-rpath=auto make altinstall #to prevent replacing the default python binary file /usr/bin/python export PATH=/usr/local/bin:$PATH # To test: /usr/local/bin/python3.11 -V /usr/local/bin/pip3.11 # Python ssl test python3.11 -m ssl
- Install uWsgi and django with pip, and llvm
pip3.11 install asgiref Django djangorestframework djangorestframework-simplejwt PyJWT pytz sqlparse list --no-cache-dir CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib" UWSGI_PROFILE_OVERRIDE=ssl=true pip3.11 install uwsgi -I --no-cache-dir yum install -y clang llvm-toolset-7 mkdir -p /usr/lib64/llvm5.0/bin ln -s /opt/rh/llvm-toolset-7/root/usr/bin/llvm-lto /usr/lib64/llvm5.0/bin/
- Install Node.js
# Tested with node.js versions <=16.17.0 yum update yum install nodejs -y
- Install and Configure nginx
yum install nginx -y cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.BKP # Edit /etc/nginx/conf.d/default.conf add/replace the following lines: location / { root /data/freezeman/frontend/dist/; index index.html; uwsgi_read_timeout 300s; } location /static/ { alias /data/freezeman/backend/staticfiles/; } location /media/ { alias /data/freezeman/backend/media/; } location /api/ { include uwsgi_params; uwsgi_pass unix:/data/freezeman/backend/fms.sock; uwsgi_read_timeout 300s; } location = /favicon.ico { access_log off; log_not_found off; } error_page 404 /index.html; systemctl restart nginx
- Install certificate
- Backup the database (
pg_dumpall > backup_release_vX_X_X.pgsql
) - Kill the uwsgi processes (
ps -aux | grep uwsgi
to find,kill -9 PROCESS_NUMBER
may need only kill the master) - Move to the repository base directory (
cd ./freezeman
) and checkout the release tag from the repository (git checkout vX.X.X
) - Update the submodule pg_fzy (
git submodule update --init --recursive
) (if changed) - Move to the frontend (
cd frontend
) and install any new dependency (npm install
) and fix security issues (npm audit fix
) - Compile the frontend (
npm run build
) - Move to the backend directory (
cd ../backend
) and activate the the virtual environment (. env/bin/activate
) - Install any new dependency (
pip3.11 install -r requirements.txt
) (version of pip may change) - Install pg_fzy (
cd backend/dependencies/pg_fzy && make && sudo make install
) (make restore_precompiled_binary
to get precompiled binaries) (if needed) - Move back to the backend root (
cd ../..
) and migrate the database (python3.11 manage.py migrate
) - Create the first revisions for newly created models (
python3.11 manage.py createinitialrevisions
) - Serve new and modified templates (
python3.11 manage.py collectstatic
) - Activate the pg_fzy module (
psql -u postgres -d fms -c "create extension fzy;"
) - Restart the uwsgi (
uwsgi uwsgi.ini &
)
- If the
git submodule update --init --recursive
command fails to reach the repo and set the submodule, check the inside the .git hidden directory of the repo base directory. Inside, open the config file and replace in the section [submodule "backend/dependencies/pg_fzy"], "url = git:" by "url = https:". Executegit submodule update --init --recursive
then go into .git/modules/backend/dependencies/pg_fzy and open "config". Replace in the section [submodule "fzy_native"], "url = git:" by "url = https:". Executegit submodule update --init --recursive
again. - To update submodule to latest commit,
git submodule update --remote --merge
- Version 3.1 :
- Upgrade python version to 3.8.
- Clone the new repository.
- Modify the nginx and uwsgi for the new locations.
- Version 3.2 :
- Add FMS_SECRETKEY, FMS_ENV ("DEV", "QC", "PROD"), FMS_EMAIL_HOST, FMS_EMAIL_PORT, FMS_EMAIL_FROM, FMS_EMAIL_USER, FMS_EMAIL_USER, FMS_EMAIL_PASSWORD, FMS_EMAIL_TLS to env variables through uwsgi.ini.
- Version 3.3 :
- Update uwsgi.ini file with the latest options (Process tracking, process number, ...).
- Add a .env file in the /frontend directory using the exemple.env as a reference. Set FMS_ENV ("DEV", "QC", "PROD") in the file.
- Version 3.14:
- Add FMS_RUN_INFO_PATH to env variables through uwsgi.ini.
- Version 4.4.0:
- Upgrade python version to 3.11.
- Upgrade Openssl version to 1.1.1u.
- Version 4.5.0:
- Backend Django version upgrade to 4.2.4 (run
pip3.11 install -r requirements.txt
). - PostgreSQL version upgrade to 15.4 (Verify permissions for user and re-compile and install the fzy extension).
- Backend Django version upgrade to 4.2.4 (run
- Version 4.6.0:
- Add FMS_AUTOMATIONS_WORK_PATH to env variables through uwsgi.ini.
- Version 4.13.0
- Add a daily Cron call to "Python manage.py prepare_report_data" from a script on the server.