WIP: postgres

Pipfile

@@ -13,12 +13,12 @@ ipython = "*"
 
 [packages]
 
-django = "==1.11.10"
+Django = "==1.11.10"
 django-widget-tweaks = "*"
 pandas = "==0.22"
-"psycopg2" = "*"
 xlrd = "*"
 django-extensions = "*"
 ujson = "*"
 eventlet = "*"
 gunicorn = "*"
+"psycopg2" = "*"

Pipfile.lock

 {
     "_meta": {
         "hash": {
-            "sha256": "2b51b796db79b08a70f4bd79d2c02e9da78e85ff73af01b3a00fa06a7ae901d6"
+            "sha256": "506dfbad122a94230d6952bbf1da47476b37c68327808ca3e13ce247636d10b8"
         },
         "host-environment-markers": {
             "implementation_name": "cpython",
@@ -150,10 +150,10 @@
         },
         "python-dateutil": {
             "hashes": [
-                "sha256:07009062406cffd554a9b4135cd2ff167c9bf6b7aac61fe946c93e69fad1bbd8",
-                "sha256:8f95bb7e6edbb2456a51a1fb58c8dca942024b4f5844cae62c90aa88afe6e300"
+                "sha256:6c0e72580272b561d8594362ab0e6b5b2191c703982150fc06ed45f7fae725be",
+                "sha256:14eb44faa298942c6385636bfd76bd5c21361632cf8ebc9c20d63fd00f6a069f"
             ],
-            "version": "==2.7.0"
+            "version": "==2.7.1"
         },
         "pytz": {
             "hashes": [

README.md

@@ -32,6 +32,13 @@ make install-user
 pipenv install --dev
 ```
 
+Criar o banco de dados postgres
+
+```
+sudo -u postgres psql < postgres/create.sql
+```
+
+
 se você possui o arquivo do banco de dados compartilhado internamente pelos 
 desenvolvedores do projeto coloque-o na home do projeto, ele vem com um usuário 
 `pet` com senha `pet` pré-configurado para testes.

deploy.sh

+#!/usr/bin/bash
+
+
+(cd src; python manage.py collectstatic)
+
+mv src/static .
+
+
+if ! sudo -u postgres psql adega
+then
+	sudo -u postgres psql < postgres/create.sql
+fi
+
+
+python manage.py migrate
+
+sudo -u postgres psql < postgres/harden.sql
+
+
+

gunicorn/gunicorn.service

+[Unit]
+Description=gunicorn daemon
+After=network.target
+
+[Service]
+User=www-data
+Group=www-data
+WorkingDirectory=/var/www/adega/src
+ExecStart=/var/www/adega/venv/bin/gunicorn --access-logfile - -k eventlet --workers 4 --bind unix:/var/www/adega/adega.sock adega.wsgi:application
+
+[Install]
+WantedBy=multi-user.target
+

nginx/adega

+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+#
+# Generally, you will want to move this file somewhere, and start with a clean
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+
+upstream adega {
+    server unix:/var/www/adega/adega.sock fail_timeout=10;
+}
+
+
+
+# Default server configuration
+#
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    
+    charset utf-8;
+
+    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
+    ssl_certificate /etc/ssl/adega/adega.crt;
+    ssl_certificate_key /etc/ssl/adega/adega.key;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+
+
+    # modern configuration. tweak to your needs.
+    ssl_protocols TLSv1.2;
+    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_prefer_server_ciphers on;
+
+    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
+    add_header Strict-Transport-Security max-age=15768000;
+
+    # OCSP Stapling ---
+    # fetch OCSP records from URL in ssl_certificate and cache them
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
+    #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
+
+    # resolver <IP DNS resolver>;
+
+	root /var/www/html;
+
+	# Add index.php to the list if you are using PHP
+	index index.php index.html index.htm index.nginx-debian.html;
+
+	server_name _;
+
+	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		autoindex on;
+		try_files $uri $uri/ =404;
+
+		disable_symlinks off;
+	}
+	
+	location /adega {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		include proxy_params;
+        proxy_redirect off;
+
+		proxy_pass http://adega/;
+	}
+	
+	location /adega/static {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		
+		root /var/www;
+		
+		autoindex on;
+		try_files $uri $uri/ =404;
+
+		disable_symlinks on;
+	}
+
+
+    location ~ /\.ht {
+        deny all;
+    }
+}
+
+

nginx/pet.inf.ufpr.br

+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# http://wiki.nginx.org/Pitfalls
+# http://wiki.nginx.org/QuickStart
+# http://wiki.nginx.org/Configuration
+#
+# Generally, you will want to move this file somewhere, and start with a clean
+# file but keep this around for reference. Or just disable in sites-enabled.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+
+upstream adega {
+    server unix:/var/www/adega/adega.sock fail_timeout=10;
+}
+
+
+
+# Default server configuration
+#
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    
+    charset utf-8;
+
+    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
+    ssl_certificate /etc/ssl/adega/adega.crt;
+    ssl_certificate_key /etc/ssl/adega/adega.key;
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:50m;
+    ssl_session_tickets off;
+
+
+    # modern configuration. tweak to your needs.
+    ssl_protocols TLSv1.2;
+    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+    ssl_prefer_server_ciphers on;
+
+    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
+    add_header Strict-Transport-Security max-age=15768000;
+
+    # OCSP Stapling ---
+    # fetch OCSP records from URL in ssl_certificate and cache them
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
+    #ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
+
+    # resolver <IP DNS resolver>;
+
+	root /var/www/html;
+
+	# Add index.php to the list if you are using PHP
+	index index.php index.html index.htm index.nginx-debian.html;
+
+	server_name _;
+
+	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		autoindex on;
+		try_files $uri $uri/ =404;
+
+		disable_symlinks off;
+	}
+	
+	location /adega {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		include proxy_params;
+        proxy_redirect off;
+
+		proxy_pass http://adega/;
+	}
+	
+	location /adega/static {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+		
+		root /var/www;
+		
+		autoindex on;
+		try_files $uri $uri/ =404;
+
+		disable_symlinks on;
+	}
+
+
+    location ~ /\.ht {
+        deny all;
+    }
+}
+
+

postgres/config_db.sql → postgres/create.sql

@@ -2,7 +2,7 @@ CREATE DATABASE adega;
 
 CREATE USER adega WITH PASSWORD 'adega';
 
-ALTER ROLE myprojectuser SET client_encoding TO 'utf8';
-ALTER ROLE myprojectuser SET default_transaction_isolation TO 'read committed';
-ALTER ROLE myprojectuser SET timezone TO 'UTC-3';
+ALTER ROLE adega SET client_encoding TO 'utf8';
+ALTER ROLE adega SET default_transaction_isolation TO 'read committed';
+ALTER ROLE adega SET timezone TO 'UTC-3';
 GRANT ALL PRIVILEGES ON DATABASE adega TO adega;

src/adega/settings.py

@@ -82,25 +82,25 @@ WSGI_APPLICATION = 'adega.wsgi.application'
 # Database
 # https://docs.djangoproject.com/en/1.9/ref/settings/#databases
 
+#DATABASES = {
+#    'default': {
+#        'ENGINE': 'django.db.backends.sqlite3',
+#        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+#    }
+#}
+
+
 DATABASES = {
     'default': {
-        'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+        'ENGINE': 'django.db.backends.postgresql_psycopg2',
+        'NAME': 'adega',
+        'USER': 'adega',
+        'PASSWORD': 'adega',
+        'HOST': 'localhost',
+        'PORT': '5432',
     }
 }
 
-if not DEBUG:
-    DATABASES = {
-        'default': {
-            'ENGINE': 'django.db.backends.postgresql_psycopg2',
-            'NAME': 'adega',
-            'USER': 'adega',
-            'PASSWORD': 'adega',
-            'HOST': 'localhost',
-            'PORT': '',
-        }
-    }
-
 
 AUTHENTICATION_BACKENDS = ['public.auth.EmailBackend']
 

src/script/main.py

@@ -15,10 +15,7 @@ def analyze(submission):
 
     build_cache(dataframe)
 
-    submission.processed = True
-
-    submission.process_time = round(time.clock() - start_time)
-    submission.save()
+    submission.set_done(round(time.clock() - start_time))
 
     cpu_time = timedelta(seconds=round(time.clock() - start_time))
     run_time = timedelta(seconds=round(time.time() - start_time_exec))