forked from oldtian/Oliver
-
Notifications
You must be signed in to change notification settings - Fork 0
/
INSTALL
148 lines (123 loc) · 4.43 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
Oliver运维管理系统安装部署
1、安装以下软件
1.1 安装nginx
安装过程略
1.2 安装mysql
安装过程略
1.3 安装python2.7.10
升级安装python2.7.10
wget https://www.python.org/ftp/python/2.7.10/Python-2.7.10.tgz
tar -zxf Python-2.7.10.tgz
cd Python-2.7.10
./configure
make all
make install
make clean
make distclean
查看版本
/usr/local/bin/python2.7 -V
建议软链接
mv /usr/bin/python /usr/bin/python2.6.6
ln -s /usr/local/bin/python2.7 /usr/bin/python
重新验证版本
python -V
1.4 安装setuptools
wget https://pypi.python.org/packages/source/s/setuptools/setuptools-19.2.tar.gz
tar -zxf setuptools-19.2.tar.gz
cd setuptools-19.2
python setup.py install
1.5 安装pip8.1.1
wget https://pypi.python.org/packages/source/p/pip/pip-8.1.1.tar.gz
tar -zxf pip-8.1.1.tar.gz
cd pip-8.1.1
python setup.py install
2、关闭selinux并开放iptables的80端口
setenforce 0
sed -i '/^SELINUX=/{s/enforcing/disabled/}' /etc/sysconfig/selinux
sed -i '/^SELINUX=/{s/enforcing/disabled/}' /etc/selinux/config
iptables -I INPUT 4 -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
/etc/init.d/iptables save
3、pip安装如下包
pip install supervisor
pip install uwsgi
pip install ansible==1.9.4
pip install Django==1.8.3
pip install django-users2
pip install MySQL-python
pip install rpyc
4、创建uwsgi.ini
建议放置在项目所在目录下
[uwsgi]
socket = /tmp/oliver.sock #nginx需要使用到的socket文件
chdir=/opt/www/oliver #切换到项目所在目录
wsgi-file = Oliver/wsgi.py #wsgi.py主程序入口,加载相应环境
touch-reload=/opt/www/oliver/reload #touch一个空白的reload文件,项目重启
processes = 2 #初始启动进程数
threads = 4
chmod-socket = 664 #socket文件的属性
chown-socket = nginx:nginx #socket文件的属主和属组
5、创建supervisor配置文件
echo_supervisord_conf > /etc/supervisord.conf
6、编辑supervisor配置文件
在/etc/supervisord.conf末尾追加
[program:oliver] #oliver是supervisor管理的进程名
command=/usr/local/bin/uwsgi --ini /www/oliver/uwsgi.ini
directory=/www/oliver
startsecs=0
stopwaitsecs=0
autostart=true
autorestart=true
7、启动supervisor
supervisord -c /etc/supervisord.conf
查看/tmp/oliver.sock文件是否存在,如果不存在可先将/tmp目录下文件删除,然后再一次执行上面的命令
supervisor管理进程命令:
停止进程:
supervisorctl -c /etc/supervisord.conf stop oliver
启动进程:
supervisorctl -c /etc/supervisord.conf start oliver
重启进程:
supervisorctl -c /etc/supervisord.conf restart oliver
8、修改nginx配置
nginx的配置文件中添加虚拟主机配置:
server {
listen 80;
server_name localhost;
charset utf-8;
client_max_body_size 8M;
location /media {
alias /opt/www/Oliver/media;
}
location /static {
alias /opt/www/Oliver/static;
}
location / {
uwsgi_pass unix:///tmp/oliver.sock;
include /opt/application/nginx/conf/uwsgi_params;
}
}
django仅在开发模式可加载setting.py配置中指定目录下的静态文件,在生产环境要通过nginx配置来加载静态文件,创建static和media目录。
9、添加网站监控脚本到定时任务
*/5 * * * * /usr/local/bin/python /opt/www/Oliver/webapi/sniffer.py >/dev/null 2>&1
10、在需要做安全审计的主机的/etc/profile文件中添加如下配置
HISTSIZE=1200
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE
export HISTCONTROL=ignoredups
export HISTFILE=$HOME/.bash_history
export HISTFILESIZE=1200
export HISTTIMEFORMAT="`whoami` %F %T "
export PROMPT_COMMAND="history -a; history -c; history -r;"'/opt/www/OMAudit/OMAudit_agent.py $(history 1)'
shopt -s histappend
typeset -r PROMPT_COMMAND
typeset -r HISTTIMEFORMAT
11、搜集静态文件到指定目录
在setting.py中配置STATIC_ROOT来指定搜集静态文件存放目录:
python manage.py collectstatic
每次修改静态文件内容,也需要执行一次以上命令,否则修改后的内容nginx加载不到
12、同步数据库
python manage.py makemigrations
python manage.py migrate
13、启动OliverServer主进程
python OliverServer.py &
13、重启nginx和supervisor
service nginx restart
supervisorctl -c /etc/supervisord.conf restart oliver