Update "cleanup" and "update" services for Python 3

README.md

@@ -11,8 +11,7 @@ this repository elsewhere, such as Github, are for backup purposes
 only..
 
 
-License
--------
+# License
 
 The software included herein, such as the Python source files, are generally
 licensed [AGPLv3](AGPLv3)-or-later.  The Javascript is a hodgepodge of
@@ -23,35 +22,29 @@ The content and text (such as the HTML files) is currently
 [CC-BY-SA-3.0](CC-By-SA-3.0).
 
 
-Server configuration
---------------------
+# Server configuration
 
-conservancy's webserver runs on a machine called aspen.sfconservancy.org, which
-is a standard Debian installation.
-
-The following packages are installed to make Django and Apache work on a
-squeeze install:
-
-    $ aptitude install python-django apache2 sqlite3 python3-sqlite libapache2-mod-wsgi-py3
+Conservancy's webserver runs on a standard Debian installation. For
+configuration requirements, see `deploy/ansible/install.yml`.
 
 
-Django setup
-------------
+# Django setup
 
 0. Make sure the Python module 'djangopw', with the global variable
    'djangoadmin_password' is somewhere importable in the default
    PYTHON_PATH.
 
 
-Local development
----------
+# Local development
+
+Python dependencies are tied to the versions available in Debian.
 
     python3 -m pip install -r requirements.txt
     cd www
     python manage.py runserver
 
-Deploying
----------
+
+# Deploying
 
 Changes pushed to the https://k.sfconservancy.org/website repository are
 automatically deployed to the production website by the `conservancy-www-update`

systemd/README.md

@@ -0,0 +1,17 @@
+Install with:
+
+    cp systemd/conservancy-www-*.{service,timer} /etc/systemd/system
+    systemctl enable conservancy-www-cleanup.service
+    systemctl start conservancy-www-cleanup.service
+    systemctl enable conservancy-www-update.timer
+    systemctl start conservancy-www-update.timer
+
+Monitor with:
+
+    systemctl list-timers --all
+    journalctl --catalog --follow --unit conservancy-www-update.service
+
+Updates will fail unless `/var/www/website` has a git upstream, so set that with:
+
+    git remote add upstream https://k.sfconservancy.org/website
+    git branch --set-upstream-to=upstream/master master

systemd/conservancy-www-cleanup.service

@@ -4,8 +4,8 @@ Before=apache2.service
 
 [Service]
 Type=oneshot
-User=www
-ExecStart=/usr/bin/python /var/www/website/www/manage.py clearsessions --verbosity 0
+User=www-data
+ExecStart=/usr/bin/python3 /var/www/website/www/manage.py clearsessions --verbosity 0
 
 SystemCallFilter=~@clock @cpu-emulation @debug @module @mount @obsolete
 CapabilityBoundingSet=

systemd/conservancy-www-update.service

@@ -3,7 +3,7 @@ Description=Update Conservancy website checkout
 
 [Service]
 Type=oneshot
-User=www
+User=www-data
 WorkingDirectory=/var/www/website
 ExecStart=/var/www/website/systemd/conservancy-www-update.sh
 

systemd/conservancy-www-update.sh

@@ -30,7 +30,7 @@ fi
 
 exitcode=0
 git merge --quiet --ff-only "$git_remote" "$git_refspec"
-python2 -m compileall -q -x - www || exitcode=$?
+python3 -m compileall -q -x - www || exitcode=$?
 chgrp -R www-data www || exitcode=$?
 chmod -R g+rX-w,o+X-w www || exitcode=$?
 chmod -R o+r www/conservancy/static || exitcode=$?

www/conservancy/settings.py

@@ -28,7 +28,7 @@ FORCE_CANONICAL_HOSTNAME = False if DEBUG else 'sfconservancy.org'
 
 ALLOWED_HOSTS = [ 'www.sfconservancy.org', 'aspen.sfconservancy.org', 'sfconservancy.org',  '104.130.70.210' ]
 if DEBUG:
-    ALLOWED_HOSTS.append('localhost')
+    ALLOWED_HOSTS = ['*']
 
 REDIRECT_TABLE = {
     'www.sf-conservancy.org': 'sfconservancy.org',