Django migrate tips

 Django, Technology  No Responses »
May 102016
 

If you read the doc­u­ment­a­tion closely enough, of course all the inform­a­tion is there. Get­ting the order of oper­a­tions right, how­ever, can cause the odd issue.

Devel­op­ing Django apps means apply­ing migra­tions, and those don’t always do what’s expec­ted. In that case, you can roll back to the n‑1 migra­tion by using ./manage.py migrate [app_label] {n-1_migration_label}, then delete the nth migra­tion, then edit the models.py to try again.

To clean up the data­base from some third-party app you decide you don’t want after all, you use ./manage.py migrate [app_label] zero to get rid of the migra­tions from that app. You have to run this before delet­ing the app from your settings.py file.

WordPress error

 Technology, WordPress  No Responses »
Apr 242016
 

One of my cli­ent web­sites sud­denly star­ted giv­ing an error: Error estab­lish­ing a data­base con­nec­tion. When I went to the /wp-admin URL, the error was still there.

This par­tic­u­lar web­site is on shared host­ing, so I logged into the CPan­el and checked the data­base was still there. Then I checked the data­base and found some issues with some of the tables.

[site.wp_links] error: Table upgrade required. Please do "REPAIR TABLE `wp_links`" or dump/reload to fix it!
[site.wp_options] error: Table upgrade required. Please do "REPAIR TABLE `wp_options`" or dump/reload to fix it!
[site.wp_postmeta] status: OK
[site.wp_posts] status: OK
[site.wp_term_relationships] status: OK
[site.wp_term_taxonomy] error: Table upgrade required. Please do "REPAIR TABLE `wp_term_taxonomy`" or dump/reload to fix it!
[site.wp_terms] status: OK
[site.wp_usermeta] error: Table upgrade required. Please do "REPAIR TABLE `wp_usermeta`" or dump/reload to fix it!
[site.wp_users] error: Table upgrade required. Please do "REPAIR TABLE `wp_users`" or dump/reload to fix it!

Run­ning those SQL quer­ies on the appro­pri­ate data­base in phpMy­Ad­min fixed the prob­lem. I don’t know wheth­er the host­ing com­pany upgraded the data­base, or some­thing happened with the auto­mat­ic Word­Press upgrade sys­tem, or if some­thing else caused the problem.

[Update] There were a bunch of oth­er errors that cropped up after­wards with the White Screen of Death; I had to call the host­ing com­pany to sort out the serv­er-side errors caus­ing those. It’s pos­sible those errors were the ori­gin­al cause of the data­base prob­lems, whatever they were.

ImportError

 Django, Technology  No Responses »
Apr 222016
 

I dis­covered anoth­er issue while deploy­ing to Python­Any­where (maybe it’s applic­able to oth­er PAAS pro­viders as well).

There was an odd Impor­t­Er­ror when run­ning manage.py. In the spe­cif­ic case I had, it showed up when run­ning the tests with coverage: from Uni­path import Path Impor­t­Er­ror: No mod­ule named ‘Uni­path’. It turned out I had­n’t installed cov­er­age in the vir­tu­al envir­on­ment, which meant the sys­tem was using the default one. Installing cov­er­age in the vir­tu­al envir­on­ment as well fixed the problem.

Setting up on PythonAnywhere

 Django, Technology  No Responses »
Apr 212016
 

A check­list for mov­ing a Django-Wag­tail pro­ject to Python­Any­where. There is doc­u­ment­a­tion on the Python­Any­where site; mine includes things I forget.

Setup: devel­op­ment and test­ing on my laptop, sta­ging and pro­duc­tion on PythonAnywhere.

The help files are pretty good, but I need my own check­list. Right now I’m in the sta­ging mode, but at some stage I’ll be mov­ing to pro­duc­tion. No point fig­ur­ing out the same things twice!

  1. Devel­op on laptop in a vir­tualenv. Push com­mits reg­u­larly to bit­buck­et account. At some stage squash the migra­tions and clean those up. Four sets of set­tings: dev, test­ing, sta­ging, production.
  2. Set up account on Python­Any­where that allows the use of Post­gres (it’s an add-on to a cus­tom plan).
  3. Cre­ate vir­tualenv and set up sta­ging web app. Delete vir­tualenv when you real­ise you did­n’t use the right ver­sion of Python and the default is 2.7, not 3.5. Recre­ate the vir­tualenv with python 3.5.
  4. Clone the repos­it­ory (using the ssh-key­gen instruc­tions). Redir­ect the pub­lic key to a file so you can copy it without line-breaks get­ting in the way.
  5. pip install -r requirements/production.txt (includ­ing psycopg2, which I did­n’t need for development). 
  6. Cre­ate the Post­gres serv­er, user, and data­base Don’t for­get a strong pass­word for the user (own­er of the pro­ject database).
  7. Update the set­tings file with the data­base settings.
  8. Set the envir­on­ment vari­ables for the set­tings and the secret key (gen­er­at­or).
  9. Attempt to apply the migra­tions. This will show where you made mis­takes on all the pre­ced­ing steps.
  10. Fix the mis­takes. Reload the web app to see if any­thing shows up. 
  11. Set up the stat­ic file serv­er. Check the stat­ic files are being served correctly.
  12. Cre­ate the Django super­user and log in.

The next step is data, of course.

WordPress password protection

 Identity and Privacy, Technology, WordPress  No Responses »
Nov 172014
 

Word­Press was designed for pub­lic web­sites, not private ones, so pass­word pro­tec­tion can be a little clunky. For­tu­nately there are plu­gins to help, but (as always) there are trade-offs to be made. 

When all you want to do is add a pass­word to stop search engines index­ing and out­siders read­ing the con­tent, but you also want make it as easy as pos­sible for people to use, there’s the Pass­word Pro­tec­ted plu­gin. As it says, it does­n’t pro­tect the images or oth­er uploaded content.

If you also want to pro­tect the media, you will need to give people an account on the Word­Press site (with user­name and pass­word). Then you can use the htac­cess edits detailed at http://www.idowebdesign.ca/wordpress/password-protect-wordpress-attachments/. This works, but in many cases you just don’t want to give lots of people accounts on the sys­tem, or make groups of people share an account. So it’s a trade-off — how import­ant is pass­word-pro­tect­ing the images versus the admin­is­tra­tion over­head of user accounts with the asso­ci­ated username/password ease of use issues? If you do want to use user­names and pass­words, per­haps giv­ing a group of people a shared account, I’d recom­mend also using one of the plu­gins that helps with finer-grained access con­trol, such as Mem­bers, to stop people being able to change things you don’t want them chan­ging (such as pass­words for the shared account).

2FA, the aftermath

 Identity and Privacy, Technology  8 Responses »
Oct 272014
 

Two-factor authen­tic­a­tion is gen­er­ally seen as a good idea; there’s a cer­tain amount of hand-wringing over the fact that more people don’t turn it on. The prob­lem is, it’s one of those things where you sign up for dis­rup­tion over the next few days, for uncer­tain reward. The reward is uncer­tain because you can nev­er tell wheth­er turn­ing on two-factor authen­tic­a­tion stopped someone hack­ing your account or not, just like you can­’t tell wheth­er hav­ing an alarm com­pany sign out­side your house dis­suades someone from break­ing into it. My main email account has been on 2FA for ages, but I decided to add it to one of my sec­ond­ary accounts as well, giv­en that lots of people seem to mis­takenly use that email instead of their own.

Tim sug­ges­ted I used the authen­tic­at­or app for my Google account 2FA, instead of using the SMS sys­tem. Just a hint: set it up while you still have access to your text mes­sages since SMS is used for the boot­strap­ping authen­tic­a­tion. You need to sign up for Google 2FA in the first place ‘on a com­puter’ (not spe­cified wheth­er a tab­let is suf­fi­cient? I used the desktop). You are sent an SMS to authen­tic­ate your­self, and then you get anoth­er one when you want to authen­tic­ate the Authen­tic­at­or app. After that, you don’t need your SMS sys­tem, as long as you have the device with the Authen­tic­at­or app on it.

But then there are the oth­er apps, which now need applic­a­tion-spe­cif­ic gen­er­ated pass­words. Adi­um for Google Talk, for example, or email with Thun­der­bird. Set­ting each one up does­n’t take long, but I’m sure some time in the future I will have for­got­ten and be won­der­ing why I can­’t log in with a val­id password.

And I under­stand what’s going on, more or less, and think the short-term hassles are worth it. There are lots of people who don’t have a men­tal mod­el of pass­words or authen­tic­a­tion, who see only the pain and not the gain (since the gain is only in the absence of a poten­tial future pain). Busi­nesses are sup­posedly imple­ment­ing 2FA fairly rap­idly, but I’d be sur­prised if people in gen­er­al were out­fit­ting their per­son­al accounts with 2FA at any­thing like the same rate. Mind you, I also sus­pect those sur­veys apply mostly to big­ger com­pan­ies in par­tic­u­lar indus­tries; anec­dot­al evid­ence I’ve heard points to a lower real adop­tion rate.

 Older Entries  Newer Entries
/* ]]> */