Agiley-ec2onrails 0.9.9 → 0.9.10

data/server/files/etc/mongrel_cluster/app.yml

@@ -0,0 +1,9 @@
+--- 
+cwd: /mnt/app/current
+port: "8000"
+environment: production
+pid_file: log/mongrel.pid
+servers: 6
+daemon: true
+user: app
+group: app

data/server/files/etc/monit/README

@@ -0,0 +1,5 @@
+put your custom monit files in here.  You can also put an *.erb file,
+and at setup time it will be run with the following variables:
+  @web_port_range = web_port_range
+  @web_starting_port = web_starting_port
+  @roles = roles

data/server/files/etc/monit/app.monitrc.erb

@@ -0,0 +1,13 @@
+<% @web_port_range.each do |port_num| %>
+check process mongrel_<%= port_num %> with pidfile /mnt/app/shared/log/mongrel.<%= port_num %>.pid
+  start program = "/usr/local/ec2onrails/bin/mongrel_start --only <%= port_num %>" 
+  stop program = "/usr/local/ec2onrails/bin/mongrel_stop --only <%= port_num %>" 
+  if totalmem is greater than 170.0 MB for 4 cycles then restart 
+  if cpu is greater than 80% for 4 cycles then restart
+  if failed port <%= port_num %> with timeout 10 seconds then restart
+  if loadavg(5min) greater than 10 for 8 cycles then restart          # bad, bad, bad
+  if loadavg(15min) greater than 8 for 20 cycles then restart         # bad, bad, bad
+  if 20 restarts within 20 cycles then timeout
+  mode manual
+  group app
+<% end %>

data/server/files/etc/monit/db_primary.monitrc.erb

@@ -0,0 +1,10 @@
+check process mysql with pidfile /var/run/mysqld/mysqld.pid
+  start program = "/etc/init.d/mysql start"
+  stop program  = "/etc/init.d/mysql stop"
+  if cpu > 80% for 5 cycles then restart
+#  TODO: this should take into account the settings from the optimize_mysql call.....
+#  if totalmem > 700.0 MB for 5 cycles then restart
+  if failed port 3306 protocol mysql with timeout 10 seconds then alert
+  if 3 restarts within 5 cycles then timeout
+  mode manual
+  group db_primary

data/server/files/etc/monit/memcache.monitrc

@@ -0,0 +1,8 @@
+check process memcached with pidfile /var/run/memcached.pid
+  start program = "/etc/init.d/memcached start"
+  stop program  = "/etc/init.d/memcached stop"
+  if cpu > 80% for 5 cycles then restart
+  if failed port 11211 with timeout 10 seconds then restart
+  if 3 restarts within 5 cycles then timeout
+  mode manual
+  group memcache

data/server/files/etc/monit/monitrc

@@ -0,0 +1,12 @@
+set daemon 60 
+set logfile syslog facility log_daemon 
+set mailserver localhost
+set mail-format {
+  from: app@localhost
+  subject: $HOST: $SERVICE $EVENT
+}
+set alert app@localhost only on { connection, exec, nonexist, resource, timeout }
+set httpd port 2812
+#  address localhost
+  allow localhost
+include /etc/monit/*.monitrc

data/server/files/etc/monit/system.monitrc

@@ -0,0 +1,15 @@
+check system localhost
+  if loadavg (5min) > 4 then alert
+  if memory usage > 80% then alert
+
+check device rootfs with path /
+  if space usage > 75 % then alert
+  if space usage > 95 % then unmonitor
+  if inode usage > 75 % then alert
+  if inode usage > 95 % then unmonitor
+
+check device mntfs with path /mnt
+  if space usage > 70 % then alert
+  if space usage > 95 % then unmonitor
+  if inode usage > 70 % then alert
+  if inode usage > 95 % then unmonitor

data/server/files/etc/monit/web.monitrc.erb

@@ -0,0 +1,23 @@
+<% if system("which apache") %>
+check process apache with pidfile /var/run/apache2.pid
+  start program = "/etc/init.d/apache2 start"
+  stop program  = "/etc/init.d/apache2 stop"
+  if cpu > 80% for 5 cycles then restart
+  if totalmem > 300.0 MB for 5 cycles then restart
+  if children > 250 then alert
+  if failed port 80 with timeout 10 seconds then restart
+  if 3 restarts within 5 cycles then timeout
+  mode manual
+  group web
+<% else %>
+check process nginx with pidfile /var/run/nginx.pid
+  start program = "/etc/init.d/nginx start"
+  stop program  = "/etc/init.d/nginx stop"
+  if cpu > 20% for 5 cycles then restart
+  if totalmem > 100.0 MB for 5 cycles then restart
+  if children > 10 then alert
+  if failed port 80 with timeout 10 seconds then restart
+  if 3 restarts within 5 cycles then timeout
+  mode manual
+  group web
+<% end %>

data/server/files/etc/motd.tail

@@ -0,0 +1,13 @@
+
+EC2 on Rails
+!!VERSION!!
+http://rubyforge.org/projects/ec2onrails/
+
+Copyright 2008 Paul Dowman, http://pauldowman.com/
+
+Base AMI built using Eric Hammond's EC2 Ubuntu script: 
+http://alestic.com/
+
+This is free software, and you are welcome to redistribute it under 
+certain conditions. This software comes with ABSOLUTELY NO WARRANTY.
+See /usr/local/ec2onrails/COPYING for details.

data/server/files/etc/mysql/my.cnf

@@ -0,0 +1,149 @@
+#
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+# 
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+[client]
+port            = 3306
+socket          = /var/run/mysqld/mysqld.sock
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+# This was formally known as [safe_mysqld]. Both versions are currently parsed.
+[mysqld_safe]
+socket          = /var/run/mysqld/mysqld.sock
+nice            = 0
+
+[mysqld]
+#
+# * Basic Settings
+#
+user            = mysql
+pid-file        = /var/run/mysqld/mysqld.pid
+socket          = /var/run/mysqld/mysqld.sock
+port            = 3306
+basedir         = /usr
+datadir         = /mnt/mysql_data
+tmpdir          = /mnt/mysql_data/tmp
+language        = /usr/share/mysql/english
+skip-external-locking
+default-storage-engine = InnoDB
+
+#
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+#bind-address            = 127.0.0.1
+#
+# * Fine Tuning
+#
+key_buffer_size         = 16M
+max_allowed_packet      = 16M
+thread_stack            = 128K
+thread_cache_size       = 8
+#max_connections        = 100
+#table_cache            = 64
+#thread_concurrency     = 10
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = 1M
+query_cache_size        = 64M
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+#log            = /var/log/mysql/mysql.log
+#
+# Error logging goes to syslog. This is a Debian improvement :)
+#
+# Here you can see queries with especially long duration
+#log_slow_queries        = /mnt/log/mysql/mysql-slow.log
+#long_query_time = 2
+#log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+#server-id              = 1
+log_bin                 = /mnt/log/mysql/mysql-bin.log
+# WARNING: Using expire_logs_days without bin_log crashes the server! See README.Debian!
+expire_logs_days        = 10
+max_binlog_size         = 100M
+#binlog_do_db           = include_database_name
+#binlog_ignore_db       = include_database_name
+#
+# * BerkeleyDB
+#
+# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
+skip-bdb
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
+#skip-innodb
+innodb_data_file_path=ibdata1:100M:autoextend
+innodb_buffer_pool_size=200M
+innodb_additional_mem_pool_size=20M
+innodb_log_file_size=128M
+innodb_log_buffer_size=8M
+innodb_flush_log_at_trx_commit=1
+innodb_lock_wait_timeout=20
+# innodb_flush_method=O_DIRECT
+# innodb_file_per_table
+
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+
+
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
+
+[mysql]
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer              = 16M
+
+#
+# * NDB Cluster
+#
+# See /usr/share/doc/mysql-server-*/README.Debian for more information.
+#
+# The following configuration is read by the NDB Data Nodes (ndbd processes)
+# not from the NDB Management Nodes (ndb_mgmd processes).
+#
+# [MYSQL_CLUSTER]
+# ndb-connectstring=127.0.0.1
+
+
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#
+!includedir /etc/mysql/conf.d/

data/server/files/etc/nginx/nginx.conf

@@ -0,0 +1,296 @@
+# user and group to run as
+user  app app;
+
+# number of nginx workers
+worker_processes  6;
+
+# pid of nginx master process
+pid /var/run/nginx.pid;
+
+# Number of worker connections. 1024 is a good default
+events {
+  worker_connections  1024;
+  use epoll; # linux only!
+}
+
+# start the http module where we config http access.
+http {
+  # pull in mime-types. You can break out your config 
+  # into as many include's as you want to make it cleaner
+  include /etc/nginx/mime.types;
+  
+  # set a default type for the rare situation that
+  # nothing matches from the mimie-type include
+  default_type  application/octet-stream;
+
+  # configure log format
+  log_format main '$remote_addr [$time_local] '
+                  '"$scheme $host $request" $status $body_bytes_sent "$http_referer" '
+                  '"$http_user_agent" "$http_x_forwarded_for" '
+                  '($request_time');
+  
+  # main access log
+  access_log  /mnt/log/nginx/access.log  main;
+
+  # main error log - Do not comment out. If you do not want the log file set this to /dev/null
+  # use debug instead of notice if you want additional information
+  error_log  /mnt/log/nginx/error.log notice;
+
+  # no sendfile on OSX
+  sendfile on;
+
+  # These are good default values.
+  tcp_nopush        on;
+  tcp_nodelay       on;
+  # output compression saves bandwidth 
+  gzip              on;
+  gzip_http_version 1.0;
+  gzip_comp_level   2;
+  gzip_proxied      any;
+  gzip_types        text/plain \
+                    text/html \
+                    text/css \
+                    application/x-javascript \
+                    text/xml \
+                    application/xml \
+                    application/xml+rss \
+                    text/javascript;
+  
+
+  # this is where you define your mongrel clusters. 
+  # you need one of these blocks for each cluster
+  # and each one needs its own name to refer to it later.
+  include /etc/ec2onrails/nginx_upstream_members;
+  
+  
+  # the server directive is nginx's virtual host directive.
+  server {
+    # port to listen on. Can also be set to an IP:PORT
+    listen 80;
+    
+    # Set the max size for file uploads to 50Mb
+    client_max_body_size 50M;
+
+    # sets the domain[s] that this vhost server requests for
+    # server_name www.[ec2onrails].com [ec2onrails].com;
+    server_name _;
+
+    # uncomment to force a redirect to www
+    # if ($host ~* "^[ec2onrails].com$"){
+    #   rewrite ^(.*)$ http://www.[ec2onrails].com$1 permanent;
+    #   break;
+    # }
+    
+    # uncomment if you want to allow or force some or all pages to go to http:// instead of https://
+    # if redirecting all to https, you won't need any of the other directives below the rewrite/break
+    # set $sub 'www';
+    # if  ($host ~* "^(.+?)\.[ec2onrails].com$"){
+    #        set $sub $1;
+    # }
+    # 
+    # if ( $uri ~* "^/.+$") {
+    #    rewrite ^(.*)$ https://$sub.[ec2onrails].com$1 permanent;
+    #    break;
+    # }
+
+    # doc root
+    root /mnt/app/current/public;
+
+    # vhost specific access log
+    access_log  /mnt/log/nginx/vhost.access.log  main;
+    error_page   400 /400.html;
+    error_page   500 502 503 504  /500.html;
+    location = /500.html {
+      root /mnt/app/current/public;
+    }
+
+    # this allows people to use images and css in their maintenance.html file
+    if ($request_filename ~* \.(css|jpg|gif|png)$) {
+	    break;
+    }
+		
+    # this rewrites all the requests to the maintenance.html
+    # page if it exists in the doc root. This is for capistrano's
+    # disable web task
+    if (-f $document_root/system/maintenance.html) {
+      rewrite  ^(.*)$  /system/maintenance.html last;
+      break;
+    }
+    
+    # see http://wiki.codemongers.com/NginxHttpStubStatusModule 
+    # for more information
+    location /nginx_status {
+        # copied from http://blog.kovyrin.net/2006/04/29/monitoring-nginx-with-rrdtool/
+        stub_status on;
+        access_log   off;
+        #only allow from localhost
+        allow 127.0.0.1; 
+        deny all;
+    }
+    
+    location / {
+      # FUTURE TODO...enable this and test the hell out of it
+      # if ($request_method = GET) {
+      #    set $memcached_key $uri;
+      #    memcached_pass 127.0.0.1:11211;
+      #    error_page 404 502 = @myapp;
+      #    break;
+      # }
+
+      index  index.html index.htm;
+      
+      # needed to forward user's IP address to rails
+      proxy_set_header  X-Real-IP  $remote_addr;
+      proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header  Host $http_host;
+      proxy_redirect    false;
+      proxy_max_temp_file_size 0;
+      proxy_next_upstream      error;  # do not pass along to another mongrel instance if failed or timed out
+      proxy_read_timeout       400;    # give plenty of time for long-running rails processing tasks
+      #the proxy_connect_timeout cannot be more than 75
+      proxy_connect_timeout 70;
+      
+      location ~ ^/(images|javascripts|stylesheets)/ {
+        expires 10y;
+      }
+    
+      if (-f $request_filename) { 
+        break; 
+      }
+
+      # this is the meat of the rails page caching config
+      # it adds .html to the end of the url and then checks
+      # the filesystem for that file. If it exists, then we
+      # rewite the url to have explicit .html on the end 
+      # and then send it on its way to the next config rule.
+      # if there is no file on the fs then it sets all the 
+      # necessary headers and proxies to our upstream mongrels
+      if (-f $request_filename.html) {
+        rewrite (.*) $1.html break;
+      }
+
+      #proxy to mongrel
+      if (!-f $request_filename) {
+        proxy_pass http://mongrel;
+        break;
+      }
+    }
+  }
+  
+  # This server is setup for ssl. Uncomment if 
+  # you are using ssl as well as port 80.
+  # server {
+  #   # port to listen on. Can also be set to an IP:PORT
+  #   listen 443;
+  #   
+  #   # Set the max size for file uploads to 50Mb
+  #   client_max_body_size 50M;
+  # 
+  #   # sets the domain[s] that this vhost server requests for
+  #   # server_name www.[ec2onrails].com [ec2onrails].com;
+  #   server_name _;
+  # 
+  #   # uncomment to force a redirect to www
+  #   # if ($host ~* "^[ec2onrails].com$"){
+  #   #   rewrite ^(.*)$ http://www.[ec2onrails].com$1 permanent;
+  #   #   break;
+  #   # }
+  # 
+  #   ssl                  on;
+  #   ssl_certificate      /etc/nginx/your_cert.crt;
+  #   ssl_certificate_key  /etc/nginx/your_cert.key;
+  #   
+  #   # doc root
+  #   root /mnt/app/current/public;
+  # 
+  #   # vhost specific access log
+  #   access_log  /mnt/log/nginx/vhost.access.log  main;
+  #   error_page   400 /400.html;
+  #   error_page   500 502 503 504  /500.html;
+  #   location = /500.html {
+  #     root /mnt/app/current/public;
+  #   }
+  # 
+  #   # this allows people to use images and css in their maintenance.html file
+  #   if ($request_filename ~* \.(css|jpg|gif|png)$) {
+  #       break;
+  #   }
+  #      
+  #   # this rewrites all the requests to the maintenance.html
+  #   # page if it exists in the doc root. This is for capistrano's
+  #   # disable web task
+  #   if (-f $document_root/system/maintenance.html) {
+  #     rewrite  ^(.*)$  /system/maintenance.html last;
+  #     break;
+  #   }
+  #   
+  #   # see http://wiki.codemongers.com/NginxHttpStubStatusModule 
+  #   # for more information
+  #   location /nginx_status {
+  #       # copied from http://blog.kovyrin.net/2006/04/29/monitoring-nginx-with-rrdtool/
+  #       stub_status on;
+  #       access_log   off;
+  #       #only allow from localhost
+  #       allow 127.0.0.1; 
+  #       deny all;
+  #   }
+  # 
+  #   location / {
+  #      # FUTURE TODO...enable this and test the hell out of it
+  #      # if ($request_method = GET) {
+  #      #    set $memcached_key $uri;
+  #      #    memcached_pass 127.0.0.1:11211;
+  #      #    error_page 404 502 = @myapp;
+  #      #    break;
+  #      # }
+  # 
+  #      index  index.html index.htm;
+  # 
+  #      # needed to forward user's IP address to rails
+  #      proxy_set_header  X-Real-IP  $remote_addr;
+  #      # needed for HTTPS
+  #      proxy_set_header X_FORWARDED_PROTO https;
+  #      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  #      proxy_set_header Host $http_host;
+  #      proxy_redirect   false;
+  #      proxy_max_temp_file_size 0;
+  #      proxy_next_upstream      error;  # do not pass along to another mongrel instance if failed or timed out
+  #      proxy_read_timeout       400;    # give plenty of time for long-running rails processing tasks
+  #      #the proxy_connect_timeout cannot be more than 75
+  #      proxy_connect_timeout 70;
+  # 
+  #      location ~ ^/(images|javascripts|stylesheets)/ {
+  #        expires 10y;
+  #      }
+  # 
+  #     if (-f $request_filename) { 
+  #       break; 
+  #     }
+  # 
+  #     # this is the meat of the rails page caching config
+  #     # it adds .html to the end of the url and then checks
+  #     # the filesystem for that file. If it exists, then we
+  #     # rewite the url to have explicit .html on the end 
+  #     # and then send it on its way to the next config rule.
+  #     # if there is no file on the fs then it sets all the 
+  #     # necessary headers and proxies to our upstream mongrels
+  #     if (-f $request_filename.html) {
+  #       rewrite (.*) $1.html break;
+  #     }
+  #     
+  #     # ok to have this out here because PDF's should never 
+  #     # be fully paged cache anyway
+  #     if ($request_filename ~* \.pdf$) {
+  #        proxy_pass http://mongrel_pdf;
+  #         break;
+  #     }
+  # 
+  #     if (!-f $request_filename) {
+  #       proxy_pass http://mongrel;
+  #       break;
+  #     }
+  #   }
+  # 
+  # }
+}
+