andyh-deprec 1.99.26
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +187 -0
- data/COPYING +19 -0
- data/LICENSE +339 -0
- data/README +138 -0
- data/THANKS +5 -0
- data/bin/depify +133 -0
- data/docs/ANNOUNCE.deprec2 +47 -0
- data/docs/README.install +88 -0
- data/docs/README.nagios +22 -0
- data/docs/README.rails +20 -0
- data/docs/README.svn +31 -0
- data/docs/ROADMAP.txt +74 -0
- data/docs/deprec-1.x/deprec-1.x.quickstart +50 -0
- data/docs/deprec-1.x/notes.txt +12 -0
- data/docs/deprec_banner.gif +0 -0
- data/docs/windows_linux.txt +350 -0
- data/docs/xen/plan.txt +5 -0
- data/docs/xen/traffic_monitoring_with_vnstat.txt +95 -0
- data/docs/xen/xen-tools-notes.txt +31 -0
- data/docs/xen/xen_on_hardy.txt +39 -0
- data/lib/deprec/capistrano_extensions.rb +391 -0
- data/lib/deprec/recipes/aoe.rb +80 -0
- data/lib/deprec/recipes/apache.rb +179 -0
- data/lib/deprec/recipes/ar_sendmail.rb +65 -0
- data/lib/deprec/recipes/canonical.rb +57 -0
- data/lib/deprec/recipes/deprec.rb +188 -0
- data/lib/deprec/recipes/deprecated.rb +71 -0
- data/lib/deprec/recipes/example.rb +115 -0
- data/lib/deprec/recipes/git.rb +97 -0
- data/lib/deprec/recipes/gitosis.rb +48 -0
- data/lib/deprec/recipes/heartbeat.rb +138 -0
- data/lib/deprec/recipes/logrotate.rb +54 -0
- data/lib/deprec/recipes/lvm.rb +20 -0
- data/lib/deprec/recipes/memcache.rb +49 -0
- data/lib/deprec/recipes/mongrel.rb +219 -0
- data/lib/deprec/recipes/monit.rb +135 -0
- data/lib/deprec/recipes/mysql.rb +115 -0
- data/lib/deprec/recipes/nagios.rb +305 -0
- data/lib/deprec/recipes/network.rb +81 -0
- data/lib/deprec/recipes/nginx.rb +144 -0
- data/lib/deprec/recipes/ntp.rb +103 -0
- data/lib/deprec/recipes/php.rb +99 -0
- data/lib/deprec/recipes/postfix.rb +105 -0
- data/lib/deprec/recipes/rails.rb +288 -0
- data/lib/deprec/recipes/ruby.rb +66 -0
- data/lib/deprec/recipes/sphinx.rb +83 -0
- data/lib/deprec/recipes/ssh.rb +93 -0
- data/lib/deprec/recipes/svn.rb +171 -0
- data/lib/deprec/recipes/trac.rb +277 -0
- data/lib/deprec/recipes/ubuntu.rb +20 -0
- data/lib/deprec/recipes/users.rb +90 -0
- data/lib/deprec/recipes/utils.rb +39 -0
- data/lib/deprec/recipes/vnstat.rb +85 -0
- data/lib/deprec/recipes/xen.rb +262 -0
- data/lib/deprec/recipes.rb +37 -0
- data/lib/deprec/templates/aoe/aoe-init +55 -0
- data/lib/deprec/templates/aoe/fence_aoemask +351 -0
- data/lib/deprec/templates/apache/httpd-vhost-app.conf.erb +144 -0
- data/lib/deprec/templates/apache/httpd.conf +465 -0
- data/lib/deprec/templates/apache/index.html.erb +37 -0
- data/lib/deprec/templates/apache/master.css +72 -0
- data/lib/deprec/templates/ar_sendmail/logrotate.conf.erb +9 -0
- data/lib/deprec/templates/ar_sendmail/monit.conf.erb +5 -0
- data/lib/deprec/templates/deprec/caprc.erb +14 -0
- data/lib/deprec/templates/heartbeat/authkeys.erb +2 -0
- data/lib/deprec/templates/heartbeat/ha.cf.erb +15 -0
- data/lib/deprec/templates/heartbeat/haresources.erb +1 -0
- data/lib/deprec/templates/logrotate/logrotate.conf.erb +32 -0
- data/lib/deprec/templates/mongrel/logrotate.conf.erb +11 -0
- data/lib/deprec/templates/mongrel/mongrel_cluster-init-script +54 -0
- data/lib/deprec/templates/mongrel/mongrel_cluster.logrotate.d +14 -0
- data/lib/deprec/templates/mongrel/mongrel_cluster.yml.erb +10 -0
- data/lib/deprec/templates/mongrel/monit.conf.erb +17 -0
- data/lib/deprec/templates/monit/monit-init-script +104 -0
- data/lib/deprec/templates/monit/monitrc.erb +227 -0
- data/lib/deprec/templates/monit/nothing +0 -0
- data/lib/deprec/templates/mysql/create_databases.sql +20 -0
- data/lib/deprec/templates/mysql/database.yml.prod +6 -0
- data/lib/deprec/templates/mysql/database.yml.stage +6 -0
- data/lib/deprec/templates/mysql/my.cnf.erb +140 -0
- data/lib/deprec/templates/mysql/sphinx.conf.prod +542 -0
- data/lib/deprec/templates/mysql/sphinx.conf.stage +542 -0
- data/lib/deprec/templates/nagios/cgi.cfg.erb +321 -0
- data/lib/deprec/templates/nagios/check_linux_free_memory.pl +118 -0
- data/lib/deprec/templates/nagios/check_mongrel_cluster.rb +82 -0
- data/lib/deprec/templates/nagios/commands.cfg.erb +240 -0
- data/lib/deprec/templates/nagios/contacts.cfg.erb +57 -0
- data/lib/deprec/templates/nagios/hosts.cfg.erb +143 -0
- data/lib/deprec/templates/nagios/htpasswd.users +1 -0
- data/lib/deprec/templates/nagios/localhost.cfg.erb +157 -0
- data/lib/deprec/templates/nagios/nagios.cfg.erb +1274 -0
- data/lib/deprec/templates/nagios/nagios_apache_vhost.conf.erb +45 -0
- data/lib/deprec/templates/nagios/nrpe.cfg.erb +210 -0
- data/lib/deprec/templates/nagios/nrpe.xinetd.erb +16 -0
- data/lib/deprec/templates/nagios/resource.cfg.erb +34 -0
- data/lib/deprec/templates/nagios/services.cfg.erb +79 -0
- data/lib/deprec/templates/nagios/templates.cfg.erb +9 -0
- data/lib/deprec/templates/nagios/timeperiods.cfg.erb +94 -0
- data/lib/deprec/templates/network/hostname.erb +1 -0
- data/lib/deprec/templates/network/hosts.erb +2 -0
- data/lib/deprec/templates/network/interfaces.erb +18 -0
- data/lib/deprec/templates/nginx/logrotate.conf.erb +13 -0
- data/lib/deprec/templates/nginx/mime.types.erb +70 -0
- data/lib/deprec/templates/nginx/nginx-init-script +62 -0
- data/lib/deprec/templates/nginx/nginx.conf.erb +125 -0
- data/lib/deprec/templates/nginx/nginx.logrotate.d +12 -0
- data/lib/deprec/templates/nginx/nothing.conf +1 -0
- data/lib/deprec/templates/nginx/rails_nginx_vhost.conf.erb +41 -0
- data/lib/deprec/templates/ntp/ntp.conf.erb +42 -0
- data/lib/deprec/templates/postfix/aliases.erb +3 -0
- data/lib/deprec/templates/postfix/dynamicmaps.cf.erb +8 -0
- data/lib/deprec/templates/postfix/main.cf.erb +41 -0
- data/lib/deprec/templates/postfix/master.cf.erb +77 -0
- data/lib/deprec/templates/sphinx/monit.conf.erb +5 -0
- data/lib/deprec/templates/ssh/ssh_config.erb +50 -0
- data/lib/deprec/templates/ssh/sshd_config.erb +78 -0
- data/lib/deprec/templates/subversion/svn.apache.vhost.erb +43 -0
- data/lib/deprec/templates/trac/apache_vhost.conf.erb +24 -0
- data/lib/deprec/templates/trac/nginx_vhost.conf.erb +26 -0
- data/lib/deprec/templates/trac/trac.ini.erb +169 -0
- data/lib/deprec/templates/trac/trac_deprec.png +0 -0
- data/lib/deprec/templates/trac/tracd-init.erb +43 -0
- data/lib/deprec/templates/trac/users.htdigest.erb +0 -0
- data/lib/deprec/templates/vnstat/config.php +57 -0
- data/lib/deprec/templates/xen/15-disable-hwclock +40 -0
- data/lib/deprec/templates/xen/network-bridge-wrapper +3 -0
- data/lib/deprec/templates/xen/xen-tools.conf.erb +220 -0
- data/lib/deprec/templates/xen/xend-config.sxp.erb +195 -0
- data/lib/deprec/templates/xen/xend-init.erb +69 -0
- data/lib/deprec/templates/xen/xendomains.erb +137 -0
- data/lib/deprec/templates/xen/xm.tmpl.erb +85 -0
- data/lib/deprec.rb +8 -0
- data/lib/deprec_cmd_completion.sh +26 -0
- data/lib/vmbuilder_plugins/all.rb +20 -0
- data/lib/vmbuilder_plugins/apt.rb +93 -0
- data/lib/vmbuilder_plugins/emerge.rb +76 -0
- data/lib/vmbuilder_plugins/gem.rb +90 -0
- data/lib/vmbuilder_plugins/std.rb +203 -0
- metadata +224 -0
@@ -0,0 +1,351 @@
|
|
1
|
+
#!/usr/bin/perl
|
2
|
+
|
3
|
+
#
|
4
|
+
# Wrapper to aoemask for use in a cluster fence.
|
5
|
+
# Copyright (C) 2007 Brian Weck (bweck@weck.net)
|
6
|
+
#
|
7
|
+
# This script utilizes the 'aoemask' utility from:
|
8
|
+
# http://www.coraid.com/support/sr/
|
9
|
+
# which is written by Sam Hopkins.
|
10
|
+
#
|
11
|
+
# =======================================================================
|
12
|
+
# This program is free software; you can redistribute it and/or modify
|
13
|
+
# it under the terms of the GNU General Public License as published by
|
14
|
+
# the Free Software Foundation; either version 2 of the License, or
|
15
|
+
# (at your option) any later version.
|
16
|
+
#
|
17
|
+
# This program is distributed in the hope that it will be useful,
|
18
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
19
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
20
|
+
# GNU General Public License for more details.
|
21
|
+
#
|
22
|
+
# You should have received a copy of the GNU General Public License
|
23
|
+
# along with this program; if not, write to the Free Software
|
24
|
+
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
25
|
+
# =======================================================================
|
26
|
+
#
|
27
|
+
# ~~~~~ REVISION HISTORY ~~~~~
|
28
|
+
# 2007-08-17 - v1 - Brian Weck
|
29
|
+
# Initial release.
|
30
|
+
#
|
31
|
+
# ~~~~~ OVERVIEW ~~~~~
|
32
|
+
# Initial mask settings on the AoE device should contain the set of all
|
33
|
+
# MAC addresses using the AoE device from the cluster.
|
34
|
+
#
|
35
|
+
# When a fence operation occurs on a node, the fenced node's mac address is
|
36
|
+
# removed from the mask list on the AoE device. This method is conceptually
|
37
|
+
# the same as fencing via a fabric switch.
|
38
|
+
#
|
39
|
+
# Once a node is fenced, the MAC address is removed from the mask list on
|
40
|
+
# the AoE device. When the fenced node is ready to rejoin the cluster,
|
41
|
+
# the MAC address must be added to the device's mask list using this
|
42
|
+
# script or using aoemask.
|
43
|
+
#
|
44
|
+
# Script returns 0 on SUCCESS and non-zero otherwise.
|
45
|
+
#
|
46
|
+
# ~~~~~ INSTALLATION ~~~~~
|
47
|
+
# Add this file as /sbin/fence_aoemask directory and ensure the file has
|
48
|
+
# simliar permissions as the other fence_* agents.
|
49
|
+
#
|
50
|
+
# ~~~~~ CONFIGURATION ~~~~~
|
51
|
+
# This software operates on a single shelf / slot at a time. In order to
|
52
|
+
# fence multiple shelf and slots the user should create multiple fences.
|
53
|
+
#
|
54
|
+
# e.g. a cluster.conf snippet.
|
55
|
+
# <clusternode name="node1-name" nodeid="1" votes="1">
|
56
|
+
# <fence>
|
57
|
+
# <method name="1">
|
58
|
+
# <device name="fence-e0.0" mac="56:f7:0c:da:e2:2f" />
|
59
|
+
# <device name="fence-e0.1" mac="56:f7:0c:da:e2:2f" />
|
60
|
+
# </method>
|
61
|
+
# </fence>
|
62
|
+
# </clusternode>
|
63
|
+
# <clusternode name="node2-name" nodeid="2" votes="1">
|
64
|
+
# <fence>
|
65
|
+
# <method name="1">
|
66
|
+
# <device name="fence-e0.0" mac="ec:fc:96:3b:69:5a" />
|
67
|
+
# <device name="fence-e0.1" mac="ec:fc:96:3b:69:5a" />
|
68
|
+
# </method>
|
69
|
+
# </fence>
|
70
|
+
# </clusternode>
|
71
|
+
# <fencedevices>
|
72
|
+
# <fencedevice agent="fence_aoemask" name="fence-e0.0" shelf="0" slot="0" interface="eth1"/>
|
73
|
+
# <fencedevice agent="fence_aoemask" name="fence-e0.1" shelf="0" slot="1" interface="eth1"/>
|
74
|
+
# </fencedevices>
|
75
|
+
#
|
76
|
+
#
|
77
|
+
# Command line options:
|
78
|
+
# see man aoemask.8
|
79
|
+
#
|
80
|
+
# stdin options (passed from fenced):
|
81
|
+
# shelf=<num> |
|
82
|
+
# slot=<num> |
|
83
|
+
# interface=<if-name> |
|
84
|
+
# mac=<mac-addr> |
|
85
|
+
# [ action=(disable|enable) ] | default is defined in $opt_action
|
86
|
+
# [ debug=<ignored-value> ] |
|
87
|
+
# [ exclusive=<ignored-value> ] |
|
88
|
+
# [ list=<ignored-value> ] |
|
89
|
+
# [ spoof=<mac-addr> ] | Spoof behavior is to assume success always.
|
90
|
+
# [ timeout=<wait-seconds> ] |
|
91
|
+
# [ verbose=<ignored-value> ] | Option is used to increase logging of fence agent.
|
92
|
+
#
|
93
|
+
|
94
|
+
# Define where you aoemask binary lives if it is not in the path.
|
95
|
+
my $aoemask_prog="/usr/local/sbin/aoemask";
|
96
|
+
my $opt_action = 'disable'; # Default fence action
|
97
|
+
|
98
|
+
# Get the script name from $0 and strip directory names
|
99
|
+
$_=$0;
|
100
|
+
s/.*\///;
|
101
|
+
my $proggy = $_;
|
102
|
+
|
103
|
+
#
|
104
|
+
#
|
105
|
+
#
|
106
|
+
my $aoemask=$aoemask_prog;
|
107
|
+
my $opt_list = 1;
|
108
|
+
my $opt_debug = 1;
|
109
|
+
my $opt_verbose = 0;
|
110
|
+
|
111
|
+
#
|
112
|
+
sub _log
|
113
|
+
{
|
114
|
+
($msg)=@_;
|
115
|
+
print STDOUT $msg;
|
116
|
+
}
|
117
|
+
|
118
|
+
#
|
119
|
+
sub exit_success
|
120
|
+
{
|
121
|
+
my $rc = 0;
|
122
|
+
_log "$proggy returning $rc\n" if $opt_verbose;
|
123
|
+
exit $rc;
|
124
|
+
}
|
125
|
+
|
126
|
+
#
|
127
|
+
sub exit_fail
|
128
|
+
{
|
129
|
+
my $rc = 1;
|
130
|
+
_log "$proggy returning $rc\n" if $opt_verbose;
|
131
|
+
exit $rc;
|
132
|
+
}
|
133
|
+
|
134
|
+
#
|
135
|
+
sub fail_usage
|
136
|
+
{
|
137
|
+
($msg)=@_;
|
138
|
+
_log $msg."\n" if $msg;
|
139
|
+
_log "Please use see usage.\n";
|
140
|
+
exit_fail();
|
141
|
+
}
|
142
|
+
|
143
|
+
#
|
144
|
+
# If running command line, pass args as specified directly to aoemask
|
145
|
+
if (@ARGV > 0)
|
146
|
+
{
|
147
|
+
# Check for min number of args, 5
|
148
|
+
if( @ARGV < 5 )
|
149
|
+
{
|
150
|
+
$aoemask .= " -h";
|
151
|
+
}
|
152
|
+
else
|
153
|
+
{
|
154
|
+
# stub in the args
|
155
|
+
foreach $i (0 .. $#ARGV)
|
156
|
+
{
|
157
|
+
$aoemask .= " $ARGV[$i]";
|
158
|
+
}
|
159
|
+
}
|
160
|
+
}
|
161
|
+
else # Running via fenced, read the args in from stdin
|
162
|
+
{
|
163
|
+
read_stdin_as_options();
|
164
|
+
|
165
|
+
# validate required args are present
|
166
|
+
fail_usage "No shelf specified." unless defined $opt_shelf;
|
167
|
+
fail_usage "No slot specified." unless defined $opt_slot;
|
168
|
+
fail_usage "No interface specified." unless defined $opt_interface;
|
169
|
+
fail_usage "No mac specified." unless defined $opt_mac;
|
170
|
+
|
171
|
+
$aoemask .= " -d" if defined $opt_debug;
|
172
|
+
$aoemask .= " -e" if defined $opt_exclusive;
|
173
|
+
$aoemask .= " -l" if defined $opt_list;
|
174
|
+
$aoemask .= " -s $opt_spoof" if defined $opt_spoof;
|
175
|
+
$aoemask .= " -w $opt_timeout" if defined $opt_timeout;
|
176
|
+
$aoemask .= " $opt_shelf $opt_slot $opt_interface";
|
177
|
+
|
178
|
+
$_=$opt_action;
|
179
|
+
if (/enable/) { $aoemask .= " +$opt_mac"; }
|
180
|
+
elsif (/disable/) { $aoemask .= " -$opt_mac"; }
|
181
|
+
else
|
182
|
+
{
|
183
|
+
# This would only be reached if in the cluster.conf one specified action=
|
184
|
+
fail_usage "Unknown action: $_";
|
185
|
+
}
|
186
|
+
}
|
187
|
+
|
188
|
+
_log "$proggy executing '$aoemask'\n" if $opt_verbose;
|
189
|
+
|
190
|
+
#
|
191
|
+
# aoemask (release 1) always returns an exit code of 1
|
192
|
+
# if aoemask returned success or failure based on the response; could as follows:
|
193
|
+
#
|
194
|
+
# system($aoemask);
|
195
|
+
# $rc = ($? >> 8) & 0xff;
|
196
|
+
# exit $rc;
|
197
|
+
#
|
198
|
+
|
199
|
+
# therefore, we must ensure the listing function is performed and grep'd
|
200
|
+
open(FH, "$aoemask 2>&1 |");
|
201
|
+
@lines = <FH>;
|
202
|
+
close FH;
|
203
|
+
|
204
|
+
#
|
205
|
+
if ($opt_verbose)
|
206
|
+
{
|
207
|
+
_log "-- begin read response --\n";
|
208
|
+
foreach $line (@lines) { chop $line; _log "$line\n"; }
|
209
|
+
_log "-- end read response --\n";
|
210
|
+
}
|
211
|
+
|
212
|
+
#
|
213
|
+
if ($opt_user_says_list)
|
214
|
+
{
|
215
|
+
@x = grep { /$opt_shelf\.$opt_slot/ } @lines;
|
216
|
+
_log foreach @x;
|
217
|
+
}
|
218
|
+
|
219
|
+
#
|
220
|
+
# If spoofing, nothing is returned, we assume success.
|
221
|
+
exit_success() if $opt_spoof;
|
222
|
+
|
223
|
+
# check output of aoemask for proper values depending on action.
|
224
|
+
if( ($opt_action =~ /enable/) && (grep { /$opt_mac/ } @lines) )
|
225
|
+
{
|
226
|
+
_log "action is to enable and found mac $opt_mac in list"."\n" if $opt_verbose;
|
227
|
+
exit_success();
|
228
|
+
}
|
229
|
+
elsif( ($opt_action =~ /disable/) && !(grep { /$opt_mac/ } @lines) )
|
230
|
+
{
|
231
|
+
# here's a caveat .. which requires the debug flag to be on.
|
232
|
+
# if one is performing a disable, and specify an invalid slot / shelf / interface
|
233
|
+
# a grep for the mac will not show and therfore a return success.
|
234
|
+
#
|
235
|
+
# Workaround: need to check for an additional string, of:
|
236
|
+
# read -1 bytes
|
237
|
+
#
|
238
|
+
if( ! grep { /read -1 bytes/} @lines )
|
239
|
+
{
|
240
|
+
# did not read that string; all is ok.
|
241
|
+
_log "action is to disable and did not find mac $opt_mac in list"."\n" if $opt_verbose;
|
242
|
+
exit_success();
|
243
|
+
}
|
244
|
+
else
|
245
|
+
{
|
246
|
+
_log "No bytes were read from '$aoemask'.\n";
|
247
|
+
_log "Check the slot|shelf|interface configs.\n"
|
248
|
+
}
|
249
|
+
}
|
250
|
+
|
251
|
+
# If none of the above matched, we failed.
|
252
|
+
exit_fail();
|
253
|
+
|
254
|
+
|
255
|
+
#
|
256
|
+
# Parse the stdin options
|
257
|
+
#
|
258
|
+
sub read_stdin_as_options()
|
259
|
+
{
|
260
|
+
my $opt;
|
261
|
+
my $line = 0;
|
262
|
+
while( defined($in = <>) )
|
263
|
+
{
|
264
|
+
$_ = $in;
|
265
|
+
chomp;
|
266
|
+
|
267
|
+
# strip leading and trailing whitespace
|
268
|
+
s/^\s*//;
|
269
|
+
s/\s*$//;
|
270
|
+
|
271
|
+
# skip any comments
|
272
|
+
next if /^#/;
|
273
|
+
|
274
|
+
$line+=1;
|
275
|
+
$opt=$_;
|
276
|
+
next unless $opt;
|
277
|
+
|
278
|
+
($name,$val)=split /\s*=\s*/, $opt;
|
279
|
+
|
280
|
+
if ( $name eq "" )
|
281
|
+
{
|
282
|
+
_log "parse error: illegal name in option $line\n";
|
283
|
+
exit_fail();
|
284
|
+
}
|
285
|
+
|
286
|
+
# shelf=<num>
|
287
|
+
# slot=<num>
|
288
|
+
# interface=<if-name>
|
289
|
+
# mac=<mac-addr>
|
290
|
+
# action=(disable|enable)
|
291
|
+
elsif ($name eq "shelf" )
|
292
|
+
{
|
293
|
+
$opt_shelf = $val;
|
294
|
+
}
|
295
|
+
elsif ($name eq "slot" )
|
296
|
+
{
|
297
|
+
$opt_slot = $val;
|
298
|
+
}
|
299
|
+
elsif ($name eq "interface" )
|
300
|
+
{
|
301
|
+
$opt_interface = $val;
|
302
|
+
}
|
303
|
+
elsif ($name eq "mac" )
|
304
|
+
{
|
305
|
+
$opt_mac = $val;
|
306
|
+
# pull out any ':' if configured as such.
|
307
|
+
# (even though aoemask can handle it)
|
308
|
+
$opt_mac =~ s/://g;
|
309
|
+
# uppercase the alphas
|
310
|
+
$opt_mac =~ tr/a-z/A-Z/;
|
311
|
+
}
|
312
|
+
elsif ($name eq "action")
|
313
|
+
{
|
314
|
+
$opt_action = $val;
|
315
|
+
}
|
316
|
+
|
317
|
+
# debug=<ignored-value>
|
318
|
+
# exclusive=<ignored-value>
|
319
|
+
# list=<ignored-value>
|
320
|
+
# spoof=<mac-addr>
|
321
|
+
# timeout=<wait-seconds>
|
322
|
+
elsif ($name eq "debug" )
|
323
|
+
{
|
324
|
+
$opt_debug = 1;
|
325
|
+
}
|
326
|
+
elsif ($name eq "exclusive" )
|
327
|
+
{
|
328
|
+
$opt_exclusive = 1;
|
329
|
+
}
|
330
|
+
elsif ($name eq "list" )
|
331
|
+
{
|
332
|
+
$opt_list = 1;
|
333
|
+
$opt_user_says_list = 1;
|
334
|
+
}
|
335
|
+
elsif ($name eq "spoof" )
|
336
|
+
{
|
337
|
+
$opt_spoof = $val;
|
338
|
+
}
|
339
|
+
elsif ($name eq "timeout" )
|
340
|
+
{
|
341
|
+
$opt_timeout = $val;
|
342
|
+
}
|
343
|
+
|
344
|
+
# verbose=<ignored-value>
|
345
|
+
elsif ($name eq "verbose" )
|
346
|
+
{
|
347
|
+
$opt_verbose = 1;
|
348
|
+
}
|
349
|
+
}
|
350
|
+
}
|
351
|
+
|
@@ -0,0 +1,144 @@
|
|
1
|
+
<VirtualHost <%= apache_ssl_enabled ? apache_ssl_ip : "*" %>:80>
|
2
|
+
ServerName <%= apache_server_name %>
|
3
|
+
<% apache_server_aliases.each do |a| %>
|
4
|
+
ServerAlias <%= "#{a}" %>
|
5
|
+
<% end %>
|
6
|
+
|
7
|
+
DocumentRoot <%= "#{current_path}/public" %>
|
8
|
+
|
9
|
+
<Directory <%= "#{current_path}/public" %>>
|
10
|
+
Options FollowSymLinks
|
11
|
+
AllowOverride None
|
12
|
+
Order allow,deny
|
13
|
+
Allow from all
|
14
|
+
</Directory>
|
15
|
+
|
16
|
+
# Configure mongrel_cluster
|
17
|
+
<Proxy balancer://<%= "#{application}_cluster" %>>
|
18
|
+
<% start_port = apache_proxy_port %>
|
19
|
+
<% end_port = apache_proxy_port + apache_proxy_servers - 1 %>
|
20
|
+
<% start_port.upto(end_port) do |port| %>
|
21
|
+
BalancerMember http://<%= "#{apache_proxy_address}:#{port.to_s}" %>
|
22
|
+
<% end %>
|
23
|
+
</Proxy>
|
24
|
+
|
25
|
+
RewriteEngine On
|
26
|
+
|
27
|
+
<% if apache_ssl_enabled && apache_ssl_forward_all %>
|
28
|
+
RewriteRule ^(.*)$ https://<%= domain %>$1
|
29
|
+
<% end %>
|
30
|
+
|
31
|
+
# Prevent access to .svn directories
|
32
|
+
RewriteRule ^(.*/)?\.svn/ - [F,L]
|
33
|
+
ErrorDocument 403 "Access Forbidden"
|
34
|
+
|
35
|
+
# Check for maintenance file and redirect all requests
|
36
|
+
RewriteCond %{REQUEST_URI} !\.(css|jpg|png|gif)$
|
37
|
+
RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
|
38
|
+
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
|
39
|
+
RewriteRule ^.*$ /system/maintenance.html [L]
|
40
|
+
|
41
|
+
# Rewrite index to check for static
|
42
|
+
RewriteRule ^/$ /index.html [QSA]
|
43
|
+
|
44
|
+
# Rewrite to check for Rails cached page
|
45
|
+
RewriteRule ^([^.]+)$ $1.html [QSA]
|
46
|
+
|
47
|
+
# Redirect all non-static requests to cluster
|
48
|
+
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
|
49
|
+
RewriteRule ^/(.*)$ balancer://<%= "#{application}_cluster" %>%{REQUEST_URI} [P,QSA,L]
|
50
|
+
|
51
|
+
# Deflate
|
52
|
+
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript
|
53
|
+
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
54
|
+
BrowserMatch ^Mozilla/4\.0[678] no-gzip
|
55
|
+
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
|
56
|
+
|
57
|
+
ErrorLog logs/<%= domain %>-error_log
|
58
|
+
CustomLog logs/<%= domain %>-access_log combined
|
59
|
+
</VirtualHost>
|
60
|
+
|
61
|
+
|
62
|
+
<% if apache_ssl_enabled %>
|
63
|
+
<VirtualHost <%= apache_ssl_ip %>:443>
|
64
|
+
|
65
|
+
ServerName <%= apache_server_name %>
|
66
|
+
<% apache_server_aliases.each do |a| %>
|
67
|
+
ServerAlias <%= "#{a}" %>
|
68
|
+
<% end %>
|
69
|
+
DocumentRoot <%= "#{current_path}/public" %>
|
70
|
+
|
71
|
+
<Directory <%= "#{current_path}/public" %>>
|
72
|
+
Options FollowSymLinks
|
73
|
+
AllowOverride None
|
74
|
+
Order allow,deny
|
75
|
+
Allow from all
|
76
|
+
</Directory>
|
77
|
+
|
78
|
+
# Configure mongrel_cluster
|
79
|
+
<Proxy balancer://<%= "#{application}_cluster" %>>
|
80
|
+
<% start_port = apache_proxy_port %>
|
81
|
+
<% end_port = apache_proxy_port + apache_proxy_servers - 1 %>
|
82
|
+
<% start_port.upto(end_port) do |port| %>
|
83
|
+
BalancerMember http://<%= "#{apache_proxy_address}:#{port.to_s}" %>
|
84
|
+
<% end %>
|
85
|
+
</Proxy>
|
86
|
+
|
87
|
+
RewriteEngine On
|
88
|
+
|
89
|
+
# Prevent access to .svn directories
|
90
|
+
RewriteRule ^(.*/)?\.svn/ - [F,L]
|
91
|
+
ErrorDocument 403 "Access Forbidden"
|
92
|
+
|
93
|
+
# Check for maintenance file and redirect all requests
|
94
|
+
RewriteCond %{REQUEST_URI} !\.(css|jpg|png|gif)$
|
95
|
+
RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
|
96
|
+
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
|
97
|
+
RewriteRule ^.*$ /system/maintenance.html [L]
|
98
|
+
|
99
|
+
# Rewrite index to check for static
|
100
|
+
RewriteRule ^/$ /index.html [QSA]
|
101
|
+
|
102
|
+
# Rewrite to check for Rails cached page
|
103
|
+
RewriteRule ^([^.]+)$ $1.html [QSA]
|
104
|
+
|
105
|
+
# Redirect all non-static requests to cluster
|
106
|
+
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
|
107
|
+
# Add header for Mongrel to set HTTPS environment for Rails
|
108
|
+
RequestHeader set X-Forwarded-Proto "https"
|
109
|
+
RewriteRule ^/(.*)$ balancer://<%= "#{application}_cluster" %>%{REQUEST_URI} [P,QSA,L]
|
110
|
+
|
111
|
+
# Deflate
|
112
|
+
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript
|
113
|
+
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
114
|
+
BrowserMatch ^Mozilla/4\.0[678] no-gzip
|
115
|
+
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
|
116
|
+
|
117
|
+
# SSL Engine Switch
|
118
|
+
SSLEngine on
|
119
|
+
|
120
|
+
# SSL Cipher Suite:
|
121
|
+
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
|
122
|
+
|
123
|
+
# Server Certificate
|
124
|
+
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/<%= domain %>.crt
|
125
|
+
|
126
|
+
# Server Private Key
|
127
|
+
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/<%= domain %>.key
|
128
|
+
|
129
|
+
<% if apache_ssl_chainfile %>
|
130
|
+
# Intermediate keys
|
131
|
+
SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/<%= domain %>-chainfile.crt
|
132
|
+
<% end %>
|
133
|
+
|
134
|
+
|
135
|
+
BrowserMatch ".*MSIE.*" \
|
136
|
+
nokeepalive ssl-unclean-shutdown \
|
137
|
+
downgrade-1.0 force-response-1.0
|
138
|
+
|
139
|
+
ErrorLog logs/<%= domain %>-error_log
|
140
|
+
CustomLog logs/<%= domain %>-access_log combined
|
141
|
+
CustomLog logs/<%= domain %>-ssl_log \
|
142
|
+
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
143
|
+
</VirtualHost>
|
144
|
+
<% end %>
|