badger-rails 1.0.2

data/lib/badger/core/files/god/unicorn-stg.rb

@@ -0,0 +1,70 @@
+rails_env = ENV['RAILS_ENV'] || 'staging'
+
+# 16 workers and 1 master
+worker_processes 2
+
+# Load rails+github.git into the master before forking workers
+# for super-fast worker spawn times
+preload_app true
+
+# Restart any workers that haven't responded in 30 seconds
+timeout 90
+
+# Listen on a Unix data socket
+listen '/tmp/unicorn.sock'
+
+working_directory "/opt/web/current"
+pid "/opt/web/shared/pids/unicorn.pid"
+
+stderr_path "/opt/web/shared/log/unicorn.stderr.log"
+stdout_path "/opt/web/shared/log/unicorn.stdout.log"
+
+before_fork do |server, worker|
+  ##
+  # When sent a USR2, Unicorn will suffix its pidfile with .oldbin and
+  # immediately start loading up a new version of itself (loaded with a new
+  # version of our app). When this new Unicorn is completely loaded
+  # it will begin spawning workers. The first worker spawned will check to
+  # see if an .oldbin pidfile exists. If so, this means we've just booted up
+  # a new Unicorn and need to tell the old one that it can now die. To do so
+  # we send it a QUIT.
+  #
+  # Using this method we get 0 downtime deploys.
+
+  defined?(ActiveRecord::Base) and
+      ActiveRecord::Base.connection.disconnect!
+
+  old_pid = '/opt/web/shared/pids/unicorn.pid.oldbin'
+  if File.exists?(old_pid) && server.pid != old_pid
+    begin
+      Process.kill("QUIT", File.read(old_pid).to_i)
+    rescue Errno::ENOENT, Errno::ESRCH
+      # someone else did our job for us
+    end
+  end
+end
+
+after_fork do |server, worker|
+  defined?(ActiveRecord::Base) and
+    ActiveRecord::Base.establish_connection
+
+  begin
+      uid, gid = Process.euid, Process.egid
+      user, group = 'badger', 'badger'
+      target_uid = Etc.getpwnam(user).uid
+      target_gid = Etc.getgrnam(group).gid
+      worker.tmp.chown(target_uid, target_gid)
+      if uid != target_uid || gid != target_gid
+        Process.initgroups(user, target_gid)
+        Process::GID.change_privilege(target_gid)
+        Process::UID.change_privilege(target_uid)
+      end
+    rescue => e
+      if rails_env == 'staging'
+        STDERR.puts "couldn't change user, oh well"
+      else
+        raise e
+      end
+    end
+
+end

data/lib/badger/core/files/god/unicorn.rb

@@ -0,0 +1,70 @@
+rails_env = ENV['RAILS_ENV'] || 'production'
+
+# 16 workers and 1 master
+worker_processes 2
+
+# Load rails+github.git into the master before forking workers
+# for super-fast worker spawn times
+preload_app true
+
+# Restart any workers that haven't responded in 30 seconds
+timeout 30
+
+# Listen on a Unix data socket
+listen '/tmp/unicorn.sock'
+
+working_directory "/opt/web/current"
+pid "/opt/web/shared/pids/unicorn.pid"
+
+stderr_path "/opt/web/shared/log/unicorn.stderr.log"
+stdout_path "/opt/web/shared/log/unicorn.stdout.log"
+
+before_fork do |server, worker|
+  ##
+  # When sent a USR2, Unicorn will suffix its pidfile with .oldbin and
+  # immediately start loading up a new version of itself (loaded with a new
+  # version of our app). When this new Unicorn is completely loaded
+  # it will begin spawning workers. The first worker spawned will check to
+  # see if an .oldbin pidfile exists. If so, this means we've just booted up
+  # a new Unicorn and need to tell the old one that it can now die. To do so
+  # we send it a QUIT.
+  #
+  # Using this method we get 0 downtime deploys.
+
+  defined?(ActiveRecord::Base) and
+      ActiveRecord::Base.connection.disconnect!
+
+  old_pid = '/opt/web/shared/pids/unicorn.pid.oldbin'
+  if File.exists?(old_pid) && server.pid != old_pid
+    begin
+      Process.kill("QUIT", File.read(old_pid).to_i)
+    rescue Errno::ENOENT, Errno::ESRCH
+      # someone else did our job for us
+    end
+  end
+end
+
+after_fork do |server, worker|
+  defined?(ActiveRecord::Base) and
+    ActiveRecord::Base.establish_connection
+
+  begin
+      uid, gid = Process.euid, Process.egid
+      user, group = 'badger', 'badger'
+      target_uid = Etc.getpwnam(user).uid
+      target_gid = Etc.getgrnam(group).gid
+      worker.tmp.chown(target_uid, target_gid)
+      if uid != target_uid || gid != target_gid
+        Process.initgroups(user, target_gid)
+        Process::GID.change_privilege(target_gid)
+        Process::UID.change_privilege(target_uid)
+      end
+    rescue => e
+      if rails_env == 'development'
+        STDERR.puts "couldn't change user, oh well"
+      else
+        raise e
+      end
+    end
+
+end

data/lib/badger/core/files/logrotate/logrotate.conf

@@ -0,0 +1,23 @@
+weekly
+
+rotate 4
+
+create
+
+include /etc/logrotate.d
+
+/var/log/wtmp {
+    missingok
+    monthly
+    create 0664 root utmp
+    rotate 48
+    olddir /var/log/archive
+}
+
+/var/log/btmp {
+    missingok
+    monthly
+    create 0664 root utmp
+    rotate 48
+    olddir /var/log/archive
+}

data/lib/badger/core/files/logrotate/logrotate.cron

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+/usr/sbin/logrotate /etc/logrotate.conf
+EXITVALUE=$?
+if [ $EXITVALUE != 0 ]; then
+    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
+fi
+exit 0

data/lib/badger/core/files/mysql/database.yml.bk

@@ -0,0 +1,18 @@
+
+staging:
+  host: localhost
+  username: badger
+  password: example
+  database: badger-staging
+  adapter: mysql2
+  reconnect: true
+  pool: 100
+
+production:
+  host: localhost
+  username: badger
+  password: example
+  database: badger-production
+  adapter: mysql2
+  reconnect: true
+  pool: 100

data/lib/badger/core/files/mysql/my.cnf

@@ -0,0 +1,11 @@
+[mysqldump]
+user = root
+password = root_password
+
+[mysql]
+user = root
+password = root_password
+
+[mysqladmin]
+user = root
+password = root_password

data/lib/badger/core/files/nginx/nginx

@@ -0,0 +1,106 @@
+#!/bin/sh
+#
+# nginx - this script starts and stops the nginx daemin
+#
+# chkconfig:   - 85 15
+# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
+#               proxy and IMAP/POP3 proxy server
+# processname: nginx
+# config:      /usr/local/nginx/conf/nginx.conf
+# pidfile:     /usr/local/nginx/logs/nginx.pid
+
+# Source function library.
+. /etc/rc.d/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Check that networking is up.
+[ "$NETWORKING" = "no" ] && exit 0
+
+nginx="/usr/sbin/nginx"
+prog=$(basename $nginx)
+
+NGINX_CONF_FILE="/etc/nginx/nginx.conf"
+
+lockfile=/var/lock/subsys/nginx
+
+start() {
+    [ -x $nginx ] || exit 5
+    [ -f $NGINX_CONF_FILE ] || exit 6
+    echo -n $"Starting $prog: "
+    daemon $nginx -c $NGINX_CONF_FILE
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && touch $lockfile
+    return $retval
+}
+
+stop() {
+    echo -n $"Stopping $prog: "
+    killproc $prog -QUIT
+    retval=$?
+    echo
+    [ $retval -eq 0 ] && rm -f $lockfile
+    return $retval
+}
+
+restart() {
+    configtest || return $?
+    stop
+    start
+}
+
+reload() {
+    configtest || return $?
+    echo -n $"Reloading $prog: "
+    killproc $nginx -HUP
+    RETVAL=$?
+    echo
+}
+
+force_reload() {
+    restart
+}
+
+configtest() {
+  $nginx -t -c $NGINX_CONF_FILE
+}
+
+rh_status() {
+    status $prog
+}
+
+rh_status_q() {
+    rh_status >/dev/null 2>&1
+}
+
+case "$1" in
+    start)
+        rh_status_q && exit 0
+        $1
+        ;;
+    stop)
+        rh_status_q || exit 0
+        $1
+        ;;
+    restart|configtest)
+        $1
+        ;;
+    reload)
+        rh_status_q || exit 7
+        $1
+        ;;
+    force-reload)
+        force_reload
+        ;;
+    status)
+        rh_status
+        ;;
+    condrestart|try-restart)
+        rh_status_q || exit 0
+            ;;
+    *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
+        exit 2
+esac

data/lib/badger/core/files/nginx/nginx.conf

@@ -0,0 +1,30 @@
+user  badger;
+worker_processes  2;
+
+error_log  /var/log/nginx/error.log;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+
+    access_log	/var/log/nginx/access.log;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+    tcp_nodelay        on;
+
+    gzip  on;
+    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
+
+    server_tokens off;
+}

data/lib/badger/core/files/nginx/sites/port443.btl

@@ -0,0 +1,42 @@
+cat >> /etc/badger/core/files/nginx/sites/production-web << EOF
+
+server {
+    listen  443;
+    ssl    on;
+    ssl_certificate    /etc/ssl/${domain}.crt;
+    ssl_certificate_key    /etc/ssl/${domain}.key;
+
+    client_max_body_size 4G;
+    server_name ${domain};
+    access_log /var/log/nginx/nginx.ssl.access.log;
+    error_log /var/log/nginx/nginx.ssl.error.log;
+
+    root /opt/web/current/public;
+    keepalive_timeout 5;
+
+    location / {
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+      proxy_set_header Host \$http_host;
+      proxy_redirect off;
+
+      if (!-f \$request_filename) {
+        proxy_pass http://production-web;
+        break;
+      }
+    }
+
+    location ~ ^/assets/ {
+      expires 1y;
+      add_header Cache-Control public;
+      add_header ETag "";
+      break;
+    }
+
+    error_page 500 502 503 504 /500.html;
+    location = /500.html {
+      root /opt/web/current/public;
+    }
+
+}
+EOF

data/lib/badger/core/files/nginx/sites/port80.btl

@@ -0,0 +1,39 @@
+cat > /etc/badger/core/files/nginx/sites/production-web << EOF
+upstream production-web {
+    server unix:/tmp/unicorn.sock fail_timeout=0;
+}
+
+server {
+    listen 80 default;
+
+    client_max_body_size 4G;
+    server_name www.${domain} ${domain};
+    root /opt/web/current/public;
+    keepalive_timeout 5;
+
+    location / {
+      proxy_set_header X-Forwarded-Proto \$scheme;
+      proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+      proxy_set_header Host \$http_host;
+      proxy_redirect off;
+
+      if (!-f \$request_filename) {
+        proxy_pass http://production-web;
+        break;
+      }
+    }
+
+    location ~ ^/assets/ {
+      expires 1y;
+      add_header Cache-Control public;
+      add_header ETag "";
+      break;
+    }
+
+    error_page 500 502 503 504 /500.html;
+    location = /500.html {
+      root /opt/web/current/public;
+    }
+
+}
+EOF

data/lib/badger/core/files/nginx/sites/production-web

@@ -0,0 +1,117 @@
+upstream production-web {
+    server unix:/tmp/unicorn.sock fail_timeout=0;
+}
+
+server {
+    listen 80 default;
+
+    client_max_body_size 4G;
+    server_name www.bla.com bla.com;
+    root /opt/web/current/public;
+    keepalive_timeout 5;
+
+    location / {
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+
+      if (!-f $request_filename) {
+        proxy_pass http://production-web;
+        break;
+      }
+    }
+
+    location ~ ^/assets/ {
+      expires 1y;
+      add_header Cache-Control public;
+      add_header ETag "";
+      break;
+    }
+
+    error_page 500 502 503 504 /500.html;
+    location = /500.html {
+      root /opt/web/current/public;
+    }
+
+}
+
+server {
+    listen  443;
+    ssl    on;
+    ssl_certificate    /etc/ssl/bla.com.crt;
+    ssl_certificate_key    /etc/ssl/www.bla.com.key;
+
+    client_max_body_size 4G;
+    server_name tryfixup.com;
+    access_log /var/log/nginx/nginx.ssl.access.log;
+    error_log /var/log/nginx/nginx.ssl.error.log;
+
+    root /opt/web/current/public;
+    keepalive_timeout 5;
+
+    location / {
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+
+      if (!-f $request_filename) {
+        proxy_pass http://production-web;
+        break;
+      }
+    }
+
+    location ~ ^/assets/ {
+      expires 1y;
+      add_header Cache-Control public;
+      add_header ETag "";
+      break;
+    }
+
+    error_page 500 502 503 504 /500.html;
+    location = /500.html {
+      root /opt/web/current/public;
+    }
+
+}
+
+server {
+    listen  443;
+    ssl    on;
+    ssl_certificate    /etc/ssl/api.bla.com.crt;
+    ssl_certificate_key    /etc/ssl/api.bla.com.key;
+
+    client_max_body_size 4G;
+    server_name api.bla.com;
+    access_log /var/log/nginx/nginx.ssl.access.log;
+    error_log /var/log/nginx/nginx.ssl.error.log;
+
+    root /opt/web/current/public;
+    keepalive_timeout 5;
+
+    location / {
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+
+      if (!-f $request_filename) {
+        proxy_pass http://production-web;
+        break;
+      }
+    }
+
+    location ~ ^/assets/ {
+      expires 1y;
+      add_header Cache-Control public;
+      add_header ETag "";
+      break;
+    }
+
+    error_page 500 502 503 504 /500.html;
+    location = /500.html {
+      root /opt/web/current/public;
+    }
+
+}

data/lib/badger/core/files/nginx/sites/staging-web

@@ -0,0 +1,41 @@
+upstream staging-web {
+    server unix:/tmp/unicorn.sock fail_timeout=0;
+}
+
+server {
+    listen 80 default;
+
+    client_max_body_size 4G;
+    server_name _;
+    root /opt/web/current/public;
+    keepalive_timeout 90;
+
+    location / {
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host $http_host;
+      proxy_redirect off;
+
+      if (!-f $request_filename) {
+        proxy_pass http://staging-web;
+        break;
+      }
+    }
+
+    location ~ ^/assets/ {
+      expires 1y;
+      add_header Cache-Control public;
+      add_header ETag "";
+      break;
+    }
+
+    error_page 500 502 503 504 /500.html;
+    error_page 404 /404.html;
+    location = /404.html {
+      root /opt/web/current/public;
+    }
+    location = /500.html {
+      root /opt/web/current/public;
+    }
+
+}