breeze 0.0.1

data/lib/templates/maintenance.html

@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>down for maintenance</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 24em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+    }
+    h1 { font-size: 100%; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <div class="dialog">
+    <h1>The system is down for maintenance</h1>
+    <p>It will be back shortly.</p>
+  </div>
+</body>
+</html>

data/lib/templates/profiles/minimal/scripts/install_conf.sh

@@ -0,0 +1,4 @@
+# This script is sourced at the beginning of install.sh.
+
+# define packages to install
+PACKAGES="git-core mysql-client monit"

data/lib/templates/profiles/minimal/scripts/install_cust.sh

@@ -0,0 +1,7 @@
+# This script is sourced at the end of install.sh when packages have been installed
+# and aliases and functions have been defined.
+
+# set up the shell environment for user ubuntu
+cat >> $HOME/.profile <<END_PROFILE
+# export EDITOR=vi
+END_PROFILE

data/lib/templates/profiles/rails_and_image_magick/configs/database.yml

@@ -0,0 +1,18 @@
+<%
+  @path = "#{CONFIGURATION[:app_path]}/config/database.yml"
+  @owner = 'rails'
+  @group = 'rails'
+  @perms = 0640
+  @post = 'rake db:migrate'
+
+  conf = CONFIGURATION[:default_db_options]
+%>
+# Database configuration
+
+production:
+  adapter: mysql2
+  host: <%= ENV['DB_SERVER'] %>
+  database: MY-DB-NAME
+  encoding: utf8
+  username: <%= conf[:master_username] %>
+  password: <%= conf[:password] %>

data/lib/templates/profiles/rails_and_image_magick/configs/memcached.conf

@@ -0,0 +1,51 @@
+<%
+  @path = "/etc/memcached.conf"
+  @post = "/etc/init.d/memcached restart"
+%>
+# memcached default config file
+# 2003 - Jay Bonci <jaybonci@debian.org>
+# This configuration file is read by the start-memcached script provided as
+# part of the Debian GNU/Linux distribution. 
+
+# Run memcached as a daemon. This command is implied, and is not needed for the
+# daemon to run. See the README.Debian that comes with this package for more
+# information.
+-d
+
+# Log memcached's output to /var/log/memcached
+logfile /var/log/memcached.log
+
+# Be verbose
+# -v
+
+# Be even more verbose (print client commands as well)
+# -vv
+
+# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
+# Note that the daemon will grow to this size, but does not start out holding this much
+# memory
+-m 64
+
+# Default connection port is 11211
+-p 11211 
+
+# Run the daemon as root. The start-memcached will default to running as root if no
+# -u command is present in this config file
+-u memcache
+
+# Specify which IP address to listen on. The default is to listen on all IP addresses
+# This parameter is one of the only security measures that memcached has, so make sure
+# it's listening on a firewalled interface.
+-l 127.0.0.1
+
+# Limit the number of simultaneous incoming connections. The daemon default is 1024
+# -c 1024
+
+# Lock down all paged memory. Consult with the README and homepage before you do this
+# -k
+
+# Return error when memory is exhausted (rather than removing items)
+# -M
+
+# Maximize core file limit
+# -r

data/lib/templates/profiles/rails_and_image_magick/configs/nginx/logrotate

@@ -0,0 +1,26 @@
+<%
+  @path = "/etc/logrotate.d/nginx"
+  shared_rotate_conf = <<-END_SHARED_ROTATE_CONF
+    size 1M
+    missingok
+    rotate 5
+    compress
+    delaycompress
+    notifempty
+  END_SHARED_ROTATE_CONF
+%>
+# Nginx logs
+/var/log/nginx/*.log {
+  <%= shared_rotate_conf %>
+  create 640 root adm
+  sharedscripts
+  postrotate
+    [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
+  endscript
+}
+
+# Rails application logs
+<%= CONFIGURATION[:app_path] %>/log/*.log {
+  <%= shared_rotate_conf %>
+  copytruncate
+}

data/lib/templates/profiles/rails_and_image_magick/configs/nginx/monit

@@ -0,0 +1,9 @@
+<%
+  @path = '/etc/monit/conf.d/nginx'
+%>
+check process nginx with pidfile /var/run/nginx.pid
+  group nginx-production
+  start program = "/etc/init.d/nginx start"
+  stop program = "/etc/init.d/nginx stop"
+  if failed host localhost port 80 protocol http and request "/robots.txt" with timeout 5 seconds then restart
+  if 2 restarts within 3 cycles then timeout

data/lib/templates/profiles/rails_and_image_magick/configs/nginx/nginx.conf

@@ -0,0 +1,99 @@
+<%
+  @path = "/etc/nginx/nginx.conf"
+
+  %w[ /tmp/nginx ].each do |dir|
+    system("mkdir -p #{dir} && chown www-data #{dir}") unless File.directory?(dir)
+  end
+
+  passenger_version = "3.0.2"
+  server_name = ENV['PUBLIC_SERVER_NAME']
+  server_root = "/srv/your-app/public"
+
+  shared_server_conf = <<-END_SHARED_SERVER_CONF
+
+    server_name #{server_name};
+    client_max_body_size 20M;
+
+    # redirect www.example.com to example.com
+    if ( $host = www.#{server_name} ) {
+      rewrite ^\/(.*)$ http://#{server_name}/$1 permanent;
+    }
+
+    # let browsers cache static assets
+    location ~ ^/(images|javascripts|stylesheets)/ { expires 1y; }
+
+    # always display system/maintenance.html if it exists
+    if ($request_filename ~* \.(js|css|gif|png|jpg)$) { break; }
+    if (-f $document_root/system/maintenance.html) {
+      rewrite  ^(.*)$  /system/maintenance.html last;
+      break;
+    }
+
+    location / {
+      passenger_enabled on;
+    }
+
+    error_page  500 502 503 504   /500.html;
+    error_page  404               /404.html;
+
+  END_SHARED_SERVER_CONF
+
+  @post = <<-POST
+    if [ -f /var/run/nginx.pid ]; then
+      /etc/init.d/nginx reload
+    else
+      /etc/init.d/nginx start
+    fi
+  POST
+%>
+user www-data;
+pid /var/run/nginx.pid;
+error_log /var/log/nginx/error.log;
+
+worker_processes 2;
+events {
+  worker_connections 1024;
+  use epoll;
+}
+
+http {
+
+  root <%= server_root %>;
+
+  include           /etc/nginx/mime.types;
+  default_type      text/html;
+
+  access_log        /var/log/nginx/access.log;
+
+  sendfile          on;
+  tcp_nopush        on;
+  tcp_nodelay       on;
+
+  gzip              on;
+  gzip_disable      "msie6";
+  gzip_types        text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+  passenger_root /usr/lib/ruby/gems/1.9.1/gems/passenger-<%= passenger_version %>;
+  passenger_ruby /usr/bin/ruby;
+  passenger_log_level 0;
+  passenger_max_pool_size 4; # for micro instances
+  passenger_min_instances 2;
+  passenger_pool_idle_time 0;
+  rails_app_spawner_idle_time 0;
+  passenger_pre_start http://<%= server_name %>/;
+
+  server {
+    listen 80;
+    <%= shared_server_conf %>
+  }
+
+  # remove this server block if you don't have ssl certificates
+  server {
+    listen 443;
+    ssl on;
+    ssl_certificate     /etc/nginx/YOUR-CERTIFICATE-FILE.crt;
+    ssl_certificate_key /etc/nginx/YOUR-CERTIFICATE-FILE.key;
+    <%= shared_server_conf.gsub('http://', 'https://') %>
+  }
+
+}

data/lib/templates/profiles/rails_and_image_magick/scripts/install_conf.sh

@@ -0,0 +1,33 @@
+# This script is sourced at the beginning of install.sh.
+# PACKAGES, RUBY_PACKAGE, IMAGE_MAGICK_PACKAGE, IMAGE_MAGICK_OPTIONS and NGINX_OPTIONS are required.
+# The IMAGE_MAGICK_PACKAGE defined below may no longer be available from the download url specified
+# in install_cust.sh. Find the latest release at http://www.imagemagick.org/script/download.php.
+
+# define packages to install
+# passenger will replace the nginx binary, but the package provides startup script, user etc.
+SYSTEM_PACKAGES="git-core monit nginx memcached"
+DB_CLIENT_PACKAGES="mysql-client libmysqlclient16 libmysqlclient16-dev"
+RUBY_BUILD_DEPENDENCIES="\
+  build-essential bison openssl zlib1g libxslt1.1 libssl-dev libxslt1-dev libxml2 \
+  libffi-dev libyaml-dev libxslt-dev autoconf libc6-dev libreadline6-dev zlib1g-dev"
+NGINX_AND_PASSENGER_DEPENDENCIES="libpcre3-dev libcurl4-openssl-dev"
+
+# $PACKAGES is used by install.sh
+PACKAGES="$SYSTEM_PACKAGES $DB_CLIENT_PACKAGES $RUBY_BUILD_DEPENDENCIES $NGINX_AND_PASSENGER_DEPENDENCIES"
+
+# the rest is used by install_cust.sh
+RUBY_PACKAGE=ruby-1.9.2-p180
+IMAGE_MAGICK_PACKAGE=ImageMagick-6.6.7-8
+IMAGE_MAGICK_OPTIONS='--disable-static --with-modules --without-perl --without-magick-plus-plus --with-quantum-depth=8'
+NGINX_OPTIONS="\
+  --conf-path=/etc/nginx/nginx.conf \
+  --lock-path=/var/lock/nginx.lock \
+  --http-client-body-temp-path=/tmp/nginx/client_body_temp \
+  --http-proxy-temp-path=/tmp/nginx/proxy_temp \
+  --http-fastcgi-temp-path=/tmp/nginx/fastcgi_temp \
+  --http-uwsgi-temp-path=/tmp/nginx/uwsgi_temp \
+  --http-scgi-temp-path=/tmp/nginx/scgi_temp \
+  --with-pcre \
+  --with-http_ssl_module \
+  --with-http_realip_module"
+# more options at http://wiki.nginx.org/Modules

data/lib/templates/profiles/rails_and_image_magick/scripts/install_cust.sh

@@ -0,0 +1,24 @@
+# This script is sourced at the end of install.sh when packages have been installed
+# and aliases and functions have been defined.
+
+# install ruby
+download ftp://ftp.ruby-lang.org//pub/ruby/1.9/$RUBY_PACKAGE.tar.gz
+extract_and_install $RUBY_PACKAGE
+sudo gem update --system
+sudo gem install --no-ri --no-rdoc bundler passenger
+
+# install nginx and passenger
+sudo passenger-install-nginx-module --auto --auto-download --prefix=/usr --extra-configure-flags="$NGINX_OPTIONS"
+# remove confusing nginx configuration files that are not used
+sudo rm -rf /etc/nginx/{conf.d,fastcgi*,scgi_params*,sites-*,uwsgi*}
+
+# install ImageMagick
+package_manager -y build-dep imagemagick
+download ftp://ftp.imagemagick.org/pub/ImageMagick/$IMAGE_MAGICK_PACKAGE.tar.gz
+extract_and_install $IMAGE_MAGICK_PACKAGE "$IMAGE_MAGICK_OPTIONS"
+
+# set up the shell environment for user ubuntu
+cat >> $HOME/.profile <<END_PROFILE
+# export RAILS_ENV=production
+# export EDITOR=vi
+END_PROFILE

data/lib/templates/shared/configs/crontab

@@ -0,0 +1,10 @@
+<%
+  @read_cmd = 'crontab -l | crontab -'
+  @write_cmd = 'crontab -'
+%>
+
+PATH=/usr/bin:/bin:/sbin:/usr/sbin
+MAILTO=<%= CONFIGURATION[:admin_email] %>
+
+# Keep the system clock on time
+<%= rand(59) %>     4 * * *       ntpdate -s pool.ntp.org

data/lib/templates/shared/configs/monitrc

@@ -0,0 +1,248 @@
+<%
+  @path = '/etc/monit/monitrc'
+  @perms = 0600
+  @post = 'echo startup=1 > /etc/default/monit'
+%>
+###############################################################################
+## Monit control file
+###############################################################################
+##
+## Comments begin with a '#' and extend through the end of the line. Keywords
+## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
+##
+## Below you will find examples of some frequently used statements. For 
+## information about the control file and a complete list of statements and 
+## options, please have a look in the Monit manual.
+##
+##
+###############################################################################
+## Global section
+###############################################################################
+##
+## Start Monit in the background (run as a daemon):
+#
+set daemon  45             # check services at 45-second intervals
+    with start delay 120   # optional: delay the first check by 2-minutes (by
+                           # default Monit check immediately after Monit start)
+#
+#
+## Set syslog logging with the 'daemon' facility. If the FACILITY option is
+## omitted, Monit will use 'user' facility by default. If you want to log to 
+## a standalone log file instead, specify the full path to the log file
+#
+# set logfile syslog facility log_daemon                       
+#
+#
+### Set the location of the Monit id file which stores the unique id for the
+### Monit instance. The id is generated and stored on first Monit start. By 
+### default the file is placed in $HOME/.monit.id.
+#
+# set idfile /var/.monit.id
+#
+### Set the location of the Monit state file which saves monitoring states
+### on each cycle. By default the file is placed in $HOME/.monit.state. If
+### the state file is stored on a persistent filesystem, Monit will recover
+### the monitoring state across reboots. If it is on temporary filesystem, the
+### state will be lost on reboot which may be convenient in some situations.
+#
+# set statefile /var/.monit.state
+#
+## Set the list of mail servers for alert delivery. Multiple servers may be 
+## specified using a comma separator. By default Monit uses port 25 - it is
+## possible to override this with the PORT option.
+#
+# set mailserver mail.bar.baz,               # primary mailserver
+#                backup.bar.baz port 10025,  # backup mailserver on port 10025
+#                localhost                   # fallback relay
+#
+#
+## By default Monit will drop alert events if no mail servers are available. 
+## If you want to keep the alerts for later delivery retry, you can use the 
+## EVENTQUEUE statement. The base directory where undelivered alerts will be 
+## stored is specified by the BASEDIR option. You can limit the maximal queue
+## size using the SLOTS option (if omitted, the queue is limited by space 
+## available in the back end filesystem).
+#
+# set eventqueue
+#     basedir /var/monit  # set the base directory where events will be stored
+#     slots 100           # optionally limit the queue size
+#
+#
+## Send status and events to M/Monit (for more informations about M/Monit 
+## see http://mmonit.com/).
+#
+# set mmonit http://monit:monit@192.168.1.10:8080/collector
+#
+#
+## Monit by default uses the following alert mail format:
+##
+## --8<--
+## From: monit@$HOST                         # sender
+## Subject: monit alert --  $EVENT $SERVICE  # subject
+##
+## $EVENT Service $SERVICE                   #
+##                                           #
+## 	Date:        $DATE                   #
+## 	Action:      $ACTION                 #
+## 	Host:        $HOST                   # body
+## 	Description: $DESCRIPTION            #
+##                                           #
+## Your faithful employee,                   #
+## Monit                                     #
+## --8<--
+##
+## You can override this message format or parts of it, such as subject
+## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
+## are expanded at runtime. For example, to override the sender, use:
+#
+# set mail-format { from: monit@foo.bar }
+#
+#
+## You can set alert recipients whom will receive alerts if/when a 
+## service defined in this file has errors. Alerts may be restricted on 
+## events by using a filter as in the second example below. 
+#
+# set alert sysadm@foo.bar                       # receive all alerts
+# set alert manager@foo.bar only on { timeout }  # receive just service-
+#                                                # timeout alert
+#
+#
+## Monit has an embedded web server which can be used to view status of 
+## services monitored and manage services from a web interface. See the
+## Monit Wiki if you want to enable SSL for the web server. 
+#
+# set httpd port 2812 and
+#     use address localhost  # only accept connection from localhost
+#     allow localhost        # allow localhost to connect to the server and
+#     allow admin:monit      # require user 'admin' with password 'monit'
+#     allow @monit           # allow users of group 'monit' to connect (rw)
+#     allow @users readonly  # allow users of group 'users' to connect readonly
+#
+#
+###############################################################################
+## Services
+###############################################################################
+##
+## Check general system resources such as load average, cpu and memory
+## usage. Each test specifies a resource, conditions and the action to be
+## performed should a test fail.
+#
+check system <%= host_name %>
+  if loadavg (1min) > 4 then alert
+  if loadavg (5min) > 2 then alert
+  if memory usage > 75% then alert
+  if cpu usage (user) > 70% then alert
+  if cpu usage (system) > 30% then alert
+  if cpu usage (wait) > 20% then alert
+
+check device rootfs with path /
+  if space usage > 75% then alert
+  if inode usage > 75% then alert
+
+#
+#    
+## Check a file for existence, checksum, permissions, uid and gid. In addition
+## to alert recipients in the global section, customized alert can be sent to 
+## additional recipients by specifying a local alert handler. The service may 
+## be grouped using the GROUP option. More than one group can be specified by
+## repeating the 'group name' statement.
+#    
+#  check file apache_bin with path /usr/local/apache/bin/httpd
+#    if failed checksum and 
+#       expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
+#    if failed permission 755 then unmonitor
+#    if failed uid root then unmonitor
+#    if failed gid root then unmonitor
+#    alert security@foo.bar on {
+#           checksum, permission, uid, gid, unmonitor
+#        } with the mail-format { subject: Alarm! }
+#    group server
+#
+#    
+## Check that a process is running, in this case Apache, and that it respond
+## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
+## and number of children. If the process is not running, Monit will restart 
+## it by default. In case the service is restarted very often and the 
+## problem remains, it is possible to disable monitoring using the TIMEOUT
+## statement. This service depends on another service (apache_bin) which
+## is defined above.
+#    
+#  check process apache with pidfile /usr/local/apache/logs/httpd.pid
+#    start program = "/etc/init.d/httpd start" with timeout 60 seconds
+#    stop program  = "/etc/init.d/httpd stop"
+#    if cpu > 60% for 2 cycles then alert
+#    if cpu > 80% for 5 cycles then restart
+#    if totalmem > 200.0 MB for 5 cycles then restart
+#    if children > 250 then restart
+#    if loadavg(5min) greater than 10 for 8 cycles then stop
+#    if failed host www.tildeslash.com port 80 protocol http
+#       and request "/somefile.html"
+#       then restart
+#    if failed port 443 type tcpssl protocol http
+#       with timeout 15 seconds
+#       then restart
+#    if 3 restarts within 5 cycles then timeout
+#    depends on apache_bin
+#    group server
+#    
+#    
+## Check filesystem permissions, uid, gid, space and inode usage. Other services,
+## such as databases, may depend on this resource and an automatically graceful
+## stop may be cascaded to them before the filesystem will become full and data
+## lost.
+#
+#  check filesystem datafs with path /dev/sdb1
+#    start program  = "/bin/mount /data"
+#    stop program  = "/bin/umount /data"
+#    if failed permission 660 then unmonitor
+#    if failed uid root then unmonitor
+#    if failed gid disk then unmonitor
+#    if space usage > 80% for 5 times within 15 cycles then alert
+#    if space usage > 99% then stop
+#    if inode usage > 30000 then alert
+#    if inode usage > 99% then stop
+#    group server
+#
+#
+## Check a file's timestamp. In this example, we test if a file is older 
+## than 15 minutes and assume something is wrong if its not updated. Also,
+## if the file size exceed a given limit, execute a script
+#
+#  check file database with path /data/mydatabase.db
+#    if failed permission 700 then alert
+#    if failed uid data then alert
+#    if failed gid data then alert
+#    if timestamp > 15 minutes then alert
+#    if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba
+#
+#
+## Check directory permission, uid and gid.  An event is triggered if the 
+## directory does not belong to the user with uid 0 and gid 0.  In addition, 
+## the permissions have to match the octal description of 755 (see chmod(1)).
+#
+#  check directory bin with path /bin
+#    if failed permission 755 then unmonitor
+#    if failed uid 0 then unmonitor
+#    if failed gid 0 then unmonitor
+#
+#
+## Check a remote host availability by issuing a ping test and check the 
+## content of a response from a web server. Up to three pings are sent and 
+## connection to a port and an application level network check is performed.
+#
+#  check host myserver with address 192.168.1.1
+#    if failed icmp type echo count 3 with timeout 3 seconds then alert
+#    if failed port 3306 protocol mysql with timeout 15 seconds then alert
+#    if failed url http://user:password@192.168.1.1:8080/?querystring
+#       and content == 'action="j_security_check"'
+#       then alert
+#
+###############################################################################
+## Includes
+###############################################################################
+##
+## It is possible to include additional configuration parts from other files or
+## directories.
+#
+
+include /etc/monit/conf.d/*