capistrano-atlas 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e28563de84ce8e0dd512f5afd7ef184a900062a0
-  data.tar.gz: ae9cb829cc6e4a17cb2e05197bebea1910965001
+  metadata.gz: 4a8d4c7cbad489d8b3652d33acc3ee4e713b0ca0
+  data.tar.gz: 757d22dd39d29c691f90c798124f913a4b542afa
 SHA512:
-  metadata.gz: b6238a118354c485e09aa165299c8ab8c7d2a89d0c1d05d36da2489439c1443ca7b10cc5aaad8c879e7568c1a4c8cc92900b9114e55a7b6e422f067a2c634b47
-  data.tar.gz: db015623266443404f0bbc959695723851fc4b30a2055242a10bd06c9dfcb2aab7f781054cab3e25ed36cb25b1e6d97fc9bfd2a6deb0fe08a244b60903b6eec5
+  metadata.gz: 300aefc371c5ec8b5c336d5cac94a17aee52cdf1fc63bc63e52e6f60aefeab464060eb627ffb2e0933c8b553275107517ee0ca9cb78ae569305693247bf9926d
+  data.tar.gz: 6aab8ddf0b302b4dab3e57dfc4efdf9100bf584a3c5a8134fdb2c578a4b8d29c299d7b71c2613d1fb52b33abe74829e1c49a325d5b63604b4d259aaf37a993fd

data/README.md

@@ -193,9 +193,7 @@ Check out my [rails-template][] project, which generates Rails applications with
 
 ## History
 
-This gem used to be called capistrano-fiftyfive, because it was initially built by [55 Minutes](http://55minutes.com) to automate its Rails deployments. I have since taken over ownership of the gem and renamed it to capistrano-atlas to avoid any confusion.
-
-If you are upgrading from `capistrano-fiftyfive`, refer to the [CHANGELOG entry for v0.22.0](CHANGELOG.md#0220-2015-06-22) for migration instructions.
+This gem was forked from `capistrano-mb`.
 
 ## Contributing
 

data/lib/capistrano/atlas/version.rb

@@ -1,5 +1,5 @@
 module Capistrano
   module Atlas
-    VERSION = "0.1.0".freeze
+    VERSION = "0.1.1".freeze
   end
 end

data/lib/capistrano/tasks/defaults.rake

@@ -54,6 +54,8 @@ namespace :load do
     set :atlas_nginx_force_https, false
     set :atlas_nginx_redirect_hosts, {}
 
+    ask :atlas_lets_encrypt_domain_name, "www.example.com"
+
     set :atlas_puma_threads, "0, 8"
     set :atlas_puma_workers, 2
     set :atlas_puma_timeout, 30
@@ -92,12 +94,6 @@ namespace :load do
     set :atlas_sidekiq_concurrency, 25
     set :atlas_sidekiq_role, :sidekiq
 
-    ask :atlas_ssl_csr_country, "US"
-    ask :atlas_ssl_csr_state, "California"
-    ask :atlas_ssl_csr_city, "San Francisco"
-    ask :atlas_ssl_csr_org, "Example Company"
-    ask :atlas_ssl_csr_name, "www.example.com"
-
     # WARNING: misconfiguring firewall rules could lock you out of the server!
     set :atlas_ufw_rules,
         "allow ssh" => :all,
@@ -120,7 +116,6 @@ namespace :load do
           tmp/sockets
           public/.well-known
           public/system
-          node_modules
         )
     }
     set :linked_files, -> {

data/lib/capistrano/tasks/ssl.rake

@@ -1,57 +1,32 @@
 atlas_recipe :ssl do
   during :provision, "generate_dh"
-  during :provision, "generate_self_signed_crt"
+  during :provision, "configure_lets_encrypt"
 end
 
 namespace :atlas do
   namespace :ssl do
-    desc "Generate an SSL key and CSR for Ngnix HTTPS"
-    task :generate_csr do
-      _run_ssl_script
-      _copy_to_all_web_servers(%w(.key .csr))
-    end
-
-    desc "Generate an SSL key, CSR, and self-signed cert for Ngnix HTTPS"
-    task :generate_self_signed_crt do
-      _run_ssl_script("--self")
-      _copy_to_all_web_servers(%w(.key .csr .crt))
+    desc "Setup Let's Encrypt and get a free certificate"
+    task :configure_lets_encrypt do
+      privileged_on roles(:web) do
+        unless test("sudo [ -f /etc/ssl/#{application_basename}.crt ]")
+          execute :sudo, "mkdir -p /opt/certbot"
+          execute :sudo, "cd /opt/certbot/; wget https://dl.eff.org/certbot-auto; chmod a+x certbot-auto; "
+          execute :sudo, "/opt/certbot/certbot-auto certonly --agree-tos "\ 
+                         "--email #{letsencrypt_email} --webroot "\
+                         "-w #{current_path}/public "\
+                         "-d #{fetch(:atlas_lets_encrypt_domain_name)}"
+        end
+      end
     end
 
     desc "Generate unique DH group"
     task :generate_dh do
       privileged_on roles(:web) do
         unless test("sudo [ -f /etc/ssl/dhparams.pem ]")
-          execute :sudo, "openssl dhparam -out /etc/ssl/dhparams.pem 2048"
+          execute :sudo, "openssl dhparam -out /etc/ssl/dhparams.pem 2048 > /dev/null 2>&1"
           execute :sudo, "chmod 600 /etc/ssl/dhparams.pem"
         end
       end
     end
-
-    def _run_ssl_script(opt="")
-      privileged_on primary(:web) do
-        files_exist = %w(.key .csr .crt).any? do |ext|
-          test("sudo [ -f /etc/ssl/#{application_basename}#{ext} ]")
-        end
-
-        if files_exist
-          info("Files exist; skipping SSL key generation.")
-        else
-          config = "/tmp/csr_config"
-          ssl_script = "/tmp/ssl_script"
-
-          template("csr_config.erb", config, :sudo => true)
-          template("ssl_setup", ssl_script, :mode => "+x", :sudo => true)
-
-          within "/etc/ssl" do
-            execute :sudo, ssl_script, opt, application_basename, config
-            execute :sudo, "rm", ssl_script, config
-          end
-        end
-      end
-    end
-
-    def _copy_to_all_web_servers(extensions)
-      # TODO
-    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: capistrano-atlas
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - John McDowall
@@ -100,7 +100,6 @@ files:
 - lib/capistrano/atlas/dsl.rb
 - lib/capistrano/atlas/recipe.rb
 - lib/capistrano/atlas/templates/crontab.erb
-- lib/capistrano/atlas/templates/csr_config.erb
 - lib/capistrano/atlas/templates/logrotate.erb
 - lib/capistrano/atlas/templates/maintenance.html.erb
 - lib/capistrano/atlas/templates/nginx.erb
@@ -111,7 +110,6 @@ files:
 - lib/capistrano/atlas/templates/puma_init.erb
 - lib/capistrano/atlas/templates/rbenv_bashrc
 - lib/capistrano/atlas/templates/sidekiq_init.erb
-- lib/capistrano/atlas/templates/ssl_setup
 - lib/capistrano/atlas/templates/version.rb.erb
 - lib/capistrano/atlas/version.rb
 - lib/capistrano/tasks/aptitude.rake

data/lib/capistrano/atlas/templates/csr_config.erb

@@ -1,10 +0,0 @@
-[ req ]
-distinguished_name="req_distinguished_name"
-prompt="no"
-
-[ req_distinguished_name ]
-C="<%= fetch(:atlas_ssl_csr_country) %>"
-ST="<%= fetch(:atlas_ssl_csr_state) %>"
-L="<%= fetch(:atlas_ssl_csr_city) %>"
-O="<%= fetch(:atlas_ssl_csr_org) %>"
-CN="<%= fetch(:atlas_ssl_csr_name) %>"

data/lib/capistrano/atlas/templates/ssl_setup

@@ -1,43 +0,0 @@
-#!/bin/bash
-
-# Usage:
-#
-# ssl_setup [--self] <name> <csr_config>
-#
-# This script is used to generate key and CSR for use HTTPS in Nginx.
-#
-# --self        Generate self-signed certificate in addition to key and CSR.
-# name          Output files will be named as <name>.key and <name>.csr.
-# csr_config    Path to file that specifies CSR information. See below.
-#
-# CSR configuration format:
-#
-# [ req ]
-# distinguished_name="req_distinguished_name"
-# prompt="no"
-#
-# [ req_distinguished_name ]
-# C="US"
-# ST="California"
-# L="San Francisco"
-# O="Example Company"
-# CN="www.example.com"
-
-if [[ $1 == --self ]]; then
-  SELF_SIGN=1
-  shift
-fi
-
-KEY_NAME=$1
-CSR_CONFIG=$2
-
-openssl req -config $CSR_CONFIG -new -newkey rsa:2048 -nodes -keyout ${KEY_NAME}.key -out ${KEY_NAME}.csr
-chmod 600 ${KEY_NAME}.key ${KEY_NAME}.csr
-echo "Created ${KEY_NAME}.key"
-echo "Created ${KEY_NAME}.csr"
-
-if [[ -n $SELF_SIGN ]]; then
-  openssl x509 -req -days 365 -in ${KEY_NAME}.csr -signkey ${KEY_NAME}.key -out ${KEY_NAME}.crt
-  chmod 600 ${KEY_NAME}.crt
-  echo "Created ${KEY_NAME}.crt (self-signed)"
-fi