capistrano-cluster 0.0.10

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fa90fd5d8eae1aaf2d4aa230f76320ba995dec08
+  data.tar.gz: 4d91af93a532d6e6cb415d9a816a20dd98307afe
+SHA512:
+  metadata.gz: 23475010ea2f0222d2672d943b027f24d12c55ebb70dccbbdefcdd94fa3d1156fdaf14684d0329cced5f97e576e5c6b77d8a4b2a21333fcca868f81feadfe126
+  data.tar.gz: 2e25210c2cec9319d4fe16c89733cda6048e77b338ad916864427651b4c5b66fa7f5b1f718e5677796cd7e16488c49e986da2c45d95c65b242be88215d923dcc

data/.gitignore

@@ -0,0 +1,21 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.tugboat
+.rbenv-*
+Vagrantfile
+.vagrant

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in capistrano-environment.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Vlad Verestiuc
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,38 @@
+# Capistrano::Cluster
+
+Setup tasks and role additions for capistrano
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'capistrano-cluster'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install capistrano-cluster
+
+## Usage
+
+```ruby
+deploy_path = Pathname(Dir.pwd).join "deploy"
+
+set :deploy_config_path,  deploy_path.join("config.rb")
+set :stage_config_path,   deploy_path.join("environments")
+
+
+require 'capistrano/cluster'
+```
+
+
+## Contributing
+
+1. Fork it ( http://github.com/<my-github-username>/capistrano-environment/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/capistrano-cluster.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'capistrano/cluster/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "capistrano-cluster"
+  spec.version       = Capistrano::Cluster::VERSION
+  spec.authors       = ["Vlad Verestiuc"]
+  spec.email         = ["verestiuc.vlad@gmail.com"]
+  spec.summary       = %q{Environment setup automation.}
+  spec.description   = %q{Setup tasks and role additions for capistrano}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "rake"
+
+  spec.add_dependency "capistrano"
+  spec.add_dependency "capistrano-rails"
+  spec.add_dependency "capistrano-bundler"
+  spec.add_dependency "nokogiri"
+
+end

data/files/Procfile.erb

@@ -0,0 +1,2 @@
+<% processes.each_pair do |name, command| %>
+<%= name %>: export RAILS_ENV='<%=framework_env%>'; <%= command %><%end%>

data/files/apt.conf.d/10periodic

@@ -0,0 +1,4 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "1";
+APT::Periodic::AutocleanInterval "7";
+APT::Periodic::Unattended-Upgrade "1";

data/files/apt.conf.d/50unattended-upgrades

@@ -0,0 +1,4 @@
+Unattended-Upgrade::Allowed-Origins {
+  "Ubuntu saucy-security";
+  "Ubuntu saucy-updates";
+};

data/files/database.yml.erb

@@ -0,0 +1,11 @@
+<%= environment %>:
+  adapter: <%= adapter %>
+  host: <%= hostname %>
+  database: <%= name %>
+  username: <%= username %>
+  password: <%= password %>
+  encoding: <%= encoding || "utf-8" %>
+  reconnect: true
+  <%options.each_pair do |attribute,value| %><%= attribute %>: <%= value %>
+  <%end%>
+

data/files/etc/hosts.erb

@@ -0,0 +1,9 @@
+127.0.0.1 localhost
+
+# The following lines are desirable for IPv6 capable hosts
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+127.0.1.1 <%= hostname %>

data/files/firewall.erb

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+
+/sbin/iptables -F
+/sbin/iptables -X
+/sbin/iptables -Z
+
+<%= rules %>

data/files/issue.net

@@ -0,0 +1,11 @@
+********************************************************************
+*                                                                  *
+* This system is for the use of authorized users only.  Usage of   *
+* this system may be monitored and recorded by system personnel.   *
+*                                                                  *
+* Anyone using this system expressly consents to such monitoring   *
+* and is advised that if such monitoring reveals possible          *
+* evidence of criminal activity, system personnel may provide the  *
+* evidence from such monitoring to law enforcement officials.      *
+*                                                                  *
+********************************************************************

data/files/lb-sysctl.conf

@@ -0,0 +1,24 @@
+# Increase system IP port limits to allow for more connections
+
+net.ipv4.ip_local_port_range = 2000 65000
+
+
+net.ipv4.tcp_window_scaling = 1
+
+
+# number of packets to keep in backlog before the kernel starts dropping them
+net.ipv4.tcp_max_syn_backlog = 3240000
+
+
+# increase socket listen backlog
+net.core.somaxconn = 3240000
+net.ipv4.tcp_max_tw_buckets = 1440000
+
+
+# Increase TCP buffer sizes
+net.core.rmem_default = 8388608
+net.core.rmem_max = 16777216
+net.core.wmem_max = 16777216
+net.ipv4.tcp_rmem = 4096 87380 16777216
+net.ipv4.tcp_wmem = 4096 65536 16777216
+net.ipv4.tcp_congestion_control = cubic

data/files/nginx/application.conf.erb

@@ -0,0 +1,67 @@
+
+upstream upstream_<%= fetch(:application) %> {
+  server unix:<%= shared_path.join("tmp/sockets") %>/nginx.sock fail_timeout=0;
+}
+
+
+server {
+  listen 80;
+
+  <% fetch(:hostnames).each do |hostname| %>
+  server_name <%= hostname %>;
+  <% end %>
+
+  root <%= current_path.join("public") %>;
+
+  access_log off;
+  error_log <%= shared_path.join("log") %>/error.log notice;
+  access_log  <%= shared_path.join("log") %>/access.log main;
+
+  client_max_body_size 100M;
+
+  error_page 404 /404.html;
+  error_page 500 502 504 /500.html;
+  error_page 503 @503;
+  recursive_error_pages on;
+
+  location @503 {
+
+    error_page 405 = /system/maintenance.html;
+
+    if (-f $request_filename) {
+      break;
+    }
+
+    rewrite ^(.*)$ /system/maintenance.html break;
+  }
+
+
+  location @app_<%= fetch(:application) %> {
+    index index.html index.htm;
+
+    #proxy_set_header  X-Real-IP         $remote_addr;
+    #proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header  Host              $http_host;
+
+    proxy_pass http://upstream_<%= fetch(:application) %>;
+  }
+
+
+
+  location ~ ^/(images|assets|javascripts|stylesheets)/ {
+    try_files  $uri $uri/index.html /last_assets/$uri /last_assets/$uri.html @app_<%= fetch(:application) %>;
+    gzip_static on;
+    expires max;
+    add_header Cache-Control public;
+  }
+
+  location / {
+    if (-f $document_root/system/maintenance.html) { return 503; }
+    try_files  $uri $uri/index.html $uri.html @app_<%= fetch(:application) %>;
+  }
+
+  location = /500.html {
+    root <%= current_path.join("public") %>;
+  }
+
+}

data/files/nginx/lb-application.conf.erb

@@ -0,0 +1,91 @@
+
+upstream upstream_<%= fetch(:application) %>_<%= fetch(:framework_env)%> {
+  keepalive 1024;
+  <% roles(:web).each do |backend| %>
+  server <%= backend.hostname %> max_fails=3 fail_timeout=10s;
+  <% end %>
+}
+
+
+server {
+  listen 80;
+
+  <% fetch(:hostnames).each do |hostname| %>
+    server_name <%= hostname %>;
+  <%end%>
+
+  access_log  /var/log/nginx/<%= fetch(:application) %>-<%= fetch(:framework_env)%>.log main;
+  error_log /var/log/nginx/<%= fetch(:application) %>-<%= fetch(:framework_env)%>.log notice;
+
+
+  client_max_body_size 100M;
+
+
+  proxy_set_header  X-Real-IP         $remote_addr;
+  proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+  proxy_set_header  Host              $http_host;
+  proxy_set_header  X-Forwarded-Proto http;
+
+  proxy_redirect off;
+  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+
+
+  location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
+    proxy_buffering  on;
+    proxy_cache_valid 200 120m;
+    log_not_found off;
+    expires 864000;
+    proxy_pass http://upstream_<%= fetch(:application) %>_<%= fetch(:framework_env)%>;
+  }
+
+  location / {
+    proxy_pass http://upstream_<%= fetch(:application) %>_<%= fetch(:framework_env)%>;
+  }
+
+}
+
+
+<% if ssl %>
+
+server {
+  listen 443;
+
+  ssl on;
+  ssl_certificate /etc/nginx/servers/<%= fetch(:application) %>-<%= fetch(:framework_env) %>/ssl.pem;
+  ssl_certificate_key /etc/nginx/servers/<%= fetch(:application) %>-<%= fetch(:framework_env) %>/ssl.pem;
+
+  <% fetch(:hostnames).each do |hostname| %>
+    server_name <%= hostname %>;
+  <%end%>
+
+  access_log  /var/log/nginx/<%= fetch(:application) %>-<%= fetch(:framework_env)%>.log main;
+  error_log /var/log/nginx/<%= fetch(:application) %>-<%= fetch(:framework_env)%>.log notice;
+
+  client_max_body_size 100M;
+
+  proxy_set_header  X-Real-IP         $remote_addr;
+  proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+  proxy_set_header  Host              $http_host;
+  proxy_set_header  X-Forwarded-Proto https;
+
+
+  proxy_redirect off;
+  proxy_max_temp_file_size 0;
+  proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+
+  location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
+    proxy_buffering  on;
+    proxy_cache_valid 200 120m;
+    log_not_found off;
+    expires 864000;
+    proxy_pass http://upstream_<%= fetch(:application) %>_<%= fetch(:framework_env)%>;
+  }
+
+  location / {
+    proxy_pass http://upstream_<%= fetch(:application) %>_<%= fetch(:framework_env)%>;
+  }
+
+
+}
+
+<% end %>

data/files/nginx/lb-nginx.conf.erb

@@ -0,0 +1,84 @@
+user <%= user %> <%= user %>;
+worker_processes 1;
+timer_resolution 500ms;
+
+pid /run/nginx.pid;
+
+worker_rlimit_nofile 200000;
+
+
+events {
+    use epoll;
+    worker_connections 10240;
+}
+
+http {
+
+  include /etc/nginx/mime.types;
+
+  default_type application/octet-stream;
+
+  log_format main '$remote_addr - $remote_user [$time_local] '
+                  '"$request" $status $body_bytes_sent "$http_referer" '
+                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+
+  keepalive_timeout 30;
+  keepalive_requests 100000;
+  reset_timedout_connection on;
+
+  server_names_hash_bucket_size  128;
+  types_hash_max_size 2048;
+  types_hash_bucket_size 64;
+
+  if_modified_since before;
+
+  gzip on;
+  gzip_http_version 1.0;
+  gzip_comp_level 5;
+  gzip_min_length 512;
+  gzip_buffers 16 8k;
+  gzip_proxied any;
+  gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+  gzip_disable "MSIE [1-6]\.";
+  gzip_vary on;
+
+  ssl_session_cache   shared:SSL:10m;
+  ssl_session_timeout 10m;
+
+  server_name_in_redirect off;
+  server_tokens off;
+
+  access_log off;
+
+  open_file_cache max=200000 inactive=20s;
+  open_file_cache_valid 30s;
+  open_file_cache_min_uses 2;
+  open_file_cache_errors on;
+
+
+  #proxy_buffer_size           32k;
+  #proxy_buffers               4 32k;
+  #proxy_busy_buffers_size     32k;
+  #proxy_temp_file_write_size  32k;
+  #proxy_cache_path /var/lib/nginx/cache  levels=1:2  keys_zone=cache:80m inactive=1d  max_size=2500m;
+  #proxy_cache_key "$scheme$request_method$host$request_uri";
+  #proxy_cache cache;
+
+  #proxy_cache_valid  200 302  1d;
+  #proxy_cache_valid  301      1d;
+  #proxy_cache_valid  any      1m;
+
+  #proxy_connect_timeout 300;
+  #proxy_read_timeout    120;
+  #proxy_send_timeout    120;
+
+  #proxy_ignore_headers "X-Accel-Redirect" "X-Accel-Expires" "Expires" "Cache-Control" "Set-Cookie";
+  include /etc/nginx/servers/*/nginx.conf;
+}
+
+

data/files/nginx/nginx.conf.erb

@@ -0,0 +1,80 @@
+#user <%= user %> <%= user %>;
+worker_processes 1;
+timer_resolution 500ms;
+
+pid /run/nginx.pid;
+
+worker_rlimit_nofile 200000;
+
+
+events {
+    use epoll;
+    worker_connections 10240;
+}
+
+http {
+
+  include /etc/nginx/mime.types;
+
+  default_type application/octet-stream;
+
+  log_format main '$remote_addr - $remote_user [$time_local] '
+                  '"$request" $status $body_bytes_sent "$http_referer" '
+                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+
+  keepalive_timeout 30;
+  keepalive_requests 100000;
+  reset_timedout_connection on;
+
+  server_names_hash_bucket_size  128;
+  types_hash_max_size 2048;
+  types_hash_bucket_size 64;
+
+  if_modified_since before;
+
+  gzip on;
+  gzip_http_version 1.0;
+  gzip_comp_level 5;
+  gzip_min_length 512;
+  gzip_buffers 16 8k;
+  gzip_proxied any;
+  gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+  gzip_disable "MSIE [1-6]\.";
+  gzip_vary on;
+
+  server_name_in_redirect off;
+  server_tokens off;
+
+  access_log off;
+
+  open_file_cache max=200000 inactive=20s;
+  open_file_cache_valid 30s;
+  open_file_cache_min_uses 2;
+  open_file_cache_errors on;
+
+
+  #proxy_buffer_size           32k;
+  #proxy_buffers               4 32k;
+  #proxy_busy_buffers_size     32k;
+  #proxy_temp_file_write_size  32k;
+  #proxy_cache_path /var/lib/nginx/cache  levels=1:2  keys_zone=cache:80m inactive=1d  max_size=2500m;
+  #proxy_cache_key "$scheme$request_method$host$request_uri";
+  #proxy_cache cache;
+  #proxy_cache_valid  200 302  1d;
+  #proxy_cache_valid  301      1d;
+  #proxy_cache_valid  any      1m;
+  #proxy_connect_timeout 300;
+  #proxy_read_timeout    120;
+  #proxy_send_timeout    120;
+
+  #proxy_ignore_headers "X-Accel-Redirect" "X-Accel-Expires" "Expires" "Cache-Control" "Set-Cookie";
+  include /apps/*/shared/config/nginx.conf;
+
+}
+
+

data/files/pg_hba.conf.erb

@@ -0,0 +1,10 @@
+local   all             postgres                                trust
+local   all             all                                     md5
+host    all             all             127.0.0.1/32            md5
+host    all             all             ::1/128                 md5
+#local   replication     postgres                                peer
+#host    replication     postgres        127.0.0.1/32            md5
+#host    replication     postgres        ::1/128                 md5
+<% allowed_hosts.each do |host| %>
+host    all             all             <%= host%>/32            md5
+<%end %>

data/files/postgresql.conf

@@ -0,0 +1,19 @@
+
+data_directory = '/var/lib/postgresql/9.3/main'   # use data in another directory
+hba_file = '/etc/postgresql/9.3/main/pg_hba.conf' # host-based authentication file
+ident_file = '/etc/postgresql/9.3/main/pg_ident.conf' # ident configuration file
+external_pid_file = '/var/run/postgresql/9.3-main.pid'      # write an extra PID file
+listen_addresses = '*'
+port = 5432
+max_connections = 200
+unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories
+ssl = false        # (change requires restart)
+shared_buffers = 128MB      # min 128kB
+log_hostname = on
+log_line_prefix = '%t '     # special values:
+log_lock_waits = on     # log lock waits >= deadlock_timeout
+log_timezone = 'UTC'
+
+
+datestyle = 'iso, mdy'
+timezone = 'UTC'