capistrano-exfel 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,41 @@
1
+ # PostgreSQL. Versions 7.4 and 8.x are supported.
2
+ #
3
+ # Install the pg driver:
4
+ # gem install pg
5
+ # On Mac OS X with macports:
6
+ # gem install pg -- --with-pg-config=/opt/local/lib/postgresql84/bin/pg_config
7
+ # On Windows:
8
+ # gem install pg
9
+ # Choose the win32 build.
10
+ # Install PostgreSQL and put its /bin directory on your path.
11
+ base: &base
12
+ adapter: postgresql
13
+ encoding: utf8
14
+ pool: 5
15
+ timeout: 5000
16
+ database: <<database_name>>
17
+ username: <<database_username>>
18
+ password: <<database_password>>
19
+
20
+ # Connect on a TCP socket. Omitted by default since the client uses a
21
+ # domain socket that doesn't need configuration. Windows does not have
22
+ # domain sockets, so uncomment these lines.
23
+ host: <<database_host>>
24
+ port: 5432
25
+
26
+ # Schema search path. The server defaults to $user,public
27
+ #schema_search_path: myapp,sharedapp,public
28
+
29
+ # Minimum log levels, in increasing order:
30
+ # debug5, debug4, debug3, debug2, debug1, log, notice, warning, error, fatal, panic
31
+ # The server defaults is: notice
32
+ #min_messages: warning
33
+
34
+ development:
35
+ <<: *base
36
+
37
+ test:
38
+ <<: *base
39
+
40
+ production:
41
+ <<: *base
@@ -0,0 +1,18 @@
1
+ # SQLite version 3.x
2
+ # gem install sqlite3
3
+ base: &base
4
+ adapter: sqlite3
5
+ pool: 5
6
+ timeout: 5000
7
+
8
+ development:
9
+ database: db/development.sqlite3
10
+ <<: *base
11
+
12
+ test:
13
+ database: db/test.sqlite3
14
+ <<: *base
15
+
16
+ production:
17
+ database: db/production.sqlite3
18
+ <<: *base
@@ -0,0 +1,47 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # Your secret key is used for verifying the integrity of signed cookies.
4
+ # If you change this key, all old signed cookies will become invalid!
5
+
6
+ # Make sure the secret is at least 30 characters and all random,
7
+ # no regular words or you'll be exposed to dictionary attacks.
8
+ # You can use `rake secret` to generate a secure secret key.
9
+
10
+ # Make sure the secrets in this file are kept private
11
+ # if you're sharing your code publicly.
12
+
13
+ development:
14
+ # Application secret_key_base (run 'rake secret' to generate a new secret)
15
+ secret_key_base: '___secret_that_must_be_replaced_after_deploy___'
16
+
17
+ # Application name
18
+ app_name: 'MyApp'
19
+
20
+ ### config_ApacheServer_with_uri
21
+ #
22
+ site_domain: 'https://in.xfel.eu/'
23
+ app_sub_domain_uri: 'dev_my_app'
24
+ routes_base_uri: ''
25
+ app_full_url: 'https://in.xfel.eu/dev_my_app'
26
+
27
+ test:
28
+ secret_key_base: '___secret_that_must_be_replaced_after_deploy___'
29
+ #
30
+ app_name: 'MyApp'
31
+ #
32
+ site_domain: 'https://in.xfel.eu/'
33
+ app_sub_domain_name: 'test_my_app'
34
+ routes_base_uri: ''
35
+ app_full_url: 'https://in.xfel.eu/test_my_app'
36
+
37
+ # Do not keep production secrets in the repository,
38
+ # instead read values from the environment.
39
+ production:
40
+ secret_key_base: '___secret_that_must_be_replaced_after_deploy___'
41
+ #
42
+ app_name: 'MyApp'
43
+ #
44
+ site_domain: 'https://in.xfel.eu/'
45
+ app_sub_domain_name: 'my_app'
46
+ routes_base_uri: ''
47
+ app_full_url: 'https://in.xfel.eu/my_app'
@@ -0,0 +1,7 @@
1
+ require 'capistrano/exfel/version'
2
+
3
+ # module Capistrano
4
+ # module Exfel
5
+ # # Your code goes here...
6
+ # end
7
+ # end
@@ -0,0 +1,19 @@
1
+ # Load DSL and Setup Up Stages
2
+ require 'capistrano/setup'
3
+
4
+ # Includes default deployment tasks
5
+ require 'capistrano/deploy'
6
+
7
+ # Includes tasks from other gems included in your Gemfile
8
+ require 'capistrano/rvm'
9
+
10
+ # We're going to use the full capistrano/rails since
11
+ # it includes the asset compilation, DB migrations and bundler
12
+ require 'capistrano/rails'
13
+
14
+ load File.expand_path('../../tasks/apache.rake', __FILE__)
15
+ load File.expand_path('../../tasks/app_home.rake', __FILE__)
16
+ load File.expand_path('../../tasks/application.rake', __FILE__)
17
+ load File.expand_path('../../tasks/database.rake', __FILE__)
18
+ load File.expand_path('../../tasks/secrets.rake', __FILE__)
19
+ load File.expand_path('../../tasks/util.rake', __FILE__)
@@ -0,0 +1,6 @@
1
+ module Capistrano
2
+ # Capistrano::Exfel version information
3
+ module Exfel
4
+ VERSION = '0.0.1'
5
+ end
6
+ end
@@ -0,0 +1,354 @@
1
+ namespace :apache do
2
+ desc 'Configure Apache (httpd) and restart it'
3
+ task :configure_and_start do
4
+ invoke 'apache:configure'
5
+ invoke 'apache:chkconfig_on'
6
+ # invoke 'apache:restart'
7
+ invoke 'apache:secure_apache' # This should go to Puppet
8
+ invoke 'apache:create_symbolic_link'
9
+ end
10
+
11
+ desc 'Check that the user has write permissions in the Deploy and in Apache DocumentRoot folders'
12
+ task :check_write_permissions do
13
+ invoke 'apache:check_write_permissions_on_deploy'
14
+ invoke 'apache:check_write_permissions_on_document_root'
15
+ end
16
+
17
+ desc 'Check that we have the right permission to the folder the app should be deployed to'
18
+ task :check_write_permissions_on_deploy do
19
+ on roles(:app) do |host|
20
+ debug '#' * 50
21
+ debug "Checking folder '#{fetch(:deploy_to)}' (where the application has to be deployed) "\
22
+ "for the right permissions on Host '#{host}'"
23
+
24
+ if test("[ -w #{fetch(:deploy_to)} ]")
25
+ info "#{fetch(:deploy_to)} is writable on #{host}"
26
+ else
27
+ error "#{fetch(:deploy_to)} is not writable on #{host}"
28
+ end
29
+
30
+ debug '#' * 50
31
+ end
32
+ end
33
+
34
+ desc 'Check that we have the right permission to the Apache DocumentRoot folder'
35
+ task :check_write_permissions_on_document_root do
36
+ on roles(:web) do |host|
37
+ debug '#' * 50
38
+ debug "Checking Apache DocumentRoot folder (#{fetch(:apache_document_root)}) permissions on Host '#{host}'"
39
+
40
+ if test("[ -w #{fetch(:apache_document_root)} ]")
41
+ info "#{fetch(:apache_document_root)} is writable on #{host}"
42
+ else
43
+ info "#{fetch(:apache_document_root)} is not writable on #{host}"
44
+ end
45
+
46
+ debug '#' * 50
47
+ end
48
+ end
49
+
50
+ desc 'Configure Apache configuration files'
51
+ task :configure do
52
+ on roles(:app) do
53
+ set :shared_path, "#{fetch(:deploy_to)}/shared"
54
+ set :shared_apache_path, "#{fetch(:shared_path)}/apache"
55
+
56
+ invoke 'apache:create_apache_shared_folder'
57
+ invoke 'apache:configure_app_conf_file'
58
+ invoke 'apache:configure_app_ssl_conf_file'
59
+
60
+ if remote_file_exists?('/etc/httpd/conf.d/ssl.conf')
61
+ execute "#{sudo_cmd} mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf_bck"
62
+ end
63
+ end
64
+ end
65
+
66
+ # desc 'Create Apache configuration files shared folder'
67
+ task :create_apache_shared_folder do
68
+ on roles(:app) do
69
+ sudo_cmd = "echo #{fetch(:password)} | sudo -S"
70
+
71
+ debug '#' * 50
72
+ debug 'Create Apache configuration files shared folder'
73
+
74
+ debug "mkdir -p #{fetch(:shared_apache_path)}"
75
+ execute "#{sudo_cmd} mkdir -p #{fetch(:shared_apache_path)}"
76
+
77
+ debug "chmod g+ws #{fetch(:shared_apache_path)}"
78
+ execute "#{sudo_cmd} chmod g+ws #{fetch(:shared_apache_path)}"
79
+
80
+ debug '#' * 50
81
+ end
82
+ end
83
+
84
+ # desc 'Configure (HTTP) Apache Application configuration files'
85
+ task :configure_app_conf_file do
86
+ on roles(:app) do
87
+ sudo_cmd = "echo #{fetch(:password)} | sudo -S"
88
+
89
+ debug '#' * 50
90
+ debug 'Configure (HTTP) Apache Application configuration files'
91
+
92
+ set :shared_apache_conf_file, "#{fetch(:shared_apache_path)}/app_#{fetch(:app_name_uri)}.conf"
93
+
94
+ upload! StringIO.new(File.read('config/recipes/apache_http.conf')), "#{fetch(:shared_apache_conf_file)}"
95
+ debug "chmod g+w #{fetch(:shared_apache_conf_file)}"
96
+ execute "chmod g+w #{fetch(:shared_apache_conf_file)}"
97
+
98
+ passenger_root = get_command_output('/usr/local/rvm/bin/rvm default do passenger-config --root')
99
+ ruby_path = "/#{passenger_root.split('/')[1..5].join('/')}/wrappers/ruby"
100
+ app_domain = fetch(:app_domain)
101
+ server_name = app_domain.split('/')[2]
102
+
103
+ debug "sed -i 's|<<PASSENGER_ROOT>>|#{passenger_root}|g' #{fetch(:shared_apache_conf_file)}"
104
+ execute "sed -i 's|<<PASSENGER_ROOT>>|#{passenger_root}|g' #{fetch(:shared_apache_conf_file)}"
105
+
106
+ execute "sed -i 's|<<RUBY_PATH>>|#{ruby_path}|g' #{fetch(:shared_apache_conf_file)}"
107
+ execute "sed -i 's|<<APP_DOMAIN>>|#{app_domain}|g' #{fetch(:shared_apache_conf_file)}"
108
+ execute "sed -i 's|<<SERVER_NAME>>|#{server_name}|g' #{fetch(:shared_apache_conf_file)}"
109
+
110
+ execute "#{sudo_cmd} ln -sfn #{fetch(:shared_apache_conf_file)} /etc/httpd/conf.d/"
111
+
112
+ debug '#' * 50
113
+ end
114
+ end
115
+
116
+ # desc 'Configure (HTTPS) Apache Application configuration files'
117
+ task :configure_app_ssl_conf_file do
118
+ on roles(:app) do
119
+ sudo_cmd = "echo #{fetch(:password)} | sudo -S"
120
+
121
+ debug '#' * 50
122
+ debug 'Configure (HTTPS) Apache Application configuration files'
123
+
124
+ set :shared_apache_conf_ssl_file, "#{fetch(:shared_apache_path)}/app_#{fetch(:app_name_uri)}_ssl.conf"
125
+
126
+ upload! StringIO.new(File.read('config/recipes/apache_ssl.conf')), "#{fetch(:shared_apache_conf_ssl_file)}"
127
+ debug "chmod g+w #{fetch(:shared_apache_conf_ssl_file)}"
128
+ execute "chmod g+w #{fetch(:shared_apache_conf_ssl_file)}"
129
+
130
+ execute "sed -i 's/<<APPLICATION_NAME>>/#{fetch(:app_name_uri)}/g' #{fetch(:shared_apache_conf_ssl_file)}"
131
+ execute "sed -i 's/<<ENVIRONMENT>>/#{fetch(:environment)}/g' #{fetch(:shared_apache_conf_ssl_file)}"
132
+
133
+ execute "#{sudo_cmd} ln -sfn #{fetch(:shared_apache_conf_ssl_file)} /etc/httpd/conf.d/"
134
+
135
+ debug '#' * 50
136
+ end
137
+ end
138
+
139
+ desc 'Configure Apache to start at bootup'
140
+ task :chkconfig_on do
141
+ on roles(:web) do
142
+ sudo_cmd = "echo #{fetch(:password)} | sudo -S"
143
+
144
+ debug '#' * 50
145
+
146
+ debug 'chkconfig httpd on'
147
+ execute "#{sudo_cmd} chkconfig httpd on"
148
+
149
+ info 'Configured Apache to start at bootup'
150
+ debug '#' * 50
151
+ end
152
+ end
153
+
154
+ desc 'Restart Apache (httpd) service'
155
+ task :restart do
156
+ on roles(:web) do
157
+ sudo_cmd = "echo #{fetch(:password)} | sudo -S"
158
+
159
+ debug '#' * 50
160
+
161
+ debug 'service httpd stop'
162
+ execute "#{sudo_cmd} service httpd stop"
163
+
164
+ debug 'pkill -9 httpd || true'
165
+ execute "#{sudo_cmd} pkill -9 httpd || true"
166
+
167
+ debug 'service httpd start'
168
+ execute "#{sudo_cmd} service httpd start"
169
+
170
+ info 'Restarted Apache (httpd) service'
171
+ debug '#' * 50
172
+ end
173
+ end
174
+
175
+ desc 'Create symbolic link to application public folder in Apache DocumentRoot folder'
176
+ task :create_symbolic_link do
177
+ on roles(:web) do
178
+ sudo_cmd = "echo #{fetch(:password)} | sudo -S"
179
+
180
+ info '#' * 50
181
+ info 'Creating application symbolic link'
182
+
183
+ debug "ln -sfn #{fetch(:deploy_to)}/current/public #{fetch(:apache_deploy_symbolic_link)}"
184
+ execute "#{sudo_cmd} ln -sfn #{fetch(:deploy_to)}/current/public #{fetch(:apache_deploy_symbolic_link)}"
185
+
186
+ info '#' * 50
187
+ end
188
+ end
189
+
190
+ desc 'Update httpd.conf to secure apache server'
191
+ task :secure_apache do
192
+ on roles(:web) do
193
+ sudo_cmd = "echo #{fetch(:password)} | sudo -S"
194
+
195
+ debug '#' * 50
196
+ debug 'Update httpd.conf to secure apache server'
197
+
198
+ set :httpd_conf_file, '/etc/httpd/conf/httpd.conf'
199
+
200
+ # Replace the original Apache configuration file
201
+ if remote_file_exists?('/etc/httpd/conf/httpd.conf_bck')
202
+ info 'Apache original configuration file already backed up at: /etc/httpd/conf/httpd.conf_bck'
203
+ else
204
+ execute "#{sudo_cmd} cp -f #{fetch(:httpd_conf_file)} /etc/httpd/conf/httpd.conf_bck"
205
+ info 'Apache original configuration file backed up at: /etc/httpd/conf/httpd.conf_bck'
206
+ end
207
+
208
+ # The ServerSignature directive allows the configuration of a trailing footer line under server-generated docs
209
+ # Options: On | Off | EMail
210
+ # More details: http://httpd.apache.org/docs/current/mod/core.html#serversignature
211
+ set :server_signature_off, get_num_occurrences_in_file(fetch(:httpd_conf_file), 'ServerSignature Off')
212
+
213
+ if fetch(:server_signature_off) == 1
214
+ info 'ServerSignature Off is already set'
215
+
216
+ else
217
+ set :num_replacements, 0
218
+ %w(On Off EMail).each do |option|
219
+ set :server_signature_option,
220
+ get_num_occurrences_in_file(fetch(:httpd_conf_file), "ServerSignature #{option}")
221
+
222
+ if fetch(:server_signature_option) == 1
223
+ info "sed -i 's/ServerSignature #{option}/ServerSignature Off/g' #{fetch(:httpd_conf_file)}"
224
+ execute "#{sudo_cmd} sed -i 's/ServerSignature #{option}/ServerSignature Off/g' #{fetch(:httpd_conf_file)}"
225
+ set :num_replacements, fetch(:num_replacements) + 1
226
+ end
227
+ end
228
+
229
+ error 'ServerSignature was not found' if fetch(:num_replacements) == 0
230
+ end
231
+
232
+ # Don't give away too much information about all the subcomponents we are running.
233
+ #
234
+ # Options: Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full
235
+ # More details: http://httpd.apache.org/docs/current/mod/core.html#servertokens
236
+ set :server_token_prod, get_num_occurrences_in_file(fetch(:httpd_conf_file), 'ServerTokens Prod')
237
+ if fetch(:server_token_prod) == 1
238
+ info 'ServerTokens Prod is already set'
239
+ else
240
+ set :num_replacements, 0
241
+ %w(Major Minor Minimal Min ProductOnly Prod OS Full).each do |option|
242
+ set :server_token_option, get_num_occurrences_in_file(fetch(:httpd_conf_file), "ServerTokens #{option}")
243
+
244
+ next unless fetch(:server_token_option) == 1
245
+
246
+ # Then, only if fetch(:server_token_option) == 1
247
+ info "sed -i 's/ServerTokens #{option}/ServerTokens Prod/g' #{fetch(:httpd_conf_file)}"
248
+ execute "#{sudo_cmd} sed -i 's/ServerTokens #{option}/ServerTokens Prod/g' #{fetch(:httpd_conf_file)}"
249
+ set :num_replacements, fetch(:num_replacements) + 1
250
+ end
251
+
252
+ error 'ServerTokens was not found' if fetch(:num_replacements) == 0
253
+ end
254
+
255
+ # Do not allow browsing outside the document root
256
+ #
257
+ # <Directory />
258
+ # Order Deny,Allow
259
+ # Deny from all
260
+ # Options None
261
+ # AllowOverride None
262
+ # </Directory>
263
+ #
264
+ message_line_1 = '# Default Directory configuration changed via Capistrano.'
265
+
266
+ set :server_dir_secure_configuration, get_num_occurrences_in_file(fetch(:httpd_conf_file), message_line_1)
267
+
268
+ if fetch(:server_token_prod) == 1
269
+ info 'The correct directory configuration is already correctly set'
270
+ else
271
+
272
+ set :tmp_dir_original_config, '/tmp/tmp_dir_original_config.conf'
273
+ set :tmp_dir_original_commented_config, '/tmp/tmp_dir_original_commented_config.conf'
274
+ set :tmp_dir_new_config, '/tmp/tmp_dir_new_config.conf'
275
+
276
+ # Create a temporary copy of the Apache configuration file
277
+ set :tmp_httpd_file, '/tmp/httpd.conf'
278
+ execute :cp, '-f', "#{fetch(:httpd_conf_file)} #{fetch(:tmp_httpd_file)}"
279
+
280
+ set :grep_for_directory, "grep -Pzo '^([ ]*<Directory />[ ]*)(\\n.*)+(\\n[ ]*</Directory>[ ]*)(\\n){1}$' "\
281
+ "#{fetch(:tmp_httpd_file)}"
282
+
283
+ # How many lines have the original configuration
284
+ command = "#{fetch(:grep_for_directory)} | grep -n '</Directory>' | head -n 1 | cut -d ':' -f1"
285
+ set :def_directory_num_lines, get_command_output(command).to_i
286
+ debug "Original configuration has #{fetch(:def_directory_num_lines)} lines."
287
+
288
+ # Saves to a file the original configuration
289
+ command = "#{fetch(:grep_for_directory)} | "\
290
+ "head -n #{fetch(:def_directory_num_lines)} > #{fetch(:tmp_dir_original_config)}"
291
+ debug command
292
+ execute command
293
+
294
+ # Saves to a file the original configuration commented
295
+ execute :cp, '-f', "#{fetch(:tmp_dir_original_config)} #{fetch(:tmp_dir_original_commented_config)}"
296
+ execute "sed -e 's/^/#/' -i #{fetch(:tmp_dir_original_commented_config)}"
297
+
298
+ # Save to a file the new desired configuration
299
+ new_directory_configs = <<-EOF
300
+
301
+ #Do not allow browsing outside the document root
302
+ <Directory />
303
+ Order Deny,Allow
304
+ Deny from all
305
+ Options None
306
+ AllowOverride None
307
+ </Directory>
308
+
309
+ EOF
310
+ upload! StringIO.new(new_directory_configs), "#{fetch(:tmp_dir_new_config)}"
311
+
312
+ # Update the new configuration file to have the original configuration commented
313
+ debug "cat #{fetch(:tmp_dir_new_config)} >> #{fetch(:tmp_dir_original_commented_config)}"
314
+ execute "cat #{fetch(:tmp_dir_new_config)} >> #{fetch(:tmp_dir_original_commented_config)}"
315
+ execute "mv -f #{fetch(:tmp_dir_original_commented_config)} #{fetch(:tmp_dir_new_config)}"
316
+
317
+ # Generates the special SED parameter: 'N;' per line that should be replaced
318
+ special_sed_param = 'N;' * fetch(:def_directory_num_lines)
319
+ debug "Special sed parameter is: ''#{special_sed_param}''"
320
+
321
+ # Replace the old original directory configuration for a specific message (in the temporary file)
322
+ message_complete = "#{message_line_1}\\n#\\n"
323
+ command_to_replace = "out=$(sed -e :a -e '$!N;s/\\n/.*/;ta' #{fetch(:tmp_dir_original_config)} | "\
324
+ "sed -e :a -e '$!N;s/\//./;ta'); sed -i '/<Directory .>.*/ {#{special_sed_param} "\
325
+ "s/'$out'/#{message_complete}/g}' #{fetch(:tmp_httpd_file)}"
326
+ debug command_to_replace
327
+ execute command_to_replace
328
+
329
+ # Search for the line where the message was inserted
330
+ command = "grep -n '#{message_line_1}' #{fetch(:tmp_httpd_file)} | cut -d':' -f 1"
331
+ debug command
332
+ line_with_match = get_command_output(command).to_i
333
+ next_line = line_with_match + 1
334
+ debug "New configuration will be added to line #{next_line}"
335
+
336
+ # Inserts the new directory configuration (with the old configuration commented)
337
+ # in the line following the comment added before
338
+ command = "sed '#{next_line}r #{fetch(:tmp_dir_new_config)}' < #{fetch(:tmp_httpd_file)} "\
339
+ '> tmp_httpd_new_conf_merge.conf'
340
+
341
+ debug command
342
+ execute command
343
+ execute "mv -f tmp_httpd_new_conf_merge.conf #{fetch(:tmp_httpd_file)}"
344
+
345
+ # Replace the original Apache configuration file
346
+ execute "#{sudo_cmd} mv -f #{fetch(:tmp_httpd_file)} #{fetch(:httpd_conf_file)}"
347
+
348
+ # Remove all created temporary files
349
+ execute "rm -f #{fetch(:tmp_dir_original_config)} #{fetch(:tmp_dir_original_commented_config)} "\
350
+ "#{fetch(:tmp_dir_new_config)} #{fetch(:tmp_httpd_file)}"
351
+ end
352
+ end
353
+ end
354
+ end