capistrano-exfel 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +17 -0
- data/.rubocop.yml +20 -0
- data/Gemfile +7 -0
- data/LICENSE.txt +22 -0
- data/README.md +31 -0
- data/Rakefile +1 -0
- data/capistrano-exfel.gemspec +24 -0
- data/config/recipes/apache_http.conf +46 -0
- data/config/recipes/apache_ssl.conf +252 -0
- data/config/recipes/config/database_mysql.yml +38 -0
- data/config/recipes/config/database_postgresql.yml +41 -0
- data/config/recipes/config/database_sqlite.yml +18 -0
- data/config/recipes/config/secrets_example.yml +47 -0
- data/lib/capistrano/exfel.rb +7 -0
- data/lib/capistrano/exfel/sl6.rb +19 -0
- data/lib/capistrano/exfel/version.rb +6 -0
- data/lib/capistrano/tasks/apache.rake +354 -0
- data/lib/capistrano/tasks/app_home.rake +127 -0
- data/lib/capistrano/tasks/application.rake +224 -0
- data/lib/capistrano/tasks/database.rake +106 -0
- data/lib/capistrano/tasks/secrets.rake +106 -0
- data/lib/capistrano/tasks/util.rake +56 -0
- metadata +96 -0
@@ -0,0 +1,41 @@
|
|
1
|
+
# PostgreSQL. Versions 7.4 and 8.x are supported.
|
2
|
+
#
|
3
|
+
# Install the pg driver:
|
4
|
+
# gem install pg
|
5
|
+
# On Mac OS X with macports:
|
6
|
+
# gem install pg -- --with-pg-config=/opt/local/lib/postgresql84/bin/pg_config
|
7
|
+
# On Windows:
|
8
|
+
# gem install pg
|
9
|
+
# Choose the win32 build.
|
10
|
+
# Install PostgreSQL and put its /bin directory on your path.
|
11
|
+
base: &base
|
12
|
+
adapter: postgresql
|
13
|
+
encoding: utf8
|
14
|
+
pool: 5
|
15
|
+
timeout: 5000
|
16
|
+
database: <<database_name>>
|
17
|
+
username: <<database_username>>
|
18
|
+
password: <<database_password>>
|
19
|
+
|
20
|
+
# Connect on a TCP socket. Omitted by default since the client uses a
|
21
|
+
# domain socket that doesn't need configuration. Windows does not have
|
22
|
+
# domain sockets, so uncomment these lines.
|
23
|
+
host: <<database_host>>
|
24
|
+
port: 5432
|
25
|
+
|
26
|
+
# Schema search path. The server defaults to $user,public
|
27
|
+
#schema_search_path: myapp,sharedapp,public
|
28
|
+
|
29
|
+
# Minimum log levels, in increasing order:
|
30
|
+
# debug5, debug4, debug3, debug2, debug1, log, notice, warning, error, fatal, panic
|
31
|
+
# The server defaults is: notice
|
32
|
+
#min_messages: warning
|
33
|
+
|
34
|
+
development:
|
35
|
+
<<: *base
|
36
|
+
|
37
|
+
test:
|
38
|
+
<<: *base
|
39
|
+
|
40
|
+
production:
|
41
|
+
<<: *base
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# SQLite version 3.x
|
2
|
+
# gem install sqlite3
|
3
|
+
base: &base
|
4
|
+
adapter: sqlite3
|
5
|
+
pool: 5
|
6
|
+
timeout: 5000
|
7
|
+
|
8
|
+
development:
|
9
|
+
database: db/development.sqlite3
|
10
|
+
<<: *base
|
11
|
+
|
12
|
+
test:
|
13
|
+
database: db/test.sqlite3
|
14
|
+
<<: *base
|
15
|
+
|
16
|
+
production:
|
17
|
+
database: db/production.sqlite3
|
18
|
+
<<: *base
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Your secret key is used for verifying the integrity of signed cookies.
|
4
|
+
# If you change this key, all old signed cookies will become invalid!
|
5
|
+
|
6
|
+
# Make sure the secret is at least 30 characters and all random,
|
7
|
+
# no regular words or you'll be exposed to dictionary attacks.
|
8
|
+
# You can use `rake secret` to generate a secure secret key.
|
9
|
+
|
10
|
+
# Make sure the secrets in this file are kept private
|
11
|
+
# if you're sharing your code publicly.
|
12
|
+
|
13
|
+
development:
|
14
|
+
# Application secret_key_base (run 'rake secret' to generate a new secret)
|
15
|
+
secret_key_base: '___secret_that_must_be_replaced_after_deploy___'
|
16
|
+
|
17
|
+
# Application name
|
18
|
+
app_name: 'MyApp'
|
19
|
+
|
20
|
+
### config_ApacheServer_with_uri
|
21
|
+
#
|
22
|
+
site_domain: 'https://in.xfel.eu/'
|
23
|
+
app_sub_domain_uri: 'dev_my_app'
|
24
|
+
routes_base_uri: ''
|
25
|
+
app_full_url: 'https://in.xfel.eu/dev_my_app'
|
26
|
+
|
27
|
+
test:
|
28
|
+
secret_key_base: '___secret_that_must_be_replaced_after_deploy___'
|
29
|
+
#
|
30
|
+
app_name: 'MyApp'
|
31
|
+
#
|
32
|
+
site_domain: 'https://in.xfel.eu/'
|
33
|
+
app_sub_domain_name: 'test_my_app'
|
34
|
+
routes_base_uri: ''
|
35
|
+
app_full_url: 'https://in.xfel.eu/test_my_app'
|
36
|
+
|
37
|
+
# Do not keep production secrets in the repository,
|
38
|
+
# instead read values from the environment.
|
39
|
+
production:
|
40
|
+
secret_key_base: '___secret_that_must_be_replaced_after_deploy___'
|
41
|
+
#
|
42
|
+
app_name: 'MyApp'
|
43
|
+
#
|
44
|
+
site_domain: 'https://in.xfel.eu/'
|
45
|
+
app_sub_domain_name: 'my_app'
|
46
|
+
routes_base_uri: ''
|
47
|
+
app_full_url: 'https://in.xfel.eu/my_app'
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# Load DSL and Setup Up Stages
|
2
|
+
require 'capistrano/setup'
|
3
|
+
|
4
|
+
# Includes default deployment tasks
|
5
|
+
require 'capistrano/deploy'
|
6
|
+
|
7
|
+
# Includes tasks from other gems included in your Gemfile
|
8
|
+
require 'capistrano/rvm'
|
9
|
+
|
10
|
+
# We're going to use the full capistrano/rails since
|
11
|
+
# it includes the asset compilation, DB migrations and bundler
|
12
|
+
require 'capistrano/rails'
|
13
|
+
|
14
|
+
load File.expand_path('../../tasks/apache.rake', __FILE__)
|
15
|
+
load File.expand_path('../../tasks/app_home.rake', __FILE__)
|
16
|
+
load File.expand_path('../../tasks/application.rake', __FILE__)
|
17
|
+
load File.expand_path('../../tasks/database.rake', __FILE__)
|
18
|
+
load File.expand_path('../../tasks/secrets.rake', __FILE__)
|
19
|
+
load File.expand_path('../../tasks/util.rake', __FILE__)
|
@@ -0,0 +1,354 @@
|
|
1
|
+
namespace :apache do
|
2
|
+
desc 'Configure Apache (httpd) and restart it'
|
3
|
+
task :configure_and_start do
|
4
|
+
invoke 'apache:configure'
|
5
|
+
invoke 'apache:chkconfig_on'
|
6
|
+
# invoke 'apache:restart'
|
7
|
+
invoke 'apache:secure_apache' # This should go to Puppet
|
8
|
+
invoke 'apache:create_symbolic_link'
|
9
|
+
end
|
10
|
+
|
11
|
+
desc 'Check that the user has write permissions in the Deploy and in Apache DocumentRoot folders'
|
12
|
+
task :check_write_permissions do
|
13
|
+
invoke 'apache:check_write_permissions_on_deploy'
|
14
|
+
invoke 'apache:check_write_permissions_on_document_root'
|
15
|
+
end
|
16
|
+
|
17
|
+
desc 'Check that we have the right permission to the folder the app should be deployed to'
|
18
|
+
task :check_write_permissions_on_deploy do
|
19
|
+
on roles(:app) do |host|
|
20
|
+
debug '#' * 50
|
21
|
+
debug "Checking folder '#{fetch(:deploy_to)}' (where the application has to be deployed) "\
|
22
|
+
"for the right permissions on Host '#{host}'"
|
23
|
+
|
24
|
+
if test("[ -w #{fetch(:deploy_to)} ]")
|
25
|
+
info "#{fetch(:deploy_to)} is writable on #{host}"
|
26
|
+
else
|
27
|
+
error "#{fetch(:deploy_to)} is not writable on #{host}"
|
28
|
+
end
|
29
|
+
|
30
|
+
debug '#' * 50
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
desc 'Check that we have the right permission to the Apache DocumentRoot folder'
|
35
|
+
task :check_write_permissions_on_document_root do
|
36
|
+
on roles(:web) do |host|
|
37
|
+
debug '#' * 50
|
38
|
+
debug "Checking Apache DocumentRoot folder (#{fetch(:apache_document_root)}) permissions on Host '#{host}'"
|
39
|
+
|
40
|
+
if test("[ -w #{fetch(:apache_document_root)} ]")
|
41
|
+
info "#{fetch(:apache_document_root)} is writable on #{host}"
|
42
|
+
else
|
43
|
+
info "#{fetch(:apache_document_root)} is not writable on #{host}"
|
44
|
+
end
|
45
|
+
|
46
|
+
debug '#' * 50
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
desc 'Configure Apache configuration files'
|
51
|
+
task :configure do
|
52
|
+
on roles(:app) do
|
53
|
+
set :shared_path, "#{fetch(:deploy_to)}/shared"
|
54
|
+
set :shared_apache_path, "#{fetch(:shared_path)}/apache"
|
55
|
+
|
56
|
+
invoke 'apache:create_apache_shared_folder'
|
57
|
+
invoke 'apache:configure_app_conf_file'
|
58
|
+
invoke 'apache:configure_app_ssl_conf_file'
|
59
|
+
|
60
|
+
if remote_file_exists?('/etc/httpd/conf.d/ssl.conf')
|
61
|
+
execute "#{sudo_cmd} mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf_bck"
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
# desc 'Create Apache configuration files shared folder'
|
67
|
+
task :create_apache_shared_folder do
|
68
|
+
on roles(:app) do
|
69
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
70
|
+
|
71
|
+
debug '#' * 50
|
72
|
+
debug 'Create Apache configuration files shared folder'
|
73
|
+
|
74
|
+
debug "mkdir -p #{fetch(:shared_apache_path)}"
|
75
|
+
execute "#{sudo_cmd} mkdir -p #{fetch(:shared_apache_path)}"
|
76
|
+
|
77
|
+
debug "chmod g+ws #{fetch(:shared_apache_path)}"
|
78
|
+
execute "#{sudo_cmd} chmod g+ws #{fetch(:shared_apache_path)}"
|
79
|
+
|
80
|
+
debug '#' * 50
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
# desc 'Configure (HTTP) Apache Application configuration files'
|
85
|
+
task :configure_app_conf_file do
|
86
|
+
on roles(:app) do
|
87
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
88
|
+
|
89
|
+
debug '#' * 50
|
90
|
+
debug 'Configure (HTTP) Apache Application configuration files'
|
91
|
+
|
92
|
+
set :shared_apache_conf_file, "#{fetch(:shared_apache_path)}/app_#{fetch(:app_name_uri)}.conf"
|
93
|
+
|
94
|
+
upload! StringIO.new(File.read('config/recipes/apache_http.conf')), "#{fetch(:shared_apache_conf_file)}"
|
95
|
+
debug "chmod g+w #{fetch(:shared_apache_conf_file)}"
|
96
|
+
execute "chmod g+w #{fetch(:shared_apache_conf_file)}"
|
97
|
+
|
98
|
+
passenger_root = get_command_output('/usr/local/rvm/bin/rvm default do passenger-config --root')
|
99
|
+
ruby_path = "/#{passenger_root.split('/')[1..5].join('/')}/wrappers/ruby"
|
100
|
+
app_domain = fetch(:app_domain)
|
101
|
+
server_name = app_domain.split('/')[2]
|
102
|
+
|
103
|
+
debug "sed -i 's|<<PASSENGER_ROOT>>|#{passenger_root}|g' #{fetch(:shared_apache_conf_file)}"
|
104
|
+
execute "sed -i 's|<<PASSENGER_ROOT>>|#{passenger_root}|g' #{fetch(:shared_apache_conf_file)}"
|
105
|
+
|
106
|
+
execute "sed -i 's|<<RUBY_PATH>>|#{ruby_path}|g' #{fetch(:shared_apache_conf_file)}"
|
107
|
+
execute "sed -i 's|<<APP_DOMAIN>>|#{app_domain}|g' #{fetch(:shared_apache_conf_file)}"
|
108
|
+
execute "sed -i 's|<<SERVER_NAME>>|#{server_name}|g' #{fetch(:shared_apache_conf_file)}"
|
109
|
+
|
110
|
+
execute "#{sudo_cmd} ln -sfn #{fetch(:shared_apache_conf_file)} /etc/httpd/conf.d/"
|
111
|
+
|
112
|
+
debug '#' * 50
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
# desc 'Configure (HTTPS) Apache Application configuration files'
|
117
|
+
task :configure_app_ssl_conf_file do
|
118
|
+
on roles(:app) do
|
119
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
120
|
+
|
121
|
+
debug '#' * 50
|
122
|
+
debug 'Configure (HTTPS) Apache Application configuration files'
|
123
|
+
|
124
|
+
set :shared_apache_conf_ssl_file, "#{fetch(:shared_apache_path)}/app_#{fetch(:app_name_uri)}_ssl.conf"
|
125
|
+
|
126
|
+
upload! StringIO.new(File.read('config/recipes/apache_ssl.conf')), "#{fetch(:shared_apache_conf_ssl_file)}"
|
127
|
+
debug "chmod g+w #{fetch(:shared_apache_conf_ssl_file)}"
|
128
|
+
execute "chmod g+w #{fetch(:shared_apache_conf_ssl_file)}"
|
129
|
+
|
130
|
+
execute "sed -i 's/<<APPLICATION_NAME>>/#{fetch(:app_name_uri)}/g' #{fetch(:shared_apache_conf_ssl_file)}"
|
131
|
+
execute "sed -i 's/<<ENVIRONMENT>>/#{fetch(:environment)}/g' #{fetch(:shared_apache_conf_ssl_file)}"
|
132
|
+
|
133
|
+
execute "#{sudo_cmd} ln -sfn #{fetch(:shared_apache_conf_ssl_file)} /etc/httpd/conf.d/"
|
134
|
+
|
135
|
+
debug '#' * 50
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
desc 'Configure Apache to start at bootup'
|
140
|
+
task :chkconfig_on do
|
141
|
+
on roles(:web) do
|
142
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
143
|
+
|
144
|
+
debug '#' * 50
|
145
|
+
|
146
|
+
debug 'chkconfig httpd on'
|
147
|
+
execute "#{sudo_cmd} chkconfig httpd on"
|
148
|
+
|
149
|
+
info 'Configured Apache to start at bootup'
|
150
|
+
debug '#' * 50
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
desc 'Restart Apache (httpd) service'
|
155
|
+
task :restart do
|
156
|
+
on roles(:web) do
|
157
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
158
|
+
|
159
|
+
debug '#' * 50
|
160
|
+
|
161
|
+
debug 'service httpd stop'
|
162
|
+
execute "#{sudo_cmd} service httpd stop"
|
163
|
+
|
164
|
+
debug 'pkill -9 httpd || true'
|
165
|
+
execute "#{sudo_cmd} pkill -9 httpd || true"
|
166
|
+
|
167
|
+
debug 'service httpd start'
|
168
|
+
execute "#{sudo_cmd} service httpd start"
|
169
|
+
|
170
|
+
info 'Restarted Apache (httpd) service'
|
171
|
+
debug '#' * 50
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
175
|
+
desc 'Create symbolic link to application public folder in Apache DocumentRoot folder'
|
176
|
+
task :create_symbolic_link do
|
177
|
+
on roles(:web) do
|
178
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
179
|
+
|
180
|
+
info '#' * 50
|
181
|
+
info 'Creating application symbolic link'
|
182
|
+
|
183
|
+
debug "ln -sfn #{fetch(:deploy_to)}/current/public #{fetch(:apache_deploy_symbolic_link)}"
|
184
|
+
execute "#{sudo_cmd} ln -sfn #{fetch(:deploy_to)}/current/public #{fetch(:apache_deploy_symbolic_link)}"
|
185
|
+
|
186
|
+
info '#' * 50
|
187
|
+
end
|
188
|
+
end
|
189
|
+
|
190
|
+
desc 'Update httpd.conf to secure apache server'
|
191
|
+
task :secure_apache do
|
192
|
+
on roles(:web) do
|
193
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
194
|
+
|
195
|
+
debug '#' * 50
|
196
|
+
debug 'Update httpd.conf to secure apache server'
|
197
|
+
|
198
|
+
set :httpd_conf_file, '/etc/httpd/conf/httpd.conf'
|
199
|
+
|
200
|
+
# Replace the original Apache configuration file
|
201
|
+
if remote_file_exists?('/etc/httpd/conf/httpd.conf_bck')
|
202
|
+
info 'Apache original configuration file already backed up at: /etc/httpd/conf/httpd.conf_bck'
|
203
|
+
else
|
204
|
+
execute "#{sudo_cmd} cp -f #{fetch(:httpd_conf_file)} /etc/httpd/conf/httpd.conf_bck"
|
205
|
+
info 'Apache original configuration file backed up at: /etc/httpd/conf/httpd.conf_bck'
|
206
|
+
end
|
207
|
+
|
208
|
+
# The ServerSignature directive allows the configuration of a trailing footer line under server-generated docs
|
209
|
+
# Options: On | Off | EMail
|
210
|
+
# More details: http://httpd.apache.org/docs/current/mod/core.html#serversignature
|
211
|
+
set :server_signature_off, get_num_occurrences_in_file(fetch(:httpd_conf_file), 'ServerSignature Off')
|
212
|
+
|
213
|
+
if fetch(:server_signature_off) == 1
|
214
|
+
info 'ServerSignature Off is already set'
|
215
|
+
|
216
|
+
else
|
217
|
+
set :num_replacements, 0
|
218
|
+
%w(On Off EMail).each do |option|
|
219
|
+
set :server_signature_option,
|
220
|
+
get_num_occurrences_in_file(fetch(:httpd_conf_file), "ServerSignature #{option}")
|
221
|
+
|
222
|
+
if fetch(:server_signature_option) == 1
|
223
|
+
info "sed -i 's/ServerSignature #{option}/ServerSignature Off/g' #{fetch(:httpd_conf_file)}"
|
224
|
+
execute "#{sudo_cmd} sed -i 's/ServerSignature #{option}/ServerSignature Off/g' #{fetch(:httpd_conf_file)}"
|
225
|
+
set :num_replacements, fetch(:num_replacements) + 1
|
226
|
+
end
|
227
|
+
end
|
228
|
+
|
229
|
+
error 'ServerSignature was not found' if fetch(:num_replacements) == 0
|
230
|
+
end
|
231
|
+
|
232
|
+
# Don't give away too much information about all the subcomponents we are running.
|
233
|
+
#
|
234
|
+
# Options: Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full
|
235
|
+
# More details: http://httpd.apache.org/docs/current/mod/core.html#servertokens
|
236
|
+
set :server_token_prod, get_num_occurrences_in_file(fetch(:httpd_conf_file), 'ServerTokens Prod')
|
237
|
+
if fetch(:server_token_prod) == 1
|
238
|
+
info 'ServerTokens Prod is already set'
|
239
|
+
else
|
240
|
+
set :num_replacements, 0
|
241
|
+
%w(Major Minor Minimal Min ProductOnly Prod OS Full).each do |option|
|
242
|
+
set :server_token_option, get_num_occurrences_in_file(fetch(:httpd_conf_file), "ServerTokens #{option}")
|
243
|
+
|
244
|
+
next unless fetch(:server_token_option) == 1
|
245
|
+
|
246
|
+
# Then, only if fetch(:server_token_option) == 1
|
247
|
+
info "sed -i 's/ServerTokens #{option}/ServerTokens Prod/g' #{fetch(:httpd_conf_file)}"
|
248
|
+
execute "#{sudo_cmd} sed -i 's/ServerTokens #{option}/ServerTokens Prod/g' #{fetch(:httpd_conf_file)}"
|
249
|
+
set :num_replacements, fetch(:num_replacements) + 1
|
250
|
+
end
|
251
|
+
|
252
|
+
error 'ServerTokens was not found' if fetch(:num_replacements) == 0
|
253
|
+
end
|
254
|
+
|
255
|
+
# Do not allow browsing outside the document root
|
256
|
+
#
|
257
|
+
# <Directory />
|
258
|
+
# Order Deny,Allow
|
259
|
+
# Deny from all
|
260
|
+
# Options None
|
261
|
+
# AllowOverride None
|
262
|
+
# </Directory>
|
263
|
+
#
|
264
|
+
message_line_1 = '# Default Directory configuration changed via Capistrano.'
|
265
|
+
|
266
|
+
set :server_dir_secure_configuration, get_num_occurrences_in_file(fetch(:httpd_conf_file), message_line_1)
|
267
|
+
|
268
|
+
if fetch(:server_token_prod) == 1
|
269
|
+
info 'The correct directory configuration is already correctly set'
|
270
|
+
else
|
271
|
+
|
272
|
+
set :tmp_dir_original_config, '/tmp/tmp_dir_original_config.conf'
|
273
|
+
set :tmp_dir_original_commented_config, '/tmp/tmp_dir_original_commented_config.conf'
|
274
|
+
set :tmp_dir_new_config, '/tmp/tmp_dir_new_config.conf'
|
275
|
+
|
276
|
+
# Create a temporary copy of the Apache configuration file
|
277
|
+
set :tmp_httpd_file, '/tmp/httpd.conf'
|
278
|
+
execute :cp, '-f', "#{fetch(:httpd_conf_file)} #{fetch(:tmp_httpd_file)}"
|
279
|
+
|
280
|
+
set :grep_for_directory, "grep -Pzo '^([ ]*<Directory />[ ]*)(\\n.*)+(\\n[ ]*</Directory>[ ]*)(\\n){1}$' "\
|
281
|
+
"#{fetch(:tmp_httpd_file)}"
|
282
|
+
|
283
|
+
# How many lines have the original configuration
|
284
|
+
command = "#{fetch(:grep_for_directory)} | grep -n '</Directory>' | head -n 1 | cut -d ':' -f1"
|
285
|
+
set :def_directory_num_lines, get_command_output(command).to_i
|
286
|
+
debug "Original configuration has #{fetch(:def_directory_num_lines)} lines."
|
287
|
+
|
288
|
+
# Saves to a file the original configuration
|
289
|
+
command = "#{fetch(:grep_for_directory)} | "\
|
290
|
+
"head -n #{fetch(:def_directory_num_lines)} > #{fetch(:tmp_dir_original_config)}"
|
291
|
+
debug command
|
292
|
+
execute command
|
293
|
+
|
294
|
+
# Saves to a file the original configuration commented
|
295
|
+
execute :cp, '-f', "#{fetch(:tmp_dir_original_config)} #{fetch(:tmp_dir_original_commented_config)}"
|
296
|
+
execute "sed -e 's/^/#/' -i #{fetch(:tmp_dir_original_commented_config)}"
|
297
|
+
|
298
|
+
# Save to a file the new desired configuration
|
299
|
+
new_directory_configs = <<-EOF
|
300
|
+
|
301
|
+
#Do not allow browsing outside the document root
|
302
|
+
<Directory />
|
303
|
+
Order Deny,Allow
|
304
|
+
Deny from all
|
305
|
+
Options None
|
306
|
+
AllowOverride None
|
307
|
+
</Directory>
|
308
|
+
|
309
|
+
EOF
|
310
|
+
upload! StringIO.new(new_directory_configs), "#{fetch(:tmp_dir_new_config)}"
|
311
|
+
|
312
|
+
# Update the new configuration file to have the original configuration commented
|
313
|
+
debug "cat #{fetch(:tmp_dir_new_config)} >> #{fetch(:tmp_dir_original_commented_config)}"
|
314
|
+
execute "cat #{fetch(:tmp_dir_new_config)} >> #{fetch(:tmp_dir_original_commented_config)}"
|
315
|
+
execute "mv -f #{fetch(:tmp_dir_original_commented_config)} #{fetch(:tmp_dir_new_config)}"
|
316
|
+
|
317
|
+
# Generates the special SED parameter: 'N;' per line that should be replaced
|
318
|
+
special_sed_param = 'N;' * fetch(:def_directory_num_lines)
|
319
|
+
debug "Special sed parameter is: ''#{special_sed_param}''"
|
320
|
+
|
321
|
+
# Replace the old original directory configuration for a specific message (in the temporary file)
|
322
|
+
message_complete = "#{message_line_1}\\n#\\n"
|
323
|
+
command_to_replace = "out=$(sed -e :a -e '$!N;s/\\n/.*/;ta' #{fetch(:tmp_dir_original_config)} | "\
|
324
|
+
"sed -e :a -e '$!N;s/\//./;ta'); sed -i '/<Directory .>.*/ {#{special_sed_param} "\
|
325
|
+
"s/'$out'/#{message_complete}/g}' #{fetch(:tmp_httpd_file)}"
|
326
|
+
debug command_to_replace
|
327
|
+
execute command_to_replace
|
328
|
+
|
329
|
+
# Search for the line where the message was inserted
|
330
|
+
command = "grep -n '#{message_line_1}' #{fetch(:tmp_httpd_file)} | cut -d':' -f 1"
|
331
|
+
debug command
|
332
|
+
line_with_match = get_command_output(command).to_i
|
333
|
+
next_line = line_with_match + 1
|
334
|
+
debug "New configuration will be added to line #{next_line}"
|
335
|
+
|
336
|
+
# Inserts the new directory configuration (with the old configuration commented)
|
337
|
+
# in the line following the comment added before
|
338
|
+
command = "sed '#{next_line}r #{fetch(:tmp_dir_new_config)}' < #{fetch(:tmp_httpd_file)} "\
|
339
|
+
'> tmp_httpd_new_conf_merge.conf'
|
340
|
+
|
341
|
+
debug command
|
342
|
+
execute command
|
343
|
+
execute "mv -f tmp_httpd_new_conf_merge.conf #{fetch(:tmp_httpd_file)}"
|
344
|
+
|
345
|
+
# Replace the original Apache configuration file
|
346
|
+
execute "#{sudo_cmd} mv -f #{fetch(:tmp_httpd_file)} #{fetch(:httpd_conf_file)}"
|
347
|
+
|
348
|
+
# Remove all created temporary files
|
349
|
+
execute "rm -f #{fetch(:tmp_dir_original_config)} #{fetch(:tmp_dir_original_commented_config)} "\
|
350
|
+
"#{fetch(:tmp_dir_new_config)} #{fetch(:tmp_httpd_file)}"
|
351
|
+
end
|
352
|
+
end
|
353
|
+
end
|
354
|
+
end
|