capistrano-exfel 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +17 -0
- data/.rubocop.yml +20 -0
- data/Gemfile +7 -0
- data/LICENSE.txt +22 -0
- data/README.md +31 -0
- data/Rakefile +1 -0
- data/capistrano-exfel.gemspec +24 -0
- data/config/recipes/apache_http.conf +46 -0
- data/config/recipes/apache_ssl.conf +252 -0
- data/config/recipes/config/database_mysql.yml +38 -0
- data/config/recipes/config/database_postgresql.yml +41 -0
- data/config/recipes/config/database_sqlite.yml +18 -0
- data/config/recipes/config/secrets_example.yml +47 -0
- data/lib/capistrano/exfel.rb +7 -0
- data/lib/capistrano/exfel/sl6.rb +19 -0
- data/lib/capistrano/exfel/version.rb +6 -0
- data/lib/capistrano/tasks/apache.rake +354 -0
- data/lib/capistrano/tasks/app_home.rake +127 -0
- data/lib/capistrano/tasks/application.rake +224 -0
- data/lib/capistrano/tasks/database.rake +106 -0
- data/lib/capistrano/tasks/secrets.rake +106 -0
- data/lib/capistrano/tasks/util.rake +56 -0
- metadata +96 -0
@@ -0,0 +1,41 @@
|
|
1
|
+
# PostgreSQL. Versions 7.4 and 8.x are supported.
|
2
|
+
#
|
3
|
+
# Install the pg driver:
|
4
|
+
# gem install pg
|
5
|
+
# On Mac OS X with macports:
|
6
|
+
# gem install pg -- --with-pg-config=/opt/local/lib/postgresql84/bin/pg_config
|
7
|
+
# On Windows:
|
8
|
+
# gem install pg
|
9
|
+
# Choose the win32 build.
|
10
|
+
# Install PostgreSQL and put its /bin directory on your path.
|
11
|
+
base: &base
|
12
|
+
adapter: postgresql
|
13
|
+
encoding: utf8
|
14
|
+
pool: 5
|
15
|
+
timeout: 5000
|
16
|
+
database: <<database_name>>
|
17
|
+
username: <<database_username>>
|
18
|
+
password: <<database_password>>
|
19
|
+
|
20
|
+
# Connect on a TCP socket. Omitted by default since the client uses a
|
21
|
+
# domain socket that doesn't need configuration. Windows does not have
|
22
|
+
# domain sockets, so uncomment these lines.
|
23
|
+
host: <<database_host>>
|
24
|
+
port: 5432
|
25
|
+
|
26
|
+
# Schema search path. The server defaults to $user,public
|
27
|
+
#schema_search_path: myapp,sharedapp,public
|
28
|
+
|
29
|
+
# Minimum log levels, in increasing order:
|
30
|
+
# debug5, debug4, debug3, debug2, debug1, log, notice, warning, error, fatal, panic
|
31
|
+
# The server defaults is: notice
|
32
|
+
#min_messages: warning
|
33
|
+
|
34
|
+
development:
|
35
|
+
<<: *base
|
36
|
+
|
37
|
+
test:
|
38
|
+
<<: *base
|
39
|
+
|
40
|
+
production:
|
41
|
+
<<: *base
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# SQLite version 3.x
|
2
|
+
# gem install sqlite3
|
3
|
+
base: &base
|
4
|
+
adapter: sqlite3
|
5
|
+
pool: 5
|
6
|
+
timeout: 5000
|
7
|
+
|
8
|
+
development:
|
9
|
+
database: db/development.sqlite3
|
10
|
+
<<: *base
|
11
|
+
|
12
|
+
test:
|
13
|
+
database: db/test.sqlite3
|
14
|
+
<<: *base
|
15
|
+
|
16
|
+
production:
|
17
|
+
database: db/production.sqlite3
|
18
|
+
<<: *base
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Your secret key is used for verifying the integrity of signed cookies.
|
4
|
+
# If you change this key, all old signed cookies will become invalid!
|
5
|
+
|
6
|
+
# Make sure the secret is at least 30 characters and all random,
|
7
|
+
# no regular words or you'll be exposed to dictionary attacks.
|
8
|
+
# You can use `rake secret` to generate a secure secret key.
|
9
|
+
|
10
|
+
# Make sure the secrets in this file are kept private
|
11
|
+
# if you're sharing your code publicly.
|
12
|
+
|
13
|
+
development:
|
14
|
+
# Application secret_key_base (run 'rake secret' to generate a new secret)
|
15
|
+
secret_key_base: '___secret_that_must_be_replaced_after_deploy___'
|
16
|
+
|
17
|
+
# Application name
|
18
|
+
app_name: 'MyApp'
|
19
|
+
|
20
|
+
### config_ApacheServer_with_uri
|
21
|
+
#
|
22
|
+
site_domain: 'https://in.xfel.eu/'
|
23
|
+
app_sub_domain_uri: 'dev_my_app'
|
24
|
+
routes_base_uri: ''
|
25
|
+
app_full_url: 'https://in.xfel.eu/dev_my_app'
|
26
|
+
|
27
|
+
test:
|
28
|
+
secret_key_base: '___secret_that_must_be_replaced_after_deploy___'
|
29
|
+
#
|
30
|
+
app_name: 'MyApp'
|
31
|
+
#
|
32
|
+
site_domain: 'https://in.xfel.eu/'
|
33
|
+
app_sub_domain_name: 'test_my_app'
|
34
|
+
routes_base_uri: ''
|
35
|
+
app_full_url: 'https://in.xfel.eu/test_my_app'
|
36
|
+
|
37
|
+
# Do not keep production secrets in the repository,
|
38
|
+
# instead read values from the environment.
|
39
|
+
production:
|
40
|
+
secret_key_base: '___secret_that_must_be_replaced_after_deploy___'
|
41
|
+
#
|
42
|
+
app_name: 'MyApp'
|
43
|
+
#
|
44
|
+
site_domain: 'https://in.xfel.eu/'
|
45
|
+
app_sub_domain_name: 'my_app'
|
46
|
+
routes_base_uri: ''
|
47
|
+
app_full_url: 'https://in.xfel.eu/my_app'
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# Load DSL and Setup Up Stages
|
2
|
+
require 'capistrano/setup'
|
3
|
+
|
4
|
+
# Includes default deployment tasks
|
5
|
+
require 'capistrano/deploy'
|
6
|
+
|
7
|
+
# Includes tasks from other gems included in your Gemfile
|
8
|
+
require 'capistrano/rvm'
|
9
|
+
|
10
|
+
# We're going to use the full capistrano/rails since
|
11
|
+
# it includes the asset compilation, DB migrations and bundler
|
12
|
+
require 'capistrano/rails'
|
13
|
+
|
14
|
+
load File.expand_path('../../tasks/apache.rake', __FILE__)
|
15
|
+
load File.expand_path('../../tasks/app_home.rake', __FILE__)
|
16
|
+
load File.expand_path('../../tasks/application.rake', __FILE__)
|
17
|
+
load File.expand_path('../../tasks/database.rake', __FILE__)
|
18
|
+
load File.expand_path('../../tasks/secrets.rake', __FILE__)
|
19
|
+
load File.expand_path('../../tasks/util.rake', __FILE__)
|
@@ -0,0 +1,354 @@
|
|
1
|
+
namespace :apache do
|
2
|
+
desc 'Configure Apache (httpd) and restart it'
|
3
|
+
task :configure_and_start do
|
4
|
+
invoke 'apache:configure'
|
5
|
+
invoke 'apache:chkconfig_on'
|
6
|
+
# invoke 'apache:restart'
|
7
|
+
invoke 'apache:secure_apache' # This should go to Puppet
|
8
|
+
invoke 'apache:create_symbolic_link'
|
9
|
+
end
|
10
|
+
|
11
|
+
desc 'Check that the user has write permissions in the Deploy and in Apache DocumentRoot folders'
|
12
|
+
task :check_write_permissions do
|
13
|
+
invoke 'apache:check_write_permissions_on_deploy'
|
14
|
+
invoke 'apache:check_write_permissions_on_document_root'
|
15
|
+
end
|
16
|
+
|
17
|
+
desc 'Check that we have the right permission to the folder the app should be deployed to'
|
18
|
+
task :check_write_permissions_on_deploy do
|
19
|
+
on roles(:app) do |host|
|
20
|
+
debug '#' * 50
|
21
|
+
debug "Checking folder '#{fetch(:deploy_to)}' (where the application has to be deployed) "\
|
22
|
+
"for the right permissions on Host '#{host}'"
|
23
|
+
|
24
|
+
if test("[ -w #{fetch(:deploy_to)} ]")
|
25
|
+
info "#{fetch(:deploy_to)} is writable on #{host}"
|
26
|
+
else
|
27
|
+
error "#{fetch(:deploy_to)} is not writable on #{host}"
|
28
|
+
end
|
29
|
+
|
30
|
+
debug '#' * 50
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
desc 'Check that we have the right permission to the Apache DocumentRoot folder'
|
35
|
+
task :check_write_permissions_on_document_root do
|
36
|
+
on roles(:web) do |host|
|
37
|
+
debug '#' * 50
|
38
|
+
debug "Checking Apache DocumentRoot folder (#{fetch(:apache_document_root)}) permissions on Host '#{host}'"
|
39
|
+
|
40
|
+
if test("[ -w #{fetch(:apache_document_root)} ]")
|
41
|
+
info "#{fetch(:apache_document_root)} is writable on #{host}"
|
42
|
+
else
|
43
|
+
info "#{fetch(:apache_document_root)} is not writable on #{host}"
|
44
|
+
end
|
45
|
+
|
46
|
+
debug '#' * 50
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
desc 'Configure Apache configuration files'
|
51
|
+
task :configure do
|
52
|
+
on roles(:app) do
|
53
|
+
set :shared_path, "#{fetch(:deploy_to)}/shared"
|
54
|
+
set :shared_apache_path, "#{fetch(:shared_path)}/apache"
|
55
|
+
|
56
|
+
invoke 'apache:create_apache_shared_folder'
|
57
|
+
invoke 'apache:configure_app_conf_file'
|
58
|
+
invoke 'apache:configure_app_ssl_conf_file'
|
59
|
+
|
60
|
+
if remote_file_exists?('/etc/httpd/conf.d/ssl.conf')
|
61
|
+
execute "#{sudo_cmd} mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf_bck"
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
# desc 'Create Apache configuration files shared folder'
|
67
|
+
task :create_apache_shared_folder do
|
68
|
+
on roles(:app) do
|
69
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
70
|
+
|
71
|
+
debug '#' * 50
|
72
|
+
debug 'Create Apache configuration files shared folder'
|
73
|
+
|
74
|
+
debug "mkdir -p #{fetch(:shared_apache_path)}"
|
75
|
+
execute "#{sudo_cmd} mkdir -p #{fetch(:shared_apache_path)}"
|
76
|
+
|
77
|
+
debug "chmod g+ws #{fetch(:shared_apache_path)}"
|
78
|
+
execute "#{sudo_cmd} chmod g+ws #{fetch(:shared_apache_path)}"
|
79
|
+
|
80
|
+
debug '#' * 50
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
# desc 'Configure (HTTP) Apache Application configuration files'
|
85
|
+
task :configure_app_conf_file do
|
86
|
+
on roles(:app) do
|
87
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
88
|
+
|
89
|
+
debug '#' * 50
|
90
|
+
debug 'Configure (HTTP) Apache Application configuration files'
|
91
|
+
|
92
|
+
set :shared_apache_conf_file, "#{fetch(:shared_apache_path)}/app_#{fetch(:app_name_uri)}.conf"
|
93
|
+
|
94
|
+
upload! StringIO.new(File.read('config/recipes/apache_http.conf')), "#{fetch(:shared_apache_conf_file)}"
|
95
|
+
debug "chmod g+w #{fetch(:shared_apache_conf_file)}"
|
96
|
+
execute "chmod g+w #{fetch(:shared_apache_conf_file)}"
|
97
|
+
|
98
|
+
passenger_root = get_command_output('/usr/local/rvm/bin/rvm default do passenger-config --root')
|
99
|
+
ruby_path = "/#{passenger_root.split('/')[1..5].join('/')}/wrappers/ruby"
|
100
|
+
app_domain = fetch(:app_domain)
|
101
|
+
server_name = app_domain.split('/')[2]
|
102
|
+
|
103
|
+
debug "sed -i 's|<<PASSENGER_ROOT>>|#{passenger_root}|g' #{fetch(:shared_apache_conf_file)}"
|
104
|
+
execute "sed -i 's|<<PASSENGER_ROOT>>|#{passenger_root}|g' #{fetch(:shared_apache_conf_file)}"
|
105
|
+
|
106
|
+
execute "sed -i 's|<<RUBY_PATH>>|#{ruby_path}|g' #{fetch(:shared_apache_conf_file)}"
|
107
|
+
execute "sed -i 's|<<APP_DOMAIN>>|#{app_domain}|g' #{fetch(:shared_apache_conf_file)}"
|
108
|
+
execute "sed -i 's|<<SERVER_NAME>>|#{server_name}|g' #{fetch(:shared_apache_conf_file)}"
|
109
|
+
|
110
|
+
execute "#{sudo_cmd} ln -sfn #{fetch(:shared_apache_conf_file)} /etc/httpd/conf.d/"
|
111
|
+
|
112
|
+
debug '#' * 50
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
# desc 'Configure (HTTPS) Apache Application configuration files'
|
117
|
+
task :configure_app_ssl_conf_file do
|
118
|
+
on roles(:app) do
|
119
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
120
|
+
|
121
|
+
debug '#' * 50
|
122
|
+
debug 'Configure (HTTPS) Apache Application configuration files'
|
123
|
+
|
124
|
+
set :shared_apache_conf_ssl_file, "#{fetch(:shared_apache_path)}/app_#{fetch(:app_name_uri)}_ssl.conf"
|
125
|
+
|
126
|
+
upload! StringIO.new(File.read('config/recipes/apache_ssl.conf')), "#{fetch(:shared_apache_conf_ssl_file)}"
|
127
|
+
debug "chmod g+w #{fetch(:shared_apache_conf_ssl_file)}"
|
128
|
+
execute "chmod g+w #{fetch(:shared_apache_conf_ssl_file)}"
|
129
|
+
|
130
|
+
execute "sed -i 's/<<APPLICATION_NAME>>/#{fetch(:app_name_uri)}/g' #{fetch(:shared_apache_conf_ssl_file)}"
|
131
|
+
execute "sed -i 's/<<ENVIRONMENT>>/#{fetch(:environment)}/g' #{fetch(:shared_apache_conf_ssl_file)}"
|
132
|
+
|
133
|
+
execute "#{sudo_cmd} ln -sfn #{fetch(:shared_apache_conf_ssl_file)} /etc/httpd/conf.d/"
|
134
|
+
|
135
|
+
debug '#' * 50
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
desc 'Configure Apache to start at bootup'
|
140
|
+
task :chkconfig_on do
|
141
|
+
on roles(:web) do
|
142
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
143
|
+
|
144
|
+
debug '#' * 50
|
145
|
+
|
146
|
+
debug 'chkconfig httpd on'
|
147
|
+
execute "#{sudo_cmd} chkconfig httpd on"
|
148
|
+
|
149
|
+
info 'Configured Apache to start at bootup'
|
150
|
+
debug '#' * 50
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
desc 'Restart Apache (httpd) service'
|
155
|
+
task :restart do
|
156
|
+
on roles(:web) do
|
157
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
158
|
+
|
159
|
+
debug '#' * 50
|
160
|
+
|
161
|
+
debug 'service httpd stop'
|
162
|
+
execute "#{sudo_cmd} service httpd stop"
|
163
|
+
|
164
|
+
debug 'pkill -9 httpd || true'
|
165
|
+
execute "#{sudo_cmd} pkill -9 httpd || true"
|
166
|
+
|
167
|
+
debug 'service httpd start'
|
168
|
+
execute "#{sudo_cmd} service httpd start"
|
169
|
+
|
170
|
+
info 'Restarted Apache (httpd) service'
|
171
|
+
debug '#' * 50
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
175
|
+
desc 'Create symbolic link to application public folder in Apache DocumentRoot folder'
|
176
|
+
task :create_symbolic_link do
|
177
|
+
on roles(:web) do
|
178
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
179
|
+
|
180
|
+
info '#' * 50
|
181
|
+
info 'Creating application symbolic link'
|
182
|
+
|
183
|
+
debug "ln -sfn #{fetch(:deploy_to)}/current/public #{fetch(:apache_deploy_symbolic_link)}"
|
184
|
+
execute "#{sudo_cmd} ln -sfn #{fetch(:deploy_to)}/current/public #{fetch(:apache_deploy_symbolic_link)}"
|
185
|
+
|
186
|
+
info '#' * 50
|
187
|
+
end
|
188
|
+
end
|
189
|
+
|
190
|
+
desc 'Update httpd.conf to secure apache server'
|
191
|
+
task :secure_apache do
|
192
|
+
on roles(:web) do
|
193
|
+
sudo_cmd = "echo #{fetch(:password)} | sudo -S"
|
194
|
+
|
195
|
+
debug '#' * 50
|
196
|
+
debug 'Update httpd.conf to secure apache server'
|
197
|
+
|
198
|
+
set :httpd_conf_file, '/etc/httpd/conf/httpd.conf'
|
199
|
+
|
200
|
+
# Replace the original Apache configuration file
|
201
|
+
if remote_file_exists?('/etc/httpd/conf/httpd.conf_bck')
|
202
|
+
info 'Apache original configuration file already backed up at: /etc/httpd/conf/httpd.conf_bck'
|
203
|
+
else
|
204
|
+
execute "#{sudo_cmd} cp -f #{fetch(:httpd_conf_file)} /etc/httpd/conf/httpd.conf_bck"
|
205
|
+
info 'Apache original configuration file backed up at: /etc/httpd/conf/httpd.conf_bck'
|
206
|
+
end
|
207
|
+
|
208
|
+
# The ServerSignature directive allows the configuration of a trailing footer line under server-generated docs
|
209
|
+
# Options: On | Off | EMail
|
210
|
+
# More details: http://httpd.apache.org/docs/current/mod/core.html#serversignature
|
211
|
+
set :server_signature_off, get_num_occurrences_in_file(fetch(:httpd_conf_file), 'ServerSignature Off')
|
212
|
+
|
213
|
+
if fetch(:server_signature_off) == 1
|
214
|
+
info 'ServerSignature Off is already set'
|
215
|
+
|
216
|
+
else
|
217
|
+
set :num_replacements, 0
|
218
|
+
%w(On Off EMail).each do |option|
|
219
|
+
set :server_signature_option,
|
220
|
+
get_num_occurrences_in_file(fetch(:httpd_conf_file), "ServerSignature #{option}")
|
221
|
+
|
222
|
+
if fetch(:server_signature_option) == 1
|
223
|
+
info "sed -i 's/ServerSignature #{option}/ServerSignature Off/g' #{fetch(:httpd_conf_file)}"
|
224
|
+
execute "#{sudo_cmd} sed -i 's/ServerSignature #{option}/ServerSignature Off/g' #{fetch(:httpd_conf_file)}"
|
225
|
+
set :num_replacements, fetch(:num_replacements) + 1
|
226
|
+
end
|
227
|
+
end
|
228
|
+
|
229
|
+
error 'ServerSignature was not found' if fetch(:num_replacements) == 0
|
230
|
+
end
|
231
|
+
|
232
|
+
# Don't give away too much information about all the subcomponents we are running.
|
233
|
+
#
|
234
|
+
# Options: Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full
|
235
|
+
# More details: http://httpd.apache.org/docs/current/mod/core.html#servertokens
|
236
|
+
set :server_token_prod, get_num_occurrences_in_file(fetch(:httpd_conf_file), 'ServerTokens Prod')
|
237
|
+
if fetch(:server_token_prod) == 1
|
238
|
+
info 'ServerTokens Prod is already set'
|
239
|
+
else
|
240
|
+
set :num_replacements, 0
|
241
|
+
%w(Major Minor Minimal Min ProductOnly Prod OS Full).each do |option|
|
242
|
+
set :server_token_option, get_num_occurrences_in_file(fetch(:httpd_conf_file), "ServerTokens #{option}")
|
243
|
+
|
244
|
+
next unless fetch(:server_token_option) == 1
|
245
|
+
|
246
|
+
# Then, only if fetch(:server_token_option) == 1
|
247
|
+
info "sed -i 's/ServerTokens #{option}/ServerTokens Prod/g' #{fetch(:httpd_conf_file)}"
|
248
|
+
execute "#{sudo_cmd} sed -i 's/ServerTokens #{option}/ServerTokens Prod/g' #{fetch(:httpd_conf_file)}"
|
249
|
+
set :num_replacements, fetch(:num_replacements) + 1
|
250
|
+
end
|
251
|
+
|
252
|
+
error 'ServerTokens was not found' if fetch(:num_replacements) == 0
|
253
|
+
end
|
254
|
+
|
255
|
+
# Do not allow browsing outside the document root
|
256
|
+
#
|
257
|
+
# <Directory />
|
258
|
+
# Order Deny,Allow
|
259
|
+
# Deny from all
|
260
|
+
# Options None
|
261
|
+
# AllowOverride None
|
262
|
+
# </Directory>
|
263
|
+
#
|
264
|
+
message_line_1 = '# Default Directory configuration changed via Capistrano.'
|
265
|
+
|
266
|
+
set :server_dir_secure_configuration, get_num_occurrences_in_file(fetch(:httpd_conf_file), message_line_1)
|
267
|
+
|
268
|
+
if fetch(:server_token_prod) == 1
|
269
|
+
info 'The correct directory configuration is already correctly set'
|
270
|
+
else
|
271
|
+
|
272
|
+
set :tmp_dir_original_config, '/tmp/tmp_dir_original_config.conf'
|
273
|
+
set :tmp_dir_original_commented_config, '/tmp/tmp_dir_original_commented_config.conf'
|
274
|
+
set :tmp_dir_new_config, '/tmp/tmp_dir_new_config.conf'
|
275
|
+
|
276
|
+
# Create a temporary copy of the Apache configuration file
|
277
|
+
set :tmp_httpd_file, '/tmp/httpd.conf'
|
278
|
+
execute :cp, '-f', "#{fetch(:httpd_conf_file)} #{fetch(:tmp_httpd_file)}"
|
279
|
+
|
280
|
+
set :grep_for_directory, "grep -Pzo '^([ ]*<Directory />[ ]*)(\\n.*)+(\\n[ ]*</Directory>[ ]*)(\\n){1}$' "\
|
281
|
+
"#{fetch(:tmp_httpd_file)}"
|
282
|
+
|
283
|
+
# How many lines have the original configuration
|
284
|
+
command = "#{fetch(:grep_for_directory)} | grep -n '</Directory>' | head -n 1 | cut -d ':' -f1"
|
285
|
+
set :def_directory_num_lines, get_command_output(command).to_i
|
286
|
+
debug "Original configuration has #{fetch(:def_directory_num_lines)} lines."
|
287
|
+
|
288
|
+
# Saves to a file the original configuration
|
289
|
+
command = "#{fetch(:grep_for_directory)} | "\
|
290
|
+
"head -n #{fetch(:def_directory_num_lines)} > #{fetch(:tmp_dir_original_config)}"
|
291
|
+
debug command
|
292
|
+
execute command
|
293
|
+
|
294
|
+
# Saves to a file the original configuration commented
|
295
|
+
execute :cp, '-f', "#{fetch(:tmp_dir_original_config)} #{fetch(:tmp_dir_original_commented_config)}"
|
296
|
+
execute "sed -e 's/^/#/' -i #{fetch(:tmp_dir_original_commented_config)}"
|
297
|
+
|
298
|
+
# Save to a file the new desired configuration
|
299
|
+
new_directory_configs = <<-EOF
|
300
|
+
|
301
|
+
#Do not allow browsing outside the document root
|
302
|
+
<Directory />
|
303
|
+
Order Deny,Allow
|
304
|
+
Deny from all
|
305
|
+
Options None
|
306
|
+
AllowOverride None
|
307
|
+
</Directory>
|
308
|
+
|
309
|
+
EOF
|
310
|
+
upload! StringIO.new(new_directory_configs), "#{fetch(:tmp_dir_new_config)}"
|
311
|
+
|
312
|
+
# Update the new configuration file to have the original configuration commented
|
313
|
+
debug "cat #{fetch(:tmp_dir_new_config)} >> #{fetch(:tmp_dir_original_commented_config)}"
|
314
|
+
execute "cat #{fetch(:tmp_dir_new_config)} >> #{fetch(:tmp_dir_original_commented_config)}"
|
315
|
+
execute "mv -f #{fetch(:tmp_dir_original_commented_config)} #{fetch(:tmp_dir_new_config)}"
|
316
|
+
|
317
|
+
# Generates the special SED parameter: 'N;' per line that should be replaced
|
318
|
+
special_sed_param = 'N;' * fetch(:def_directory_num_lines)
|
319
|
+
debug "Special sed parameter is: ''#{special_sed_param}''"
|
320
|
+
|
321
|
+
# Replace the old original directory configuration for a specific message (in the temporary file)
|
322
|
+
message_complete = "#{message_line_1}\\n#\\n"
|
323
|
+
command_to_replace = "out=$(sed -e :a -e '$!N;s/\\n/.*/;ta' #{fetch(:tmp_dir_original_config)} | "\
|
324
|
+
"sed -e :a -e '$!N;s/\//./;ta'); sed -i '/<Directory .>.*/ {#{special_sed_param} "\
|
325
|
+
"s/'$out'/#{message_complete}/g}' #{fetch(:tmp_httpd_file)}"
|
326
|
+
debug command_to_replace
|
327
|
+
execute command_to_replace
|
328
|
+
|
329
|
+
# Search for the line where the message was inserted
|
330
|
+
command = "grep -n '#{message_line_1}' #{fetch(:tmp_httpd_file)} | cut -d':' -f 1"
|
331
|
+
debug command
|
332
|
+
line_with_match = get_command_output(command).to_i
|
333
|
+
next_line = line_with_match + 1
|
334
|
+
debug "New configuration will be added to line #{next_line}"
|
335
|
+
|
336
|
+
# Inserts the new directory configuration (with the old configuration commented)
|
337
|
+
# in the line following the comment added before
|
338
|
+
command = "sed '#{next_line}r #{fetch(:tmp_dir_new_config)}' < #{fetch(:tmp_httpd_file)} "\
|
339
|
+
'> tmp_httpd_new_conf_merge.conf'
|
340
|
+
|
341
|
+
debug command
|
342
|
+
execute command
|
343
|
+
execute "mv -f tmp_httpd_new_conf_merge.conf #{fetch(:tmp_httpd_file)}"
|
344
|
+
|
345
|
+
# Replace the original Apache configuration file
|
346
|
+
execute "#{sudo_cmd} mv -f #{fetch(:tmp_httpd_file)} #{fetch(:httpd_conf_file)}"
|
347
|
+
|
348
|
+
# Remove all created temporary files
|
349
|
+
execute "rm -f #{fetch(:tmp_dir_original_config)} #{fetch(:tmp_dir_original_commented_config)} "\
|
350
|
+
"#{fetch(:tmp_dir_new_config)} #{fetch(:tmp_httpd_file)}"
|
351
|
+
end
|
352
|
+
end
|
353
|
+
end
|
354
|
+
end
|