capistrano-exfel 0.0.14 → 0.0.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: '0569ba176090d8b657cc3b7059eb8082da43c73f'
-  data.tar.gz: 9a2bb7195b604db0fc96609349e843ad0a1866dd
+  metadata.gz: 2d5b83d102f385412f3033766066c168e36c0664
+  data.tar.gz: dee59900cbfcefe28b4daf36524972b0ff3a356b
 SHA512:
-  metadata.gz: 76fdc51fbf356b166ba49139246e8ee75b12c87f00d1002dd417e570801553ad34b19f570418c0c0b4d4f7b6cdf2a55ce79a35054a7fe13d5c38c10c6a98d21c
-  data.tar.gz: d7c38561029507cc3c4167ff7069a19715ceda2afea9b6de631c6e307333c8721e2f0bdd9348c516fa7fa598d4acd63d24d512c663d24faacf17709d1cd57b74
+  metadata.gz: a433e4230b37e00f681ebf6999bf8435a0de194ab0ea6f0916782d95ea30f8d450e81e0cb98ae3a56d3567b71ff9f762d97d3cf27465fc48808b5653d427ac9e
+  data.tar.gz: 214ac7f19d5ad2457930a501282abefb66e5a502a5198eab2cc5818ae9b44e72320e2e4857d6e1e2397c051a6eaf727a6c1ed9188cee2b95032520d571923e15

data/.rubocop.yml

@@ -22,4 +22,10 @@ Style/Lambda:
 #
 # Block has too many lines.
 Metrics/BlockLength:
-  Max: 100 # Default 25
+  Max: 160 # Default 25
+
+#
+# Use 2 spaces for indentation in a heredoc by using some library(e.g. ActiveSupport's String#strip_heredoc).
+Style/IndentHeredoc:
+  Exclude:
+    - 'lib/capistrano/tasks/apache_sl6.rake'

data/Gemfile

@@ -4,4 +4,4 @@ source 'https://rubygems.org'
 gemspec
 
 # Use Rubocop to validate ruby code syntax
-gem 'rubocop', '~> 0.47.1', require: false, group: :development
+gem 'rubocop', '0.48.0', require: false, group: :development

data/README.md

@@ -12,7 +12,7 @@ Add these lines to your application's Gemfile:
     gem 'capistrano', '~> 3.4.0'
     gem 'capistrano-rails', '~> 1.1.2'
     gem 'capistrano-rvm', '~> 0.1.2'
-    gem 'capistrano-exfel', '~> 0.0.14'
+    gem 'capistrano-exfel', '~> 0.0.16'
 
 And then execute:
 
@@ -24,11 +24,17 @@ Or install it yourself as:
 
 ## Usage
 
-Add this line to your `Capfile`:
+Add this line to your `Capfile` for Scientific Linux 6 machines:
 
     # Load Capistrano Exfel Scientific Linux 6 tasks
     require 'capistrano/exfel/sl6'
 
+Add this line to your `Capfile` for CentOS 7 machines::
+
+    # Load Capistrano Exfel CentOS tasks
+    require 'capistrano/exfel/co7'
+
+
 This gem will reuse `capistrano-rails` and `capistrano-rvm` tasks to build the following tasks:
 
 Task **application:deploy_first_time**:

data/capistrano-exfel.gemspec

@@ -1,4 +1,5 @@
 # coding: utf-8
+
 lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'capistrano/exfel/version'

data/lib/capistrano/exfel/co7.rb

@@ -0,0 +1,20 @@
+# Load DSL and Setup Up Stages
+require 'capistrano/setup'
+
+# Includes default deployment tasks
+require 'capistrano/deploy'
+
+# Includes tasks from other gems included in your Gemfile
+require 'capistrano/rvm'
+
+# We're going to use the full capistrano/rails since
+# it includes the asset compilation, DB migrations and bundler
+require 'capistrano/rails'
+
+load File.expand_path('../../tasks/apache.rake', __FILE__)
+load File.expand_path('../../tasks/apache_co7.rake', __FILE__)
+load File.expand_path('../../tasks/app_home.rake', __FILE__)
+load File.expand_path('../../tasks/application.rake', __FILE__)
+load File.expand_path('../../tasks/database.rake', __FILE__)
+load File.expand_path('../../tasks/secrets.rake', __FILE__)
+load File.expand_path('../../tasks/util.rake', __FILE__)

data/lib/capistrano/exfel/sl6.rb

@@ -12,6 +12,7 @@ require 'capistrano/rvm'
 require 'capistrano/rails'
 
 load File.expand_path('../../tasks/apache.rake', __FILE__)
+load File.expand_path('../../tasks/apache_sl6.rake', __FILE__)
 load File.expand_path('../../tasks/app_home.rake', __FILE__)
 load File.expand_path('../../tasks/application.rake', __FILE__)
 load File.expand_path('../../tasks/database.rake', __FILE__)

data/lib/capistrano/exfel/version.rb

@@ -1,6 +1,6 @@
 module Capistrano
   # Capistrano::Exfel version information
   module Exfel
-    VERSION = '0.0.14'.freeze
+    VERSION = '0.0.16'.freeze
   end
 end

data/lib/capistrano/recipes/co7/00-passenger.conf

@@ -0,0 +1,6 @@
+LoadModule passenger_module <<PASSENGER_ROOT>>/buildout/apache2/mod_passenger.so
+<IfModule mod_passenger.c>
+ PassengerRoot <<PASSENGER_ROOT>>
+ PassengerDefaultRuby <<RUBY_PATH>>
+</IfModule>
+

data/lib/capistrano/recipes/co7/apache_http.conf

@@ -0,0 +1,7 @@
+##################################################
+# Redirect all HTTP requests to HTTPS
+##################################################
+<VirtualHost *:80>
+     ServerName <<SERVER_NAME>>
+     Redirect / <<APP_DOMAIN>>
+</VirtualHost>

data/lib/capistrano/recipes/co7/apache_ssl.conf

@@ -0,0 +1,71 @@
+Listen 443 https
+
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+
+SSLSessionCache         shmcb:/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout  300
+
+SSLRandomSeed startup file:/dev/urandom  256
+SSLRandomSeed connect builtin
+
+SSLCryptoDevice builtin
+
+<VirtualHost _default_:443>
+
+ErrorLog logs/ssl_error_log
+TransferLog logs/ssl_access_log
+LogLevel warn
+
+SSLEngine on
+
+SSLProtocol all -SSLv2
+
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
+
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    SSLOptions +StdEnvVars
+</Files>
+<Directory "/var/www/cgi-bin">
+    SSLOptions +StdEnvVars
+</Directory>
+
+BrowserMatch "MSIE [2-5]" \
+         nokeepalive ssl-unclean-shutdown \
+         downgrade-1.0 force-response-1.0
+
+CustomLog logs/ssl_request_log \
+          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+  # <<APPLICATION_NAME>> - Ruby on Rails Application
+  #
+  # Application secured by SSL
+
+  Alias /<<APPLICATION_NAME>> /var/www/html/<<APPLICATION_NAME>>
+
+  #
+  # Passenger
+  #
+  PassengerResolveSymlinksInDocumentRoot on
+
+  #
+  # Application
+  #
+  <Directory "/var/www/html/<<APPLICATION_NAME>>/">
+    RackBaseURI /<<APPLICATION_NAME>>
+    RailsEnv <<ENVIRONMENT>>
+
+    PassengerUser nobody
+    # Scientific Linux: nobody / Ubuntu/Debian: nogroup
+    PassengerGroup nobody
+
+    # This relaxes Apache security settings.
+    Options -Indexes +MultiViews +FollowSymLinks
+    AllowOverride None
+    Require all granted
+  </Directory>
+
+</VirtualHost>
+

data/lib/capistrano/recipes/co7/httpd.conf

@@ -0,0 +1,68 @@
+
+ServerRoot "/etc/httpd"
+Listen 80
+
+Include conf.modules.d/*.conf
+
+User apache
+Group apache
+
+ServerAdmin root@localhost
+ServerSignature Off
+ServerTokens Prod
+
+<Directory />
+    AllowOverride none
+    Require all denied
+</Directory>
+
+DocumentRoot "/var/www/html"
+
+<Directory "/var/www">
+    AllowOverride None
+    Require all granted
+</Directory>
+
+<Directory "/var/www/html">
+    Options Indexes FollowSymLinks
+    AllowOverride None
+    Require all granted
+</Directory>
+
+<IfModule dir_module>
+    DirectoryIndex index.html
+</IfModule>
+
+<Files ".ht*">
+    Require all denied
+</Files>
+
+ErrorLog "logs/error_log"
+
+LogLevel warn
+
+<IfModule log_config_module>
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %b" common
+    <IfModule logio_module>
+      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+    </IfModule>
+    CustomLog "logs/access_log" combined
+</IfModule>
+
+
+<IfModule mime_module>
+    TypesConfig /etc/mime.types
+    AddType application/x-compress .Z
+    AddType application/x-gzip .gz .tgz
+</IfModule>
+
+AddDefaultCharset UTF-8
+
+<IfModule mime_magic_module>
+    MIMEMagicFile conf/magic
+</IfModule>
+
+
+EnableSendfile on
+IncludeOptional conf.d/*.conf

data/lib/capistrano/tasks/apache.rake

@@ -47,24 +47,6 @@ namespace :apache do
     end
   end
 
-  desc 'Configure Apache configuration files'
-  task :configure do
-    on roles(:app) do
-      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
-
-      set :shared_path, "#{fetch(:deploy_to)}/shared"
-      set :shared_apache_path, "#{fetch(:shared_path)}/apache"
-
-      invoke 'apache:create_apache_shared_folder'
-      invoke 'apache:configure_app_conf_file'
-      invoke 'apache:configure_app_ssl_conf_file'
-
-      if remote_file_exists?('/etc/httpd/conf.d/ssl.conf')
-        execute "#{sudo_cmd} mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf_bck"
-      end
-    end
-  end
-
   # desc 'Create Apache configuration files shared folder'
   task :create_apache_shared_folder do
     on roles(:app) do
@@ -83,66 +65,6 @@ namespace :apache do
     end
   end
 
-  # desc 'Configure (HTTP) Apache Application configuration files'
-  task :configure_app_conf_file do
-    on roles(:app) do
-      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
-
-      debug '#' * 50
-      debug 'Configure (HTTP) Apache Application configuration files'
-
-      set :shared_apache_conf_file, "#{fetch(:shared_apache_path)}/app_#{fetch(:app_name_uri)}.conf"
-      http_file = File.expand_path('../../recipes/apache_http.conf', __FILE__)
-      upload! StringIO.new(File.read(http_file)), fetch(:shared_apache_conf_file).to_s
-
-      debug "chmod g+w #{fetch(:shared_apache_conf_file)}"
-      execute "chmod g+w #{fetch(:shared_apache_conf_file)}"
-
-      passenger_root = get_command_output('/usr/local/rvm/bin/rvm default do passenger-config --root')
-      ruby_path = "/#{passenger_root.split('/')[1..5].join('/')}/wrappers/ruby"
-      app_domain = fetch(:app_domain)
-      server_name = app_domain.split('/')[2]
-
-      debug "sed -i 's|<<PASSENGER_ROOT>>|#{passenger_root}|g' #{fetch(:shared_apache_conf_file)}"
-      execute "sed -i 's|<<PASSENGER_ROOT>>|#{passenger_root}|g' #{fetch(:shared_apache_conf_file)}"
-
-      execute "sed -i 's|<<RUBY_PATH>>|#{ruby_path}|g' #{fetch(:shared_apache_conf_file)}"
-      execute "sed -i 's|<<APP_DOMAIN>>|#{app_domain}|g' #{fetch(:shared_apache_conf_file)}"
-      execute "sed -i 's|<<SERVER_NAME>>|#{server_name}|g' #{fetch(:shared_apache_conf_file)}"
-
-      execute "#{sudo_cmd} ln -sfn #{fetch(:shared_apache_conf_file)} /etc/httpd/conf.d/"
-
-      debug '#' * 50
-    end
-  end
-
-  # desc 'Configure (HTTPS) Apache Application configuration files'
-  task :configure_app_ssl_conf_file do
-    on roles(:app) do
-      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
-
-      debug '#' * 50
-      debug 'Configure (HTTPS) Apache Application configuration files'
-
-      set :shared_apache_conf_ssl_file, "#{fetch(:shared_apache_path)}/app_#{fetch(:app_name_uri)}_ssl.conf"
-      http_ssl_file = File.expand_path('../../recipes/apache_ssl.conf', __FILE__)
-      upload! StringIO.new(File.read(http_ssl_file)), fetch(:shared_apache_conf_ssl_file).to_s
-
-      debug "chmod g+w #{fetch(:shared_apache_conf_ssl_file)}"
-      execute "chmod g+w #{fetch(:shared_apache_conf_ssl_file)}"
-
-      server_name = string_between_markers(fetch(:app_domain), '://', '/')
-
-      execute "sed -i 's/<<SERVER_NAME>>/#{server_name}/g' #{fetch(:shared_apache_conf_ssl_file)}"
-      execute "sed -i 's/<<APPLICATION_NAME>>/#{fetch(:app_name_uri)}/g' #{fetch(:shared_apache_conf_ssl_file)}"
-      execute "sed -i 's/<<ENVIRONMENT>>/#{fetch(:environment)}/g' #{fetch(:shared_apache_conf_ssl_file)}"
-
-      execute "#{sudo_cmd} ln -sfn #{fetch(:shared_apache_conf_ssl_file)} /etc/httpd/conf.d/"
-
-      debug '#' * 50
-    end
-  end
-
   desc 'Configure Apache to start at bootup'
   task :chkconfig_on do
     on roles(:web) do
@@ -193,169 +115,4 @@ namespace :apache do
       info '#' * 50
     end
   end
-
-  desc 'Update httpd.conf to secure apache server'
-  task :secure_apache do
-    on roles(:web) do
-      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
-
-      debug '#' * 50
-      debug 'Update httpd.conf to secure apache server'
-
-      set :httpd_conf_file, '/etc/httpd/conf/httpd.conf'
-
-      # Replace the original Apache configuration file
-      if remote_file_exists?('/etc/httpd/conf/httpd.conf_bck')
-        info 'Apache original configuration file already backed up at: /etc/httpd/conf/httpd.conf_bck'
-      else
-        execute "#{sudo_cmd} cp -f #{fetch(:httpd_conf_file)} /etc/httpd/conf/httpd.conf_bck"
-        info 'Apache original configuration file backed up at: /etc/httpd/conf/httpd.conf_bck'
-      end
-
-      # The ServerSignature directive allows the configuration of a trailing footer line under server-generated docs
-      # Options:  On | Off | EMail
-      # More details: http://httpd.apache.org/docs/current/mod/core.html#serversignature
-      set :server_signature_off, get_num_occurrences_in_file(fetch(:httpd_conf_file), 'ServerSignature Off')
-
-      if fetch(:server_signature_off) == 1
-        info 'ServerSignature Off is already set'
-
-      else
-        set :num_replacements, 0
-        %w(On Off EMail).each do |option|
-          set :server_signature_option,
-              get_num_occurrences_in_file(fetch(:httpd_conf_file), "ServerSignature #{option}")
-
-          if fetch(:server_signature_option) == 1
-            info "sed -i 's/ServerSignature #{option}/ServerSignature Off/g' #{fetch(:httpd_conf_file)}"
-            execute "#{sudo_cmd} sed -i 's/ServerSignature #{option}/ServerSignature Off/g' #{fetch(:httpd_conf_file)}"
-            set :num_replacements, fetch(:num_replacements) + 1
-          end
-        end
-
-        error 'ServerSignature was not found' if fetch(:num_replacements).zero?
-      end
-
-      # Don't give away too much information about all the subcomponents we are running.
-      #
-      # Options: Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full
-      # More details: http://httpd.apache.org/docs/current/mod/core.html#servertokens
-      set :server_token_prod, get_num_occurrences_in_file(fetch(:httpd_conf_file), 'ServerTokens Prod')
-      if fetch(:server_token_prod) == 1
-        info 'ServerTokens Prod is already set'
-      else
-        set :num_replacements, 0
-        %w(Major Minor Minimal Min ProductOnly Prod OS Full).each do |option|
-          set :server_token_option, get_num_occurrences_in_file(fetch(:httpd_conf_file), "ServerTokens #{option}")
-
-          next unless fetch(:server_token_option) == 1
-
-          # Then, only if fetch(:server_token_option) == 1
-          info "sed -i 's/ServerTokens #{option}/ServerTokens Prod/g' #{fetch(:httpd_conf_file)}"
-          execute "#{sudo_cmd} sed -i 's/ServerTokens #{option}/ServerTokens Prod/g' #{fetch(:httpd_conf_file)}"
-          set :num_replacements, fetch(:num_replacements) + 1
-        end
-
-        error 'ServerTokens was not found' if fetch(:num_replacements).zero?
-      end
-
-      # Do not allow browsing outside the document root
-      #
-      # <Directory />
-      #   Order Deny,Allow
-      #   Deny from all
-      #   Options None
-      #   AllowOverride None
-      # </Directory>
-      #
-      message_line1 = '# Default Directory configuration changed via Capistrano.'
-
-      set :server_dir_secure_configuration, get_num_occurrences_in_file(fetch(:httpd_conf_file), message_line1)
-
-      if fetch(:server_token_prod) == 1
-        info 'The correct directory configuration is already correctly set'
-      else
-
-        set :tmp_dir_original_config, '/tmp/tmp_dir_original_config.conf'
-        set :tmp_dir_original_commented_config, '/tmp/tmp_dir_original_commented_config.conf'
-        set :tmp_dir_new_config, '/tmp/tmp_dir_new_config.conf'
-
-        # Create a temporary copy of the Apache configuration file
-        set :tmp_httpd_file, '/tmp/httpd.conf'
-        execute :cp, '-f', "#{fetch(:httpd_conf_file)} #{fetch(:tmp_httpd_file)}"
-
-        set :grep_for_directory, "grep -Pzo '^([ ]*<Directory />[ ]*)(\\n.*)+(\\n[ ]*</Directory>[ ]*)(\\n){1}$' "\
-                                 "#{fetch(:tmp_httpd_file)}"
-
-        # How many lines have the original configuration
-        command = "#{fetch(:grep_for_directory)} | grep -n '</Directory>' | head -n 1 | cut -d ':' -f1"
-        set :def_directory_num_lines, get_command_output(command).to_i
-        debug "Original configuration has #{fetch(:def_directory_num_lines)} lines."
-
-        # Saves to a file the original configuration
-        command = "#{fetch(:grep_for_directory)} | "\
-              "head -n #{fetch(:def_directory_num_lines)} > #{fetch(:tmp_dir_original_config)}"
-        debug command
-        execute command
-
-        # Saves to a file the original configuration commented
-        execute :cp, '-f', "#{fetch(:tmp_dir_original_config)} #{fetch(:tmp_dir_original_commented_config)}"
-        execute "sed -e 's/^/#/' -i #{fetch(:tmp_dir_original_commented_config)}"
-
-        # Save to a file the new desired configuration
-        new_directory_configs = <<-EOF
-
-#Do not allow browsing outside the document root
-<Directory />
-  Order Deny,Allow
-  Deny from all
-  Options None
-  AllowOverride None
-</Directory>
-
-        EOF
-        upload! StringIO.new(new_directory_configs), fetch(:tmp_dir_new_config).to_s
-
-        # Update the new configuration file to have the original configuration commented
-        debug "cat #{fetch(:tmp_dir_new_config)} >> #{fetch(:tmp_dir_original_commented_config)}"
-        execute "cat #{fetch(:tmp_dir_new_config)} >> #{fetch(:tmp_dir_original_commented_config)}"
-        execute "mv -f #{fetch(:tmp_dir_original_commented_config)} #{fetch(:tmp_dir_new_config)}"
-
-        # Generates the special SED parameter: 'N;' per line that should be replaced
-        special_sed_param = 'N;' * fetch(:def_directory_num_lines)
-        debug "Special sed parameter is: ''#{special_sed_param}''"
-
-        # Replace the old original directory configuration for a specific message (in the temporary file)
-        message_complete = "#{message_line1}\\n#\\n"
-        command_to_replace = "out=$(sed -e :a -e '$!N;s/\\n/.*/;ta' #{fetch(:tmp_dir_original_config)} | "\
-                             "sed -e :a -e '$!N;s/\//./;ta'); sed -i '/<Directory .>.*/ {#{special_sed_param} "\
-                             "s/'$out'/#{message_complete}/g}' #{fetch(:tmp_httpd_file)}"
-        debug command_to_replace
-        execute command_to_replace
-
-        # Search for the line where the message was inserted
-        command = "grep -n '#{message_line1}' #{fetch(:tmp_httpd_file)} | cut -d':' -f 1"
-        debug command
-        line_with_match = get_command_output(command).to_i
-        next_line = line_with_match + 1
-        debug "New configuration will be added to line #{next_line}"
-
-        # Inserts the new directory configuration (with the old configuration commented)
-        # in the line following the comment added before
-        command = "sed '#{next_line}r #{fetch(:tmp_dir_new_config)}' < #{fetch(:tmp_httpd_file)} "\
-                  '> tmp_httpd_new_conf_merge.conf'
-
-        debug command
-        execute command
-        execute "mv -f tmp_httpd_new_conf_merge.conf #{fetch(:tmp_httpd_file)}"
-
-        # Replace the original Apache configuration file
-        execute "#{sudo_cmd} mv -f #{fetch(:tmp_httpd_file)} #{fetch(:httpd_conf_file)}"
-
-        # Remove all created temporary files
-        execute "rm -f #{fetch(:tmp_dir_original_config)} #{fetch(:tmp_dir_original_commented_config)} "\
-                "#{fetch(:tmp_dir_new_config)} #{fetch(:tmp_httpd_file)}"
-      end
-    end
-  end
 end

data/lib/capistrano/tasks/apache_co7.rake

@@ -0,0 +1,136 @@
+namespace :apache do
+  desc 'Configure Apache configuration files'
+  task :configure do
+    on roles(:app) do
+      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
+
+      set :shared_path, "#{fetch(:deploy_to)}/shared"
+      set :shared_apache_path, "#{fetch(:shared_path)}/apache"
+
+      invoke 'apache:create_apache_shared_folder'
+      invoke 'apache:configure_apache_modules'
+      invoke 'apache:configure_app_conf_file'
+      invoke 'apache:configure_app_ssl_conf_file'
+
+      if remote_file_exists?('/etc/httpd/conf.d/ssl.conf')
+        execute "#{sudo_cmd} mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf_bck"
+      end
+    end
+  end
+
+  desc 'Configure (HTTP) Apache modules'
+  task :configure_apache_modules do
+    on roles(:app) do
+      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
+
+      debug '#' * 50
+      debug 'Configure (HTTP) Apache Passenger module'
+
+      set :shared_passenger_file, "#{fetch(:shared_apache_path)}/00-passenger.conf"
+      passenger_file = File.expand_path('../../recipes/co7/00-passenger.conf', __FILE__)
+
+      upload! StringIO.new(File.read(passenger_file)), fetch(:shared_passenger_file).to_s
+
+      debug "chmod g+w #{fetch(:shared_passenger_file)}"
+      execute "chmod g+w #{fetch(:shared_passenger_file)}"
+
+      passenger_root = get_command_output('/usr/local/rvm/bin/rvm default do passenger-config --root')
+      ruby_path = "/#{passenger_root.split('/')[1..5].join('/')}/wrappers/ruby"
+
+      debug "sed -i 's|<<PASSENGER_ROOT>>|#{passenger_root}|g' #{fetch(:shared_passenger_file)}"
+      execute "sed -i 's|<<PASSENGER_ROOT>>|#{passenger_root}|g' #{fetch(:shared_passenger_file)}"
+      execute "sed -i 's|<<RUBY_PATH>>|#{ruby_path}|g' #{fetch(:shared_passenger_file)}"
+
+      execute "#{sudo_cmd} ln -sfn #{fetch(:shared_passenger_file)} /etc/httpd/conf.modules.d/"
+
+      debug '#' * 50
+      debug 'Deactivate unnecessary Apache modules'
+      %w(00-dav.conf 00-lua.conf 00-proxy.conf 01-cgi.conf).each do |file|
+        if remote_file_exists?("/etc/httpd/conf.modules.d/#{file}")
+          execute "#{sudo_cmd} mv /etc/httpd/conf.modules.d/#{file} /etc/httpd/conf.modules.d/#{file}_bck"
+        end
+      end
+      debug '#' * 50
+    end
+  end
+
+  # desc 'Configure (HTTP) Apache Application configuration files'
+  task :configure_app_conf_file do
+    on roles(:app) do
+      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
+
+      debug '#' * 50
+      debug 'Configure (HTTP) Apache Application configuration files'
+
+      set :shared_apache_conf_file, "#{fetch(:shared_apache_path)}/app_#{fetch(:app_name_uri)}.conf"
+      http_file = File.expand_path('../../recipes/co7/apache_http.conf', __FILE__)
+      upload! StringIO.new(File.read(http_file)), fetch(:shared_apache_conf_file).to_s
+
+      debug "chmod g+w #{fetch(:shared_apache_conf_file)}"
+      execute "chmod g+w #{fetch(:shared_apache_conf_file)}"
+
+      app_domain = fetch(:app_domain)
+      server_name = app_domain.split('/')[2]
+
+      execute "sed -i 's|<<APP_DOMAIN>>|#{app_domain}|g' #{fetch(:shared_apache_conf_file)}"
+      execute "sed -i 's|<<SERVER_NAME>>|#{server_name}|g' #{fetch(:shared_apache_conf_file)}"
+
+      execute "#{sudo_cmd} ln -sfn #{fetch(:shared_apache_conf_file)} /etc/httpd/conf.d/"
+
+      debug '#' * 50
+    end
+  end
+
+  # desc 'Configure (HTTPS) Apache Application configuration files'
+  task :configure_app_ssl_conf_file do
+    on roles(:app) do
+      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
+
+      debug '#' * 50
+      debug 'Configure (HTTPS) Apache Application configuration files'
+
+      set :shared_apache_conf_ssl_file, "#{fetch(:shared_apache_path)}/app_#{fetch(:app_name_uri)}_ssl.conf"
+      http_ssl_file = File.expand_path('../../recipes/co7/apache_ssl.conf', __FILE__)
+      upload! StringIO.new(File.read(http_ssl_file)), fetch(:shared_apache_conf_ssl_file).to_s
+
+      debug "chmod g+w #{fetch(:shared_apache_conf_ssl_file)}"
+      execute "chmod g+w #{fetch(:shared_apache_conf_ssl_file)}"
+
+      execute "sed -i 's/<<APPLICATION_NAME>>/#{fetch(:app_name_uri)}/g' #{fetch(:shared_apache_conf_ssl_file)}"
+      execute "sed -i 's/<<ENVIRONMENT>>/#{fetch(:environment)}/g' #{fetch(:shared_apache_conf_ssl_file)}"
+
+      execute "#{sudo_cmd} ln -sfn #{fetch(:shared_apache_conf_ssl_file)} /etc/httpd/conf.d/"
+
+      debug '#' * 50
+    end
+  end
+
+  desc 'Update httpd.conf to secure apache server'
+  task :secure_apache do
+    on roles(:web) do
+      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
+
+      debug '#' * 50
+      debug 'Update httpd.conf to secure apache server'
+
+      set :httpd_conf_file, '/etc/httpd/conf/httpd.conf'
+
+      # Replace the original Apache configuration file
+      if remote_file_exists?('/etc/httpd/conf/httpd.conf_bck')
+        info 'Apache original configuration file already backed up at: /etc/httpd/conf/httpd.conf_bck'
+      else
+        execute "#{sudo_cmd} cp -f #{fetch(:httpd_conf_file)} /etc/httpd/conf/httpd.conf_bck"
+        info 'Apache original configuration file backed up at: /etc/httpd/conf/httpd.conf_bck'
+      end
+
+      # Create a temporary copy of the Apache configuration file
+      set :tmp_httpd_file, '/tmp/httpd.conf'
+      httpd_safe_file = File.expand_path('../../recipes/co7/httpd.conf', __FILE__)
+
+      upload! StringIO.new(File.read(httpd_safe_file)), fetch(:tmp_httpd_file).to_s
+
+      # Replace the original Apache configuration file
+      execute "#{sudo_cmd} mv -f #{fetch(:tmp_httpd_file)} #{fetch(:httpd_conf_file)}"
+    end
+  end
+end

data/lib/capistrano/tasks/apache_sl6.rake

@@ -0,0 +1,244 @@
+namespace :apache do
+  desc 'Configure Apache configuration files'
+  task :configure do
+    on roles(:app) do
+      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
+
+      set :shared_path, "#{fetch(:deploy_to)}/shared"
+      set :shared_apache_path, "#{fetch(:shared_path)}/apache"
+
+      invoke 'apache:create_apache_shared_folder'
+      invoke 'apache:configure_app_conf_file'
+      invoke 'apache:configure_app_ssl_conf_file'
+
+      if remote_file_exists?('/etc/httpd/conf.d/ssl.conf')
+        execute "#{sudo_cmd} mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf_bck"
+      end
+    end
+  end
+
+  # desc 'Configure (HTTP) Apache Application configuration files'
+  task :configure_app_conf_file do
+    on roles(:app) do
+      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
+
+      debug '#' * 50
+      debug 'Configure (HTTP) Apache Application configuration files'
+
+      set :shared_apache_conf_file, "#{fetch(:shared_apache_path)}/app_#{fetch(:app_name_uri)}.conf"
+      http_file = File.expand_path('../../recipes/apache_http.conf', __FILE__)
+      upload! StringIO.new(File.read(http_file)), fetch(:shared_apache_conf_file).to_s
+
+      debug "chmod g+w #{fetch(:shared_apache_conf_file)}"
+      execute "chmod g+w #{fetch(:shared_apache_conf_file)}"
+
+      passenger_root = get_command_output('/usr/local/rvm/bin/rvm default do passenger-config --root')
+      ruby_path = "/#{passenger_root.split('/')[1..5].join('/')}/wrappers/ruby"
+      app_domain = fetch(:app_domain)
+      server_name = app_domain.split('/')[2]
+
+      debug "sed -i 's|<<PASSENGER_ROOT>>|#{passenger_root}|g' #{fetch(:shared_apache_conf_file)}"
+      execute "sed -i 's|<<PASSENGER_ROOT>>|#{passenger_root}|g' #{fetch(:shared_apache_conf_file)}"
+
+      execute "sed -i 's|<<RUBY_PATH>>|#{ruby_path}|g' #{fetch(:shared_apache_conf_file)}"
+      execute "sed -i 's|<<APP_DOMAIN>>|#{app_domain}|g' #{fetch(:shared_apache_conf_file)}"
+      execute "sed -i 's|<<SERVER_NAME>>|#{server_name}|g' #{fetch(:shared_apache_conf_file)}"
+
+      execute "#{sudo_cmd} ln -sfn #{fetch(:shared_apache_conf_file)} /etc/httpd/conf.d/"
+
+      debug '#' * 50
+    end
+  end
+
+  # desc 'Configure (HTTPS) Apache Application configuration files'
+  task :configure_app_ssl_conf_file do
+    on roles(:app) do
+      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
+
+      debug '#' * 50
+      debug 'Configure (HTTPS) Apache Application configuration files'
+
+      set :shared_apache_conf_ssl_file, "#{fetch(:shared_apache_path)}/app_#{fetch(:app_name_uri)}_ssl.conf"
+      http_ssl_file = File.expand_path('../../recipes/apache_ssl.conf', __FILE__)
+      upload! StringIO.new(File.read(http_ssl_file)), fetch(:shared_apache_conf_ssl_file).to_s
+
+      debug "chmod g+w #{fetch(:shared_apache_conf_ssl_file)}"
+      execute "chmod g+w #{fetch(:shared_apache_conf_ssl_file)}"
+
+      server_name = string_between_markers(fetch(:app_domain), '://', '/')
+
+      execute "sed -i 's/<<SERVER_NAME>>/#{server_name}/g' #{fetch(:shared_apache_conf_ssl_file)}"
+      execute "sed -i 's/<<APPLICATION_NAME>>/#{fetch(:app_name_uri)}/g' #{fetch(:shared_apache_conf_ssl_file)}"
+      execute "sed -i 's/<<ENVIRONMENT>>/#{fetch(:environment)}/g' #{fetch(:shared_apache_conf_ssl_file)}"
+
+      execute "#{sudo_cmd} ln -sfn #{fetch(:shared_apache_conf_ssl_file)} /etc/httpd/conf.d/"
+
+      debug '#' * 50
+    end
+  end
+
+  desc 'Update httpd.conf to secure apache server'
+  task :secure_apache do
+    on roles(:web) do
+      sudo_cmd = "echo #{fetch(:password)} | sudo -S"
+
+      debug '#' * 50
+      debug 'Update httpd.conf to secure apache server'
+
+      set :httpd_conf_file, '/etc/httpd/conf/httpd.conf'
+
+      # Replace the original Apache configuration file
+      if remote_file_exists?('/etc/httpd/conf/httpd.conf_bck')
+        info 'Apache original configuration file already backed up at: /etc/httpd/conf/httpd.conf_bck'
+      else
+        execute "#{sudo_cmd} cp -f #{fetch(:httpd_conf_file)} /etc/httpd/conf/httpd.conf_bck"
+        info 'Apache original configuration file backed up at: /etc/httpd/conf/httpd.conf_bck'
+      end
+
+      # The ServerSignature directive allows the configuration of a trailing footer line under server-generated docs
+      # Options:  On | Off | EMail
+      # More details: http://httpd.apache.org/docs/current/mod/core.html#serversignature
+      set :server_signature_off, get_num_occurrences_in_file(fetch(:httpd_conf_file), 'ServerSignature Off')
+
+      if fetch(:server_signature_off) == 1
+        info 'ServerSignature Off is already set'
+
+      else
+        set :num_replacements, 0
+        %w(On Off EMail).each do |option|
+          set :server_signature_option,
+              get_num_occurrences_in_file(fetch(:httpd_conf_file), "ServerSignature #{option}")
+
+          if fetch(:server_signature_option) == 1
+            info "sed -i 's/ServerSignature #{option}/ServerSignature Off/g' #{fetch(:httpd_conf_file)}"
+            execute "#{sudo_cmd} sed -i 's/ServerSignature #{option}/ServerSignature Off/g' #{fetch(:httpd_conf_file)}"
+            set :num_replacements, fetch(:num_replacements) + 1
+          end
+        end
+
+        error 'ServerSignature was not found' if fetch(:num_replacements).zero?
+      end
+
+      # Don't give away too much information about all the subcomponents we are running.
+      #
+      # Options: Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full
+      # More details: http://httpd.apache.org/docs/current/mod/core.html#servertokens
+      set :server_token_prod, get_num_occurrences_in_file(fetch(:httpd_conf_file), 'ServerTokens Prod')
+      if fetch(:server_token_prod) == 1
+        info 'ServerTokens Prod is already set'
+      else
+        set :num_replacements, 0
+        %w(Major Minor Minimal Min ProductOnly Prod OS Full).each do |option|
+          set :server_token_option, get_num_occurrences_in_file(fetch(:httpd_conf_file), "ServerTokens #{option}")
+
+          next unless fetch(:server_token_option) == 1
+
+          # Then, only if fetch(:server_token_option) == 1
+          info "sed -i 's/ServerTokens #{option}/ServerTokens Prod/g' #{fetch(:httpd_conf_file)}"
+          execute "#{sudo_cmd} sed -i 's/ServerTokens #{option}/ServerTokens Prod/g' #{fetch(:httpd_conf_file)}"
+          set :num_replacements, fetch(:num_replacements) + 1
+        end
+
+        error 'ServerTokens was not found' if fetch(:num_replacements).zero?
+      end
+
+      # Do not allow browsing outside the document root
+      #
+      # <Directory />
+      #   Order Deny,Allow
+      #   Deny from all
+      #   Options None
+      #   AllowOverride None
+      # </Directory>
+      #
+      message_line1 = '# Default Directory configuration changed via Capistrano.'
+
+      set :server_dir_secure_configuration, get_num_occurrences_in_file(fetch(:httpd_conf_file), message_line1)
+
+      if fetch(:server_token_prod) == 1
+        info 'The correct directory configuration is already correctly set'
+      else
+
+        set :tmp_dir_original_config, '/tmp/tmp_dir_original_config.conf'
+        set :tmp_dir_original_commented_config, '/tmp/tmp_dir_original_commented_config.conf'
+        set :tmp_dir_new_config, '/tmp/tmp_dir_new_config.conf'
+
+        # Create a temporary copy of the Apache configuration file
+        set :tmp_httpd_file, '/tmp/httpd.conf'
+        execute :cp, '-f', "#{fetch(:httpd_conf_file)} #{fetch(:tmp_httpd_file)}"
+
+        set :grep_for_directory, "grep -Pzo '^([ ]*<Directory />[ ]*)(\\n.*)+(\\n[ ]*</Directory>[ ]*)(\\n){1}$' "\
+                                 "#{fetch(:tmp_httpd_file)}"
+
+        # How many lines have the original configuration
+        command = "#{fetch(:grep_for_directory)} | grep -n '</Directory>' | head -n 1 | cut -d ':' -f1"
+        set :def_directory_num_lines, get_command_output(command).to_i
+        debug "Original configuration has #{fetch(:def_directory_num_lines)} lines."
+
+        # Saves to a file the original configuration
+        command = "#{fetch(:grep_for_directory)} | "\
+              "head -n #{fetch(:def_directory_num_lines)} > #{fetch(:tmp_dir_original_config)}"
+        debug command
+        execute command
+
+        # Saves to a file the original configuration commented
+        execute :cp, '-f', "#{fetch(:tmp_dir_original_config)} #{fetch(:tmp_dir_original_commented_config)}"
+        execute "sed -e 's/^/#/' -i #{fetch(:tmp_dir_original_commented_config)}"
+
+        # Save to a file the new desired configuration
+        new_directory_configs = <<-EOF
+
+# Do not allow browsing outside the document root
+<Directory />
+  Order Deny,Allow
+  Deny from all
+  Options None
+  AllowOverride None
+</Directory>
+
+        EOF
+        upload! StringIO.new(new_directory_configs), fetch(:tmp_dir_new_config).to_s
+
+        # Update the new configuration file to have the original configuration commented
+        debug "cat #{fetch(:tmp_dir_new_config)} >> #{fetch(:tmp_dir_original_commented_config)}"
+        execute "cat #{fetch(:tmp_dir_new_config)} >> #{fetch(:tmp_dir_original_commented_config)}"
+        execute "mv -f #{fetch(:tmp_dir_original_commented_config)} #{fetch(:tmp_dir_new_config)}"
+
+        # Generates the special SED parameter: 'N;' per line that should be replaced
+        special_sed_param = 'N;' * fetch(:def_directory_num_lines)
+        debug "Special sed parameter is: ''#{special_sed_param}''"
+
+        # Replace the old original directory configuration for a specific message (in the temporary file)
+        message_complete = "#{message_line1}\\n#\\n"
+        command_to_replace = "out=$(sed -e :a -e '$!N;s/\\n/.*/;ta' #{fetch(:tmp_dir_original_config)} | "\
+                             "sed -e :a -e '$!N;s/\//./;ta'); sed -i '/<Directory .>.*/ {#{special_sed_param} "\
+                             "s/'$out'/#{message_complete}/g}' #{fetch(:tmp_httpd_file)}"
+        debug command_to_replace
+        execute command_to_replace
+
+        # Search for the line where the message was inserted
+        command = "grep -n '#{message_line1}' #{fetch(:tmp_httpd_file)} | cut -d':' -f 1"
+        debug command
+        line_with_match = get_command_output(command).to_i
+        next_line = line_with_match + 1
+        debug "New configuration will be added to line #{next_line}"
+
+        # Inserts the new directory configuration (with the old configuration commented)
+        # in the line following the comment added before
+        command = "sed '#{next_line}r #{fetch(:tmp_dir_new_config)}' < #{fetch(:tmp_httpd_file)} "\
+                  '> tmp_httpd_new_conf_merge.conf'
+
+        debug command
+        execute command
+        execute "mv -f tmp_httpd_new_conf_merge.conf #{fetch(:tmp_httpd_file)}"
+
+        # Replace the original Apache configuration file
+        execute "#{sudo_cmd} mv -f #{fetch(:tmp_httpd_file)} #{fetch(:httpd_conf_file)}"
+
+        # Remove all created temporary files
+        execute "rm -f #{fetch(:tmp_dir_original_config)} #{fetch(:tmp_dir_original_commented_config)} "\
+                "#{fetch(:tmp_dir_new_config)} #{fetch(:tmp_httpd_file)}"
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/application.rake

@@ -159,7 +159,7 @@ namespace :load do
     # RVM related information
     set :rvm_type, -> { :system }
     set :rvm_ruby_version, -> { ask('Please specify the Ruby version (i.e. 2.1.5)', '') }
-    set :rvm_roles, [:app, :web]
+    set :rvm_roles, %i(app web)
     # set :rvm_custom_path, '~/.myveryownrvm'  # only needed if not detected
 
     # Apache related information

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: capistrano-exfel
 version: !ruby/object:Gem::Version
-  version: 0.0.14
+  version: 0.0.16
 platform: ruby
 authors:
 - Luis Maia
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-20 00:00:00.000000000 Z
+date: 2017-04-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -54,15 +54,22 @@ files:
 - Rakefile
 - capistrano-exfel.gemspec
 - lib/capistrano/exfel.rb
+- lib/capistrano/exfel/co7.rb
 - lib/capistrano/exfel/sl6.rb
 - lib/capistrano/exfel/version.rb
 - lib/capistrano/recipes/apache_http.conf
 - lib/capistrano/recipes/apache_ssl.conf
+- lib/capistrano/recipes/co7/00-passenger.conf
+- lib/capistrano/recipes/co7/apache_http.conf
+- lib/capistrano/recipes/co7/apache_ssl.conf
+- lib/capistrano/recipes/co7/httpd.conf
 - lib/capistrano/recipes/config/database_mysql.yml
 - lib/capistrano/recipes/config/database_postgresql.yml
 - lib/capistrano/recipes/config/database_sqlite.yml
 - lib/capistrano/recipes/config/secrets_example.yml
 - lib/capistrano/tasks/apache.rake
+- lib/capistrano/tasks/apache_co7.rake
+- lib/capistrano/tasks/apache_sl6.rake
 - lib/capistrano/tasks/app_home.rake
 - lib/capistrano/tasks/application.rake
 - lib/capistrano/tasks/database.rake