capistrano-fiftyfive 0.12.0 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/lib/capistrano/fiftyfive/dsl.rb +12 -4
  4. data/lib/capistrano/fiftyfive/version.rb +1 -1
  5. data/lib/capistrano/tasks/aptitude.rake +5 -5
  6. data/lib/capistrano/tasks/delayed_job.rake +3 -2
  7. data/lib/capistrano/tasks/logrotate.rake +2 -1
  8. data/lib/capistrano/tasks/nginx.rake +7 -6
  9. data/lib/capistrano/tasks/postgresql.rake +8 -7
  10. data/lib/capistrano/tasks/rbenv.rake +1 -1
  11. data/lib/capistrano/tasks/sidekiq.rake +3 -2
  12. data/lib/capistrano/tasks/ssl.rake +5 -5
  13. data/lib/capistrano/tasks/ufw.rake +5 -5
  14. data/lib/capistrano/tasks/unicorn.rake +3 -2
  15. data/lib/capistrano/tasks/user.rake +10 -7
  16. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fdbde2f4fccd4d71cee322fa44e5b0efc0b8e7f8
4
- data.tar.gz: c1f3b4f97aaa954f5f12ffdb3dc0b15cf001effa
3
+ metadata.gz: 29e3fd7ad4df880bfb2665250d10881d574d9345
4
+ data.tar.gz: 248cb2746bed751d9347586fbb0f96ace8c5c6f5
5
5
  SHA512:
6
- metadata.gz: 344a1b1348883651726eb448779a35db61697d0925c856f178d5370ff8894c65b30ab28c1a3249a76f3c6eb84e751575e91b62bb6a557c95c6b92e8ebfe939d3
7
- data.tar.gz: 6fbc01f6072e72f639542c294d9e613446de66118840992bee2b6d56bcc0ce4156c088ef344b21017f2a1c4d6847fcfd3ed93a282ba1189a8b8ac4113d39fd89
6
+ metadata.gz: 33c8160aed2ddc2dfc8f43758e567dc705b5f4e3a16341cfa525af3757c5964100829766b7e30a361f55082f956b7628aa48134f2008883c7612be1157718b65
7
+ data.tar.gz: 5aa307f5bc6704fc13db501adeb4567e58fe3ec811e4254c1fdc3f789aba4932691e295f8f377ba2f26febeb9d7da6f03618fd7d9567af4aa063645f6dc60854
data/CHANGELOG.md CHANGED
@@ -1,5 +1,15 @@
1
1
  # capistrano-fiftyfive Changelog
2
2
 
3
+ ## `0.13.0`
4
+
5
+ The provisioning tasks now work for a non-root user that has password-less sudo privileges. Assuming a user named `matt` that can sudo without being prompted for a password ([instructions here](http://askubuntu.com/questions/192050/how-to-run-sudo-command-with-no-password)), simply modify `deploy.rb` with:
6
+
7
+ ```ruby
8
+ set :fiftyfive_privileged_user, "matt"
9
+ ```
10
+
11
+ Now all provisioning tasks that would normally run as root will instead run as `matt` using `sudo`.
12
+
3
13
  ## `0.12.0`
4
14
 
5
15
  * capistrano-fiftyfive's abbreviated format now honors the new `SSHKIT_COLOR` environment variable. Set `SSHKIT_COLOR=1` to force ANSI color even on non-ttys (e.g. Jenkins).
data/lib/capistrano/fiftyfive/dsl.rb CHANGED
@@ -84,6 +84,13 @@ module Capistrano
84
84
  # remote file.
85
85
  #
86
86
  def put(string_or_io, remote_path, opts={})
87
+ sudo_exec = ->(*cmd) {
88
+ cmd = [:sudo] + cmd if opts[:sudo]
89
+ execute *cmd
90
+ }
91
+
92
+ tmp_path = "/tmp/#{SecureRandom.uuid}"
93
+
87
94
  owner = opts[:owner]
88
95
  mode = opts[:mode]
89
96
 
@@ -93,12 +100,13 @@ module Capistrano
93
100
  StringIO.new(string_or_io.to_s)
94
101
  end
95
102
 
96
- execute :mkdir, "-p", File.dirname(remote_path)
103
+ sudo_exec.call :mkdir, "-p", File.dirname(remote_path)
97
104
 
98
- upload!(source, remote_path)
105
+ upload!(source, tmp_path)
99
106
 
100
- execute(:chown, owner, remote_path) if owner
101
- execute(:chmod, mode, remote_path) if mode
107
+ sudo_exec.call(:mv, "-f", tmp_path, remote_path)
108
+ sudo_exec.call(:chown, owner, remote_path) if owner
109
+ sudo_exec.call(:chmod, mode, remote_path) if mode
102
110
  end
103
111
 
104
112
 
data/lib/capistrano/fiftyfive/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Capistrano
2
2
  module Fiftyfive
3
- VERSION = "0.12.0"
3
+ VERSION = "0.13.0"
4
4
  end
5
5
  end
data/lib/capistrano/tasks/aptitude.rake CHANGED
@@ -55,14 +55,14 @@ namespace :fiftyfive do
55
55
  end
56
56
 
57
57
  def _already_installed?(pkg)
58
- test(:dpkg, "-s", pkg, "2>/dev/null", "|", :grep, "-q 'ok installed'")
58
+ test(:sudo, "dpkg", "-s", pkg, "2>/dev/null", "|", :grep, "-q 'ok installed'")
59
59
  end
60
60
 
61
61
  def _add_repository(repo, options={})
62
62
  unless _already_installed?("python-software-properties")
63
63
  _install("python-software-properties")
64
64
  end
65
- execute :"apt-add-repository", "-y '#{repo}'"
65
+ execute :sudo, "apt-add-repository", "-y '#{repo}'"
66
66
 
67
67
  if (key = options.fetch(:key, nil))
68
68
  execute "wget --quiet -O - #{key} | sudo apt-key add -"
@@ -71,19 +71,19 @@ namespace :fiftyfive do
71
71
 
72
72
  def _install(pkg)
73
73
  with :debian_frontend => "noninteractive" do
74
- execute :aptitude, "-y -q install", pkg
74
+ execute :sudo, "aptitude", "-y -q install", pkg
75
75
  end
76
76
  end
77
77
 
78
78
  def _update
79
79
  with :debian_frontend => "noninteractive" do
80
- execute :aptitude, "-q -q -y update"
80
+ execute :sudo, "aptitude", "-q -q -y update"
81
81
  end
82
82
  end
83
83
 
84
84
  def _safe_upgrade
85
85
  with :debian_frontend => "noninteractive" do
86
- execute :aptitude, "-q -q -y safe-upgrade"
86
+ execute :sudo, "aptitude", "-q -q -y safe-upgrade"
87
87
  end
88
88
  end
89
89
 
data/lib/capistrano/tasks/delayed_job.rake CHANGED
@@ -14,9 +14,10 @@ namespace :fiftyfive do
14
14
  template "delayed_job_init.erb",
15
15
  "/etc/init.d/delayed_job_#{application_basename}",
16
16
  :mode => "a+rx",
17
- :binding => binding
17
+ :binding => binding,
18
+ :sudo => true
18
19
 
19
- execute "update-rc.d -f delayed_job_#{application_basename} defaults"
20
+ execute "sudo update-rc.d -f delayed_job_#{application_basename} defaults"
20
21
  end
21
22
  end
22
23
 
data/lib/capistrano/tasks/logrotate.rake CHANGED
@@ -9,7 +9,8 @@ namespace :fiftyfive do
9
9
  template "logrotate.erb",
10
10
  "/etc/logrotate.d/#{application_basename}-logs",
11
11
  :mode => 644,
12
- :owner => "root:root"
12
+ :owner => "root:root",
13
+ :sudo => true
13
14
  end
14
15
  end
15
16
  end
data/lib/capistrano/tasks/nginx.rake CHANGED
@@ -7,14 +7,15 @@ namespace :fiftyfive do
7
7
  desc "Install nginx.conf files and restart nginx"
8
8
  task :configure do
9
9
  privileged_on roles(:web) do
10
- template("nginx.erb", "/etc/nginx/nginx.conf")
10
+ template("nginx.erb", "/etc/nginx/nginx.conf", :sudo => true)
11
11
 
12
12
  template "nginx_unicorn.erb",
13
- "/etc/nginx/sites-enabled/#{application_basename}"
13
+ "/etc/nginx/sites-enabled/#{application_basename}",
14
+ :sudo => true
14
15
 
15
- execute "rm -f /etc/nginx/sites-enabled/default"
16
- execute "mkdir -p /etc/nginx/#{application_basename}-locations"
17
- execute "service nginx restart"
16
+ execute "sudo rm -f /etc/nginx/sites-enabled/default"
17
+ execute "sudo mkdir -p /etc/nginx/#{application_basename}-locations"
18
+ execute "sudo service nginx restart"
18
19
  end
19
20
  end
20
21
 
@@ -22,7 +23,7 @@ namespace :fiftyfive do
22
23
  desc "#{command} nginx"
23
24
  task command.intern do
24
25
  privileged_on roles(:web) do
25
- execute "service nginx #{command}"
26
+ execute "sudo service nginx #{command}"
26
27
  end
27
28
  end
28
29
  end
data/lib/capistrano/tasks/postgresql.rake CHANGED
@@ -17,24 +17,24 @@ namespace :fiftyfive do
17
17
  pgtune_output = "/tmp/postgresql.conf.pgtune"
18
18
  pg_conf = "/etc/postgresql/9.1/main/postgresql.conf"
19
19
 
20
- execute :rm, "-rf", pgtune_dir
21
- execute :git,
20
+ execute :sudo, "rm", "-rf", pgtune_dir
21
+ execute :sudo, "git",
22
22
  "clone",
23
23
  "-q",
24
24
  "https://github.com/gregs1104/pgtune.git",
25
25
  pgtune_dir
26
26
 
27
- execute "#{pgtune_dir}/pgtune",
27
+ execute "sudo #{pgtune_dir}/pgtune",
28
28
  "--input-config", pg_conf,
29
29
  "--output-config", pgtune_output,
30
30
  "--type", "Web",
31
31
  "--connections", fetch(:fiftyfive_postgresql_max_connections)
32
32
 
33
33
  # Log diff for informational purposes
34
- execute :diff, pg_conf, pgtune_output, "|| true"
34
+ execute :sudo, "diff", pg_conf, pgtune_output, "|| true"
35
35
 
36
- execute :cp, pgtune_output, pg_conf
37
- execute :service, "postgresql", "restart"
36
+ execute :sudo, "cp", pgtune_output, pg_conf
37
+ execute :sudo, "service", "postgresql", "restart"
38
38
  end
39
39
  end
40
40
 
@@ -109,7 +109,8 @@ namespace :fiftyfive do
109
109
  "/etc/logrotate.d/postgresql-backup-#{application_basename}",
110
110
  :owner => "root:root",
111
111
  :mode => "644",
112
- :binding => binding
112
+ :binding => binding,
113
+ :sudo => true
113
114
  end
114
115
  end
115
116
 
data/lib/capistrano/tasks/rbenv.rake CHANGED
@@ -62,7 +62,7 @@ namespace :fiftyfive do
62
62
  task :bootstrap_ubuntu_for_ruby_compile do
63
63
  privileged_on release_roles(:all) do |host, user|
64
64
  with :debian_frontend => "noninteractive" do
65
- execute "~#{user}/.rbenv/plugins/rbenv-bootstrap/bin/rbenv-bootstrap-ubuntu-12-04"
65
+ execute "sudo ~#{user}/.rbenv/plugins/rbenv-bootstrap/bin/rbenv-bootstrap-ubuntu-12-04"
66
66
  end
67
67
  end
68
68
  end
data/lib/capistrano/tasks/sidekiq.rake CHANGED
@@ -14,9 +14,10 @@ namespace :fiftyfive do
14
14
  template "sidekiq_init.erb",
15
15
  "/etc/init.d/sidekiq_#{application_basename}",
16
16
  :mode => "a+rx",
17
- :binding => binding
17
+ :binding => binding,
18
+ :sudo => true
18
19
 
19
- execute "update-rc.d -f sidekiq_#{application_basename} defaults"
20
+ execute "sudo update-rc.d -f sidekiq_#{application_basename} defaults"
20
21
  end
21
22
  end
22
23
 
data/lib/capistrano/tasks/ssl.rake CHANGED
@@ -19,7 +19,7 @@ namespace :fiftyfive do
19
19
  def _run_ssl_script(opt="")
20
20
  privileged_on primary(:web) do
21
21
  files_exist = %w(.key .csr .crt).any? do |ext|
22
- test("[ -f /etc/ssl/#{application_basename}#{ext} ]")
22
+ test("sudo [ -f /etc/ssl/#{application_basename}#{ext} ]")
23
23
  end
24
24
 
25
25
  if files_exist
@@ -34,12 +34,12 @@ namespace :fiftyfive do
34
34
  config = "/tmp/csr_config"
35
35
  ssl_script = "/tmp/ssl_script"
36
36
 
37
- template("csr_config.erb", config)
38
- template("ssl_setup", ssl_script, :mode => "+x")
37
+ template("csr_config.erb", config, :sudo => true)
38
+ template("ssl_setup", ssl_script, :mode => "+x", :sudo => true)
39
39
 
40
40
  within "/etc/ssl" do
41
- execute ssl_script, opt, application_basename, config
42
- execute :rm, ssl_script, config
41
+ execute :sudo, ssl_script, opt, application_basename, config
42
+ execute :sudo, "rm", ssl_script, config
43
43
  end
44
44
  end
45
45
  end
data/lib/capistrano/tasks/ufw.rake CHANGED
@@ -11,21 +11,21 @@ namespace :fiftyfive do
11
11
 
12
12
  # First reset the firewall on all affected servers
13
13
  privileged_on roles(*distinct_roles) do
14
- execute "ufw --force reset"
15
- execute "ufw default deny incoming"
16
- execute "ufw default allow outgoing"
14
+ execute "sudo ufw --force reset"
15
+ execute "sudo ufw default deny incoming"
16
+ execute "sudo ufw default allow outgoing"
17
17
  end
18
18
 
19
19
  # Then set up all ufw rules according to the fiftyfive_ufw_rules hash
20
20
  rules.each do |command, *role_names|
21
21
  privileged_on roles(*role_names.flatten) do
22
- execute "ufw #{command}"
22
+ execute "sudo ufw #{command}"
23
23
  end
24
24
  end
25
25
 
26
26
  # Finally, enable the firewall on all affected servers
27
27
  privileged_on roles(*distinct_roles) do
28
- execute "ufw --force enable"
28
+ execute "sudo ufw --force enable"
29
29
  end
30
30
  end
31
31
  end
data/lib/capistrano/tasks/unicorn.rake CHANGED
@@ -16,9 +16,10 @@ namespace :fiftyfive do
16
16
  template "unicorn_init.erb",
17
17
  "/etc/init.d/unicorn_#{application_basename}",
18
18
  :mode => "a+rx",
19
- :binding => binding
19
+ :binding => binding,
20
+ :sudo => true
20
21
 
21
- execute "update-rc.d -f unicorn_#{application_basename} defaults"
22
+ execute "sudo update-rc.d -f unicorn_#{application_basename} defaults"
22
23
  end
23
24
  end
24
25
 
data/lib/capistrano/tasks/user.rake CHANGED
@@ -7,8 +7,8 @@ namespace :fiftyfive do
7
7
  desc "Create the UNIX user if it doesn't already exist"
8
8
  task :add do
9
9
  privileged_on roles(:all) do |host, user|
10
- unless test("grep -q #{user}: /etc/passwd")
11
- execute :adduser, "--disabled-password", user, "</dev/null"
10
+ unless test("sudo grep -q #{user}: /etc/passwd")
11
+ execute :sudo, "adduser", "--disabled-password", user, "</dev/null"
12
12
  end
13
13
  end
14
14
  end
@@ -16,12 +16,15 @@ namespace :fiftyfive do
16
16
  desc "Copy root's authorized_keys to the user account if it doesn't "\
17
17
  "already have its own keys"
18
18
  task :install_public_key do
19
+ root = fetch(:fiftyfive_privileged_user)
20
+
19
21
  privileged_on roles(:all) do |host, user|
20
- unless test("[ -f /home/#{user}/.ssh/authorized_keys ]")
21
- execute :mkdir, "-p", "/home/#{user}/.ssh"
22
- execute :cp, "~/.ssh/authorized_keys", "/home/#{user}/.ssh"
23
- execute :chown, "-R", "#{user}:#{user}", "/home/#{user}/.ssh"
24
- execute :chmod, "600", "/home/#{user}/.ssh/authorized_keys"
22
+ unless test("sudo [ -f /home/#{user}/.ssh/authorized_keys ]")
23
+ execute :sudo, "mkdir", "-p", "/home/#{user}/.ssh"
24
+ execute :sudo, "cp", "~#{root}/.ssh/authorized_keys",
25
+ "/home/#{user}/.ssh"
26
+ execute :sudo, "chown", "-R", "#{user}:#{user}", "/home/#{user}/.ssh"
27
+ execute :sudo, "chmod", "600", "/home/#{user}/.ssh/authorized_keys"
25
28
  end
26
29
  end
27
30
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-fiftyfive
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.12.0
4
+ version: 0.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matt Brictson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-09-12 00:00:00.000000000 Z
11
+ date: 2014-09-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: capistrano