capistrano-fiftyfive 0.12.0 → 0.13.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/lib/capistrano/fiftyfive/dsl.rb +12 -4
  4. data/lib/capistrano/fiftyfive/version.rb +1 -1
  5. data/lib/capistrano/tasks/aptitude.rake +5 -5
  6. data/lib/capistrano/tasks/delayed_job.rake +3 -2
  7. data/lib/capistrano/tasks/logrotate.rake +2 -1
  8. data/lib/capistrano/tasks/nginx.rake +7 -6
  9. data/lib/capistrano/tasks/postgresql.rake +8 -7
  10. data/lib/capistrano/tasks/rbenv.rake +1 -1
  11. data/lib/capistrano/tasks/sidekiq.rake +3 -2
  12. data/lib/capistrano/tasks/ssl.rake +5 -5
  13. data/lib/capistrano/tasks/ufw.rake +5 -5
  14. data/lib/capistrano/tasks/unicorn.rake +3 -2
  15. data/lib/capistrano/tasks/user.rake +10 -7
  16. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fdbde2f4fccd4d71cee322fa44e5b0efc0b8e7f8
4
- data.tar.gz: c1f3b4f97aaa954f5f12ffdb3dc0b15cf001effa
3
+ metadata.gz: 29e3fd7ad4df880bfb2665250d10881d574d9345
4
+ data.tar.gz: 248cb2746bed751d9347586fbb0f96ace8c5c6f5
5
5
  SHA512:
6
- metadata.gz: 344a1b1348883651726eb448779a35db61697d0925c856f178d5370ff8894c65b30ab28c1a3249a76f3c6eb84e751575e91b62bb6a557c95c6b92e8ebfe939d3
7
- data.tar.gz: 6fbc01f6072e72f639542c294d9e613446de66118840992bee2b6d56bcc0ce4156c088ef344b21017f2a1c4d6847fcfd3ed93a282ba1189a8b8ac4113d39fd89
6
+ metadata.gz: 33c8160aed2ddc2dfc8f43758e567dc705b5f4e3a16341cfa525af3757c5964100829766b7e30a361f55082f956b7628aa48134f2008883c7612be1157718b65
7
+ data.tar.gz: 5aa307f5bc6704fc13db501adeb4567e58fe3ec811e4254c1fdc3f789aba4932691e295f8f377ba2f26febeb9d7da6f03618fd7d9567af4aa063645f6dc60854
data/CHANGELOG.md CHANGED
@@ -1,5 +1,15 @@
1
1
  # capistrano-fiftyfive Changelog
2
2
 
3
+ ## `0.13.0`
4
+
5
+ The provisioning tasks now work for a non-root user that has password-less sudo privileges. Assuming a user named `matt` that can sudo without being prompted for a password ([instructions here](http://askubuntu.com/questions/192050/how-to-run-sudo-command-with-no-password)), simply modify `deploy.rb` with:
6
+
7
+ ```ruby
8
+ set :fiftyfive_privileged_user, "matt"
9
+ ```
10
+
11
+ Now all provisioning tasks that would normally run as root will instead run as `matt` using `sudo`.
12
+
3
13
  ## `0.12.0`
4
14
 
5
15
  * capistrano-fiftyfive's abbreviated format now honors the new `SSHKIT_COLOR` environment variable. Set `SSHKIT_COLOR=1` to force ANSI color even on non-ttys (e.g. Jenkins).
data/lib/capistrano/fiftyfive/dsl.rb CHANGED
@@ -84,6 +84,13 @@ module Capistrano
84
84
  # remote file.
85
85
  #
86
86
  def put(string_or_io, remote_path, opts={})
87
+ sudo_exec = ->(*cmd) {
88
+ cmd = [:sudo] + cmd if opts[:sudo]
89
+ execute *cmd
90
+ }
91
+
92
+ tmp_path = "/tmp/#{SecureRandom.uuid}"
93
+
87
94
  owner = opts[:owner]
88
95
  mode = opts[:mode]
89
96
 
@@ -93,12 +100,13 @@ module Capistrano
93
100
  StringIO.new(string_or_io.to_s)
94
101
  end
95
102
 
96
- execute :mkdir, "-p", File.dirname(remote_path)
103
+ sudo_exec.call :mkdir, "-p", File.dirname(remote_path)
97
104
 
98
- upload!(source, remote_path)
105
+ upload!(source, tmp_path)
99
106
 
100
- execute(:chown, owner, remote_path) if owner
101
- execute(:chmod, mode, remote_path) if mode
107
+ sudo_exec.call(:mv, "-f", tmp_path, remote_path)
108
+ sudo_exec.call(:chown, owner, remote_path) if owner
109
+ sudo_exec.call(:chmod, mode, remote_path) if mode
102
110
  end
103
111
 
104
112
 
data/lib/capistrano/fiftyfive/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Capistrano
2
2
  module Fiftyfive
3
- VERSION = "0.12.0"
3
+ VERSION = "0.13.0"
4
4
  end
5
5
  end
data/lib/capistrano/tasks/aptitude.rake CHANGED
@@ -55,14 +55,14 @@ namespace :fiftyfive do
55
55
  end
56
56
 
57
57
  def _already_installed?(pkg)
58
- test(:dpkg, "-s", pkg, "2>/dev/null", "|", :grep, "-q 'ok installed'")
58
+ test(:sudo, "dpkg", "-s", pkg, "2>/dev/null", "|", :grep, "-q 'ok installed'")
59
59
  end
60
60
 
61
61
  def _add_repository(repo, options={})
62
62
  unless _already_installed?("python-software-properties")
63
63
  _install("python-software-properties")
64
64
  end
65
- execute :"apt-add-repository", "-y '#{repo}'"
65
+ execute :sudo, "apt-add-repository", "-y '#{repo}'"
66
66
 
67
67
  if (key = options.fetch(:key, nil))
68
68
  execute "wget --quiet -O - #{key} | sudo apt-key add -"
@@ -71,19 +71,19 @@ namespace :fiftyfive do
71
71
 
72
72
  def _install(pkg)
73
73
  with :debian_frontend => "noninteractive" do
74
- execute :aptitude, "-y -q install", pkg
74
+ execute :sudo, "aptitude", "-y -q install", pkg
75
75
  end
76
76
  end
77
77
 
78
78
  def _update
79
79
  with :debian_frontend => "noninteractive" do
80
- execute :aptitude, "-q -q -y update"
80
+ execute :sudo, "aptitude", "-q -q -y update"
81
81
  end
82
82
  end
83
83
 
84
84
  def _safe_upgrade
85
85
  with :debian_frontend => "noninteractive" do
86
- execute :aptitude, "-q -q -y safe-upgrade"
86
+ execute :sudo, "aptitude", "-q -q -y safe-upgrade"
87
87
  end
88
88
  end
89
89
 
data/lib/capistrano/tasks/delayed_job.rake CHANGED
@@ -14,9 +14,10 @@ namespace :fiftyfive do
14
14
  template "delayed_job_init.erb",
15
15
  "/etc/init.d/delayed_job_#{application_basename}",
16
16
  :mode => "a+rx",
17
- :binding => binding
17
+ :binding => binding,
18
+ :sudo => true
18
19
 
19
- execute "update-rc.d -f delayed_job_#{application_basename} defaults"
20
+ execute "sudo update-rc.d -f delayed_job_#{application_basename} defaults"
20
21
  end
21
22
  end
22
23
 
data/lib/capistrano/tasks/logrotate.rake CHANGED
@@ -9,7 +9,8 @@ namespace :fiftyfive do
9
9
  template "logrotate.erb",
10
10
  "/etc/logrotate.d/#{application_basename}-logs",
11
11
  :mode => 644,
12
- :owner => "root:root"
12
+ :owner => "root:root",
13
+ :sudo => true
13
14
  end
14
15
  end
15
16
  end
data/lib/capistrano/tasks/nginx.rake CHANGED
@@ -7,14 +7,15 @@ namespace :fiftyfive do
7
7
  desc "Install nginx.conf files and restart nginx"
8
8
  task :configure do
9
9
  privileged_on roles(:web) do
10
- template("nginx.erb", "/etc/nginx/nginx.conf")
10
+ template("nginx.erb", "/etc/nginx/nginx.conf", :sudo => true)
11
11
 
12
12
  template "nginx_unicorn.erb",
13
- "/etc/nginx/sites-enabled/#{application_basename}"
13
+ "/etc/nginx/sites-enabled/#{application_basename}",
14
+ :sudo => true
14
15
 
15
- execute "rm -f /etc/nginx/sites-enabled/default"
16
- execute "mkdir -p /etc/nginx/#{application_basename}-locations"
17
- execute "service nginx restart"
16
+ execute "sudo rm -f /etc/nginx/sites-enabled/default"
17
+ execute "sudo mkdir -p /etc/nginx/#{application_basename}-locations"
18
+ execute "sudo service nginx restart"
18
19
  end
19
20
  end
20
21
 
@@ -22,7 +23,7 @@ namespace :fiftyfive do
22
23
  desc "#{command} nginx"
23
24
  task command.intern do
24
25
  privileged_on roles(:web) do
25
- execute "service nginx #{command}"
26
+ execute "sudo service nginx #{command}"
26
27
  end
27
28
  end
28
29
  end
data/lib/capistrano/tasks/postgresql.rake CHANGED
@@ -17,24 +17,24 @@ namespace :fiftyfive do
17
17
  pgtune_output = "/tmp/postgresql.conf.pgtune"
18
18
  pg_conf = "/etc/postgresql/9.1/main/postgresql.conf"
19
19
 
20
- execute :rm, "-rf", pgtune_dir
21
- execute :git,
20
+ execute :sudo, "rm", "-rf", pgtune_dir
21
+ execute :sudo, "git",
22
22
  "clone",
23
23
  "-q",
24
24
  "https://github.com/gregs1104/pgtune.git",
25
25
  pgtune_dir
26
26
 
27
- execute "#{pgtune_dir}/pgtune",
27
+ execute "sudo #{pgtune_dir}/pgtune",
28
28
  "--input-config", pg_conf,
29
29
  "--output-config", pgtune_output,
30
30
  "--type", "Web",
31
31
  "--connections", fetch(:fiftyfive_postgresql_max_connections)
32
32
 
33
33
  # Log diff for informational purposes
34
- execute :diff, pg_conf, pgtune_output, "|| true"
34
+ execute :sudo, "diff", pg_conf, pgtune_output, "|| true"
35
35
 
36
- execute :cp, pgtune_output, pg_conf
37
- execute :service, "postgresql", "restart"
36
+ execute :sudo, "cp", pgtune_output, pg_conf
37
+ execute :sudo, "service", "postgresql", "restart"
38
38
  end
39
39
  end
40
40
 
@@ -109,7 +109,8 @@ namespace :fiftyfive do
109
109
  "/etc/logrotate.d/postgresql-backup-#{application_basename}",
110
110
  :owner => "root:root",
111
111
  :mode => "644",
112
- :binding => binding
112
+ :binding => binding,
113
+ :sudo => true
113
114
  end
114
115
  end
115
116
 
data/lib/capistrano/tasks/rbenv.rake CHANGED
@@ -62,7 +62,7 @@ namespace :fiftyfive do
62
62
  task :bootstrap_ubuntu_for_ruby_compile do
63
63
  privileged_on release_roles(:all) do |host, user|
64
64
  with :debian_frontend => "noninteractive" do
65
- execute "~#{user}/.rbenv/plugins/rbenv-bootstrap/bin/rbenv-bootstrap-ubuntu-12-04"
65
+ execute "sudo ~#{user}/.rbenv/plugins/rbenv-bootstrap/bin/rbenv-bootstrap-ubuntu-12-04"
66
66
  end
67
67
  end
68
68
  end
data/lib/capistrano/tasks/sidekiq.rake CHANGED
@@ -14,9 +14,10 @@ namespace :fiftyfive do
14
14
  template "sidekiq_init.erb",
15
15
  "/etc/init.d/sidekiq_#{application_basename}",
16
16
  :mode => "a+rx",
17
- :binding => binding
17
+ :binding => binding,
18
+ :sudo => true
18
19
 
19
- execute "update-rc.d -f sidekiq_#{application_basename} defaults"
20
+ execute "sudo update-rc.d -f sidekiq_#{application_basename} defaults"
20
21
  end
21
22
  end
22
23
 
data/lib/capistrano/tasks/ssl.rake CHANGED
@@ -19,7 +19,7 @@ namespace :fiftyfive do
19
19
  def _run_ssl_script(opt="")
20
20
  privileged_on primary(:web) do
21
21
  files_exist = %w(.key .csr .crt).any? do |ext|
22
- test("[ -f /etc/ssl/#{application_basename}#{ext} ]")
22
+ test("sudo [ -f /etc/ssl/#{application_basename}#{ext} ]")
23
23
  end
24
24
 
25
25
  if files_exist
@@ -34,12 +34,12 @@ namespace :fiftyfive do
34
34
  config = "/tmp/csr_config"
35
35
  ssl_script = "/tmp/ssl_script"
36
36
 
37
- template("csr_config.erb", config)
38
- template("ssl_setup", ssl_script, :mode => "+x")
37
+ template("csr_config.erb", config, :sudo => true)
38
+ template("ssl_setup", ssl_script, :mode => "+x", :sudo => true)
39
39
 
40
40
  within "/etc/ssl" do
41
- execute ssl_script, opt, application_basename, config
42
- execute :rm, ssl_script, config
41
+ execute :sudo, ssl_script, opt, application_basename, config
42
+ execute :sudo, "rm", ssl_script, config
43
43
  end
44
44
  end
45
45
  end
data/lib/capistrano/tasks/ufw.rake CHANGED
@@ -11,21 +11,21 @@ namespace :fiftyfive do
11
11
 
12
12
  # First reset the firewall on all affected servers
13
13
  privileged_on roles(*distinct_roles) do
14
- execute "ufw --force reset"
15
- execute "ufw default deny incoming"
16
- execute "ufw default allow outgoing"
14
+ execute "sudo ufw --force reset"
15
+ execute "sudo ufw default deny incoming"
16
+ execute "sudo ufw default allow outgoing"
17
17
  end
18
18
 
19
19
  # Then set up all ufw rules according to the fiftyfive_ufw_rules hash
20
20
  rules.each do |command, *role_names|
21
21
  privileged_on roles(*role_names.flatten) do
22
- execute "ufw #{command}"
22
+ execute "sudo ufw #{command}"
23
23
  end
24
24
  end
25
25
 
26
26
  # Finally, enable the firewall on all affected servers
27
27
  privileged_on roles(*distinct_roles) do
28
- execute "ufw --force enable"
28
+ execute "sudo ufw --force enable"
29
29
  end
30
30
  end
31
31
  end
data/lib/capistrano/tasks/unicorn.rake CHANGED
@@ -16,9 +16,10 @@ namespace :fiftyfive do
16
16
  template "unicorn_init.erb",
17
17
  "/etc/init.d/unicorn_#{application_basename}",
18
18
  :mode => "a+rx",
19
- :binding => binding
19
+ :binding => binding,
20
+ :sudo => true
20
21
 
21
- execute "update-rc.d -f unicorn_#{application_basename} defaults"
22
+ execute "sudo update-rc.d -f unicorn_#{application_basename} defaults"
22
23
  end
23
24
  end
24
25
 
data/lib/capistrano/tasks/user.rake CHANGED
@@ -7,8 +7,8 @@ namespace :fiftyfive do
7
7
  desc "Create the UNIX user if it doesn't already exist"
8
8
  task :add do
9
9
  privileged_on roles(:all) do |host, user|
10
- unless test("grep -q #{user}: /etc/passwd")
11
- execute :adduser, "--disabled-password", user, "</dev/null"
10
+ unless test("sudo grep -q #{user}: /etc/passwd")
11
+ execute :sudo, "adduser", "--disabled-password", user, "</dev/null"
12
12
  end
13
13
  end
14
14
  end
@@ -16,12 +16,15 @@ namespace :fiftyfive do
16
16
  desc "Copy root's authorized_keys to the user account if it doesn't "\
17
17
  "already have its own keys"
18
18
  task :install_public_key do
19
+ root = fetch(:fiftyfive_privileged_user)
20
+
19
21
  privileged_on roles(:all) do |host, user|
20
- unless test("[ -f /home/#{user}/.ssh/authorized_keys ]")
21
- execute :mkdir, "-p", "/home/#{user}/.ssh"
22
- execute :cp, "~/.ssh/authorized_keys", "/home/#{user}/.ssh"
23
- execute :chown, "-R", "#{user}:#{user}", "/home/#{user}/.ssh"
24
- execute :chmod, "600", "/home/#{user}/.ssh/authorized_keys"
22
+ unless test("sudo [ -f /home/#{user}/.ssh/authorized_keys ]")
23
+ execute :sudo, "mkdir", "-p", "/home/#{user}/.ssh"
24
+ execute :sudo, "cp", "~#{root}/.ssh/authorized_keys",
25
+ "/home/#{user}/.ssh"
26
+ execute :sudo, "chown", "-R", "#{user}:#{user}", "/home/#{user}/.ssh"
27
+ execute :sudo, "chmod", "600", "/home/#{user}/.ssh/authorized_keys"
25
28
  end
26
29
  end
27
30
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-fiftyfive
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.12.0
4
+ version: 0.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matt Brictson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-09-12 00:00:00.000000000 Z
11
+ date: 2014-09-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: capistrano