capistrano-fiftyfive 0.9.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 24b1413c65db68ecf7cfa640483d863ae19d910f
+  data.tar.gz: ef376f1cd739af9b21f61787f91e1f06b68d151c
+SHA512:
+  metadata.gz: 431fa3a8dd368a43c5cd2ebd62c0c7dc9b8204918c5c8d1067e7b002dd02de6f92859aef08f70f4d27d03aab85bc9964fcffb8c7d4a725df666282abfea12769
+  data.tar.gz: 8a2a6abc2ef46dbe76ec15723b4a93f9ab80dadec26ef271b211fbadae77464c091a8934214565a08ed6145fa432165e06b6dd9330640e5762f9d40d36acc432

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+# capistrano-fiftyfive Changelog
+
+## `0.9.0`
+
+Initial Rubygems release!

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in capistrano-fiftyfive.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 55 Minutes Inc
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,164 @@
+# capistrano-fiftyfive
+
+Capistrano is great for deploying Rails applications, but what about all the prerequisites, like Nginx and PostgreSQL? Do you have a firewall configured on your VPS? Have you installed the latest OS security updates? Is HTTPS working right?
+
+The capistrano-fiftyfive gem adds a `cap <stage> provision` task to Capistrano that takes care of all that. Out of the box, `provision` will:
+
+* Install the latest `postgresql`, `node.js`, and `nginx` apt packages
+* Install all libraries needed to build Ruby
+* Lock down your VPS using `ufw` (a simple front-end to iptables)
+* Set up `logrotated` for your Rails logs
+* Schedule an automatic daily backup of your Rails database
+* Generate a self-signed SSL certificate if you need one
+* Set up ngnix with the latest SSL practices and integrate it with Unicorn for your Rails app
+* Create the `deployer` user and install an SSH public key
+* Install `rbenv` and use `ruby-build` to compile the version of Ruby required by your app (by inspecting your `.ruby-version` file)
+* And more!
+
+The gem is named "capistrano-fiftyfive" because it is built first and foremost for serving our deployment needs here at [55 Minutes](http://55minutes.com). You'll notice that capistrano-fiftyfive is opinionated and strictly uses the following stack:
+
+* Ubuntu 12.04 LTS
+* PostgreSQL
+* Unicorn
+* Nginx
+* rbenv
+* dotenv
+
+In addition, capistrano-fiftyfive changes many of Capistrano's defaults, including the deployment location, Bundler behavior, and SSH keep-alive settings. It also overhauls and simplifies the logging format. (See [defaults.rake][] for details.)
+
+Not quite to your liking? Consider forking the project to meet your needs.
+
+
+## Installation
+
+Please note that this project requires **Capistrano 3.x**, which is a complete
+rewrite of Capistrano 2.x. The two major versions are not compatible.
+
+### 1. Gemfile
+
+Add these gems to the development group of your Rails application's Gemfile:
+
+    group :development do
+      gem 'capistrano-bundler', :require => false
+      gem 'capistrano-rails', :require => false
+      gem 'capistrano', '~> 3.2.1', :require => false
+      gem 'capistrano-fiftyfive', '~> 0.9.0', :require => false
+    end
+
+And then execute:
+
+    $ bundle
+
+
+### 2. cap install
+
+If your project doesn't yet have a `Capfile`, run `cap install` with the list
+of desired stages (environments):
+
+    cap install STAGES=staging,production
+
+
+### 3. Capfile
+
+Add these lines to the **bottom** of your app's `Capfile`
+(order is important!):
+
+    require 'capistrano/bundler'
+    require 'capistrano/rails'
+    require 'capistrano/fiftyfive'
+
+
+### 4. Choose which recipes to auto-run
+
+Most of the capistrano-fiftyfive recipes are designed to run automatically as part of `cap <stage> provision`, for installing and setting up various bits of the Rails infrastructure, like nginx, unicorn, and postgres. Some recipes also contribute to the `cap <stage> deploy` process.
+
+*This auto-run behavior is fully under your control.*  In your `deploy.rb`,
+set `:fiftyfive_recipes` to an array of the desired recipes.
+If you don't want a recipe to execute as part of `deploy`/`provision`, simply omit it from
+the list.
+
+The following list will suffice for most out-of-the-box Rails apps. The order of the list is not important.
+
+    set :fiftyfive_recipes, %w(
+      aptitude
+      crontab
+      dotenv
+      logrotate
+      migrate
+      nginx
+      postgresql
+      rbenv
+      seed
+      ssl
+      ufw
+      unicorn
+      user
+      version
+    )
+
+Even if you don't include a recipe in the auto-run list, you can still invoke
+the tasks of those recipes manually at your discretion.
+
+
+### 5. Configuration
+
+Many of the recipes have default settings that can be overridden. Use your
+`deploy.rb` file to specify these overrides. Or, you can override per stage.
+Here is an example override:
+
+    set :fiftyfive_unicorn_workers, 8
+
+For the full list of settings and their default values, refer to
+[defaults.rake][].
+
+
+### A working example
+
+Check out our [rails-starter][] project for a sample Capfile and deploy.rb.
+
+## Usage
+
+The power of the capistrano-fiftyfive recipes is that they take care of the
+entire setup of a bare Ubuntu 12.04 server, all the way to a fully configured
+and running Rails app on top up Unicorn, Nginx, rbenv, and PostgreSQL.
+
+### Deploying to a new server from scratch
+
+These steps assume you have loaded the full set of capistrano-fiftyfive
+recipes in your Capfile.
+
+1. Provision an Ubuntu 12.04 VPS at your hosting provider of choice.
+2. Install your public SSH key for the root user. Some providers (e.g. DigitalOcean) can do this for you automatically when you provision a new VPS.
+3. Repeat steps 1-2 for all the servers in your cluster, if you are using
+   a multi-server setup (e.g. separate web, app, and database servers).
+4. Let capistrano-fiftyfive take it from here:
+
+        cap staging provision
+        cap staging deploy
+
+### Running individual tasks
+
+For a full description of all available tasks, run:
+
+    cap -T
+
+All tasks from capistrano-fiftyfive will be prefixed with `fiftyfive:`. You
+can run these tasks just like any other capistrano task, like so:
+
+    cap staging fiftyfive:seed
+
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+
+[Postmark]:https://postmarkapp.com
+[cast337]:http://railscasts.com/episodes/337-capistrano-recipes
+[cast373]:http://railscasts.com/episodes/373-zero-downtime-deployment
+[defaults.rake]:lib/capistrano/tasks/defaults.rake
+[rails-starter]:https://github.com/55minutes/rails-starter/tree/master/config

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/capistrano-fiftyfive.gemspec

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'capistrano/fiftyfive/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "capistrano-fiftyfive"
+  spec.version       = Capistrano::Fiftyfive::VERSION
+  spec.authors       = ["Matt Brictson"]
+  spec.email         = ["opensource@55minutes.com"]
+  spec.description   = \
+    "Capistrano 3.1+ recipes that we use at 55 Minutes to standardize "\
+    "our Rails deployments. These are tailored for Ubuntu 12.04 LTS, "\
+    "PostgreSQL, Nginx, Unicorn, rbenv, and Rails 3/4."
+  spec.summary       = %q{Additional Capistrano recipes from 55 Minutes}
+  spec.homepage      = "https://github.com/55minutes/capistrano-fiftyfive"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "capistrano", ">= 3.2.1"
+  spec.add_dependency "sshkit", ">= 1.4.0"
+  spec.add_dependency "colorize"
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

data/lib/capistrano/fiftyfive/compatibility.rb

@@ -0,0 +1,17 @@
+require 'colorize'
+
+unless defined?(Capistrano) && defined?(:namespace)
+  $stderr.puts\
+    "WARNING: capistrano/fiftyfive must be loaded by Capistrano in order "\
+    "to work.\nRequire this gem by using Capistrano's Capfile, "\
+    "as described here:\n"\
+    "https://github.com/55minutes/capistrano-fiftyfive#installation"\
+    .colorize(:red)
+end
+
+if Capistrano::VERSION == "3.2.0"
+  $stderr.puts\
+    "WARNING: Capistrano 3.2.0 has a critical bug that prevents "\
+    "capistrano-fiftyfive from working as intended:\n"\
+    "https://github.com/capistrano/capistrano/issues/1004".colorize(:red)
+end

data/lib/capistrano/fiftyfive/console.rb

@@ -0,0 +1,61 @@
+require 'io/console'
+
+module Capistrano
+  module Fiftyfive
+    # Helper class that wraps an IO object and provides methods for truncating
+    # output, assuming the IO object represents a console window.
+    #
+    # This is useful for writing log messages that will typically show up on
+    # an ANSI color-capable console. When a console is not present (e.g. when
+    # running on a CI server) the output will gracefully degrade.
+    class Console
+      def initialize(output)
+        @output = output
+      end
+
+      # Writes to the IO after first truncating the output to fit the console
+      # width. If the underlying IO is not a TTY, ANSI colors are removed from
+      # the output. A newline is always added.
+      def print_line(obj)
+        string = obj.to_s
+
+        if @output.tty?
+          string = truncate_to_console_width(string)
+        else
+          string = strip_ascii_color(string)
+        end
+
+        write(string + "\n")
+      end
+
+      # Writes directly through to the IO with no truncation or color logic.
+      # No newline is added.
+      def write(string)
+        @output.write(string || "")
+      end
+      alias_method :<<, :write
+
+      def truncate_to_console_width(string)
+        string = (string || "").rstrip
+        width = console_width
+
+        if strip_ascii_color(string).length > width
+          while strip_ascii_color(string).length >= width
+            string.chop!
+          end
+          string << "…\e[0m"
+        else
+          string
+        end
+      end
+
+      def strip_ascii_color(string)
+        (string || "").gsub(/\033\[[0-9;]*m/, "")
+      end
+
+      def console_width
+        IO.console.winsize.last if @output.tty?
+      end
+    end
+  end
+end

data/lib/capistrano/fiftyfive/dsl.rb

@@ -0,0 +1,140 @@
+module Capistrano
+  module Fiftyfive
+    module DSL
+
+      # Invoke the given task. If a task with that name is not defined,
+      # silently skip it.
+      #
+      def invoke_if_defined(task)
+        invoke(task) if Rake::Task.task_defined?(task)
+      end
+
+      # Used internally by capistrano-fiftyfive to register tasks such that
+      # those tasks are executed conditionally based on the presence of the
+      # recipe name in fetch(:fiftyfive_recipes).
+      #
+      #   fiftyfive_recipe :aptitude do
+      #     during :provision, %w(task1 task2 ...)
+      #   end
+      #
+      def fiftyfive_recipe(recipe_name, &block)
+        Recipe.new(recipe_name).instance_exec(&block)
+      end
+
+      # Helper for calling fetch(:application) and making the value safe for
+      # using in filenames, usernames, etc. Replaces non-word characters with
+      # underscores.
+      #
+      def application_basename
+        fetch(:application).to_s.gsub(/[^a-zA-Z0-9_]/, "_")
+      end
+
+      # Like capistrano's built-in ask(), but does not echo user input.
+      # Suitable for passwords, etc. Requires the highline gem.
+      #
+      #   ask_secretly(:postgresql_password)
+      #
+      def ask_secretly(key, default=nil)
+        require "highline"
+        set key, proc{
+          hint = default ? " [#{default}]" : ""
+          answer = HighLine.new.ask("Enter #{key}#{hint}: ") do |q|
+            q.echo = false
+          end.to_s
+        }
+      end
+
+      # Like capistrano's built-in on(), but connects to the server as root.
+      # To use a user other than root, set :fiftyfive_privileged_user or
+      # specify :privileged_user as a server property.
+      #
+      #   task :reboot do
+      #     privileged_on roles(:all) do
+      #       execute :shutdown, "-r", "now"
+      #     end
+      #   end
+      #
+      def privileged_on(*args, &block)
+        on(*args) do |host|
+          if host.nil?
+            instance_exec(nil, nil, &block)
+          else
+            original_user = host.user
+
+            begin
+              host.user = host.properties.privileged_user ||
+                          fetch(:fiftyfive_privileged_user)
+              instance_exec(host, original_user, &block)
+            ensure
+              host.user = original_user
+            end
+          end
+        end
+      end
+
+      # Uploads the given string or file-like object to the current host
+      # context. Intended to be used within an on() or privileged_on() block.
+      # Accepts :owner and :mode options that affect the permissions of the
+      # remote file.
+      #
+      def put(string_or_io, remote_path, opts={})
+        owner = opts[:owner]
+        mode = opts[:mode]
+
+        source = if string_or_io.respond_to?(:read)
+          string_or_io
+        else
+          StringIO.new(string_or_io.to_s)
+        end
+
+        execute :mkdir, "-p", File.dirname(remote_path)
+
+        upload!(source, remote_path)
+
+        execute(:chown, owner, remote_path) if owner
+        execute(:chmod, mode, remote_path) if mode
+      end
+
+
+      # Read the specified file from the local system, interpret it as ERb,
+      # and upload it to the current host context. Intended to be used with an
+      # on() or privileged_on() block. Accepts :owner, :mode, and :binding
+      # options.
+      #
+      # Templates with relative paths are first searched for in
+      # lib/capistrano/fiftyfive/templates in the current project. This gives
+      # applications a chance to override. If an override is not found, the
+      # default template within the capistrano-fiftyfive gem is used.
+      #
+      #   task :create_database_yml do
+      #     on roles(:app, :db) do
+      #       within(shared_path) do
+      #         template fetch(:database_yml_template_path),
+      #                  "config/database.yml",
+      #                  :mode => "600"
+      #       end
+      #     end
+      #   end
+      #
+      def template(local_path, remote_path, opts={})
+        binding = opts[:binding] || binding
+
+        unless local_path.start_with?("/")
+          override_path = \
+            File.join("lib/capistrano/fiftyfive/templates", local_path)
+
+          local_path = if File.exist?(override_path)
+            override_path
+          else
+            File.expand_path(File.join("../templates", local_path), __FILE__)
+          end
+        end
+
+        erb = File.read(local_path)
+        rendered_template = ERB.new(erb).result(binding)
+
+        put(rendered_template, remote_path, opts)
+      end
+    end
+  end
+end

data/lib/capistrano/fiftyfive/recipe.rb

@@ -0,0 +1,48 @@
+module Capistrano
+  module Fiftyfive
+    class Recipe
+      attr_reader :name
+
+      def initialize(name)
+        @name = name.to_s
+      end
+
+      def enabled?
+        fetch(:fiftyfive_recipes, []).map(&:to_s).include?(name)
+      end
+
+      def prior_to(task_to_extend, *recipe_tasks)
+        inject_tasks(:before, task_to_extend, *recipe_tasks)
+      end
+
+      def during(task_to_extend, *recipe_tasks)
+        inject_tasks(:after, task_to_extend, *recipe_tasks)
+      end
+
+      private
+
+      def inject_tasks(method, task_to_extend, *recipe_tasks)
+        create_task_unless_exists(task_to_extend)
+
+        recipe_tasks.flatten.each do |task|
+          qualified_task = apply_namespace(task)
+          send(method, task_to_extend, "#{qualified_task}:if_enabled") do
+            invoke qualified_task if enabled?
+          end
+        end
+      end
+
+      def apply_namespace(task_name)
+        return task_name if task_name.include?(":")
+
+        "fiftyfive:#{name}:#{task_name}"
+      end
+
+      def create_task_unless_exists(task_name)
+        unless Rake::Task.task_defined?(task_name)
+          Rake::Task.define_task(task_name)
+        end
+      end
+    end
+  end
+end

data/lib/capistrano/fiftyfive/templates/crontab.erb

@@ -0,0 +1 @@
+# Sample crontab (empty)

data/lib/capistrano/fiftyfive/templates/csr_config.erb

@@ -0,0 +1,10 @@
+[ req ]
+distinguished_name="req_distinguished_name"
+prompt="no"
+
+[ req_distinguished_name ]
+C="<%= fetch(:fiftyfive_ssl_csr_country) %>"
+ST="<%= fetch(:fiftyfive_ssl_csr_state) %>"
+L="<%= fetch(:fiftyfive_ssl_csr_city) %>"
+O="<%= fetch(:fiftyfive_ssl_csr_org) %>"
+CN="<%= fetch(:fiftyfive_ssl_csr_name) %>"

data/lib/capistrano/fiftyfive/templates/delayed_job_init.erb

@@ -0,0 +1,36 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          delayed_job
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Manage delayed_job worker
+# Description:       Start, stop, restart delayed_job workers for a specific application.
+### END INIT INFO
+set -e
+
+# Feel free to change any of the following variables for your app:
+CMD="cd <%= current_path %>; RAILS_ENV=<%= fetch(:rails_env) %> <%= fetch(:fiftyfive_delayed_job_script) %>"
+AS_USER=<%= fetch(:fiftyfive_delayed_job_user, user) %>
+set -u
+
+run () {
+  if [ "$(id -un)" = "$AS_USER" ]; then
+    eval $1
+  else
+    su -c "$1" - $AS_USER
+  fi
+}
+
+case "$1" in
+start)
+  run "$CMD start <%= fetch(:fiftyfive_delayed_job_args) %>"
+  ;;
+stop)
+  run "$CMD stop"
+  ;;
+restart)
+  run "$CMD restart <%= fetch(:fiftyfive_delayed_job_args) %>"
+  ;;
+esac

data/lib/capistrano/fiftyfive/templates/logrotate.erb

@@ -0,0 +1,9 @@
+<%= shared_path %>/log/*.log {
+  daily
+  nomissingok
+  rotate 7
+  compress
+  delaycompress
+  notifempty
+  copytruncate
+}

data/lib/capistrano/fiftyfive/templates/maintenance.html.erb

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>Maintenance</title>
+    <style type="text/css">
+    body {
+        width: 500px;
+        margin: 100px auto;
+        font: 300 120% "OpenSans", "Helvetica Neue", "Helvetica", Arial, Verdana, sans-serif;
+    }
+
+    h1 {
+        font-weight: 300;
+    }
+    </style>
+</head>
+<body>
+    <h1>Maintenance</h1>
+
+    <p>Our systems are currently down for <%= reason ? reason : "maintenance" %><br>
+           as of <%= Time.now.strftime("%H:%M %Z") %>.</p>
+
+    <p>We’ll be back <%= deadline ? deadline : "shortly" %>.</p>
+</body>
+</html>

data/lib/capistrano/fiftyfive/templates/nginx.erb

@@ -0,0 +1,60 @@
+# Based on https://github.com/defunkt/unicorn/blob/master/examples/nginx.conf
+
+user www-data;
+pid /run/nginx.pid;
+error_log /var/log/nginx/error.log;
+
+# you generally only need one nginx worker unless you're serving
+# large amounts of static files which require blocking disk reads
+worker_processes 1;
+
+events {
+  worker_connections 1024; # increase if you have lots of clients
+  accept_mutex off; # "on" if nginx worker_processes > 1
+  use epoll; # for Linux 2.6+
+}
+
+http {
+  # ensure nginx is able to load lots of third-party modules
+  types_hash_max_size 2048;
+  server_names_hash_bucket_size 64;
+
+  # nginx will find this file in the config directory set at nginx build time
+  include mime.types;
+
+  # fallback in case we can't determine a type
+  default_type application/octet-stream;
+
+  # click tracking!
+  access_log /var/log/nginx/access.log combined;
+
+  # you generally want to serve static files with nginx since neither
+  # Unicorn nor Rainbows! is optimized for it at the moment
+  sendfile on;
+
+  tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
+  tcp_nodelay off; # on may be better for some Comet/long-poll stuff
+
+  # we haven't checked to see if Rack::Deflate on the app server is
+  # faster or not than doing compression via nginx.  It's easier
+  # to configure it all in one place here for static files and also
+  # to disable gzip for clients who don't get gzip/deflate right.
+  # There are other gzip settings that may be needed used to deal with
+  # bad clients out there, see http://wiki.nginx.org/NginxHttpGzipModule
+  gzip on;
+  gzip_http_version 1.0;
+  gzip_proxied any;
+  gzip_min_length 500;
+  gzip_disable "MSIE [1-6]\.";
+  gzip_types text/plain text/xml text/css
+             text/comma-separated-values
+             text/javascript application/x-javascript
+             application/atom+xml;
+
+
+  # Allow SSL session resumption
+  ssl_session_cache shared:SSL:10m;
+
+  include /etc/nginx/conf.d/*.conf;
+  include /etc/nginx/sites-enabled/*;
+}