capistrano-fiftyfive 0.9.0

data/lib/capistrano/tasks/delayed_job.rake

@@ -0,0 +1,32 @@
+fiftyfive_recipe :delayed_job do
+  during :provision, "init_d"
+  during "deploy:start", "start"
+  during "deploy:stop", "stop"
+  during "deploy:restart", "restart"
+  during "deploy:publishing", "restart"
+end
+
+namespace :fiftyfive do
+  namespace :delayed_job do
+    desc "Install delayed_job service script"
+    task :init_d do
+      privileged_on roles(:delayed_job) do |host, user|
+        template "delayed_job_init.erb",
+                 "/etc/init.d/delayed_job_#{application_basename}",
+                 :mode => "a+rx",
+                 :binding => binding
+
+        execute "update-rc.d -f delayed_job_#{application_basename} defaults"
+      end
+    end
+
+    %w[start stop restart].each do |command|
+      desc "#{command} delayed_job"
+      task command do
+        on roles(:delayed_job) do
+          execute "service delayed_job_#{application_basename} #{command}"
+        end
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/dotenv.rake

@@ -0,0 +1,53 @@
+fiftyfive_recipe :dotenv do
+  during "provision", "update"
+  prior_to "deploy:publishing", "update"
+end
+
+namespace :fiftyfive do
+  namespace :dotenv do
+    desc "Replace/create .env file with values provided at console"
+    task :replace do
+      set_up_secret_prompts
+
+      on release_roles(:all) do
+        update_dotenv_file
+      end
+    end
+
+    desc "Update .env file with any missing values"
+    task :update do
+      set_up_secret_prompts
+
+      on release_roles(:all) do
+        existing_env = if test("[ -f #{shared_dotenv_path} ]")
+          download!(shared_dotenv_path)
+        end
+        update_dotenv_file(existing_env || "")
+      end
+    end
+
+    def shared_dotenv_path
+      "#{shared_path}/#{fetch(:fiftyfive_dotenv_filename)}"
+    end
+
+    def set_up_secret_prompts
+      fetch(:fiftyfive_dotenv_keys).each { |k| ask_secretly(k) }
+    end
+
+    def update_dotenv_file(existing="")
+      updated = existing.dup
+
+      fetch(:fiftyfive_dotenv_keys).each do |key|
+        next if existing =~ /^#{Regexp.escape(key.upcase)}=/
+        fetch(:fiftyfive_dotenv_monitor).synchronize do
+          updated << "\n" unless updated.end_with?("\n")
+          updated << "#{key.upcase}=#{fetch(key)}\n"
+        end
+      end
+
+      unless existing == updated
+        put(updated, shared_dotenv_path, :mode => "600")
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/logrotate.rake

@@ -0,0 +1,15 @@
+fiftyfive_recipe :logrotate do
+  during :provision, "fiftyfive:logrotate"
+end
+
+namespace :fiftyfive do
+  desc "Configure logrotate for Rails logs"
+  task :logrotate do
+    privileged_on release_roles(:all) do
+      template "logrotate.erb",
+               "/etc/logrotate.d/#{application_basename}-logs",
+               :mode => 644,
+               :owner => "root:root"
+    end
+  end
+end

data/lib/capistrano/tasks/maintenance.rake

@@ -0,0 +1,28 @@
+fiftyfive_recipe :maintenance do
+  # No hooks for this recipe
+end
+
+namespace :fiftyfive do
+  namespace :maintenance do
+    desc "Tell nginx to display a 503 page for all web requests, using the "\
+         "maintenance.html.erb template"
+    task :enable do
+      on roles(:web) do
+        reason = ENV["REASON"]
+        deadline = ENV["DEADLINE"]
+
+        template "maintenance.html.erb",
+                 "#{current_path}/public/system/maintenance.html",
+                 :binding => binding,
+                 :mode => "644"
+      end
+    end
+
+    desc "Remove the 503 page"
+    task :disable do
+      on roles(:web) do
+        execute :rm, "-f", "#{current_path}/public/system/maintenance.html"
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/migrate.rake

@@ -0,0 +1,29 @@
+fiftyfive_recipe :migrate do
+  during   "deploy:migrate_and_restart", "deploy"
+  prior_to "deploy:migrate",             "enable_maintenance_before"
+  during   "deploy:published",           "disable_maintenance_after"
+end
+
+namespace :fiftyfive do
+  namespace :migrate do
+    desc "Deploy the app, stopping it and showing a 503 maintenance page "\
+         "while database migrations are being performed; then start the app"
+    task :deploy do
+      set(:fiftyfive_restart_during_migrate, true)
+      invoke :deploy
+    end
+
+    task :enable_maintenance_before do
+      if fetch(:fiftyfive_restart_during_migrate)
+        invoke_if_defined "fiftyfive:maintenance:enable"
+        invoke_if_defined "deploy:stop"
+      end
+    end
+
+    task :disable_maintenance_after do
+      if fetch(:fiftyfive_restart_during_migrate)
+        invoke_if_defined "fiftyfive:maintenance:disable"
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/nginx.rake

@@ -0,0 +1,30 @@
+fiftyfive_recipe :nginx do
+  during :provision, "configure"
+end
+
+namespace :fiftyfive do
+  namespace :nginx do
+    desc "Install nginx.conf files and restart nginx"
+    task :configure do
+      privileged_on roles(:web) do
+        template("nginx.erb", "/etc/nginx/nginx.conf")
+
+        template "nginx_unicorn.erb",
+                 "/etc/nginx/sites-enabled/#{application_basename}"
+
+        execute "rm -f /etc/nginx/sites-enabled/default"
+        execute "mkdir -p /etc/nginx/#{application_basename}-locations"
+        execute "service nginx restart"
+      end
+    end
+
+    %w(start stop restart).each do |command|
+      desc "#{command} nginx"
+      task command.intern do
+        privileged_on roles(:web) do
+          execute "service nginx #{command}"
+        end
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/postgresql.rake

@@ -0,0 +1,103 @@
+fiftyfive_recipe :postgresql do
+  during :provision, %w(
+    create_user
+    create_database
+    database_yml
+    pgpass
+    logrotate_backup
+  )
+end
+
+namespace :fiftyfive do
+  namespace :postgresql do
+    desc "Update postgresql.conf using pgtune"
+    task :tune do
+      privileged_on primary(:db), :in => :sequence do
+        pgtune_dir = "/tmp/pgtune"
+        pgtune_output = "/tmp/postgresql.conf.pgtune"
+        pg_conf = "/etc/postgresql/9.1/main/postgresql.conf"
+
+        execute :rm, "-rf", pgtune_dir
+        execute :git,
+                "clone",
+                "-q",
+                "https://github.com/gregs1104/pgtune.git",
+                pgtune_dir
+
+        execute "#{pgtune_dir}/pgtune",
+                "--input-config", pg_conf,
+                "--output-config", pgtune_output,
+                "--type", "Web",
+                "--connections", fetch(:fiftyfive_postgresql_max_connections)
+
+        # Log diff for informational purposes
+        execute :diff, pg_conf, pgtune_output, "|| true"
+
+        execute :cp, pgtune_output, pg_conf
+        execute :service, "postgresql", "restart"
+      end
+    end
+
+    desc "Create user if it doesn't already exist"
+    task :create_user do
+      privileged_on primary(:db) do
+        user = fetch(:fiftyfive_postgresql_user)
+
+        unless test("sudo -u postgres psql -c '\\du' | grep -q #{user}")
+          passwd = fetch(:fiftyfive_postgresql_password)
+          execute %Q[sudo -u postgres psql -c "create user #{user} with password '#{passwd}';"]
+        end
+      end
+    end
+
+    desc "Create database if it doesn't already exist"
+    task :create_database do
+      privileged_on primary(:db) do
+        user = fetch(:fiftyfive_postgresql_user)
+        db = fetch(:fiftyfive_postgresql_database)
+
+        unless test("sudo -u postgres psql -l | grep -w -q #{db}")
+          execute "sudo -u postgres createdb -O #{user} #{db}"
+        end
+      end
+    end
+
+    desc "Generate database.yml"
+    task :database_yml do
+      fetch(:fiftyfive_postgresql_password)
+      on release_roles(:all) do
+        template "postgresql.yml.erb",
+                 "#{shared_path}/config/database.yml",
+                 :mode => "600"
+      end
+    end
+
+    desc "Generate pgpass file (needed by backup scripts)"
+    task :pgpass do
+      fetch(:fiftyfive_postgresql_password)
+      on release_roles(:all) do
+        template "pgpass.erb",
+                 fetch(:fiftyfive_postgresql_pgpass_path),
+                 :mode => "600"
+      end
+    end
+
+    desc "Configure logrotate to back up the database daily"
+    task :logrotate_backup do
+      on roles(:backup) do
+        backup_path = fetch(:fiftyfive_postgresql_backup_path)
+        execute :mkdir, "-p", File.dirname(backup_path)
+        execute :touch, backup_path
+      end
+
+      privileged_on roles(:backup) do |host, user|
+        template\
+          "postgresql-backup-logrotate.erb",
+          "/etc/logrotate.d/postgresql-backup-#{application_basename}",
+          :owner => "root:root",
+          :mode => "644",
+          :binding => binding
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/rake.rake

@@ -0,0 +1,20 @@
+fiftyfive_recipe :rake do
+  # No hooks
+end
+
+namespace :fiftyfive do
+  desc "Remotely execute a rake task"
+  task :rake do
+    if ENV['COMMAND'].nil?
+      raise "USAGE: cap #{fetch(:stage)} fiftyfive:rake COMMAND=my:task"
+    end
+
+    on primary(:app) do
+      within current_path do
+        with :rails_env => fetch(:rails_env) do
+          execute :rake, ENV['COMMAND']
+        end
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/rbenv.rake

@@ -0,0 +1,92 @@
+fiftyfive_recipe :rbenv do
+  during :provision, %w(install write_vars)
+end
+
+namespace :fiftyfive do
+  namespace :rbenv do
+    desc "Install rbenv and compile ruby"
+    task :install do
+      invoke "fiftyfive:rbenv:run_installer"
+      invoke "fiftyfive:rbenv:modify_bashrc"
+      invoke "fiftyfive:rbenv:bootstrap_ubuntu_for_ruby_compile"
+      invoke "fiftyfive:rbenv:compile_ruby"
+    end
+
+    desc "Install the latest version of Ruby"
+    task :upgrade do
+      invoke "fiftyfive:rbenv:update_rbenv"
+      invoke "fiftyfive:rbenv:bootstrap_ubuntu_for_ruby_compile"
+      invoke "fiftyfive:rbenv:compile_ruby"
+    end
+
+    task :write_vars do
+      on release_roles(:all) do
+        execute :mkdir, "-p ~/.rbenv"
+        execute :touch, "~/.rbenv/vars"
+        execute :chmod, "0600 ~/.rbenv/vars"
+
+        vars = ""
+
+        fetch(:fiftyfive_rbenv_vars).each do |name, value|
+          execute :sed, "--in-place '/^#{name}=/d' ~/.rbenv/vars"
+          vars << "#{name}=#{value}\n"
+        end
+
+        tmp_file = "/tmp/rbenv_vars"
+        put vars, tmp_file
+        execute :cat, tmp_file, ">> ~/.rbenv/vars"
+        execute :rm, tmp_file
+      end
+    end
+
+    task :run_installer do
+      on release_roles(:all) do
+        execute :curl,
+                "-L https://raw.github.com/fesplugas/rbenv-installer/master/bin/rbenv-installer",
+                "|", :bash
+      end
+    end
+
+    task :modify_bashrc do
+      on release_roles(:all) do
+        unless test("grep -qs 'rbenv init' ~/.bashrc")
+          template("rbenv_bashrc", "/tmp/rbenvrc")
+          execute :cat, "/tmp/rbenvrc ~/.bashrc > /tmp/bashrc"
+          execute :mv, "/tmp/bashrc ~/.bashrc"
+          execute %q{export PATH="$HOME/.rbenv/bin:$PATH"}
+          execute %q{eval "$(rbenv init -)"}
+        end
+      end
+    end
+
+    task :bootstrap_ubuntu_for_ruby_compile do
+      privileged_on release_roles(:all) do |host, user|
+        with :debian_frontend => "noninteractive" do
+          execute "~#{user}/.rbenv/plugins/rbenv-bootstrap/bin/rbenv-bootstrap-ubuntu-12-04"
+        end
+      end
+    end
+
+    task :compile_ruby do
+      ruby_version = fetch(:fiftyfive_rbenv_ruby_version)
+      on release_roles(:all) do
+        force = ENV["RBENV_FORCE_INSTALL"] || begin
+          ! test("rbenv versions | grep -q '#{ruby_version}'")
+        end
+
+        if force
+          execute "CFLAGS=-O3 rbenv install --force #{ruby_version}"
+          execute "rbenv global #{ruby_version}"
+          execute "gem install bundler psych --no-document"
+          execute "rbenv rehash"
+        end
+      end
+    end
+
+    task :update_rbenv do
+      on release_roles(:all) do
+        execute "rbenv update"
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/seed.rake

@@ -0,0 +1,16 @@
+fiftyfive_recipe :seed do
+  prior_to "deploy:publishing", "fiftyfive:seed"
+end
+
+namespace :fiftyfive do
+  desc "Run rake db:seed"
+  task :seed do
+    on primary(:app) do
+      within release_path do
+        with :rails_env => fetch(:rails_env) do
+          execute :rake, "db:seed"
+        end
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/sidekiq.rake

@@ -0,0 +1,38 @@
+fiftyfive_recipe :sidekiq do
+  during :provision, "init_d"
+  during "deploy:start", "start"
+  during "deploy:stop", "stop"
+  during "deploy:restart", "restart"
+  during "deploy:publishing", "restart"
+end
+
+namespace :fiftyfive do
+  namespace :sidekiq do
+    desc "Install sidekiq service script"
+    task :init_d do
+      privileged_on roles(fetch(:fiftyfive_sidekiq_role)) do |host, user|
+        template "sidekiq_init.erb",
+                 "/etc/init.d/sidekiq_#{application_basename}",
+                 :mode => "a+rx",
+                 :binding => binding
+
+        execute "update-rc.d -f sidekiq_#{application_basename} defaults"
+      end
+    end
+
+    %w[start stop].each do |command|
+      desc "#{command} sidekiq"
+      task command do
+        on roles(fetch(:fiftyfive_sidekiq_role)) do
+          execute "service sidekiq_#{application_basename} #{command}"
+        end
+      end
+    end
+
+    desc "restart sidekiq"
+    task :restart do
+      invoke "fiftyfive:sidekiq:stop"
+      invoke "fiftyfive:sidekiq:start"
+    end
+  end
+end

data/lib/capistrano/tasks/ssl.rake

@@ -0,0 +1,52 @@
+fiftyfive_recipe :ssl do
+  during :provision, "generate_self_signed_crt"
+end
+
+namespace :fiftyfive do
+  namespace :ssl do
+    desc "Generate an SSL key and CSR for Ngnix HTTPS"
+    task :generate_csr do
+      _run_ssl_script
+      _copy_to_all_web_servers(%w(.key .csr))
+    end
+
+    desc "Generate an SSL key, CSR, and self-signed cert for Ngnix HTTPS"
+    task :generate_self_signed_crt do
+      _run_ssl_script("--self")
+      _copy_to_all_web_servers(%w(.key .csr .crt))
+    end
+
+    def _run_ssl_script(opt="")
+      privileged_on primary(:web) do
+        files_exist = %w(.key .csr .crt).any? do |ext|
+          test("[ -f /etc/ssl/#{application_basename}#{ext} ]")
+        end
+
+        if files_exist
+          info("Files exist; skipping SSL key generation.")
+        else
+          ask :fiftyfive_ssl_csr_country, "US"
+          ask :fiftyfive_ssl_csr_state, "California"
+          ask :fiftyfive_ssl_csr_city, "Albany"
+          ask :fiftyfive_ssl_csr_org, "55 Minutes Inc."
+          ask :fiftyfive_ssl_csr_name, "www.55minutes.com"
+
+          config = "/tmp/csr_config"
+          ssl_script = "/tmp/ssl_script"
+
+          template("csr_config.erb", config)
+          template("ssl_setup", ssl_script, :mode => "+x")
+
+          within "/etc/ssl" do
+            execute ssl_script, opt, application_basename, config
+            execute :rm, ssl_script, config
+          end
+        end
+      end
+    end
+
+    def _copy_to_all_web_servers(extensions)
+      # TODO
+    end
+  end
+end

data/lib/capistrano/tasks/ufw.rake

@@ -0,0 +1,32 @@
+fiftyfive_recipe :ufw do
+  during :provision, "configure"
+end
+
+namespace :fiftyfive do
+  namespace :ufw do
+    desc "Configure role-based ufw rules on each server"
+    task :configure do
+      rules = fetch(:fiftyfive_ufw_rules, {})
+      distinct_roles = rules.values.flatten.uniq
+
+      # First reset the firewall on all affected servers
+      privileged_on roles(*distinct_roles) do
+        execute "ufw --force reset"
+        execute "ufw default deny incoming"
+        execute "ufw default allow outgoing"
+      end
+
+      # Then set up all ufw rules according to the fiftyfive_ufw_rules hash
+      rules.each do |command, *role_names|
+        privileged_on roles(*role_names.flatten) do
+          execute "ufw #{command}"
+        end
+      end
+
+      # Finally, enable the firewall on all affected servers
+      privileged_on roles(*distinct_roles) do
+        execute "ufw --force enable"
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/unicorn.rake

@@ -0,0 +1,41 @@
+fiftyfive_recipe :unicorn do
+  during :provision, %w(init_d config_rb)
+  during "deploy:start", "start"
+  during "deploy:stop", "stop"
+  during "deploy:restart", "restart"
+  during "deploy:publishing", "restart"
+end
+
+namespace :fiftyfive do
+  namespace :unicorn do
+    desc "Install service script for unicorn"
+    task :init_d do
+      privileged_on roles(:app) do |host, user|
+        unicorn_user = fetch(:fiftyfive_unicorn_user) || user
+
+        template "unicorn_init.erb",
+                 "/etc/init.d/unicorn_#{application_basename}",
+                 :mode => "a+rx",
+                 :binding => binding
+
+        execute "update-rc.d -f unicorn_#{application_basename} defaults"
+      end
+    end
+
+    desc "Create config/unicorn.rb"
+    task :config_rb do
+      on release_roles(:all) do
+        template "unicorn.rb.erb", "#{shared_path}/config/unicorn.rb"
+      end
+    end
+
+    %w[start stop restart].each do |command|
+      desc "#{command} unicorn"
+      task command do
+        on roles(:app) do
+          execute "service unicorn_#{application_basename} #{command}"
+        end
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/user.rake

@@ -0,0 +1,29 @@
+fiftyfive_recipe :user do
+  during :provision, %w(add install_public_key)
+end
+
+namespace :fiftyfive do
+  namespace :user do
+    desc "Create the UNIX user if it doesn't already exist"
+    task :add do
+      privileged_on roles(:all) do |host, user|
+        unless test("grep -q #{user}: /etc/passwd")
+          execute :adduser, "--disabled-password", user, "</dev/null"
+        end
+      end
+    end
+
+    desc "Copy root's authorized_keys to the user account if it doesn't "\
+         "already have its own keys"
+    task :install_public_key do
+      privileged_on roles(:all) do |host, user|
+        unless test("[ -f /home/#{user}/.ssh/authorized_keys ]")
+          execute :mkdir, "-p", "/home/#{user}/.ssh"
+          execute :cp, "~/.ssh/authorized_keys", "/home/#{user}/.ssh"
+          execute :chown, "-R", "#{user}:#{user}", "/home/#{user}/.ssh"
+          execute :chmod, "600", "/home/#{user}/.ssh/authorized_keys"
+        end
+      end
+    end
+  end
+end

data/lib/capistrano/tasks/version.rake

@@ -0,0 +1,31 @@
+fiftyfive_recipe :version do
+  during "deploy:updating", "write_initializer"
+end
+
+namespace :fiftyfive do
+  namespace :version do
+    desc "Write initializers/version.rb with git version and date information"
+    task :write_initializer do
+      git_version = {}
+      branch = fetch(:branch)
+
+      on release_roles(:all).first do
+        with fetch(:git_environmental_variables) do
+          within repo_path do
+            git_version[:tag] = \
+              capture(:git, "describe", branch, "--always --tag").chomp
+            git_version[:date] = \
+              capture(:git, "log", branch, '-1 --format="%ad" --date=short')\
+              .chomp
+          end
+        end
+      end
+
+      on release_roles(:all) do
+        template "version.rb.erb",
+                 "#{release_path}/config/initializers/version.rb",
+                 :binding => binding
+      end
+    end
+  end
+end