capistrano-fiftyfive 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +17 -0
- data/CHANGELOG.md +5 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +164 -0
- data/Rakefile +1 -0
- data/capistrano-fiftyfive.gemspec +30 -0
- data/lib/capistrano/fiftyfive/compatibility.rb +17 -0
- data/lib/capistrano/fiftyfive/console.rb +61 -0
- data/lib/capistrano/fiftyfive/dsl.rb +140 -0
- data/lib/capistrano/fiftyfive/recipe.rb +48 -0
- data/lib/capistrano/fiftyfive/templates/crontab.erb +1 -0
- data/lib/capistrano/fiftyfive/templates/csr_config.erb +10 -0
- data/lib/capistrano/fiftyfive/templates/delayed_job_init.erb +36 -0
- data/lib/capistrano/fiftyfive/templates/logrotate.erb +9 -0
- data/lib/capistrano/fiftyfive/templates/maintenance.html.erb +26 -0
- data/lib/capistrano/fiftyfive/templates/nginx.erb +60 -0
- data/lib/capistrano/fiftyfive/templates/nginx_unicorn.erb +100 -0
- data/lib/capistrano/fiftyfive/templates/pgpass.erb +1 -0
- data/lib/capistrano/fiftyfive/templates/postgresql-backup-logrotate.erb +11 -0
- data/lib/capistrano/fiftyfive/templates/postgresql.yml.erb +8 -0
- data/lib/capistrano/fiftyfive/templates/rbenv_bashrc +4 -0
- data/lib/capistrano/fiftyfive/templates/sidekiq_init.erb +100 -0
- data/lib/capistrano/fiftyfive/templates/ssl_setup +43 -0
- data/lib/capistrano/fiftyfive/templates/unicorn.rb.erb +71 -0
- data/lib/capistrano/fiftyfive/templates/unicorn_init.erb +84 -0
- data/lib/capistrano/fiftyfive/templates/version.rb.erb +2 -0
- data/lib/capistrano/fiftyfive/version.rb +5 -0
- data/lib/capistrano/fiftyfive.rb +28 -0
- data/lib/capistrano/tasks/aptitude.rake +77 -0
- data/lib/capistrano/tasks/crontab.rake +14 -0
- data/lib/capistrano/tasks/defaults.rake +124 -0
- data/lib/capistrano/tasks/delayed_job.rake +32 -0
- data/lib/capistrano/tasks/dotenv.rake +53 -0
- data/lib/capistrano/tasks/logrotate.rake +15 -0
- data/lib/capistrano/tasks/maintenance.rake +28 -0
- data/lib/capistrano/tasks/migrate.rake +29 -0
- data/lib/capistrano/tasks/nginx.rake +30 -0
- data/lib/capistrano/tasks/postgresql.rake +103 -0
- data/lib/capistrano/tasks/rake.rake +20 -0
- data/lib/capistrano/tasks/rbenv.rake +92 -0
- data/lib/capistrano/tasks/seed.rake +16 -0
- data/lib/capistrano/tasks/sidekiq.rake +38 -0
- data/lib/capistrano/tasks/ssl.rake +52 -0
- data/lib/capistrano/tasks/ufw.rake +32 -0
- data/lib/capistrano/tasks/unicorn.rake +41 -0
- data/lib/capistrano/tasks/user.rake +29 -0
- data/lib/capistrano/tasks/version.rake +31 -0
- data/lib/sshkit/formatter/abbreviated.rb +148 -0
- metadata +165 -0
@@ -0,0 +1,32 @@
|
|
1
|
+
fiftyfive_recipe :delayed_job do
|
2
|
+
during :provision, "init_d"
|
3
|
+
during "deploy:start", "start"
|
4
|
+
during "deploy:stop", "stop"
|
5
|
+
during "deploy:restart", "restart"
|
6
|
+
during "deploy:publishing", "restart"
|
7
|
+
end
|
8
|
+
|
9
|
+
namespace :fiftyfive do
|
10
|
+
namespace :delayed_job do
|
11
|
+
desc "Install delayed_job service script"
|
12
|
+
task :init_d do
|
13
|
+
privileged_on roles(:delayed_job) do |host, user|
|
14
|
+
template "delayed_job_init.erb",
|
15
|
+
"/etc/init.d/delayed_job_#{application_basename}",
|
16
|
+
:mode => "a+rx",
|
17
|
+
:binding => binding
|
18
|
+
|
19
|
+
execute "update-rc.d -f delayed_job_#{application_basename} defaults"
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
%w[start stop restart].each do |command|
|
24
|
+
desc "#{command} delayed_job"
|
25
|
+
task command do
|
26
|
+
on roles(:delayed_job) do
|
27
|
+
execute "service delayed_job_#{application_basename} #{command}"
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
fiftyfive_recipe :dotenv do
|
2
|
+
during "provision", "update"
|
3
|
+
prior_to "deploy:publishing", "update"
|
4
|
+
end
|
5
|
+
|
6
|
+
namespace :fiftyfive do
|
7
|
+
namespace :dotenv do
|
8
|
+
desc "Replace/create .env file with values provided at console"
|
9
|
+
task :replace do
|
10
|
+
set_up_secret_prompts
|
11
|
+
|
12
|
+
on release_roles(:all) do
|
13
|
+
update_dotenv_file
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
desc "Update .env file with any missing values"
|
18
|
+
task :update do
|
19
|
+
set_up_secret_prompts
|
20
|
+
|
21
|
+
on release_roles(:all) do
|
22
|
+
existing_env = if test("[ -f #{shared_dotenv_path} ]")
|
23
|
+
download!(shared_dotenv_path)
|
24
|
+
end
|
25
|
+
update_dotenv_file(existing_env || "")
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
def shared_dotenv_path
|
30
|
+
"#{shared_path}/#{fetch(:fiftyfive_dotenv_filename)}"
|
31
|
+
end
|
32
|
+
|
33
|
+
def set_up_secret_prompts
|
34
|
+
fetch(:fiftyfive_dotenv_keys).each { |k| ask_secretly(k) }
|
35
|
+
end
|
36
|
+
|
37
|
+
def update_dotenv_file(existing="")
|
38
|
+
updated = existing.dup
|
39
|
+
|
40
|
+
fetch(:fiftyfive_dotenv_keys).each do |key|
|
41
|
+
next if existing =~ /^#{Regexp.escape(key.upcase)}=/
|
42
|
+
fetch(:fiftyfive_dotenv_monitor).synchronize do
|
43
|
+
updated << "\n" unless updated.end_with?("\n")
|
44
|
+
updated << "#{key.upcase}=#{fetch(key)}\n"
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
unless existing == updated
|
49
|
+
put(updated, shared_dotenv_path, :mode => "600")
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
fiftyfive_recipe :logrotate do
|
2
|
+
during :provision, "fiftyfive:logrotate"
|
3
|
+
end
|
4
|
+
|
5
|
+
namespace :fiftyfive do
|
6
|
+
desc "Configure logrotate for Rails logs"
|
7
|
+
task :logrotate do
|
8
|
+
privileged_on release_roles(:all) do
|
9
|
+
template "logrotate.erb",
|
10
|
+
"/etc/logrotate.d/#{application_basename}-logs",
|
11
|
+
:mode => 644,
|
12
|
+
:owner => "root:root"
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
fiftyfive_recipe :maintenance do
|
2
|
+
# No hooks for this recipe
|
3
|
+
end
|
4
|
+
|
5
|
+
namespace :fiftyfive do
|
6
|
+
namespace :maintenance do
|
7
|
+
desc "Tell nginx to display a 503 page for all web requests, using the "\
|
8
|
+
"maintenance.html.erb template"
|
9
|
+
task :enable do
|
10
|
+
on roles(:web) do
|
11
|
+
reason = ENV["REASON"]
|
12
|
+
deadline = ENV["DEADLINE"]
|
13
|
+
|
14
|
+
template "maintenance.html.erb",
|
15
|
+
"#{current_path}/public/system/maintenance.html",
|
16
|
+
:binding => binding,
|
17
|
+
:mode => "644"
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
desc "Remove the 503 page"
|
22
|
+
task :disable do
|
23
|
+
on roles(:web) do
|
24
|
+
execute :rm, "-f", "#{current_path}/public/system/maintenance.html"
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
fiftyfive_recipe :migrate do
|
2
|
+
during "deploy:migrate_and_restart", "deploy"
|
3
|
+
prior_to "deploy:migrate", "enable_maintenance_before"
|
4
|
+
during "deploy:published", "disable_maintenance_after"
|
5
|
+
end
|
6
|
+
|
7
|
+
namespace :fiftyfive do
|
8
|
+
namespace :migrate do
|
9
|
+
desc "Deploy the app, stopping it and showing a 503 maintenance page "\
|
10
|
+
"while database migrations are being performed; then start the app"
|
11
|
+
task :deploy do
|
12
|
+
set(:fiftyfive_restart_during_migrate, true)
|
13
|
+
invoke :deploy
|
14
|
+
end
|
15
|
+
|
16
|
+
task :enable_maintenance_before do
|
17
|
+
if fetch(:fiftyfive_restart_during_migrate)
|
18
|
+
invoke_if_defined "fiftyfive:maintenance:enable"
|
19
|
+
invoke_if_defined "deploy:stop"
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
task :disable_maintenance_after do
|
24
|
+
if fetch(:fiftyfive_restart_during_migrate)
|
25
|
+
invoke_if_defined "fiftyfive:maintenance:disable"
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
fiftyfive_recipe :nginx do
|
2
|
+
during :provision, "configure"
|
3
|
+
end
|
4
|
+
|
5
|
+
namespace :fiftyfive do
|
6
|
+
namespace :nginx do
|
7
|
+
desc "Install nginx.conf files and restart nginx"
|
8
|
+
task :configure do
|
9
|
+
privileged_on roles(:web) do
|
10
|
+
template("nginx.erb", "/etc/nginx/nginx.conf")
|
11
|
+
|
12
|
+
template "nginx_unicorn.erb",
|
13
|
+
"/etc/nginx/sites-enabled/#{application_basename}"
|
14
|
+
|
15
|
+
execute "rm -f /etc/nginx/sites-enabled/default"
|
16
|
+
execute "mkdir -p /etc/nginx/#{application_basename}-locations"
|
17
|
+
execute "service nginx restart"
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
%w(start stop restart).each do |command|
|
22
|
+
desc "#{command} nginx"
|
23
|
+
task command.intern do
|
24
|
+
privileged_on roles(:web) do
|
25
|
+
execute "service nginx #{command}"
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,103 @@
|
|
1
|
+
fiftyfive_recipe :postgresql do
|
2
|
+
during :provision, %w(
|
3
|
+
create_user
|
4
|
+
create_database
|
5
|
+
database_yml
|
6
|
+
pgpass
|
7
|
+
logrotate_backup
|
8
|
+
)
|
9
|
+
end
|
10
|
+
|
11
|
+
namespace :fiftyfive do
|
12
|
+
namespace :postgresql do
|
13
|
+
desc "Update postgresql.conf using pgtune"
|
14
|
+
task :tune do
|
15
|
+
privileged_on primary(:db), :in => :sequence do
|
16
|
+
pgtune_dir = "/tmp/pgtune"
|
17
|
+
pgtune_output = "/tmp/postgresql.conf.pgtune"
|
18
|
+
pg_conf = "/etc/postgresql/9.1/main/postgresql.conf"
|
19
|
+
|
20
|
+
execute :rm, "-rf", pgtune_dir
|
21
|
+
execute :git,
|
22
|
+
"clone",
|
23
|
+
"-q",
|
24
|
+
"https://github.com/gregs1104/pgtune.git",
|
25
|
+
pgtune_dir
|
26
|
+
|
27
|
+
execute "#{pgtune_dir}/pgtune",
|
28
|
+
"--input-config", pg_conf,
|
29
|
+
"--output-config", pgtune_output,
|
30
|
+
"--type", "Web",
|
31
|
+
"--connections", fetch(:fiftyfive_postgresql_max_connections)
|
32
|
+
|
33
|
+
# Log diff for informational purposes
|
34
|
+
execute :diff, pg_conf, pgtune_output, "|| true"
|
35
|
+
|
36
|
+
execute :cp, pgtune_output, pg_conf
|
37
|
+
execute :service, "postgresql", "restart"
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
desc "Create user if it doesn't already exist"
|
42
|
+
task :create_user do
|
43
|
+
privileged_on primary(:db) do
|
44
|
+
user = fetch(:fiftyfive_postgresql_user)
|
45
|
+
|
46
|
+
unless test("sudo -u postgres psql -c '\\du' | grep -q #{user}")
|
47
|
+
passwd = fetch(:fiftyfive_postgresql_password)
|
48
|
+
execute %Q[sudo -u postgres psql -c "create user #{user} with password '#{passwd}';"]
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
desc "Create database if it doesn't already exist"
|
54
|
+
task :create_database do
|
55
|
+
privileged_on primary(:db) do
|
56
|
+
user = fetch(:fiftyfive_postgresql_user)
|
57
|
+
db = fetch(:fiftyfive_postgresql_database)
|
58
|
+
|
59
|
+
unless test("sudo -u postgres psql -l | grep -w -q #{db}")
|
60
|
+
execute "sudo -u postgres createdb -O #{user} #{db}"
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
desc "Generate database.yml"
|
66
|
+
task :database_yml do
|
67
|
+
fetch(:fiftyfive_postgresql_password)
|
68
|
+
on release_roles(:all) do
|
69
|
+
template "postgresql.yml.erb",
|
70
|
+
"#{shared_path}/config/database.yml",
|
71
|
+
:mode => "600"
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
desc "Generate pgpass file (needed by backup scripts)"
|
76
|
+
task :pgpass do
|
77
|
+
fetch(:fiftyfive_postgresql_password)
|
78
|
+
on release_roles(:all) do
|
79
|
+
template "pgpass.erb",
|
80
|
+
fetch(:fiftyfive_postgresql_pgpass_path),
|
81
|
+
:mode => "600"
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
desc "Configure logrotate to back up the database daily"
|
86
|
+
task :logrotate_backup do
|
87
|
+
on roles(:backup) do
|
88
|
+
backup_path = fetch(:fiftyfive_postgresql_backup_path)
|
89
|
+
execute :mkdir, "-p", File.dirname(backup_path)
|
90
|
+
execute :touch, backup_path
|
91
|
+
end
|
92
|
+
|
93
|
+
privileged_on roles(:backup) do |host, user|
|
94
|
+
template\
|
95
|
+
"postgresql-backup-logrotate.erb",
|
96
|
+
"/etc/logrotate.d/postgresql-backup-#{application_basename}",
|
97
|
+
:owner => "root:root",
|
98
|
+
:mode => "644",
|
99
|
+
:binding => binding
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
fiftyfive_recipe :rake do
|
2
|
+
# No hooks
|
3
|
+
end
|
4
|
+
|
5
|
+
namespace :fiftyfive do
|
6
|
+
desc "Remotely execute a rake task"
|
7
|
+
task :rake do
|
8
|
+
if ENV['COMMAND'].nil?
|
9
|
+
raise "USAGE: cap #{fetch(:stage)} fiftyfive:rake COMMAND=my:task"
|
10
|
+
end
|
11
|
+
|
12
|
+
on primary(:app) do
|
13
|
+
within current_path do
|
14
|
+
with :rails_env => fetch(:rails_env) do
|
15
|
+
execute :rake, ENV['COMMAND']
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,92 @@
|
|
1
|
+
fiftyfive_recipe :rbenv do
|
2
|
+
during :provision, %w(install write_vars)
|
3
|
+
end
|
4
|
+
|
5
|
+
namespace :fiftyfive do
|
6
|
+
namespace :rbenv do
|
7
|
+
desc "Install rbenv and compile ruby"
|
8
|
+
task :install do
|
9
|
+
invoke "fiftyfive:rbenv:run_installer"
|
10
|
+
invoke "fiftyfive:rbenv:modify_bashrc"
|
11
|
+
invoke "fiftyfive:rbenv:bootstrap_ubuntu_for_ruby_compile"
|
12
|
+
invoke "fiftyfive:rbenv:compile_ruby"
|
13
|
+
end
|
14
|
+
|
15
|
+
desc "Install the latest version of Ruby"
|
16
|
+
task :upgrade do
|
17
|
+
invoke "fiftyfive:rbenv:update_rbenv"
|
18
|
+
invoke "fiftyfive:rbenv:bootstrap_ubuntu_for_ruby_compile"
|
19
|
+
invoke "fiftyfive:rbenv:compile_ruby"
|
20
|
+
end
|
21
|
+
|
22
|
+
task :write_vars do
|
23
|
+
on release_roles(:all) do
|
24
|
+
execute :mkdir, "-p ~/.rbenv"
|
25
|
+
execute :touch, "~/.rbenv/vars"
|
26
|
+
execute :chmod, "0600 ~/.rbenv/vars"
|
27
|
+
|
28
|
+
vars = ""
|
29
|
+
|
30
|
+
fetch(:fiftyfive_rbenv_vars).each do |name, value|
|
31
|
+
execute :sed, "--in-place '/^#{name}=/d' ~/.rbenv/vars"
|
32
|
+
vars << "#{name}=#{value}\n"
|
33
|
+
end
|
34
|
+
|
35
|
+
tmp_file = "/tmp/rbenv_vars"
|
36
|
+
put vars, tmp_file
|
37
|
+
execute :cat, tmp_file, ">> ~/.rbenv/vars"
|
38
|
+
execute :rm, tmp_file
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
task :run_installer do
|
43
|
+
on release_roles(:all) do
|
44
|
+
execute :curl,
|
45
|
+
"-L https://raw.github.com/fesplugas/rbenv-installer/master/bin/rbenv-installer",
|
46
|
+
"|", :bash
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
task :modify_bashrc do
|
51
|
+
on release_roles(:all) do
|
52
|
+
unless test("grep -qs 'rbenv init' ~/.bashrc")
|
53
|
+
template("rbenv_bashrc", "/tmp/rbenvrc")
|
54
|
+
execute :cat, "/tmp/rbenvrc ~/.bashrc > /tmp/bashrc"
|
55
|
+
execute :mv, "/tmp/bashrc ~/.bashrc"
|
56
|
+
execute %q{export PATH="$HOME/.rbenv/bin:$PATH"}
|
57
|
+
execute %q{eval "$(rbenv init -)"}
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
task :bootstrap_ubuntu_for_ruby_compile do
|
63
|
+
privileged_on release_roles(:all) do |host, user|
|
64
|
+
with :debian_frontend => "noninteractive" do
|
65
|
+
execute "~#{user}/.rbenv/plugins/rbenv-bootstrap/bin/rbenv-bootstrap-ubuntu-12-04"
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
task :compile_ruby do
|
71
|
+
ruby_version = fetch(:fiftyfive_rbenv_ruby_version)
|
72
|
+
on release_roles(:all) do
|
73
|
+
force = ENV["RBENV_FORCE_INSTALL"] || begin
|
74
|
+
! test("rbenv versions | grep -q '#{ruby_version}'")
|
75
|
+
end
|
76
|
+
|
77
|
+
if force
|
78
|
+
execute "CFLAGS=-O3 rbenv install --force #{ruby_version}"
|
79
|
+
execute "rbenv global #{ruby_version}"
|
80
|
+
execute "gem install bundler psych --no-document"
|
81
|
+
execute "rbenv rehash"
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
task :update_rbenv do
|
87
|
+
on release_roles(:all) do
|
88
|
+
execute "rbenv update"
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
92
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
fiftyfive_recipe :seed do
|
2
|
+
prior_to "deploy:publishing", "fiftyfive:seed"
|
3
|
+
end
|
4
|
+
|
5
|
+
namespace :fiftyfive do
|
6
|
+
desc "Run rake db:seed"
|
7
|
+
task :seed do
|
8
|
+
on primary(:app) do
|
9
|
+
within release_path do
|
10
|
+
with :rails_env => fetch(:rails_env) do
|
11
|
+
execute :rake, "db:seed"
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
fiftyfive_recipe :sidekiq do
|
2
|
+
during :provision, "init_d"
|
3
|
+
during "deploy:start", "start"
|
4
|
+
during "deploy:stop", "stop"
|
5
|
+
during "deploy:restart", "restart"
|
6
|
+
during "deploy:publishing", "restart"
|
7
|
+
end
|
8
|
+
|
9
|
+
namespace :fiftyfive do
|
10
|
+
namespace :sidekiq do
|
11
|
+
desc "Install sidekiq service script"
|
12
|
+
task :init_d do
|
13
|
+
privileged_on roles(fetch(:fiftyfive_sidekiq_role)) do |host, user|
|
14
|
+
template "sidekiq_init.erb",
|
15
|
+
"/etc/init.d/sidekiq_#{application_basename}",
|
16
|
+
:mode => "a+rx",
|
17
|
+
:binding => binding
|
18
|
+
|
19
|
+
execute "update-rc.d -f sidekiq_#{application_basename} defaults"
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
%w[start stop].each do |command|
|
24
|
+
desc "#{command} sidekiq"
|
25
|
+
task command do
|
26
|
+
on roles(fetch(:fiftyfive_sidekiq_role)) do
|
27
|
+
execute "service sidekiq_#{application_basename} #{command}"
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
desc "restart sidekiq"
|
33
|
+
task :restart do
|
34
|
+
invoke "fiftyfive:sidekiq:stop"
|
35
|
+
invoke "fiftyfive:sidekiq:start"
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
fiftyfive_recipe :ssl do
|
2
|
+
during :provision, "generate_self_signed_crt"
|
3
|
+
end
|
4
|
+
|
5
|
+
namespace :fiftyfive do
|
6
|
+
namespace :ssl do
|
7
|
+
desc "Generate an SSL key and CSR for Ngnix HTTPS"
|
8
|
+
task :generate_csr do
|
9
|
+
_run_ssl_script
|
10
|
+
_copy_to_all_web_servers(%w(.key .csr))
|
11
|
+
end
|
12
|
+
|
13
|
+
desc "Generate an SSL key, CSR, and self-signed cert for Ngnix HTTPS"
|
14
|
+
task :generate_self_signed_crt do
|
15
|
+
_run_ssl_script("--self")
|
16
|
+
_copy_to_all_web_servers(%w(.key .csr .crt))
|
17
|
+
end
|
18
|
+
|
19
|
+
def _run_ssl_script(opt="")
|
20
|
+
privileged_on primary(:web) do
|
21
|
+
files_exist = %w(.key .csr .crt).any? do |ext|
|
22
|
+
test("[ -f /etc/ssl/#{application_basename}#{ext} ]")
|
23
|
+
end
|
24
|
+
|
25
|
+
if files_exist
|
26
|
+
info("Files exist; skipping SSL key generation.")
|
27
|
+
else
|
28
|
+
ask :fiftyfive_ssl_csr_country, "US"
|
29
|
+
ask :fiftyfive_ssl_csr_state, "California"
|
30
|
+
ask :fiftyfive_ssl_csr_city, "Albany"
|
31
|
+
ask :fiftyfive_ssl_csr_org, "55 Minutes Inc."
|
32
|
+
ask :fiftyfive_ssl_csr_name, "www.55minutes.com"
|
33
|
+
|
34
|
+
config = "/tmp/csr_config"
|
35
|
+
ssl_script = "/tmp/ssl_script"
|
36
|
+
|
37
|
+
template("csr_config.erb", config)
|
38
|
+
template("ssl_setup", ssl_script, :mode => "+x")
|
39
|
+
|
40
|
+
within "/etc/ssl" do
|
41
|
+
execute ssl_script, opt, application_basename, config
|
42
|
+
execute :rm, ssl_script, config
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
def _copy_to_all_web_servers(extensions)
|
49
|
+
# TODO
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
fiftyfive_recipe :ufw do
|
2
|
+
during :provision, "configure"
|
3
|
+
end
|
4
|
+
|
5
|
+
namespace :fiftyfive do
|
6
|
+
namespace :ufw do
|
7
|
+
desc "Configure role-based ufw rules on each server"
|
8
|
+
task :configure do
|
9
|
+
rules = fetch(:fiftyfive_ufw_rules, {})
|
10
|
+
distinct_roles = rules.values.flatten.uniq
|
11
|
+
|
12
|
+
# First reset the firewall on all affected servers
|
13
|
+
privileged_on roles(*distinct_roles) do
|
14
|
+
execute "ufw --force reset"
|
15
|
+
execute "ufw default deny incoming"
|
16
|
+
execute "ufw default allow outgoing"
|
17
|
+
end
|
18
|
+
|
19
|
+
# Then set up all ufw rules according to the fiftyfive_ufw_rules hash
|
20
|
+
rules.each do |command, *role_names|
|
21
|
+
privileged_on roles(*role_names.flatten) do
|
22
|
+
execute "ufw #{command}"
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
# Finally, enable the firewall on all affected servers
|
27
|
+
privileged_on roles(*distinct_roles) do
|
28
|
+
execute "ufw --force enable"
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
fiftyfive_recipe :unicorn do
|
2
|
+
during :provision, %w(init_d config_rb)
|
3
|
+
during "deploy:start", "start"
|
4
|
+
during "deploy:stop", "stop"
|
5
|
+
during "deploy:restart", "restart"
|
6
|
+
during "deploy:publishing", "restart"
|
7
|
+
end
|
8
|
+
|
9
|
+
namespace :fiftyfive do
|
10
|
+
namespace :unicorn do
|
11
|
+
desc "Install service script for unicorn"
|
12
|
+
task :init_d do
|
13
|
+
privileged_on roles(:app) do |host, user|
|
14
|
+
unicorn_user = fetch(:fiftyfive_unicorn_user) || user
|
15
|
+
|
16
|
+
template "unicorn_init.erb",
|
17
|
+
"/etc/init.d/unicorn_#{application_basename}",
|
18
|
+
:mode => "a+rx",
|
19
|
+
:binding => binding
|
20
|
+
|
21
|
+
execute "update-rc.d -f unicorn_#{application_basename} defaults"
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
desc "Create config/unicorn.rb"
|
26
|
+
task :config_rb do
|
27
|
+
on release_roles(:all) do
|
28
|
+
template "unicorn.rb.erb", "#{shared_path}/config/unicorn.rb"
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
%w[start stop restart].each do |command|
|
33
|
+
desc "#{command} unicorn"
|
34
|
+
task command do
|
35
|
+
on roles(:app) do
|
36
|
+
execute "service unicorn_#{application_basename} #{command}"
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
fiftyfive_recipe :user do
|
2
|
+
during :provision, %w(add install_public_key)
|
3
|
+
end
|
4
|
+
|
5
|
+
namespace :fiftyfive do
|
6
|
+
namespace :user do
|
7
|
+
desc "Create the UNIX user if it doesn't already exist"
|
8
|
+
task :add do
|
9
|
+
privileged_on roles(:all) do |host, user|
|
10
|
+
unless test("grep -q #{user}: /etc/passwd")
|
11
|
+
execute :adduser, "--disabled-password", user, "</dev/null"
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
desc "Copy root's authorized_keys to the user account if it doesn't "\
|
17
|
+
"already have its own keys"
|
18
|
+
task :install_public_key do
|
19
|
+
privileged_on roles(:all) do |host, user|
|
20
|
+
unless test("[ -f /home/#{user}/.ssh/authorized_keys ]")
|
21
|
+
execute :mkdir, "-p", "/home/#{user}/.ssh"
|
22
|
+
execute :cp, "~/.ssh/authorized_keys", "/home/#{user}/.ssh"
|
23
|
+
execute :chown, "-R", "#{user}:#{user}", "/home/#{user}/.ssh"
|
24
|
+
execute :chmod, "600", "/home/#{user}/.ssh/authorized_keys"
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
fiftyfive_recipe :version do
|
2
|
+
during "deploy:updating", "write_initializer"
|
3
|
+
end
|
4
|
+
|
5
|
+
namespace :fiftyfive do
|
6
|
+
namespace :version do
|
7
|
+
desc "Write initializers/version.rb with git version and date information"
|
8
|
+
task :write_initializer do
|
9
|
+
git_version = {}
|
10
|
+
branch = fetch(:branch)
|
11
|
+
|
12
|
+
on release_roles(:all).first do
|
13
|
+
with fetch(:git_environmental_variables) do
|
14
|
+
within repo_path do
|
15
|
+
git_version[:tag] = \
|
16
|
+
capture(:git, "describe", branch, "--always --tag").chomp
|
17
|
+
git_version[:date] = \
|
18
|
+
capture(:git, "log", branch, '-1 --format="%ad" --date=short')\
|
19
|
+
.chomp
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
on release_roles(:all) do
|
25
|
+
template "version.rb.erb",
|
26
|
+
"#{release_path}/config/initializers/version.rb",
|
27
|
+
:binding => binding
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|