capistrano-mb 0.22.0

data/lib/capistrano/mb/recipe.rb

@@ -0,0 +1,48 @@
+module Capistrano
+  module MB
+    class Recipe
+      attr_reader :name
+
+      def initialize(name)
+        @name = name.to_s
+      end
+
+      def enabled?
+        fetch(:mb_recipes, []).map(&:to_s).include?(name)
+      end
+
+      def prior_to(task_to_extend, *recipe_tasks)
+        inject_tasks(:before, task_to_extend, *recipe_tasks)
+      end
+
+      def during(task_to_extend, *recipe_tasks)
+        inject_tasks(:after, task_to_extend, *recipe_tasks)
+      end
+
+      private
+
+      def inject_tasks(method, task_to_extend, *recipe_tasks)
+        create_task_unless_exists(task_to_extend)
+
+        recipe_tasks.flatten.each do |task|
+          qualified_task = apply_namespace(task)
+          send(method, task_to_extend, "#{qualified_task}:if_enabled") do
+            invoke qualified_task if enabled?
+          end
+        end
+      end
+
+      def apply_namespace(task_name)
+        return task_name if task_name.include?(":")
+
+        "mb:#{name}:#{task_name}"
+      end
+
+      def create_task_unless_exists(task_name)
+        unless Rake::Task.task_defined?(task_name)
+          Rake::Task.define_task(task_name)
+        end
+      end
+    end
+  end
+end

data/lib/capistrano/mb/templates/crontab.erb

@@ -0,0 +1 @@
+# Sample crontab (empty)

data/lib/capistrano/mb/templates/csr_config.erb

@@ -0,0 +1,10 @@
+[ req ]
+distinguished_name="req_distinguished_name"
+prompt="no"
+
+[ req_distinguished_name ]
+C="<%= fetch(:mb_ssl_csr_country) %>"
+ST="<%= fetch(:mb_ssl_csr_state) %>"
+L="<%= fetch(:mb_ssl_csr_city) %>"
+O="<%= fetch(:mb_ssl_csr_org) %>"
+CN="<%= fetch(:mb_ssl_csr_name) %>"

data/lib/capistrano/mb/templates/delayed_job_init.erb

@@ -0,0 +1,36 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          delayed_job
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Manage delayed_job worker
+# Description:       Start, stop, restart delayed_job workers for a specific application.
+### END INIT INFO
+set -e
+
+# Feel free to change any of the following variables for your app:
+CMD="cd <%= current_path %>; RAILS_ENV=<%= fetch(:rails_env) %> <%= fetch(:mb_delayed_job_script) %>"
+AS_USER=<%= fetch(:mb_delayed_job_user, user) %>
+set -u
+
+run () {
+  if [ "$(id -un)" = "$AS_USER" ]; then
+    eval $1
+  else
+    su -c "$1" - $AS_USER
+  fi
+}
+
+case "$1" in
+start)
+  run "$CMD start <%= fetch(:mb_delayed_job_args) %>"
+  ;;
+stop)
+  run "$CMD stop"
+  ;;
+restart)
+  run "$CMD restart <%= fetch(:mb_delayed_job_args) %>"
+  ;;
+esac

data/lib/capistrano/mb/templates/logrotate.erb

@@ -0,0 +1,9 @@
+<%= shared_path %>/log/*.log {
+  daily
+  nomissingok
+  rotate 7
+  compress
+  delaycompress
+  notifempty
+  copytruncate
+}

data/lib/capistrano/mb/templates/maintenance.html.erb

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="utf-8">
+    <title>Maintenance</title>
+    <style type="text/css">
+    body {
+        width: 500px;
+        margin: 100px auto;
+        font: 300 120% "OpenSans", "Helvetica Neue", "Helvetica", Arial, Verdana, sans-serif;
+    }
+
+    h1 {
+        font-weight: 300;
+    }
+    </style>
+</head>
+<body>
+    <h1>Maintenance</h1>
+
+    <p>Our systems are currently down for <%= reason ? reason : "maintenance" %><br>
+           as of <%= Time.now.strftime("%H:%M %Z") %>.</p>
+
+    <p>We’ll be back <%= deadline ? deadline : "shortly" %>.</p>
+</body>
+</html>

data/lib/capistrano/mb/templates/nginx.erb

@@ -0,0 +1,64 @@
+# Based on https://github.com/defunkt/unicorn/blob/master/examples/nginx.conf
+
+user www-data;
+pid /run/nginx.pid;
+error_log /var/log/nginx/error.log;
+
+# you generally only need one nginx worker unless you're serving
+# large amounts of static files which require blocking disk reads
+worker_processes 1;
+
+events {
+  worker_connections 1024; # increase if you have lots of clients
+  accept_mutex off; # "on" if nginx worker_processes > 1
+  use epoll; # for Linux 2.6+
+}
+
+http {
+  # ensure nginx is able to load lots of third-party modules
+  types_hash_max_size 2048;
+  server_names_hash_bucket_size 64;
+
+  # nginx will find this file in the config directory set at nginx build time
+  include mime.types;
+
+  # fallback in case we can't determine a type
+  default_type application/octet-stream;
+
+  # click tracking!
+  access_log /var/log/nginx/access.log combined;
+
+  # you generally want to serve static files with nginx since neither
+  # Unicorn nor Rainbows! is optimized for it at the moment
+  sendfile on;
+
+  # configure reverse proxy cache
+  proxy_cache_path  /var/cache/nginx levels=1:2 keys_zone=default:8m max_size=1000m inactive=30d;
+  proxy_temp_path   /var/cache/nginx/tmp;
+
+  tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
+  tcp_nodelay off; # on may be better for some Comet/long-poll stuff
+
+  # we haven't checked to see if Rack::Deflate on the app server is
+  # faster or not than doing compression via nginx.  It's easier
+  # to configure it all in one place here for static files and also
+  # to disable gzip for clients who don't get gzip/deflate right.
+  # There are other gzip settings that may be needed used to deal with
+  # bad clients out there, see http://wiki.nginx.org/NginxHttpGzipModule
+  gzip on;
+  gzip_http_version 1.0;
+  gzip_proxied any;
+  gzip_min_length 500;
+  gzip_disable "MSIE [1-6]\.";
+  gzip_types text/plain text/xml text/css
+             text/comma-separated-values
+             text/javascript application/x-javascript
+             application/atom+xml;
+
+
+  # Allow SSL session resumption
+  ssl_session_cache shared:SSL:10m;
+
+  include /etc/nginx/conf.d/*.conf;
+  include /etc/nginx/sites-enabled/*;
+}

data/lib/capistrano/mb/templates/nginx_unicorn.erb

@@ -0,0 +1,109 @@
+# Based on https://github.com/defunkt/unicorn/blob/master/examples/nginx.conf
+
+upstream unicorn_<%= application_basename %> {
+  # fail_timeout=0 means we always retry an upstream even if it failed
+  # to return a good HTTP response (in case the Unicorn master nukes a
+  # single worker for timing out).
+  server unix:/tmp/unicorn.<%= application_basename %>.sock fail_timeout=0;
+}
+
+<% [80, 443].each do |port| %>
+
+  <% fetch(:mb_nginx_redirect_hosts).each do |orig, desired| %>
+    server {
+      listen <%= port %>;
+      server_name <%= orig %>;
+      return 301 <%= fetch(:mb_nginx_force_https) ? "https" : "$scheme" %>://<%= desired %>$request_uri;
+    }
+  <% end %>
+
+  server {
+    listen <%= port %> <%= "spdy" if port == 443 %> default deferred; # for Linux
+
+    <% if port == 80 && fetch(:mb_nginx_force_https) %>
+      rewrite ^(.*) https://$http_host$1 permanent;
+    <% else %>
+
+      client_max_body_size 4G;
+      server_name _;
+
+      # ~2 seconds is often enough for most folks to parse HTML/CSS and
+      # retrieve needed images/icons/frames, connections are cheap in
+      # nginx so increasing this is generally safe...
+      keepalive_timeout 5;
+
+      # path for static files
+      root <%= current_path %>/public;
+
+      # Capistrano `deploy:web:disable` support
+      if (-f $document_root/system/maintenance.html) {
+        return 503;
+      }
+      error_page 503 @maintenance;
+      location @maintenance {
+        rewrite  ^(.*)$  /system/maintenance.html last;
+        break;
+      }
+
+      <% if port == 443 %>
+        ssl on;
+        ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:!ADH:!AECDH:!MD5;
+        ssl_prefer_server_ciphers on;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_dhparam /etc/ssl/dhparams.pem;
+        ssl_certificate /etc/ssl/<%= application_basename %>.crt;
+        ssl_certificate_key /etc/ssl/<%= application_basename %>.key;
+
+        <% if fetch(:mb_nginx_force_https) %>
+          add_header Strict-Transport-Security "max-age=631138519";
+        <% end %>
+      <% end %>
+
+      # Far-future expires and gzip for fingerprinted assets
+      location ~ "/<%= fetch(:assets_prefix, "assets") %>/.*-[0-9a-f]{32}.*" {
+        gzip_static on;
+        expires max;
+        add_header Cache-Control public;
+        break;
+      }
+
+      include /etc/nginx/<%= application_basename%>-locations/*;
+
+      # Prefer to serve static files directly from nginx to avoid unnecessary
+      # data copies from the application server.
+      try_files $uri/index.html $uri @unicorn;
+
+      location @unicorn {
+        # an HTTP header important enough to have its own Wikipedia entry:
+        #   http://en.wikipedia.org/wiki/X-Forwarded-For
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+        # this helps Rack set the proper URL scheme for doing HTTPS redirects:
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        # pass the Host: header from the client right along so redirects
+        # can be set properly within the Rack application
+        proxy_set_header Host $http_host;
+
+        # we don't want nginx trying to do something clever with
+        # redirects, we set the Host: header above already.
+        proxy_redirect off;
+
+        # enable caching (honors cache-control headers sent by Rails)
+        # lock and use_stale help prevent a cache stampede
+        proxy_cache default;
+        proxy_cache_lock on;
+        proxy_cache_use_stale updating;
+        add_header X-Cache-Status $upstream_cache_status;
+
+        proxy_pass http://unicorn_<%= application_basename %>;
+      }
+
+      # Rails error pages
+      error_page 500 502 503 504 /500.html;
+      location = /500.html {
+        root <%= current_path %>/public;
+      }
+    <% end %>
+  }
+<% end %>

data/lib/capistrano/mb/templates/pgpass.erb

@@ -0,0 +1 @@
+<%= fetch(:mb_postgresql_host) %>:5432:<%= fetch(:mb_postgresql_database) %>:<%= fetch(:mb_postgresql_user) %>:<%= fetch(:mb_postgresql_password).gsub(/([\\:])/, '\\\\\1') %>

data/lib/capistrano/mb/templates/postgresql-backup-logrotate.erb

@@ -0,0 +1,11 @@
+<%= fetch(:mb_postgresql_backup_path) %> {
+  daily
+  nomissingok
+  rotate 30
+  ifempty
+  create 600 <%= user %>
+  dateext
+  postrotate
+    /usr/bin/sudo -u <%= user %> PGPASSFILE=<%= fetch(:mb_postgresql_pgpass_path) %> /usr/bin/pg_dump -Fc -Z9 -O -x <%= fetch(:mb_postgresql_dump_options) %> -h <%= fetch(:mb_postgresql_host) %> -U <%= fetch(:mb_postgresql_user) %> -f <%= fetch(:mb_postgresql_backup_path) %> <%= fetch(:mb_postgresql_database) %>
+  endscript
+}

data/lib/capistrano/mb/templates/rbenv_bashrc

@@ -0,0 +1,4 @@
+if [ -d $HOME/.rbenv ]; then
+  export PATH="$HOME/.rbenv/bin:$PATH"
+  eval "$(rbenv init -)"
+fi

data/lib/capistrano/mb/templates/sidekiq_init.erb

@@ -0,0 +1,100 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          sidekiq
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Manage sidekiq worker
+# Description:       Start, stop, restart sidekiq worker.
+### END INIT INFO
+
+APP_DIR="<%= current_path %>"
+LOG_FILE="$APP_DIR/log/sidekiq.log"
+PID_FILE="$APP_DIR/tmp/pids/sidekiq.pid"
+SIDEKIQ="sidekiq"
+SIDEKIQCTL="sidekiqctl"
+APP_ENV="<%= fetch(:rails_env) %>"
+BUNDLE="bundle"
+AS_USER=<%= fetch(:mb_sidekiq_user, user) %>
+CONCURRENCY=<%= fetch(:mb_sidekiq_concurrency) %>
+
+START_CMD="cd $APP_DIR; $BUNDLE exec $SIDEKIQ -d -e $APP_ENV -P $PID_FILE --concurrency $CONCURRENCY -L $LOG_FILE"
+CTL_CMD="cd $APP_DIR; $BUNDLE exec $SIDEKIQCTL"
+RETVAL=0
+
+
+run () {
+  if [ "$(id -un)" = "$AS_USER" ]; then
+    eval $1
+  else
+    su -c "$1" - $AS_USER
+  fi
+}
+
+start() {
+
+  status
+  if [ $? -eq 1 ]; then
+
+    [ -d $APP_DIR ] || (echo "$APP_DIR not found!.. Exiting"; exit 6)
+    echo "Starting $SIDEKIQ message processor .. "
+    run "$START_CMD"
+    RETVAL=$?
+    #Sleeping for 8 seconds for process to be precisely visible in process table - See status ()
+    sleep 8
+    return $RETVAL
+  else
+    echo "$SIDEKIQ message processor is already running .. "
+  fi
+
+
+}
+
+stop() {
+
+    status
+    if [ $? -eq 0 ]; then
+
+      echo "Stopping $SIDEKIQ message processor .."
+      run "$CTL_CMD stop $PID_FILE"
+      RETVAL=$?
+      return $RETVAL
+
+    else
+      echo "$SIDEKIQ message processor is already stopped .. "
+    fi
+
+}
+
+status() {
+
+  ps -ef | egrep 'sidekiq [0-9]+.[0-9]+.[0-9]+' | grep -v grep
+  return $?
+}
+
+
+case "$1" in
+    start)
+        start
+        ;;
+    stop)
+        stop
+        ;;
+    status)
+        status
+
+        if [ $? -eq 0 ]; then
+             echo "$SIDEKIQ message processor is running .."
+             RETVAL=0
+         else
+             echo "$SIDEKIQ message processor is stopped .."
+             RETVAL=1
+         fi
+        ;;
+    *)
+        echo "Usage: $0 {start|stop|status}"
+        exit 0
+        ;;
+esac
+exit $RETVAL

data/lib/capistrano/mb/templates/ssl_setup

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Usage:
+#
+# ssl_setup [--self] <name> <csr_config>
+#
+# This script is used to generate key and CSR for use HTTPS in Nginx.
+#
+# --self        Generate self-signed certificate in addition to key and CSR.
+# name          Output files will be named as <name>.key and <name>.csr.
+# csr_config    Path to file that specifies CSR information. See below.
+#
+# CSR configuration format:
+#
+# [ req ]
+# distinguished_name="req_distinguished_name"
+# prompt="no"
+#
+# [ req_distinguished_name ]
+# C="US"
+# ST="California"
+# L="San Francisco"
+# O="Example Company"
+# CN="www.example.com"
+
+if [[ $1 == --self ]]; then
+  SELF_SIGN=1
+  shift
+fi
+
+KEY_NAME=$1
+CSR_CONFIG=$2
+
+openssl req -config $CSR_CONFIG -new -newkey rsa:2048 -nodes -keyout ${KEY_NAME}.key -out ${KEY_NAME}.csr
+chmod 600 ${KEY_NAME}.key ${KEY_NAME}.csr
+echo "Created ${KEY_NAME}.key"
+echo "Created ${KEY_NAME}.csr"
+
+if [[ -n $SELF_SIGN ]]; then
+  openssl x509 -req -days 365 -in ${KEY_NAME}.csr -signkey ${KEY_NAME}.key -out ${KEY_NAME}.crt
+  chmod 600 ${KEY_NAME}.crt
+  echo "Created ${KEY_NAME}.crt (self-signed)"
+fi