capistrano3-ubuntu-server-prepare 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,10 @@
1
+ #!upstart
2
+ description "Redis Server"
3
+
4
+ env USER=deployer
5
+
6
+ start on runlevel [2345]
7
+ stop on runlevel [016]
8
+
9
+ respawn
10
+ exec start-stop-daemon --start --make-pidfile --pidfile /var/www/run/redis-server.pid --chuid $USER --exec /usr/local/bin/redis-server /etc/redis/redis.conf >> /var/www/log/redis.log 2>&1
@@ -0,0 +1,86 @@
1
+ worker_processes 2
2
+
3
+ working_directory "/var/www/application/current" # available in 0.94.0+
4
+
5
+ # listen on both a Unix domain socket and a TCP port,
6
+ # we use a shorter backlog for quicker failover when busy
7
+ listen "/var/www/application/current/tmp/sockets/.unicorn.sock", :backlog => 64
8
+ listen 8080, :tcp_nopush => true
9
+
10
+ # nuke workers after 30 seconds instead of 60 seconds (the default)
11
+ timeout 30
12
+
13
+ # feel free to point this anywhere accessible on the filesystem
14
+ pid "/var/www/application/current/tmp/pids/unicorn.pid"
15
+
16
+ # By default, the Unicorn logger will write to stderr.
17
+ # Additionally, ome applications/frameworks log to stderr or stdout,
18
+ # so prevent them from going to /dev/null when daemonized here:
19
+ stderr_path "/var/www/application/current/log/unicorn.stderr.log"
20
+ stdout_path "/var/www/application/current/log/unicorn.stdout.log"
21
+
22
+ # combine Ruby 2.0.0dev or REE with "preload_app true" for memory savings
23
+ # http://rubyenterpriseedition.com/faq.html#adapt_apps_for_cow
24
+ preload_app true
25
+ GC.respond_to?(:copy_on_write_friendly=) and
26
+ GC.copy_on_write_friendly = true
27
+
28
+ # Enable this flag to have unicorn test client connections by writing the
29
+ # beginning of the HTTP headers before calling the application. This
30
+ # prevents calling the application for connections that have disconnected
31
+ # while queued. This is only guaranteed to detect clients on the same
32
+ # host unicorn runs on, and unlikely to detect disconnects even on a
33
+ # fast LAN.
34
+ check_client_connection false
35
+
36
+ before_fork do |server, worker|
37
+
38
+
39
+
40
+ # the following is highly recomended for Rails + "preload_app true"
41
+ # as there's no need for the master process to hold a connection
42
+
43
+ defined?(ActiveRecord::Base) and
44
+ ActiveRecord::Base.connection.disconnect!
45
+
46
+ # The following is only recommended for memory/DB-constrained
47
+ # installations. It is not needed if your system can house
48
+ # twice as many worker_processes as you have configured.
49
+ #
50
+ # # This allows a new master process to incrementally
51
+ # # phase out the old master process with SIGTTOU to avoid a
52
+ # # thundering herd (especially in the "preload_app false" case)
53
+ # # when doing a transparent upgrade. The last worker spawned
54
+ # # will then kill off the old master process with a SIGQUIT.
55
+ old_pid = "#{server.config[:pid]}.oldbin"
56
+ if old_pid != server.pid
57
+ begin
58
+ sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
59
+ Process.kill(sig, File.read(old_pid).to_i)
60
+ rescue Errno::ENOENT, Errno::ESRCH
61
+ end
62
+ end
63
+ #
64
+ # Throttle the master from forking too quickly by sleeping. Due
65
+ # to the implementation of standard Unix signal handlers, this
66
+ # helps (but does not completely) prevent identical, repeated signals
67
+ # from being lost when the receiving process is busy.
68
+ # sleep 1
69
+ end
70
+
71
+ after_fork do |server, worker|
72
+ # per-process listener ports for debugging/admin/migrations
73
+ # addr = "127.0.0.1:#{9293 + worker.nr}"
74
+ # server.listen(addr, :tries => -1, :delay => 5, :tcp_nopush => true)
75
+
76
+ # the following is *required* for Rails + "preload_app true",
77
+ defined?(ActiveRecord::Base) and
78
+ ActiveRecord::Base.establish_connection
79
+
80
+
81
+ # if preload_app is true, then you may also want to check and
82
+ # restart any other shared sockets/descriptors such as Memcached,
83
+ # and Redis. TokyoCabinet file handles are safe to reuse
84
+ # between any number of forked children (assuming your kernel
85
+ # correctly implements pread()/pwrite() system calls)
86
+ end
@@ -0,0 +1,3 @@
1
+ module EasyDeploy
2
+ require 'railtie' if defined?(Rails)
3
+ end
@@ -0,0 +1,340 @@
1
+ namespace :ubuntu_server_prepare do
2
+
3
+ desc 'Configure ubuntu server'
4
+ task :default do
5
+ invoke_scrpipts = []
6
+ if yesno 'Do you want to increase ssh security?'
7
+ invoke_scrpipts << 'ubuntu_server_prepare:ssh_increase'
8
+ end
9
+ if yesno 'Do you want to make swapfile?'
10
+ set :swapfile_size, ask("size of swapfile?", '512k')
11
+ fetch :swapfile_size
12
+ invoke_scrpipts << 'ubuntu_server_prepare:make_swap'
13
+ end
14
+ invoke_scrpipts << 'ubuntu_server_prepare:update_apt'
15
+ if yesno 'Do you want to apt-get upgrade?'
16
+ invoke_scrpipts << 'ubuntu_server_prepare:upgrade_apt'
17
+ end
18
+ if yesno 'Do you want to install NGINX?'
19
+ if yesno 'Do you want to install pagespeed module for nginx?'
20
+ set :pagespeed_install, true
21
+ else
22
+ set :pagespeed_install, false
23
+ end
24
+ invoke_scrpipts << 'ubuntu_server_prepare:nginx_install'
25
+ end
26
+
27
+ if yesno 'Do you want to install postgreSQL?'
28
+ set :postgre_username, ask("username for postgreSQL", 'deployer')
29
+ set :postgre_password, ask("password for postgreSQL", '123456')
30
+ fetch :postgre_username
31
+ fetch :postgre_password
32
+ invoke_scrpipts << 'ubuntu_server_prepare:postgre_install'
33
+ end
34
+ if yesno 'Do you want to install Redis?'
35
+ invoke_scrpipts << 'ubuntu_server_prepare:redis_install'
36
+ invoke_scrpipts << 'ubuntu_server_prepare:redis_conf'
37
+ end
38
+ if yesno 'Do you want to install RVM with Rails and Bundler?'
39
+ invoke_scrpipts << 'ubuntu_server_prepare:rvm_install'
40
+ end
41
+
42
+ if yesno 'Do you want to copy private key (for accessing git repo) from local machine to remote?'
43
+ set :key_localtion, ask("private key location", '~/.ssh/id_rsa')
44
+ fetch :key_localtion
45
+ invoke_scrpipts << 'ubuntu_server_prepare:push_ssh_keys'
46
+ end
47
+
48
+ if yesno 'Do you want to install imagemagick?'
49
+ invoke_scrpipts << 'ubuntu_server_prepare:imagemagick_install'
50
+ end
51
+
52
+ if yesno 'Do you want tp install some other packages?', false
53
+ set :additional_packages, ask("additional packages to install separated by space", 'apticron logcheck fail2ban') if !fetch :additional_packages
54
+ fetch :additional_packages
55
+ invoke_scrpipts << 'ubuntu_server_prepare:additional_install'
56
+ end
57
+ # just to get password before start
58
+ sudo_command
59
+ invoke_scrpipts.each do |script|
60
+ invoke script
61
+ end
62
+ end
63
+
64
+
65
+ desc 'Ask for sudo password'
66
+ task :ask_password do
67
+ on roles(:all) do
68
+ set :password, ask("your server sudo password", nil)
69
+ password = fetch(:password)
70
+ puts 'Checking password'
71
+ if 'true' == capture("echo #{password} | sudo -kS echo true").strip
72
+ set :sudo_password, password
73
+ set :sudo_command, "echo #{password} | sudo -kS "
74
+ puts "Password correct"
75
+ else
76
+ raise "Password incorrect"
77
+ end
78
+ end
79
+ end
80
+
81
+
82
+ desc "Increase ssh security"
83
+ task :ssh_increase do
84
+ on roles(:all) do
85
+ user = capture("echo $USER")
86
+ execute sudo_command + "sh -c \"echo 'PermitRootLogin no' >> /etc/ssh/sshd_config\""
87
+ execute sudo_command + "sh -c \"echo 'UseDNS no' >> /etc/ssh/sshd_config\""
88
+ execute sudo_command + "sh -c \"echo 'AllowUsers #{user}' >> /etc/ssh/sshd_config\""
89
+ execute sudo_command + 'reload ssh'
90
+ end
91
+ end
92
+
93
+
94
+ desc 'Install imagemagick'
95
+ task :imagemagick_install do
96
+ on roles(:all) do
97
+ execute sudo_command + "apt-get -y install imagemagick"
98
+ end
99
+ end
100
+
101
+ desc 'Make Swap'
102
+ task :make_swap do
103
+ on roles(:all) do
104
+ set :swapfile_size, ask("size of swapfile?", '512k') if !fetch(:swapfile_size)
105
+ execute sudo_command + "dd if=/dev/zero of=/swapfile bs=1024 count=#{fetch :swapfile_size}"
106
+ execute sudo_command + 'mkswap /swapfile'
107
+ execute sudo_command + 'swapon /swapfile'
108
+ execute sudo_command + "sh -c \"echo '/swapfile none swap sw 0 0 ' >> /etc/fstab\""
109
+ execute sudo_command + "sh -c \"echo 0 >> /proc/sys/vm/swappiness\""
110
+ execute sudo_command + 'chown root:root /swapfile'
111
+ execute sudo_command + 'chmod 0600 /swapfile'
112
+ end
113
+ end
114
+
115
+ desc 'Update'
116
+ task :update_apt do
117
+ on roles(:all) do
118
+ execute sudo_command + 'apt-get update'
119
+ end
120
+ end
121
+
122
+ desc 'Update and upgrade'
123
+ task :upgrade_apt do
124
+ on roles(:all) do
125
+ execute sudo_command + 'apt-get --yes --force-yes dist-upgrade'
126
+ end
127
+ end
128
+
129
+ desc 'Install nginx'
130
+ task :nginx_install do
131
+ on roles(:all) do
132
+ if fetch(:pagespeed_install).class == NilClass
133
+ if yesno 'Do you want to install pagespeed module for nginx?'
134
+ set :pagespeed_install, true
135
+ else
136
+ set :pagespeed_install, false
137
+ end
138
+ end
139
+
140
+
141
+ execute sudo_command + 'apt-get --yes --force-yes install build-essential zlib1g-dev libpcre3 libpcre3-dev unzip checkinstall'
142
+ execute 'mkdir -p ~/sources/nginx'
143
+
144
+ if fetch :pagespeed_install
145
+ nps_version = '1.9.32.2'
146
+ within '~/sources/nginx' do
147
+ execute :wget, "https://github.com/pagespeed/ngx_pagespeed/archive/release-#{nps_version}-beta.zip"
148
+ execute :unzip, "release-#{nps_version}-beta.zip"
149
+ end
150
+ within "~/sources/nginx/ngx_pagespeed-release-#{nps_version}-beta" do
151
+ execute :wget, "https://dl.google.com/dl/page-speed/psol/#{nps_version}.tar.gz"
152
+ execute :tar, "-xzvf #{nps_version}.tar.gz"
153
+ end
154
+ end
155
+
156
+ nginx_version = '1.6.2'
157
+ within '~/sources/nginx' do
158
+ execute :wget, "http://nginx.org/download/nginx-#{nginx_version}.tar.gz"
159
+ execute :tar, "-xvzf nginx-#{nginx_version}.tar.gz"
160
+ end
161
+ within "~/sources/nginx/nginx-#{nginx_version}" do
162
+ if fetch :pagespeed_install
163
+ execute "cd ~/sources/nginx/nginx-#{nginx_version} && ./configure --add-module=$HOME/sources/nginx/ngx_pagespeed-release-#{nps_version}-beta"
164
+ else
165
+ execute "cd ~/sources/nginx/nginx-#{nginx_version} && ./configure"
166
+ end
167
+ execute :make
168
+ end
169
+ execute "cd ~/sources/nginx/nginx-#{nginx_version} && " + sudo_command + "checkinstall -y"
170
+
171
+ execute sudo_command + "useradd -s /sbin/nologin -r nginx"
172
+ execute sudo_command + "groupadd web"
173
+ execute sudo_command + "usermod -a -G web nginx"
174
+ user = capture("echo $USER")
175
+ execute sudo_command + "usermod -a -G web #{user}"
176
+ execute sudo_command + "mkdir -p /var/www/run"
177
+ execute sudo_command + "mkdir -p /var/www/log"
178
+ execute sudo_command + "chgrp -R web /var/www"
179
+ execute sudo_command + "chmod -R 775 /var/www"
180
+ execute sudo_command + "chown -R #{user} /var/www"
181
+ invoke 'ubuntu_server_prepare:nginx_conf'
182
+ end
183
+ end
184
+
185
+ desc 'Send nginx config files'
186
+ task :nginx_conf do
187
+ on roles(:all) do
188
+ if fetch(:pagespeed_install).class == NilClass
189
+ if yesno 'Do you want to install pagespeed module for nginx?'
190
+ set :pagespeed_install, true
191
+ else
192
+ set :pagespeed_install, false
193
+ end
194
+ end
195
+
196
+ execute "mkdir -p ~/sources/nginx/conf"
197
+ user = capture("echo $USER")
198
+ if fetch :pagespeed_install
199
+ upload! 'config/production/nginx/nginx_with_pagespeed.conf', "/home/#{user}/sources/nginx/conf/nginx.conf"
200
+ else
201
+ upload! 'config/production/nginx/nginx.conf', "/home/#{user}/sources/nginx/conf/nginx.conf"
202
+
203
+ end
204
+ upload! 'config/production/nginx/upstart.conf', "/home/#{user}/sources/nginx/conf/"
205
+ execute sudo_command + "cp -f ~/sources/nginx/conf/upstart.conf /etc/init/nginx.conf"
206
+ execute sudo_command + "cp -f ~/sources/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf"
207
+ nginx_status = capture(sudo_command + "status nginx")
208
+ if nginx_status == 'nginx stop/waiting'
209
+ execute sudo_command + "start nginx"
210
+ else
211
+ execute sudo_command + 'restart nginx'
212
+ end
213
+ end
214
+ end
215
+
216
+ desc 'Install PostgreSql'
217
+ task :postgre_install do
218
+ on roles(:all) do
219
+ set :postgre_username, ask("username for postgreSQL", 'deployer') if !fetch(:postgre_username)
220
+ set :postgre_password, ask("password for postgreSQL", '123456') if !fetch(:postgre_password)
221
+
222
+ execute sudo_command + "apt-get install -y postgresql-9.3 postgresql-server-dev-9.3"
223
+ execute sudo_command + "-u postgres psql -c \"create user #{fetch :postgre_username} with password '#{fetch :postgre_password}';\""
224
+ execute sudo_command + "-u postgres psql -c \"alter role #{fetch :postgre_username} superuser createrole createdb replication;\""
225
+ end
226
+ end
227
+
228
+ desc 'Install Redis'
229
+ task :redis_install do
230
+ on roles(:all) do
231
+ execute "mkdir -p ~/sources/redis"
232
+ execute sudo_command + "apt-get install -y tcl8.5"
233
+ within "~/sources/redis" do
234
+ execute :wget, "http://download.redis.io/redis-stable.tar.gz"
235
+ execute :tar, "xvzf redis-stable.tar.gz"
236
+ end
237
+ within "~/sources/redis/redis-stable" do
238
+ execute :make
239
+ end
240
+ execute sudo_command + "cp -f ~/sources/redis/redis-stable/src/redis-server /usr/local/bin/"
241
+ execute sudo_command + "cp -f ~/sources/redis/redis-stable/src/redis-cli /usr/local/bin/"
242
+ execute sudo_command + "mkdir -p /etc/redis/"
243
+ execute sudo_command + "cp ~/sources/redis/redis-stable/redis.conf /etc/redis/"
244
+ end
245
+ end
246
+
247
+ desc 'Configure Redis'
248
+ task :redis_conf do
249
+ on roles(:all) do
250
+ user = capture("echo $USER")
251
+ execute sudo_command + "mkdir -p /var/www/other"
252
+ execute sudo_command + "mkdir -p /var/www/log"
253
+ execute sudo_command + "chgrp -R web /var/www"
254
+ execute sudo_command + "chmod -R 775 /var/www"
255
+ execute sudo_command + "chown -R #{user} /var/www"
256
+ execute "mkdir -p ~/sources/redis/conf"
257
+
258
+ upload! 'config/production/redis/redis.conf', "/home/#{user}/sources/redis/conf/"
259
+ upload! 'config/production/redis/upstart.conf', "/home/#{user}/sources/redis/conf/"
260
+ execute sudo_command + "cp -f ~/sources/redis/conf/upstart.conf /etc/init/redis-server.conf"
261
+ execute sudo_command + "cp -f ~/sources/redis/conf/redis.conf /etc/redis/"
262
+
263
+ redis_status = capture(sudo_command + "status redis-server")
264
+ if redis_status == 'redis-server stop/waiting'
265
+ execute sudo_command + "start redis-server"
266
+ else
267
+ execute sudo_command + 'restart redis-server'
268
+ end
269
+ end
270
+ end
271
+
272
+ desc 'Install RVM with rails'
273
+ task :rvm_install do
274
+ on roles(:all) do
275
+ execute sudo_command + 'apt-get -y install git curl python-software-properties'
276
+ execute sudo_command + 'add-apt-repository -y ppa:chris-lea/node.js'
277
+ execute sudo_command + 'apt-get update'
278
+ execute sudo_command + 'apt-get -y install nodejs gawk g++ gcc make libreadline6-dev zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgdbm-dev libncurses5-dev automake libtool bison pkg-config libffi-dev'
279
+ execute "gpg --keyserver hkp://keys.gnupg.net --recv-keys D39DC0E3"
280
+ execute "\\curl -sSL https://get.rvm.io | bash -s stable --rails --gems=bundler --autolibs=read-fail"
281
+ end
282
+ end
283
+
284
+
285
+
286
+ desc 'Push ssh key to server'
287
+ task :push_ssh_keys do
288
+ on roles(:all) do
289
+ files = Dir.glob(Dir.home() + '/.ssh/*').select { |f| f !~ /\.pub|known|config/ }.map {|f| f.gsub!(Dir.home(), '~')}
290
+ set :key_localtion, ask("private key location (for example: #{files.join(', ')})", '~/.ssh/id_rsa') if !fetch :key_localtion
291
+ home = Dir.home()
292
+ key_location = fetch(:key_localtion).gsub('~', home)
293
+ until File.exists? key_location
294
+ set :key_localtion, ask("private key location (for example: #{files.join(', ')})", '~/.ssh/id_rsa')
295
+ key_location = fetch(:key_localtion).gsub('~', home)
296
+ end
297
+ execute "mkdir -p ~/.ssh"
298
+ user = capture("echo $USER")
299
+ upload! key_location, "/home/#{user}/.ssh/git_key"
300
+ upload! key_location + '.pub', "/home/#{user}/.ssh/git_key.pub"
301
+ execute "echo 'IdentityFile ~/.ssh/git_key' >> ~/.ssh/config"
302
+ execute "chmod -f 600 ~/.ssh/*"
303
+ end
304
+ end
305
+
306
+ desc 'Install additional packages'
307
+ task :additional_install do
308
+ on roles(:all) do
309
+ set :additional_packages, ask("additional packages to install separated by space", 'apticron logcheck fail2ban') if !fetch :additional_packages
310
+ execute sudo_command + "apt-get -y install #{fetch :additional_packages}"
311
+ end
312
+ end
313
+
314
+
315
+
316
+ def sudo_command
317
+ sudo_command = fetch(:sudo_command)
318
+ if !sudo_command
319
+ invoke "ubuntu_server_prepare:ask_password"
320
+ sudo_command = fetch(:sudo_command)
321
+ end
322
+ return sudo_command
323
+ end
324
+
325
+
326
+
327
+ def yesno(prompt = 'Continue?', default = true)
328
+ a = ''
329
+ s = default ? '[Y/n]' : '[y/N]'
330
+ d = default ? 'y' : 'n'
331
+ until a =~ /\Ay|n\z/
332
+ set :answer, ask("#{prompt} #{s}", d)
333
+
334
+ a = fetch(:answer)
335
+ end
336
+ a.downcase == 'y'
337
+ end
338
+
339
+ end
340
+ task :ubuntu_server_prepare => "ubuntu_server_prepare:default"
@@ -0,0 +1 @@
1
+ load File.expand_path("../tasks/ubuntu-server-prepare.rake", __FILE__)
data/lib/railtie.rb ADDED
@@ -0,0 +1,11 @@
1
+ require 'capistrano3-ubuntu-server-prepare'
2
+ require 'rails'
3
+ module EasyDeploy
4
+ class Railtie < Rails::Railtie
5
+ railtie_name :ubuntu_server_prepare
6
+
7
+ rake_tasks do
8
+ load "tasks/capstrano3-ubuntu-server-prepare.rake"
9
+ end
10
+ end
11
+ end