capitate 0.1.7
Sign up to get free protection for your applications and to get access to all the features.
- data/Capfile +24 -0
- data/History.txt +22 -0
- data/License.txt +20 -0
- data/Manifest.txt +100 -0
- data/README.txt +1 -0
- data/Rakefile +4 -0
- data/bin/capitate +46 -0
- data/config/hoe.rb +70 -0
- data/config/requirements.rb +17 -0
- data/lib/capitate/cap_ext/connections.rb +95 -0
- data/lib/capitate/cap_ext/extension_proxy.rb +15 -0
- data/lib/capitate/cap_ext/variables.rb +59 -0
- data/lib/capitate/config.rb +106 -0
- data/lib/capitate/plugins/base.rb +85 -0
- data/lib/capitate/plugins/gem.rb +25 -0
- data/lib/capitate/plugins/package.rb +30 -0
- data/lib/capitate/plugins/profiles.rb +33 -0
- data/lib/capitate/plugins/script.rb +118 -0
- data/lib/capitate/plugins/templates.rb +98 -0
- data/lib/capitate/plugins/wget.rb +23 -0
- data/lib/capitate/plugins/yum.rb +87 -0
- data/lib/capitate/recipes.rb +9 -0
- data/lib/capitate/version.rb +9 -0
- data/lib/capitate.rb +32 -0
- data/lib/doc/centos/memcached.yml +18 -0
- data/lib/doc/centos/mongrel_cluster.yml +11 -0
- data/lib/doc/centos/monit.yml +12 -0
- data/lib/doc/centos/mysql.yml +6 -0
- data/lib/doc/centos/nginx.yml +25 -0
- data/lib/doc/centos/sphinx.yml +14 -0
- data/lib/doc/gems.yml +7 -0
- data/lib/doc/install.yml +11 -0
- data/lib/doc/memcached.yml +13 -0
- data/lib/doc/mongrel_cluster.yml +12 -0
- data/lib/doc/mysql.yml +46 -0
- data/lib/doc/nginx.yml +23 -0
- data/lib/doc/packages.yml +17 -0
- data/lib/doc/rails.yml +15 -0
- data/lib/profiles/centos-sick.rb +114 -0
- data/lib/recipes/README +5 -0
- data/lib/recipes/centos/README +3 -0
- data/lib/recipes/centos/centos.rb +44 -0
- data/lib/recipes/centos/imagemagick.rb +19 -0
- data/lib/recipes/centos/memcached.rb +31 -0
- data/lib/recipes/centos/mongrel_cluster.rb +34 -0
- data/lib/recipes/centos/monit.rb +42 -0
- data/lib/recipes/centos/mysql.rb +25 -0
- data/lib/recipes/centos/nginx.rb +45 -0
- data/lib/recipes/centos/ruby.rb +37 -0
- data/lib/recipes/centos/sphinx.rb +49 -0
- data/lib/recipes/deploy.rb +18 -0
- data/lib/recipes/gems.rb +11 -0
- data/lib/recipes/install.rb +18 -0
- data/lib/recipes/memcached.rb +14 -0
- data/lib/recipes/mongrel_cluster.rb +33 -0
- data/lib/recipes/mysql.rb +33 -0
- data/lib/recipes/nginx.rb +40 -0
- data/lib/recipes/packages.rb +24 -0
- data/lib/recipes/rails.rb +20 -0
- data/lib/recipes/sphinx.rb +38 -0
- data/lib/templates/capistrano/Capfile +26 -0
- data/lib/templates/centos/setup_for_web.sh +17 -0
- data/lib/templates/centos/sudoers +95 -0
- data/lib/templates/memcached/memcached.initd.centos.erb +70 -0
- data/lib/templates/memcached/memcached.monitrc.erb +4 -0
- data/lib/templates/mongrel/mongrel_cluster.initd.erb +61 -0
- data/lib/templates/mongrel/mongrel_cluster.monitrc.erb +15 -0
- data/lib/templates/mongrel/mongrel_cluster.yml.erb +10 -0
- data/lib/templates/monit/cert.sh +14 -0
- data/lib/templates/monit/monit.cnf +34 -0
- data/lib/templates/monit/monit.initd.centos.erb +68 -0
- data/lib/templates/monit/monitrc.erb +28 -0
- data/lib/templates/monit/patch_inittab.sh +15 -0
- data/lib/templates/mysql/install_db.sql.erb +7 -0
- data/lib/templates/mysql/mysql.monitrc.erb +6 -0
- data/lib/templates/nginx/nginx.conf.erb +88 -0
- data/lib/templates/nginx/nginx.initd.erb +62 -0
- data/lib/templates/nginx/nginx.monitrc.erb +4 -0
- data/lib/templates/nginx/nginx_vhost.conf.erb +95 -0
- data/lib/templates/rails/database.yml.erb +42 -0
- data/lib/templates/ruby/fix_openssl.sh +12 -0
- data/lib/templates/sphinx/sphinx.conf.erb +498 -0
- data/lib/templates/sphinx/sphinx.monitrc.erb +4 -0
- data/lib/templates/sphinx/sphinx_app.initd.centos.erb +67 -0
- data/script/destroy +14 -0
- data/script/generate +14 -0
- data/script/txt2html +74 -0
- data/setup.rb +1585 -0
- data/tasks/capitate.rake +10 -0
- data/tasks/deployment.rake +34 -0
- data/tasks/environment.rake +7 -0
- data/tasks/website.rake +17 -0
- data/test/test_helper.rb +2 -0
- data/test/test_recipes.rb +11 -0
- data/test/test_templates.rb +29 -0
- data/website/index.html +161 -0
- data/website/index.txt +86 -0
- data/website/javascripts/rounded_corners_lite.inc.js +285 -0
- data/website/stylesheets/screen.css +138 -0
- data/website/template.rhtml +48 -0
- metadata +160 -0
@@ -0,0 +1,24 @@
|
|
1
|
+
namespace :packages do
|
2
|
+
|
3
|
+
desc "Remove, update and install packages"
|
4
|
+
task :install do
|
5
|
+
|
6
|
+
# Settings
|
7
|
+
fetch(:packages_type)
|
8
|
+
fetch(:packages_add)
|
9
|
+
fetch(:packages_remove)
|
10
|
+
|
11
|
+
# Set package type
|
12
|
+
package.type = packages_type
|
13
|
+
|
14
|
+
# Remove packages
|
15
|
+
package.remove(packages_remove) unless packages_remove.blank?
|
16
|
+
|
17
|
+
# Update all existing packages
|
18
|
+
package.update
|
19
|
+
|
20
|
+
# Install packages
|
21
|
+
package.install(packages_add) unless packages_add.blank?
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# Rails recipes
|
2
|
+
namespace :rails do
|
3
|
+
|
4
|
+
desc "Create database yaml in shared path"
|
5
|
+
task :setup do
|
6
|
+
|
7
|
+
# Settings
|
8
|
+
fetch(:db_name)
|
9
|
+
fetch(:db_user)
|
10
|
+
fetch(:db_pass)
|
11
|
+
|
12
|
+
run "mkdir -p #{shared_path}/config"
|
13
|
+
put template.load("rails/database.yml.erb"), "#{shared_path}/config/database.yml"
|
14
|
+
end
|
15
|
+
|
16
|
+
desc "Make symlink for database yaml"
|
17
|
+
task :update_code do
|
18
|
+
run "ln -nfs #{shared_path}/config/database.yml #{release_path}/config/database.yml"
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
# Sphinx recipes
|
2
|
+
namespace :sphinx do
|
3
|
+
|
4
|
+
desc "Create monit configuration for sphinx"
|
5
|
+
task :setup_monit do
|
6
|
+
set :sphinx_pid_path, "#{shared_path}/pids/searchd.pid"
|
7
|
+
|
8
|
+
put template.load("sphinx/sphinx.monitrc.erb"), "/tmp/sphinx_#{application}.monitrc"
|
9
|
+
sudo "install -o root /tmp/sphinx_#{application}.monitrc /etc/monit/sphinx_#{application}.monitrc"
|
10
|
+
end
|
11
|
+
|
12
|
+
desc "Update sphinx for application"
|
13
|
+
task :update_code do
|
14
|
+
|
15
|
+
set :rails_root, current_path
|
16
|
+
set :index_root, "#{shared_path}/var/index";
|
17
|
+
set :log_root, "#{shared_path}/log"
|
18
|
+
set :pid_root, "#{shared_path}/pids"
|
19
|
+
|
20
|
+
put template.project("config/templates/sphinx.conf.erb"), "#{shared_path}/config/sphinx.conf"
|
21
|
+
end
|
22
|
+
|
23
|
+
desc "Rotate sphinx index for application"
|
24
|
+
task :rotate_all do
|
25
|
+
run "#{sphinx_prefix}/bin/indexer --config #{shared_path}/config/sphinx.conf --rotate --all"
|
26
|
+
end
|
27
|
+
|
28
|
+
desc "Build sphinx indexes for application"
|
29
|
+
task :index_all do
|
30
|
+
run "#{sphinx_prefix}/bin/indexer --config #{shared_path}/config/sphinx.conf --all"
|
31
|
+
end
|
32
|
+
|
33
|
+
desc "Start sphinx"
|
34
|
+
task :start do
|
35
|
+
# TODO: Monit
|
36
|
+
sudo "/sbin/service monit restart sphinx_#{application}"
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
#
|
2
|
+
# This file is auto-generated from Capitate
|
3
|
+
#
|
4
|
+
require 'capitate'
|
5
|
+
|
6
|
+
load 'deploy' if respond_to?(:namespace) # cap2 differentiator
|
7
|
+
|
8
|
+
set :project_root, File.dirname(__FILE__)
|
9
|
+
|
10
|
+
# Load capitate recipes
|
11
|
+
require 'capitate/recipes'
|
12
|
+
|
13
|
+
# Load recipes from plugins
|
14
|
+
Dir['vendor/plugins/*/recipes/*.rb'].each { |plugin| load(plugin) }
|
15
|
+
|
16
|
+
# Load project recipes
|
17
|
+
Dir['lib/recipes/*.rb'].each { |plugin| load(plugin) }
|
18
|
+
|
19
|
+
require 'erb'
|
20
|
+
|
21
|
+
#
|
22
|
+
# EDIT BELOW
|
23
|
+
#
|
24
|
+
|
25
|
+
# Load your profile
|
26
|
+
# load "config/deployment/centos-sick.rb"
|
@@ -0,0 +1,17 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
|
3
|
+
set -e
|
4
|
+
trap ERROR ERR
|
5
|
+
|
6
|
+
# Add admin group
|
7
|
+
cat /etc/group | grep admin || /usr/sbin/groupadd admin
|
8
|
+
|
9
|
+
# Install sudoers
|
10
|
+
install -o root -m 440 /tmp/sudoers /etc/sudoers
|
11
|
+
rm -f /tmp/sudoers
|
12
|
+
|
13
|
+
# Change inittab to runlevel 3
|
14
|
+
sed -i -e 's/^id:5:initdefault:/id:3:initdefault:/g' /etc/inittab
|
15
|
+
|
16
|
+
# Create web apps directory
|
17
|
+
mkdir -p /var/www/apps
|
@@ -0,0 +1,95 @@
|
|
1
|
+
## Sudoers allows particular users to run various commands as
|
2
|
+
## the root user, without needing the root password.
|
3
|
+
##
|
4
|
+
## Examples are provided at the bottom of the file for collections
|
5
|
+
## of related commands, which can then be delegated out to particular
|
6
|
+
## users or groups.
|
7
|
+
##
|
8
|
+
## This file must be edited with the 'visudo' command.
|
9
|
+
|
10
|
+
## Host Aliases
|
11
|
+
## Groups of machines. You may prefer to use hostnames (perhap using
|
12
|
+
## wildcards for entire domains) or IP addresses instead.
|
13
|
+
# Host_Alias FILESERVERS = fs1, fs2
|
14
|
+
# Host_Alias MAILSERVERS = smtp, smtp2
|
15
|
+
|
16
|
+
## User Aliases
|
17
|
+
## These aren't often necessary, as you can use regular groups
|
18
|
+
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
|
19
|
+
## rather than USERALIAS
|
20
|
+
# User_Alias ADMINS = jsmith, mikem
|
21
|
+
|
22
|
+
|
23
|
+
## Command Aliases
|
24
|
+
## These are groups of related commands...
|
25
|
+
|
26
|
+
## Networking
|
27
|
+
Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
|
28
|
+
|
29
|
+
## Installation and management of software
|
30
|
+
Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
|
31
|
+
|
32
|
+
## Services
|
33
|
+
Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
|
34
|
+
|
35
|
+
## Updating the locate database
|
36
|
+
Cmnd_Alias LOCATE = /usr/sbin/updatedb
|
37
|
+
|
38
|
+
## Storage
|
39
|
+
Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
|
40
|
+
|
41
|
+
## Delegating permissions
|
42
|
+
Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
|
43
|
+
|
44
|
+
## Processes
|
45
|
+
Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
|
46
|
+
|
47
|
+
## Drivers
|
48
|
+
Cmnd_Alias DRIVERS = /sbin/modprobe
|
49
|
+
|
50
|
+
# Defaults specification
|
51
|
+
|
52
|
+
#
|
53
|
+
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
|
54
|
+
# You have to run "ssh -t hostname sudo <cmd>".
|
55
|
+
#
|
56
|
+
#Defaults requiretty
|
57
|
+
|
58
|
+
Defaults env_reset
|
59
|
+
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
|
60
|
+
LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
|
61
|
+
LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
|
62
|
+
LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
|
63
|
+
LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
|
64
|
+
_XKB_CHARSET XAUTHORITY"
|
65
|
+
|
66
|
+
## Next comes the main part: which users can run what software on
|
67
|
+
## which machines (the sudoers file can be shared between multiple
|
68
|
+
## systems).
|
69
|
+
## Syntax:
|
70
|
+
##
|
71
|
+
## user MACHINE=COMMANDS
|
72
|
+
##
|
73
|
+
## The COMMANDS section may have other options added to it.
|
74
|
+
##
|
75
|
+
## Allow root to run any commands anywhere
|
76
|
+
root ALL=(ALL) ALL
|
77
|
+
%admin ALL=(ALL) ALL
|
78
|
+
|
79
|
+
## Allows members of the 'sys' group to run networking, software,
|
80
|
+
## service management apps and more.
|
81
|
+
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
|
82
|
+
|
83
|
+
## Allows people in group wheel to run all commands
|
84
|
+
# %wheel ALL=(ALL) ALL
|
85
|
+
|
86
|
+
## Same thing without a password
|
87
|
+
# %wheel ALL=(ALL) NOPASSWD: ALL
|
88
|
+
|
89
|
+
## Allows members of the users group to mount and unmount the
|
90
|
+
## cdrom as root
|
91
|
+
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
|
92
|
+
|
93
|
+
## Allows members of the users group to shutdown this system
|
94
|
+
# %users localhost=/sbin/shutdown -h now
|
95
|
+
|
@@ -0,0 +1,70 @@
|
|
1
|
+
#! /bin/sh
|
2
|
+
# memcached: Memcached
|
3
|
+
#
|
4
|
+
# chkconfig: - 86 14
|
5
|
+
# description: memcached
|
6
|
+
# processname: memcached
|
7
|
+
#
|
8
|
+
# Author: Gabriel Handford http://ducktyper.com
|
9
|
+
|
10
|
+
# Source function library
|
11
|
+
. /etc/rc.d/init.d/functions
|
12
|
+
|
13
|
+
RETVAL=0
|
14
|
+
|
15
|
+
DESC="memcached"
|
16
|
+
NAME="memcached"
|
17
|
+
DAEMON=/usr/local/bin/memcached
|
18
|
+
PIDFILE=<%= memcached_pid_path %>
|
19
|
+
MEM=<%= memcached_memory %>
|
20
|
+
PORT=<%= memcached_port %>
|
21
|
+
# Have to be root in order to save in /var/run
|
22
|
+
USER=root
|
23
|
+
|
24
|
+
start() {
|
25
|
+
daemon $DAEMON -d -m $MEM -p $PORT -u $USER -P $PIDFILE
|
26
|
+
RETVAL=$?
|
27
|
+
echo
|
28
|
+
return $RETVAL;
|
29
|
+
}
|
30
|
+
|
31
|
+
stop() {
|
32
|
+
kill -QUIT `cat $PIDFILE` || echo -n " not running"
|
33
|
+
}
|
34
|
+
|
35
|
+
reload() {
|
36
|
+
kill -HUP `cat $PIDFILE` || echo -n " can't reload"
|
37
|
+
}
|
38
|
+
|
39
|
+
case "$1" in
|
40
|
+
start)
|
41
|
+
echo -n "Starting $DESC: $NAME"
|
42
|
+
start
|
43
|
+
RETVAL=$?;
|
44
|
+
;;
|
45
|
+
stop)
|
46
|
+
echo "Stopping $DESC: $NAME"
|
47
|
+
stop
|
48
|
+
RETVAL=$?;
|
49
|
+
;;
|
50
|
+
reload)
|
51
|
+
echo -n "Reloading $DESC configuration..."
|
52
|
+
reload
|
53
|
+
RETVAL=$?;
|
54
|
+
echo "reloaded."
|
55
|
+
;;
|
56
|
+
restart)
|
57
|
+
echo -n "Restarting $DESC: $NAME"
|
58
|
+
stop
|
59
|
+
# Sleep after stop
|
60
|
+
sleep 1
|
61
|
+
start
|
62
|
+
RETVAL=$?;
|
63
|
+
;;
|
64
|
+
*)
|
65
|
+
echo "Usage: $0 {start|stop|restart|force-reload}" >&2
|
66
|
+
RETVAL=3;
|
67
|
+
;;
|
68
|
+
esac
|
69
|
+
|
70
|
+
exit $RETVAL;
|
@@ -0,0 +1,61 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
#
|
3
|
+
# Copyright (c) 2007 Bradley Taylor, bradley@railsmachine.com
|
4
|
+
#
|
5
|
+
# mongrel_cluster_<%= application %> Startup script for Mongrel clusters (<%= application %>)
|
6
|
+
#
|
7
|
+
# chkconfig: - 85 15
|
8
|
+
# description: mongrel_cluster_<%= application %> manages multiple Mongrel processes for use \
|
9
|
+
# behind a load balancer.
|
10
|
+
#
|
11
|
+
# Modified by: Gabriel Handford http://ducktyper.com
|
12
|
+
#
|
13
|
+
|
14
|
+
set -e
|
15
|
+
trap ERROR ERR
|
16
|
+
|
17
|
+
CONF_DIR=<%= mongrel_config_path %>
|
18
|
+
PID_DIR=<%= pid_path %>
|
19
|
+
USER=<%= user %>
|
20
|
+
|
21
|
+
RETVAL=0
|
22
|
+
|
23
|
+
fail() {
|
24
|
+
echo "Failed to start: $1"
|
25
|
+
exit 1
|
26
|
+
}
|
27
|
+
|
28
|
+
# Gracefully exit if the controller is missing.
|
29
|
+
which mongrel_cluster_ctl >/dev/null || fail "mongrel_cluster_ctl not found"
|
30
|
+
|
31
|
+
# Go no further if config directory is missing.
|
32
|
+
[ -d "$CONF_DIR" ] || fail "$CONF_DIR not found"
|
33
|
+
|
34
|
+
case "$1" in
|
35
|
+
start)
|
36
|
+
# Create pid directory
|
37
|
+
mkdir -p $PID_DIR
|
38
|
+
chown $USER:$USER $PID_DIR
|
39
|
+
|
40
|
+
mongrel_cluster_ctl start -c $CONF_DIR --clean
|
41
|
+
RETVAL=$?
|
42
|
+
;;
|
43
|
+
stop)
|
44
|
+
mongrel_cluster_ctl stop -c $CONF_DIR
|
45
|
+
RETVAL=$?
|
46
|
+
;;
|
47
|
+
restart)
|
48
|
+
mongrel_cluster_ctl restart -c $CONF_DIR
|
49
|
+
RETVAL=$?
|
50
|
+
;;
|
51
|
+
status)
|
52
|
+
mongrel_cluster_ctl status -c $CONF_DIR
|
53
|
+
RETVAL=$?
|
54
|
+
;;
|
55
|
+
*)
|
56
|
+
echo "Usage: $0 {start|stop|restart|status}"
|
57
|
+
exit 1
|
58
|
+
;;
|
59
|
+
esac
|
60
|
+
|
61
|
+
exit $RETVAL
|
@@ -0,0 +1,15 @@
|
|
1
|
+
<% processes.each do |process| %>
|
2
|
+
|
3
|
+
check process mongrel_cluster_<%= application %>_<%= process[:port] %> with pidfile <%= process[:pid_path] %>
|
4
|
+
group mongrel_cluster_<%= application %>
|
5
|
+
start program = "<%= process[:name] %> start <%= process[:start_options] %>"
|
6
|
+
stop program = "<%= process[:name] %> stop <%= process[:stop_options] %>"
|
7
|
+
if failed host 127.0.0.1 port <%= process[:port] %> protocol http
|
8
|
+
and request "/" then alert
|
9
|
+
if totalmem > 100 Mb then restart
|
10
|
+
if cpu is greater than 60% for 2 cycles then alert
|
11
|
+
if cpu > 80% for 5 cycles then restart
|
12
|
+
if loadavg(5min) greater than 10 for 8 cycles then restart
|
13
|
+
if 3 restarts within 5 cycles then timeout
|
14
|
+
|
15
|
+
<% end %>
|
@@ -0,0 +1,14 @@
|
|
1
|
+
#! /bin/sh
|
2
|
+
|
3
|
+
set -e
|
4
|
+
trap ERROR ERR
|
5
|
+
|
6
|
+
mkdir -p /var/certs
|
7
|
+
mv /tmp/monit.cnf /var/certs/monit.cnf
|
8
|
+
|
9
|
+
echo "Generating PEM..."
|
10
|
+
openssl req -new -x509 -days 365 -nodes -config /var/certs/monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem -batch > /var/certs/debug_req.log
|
11
|
+
openssl gendh 512 >> /var/certs/monit.pem 2> /var/certs/debug_gendh.log
|
12
|
+
echo "Generating x509..."
|
13
|
+
openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem > /var/certs/debug_x509.log
|
14
|
+
chmod 700 /var/certs/monit.pem
|
@@ -0,0 +1,34 @@
|
|
1
|
+
# create RSA certs - Server
|
2
|
+
|
3
|
+
RANDFILE = /var/certs/openssl.rnd
|
4
|
+
|
5
|
+
[ req ]
|
6
|
+
default_bits = 1024
|
7
|
+
encrypt_key = yes
|
8
|
+
distinguished_name = req_dn
|
9
|
+
x509_extensions = cert_type
|
10
|
+
|
11
|
+
[ req_dn ]
|
12
|
+
countryName = Country Name (2 letter code)
|
13
|
+
countryName_default = US
|
14
|
+
|
15
|
+
stateOrProvinceName = State or Province Name (full name)
|
16
|
+
stateOrProvinceName_default = Washington DC
|
17
|
+
|
18
|
+
localityName = Locality Name (eg, city)
|
19
|
+
localityName_default = Washington DC
|
20
|
+
|
21
|
+
organizationName = Organization Name (eg, company)
|
22
|
+
organizationName_default = Revolution
|
23
|
+
|
24
|
+
organizationalUnitName = Organizational Unit Name (eg, section)
|
25
|
+
organizationalUnitName_default = Ninjas
|
26
|
+
|
27
|
+
commonName = Common Name (FQDN of your server)
|
28
|
+
commonName_default = localhost
|
29
|
+
|
30
|
+
emailAddress = Email Address
|
31
|
+
emailAddress_default = gabrielh@gmail.com
|
32
|
+
|
33
|
+
[ cert_type ]
|
34
|
+
nsCertType = server
|
@@ -0,0 +1,68 @@
|
|
1
|
+
#! /bin/sh
|
2
|
+
# monit: Monit
|
3
|
+
#
|
4
|
+
# chkconfig: - 86 14
|
5
|
+
# description: monit
|
6
|
+
# processname: monit
|
7
|
+
#
|
8
|
+
# Author: Gabriel Handford http://ducktyper.com
|
9
|
+
|
10
|
+
# Source function library
|
11
|
+
. /etc/rc.d/init.d/functions
|
12
|
+
|
13
|
+
RETVAL=0
|
14
|
+
|
15
|
+
DESC="monit"
|
16
|
+
NAME=monit
|
17
|
+
DAEMON=/usr/local/bin/monit
|
18
|
+
CONFFILE=/etc/monitrc
|
19
|
+
LOGFILE=/var/log/monit.log
|
20
|
+
PIDFILE=/var/run/monit.pid
|
21
|
+
|
22
|
+
start() {
|
23
|
+
daemon $DAEMON -l $LOGFILE -p $PIDFILE -c $CONFFILE
|
24
|
+
RETVAL=$?
|
25
|
+
echo
|
26
|
+
return $RETVAL;
|
27
|
+
}
|
28
|
+
|
29
|
+
stop() {
|
30
|
+
kill -QUIT `cat $PIDFILE` || echo -n " not running"
|
31
|
+
}
|
32
|
+
|
33
|
+
reload() {
|
34
|
+
kill -HUP `cat $PIDFILE` || echo -n " can't reload"
|
35
|
+
}
|
36
|
+
|
37
|
+
case "$1" in
|
38
|
+
start)
|
39
|
+
#echo -n "Starting $DESC: $NAME"
|
40
|
+
start
|
41
|
+
RETVAL=$?;
|
42
|
+
;;
|
43
|
+
stop)
|
44
|
+
echo "Stopping $DESC: $NAME"
|
45
|
+
stop
|
46
|
+
RETVAL=$?;
|
47
|
+
;;
|
48
|
+
reload)
|
49
|
+
echo -n "Reloading $DESC configuration..."
|
50
|
+
reload
|
51
|
+
RETVAL=$?;
|
52
|
+
echo "reloaded."
|
53
|
+
;;
|
54
|
+
restart)
|
55
|
+
echo -n "Restarting $DESC: $NAME"
|
56
|
+
stop
|
57
|
+
# Sleep after stop
|
58
|
+
sleep 1
|
59
|
+
start
|
60
|
+
RETVAL=$?;
|
61
|
+
;;
|
62
|
+
*)
|
63
|
+
echo "Usage: $0 {start|stop|restart|force-reload}" >&2
|
64
|
+
RETVAL=3;
|
65
|
+
;;
|
66
|
+
esac
|
67
|
+
|
68
|
+
exit $RETVAL;
|
@@ -0,0 +1,28 @@
|
|
1
|
+
set daemon 60
|
2
|
+
set logfile syslog facility log_daemon
|
3
|
+
set mailserver localhost
|
4
|
+
set mail-format { from: monit@localhost }
|
5
|
+
set alert root@localhost
|
6
|
+
|
7
|
+
# Http settings
|
8
|
+
# ---------------------------
|
9
|
+
|
10
|
+
set httpd port <%= monit_port %>
|
11
|
+
ssl enable
|
12
|
+
pemfile /var/certs/monit.pem
|
13
|
+
allow admin:<%= monit_password %>
|
14
|
+
|
15
|
+
# Core processes
|
16
|
+
# ---------------------------
|
17
|
+
|
18
|
+
check process sshd with pidfile /var/run/sshd.pid
|
19
|
+
start program "/sbin/service sshd start"
|
20
|
+
stop program "/sbin/service sshd stop"
|
21
|
+
if failed port 22 protocol ssh then restart
|
22
|
+
if 5 restarts within 5 cycles then timeout
|
23
|
+
|
24
|
+
|
25
|
+
# Includes
|
26
|
+
# ---------------------------
|
27
|
+
|
28
|
+
include /etc/monit/*.monitrc
|
@@ -0,0 +1,15 @@
|
|
1
|
+
#! /bin/sh
|
2
|
+
|
3
|
+
set -e
|
4
|
+
trap ERROR ERR
|
5
|
+
|
6
|
+
NO_MONIT=0
|
7
|
+
grep -q monit /etc/inittab > /dev/null || export NO_MONIT=1
|
8
|
+
|
9
|
+
if [ $NO_MONIT == 1 ]; then
|
10
|
+
echo "Patching inittab with monit..."
|
11
|
+
echo "" >> /etc/inittab
|
12
|
+
echo "# Run monit in standard run-levels" >> /etc/inittab
|
13
|
+
echo "mo:345:respawn:/usr/local/bin/monit -Ic /etc/monitrc -l /var/log/monit.log -p /var/run/monit.pid" >> /etc/inittab
|
14
|
+
telinit q
|
15
|
+
fi
|
@@ -0,0 +1,88 @@
|
|
1
|
+
#
|
2
|
+
# Nginx conf
|
3
|
+
#
|
4
|
+
# See vhost conf for site specific stuff.
|
5
|
+
#
|
6
|
+
# ==== References:
|
7
|
+
# http://brainspl.at/articles/2007/01/03/new-nginx-conf-with-optimizations
|
8
|
+
# http://topfunky.net/svn/shovel/nginx
|
9
|
+
# http://robsanheim.com/2008/02/07/beware-the-default-nginx-config-old-ie6-hates-gzip/
|
10
|
+
#
|
11
|
+
|
12
|
+
# user and group to run as
|
13
|
+
user nginx nginx;
|
14
|
+
|
15
|
+
# number of nginx workers
|
16
|
+
worker_processes 6;
|
17
|
+
|
18
|
+
# pid of nginx master process
|
19
|
+
pid <%= nginx_pid_path %>;
|
20
|
+
|
21
|
+
|
22
|
+
events {
|
23
|
+
worker_connections 1024;
|
24
|
+
}
|
25
|
+
|
26
|
+
|
27
|
+
http {
|
28
|
+
include <%= File.dirname(nginx_conf_path) %>/mime.types;
|
29
|
+
default_type application/octet-stream;
|
30
|
+
|
31
|
+
log_format main '$remote_addr - $remote_user [$time_local] $request '
|
32
|
+
'"$status" $body_bytes_sent "$http_referer" '
|
33
|
+
'"$http_user_agent" "$http_x_forwarded_for"';
|
34
|
+
|
35
|
+
# main access log
|
36
|
+
access_log /var/log/nginx_access.log main;
|
37
|
+
|
38
|
+
# main error log
|
39
|
+
error_log /var/log/nginx_error.log debug;
|
40
|
+
|
41
|
+
# no sendfile on OSX
|
42
|
+
sendfile on;
|
43
|
+
|
44
|
+
#keepalive_timeout 0;
|
45
|
+
keepalive_timeout 65;
|
46
|
+
|
47
|
+
# These are good default values.
|
48
|
+
tcp_nopush on;
|
49
|
+
tcp_nodelay off;
|
50
|
+
# output compression saves bandwidth
|
51
|
+
gzip on;
|
52
|
+
gzip_http_version 1.0;
|
53
|
+
gzip_comp_level 2;
|
54
|
+
gzip_proxied any;
|
55
|
+
gzip_buffers 16 8k;
|
56
|
+
gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
|
57
|
+
|
58
|
+
# GZip fails on pre SP2 IE6 browsers (even though is says it can)
|
59
|
+
# Thanks, http://robsanheim.com/2008/02/07/beware-the-default-nginx-config-old-ie6-hates-gzip/
|
60
|
+
# TODO: This doesn't work with our version of nginx
|
61
|
+
#gzip_disable "MSIE [1-6]\.";
|
62
|
+
|
63
|
+
# Auto include
|
64
|
+
include /etc/nginx/vhosts/*.conf;
|
65
|
+
|
66
|
+
# HTTPS server
|
67
|
+
#
|
68
|
+
#server {
|
69
|
+
# listen 443;
|
70
|
+
# server_name localhost;
|
71
|
+
|
72
|
+
# ssl on;
|
73
|
+
# ssl_certificate cert.pem;
|
74
|
+
# ssl_certificate_key cert.key;
|
75
|
+
|
76
|
+
# ssl_session_timeout 5m;
|
77
|
+
|
78
|
+
# ssl_protocols SSLv2 SSLv3 TLSv1;
|
79
|
+
# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
|
80
|
+
# ssl_prefer_server_ciphers on;
|
81
|
+
|
82
|
+
# location / {
|
83
|
+
# root html;
|
84
|
+
# index index.html index.htm;
|
85
|
+
# }
|
86
|
+
#}
|
87
|
+
|
88
|
+
}
|