capitate 0.1.7

data/lib/recipes/packages.rb

@@ -0,0 +1,24 @@
+namespace :packages do
+  
+  desc "Remove, update and install packages"
+  task :install do
+    
+    # Settings
+    fetch(:packages_type)
+    fetch(:packages_add)
+    fetch(:packages_remove)
+    
+    # Set package type
+    package.type = packages_type
+    
+    # Remove packages          
+    package.remove(packages_remove) unless packages_remove.blank?
+    
+    # Update all existing packages
+    package.update
+    
+    # Install packages
+    package.install(packages_add) unless packages_add.blank?
+  end
+  
+end

data/lib/recipes/rails.rb

@@ -0,0 +1,20 @@
+# Rails recipes
+namespace :rails do
+  
+  desc "Create database yaml in shared path" 
+  task :setup do    
+    
+    # Settings
+    fetch(:db_name)
+    fetch(:db_user)
+    fetch(:db_pass)
+    
+    run "mkdir -p #{shared_path}/config"
+    put template.load("rails/database.yml.erb"), "#{shared_path}/config/database.yml"
+  end
+
+  desc "Make symlink for database yaml" 
+  task :update_code do
+    run "ln -nfs #{shared_path}/config/database.yml #{release_path}/config/database.yml" 
+  end
+end

data/lib/recipes/sphinx.rb

@@ -0,0 +1,38 @@
+# Sphinx recipes
+namespace :sphinx do
+  
+  desc "Create monit configuration for sphinx"
+  task :setup_monit do    
+    set :sphinx_pid_path, "#{shared_path}/pids/searchd.pid"
+    
+    put template.load("sphinx/sphinx.monitrc.erb"), "/tmp/sphinx_#{application}.monitrc"            
+    sudo "install -o root /tmp/sphinx_#{application}.monitrc /etc/monit/sphinx_#{application}.monitrc"
+  end
+  
+  desc "Update sphinx for application" 
+  task :update_code do
+    
+    set :rails_root, current_path
+    set :index_root, "#{shared_path}/var/index";
+    set :log_root, "#{shared_path}/log"
+    set :pid_root, "#{shared_path}/pids"
+    
+    put template.project("config/templates/sphinx.conf.erb"), "#{shared_path}/config/sphinx.conf"
+  end
+  
+  desc "Rotate sphinx index for application"
+  task :rotate_all do
+    run "#{sphinx_prefix}/bin/indexer --config #{shared_path}/config/sphinx.conf --rotate --all"
+  end
+  
+  desc "Build sphinx indexes for application"
+  task :index_all do
+    run "#{sphinx_prefix}/bin/indexer --config #{shared_path}/config/sphinx.conf --all"
+  end
+  
+  desc "Start sphinx"
+  task :start do
+    # TODO: Monit
+    sudo "/sbin/service monit restart sphinx_#{application}"
+  end  
+end

data/lib/templates/capistrano/Capfile

@@ -0,0 +1,26 @@
+#
+# This file is auto-generated from Capitate
+#
+require 'capitate'
+
+load 'deploy' if respond_to?(:namespace) # cap2 differentiator
+
+set :project_root, File.dirname(__FILE__)
+
+# Load capitate recipes
+require 'capitate/recipes'
+
+# Load recipes from plugins
+Dir['vendor/plugins/*/recipes/*.rb'].each { |plugin| load(plugin) }
+
+# Load project recipes
+Dir['lib/recipes/*.rb'].each { |plugin| load(plugin) }
+
+require 'erb'
+
+#
+# EDIT BELOW
+#
+
+# Load your profile
+# load "config/deployment/centos-sick.rb"

data/lib/templates/centos/setup_for_web.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+trap ERROR ERR
+
+# Add admin group
+cat /etc/group | grep admin || /usr/sbin/groupadd admin
+
+# Install sudoers
+install -o root -m 440 /tmp/sudoers /etc/sudoers
+rm -f /tmp/sudoers
+
+# Change inittab to runlevel 3
+sed -i -e 's/^id:5:initdefault:/id:3:initdefault:/g' /etc/inittab
+
+# Create web apps directory
+mkdir -p /var/www/apps

data/lib/templates/centos/sudoers

@@ -0,0 +1,95 @@
+## Sudoers allows particular users to run various commands as
+## the root user, without needing the root password.
+##
+## Examples are provided at the bottom of the file for collections
+## of related commands, which can then be delegated out to particular
+## users or groups.
+## 
+## This file must be edited with the 'visudo' command.
+
+## Host Aliases
+## Groups of machines. You may prefer to use hostnames (perhap using 
+## wildcards for entire domains) or IP addresses instead.
+# Host_Alias     FILESERVERS = fs1, fs2
+# Host_Alias     MAILSERVERS = smtp, smtp2
+
+## User Aliases
+## These aren't often necessary, as you can use regular groups
+## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname 
+## rather than USERALIAS
+# User_Alias ADMINS = jsmith, mikem
+
+
+## Command Aliases
+## These are groups of related commands...
+
+## Networking
+Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
+
+## Installation and management of software
+Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
+
+## Services
+Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
+
+## Updating the locate database
+Cmnd_Alias LOCATE = /usr/sbin/updatedb
+
+## Storage
+Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
+
+## Delegating permissions
+Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp 
+
+## Processes
+Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
+
+## Drivers
+Cmnd_Alias DRIVERS = /sbin/modprobe
+
+# Defaults specification
+
+#
+# Disable "ssh hostname sudo <cmd>", because it will show the password in clear. 
+#         You have to run "ssh -t hostname sudo <cmd>".
+#
+#Defaults    requiretty
+
+Defaults    env_reset
+Defaults    env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \
+                        LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \
+                        LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \
+                        LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \
+                        LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \
+                        _XKB_CHARSET XAUTHORITY"
+
+## Next comes the main part: which users can run what software on 
+## which machines (the sudoers file can be shared between multiple
+## systems).
+## Syntax:
+##
+## 	user	MACHINE=COMMANDS
+##
+## The COMMANDS section may have other options added to it.
+##
+## Allow root to run any commands anywhere 
+root	ALL=(ALL) 	ALL
+%admin  ALL=(ALL)   ALL
+
+## Allows members of the 'sys' group to run networking, software, 
+## service management apps and more.
+# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
+
+## Allows people in group wheel to run all commands
+# %wheel	ALL=(ALL)	ALL
+
+## Same thing without a password
+# %wheel	ALL=(ALL)	NOPASSWD: ALL
+
+## Allows members of the users group to mount and unmount the 
+## cdrom as root
+# %users  ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
+
+## Allows members of the users group to shutdown this system
+# %users  localhost=/sbin/shutdown -h now
+

data/lib/templates/memcached/memcached.initd.centos.erb

@@ -0,0 +1,70 @@
+#! /bin/sh
+# memcached: Memcached
+#
+# chkconfig: - 86 14
+# description: memcached
+# processname: memcached
+#
+# Author: Gabriel Handford http://ducktyper.com
+
+# Source function library
+. /etc/rc.d/init.d/functions
+
+RETVAL=0
+
+DESC="memcached"
+NAME="memcached"
+DAEMON=/usr/local/bin/memcached
+PIDFILE=<%= memcached_pid_path %>
+MEM=<%= memcached_memory %>
+PORT=<%= memcached_port %>
+# Have to be root in order to save in /var/run
+USER=root
+
+start() {
+  daemon $DAEMON -d -m $MEM -p $PORT -u $USER -P $PIDFILE
+  RETVAL=$?
+  echo
+  return $RETVAL;  
+}
+
+stop() {
+  kill -QUIT `cat $PIDFILE` || echo -n " not running"
+}
+
+reload() {
+  kill -HUP `cat $PIDFILE` || echo -n " can't reload"
+}
+
+case "$1" in
+  start)
+  	echo -n "Starting $DESC: $NAME"
+  	start
+    RETVAL=$?;
+	;;
+  stop)
+  	echo "Stopping $DESC: $NAME"
+  	stop
+  	RETVAL=$?;
+	;;
+  reload)
+  	echo -n "Reloading $DESC configuration..."
+  	reload
+  	RETVAL=$?;
+  	echo "reloaded."
+  ;;
+  restart)
+  	echo -n "Restarting $DESC: $NAME"
+  	stop
+  	# Sleep after stop
+  	sleep 1
+  	start
+  	RETVAL=$?;
+	;;
+  *)
+	  echo "Usage: $0 {start|stop|restart|force-reload}" >&2
+	  RETVAL=3;
+	;;
+esac
+
+exit $RETVAL;

data/lib/templates/memcached/memcached.monitrc.erb

@@ -0,0 +1,4 @@
+check process memcached with pidfile <%= memcached_pid_path %>
+  start program = "/sbin/service memcached start" 
+  stop program =  "/sbin/service memcached stop" 
+  if failed host 127.0.0.1 port <%= memcached_port %> then restart

data/lib/templates/mongrel/mongrel_cluster.initd.erb

@@ -0,0 +1,61 @@
+#!/bin/bash
+#
+# Copyright (c) 2007 Bradley Taylor, bradley@railsmachine.com
+#
+# mongrel_cluster_<%= application %>   Startup script for Mongrel clusters (<%= application %>)
+#
+# chkconfig: - 85 15
+# description: mongrel_cluster_<%= application %> manages multiple Mongrel processes for use \
+#              behind a load balancer.
+#
+# Modified by: Gabriel Handford http://ducktyper.com
+#              
+
+set -e
+trap ERROR ERR
+
+CONF_DIR=<%= mongrel_config_path %>
+PID_DIR=<%= pid_path %>
+USER=<%= user %>
+
+RETVAL=0
+
+fail() {
+  echo "Failed to start: $1"
+  exit 1
+}
+
+# Gracefully exit if the controller is missing.
+which mongrel_cluster_ctl >/dev/null || fail "mongrel_cluster_ctl not found"
+
+# Go no further if config directory is missing.
+[ -d "$CONF_DIR" ] || fail "$CONF_DIR not found"
+
+case "$1" in
+    start)
+      # Create pid directory
+      mkdir -p $PID_DIR
+      chown $USER:$USER $PID_DIR
+
+      mongrel_cluster_ctl start -c $CONF_DIR --clean
+      RETVAL=$?
+  ;;
+    stop)
+      mongrel_cluster_ctl stop -c $CONF_DIR
+      RETVAL=$?
+  ;;
+    restart)
+      mongrel_cluster_ctl restart -c $CONF_DIR
+      RETVAL=$?
+  ;;
+    status)
+      mongrel_cluster_ctl status -c $CONF_DIR
+      RETVAL=$?
+  ;;
+    *)
+      echo "Usage: $0 {start|stop|restart|status}"
+      exit 1
+  ;;
+esac      
+
+exit $RETVAL

data/lib/templates/mongrel/mongrel_cluster.monitrc.erb

@@ -0,0 +1,15 @@
+<% processes.each do |process| %>
+  
+check process mongrel_cluster_<%= application %>_<%= process[:port] %> with pidfile <%= process[:pid_path] %>
+   group mongrel_cluster_<%= application %>
+   start program = "<%= process[:name] %> start <%= process[:start_options] %>"
+   stop program = "<%= process[:name] %> stop <%= process[:stop_options] %>"
+   if failed host 127.0.0.1 port <%= process[:port] %> protocol http
+      and request "/" then alert
+   if totalmem > 100 Mb then restart
+   if cpu is greater than 60% for 2 cycles then alert
+   if cpu > 80% for 5 cycles then restart
+   if loadavg(5min) greater than 10 for 8 cycles then restart
+   if 3 restarts within 5 cycles then timeout
+   
+<% end %>

data/lib/templates/mongrel/mongrel_cluster.yml.erb

@@ -0,0 +1,10 @@
+--- 
+cwd: <%= current_path %>
+log_file: log/mongrel.log
+port: "<%= mongrel_port %>"
+environment: production
+address: 127.0.0.1
+pid_file: <%= pid_path %>/mongrel.pid
+servers: <%= mongrel_size %>
+user: <%= user %>
+group: <%= user %>

data/lib/templates/monit/cert.sh

@@ -0,0 +1,14 @@
+#! /bin/sh
+
+set -e
+trap ERROR ERR
+
+mkdir -p /var/certs
+mv /tmp/monit.cnf /var/certs/monit.cnf
+
+echo "Generating PEM..."
+openssl req -new -x509 -days 365 -nodes -config /var/certs/monit.cnf -out /var/certs/monit.pem -keyout /var/certs/monit.pem -batch > /var/certs/debug_req.log
+openssl gendh 512 >> /var/certs/monit.pem 2> /var/certs/debug_gendh.log
+echo "Generating x509..."
+openssl x509 -subject -dates -fingerprint -noout -in /var/certs/monit.pem > /var/certs/debug_x509.log
+chmod 700 /var/certs/monit.pem

data/lib/templates/monit/monit.cnf

@@ -0,0 +1,34 @@
+# create RSA certs - Server
+
+RANDFILE = /var/certs/openssl.rnd
+
+[ req ]
+default_bits = 1024
+encrypt_key = yes
+distinguished_name = req_dn
+x509_extensions = cert_type
+
+[ req_dn ]
+countryName = Country Name (2 letter code)
+countryName_default = US
+
+stateOrProvinceName             = State or Province Name (full name)
+stateOrProvinceName_default     = Washington DC
+
+localityName                    = Locality Name (eg, city)
+localityName_default            = Washington DC
+
+organizationName                = Organization Name (eg, company)
+organizationName_default        = Revolution
+
+organizationalUnitName          = Organizational Unit Name (eg, section)
+organizationalUnitName_default  = Ninjas
+
+commonName                      = Common Name (FQDN of your server)
+commonName_default              = localhost
+
+emailAddress                    = Email Address
+emailAddress_default            = gabrielh@gmail.com
+
+[ cert_type ]
+nsCertType = server

data/lib/templates/monit/monit.initd.centos.erb

@@ -0,0 +1,68 @@
+#! /bin/sh
+# monit: Monit
+#
+# chkconfig: - 86 14
+# description: monit
+# processname: monit
+#
+# Author: Gabriel Handford http://ducktyper.com
+
+# Source function library
+. /etc/rc.d/init.d/functions
+
+RETVAL=0
+
+DESC="monit"
+NAME=monit
+DAEMON=/usr/local/bin/monit
+CONFFILE=/etc/monitrc
+LOGFILE=/var/log/monit.log
+PIDFILE=/var/run/monit.pid
+
+start() {
+  daemon $DAEMON -l $LOGFILE -p $PIDFILE -c $CONFFILE
+  RETVAL=$?
+  echo
+  return $RETVAL;  
+}
+
+stop() {
+  kill -QUIT `cat $PIDFILE` || echo -n " not running"
+}
+
+reload() {
+  kill -HUP `cat $PIDFILE` || echo -n " can't reload"
+}
+
+case "$1" in
+  start)
+  	#echo -n "Starting $DESC: $NAME"
+  	start
+    RETVAL=$?;
+	;;
+  stop)
+  	echo "Stopping $DESC: $NAME"
+  	stop
+  	RETVAL=$?;
+	;;
+  reload)
+  	echo -n "Reloading $DESC configuration..."
+  	reload
+  	RETVAL=$?;
+  	echo "reloaded."
+  ;;
+  restart)
+  	echo -n "Restarting $DESC: $NAME"
+  	stop
+  	# Sleep after stop
+  	sleep 1
+  	start
+  	RETVAL=$?;
+	;;
+  *)
+	  echo "Usage: $0 {start|stop|restart|force-reload}" >&2
+	  RETVAL=3;
+	;;
+esac
+
+exit $RETVAL;

data/lib/templates/monit/monitrc.erb

@@ -0,0 +1,28 @@
+set daemon  60
+set logfile syslog facility log_daemon
+set mailserver localhost
+set mail-format { from: monit@localhost }
+set alert root@localhost
+
+# Http settings
+# ---------------------------
+
+set httpd port <%= monit_port %>
+  ssl enable  
+  pemfile /var/certs/monit.pem
+  allow admin:<%= monit_password %>
+
+# Core processes
+# ---------------------------
+
+check process sshd with pidfile /var/run/sshd.pid
+  start program  "/sbin/service sshd start"
+  stop program  "/sbin/service sshd stop"
+  if failed port 22 protocol ssh then restart
+  if 5 restarts within 5 cycles then timeout
+  
+  
+# Includes
+# ---------------------------
+
+include /etc/monit/*.monitrc

data/lib/templates/monit/patch_inittab.sh

@@ -0,0 +1,15 @@
+#! /bin/sh
+
+set -e
+trap ERROR ERR
+
+NO_MONIT=0
+grep -q monit /etc/inittab > /dev/null || export NO_MONIT=1
+
+if [ $NO_MONIT == 1 ]; then
+  echo "Patching inittab with monit..."
+  echo "" >> /etc/inittab
+  echo "# Run monit in standard run-levels" >> /etc/inittab
+  echo "mo:345:respawn:/usr/local/bin/monit -Ic /etc/monitrc -l /var/log/monit.log -p /var/run/monit.pid" >> /etc/inittab
+  telinit q
+fi

data/lib/templates/mysql/install_db.sql.erb

@@ -0,0 +1,7 @@
+<% locations_for_grant.each do |location| %>
+GRANT ALL PRIVILEGES ON <%= db_name %>.* TO '<%= db_user %>'@'<%= location %>' IDENTIFIED BY '<%= db_pass %>';
+<% end %>
+
+CREATE DATABASE IF NOT EXISTS <%= db_name %>;
+
+FLUSH PRIVILEGES;

data/lib/templates/mysql/mysql.monitrc.erb

@@ -0,0 +1,6 @@
+check process mysql with pidfile <%= mysql_pid_path %>
+   group database
+   start program = "/sbin/service mysqld start"
+   stop program = "/sbin/service mysqld stop"
+   if failed host 127.0.0.1 port <%= db_port %> then restart
+   if 5 restarts within 5 cycles then timeout

data/lib/templates/nginx/nginx.conf.erb

@@ -0,0 +1,88 @@
+#
+# Nginx conf
+#
+# See vhost conf for site specific stuff.
+#
+# ==== References:
+# http://brainspl.at/articles/2007/01/03/new-nginx-conf-with-optimizations
+# http://topfunky.net/svn/shovel/nginx
+# http://robsanheim.com/2008/02/07/beware-the-default-nginx-config-old-ie6-hates-gzip/
+#
+
+# user and group to run as
+user nginx nginx;
+
+# number of nginx workers
+worker_processes 6;
+
+# pid of nginx master process
+pid <%= nginx_pid_path %>;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+  include <%= File.dirname(nginx_conf_path) %>/mime.types;
+  default_type  application/octet-stream;
+
+  log_format  main  '$remote_addr - $remote_user [$time_local] $request '
+                    '"$status" $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+  # main access log
+  access_log  /var/log/nginx_access.log main;
+
+  # main error log
+  error_log  /var/log/nginx_error.log debug;
+
+  # no sendfile on OSX
+  sendfile        on;
+
+  #keepalive_timeout  0;
+  keepalive_timeout  65;
+
+  # These are good default values.
+  tcp_nopush        on;
+  tcp_nodelay       off;
+  # output compression saves bandwidth 
+  gzip            on;
+  gzip_http_version 1.0;
+  gzip_comp_level 2;
+  gzip_proxied any;
+  gzip_buffers 16 8k;
+  gzip_types      text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+  
+  # GZip fails on pre SP2 IE6 browsers (even though is says it can)
+  # Thanks, http://robsanheim.com/2008/02/07/beware-the-default-nginx-config-old-ie6-hates-gzip/
+  # TODO: This doesn't work with our version of nginx
+  #gzip_disable "MSIE [1-6]\.";
+  
+  # Auto include
+  include /etc/nginx/vhosts/*.conf;
+  
+  # HTTPS server
+  #
+  #server {
+  #    listen       443;
+  #    server_name  localhost;
+
+  #    ssl                  on;
+  #    ssl_certificate      cert.pem;
+  #    ssl_certificate_key  cert.key;
+
+  #    ssl_session_timeout  5m;
+
+  #    ssl_protocols  SSLv2 SSLv3 TLSv1;
+  #    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
+  #    ssl_prefer_server_ciphers   on;
+
+  #    location / {
+  #        root   html;
+  #        index  index.html index.htm;
+  #    }
+  #}
+
+}