daddy 0.5.20 → 0.5.21

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 445dd5a5d4fda8391b21cd6897679a59f1fd9e23
-  data.tar.gz: c51526e5e37adfc961d6b913932b6b5103515a0c
+  metadata.gz: e3e37f408daf36b49fe3f3ec991af423d79263c3
+  data.tar.gz: 818f4b4e2dd45c072fd7147e22178986bb5de9ea
 SHA512:
-  metadata.gz: '0669a19fd38c75ae0e60f31f479ff4d5ebcb0c4b647fe96662a7c0bebda2dd966731f7b3b945c73553aa884573af8452af58d94426ea7a2eeb1a47042b08a8c5'
-  data.tar.gz: bd56b2dee5328661252d4392c1a73009da2a346a0aa8b287892644f5b027b19abf38c6a27c0e51e7a3e72bfdcad5993685893b2cc3d6af43da2d51a65f0c3da4
+  metadata.gz: 91810e27737dd3d6be68afa4184626a462944ca3411afee94e21b22e7a299f191bf542fa4abcad3d17f892b779205825b0fc7999c78a16029cecbd34a845de21
+  data.tar.gz: 60b195876dd319239b05c0e51d7d748cc4fd65fb018996292d1f60dc54c20d78fed0f106ff2746b6a8063746643ff48e6d2baf5c47b30f7beee8411a5d4ac773

data/itamae/cookbooks/epel/install.rb

@@ -0,0 +1,15 @@
+require 'daddy/itamae'
+
+%w{ epel-release yum-utils }.each do |name|
+  package name do
+    user 'root'
+  end
+end
+
+execute 'yum-config-manager --enable epel' do
+  user 'root'
+end
+
+execute 'yum clean all && yum update -y' do
+  user 'root'
+end

data/itamae/cookbooks/letsencrypt/install.rb

@@ -13,13 +13,6 @@ directory '/opt/letsencrypt' do
   mode '755'
 end
 
-directory '/opt/letsencrypt/certbot' do
-  user 'root'
-  owner ENV['USER']
-  group ENV['USER']
-  mode '755'
-end
-
 git '/opt/letsencrypt/certbot' do
   repository 'https://github.com/certbot/certbot'
 end

data/itamae/cookbooks/nginx/config.rb

@@ -7,8 +7,8 @@ directory '/etc/nginx/conf.d/servers' do
   mode '755'
 end
 
-template "/etc/nginx/conf.d/servers/#{ENV['APP_NAME']}.conf" do
-  source 'templates/app.conf.erb'
+template "/etc/nginx/conf.d/servers/#{ENV['SERVER_NAME']}.conf" do
+  source 'templates/passenger.conf.erb'
   user 'root'
   owner 'root'
   group 'root'
@@ -19,3 +19,12 @@ template "/etc/nginx/conf.d/servers/#{ENV['APP_NAME']}.conf" do
       :rails_root => ENV['RAILS_ROOT'],
       :behind_load_balancer => false
 end
+
+if ENV['RAILS_ROOT'].start_with?("/home/#{ENV['USER']}/")
+  directory "/home/#{ENV['USER']}" do
+    user 'root'
+    owner ENV['USER']
+    group ENV['USER']
+    mode '755'
+  end
+end

data/itamae/cookbooks/nginx/install.rb

@@ -1,6 +1,7 @@
 require 'daddy/itamae'
 
 dad_nginx_checksum = File.join(File.dirname(__FILE__), 'sha256sum.txt')
+dad_nginx_version = '1.12.0'
 
 directory 'tmp'
 
@@ -8,41 +9,48 @@ directory 'tmp'
 execute 'download nginx' do
   cwd 'tmp'
   command <<-EOF
-    wget https://nginx.org/download/nginx-1.11.10.tar.gz
+    wget https://nginx.org/download/nginx-#{dad_nginx_version}.tar.gz
   EOF
   not_if "sha256sum -c #{dad_nginx_checksum}"
 end
 
-# nginx-rtmp-module source
-directory '/opt/nginx-rtmp-module' do
-  user 'root'
-  owner ENV['USER']
-  group ENV['USER']
-  mode '755'
-end
-git '/opt/nginx-rtmp-module/v1.1.11' do
-  repository 'https://github.com/arut/nginx-rtmp-module.git'
-  revision 'v1.1.11'
-end
+# module sources
+include_recipe 'modules/nginx-rtmp-module'
+include_recipe 'modules/passenger'
 
 # build
 execute 'build nginx' do
   cwd 'tmp'
   command <<-EOF
-    rm -Rf nginx-1.11.10
-    tar zxf nginx-1.11.10.tar.gz
-    cd nginx-1.11.10
-    ./configure \
-      --prefix=/opt/nginx-1.11.10 \
+    rm -Rf nginx-#{dad_nginx_version}
+    tar zxf nginx-#{dad_nginx_version}.tar.gz
+    cd nginx-#{dad_nginx_version}
+    sudo ./configure \
+      --prefix=/opt/nginx-#{dad_nginx_version} \
       --conf-path=/etc/nginx/nginx.conf \
       --pid-path=/run/nginx.pid \
       --with-http_ssl_module \
-      --add-module=/opt/nginx-rtmp-module/v1.1.11
+      --add-dynamic-module=/opt/nginx-rtmp-module/v1.1.11 \
+      --add-dynamic-module=$(passenger-config --nginx-addon-dir)
+    sudo chown -R #{ENV['USER']}:#{ENV['USER']} ./
     make
     sudo make install
-    sudo ln -snf /opt/nginx-1.11.10 /opt/nginx
   EOF
-  not_if "test -e /opt/nginx"
+  not_if "test -e /opt/nginx-#{dad_nginx_version}"
+end
+
+link 'nginx' do
+  user 'root'
+  cwd '/opt'
+  to "nginx-#{dad_nginx_version}"
+  force true
+end
+
+template '/etc/nginx/nginx.conf' do
+  user 'root'
+  owner 'root'
+  group 'root'
+  mode '644'
 end
 
 directory '/etc/nginx/conf.d' do
@@ -52,8 +60,19 @@ directory '/etc/nginx/conf.d' do
   mode '755'
 end
 
-template '/etc/nginx/nginx.conf' do
+template '/etc/nginx/conf.d/default.conf' do
   user 'root'
+  owner 'root'
+  group 'root'
+  mode '644'
+  variables :passenger_root => `sudo passenger-config about root`
+end
+
+directory '/etc/nginx/conf.d/servers' do
+  user 'root'
+  owner 'root'
+  group 'root'
+  mode '755'
 end
 
 template '/lib/systemd/system/nginx.service' do

data/itamae/cookbooks/nginx/modules/nginx-rtmp-module.rb

@@ -0,0 +1,10 @@
+directory '/opt/nginx-rtmp-module' do
+  user 'root'
+  owner ENV['USER']
+  group ENV['USER']
+  mode '755'
+end
+git '/opt/nginx-rtmp-module/v1.1.11' do
+  repository 'https://github.com/arut/nginx-rtmp-module.git'
+  revision 'v1.1.11'
+end

data/itamae/cookbooks/nginx/modules/passenger.rb

@@ -0,0 +1,4 @@
+gem_package 'passenger' do
+  user 'root'
+  version '5.1.3'
+end

data/itamae/cookbooks/nginx/sha256sum.txt

@@ -1 +1 @@
-778b3cabb07633f754cd9dee32fc8e22582bce22bfa407be76a806abd935533d  nginx-1.11.10.tar.gz
+b4222e26fdb620a8d3c3a3a8b955e08b713672e1bc5198d1e4f462308a795b30  nginx-1.12.0.tar.gz

data/itamae/cookbooks/nginx/templates/passenger.conf.erb

@@ -0,0 +1,31 @@
+<%-
+  @ssl = system("sudo test -e /etc/letsencrypt/live/#{@server_name}/fullchain.pem") &&
+         system("sudo test -e /etc/letsencrypt/live/#{@server_name}/privkey.pem")
+-%>
+server {
+  listen 80;
+<%- if @ssl -%>
+  listen 443 ssl;
+<%- end -%>
+  server_name <%= @server_name %>;
+  access_log /opt/nginx/logs/<%= @server_name %>_access.log ltsv;
+
+<%- if @ssl -%>
+  ssl_certificate /etc/letsencrypt/live/<%= @server_name %>/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/<%= @server_name %>/privkey.pem;
+<%- end -%>
+
+  root <%= ::File.join(@rails_root, 'public') %>;
+  passenger_enabled on;
+  passenger_app_env <%= @rails_env %>;
+
+  gzip on;
+  gzip_http_version 1.0;
+  gzip_proxied any;
+  gzip_min_length 500;
+  gzip_disable "MSIE [1-6]\.";
+  gzip_types text/plain text/xml text/css
+             text/comma-separated-values
+             text/javascript application/x-javascript
+             application/atom+xml;
+}

data/itamae/templates/etc/nginx/conf.d/default.conf.erb

@@ -1,7 +1,41 @@
-server {
-  listen 80 default_server;
-  server_name _;
-  deny all;
-}
+http {
+  include       mime.types;
+  default_type  application/octet-stream;
+  ssl_protocols  TLSv1.1 TLSv1.2;
+
+  log_format  ltsv  'time:$time_local\t'
+                    'msec:$msec\t'
+                    'host:$remote_addr\t'
+                    'forwardedfor:$http_x_forwarded_for\t'
+                    'req:$request\t'
+                    'method:$request_method\t'
+                    'uri:$request_uri\t'
+                    'status:$status\t'
+                    'size:$body_bytes_sent\t'
+                    'referer:$http_referer\t'
+                    'ua:$http_user_agent\t'
+                    'reqtime:$request_time\t'
+                    'upsttime:$upstream_response_time\t'
+                    'cache:$upstream_http_x_cache\t'
+                    'runtime:$upstream_http_x_runtime\t'
+                    'vhost:$host';
+
+  access_log  /opt/nginx/logs/access.log  ltsv;
+
+  sendfile        on;
+  #tcp_nopush     on;
+
+  keepalive_timeout  65;
 
-include conf.d/servers/*.conf;
+  #gzip  on;
+
+  passenger_root <%= @passenger_root %>;
+
+  server {
+    listen 80 default_server;
+    server_name _;
+    deny all;
+  }
+
+  include /etc/nginx/conf.d/servers/*.conf;
+}

data/itamae/templates/etc/nginx/nginx.conf.erb

@@ -1,49 +1,11 @@
-user  nginx;
+user  nobody;
 worker_processes  1;
 
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
+load_module modules/ngx_http_passenger_module.so;
+load_module modules/ngx_rtmp_module.so;
 
 events {
   worker_connections  1024;
 }
 
-
-http {
-  include        /etc/nginx/mime.types;
-  default_type   application/octet-stream;
-  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
-
-  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
-                    '"$http_user_agent" "$http_x_forwarded_for"';
-
-  log_format  ltsv  'time:$time_local\t'
-                    'msec:$msec\t'
-                    'host:$remote_addr\t'
-                    'forwardedfor:$http_x_forwarded_for\t'
-                    'req:$request\t'
-                    'method:$request_method\t'
-                    'uri:$request_uri\t'
-                    'status:$status\t'
-                    'size:$body_bytes_sent\t'
-                    'referer:$http_referer\t'
-                    'ua:$http_user_agent\t'
-                    'reqtime:$request_time\t'
-                    'upsttime:$upstream_response_time\t'
-                    'cache:$upstream_http_x_cache\t'
-                    'runtime:$upstream_http_x_runtime\t'
-                    'vhost:$host';
-
-  access_log  /var/log/nginx/access.log  main;
-
-  sendfile        on;
-  #tcp_nopush     on;
-
-  keepalive_timeout  65;
-
-  #gzip  on;
-
-  include /etc/nginx/conf.d/*.conf;
-}
+include /etc/nginx/conf.d/*.conf;

data/itamae/templates/etc/sysconfig/jenkins.erb

@@ -1,5 +1,5 @@
 ## Path:        Development/Jenkins
-## Description: Jenkins Continuous Integration Server
+## Description: Jenkins Automation Server
 ## Type:        string
 ## Default:     "/var/lib/jenkins"
 ## ServiceRestart: jenkins
@@ -102,6 +102,7 @@ JENKINS_HTTPS_KEYSTORE_PASSWORD=""
 #
 JENKINS_HTTPS_LISTEN_ADDRESS=""
 
+
 ## Type:        integer(1:9)
 ## Default:     5
 ## ServiceRestart: jenkins

data/lib/daddy/version.rb

@@ -1,3 +1,3 @@
 module Daddy
-  VERSION = '0.5.20'
+  VERSION = '0.5.21'
 end

data/lib/tasks/locale/en.yml

@@ -12,6 +12,7 @@ en:
   memcached:
     install: install mecached
   nginx:
+    config: setting Passenger for app to Nginx
     install: install Nginx
   obs_studio:
     install: install OBS-Studio

data/lib/tasks/locale/ja.yml

@@ -12,6 +12,7 @@ ja:
   memcached:
     install: memcachedをインストールします
   nginx:
+    config: Nginxにアプリの設定ファイルをインストールします
     install: Nginxをインストールします
   obs_studio:
     install: OBS-Studioをインストールします

data/lib/tasks/nginx.rake

@@ -8,7 +8,7 @@ namespace :dad do
       run_itamae 'nginx/install'
     end
 
-    desc 'Nginxにアプリの設定ファイルをインストールします。'
+    desc I18n.t('nginx.config')
     task :config do
       ENV['APP_NAME'] ||= app_name
       ENV['SERVER_NAME'] ||= ask('SERVER_NAME', :default => 'localhost', :required => true)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: daddy
 version: !ruby/object:Gem::Version
-  version: 0.5.20
+  version: 0.5.21
 platform: ruby
 authors:
 - ichy
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-14 00:00:00.000000000 Z
+date: 2017-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: capybara
@@ -256,6 +256,7 @@ files:
 - itamae/cookbooks/app_base_dir.rb
 - itamae/cookbooks/docker/install.rb
 - itamae/cookbooks/docker/registry/install.rb
+- itamae/cookbooks/epel/install.rb
 - itamae/cookbooks/god/install.rb
 - itamae/cookbooks/jenkins/install.rb
 - itamae/cookbooks/jenkins/plugins/install.rb
@@ -267,10 +268,11 @@ files:
 - itamae/cookbooks/netdata/netdata-installer.sh
 - itamae/cookbooks/nginx/config.rb
 - itamae/cookbooks/nginx/install.rb
+- itamae/cookbooks/nginx/modules/nginx-rtmp-module.rb
+- itamae/cookbooks/nginx/modules/passenger.rb
 - itamae/cookbooks/nginx/sha256sum.txt
-- itamae/cookbooks/nginx/templates/app.conf.erb
-- itamae/cookbooks/nginx/templates/etc/nginx/nginx.conf.erb
-- itamae/cookbooks/nginx/templates/lib/systemd/system/nginx.service.erb
+- itamae/cookbooks/nginx/templates/passenger.conf.erb
+- itamae/cookbooks/nginx/templates/unicorn.conf.erb
 - itamae/cookbooks/obs_studio/install.rb
 - itamae/cookbooks/phantomjs/install.rb
 - itamae/cookbooks/redis/install.rb
@@ -292,6 +294,7 @@ files:
 - itamae/templates/etc/vsftpd/vsftpd.conf.erb
 - itamae/templates/etc/yum.repos.d/docker.repo.erb
 - itamae/templates/etc/yum.repos.d/nginx.repo.erb
+- itamae/templates/lib/systemd/system/nginx.service.erb
 - lib/active_support/cache/null_store.rb
 - lib/capistrano/daddy.rb
 - lib/capistrano/tasks/update_linked_files.rake

data/itamae/cookbooks/nginx/templates/etc/nginx/nginx.conf.erb

@@ -1,119 +0,0 @@
-
-#user  nobody;
-worker_processes  1;
-
-#error_log  logs/error.log;
-#error_log  logs/error.log  notice;
-#error_log  logs/error.log  info;
-
-#pid        logs/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-
-http {
-    include       mime.types;
-    default_type  application/octet-stream;
-    ssl_protocols  TLSv1.1 TLSv1.2;
-
-    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-    #                  '$status $body_bytes_sent "$http_referer" '
-    #                  '"$http_user_agent" "$http_x_forwarded_for"';
-
-    #access_log  logs/access.log  main;
-
-    sendfile        on;
-    #tcp_nopush     on;
-
-    #keepalive_timeout  0;
-    keepalive_timeout  65;
-
-    #gzip  on;
-
-    server {
-        listen       80;
-        server_name  localhost;
-
-        #charset koi8-r;
-
-        #access_log  logs/host.access.log  main;
-
-        location / {
-            root   html;
-            index  index.html index.htm;
-        }
-
-        #error_page  404              /404.html;
-
-        # redirect server error pages to the static page /50x.html
-        #
-        error_page   500 502 503 504  /50x.html;
-        location = /50x.html {
-            root   html;
-        }
-
-        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-        #
-        #location ~ \.php$ {
-        #    proxy_pass   http://127.0.0.1;
-        #}
-
-        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-        #
-        #location ~ \.php$ {
-        #    root           html;
-        #    fastcgi_pass   127.0.0.1:9000;
-        #    fastcgi_index  index.php;
-        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-        #    include        fastcgi_params;
-        #}
-
-        # deny access to .htaccess files, if Apache's document root
-        # concurs with nginx's one
-        #
-        #location ~ /\.ht {
-        #    deny  all;
-        #}
-    }
-
-
-    # another virtual host using mix of IP-, name-, and port-based configuration
-    #
-    #server {
-    #    listen       8000;
-    #    listen       somename:8080;
-    #    server_name  somename  alias  another.alias;
-
-    #    location / {
-    #        root   html;
-    #        index  index.html index.htm;
-    #    }
-    #}
-
-
-    # HTTPS server
-    #
-    #server {
-    #    listen       443 ssl;
-    #    server_name  localhost;
-
-    #    ssl_certificate      cert.pem;
-    #    ssl_certificate_key  cert.key;
-
-    #    ssl_session_cache    shared:SSL:1m;
-    #    ssl_session_timeout  5m;
-
-    #    ssl_ciphers  HIGH:!aNULL:!MD5;
-    #    ssl_prefer_server_ciphers  on;
-
-    #    location / {
-    #        root   html;
-    #        index  index.html index.htm;
-    #    }
-    #}
-
-    include conf.d/*.conf;
-}