daddy 0.5.14 → 0.5.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/itamae/cookbooks/letsencrypt/install.rb +25 -0
- data/itamae/cookbooks/nginx/config.rb +20 -0
- data/itamae/cookbooks/nginx/install.rb +4 -2
- data/itamae/cookbooks/nginx/templates/app.conf.erb +53 -0
- data/itamae/cookbooks/unicorn/install.rb +45 -0
- data/{lib/tasks/unicorn/unicorn.erb → itamae/cookbooks/unicorn/templates/init.d/app.erb} +5 -5
- data/itamae/cookbooks/unicorn/templates/systemd/app.service.erb +15 -0
- data/itamae/cookbooks/unicorn/templates/unicorn.rb.erb +29 -0
- data/itamae/cookbooks/vsftpd/install.rb +25 -0
- data/itamae/templates/etc/nginx/nginx.conf.erb +49 -0
- data/itamae/templates/etc/vsftpd/vsftpd.conf.erb +146 -0
- data/lib/daddy/itamae/env/dad_env.rb +3 -2
- data/lib/daddy/itamae/env/os_version.rb +1 -1
- data/lib/daddy/version.rb +1 -1
- data/lib/tasks/docker.rake +1 -1
- data/lib/tasks/letsencrypt.rake +12 -0
- data/lib/tasks/locale/en.yml +8 -0
- data/lib/tasks/locale/ja.yml +9 -1
- data/lib/tasks/nginx.rake +5 -9
- data/lib/tasks/task_helper.rb +5 -5
- data/lib/tasks/unicorn.rake +7 -26
- data/lib/tasks/vsftpd.rake +12 -0
- metadata +15 -6
- data/lib/tasks/nginx/app.conf.erb +0 -28
- data/lib/tasks/unicorn/unicorn.rb.erb +0 -32
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fa92f5f719307e60e8adb76b87708c25cb6435fb
|
4
|
+
data.tar.gz: 39601454cf8dc69ec9e4d519b7825d0b832f2325
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6158483a49f6905ee88e2f2d976006efeb263319521a80428a18999e2231c5c55ea5e83ffc287d5fa7a96db1adb7fc1157ab62436754232a1454b5873fd3e3af
|
7
|
+
data.tar.gz: b87e96de03475a5f0d3b88100ba43a9f0c522d55e0d317d0f39b3307c0fbf74a0ecb60ed0f44527f00f19dad05b1036e335997d28f9ddd3ebb19fdcd2a576e76
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'daddy/itamae'
|
2
|
+
|
3
|
+
%w{ git }.each do |name|
|
4
|
+
package name do
|
5
|
+
user 'root'
|
6
|
+
end
|
7
|
+
end
|
8
|
+
|
9
|
+
directory '/opt/letsencrypt' do
|
10
|
+
user 'root'
|
11
|
+
owner ENV['USER']
|
12
|
+
group ENV['USER']
|
13
|
+
mode '755'
|
14
|
+
end
|
15
|
+
|
16
|
+
directory '/opt/letsencrypt/certbot' do
|
17
|
+
user 'root'
|
18
|
+
owner ENV['USER']
|
19
|
+
group ENV['USER']
|
20
|
+
mode '755'
|
21
|
+
end
|
22
|
+
|
23
|
+
git '/opt/letsencrypt/certbot' do
|
24
|
+
repository 'https://github.com/certbot/certbot'
|
25
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'daddy/itamae'
|
2
|
+
|
3
|
+
directory '/etc/nginx/conf.d/servers' do
|
4
|
+
user 'root'
|
5
|
+
owner 'root'
|
6
|
+
group 'root'
|
7
|
+
mode '755'
|
8
|
+
end
|
9
|
+
|
10
|
+
template "/etc/nginx/conf.d/servers/#{ENV['APP_NAME']}.conf" do
|
11
|
+
source 'templates/app.conf.erb'
|
12
|
+
user 'root'
|
13
|
+
owner 'root'
|
14
|
+
group 'root'
|
15
|
+
mode '644'
|
16
|
+
variables :app_name => ENV['APP_NAME'],
|
17
|
+
:server_name => ENV['SERVER_NAME'],
|
18
|
+
:rails_env => ENV['RAILS_ENV'],
|
19
|
+
:rails_root => ENV['RAILS_ROOT']
|
20
|
+
end
|
@@ -11,9 +11,11 @@ package 'nginx' do
|
|
11
11
|
user 'root'
|
12
12
|
end
|
13
13
|
|
14
|
-
|
14
|
+
template '/etc/nginx/nginx.conf' do
|
15
15
|
user 'root'
|
16
|
-
|
16
|
+
owner 'root'
|
17
|
+
group 'root'
|
18
|
+
mode '644'
|
17
19
|
end
|
18
20
|
|
19
21
|
template '/etc/nginx/conf.d/default.conf' do
|
@@ -0,0 +1,53 @@
|
|
1
|
+
<%-
|
2
|
+
@ssl = system("sudo test -e /etc/letsencrypt/live/#{@server_name}/fullchain.pem") &&
|
3
|
+
system("sudo test -e /etc/letsencrypt/live/#{@server_name}/privkey.pem")
|
4
|
+
-%>
|
5
|
+
upstream <%= @app_name %> {
|
6
|
+
server unix:<%= @rails_root %>/tmp/sockets/unicorn.sock fail_timeout=0;
|
7
|
+
}
|
8
|
+
|
9
|
+
server {
|
10
|
+
listen 80;
|
11
|
+
<%- if @ssl -%>
|
12
|
+
listen 443 ssl;
|
13
|
+
<%- end -%>
|
14
|
+
server_name <%= @server_name %>;
|
15
|
+
access_log /var/log/nginx/<%= @app_name %>_access.log ltsv;
|
16
|
+
|
17
|
+
<%- if @ssl -%>
|
18
|
+
ssl_certificate /etc/letsencrypt/live/<%= @server_name %>/fullchain.pem;
|
19
|
+
ssl_certificate_key /etc/letsencrypt/live/<%= @server_name %>/privkey.pem;
|
20
|
+
<%- end -%>
|
21
|
+
|
22
|
+
root <%= @rails_root %>/public;
|
23
|
+
try_files $uri/index.html $uri @app;
|
24
|
+
|
25
|
+
gzip on;
|
26
|
+
gzip_http_version 1.0;
|
27
|
+
gzip_proxied any;
|
28
|
+
gzip_min_length 500;
|
29
|
+
gzip_disable "MSIE [1-6]\.";
|
30
|
+
gzip_types text/plain text/xml text/css
|
31
|
+
text/comma-separated-values
|
32
|
+
text/javascript application/x-javascript
|
33
|
+
application/atom+xml;
|
34
|
+
|
35
|
+
location @app {
|
36
|
+
proxy_pass http://<%= @app_name %>;
|
37
|
+
proxy_set_header Host $http_host;
|
38
|
+
proxy_set_header X-Real-IP $remote_addr;
|
39
|
+
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
40
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
41
|
+
}
|
42
|
+
|
43
|
+
<%- if @rails_env == 'production' -%>
|
44
|
+
location ~ ^/(assets)/ {
|
45
|
+
gzip_vary on;
|
46
|
+
gzip_static always;
|
47
|
+
gunzip on;
|
48
|
+
expires 1y;
|
49
|
+
add_header Cache-Control public;
|
50
|
+
add_header ETag "";
|
51
|
+
}
|
52
|
+
<%- end -%>
|
53
|
+
}
|
@@ -0,0 +1,45 @@
|
|
1
|
+
require 'daddy/itamae'
|
2
|
+
|
3
|
+
template 'config/unicorn.rb' do
|
4
|
+
variables :rails_root => ENV['RAILS_ROOT'],
|
5
|
+
:worker_processes => ENV['RAILS_ROOT'] == 'production' ? 2 : 1,
|
6
|
+
:timeout => 300
|
7
|
+
end
|
8
|
+
|
9
|
+
case os_version
|
10
|
+
when /rhel-6\.(.*?)/
|
11
|
+
template "/etc/init.d/#{ENV['APP_NAME']}" do
|
12
|
+
source File.join(File.dirname(__FILE__), 'templates/init.d/app.erb')
|
13
|
+
user 'root'
|
14
|
+
owner 'root'
|
15
|
+
group 'root'
|
16
|
+
mode '755'
|
17
|
+
variables :app_name => ENV['APP_NAME'],
|
18
|
+
:rails_env => ENV['RAILS_ENV'],
|
19
|
+
:rails_root => ENV['RAILS_ROOT']
|
20
|
+
end
|
21
|
+
when /rhel-7\.(.*?)/
|
22
|
+
template "/etc/systemd/system/#{ENV['APP_NAME']}.service" do
|
23
|
+
source File.join(File.dirname(__FILE__), 'templates/systemd/app.service.erb')
|
24
|
+
user 'root'
|
25
|
+
owner 'root'
|
26
|
+
group 'root'
|
27
|
+
mode '644'
|
28
|
+
variables :app_name => ENV['APP_NAME'],
|
29
|
+
:rails_env => ENV['RAILS_ENV'],
|
30
|
+
:rails_root => ENV['RAILS_ROOT'],
|
31
|
+
:user => ENV['USER'],
|
32
|
+
:timeout => 305
|
33
|
+
end
|
34
|
+
|
35
|
+
execute 'systemctl daemon-reload' do
|
36
|
+
user 'root'
|
37
|
+
subscribes :run, "template[/etc/systemd/system/#{ENV['APP_NAME']}.service]"
|
38
|
+
action :nothing
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
service "#{ENV['APP_NAME']}" do
|
43
|
+
user 'root'
|
44
|
+
action :enable
|
45
|
+
end
|
@@ -1,13 +1,13 @@
|
|
1
1
|
#!/bin/sh
|
2
2
|
#
|
3
3
|
# chkconfig: - 85 15
|
4
|
-
# description: <%= app_name %>
|
4
|
+
# description: <%= @app_name %>
|
5
5
|
|
6
6
|
. /etc/rc.d/init.d/functions
|
7
7
|
|
8
8
|
RAILS_USER=<%= ENV['USER'] %>
|
9
|
-
RAILS_ENV=<%= rails_env %>
|
10
|
-
RAILS_ROOT=<%= rails_root %>
|
9
|
+
RAILS_ENV=<%= @rails_env %>
|
10
|
+
RAILS_ROOT=<%= @rails_root %>
|
11
11
|
|
12
12
|
PID=${RAILS_ROOT}/tmp/pids/unicorn.pid
|
13
13
|
CONFIG=${RAILS_ROOT}/config/unicorn.rb
|
@@ -15,13 +15,13 @@ CONFIG=${RAILS_ROOT}/config/unicorn.rb
|
|
15
15
|
export PATH="${PATH}":/usr/local/bin
|
16
16
|
|
17
17
|
start() {
|
18
|
-
echo -n 'Starting <%= app_name %>: '
|
18
|
+
echo -n 'Starting <%= @app_name %>: '
|
19
19
|
daemon --user=${RAILS_USER} --pidfile=$PID bundle exec unicorn_rails -c ${CONFIG} -E ${RAILS_ENV} -D
|
20
20
|
echo
|
21
21
|
}
|
22
22
|
|
23
23
|
stop() {
|
24
|
-
echo -n 'Stopping <%= app_name %>: '
|
24
|
+
echo -n 'Stopping <%= @app_name %>: '
|
25
25
|
killproc -p ${PID} -QUIT
|
26
26
|
echo
|
27
27
|
}
|
@@ -0,0 +1,15 @@
|
|
1
|
+
[Unit]
|
2
|
+
Description = unicorn server for <%= @app_name %>
|
3
|
+
Wants = mariadb.service
|
4
|
+
After = mariadb.service
|
5
|
+
|
6
|
+
[Service]
|
7
|
+
User = <%= @user %>
|
8
|
+
WorkingDirectory = <%= @rails_root %>
|
9
|
+
SyslogIdentifier = <%= @app_name %>
|
10
|
+
PIDFile = <%= @rails_root %>/tmp/pids/unicorn.pid
|
11
|
+
ExecStart = /usr/local/bin/bundle exec unicorn_rails -c <%= @rails_root %>/config/unicorn.rb -E <%= @rails_env %> -D
|
12
|
+
ExecStop = <%= `which kill`.strip %> -s QUIT $MAINPID
|
13
|
+
|
14
|
+
[Install]
|
15
|
+
WantedBy = multi-user.target
|
@@ -0,0 +1,29 @@
|
|
1
|
+
rails_root = "#{File.expand_path(File.dirname(File.dirname(__FILE__)))}"
|
2
|
+
|
3
|
+
worker_processes <%= @worker_processes %>
|
4
|
+
working_directory rails_root
|
5
|
+
|
6
|
+
listen "#{rails_root}/tmp/sockets/unicorn.sock"
|
7
|
+
timeout <%= @timeout %>
|
8
|
+
|
9
|
+
stdout_path 'log/unicorn.log'
|
10
|
+
stderr_path 'log/unicorn.log'
|
11
|
+
|
12
|
+
preload_app true
|
13
|
+
|
14
|
+
before_fork do |server, worker|
|
15
|
+
defined?(ActiveRecord::Base) and ActiveRecord::Base.connection.disconnect!
|
16
|
+
|
17
|
+
old_pid = "#{server.config[:pid]}.oldbin"
|
18
|
+
if old_pid != server.pid
|
19
|
+
begin
|
20
|
+
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
|
21
|
+
Process.kill(sig, File.read(old_pid).to_i)
|
22
|
+
rescue Errno::ENOENT, Errno::ESRCH
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
after_fork do |server, worker|
|
28
|
+
defined?(ActiveRecord::Base) and ActiveRecord::Base.establish_connection
|
29
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'daddy/itamae'
|
2
|
+
|
3
|
+
%w{ mod_ssl vsftpd }.each do |name|
|
4
|
+
package name do
|
5
|
+
user 'root'
|
6
|
+
end
|
7
|
+
end
|
8
|
+
|
9
|
+
template '/etc/vsftpd/vsftpd.conf' do
|
10
|
+
user 'root'
|
11
|
+
owner 'root'
|
12
|
+
group 'root'
|
13
|
+
mode '600'
|
14
|
+
end
|
15
|
+
|
16
|
+
service 'vsftpd' do
|
17
|
+
user 'root'
|
18
|
+
action [:enable, :start]
|
19
|
+
end
|
20
|
+
|
21
|
+
service 'vsftpd' do
|
22
|
+
user 'root'
|
23
|
+
subscribes :restart, "template[/etc/vsftpd/vsftpd.conf]"
|
24
|
+
action :nothing
|
25
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
user nginx;
|
2
|
+
worker_processes 1;
|
3
|
+
|
4
|
+
error_log /var/log/nginx/error.log warn;
|
5
|
+
pid /var/run/nginx.pid;
|
6
|
+
|
7
|
+
|
8
|
+
events {
|
9
|
+
worker_connections 1024;
|
10
|
+
}
|
11
|
+
|
12
|
+
|
13
|
+
http {
|
14
|
+
include /etc/nginx/mime.types;
|
15
|
+
default_type application/octet-stream;
|
16
|
+
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
17
|
+
|
18
|
+
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
19
|
+
'$status $body_bytes_sent "$http_referer" '
|
20
|
+
'"$http_user_agent" "$http_x_forwarded_for"';
|
21
|
+
|
22
|
+
log_format ltsv 'time:$time_local\t'
|
23
|
+
'msec:$msec\t'
|
24
|
+
'host:$remote_addr\t'
|
25
|
+
'forwardedfor:$http_x_forwarded_for\t'
|
26
|
+
'req:$request\t'
|
27
|
+
'method:$request_method\t'
|
28
|
+
'uri:$request_uri\t'
|
29
|
+
'status:$status\t'
|
30
|
+
'size:$body_bytes_sent\t'
|
31
|
+
'referer:$http_referer\t'
|
32
|
+
'ua:$http_user_agent\t'
|
33
|
+
'reqtime:$request_time\t'
|
34
|
+
'upsttime:$upstream_response_time\t'
|
35
|
+
'cache:$upstream_http_x_cache\t'
|
36
|
+
'runtime:$upstream_http_x_runtime\t'
|
37
|
+
'vhost:$host';
|
38
|
+
|
39
|
+
access_log /var/log/nginx/access.log main;
|
40
|
+
|
41
|
+
sendfile on;
|
42
|
+
#tcp_nopush on;
|
43
|
+
|
44
|
+
keepalive_timeout 65;
|
45
|
+
|
46
|
+
#gzip on;
|
47
|
+
|
48
|
+
include /etc/nginx/conf.d/*.conf;
|
49
|
+
}
|
@@ -0,0 +1,146 @@
|
|
1
|
+
# Example config file /etc/vsftpd/vsftpd.conf
|
2
|
+
#
|
3
|
+
# The default compiled in settings are fairly paranoid. This sample file
|
4
|
+
# loosens things up a bit, to make the ftp daemon more usable.
|
5
|
+
# Please see vsftpd.conf.5 for all compiled in defaults.
|
6
|
+
#
|
7
|
+
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
|
8
|
+
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
|
9
|
+
# capabilities.
|
10
|
+
#
|
11
|
+
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
|
12
|
+
anonymous_enable=NO
|
13
|
+
#
|
14
|
+
# Uncomment this to allow local users to log in.
|
15
|
+
# When SELinux is enforcing check for SE bool ftp_home_dir
|
16
|
+
local_enable=YES
|
17
|
+
#
|
18
|
+
# Uncomment this to enable any form of FTP write command.
|
19
|
+
write_enable=YES
|
20
|
+
#
|
21
|
+
# Default umask for local users is 077. You may wish to change this to 022,
|
22
|
+
# if your users expect that (022 is used by most other ftpd's)
|
23
|
+
local_umask=022
|
24
|
+
#
|
25
|
+
# Uncomment this to allow the anonymous FTP user to upload files. This only
|
26
|
+
# has an effect if the above global write enable is activated. Also, you will
|
27
|
+
# obviously need to create a directory writable by the FTP user.
|
28
|
+
# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access
|
29
|
+
#anon_upload_enable=YES
|
30
|
+
#
|
31
|
+
# Uncomment this if you want the anonymous FTP user to be able to create
|
32
|
+
# new directories.
|
33
|
+
#anon_mkdir_write_enable=YES
|
34
|
+
#
|
35
|
+
# Activate directory messages - messages given to remote users when they
|
36
|
+
# go into a certain directory.
|
37
|
+
dirmessage_enable=YES
|
38
|
+
#
|
39
|
+
# Activate logging of uploads/downloads.
|
40
|
+
xferlog_enable=YES
|
41
|
+
#
|
42
|
+
# Make sure PORT transfer connections originate from port 20 (ftp-data).
|
43
|
+
connect_from_port_20=YES
|
44
|
+
#
|
45
|
+
# If you want, you can arrange for uploaded anonymous files to be owned by
|
46
|
+
# a different user. Note! Using "root" for uploaded files is not
|
47
|
+
# recommended!
|
48
|
+
#chown_uploads=YES
|
49
|
+
#chown_username=whoever
|
50
|
+
#
|
51
|
+
# You may override where the log file goes if you like. The default is shown
|
52
|
+
# below.
|
53
|
+
#xferlog_file=/var/log/xferlog
|
54
|
+
#
|
55
|
+
# If you want, you can have your log file in standard ftpd xferlog format.
|
56
|
+
# Note that the default log file location is /var/log/xferlog in this case.
|
57
|
+
xferlog_std_format=YES
|
58
|
+
#
|
59
|
+
# You may change the default value for timing out an idle session.
|
60
|
+
#idle_session_timeout=600
|
61
|
+
#
|
62
|
+
# You may change the default value for timing out a data connection.
|
63
|
+
#data_connection_timeout=120
|
64
|
+
#
|
65
|
+
# It is recommended that you define on your system a unique user which the
|
66
|
+
# ftp server can use as a totally isolated and unprivileged user.
|
67
|
+
#nopriv_user=ftpsecure
|
68
|
+
#
|
69
|
+
# Enable this and the server will recognise asynchronous ABOR requests. Not
|
70
|
+
# recommended for security (the code is non-trivial). Not enabling it,
|
71
|
+
# however, may confuse older FTP clients.
|
72
|
+
#async_abor_enable=YES
|
73
|
+
#
|
74
|
+
# By default the server will pretend to allow ASCII mode but in fact ignore
|
75
|
+
# the request. Turn on the below options to have the server actually do ASCII
|
76
|
+
# mangling on files when in ASCII mode.
|
77
|
+
# Beware that on some FTP servers, ASCII support allows a denial of service
|
78
|
+
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
|
79
|
+
# predicted this attack and has always been safe, reporting the size of the
|
80
|
+
# raw file.
|
81
|
+
# ASCII mangling is a horrible feature of the protocol.
|
82
|
+
#ascii_upload_enable=YES
|
83
|
+
#ascii_download_enable=YES
|
84
|
+
#
|
85
|
+
# You may fully customise the login banner string:
|
86
|
+
#ftpd_banner=Welcome to blah FTP service.
|
87
|
+
#
|
88
|
+
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
|
89
|
+
# useful for combatting certain DoS attacks.
|
90
|
+
#deny_email_enable=YES
|
91
|
+
# (default follows)
|
92
|
+
#banned_email_file=/etc/vsftpd/banned_emails
|
93
|
+
#
|
94
|
+
# You may specify an explicit list of local users to chroot() to their home
|
95
|
+
# directory. If chroot_local_user is YES, then this list becomes a list of
|
96
|
+
# users to NOT chroot().
|
97
|
+
# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
|
98
|
+
# the user does not have write access to the top level directory within the
|
99
|
+
# chroot)
|
100
|
+
#chroot_local_user=YES
|
101
|
+
#chroot_list_enable=YES
|
102
|
+
# (default follows)
|
103
|
+
#chroot_list_file=/etc/vsftpd/chroot_list
|
104
|
+
#
|
105
|
+
# You may activate the "-R" option to the builtin ls. This is disabled by
|
106
|
+
# default to avoid remote users being able to cause excessive I/O on large
|
107
|
+
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
|
108
|
+
# the presence of the "-R" option, so there is a strong case for enabling it.
|
109
|
+
#ls_recurse_enable=YES
|
110
|
+
#
|
111
|
+
# When "listen" directive is enabled, vsftpd runs in standalone mode and
|
112
|
+
# listens on IPv4 sockets. This directive cannot be used in conjunction
|
113
|
+
# with the listen_ipv6 directive.
|
114
|
+
listen=NO
|
115
|
+
#
|
116
|
+
# This directive enables listening on IPv6 sockets. By default, listening
|
117
|
+
# on the IPv6 "any" address (::) will accept connections from both IPv6
|
118
|
+
# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
|
119
|
+
# sockets. If you want that (perhaps because you want to listen on specific
|
120
|
+
# addresses) then you must run two copies of vsftpd with two configuration
|
121
|
+
# files.
|
122
|
+
# Make sure, that one of the listen options is commented !!
|
123
|
+
listen_ipv6=YES
|
124
|
+
|
125
|
+
pam_service_name=vsftpd
|
126
|
+
userlist_enable=YES
|
127
|
+
tcp_wrappers=NO
|
128
|
+
|
129
|
+
ssl_enable=YES
|
130
|
+
listen_port=990
|
131
|
+
rsa_cert_file=/etc/pki/tls/certs/localhost.crt
|
132
|
+
rsa_private_key_file=/etc/pki/tls/private/localhost.key
|
133
|
+
ssl_tlsv1=YES
|
134
|
+
ssl_sslv2=NO
|
135
|
+
ssl_sslv3=NO
|
136
|
+
ssl_ciphers=HIGH
|
137
|
+
allow_anon_ssl=NO
|
138
|
+
force_local_data_ssl=YES
|
139
|
+
force_local_logins_ssl=YES
|
140
|
+
require_ssl_reuse=NO
|
141
|
+
|
142
|
+
pasv_enable=YES
|
143
|
+
pasv_promiscuous=YES
|
144
|
+
implicit_ssl=YES
|
145
|
+
pasv_min_port=50990
|
146
|
+
pasv_max_port=50999
|
data/lib/daddy/version.rb
CHANGED
data/lib/tasks/docker.rake
CHANGED
data/lib/tasks/locale/en.yml
CHANGED
@@ -1,9 +1,17 @@
|
|
1
1
|
en:
|
2
|
+
docker:
|
3
|
+
install: install Docker
|
2
4
|
god:
|
3
5
|
install: install God
|
4
6
|
jenkins:
|
5
7
|
install: install Jenkins
|
6
8
|
plugins:
|
7
9
|
install: install Jenkins plugins
|
10
|
+
letsencrypt:
|
11
|
+
install: install Let's Eencrypt certbot
|
8
12
|
nginx:
|
9
13
|
install: install Nginx
|
14
|
+
unicorn:
|
15
|
+
install: install application as unicorn service
|
16
|
+
vsftpd:
|
17
|
+
install: install vsftpd
|
data/lib/tasks/locale/ja.yml
CHANGED
@@ -1,9 +1,17 @@
|
|
1
1
|
ja:
|
2
|
+
docker:
|
3
|
+
install: Docker をインストールします
|
2
4
|
god:
|
3
5
|
install: God をインストールします
|
4
6
|
jenkins:
|
5
7
|
install: Jenkinsをインストールします
|
6
8
|
plugins:
|
7
9
|
install: Jenkinsプラグインをインストールします
|
10
|
+
letsencrypt:
|
11
|
+
install: Let's Eencrypt の certbot をインストールします
|
8
12
|
nginx:
|
9
|
-
install: Nginx
|
13
|
+
install: Nginxをインストールします
|
14
|
+
unicorn:
|
15
|
+
install: アプリをUnicornサービスとしてインストールします
|
16
|
+
vsftpd:
|
17
|
+
install: vsftpd をインストールします
|
data/lib/tasks/nginx.rake
CHANGED
@@ -10,15 +10,11 @@ namespace :dad do
|
|
10
10
|
|
11
11
|
desc 'Nginxにアプリの設定ファイルをインストールします。'
|
12
12
|
task :config do
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
unless dry_run?
|
19
|
-
run "sudo mkdir -p /etc/nginx/conf.d/servers",
|
20
|
-
"sudo cp -f #{app_conf.path} /etc/nginx/conf.d/servers/"
|
21
|
-
end
|
13
|
+
ENV['APP_NAME'] ||= app_name
|
14
|
+
ENV['SERVER_NAME'] ||= ask('SERVER_NAME', :default => 'localhost', :required => true)
|
15
|
+
ENV['RAILS_ENV'] ||= rails_env(:default => 'development')
|
16
|
+
ENV['RAILS_ROOT'] ||= rails_root
|
17
|
+
run_itamae 'nginx/config'
|
22
18
|
end
|
23
19
|
|
24
20
|
end
|
data/lib/tasks/task_helper.rb
CHANGED
@@ -12,7 +12,7 @@ def self.daddy_version
|
|
12
12
|
end
|
13
13
|
|
14
14
|
def self.rails_root
|
15
|
-
ENV['RAILS_ROOT'] || @_rails_root ||= ask('RAILS_ROOT', :default =>
|
15
|
+
ENV['RAILS_ROOT'] || @_rails_root ||= ask('RAILS_ROOT', :default => Dir.pwd)
|
16
16
|
end
|
17
17
|
|
18
18
|
def self.rails_env(options = {})
|
@@ -20,7 +20,7 @@ def self.rails_env(options = {})
|
|
20
20
|
end
|
21
21
|
|
22
22
|
def self.app_name
|
23
|
-
|
23
|
+
ENV['APP_NAME'] || @_app_name ||= ask('APP_NAME', :default => File.basename(Dir.pwd))
|
24
24
|
end
|
25
25
|
|
26
26
|
def self.template_dir
|
@@ -72,18 +72,18 @@ def self.ask(prompt, options = {})
|
|
72
72
|
end
|
73
73
|
|
74
74
|
answer = STDIN.gets.strip
|
75
|
-
answer = options[:default] if answer.
|
75
|
+
answer = options[:default] if answer.empty?
|
76
76
|
|
77
77
|
if options[:password]
|
78
78
|
system("stty echo")
|
79
79
|
puts
|
80
80
|
end
|
81
81
|
|
82
|
-
if options[:required] and answer.
|
82
|
+
if options[:required] and answer.empty?
|
83
83
|
raise "必須です。処理を中止します。"
|
84
84
|
end
|
85
85
|
|
86
|
-
answer.
|
86
|
+
answer.empty? ? nil : answer
|
87
87
|
end
|
88
88
|
|
89
89
|
def self.quiet?
|
data/lib/tasks/unicorn.rake
CHANGED
@@ -3,32 +3,13 @@ require_relative 'task_helper'
|
|
3
3
|
namespace :dad do
|
4
4
|
namespace :unicorn do
|
5
5
|
|
6
|
-
desc '
|
7
|
-
task :
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
if dry_run?
|
15
|
-
puts "----------------------------------------"
|
16
|
-
puts config
|
17
|
-
puts "----------------------------------------"
|
18
|
-
puts File.read(config)
|
19
|
-
puts "----------------------------------------"
|
20
|
-
puts init_script
|
21
|
-
puts "----------------------------------------"
|
22
|
-
puts File.read(init_script)
|
23
|
-
puts "----------------------------------------"
|
24
|
-
else
|
25
|
-
run "cp -f #{config.path} config/",
|
26
|
-
"sudo cp -f #{init_script.path} /etc/init.d/",
|
27
|
-
"sudo chown root:root /etc/init.d/#{File.basename(init_script.path)}",
|
28
|
-
"sudo chmod 755 /etc/init.d/#{File.basename(init_script.path)}",
|
29
|
-
"sudo /sbin/chkconfig #{File.basename(init_script.path)} on"
|
30
|
-
end
|
31
|
-
end
|
6
|
+
desc I18n.t('unicorn.install')
|
7
|
+
task :install do
|
8
|
+
ENV['APP_NAME'] ||= app_name
|
9
|
+
ENV['RAILS_ENV'] ||= rails_env(:default => 'development')
|
10
|
+
ENV['RAILS_ROOT'] ||= rails_root
|
11
|
+
run_itamae 'unicorn/install'
|
12
|
+
end
|
32
13
|
|
33
14
|
end
|
34
15
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: daddy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.15
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- ichy
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-11-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: capybara
|
@@ -253,12 +253,20 @@ files:
|
|
253
253
|
- itamae/cookbooks/god/install.rb
|
254
254
|
- itamae/cookbooks/jenkins/install.rb
|
255
255
|
- itamae/cookbooks/jenkins/plugins/install.rb
|
256
|
+
- itamae/cookbooks/letsencrypt/install.rb
|
256
257
|
- itamae/cookbooks/mysql/install.rb
|
257
258
|
- itamae/cookbooks/mysql/mysql_secure_installation.sh
|
258
259
|
- itamae/cookbooks/netdata/install.rb
|
259
260
|
- itamae/cookbooks/netdata/netdata-installer.sh
|
261
|
+
- itamae/cookbooks/nginx/config.rb
|
260
262
|
- itamae/cookbooks/nginx/install.rb
|
263
|
+
- itamae/cookbooks/nginx/templates/app.conf.erb
|
261
264
|
- itamae/cookbooks/phantomjs/install.rb
|
265
|
+
- itamae/cookbooks/unicorn/install.rb
|
266
|
+
- itamae/cookbooks/unicorn/templates/init.d/app.erb
|
267
|
+
- itamae/cookbooks/unicorn/templates/systemd/app.service.erb
|
268
|
+
- itamae/cookbooks/unicorn/templates/unicorn.rb.erb
|
269
|
+
- itamae/cookbooks/vsftpd/install.rb
|
262
270
|
- itamae/locale/en.yml
|
263
271
|
- itamae/locale/ja.yml
|
264
272
|
- itamae/templates/etc/god/master.conf.erb
|
@@ -267,7 +275,9 @@ files:
|
|
267
275
|
- itamae/templates/etc/my.cnf.d/daddy.cnf.erb
|
268
276
|
- itamae/templates/etc/my.cnf.erb
|
269
277
|
- itamae/templates/etc/nginx/conf.d/default.conf.erb
|
278
|
+
- itamae/templates/etc/nginx/nginx.conf.erb
|
270
279
|
- itamae/templates/etc/sysconfig/jenkins.erb
|
280
|
+
- itamae/templates/etc/vsftpd/vsftpd.conf.erb
|
271
281
|
- itamae/templates/etc/yum.repos.d/docker.repo.erb
|
272
282
|
- itamae/templates/etc/yum.repos.d/nginx.repo.erb
|
273
283
|
- lib/active_support/cache/null_store.rb
|
@@ -343,12 +353,12 @@ files:
|
|
343
353
|
- lib/tasks/kibana/configure.sh
|
344
354
|
- lib/tasks/kibana/install.sh
|
345
355
|
- lib/tasks/kibana/nginx.conf.erb
|
356
|
+
- lib/tasks/letsencrypt.rake
|
346
357
|
- lib/tasks/locale/en.yml
|
347
358
|
- lib/tasks/locale/ja.yml
|
348
359
|
- lib/tasks/mysql.rake
|
349
360
|
- lib/tasks/netdata.rake
|
350
361
|
- lib/tasks/nginx.rake
|
351
|
-
- lib/tasks/nginx/app.conf.erb
|
352
362
|
- lib/tasks/phantomjs.rake
|
353
363
|
- lib/tasks/publish.rake
|
354
364
|
- lib/tasks/redis.rake
|
@@ -359,8 +369,7 @@ files:
|
|
359
369
|
- lib/tasks/tesseract.rake
|
360
370
|
- lib/tasks/test.rake
|
361
371
|
- lib/tasks/unicorn.rake
|
362
|
-
- lib/tasks/
|
363
|
-
- lib/tasks/unicorn/unicorn.rb.erb
|
372
|
+
- lib/tasks/vsftpd.rake
|
364
373
|
- ssl/cert.pem
|
365
374
|
- templates/Gemfile.erb
|
366
375
|
- templates/app/controllers/controller.rb.erb
|
@@ -384,7 +393,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
384
393
|
requirements:
|
385
394
|
- - "~>"
|
386
395
|
- !ruby/object:Gem::Version
|
387
|
-
version: '2.
|
396
|
+
version: '2.1'
|
388
397
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
389
398
|
requirements:
|
390
399
|
- - ">="
|
@@ -1,28 +0,0 @@
|
|
1
|
-
upstream <%= app_name %> {
|
2
|
-
server unix:/tmp/<%= app_name %>.sock;
|
3
|
-
}
|
4
|
-
|
5
|
-
server {
|
6
|
-
listen 80;
|
7
|
-
server_name <%= @server_name %>;
|
8
|
-
|
9
|
-
root <%= rails_root %>/public;
|
10
|
-
try_files $uri/index.html $uri @app;
|
11
|
-
|
12
|
-
location @app {
|
13
|
-
proxy_pass http://<%= app_name %>;
|
14
|
-
proxy_set_header Host $http_host;
|
15
|
-
proxy_set_header X-Real-IP $remote_addr;
|
16
|
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
17
|
-
}
|
18
|
-
|
19
|
-
<% if @rails_env == 'production' -%>
|
20
|
-
location ~ ^/(assets)/ {
|
21
|
-
gzip_vary on;
|
22
|
-
gzip_static on;
|
23
|
-
expires 1y;
|
24
|
-
add_header Cache-Control public;
|
25
|
-
add_header ETag "";
|
26
|
-
}
|
27
|
-
<% end -%>
|
28
|
-
}
|
@@ -1,32 +0,0 @@
|
|
1
|
-
require 'yaml'
|
2
|
-
|
3
|
-
rails_root = "#{File.dirname(File.expand_path(__FILE__))}/.."
|
4
|
-
rails_env = ENV['RAILS_ENV'] || 'development'
|
5
|
-
|
6
|
-
worker_processes 2
|
7
|
-
working_directory rails_root
|
8
|
-
|
9
|
-
app_name = YAML.load_file("#{File.dirname(__FILE__)}/database.yml")[rails_env]['database']
|
10
|
-
listen "/tmp/#{app_name}.sock"
|
11
|
-
timeout 300
|
12
|
-
|
13
|
-
stdout_path rails_root + '/log/unicorn.log'
|
14
|
-
stderr_path rails_root + '/log/unicorn.log'
|
15
|
-
|
16
|
-
preload_app true
|
17
|
-
|
18
|
-
before_fork do |server, worker|
|
19
|
-
ActiveRecord::Base.connection.disconnect!
|
20
|
-
old_pid = "#{server.config[:pid]}.oldbin"
|
21
|
-
if old_pid != server.pid
|
22
|
-
begin
|
23
|
-
sig = (worker.nr + 1) >= server.worker_processes ? :QUIT : :TTOU
|
24
|
-
Process.kill(sig, File.read(old_pid).to_i)
|
25
|
-
rescue Errno::ENOENT, Errno::ESRCH
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
after_fork do |server, worker|
|
31
|
-
ActiveRecord::Base.establish_connection
|
32
|
-
end
|