deprec 1.9.3 → 2.0.0

data/lib/deprec/templates/monit/monit-init-script

@@ -0,0 +1,104 @@
+#!/bin/sh
+# /etc/init.d/monit start and stop monit daemon monitor process.
+# Fredrik Steen, stone@debian.org
+:
+PATH=/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/local/bin/monit
+CONFIG="/etc/monitrc"
+NAME=monit
+DESC="daemon monitor"
+
+set -e
+
+# Check if DAEMON binary exist
+test -f $DAEMON || exit 0
+
+ARGS="-c $CONFIG"
+
+monit_not_configured () {
+    echo -e "monit won't be started/stopped\n\tunless it it's configured"
+    if [ "$1" != "stop" ]
+        then
+        echo -e "\tplease configure monit and then edit /etc/default/monit"
+        echo -e "\tand set the \"startup\" variable to 1 in order to allow "
+        echo -e "\tmonit to start"
+    fi
+    exit 0
+}
+
+monit_check_config () {
+    # Check for emtpy config, probably default configfile.
+    if [ "`grep -s -v \"^#\" $CONFIG`" = "" ]; then
+        echo "empty config, please edit $CONFIG."
+        exit 0
+    fi
+}
+
+monit_check_perms () {
+    # Check the permission on configfile. 
+    # The permission must not have more than -rwx------ (0700) permissions.
+   
+    # Skip checking, fix perms instead.
+    /bin/chmod go-rwx $CONFIG
+
+}
+
+monit_delayed_monitoring () {
+    if [ -x $DELAY ]; then
+      $DELAY &
+    elif [ -f $DELAY ]; then
+      echo
+      echo "[WARNING] A delayed start file exists ($DELAY) but it is not executable."
+    fi
+}
+
+monit_check_syntax () {
+  $DAEMON -t;
+#  if [ $? ] ; then
+#      echo "syntax good"
+#  else
+#      echo "syntax bad"
+#  fi
+}
+
+
+monit_checks () {
+    # Check for emtpy configfile
+    monit_check_config
+    # Check permissions of configfile
+    monit_check_perms
+}
+
+case "$1" in
+  start)
+	echo -n "Starting $DESC: "
+    monit_checks $1
+	echo -n "$NAME"
+	start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
+		--exec $DAEMON > /dev/null 2>&1 -- $ARGS
+   monit_delayed_monitoring
+	echo "."
+	;;
+  stop)
+	echo -n "Stopping $DESC: "
+    #monit_checks $1
+	echo -n "$NAME"
+	start-stop-daemon --retry 5 --oknodo --stop --quiet --pidfile /var/run/$NAME.pid \
+		--exec $DAEMON  > /dev/null 2>&1
+	echo "."
+	;;
+  restart|force-reload)
+	$0 stop
+	$0 start
+	;;
+  syntax)
+   monit_check_syntax
+   ;;
+  *)
+	N=/etc/init.d/$NAME
+	echo "Usage: $N {start|stop|restart|force-reload|syntax}" >&2
+	exit 1
+	;;
+esac
+
+exit 0

data/lib/deprec/templates/monit/monitrc.erb

@@ -0,0 +1,227 @@
+###############################################################################
+## Monit control file
+###############################################################################
+##
+## Comments begin with a '#' and extend through the end of the line. Keywords
+## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
+##
+## Below you will find examples of some frequently used statements. For 
+## information about the control file, a complete list of statements and 
+## options please have a look in the monit manual.
+##
+##
+###############################################################################
+## Global section
+###############################################################################
+##
+## Start monit in the background (run as a daemon) and check services at 
+## 2-minute intervals.
+#
+set daemon  <%= monit_check_interval %>
+#
+#
+## Set syslog logging with the 'daemon' facility. If the FACILITY option is
+## omitted, monit will use 'user' facility by default. If you want to log to 
+## a stand alone log file instead, specify the path to a log file
+#
+set logfile <%= monit_log %>                       
+#
+#
+## Set the list of mail servers for alert delivery. Multiple servers may be 
+## specified using comma separator. By default monit uses port 25 - this
+## is possible to override with the PORT option.
+#
+<%= '# ' unless monit_mailserver %>set mailserver <%= monit_mailserver || 'localhost' %>     # primary mailserver (append a comma
+#				# to this line if you add more.)
+#                backup.bar.baz port 10025,  # backup mailserver on port 10025
+#                localhost                   # fallback relay
+#
+#
+## By default monit will drop alert events if no mail servers are available. 
+## If you want to keep the alerts for a later delivery retry, you can use the 
+## EVENTQUEUE statement. The base directory where undelivered alerts will be 
+## stored is specified by the BASEDIR option. You can limit the maximal queue
+## size using the SLOTS option (if omitted, the queue is limited by space 
+## available in the back end filesystem).
+#
+# set eventqueue
+#     basedir /var/monit  # set the base directory where events will be stored
+#     slots 100           # optionaly limit the queue size
+#
+#
+## Monit by default uses the following alert mail format:
+##
+## --8<--
+## From: monit@$HOST                         # sender
+## Subject: monit alert --  $EVENT $SERVICE  # subject
+##
+## $EVENT Service $SERVICE                   #
+##                                           #
+## 	Date:        $DATE                   #
+## 	Action:      $ACTION                 #
+## 	Host:        $HOST                   # body
+## 	Description: $DESCRIPTION            #
+##                                           #
+## Your faithful employee,                   #
+## monit                                     #
+## --8<--
+##
+## You can override this message format or parts of it, such as subject
+## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
+## are expanded at runtime. For example, to override the sender:
+#
+<%= '# ' unless monit_mailserver %>set mail-format { from: <%= monit_mail_from %> }
+#
+#
+## You can set alert recipients here whom will receive alerts if/when a 
+## service defined in this file has errors. Alerts may be restricted on 
+## events by using a filter as in the second example below. 
+#
+<% monit_alert_recipients.each do |recipient| %>
+<%= '# ' unless monit_mailserver %>set alert <%= recipient %>                       # receive all alerts
+<% end %>
+<% monit_timeout_recipients.each do |recipient| %>
+<%= '# ' unless monit_mailserver %>set alert <%= recipient %> only on { timeout }  # receive just service-
+	                                                			# timeout alert
+<% end %>
+
+#
+#
+## Monit has an embedded web server which can be used to view status of 
+## services monitored, the current configuration, actual services parameters
+## and manage services from a web interface.
+#
+<% if monit_webserver_enabled %>
+set httpd port <%= monit_webserver_port %> and
+     use address <%= monit_webserver_address %>  # listen on <%= monit_webserver_address %>
+  <% monit_webserver_allowed_hosts_and_networks.each do |host| %>
+     allow <%= host %> # allow <%= host %> to connect to the server
+  <% end %>
+     allow <%= monit_webserver_auth_user %>:<%= monit_webserver_auth_pass %>      # require user <%= monit_webserver_auth_user %> with password <%= monit_webserver_auth_pass %>
+<% end %>
+#
+#
+###############################################################################
+## Services
+###############################################################################
+##
+## Check general system resources such as load average, cpu and memory
+## usage. Each test specifies a resource, conditions and the action to be
+## performed should a test fail.
+#
+#  check system myhost.mydomain.tld
+#    if loadavg (1min) > 4 then alert
+#    if loadavg (5min) > 2 then alert
+#    if memory usage > 75% then alert
+#    if cpu usage (user) > 70% then alert
+#    if cpu usage (system) > 30% then alert
+#    if cpu usage (wait) > 20% then alert
+#
+#    
+## Check a file for existence, checksum, permissions, uid and gid. In addition
+## to alert recipients in the global section, customized alert will be sent to 
+## additional recipients by specifying a local alert handler. The service may 
+## be grouped using the GROUP option.
+#    
+#  check file apache_bin with path /usr/local/apache/bin/httpd
+#    if failed checksum and 
+#       expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
+#    if failed permission 755 then unmonitor
+#    if failed uid root then unmonitor
+#    if failed gid root then unmonitor
+#    alert security@foo.bar on {
+#           checksum, permission, uid, gid, unmonitor
+#        } with the mail-format { subject: Alarm! }
+#    group server
+#
+#    
+## Check that a process is running, in this case Apache, and that it respond
+## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
+## and number of children. If the process is not running, monit will restart 
+## it by default. In case the service was restarted very often and the 
+## problem remains, it is possible to disable monitoring using the TIMEOUT
+## statement. This service depends on another service (apache_bin) which
+## is defined above.
+#    
+#  check process apache with pidfile /usr/local/apache/logs/httpd.pid
+#    start program = "/etc/init.d/httpd start"
+#    stop program  = "/etc/init.d/httpd stop"
+#    if cpu > 60% for 2 cycles then alert
+#    if cpu > 80% for 5 cycles then restart
+#    if totalmem > 200.0 MB for 5 cycles then restart
+#    if children > 250 then restart
+#    if loadavg(5min) greater than 10 for 8 cycles then stop
+#    if failed host www.tildeslash.com port 80 protocol http
+#       and request "/monit/doc/next.php"
+#       then restart
+#    if failed port 443 type tcpssl protocol http
+#       with timeout 15 seconds
+#       then restart
+#    if 3 restarts within 5 cycles then timeout
+#    depends on apache_bin
+#    group server
+#    
+#    
+## Check device permissions, uid, gid, space and inode usage. Other services,
+## such as databases, may depend on this resource and an automatically graceful
+## stop may be cascaded to them before the filesystem will become full and data
+## lost.
+#
+#  check device datafs with path /dev/sdb1
+#    start program  = "/bin/mount /data"
+#    stop program  = "/bin/umount /data"
+#    if failed permission 660 then unmonitor
+#    if failed uid root then unmonitor
+#    if failed gid disk then unmonitor
+#    if space usage > 80% for 5 times within 15 cycles then alert
+#    if space usage > 99% then stop
+#    if inode usage > 30000 then alert
+#    if inode usage > 99% then stop
+#    group server
+#
+#
+## Check a file's timestamp. In this example, we test if a file is older 
+## than 15 minutes and assume something is wrong if its not updated. Also,
+## if the file size exceed a given limit, execute a script
+#
+#  check file database with path /data/mydatabase.db
+#    if failed permission 700 then alert
+#    if failed uid data then alert
+#    if failed gid data then alert
+#    if timestamp > 15 minutes then alert
+#    if size > 100 MB then exec "/my/cleanup/script"
+#
+#
+## Check directory permission, uid and gid.  An event is triggered if the 
+## directory does not belong to the user with uid 0 and gid 0.  In addition, 
+## the permissions have to match the octal description of 755 (see chmod(1)).
+#
+#  check directory bin with path /bin
+#    if failed permission 755 then unmonitor
+#    if failed uid 0 then unmonitor
+#    if failed gid 0 then unmonitor
+#
+#
+## Check a remote host network services availability using a ping test and 
+## check response content from a web server. Up to three pings are sent and 
+## connection to a port and a application level network check is performed.
+#
+#  check host myserver with address 192.168.1.1
+#    if failed icmp type echo count 3 with timeout 3 seconds then alert
+#    if failed port 3306 protocol mysql with timeout 15 seconds then alert
+#    if failed url
+#       http://user:password@www.foo.bar:8080/?querystring
+#       and content == 'action="j_security_check"'
+#       then alert
+#
+#
+###############################################################################
+## Includes
+###############################################################################
+##
+## It is possible to include additional configuration parts from other files or
+## directories.
+#
+include /etc/monit.d/*
+#
+#

data/lib/deprec/templates/mysql/create_databases.sql

@@ -0,0 +1,20 @@
+create database <%= @username %>_prod;
+GRANT USAGE ON *.* TO '<%= @username %>_db'@'%';
+
+GRANT ALL PRIVILEGES 
+ON <%= @username %>_prod.*
+TO <%= @username %>_db@'%'
+IDENTIFIED BY '<%= @mysqlpass %>';
+
+FLUSH PRIVILEGES;
+
+
+create database <%= @username %>_stage;
+GRANT USAGE ON *.* TO '<%= @username %>_db'@'%';
+
+GRANT ALL PRIVILEGES 
+ON <%= @username %>_stage.*
+TO <%= @username %>_db@'%'
+IDENTIFIED BY '<%= @mysqlpass %>';
+
+FLUSH PRIVILEGES;

data/lib/deprec/templates/mysql/database.yml.prod

@@ -0,0 +1,6 @@
+production:
+  adapter:   mysql
+  database:  <%= @username %>_prod
+  username:  <%= @username %>_db
+  password:  <%= @mysqlpass %>
+  host:      <%= @mysql_host %>

data/lib/deprec/templates/mysql/database.yml.stage

@@ -0,0 +1,6 @@
+production:
+  adapter:   mysql
+  database:  <%= @username %>_stage
+  username:  <%= @username %>_db
+  password:  <%= @mysqlpass %>
+  host:      <%= @mysql_host %>

data/lib/deprec/templates/mysql/my.cnf.erb

@@ -0,0 +1,140 @@
+#
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+# 
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+[client]
+port		= 3306
+socket		= /var/run/mysqld/mysqld.sock
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+# This was formally known as [safe_mysqld]. Both versions are currently parsed.
+[mysqld_safe]
+socket		= /var/run/mysqld/mysqld.sock
+nice		= 0
+
+[mysqld]
+#
+# * Basic Settings
+#
+user		= mysql
+pid-file	= /var/run/mysqld/mysqld.pid
+socket		= /var/run/mysqld/mysqld.sock
+port		= 3306
+basedir		= /usr
+datadir		= /var/lib/mysql
+tmpdir		= /tmp
+language	= /usr/share/mysql/english
+skip-external-locking
+#
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address		= 127.0.0.1
+#
+# * Fine Tuning
+#
+key_buffer		= 16M
+max_allowed_packet	= 16M
+thread_stack		= 128K
+thread_cache_size	= 8
+#max_connections        = 100
+#table_cache            = 64
+#thread_concurrency     = 10
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = 1M
+query_cache_size        = 16M
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+#log		= /var/log/mysql/mysql.log
+#
+# Error logging goes to syslog. This is a Debian improvement :)
+#
+# Here you can see queries with especially long duration
+#log_slow_queries	= /var/log/mysql/mysql-slow.log
+#long_query_time = 2
+#log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+#       other settings you may need to change.
+#server-id		= 1
+log_bin			= /var/log/mysql/mysql-bin.log
+# WARNING: Using expire_logs_days without bin_log crashes the server! See README.Debian!
+expire_logs_days	= 10
+max_binlog_size         = 100M
+#binlog_do_db		= include_database_name
+#binlog_ignore_db	= include_database_name
+#
+# * BerkeleyDB
+#
+# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
+skip-bdb
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
+#skip-innodb
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+
+
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet	= 16M
+
+[mysql]
+#no-auto-rehash	# faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer		= 16M
+
+#
+# * NDB Cluster
+#
+# See /usr/share/doc/mysql-server-*/README.Debian for more information.
+#
+# The following configuration is read by the NDB Data Nodes (ndbd processes)
+# not from the NDB Management Nodes (ndb_mgmd processes).
+#
+# [MYSQL_CLUSTER]
+# ndb-connectstring=127.0.0.1
+
+
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#
+!includedir /etc/mysql/conf.d/
+