ec2onrails-xtreme-head 0.0.6 → 0.0.7

data/Rakefile

@@ -0,0 +1,44 @@
+# This rakefile is for building the EC2 on Rails gem.
+# To build a server AMI, see server/rakefile.rb
+
+begin
+  require 'jeweler'
+  require 'rake'
+  
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "ec2onrails-xtreme-head"
+    gemspec.summary = "Client-side libraries (Capistrano tasks) for managing and deploying to EC2 on Rails servers."
+    gemspec.description = <<-DESC
+      Deploy a Ruby on Rails app on EC2 in five minutes. 
+      EC2 on Rails is an Ubuntu Linux server image for Amazon EC2 that's ready to run a standard
+      Ruby on Rails application with little or no customization. 
+      It's a Ruby on Rails virtual appliance.
+      This gem contains Capistrano tasks to manage and deploy to an EC2 on Rails server instance.
+    DESC
+    if gemspec.name == "ec2onrails-xtreme-head"
+      experimental_warning = " *** This is the experimental, pre-release version.*** For the regular version install the gem 'ec2onrails-xtreme'"
+      gemspec.summary += experimental_warning
+      gemspec.description += experimental_warning
+    end
+    gemspec.homepage = "http://ec2onrails.rubyforge.org"
+
+    gemspec.authors = ['Xtreme Labs', 'Dwayne Forde']
+    gemspec.email = "aws@xtremelabs.com"
+    
+    gemspec.files = FileList['lib/**/**/*', 'Rakefile', 'Version'].to_a    
+
+    gemspec.add_dependency('capistrano', '>= 2.5.19')
+    gemspec.add_dependency('archive-tar-minitar', '>= 0.5.2')
+    gemspec.add_dependency('optiflag', '>= 0.7')
+    
+    gemspec.rubyforge_project = gemspec.name
+    Jeweler::RubyforgeTasks.new do |rubyforge|
+      rubyforge.doc_task = "rdoc"
+    end
+  end
+  
+  Jeweler::GemcutterTasks.new
+  
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install jeweler"
+end

data/Version

@@ -0,0 +1 @@
+0.0.7

data/lib/ec2onrails.rb

@@ -0,0 +1,20 @@
+#    This file is part of EC2 on Rails.
+#    http://rubyforge.org/projects/ec2onrails/
+#
+#    Copyright 2007 Paul Dowman, http://pauldowman.com/
+#
+#    EC2 on Rails is free software; you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation; either version 2 of the License, or
+#    (at your option) any later version.
+#
+#    EC2 on Rails is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+$:.unshift File.dirname(__FILE__)

data/lib/ec2onrails/capistrano_utils.rb

@@ -0,0 +1,50 @@
+module Ec2onrails
+  module CapistranoUtils
+    def run_local(command)
+      result = system command
+      raise("error: #{$?}") unless result
+    end
+    
+    def run_init_script(script, arg)
+      # TODO only restart a service if it's already started. 
+      # Aside from being smarter and more efficient, This will make sure we 
+      # aren't starting a service that shouldn't be started for the current
+      # roles (e.g. don't start nginx when we're not in the web role)
+      # How? Maybe need another param with the process name?
+      sudo "/etc/init.d/#{script} #{arg}"
+    end
+    
+    # return hostnames for the role named role_sym that has the specified options
+    def hostnames_for_role(role_sym, options = {})
+      role = roles[role_sym]
+      unless role
+        return []
+      end
+      # make sure we match the server with all the passed in options, BUT the server can
+      # have additional options defined.  e.g.: :primary => true and :ebs_vol_id => 'vol-1234abcd'
+      # but we want to select the server where :primary => true
+      role.select{|s| 
+        match = true
+        options.each_pair{|k,v| match = false if s.options[k] != v}
+      }.collect{|s| s.host}
+    end
+    
+    # Like the capture method, but does not print out error stream and swallows 
+    # an exception if the process's exit code != 0
+    # NOTE: this only executes on the first server in the list. Don't use this
+    # to execute a task that has a side-effect (i.e. something that needs to be
+    # run on all servers).
+    def quiet_capture(command, options={})
+      output = ""
+      invoke_command(command, options.merge(:once => true)) do |ch, stream, data|
+        case stream
+        when :out then output << data
+        # when :err then warn "[err :: #{ch[:server]}] #{data}"
+        end
+      end
+    ensure
+      return (output || '').strip
+    end
+    
+  end
+end

data/lib/ec2onrails/recipes.rb

@@ -0,0 +1,135 @@
+#    This file is part of EC2 on Rails.
+#    http://rubyforge.org/projects/ec2onrails/
+#
+#    Copyright 2007 Paul Dowman, http://pauldowman.com/
+#
+#    EC2 on Rails is free software; you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation; either version 2 of the License, or
+#    (at your option) any later version.
+#
+#    EC2 on Rails is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+require 'fileutils'
+include FileUtils
+require 'tmpdir'
+require 'pp'
+require 'zlib'
+require 'archive/tar/minitar'
+include Archive::Tar
+
+require 'ec2onrails/version_helper'
+require 'ec2onrails/capistrano_utils'
+include Ec2onrails::CapistranoUtils
+
+
+
+Dir[File.join(File.dirname(__FILE__), "recipes/*")].find_all{|x| File.file? x}.each do |recipe|
+  require recipe 
+end
+
+
+Capistrano::Configuration.instance.load do
+
+  unless ec2onrails_config
+    raise "ec2onrails_config variable not set. (It should be a hash.)"
+  end
+  
+  cfg = ec2onrails_config
+  
+  set :ec2onrails_version, Ec2onrails::VersionHelper.string
+  set :deploy_to, "/mnt/app"
+  set :use_sudo, true
+  set :user, "app"
+
+  # in case anyone is still using deploy:cold
+  before "deploy:cold", "ec2onrails:setup"
+  
+  # after "deploy:symlink", "ec2onrails:server:set_roles", "ec2onrails:server:init_services"
+  # after "deploy:symlink", "ec2onrails:server:purge_proxy_cache"
+
+  on :load do
+    before "deploy:symlink", "ec2onrails:server:run_rails_rake_gems_install"
+    before "deploy:symlink", "ec2onrails:server:install_system_files"
+  end
+
+
+  namespace :ec2onrails do
+    desc <<-DESC
+      Show the AMI id's of the current images for this version of \
+      EC2 on Rails.
+    DESC
+    task :ami_ids do
+      puts "32-bit server image (US location) for EC2 on Rails #{ec2onrails_version}: #{Ec2onrails::VersionHelper.ami_ids["us"]["32bit"]}"
+      puts "64-bit server image (US location) for EC2 on Rails #{ec2onrails_version}: #{Ec2onrails::VersionHelper.ami_ids["us"]["64bit"]}"
+      puts "32-bit server image (EU location) for EC2 on Rails #{ec2onrails_version}: #{Ec2onrails::VersionHelper.ami_ids["eu"]["32bit"]}"
+      puts "64-bit server image (EU location) for EC2 on Rails #{ec2onrails_version}: #{Ec2onrails::VersionHelper.ami_ids["eu"]["64bit"]}"
+    end
+    
+    desc <<-DESC
+      Copies the public key from the server using the external "ssh"
+      command because Net::SSH, which is used by Capistrano, needs it.
+      This will only work if you have an ssh command in the path.
+      If Capistrano can successfully connect to your EC2 instance you
+      don't need to do this. It will copy from one of the servers
+      at random, this can be overridden by specifying the HOST 
+      environment variable
+    DESC
+    task :get_public_key_from_server do
+      host = find_servers_for_task(current_task).first.host
+      privkey = ssh_options[:keys][0]
+      pubkey = "#{privkey}.pub"
+      msg = <<-MSG
+      Your first key in ssh_options[:keys] is #{privkey}, presumably that's 
+      your EC2 private key. The public key will be copied from the server 
+      named '#{host}' and saved locally as #{pubkey}. Continue? [y/n]
+      MSG
+      choice = nil
+      while choice != "y" && choice != "n"
+        choice = Capistrano::CLI.ui.ask(msg).downcase
+        msg = "Please enter 'y' or 'n'."
+      end
+      if choice == "y"
+        run_local "scp -i '#{privkey}' app@#{host}:.ssh/authorized_keys #{pubkey}"
+      end
+    end
+    
+    desc <<-DESC
+      Prepare a newly-started instance for a cold deploy.
+    DESC
+    task :setup do
+      # we now have some things being included inside the app so we deploy
+      # the app's code to the server before we do any other setup
+      server.upload_deploy_keys
+      deploy.setup
+      deploy.update_code
+      
+      ec2onrails.server.allow_sudo do
+        server.set_timezone
+        server.set_mail_forward_address
+        server.install_packages
+        server.install_gems
+        server.run_rails_rake_gems_install
+        server.deploy_files # DEPRECATED, see install_system_files
+        server.install_system_files
+        server.set_roles
+        server.enable_ssl if cfg[:enable_ssl]
+        server.set_rails_env
+        server.restart_services
+        db.create
+        server.harden_server
+        db.enable_ebs
+        db.set_root_password
+      end
+    end
+
+  end
+end
+
+

data/lib/ec2onrails/recipes/db.rb

@@ -0,0 +1,369 @@
+Capistrano::Configuration.instance.load do
+  cfg = ec2onrails_config
+  
+  namespace :ec2onrails do
+    desc <<-DESC
+      Deploy and restore database from S3
+    DESC
+    task :restore_db_and_deploy do
+      db.recreate
+      deploy.update_code
+      deploy.symlink
+      db.restore
+      deploy.migrations
+    end
+    
+    namespace :db do
+      desc <<-DESC
+        [internal] Load configuration info for the database from 
+        config/database.yml, and start mysql (it must be running
+        in order to interact with it).
+      DESC
+      task :load_config do
+        unless hostnames_for_role(:db, :primary => true).empty?
+          db_config = YAML::load(ERB.new(File.read("config/database.yml")).result)[rails_env.to_s] || {}
+          cfg[:db_name]     ||= db_config['database']
+          cfg[:db_user]     ||= db_config['username'] || db_config['user'] 
+          cfg[:db_password] ||= db_config['password']
+          cfg[:db_host]     ||= db_config['host']
+          cfg[:db_port]     ||= db_config['port']
+          cfg[:db_socket]   ||= db_config['socket']
+        
+          if (cfg[:db_host].nil? || cfg[:db_host].empty?) && (cfg[:db_socket].nil? || cfg[:db_socket].empty?)
+              raise "ERROR: missing database config. Make sure database.yml contains a '#{rails_env}' section with either 'host: hostname' or 'socket: /var/run/mysqld/mysqld.sock'."
+          end
+        
+          [cfg[:db_name], cfg[:db_user], cfg[:db_password]].each do |s|
+            if s.nil? || s.empty?
+              raise "ERROR: missing database config. Make sure database.yml contains a '#{rails_env}' section with a database name, user, and password."
+            elsif s.match(/['"]/)
+              raise "ERROR: database config string '#{s}' contains quotes."
+            end
+          end
+        end
+      end
+      
+      desc <<-DESC
+        Create the MySQL database. Assumes there is no MySQL root \
+        password. To create a MySQL root password create a task that's run \
+        after this task using an after hook.
+      DESC
+      task :create, :roles => :db do
+        on_rollback { drop }
+        load_config
+        start
+        puts "  * Pausing to give MySQL some time to start up..."
+        sleep 30
+        
+        # TODO run init_backup after creating the db. This might be slow, so we need to
+        # check if the db exists, and exit without doing any of this if it exists.
+        
+        run %{mysql -u root -e "drop database if exists test; flush privileges;"}
+        # removing anonymous mysql accounts
+        run %{mysql -u root -D mysql -e "delete from db where User = ''; flush privileges;"}
+        run %{mysql -u root -D mysql -e "delete from user where User = ''; flush privileges;"}
+
+        # qoting of database names allows special characters eg (the-database-name)
+        # the quotes need to be double escaped. Once for capistrano and once for the host shell
+        run %{mysql -u root -e "create database if not exists \\`#{cfg[:db_name]}\\`;"}
+        run %{mysql -u root -e "grant all on \\`#{cfg[:db_name]}\\`.* to '#{cfg[:db_user]}'@'%' identified by '#{cfg[:db_password]}';"}
+        run %{mysql -u root -e "grant reload on *.* to '#{cfg[:db_user]}'@'%' identified by '#{cfg[:db_password]}';"}
+        run %{mysql -u root -e "grant super on *.* to '#{cfg[:db_user]}'@'%' identified by '#{cfg[:db_password]}';"}
+      end
+      
+      desc <<-DESC
+        Move the MySQL database to Amazon's Elastic Block Store (EBS), \
+        which is a persistant data store for the cloud.
+        OPTIONAL PARAMETERS:
+          * SIZE: Pass in a number representing the GB's to hold, like 10. \
+            It will default to 10 gigs.
+          * VOLUME_ID: The volume_id to use for the mysql database    
+        NOTE: keep track of the volume ID, as you'll want to keep this for your \
+        records and probably add it to the :db role in your deploy.rb file \
+        (see the ec2onrails sample deploy.rb file for additional information)
+      DESC
+      task :enable_ebs, :roles => :db, :only => { :primary => true } do        
+        # based off of Eric's work:
+        # http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1663&categoryID=100
+        #
+        # EXPLAINATION:
+        # There is a lot going on here!  At the end, the setup should be:
+        #   * create EBS volume if run outside of the ec2onrails:setup and 
+        #     VOLUME_ID is not passed in when the cap task is called
+        #   * EBS volume attached to /dev/sdh
+        #   * format to xfs if new or do a xfs_check if previously existed
+        #   * mounted on /var/local and update /etc/fstab
+        #   * move /mnt/mysql_data -> /var/local/mysql_data
+        #   * move /mnt/log/mysql  -> /var/local/log/mysql
+        #   * change mysql configs by writing /etc/mysql/conf.d/mysql-ec2-ebs.cnf 
+        #   * keep a copy of the mysql configs with the EBS volume, and if that volume is hooked into
+        #     another instance, make sure the mysql configs that go with that volume are symlinked to /etc/mysql
+        #   * update the file locations of the mysql binary logs in /mnt/log/mysql/mysql-bin.index
+        #   * symlink the moved folders to their old position... makes the move to EBS transparent
+        #   * Amazon doesn't contain EBS information in the meta-data API (yet).  So write
+        #     /etc/ec2onrails/ebs_info.yml
+        #     to contain the meta-data information that we need
+        #
+        # DESIGN CONSIDERATIONS
+        #   * only moving mysql data to EBS.  seems the most obvious, and if we move over other components
+        #     we will have to share that bandwidth (1 Gbps pipe to SAN).  So limiting to what we really need
+        #   * not moving all mysql logic over (tmp scratch space stays local).  Again, this is to limit
+        #     unnecessary bandwidth usage, PLUS, we are charged per million IO to EBS
+        #
+        # TODO:
+        #  * make sure if we have a predefined ebs_vol_id, that we error out with a nice msg IF the zones do not match
+        #  * can we move more of the mysql cache files back to the local disk and off of EBS, like the innodb table caches?
+        #  * right now we force this task to only be run on one server; that works for db :primary => true
+        #    But what is the best way to make this work if it needs to setup multiple servers (like db slaves)?
+        #    I need to figure out how to do a direct mapping from a server definition to a ebs_vol_id
+        #  * when we enable slaves and we setup ebs volumes on them, make it transparent to the user.  
+        #    have the slave create a snapshot of the db.master volume, and then use that to mount from
+        #  * need to do a rollback that if the volume is created but something fails, lets uncreate it?
+        #    carefull though!  If it fails towards the end when information is copied over, it could cause information
+        #    to be lost!
+        #
+        
+        mysql_dir_root = '/var/local'
+        block_mnt      = '/dev/sdh'
+        servers = find_servers_for_task(current_task)
+        
+        if servers.empty?
+          raise Capistrano::NoMatchingServersError, "`#{task.fully_qualified_name}' is only run for servers matching #{task.options.inspect}, but no servers matched"
+        elsif servers.size > 1
+          raise Capistrano::Error, "`#{task.fully_qualified_name}' is can only be run on one server, not #{server.size}"
+        end
+        
+        vol_id = ENV['VOLUME_ID'] || servers.first.options[:ebs_vol_id]
+
+        #HACK!  capistrano doesn't allow arguments to be passed in if we call this task as a method, like 'db.enable_ebs'
+        #       the places where we do call it like that, we don't want to force a move to ebs, so....
+        #       if the call frame is > 1 (ie, another task called it), do NOT force the ebs move
+        no_force = task_call_frames.size > 1
+        prev_created = !(vol_id.nil? || vol_id.empty?)
+        #no vol_id was passed in, but perhaps it is already mounted...?
+        prev_created = true if !quiet_capture("mount | grep -inr '#{mysql_dir_root}' || echo ''").empty?
+
+        unless no_force && (vol_id.nil? || vol_id.empty?)
+          zone = quiet_capture("/usr/local/ec2onrails/bin/ec2_meta_data -key 'placement/availability-zone'")
+          instance_id = quiet_capture("/usr/local/ec2onrails/bin/ec2_meta_data -key 'instance-id'")
+
+          unless prev_created
+            puts "creating new ebs volume...."
+            size = ENV["SIZE"] || "10"
+            cmd = "ec2-create-volume -s #{size} -z #{zone} 2>&1"
+            puts "running: #{cmd}"
+            output = `#{cmd}`
+            puts output
+            vol_id = (output =~ /^VOLUME\t(.+?)\t/ && $1)
+            puts "NOTE: remember that vol_id"
+            sleep(2)          
+          end
+          vol_id.strip! if vol_id
+          if quiet_capture("mount | grep -inr '#{block_mnt}' || echo ''").empty?
+            cmd = "ec2-attach-volume -d #{block_mnt} -i #{instance_id} #{vol_id} 2>&1"
+            puts "running: #{cmd}"
+            output = `#{cmd}`
+            puts output
+            if output =~ /Client.InvalidVolume.ZoneMismatch/i              
+              raise Exception, "The volume you are trying to attach does not reside in the zone of your instance.  Stopping!"
+            end
+      			while !system( "ec2-describe-volumes | grep #{vol_id} | grep attached" )
+      				puts "Waiting for #{vol_id} to be attached..."
+      				sleep 1            
+      			end
+          end
+          
+          ec2onrails.server.allow_sudo do
+            # try to format the volume... if it is already formatted, lets run a check on
+            # it to make sure it is ok, and then continue on
+            # if errors, the device is busy...something else is going on here and it is already mounted... skip!
+            if prev_created
+              # Stop the db (mysql server) for cases where this is being run after the original run
+              # If EBS partiion is already mounted and being used by mysql, it will fail when umount is run
+              god_status = quiet_capture("sudo god status")
+              god_status = god_status.empty? ? {} : YAML::load(god_status)
+              start_stop_db = false
+              start_stop_db = god_status['db_primary']['mysql'] == 'up'
+              if start_stop_db
+                stop
+                puts "Waiting for mysql to stop"
+                sleep(10)
+              end
+              quiet_capture("sudo umount #{mysql_dir_root}") #unmount if need to
+              puts "Checking if the filesystem needs to be created (if you created #{vol_id} yourself)"
+              existing = quiet_capture( "mkfs.xfs /dev/sdh", :via => 'sudo' ).match( /existing filesystem/ )
+              sudo "xfs_check #{block_mnt}"
+              # Restart the db if it 
+              start if start_stop_db && existing
+            else
+              sudo "mkfs.xfs #{block_mnt}"  
+            end
+            
+            # if not added to /etc/fstab, lets do so
+            sudo "sh -c \"grep -iqn '#{mysql_dir_root}' /etc/fstab || echo '#{block_mnt} #{mysql_dir_root} xfs noatime 0 0' >> /etc/fstab\""
+            sudo "mkdir -p #{mysql_dir_root}"
+            #if not already mounted, lets mount it
+            sudo "sh -c \"mount | grep -iqn '#{mysql_dir_root}' || mount '#{mysql_dir_root}'\""
+
+            #ok, now lets move the mysql stuff off of /mnt -> mysql_dir_root
+            stop rescue nil #already stopped
+            sudo "mkdir -p #{mysql_dir_root}/log"
+            #move the data over, but keep a symlink to the new location for backwards compatibility
+            #and do not do it if /mnt/mysql_data has already been moved
+            quiet_capture("sudo sh -c 'test ! -d #{mysql_dir_root}/mysql_data && mv /mnt/mysql_data #{mysql_dir_root}/'")
+            sudo "mv /mnt/mysql_data /mnt/mysql_data_old 2>/dev/null || echo"
+            sudo "ln -fs #{mysql_dir_root}/mysql_data /mnt/mysql_data"
+
+            #but keep the tmpdir on mnt
+            sudo "sh -c 'mkdir -p /mnt/tmp/mysql && chown mysql:mysql /mnt/tmp/mysql'"
+            #move the logs over, but keep a symlink to the new location for backwards compatibility
+            #and do not do it if the logs have already been moved
+            quiet_capture("sudo sh -c 'test ! -d #{mysql_dir_root}/log/mysql_data && mv /mnt/log/mysql #{mysql_dir_root}/log/'")
+            sudo "ln -fs #{mysql_dir_root}/log/mysql /mnt/log/mysql"
+            quiet_capture("sudo sh -c \"test -f #{mysql_dir_root}/log/mysql/mysql-bin.index && \
+                  perl -pi -e 's%/mnt/log/%#{mysql_dir_root}/log/%' #{mysql_dir_root}/log/mysql/mysql-bin.index\"") rescue false
+            
+            if quiet_capture("test -d /var/local/etc/mysql && echo 'yes'").empty?
+              txt = <<-FILE
+[mysqld]
+  datadir          = #{mysql_dir_root}/mysql_data
+  tmpdir           = /mnt/tmp/mysql
+  log_bin          = #{mysql_dir_root}/log/mysql/mysql-bin.log
+  log_slow_queries = #{mysql_dir_root}/log/mysql/mysql-slow.log
+FILE
+              put txt, '/tmp/mysql-ec2-ebs.cnf'
+              sudo 'mv /tmp/mysql-ec2-ebs.cnf /etc/mysql/conf.d/mysql-ec2-ebs.cnf'
+
+              #keep a copy 
+              sudo "rsync -aR /etc/mysql #{mysql_dir_root}/"
+            end
+            # lets use the mysql configs on the EBS volume
+            sudo "mv /etc/mysql /etc/mysql.orig 2>/dev/null"
+            sudo "ln -sf #{mysql_dir_root}/etc/mysql /etc/mysql"
+
+            #just put a README on the drive so we know what this volume is for!
+            txt = <<-FILE
+This volume is setup to be used by Ec2onRails in conjunction with Amazon's EBS, for primary MySql database persistence.
+RAILS_ENV: #{fetch(:rails_env, 'undefined')}
+DOMAIN:    #{fetch(:domain, 'undefined')}
+
+Modify this volume at your own risk
+FILE
+      
+            put txt, "/tmp/VOLUME-README"
+            sudo "mv /tmp/VOLUME-README #{mysql_dir_root}/VOLUME-README"
+            sudo "touch /etc/ec2onrails/ebs_info.yml"
+            ebs_info = quiet_capture("cat /etc/ec2onrails/ebs_info.yml")
+
+            ebs_info = ebs_info.empty? ? {} : YAML::load(ebs_info)
+            ebs_info[mysql_dir_root] = {'block_loc' => block_mnt, 'volume_id' => vol_id} 
+            put(ebs_info.to_yaml, "/tmp/ebs_info.yml")
+            sudo "mv /tmp/ebs_info.yml /etc/ec2onrails/ebs_info.yml"
+            #lets start it back up
+            start  
+          end #end of sudo
+        end
+      end
+      
+      
+      desc <<-DESC
+        [internal] Make sure the MySQL server has been started, just in case the db role 
+        hasn't been set, e.g. when called from ec2onrails:setup.
+        (But don't enable monitoring on it.)
+      DESC
+      task :start, :roles => :db do
+        sudo "god start db_primary"
+      end
+
+      task :stop, :roles => :db do
+        sudo "god stop db_primary"
+      end
+      
+      
+      desc <<-DESC
+        Drop the MySQL database. Assumes there is no MySQL root \
+        password. If there is a MySQL root password, create a task that removes \
+        it and run that task before this one using a before hook.
+      DESC
+      task :drop, :roles => :db do
+        load_config
+        run %{mysql -u root -e "drop database if exists \\`#{cfg[:db_name]}\\`;"}
+      end
+      
+      desc <<-DESC
+        db:drop and db:create.
+      DESC
+      task :recreate, :roles => :db do
+        drop
+        create
+      end
+      
+      desc <<-DESC
+        Set a root password for MySQL, using the variable mysql_root_password \
+        if it is set. If this is done db:drop won't work.
+      DESC
+      task :set_root_password, :roles => :db do
+        if cfg[:mysql_root_password]
+          begin
+            run %{mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('#{cfg[:mysql_root_password]}') WHERE User='root'; FLUSH PRIVILEGES;"}
+          rescue Exception => e
+            #most likely because the password was already set
+            #in that case this is fine to swallow the error because the task is 'set' db password, not reset it.... we would have to know
+            #what the old root password was
+          end
+        end
+      end
+      
+      desc <<-DESC
+        Dump the MySQL database to ebs (if enabled) or the S3 bucket specified by \
+        ec2onrails_config[:archive_to_bucket]. The filename will be \
+        "database-archive/<timestamp>/dump.sql.gz".
+      DESC
+      task :archive, :roles => :db do
+        run "/usr/local/ec2onrails/bin/backup_app_db --bucket #{cfg[:archive_to_bucket]} --dir #{cfg[:archive_to_bucket_subdir]}"
+      end
+      
+      desc <<-DESC
+        Restore the MySQL database from the S3 bucket specified by \
+        ec2onrails_config[:restore_from_bucket]. The archive filename is \
+        expected to be the default, "mysqldump.sql.gz".
+      DESC
+      task :restore, :roles => :db do
+        run "/usr/local/ec2onrails/bin/restore_app_db --bucket #{cfg[:restore_from_bucket]} --dir #{cfg[:restore_from_bucket_subdir]}"
+      end
+      
+      desc <<-DESC
+        [internal] Initialize the default backup folder on S3 (i.e. do a full
+        backup of the newly-created db so the automatic incremental backups 
+        make sense).  NOTE: Only of use if you do not have ebs enabled
+      DESC
+      task :init_backup, :roles => :db do
+        server.allow_sudo do
+          sudo "/usr/local/ec2onrails/bin/backup_app_db --reset"
+        end
+      end
+      
+      # do NOT run if the flag does not exist.  This is placed by a startup script
+      # and it is only run on the first-startup.  This means after the db has been
+      # optimized, this task will not work again.  
+      #
+      # Of course you can overload it or call the file directly
+      task :optimize, :roles => :db do
+        if !quiet_capture("test -e /tmp/optimize_db_flag && echo 'file exists'").empty?
+          ec2onrails.server.allow_sudo do
+            begin
+              sudo "/usr/local/ec2onrails/bin/optimize_mysql"
+            ensure
+              sudo "rm -rf /tmp/optimize_db_flag" #remove so we cannot run again
+            end
+          end
+        else
+          puts "skipping as it looks like this task has already been run"
+        end
+      end
+      
+    end
+
+  end
+end
+

data/lib/ec2onrails/recipes/deploy.rb

@@ -0,0 +1,58 @@
+Capistrano::Configuration.instance(:must_exist).load do
+
+  # Override default start/stop/restart tasks for Passenger
+  namespace :deploy do
+    desc <<-DESC
+      Overrides the default Capistrano deploy:start.
+    DESC
+    task :start, :roles => :web do
+      run "touch #{current_release}/tmp/restart.txt"
+    end
+    
+    desc <<-DESC
+      Overrides the default Capistrano deploy:stop.
+    DESC
+    task :stop, :roles => :web do
+      # Do nothing, 
+    end
+    
+    desc <<-DESC
+      Overrides the default Capistrano deploy:restart.
+    DESC
+    task :restart, :roles => :web do
+      run "touch #{current_release}/tmp/restart.txt"
+    end
+    
+    desc <<-DESC
+      Run the migrate rake task. By default, it runs this in most recently \
+      deployed version of the app. However, you can specify a different release \
+      via the migrate_target variable, which must be one of :latest (for the \
+      default behavior), or :current (for the release indicated by the `current' \
+      symlink). latest release to be deployed with the update_code task). Strings will work \
+      for those values instead of symbols, too. You can also specify additional \
+      environment variables to pass to rake via the migrate_env variable. Finally, \
+      you can specify the full path to the rake executable by setting the rake \
+      variable. The defaults are:
+    
+      set :rake,           \"rake\"
+      set :rails_env,      \"production\"
+      set :migrate_env,    \"\"
+      set :migrate_target, :latest"
+    DESC
+      task :migrate, :roles => :db, :only => { :primary => true } do
+        rake = fetch(:rake, "rake")
+        rails_env = fetch(:rails_env, "production")
+        migrate_env = fetch(:migrate_env, "")
+        migrate_target = fetch(:migrate_target, :latest)
+    
+        directory = case migrate_target.to_sym
+          when :current then current_path
+          when :latest  then current_release
+          else raise ArgumentError, "unknown migration target #{migrate_target.inspect}"
+          end
+    
+        run "cd #{directory}; rvmsudo bundle exec #{rake} RAILS_ENV=#{rails_env} #{migrate_env} db:migrate"
+      end
+    
+  end
+end

data/lib/ec2onrails/recipes/server.rb

@@ -0,0 +1,505 @@
+Capistrano::Configuration.instance(:must_exist).load do
+  cfg = ec2onrails_config
+  
+  namespace :ec2onrails do
+    namespace :server do
+      desc <<-DESC
+        Tell the servers what roles they are in. This configures them with \
+        the appropriate settings for each role, and starts and/or stops the \
+        relevant services.
+      DESC
+      task :set_roles do
+        # Create a list of server roles based on the capistrano roles.
+        # We treat :db specially because it maps to a different rolename on the server
+        # if :primary => true
+        server_roles = {}
+        roles.keys.delete_if{|r|r == :db}.each do |rolename|
+          server_roles[rolename] = hostnames_for_role(rolename)
+        end
+        server_roles[:db_primary] = hostnames_for_role(:db, :primary => true)
+
+        roles_yml = YAML::dump(server_roles)
+        put roles_yml, "/tmp/roles.yml"
+        allow_sudo do
+          sudo "cp /tmp/roles.yml /etc/ec2onrails"
+          #we want everyone to be able to read to it
+          sudo "chmod a+r /etc/ec2onrails/roles.yml"
+          sudo "/usr/local/ec2onrails/bin/set_roles"
+        end
+      end
+      
+      task :init_services do
+        allow_sudo do
+          #lets pick up the new configuration files
+          sudo "/usr/local/ec2onrails/bin/init_services"
+        end
+      end
+      
+      desc <<-DESC
+        Change the default value of RAILS_ENV on the server.
+        The value is specified in :rails_env.
+        Be sure to do deploy:restart after this.
+      DESC
+      task :set_rails_env do
+        allow_sudo do
+          rails_env = fetch(:rails_env, "production")
+          sudo "/usr/local/ec2onrails/bin/set_rails_env #{rails_env}"
+        end
+      end
+      
+      desc <<-DESC
+        Upgrade to the newest versions of all Ubuntu packages.
+      DESC
+      task :upgrade_packages do
+        allow_sudo do
+          sudo "aptitude -q update"
+          sudo "sh -c 'export DEBIAN_FRONTEND=noninteractive; aptitude -q -y safe-upgrade'"
+        end
+      end
+      
+      desc <<-DESC
+        Upgrade to the newest versions of all rubygems.
+      DESC
+      task :upgrade_gems do
+        allow_sudo do
+          sudo "gem update --system --no-rdoc --no-ri"
+          sudo "gem update --no-rdoc --no-ri"
+        end
+      end
+      
+      desc <<-DESC
+        Install extra Ubuntu packages. Set ec2onrails_config[:packages], it \
+        should be an array of strings.
+        NOTE: the package installation will be non-interactive, if the packages \
+        require configuration either set ec2onrails_config[:interactive_packages] \
+        like you would for ec2onrails_config[:packages] (we'll flood the server \
+        with 'Y' inputs), or log in as 'root' and run \
+        'dpkg-reconfigure packagename' or replace the package's config files \
+        using the 'ec2onrails:server:deploy_files' task.
+      DESC
+      task :install_packages do
+        allow_sudo do
+          sudo "aptitude -q update"
+          if cfg[:packages] && cfg[:packages].any?
+            sudo "sh -c 'export DEBIAN_FRONTEND=noninteractive; aptitude -q -y install #{cfg[:packages].join(' ')}'"
+          end
+          if cfg[:interactive_packages] && cfg[:interactive_packages].any?
+            # sudo "aptitude install #{cfg[:interactive_packages].join(' ')}", {:env => {'DEBIAN_FRONTEND' => 'readline'} }
+            #trying to pick WHEN to send a Y is a bit tricky...it totally depends on the 
+            #interactive package you want to install.  FLOODING it with 'Y'... but not sure how
+            #'correct' or robust this is
+            cmd = "sudo sh -c 'export DEBIAN_FRONTEND=readline; aptitude -y -q install #{cfg[:interactive_packages].join(' ')}'"
+            run(cmd) do |channel, stream, data|
+                channel.send_data "Y\n"
+            end
+          end
+        end
+      end
+      
+      task :configure_firewall do
+        # TODO
+      end
+      
+    
+      desc <<-DESC
+        Provide extra security measures.  Set ec2onrails_config[:harden_server] = true \
+        to allow the hardening of the server.
+        These security measures are those which can make initial setup and playing around
+        with Ec2onRails tricky.  For example, you can be logged out of your server forever
+      DESC
+      task :harden_server do
+        #NOTES: for those security features that will get in the way of ease-of-use
+        #       hook them in here
+        # Like encrypting the mnt directory
+        # http://groups.google.com/group/ec2ubuntu/web/encrypting-mnt-using-cryptsetup-on-ubuntu-7-10-gutsy-on-amazon-ec2
+        if cfg[:harden_server]
+          #lets install some extra packages:
+          # denyhosts: sshd security tool.  config file is already installed... 
+          #
+          security_pkgs = %w{denyhosts}
+          allow_sudo do
+            sudo "sh -c 'export DEBIAN_FRONTEND=noninteractive; aptitude -q -y install #{security_pkgs.join(' ')}'"          
+            #lets setup dkim
+            setup_email_signing
+          end
+        end
+      end
+      
+      #based on the recipe here (but which is missing a few key steps!)
+      #http://www.howtoforge.com/quick-and-easy-setup-for-domainkeys-using-ubuntu-postfix-and-dkim-filter
+      desc <<-DESC
+        enables dkim signing of outgoing msgs.  This helps with fightint spam.
+        You'll have to update your dns records to take advantage of this, but we'll
+        help you out with that 
+        NOTE: set ec2onrails_config[:service_domain] = 'yourdomain.com' before running this task
+      DESC
+      task :setup_email_signing do
+        if cfg[:service_domain].nil? || cfg[:service_domain].empty?
+          raise "ERROR: missing the :service_domain key.  Please set that in your deploy script if you would like to use this task."
+        end
+    
+        domain = cfg[:service_domain]
+        postmaster_email = "postmaster@#{domain}"
+    
+        #make the selector something that will help us roll over and expire the old key next year
+        selector = "mail#{Time.now.year.to_s[-2..-1]}"  #ie, mail09
+    
+        allow_sudo do
+          sudo "sh -c 'export DEBIAN_FRONTEND=noninteractive; aptitude -q -y install postfix dkim-filter'"
+          #do NOT change the size of the key; making it longer can cause problems with some of the dkim implementations
+    
+          keys_exist = File.exist?("config/mail/dkim/dkim_#{selector}.private.key") && File.exist?("config/mail/dkim/dkim_#{selector}.public.key")
+    
+          unless keys_exist
+            #lets make them!
+            cmds = <<-CMDS
+    mkdir -p config/mail/dkim;
+    cd config/mail/dkim;
+    openssl genrsa -out dkim_#{selector}.private.key 1024;
+    openssl rsa -in dkim_#{selector}.private.key -out dkim_#{selector}.public.key -pubout -outform PEM
+    CMDS
+            system cmds
+          end
+    
+          pub_key = File.read("config/mail/dkim/dkim_#{selector}.public.key")
+          pub_key = pub_key.split("\n")[1..-2].join('')
+          
+          #lets get the private and public keys up to the server
+          put File.read("config/mail/dkim/dkim_#{selector}.private.key"), "/tmp/dkim_#{selector}.private.key"
+          put File.read("config/mail/dkim/dkim_#{selector}.public.key"), "/tmp/dkim_#{selector}.public.key"
+          sudo "mkdir -p /var/dkim-filter"
+          sudo "mv /tmp/dkim_#{selector}.p*.key /var/dkim-filter/."
+    
+          #saw a note that Canonicalization relaxed was helpful for rails applications...
+          #haven't tested that yet
+          dkim_filter_conf = <<-SCRIPT 
+    # Log to syslog
+      Syslog      yes
+    
+    # Sign for example.com with key in /etc/mail/dkim.key using
+      Domain      #{domain}   
+      KeyFile     /var/dkim-filter/dkim_#{selector}.private.key
+      Selector    #{selector} 
+    
+    # Common settings. See dkim-filter.conf(5) for more information.
+      AutoRestart       no
+      Background        yes
+      SubDomains        no
+      Canonicalization  relaxed
+    SCRIPT
+    
+          put dkim_filter_conf, "/tmp/dkim-filter.conf.tmp"
+          sudo "mv /etc/dkim-filter.conf /etc/dkim-filter.conf.orig" 
+          sudo "mv /tmp/dkim-filter.conf.tmp /etc/dkim-filter.conf" 
+          cmds = <<-CMDS
+    sudo postconf -e 'myhostname = #{domain}';
+    sudo postconf -e 'mydomain = #{domain}';
+    sudo postconf -e 'myorigin = $mydomain';
+    sudo postconf -e 'mynetworks_style=subnet';
+    sudo postconf -e 'biff = no';
+    sudo postconf -e 'alias_maps = hash:/etc/aliases';
+    sudo postconf -e 'alias_database = hash:/etc/aliases';
+    sudo postconf -e 'mydestination = localdomain, localhost, localhost.localdomain, localhost';
+    sudo postconf -e 'relay_domains=$mydestination';
+    sudo postconf -e 'mynetworks = 127.0.0.0/8';
+    sudo postconf -e 'smtpd_milters = inet:localhost:8891';
+    sudo postconf -e 'non_smtpd_milters = inet:localhost:8891';
+    sudo postconf -e 'milter_protocol = 2';
+    sudo postconf -e 'milter_default_action = accept'
+    CMDS
+          sudo cmds
+    
+          #lets lock it down
+          sudo "chown -R dkim-filter:dkim-filter /var/dkim-filter"
+          sudo "chmod 600 /var/dkim-filter/*"
+    
+          puts "*" * 80
+          puts "NOTE: you need to do a few things"
+          puts "  * created public and private DKIM keys to config/mail/dkim_#{selector}.*.key" unless keys_exist
+          puts "\n"
+          msg = <<-MSG
+      * Enter these *TWO* records into your DNS record:
+          #{selector}._domainkey.#{domain} IN TXT 'k=rsa; t=y; p=#{pub_key}'
+          _domainkey.#{domain} IN TXT 't=y; o=~; r=#{postmaster_email}'
+    
+    I would recommend signing into your ec2 instance and running some test emails.  Gmail is very fast in updating their records, but yahoo (as of this writing) is slow and inconsistent.  But you can run a command like this to various email address to see how it works:
+    
+    echo 'something searchable so you can find it in your spam filter!  did dkim work?' | mail -s "my dkim email; lets see how it went" adam@someservice.com
+    
+    
+    NOTE: in the near future, when things are looking good, if you take away the 't=y; ' from the above two records, it tells the email services that you are no longer testing the service and to treat your signings with tough love.
+    
+    
+    MSG
+          puts msg
+    
+          #sometimes the dkim-filter restart fails; it seems to be a race condition with some of the postfix changes going in...
+          #but a sleep here seems to do the trick.
+          sleep(10)
+          output = quiet_capture "sudo /etc/init.d/dkim-filter restart"
+          if output =~ /smfi_opensocket\(\) failed/
+            #ah, if we didn't sleep enough above, lets try it one more time; but this time it will fail if we still get
+            #the smfi_opensocket error
+            sleep(5)
+            sudo "/etc/init.d/dkim-filter restart 2>&1"
+          end
+          sleep(2)
+          sudo "/etc/init.d/postfix restart 2>&1"
+        end
+    
+      end
+    
+      
+      desc <<-DESC
+        Install extra rubygems. Set ec2onrails_config[:rubygems], it should \
+        be with an array of strings.
+      DESC
+      task :install_gems do
+        if cfg[:rubygems]
+          allow_sudo do
+            cfg[:rubygems].each do |g|
+              sudo "gem install #{g} --no-rdoc --no-ri"
+            end
+          end
+        end        
+      end
+      
+      task :run_rails_rake_gems_install do
+        #if running under Rails 2.1, lets trigger 'rake gems:install', but in such a way
+        #so it fails gracefully if running rails < 2.1
+        # ALSO, this might be the first time rake is run, and running it as sudo means that 
+        # if any plugins are loaded and create directories... like what image_science does for 
+        # ruby_inline, then the dirs will be created as root.  so trigger the rails loading
+        # very quickly before the sudo is called
+        # run "cd #{release_path} && rake RAILS_ENV=#{rails_env} -T 1>/dev/null && sudo rake RAILS_ENV=#{rails_env} gems:install"
+        allow_sudo do
+          output = run "cd #{release_path} && rake RAILS_ENV=#{rails_env} db:version > /dev/null 2>&1 || rvmsudo bundle install --path vendor/bundle"
+          puts output
+        end
+      end
+      
+      desc <<-DESC
+        A convenience task to upgrade existing packages and gems and install \
+        specified new ones.
+      DESC
+      task :upgrade_and_install_all do
+        upgrade_packages
+        upgrade_gems
+        install_packages
+        install_gems
+      end
+      
+      desc <<-DESC
+        Set the timezone using the value of the variable named timezone. \
+        Valid options for timezone can be determined by the contents of \
+        /usr/share/zoneinfo, which can be seen here: \
+        http://packages.ubuntu.com/cgi-bin/search_contents.pl?searchmode=filelist&word=tzdata&version=gutsy&arch=all&page=1&number=all \
+        Remove 'usr/share/zoneinfo/' from the filename, and use the last \
+        directory and file as the value. For example 'Africa/Abidjan' or \
+        'posix/GMT' or 'Canada/Eastern'.
+      DESC
+      task :set_timezone do
+        if cfg[:timezone]
+          allow_sudo do
+            sudo "bash -c 'echo #{cfg[:timezone]} > /etc/timezone'"
+            sudo "cp /usr/share/zoneinfo/#{cfg[:timezone]} /etc/localtime"
+          end
+        end
+      end
+      
+      desc <<-DESC
+        DEPRECATED. See install_system_files.
+      DESC
+      task :deploy_files do
+        if cfg[:server_config_files_root]
+          puts "*****  DEPRECATION WARNING: you're using the deploy_files task which has been deprecated" # TODO pointer to documentation
+          begin
+            filename = "config_files.tar"
+            local_file = "#{Dir.tmpdir}/#{filename}"
+            remote_file = "/tmp/#{filename}"
+            FileUtils.cd(cfg[:server_config_files_root]) do
+              File.open(local_file, 'wb') { |tar| Minitar.pack(".", tar) }
+            end
+            put File.read(local_file), remote_file
+            allow_sudo do
+              sudo "tar xvf #{remote_file} -o -C /"
+            end
+          ensure
+            rm_rf local_file
+            run "rm -f #{remote_file}"
+          end
+        end
+      end
+      
+      desc <<-DESC
+        Installs files into the system anywhere outside of the Rails app.
+        The directory RAILS_ROOT/config/ec2onrails/system_files can contain
+        files that will be installed into the server relative to "/", and it
+        can contain a manifest file with metadata to change the file owner
+        and permissions, and it allows the files to be cleanly uninstalled 
+        from the system.
+        TODO pointer to full documentation
+      DESC
+      task :install_system_files do
+        allow_sudo do
+          sudo "/usr/local/ec2onrails/bin/install_system_files #{release_path}"
+        end
+      end
+      
+      desc <<-DESC
+        Restart a set of services. Set ec2onrails_config[:services_to_restart]
+        to an array of strings. It's assumed that each service has a script
+        in /etc/init.d
+      DESC
+      task :restart_services do
+        if cfg[:services_to_restart] && cfg[:services_to_restart].any?
+          allow_sudo do
+            cfg[:services_to_restart].each do |service|
+              run_init_script(service, "restart")
+            end
+          end
+        end
+      end
+      
+      desc <<-DESC
+        Set the email address that mail to the app user forwards to.
+      DESC
+      task :set_mail_forward_address do
+        if cfg[:mail_forward_address]
+          allow_sudo do
+            sudo "sh -c 'echo #{cfg[:mail_forward_address]} > /root/.forward'"
+          end
+        end
+      end
+    
+      desc <<-DESC
+      Enable ssl for the web server. You'll want to replace the default SSL
+      certificate and key files, the certificate file is at
+      /etc/ec2onrails/ssl/cert/ec2onrails-default.crt
+      and a the key file is at
+      /etc/ec2onrails/ssl/private/ec2onrails-default.key
+      (use the deploy_files task).
+      The key file should NOT have a passphrase.
+      DESC
+      task :enable_ssl, :roles => :web do
+        # TODO: enable for nginx
+        # run_init_script("nginx", "restart")
+      end
+      
+      desc <<-DESC
+        Upload the app user's SSH deploy keys from
+        config/ec2onrails/deploy_keys to /home/app/.ssh
+        The deploy_keys dir should contain the SSH config files that
+        are needed to deploy your app's source code from your SCM repository
+        (if you're deploying from an SCM repo). This means an SSH private key
+        (named id_dsa), the public key (named id_dsa.pub) and possibly a 
+        known_hosts file.
+        They can't deployed via install_system_files because the
+        app user's SSH credentials might be needed to deploy the
+        app itself if it's coming directly from an SCM repository.
+      DESC
+      task :upload_deploy_keys do
+        deploy_keys_dir = "config/ec2onrails/deploy_keys"
+        remote_dir = "/home/app/.ssh"
+        
+        if File.exist? deploy_keys_dir
+          run "mkdir -p #{remote_dir}"
+          Dir.chdir deploy_keys_dir do
+            Dir.glob("*").each do |f|
+              remote_file = "#{remote_dir}/#{f}"
+              put File.read(f), "#{remote_file}"
+            end
+          end
+          run "chmod -R go-rwx /home/app/.ssh"
+        end
+      end
+      
+      desc <<-DESC
+        Clear the varnish proxy cache (if caching is enabled, which it isn't
+        by default). Purges all documents from the cache.
+      DESC
+      task :purge_proxy_cache, :roles => :proxy do
+        run "varnishadm -T localhost:6082 'url.purge .*'"
+      end
+      
+      desc <<-DESC
+        Restrict the app user's sudo access.
+        Defaults the user to only be able to \
+        sudo to god
+      DESC
+      task :restrict_sudo_access do
+        old_user = fetch(:user)
+        is_rootequiv = capture("groups").split.include?("admin") # check groups before changing user
+        begin
+          set :user, 'ubuntu'
+          sessions.clear #clear out sessions cache..... this way the ssh connections are reinitialized
+          
+          # Remove the app user from the "rootequiv" group, this removes full sudo ability
+          if is_rootequiv
+            sudo "deluser app admin"
+          else
+            puts "User 'app' is not a member of group 'rootequiv' (old_user = #{old_user})."
+          end
+        ensure
+          set :user, old_user
+          sessions.clear
+        end
+      end
+    
+      desc <<-DESC
+        Grant *FULL* sudo access to the app user.
+        This is NOT RECOMMENDED, it will make the 'app' user the
+        equivalent of 'root' until the 'restrict_sudo_access' task is run. 
+        Alternatively, a task that requires sudo ability can call the
+        allow_sudo method with a block, this will give the app user sudo
+        ability only while the block is being run.
+      DESC
+      task :grant_sudo_access do
+        allow_sudo
+      end
+          
+      @within_sudo = 0
+      def allow_sudo
+        begin
+          @within_sudo += 1
+          old_user = fetch(:user)
+          if @within_sudo > 1
+            yield if block_given?
+            true
+          # The following can break if using multiple instances and a deploy was killed partway.
+          # Disabled for now.
+          # elsif capture("groups").split.include?("rootequiv")
+          #   yield if block_given?
+          #   false
+          else
+            begin
+              # need to cheat and temporarily set the user to ROOT so we
+              # can temporarily add the app user to the rootequiv group.
+              # we can do this because the root and app user have the same
+              # ssh login preferences....
+              set :user, 'ubuntu'
+              sessions.clear #clear out sessions cache..... this way the ssh connections are reinitialized
+          
+              # Temporarily add the app user to the "rootequiv" group, this will give full sudo ability
+              sudo "adduser app admin"
+          
+              set :user, old_user
+              sessions.clear
+              yield if block_given?
+            ensure
+              server.restrict_sudo_access if block_given?
+              set :user, old_user
+              sessions.clear
+              true
+            end
+          end
+        ensure
+          @within_sudo -= 1
+        end
+      end
+
+    end
+     
+  end
+
+end

data/lib/ec2onrails/version_helper.rb

@@ -0,0 +1,33 @@
+#    This file is part of EC2 on Rails.
+#    http://rubyforge.org/projects/ec2onrails/
+#
+#    Copyright 2007 Paul Dowman, http://pauldowman.com/
+#
+#    EC2 on Rails is free software; you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation; either version 2 of the License, or
+#    (at your option) any later version.
+#
+#    EC2 on Rails is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+require "yaml"
+
+module Ec2onrails
+  module VersionHelper
+    ROOT_DIR = File.dirname(__FILE__) + "/../.."
+    
+    def self.string
+      File.read(ROOT_DIR + "/VERSION").strip
+    end
+    
+    def self.ami_ids
+      YAML::load_file(ROOT_DIR + "/ami_ids.yml")
+    end
+  end
+end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 0
-  - 6
-  version: 0.0.6
+  - 7
+  version: 0.0.7
 platform: ruby
 authors: 
 - Xtreme Labs
@@ -70,8 +70,16 @@ extensions: []
 
 extra_rdoc_files: []
 
-files: []
-
+files: 
+- Rakefile
+- Version
+- lib/ec2onrails.rb
+- lib/ec2onrails/capistrano_utils.rb
+- lib/ec2onrails/recipes.rb
+- lib/ec2onrails/recipes/db.rb
+- lib/ec2onrails/recipes/deploy.rb
+- lib/ec2onrails/recipes/server.rb
+- lib/ec2onrails/version_helper.rb
 has_rdoc: true
 homepage: http://ec2onrails.rubyforge.org
 licenses: []