errorstudio_capistrano_recipes 0.1.10

data/lib/capistrano/errorstudio/tasks/ownership.rake

@@ -0,0 +1,11 @@
+namespace :deploy do
+  desc "Sets the owner to www-data and the group to deployers"
+  task :set_ownership do
+    on roles([:web, :app]) do
+      execute "sudo chown -R www-data:deployers #{deploy_to}"
+      execute "sudo chmod -R 775 #{deploy_to}"
+    end
+  end
+end
+
+before "deploy:cleanup", "deploy:set_ownership"

data/lib/capistrano/errorstudio/tasks/passenger.rake

@@ -0,0 +1,76 @@
+namespace :passenger do
+  # This task with bounce the standalone passenger server.
+  # The rails_env and passenger_port are specified in the deploy environment files, ex: "config/deploy/staging.rb"
+  desc "Restart Passenger server"
+  task :restart do
+    on roles(:web) do
+      execute "sudo invoke-rc.d #{fetch(:application)}_#{fetch(:rails_env)}_passenger restart"
+    end
+  end
+
+  desc "Generate the init script for passenger"
+  task :generate_init_script do
+    # on roles(:web) do
+    #   memory_available_kb = `cat /proc/meminfo | grep MemTotal | awk '{print $2}'`.to_i
+    #   thread_use_kb = 175000
+    #   set :default_pool_size, ((memory_available_kb * 0.75) / thread_use_kb).to_i
+    # end
+
+    # create the shell script that upstart will exec
+    file   = File.join(File.dirname(__FILE__), "templates", "passenger", "passenger_init.erb")
+    buffer = ERB.new(File.read(file)).result(binding)
+    filename = "#{fetch(:application)}_#{fetch(:rails_env)}_passenger"
+    on roles(:web) do
+      unless test("[ -f /etc/init.d/#{filename} ]")
+        upload! StringIO.new(buffer), "/tmp/#{filename}"
+        execute "sudo mv /tmp/#{filename} /etc/init.d/#{filename}"
+        execute "sudo chmod +x /etc/init.d/#{filename}"
+        execute "sudo update-rc.d #{filename} defaults"
+      end
+    end
+  end
+
+  def passenger_path
+    if fetch(:use_system_passenger, false)
+
+      on roles(fetch(:rvm1_roles, :all)) do
+        within release_path do
+          set :ruby_version, capture(:rvm, "current")
+        end
+      end
+      
+      "RACK_ENV=#{fetch(:rails_env)} && /usr/local/rvm/gems/#{fetch(:ruby_version)}/wrappers/ruby /usr/bin/passenger"
+    else
+      "RACK_ENV=#{fetch(:rails_env)} && #{fetch(:rvm1_auto_script_path)}/rvm-auto.sh . bundle exec passenger"
+    end
+
+  end
+
+  def stop_passenger_command
+    return <<-CMD
+      if [ -f #{current_path}/tmp/pids/passenger.#{fetch(:passenger_port)}.pid ];
+      then
+        cd #{current_path} && (#{passenger_path} stop --pid-file #{current_path}/tmp/pids/passenger.#{fetch(:passenger_port)}.pid)
+      fi
+    CMD
+  end
+
+  def start_passenger_command
+    default_pool_size = 6
+    return <<-CMD
+    # VERSION #{fetch(:rvm1_alias_name)}
+      rm -f #{current_path}/tmp/pids/passenger.#{fetch(:passenger_port)}.pid;
+      cd #{current_path} && (#{passenger_path} start --max-pool-size=#{fetch(:passenger_max_pool_size,default_pool_size)} --min-instances=#{fetch(:passenger_min_instances,default_pool_size)} -e #{fetch(:rails_env)} -p #{fetch(:passenger_port)} -d)
+    CMD
+  end
+
+  def restart_passenger_command
+    return <<-CMD
+      #{stop_passenger_command}
+      #{start_passenger_command}
+    CMD
+  end
+end
+
+after "deploy:published", "passenger:generate_init_script"
+after "deploy:finished", "passenger:restart"

data/lib/capistrano/errorstudio/tasks/prompts.rake

@@ -0,0 +1,18 @@
+def confirm(message)
+  puts <<-WARN
+
+  ========================================================================
+        #{message}
+  ========================================================================
+
+  WARN
+  set :answer, ask("Continue? y/n",'n')
+  if fetch(:answer)== 'y' then true else false end
+end
+
+def prompt_for_login
+  unless fetch(:server_admin_username,false) && fetch(:server_admin_password, false)
+    set :server_admin_username, ask("Server MySQL Username:",nil)
+    set :server_admin_password, ask("Server DB Password:", nil, echo: false)
+  end
+end

data/lib/capistrano/errorstudio/tasks/rails.rake

@@ -0,0 +1,80 @@
+# namespace :deploy do
+#   desc "Precompile assets"
+#   task :precompile do
+#     on roles(:app) do
+#       execute  "cd #{release_path}/ && bundle exec rake assets:precompile"
+#     end
+#   end
+# end
+
+namespace :rails do
+
+  namespace :secrets do
+    desc "Create Rails secrets file using random secret key base"
+    task :create_config do
+      on roles(:app) do
+        unless test("[ -f #{shared_path}/config/secrets.yml ]")
+          set :secret_key_base, SecureRandom.hex(64)
+          # get common secrets: we need to find a way to encrypt these really.
+          local_secrets = YAML.load_file(File.join(fetch(:repo_tree,""),"config/secrets.yml"))
+          if local_secrets.has_key?("common")
+            set :common_secrets, local_secrets["common"]
+          end
+          file = File.join(File.dirname(__FILE__), "templates", "rails", "secrets.yml.erb")
+          buffer = ERB.new(File.read(file), nil, '-').result(binding)
+          upload! StringIO.new(buffer), "#{shared_path}/config/secrets.yml"
+        end
+      end
+    end
+  end
+
+  # The order of tasks here is: rails:db:create_config [check the config doesn't exist] => rails:db:create => rails:db:grant
+
+  namespace :db do
+    set :db_password, (0...20).map{ [('0'..'9'),('A'..'Z'),('a'..'z')].map {|range| range.to_a}.flatten[rand(64)] }.join
+    set :db_username, -> {"#{fetch(:application).gsub(/[^A-z]/,"").to_s[0..7]}_#{fetch(:stage).to_s[0..3]}"}
+    set :db_name, -> {"#{fetch(:application).gsub(/[^A-z]/,"").to_s[0..53]}_#{fetch(:db_suffix, fetch(:stage).to_s[0..9])}"}
+
+    desc "Create database.yml"
+    task :create_config do
+      on roles(:app) do
+        unless test("[ -f #{File.join(shared_path, "config", "database.yml")} ]")
+          file = File.join(File.dirname(__FILE__), "templates", "rails", "database.yml.erb")
+          buffer = ERB.new(File.read(file)).result(binding)
+          upload! StringIO.new(buffer), "#{shared_path}/config/database.yml"
+          invoke "rails:db:create"
+        end
+      end
+    end
+
+    desc "Create database"
+    task :create do
+      on roles(:db) do
+        prompt_for_login
+        db_sql = "CREATE DATABASE IF NOT EXISTS #{fetch(:db_name)};"
+        execute "mysql --user=#{fetch(:server_admin_username)} --password=#{fetch(:server_admin_password)} --execute=\"#{db_sql}\""
+      end
+      invoke "rails:db:grant"
+    end
+
+    desc "Grant db rights"
+    task :grant do
+      puts "Creating user"
+      on roles(:db) do |server|
+        prompt_for_login
+        [%w{10.% 127.% localhost},[server.hostname]].flatten.each do |ip|
+          puts "#{ip}"
+          user_sql = "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, LOCK TABLES on #{fetch(:db_name)}.* TO '#{fetch(:db_username)}'@'#{ip}' IDENTIFIED BY '#{fetch(:db_password)}';"
+          execute "mysql --user=#{fetch(:server_admin_username)} --password=#{fetch(:server_admin_password)} --execute=\"#{user_sql}\""
+        end
+      end
+    end
+
+
+  end
+end
+
+after "deploy:check:make_linked_dirs", "rails:secrets:create_config"
+after "deploy:check:make_linked_dirs", "rails:db:create_config"
+# after "rails:db:create_config", "rails:db:create"
+after "deploy:check", "nginx:check_config"

data/lib/capistrano/errorstudio/tasks/rvm.rake

@@ -0,0 +1,49 @@
+
+
+namespace :rvm1 do
+  namespace :install do
+    desc 'Install bundler'
+    task :bundler do
+      on roles(fetch(:rvm1_roles, :all)) do
+        within release_path do
+          execute :rvm, fetch(:rvm1_ruby_version), 'do', 'gem install bundler --no-ri'
+        end
+      end
+    end
+
+    desc "install RVM, but only after checking it's not already installed"
+    task :if_necessary do
+      on roles(fetch(:rvm1_roles, :all)) do
+        if test("[ -f /usr/local/rvm/bin/rvm ]")
+          puts "RVM already exists - no need to install"
+        else
+          invoke 'rvm1:install:rvm'
+        end
+      end
+    end
+  end
+
+
+  desc "Add / update the RVM key from the keyserver unless it already exists"
+  task :update_rvm_key do
+    on roles(fetch(:rvm1_roles, :all)) do
+      unless execute :gpg, "--list-keys | grep D39DC0E3" , raise_on_non_zero_exit: false
+        execute :gpg, " --keyserver hkp://keyserver.ubuntu.com --recv-keys D39DC0E3"
+      end
+    end
+  end
+
+  desc "Set the owner of the rvm1script directory to deploy, not www-data"
+  task :set_ownership do
+    on roles(fetch(:rvm1_roles, :all)) do
+      execute "sudo chown -R `whoami | xargs echo -n`:deployers #{fetch(:rvm1_auto_script_path)}"
+    end
+  end
+
+end
+
+before "rvm1:install:rvm", "rvm1:update_rvm_key"
+before 'deploy', 'rvm1:install:if_necessary'  # install/update RVM
+before 'deploy', 'rvm1:install:ruby'  # install/update Ruby
+after 'rvm1:install:ruby', 'rvm1:install:bundler'
+after "deploy:set_ownership", "rvm1:set_ownership"

data/lib/capistrano/errorstudio/tasks/templates/nginx/basic_auth.erb

@@ -0,0 +1,8 @@
+auth_basic "<%= fetch(:basic_auth_realm) %>";
+auth_basic_user_file <%= shared_path %>/.htpasswd;
+location ~ favicon.png {
+    auth_basic off;
+}
+location ~ icon-homescreen.png {
+    auth_basic off;
+}

data/lib/capistrano/errorstudio/tasks/templates/nginx/cloudflare_real_ips.erb

@@ -0,0 +1,4 @@
+real_ip_header CF-Connecting-IP;
+<% fetch(:cloudflare_real_ips,[]).each do |ip| %>
+set_real_ip_from <%= ip %>;
+<% end %>

data/lib/capistrano/errorstudio/tasks/templates/nginx/cors.erb

@@ -0,0 +1,34 @@
+#
+# Wide-open CORS config for nginx
+#
+if ($request_method = 'OPTIONS') {
+    add_header 'Access-Control-Allow-Origin' '*';
+    #
+    # Om nom nom cookies
+    #
+    add_header 'Access-Control-Allow-Credentials' 'true';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    #
+    # Custom headers and headers various browsers *should* be OK with but aren't
+    #
+    add_header 'Access-Control-Allow-Headers' 'DNT,api-token,preview,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
+    #
+    # Tell client that this pre-flight info is valid for 20 days
+    #
+    add_header 'Access-Control-Max-Age' 1728000;
+    add_header 'Content-Type' 'text/plain charset=UTF-8';
+    add_header 'Content-Length' 0;
+    return 204;
+}
+if ($request_method = 'POST') {
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Credentials' 'true';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'DNT,api-token,Keep-Alive User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
+}
+if ($request_method = 'GET') {
+    add_header 'Access-Control-Allow-Origin' '*';
+    add_header 'Access-Control-Allow-Credentials' 'true';
+    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+    add_header 'Access-Control-Allow-Headers' 'DNT,api-token,Keep-Alive User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
+}

data/lib/capistrano/errorstudio/tasks/templates/nginx/custom_aliases.erb

@@ -0,0 +1,5 @@
+<% fetch(:custom_nginx_aliases, {}).each do |path_alias, path| %>
+    location <%= path_alias %> {
+        alias <%= path %>
+    }
+<% end %>

data/lib/capistrano/errorstudio/tasks/templates/nginx/custom_rules.erb

@@ -0,0 +1,3 @@
+<% fetch(:custom_nginx_rules,[]).each do |rule| %>
+    <%= rule %>
+<% end %>

data/lib/capistrano/errorstudio/tasks/templates/nginx/location_proxy_cache.erb

@@ -0,0 +1,6 @@
+proxy_cache <%= fetch(:cache_zone) %>;
+proxy_cache_lock on;
+proxy_cache_valid 200 <%= fetch(:nginx_cache_validity, "10s") %>;
+proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504 http_403 http_404;
+add_header X-Proxy-Cache-Status $upstream_cache_status;
+proxy_cache_bypass $http_cache_control;

data/lib/capistrano/errorstudio/tasks/templates/nginx/nginx_vhost.conf.erb

@@ -0,0 +1,84 @@
+<%= fetch(:nginx_custom_http_context, "") %>
+
+<%= fetch(:nginx_configuration,{})[:proxy_cache_path] %>
+
+<%= fetch(:nginx_configuration, {})[:url_rewrites] %>
+
+<%= fetch(:nginx_configuration, {})[:domain_redirects] %>
+
+<% fetch(:log_formats, {}).each do |name, format| %>
+	log_format <%= name %> '<%= format %>';
+<% end %>
+
+server {
+	<%= fetch(:nginx_configuration,{})[:cloudflare_real_ips] %>
+	server_name <%= fetch(:site_domains).join(" ") %>;
+	#listen   	80;
+
+	location /nginx_status {
+		stub_status on;
+
+		access_log off;
+		allow 127.0.0.1;
+		deny all;
+	}
+
+	<%= fetch(:nginx_custom_server_context, "") %>
+
+	access_log  <%= fetch(:access_log,"/var/log/nginx/#{fetch(:deploy_domain)}.access.log") %>;
+	error_log  <%= fetch(:error_log,"/var/log/nginx/#{fetch(:deploy_domain)}.error.log") %>;
+	<% if fetch(:nginx_custom_root,nil).nil? %>
+	  root   <%= fetch(:deploy_to) %><%= fetch(:http_root,"/current/public") %>;
+	<% else %>
+	  root    <%= fetch(:nginx_custom_root) %>;
+	<% end %>
+
+    <%= fetch(:nginx_configuration, {})[:basic_auth] %>
+
+    <%= fetch(:nginx_configuration,{})[:path_redirects] %>
+
+    <%= fetch(:nginx_configuration, {})[:custom_rules] %>
+
+	<%= fetch(:nginx_configuration, {})[:custom_aliases] %>
+
+
+    # enable gzip compression
+    gzip  on;
+    gzip_http_version 1.1;
+    gzip_vary on;
+    gzip_comp_level 1;
+    gzip_proxied any;
+    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+    gzip_min_length 1100;
+
+    # make sure gzip does not lose large gzipped js or css files - see http://blog.leetsoft.com/2007/7/25/nginx-gzip-ssl
+    gzip_buffers 16 8k;
+
+    # Disable gzip for older browsers that don't support it
+    gzip_disable “MSIE [1-6].(?!.*SV1)”;
+
+
+    <%= fetch(:nginx_configuration,{})[:ssl_settings] %>
+
+	location = /favicon.ico {
+		log_not_found off;
+		access_log off;
+	}
+
+	# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
+	location ~ /\. {
+		deny all;
+		access_log off;
+		log_not_found off;
+	}
+
+<%= fetch(:nginx_configuration, {})[:location_proxy_cache] %>
+
+<%= fetch(:nginx_configuration, {})[:php] %>
+
+<%= fetch(:nginx_configuration, {})[:upstream] %>
+
+<% if fetch(:requires_static, false) %>
+    index  index.html index.htm;
+<% end %>
+}

data/lib/capistrano/errorstudio/tasks/templates/nginx/path_redirects.erb

@@ -0,0 +1,5 @@
+<% fetch(:path_redirects,{}).each do |from, to| %>
+    location ~* <%= from %> {
+      return 301 <%= to %>;
+    }
+<% end %>

data/lib/capistrano/errorstudio/tasks/templates/nginx/php.erb

@@ -0,0 +1,27 @@
+    location / {
+        <%= fetch(:nginx_configuration,{})[:cors] %>
+        try_files $uri $uri/ /index.php?$args;
+    }
+
+    index  index.php index.html index.htm;
+    location ~ \.php$ {
+        try_files $uri =404;
+        include        fastcgi_params;
+    <% if fetch(:ssl_required,false) %>
+        #this isn't ideal because it'll report HTTPS on when it isn't.
+        #need to check port too.
+        fastcgi_param HTTPS                 on;
+        fastcgi_param SSL_PROTOCOL          $ssl_protocol;
+        fastcgi_param SSL_CIPHER            $ssl_cipher;
+        fastcgi_param SSL_SESSION_ID        $ssl_session_id;
+        fastcgi_param SSL_CLIENT_VERIFY     $ssl_client_verify;
+    <% end %>
+        fastcgi_pass   unix:/var/run/php5-www.sock;
+        fastcgi_index  index.php;
+        fastcgi_buffer_size 128k;
+        fastcgi_buffers 4 256k;
+        fastcgi_busy_buffers_size 256k;
+    <% fetch(:php_fastcgi_parameters, []).each do |param| %>
+        <%= param %>
+    <% end %>
+    }

data/lib/capistrano/errorstudio/tasks/templates/nginx/proxy_cache_path.erb

@@ -0,0 +1 @@
+proxy_cache_path /tmp/<%= fetch(:cache_zone) %>_cache levels=1:2 keys_zone=<%= fetch(:cache_zone) %>:10m inactive=600s max_size=1000m;

data/lib/capistrano/errorstudio/tasks/templates/nginx/redirects.erb

@@ -0,0 +1,10 @@
+<% fetch(:domain_redirects,[]).each do |site_alias|%>
+    server {
+        <%= fetch(:nginx_configuration,{})[:cloudflare_real_ips] %>
+        server_name <%= site_alias %>;
+        <% if fetch(:deploy_domain) =~ %r{#{site_alias}}%>
+        <%= fetch(:nginx_configuration,{})[:ssl_settings] %>
+        <% end %>
+        return 301 $scheme://<%= fetch(:deploy_domain) %>$request_uri;
+    }
+<% end %>