incline 0.2.3 → 0.2.4

data/lib/incline/cli/prepare/install_flytrap.rb

@@ -0,0 +1,62 @@
+require 'securerandom'
+
+module Incline
+  class CLI
+    class Prepare
+
+      FLY_TRAP_PING = "ft-" + SecureRandom.urlsafe_base64(9)
+
+      FLY_TRAP_ROUTES = <<-EOCFG
+Rails.application.routes.draw do
+  # [#{Time.now.strftime('%Y-%m-%d %H:%M:%S')}]
+  # This route defines the ping address, which is a unique address generated specifically for this web server.
+  # No other web server or host knows it.
+  # If you decide to change this address, you will want to update the associated crontab job as well.
+  get '/#{FLY_TRAP_PING}', controller: 'trap', action: 'ping'
+
+  # These two simply pour everything else into the trap controller for logging.
+  get '/(:trigger)', trigger: /.+/, controller: 'trap', action: 'index'
+  root 'trap#index'
+end
+      EOCFG
+
+      FLY_TRAP_SECRETS = <<-EOCFG
+# [#{Time.now.strftime('%Y-%m-%d %H:%M:%S')}]
+# The secrets were generated specifically for this application installation.
+test:
+  secret_key_base: #{SecureRandom.urlsafe_base64(60)}
+development:
+  secret_key_base: #{SecureRandom.urlsafe_base64(60)}
+production:
+  secret_key_base: #{SecureRandom.urlsafe_base64(60)}
+      EOCFG
+
+      private_constant :FLY_TRAP_PING, :FLY_TRAP_ROUTES, :FLY_TRAP_SECRETS
+
+      def flytrap_path
+        "http://#{@options[:host]}/#{FLY_TRAP_PING}"
+      end
+      
+      private
+      
+      def install_flytrap(shell)
+        shell.with_stat('Installing flytrap') do
+          shell.exec "if [ ! -d #{shell.home_path}/apps ]; then mkdir #{shell.home_path}/apps; fi"
+          shell.exec "chmod 775 #{shell.home_path}/apps"
+          # install the fly_trap app and write the new routes.rb file.
+          shell.exec "git clone https://github.com/barkerest/fly_trap.git #{shell.home_path}/apps/fly_trap"
+          shell.write_file "#{shell.home_path}/apps/fly_trap/config/routes.rb", FLY_TRAP_ROUTES
+          shell.write_file "#{shell.home_path}/apps/fly_trap/config/secrets.yml", FLY_TRAP_SECRETS
+          # prep the app.
+          shell.exec "cd #{shell.home_path}/apps/fly_trap"
+          shell.exec "bundle install --deployment"
+          shell.exec "bundle exec rake db:migrate:reset RAILS_ENV=production"
+          shell.exec "bundle exec rake assets:precompile RAILS_ENV=production RAILS_GROUPS=assets RAILS_RELATIVE_URL_ROOT=\"/\""
+          shell.exec "cd #{shell.home_path}"
+          # generate the cron job
+          shell.exec "(crontab -l; echo \"*/5 * * * * curl http://localhost/#{FLY_TRAP_PING} >/dev/null 2>&1\";) | crontab -"
+        end
+      end
+    end
+  end
+end

data/lib/incline/cli/prepare/install_passenger.rb

@@ -0,0 +1,37 @@
+
+module Incline
+  class CLI
+    class Prepare
+      
+      private
+      
+      def install_passenger(shell)
+        distros = {
+            '12.04' => 'precise',
+            '12.10' => 'quantal',
+            '13.04' => 'raring',
+            '13.10' => 'saucy',
+            '14.04' => 'trusty',
+            '14.10' => 'utopic',
+            '15.04' => 'vivid',
+            '15.10' => 'wily',
+            '16.04' => 'xenial',
+            '16.10' => 'yakkety',
+            '17.04' => 'zesty'
+        }
+
+        distro = distros[host_info['VERSION_ID']]
+        shell.with_stat('Installing Phusion Passenger') do
+          shell.sudo_exec 'apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7'
+          shell.apt_get 'install apt-transport-https ca-certificates'
+          shell.sudo_exec "echo deb https://oss-binaries.phusionpassenger.com/apt/passenger #{distro} main > /etc/apt/sources.list.d/passenger.list"
+          shell.apt_get 'update'
+          shell.apt_get 'install nginx-extras passenger'
+          shell.sudo_exec_ignore_code 'systemctl stop nginx'
+          shell.sudo_exec 'systemctl start nginx'
+          shell.sudo_exec 'systemctl enable nginx'
+        end
+      end
+    end
+  end
+end

data/lib/incline/cli/prepare/install_prereqs.rb

@@ -0,0 +1,15 @@
+
+module Incline
+  class CLI
+    class Prepare
+      private
+      
+      def install_prereqs(shell)
+        shell.with_stat('Installing prerequisites') do
+          shell.apt_get 'install git-core curl zlib1g-dev build-essential libssl-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt1-dev libcurl4-openssl-dev python-software-properties libffi-dev'
+        end
+      end
+      
+    end
+  end
+end

data/lib/incline/cli/prepare/install_rails.rb

@@ -0,0 +1,15 @@
+module Incline
+  class CLI
+    class Prepare
+      
+      private
+      
+      def install_rails(shell)
+        shell.with_stat("Installing Rails #{@options[:rails_version]}") do
+          shell.exec "gem install rails -v #{@options[:rails_version]}"
+          shell.exec 'rbenv rehash'
+        end
+      end
+    end
+  end
+end

data/lib/incline/cli/prepare/install_rbenv.rb

@@ -0,0 +1,39 @@
+
+module Incline
+  class CLI
+    class Prepare
+      
+      private
+      
+      def install_rbenv(shell)
+        
+        shell.with_stat('Installing rbenv') do
+          shell.exec "git clone https://github.com/rbenv/rbenv.git #{shell.home_path}/.rbenv"
+          shell.exec "git clone https://github.com/rbenv/ruby-build.git #{shell.home_path}/.rbenv/plugins/ruby-build"
+
+          bashrc = shell.read_file(shell.home_path + '/.bashrc') || ''
+          lines = bashrc.split("\n")
+          first_line = nil
+          lines.each_with_index do |line,index|
+            if line.strip[0] != '#'
+              first_line = index
+              break
+            end
+          end
+          first_line ||= lines.count
+          lines.insert first_line, <<-EORC
+
+# Initialize rbenv and ruby.
+export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/plugins/ruby-build/bin:$PATH"
+eval "$(rbenv init -)"
+
+          EORC
+
+          bashrc = lines.join("\n")
+          shell.write_file(shell.home_path + '/.bashrc', bashrc)
+        end
+        
+      end
+    end
+  end
+end

data/lib/incline/cli/prepare/install_ruby.rb

@@ -0,0 +1,27 @@
+
+module Incline
+  class CLI
+    class Prepare
+      
+      private
+      
+      def install_ruby(shell)
+        shell.with_stat("Install Ruby #{@options[:ruby_version]}") do
+          result = shell.exec('which rbenv').to_s.strip
+          raise 'failed to install rbenv' if result == ''
+
+          shell.exec "rbenv install -v #{@options[:ruby_version]}"
+          shell.exec "rbenv global #{@options[:ruby_version]}"
+
+          result = shell.exec('which ruby').to_s.partition("\n")[0].strip
+          raise 'ruby not where expected' unless result == shell.home_path + '/.rbenv/shims/ruby' || result == '~/.rbenv/shims/ruby'
+
+          shell.exec "echo 'gem: --no-ri --no-rdoc' > ~/.gemrc"
+          shell.exec 'gem install bundler'
+          shell.exec 'rbenv rehash'
+        end
+      end
+      
+    end
+  end
+end

data/lib/incline/cli/prepare/restart_nginx.rb

@@ -0,0 +1,23 @@
+
+module Incline
+  class CLI
+    class Prepare
+      
+      private
+      
+      def restart_nginx(shell)
+        shell.with_stat('Restarting nginx') do
+          # test the configuration.
+          shell.sudo_exec('nginx -t')
+
+          # stop the service.
+          shell.sudo_exec_ignore_code 'systemctl stop nginx.service'
+          
+          # start the service.
+          shell.sudo_exec 'systemctl start nginx.service'
+        end
+      end
+      
+    end
+  end
+end

data/lib/incline/cli/prepare/ssh_copy_id.rb

@@ -0,0 +1,32 @@
+
+module Incline
+  class CLI
+    class Prepare
+      private
+      
+      def ssh_copy_id(shell)
+        my_id_file = File.expand_path('~/.ssh/rsa_id.pub')
+        if File.exist?(my_id_file)
+          my_id = File.read(my_id_file)
+          shell.with_stat('Enabling public key authentication') do
+            
+            shell.exec 'if [ ! -d ~/.ssh ]; then mkdir ~/.ssh; fi'
+            shell.exec 'chmod 700 ~/.ssh'
+            
+            contents = shell.read_file("#{shell.home_path}/.ssh/authorized_keys")
+            if contents
+              unless contents.split("\n").find{|k| k.to_s.strip == my_id.strip}
+                contents += "\n" unless contents[-1] == "\n"
+                contents += my_id.strip + "\n"
+                shell.write_file("#{shell.home_path}/.ssh/authorized_keys", contents)
+              end
+            else
+              shell.write_file("#{shell.home_path}/.ssh/authorized_keys", my_id + "\n")
+            end
+            
+          end
+        end
+      end
+    end
+  end
+end

data/lib/incline/cli/prepare/update_system.rb

@@ -0,0 +1,16 @@
+
+module Incline
+  class CLI
+    class Prepare
+      
+      private
+      
+      def update_system(shell)
+        shell.with_stat('Retrieving updates') { shell.apt_get 'update' }
+        shell.with_stat('Updating system') { shell.apt_get 'upgrade' }
+        shell.with_stat('Updating kernel') { shell.apt_get 'install linux-generic linux-headers-generic linux-image-generic' }
+      end
+      
+    end
+  end
+end

data/lib/incline/cli/prepare.rb

@@ -0,0 +1,270 @@
+require 'securerandom'
+require 'shells'
+require 'io/console'
+require 'ansi/code'
+
+require 'incline/cli/prepare/extend_shell'
+require 'incline/cli/prepare/update_system'
+require 'incline/cli/prepare/ssh_copy_id'
+require 'incline/cli/prepare/config_ssh'
+require 'incline/cli/prepare/install_prereqs'
+require 'incline/cli/prepare/install_db'
+require 'incline/cli/prepare/add_deploy_user'
+require 'incline/cli/prepare/install_rbenv'
+require 'incline/cli/prepare/install_ruby'
+require 'incline/cli/prepare/install_rails'
+require 'incline/cli/prepare/install_flytrap'
+require 'incline/cli/prepare/install_passenger'
+require 'incline/cli/prepare/config_passenger'
+require 'incline/cli/prepare/create_nginx_utils'
+require 'incline/cli/prepare/restart_nginx'
+
+module Incline
+  class CLI
+    ##
+    # Defines the 'prepare' command for the CLI.
+    class Prepare
+      
+      ##
+      # Creates a new 'prepare' command for the CLI.
+      def initialize(host_name_or_ip, ssh_user, *options)
+        @options = {
+            port: 22,
+            deploy_user: 'deploy',
+            deploy_password: SecureRandom.urlsafe_base64(24),
+            admin_password: '',
+            ruby_version: '2.3.4',
+            rails_version: '4.2.9'
+        }
+        @options[:host] = host_name_or_ip.to_s.strip
+        
+        raise UsageError.new("The 'host_name_or_ip' parameter is required.", 'prepare') if @options[:host] == ''
+        
+        if @options[:host] =~ /\A(?:\[[0-9a-f:]+\]|[a-z0-9]+(?:\.[a-z0-9]+)*):(?:\d+)\z/i
+          h,_,p = @options[:host].rpartition(':')
+          @options[:host] = h
+          @options[:port] = p.to_i
+        end
+        
+        @options[:admin_user] = ssh_user.to_s.strip
+        
+        raise UsageError.new("The 'ssh_user' parameter is required.", 'prepare') if @options[:admin_user] == ''
+        
+        while options.any?
+          flag = options.delete_at(0)
+          case flag
+            when '--ssh-password'
+              @options[:admin_password] = options.delete_at(0).to_s.strip
+            when '--port'
+              @options[:port] = options.delete_at(0).to_s.to_i
+            when '--deploy-user'
+              @options[:deploy_user] = options.delete_at(0).to_s.strip
+              raise UsageError.new("The '--deploy-user' parameter requires a valid username.", 'prepare') unless @options[:deploy_user] =~ /\A[a-z][a-z0-9_]*\z/i
+              raise UsageError.new("The '--deploy-user' parameter cannot match the 'ssh_user' parameter.", 'prepare') if @options[:deploy_user] == @options[:admin_user]
+            when '--ruby-version'
+              @options[:ruby_version] = options.delete_at(0).to_s.strip
+              raise UsageError.new("The '--ruby-version' parameter must be at least 2.3.", 'prepare') if @options[:ruby_version].to_f < 2.3
+            when '--rails-version'
+              @options[:rails_version] = options.delete_at(0).to_s.strip
+              raise UsageError.new("The '--rails-version' parameter must be at least 4.2.", 'prepare') if @options[:rails_version].to_f < 4.2
+              
+            # These options can be used to customize the self-signed certificate created initially.
+            when '--ssl-country'
+              @options[:ssl_country] = options.delete_at(0).to_s.strip
+            when '--ssl-state', '--ssl-province'
+              @options[:ssl_state] = options.delete_at(0).to_s.strip
+            when '--ssl-location', '--ssl-city'
+              @options[:ssl_location] = options.delete_at(0).to_s.strip
+            when '--ssl-org'
+              @options[:ssl_org] = options.delete_at(0).to_s.strip
+              
+            else
+              raise UsageError.new("The '#{flag}' parameter is not recognized.", 'prepare')
+          end
+        end
+        
+        @options[:port] = 22 unless (1..65535).include?(@options[:port])
+        if @options[:admin_password].to_s.strip == ''
+          print 'Please enter the sudo password: '
+          @options[:admin_password] = STDIN.noecho(&:gets).to_s.strip
+          puts ''
+          if @options[:admin_password].to_s.strip == ''
+            puts 'WARNING: Sudo password is blank and script may fail because of this.'
+          end
+        end
+        
+        @options[:ssl_country] = 'US' if @options[:ssl_country].to_s == ''
+        @options[:ssl_state] = 'Pennsylvania' if @options[:ssl_state].to_s == ''
+        @options[:ssl_location] = 'Pittsburgh' if @options[:ssl_location].to_s == ''
+        @options[:ssl_org] = 'WEB' if @options[:ssl_org].to_s == ''
+        
+      end
+      
+      ##
+      # Prepares an Ubuntu server with NGINX and Passenger to run Rails applications.
+      #
+      # Set 'host_name_or_ip' to the DNS name or IP address for the host.
+      # Set 'ssh_user' to the user name you want to access the host as.
+      # This user must be able to run 'sudo' commands and must not be 'root'.
+      #
+      # You can provide a port value either appended to the host name or as a 
+      # separate argument using the '--port' option.
+      # e.g. ssh.example.com:22 or --port 22
+      #
+      # If you are configured with key authentication to the host then you don't 
+      # need to provide an SSH password to connect.  However, this password is 
+      # also used to run sudo commands.  You can specify a password on the command
+      # line by using the '--ssh-password' option.  If you do not, then the script
+      # will prompt you for a "sudo" password to use.  You can leave this blank,
+      # but the script will warn you that it may lead to failure.  Obviously, if 
+      # you are configured with NOPASSWD in the sudoers file, then you can safely
+      # leave the password blank.
+      #
+      # By default, a deployment user named 'deploy' will be created on the host.
+      # If a user by this name already exists, that user will be removed first.
+      # This means that any data stored in the user profile will be destroyed by
+      # the script prior to creating the new user. You can change the name of the
+      # deployment user using the '--deploy-user' option.
+      # e.g. --deploy_user bob
+      #
+      # The script will install 'rbenv' under the deploy user's account and then
+      # install Ruby followed by Rails.  The default Ruby version installed is 
+      # 2.3.4 and the Rails version installed is 4.2.9.  To change these versions
+      # use the '--ruby-version' and '--rails-version' options.  The Ruby version
+      # must be at least 2.3 and the rails version must be at least 4.2.
+      #
+      def run
+        # reset the host info.
+        @host_info = nil
+        
+        admin_shell do |admin|
+          # test the connection and sudo capabilities.
+          admin.sudo_stat_exec 'Testing connection', 'ls -al /root'
+          
+          # retrieve the host info now that we are connected.
+          @host_info = admin.host_info
+          raise CliError, "Host OS (#{host_id}) is not supported." unless [ :ubuntu ].include?(host_id)
+          
+          # update the system and configure SSH.
+          update_system admin
+          ssh_copy_id(admin) unless @options[:admin_password] == ''
+          config_ssh admin
+        end
+        # end the session and reconnect to take advantage of the SSH reset done at the end of config_ssh
+        admin_shell do |admin|
+          # install ruby prerequisites and mariadb. 
+          install_prereqs admin
+          install_db admin
+          
+          # add the deploy user.
+          add_deploy_user admin
+          
+          # log in as deploy user
+          deploy_shell do |deploy|
+            # enable key auth.
+            ssh_copy_id deploy
+            
+            # install rbenv.
+            install_rbenv deploy
+          end
+          
+          # log out and then back in to load rbenv
+          deploy_shell do |deploy|
+            # install ruby & rails
+            install_ruby deploy
+            install_rails deploy
+            
+            # one more fun little addition, we'll add the flytrap app to catch path attacks.
+            install_flytrap deploy
+          end
+          # done with the deploy user, so log out of that session.
+          
+          # install Phusion Passenger to the host and then configure it.
+          install_passenger admin
+          config_passenger admin
+          
+          # create a few helper utilities to test and reload the configuration.
+          create_nginx_utils admin
+          
+          # then restart nginx.
+          restart_nginx admin
+          
+          puts 'Testing nginx server...'
+          admin.exec_ignore_code 'curl http://localhost/this-is-a-test'
+          admin.exec "curl #{flytrap_path}"
+        end
+        
+        puts ''
+        puts ANSI.ansi(:bold, :white) { 'Host preparation completed.' }
+        puts ''
+        puts 'Deployment User'
+        puts ('-' * 70)
+        puts "User:     " + ANSI.ansi(:bold) { @options[:deploy_user] }
+        puts "Password: " + ANSI.ansi(:bold) { @options[:deploy_password] }
+        puts "Home:     " + ANSI.ansi(:bold) { @options[:deploy_home] }
+        puts ''
+        puts 'Server Test Path'
+        puts ('-' * 70)
+        puts ANSI.ansi(:bold) { flytrap_path }
+        
+        logfile.flush
+        logfile.close
+        @logfile = nil
+
+      end
+      
+      
+      private
+      
+      def host_info
+        @host_info ||= {}
+      end
+      
+      def host_id
+        host_info['ID'] ||= :unknown
+      end
+      
+      
+      def logfile
+        @logfile ||=
+            begin
+              dir = File.expand_path('~/incline-logs')
+              Dir.mkdir(dir) unless Dir.exist?(dir)
+              File.open(File.expand_path("#{dir}/prepare-#{@options[:host]}.log"), 'wt')
+            end
+
+      end
+      
+      def admin_shell
+        Shells::SshSession.new(
+            host: @options[:host],
+            port: @options[:port],
+            user: @options[:admin_user],
+            password: @options[:admin_password],
+            retrieve_exit_code: true,
+            on_non_zero_exit_code: :raise,
+            silence_timeout: 5
+        ) do |sh|
+          extend_shell sh, '# '
+          yield sh
+        end
+      end
+      
+      def deploy_shell
+        Shells::SshSession.new(
+            host: @options[:host],
+            port: @options[:port],
+            user: @options[:deploy_user],
+            password: @options[:deploy_password],
+            retrieve_exit_code: true,
+            on_non_zero_exit_code: :raise,
+            silence_timeout: 5
+        ) do |sh|
+          extend_shell sh, '$ '
+          yield sh
+        end
+      end
+      
+    end
+  end
+end

data/lib/incline/cli/usage.rb

@@ -8,38 +8,68 @@ module Incline
 
       ##
       # Creates a new 'usage' command for the CLI.
-      def initialize
-
+      def initialize(command = nil)
+        @command = command ? command.to_s.downcase.to_sym : nil
       end
 
       ##
       # Shows usage information for the application.
       def run
-
-        commands = Incline::CLI::valid_commands.sort{|a,b| a[0] <=> b[0]}
-
-        msg = ANSI.ansi(:bold) { "Usage: #{$PROGRAM_NAME} command <arguments>" }
-        msg += "\nValid Commands:\n"
-
-        commands.each do |(name,klass,params)|
-          comment = get_run_comment(klass)
-          comment = "(No description)" if comment.to_s.strip == ''
-          comment = '    ' + comment.gsub("\n", "\n    ")
-          msg += "  #{name}"
-          pend = ''
-          params.each do |t,p|
-            msg += ' '
-            if t == :req
-              msg += p.to_s
-            elsif t == :opt
-              msg += '[' + p.to_s
-              pend += ']'
-            else
-              msg += '<...>'
+        msg = nil
+        
+        if @command
+          command = Incline::CLI::valid_commands.find{|c| c[0] == @command}
+          if command
+            msg = "Usage: #{$PROGRAM_NAME} #{command[0]}"
+            pend = ''
+            command[2].each do |t,p|
+              msg += ' '
+              if t == :req
+                msg += p.to_s
+              elsif t == :opt
+                msg += '[' + p.to_s
+                pend += ']'
+              else
+                msg += '<...>'
+              end
+              msg += pend
+            end
+            msg = ANSI.ansi(:bold) { msg }
+            msg += "\n"
+            comment = get_run_comment(command[1])
+            comment = "(No additional information)" if comment.to_s.strip == ''
+            comment = '    ' + comment.gsub("\n", "\n    ")
+            msg += comment + "\n"
+          end
+        end
+        
+        unless msg
+          commands = Incline::CLI::valid_commands.sort{|a,b| a[0] <=> b[0]}
+          
+          msg = ANSI.ansi(:bold) { "Usage: #{$PROGRAM_NAME} command <arguments>" }
+          if @command
+            msg += "\nInvalid Command: #{@command}\n"
+          end
+          msg += "\nValid Commands:\n"
+          commands.each do |(name,klass,params)|
+            msg += "  #{name}"
+            pend = ''
+            params.each do |t,p|
+              msg += ' '
+              if t == :req
+                msg += p.to_s
+              elsif t == :opt
+                msg += '[' + p.to_s
+                pend += ']'
+              else
+                msg += '<...>'
+              end
             end
+            msg += pend + "\n"
           end
-          msg += "\n" + comment + "\n"
+          
         end
+        
 
         STDOUT.print msg
         msg