josh-slicehost 0.0.2.2 → 0.0.2.5
Sign up to get free protection for your applications and to get access to all the features.
- metadata +5 -24
- data/MIT-LICENSE +0 -20
- data/README +0 -22
- data/lib/capistrano/ext/slicehost/apache.rb +0 -89
- data/lib/capistrano/ext/slicehost/aptitude.rb +0 -94
- data/lib/capistrano/ext/slicehost/disk.rb +0 -12
- data/lib/capistrano/ext/slicehost/gems.rb +0 -41
- data/lib/capistrano/ext/slicehost/git.rb +0 -6
- data/lib/capistrano/ext/slicehost/iptables.rb +0 -21
- data/lib/capistrano/ext/slicehost/mysql.rb +0 -36
- data/lib/capistrano/ext/slicehost/render.rb +0 -6
- data/lib/capistrano/ext/slicehost/ruby.rb +0 -56
- data/lib/capistrano/ext/slicehost/slice.rb +0 -7
- data/lib/capistrano/ext/slicehost/ssh.rb +0 -59
- data/lib/capistrano/ext/slicehost/templates/iptables.erb +0 -42
- data/lib/capistrano/ext/slicehost/templates/passenger.conf.erb +0 -2
- data/lib/capistrano/ext/slicehost/templates/passenger.load.erb +0 -1
- data/lib/capistrano/ext/slicehost/templates/sshd_config.erb +0 -81
- data/lib/capistrano/ext/slicehost/templates/vhost.erb +0 -8
- data/lib/capistrano/ext/slicehost.rb +0 -7
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: josh-slicehost
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.2.
|
4
|
+
version: 0.0.2.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Joshua Peek
|
@@ -9,11 +9,12 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-
|
12
|
+
date: 2009-03-17 00:00:00 -07:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: capistrano
|
17
|
+
type: :runtime
|
17
18
|
version_requirement:
|
18
19
|
version_requirements: !ruby/object:Gem::Requirement
|
19
20
|
requirements:
|
@@ -29,28 +30,8 @@ extensions: []
|
|
29
30
|
|
30
31
|
extra_rdoc_files: []
|
31
32
|
|
32
|
-
files:
|
33
|
-
|
34
|
-
- MIT-LICENSE
|
35
|
-
- lib/capistrano/ext/slicehost.rb
|
36
|
-
- lib/capistrano/ext/slicehost
|
37
|
-
- lib/capistrano/ext/slicehost/disk.rb
|
38
|
-
- lib/capistrano/ext/slicehost/ruby.rb
|
39
|
-
- lib/capistrano/ext/slicehost/gems.rb
|
40
|
-
- lib/capistrano/ext/slicehost/git.rb
|
41
|
-
- lib/capistrano/ext/slicehost/aptitude.rb
|
42
|
-
- lib/capistrano/ext/slicehost/slice.rb
|
43
|
-
- lib/capistrano/ext/slicehost/ssh.rb
|
44
|
-
- lib/capistrano/ext/slicehost/render.rb
|
45
|
-
- lib/capistrano/ext/slicehost/apache.rb
|
46
|
-
- lib/capistrano/ext/slicehost/iptables.rb
|
47
|
-
- lib/capistrano/ext/slicehost/mysql.rb
|
48
|
-
- lib/capistrano/ext/slicehost/templates
|
49
|
-
- lib/capistrano/ext/slicehost/templates/passenger.conf.erb
|
50
|
-
- lib/capistrano/ext/slicehost/templates/vhost.erb
|
51
|
-
- lib/capistrano/ext/slicehost/templates/passenger.load.erb
|
52
|
-
- lib/capistrano/ext/slicehost/templates/sshd_config.erb
|
53
|
-
- lib/capistrano/ext/slicehost/templates/iptables.erb
|
33
|
+
files: []
|
34
|
+
|
54
35
|
has_rdoc: false
|
55
36
|
homepage: http://github.com/josh/slicehost
|
56
37
|
post_install_message:
|
data/MIT-LICENSE
DELETED
@@ -1,20 +0,0 @@
|
|
1
|
-
Copyright (c) 2009 Joshua Peek
|
2
|
-
|
3
|
-
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
-
a copy of this software and associated documentation files (the
|
5
|
-
"Software"), to deal in the Software without restriction, including
|
6
|
-
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
-
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
-
permit persons to whom the Software is furnished to do so, subject to
|
9
|
-
the following conditions:
|
10
|
-
|
11
|
-
The above copyright notice and this permission notice shall be
|
12
|
-
included in all copies or substantial portions of the Software.
|
13
|
-
|
14
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
-
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
-
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
-
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
-
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
-
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
-
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
Slicehost Recipes
|
2
|
-
=================
|
3
|
-
|
4
|
-
Slicehost Capistrano recipes for configuring and managing your slice. Require Capistrano >2.5.0
|
5
|
-
|
6
|
-
Example
|
7
|
-
=======
|
8
|
-
|
9
|
-
The recipes are designed to work stand alone apart from the standard set of Capistrano deploy recipes.
|
10
|
-
|
11
|
-
require 'capistrano/ext/slicehost' in your deploy.rb file
|
12
|
-
|
13
|
-
Contributors
|
14
|
-
============
|
15
|
-
|
16
|
-
* Oleg Zhurbiy
|
17
|
-
* Thomas Balthazar
|
18
|
-
* Fran Diéguez
|
19
|
-
* Stephen Lumenta
|
20
|
-
* Jared Giles
|
21
|
-
|
22
|
-
Copyright (c) 2009 Joshua Peek, released under the MIT license
|
@@ -1,89 +0,0 @@
|
|
1
|
-
set(:domain) do
|
2
|
-
Capistrano::CLI.ui.ask "Which domain should we use? "
|
3
|
-
end
|
4
|
-
|
5
|
-
namespace :apache do
|
6
|
-
desc "Restarts Apache webserver"
|
7
|
-
task :restart, :roles => :web do
|
8
|
-
sudo "/etc/init.d/apache2 restart"
|
9
|
-
end
|
10
|
-
|
11
|
-
desc "Starts Apache webserver"
|
12
|
-
task :start, :roles => :web do
|
13
|
-
sudo "/etc/init.d/apache2 start"
|
14
|
-
end
|
15
|
-
|
16
|
-
desc "Stops Apache webserver"
|
17
|
-
task :stop, :roles => :web do
|
18
|
-
sudo "/etc/init.d/apache2 stop"
|
19
|
-
end
|
20
|
-
|
21
|
-
desc "Reload Apache webserver"
|
22
|
-
task :reload, :roles => :web do
|
23
|
-
sudo "/etc/init.d/apache2 reload"
|
24
|
-
end
|
25
|
-
|
26
|
-
desc "Force reload Apache webserver"
|
27
|
-
task :force_reload, :roles => :web do
|
28
|
-
sudo "/etc/init.d/apache2 force-reload"
|
29
|
-
end
|
30
|
-
|
31
|
-
desc "List enabled Apache sites"
|
32
|
-
task :enabled_sites, :roles => :web do
|
33
|
-
run "ls /etc/apache2/sites-enabled"
|
34
|
-
end
|
35
|
-
|
36
|
-
desc "List available Apache sites"
|
37
|
-
task :available_sites, :roles => :web do
|
38
|
-
run "ls /etc/apache2/sites-available"
|
39
|
-
end
|
40
|
-
|
41
|
-
desc "List enabled Apache modules"
|
42
|
-
task :enabled_modules, :roles => :web do
|
43
|
-
run "ls /etc/apache2/mods-enabled"
|
44
|
-
end
|
45
|
-
|
46
|
-
desc "List available Apache modules"
|
47
|
-
task :available_modules, :roles => :web do
|
48
|
-
run "ls /etc/apache2/mods-available"
|
49
|
-
end
|
50
|
-
|
51
|
-
desc "Disable Apache site"
|
52
|
-
task :disable_site, :roles => :web do
|
53
|
-
site = Capistrano::CLI.ui.ask("Which site should we disable: ")
|
54
|
-
sudo "sudo a2dissite #{site}"
|
55
|
-
reload
|
56
|
-
end
|
57
|
-
|
58
|
-
desc "Enable Apache site"
|
59
|
-
task :enable_site, :roles => :web do
|
60
|
-
site = Capistrano::CLI.ui.ask("Which site should we enable: ")
|
61
|
-
sudo "sudo a2ensite #{site}"
|
62
|
-
reload
|
63
|
-
end
|
64
|
-
|
65
|
-
desc "Disable Apache module"
|
66
|
-
task :disable_module, :roles => :web do
|
67
|
-
mod = Capistrano::CLI.ui.ask("Which module should we disable: ")
|
68
|
-
sudo "sudo a2dismod #{mod}"
|
69
|
-
force_reload
|
70
|
-
end
|
71
|
-
|
72
|
-
desc "Enable Apache module"
|
73
|
-
task :enable_module, :roles => :web do
|
74
|
-
mod = Capistrano::CLI.ui.ask("Which module should we enable: ")
|
75
|
-
sudo "sudo a2enmod #{mod}"
|
76
|
-
force_reload
|
77
|
-
end
|
78
|
-
|
79
|
-
desc "Upload Apache virtual host"
|
80
|
-
task :upload_vhost, :roles => :web do
|
81
|
-
put render("vhost", binding), application
|
82
|
-
sudo "mv #{application} /etc/apache2/sites-available/#{application}"
|
83
|
-
end
|
84
|
-
|
85
|
-
desc "Install Apache"
|
86
|
-
task :install, :roles => :web do
|
87
|
-
sudo "aptitude install -y apache2 apache2.2-common apache2-mpm-prefork apache2-utils libexpat1 ssl-cert"
|
88
|
-
end
|
89
|
-
end
|
@@ -1,94 +0,0 @@
|
|
1
|
-
namespace :aptitude do
|
2
|
-
desc <<-DESC
|
3
|
-
Updates your software package list. This will not "upgrade" any of your \
|
4
|
-
installed software.
|
5
|
-
|
6
|
-
See "Update" section on \
|
7
|
-
http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
|
8
|
-
DESC
|
9
|
-
task :update, :roles => :app do
|
10
|
-
sudo "aptitude update"
|
11
|
-
end
|
12
|
-
|
13
|
-
desc "Alias for 'aptitude:safe_upgrade'"
|
14
|
-
task :upgrade, :roles => :app do
|
15
|
-
safe_upgrade
|
16
|
-
end
|
17
|
-
|
18
|
-
desc <<-DESC
|
19
|
-
Upgrades your installed software packages.
|
20
|
-
|
21
|
-
From the aptitude man pages:
|
22
|
-
|
23
|
-
This command will upgrade as many packages as it can upgrade without \
|
24
|
-
removing existing packages or installing new ones.
|
25
|
-
|
26
|
-
It is sometimes necessary to remove or install one package in order to \
|
27
|
-
upgrade another; this command is not able to upgrade packages in such \
|
28
|
-
situations. Use the full-upgrade to upgrade those packages as well.
|
29
|
-
|
30
|
-
See "Upgrade" section on \
|
31
|
-
http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
|
32
|
-
DESC
|
33
|
-
task :safe_upgrade, :roles => :app do
|
34
|
-
sudo "aptitude safe-upgrade -y"
|
35
|
-
end
|
36
|
-
|
37
|
-
desc <<-DESC
|
38
|
-
Upgrades your installed software packages.
|
39
|
-
|
40
|
-
From the aptitude man pages:
|
41
|
-
|
42
|
-
Like safe-upgrade, this command will attempt to upgrade packages, but it is \
|
43
|
-
more aggressive about solving dependency problems: it will install and \
|
44
|
-
remove packages until all dependencies are satisfied. Because of the nature \
|
45
|
-
of this command, it is possible that it will do undesirable things, and so \
|
46
|
-
you should be careful when using it.
|
47
|
-
|
48
|
-
See "Upgrade" section on \
|
49
|
-
http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
|
50
|
-
DESC
|
51
|
-
task :full_upgrade, :roles => :app do
|
52
|
-
sudo "aptitude full-upgrade -y"
|
53
|
-
end
|
54
|
-
|
55
|
-
desc <<-DESC
|
56
|
-
Installs a software package via aptitude. You will be prompted for the \
|
57
|
-
package name after running this commmand.
|
58
|
-
DESC
|
59
|
-
task :install, :roles => :app do
|
60
|
-
package = Capistrano::CLI.ui.ask("Which package should we install: ")
|
61
|
-
sudo "aptitude install #{package}"
|
62
|
-
end
|
63
|
-
|
64
|
-
desc <<-DESC
|
65
|
-
Uninstalls a software package via aptitude. You will be prompted for the \
|
66
|
-
package name after running this commmand.
|
67
|
-
DESC
|
68
|
-
task :uninstall, :roles => :app do
|
69
|
-
package = Capistrano::CLI.ui.ask("Which package should we uninstall: ")
|
70
|
-
sudo "aptitude remove #{package}"
|
71
|
-
end
|
72
|
-
|
73
|
-
desc <<-DESC
|
74
|
-
Updates software packages and creates "a solid base for the 'meat' of the \
|
75
|
-
server". This task should be run only once when you are first setting up your \
|
76
|
-
new slice.
|
77
|
-
|
78
|
-
For set another language different from en_GB.UTF-8, just set the LANG \
|
79
|
-
environment variable to your favorite language.
|
80
|
-
Ex. LANG="gl_ES.UTF-8"; cap aptitude:setup
|
81
|
-
|
82
|
-
See "Update", "locales", "Upgrade" and "build essentials" sections on \
|
83
|
-
http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
|
84
|
-
DESC
|
85
|
-
task :setup, :roles => :app do
|
86
|
-
update
|
87
|
-
language = ENV["LANG"] || "en_GB.UTF-8"
|
88
|
-
sudo "locale-gen language"
|
89
|
-
sudo "/usr/sbin/update-locale LANG=#{language}"
|
90
|
-
safe_upgrade
|
91
|
-
full_upgrade
|
92
|
-
sudo "aptitude install -y build-essential"
|
93
|
-
end
|
94
|
-
end
|
@@ -1,41 +0,0 @@
|
|
1
|
-
namespace :gems do
|
2
|
-
desc "Install the gem package system"
|
3
|
-
task :install_rubygems, :roles => :app do
|
4
|
-
rubygems_url = "http://rubyforge.org/" + Net::HTTP.get( URI.parse('http://rubyforge.org/frs/?group_id=126') ).scan(/frs\/.*\.tgz/).first.split('"')[0]
|
5
|
-
rubygems_version = rubygems_url[/(rubygems.*)(.tgz)/, 1]
|
6
|
-
run "test ! -f /usr/bin/gem"
|
7
|
-
run "wget -q #{rubygems_url}"
|
8
|
-
run "tar xzvf #{rubygems_version}.tgz"
|
9
|
-
run "rm #{rubygems_version}.tgz"
|
10
|
-
run "cd /home/#{user}/#{rubygems_version} && sudo /usr/bin/ruby ./setup.rb"
|
11
|
-
sudo "ln -s /usr/bin/gem1.8 /usr/bin/gem"
|
12
|
-
sudo "rm -rf #{rubygems_version}/"
|
13
|
-
end
|
14
|
-
|
15
|
-
desc "List gems on remote server"
|
16
|
-
task :list, :roles => :app do
|
17
|
-
stream "gem list"
|
18
|
-
end
|
19
|
-
|
20
|
-
desc "Update gems on remote server"
|
21
|
-
task :update, :roles => :app do
|
22
|
-
sudo "gem update"
|
23
|
-
end
|
24
|
-
|
25
|
-
desc "Update gem system on remote server"
|
26
|
-
task :update_system, :roles => :app do
|
27
|
-
sudo "gem update --system"
|
28
|
-
end
|
29
|
-
|
30
|
-
desc "Install a gem on the remote server"
|
31
|
-
task :install, :roles => :app do
|
32
|
-
name = Capistrano::CLI.ui.ask("Which gem should we install: ")
|
33
|
-
sudo "gem install #{name} --no-rdoc --no-ri"
|
34
|
-
end
|
35
|
-
|
36
|
-
desc "Uninstall a gem on the remote server"
|
37
|
-
task :uninstall, :roles => :app do
|
38
|
-
name = Capistrano::CLI.ui.ask("Which gem should we uninstall: ")
|
39
|
-
sudo "gem uninstall #{name}"
|
40
|
-
end
|
41
|
-
end
|
@@ -1,21 +0,0 @@
|
|
1
|
-
namespace :iptables do
|
2
|
-
desc <<-DESC
|
3
|
-
Harden iptables configuration. Only allows ssh, http, and https connections.
|
4
|
-
|
5
|
-
See "iptables" section on \
|
6
|
-
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
7
|
-
DESC
|
8
|
-
task :configure, :roles => :gateway do
|
9
|
-
put render("iptables", binding), "iptables.up.rules"
|
10
|
-
sudo "mv iptables.up.rules /etc/iptables.up.rules"
|
11
|
-
|
12
|
-
if capture("cat /etc/network/interfaces").grep(/iptables/).empty?
|
13
|
-
run %(cat /etc/network/interfaces |
|
14
|
-
sed '/iface lo inet loopback/G' |
|
15
|
-
sed -e '6s/.*/pre-up iptables-restore < \\/etc\\\/iptables.up.rules/' >
|
16
|
-
interfaces
|
17
|
-
)
|
18
|
-
sudo "mv interfaces /etc/network/interfaces"
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
namespace :mysql do
|
2
|
-
desc "Restarts MySQL database server"
|
3
|
-
task :restart, :roles => :db do
|
4
|
-
sudo "/etc/init.d/mysql restart"
|
5
|
-
end
|
6
|
-
|
7
|
-
desc "Starts MySQL database server"
|
8
|
-
task :start, :roles => :db do
|
9
|
-
sudo "/etc/init.d/mysql start"
|
10
|
-
end
|
11
|
-
|
12
|
-
desc "Stops MySQL database server"
|
13
|
-
task :stop, :roles => :db do
|
14
|
-
sudo "/etc/init.d/mysql stop"
|
15
|
-
end
|
16
|
-
|
17
|
-
desc "Export MySQL database"
|
18
|
-
task :export, :roles => :db do
|
19
|
-
database = Capistrano::CLI.ui.ask("Which database should we export: ")
|
20
|
-
sudo "mysqldump -u root -p #{database} > #{database}.sql"
|
21
|
-
end
|
22
|
-
|
23
|
-
desc "Import MySQL database"
|
24
|
-
task :import, :roles => :db do
|
25
|
-
database = Capistrano::CLI.ui.ask("Which database should we create: ")
|
26
|
-
file = Capistrano::CLI.ui.ask("Which database file should we import: ")
|
27
|
-
sudo "mysqladmin -u root -p create #{database}"
|
28
|
-
sudo "mysql -u root -p #{database} < #{file}"
|
29
|
-
end
|
30
|
-
|
31
|
-
desc "Install MySQL"
|
32
|
-
task :install, :roles => :db do
|
33
|
-
sudo "aptitude install -y mysql-server mysql-client libmysqlclient15-dev"
|
34
|
-
sudo "aptitude install -y libmysql-ruby1.8"
|
35
|
-
end
|
36
|
-
end
|
@@ -1,56 +0,0 @@
|
|
1
|
-
# TODO: Automatically determine this value
|
2
|
-
set :passenger_version, "2.0.6"
|
3
|
-
|
4
|
-
require 'net/http'
|
5
|
-
set :ruby_enterprise_url ,Net::HTTP.get( 'www.rubyenterpriseedition.com', '/download.html' ).scan(/http:.*\.tar\.gz/).first
|
6
|
-
set :ruby_enterprise_version, "#{ruby_enterprise_url[/(ruby-enterprise.*)(.tar.gz)/, 1]}"
|
7
|
-
|
8
|
-
namespace :ruby do
|
9
|
-
|
10
|
-
desc "Install Ruby 1.8"
|
11
|
-
task :setup_18, :roles => :app do
|
12
|
-
sudo "aptitude install -y ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8 libreadline-ruby1.8 libruby1.8 libopenssl-ruby sqlite3 libsqlite3-ruby1.8"
|
13
|
-
|
14
|
-
sudo "ln -s /usr/bin/ruby1.8 /usr/bin/ruby"
|
15
|
-
sudo "ln -s /usr/bin/ri1.8 /usr/bin/ri"
|
16
|
-
sudo "ln -s /usr/bin/rdoc1.8 /usr/bin/rdoc"
|
17
|
-
sudo "ln -s /usr/bin/irb1.8 /usr/bin/irb"
|
18
|
-
end
|
19
|
-
|
20
|
-
desc "Install Ruby Enterpise Edition"
|
21
|
-
task :install_enterprise, :roles => :app do
|
22
|
-
sudo "aptitude install -y libssl-dev"
|
23
|
-
run "test ! -d /opt/#{ruby_enterprise_version}"
|
24
|
-
run "wget -q #{ruby_enterprise_url}"
|
25
|
-
run "tar xzvf #{ruby_enterprise_version}.tar.gz"
|
26
|
-
run "rm #{ruby_enterprise_version}.tar.gz"
|
27
|
-
sudo "./#{ruby_enterprise_version}/installer --auto /opt/#{ruby_enterprise_version}"
|
28
|
-
sudo "rm -rf #{ruby_enterprise_version}/"
|
29
|
-
end
|
30
|
-
|
31
|
-
desc "Install Phusion Passenger"
|
32
|
-
task :install_passenger, :roles => :app do
|
33
|
-
sudo "apt-get install apache2-mpm-prefork"
|
34
|
-
sudo "aptitude install -y apache2-prefork-dev"
|
35
|
-
sudo "/opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/gem install passenger rake --no-rdoc --no-ri"
|
36
|
-
sudo "PATH='/opt/#{ruby_enterprise_version}/bin/':\$PATH /opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/passenger-install-apache2-module", :pty => true do |ch, stream, data|
|
37
|
-
|
38
|
-
if data =~ /Press\sEnter\sto\scontinue/ || data =~ /Press\sENTER\sto\scontinue/
|
39
|
-
# prompt, and then send the response to the remote process
|
40
|
-
ch.send_data(Capistrano::CLI.password_prompt("Press enter to continue: ") + "\n")
|
41
|
-
else
|
42
|
-
# use the default handler for all other text
|
43
|
-
Capistrano::Configuration.default_io_proc.call(ch, stream, data)
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
put render("passenger.load", binding), "/home/#{user}/passenger.load"
|
48
|
-
put render("passenger.conf", binding), "/home/#{user}/passenger.conf"
|
49
|
-
|
50
|
-
sudo "mv /home/#{user}/passenger.load /etc/apache2/mods-available/"
|
51
|
-
sudo "mv /home/#{user}/passenger.config /etc/apache2/mods-available/"
|
52
|
-
|
53
|
-
sudo "a2enmod passenger"
|
54
|
-
apache.force_reload
|
55
|
-
end
|
56
|
-
end
|
@@ -1,59 +0,0 @@
|
|
1
|
-
ssh_options = { :keys => [File.expand_path("~/.ssh/id_dsa"),File.expand_path("~/.ssh/id_rsa") ], :port => 22 }
|
2
|
-
|
3
|
-
namespace :ssh do
|
4
|
-
desc <<-DESC
|
5
|
-
Reload SSH service.
|
6
|
-
DESC
|
7
|
-
task :reload, :roles => :gateway do
|
8
|
-
sudo "/etc/init.d/ssh reload"
|
9
|
-
end
|
10
|
-
|
11
|
-
desc <<-DESC
|
12
|
-
Setup SSH on the gateway host. Runs `upload_keys` and `configure_sshd` \
|
13
|
-
then reloads the SSH service to finalize the changes.
|
14
|
-
DESC
|
15
|
-
task :setup, :roles => :gateway do
|
16
|
-
upload_keys
|
17
|
-
configure_sshd
|
18
|
-
reload
|
19
|
-
end
|
20
|
-
|
21
|
-
desc <<-DESC
|
22
|
-
Uploads your local public SSH keys to the server. A .ssh folder is created if \
|
23
|
-
one does not already exist. The SSH keys default to the ones set in \
|
24
|
-
Capistrano's ssh_options. You can change this by setting ssh_options[:keys] = \
|
25
|
-
["/home/user/.ssh/id_dsa"].
|
26
|
-
|
27
|
-
See "SSH copy" and "SSH Permissions" sections on \
|
28
|
-
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
29
|
-
DESC
|
30
|
-
task :upload_keys, :roles => :gateway do
|
31
|
-
run "mkdir -p ~/.ssh"
|
32
|
-
run "chown -R #{user}:#{user} ~/.ssh"
|
33
|
-
run "chmod 700 ~/.ssh"
|
34
|
-
|
35
|
-
authorized_keys = ssh_options[:keys].collect { |key|
|
36
|
-
begin
|
37
|
-
File.read("#{key}.pub")
|
38
|
-
rescue Errno::ENOENT => e
|
39
|
-
end
|
40
|
-
|
41
|
-
}.join("\n")
|
42
|
-
put authorized_keys, "./.ssh/authorized_keys", :mode => 0600
|
43
|
-
end
|
44
|
-
|
45
|
-
desc <<-DESC
|
46
|
-
Configure SSH daemon with more secure settings recommended by Slicehost. The \
|
47
|
-
will be configured to run on the port configured in Capistrano's "ssh_options". \
|
48
|
-
This defaults to the standard SSH port 22. You can change this by setting \
|
49
|
-
ssh_options[:port] = 3000. Note that this change will not take affect until \
|
50
|
-
reload the SSH service with `cap ssh:reload`.
|
51
|
-
|
52
|
-
See "SSH config" section on \
|
53
|
-
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
54
|
-
DESC
|
55
|
-
task :configure_sshd, :roles => :gateway do
|
56
|
-
put render("sshd_config", binding), "sshd_config"
|
57
|
-
sudo "mv sshd_config /etc/ssh/sshd_config"
|
58
|
-
end
|
59
|
-
end
|
@@ -1,42 +0,0 @@
|
|
1
|
-
*filter
|
2
|
-
|
3
|
-
|
4
|
-
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
|
5
|
-
-A INPUT -i lo -j ACCEPT
|
6
|
-
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
|
7
|
-
|
8
|
-
|
9
|
-
# Accepts all established inbound connections
|
10
|
-
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
11
|
-
|
12
|
-
|
13
|
-
# Allows all outbound traffic
|
14
|
-
# You can modify this to only allow certain traffic
|
15
|
-
-A OUTPUT -j ACCEPT
|
16
|
-
|
17
|
-
|
18
|
-
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
|
19
|
-
-A INPUT -p tcp --dport 80 -j ACCEPT
|
20
|
-
-A INPUT -p tcp --dport 443 -j ACCEPT
|
21
|
-
|
22
|
-
|
23
|
-
# Allows SSH connections
|
24
|
-
#
|
25
|
-
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
|
26
|
-
#
|
27
|
-
-A INPUT -p tcp -m state --state NEW --dport <%= ssh_options[:port] %> -j ACCEPT
|
28
|
-
|
29
|
-
|
30
|
-
# Allow ping
|
31
|
-
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
|
32
|
-
|
33
|
-
|
34
|
-
# log iptables denied calls
|
35
|
-
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
|
36
|
-
|
37
|
-
|
38
|
-
# Reject all other inbound - default deny unless explicitly allowed policy
|
39
|
-
-A INPUT -j REJECT
|
40
|
-
-A FORWARD -j REJECT
|
41
|
-
|
42
|
-
COMMIT
|
@@ -1 +0,0 @@
|
|
1
|
-
LoadModule passenger_module /opt/<%= ruby_enterprise_version %>/lib/ruby/gems/1.8/gems/passenger-<%= passenger_version %>/ext/apache2/mod_passenger.so
|
@@ -1,81 +0,0 @@
|
|
1
|
-
# Package generated configuration file
|
2
|
-
# See the sshd(8) manpage for details
|
3
|
-
|
4
|
-
# What ports, IPs and protocols we listen for
|
5
|
-
Port <%= ssh_options[:port] %>
|
6
|
-
# Use these options to restrict which interfaces/protocols sshd will bind to
|
7
|
-
#ListenAddress ::
|
8
|
-
#ListenAddress 0.0.0.0
|
9
|
-
Protocol 2
|
10
|
-
# HostKeys for protocol version 2
|
11
|
-
HostKey /etc/ssh/ssh_host_rsa_key
|
12
|
-
HostKey /etc/ssh/ssh_host_dsa_key
|
13
|
-
#Privilege Separation is turned on for security
|
14
|
-
UsePrivilegeSeparation yes
|
15
|
-
|
16
|
-
# Lifetime and size of ephemeral version 1 server key
|
17
|
-
KeyRegenerationInterval 3600
|
18
|
-
ServerKeyBits 768
|
19
|
-
|
20
|
-
# Logging
|
21
|
-
SyslogFacility AUTH
|
22
|
-
LogLevel INFO
|
23
|
-
|
24
|
-
# Authentication:
|
25
|
-
LoginGraceTime 120
|
26
|
-
PermitRootLogin no
|
27
|
-
StrictModes yes
|
28
|
-
|
29
|
-
RSAAuthentication yes
|
30
|
-
PubkeyAuthentication yes
|
31
|
-
#AuthorizedKeysFile %h/.ssh/authorized_keys
|
32
|
-
|
33
|
-
# Don't read the user's ~/.rhosts and ~/.shosts files
|
34
|
-
IgnoreRhosts yes
|
35
|
-
# For this to work you will also need host keys in /etc/ssh_known_hosts
|
36
|
-
RhostsRSAAuthentication no
|
37
|
-
# similar for protocol version 2
|
38
|
-
HostbasedAuthentication no
|
39
|
-
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|
40
|
-
#IgnoreUserKnownHosts yes
|
41
|
-
|
42
|
-
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
43
|
-
PermitEmptyPasswords no
|
44
|
-
|
45
|
-
# Change to yes to enable challenge-response passwords (beware issues with
|
46
|
-
# some PAM modules and threads)
|
47
|
-
ChallengeResponseAuthentication no
|
48
|
-
|
49
|
-
# Change to no to disable tunnelled clear text passwords
|
50
|
-
PasswordAuthentication no
|
51
|
-
|
52
|
-
# Kerberos options
|
53
|
-
#KerberosAuthentication no
|
54
|
-
#KerberosGetAFSToken no
|
55
|
-
#KerberosOrLocalPasswd yes
|
56
|
-
#KerberosTicketCleanup yes
|
57
|
-
|
58
|
-
# GSSAPI options
|
59
|
-
GSSAPIAuthentication no
|
60
|
-
#GSSAPICleanupCredentials yes
|
61
|
-
|
62
|
-
X11Forwarding no
|
63
|
-
X11DisplayOffset 10
|
64
|
-
PrintMotd no
|
65
|
-
PrintLastLog yes
|
66
|
-
KeepAlive yes
|
67
|
-
#UseLogin no
|
68
|
-
|
69
|
-
#MaxStartups 10:30:60
|
70
|
-
#Banner /etc/issue.net
|
71
|
-
|
72
|
-
# Allow client to pass locale environment variables
|
73
|
-
AcceptEnv LANG LC_*
|
74
|
-
|
75
|
-
Subsystem sftp /usr/lib/openssh/sftp-server
|
76
|
-
|
77
|
-
UsePAM no
|
78
|
-
|
79
|
-
UseDNS no
|
80
|
-
|
81
|
-
AllowUsers <%= user %>
|