jrhicks-ubuntu-machine 0.5.3.2.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2008 Thomas Balthazar
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,9 @@
+= View doc here :
+http://suitmymind.github.com/ubuntu-machine
+
+= Changelog here :
+http://suitmymind.github.com/ubuntu-machine/#changelog
+
+= Contributors :
+ - Joseph Glenn
+ - Ahume

data/lib/capistrano/ext/ubuntu-machine/apache.rb

@@ -0,0 +1,118 @@
+namespace :apache do
+  desc "Install Apache"
+  task :install, :roles => :web do
+    sudo "apt-get install apache2 apache2.2-common apache2-mpm-prefork apache2-utils libexpat1 ssl-cert -y"
+    
+    run "cat /etc/apache2/apache2.conf > ~/apache2.conf.tmp"
+    put render("apache2", binding), "apache2.append.conf.tmp"
+    run "cat apache2.append.conf.tmp >> ~/apache2.conf.tmp"
+    sudo "mv ~/apache2.conf.tmp /etc/apache2/apache2.conf"
+    run "rm apache2.append.conf.tmp"
+    restart
+  end
+  
+  desc "Restarts Apache webserver"
+  task :restart, :roles => :web do
+    sudo "/etc/init.d/apache2 restart"
+  end
+
+  desc "Starts Apache webserver"
+  task :start, :roles => :web do
+    sudo "/etc/init.d/apache2 start"
+  end
+
+  desc "Stops Apache webserver"
+  task :stop, :roles => :web do
+    sudo "/etc/init.d/apache2 stop"
+  end
+
+  desc "Reload Apache webserver"
+  task :reload, :roles => :web do
+    sudo "/etc/init.d/apache2 reload"
+  end
+
+  desc "Force reload Apache webserver"
+  task :force_reload, :roles => :web do
+    sudo "/etc/init.d/apache2 force-reload"
+  end
+
+  desc "List enabled Apache sites"
+  task :enabled_sites, :roles => :web do
+    run "ls /etc/apache2/sites-enabled"
+  end
+
+  desc "List available Apache sites"
+  task :available_sites, :roles => :web do
+    run "ls /etc/apache2/sites-available"
+  end
+
+  desc "List enabled Apache modules"
+  task :enabled_modules, :roles => :web do
+    run "ls /etc/apache2/mods-enabled"
+  end
+
+  desc "List available Apache modules"
+  task :available_modules, :roles => :web do
+    run "ls /etc/apache2/mods-available"
+  end
+
+  desc "Disable Apache site"
+  task :disable_site, :roles => :web do
+    site = Capistrano::CLI.ui.ask("Which site should we disable: ")
+    sudo "sudo a2dissite #{site}"
+    reload
+  end
+
+  desc "Enable Apache site"
+  task :enable_site, :roles => :web do
+    site = Capistrano::CLI.ui.ask("Which site should we enable: ")
+    sudo "sudo a2ensite #{site}"
+    reload
+  end
+
+  desc "Disable Apache module"
+  task :disable_module, :roles => :web do
+    mod = Capistrano::CLI.ui.ask("Which module should we disable: ")
+    sudo "sudo a2dismod #{mod}"
+    force_reload
+  end
+
+  desc "Enable Apache module"
+  task :enable_module, :roles => :web do
+    mod = Capistrano::CLI.ui.ask("Which module should we enable: ")
+    sudo "sudo a2enmod #{mod}"
+    force_reload
+  end
+
+  desc "Create a new website"
+  task :create_website, :roles => :web do
+    server_admin    = Capistrano::CLI.ui.ask("Server admin (#{default_server_admin}) if blank : ")
+    server_admin    = default_server_admin if server_admin.empty?
+    server_name     = Capistrano::CLI.ui.ask("Server name : ")
+    server_alias    = Capistrano::CLI.ui.ask("Server alias : ")
+    directory_index = Capistrano::CLI.ui.ask("Directory index (#{default_directory_index}) if blank : ")
+    directory_index = default_directory_index if directory_index.empty?
+
+    # Website skeleton
+    %w{backup cap cgi-bin logs private public tmp}.each { |d|
+      run "mkdir -p /home/#{user}/websites/#{server_name}/#{d}"
+    }
+    
+    put render("vhost", binding), server_name
+    sudo "mv #{server_name} /etc/apache2/sites-available/#{server_name}"
+    sudo "sudo a2ensite #{server_name}"
+    reload
+  end
+  
+  desc "Delete a website (! delete all file and folders)"
+  task :delete_website, :roles => :web do
+    server_name = Capistrano::CLI.ui.ask("Server name you want to delete : ")
+    sure = Capistrano::CLI.ui.ask("Are you sure you want to delete #{server_name} and all its files? (y/n) : ")
+    if sure=="y"
+      sudo "sudo a2dissite #{server_name}"
+      sudo "rm /etc/apache2/sites-available/#{server_name}"
+      sudo "rm -Rf /home/#{user}/websites/#{server_name}"
+      reload
+    end
+  end  
+end

data/lib/capistrano/ext/ubuntu-machine/aptitude.rb

@@ -0,0 +1,96 @@
+namespace :aptitude do
+  desc <<-DESC
+    Updates your software package list. This will not "upgrade" any of your \
+    installed software.
+
+    See "Update" section on \
+    http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
+  DESC
+  task :update, :roles => :app do
+    sudo "apt-get update"
+  end
+
+  desc "Alias for 'aptitude:safe_upgrade'"
+  task :upgrade, :roles => :app do
+    safe_upgrade
+  end
+
+  desc <<-DESC
+    Upgrades your installed software packages.
+
+    From the aptitude man pages:
+
+      This command will upgrade as many packages as it can upgrade without \
+      removing existing packages or installing new ones.
+
+      It is sometimes necessary to remove or install one package in order to \
+      upgrade another; this command is not able to upgrade packages in such \
+      situations. Use the full-upgrade to upgrade those packages as well.
+
+    See "Upgrade" section on \
+    http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
+  DESC
+  task :safe_upgrade, :roles => :app do
+    
+    # to prevent interactive mode to block the install script
+    sudo 'aptitude hold console-setup -y'
+    
+    # By default, OVH replace the original /etc/issue. The safe_upgrade will then ask \
+    # if it must overwrite this file, since it has been modified by OVH. \
+    # data =~ /^\*\*\*\sissue/ looks for the interactive prompt to enable you to answer
+    sudo_and_watch_prompt("aptitude safe-upgrade -y", /^\*\*\*\sissue/)    
+  end
+  
+  desc <<-DESC
+    Upgrades your installed software packages.
+
+    From the aptitude man pages:
+
+      Like safe-upgrade, this command will attempt to upgrade packages, but it is \
+      more aggressive about solving dependency problems: it will install and \
+      remove packages until all dependencies are satisfied. Because of the nature \
+      of this command, it is possible that it will do undesirable things, and so \
+      you should be careful when using it.
+
+    See "Upgrade" section on \
+    http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
+  DESC
+  task :full_upgrade, :roles => :app do
+    sudo "aptitude full-upgrade -y"
+  end
+
+  desc <<-DESC
+    Installs a software package via aptitude. You will be prompted for the \
+    package name after running this commmand.
+  DESC
+  task :install, :roles => :app do
+    package = Capistrano::CLI.ui.ask("Which package should we install: ")
+    sudo "apt-get install #{package}"
+  end
+
+  desc <<-DESC
+    Uninstalls a software package via aptitude. You will be prompted for the \
+    package name after running this commmand.
+  DESC
+  task :uninstall, :roles => :app do
+    package = Capistrano::CLI.ui.ask("Which package should we uninstall: ")
+    sudo "apt-get remove #{package}"
+  end
+  
+  desc <<-DESC
+    Updates software packages and creates "a solid base for the 'meat' of the \
+    server". This task should be run only once when you are first setting up your \
+    new slice.
+
+    See "Update", "locales", "Upgrade" and "build essentials" sections on \
+    http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
+  DESC
+  task :setup, :roles => :app do
+    update
+    sudo "locale-gen en_GB.UTF-8"
+    sudo "/usr/sbin/update-locale LANG=en_GB.UTF-8"
+    safe_upgrade
+    full_upgrade
+    sudo "apt-get install -y build-essential"
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/gems.rb

@@ -0,0 +1,39 @@
+namespace :gems do
+  desc "Install RubyGems"
+  task :install_rubygems, :roles => :app do
+    run "wget http://rubyforge.org/frs/download.php/45905/rubygems-#{rubygem_version}.tgz"
+    run "tar xvzf rubygems-#{rubygem_version}.tgz"
+    run "cd rubygems-#{rubygem_version} && sudo ruby setup.rb"
+    sudo "ln -s /usr/bin/gem1.8 /usr/bin/gem"
+    sudo "gem update"
+    sudo "gem update --system"
+    run "rm -Rf rubygems-#{rubygem_version}*"
+  end
+  
+  desc "List gems on remote server"
+  task :list, :roles => :app do
+    stream "gem list"
+  end
+
+  desc "Update gems on remote server"
+  task :update, :roles => :app do
+    sudo "gem update"
+  end
+  
+  desc "Update gem system on remote server"
+  task :update_system, :roles => :app do
+    sudo "gem update --system"
+  end
+
+  desc "Install a gem on the remote server"
+  task :install, :roles => :app do
+    name = Capistrano::CLI.ui.ask("Which gem should we install: ")
+    sudo "gem install #{name}"
+  end
+
+  desc "Uninstall a gem on the remote server"
+  task :uninstall, :roles => :app do
+    name = Capistrano::CLI.ui.ask("Which gem should we uninstall: ")
+    sudo "gem uninstall #{name}"
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/git.rb

@@ -0,0 +1,15 @@
+namespace :git do
+  desc "Install git"
+  task :install, :roles => :app do
+    sudo "sudo apt-get build-dep git-core -y"
+    run "wget http://kernel.org/pub/software/scm/git/#{git_version}.tar.gz"
+    run "tar xvzf #{git_version}.tar.gz"
+    run "cd #{git_version}"
+    run "cd #{git_version} && ./configure"
+    run "cd #{git_version} && make"
+    run "cd #{git_version} && sudo make install"
+    run "rm #{git_version}.tar.gz"
+    run "rm -Rf #{git_version}"
+  end
+
+end

data/lib/capistrano/ext/ubuntu-machine/helpers.rb

@@ -0,0 +1,36 @@
+require 'erb'
+
+# render a template
+def render(file, binding)
+  template = File.read("#{File.dirname(__FILE__)}/templates/#{file}.erb")
+  result = ERB.new(template).result(binding)
+end
+
+# allows to sudo a command which require the user input via the prompt
+def sudo_and_watch_prompt(cmd, regex_to_watch)
+  sudo cmd, :pty => true do |ch, stream, data|
+    watch_prompt(ch, stream, data, regex_to_watch)
+  end
+end
+
+# allows to run a command which require the user input via the prompt
+def run_and_watch_prompt(cmd, regex_to_watch)
+  run cmd, :pty => true do |ch, stream, data|
+    watch_prompt(ch, stream, data, regex_to_watch)
+  end
+end
+
+# utility method called by sudo_and_watch_prompt and run_and_watch_prompt
+def watch_prompt(ch, stream, data, regex_to_watch)
+
+  # the regex can be an array or a single regex -> we force it to always be an array with [*xx]
+  if [*regex_to_watch].find { |regex| data =~ regex}
+    # prompt, and then send the response to the remote process
+    ch.send_data(Capistrano::CLI.password_prompt(data) + "\n")
+  else
+    # use the default handler for all other text
+    Capistrano::Configuration.default_io_proc.call(ch, stream, data)
+  end
+end
+
+

data/lib/capistrano/ext/ubuntu-machine/iptables.rb

@@ -0,0 +1,20 @@
+namespace :iptables do
+  desc <<-DESC
+    Harden iptables configuration. Only allows ssh, http, and https connections and packets from SAN.
+
+    See "iptables" section on \
+    http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
+  DESC
+  task :configure, :roles => :gateway do
+    sudo "apt-get install iptables -y"
+    put render("iptables", binding), "iptables.up.rules"
+    sudo "mv iptables.up.rules /etc/iptables.up.rules"
+    
+    sudo "iptables-restore < /etc/iptables.up.rules"
+    
+    # ensure that the iptables rules are applied when we reboot the server
+    run "cat /etc/network/interfaces > ~/tmp_interfaces"
+    run "echo 'pre-up iptables-restore < /etc/iptables.up.rules' >> ~/tmp_interfaces"
+    sudo "mv ~/tmp_interfaces /etc/network/interfaces"
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/machine.rb

@@ -0,0 +1,48 @@
+namespace :machine do
+
+  desc "Change the root password, create a new user and allow him to sudo and to SSH"
+  task :initial_setup do
+    set :user_to_create , user
+    set :user, 'root'
+    
+    run_and_watch_prompt("passwd", [/Enter new UNIX password/, /Retype new UNIX password:/])
+    
+    run_and_watch_prompt("adduser #{user_to_create}", [/Enter new UNIX password/, /Retype new UNIX password:/, /\[\]\:/, /\[y\/N\]/i])
+    
+    # force the non-interactive mode
+    run "cat /etc/environment > ~/environment.tmp"
+    run 'echo DEBIAN_FRONTEND=noninteractive >> ~/environment.tmp'
+    sudo 'mv ~/environment.tmp /etc/environment'
+    # prevent this env variable to be skipped by sudo
+    run "echo 'Defaults env_keep = \"DEBIAN_FRONTEND\"' >> /etc/sudoers"
+
+    run "echo '#{user_to_create} ALL=(ALL)ALL' >> /etc/sudoers"
+    run "echo 'AllowUsers #{user_to_create}' >> /etc/ssh/sshd_config"
+    run "/etc/init.d/ssh reload"
+  end
+  
+  task :configure do
+    ssh.setup
+    iptables.configure
+    aptitude.setup
+  end
+  
+  task :install_dev_tools do
+    mysql.install
+    apache.install
+    ruby.install
+    postfix.install
+    gems.install_rubygems
+    #ruby.install_enterprise
+    ruby.install_passenger
+    git.install
+    #php.install
+  end
+  
+  desc = "Ask for a user and change his password"
+  task :change_password do
+    user_to_update = Capistrano::CLI.ui.ask("Name of the user whose you want to update the password : ")
+    
+    run_and_watch_prompt("passwd #{user_to_update}", [/Enter new UNIX password/, /Retype new UNIX password:/])
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/mysql.rb

@@ -0,0 +1,64 @@
+#TODO : change root password
+
+namespace :mysql do
+  desc "Restarts MySQL database server"
+  task :restart, :roles => :db do
+    sudo "/etc/init.d/mysql restart"
+  end
+
+  desc "Starts MySQL database server"
+  task :start, :roles => :db do
+    sudo "/etc/init.d/mysql start"
+  end
+
+  desc "Stops MySQL database server"
+  task :stop, :roles => :db do
+    sudo "/etc/init.d/mysql stop"
+  end
+
+  desc "Export MySQL database"
+  task :export, :roles => :db do
+    database = Capistrano::CLI.ui.ask("Which database should we export: ")
+    sudo_and_watch_prompt("mysqldump -u root -p #{database} > #{database}.sql", /Enter\spassword/)
+    download "#{database}.sql", "#{default_local_files_path}/database.sql"
+    run "rm #{database}.sql"
+  end
+
+  desc "Create a new MySQL database, a new MySQL user, and load a local MySQL dump file"
+  task :create_database, :roles => :db do
+    db_root_password = Capistrano::CLI.ui.ask("MySQL root password : ")
+    db_name = Capistrano::CLI.ui.ask("Which database should we create: ")
+    db_username = Capistrano::CLI.ui.ask("Which database username should we create: ")
+    db_user_password = Capistrano::CLI.ui.ask("Choose a password for the new database username: ")
+    file_to_upload = Capistrano::CLI.ui.ask("Do you want to import a database file? (y/n) : ")
+    if file_to_upload == "y"
+      file = Capistrano::CLI.ui.ask("Which database file should we import (it must be located in #{default_local_files_path}): ")
+      upload "#{default_local_files_path}/#{file}", "#{file}"
+    end
+    create_db_tmp_file = "create_#{db_name}.sql"
+    put render("new_db", binding), create_db_tmp_file
+    run "mysql -u root -p#{db_root_password} < #{create_db_tmp_file}"
+    if file_to_upload == "y"
+      run "mysql -u root -p#{db_root_password} #{db_name} < #{file}"
+      run "rm #{file}"
+    end
+    run "rm #{create_db_tmp_file}"
+  end
+
+  desc "Install MySQL"
+  task :install, :roles => :db do
+    db_root_password = Capistrano::CLI.ui.ask("Choose a MySQL root password : ")
+
+    sudo "apt-get install -y mysql-server mysql-client libmysqlclient15-dev"    
+    run "mysqladmin -u root password #{db_root_password}"    
+  end
+    
+  desc "Ask for a MySQL user and change his password"
+  task :change_password, :roles => :db do
+    user_to_update = Capistrano::CLI.ui.ask("Name of the MySQL user whose you want to update the password : ")
+    old_password = Capistrano::CLI.ui.ask("Old password for #{user_to_update} : ")
+    new_password = Capistrano::CLI.ui.ask("New password for #{user_to_update} : ")
+    
+    run "mysqladmin -u #{user_to_update} -p#{old_password} password \"#{new_password}\""
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/php.rb

@@ -0,0 +1,8 @@
+namespace :php do
+  desc "Install PHP 5"
+  task :install, :roles => :app do    
+    sudo "apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl -y"
+    sudo "/etc/init.d/apache2 reload"
+  end
+
+end

data/lib/capistrano/ext/ubuntu-machine/postfix.rb

@@ -0,0 +1,7 @@
+namespace :postfix do
+  desc "Install postfix"
+  task :install, :roles => :app do
+    sudo "sudo apt-get install postfix -y"
+  end
+
+end

data/lib/capistrano/ext/ubuntu-machine/ruby.rb

@@ -0,0 +1,81 @@
+require 'net/http'
+
+namespace :ruby do
+  desc "Install Ruby 1.8"
+  task :install, :roles => :app do
+    sudo "apt-get install -y ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8 libreadline-ruby1.8 libruby1.8 libopenssl-ruby sqlite3 libsqlite3-ruby1.8"
+    sudo "apt-get install -y libmysql-ruby1.8"
+
+    sudo "ln -s /usr/bin/ruby1.8 /usr/bin/ruby"
+    sudo "ln -s /usr/bin/ri1.8 /usr/bin/ri"
+    sudo "ln -s /usr/bin/rdoc1.8 /usr/bin/rdoc"
+    sudo "ln -s /usr/bin/irb1.8 /usr/bin/irb"
+  end
+  
+
+  set :ruby_enterprise_url do
+    Net::HTTP.get('www.rubyenterpriseedition.com', '/download.html').scan(/http:.*\.tar\.gz/).first
+  end
+
+  set :ruby_enterprise_version do
+    "#{ruby_enterprise_url[/(ruby-enterprise.*)(.tar.gz)/, 1]}"
+  end
+  
+  set :passenger_version do
+    `gem list passenger$ -r`.gsub(/[\n|\s|passenger|(|)]/,"")
+  end
+  
+
+  desc "Install Ruby Enterpise Edition"
+  task :install_enterprise, :roles => :app do
+    sudo "apt-get install libssl-dev -y"
+    sudo "apt-get install libreadline5-dev -y"
+    
+    run "test ! -d /opt/#{ruby_enterprise_version}"
+    run "wget #{ruby_enterprise_url}"
+    run "tar xzvf #{ruby_enterprise_version}.tar.gz"
+    run "rm #{ruby_enterprise_version}.tar.gz"
+    sudo "./#{ruby_enterprise_version}/installer --auto /opt/#{ruby_enterprise_version}"
+    sudo "rm -rf #{ruby_enterprise_version}/"
+    
+    # create a "permanent" link to the current REE install
+    sudo "ln -s /opt/#{ruby_enterprise_version} /opt/ruby-enterprise" 
+    
+    # add REE bin to the path
+    run "cat /etc/environment > ~/environment.tmp"
+    run 'echo PATH="/opt/ruby-enterprise/bin:$PATH" >> ~/environment.tmp'
+    sudo 'mv ~/environment.tmp /etc/environment'
+  end
+  
+  desc "Install Phusion Passenger"
+  task :install_passenger, :roles => :app do
+    # rake 0.8.5 needs latest version of rdoc
+    sudo "gem install rdoc"
+    
+    # because  passenger-install-apache2-module do not find the rake installed by REE
+    sudo "gem install rake"
+
+    sudo "apt-get install apache2-mpm-prefork -y"
+    sudo "apt-get install libapr1-dev -y"
+    sudo "apt-get install apache2-prefork-dev -y"
+
+    # call the upgrade_passenger task
+    upgrade_passenger
+  end 
+  
+  desc "Upgrade Phusion Passenger"
+  task :upgrade_passenger, :roles => :app do
+    sudo "/opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/gem install passenger"
+    run "sudo /opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/passenger-install-apache2-module --auto"
+
+    put render("passenger.load", binding), "/home/#{user}/passenger.load"
+    put render("passenger.conf", binding), "/home/#{user}/passenger.conf"
+   
+    sudo "mv /home/#{user}/passenger.load /etc/apache2/mods-available/"
+    sudo "mv /home/#{user}/passenger.conf /etc/apache2/mods-available/"
+    
+    sudo "a2enmod passenger"
+    apache.force_reload
+  end
+       
+end

data/lib/capistrano/ext/ubuntu-machine/ssh.rb

@@ -0,0 +1,64 @@
+namespace :ssh do
+  
+  desc <<-DESC
+    Setup SSH on the gateway host. Runs `upload_keys`, `install_ovh_ssh_key` AND \
+    `configure_sshd` then reloads the SSH service to finalize the changes.
+  DESC
+  task :setup, :roles => :gateway do
+    upload_keys
+    configure_sshd
+    install_ovh_ssh_key if ["ovh-rps", "ovh-dedie"].include?(hosting_provider)
+    reload
+  end
+  
+  
+  desc <<-DESC
+    Uploads your local public SSH keys to the server. A .ssh folder is created if \
+    one does not already exist. The SSH keys default to the ones set in \
+    Capistrano's ssh_options. You can change this by setting ssh_options[:keys] = \
+    ["/home/user/.ssh/id_dsa"].
+
+    See "SSH copy" and "SSH Permissions" sections on \
+    http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
+  DESC
+  task :upload_keys, :roles => :gateway do
+    run "mkdir -p ~/.ssh"
+    run "chown -R #{user}:#{user} ~/.ssh"
+    run "chmod 700 ~/.ssh"
+
+    authorized_keys = ssh_options[:keys].collect { |key| File.read("#{key}.pub") }.join("\n")
+    put authorized_keys, "./.ssh/authorized_keys2", :mode => 0600
+  end
+  
+  desc <<-DESC
+    Configure SSH daemon with more secure settings recommended by Slicehost. The \
+    will be configured to run on the port configured in Capistrano's "ssh_options". \
+    This defaults to the standard SSH port 22. You can change this by setting \
+    ssh_options[:port] = 3000. Note that this change will not take affect until \
+    reload the SSH service with `cap ssh:reload`.
+
+    See "SSH config" section on \
+    http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
+  DESC
+  task :configure_sshd, :roles => :gateway do
+    put render("sshd_config", binding), "sshd_config"
+    sudo "mv sshd_config /etc/ssh/sshd_config"
+  end
+  
+  desc <<-DESC
+    Install OVH SSH Keys
+  DESC
+  task :install_ovh_ssh_key, :roles => :gateway do
+    sudo "wget ftp://ftp.ovh.net/made-in-ovh/cle-ssh-public/installer_la_cle.sh -O installer_la_cle.sh"
+    sudo "sh installer_la_cle.sh"
+  end
+  
+  desc <<-DESC
+    Reload SSH service.
+  DESC
+  task :reload, :roles => :gateway do
+    sudo "/etc/init.d/ssh reload"
+  end
+  
+  
+end

data/lib/capistrano/ext/ubuntu-machine/templates/apache2.erb

@@ -0,0 +1,7 @@
+NameVirtualHost *:80
+
+<IfModule mod_ssl.c>
+    NameVirtualHost *:443
+</IfModule>
+
+ServerName <%= server_name %>

data/lib/capistrano/ext/ubuntu-machine/templates/iptables.erb

@@ -0,0 +1,46 @@
+*filter
+
+
+#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
+
+
+#  Accepts all established inbound connections
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+
+#  Allows all outbound traffic
+#  You can modify this to only allow certain traffic
+-A OUTPUT -j ACCEPT
+
+
+# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
+-A INPUT -p tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp --dport 443 -j ACCEPT
+
+
+#  Allows SSH connections
+#
+# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
+#
+-A INPUT -p tcp -m state --state NEW --dport <%= ssh_options[:port] %> -j ACCEPT
+
+<% if hosting_provider=="ovh-rps" %>
+# allow packets from SAN, only for ovh-rps
+-A OUTPUT -p tcp --dport 3260 -j ACCEPT
+<% end %>
+
+# Allow ping
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
+
+
+# log iptables denied calls
+-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
+
+
+# Reject all other inbound - default deny unless explicitly allowed policy
+-A INPUT -j REJECT
+-A FORWARD -j REJECT
+
+COMMIT

data/lib/capistrano/ext/ubuntu-machine/templates/my.cnf.erb

@@ -0,0 +1,3 @@
+[mysqladmin] 
+  user            = root
+  password        = will-be-changed-so-dont-mind-it

data/lib/capistrano/ext/ubuntu-machine/templates/new_db.erb

@@ -0,0 +1,5 @@
+CREATE DATABASE  `<%= db_name %>` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
+CREATE USER '<%= db_username %>'@'localhost' IDENTIFIED BY  '<%= db_user_password %>';
+GRANT USAGE ON * . * TO  '<%= db_username %>'@'localhost' IDENTIFIED BY  '<%= db_user_password %>' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
+GRANT ALL PRIVILEGES ON  `<%= db_name %>` . * TO  '<%= db_username %>'@'localhost' WITH GRANT OPTION ;
+FLUSH PRIVILEGES ;

data/lib/capistrano/ext/ubuntu-machine/templates/passenger.conf.erb

@@ -0,0 +1,2 @@
+PassengerRoot /opt/<%= ruby_enterprise_version %>/lib/ruby/gems/1.8/gems/passenger-<%= passenger_version %>
+PassengerRuby /opt/<%= ruby_enterprise_version %>/bin/ruby

data/lib/capistrano/ext/ubuntu-machine/templates/passenger.load.erb

@@ -0,0 +1 @@
+LoadModule passenger_module /opt/<%= ruby_enterprise_version %>/lib/ruby/gems/1.8/gems/passenger-<%= passenger_version %>/ext/apache2/mod_passenger.so

data/lib/capistrano/ext/ubuntu-machine/templates/sshd_config.erb

@@ -0,0 +1,80 @@
+# Package generated configuration file
+# See the sshd(8) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port <%= ssh_options[:port] %>
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin yes # allow it to enable OVH to connect to your server
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+AuthorizedKeysFile	.ssh/authorized_keys2
+UsePam yes
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding no
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+KeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+UseDNS no
+
+AllowUsers <%= user %>

data/lib/capistrano/ext/ubuntu-machine/templates/vhost.erb

@@ -0,0 +1,17 @@
+<VirtualHost *:80>
+
+  # Admin email, Server Name (domain name) and any aliases
+  ServerAdmin <%= server_admin %>
+  ServerName  <%= server_name %>
+  ServerAlias <%= server_alias %>
+
+  # Index file and Document Root (where the public files are located)
+  DirectoryIndex <%= directory_index %>
+  DocumentRoot /home/<%= user %>/websites/<%= server_name %>/public
+
+  # Custom log file locations
+  LogLevel warn
+  ErrorLog  /home/<%= user %>/websites/<%= server_name %>/logs/error.log
+  CustomLog /home/<%= user %>/websites/<%= server_name %>/logs/access.log combined
+
+</VirtualHost>

data/lib/capistrano/ext/ubuntu-machine/utils.rb

@@ -0,0 +1,40 @@
+namespace :utils do
+  
+  desc "Reboot the system."
+  task :reboot, :roles => :gateway do
+    sure = Capistrano::CLI.ui.ask("Are you sure you want to reboot now? (y/n) : ")
+    sudo "reboot" if sure=="y"
+  end
+  
+  desc "Force a reboot of the system."
+  task :force_reboot, :roles => :gateway do
+    sudo "reboot"
+  end
+  
+  desc "Show the amount of free disk space."
+  task :disk_space, :roles => :gateway do
+    run "df -h /"
+  end
+
+  desc "Display amount of free and used memory in the system."
+  task :free, :roles => :gateway do
+    run "free -m"
+  end
+
+  desc "Display passenger status information."
+  task :passenger_status, :roles => :gateway do
+    sudo "/opt/ruby-enterprise/bin/passenger-status"
+  end
+
+  desc "Display passenger memory usage information."
+  task :passenger_memory, :roles => :gateway do
+    sudo "/opt/ruby-enterprise/bin/passenger-memory-stats"
+  end  
+
+  desc "Activate Phusion Passenger Enterprise Edition."
+  task :passenger_enterprise, :roles => :gateway do
+
+    sudo_and_watch_prompt("/opt/ruby-enterprise/bin/passenger-make-enterprisey", [/Key\:/,  /again\:/])    
+  end
+  
+end

data/lib/capistrano/ext/ubuntu-machine.rb

@@ -0,0 +1,21 @@
+unless Capistrano::Configuration.respond_to?(:instance)
+  abort "Requires Capistrano 2"
+end
+
+# Dir["#{File.dirname(__FILE__)}/ubuntu-machine/*.rb"].each { |lib| 
+#   Capistrano::Configuration.instance.load {load(lib)}   
+# }
+
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/apache.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/aptitude.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/gems.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/git.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/helpers.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/iptables.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/machine.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/mysql.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/php.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/postfix.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/ruby.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/ssh.rb")}
+Capistrano::Configuration.instance.load {load("#{File.dirname(__FILE__)}/ubuntu-machine/utils.rb")}

metadata

@@ -0,0 +1,85 @@
+--- !ruby/object:Gem::Specification 
+name: jrhicks-ubuntu-machine
+version: !ruby/object:Gem::Version 
+  version: 0.5.3.2.1
+platform: ruby
+authors: 
+- Thomas Balthazar
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-06-17 00:00:00 -07:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: capistrano
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">"
+      - !ruby/object:Gem::Version 
+        version: 2.5.2
+    version: 
+description: Capistrano recipes for setting up and deploying to a Ubuntu Machine
+email: thomas@suitmymind.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- README
+- MIT-LICENSE
+- lib/capistrano/ext/ubuntu-machine.rb
+- lib/capistrano/ext/ubuntu-machine/apache.rb
+- lib/capistrano/ext/ubuntu-machine/aptitude.rb
+- lib/capistrano/ext/ubuntu-machine/gems.rb
+- lib/capistrano/ext/ubuntu-machine/git.rb
+- lib/capistrano/ext/ubuntu-machine/helpers.rb
+- lib/capistrano/ext/ubuntu-machine/iptables.rb
+- lib/capistrano/ext/ubuntu-machine/machine.rb
+- lib/capistrano/ext/ubuntu-machine/mysql.rb
+- lib/capistrano/ext/ubuntu-machine/php.rb
+- lib/capistrano/ext/ubuntu-machine/postfix.rb
+- lib/capistrano/ext/ubuntu-machine/ruby.rb
+- lib/capistrano/ext/ubuntu-machine/ssh.rb
+- lib/capistrano/ext/ubuntu-machine/utils.rb
+- lib/capistrano/ext/ubuntu-machine/templates/apache2.erb
+- lib/capistrano/ext/ubuntu-machine/templates/iptables.erb
+- lib/capistrano/ext/ubuntu-machine/templates/my.cnf.erb
+- lib/capistrano/ext/ubuntu-machine/templates/new_db.erb
+- lib/capistrano/ext/ubuntu-machine/templates/passenger.conf.erb
+- lib/capistrano/ext/ubuntu-machine/templates/passenger.load.erb
+- lib/capistrano/ext/ubuntu-machine/templates/sshd_config.erb
+- lib/capistrano/ext/ubuntu-machine/templates/vhost.erb
+has_rdoc: false
+homepage: http://suitmymind.github.com/ubuntu-machine
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: Capistrano recipes for setting up and deploying to a Ubuntu Machine
+test_files: []
+