le1t0-deprec 2.1.6.006 → 2.1.6.007

data/CHANGELOG

@@ -1,5 +1,23 @@
 # deprec changelog
 
+= 2.1.6.007 (Jun 10, 2010)
+
+* some adjustments to nagios recipe
+* support setting known_hosts for monitoring user in nagios recipe
+* added easy setting of known_hosts for deploy_user in ssh recipe
+* added default profiles
+* rewrote keepalived recipe, added possibility of manually switching master + added configurability of scripts and instances
+* small bugfix for loading god configs
+* added comments for profile recipe
+* commented redhat-cluster recipe
+* small bugfix for rvm recipe
+* commented s3utils recipe
+* commented java recipe
+* added comments to iptables recipe
+* added comments to imagemagick recipe
+* added config_project + comments to god recipe
+* added comments + some small modifications + small bugfix to ssh recipe
+
 = 2.1.6.006 (Jun 4, 2010)
 
 * again fixed variable names in rails recipe for being compatible with modify-alternatives-registration branch

data/lib/deprec/capistrano_extensions.rb

@@ -198,7 +198,9 @@ module Deprec2
     END
   end
 
+  # allow string substitutions in files on the server
   def substitute_in_file(filename, old_value, new_value, sep_char='/')
+    # XXX sort out single quotes in 'value' - they'l break command!
     sudo <<-END
     sh -c "
     perl -p -i -e 's#{sep_char}#{old_value}#{sep_char}#{new_value}#{sep_char}' #{filename}

data/lib/deprec/recipes/deprec.rb

@@ -27,6 +27,8 @@ Capistrano::Configuration.instance(:must_exist).load do
   
   # Service defaults
   #
+  # load all directories under lib/deprec/recipes, and set :none to the default selection for the respective
+  # recipe collection type (i.e. db, app, web, etc)
   Dir.glob("#{File.dirname(__FILE__)}/*").each do |entry|
     default "#{File.basename(entry)}_choice".to_sym, :none if File.directory?(entry)
   end  
@@ -81,7 +83,10 @@ Capistrano::Configuration.instance(:must_exist).load do
       # link application specific recipes into canonical task names
       # e.g. deprec:web:restart => deprec:nginx:restart 
       
-      
+      # load all directories under lib/deprec/recipes, create a two element array for each, setting the first value
+      # to the directory name (as a symbol; the canonicalized namespace), the second to the variable which sets the
+      # selection for this recipe collection type. These arrays are collected, empty entries removed and then
+      # everything is flattened to a single array, leaving alternating key-values for conversion to a hash.
       namespaces_to_connect = Hash[*(Dir.glob("#{File.dirname(__FILE__)}/*").collect do |entry|
         [ File.basename(entry).to_sym, "#{File.basename(entry)}_choice".to_sym ] if File.directory?(entry)
       end.compact.flatten)]

data/lib/deprec/recipes/god.rb

@@ -36,9 +36,28 @@ Capistrano::Configuration.instance(:must_exist).load do
 
       desc "Push god config files to server"
       task :config, :roles => :god do
+        config_system
+        config_project
+      end
+
+      task :config_system, :roles => :god do
         sudo "install -d /etc/god/conf.d"
         deprec2.push_configs(:god, SYSTEM_CONFIG_FILES[:god])
       end
+      
+      # Push any files named *.god.#{rails_env} in directory config/god/ to servers with :god role,
+      # remove the .#{rails_env} extension and put them in #{deploy_to}/god/. Next, link them to /etc/god/conf.d/
+      task :config_project, :roles => :god do
+        Dir.new(File.join("config", "god")).entries.select { |e| e =~ /\.god\.#{rails_env}$/ }.each do |entry|
+          base_entry = File.basename(entry, ".#{rails_env}")
+          file = File.join("config", "god", entry)
+          full_remote_path = File.join(deploy_to, 'god', base_entry)
+          run "mkdir -p #{File.join(deploy_to, 'god')}"
+          std.su_put File.read(file), full_remote_path, '/tmp/', :mode=>0644
+          sudo "chown root:root #{full_remote_path}"
+          sudo "ln -nsf #{full_remote_path} /etc/god/conf.d/#{application}-#{base_entry}"
+        end if File.directory?(File.join("config", "god"))
+      end
 
       desc "Start God"
       task :start, :roles => :god do

data/lib/deprec/recipes/imagemagick/imagemagick_bin.rb

@@ -7,8 +7,10 @@ Capistrano::Configuration.instance(:must_exist).load do
       
       desc "Install imagemagick & rmagick"
       task :install, :roles => :app do
-        uninstall # make sure package is uninstalled (if there is any), before attempting source uninstall, since source
-                  # uninstall would also remove binary package files
+        # make sure binary package is uninstalled (if there is any), before attempting source uninstall, since source
+        # uninstall would also remove binary package files
+        uninstall
+        # uninstall source (forced, might not be there) so we are sure no old files are left behind
         top.deprec.imagemagick_src.uninstall
         apt.install( {:base => %w(imagemagick libmagick9-dev libmagick10)}, :stable )
         gem2.install 'rmagick' if imagemagick_include_rmagick

data/lib/deprec/recipes/imagemagick/imagemagick_src.rb

@@ -13,6 +13,7 @@ Capistrano::Configuration.instance(:must_exist).load do
       
       desc "Install imagemagick & rmagick"
       task :install, :roles => :app do
+        # make sure there is no binary package (force uninstall), since we install in the same location
         top.deprec.imagemagick_bin.uninstall
         install_deps
         deprec2.download_src(SRC_PACKAGES[:imagemagick], src_dir)
@@ -30,7 +31,8 @@ Capistrano::Configuration.instance(:must_exist).load do
       task :install_deps, :roles => :app do
         # install binary packages, so all needed dependencies are installed
         apt.install( {:base => %w(imagemagick libmagick9-dev libperl-dev libmagick10)}, :stable )
-        # remove binary packages, leaving the dependencies
+        # remove binary packages, leaving the dependencies, so we can install from src without needing all deps from
+        # source as well
         apt.install( {:base => %w(imagemagick- libmagick9-dev- libmagick10-)}, :stable )
       end
 

data/lib/deprec/recipes/iptables.rb

@@ -3,6 +3,7 @@ Capistrano::Configuration.instance(:must_exist).load do
   namespace :deprec do 
     namespace :iptables do
 
+      # see iptables-init script and iptables-default file for syntax
       set :iptables_allowed, "tcp:22,80,443"
       set :iptables_forwards, ""
       set :iptables_binary, "/sbin/iptables"

data/lib/deprec/recipes/java.rb

@@ -1,12 +1,15 @@
 def accept_license
+  # don't ask to accept the license if already preset
   return if java_dlj_11_license_accepted
   in_license = false
+  # read license text from bottom of this file
   Capistrano::CLI.ui.say(IO.readlines(__FILE__).collect do |line|
     in_license = false if line =~ /^# END_LICENSE/
     current_line = in_license ? line.strip.gsub(/^#[ ]?/, '') : nil  
     in_license = true if line =~ /^# START_LICENSE/
     current_line
   end.compact.join("\n"))
+  # ask whether user accepts the license
   prompt = "Accept license (YES, [NO])?  "
   answer = Capistrano::CLI.ui.ask(prompt) do |q|
     q.overwrite = false
@@ -14,6 +17,7 @@ def accept_license
     q.validate = /(yes)|(no)|\n/i
     q.responses[:not_valid] = prompt
   end
+  # set variable to true if license is accepted
   if answer.upcase == 'YES'
     set :java_dlj_11_license_accepted, true
   end
@@ -25,13 +29,16 @@ Capistrano::Configuration.instance(:must_exist).load do
     namespace :java do
       
       set :java_include_jdk, false
+      # Set this variable to true in your deployment recipe to accept the license contained below
       set :java_dlj_11_license_accepted, false
       set :java_stopthread, true # no idea what this does, but it defaults to true on Hardy and should be preset for auto inst
       
       desc "Install Java"
       task :install do
         accept_license
+        # only install if license was accepted
         if java_dlj_11_license_accepted
+          # preseed questions for debconf, so automatic install works
           debconf_set_selections_file = "/tmp/java_debconf_set_selections.#{Time.now.strftime("%Y%m%d%H%M%S")}"
           debconf_set_selections = [
             "sun-java6-jre	sun-java6-jre/stopthread	boolean	#{java_stopthread}",
@@ -41,16 +48,21 @@ Capistrano::Configuration.instance(:must_exist).load do
             "sun-java6-bin	shared/present-sun-dlj-v1-1	note",
             "sun-java6-jre	shared/present-sun-dlj-v1-1	note"           
           ]
+          # select packages to install
           packages = %w(sun-java6-bin sun-java6-jre)
           if java_include_jdk
             packages << "sun-java6-jdk"
+            # add preseed answers if also installing jdk
             debconf_set_selections += [
               "sun-java6-jdk	shared/accepted-sun-dlj-v1-1	boolean	#{java_dlj_11_license_accepted}",
               "sun-java6-jdk	shared/present-sun-dlj-v1-1	note"
             ]
           end
+          # upload preseeded selections
           put debconf_set_selections.join("\n"), debconf_set_selections_file, :mode => 0644
+          # insert preseeded selections into debconf db
           sudo "debconf-set-selections #{debconf_set_selections_file} ; rm -f #{debconf_set_selections_file}"
+          # install java
           apt.install( {:base => packages}, :stable )
         end
       end

data/lib/deprec/recipes/keepalived.rb

@@ -2,15 +2,37 @@
 Capistrano::Configuration.instance(:must_exist).load do 
   namespace :deprec do
     namespace :keepalived do
-        
-      set :keepalived_script, 'killall -0 haproxy'
-      set :keepalived_virtual_ipaddress, '192.168.0.99'
-      set :keepalived_virtual_router_id, '51'
-      set :keepalived_interface, 'eth0'
-      set :keepalived_interval, '2'  # check every 2 seconds
-      set :keepalived_weight, '2'  # add 2 points of prio if OK
-      set :keepalived_priority, '101' # 101 on master, 100 on backup
-      set :keepalived_state, 'MASTER'
+
+      # :keepalived_scripts should contain a hash where each key is the suffix of the vrrp_script registration,
+      # and the value is again a hash, containing as key => value pairs:
+      # :script => 'killall -0 haproxy' or any script which returns a 0 or 1 exit value
+      # :interval => 1
+      # :weight => 2
+      set :keepalived_scripts, {
+        :haproxy => {
+          :script => 'killall -0 haproxy',
+          :interval => 1,
+          :weight => 2
+        }
+      }
+
+      # :keepalived_instances should contain a hash with at least one key => value pair. The key should be a string
+      # with the virtual IP address. The value is again a hash with some settings, containing as key => value pairs:
+      # :virtual_router_id => '51' or any unique integer among all VRRP instances on the same subnet
+      # :interface => 'eth0'
+      # :priority => '101', usually should be one higher for MASTER than for BACKUP
+      # :state => 'MASTER' or 'BACKUP', automatically adds :wanted_state to :scripts below
+      # :scripts => symbol or hash of scripts to execute for this instance, when left undefined all scripts defined above
+      # are added
+      set :keepalived_instances, {
+        "192.168.0.99" => {
+          :virtual_router_id => '51',
+          :interface => 'eth0',
+          :priority => '101',
+          :state => 'MASTER',
+          :scripts => :haproxy
+        }
+      }
   
       desc "Install keepalived on server"
       task :install, :roles => :failover do

data/lib/deprec/recipes/nagios.rb

@@ -12,6 +12,10 @@ Capistrano::Configuration.instance(:must_exist).load do
       set :nagios_htpasswd_file, '/usr/local/nagios/etc/htpasswd.users'
       # default :application, 'nagios' 
       set :nagios_ssh_key, nil
+      # all SSH hostnames or IPs that nagios should check
+      set :nagios_known_hosts, [ ]
+      # allow nagios user on check_hosts to do certain commands through sudo
+      set :nagios_sudo_commands, [ ] # i.e.: %w(/usr/bin/killall /bin/kill /sbin/iptables /bin/cat)
       
       SRC_PACKAGES[:nagios] = {
         :url => "http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.0.tar.gz",
@@ -52,7 +56,7 @@ Capistrano::Configuration.instance(:must_exist).load do
       
       task :create_nagios_user, :roles => :nagios do
         deprec2.groupadd(nagios_group)
-        deprec2.useradd(nagios_user, :group => nagios_group, :homedir => false)
+        deprec2.useradd(nagios_user, :group => nagios_group)
         # deprec2.add_user_to_group(nagios_user, apache_user)
         deprec2.groupadd(nagios_cmd_group)
         deprec2.add_user_to_group(nagios_user, nagios_cmd_group)
@@ -145,6 +149,10 @@ Capistrano::Configuration.instance(:must_exist).load do
         deprec2.push_configs(:nagios, SYSTEM_CONFIG_FILES[:nagios])
         config_check
         restart
+        if nagios_known_hosts.size > 0
+          put nagios_known_hosts.join("\n"), tmp_file = "/tmp/ssh_keyscan_#{Time.now.strftime("%Y%m%d%H%M%S")}.txt", :mode => 0644
+          run "ssh-keyscan -f #{tmp_file} -t rsa > ~nagios/.ssh/known_hosts ; rm -f #{tmp_file} ; chown #{nagios_user}:#{nagios_group} ~nagios/.ssh/known_hosts"
+        end
       end
       
       desc "Run Nagios config check"
@@ -212,35 +220,45 @@ Capistrano::Configuration.instance(:must_exist).load do
         create_nagios_user
         deprec2.download_src(SRC_PACKAGES[:nagios_plugins], src_dir)
         deprec2.install_from_src(SRC_PACKAGES[:nagios_plugins], src_dir)        
+        config_access
+        install_custom
       end
       
+      # allow the user to install custom plugins from RAILS_ROOT/config/nagios_plugins/plugins
+      # any file there is uploaded to /usr/local/nagios/libexec and chmodded to 755
       desc "Install user plugins for nagios from config/nagios_plugins/plugins in user's project"
       task :install_custom do
-        remote_path = File.join('/', 'usr', 'local', 'nagios', 'libexec')
         plugins_path = File.join('config', 'nagios_plugins', 'plugins')
-        Dir.new(plugins_path).entries.each do |entry|
-          remote_plugin = File.join(remote_path, entry)
-          plugin = File.join(plugins_path, entry)
-          if File.file?(plugin)
-            std.su_put File.read(plugin), remote_plugin, '/tmp', :mode => 0755
+        if File.directory?(plugins_path)
+          remote_path = File.join('/', 'usr', 'local', 'nagios', 'libexec')
+          Dir.new(plugins_path).entries.each do |entry|
+            remote_plugin = File.join(remote_path, entry)
+            plugin = File.join(plugins_path, entry)
+            if File.file?(plugin)
+              std.su_put File.read(plugin), remote_plugin, '/tmp', :mode => 0755
+            end
           end
         end
       end
 
+      # configure ssh + sudo for nagios:
+      # * allow certain commands so nagios can do checks (killall, kill, iptables, cat) as root
+      # * add nagios ssh key to authorized keys on servers to check (if the variable is set)
       desc "configure ssh + sudo access for nagios_user"
       task :config_access do
-        deprec2.append_to_file_if_missing('/etc/sudoers', "#{nagios_user} ALL=(root) NOPASSWD:/usr/bin/killall")
-        deprec2.append_to_file_if_missing('/etc/sudoers', "#{nagios_user} ALL=(root) NOPASSWD:/bin/kill")
-        deprec2.append_to_file_if_missing('/etc/sudoers', "#{nagios_user} ALL=(root) NOPASSWD:/sbin/iptables")
-        deprec2.append_to_file_if_missing('/etc/sudoers', "#{nagios_user} ALL=(root) NOPASSWD:/bin/cat")
-        sudo "mkdir -p /home/#{nagios_user}/.ssh"
-        sudo "chmod 700 /home/#{nagios_user}/.ssh"
-        if nagios_ssh_key
-          sudo "echo '#{nagios_ssh_key}' >> /tmp/authorized_keys_file_for_nagios_user.tmp"
+        nagios_sudo_commands.each do |command|
+          deprec2.append_to_file_if_missing('/etc/sudoers', "#{nagios_user} ALL=(root) NOPASSWD:#{command}")
+        end
+        unless nagios_ssh_key.nil?
+          sudo "mkdir -p /home/#{nagios_user}/.ssh"
+          sudo "chmod 700 /home/#{nagios_user}/.ssh"
+          if nagios_ssh_key
+            sudo "echo '#{nagios_ssh_key}' >> /tmp/authorized_keys_file_for_nagios_user.tmp"
+          end
+          sudo "mv /tmp/authorized_keys_file_for_nagios_user.tmp /home/#{nagios_user}/.ssh/authorized_keys"
+          sudo "chmod 600 /home/#{nagios_user}/.ssh/authorized_keys"
+          sudo "chown -R nagios:nagios /home/#{nagios_user}/.ssh"
         end
-        sudo "mv /tmp/authorized_keys_file_for_nagios_user.tmp /home/#{nagios_user}/.ssh/authorized_keys"
-        sudo "chmod 600 /home/#{nagios_user}/.ssh/authorized_keys"
-        sudo "chown -R nagios:nagios /home/#{nagios_user}/.ssh"
       end
 
       # Install dependencies for nagios plugins

data/lib/deprec/recipes/profiles.rb

@@ -1,44 +1,124 @@
 # Copyright 2009-2010 by le1t0@github. All rights reserved.
+
+# A little bit about profiles.. What I wanted to achieve was having a list of tasks which I can run,
+# which install a server from bare install to fully functional with only one deprec call. Before,
+# I fixed this by writing pages and pages of capistrano tasks performing each step, installing,
+# configuring and activating all that was needed and for all different configurations. I really
+# didn't like this as it was a nightmare to maintain. So I knew I wanted something that very compactly
+# can describe the steps to take to fully install a server.
+# 
+# I had no idea what to name it, I based my ideas on the notion of tasks in the debian linux distribution, but 
+# since the word task is already taken in capistrano, I just went for the word profile :) So a profile is 
+# basically an ordered list of recipes to run, including which tasks to perform on them; furthermore, a 
+# profile can reference other profiles, so you can extract out generic definitions. I defined
+# [ :config_gen, :install, :config, :activate, :start ] to be the default list of tasks to perform on a recipe,
+# but made it possible to override this list per profile (for example when you want to make profiles which can
+# give you a status overview of the entire server farm or something).. Each profile would mention only the name
+# of a recipe to run, and possibly (as arguments) the list of tasks to include this recipe for. So when a profile
+# should run in the 5 mentioned tasks, and you add recipe imagemagick with as an argument :install, then it would
+# only run install on the imagemagick recipe. Finally, I added the option of calling a custom task (i.e. not one
+# of the 5 default ones). Some examples:
+# 
+# profile :tools, :install do |p, r| # only execute the :install task on the include recipes in this profile
+#   r.ubuntu
+#   r.nagios_plugins
+#   r.imagemagick
+#   r.aspell
+# end
+# 
+# profile :base do |p, r|    # the 'p' object allows you to call other profiles, the 'r' object allows you to call recipes
+#   r.iptables
+#   r.postfix
+#   r.ntp
+#   r.ubuntu.utils.bash :config # call :config in utils.bash namespace of ubuntu recipe
+#   p.tools # include another profile in this profile
+# end
+# 
+# profile :app_base do |p, r| # this profile, as most others, doesn't define a custom set of tasks, so it runs  [ :config_gen, :install, :config, :activate, :start ] 
+#   r.call.passenger.config_gen_system :config_gen
+#   r.call.rails.install_stack :install # run custom task :install_stack during the :install phase on the rails recipe; use call to define calling a custom task
+#   r.java
+# end
+# 
+# profile :db_base do |p, r|
+#   r.mysql
+#   r.sphinx :install # only execute :install for sphinx, for the others run the defaults ([ :config_gen, :install, :config, :activate, :start ])
+#   r.java
+# end
+# 
+# profile :composite_server do |p, r| # make a profile purely based on other profiles
+#   p.base
+#   p.app_base
+#   p.db_base
+# end
+
 Capistrano::Configuration.instance(:must_exist).load do 
   class DeprecProfile
+    # list of profiles or recipes to call for this profile
     attr_accessor :tasks_to_call
+    # keep track the current called profile/recipe. We can't add them directly to :tasks_to_call, because we need to support
+    # (namespace) nested tasks and literal tasks as well.
     attr_accessor :current_task
+    # boolean which states whether we are in the sub namespace of a recipe or just the base recipe
     attr_accessor :sub_namespace
+    # if we want to call another task than the default for a certain step (i.e. calling :install_all_my_stuff instead
+    # of just :install for the install step) this variable (boolean) tells us whether this is the case
     attr_accessor :literal
 
     def initialize
+      # by default, we have no profiles/recipes defined and we don't start out in a sub_namespace
       @tasks_to_call = []
       @sub_namespace = false
     end
     
     def call
+      # only support calling literal tasks when we are not in a sub_namespace
       if !@sub_namespace
+        # since method_missing won't be called now, we need to call finalize, before continuing
         finalize
-        @literal = true # can't set directly in current_task, since it will run finalize again in method_missing then (wrongly)
+        @literal = true # can't set directly in :current_task, since it will run finalize again in method_missing then (wrongly)
       end
       self
     end
     
+    # the very core of the profiles code, which implements the DSL for defining profiles and recipes to call
     def method_missing(method_name, *args, &block)
       obj = nil
+      # if we are not in a sub_namespace, then this is a base recipe or profile to call
       if !@sub_namespace
+        # call finalize, so any previous current_task gets registered
         finalize
+        # make sure we start out fresh
         @current_task ||= {}
+        # if we want to call a literal task, define it now in the :current_task variable, and reset the literal variable
+        # for next tasks to come
         @current_task[:literal] = true if @literal
         @literal = false
+        # define the name of the recipe or profile to call
         @current_task[:name] = method_name.to_s
+        # define any arguments as well, which could be a list of symbols overriding (only_recipe_tasks) below. Use this
+        # when you want a certain recipe or profile to only execute for one or more certain steps. I.e. when the entire
+        # profile executes for :install and :config steps, but you want imagemagick to only execute for the :install step,
+        # you would use this.
         @current_task[:args] = args.size == 0 ? nil : args.flatten
+        # return a copy of ourselves, since we don't want to contaminate the current one with the sub_namespace setting,
+        # as we can never set it to false anymore (no way to detect it)
         obj = self.dup
         obj.sub_namespace = true
       else
+        # we are in a sub_namespace, so define the sub_namespace name by concatting it to the existing name with a dot
         @current_task[:name] = [ @current_task[:name], method_name.to_s ].join('.')
-        @current_task[:args] = args.size == 0 ? nil : args.flatten        
+        # register any arguments as well
+        @current_task[:args] = args.size == 0 ? nil : args.flatten
+        # return our self, so we can also go into another sub_namespace
         obj = self
       end
       obj
     end
     
     def finalize
+      # if a current task is defined, make sure it gets registered in :tasks_to_call and reset :current_task,
+      # for a possible next call
       if !@current_task.nil?
         @tasks_to_call << @current_task
         @current_task = nil
@@ -46,11 +126,20 @@ Capistrano::Configuration.instance(:must_exist).load do
     end
   end
 
+  # define a profile, with arguments
+  # - a name for the resulting task which executes the profile
+  # - optionally an array of (or just one) symbol(s) of task names to execute (by default) within the recipes
+  # contained in this profile
+  # - a block containing calls to either other profiles or recipes
   def profile(profile_task_name, *only_recipe_tasks, &block)
     only_recipe_tasks = [ :config_gen, :install, :config, :activate, :start ] if only_recipe_tasks.size == 0
+    # Execute the block with two arguments, the first will contain profiles which should be called, the second
+    # will contain recipes which should be called
     yield(profiles = DeprecProfile.new, recipes = DeprecProfile.new)
     profiles.finalize
     recipes.finalize
+    # define a list of distclean tasks which remove all stamps for the respective profile for either all step tasks
+    # (only_recipe_tasks) or one of these
     ([ :all ] + only_recipe_tasks).each do |tsk|
       cmd = "
         namespace :deprec do\nnamespace :profiles do\nnamespace :#{profile_task_name} do\nnamespace :distclean do\ndesc '#{profile_task_name}:distclean:#{tsk}'\ntask :#{tsk} do\n
@@ -58,7 +147,9 @@ Capistrano::Configuration.instance(:must_exist).load do
       "
       puts cmd if ENV['DEBUG_PROFILES']
       eval(cmd)
-    end    
+    end
+    # define the :all task for the profile, which calls all tasks defined in (only_recipe_tasks) on the profile itself, and
+    # stamps its success. Remove all stamps when successful
     cmd = "
       namespace :deprec do\nnamespace :profiles do\nnamespace :#{profile_task_name} do\ndesc '#{profile_task_name}:all'\ntask :all do\n
         #{only_recipe_tasks.collect do |n|
@@ -71,6 +162,9 @@ Capistrano::Configuration.instance(:must_exist).load do
     "
     puts cmd if ENV['DEBUG_PROFILES']
     eval(cmd)
+    # define the various tasks defined in (only_recipe_tasks) for this profile, they should call their respective step task
+    # on the profiles and recipes contained within this profile, and stamp their success. Remove all stamps if everything
+    # was successful
     only_recipe_tasks.each do |rt|
       cmd = "
         desc '#{profile_task_name}:#{rt}'\nnamespace :deprec do\nnamespace :profiles do\nnamespace :#{profile_task_name} do\ntask :#{rt} do\n
@@ -97,11 +191,14 @@ Capistrano::Configuration.instance(:must_exist).load do
     end
   end
   
+  # create a stamp for the currently executed profile, the recipe that has been completed and specifically which task
+  # has been run on it
   def profile_stamp(profile_name, executing_recipe, executing_task)
     stamp_name = "stamp-#{profile_name.gsub(/:/, '_')}-#{executing_task_name(executing_recipe, executing_task)}"
     run "mkdir -p ~/.deprec ; touch ~/.deprec/#{stamp_name}"
   end
-  
+
+  # check whether a stamp already exists
   def profile_stamp_exists?(profile_name, executing_recipe, executing_task)
     stamp_name = "stamp-#{profile_name.gsub(/:/, '_')}-#{executing_task_name(executing_recipe, executing_task)}"
     result = nil
@@ -111,10 +208,12 @@ Capistrano::Configuration.instance(:must_exist).load do
     result
   end
   
+  # remove all stamps for a profile
   def remove_profile_stamps(profile_name)
     run "mkdir -p ~/.deprec ; rm -f ~/.deprec/stamp-#{profile_name.gsub(/:/, '_')}-*"
   end
   
+  # helper method for the stamp and stamp_exists? methods above
   def executing_task_name(executing_recipe, executing_task)
     if executing_recipe =~ /\./
       "#{executing_recipe.gsub(/\./, '_')}--#{executing_task}"
@@ -122,4 +221,24 @@ Capistrano::Configuration.instance(:must_exist).load do
       "#{executing_recipe}_#{executing_task}"
     end
   end
+
+  profile :rails_stack, :install do |p, r|
+    r.ruby
+    r.rails
+    r.svn
+    r.git
+    r.web
+    r.app
+    r.monit if use_monit
+    r.logrotate if use_logrotate
+  end
+  
+  profile :single_server do |p,r|
+    p.rails_stack
+    r.iptables
+    r.postfix
+    r.ntp
+    r.mysql
+  end
+  
 end

data/lib/deprec/recipes/redhat_cluster.rb.unmaintained

@@ -3,6 +3,7 @@ Capistrano::Configuration.instance(:must_exist).load do
   namespace :deprec do
     namespace :redhat_cluster do
   
+	  # check redhat cluster's cluster.conf manpage for explanation of configuring this
       set :redhat_cluster_name, 'storagecluster'
       set :redhat_cluster_config_version, '1'
       set :redhat_cluster_nodes, [
@@ -114,11 +115,14 @@ Capistrano::Configuration.instance(:must_exist).load do
       end
   
       task :config_common, :roles => [:storage_client, :storage_server] do
+		# add some modules to load
         deprec2.append_to_file_if_missing('/etc/modules', 'dm-mod')
         deprec2.append_to_file_if_missing('/etc/modules', 'gfs')
         deprec2.append_to_file_if_missing('/etc/modules', 'lock_dlm')
-        deprec2.append_to_file_if_missing('/etc/modules', 'gnbd')    
+        deprec2.append_to_file_if_missing('/etc/modules', 'gnbd')
+		# comment out default setting of locking_type
         deprec2.substitute_in_file('/etc/lvm/lvm.conf', '^(\s*)(locking_type = 1\s*)$', '$1#$2')
+        # uncomment these settings in config file
         deprec2.substitute_in_file('/etc/lvm/lvm.conf', '^(\s*)#\s*(locking_library = \"liblvm2clusterlock.so\"\s*)$', '$1$2')
         deprec2.substitute_in_file('/etc/lvm/lvm.conf', '^(\s*)#\s*(locking_type = 2\s*)$', '$1$2')
         deprec2.substitute_in_file('/etc/lvm/lvm.conf', '^(\s*)#\s*(library_dir = \"/lib/lvm2\"\s*)$', '$1$2', '%')

data/lib/deprec/recipes/rvm.rb

@@ -19,9 +19,9 @@ EOF
       task :install_rubies do
         rvm_rubies.each_with_index do |ruby, i|
           run "rvm install #{ruby}"
-          run "rvm --default #{ruby}" if i == 0 && (rvm_default_ruby.empty? || rvm_default_ruby.nil?)
+          run "rvm --default #{ruby}" if i == 0 && (rvm_default_ruby.nil? || rvm_default_ruby.empty?)
         end
-        if !(rvm_default_ruby.empty? || rvm_default_ruby.nil?)
+        if !(rvm_default_ruby.nil? || rvm_default_ruby.empty?)
           set_default = rvm_default_ruby == "system" ? rvm_default_ruby : "--default #{rvm_default_ruby}"
           run "rvm #{set_default}"
         end

data/lib/deprec/recipes/s3utils.rb

@@ -4,7 +4,7 @@ Capistrano::Configuration.instance(:must_exist).load do
     namespace :s3utils do
       
       set :s3utils_bucket_location, 'EU'
-      set :s3utils_calling_format, 'SUBDOMAIN'
+      set :s3utils_calling_format, 'SUBDOMAIN' # used by s3sync in s3config.yml
       set :s3utils_access_key, "0123456789ABCDEFGHIJ"
       set :s3utils_secret_key, "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcd"
       set :s3utils_passphrase, "my_passphrase"
@@ -19,7 +19,7 @@ Capistrano::Configuration.instance(:must_exist).load do
         :install => 'cp -a S3 s3cmd /usr/local/bin/ ; cp s3cmd.1 /usr/local/share/man/man1/ ;'
       }
 
-      # setting it as a class variable makes it initialize too early, making 'user' contain the wrong value!
+      # XXX - setting it as a class variable makes it initialize too early, making 'user' contain the wrong value! - le1t0
       def s3utils_system_config_files
         [
           {:template => "s3cfg",

data/lib/deprec/recipes/ssh.rb

@@ -3,15 +3,23 @@ Capistrano::Configuration.instance(:must_exist).load do
   namespace :deprec do
     namespace :ssh do
       
-      # hash of :user => :ssh_key combinations
-      # :ssh_*_keys can be:
-      # - one key (a string)
-      # - an array of keys
+      # define SSH keys for each user
+      # :ssh_user_keys should be a hash, with:
+      # * the keys being any identifier for the user
+      # * the values being either:
+      # ** one SSH key in the form of a string
+      # ** multiple SSH keys in the form of an array of strings
+      # Define this variable in the main deploy.rb when using multistage capistrano
       set :ssh_user_keys, { }
-      set :ssh_host_keys, { }
-      # an array of symbols or strings containing user_names/host_names as defined in :ssh_*_keys
+      # :ssh_users should contain an array of user identifiers as defined in :ssh_user_keys,
+      # use this variable to define which users have access to the all the servers defined.
+      # Specify this variable in a stage deploy file when using multistage capistrano
+      # (so you can have different users have access to different servers)
       set :ssh_users, [ ]
-      set :ssh_hosts, [ ]
+      # :ssh_known_hosts variable should contain the hostnames or IP addresses (as an array of strings)
+      # of all hosts that should be put in the deploy_user's known_hosts file. This known_hosts file will
+      # be put on all defined servers.
+      set :ssh_known_hosts, [ ]
 
       SYSTEM_CONFIG_FILES[:ssh] = [
         
@@ -43,6 +51,10 @@ Capistrano::Configuration.instance(:must_exist).load do
         restart
       end
 
+      # set access for SSH:
+      # * add keys of users to authorized_keys file of deploy_user
+      # * add host keys to known hosts file of deploy_user
+      desc "create authorized_keys and known_hosts files on servers"
       task :set_access do
         if ssh_users.size > 0
           run "rm -f ~/.ssh/authorized_keys.new"
@@ -56,16 +68,9 @@ Capistrano::Configuration.instance(:must_exist).load do
           run "mv ~/.ssh/authorized_keys.new ~/.ssh/authorized_keys"
         end
 
-        if ssh_hosts.size > 0
-          run "rm -f ~/.ssh/known_hosts.new"
-          ssh_hosts.each do |ssh_user|
-            keys = [ssh_host_keys[ssh_user]].flatten
-            keys.each do |ssh_key|
-              deprec2.append_to_file_if_missing('~/.ssh/known_hosts.new', ssh_key)
-            end
-          end
-          run "cp ~/.ssh/known_hosts ~/.ssh/known_hosts.bak"
-          run "mv ~/.ssh/known_hosts.new ~/.ssh/known_hosts"
+        if ssh_known_hosts.size > 0
+          put ssh_known_hosts.join("\n"), tmp_file = "/tmp/ssh_keyscan_#{Time.now.strftime("%Y%m%d%H%M%S")}.txt", :mode => 0644
+          run "ssh-keyscan -f #{tmp_file} -t rsa > ~/.ssh/known_hosts ; rm -f #{tmp_file}"
         end
       end
       

data/lib/deprec/templates/iptables/firewall-init.erb

@@ -47,7 +47,9 @@ function define_forwards () {
     srcport="$(echo $forward | cut -d '>' -f 1 | cut -d ':' -f 2)"
     destip="$(echo $forward | cut -d ';' -f 1 | cut -d '>' -f '2' | cut -d ':' -f 1)"
     destport="$(echo $forward | cut -d ';' -f 1 | cut -d '>' -f '2' | cut -d ':' -f 2)"
+	# define forward in the nat chain, redirect to the destination IP and port
     $IPTABLES -t nat -A PREROUTING -p $proto -d $localip --dport $srcport -j DNAT --to $destip:$destport
+	# allow access to the destination IP and port in the FORWARD chain
 	$IPTABLES -A FORWARD -p $proto -d $destip --dport $destport -j ACCEPT
   } ; done
 }
@@ -71,7 +73,9 @@ function set_default_rules () {
 
 # don't call parse_sources directly! It's called by set_allowed_rules
 function parse_sources () {
+	# parse all sources
 	for sourcedef in $1 ; do {
+		# define targets for each source
 		parse_targets "$2" "-s ${sourcedef}"
 	} ; done
 }
@@ -79,13 +83,18 @@ function parse_sources () {
 # don't call parse_targets directly! It's called by set_allowed_rules
 function parse_targets () {
 	sourcedef="$2"
+	# parse all targets
 	for targetdef in $1 ; do {
+		# targets should be define as:
+		# protocol[,protocol[,...]][:port[,port[,...]]]
 		protocols="$(echo $targetdef | awk -F ":" '{ print $1; }' | sed 's/,/ /g')"
 		ports="$(echo $targetdef | awk -F ":" '{ print $2; }' | sed 's/,/ /g')"
 		for protocol in ${protocols} ; do {
+			# if no ports are defined, just allow access to the entire protocol (i.e. pptp, vrrp, etc)
 			if [ -z "${ports}" ] ; then
 				$IPTABLES -A INPUT -p ${protocol} ${sourcedef} -m state --state NEW -j ACCEPT ;
 			else
+				# for each defined port, allow access to the defined source or the world (if empty)
 				for port in ${ports} ; do {
 					OPT="--dport"
 					[ "$protocol" = "icmp" ] && OPT="--icmp-type"
@@ -97,12 +106,18 @@ function parse_targets () {
 }
 
 function set_allowed_rules () {
+	# all rules should be defined in one space separated variable called allowed
 	for ruledef in ${allowed} ; do {
+		# everything before the @ sign defines the target specification (i.e. IP + port or protocol to allow access to)
+		# targets should be semi colon (;) separated (which are changed to spaces for easy parsing)
 		target="$(echo $ruledef | awk -F "@" '{ print $1; }' | sed 's/;/ /g')"
+		# everything after the @ sign defines the source specification (i.e. IP, etc from where the request is coming)
+		# sources should be comma (,) separated (which are changed to spaces for easy parsing)
 		source="$(echo $ruledef | awk -F "@" '{ print $2; }' | sed 's/,/ /g')"
+		# if there is no source specification (allow entire world), then only define the target
 		if [ -z "${source}" ] ; then
 			parse_targets "$target"
-		else
+		else # else define the source first
 			parse_sources "$source" "$target"
 		fi
 	} ; done	

data/lib/deprec/templates/keepalived/keepalived.conf.erb

@@ -1,18 +1,38 @@
-vrrp_script chk_haproxy {           # Requires keepalived-1.1.13
-        script "<%= keepalived_script %>"     # cheaper than pidof
-        interval <%= keepalived_interval %>                      # check every 2 seconds
-        weight <%= keepalived_weight %>                        # add 2 points of prio if OK
+# touch /etc/keepalived/MASTER to make a BACKUP keepalived be MASTER. Remove it to make it BACKUP again.
+vrrp_script chk_wanted_state {
+        script "test -e /etc/keepalived/MASTER"
+        interval 1
+        weight 2
 }
 
-vrrp_instance VI_1 {
-        interface <%= keepalived_interface %>
-        state <%= keepalived_state %>
-        virtual_router_id <%= keepalived_virtual_router_id %>
-        priority <%= keepalived_priority %>
+<% keepalived_scripts.each do |name, settings| %>
+vrrp_script chk_<%= name.to_s %> {
+        script "<%= settings[:script] %>"
+        interval <%= settings[:interval] %>
+        weight <%= settings[:weight] %>
+}
+<% end %>
+
+<% instance_counter = 1 %>
+<% keepalived_instances.each do |virtual_ipaddress, settings| %>
+vrrp_instance VI_<%= instance_counter %> {
+        interface <%= settings[:interface] %>
+        state <%= settings[:state] %>
+        virtual_router_id <%= settings[:virtual_router_id] %>
+        priority <%= settings[:priority] %>
         virtual_ipaddress {
-            <%= keepalived_virtual_ipaddress %>
+            <%= virtual_ipaddress %>
         }
+<% if settings[:state] != 'MASTER' %>
+	    track_script {
+	        chk_wanted_state
+	    }
+<% end %>
+<% (settings[:scripts].nil? || [settings[:scripts]].flatten.empty? ? keepalived_scripts.keys : [settings[:scripts]].flatten).each do |name| %>
         track_script {
-            chk_haproxy
+            chk_<%= name.to_s %>
         }
-}
+<% end %>
+}
+<% instance_counter += 1 %>
+<% end %>

metadata

@@ -6,8 +6,8 @@ version: !ruby/object:Gem::Version
   - 2
   - 1
   - 6
-  - 6
-  version: 2.1.6.006
+  - 7
+  version: 2.1.6.007
 platform: ruby
 authors: 
 - Le1t0
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-06-04 00:00:00 +02:00
+date: 2010-06-10 00:00:00 +02:00
 default_executable: depify
 dependencies: 
 - !ruby/object:Gem::Dependency