meroku 0.1.36 → 2.0.0

data/lib/meroku/keys_controller.rb

@@ -1,82 +0,0 @@
-
-module Meroku
-  
-  class KeysController < ApplicationController
-    before_action :set_key, only: [:show, :edit, :update, :destroy]
-    skip_before_action :verify_authenticity_token, only: [:create]
-    before_action :authenticate, only: [ :create ]
-
-    ## GET /keys
-    ## GET /keys.json
-    #def index
-    #  @keys = Meroku::Key.allxb
-    #  render json: { "data": @keys }
-    #end
-  
-    ## GET /keys/1
-    ## GET /keys/1.json
-    #def show
-    #end
-    #
-    ## GET /keys/new
-    #def new
-    #  @key = Key.new
-    #end
-    #
-    ## GET /keys/1/edit
-    #def edit
-    #end
-    #
-    # POST /keys
-    # POST /keys.json
-    def create
-      @key = Meroku::Key.new(
-        key: params["key"],
-        user_id: @user.id
-      )
-      respond_to do |format|
-        if @key.save
-          format.json { render json: {  data: @key  } }
-        else
-         
-          format.json { render json: { :errors => @key.errors }, status: :unprocessable_entity }
-        end
-      end
-    end
-    #
-    ## PATCH/PUT /keys/1
-    ## PATCH/PUT /keys/1.json
-    #def update
-    #  respond_to do |format|
-    #    if @key.update(key_params)
-    #      format.html { redirect_to @key, notice: 'Key was successfully updated.' }
-    #      format.json { render :show, status: :ok, location: @key }
-    #    else
-    #      format.html { render :edit }
-    #      format.json { render json: @key.errors, status: :unprocessable_entity }
-    #    end
-    #  end
-    #end
-    #
-    ## DELETE /keys/1
-    ## DELETE /keys/1.json
-    #def destroy
-    #  @key.destroy
-    #  respond_to do |format|
-    #    format.html { redirect_to keys_url, notice: 'Key was successfully destroyed.' }
-    #    format.json { head :no_content }
-    #  end
-    #end
-  
-    private
-      # Use callbacks to share common setup or constraints between actions.
-      def set_key
-        @key = Key.find(params[:id])
-      end
-  
-      # Never trust parameters from the scary internet, only allow the white list through.
-      def key_params
-        params.require(:key).permit(:key, :original_filename, :user_id)
-      end
-  end
-end

data/lib/meroku/sanitychecks.rb

@@ -1,19 +0,0 @@
-module Meroku
-  module Sanitychecks
-
-    def admin_secrets_required
-      secrets_dir = "#{Dir.home}/crypto/meroku/"
-      IO.read("#{secrets_dir}/meroku_secrets")
-      require 'dotenv'
-      Dotenv.load("#{secrets_dir}/meroku_secrets")
-      IO.read("#{secrets_dir}/meroku.id_rsa")
-      #IO.read("#{secrets_dir}/meroku.id_rsa.pub")
-      #IO.read("#{secrets_dir}/meroku_site_cert.pem")
-      #IO.read("#{secrets_dir}/meroku_site_chain.pem")
-      #IO.read("#{secrets_dir}/meroku_site_fullchain.pem")
-      #IO.read("#{secrets_dir}/meroku_site_privkey.pem")
-      #IO.read("#{secrets_dir}/meroku_ssh_host_keys.tgz")
-    end
-    
-  end
-end

data/lib/meroku/user.rb

@@ -1,23 +0,0 @@
-module Meroku
-  
-  class User < Meroku::ApplicationRecord
-    include Meroku::Util
-
-    # Include default devise modules. Others available are:
-    # :confirmable, :lockable, :timeoutable and :omniauthable
-    devise :database_authenticatable, :registerable,
-           :recoverable, :rememberable, :trackable, :validatable
-
-    has_many :keys
-    
-    after_create :add_unix_user
-    after_create :install_rvm_for_user
-
-    def database_password
-      encrypted_password[7..20].gsub(/[^0-9a-z ]/i, '')
-    end
-    
-  end
-
-end
-

data/lib/meroku/util.rb

@@ -1,434 +0,0 @@
-module Meroku
-
-  # Methods that doesn't have a proper namespace yet
-  module Util
-
-    require 'open3'
-    class Subprocess
-      def initialize(cmd, &block)
-        # see: http://stackoverflow.com/a/1162850/83386
-        Open3.popen3(cmd) do |stdin, stdout, stderr, thread|
-          stdin.close
-          # read each stream from a new thread
-          { :out => stdout, :err => stderr }.each do |key, stream|
-            Thread.new do
-              until (line = stream.gets).nil? do
-                # yield the block depending on the stream
-                if key == :out
-                  yield line, nil, thread if block_given?
-                else
-                  yield nil, line, thread if block_given?
-                end
-              end
-            end
-          end
-  
-          thread.join # don't exit until the external process is done
-          raise "ErrorDuringPopen3" if thread.value != 0
-        end
-      end
-    end
-
-    def additional_env_vars(app_name, dbtype)
-      require 'rest-client'
-      resp = RestClient.post 'https://www.meroku.com/meroku/apps/0/additional_env_vars.json', { :"dbtype" => dbtype, authentication: { app_name: app_name, token: cli_token} }
-      JSON.parse(resp)["data"]
-    end
-    
-    def update_authorized_keys_file
-      `sudo -i -u u#{self.user_id} sh -c "echo '#{self.key}' | tee /home/u#{self.user_id}/.ssh/authorized_keys"`
-    end
-
-    def setup_repo
-      app = Meroku::App.find(self.app_id)
-      user = Meroku::User.find(self.user_id)
-      `sudo -i -u u#{user.id} sh -c "mkdir ~/#{app.name}.git"`
-      `sudo -i -u u#{user.id} sh -c "cd ~/#{app.name}.git && git init --bare"`
-    end
-
-
-    def self.add_unix_users
-      puts "DB8 #{Meroku::User.all.size} users to add..."
-      Meroku::User.all.each do |user|
-        puts "DB8 Adding #{user.id} #{user.email}"
-        `sudo adduser --disabled-password --gecos "" u#{user.id}`
-        `sudo usermod -aG meroku u#{user.id}`
-        #`sudo -i -u u#{user.id} sh -c "mkdir ~/.ssh/"`
-        #`sudo -i -u u#{user.id} sh -c "touch ~/.ssh/authorized_keys"`
-        #a = IO.write("/tmp/tmp.txt",user.encrypted_password)
-        #`sudo -i -u u#{user.id} sh -c "cp /tmp/tmp.txt /home/u1/.encrypted_password"`
-        #`sudo -i -u u#{user.id} sh -c "cp /tmp/tmp.txt /home/u1/.encrypted_password 2>&1"`
-        `sudo -i -u u#{user.id} sh -c "git config --global core.hooksPath /opt/githooks"`
-
-        #user.keys.each do |key|
-        #  puts "DB8 Adding key #{key.id} #{key.key[0..9]} ..."
-        #  `sudo -i -u u#{user.id} sh -c "echo '#{key.key}' | tee /home/u#{user.id}/.ssh/authorized_keys"`
-        #end
-
-      end
-    end
-    
-    # this is a callback called from the User model
-    def add_unix_user
-      `sudo adduser --disabled-password --gecos "" u#{self.id}`
-      `sudo usermod -aG meroku u#{self.id}`
-      `sudo -i -u u#{self.id} sh -c "mkdir ~/.ssh/"`
-      `sudo -i -u u#{self.id} sh -c "touch ~/.ssh/authorized_keys"`
-      Rails.logger.debug "DB8 A"
-      a = IO.write("/tmp/tmp.txt",self.encrypted_password)
-      Rails.logger.debug a
-      Rails.logger.debug `sudo -i -u u#{self.id} sh -c "cp /tmp/tmp.txt /home/u1/.encrypted_password"`
-      Rails.logger.debug `sudo -i -u u#{self.id} sh -c "cp /tmp/tmp.txt /home/u1/.encrypted_password 2>&1"`
-      Rails.logger.debug "DB8 A end"
-      `sudo -i -u u#{self.id} sh -c "git config --global core.hooksPath /opt/githooks"`
-    end
-
-    # this is a callback called from the Meroku::Collaborator model
-    def add_mysql_user
-      user = Meroku::User.find(self.user_id)
-      `sudo mysql -pbitnami -e 'FLUSH PRIVILEGES; set password for "u#{self.user_id}"@"localhost" = PASSWORD("#{user.database_password}"); FLUSH PRIVILEGES;'`
-      Rails.logger.debug "DB8 add_mysql_user db password for user id #{user.id} set to #{user.database_password}"
-    end
-
-    # self is a Meroku::Collaborator
-    def add_mysql_grants
-      app = Meroku::App.find(self.app_id)
-      `sudo mysql -pbitnami -e 'FLUSH PRIVILEGES; GRANT ALL PRIVILEGES ON #{app.name}.* TO "u#{self.user_id}"@"localhost"; FLUSH PRIVILEGES;'`
-    end
-
-    def create_empty_pg_db
-      app = Meroku::App.find(self.app_id)
-      `PGPASSWORD=bitnami psql -U postgres -c "CREATE DATABASE #{app.name};"`
-    end
-
-    def add_pg_user
-      user = Meroku::User.find(self.user_id)
-      `PGPASSWORD=bitnami psql -U postgres -c "CREATE USER u#{self.user_id} WITH PASSWORD '#{user.database_password}';"`
-    end
-
-    def add_pg_grants
-      app = Meroku::App.find(self.app_id)
-      `PGPASSWORD=bitnami psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE #{app.name} TO u#{self.user_id};"`
-    end
-
-    # self is a Meroku::Collaborator
-    def create_empty_mysql_db
-      app = Meroku::App.find(self.app_id)
-      `sudo mysql -pbitnami -e 'CREATE DATABASE #{app.name}'`
-    end
-
-    # self refers to a Meroku::User
-    def install_rvm_for_user
-      `sudo -i -u u#{self.id} /bin/bash -c 'curl -sSL https://get.rvm.io | bash'`
-    end
-    
-
-    def self.install_rvm_for_users
-      puts "DB8 #{Meroku::User.all.size} users to install rvm to..."
-      Meroku::User.all.each do |user|
-        puts "DB8 Installing rvm for Adding #{user.id} #{user.email}"
-        `sudo -i -u u#{user.id} /bin/bash -c 'curl -sSL https://get.rvm.io | bash'`
-      end
-    end
-
-    def self.start_apps
-      puts "DB8 Starting #{Meroku::App.all.size} apps ..."
-      Meroku::App.all.each do |app|
-       puts "DB8 Starting app #{app.id} #{app.name}"
-       app_owner_id = Meroku::App::Collaborator.where(app_id: app.id).first.user_id
-       `sudo -i -u u#{app_owner_id} /bin/bash -lc 'source /opt/githooks/start_app; start_app "/home/u#{app_owner_id}/#{app.name}.git"'`
-      end
-    end
-
-    def public_key_exists?
-      File.exist?(Dir.home + "/.ssh/id_rsa.pub")
-    end
-
-    def valid_json?(json)
-      JSON.parse(json)
-      return true
-    rescue JSON::ParserError => e
-      return false
-    end
-
-    def cli_logged_in?
-      if File.exist?("/tmp/meroku.token")
-        return true
-      else
-        puts "Not logged in"
-        return false
-      end
-    end
-
-    def cli_token
-      `cat /tmp/meroku.token`.chomp
-    end
-
-    def cli_user_id
-      user_id = `cat /tmp/meroku.id`
-    end
-
-    def app_name
-      git_remote = `git remote get-url meroku`.chomp
-      git_remote =~ /\@www.meroku.com\:(.*?).git\Z/
-      $1
-    end
-    
-    def ssh(ip, command)
-      puts `ssh -tt -o "StrictHostKeyChecking=no" -i ~/crypto/meroku/meroku.id_rsa bitnami@#{ip} '#{command}'`
-    end
-
-    def ssh2(ip, command)
-      print "+ #{command} "
-      Meroku::Util::Subprocess.new "ssh -tt -o StrictHostKeyChecking=no -i ~/crypto/meroku/meroku.id_rsa bitnami@#{ip} '#{command}'" do |stdout, stderr, thread|
-        print "."
-      end
-      print "\n"
-
-    end
-
-    def ssh3(ip, command)
-      puts "+ #{command} "
-      Meroku::Util::Subprocess.new "ssh -tt -o StrictHostKeyChecking=no -i ~/crypto/meroku/meroku.id_rsa bitnami@#{ip} '#{command}'" do |stdout, stderr, thread|
-        print stdout
-        print stderr
-      end
-      print "\n"
-
-    end
-    
-    def ec2_client
-      @ec2_client ||= Aws::EC2::Client.new(
-          region: 'us-east-1',
-          access_key_id: ENV['AWS_ACCESS_KEY_ID'],
-          secret_access_key: ENV['AWS_SECRET_ACCESS_KEY'],
-        )
-    end
-
-    def server_being_built
-      ec2_get_ip_by_instance_id(unused_servers.first)
-    end
-
-    def ec2_get_ip_by_instance_id(instance_id)
-      ec2_client.describe_instances(
-        filters:
-          [
-            { name: "instance-id", values: [ instance_id ] }
-          ]
-      ).reservations.first.instances.first.public_ip_address
-    end
-    
-    def meroku_servers
-      ec2_client.describe_instances(
-        filters:
-          [
-            { name: "tag:Name", values: ['meroku'] },
-            { name: "instance-state-name", values: ['pending', 'running'] }
-          ]
-      ).reservations
-        .map{ |a| a.instances }
-        .map{ |b|
-          b.map { |c| c.instance_id }
-        }
-        .flatten
-    end
-    
-    # Returns the production servers instance id
-    def production_servers
-      ec2_client.describe_instances(
-        filters:
-          [
-            { name: "ip-address", values: [ Meroku::PRODUCTION_IP ] },
-            { name: "tag:Name", values: ['meroku'] },
-            { name: "instance-state-name", values: ['pending', 'running'] }
-          ]
-      ).map { |x| x.reservations }.flatten.map { |x| x.instances }.flatten.map { |x| x.instance_id }
-    rescue
-      []
-    end
-    
-    def unused_servers
-      meroku_servers - production_servers
-    end
-
-    def terminate_unused_servers
-      unused_servers.each do |server|
-        puts "Terminating #{server}"
-        ec2_client.terminate_instances({ instance_ids: [ server ] })
-        sleep 1
-      end
-    end
-
-    def ec2_start_instance
-      resp = ec2_client.run_instances(
-        {
-          :image_id => 'ami-52a5dd44', #bitnami 2.4.1
-          :min_count => 1,
-          :max_count => 1,
-          :instance_type => "t2.small",
-          :key_name => "meroku.id_rsa"
-        }
-      )
-      resp[:instances][0][:instance_id]
-    end
-
-    def ec2_tag_instance(instance_id)
-      retries ||= 0
-      puts "create_tags try ##{ retries }"
-      ec2_client.create_tags( resources: [ instance_id ], tags: [ { key: 'Name', value: "meroku"}])
-    rescue
-      sleep 1
-      retry if (retries += 1) < 3      
-    end
-
-    def ec2_await_boot(instance_id)
-      wait_timeout = 60
-      ec2_client.wait_until(:instance_running, instance_ids:[ instance_id ]) do |w|
-        w.max_attempts = 10
-        w.interval = wait_timeout/10
-        w.before_attempt do |n|
-          print "#{n}/10 "
-        end
-      end
-      public_ip_address = ec2_client.describe_instances(instance_ids: [instance_id])[0][0].instances[0].public_ip_address
-      puts public_ip_address
-      wait_time=40
-      10.times do |i|
-        port_is_open = Socket.tcp(public_ip_address, 22, connect_timeout: 6) { true } rescue false
-        print "#{i}/10 "
-        break if port_is_open
-        sleep 8
-      end
-      print "\n"
-      puts `ssh -o "StrictHostKeyChecking=no" -i ~/crypto/meroku/meroku.id_rsa ubuntu@#{public_ip_address} uptime 2>/dev/null`
-    end
-
-    def self.shell_exec(command)
-      require 'open3'
-      Open3.popen2e(command) do |stdin, stdout_err, wait_thr|
-        while line = stdout_err.gets
-          IO.write("/home/bitnami/meroku/rails_app/log/nginx_rebuild.log", line, mode: 'a')
-        end
-    	exit_status = wait_thr.value
-        unless exit_status.success?
-          raise "FAILED !!!"
-        end
-      end
-    end
-
-    def self.nginx_rebuild
-      IO.write("/home/bitnami/meroku/rails_app/log/nginx_rebuild.log", "ngin_rebuild() started\n")
-      command = <<-'HEREDOC'
-        set -ex;
-        sudo rm -vf /opt/bitnami/nginx/conf/vhosts/*;
-        sudo rm -vf /opt/bitnami/nginx/keys/clients/*;
-HEREDOC
-      shell_exec(command)
-      IO.write("/tmp/www.conf", generate_nginx_config("www.meroku.com", "3000", nil) )
-      IO.write("/tmp/_.conf",nginx_fallback_vhost)
-
-      command = <<-'HEREDOC'
-        set -ex;
-        sudo mv -v /tmp/www.conf /opt/bitnami/nginx/conf/vhosts/;
-	sudo mv -v /tmp/_.conf /opt/bitnami/nginx/conf/vhosts/;
-HEREDOC
-      shell_exec(command)
-
-      Meroku::App.all.each do |app|
-        port = (3000 + app.id).to_s
-        domains = "#{app.name}.meroku.com"
-        domains = "#{app.name}.meroku.com"
-        domains += " #{app.domains.pluck(:domain).join(" ")}" if app.domains.size > 0
-        cert = nil
-        cert = app.name if app.server_crt
-        IO.write("/tmp/#{app.name}.conf", generate_nginx_config(domains, port, cert) )
-        shell_exec("sudo mv -v /tmp/#{app.name}.conf /opt/bitnami/nginx/conf/vhosts/")
-        if app.server_crt
-          IO.write("/tmp/#{app.name}.crt", app.server_crt )
-          IO.write("/tmp/#{app.name}.key", app.server_key )
-          shell_exec "set -ex; sudo mv -v /tmp/#{app.name}.crt /opt/bitnami/nginx/keys/cli\
-ents/"
-          shell_exec "set -ex; sudo mv -v /tmp/#{app.name}.key /opt/bitnami/nginx/keys/cli\
-ents/"
-        end
-      end
-      command = <<-'HEREDOC'
-        set -ex;
-        sudo /opt/bitnami/nginx/sbin/nginx -s reload;
-        ls -la /opt/bitnami/nginx/conf/vhosts/;
-HEREDOC
-      shell_exec(command)
-      IO.write("/home/bitnami/meroku/rails_app/log/nginx_rebuild.log", "ngin_rebuild() ended\n", mode: 'a')      
-    end
-
-    
-    def self.generate_nginx_config(domains, port, cert)
-      if cert
-        server_crt = "/opt/bitnami/nginx/keys/clients/#{cert}.crt"
-        server_key = "/opt/bitnami/nginx/keys/clients/#{cert}.key"
-      else
-        server_crt = "/opt/bitnami/nginx/keys/meroku_site_fullchain.pem"
-        server_key = "/opt/bitnami/nginx/keys/meroku_site_privkey.pem"
-      end
-      
-      template = nginx_template
-      template.gsub!('REPLACEMEDOMAINS', domains)
-      template.gsub!('REPLACEMEPORT', port)
-      template.gsub!('REPLACEMESERVERCERT', server_crt)
-      template.gsub!('REPLACEMESERVERKEY', server_key)
-      template
-    end
-
-    def self.nginx_template
-      <<-'HEREDOC'
-        server {
-            listen 80;
-            server_name REPLACEMEDOMAINS;
-            listen 443 ssl;
-            ssl_certificate REPLACEMESERVERCERT;
-            ssl_certificate_key REPLACEMESERVERKEY;
-
-            root /home/u1/onebody/public;
-
-            location ~ ^/assets/ {
-              expires 1y;
-              add_header Cache-Control public;
-        
-              add_header ETag "";
-              break;
-            }
-        
-            ssl_session_timeout 5m;
-            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-            ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
-            ssl_prefer_server_ciphers on;
-        
-            location / {
-              proxy_pass http://127.0.0.1:REPLACEMEPORT;
-              # got from https://github.com/mperham/sidekiq/issues/2560
-              proxy_set_header    Host                  $http_host;
-              proxy_set_header    X-Real-IP             $proxy_protocol_addr;
-              proxy_set_header    X-Forwarded-For       $proxy_protocol_addr;
-              proxy_set_header    X-Forwarded-Proto     https;
-        
-            }
-        }
-HEREDOC
-    end
-
-    def self.nginx_fallback_vhost
-      <<-'HEREDOC'
-      # _.conf
-      # Default server for clients who do not send correct Host header.
-      # The underline in the file name makes sure that this file comes first in the dir.
-      server {
-        server_name _;
-        listen *:80 default_server deferred;
-        return 404;
-      }
-HEREDOC
-    end
-
-    
-  end
-end