meroku 2.0.7 → 2.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f67ea494901ff03ff51bede417f1269e2215c0e8
-  data.tar.gz: d6eaaf98f0f314deab15cc140c805f58cf6ffe93
+  metadata.gz: fe2ff13db62d348c38f0c5e092867906f34b4ea2
+  data.tar.gz: 86bdb03ea56d8c3f2e870dd26606eb7477829535
 SHA512:
-  metadata.gz: 93e3d0825153b345d1ec5e75396ae7fc9f27d892fcb72ab850feedfd939876c2c955411dcce2a72f0a161e9f53044344921671f57b9410aa5f55765268226fa2
-  data.tar.gz: e2a9019885ab475d82f05398ffad6919abb433429f98c12cfec95bb79943d4a66bc8be6cbaea6f88356c3d36a67631348475591f3c1edeea40d13e4568f84d76
+  metadata.gz: 73baef2c048146816a658c9a6dbac5bf9e28f3827a685ac246f41bef2f4ac7e75f902cad6e08a0be96b977d436d8bc4acec403f989ee8715712cc1a719016243
+  data.tar.gz: 01156426d89e2cff0ef734707b17bf92982dc98644f88cb0990061394390c7b0a1c591b78f7177e672aa67ebf342c49dd02ca82920a1d5b317615b261fd9d2a8

data/README.md

@@ -81,6 +81,21 @@ You will need a copy of the file `.secret`. Place it at `~/.meroku/.secret`
     $ meroku infrastructure spawn
 
 
+### TODO
+
+    - Only latest stable ruby is supported at the moment
+    - Only latest stable rails is supported at the moment
+    - Only RAILS_ENV=procution is supported at the moment
+    - Only puma is supported at the moment
+
+    - Database
+    - User security / Lxc
+    - Nightly spawn
+
+    - respons time sanity check
+    - piper visual check
+    - some commodity apps
+
 ### To Run tests
 
     rake

data/frontend/app/models/app.rb

@@ -4,11 +4,27 @@ class App < ApplicationRecord
   after_commit :make_folder, on: [:create]
 
   def make_folder
+    username = self.user.token
     Rails.logger.debug "DB8 app.rb:def self.make_folder called"    
-    system(%Q[sudo -u git mkdir /home/git/#{self.name}.git])
-    system(%Q[sudo -u git sh -c "cd /home/git/#{self.name}.git; git --bare init"])
-    system(%Q[sudo -u git sh -c "echo '#!/bin/bash' >> /home/git/#{self.name}.git/hooks/post-receive"])
-    system(%Q[sudo -u git sh -c 'echo "echo abc123499999999999999999999999999999" >> /home/git/#{self.name}.git/hooks/post-receive'])
-    system(%Q[sudo -u git sh -c 'sudo chmod +x /home/git/#{self.name}.git/hooks/post-receive'])
+    system(%Q[sudo -u #{username} mkdir /home/#{username}/#{self.name}.git])
+    system(%Q[sudo -u #{username} mkdir /home/#{username}/#{self.name}])
+    system(%Q[sudo -u #{username} sh -c "cd /home/#{username}/#{self.name}.git; git --bare init"])
+
+
+    system(%Q[sudo -u #{username} sh -c "echo '#!/bin/bash
+set -x
+: Git hook is executing
+mkdir /home/#{username}/#{self.name}
+cd /home/#{username}/#{self.name}
+cp /sharedro/etc_nginx_sites-enabled_template /home/#{username}/#{self.name}.conf
+sed -i -e 's/REPLACEMEAPPNAME/#{self.name}/g' /home/#{username}/#{self.name}.conf
+sed -i -e 's/REPLACEMEUSERNAME/#{username}/g' /home/#{username}/#{self.name}.conf
+git --work-tree=/home/#{username}/#{self.name} --git-dir=/home/#{username}/#{self.name}.git checkout -f
+bundle install --path vendor/bundle
+RAILS_ENV=production bundle exec rake db:migrate
+RAILS_ENV=production bundle exec rake assets:precompile
+RAILS_ENV=production bundle exec puma -d -b unix:///home/#{username}/#{self.name}.sock
+' > /home/#{username}/#{self.name}.git/hooks/post-receive"])
+    system(%Q[sudo -u #{username} sh -c 'chmod u+x /home/#{username}/#{self.name}.git/hooks/post-receive'])
   end
 end

data/frontend/app/models/publickey.rb

@@ -8,7 +8,7 @@ class Publickey < ApplicationRecord
     Rails.logger.debug "DB8 publickey.rb:def self.refresh called"
     if Publickey.all.size > 0
       File.write('/tmp/authorized_keys', Publickey.pluck(:data).join("\n") )
-      system("sudo -u git cp /tmp/authorized_keys /home/git/.ssh/authorized_keys")
+      system("sudo -u #{self.user.token} cp /tmp/authorized_keys /home/#{self.user.token}/.ssh/authorized_keys")
       File.delete('/tmp/authorized_keys')
     end
   end

data/frontend/app/models/user.rb

@@ -5,8 +5,17 @@ class User < ApplicationRecord
          :recoverable, :rememberable, :trackable, :validatable
 
   has_many :publickeys
+
+  after_commit :make_user, on: [:create]
   
   before_save do
     self.token = SecureRandom.hex if !self.token
   end
+
+  def make_user
+    Rails.logger.debug "DB8 user.rb:.make_user() called"
+    system(%Q[sudo adduser --disabled-password  --gecos "" #{token}])
+    system(%Q[sudo -u #{token} mkdir /home/#{token}/.ssh/])
+    system(%Q[sudo -u #{token} touch /home/#{token}/.ssh/authorized_keys])
+  end
 end

data/frontend/{etc_nginx_sites-available_default → etc_nginx_sites-enabled_default}

@@ -1,7 +1,7 @@
 upstream app {
     # Path to Puma SOCK file, as defined previously
-    #server unix:/tmp/sockets/puma.sock fail_timeout=0;
-    server 127.0.0.1:3000;
+    server unix:/tmp/meroku.sock fail_timeout=0;
+    #server 127.0.0.1:3000;
 }
 
 server {

data/frontend/etc_nginx_sites-enabled_template

@@ -0,0 +1,30 @@
+upstream REPLACEMEAPPNAME {
+    # Path to Puma SOCK file, as defined previously
+    server unix:/home/REPLACEMEUSERNAME/REPLACEMEAPPNAME.sock fail_timeout=0;
+}
+
+server {
+    listen 80;
+    listen 443 ssl;
+    server_name REPLACEMEAPPNAME.meroku.com;
+    #ssl on;
+    # ssl on; tells NGINX to server ANY content through SSL.
+
+    ssl_certificate /home/ubuntu/.meroku/letsencrypt_fullchain.pem;
+    ssl_certificate_key /home/ubuntu/.meroku/letsencrypt_privkey.pem;
+
+    root /home/REPLACEMEUSERNAME/REPLACEMEAPPNAME/public;
+
+    try_files $uri/index.html $uri @REPLACEMEAPPNAME;
+
+    location @REPLACEMEAPPNAME {
+        proxy_pass http://REPLACEMEAPPNAME;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $http_host;
+        proxy_redirect off;
+    }
+
+    error_page 500 502 503 504 /500.html;
+    client_max_body_size 4G;
+    keepalive_timeout 10;
+}

data/lib/meroku/cli.rb

@@ -19,28 +19,6 @@ module Meroku
   
       HEREDOC
     end
-    
-    #def self.start(*args)
-    #  case args.join(" ")
-    #    when "infrastructure spawn"
-    #      load_secrets || exit
-    #      node = Meroku::Infrastructure::Node.new.associate_address.install_packages.install_frontend_app
-    #      puts "spawned #{node.instance.try(:instance_id)}"
-    #    when "infrastructure despawn"
-    #      load_secrets || exit
-    #      Meroku::Infrastructure.despawn
-    #    when "signup"
-    #      signup
-    #    when "keys:add"
-    #      token_check || exit
-    #      keys_add
-    #    when "create"
-    #      token_check || exit
-    #      create
-    #    else
-    #      puts HELP
-    #  end      
-    #end
 
     def signup
       print "Email: "
@@ -51,7 +29,7 @@ module Meroku
       url = "https://www.meroku.com/users.json"
       response_json = RestClient.post url, {:user=>{:email => email, :password => password, :password_confirmation => password}}.to_json, timeout: 1, :content_type => :json, :accept => :json
       if JSON.parse(response_json)["errors"] && JSON.parse(response_json)["errors"].size > 0
-        puts JSON.parse(response_json)["errors"].map{|x| x["detail"]}.join(".")
+        puts "error: #{JSON.parse(response_json)["errors"].map{|x| x["detail"]}.join(".")}"
       else
         email = JSON.parse(response_json)["data"]["attributes"]["email"]
         token = JSON.parse(response_json)["data"]["attributes"]["token"]
@@ -75,7 +53,7 @@ module Meroku
       response_json = RestClient.post url, {:publickey=>{:name => name, :data=>data}, :token=>session.token}.to_json, timeout: 1, :content_type => :json, :accept => :json
     
       if JSON.parse(response_json)["errors"] && JSON.parse(response_json)["errors"].size > 0
-        puts JSON.parse(response_json)["errors"].map{|x| x["detail"]}.join(".")
+        puts "error: #{JSON.parse(response_json)["errors"].map{|x| x["detail"]}.join(".")}"
       else
         name = JSON.parse(response_json)["data"]["attributes"]["name"]
         puts "Added #{name}"
@@ -93,9 +71,9 @@ module Meroku
         name = JSON.parse(response_json)["data"]["attributes"]["name"]
         puts "Created #{name}, adding git remote"
         puts "git remote remove meroku"
-        `git remote remove meroku`
-        puts "git remote add meroku git@www.meroku.com:#{name}.git"
-        `git remote add meroku git@www.meroku.com:#{name}.git`
+        `git remote remove meroku 2>/dev/null`
+        puts "git remote add meroku #{token}@www.meroku.com:#{name}.git"
+        `git remote add meroku #{token}@www.meroku.com:#{name}.git`
       end
     end
 
@@ -121,29 +99,6 @@ module Meroku
       Dotenv.load(env_file)
     end
 
-
-
-    #def self.keys_add
-    #  if !File.exist? "#{Dir.home}/.ssh/id_rsa.pub"
-    #    puts "error: File #{Dir.home}/.ssh/id_rsa.pub not found"
-    #    puts "You can use this command to generate a key:"
-    #    puts "    ssh-keygen -t rsa"
-    #    return nil
-    #  end
-    #  name = "id_rsa.pub"
-    #  data = `cat ~/.ssh/id_rsa.pub`.chomp
-    #  url = "https://www.meroku.com/publickeys.json"
-    #  token = `cat ~/.meroku/.token`.chomp
-    #  response_json = RestClient.post url, {:publickey=>{:name => name, :data=>data}, :token=>token}.to_json, timeout: 1, :content_type => :json, :accept => :json
-    #
-    #  if JSON.parse(response_json)["errors"] && JSON.parse(response_json)["errors"].size > 0
-    #    puts JSON.parse(response_json)["errors"].map{|x| x["detail"]}.join(".")
-    #  else
-    #    name = JSON.parse(response_json)["data"]["attributes"]["name"]
-    #    puts "Added #{name}"
-    #  end
-    #end
-
   end
 
 

data/lib/meroku/infrastructure/node.rb

@@ -56,36 +56,45 @@ module Meroku
         @tunnel.run "curl -s -o /tmp/modified-cedar-14.sh https://raw.githubusercontent.com/oystersauce8/meroku/master/modified-cedar-14.sh"
         @tunnel.run "sudo chmod 755 /tmp/modified-cedar-14.sh"
         @tunnel.run "/bin/bash -lc 'sudo /tmp/modified-cedar-14.sh'"
-        #@tunnel.run "sudo apt-get update\;"
         @tunnel.run "sudo apt-get install -y ruby2.4 ruby2.4-dev"
         @tunnel.run "sudo apt-get install -y nginx libsqlite3-dev nodejs"
         self
       end
 
       def tweak_configuration
-        @tunnel.run 'sudo adduser --disabled-password --gecos "" git'
-        @tunnel.run 'sudo -u git mkdir /home/git/.ssh/'
-        @tunnel.run 'sudo -u git touch /home/git/.ssh/authorized_keys'
+        #@tunnel.run 'sudo adduser --disabled-password --shell /usr/bin/git-shell --gecos "" git'
+        #@tunnel.run 'sudo -u git mkdir /home/git/.ssh/'
+        #@tunnel.run 'sudo -u git touch /home/git/.ssh/authorized_keys'
+        @tunnel.run 'sudo mkdir /sharedro && sudo chmod 777 /sharedro'
       end
       
       def install_frontend_app
         @tunnel.run 'mkdir /home/ubuntu/.meroku'
         @tunnel.run "cd ~\; git clone https://github.com/oystersauce8/meroku\;"
-        @tunnel.run "sudo cp ~/meroku/frontend/etc_nginx_sites-available_default /etc/nginx/sites-available/default"
+        @tunnel.run "sudo rm -f /etc/nginx/sites-enabled/*"
+        @tunnel.run "sudo cp ~/meroku/frontend/etc_nginx_sites-enabled_default /etc/nginx/sites-enabled/default"
+        @tunnel.run 'sudo cp /home/ubuntu/meroku/frontend/etc_nginx_sites-enabled_template /sharedro'
+        @tunnel.run 'sudo chmod a+r /sharedro/etc_nginx_sites-enabled_template'
 
         @tunnel.run "curl -o /home/ubuntu/.meroku/letsencrypt_fullchain.pem http://www.sam-we.com/dropbox/meroku-#{ENV['SECRET']}/letsencrypt_fullchain.pem"
         @tunnel.run "curl -o /home/ubuntu/.meroku/letsencrypt_privkey.pem http://www.sam-we.com/dropbox/meroku-#{ENV['SECRET']}/letsencrypt_privkey.pem"
 
-        @tunnel.run "cd ~/.meroku/\; curl -O http://www.sam-we.com/dropbox/meroku-#{ENV['SECRET']}/ssh_host_keys.tgz"
-        #@tunnel.run "cd ~/.meroku/\; sudo tar xf ssh_host_keys.tgz -C /etc/ssh/ --overwrite"
+
+
         @tunnel.run "cd ~/meroku/frontend/\; sudo gem install bundler\; bundle\;"
         @tunnel.run "(cd ~/meroku/frontend && RAILS_ENV=production bundle exec rails assets:precompile)"
 
         @tunnel.run "(cd ~/meroku/frontend && RAILS_ENV=production bundle exec rake db:migrate)"
-        @tunnel.run "cd ~/meroku/frontend/\; bundle exec puma -d"
+        @tunnel.run "cd ~/meroku/frontend/\; bundle exec puma -d -b unix:///tmp/meroku.sock"
         @tunnel.run "sudo service nginx restart"
-        @tunnel.run "sudo service ssh restart"
+        @tunnel.run %Q[sudo sh -c 'echo "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIPWJQU+TkDu9uyVzHQcVnKklRhQvIBdXHkA/7zAQG8XuoAoGCCqGSM49\nAwEHoUQDQgAEI1lm18nECH4jH+6p80jhn8WgZRDOC1ufVVtoPUnUgEvslfV3xzWl\nDXZKof765EiCOYyt2TZ7pKClMexhHWhMtA==\n-----END EC PRIVATE KEY-----" > /etc/ssh/ssh_host_ecdsa_key']
+        @tunnel.run %Q[sudo sh -c 'echo "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCNZZtfJxAh+Ix/uqfNI4Z/FoGUQzgtbn1VbaD1J1IBL7JX1d8c1pQ12SqH++uRIgjmMrdk2e6SgpTHsYR1oTLQ= root@ip-172-31-64-77" > /etc/ssh/ssh_host_ecdsa_key.pub']
+        #@tunnel.run "cd ~/.meroku/\; curl -O http://www.sam-we.com/dropbox/meroku-#{ENV['SECRET']}/ssh_host_keys.tgz"
+        #@tunnel.run "cd ~/.meroku/\; sudo tar xf ssh_host_keys.tgz -C /etc/ssh/ --overwrite && sudo service ssh restart"
+
         self
+      rescue
+        byebug
       end
 
     end

data/lib/meroku/tunnel.rb

@@ -14,6 +14,7 @@ module Meroku
     def run(cmd)
       @verbose=true
       retries ||= 0
+      exit_code=nil
       Net::SSH.start(@ip,
                      @username,
                      password: 'password',
@@ -21,7 +22,7 @@ module Meroku
                      verify_host_key: @verify_host_key,
                      timeout: 90) do |ssh|
         channel = ssh.open_channel do |ch|
-          STDERR.print cmd
+          STDERR.print "#{cmd}\n"
           ch.exec cmd do |ch, success|
             raise "could not execute command" unless success
             ch.on_data do |c, data|
@@ -38,11 +39,16 @@ module Meroku
                 $stderr.print "."
               end
             end
+            ch.on_request("exit-status") do |ch, data|
+              exit_code = data.read_long
+            end
+
             ch.on_close { print "\n" }
           end
         end
         channel.wait
       end
+      fail "Ssh command returned non-zero" if status != 0
     rescue Errno::ECONNREFUSED => e
       retry if (retries += 1) < 10
     end

data/lib/meroku/version.rb

@@ -1,3 +1,3 @@
 module Meroku
-  VERSION = "2.0.7"
+  VERSION = "2.0.8"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: meroku
 version: !ruby/object:Gem::Version
-  version: 2.0.7
+  version: 2.0.8
 platform: ruby
 authors:
 - Sam Weerasinghe
@@ -363,7 +363,8 @@ files:
 - frontend/db/migrate/20171026071440_create_publickeys.rb
 - frontend/db/schema.rb
 - frontend/db/seeds.rb
-- frontend/etc_nginx_sites-available_default
+- frontend/etc_nginx_sites-enabled_default
+- frontend/etc_nginx_sites-enabled_template
 - frontend/lib/assets/.keep
 - frontend/lib/tasks/.keep
 - frontend/log/.keep