meroku 2.0.7 → 2.0.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +15 -0
- data/frontend/app/models/app.rb +21 -5
- data/frontend/app/models/publickey.rb +1 -1
- data/frontend/app/models/user.rb +9 -0
- data/frontend/{etc_nginx_sites-available_default → etc_nginx_sites-enabled_default} +2 -2
- data/frontend/etc_nginx_sites-enabled_template +30 -0
- data/lib/meroku/cli.rb +5 -50
- data/lib/meroku/infrastructure/node.rb +18 -9
- data/lib/meroku/tunnel.rb +7 -1
- data/lib/meroku/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fe2ff13db62d348c38f0c5e092867906f34b4ea2
|
4
|
+
data.tar.gz: 86bdb03ea56d8c3f2e870dd26606eb7477829535
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 73baef2c048146816a658c9a6dbac5bf9e28f3827a685ac246f41bef2f4ac7e75f902cad6e08a0be96b977d436d8bc4acec403f989ee8715712cc1a719016243
|
7
|
+
data.tar.gz: 01156426d89e2cff0ef734707b17bf92982dc98644f88cb0990061394390c7b0a1c591b78f7177e672aa67ebf342c49dd02ca82920a1d5b317615b261fd9d2a8
|
data/README.md
CHANGED
@@ -81,6 +81,21 @@ You will need a copy of the file `.secret`. Place it at `~/.meroku/.secret`
|
|
81
81
|
$ meroku infrastructure spawn
|
82
82
|
|
83
83
|
|
84
|
+
### TODO
|
85
|
+
|
86
|
+
- Only latest stable ruby is supported at the moment
|
87
|
+
- Only latest stable rails is supported at the moment
|
88
|
+
- Only RAILS_ENV=procution is supported at the moment
|
89
|
+
- Only puma is supported at the moment
|
90
|
+
|
91
|
+
- Database
|
92
|
+
- User security / Lxc
|
93
|
+
- Nightly spawn
|
94
|
+
|
95
|
+
- respons time sanity check
|
96
|
+
- piper visual check
|
97
|
+
- some commodity apps
|
98
|
+
|
84
99
|
### To Run tests
|
85
100
|
|
86
101
|
rake
|
data/frontend/app/models/app.rb
CHANGED
@@ -4,11 +4,27 @@ class App < ApplicationRecord
|
|
4
4
|
after_commit :make_folder, on: [:create]
|
5
5
|
|
6
6
|
def make_folder
|
7
|
+
username = self.user.token
|
7
8
|
Rails.logger.debug "DB8 app.rb:def self.make_folder called"
|
8
|
-
system(%Q[sudo -u
|
9
|
-
system(%Q[sudo -u
|
10
|
-
system(%Q[sudo -u
|
11
|
-
|
12
|
-
|
9
|
+
system(%Q[sudo -u #{username} mkdir /home/#{username}/#{self.name}.git])
|
10
|
+
system(%Q[sudo -u #{username} mkdir /home/#{username}/#{self.name}])
|
11
|
+
system(%Q[sudo -u #{username} sh -c "cd /home/#{username}/#{self.name}.git; git --bare init"])
|
12
|
+
|
13
|
+
|
14
|
+
system(%Q[sudo -u #{username} sh -c "echo '#!/bin/bash
|
15
|
+
set -x
|
16
|
+
: Git hook is executing
|
17
|
+
mkdir /home/#{username}/#{self.name}
|
18
|
+
cd /home/#{username}/#{self.name}
|
19
|
+
cp /sharedro/etc_nginx_sites-enabled_template /home/#{username}/#{self.name}.conf
|
20
|
+
sed -i -e 's/REPLACEMEAPPNAME/#{self.name}/g' /home/#{username}/#{self.name}.conf
|
21
|
+
sed -i -e 's/REPLACEMEUSERNAME/#{username}/g' /home/#{username}/#{self.name}.conf
|
22
|
+
git --work-tree=/home/#{username}/#{self.name} --git-dir=/home/#{username}/#{self.name}.git checkout -f
|
23
|
+
bundle install --path vendor/bundle
|
24
|
+
RAILS_ENV=production bundle exec rake db:migrate
|
25
|
+
RAILS_ENV=production bundle exec rake assets:precompile
|
26
|
+
RAILS_ENV=production bundle exec puma -d -b unix:///home/#{username}/#{self.name}.sock
|
27
|
+
' > /home/#{username}/#{self.name}.git/hooks/post-receive"])
|
28
|
+
system(%Q[sudo -u #{username} sh -c 'chmod u+x /home/#{username}/#{self.name}.git/hooks/post-receive'])
|
13
29
|
end
|
14
30
|
end
|
@@ -8,7 +8,7 @@ class Publickey < ApplicationRecord
|
|
8
8
|
Rails.logger.debug "DB8 publickey.rb:def self.refresh called"
|
9
9
|
if Publickey.all.size > 0
|
10
10
|
File.write('/tmp/authorized_keys', Publickey.pluck(:data).join("\n") )
|
11
|
-
system("sudo -u
|
11
|
+
system("sudo -u #{self.user.token} cp /tmp/authorized_keys /home/#{self.user.token}/.ssh/authorized_keys")
|
12
12
|
File.delete('/tmp/authorized_keys')
|
13
13
|
end
|
14
14
|
end
|
data/frontend/app/models/user.rb
CHANGED
@@ -5,8 +5,17 @@ class User < ApplicationRecord
|
|
5
5
|
:recoverable, :rememberable, :trackable, :validatable
|
6
6
|
|
7
7
|
has_many :publickeys
|
8
|
+
|
9
|
+
after_commit :make_user, on: [:create]
|
8
10
|
|
9
11
|
before_save do
|
10
12
|
self.token = SecureRandom.hex if !self.token
|
11
13
|
end
|
14
|
+
|
15
|
+
def make_user
|
16
|
+
Rails.logger.debug "DB8 user.rb:.make_user() called"
|
17
|
+
system(%Q[sudo adduser --disabled-password --gecos "" #{token}])
|
18
|
+
system(%Q[sudo -u #{token} mkdir /home/#{token}/.ssh/])
|
19
|
+
system(%Q[sudo -u #{token} touch /home/#{token}/.ssh/authorized_keys])
|
20
|
+
end
|
12
21
|
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
upstream REPLACEMEAPPNAME {
|
2
|
+
# Path to Puma SOCK file, as defined previously
|
3
|
+
server unix:/home/REPLACEMEUSERNAME/REPLACEMEAPPNAME.sock fail_timeout=0;
|
4
|
+
}
|
5
|
+
|
6
|
+
server {
|
7
|
+
listen 80;
|
8
|
+
listen 443 ssl;
|
9
|
+
server_name REPLACEMEAPPNAME.meroku.com;
|
10
|
+
#ssl on;
|
11
|
+
# ssl on; tells NGINX to server ANY content through SSL.
|
12
|
+
|
13
|
+
ssl_certificate /home/ubuntu/.meroku/letsencrypt_fullchain.pem;
|
14
|
+
ssl_certificate_key /home/ubuntu/.meroku/letsencrypt_privkey.pem;
|
15
|
+
|
16
|
+
root /home/REPLACEMEUSERNAME/REPLACEMEAPPNAME/public;
|
17
|
+
|
18
|
+
try_files $uri/index.html $uri @REPLACEMEAPPNAME;
|
19
|
+
|
20
|
+
location @REPLACEMEAPPNAME {
|
21
|
+
proxy_pass http://REPLACEMEAPPNAME;
|
22
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
23
|
+
proxy_set_header Host $http_host;
|
24
|
+
proxy_redirect off;
|
25
|
+
}
|
26
|
+
|
27
|
+
error_page 500 502 503 504 /500.html;
|
28
|
+
client_max_body_size 4G;
|
29
|
+
keepalive_timeout 10;
|
30
|
+
}
|
data/lib/meroku/cli.rb
CHANGED
@@ -19,28 +19,6 @@ module Meroku
|
|
19
19
|
|
20
20
|
HEREDOC
|
21
21
|
end
|
22
|
-
|
23
|
-
#def self.start(*args)
|
24
|
-
# case args.join(" ")
|
25
|
-
# when "infrastructure spawn"
|
26
|
-
# load_secrets || exit
|
27
|
-
# node = Meroku::Infrastructure::Node.new.associate_address.install_packages.install_frontend_app
|
28
|
-
# puts "spawned #{node.instance.try(:instance_id)}"
|
29
|
-
# when "infrastructure despawn"
|
30
|
-
# load_secrets || exit
|
31
|
-
# Meroku::Infrastructure.despawn
|
32
|
-
# when "signup"
|
33
|
-
# signup
|
34
|
-
# when "keys:add"
|
35
|
-
# token_check || exit
|
36
|
-
# keys_add
|
37
|
-
# when "create"
|
38
|
-
# token_check || exit
|
39
|
-
# create
|
40
|
-
# else
|
41
|
-
# puts HELP
|
42
|
-
# end
|
43
|
-
#end
|
44
22
|
|
45
23
|
def signup
|
46
24
|
print "Email: "
|
@@ -51,7 +29,7 @@ module Meroku
|
|
51
29
|
url = "https://www.meroku.com/users.json"
|
52
30
|
response_json = RestClient.post url, {:user=>{:email => email, :password => password, :password_confirmation => password}}.to_json, timeout: 1, :content_type => :json, :accept => :json
|
53
31
|
if JSON.parse(response_json)["errors"] && JSON.parse(response_json)["errors"].size > 0
|
54
|
-
puts JSON.parse(response_json)["errors"].map{|x| x["detail"]}.join(".")
|
32
|
+
puts "error: #{JSON.parse(response_json)["errors"].map{|x| x["detail"]}.join(".")}"
|
55
33
|
else
|
56
34
|
email = JSON.parse(response_json)["data"]["attributes"]["email"]
|
57
35
|
token = JSON.parse(response_json)["data"]["attributes"]["token"]
|
@@ -75,7 +53,7 @@ module Meroku
|
|
75
53
|
response_json = RestClient.post url, {:publickey=>{:name => name, :data=>data}, :token=>session.token}.to_json, timeout: 1, :content_type => :json, :accept => :json
|
76
54
|
|
77
55
|
if JSON.parse(response_json)["errors"] && JSON.parse(response_json)["errors"].size > 0
|
78
|
-
puts JSON.parse(response_json)["errors"].map{|x| x["detail"]}.join(".")
|
56
|
+
puts "error: #{JSON.parse(response_json)["errors"].map{|x| x["detail"]}.join(".")}"
|
79
57
|
else
|
80
58
|
name = JSON.parse(response_json)["data"]["attributes"]["name"]
|
81
59
|
puts "Added #{name}"
|
@@ -93,9 +71,9 @@ module Meroku
|
|
93
71
|
name = JSON.parse(response_json)["data"]["attributes"]["name"]
|
94
72
|
puts "Created #{name}, adding git remote"
|
95
73
|
puts "git remote remove meroku"
|
96
|
-
`git remote remove meroku`
|
97
|
-
puts "git remote add meroku
|
98
|
-
`git remote add meroku
|
74
|
+
`git remote remove meroku 2>/dev/null`
|
75
|
+
puts "git remote add meroku #{token}@www.meroku.com:#{name}.git"
|
76
|
+
`git remote add meroku #{token}@www.meroku.com:#{name}.git`
|
99
77
|
end
|
100
78
|
end
|
101
79
|
|
@@ -121,29 +99,6 @@ module Meroku
|
|
121
99
|
Dotenv.load(env_file)
|
122
100
|
end
|
123
101
|
|
124
|
-
|
125
|
-
|
126
|
-
#def self.keys_add
|
127
|
-
# if !File.exist? "#{Dir.home}/.ssh/id_rsa.pub"
|
128
|
-
# puts "error: File #{Dir.home}/.ssh/id_rsa.pub not found"
|
129
|
-
# puts "You can use this command to generate a key:"
|
130
|
-
# puts " ssh-keygen -t rsa"
|
131
|
-
# return nil
|
132
|
-
# end
|
133
|
-
# name = "id_rsa.pub"
|
134
|
-
# data = `cat ~/.ssh/id_rsa.pub`.chomp
|
135
|
-
# url = "https://www.meroku.com/publickeys.json"
|
136
|
-
# token = `cat ~/.meroku/.token`.chomp
|
137
|
-
# response_json = RestClient.post url, {:publickey=>{:name => name, :data=>data}, :token=>token}.to_json, timeout: 1, :content_type => :json, :accept => :json
|
138
|
-
#
|
139
|
-
# if JSON.parse(response_json)["errors"] && JSON.parse(response_json)["errors"].size > 0
|
140
|
-
# puts JSON.parse(response_json)["errors"].map{|x| x["detail"]}.join(".")
|
141
|
-
# else
|
142
|
-
# name = JSON.parse(response_json)["data"]["attributes"]["name"]
|
143
|
-
# puts "Added #{name}"
|
144
|
-
# end
|
145
|
-
#end
|
146
|
-
|
147
102
|
end
|
148
103
|
|
149
104
|
|
@@ -56,36 +56,45 @@ module Meroku
|
|
56
56
|
@tunnel.run "curl -s -o /tmp/modified-cedar-14.sh https://raw.githubusercontent.com/oystersauce8/meroku/master/modified-cedar-14.sh"
|
57
57
|
@tunnel.run "sudo chmod 755 /tmp/modified-cedar-14.sh"
|
58
58
|
@tunnel.run "/bin/bash -lc 'sudo /tmp/modified-cedar-14.sh'"
|
59
|
-
#@tunnel.run "sudo apt-get update\;"
|
60
59
|
@tunnel.run "sudo apt-get install -y ruby2.4 ruby2.4-dev"
|
61
60
|
@tunnel.run "sudo apt-get install -y nginx libsqlite3-dev nodejs"
|
62
61
|
self
|
63
62
|
end
|
64
63
|
|
65
64
|
def tweak_configuration
|
66
|
-
|
67
|
-
|
68
|
-
|
65
|
+
#@tunnel.run 'sudo adduser --disabled-password --shell /usr/bin/git-shell --gecos "" git'
|
66
|
+
#@tunnel.run 'sudo -u git mkdir /home/git/.ssh/'
|
67
|
+
#@tunnel.run 'sudo -u git touch /home/git/.ssh/authorized_keys'
|
68
|
+
@tunnel.run 'sudo mkdir /sharedro && sudo chmod 777 /sharedro'
|
69
69
|
end
|
70
70
|
|
71
71
|
def install_frontend_app
|
72
72
|
@tunnel.run 'mkdir /home/ubuntu/.meroku'
|
73
73
|
@tunnel.run "cd ~\; git clone https://github.com/oystersauce8/meroku\;"
|
74
|
-
@tunnel.run "sudo
|
74
|
+
@tunnel.run "sudo rm -f /etc/nginx/sites-enabled/*"
|
75
|
+
@tunnel.run "sudo cp ~/meroku/frontend/etc_nginx_sites-enabled_default /etc/nginx/sites-enabled/default"
|
76
|
+
@tunnel.run 'sudo cp /home/ubuntu/meroku/frontend/etc_nginx_sites-enabled_template /sharedro'
|
77
|
+
@tunnel.run 'sudo chmod a+r /sharedro/etc_nginx_sites-enabled_template'
|
75
78
|
|
76
79
|
@tunnel.run "curl -o /home/ubuntu/.meroku/letsencrypt_fullchain.pem http://www.sam-we.com/dropbox/meroku-#{ENV['SECRET']}/letsencrypt_fullchain.pem"
|
77
80
|
@tunnel.run "curl -o /home/ubuntu/.meroku/letsencrypt_privkey.pem http://www.sam-we.com/dropbox/meroku-#{ENV['SECRET']}/letsencrypt_privkey.pem"
|
78
81
|
|
79
|
-
|
80
|
-
|
82
|
+
|
83
|
+
|
81
84
|
@tunnel.run "cd ~/meroku/frontend/\; sudo gem install bundler\; bundle\;"
|
82
85
|
@tunnel.run "(cd ~/meroku/frontend && RAILS_ENV=production bundle exec rails assets:precompile)"
|
83
86
|
|
84
87
|
@tunnel.run "(cd ~/meroku/frontend && RAILS_ENV=production bundle exec rake db:migrate)"
|
85
|
-
@tunnel.run "cd ~/meroku/frontend/\; bundle exec puma -d"
|
88
|
+
@tunnel.run "cd ~/meroku/frontend/\; bundle exec puma -d -b unix:///tmp/meroku.sock"
|
86
89
|
@tunnel.run "sudo service nginx restart"
|
87
|
-
@tunnel.run
|
90
|
+
@tunnel.run %Q[sudo sh -c 'echo "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIPWJQU+TkDu9uyVzHQcVnKklRhQvIBdXHkA/7zAQG8XuoAoGCCqGSM49\nAwEHoUQDQgAEI1lm18nECH4jH+6p80jhn8WgZRDOC1ufVVtoPUnUgEvslfV3xzWl\nDXZKof765EiCOYyt2TZ7pKClMexhHWhMtA==\n-----END EC PRIVATE KEY-----" > /etc/ssh/ssh_host_ecdsa_key']
|
91
|
+
@tunnel.run %Q[sudo sh -c 'echo "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCNZZtfJxAh+Ix/uqfNI4Z/FoGUQzgtbn1VbaD1J1IBL7JX1d8c1pQ12SqH++uRIgjmMrdk2e6SgpTHsYR1oTLQ= root@ip-172-31-64-77" > /etc/ssh/ssh_host_ecdsa_key.pub']
|
92
|
+
#@tunnel.run "cd ~/.meroku/\; curl -O http://www.sam-we.com/dropbox/meroku-#{ENV['SECRET']}/ssh_host_keys.tgz"
|
93
|
+
#@tunnel.run "cd ~/.meroku/\; sudo tar xf ssh_host_keys.tgz -C /etc/ssh/ --overwrite && sudo service ssh restart"
|
94
|
+
|
88
95
|
self
|
96
|
+
rescue
|
97
|
+
byebug
|
89
98
|
end
|
90
99
|
|
91
100
|
end
|
data/lib/meroku/tunnel.rb
CHANGED
@@ -14,6 +14,7 @@ module Meroku
|
|
14
14
|
def run(cmd)
|
15
15
|
@verbose=true
|
16
16
|
retries ||= 0
|
17
|
+
exit_code=nil
|
17
18
|
Net::SSH.start(@ip,
|
18
19
|
@username,
|
19
20
|
password: 'password',
|
@@ -21,7 +22,7 @@ module Meroku
|
|
21
22
|
verify_host_key: @verify_host_key,
|
22
23
|
timeout: 90) do |ssh|
|
23
24
|
channel = ssh.open_channel do |ch|
|
24
|
-
STDERR.print cmd
|
25
|
+
STDERR.print "#{cmd}\n"
|
25
26
|
ch.exec cmd do |ch, success|
|
26
27
|
raise "could not execute command" unless success
|
27
28
|
ch.on_data do |c, data|
|
@@ -38,11 +39,16 @@ module Meroku
|
|
38
39
|
$stderr.print "."
|
39
40
|
end
|
40
41
|
end
|
42
|
+
ch.on_request("exit-status") do |ch, data|
|
43
|
+
exit_code = data.read_long
|
44
|
+
end
|
45
|
+
|
41
46
|
ch.on_close { print "\n" }
|
42
47
|
end
|
43
48
|
end
|
44
49
|
channel.wait
|
45
50
|
end
|
51
|
+
fail "Ssh command returned non-zero" if status != 0
|
46
52
|
rescue Errno::ECONNREFUSED => e
|
47
53
|
retry if (retries += 1) < 10
|
48
54
|
end
|
data/lib/meroku/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: meroku
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sam Weerasinghe
|
@@ -363,7 +363,8 @@ files:
|
|
363
363
|
- frontend/db/migrate/20171026071440_create_publickeys.rb
|
364
364
|
- frontend/db/schema.rb
|
365
365
|
- frontend/db/seeds.rb
|
366
|
-
- frontend/etc_nginx_sites-
|
366
|
+
- frontend/etc_nginx_sites-enabled_default
|
367
|
+
- frontend/etc_nginx_sites-enabled_template
|
367
368
|
- frontend/lib/assets/.keep
|
368
369
|
- frontend/lib/tasks/.keep
|
369
370
|
- frontend/log/.keep
|