prun-ops 0.1.10 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 30e419ead8e321fe23a896a7cd149daefda36a8a
-  data.tar.gz: 2a83455e4ef99be353a03246097f8ca3419d0bfc
+  metadata.gz: 1fa149a50805a9dd853c00afe0bc120200091e9c
+  data.tar.gz: 76fb64a75dcdc544bd1e3ad3e2f4b5607737ed60
 SHA512:
-  metadata.gz: 40d0008a6afdc8c606c28f63519f1b8aee0784f178bac1f8ae84368c0c97fcc9dcb850489a07a3f4929195c54e6cacccc07c432f2f246a4408602bfb130a56fc
-  data.tar.gz: 43fa8b3dd27f16acfe039804609eae8e19ff8b63794bce76e3d500ef8bb7a08bcdc5ab927333ef4cfcccfc139c688595c3033b689f0ced0892887c0b35ba4f8d
+  metadata.gz: 8a8236ff360b1713e7c9543b759f08f913a19dd1ee34fe04e3680a560109b02c19f93619e3e9d8308cc8f94e656d468cb74c04cf6f1862454f64925944eeb05b
+  data.tar.gz: 640239f6a2d0271af6ec2b7e51da9f466f6b117584040e082cbb6c6ce139ecc19b044d6a703ec0f6011cd122821d3407e375704bee14c54a4d853696a83bf1ad

data/README.md

@@ -2,16 +2,12 @@
 
 Covers all Deployment and maintainance Operations in a Ruby on Rails Application server:
 
-1. DEPLOYMENT: Capistrano tasks to depoly your rails Apps.
+1. CONFIGURATION: Capistrano tasks to configure servers.
+1. DEPLOYMENT: Capistrano tasks to deploy your rails Apps.
 1. DIAGNOSIS: Capistrano diagnosis tools to guet your Apps status on real time.
 1. RELEASE: Rake tasks to manage and tag version number in your Apps (X.Y.Z).
 1. BACKUP: Backup policy for database and files in your Apps, using git as storage.
 
-Based on:
-
-* [PRUN Docker image](https://registry.hub.docker.com/u/jlebrijo/prun/).
-* [PRUN Chef recipe](https://github.com/jlebrijo/prun-cfg).
-
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -58,9 +54,32 @@ server "example.com", user: 'root', roles: %w{web app db}, port: 2222
 
 Note: Remember change this line in production.rb file: `config.assets.compile = true`
 
+### Configuration
+
+Main task is `cap [stg] config`
+
+Secondary tasks: 
+
+* `cap [stg] ubuntu:install` initial ubuntu dependencies
+* `cap [stg] ruby:install` install ruby on .ruby-version version
+* `cap [stg] rails:prepare` install rails dependencies
+* `cap [stg] postgres:install` install and configure postgres
+* `cap [stg] postgres:[start|stop|restart]` start/stop postgres
+* `cap [stg] nginx:install` install and configure nginx
+* `cap [stg] nginx:[start|stop|restart]` start/stop nginx
+* `cap [stg] nodejs:install` install node
+* `cap [stg] app:prepare` create init scripts
+* `cap [stg] app:db_prepare` database first load
+* `cap [stg] nginx:cert` create SSL certificates with [Let's Encrypt](https://letsencrypt.org/)
+* `cap [stg] nginx:ssl` configure nginx with SSL certificates
+
 ### Deployment
 
-* `cap [stg] deploy:cold` first time deployment with schema:load and seeds (replacing db:migrate)
+Main task is `cap [stg] deploy`
+
+Secondary tasks: 
+
+* `cap [stg] deploy:upload_linked_files` uploads configuration files defined as linked_files
 * `cap [stg] deploy` deploy your app as usual
 * `cap [stg] deploy:restart` restart thin server of this application
 * `cap [stg] deploy:stop` stop thin server
@@ -129,8 +148,6 @@ Some capistrano commands useful to connect to server and help with the problem s
 
 ### Monitoring
 
-Recommend to configure your Rails server with [PRUN Chef recipe](https://github.com/jlebrijo/prun-cfg).
-
 At this moment we are implementing [NewRelic](http://newrelic.com/) monitoring, including as dependency ['newrelic_rpm'](https://github.com/newrelic/rpm) gem. To configure yourproject you just need to create an account at [NewRelic](http://newrelic.com/)  and follow the instructions (creating a 'config/newrelic.yml file with your license_key).
 
 ### TODO: Configuration management
@@ -221,4 +238,8 @@ require 'capistrano/prun-ops'
 
 ### v0.1.6
 
-* Add `cap stage rake[db:create]` to execute a rake task in remote server.
+* Add `cap stage rake[db:create]` to execute a rake task in remote server.
+
+### v0.2.0
+
+* Configuration tasks: Add `cap stage config` and other tasks.

data/lib/capistrano/all.rake

@@ -16,23 +16,19 @@ namespace :deploy do
     end
   end
 
-  after :publishing, :restart
-
-  desc 'Deploy app for first time'
-  task :cold do
-    invoke 'deploy:starting'
-    invoke 'deploy:started'
-    invoke 'deploy:updating'
-    invoke 'bundler:install'
-    invoke 'deploy:db_reset' # This replaces deploy:migrations
-    invoke 'deploy:compile_assets'
-    invoke 'deploy:normalize_assets'
-    invoke 'deploy:publishing'
-    invoke 'deploy:published'
-    invoke 'deploy:finishing'
-    invoke 'deploy:finished'
+  task :upload_linked_files do
+    on roles :app do
+      shared = "/var/www/#{fetch :application}/shared"
+      fetch(:linked_files).each do |f|
+        execute "mkdir -p #{shared}/#{File.dirname f}"
+        upload! f, "#{shared}/#{f}"
+      end
+    end
   end
 
+  after :publishing, :upload_linked_files
+  after :publishing, :restart
+
   desc 'Create database'
   task :db_create do
     on roles(:db) do

data/lib/capistrano/config/app.rake

@@ -0,0 +1,32 @@
+namespace :app do
+
+  task :prepare do
+    on roles :web do
+      template 'app_init.sh', "/etc/init.d/#{fetch :application}"
+      execute <<-EOBLOCK
+        sudo thin config -C /etc/thin/#{fetch :application}.yml -c /var/www/#{fetch :application}/current -l log/thin.log -e #{fetch :stage} --servers 1 --port 3000
+        sudo chmod a+x /etc/init.d/#{fetch :application}
+        sudo update-rc.d #{fetch :application} defaults
+        sudo systemctl daemon-reload
+      EOBLOCK
+    end
+  end
+
+  task :db_prepare do
+    invoke 'deploy:starting'
+    invoke 'deploy:started'
+    invoke 'deploy:updating'
+    invoke 'bundler:install'
+    if Rails.application.config.respond_to? :backup_repo
+      invoke 'backup:restore'
+    else
+      invoke 'deploy:db_create'
+      invoke 'deploy:migrate'
+      invoke 'deploy:db_seed'
+    end
+  end
+
+  task :test do
+  end
+
+end

data/lib/capistrano/config/config.rake

@@ -0,0 +1,11 @@
+task :config do
+  invoke 'ubuntu:install'
+  invoke 'ruby:install'
+  invoke 'rails:prepare'
+  invoke 'postgres:install'
+  invoke 'nginx:install'
+  invoke 'nodejs:install'
+  invoke 'app:prepare'
+  invoke 'deploy:upload_linked_files'
+  invoke 'app:db_prepare'
+end

data/lib/capistrano/config/mysql.rake

@@ -0,0 +1,49 @@
+namespace :mysql do
+  task :install do
+    on roles :db do
+      not_if 'which mysql' do
+        execute <<-EOBLOCK
+          debconf-set-selections <<< 'mysql-server mysql-server/root_password password #{fetch :my_pass}'
+          debconf-set-selections <<< 'mysql-server mysql-server/root_password_again password #{fetch :my_pass}'
+          apt-get install -y mysql-server mysql-client libmysqlclient-dev
+        EOBLOCK
+      end
+
+      not_if "mysql --user='root' --password='#{fetch :my_pass}' --execute='show databases;' | grep #{fetch :application}" do
+        execute <<-EOBLOCK
+          mysql --user='root' --password='#{fetch :my_pass}' --execute='create database #{fetch :application};'
+          mysql --user='root' --password='#{fetch :my_pass}' --execute="grant all on #{fetch :application}.* to #{fetch :my_user}@'%' identified by '#{fetch :my_pass}';"
+        EOBLOCK
+      end
+
+      invoke 'mysql:restart'
+    end
+  end
+
+
+  task :test do
+    on roles :db do
+      not_if "echo ''" do
+        p 'executing ......'
+      end
+    end
+  end
+
+
+  %w(start stop restart).each do |action|
+    desc "MySQL"
+    task :"#{action}" do
+      on roles(:app) do
+        execute "sudo service mysql #{action}"
+      end
+    end
+  end
+end
+
+def not_if(command)
+  begin
+     yield unless execute command
+  rescue Exception
+    yield
+  end
+end

data/lib/capistrano/config/nginx.rake

@@ -0,0 +1,42 @@
+namespace :nginx do
+  task :install do
+    on roles :web do
+      execute 'sudo apt-get install -y nginx'
+      execute 'sed -i "s/# server_names_hash_bucket_size 64/server_names_hash_bucket_size 64/" /etc/nginx/nginx.conf'
+      template 'vhost.conf', '/etc/nginx/conf.d/vhost.conf'
+
+      invoke 'nginx:restart'
+    end
+  end
+
+  task :cert do
+    on roles(:web) do |host|
+      run_locally do
+        run_in host, <<-EOBLOCK
+          cd /usr/local/sbin
+          sudo wget https://dl.eff.org/certbot-auto
+          sudo chmod a+x /usr/local/sbin/certbot-auto
+          mkdir /var/www/#{fetch :application}/current/public/.well-known
+          sudo certbot-auto certonly -a webroot --webroot-path=/var/www/#{fetch :application}/current/public -d #{host.hostname}
+          sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
+        EOBLOCK
+      end
+    end
+  end
+
+  task :ssl do
+    on roles(:web) do |host|
+      template 'vhost_ssl.conf', '/etc/nginx/conf.d/vhost.conf'
+      invoke 'nginx:restart'
+    end
+  end
+
+  %w(start stop restart status).each do |action|
+    desc "Nginx"
+    task :"#{action}" do
+      on roles(:app) do
+        execute "sudo service nginx #{action}"
+      end
+    end
+  end
+end

data/lib/capistrano/config/nodejs.rake

@@ -0,0 +1,14 @@
+namespace :nodejs do
+  task :install do
+    on roles :app do
+      execute 'curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash'
+      #sed -i "s/[ -z "$PS1" ] && return/# [ -z "$PS1" ] && return/g" /root/.bashrc
+      execute <<-EOBLOCK
+        export NVM_DIR="$HOME/.nvm"
+        [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
+        nvm install node
+        npm install -g bower
+      EOBLOCK
+    end
+  end
+end

data/lib/capistrano/config/postgres.rake

@@ -0,0 +1,42 @@
+namespace :postgres do
+  task :install do
+    stage = fetch(:stage).to_s
+    config   = Rails.configuration.database_configuration
+    version = config[stage]["version"]
+    username = config[stage]["username"]
+    password = config[stage]["password"]
+
+    on roles :db do
+      execute <<-EOBLOCK
+        sudo add-apt-repository "deb http://apt.postgresql.org/pub/repos/apt/ xenial-pgdg main"
+        wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
+        sudo apt-get update
+        export LANGUAGE=en_US.UTF-8
+        sudo apt-get -y install postgresql-#{version} libpq-dev
+      EOBLOCK
+
+      execute <<-EOBLOCK
+        sudo sed -i "s/#listen_addresses = 'localhost'/listen_addresses = 'localhost'/" /etc/postgresql/#{version}/main/postgresql.conf
+        sudo sed -i "s/local   all             all                                     peer/local   all             all                                     md5/" /etc/postgresql/#{version}/main/pg_hba.conf
+        sudo sed -i "s/ssl = true/ssl = false/" /etc/postgresql/#{version}/main/postgresql.conf
+        sudo service postgresql restart
+      EOBLOCK
+
+      ## Rewrite postgres password:
+      execute <<-EOBLOCK
+        sudo -u postgres psql -c "ALTER USER #{username} WITH PASSWORD '#{password}';"
+      EOBLOCK
+
+      invoke 'postgres:restart'
+    end
+  end
+
+  %w(start stop restart).each do |action|
+    desc "PostgreSQL"
+    task :"#{action}" do
+      on roles(:app) do
+        execute "sudo service postgresql #{action}"
+      end
+    end
+  end
+end

data/lib/capistrano/config/rails.rake

@@ -0,0 +1,15 @@
+namespace :rails do
+  task :prepare do
+    on roles :app do
+      execute <<-EOBLOCK
+        echo gem: --no-ri --no-rdoc > /root/.gemrc
+        gem install bundler
+        gem install rack -v 1.6.0
+        gem install thin -v 1.6.3
+        thin install
+        /usr/sbin/update-rc.d -f thin defaults
+      EOBLOCK
+      execute 'apt-get install -y imagemagick libmagickwand-dev'
+    end
+  end
+end

data/lib/capistrano/config/ruby.rake

@@ -0,0 +1,12 @@
+namespace :ruby do
+  task :install do
+    ruby_version = File.read('.ruby-version').strip[/\Aruby-(.*)\.\d\Z/,1]
+    on roles :app do
+      execute <<-EOBLOCK
+        sudo apt-add-repository -y ppa:brightbox/ruby-ng
+        apt-get update
+        sudo apt-get install -y ruby#{ruby_version} ruby#{ruby_version}-dev
+      EOBLOCK
+    end
+  end
+end

data/lib/capistrano/config/templates/app_init.sh.erb

@@ -0,0 +1,27 @@
+#!/bin/sh
+# Starts and stops $APP
+# Adding a Service to Default runlevels
+#     update-rc.d $APP defaults
+#
+
+APP=<%= fetch :application%>
+ENV=<%= fetch :stage%>
+
+case "$1" in
+start)
+  cd /var/www/$APP/current && RAILS_ENV=$ENV bundle exec thin start -C /etc/thin/$APP.yml
+;;
+
+stop)
+  cd /var/www/$APP/current && RAILS_ENV=$ENV bundle exec thin stop -C /etc/thin/$APP.yml
+;;
+
+restart)
+  $0 stop
+  $0 start
+;;
+
+*)
+        echo "Usage: $0 {start|stop|restart|status}"
+        exit 1
+esac

data/lib/capistrano/config/templates/vhost.conf.erb

@@ -0,0 +1,26 @@
+upstream <%= fetch :application%> {
+  server     localhost:3000;
+}
+
+
+server {
+  server_name <%= host.hostname %>;
+  root /var/www/<%= fetch :application%>/current/public;
+
+  location @<%= fetch :application%> {
+    proxy_pass          http://<%= fetch :application%>;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_read_timeout  90;
+  }
+  location / {
+    try_files  $uri  @<%= fetch :application%> ;
+    index  index.html index.htm index.php;
+  }
+  location /status {
+    stub_status on;
+    allow all;
+  }
+
+}

data/lib/capistrano/config/templates/vhost_ssl.conf.erb

@@ -0,0 +1,47 @@
+upstream <%= fetch :application%> {
+  server     localhost:3000;
+}
+
+
+server {
+  listen 443 ssl;
+  server_name <%= host.hostname %>;
+  root /var/www/<%= fetch :application%>/current/public;
+
+  ssl_certificate /etc/letsencrypt/live/<%= host.hostname %>/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/<%= host.hostname %>/privkey.pem;
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_prefer_server_ciphers on;
+  ssl_dhparam /etc/ssl/certs/dhparam.pem;
+  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+  ssl_session_timeout 1d;
+  ssl_session_cache shared:SSL:50m;
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  add_header Strict-Transport-Security max-age=15768000;
+
+  location @<%= fetch :application%> {
+    proxy_pass          http://<%= fetch :application%>;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_read_timeout  90;
+  }
+  location / {
+    try_files  $uri  @<%= fetch :application%> ;
+    index  index.html index.htm index.php;
+  }
+  location /status {
+    stub_status on;
+    allow all;
+  }
+  location ~ /.well-known {
+    allow all;
+  }
+}
+
+server {
+  listen 80;
+  server_name <%= host.hostname %>;
+  return 301 https://$host$request_uri;
+}

data/lib/capistrano/config/ubuntu.rake

@@ -0,0 +1,15 @@
+namespace :ubuntu do
+  task :install do
+    on roles :app do
+      execute 'apt-get -y update'
+      # Pre-requirements
+      execute <<-EOBLOCK
+        apt-get install -y git build-essential libsqlite3-dev libssl-dev gawk g++ vim
+        apt-get install -y libreadline6-dev libyaml-dev sqlite3 autoconf libgdbm-dev
+        apt-get install -y libcurl3 libcurl3-gnutls libcurl4-openssl-dev 
+        apt-get install -y libncurses5-dev automake libtool bison pkg-config libffi-dev
+        apt-get install -y software-properties-common
+      EOBLOCK
+    end
+  end
+end

data/lib/capistrano/prun-ops.rb

@@ -1 +1,10 @@
-Dir.glob("#{File.dirname(__FILE__)}/*.rake").each { |r| load r }
+Dir.glob("#{File.dirname(__FILE__)}/*.rake").each { |r| load r }
+Dir.glob("#{File.dirname(__FILE__)}/config/*.rake").each { |r| load r }
+
+## Common libraries
+def template(template_name, target_path)
+  file = File.read("#{File.dirname(__FILE__)}/config/templates/#{template_name}.erb")
+  template = ERB.new file, nil, "%"
+  rendered = template.result(binding)
+  upload! StringIO.new(rendered), target_path
+end

data/lib/prun-ops/version.rb

@@ -1,3 +1,3 @@
 module PrunOps
-  VERSION = "0.1.10"
+  VERSION = "0.2.0"
 end

data/prun-ops.gemspec

@@ -20,7 +20,8 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 1.6"
   spec.add_development_dependency "rake", "~> 10.0"
 
-  spec.add_runtime_dependency "capistrano-rails"
-  spec.add_runtime_dependency "thin"
-  spec.add_runtime_dependency "newrelic_rpm"
+  spec.add_runtime_dependency 'capistrano', '~> 3.8'
+  spec.add_runtime_dependency 'capistrano-rails'
+  spec.add_runtime_dependency 'thin'
+  spec.add_runtime_dependency 'newrelic_rpm'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: prun-ops
 version: !ruby/object:Gem::Version
-  version: 0.1.10
+  version: 0.2.0
 platform: ruby
 authors:
 - Juan Lebrijo
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-12-05 00:00:00.000000000 Z
+date: 2018-01-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -38,6 +38,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: capistrano
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
 - !ruby/object:Gem::Dependency
   name: capistrano-rails
   requirement: !ruby/object:Gem::Requirement
@@ -96,6 +110,18 @@ files:
 - Rakefile
 - lib/capistrano/all.rake
 - lib/capistrano/backup.rake
+- lib/capistrano/config/app.rake
+- lib/capistrano/config/config.rake
+- lib/capistrano/config/mysql.rake
+- lib/capistrano/config/nginx.rake
+- lib/capistrano/config/nodejs.rake
+- lib/capistrano/config/postgres.rake
+- lib/capistrano/config/rails.rake
+- lib/capistrano/config/ruby.rake
+- lib/capistrano/config/templates/app_init.sh.erb
+- lib/capistrano/config/templates/vhost.conf.erb
+- lib/capistrano/config/templates/vhost_ssl.conf.erb
+- lib/capistrano/config/ubuntu.rake
 - lib/capistrano/diagnosis.rake
 - lib/capistrano/git.rake
 - lib/capistrano/prun-ops.rb