pureftpdinator 0.0.0

data/lib/pureftpdinator.rb

@@ -0,0 +1,5 @@
+require 'capistrano/setup'
+
+load 'pureftpdinator/pureftpd.rb'
+load 'pureftpdinator/config.rb'
+load 'pureftpdinator/built-in.rb'

data/lib/pureftpdinator/built-in.rb

@@ -0,0 +1,89 @@
+require 'resolv'
+set :pureftpd_config_dir,         -> { shared_path.join('pureftpd') }
+set :pureftpd_pid_file,           -> { "#{fetch(:pureftpd_config_dir)}/pure-ftpd.pid" }
+set :pureauthd_pid_file,          -> { "#{fetch(:pureftpd_config_dir)}/pure-authd.pid" }
+set :pureftpd_socket_dir,         "/tmp/pureftpd"
+set :pureauthd_socket_file,       -> { "#{fetch(:pureftpd_socket_dir)}/pure-authd.sock" }
+set :pureftpd_entrypoint,         "/usr/sbin/pure-ftpd"
+set :pureauthd_entrypoint,        "/usr/sbin/pure-authd"
+set :pureauthd_program,           -> { shared_path.join('bundle', 'bin', 'ftp_auth') }
+set :pureftpd_templates_path,     "templates/pureftpd"
+set :pureftpd_umask,              "117:007"
+set :pureftpd_internal_cert_file, "/etc/ssl/private/pure-ftpd.pem"
+set :pureftpd_external_cert_file, -> { "#{fetch(:pureftpd_config_dir)}/ssl.pem" }
+set :pureftpd_custom_vol_mounts,  -> {} # Set custom vol mounts w/o overridding methods below
+set :pureftpd_custom_env_vars,    -> {} # Set custom env vars w/o overridding methods below
+set :pureftpd_ports_options,      -> {
+  fetch(:pureftpd_connection_ports).collect do |port|
+    ["--publish", "0.0.0.0:#{port}:#{port}"]
+  end.flatten
+}
+set :pureftpd_port_range_options, -> {
+  ports = fetch(:pureftpd_passive_port_range).split(":")
+  ["--publish", "0.0.0.0:#{ports[0]}-#{ports[1]}:#{ports[0]}-#{ports[1]}"]
+}
+set :pureftpd_tls_volume_options, -> {
+  if ["1", "2", "3"].include? fetch(:pureftpd_tls_mode)
+    ["--volume", "#{fetch(:pureftpd_external_cert_file)}:#{fetch(:pureftpd_internal_cert_file)}:ro"]
+  end
+}
+
+def pureftpd_run(host)
+  warn "Starting a new container named #{fetch(:pureftpd_container_name)} on #{host}"
+  execute(
+    "docker", "run", "--tty", "--detach",
+    "--name", fetch(:pureftpd_container_name),
+    "--restart", "always",
+    "--memory", "#{fetch(:pureftpd_container_max_mem_mb)}m",
+    "--memory-swap='-1'",
+    "-e", "RAILS_ROOT=#{current_path}",
+    "--volume", "#{fetch(:deploy_to)}:#{fetch(:deploy_to)}:rw",
+    "--volume", "/home/#{fetch(:pureftpd_username)}:/home/#{fetch(:pureftpd_username)}:rw",
+    "--volume", "#{fetch(:pureftpd_socket_dir)}:#{fetch(:pureftpd_socket_dir)}:rw",
+    fetch(:pureftpd_tls_volume_options),
+    fetch(:pureftpd_custom_vol_mounts),
+    fetch(:pureftpd_custom_env_vars),
+    fetch(:pureftpd_ports_options),
+    fetch(:pureftpd_port_range_options),
+    "--entrypoint", fetch(:pureftpd_entrypoint),
+    fetch(:pureftpd_image_name),
+    "-0", "-4", "-A", "-E",
+    "-g", fetch(:pureftpd_pid_file),
+    "-G", "-k", "90",
+    "-O", "clf:#{shared_path.join('log', 'pure-ftpd.log')}",
+    "-l", "extauth:#{fetch(:pureauthd_socket_file)}",
+    "-p", fetch(:pureftpd_passive_port_range),
+    "-R", "-S", "0.0.0.0,",
+    "-P", Resolv::DNS.new(:nameserver => ['8.8.8.8', '8.8.4.4']).getaddress(fetch(:domain)).to_s,
+    "-u", "999", "-U", fetch(:pureftpd_umask),
+    "-Y", fetch(:pureftpd_tls_mode)
+  )
+end
+
+def pureauthd_run(host)
+  warn "Starting a new container named #{fetch(:pureauthd_container_name)} on #{host}"
+  execute(
+    "docker", "run", "--tty", "--detach",
+    "--name", fetch(:pureauthd_container_name),
+    "--restart", "always",
+    "--memory", "#{fetch(:pureauthd_container_max_mem_mb)}m",
+    "--memory-swap='-1'",
+    "-e", "RAILS_ROOT=#{current_path}",
+    "--workdir", current_path,
+    "--volume", "#{fetch(:deploy_to)}:#{fetch(:deploy_to)}:rw",
+    "--volume", "/home/#{fetch(:pureftpd_username)}:/home/#{fetch(:pureftpd_username)}:rw",
+    "--volume", "#{fetch(:pureftpd_socket_dir)}:#{fetch(:pureftpd_socket_dir)}:rw",
+    "--volume", "/etc/passwd:/etc/passwd:ro",
+    "--volume", "/etc/group:/etc/group:ro",
+    fetch(:pureftpd_custom_vol_mounts),
+    fetch(:pureftpd_custom_env_vars),
+    "--entrypoint", fetch(:pureauthd_entrypoint),
+    fetch(:pureftpd_image_name),
+    "--socket", fetch(:pureauthd_socket_file),
+    "--pidfile", fetch(:pureauthd_pid_file),
+    "--run", fetch(:pureauthd_program)
+    # "--uid", unix_user_get_uid(fetch(:pureftpd_username)), # won't communicate over socket unless run as root for some reason
+    # "--gid", unix_user_get_gid(fetch(:pureftpd_username))
+  )
+end
+

data/lib/pureftpdinator/config.rb

@@ -0,0 +1,96 @@
+module Capistrano
+  module TaskEnhancements
+    alias_method :pureftpd_original_default_tasks, :default_tasks
+    def default_tasks
+      pureftpd_original_default_tasks + [
+        "pureftpdinator:write_built_in",
+        "pureftpdinator:write_example_configs",
+        "pureftpdinator:write_example_configs:in_place"
+      ]
+    end
+  end
+end
+
+namespace :pureftpdinator do
+
+  set :example, "_example"
+
+  desc 'Write example config files'
+  task :write_example_configs => 'deployinator:load_settings' do
+    run_locally do
+      path = fetch(:pureftpd_templates_path)
+      execute "mkdir", "-p", "config/deploy", path
+      {
+        "examples/Capfile"                    => "Capfile#{fetch(:example)}",
+        "examples/config/deploy.rb"           => "config/deploy#{fetch(:example)}.rb",
+        "examples/config/deploy/staging.rb"   => "config/deploy/staging#{fetch(:example)}.rb",
+        "examples/Dockerfile"                 => "#{path}/Dockerfile#{fetch(:example)}",
+        "examples/ssl.crt.erb"                => "#{path}/ssl.crt#{fetch(:example)}.erb",
+        "examples/ssl.key.erb"                => "#{path}/ssl.key#{fetch(:example)}.erb"
+      }.each do |source, destination|
+        config = File.read(File.dirname(__FILE__) + "/#{source}")
+        File.open("./#{destination}", 'w') { |f| f.write(config) }
+        info "Wrote '#{destination}'"
+      end
+      unless fetch(:example).empty?
+        info(
+          "Now remove the '#{fetch(:example)}' portion of their names " +
+          "or diff with existing files and add the needed lines."
+        )
+      end
+    end
+  end
+
+  desc 'Write example config files (will overwrite any existing config files).'
+  namespace :write_example_configs do
+    task :in_place => 'deployinator:load_settings' do
+      set :example, ""
+      Rake::Task['pureftpdinator:write_example_configs'].invoke
+    end
+  end
+
+  desc 'Write a file showing the built-in overridable settings.'
+  task :write_built_in => 'deployinator:load_settings' do
+    run_locally do
+      {
+        'built-in.rb'                         => 'built-in.rb',
+      }.each do |source, destination|
+        config = File.read(File.dirname(__FILE__) + "/#{source}")
+        File.open("./#{destination}", 'w') { |f| f.write(config) }
+        info "Wrote '#{destination}'"
+      end
+      info "Now examine the file and copy-paste into your deploy.rb or <stage>.rb and customize."
+    end
+  end
+
+  # These are the only two tasks using :preexisting_ssh_user
+  namespace :deployment_user do
+    #desc "Setup or re-setup the deployment user, idempotently"
+    task :setup => 'deployinator:load_settings' do
+      on roles(:all) do |h|
+        on "#{fetch(:preexisting_ssh_user)}@#{h}" do |host|
+          as :root do
+            path = fetch(:deploy_templates_path, nil)
+            path = fetch(:pureftpd_templates_path) if path.nil?
+            deployment_user_setup(path)
+          end
+        end
+      end
+    end
+  end
+
+  task :deployment_user => 'deployinator:load_settings' do
+    on roles(:all) do |h|
+      on "#{fetch(:preexisting_ssh_user)}@#{h}" do |host|
+        as :root do
+          if unix_user_exists?(fetch(:deployment_username))
+            info "User #{fetch(:deployment_username)} already exists. You can safely re-setup the user with 'deployinator:deployment_user:setup'."
+          else
+            Rake::Task['deployinator:deployment_user:setup'].invoke
+          end
+        end
+      end
+    end
+  end
+
+end

data/lib/pureftpdinator/examples/Capfile

@@ -0,0 +1,28 @@
+# Load DSL and Setup Up Stages
+require 'capistrano/setup'
+
+# Includes default deployment tasks
+require 'capistrano/deploy'
+
+# Includes tasks from other gems included in your Gemfile
+#
+# For documentation on these, see for example:
+#
+#   https://github.com/capistrano/rvm
+#   https://github.com/capistrano/rbenv
+#   https://github.com/capistrano/chruby
+#   https://github.com/capistrano/bundler
+#   https://github.com/capistrano/rails
+#
+# require 'capistrano/rvm'
+# require 'capistrano/rbenv'
+# require 'capistrano/chruby'
+require 'capistrano/bundler'
+require 'capistrano/rails/assets'
+require 'capistrano/rails/migrations'
+
+require 'deployinator'
+require 'deployinator/jobs'
+
+# Loads custom tasks from `lib/capistrano/tasks' if you have any defined.
+Dir.glob('lib/capistrano/tasks/*.rake').each { |r| import r }

data/lib/pureftpdinator/examples/Dockerfile

@@ -0,0 +1,20 @@
+FROM snarlysodboxer/ruby-ree-1.8.7-2012.02:latest
+MAINTAINER david amick <docker@davidamick.com>
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN /bin/bash -c "apt-get update -qq && apt-get -y build-dep pure-ftpd && apt-get install -y openbsd-inetd && apt-get -y autoclean && apt-get -y autoremove"
+RUN /bin/bash -c "mkdir /tmp/pure-ftpd/ && \
+  cd /tmp/pure-ftpd/ && \
+  wget --no-check-certificate https://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.42.tar.gz && \
+  tar zxvf pure-ftpd-1.0.42.tar.gz && \
+  cd pure-ftpd-1.0.42 && \
+  ./configure --prefix /usr --exec-prefix /usr/sbin --sysconfdir=/etc/pure-ftpd \
+    CFLAGS=-DMAX_USER_LENGTH=128U \
+    --with-everything --with-privsep --with-tls --with-rfc2640 --without-capabilities && \
+  make && make install && \
+  mv src/pure-ftpd /usr/sbin/ && mv src/pure-authd /usr/sbin/ && \
+  rm /tmp/pure-ftpd -rf"
+
+ENTRYPOINT ["/bin/bash"]
+CMD ["-l"]

data/lib/pureftpdinator/examples/config/deploy.rb

@@ -0,0 +1,15 @@
+# config valid only for Capistrano 3.2.1
+lock '3.2.1'
+
+##### pureftpdinator
+### ------------------------------------------------------------------
+set :application,                     'my_app_name'
+set :preexisting_ssh_user,            ENV['USER']
+set :deployment_username,             "deployer" # user with SSH access and passwordless sudo rights
+set :ignore_permissions_dirs,         [fetch(:pureftpd_config_dir)]
+set :pureftpd_username,               "ftpuser"
+# TODO confirm 990 is the right port for TLS
+set :pureftpd_connection_ports,       ["21", "990"] # ports 21, 990, etc
+set :pureftpd_passive_port_range,     "6500:6700"
+set :pureftpd_tls_mode,               "3"
+### ------------------------------------------------------------------

data/lib/pureftpdinator/examples/config/deploy/staging.rb

@@ -0,0 +1,12 @@
+##### pureftpdinator
+### ------------------------------------------------------------------
+set  :domain,                         "my-app-staging.example.com"
+server fetch(:domain),
+  :user                               => fetch(:deployment_username),
+  :roles                              => [:app, :web, :db]
+set :pureftpd_image_name,             "snarlysodboxer/ruby-ree-1.8.7-2012.02_pure-ftpd-1.0.36:0.0.0"
+set :pureftpd_container_name,         "#{fetch(:domain)}-pure-ftpd"
+set :pureftpd_container_max_mem_mb,   "512"
+set :pureauthd_container_name,        "#{fetch(:domain)}-pure-authd"
+set :pureauthd_container_max_mem_mb,  "512"
+### ------------------------------------------------------------------

data/lib/pureftpdinator/examples/ssl.crt.erb

@@ -0,0 +1 @@
+# Remove this line and add your cert here

data/lib/pureftpdinator/examples/ssl.key.erb

@@ -0,0 +1 @@
+# Remove this line and add your key here

data/lib/pureftpdinator/pureftpd.rb

@@ -0,0 +1,164 @@
+# config valid only for Capistrano 3.2.1
+lock '3.2.1'
+
+namespace :pureftpd do
+
+  set :pureftpd_config_file_changed, false
+  desc "Setup Pure-FTPd on the host"
+  task :setup => ['deployinator:load_settings', 'pureftpdinator:deployment_user', :open_firewall, :ensure_ftp_user, :ensure_ssl_cert] do
+    on roles(:app) do |host|
+      as :root do
+        execute "mkdir", "-p", fetch(:pureftpd_socket_dir)
+        execute "chown", "#{fetch(:pureftpd_username)}:#{fetch(:pureftpd_username)}", fetch(:pureftpd_socket_dir)
+        execute "chmod", "770", fetch(:pureftpd_socket_dir)
+        name = fetch(:pureauthd_container_name)
+        unless container_exists?(name)
+          pureauthd_run(host)
+          check_stayed_running(name)
+        else
+          unless container_is_running?(name)
+            start_container(name)
+          else
+            info "#{name} is already running; we're setup!"
+          end
+        end
+        name = fetch(:pureftpd_container_name)
+        unless container_exists?(name)
+          pureftpd_run(host)
+          check_stayed_running(name)
+        else
+          unless container_is_running?(name)
+            start_container(name)
+          else
+            if fetch(:pureftpd_config_file_changed)
+              restart_container(name)
+            else
+              info "No config file changes for #{name} and it is already running; we're setup!"
+            end
+          end
+        end
+      end
+    end
+  end
+
+  desc 'Restart the PureFTPd and PureAuthd Docker containers'
+  task :restart => 'deployinator:load_settings' do
+    on roles(:app) do |host|
+      name = fetch(:pureauthd_container_name)
+      if container_exists?(name)
+        if container_is_restarting?(name) or container_is_running?(name)
+          execute("docker", "stop", name)
+        else
+          execute("docker", "start", name)
+        end
+      else
+        pureauthd_run(host)
+        check_stayed_running(name)
+      end
+      name = fetch(:pureftpd_container_name)
+      if container_exists?(name)
+        if container_is_restarting?(name) or container_is_running?(name)
+          execute("docker", "stop", name)
+        else
+          execute("docker", "start", name)
+        end
+      else
+        pureftpd_run(host)
+        check_stayed_running(name)
+      end
+    end
+  end
+
+  namespace :restart do
+    desc 'Restart PureFTPd and PureAuthd by recreating the Docker containers'
+    task :force => 'deployinator:load_settings' do
+      on roles(:app) do |host|
+        [fetch(:pureauthd_container_name), fetch(:pureftpd_container_name)].each do |name|
+          if container_exists?(name)
+            if container_is_running?(name)
+              execute("docker", "stop", name)
+            end
+            begin
+              execute("docker", "rm",   name)
+            rescue
+              sleep 5
+              begin
+                execute("docker", "rm",   name)
+              rescue
+                fatal "We were not able to remove the container #{name} for some reason. Try running 'cap <stage> deploy:restart:force' again."
+                exit
+              end
+            end
+          end
+        end
+        Rake::Task['pureftpd:restart'].invoke
+      end
+    end
+  end
+
+  task :ensure_ssl_cert => 'deployinator:load_settings' do
+    require 'erb'
+    on roles(:app) do
+      as :root do
+        cert_file = fetch(:pureftpd_external_cert_file)
+        if ["1", "2", "3"].include? fetch(:pureftpd_tls_mode)
+          execute "mkdir", "-p", fetch(:pureftpd_config_dir)
+          execute "chown", "#{fetch(:pureftpd_username)}:#{fetch(:pureftpd_username)}", fetch(:pureftpd_config_dir)
+          generated_config_file = ""
+          ["ssl.key", "ssl.crt"].each do |file|
+            template_path = File.expand_path("#{fetch(:pureftpd_templates_path)}/#{file}.erb")
+            generated_config_file += ERB.new(File.new(template_path).read).result(binding)
+          end
+          temp_file = "/tmp/temp.file"
+          upload! StringIO.new(generated_config_file), temp_file
+          unless test "diff", "-q", temp_file, cert_file
+            warn "Config file #{cert_file} on #{fetch(:domain)} is being updated."
+            execute "mv", temp_file, cert_file
+            set :pureftpd_config_file_changed, true
+          else
+            execute "rm", temp_file
+          end
+          execute "chown", "root:root", cert_file
+          execute "chmod", "600", cert_file
+        end
+      end
+    end
+  end
+
+  task :ensure_ftp_user => 'deployinator:load_settings' do
+    on roles(:app) do
+      as :root do
+        name = fetch(:pureftpd_username)
+        unless unix_user_exists?(name)
+          execute "adduser", "--disabled-password", "--gecos", "\"\"", "--shell", "/bin/false", name
+        end
+        unless fetch(:webserver_username).nil?
+          if unix_user_exists?(fetch(:webserver_username))
+            execute "usermod", "-a", "-G", fetch(:pureftpd_username), fetch(:webserver_username)
+          end
+        end
+        execute "mkdir", "-p", "/home/#{name}"
+        execute "chown", "#{name}:#{name}", "/home/#{name}"
+        execute "chmod", "755", "/home/#{name}"
+      end
+    end
+  end
+
+  task :open_firewall => 'deployinator:load_settings' do
+    on roles(:app) do
+      as :root do
+        if test "bash", "-c", "\"ufw", "status", "&>" "/dev/null\""
+          unless test("ufw", "allow", "#{fetch(:pureftpd_passive_port_range)}/tcp")
+            raise "Error opening UFW firewall range #{fetch(:pureftpd_passive_port_range)}"
+          end
+          fetch(:pureftpd_connection_ports).each do |port|
+            raise "Error opening UFW firewall port #{port}" unless test("ufw", "allow", "#{port}/tcp")
+          end
+        else
+          warn "UFW appears not to be installed, not opening the firewall"
+        end
+      end
+    end
+  end
+
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: pureftpdinator
+version: !ruby/object:Gem::Version
+  version: 0.0.0
+  prerelease: 
+platform: ruby
+authors:
+- david amick
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-02-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: capistrano
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.1
+- !ruby/object:Gem::Dependency
+  name: deployinator
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.6
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 10.3.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 10.3.2
+- !ruby/object:Gem::Dependency
+  name: sshkit
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.5.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.5.1
+description: Deploy Ruby on Rails using Capistrano and Docker
+email: davidamick@ctisolutionsinc.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/pureftpdinator.rb
+- lib/pureftpdinator/pureftpd.rb
+- lib/pureftpdinator/config.rb
+- lib/pureftpdinator/built-in.rb
+- lib/pureftpdinator/examples/Capfile
+- lib/pureftpdinator/examples/config/deploy.rb
+- lib/pureftpdinator/examples/config/deploy/staging.rb
+- lib/pureftpdinator/examples/Dockerfile
+- lib/pureftpdinator/examples/ssl.crt.erb
+- lib/pureftpdinator/examples/ssl.key.erb
+homepage: https://github.com/snarlysodboxer/pureftpdinator
+licenses:
+- GNU
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.9.3
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements:
+- Docker ~> 1.9.1
+rubyforge_project: 
+rubygems_version: 1.8.23.2
+signing_key: 
+specification_version: 3
+summary: Deploy Applications
+test_files: []
+has_rdoc: