pvcglue 0.1.5

data/lib/pvcglue/railtie.rb

@@ -0,0 +1,11 @@
+require 'pvcglue'
+require 'rails'
+module Pvcglue
+  class Railtie < Rails::Railtie
+    railtie_name :pvcglue
+
+    rake_tasks do
+      load "tasks/pvc_db_utils.rake"
+    end
+  end
+end

data/lib/pvcglue/ssl.rb

@@ -0,0 +1,37 @@
+module Pvcglue
+  class Ssl < Thor
+
+    desc "csr", "create new csr"
+
+    def csr
+      name = Pvcglue.cloud.app_and_stage_name
+      system("openssl req -new -newkey rsa:2048 -nodes -keyout #{name}.key -out #{name}.csr")
+    end
+
+
+    desc "import", "import .key or .crt or both if no extension given (.crt must be 'prepared' for nginx)"
+
+    def import(file_name)
+      cloud_data = Pvcglue.cloud.data
+
+      ext = File.extname(file_name)
+
+      case ext
+      when ".crt", ".key"
+        cloud_data[Pvcglue.cloud.app_name][:stages][Pvcglue.cloud.stage_name]["ssl_#{ext[1..-1]}"] = File.read(file_name)
+      when ""
+        cloud_data[Pvcglue.cloud.app_name][:stages][Pvcglue.cloud.stage_name]["ssl_key"] = File.read("#{file_name}.key")
+        cloud_data[Pvcglue.cloud.app_name][:stages][Pvcglue.cloud.stage_name]["ssl_crt"] = File.read("#{file_name}.crt")
+      else
+        raise(Thor::Error, "Unknown file extension:  #{ext}.")
+      end
+
+      # File.write(::Pvcglue.cloud.local_file_name, TOML.dump(cloud_data))
+      File.write(::Pvcglue.cloud.local_file_name, TOML::PvcDumper.new(cloud_data).toml_str)
+
+      Pvcglue::Manager.push_configuration
+    end
+
+
+  end
+end

data/lib/pvcglue/templates/20auto-upgrades.erb

@@ -0,0 +1,2 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";

data/lib/pvcglue/templates/authorized_keys.erb

@@ -0,0 +1,3 @@
+<% Pvcglue.cloud.authorized_keys.each do |_, ssh_key| %>
+<%= "#{ssh_key}\n" %>
+<% end %>

data/lib/pvcglue/templates/capfile.erb

@@ -0,0 +1,20 @@
+# This is a generated file.  Do not modify...or else!  :)
+
+# Load DSL and Setup Up Stages
+require 'capistrano/setup'
+
+# Includes default deployment tasks
+require 'capistrano/deploy'
+
+require 'capistrano/rvm'
+set :rvm_type, :user
+
+require 'capistrano/bundler'
+require 'capistrano/rails/assets'
+require 'capistrano/rails/migrations'
+<% if Pvcglue.cloud.gems[:whenever] %>
+require 'whenever/capistrano'
+<% end %>
+
+# Loads custom tasks from `lib/capistrano/tasks' if you have any defined.
+Dir.glob('lib/capistrano/tasks/*.cap').each { |r| import r }

data/lib/pvcglue/templates/database.yml.erb

@@ -0,0 +1,57 @@
+# This is a generated file.  Do not modify...or else!  :)
+#
+# Add your username and password to your `.bash_profile` or equivalent, if needed.
+# (If you don't need a username or password locally for postgresql, you can skip this.)
+#
+# Example
+#  export DB_USER_POSTGRES_USERNAME=andrew
+#  export DB_USER_POSTGRES_PASSWORD=andrew
+#
+# Note:  This will use (or create) a new database for each branch in the project.
+#        Just run `rake db:rebuild` after creating or switching to a new branch.
+#        After that you won't need to rebuild the db when switching branches!  :)
+#
+#  You can disable this with the following if you think this is a bug, instead of a feature. ;)
+#
+#  export DB_USER_POSTGRES_DISABLE_BRANCHES=true
+
+server_common: &default_settings
+  adapter:  postgresql
+  encoding: utf8
+  username: <%= %{<%= ENV['DB_USER_POSTGRES_USERNAME'] %}+'>' %>
+  password: <%= %{<%= ENV['DB_USER_POSTGRES_PASSWORD'] %}+'>' %>
+  host:     <%= %{<%= ENV['DB_USER_POSTGRES_HOST'] || 'localhost' %}+'>' %>
+  port:     <%= %{<%= ENV['DB_USER_POSTGRES_PORT'] || '5432' %}+'>' %>
+
+development:
+  <<: *default_settings
+  database: <%= %{<%= ['#{Pvcglue.cloud.app_name}_dev', ENV['DB_USER_POSTGRES_DISABLE_BRANCHES'] == 'true' ? nil : `git rev-parse --abbrev-ref HEAD`.strip].compact.join('_').downcase %}+'>' %>
+
+test:
+  <<: *default_settings
+  database: <%= %{<%= ['#{Pvcglue.cloud.app_name}_test', ENV['DB_USER_POSTGRES_DISABLE_BRANCHES'] == 'true' ? nil : `git rev-parse --abbrev-ref HEAD`.strip].compact.join('_').downcase %}+'>' %>
+
+
+alpha:
+  <<: *default_settings
+  database: <%= Pvcglue.cloud.app_name + '_alpha' %>
+
+beta:
+  <<: *default_settings
+  database: <%= Pvcglue.cloud.app_name + '_beta' %>
+
+gamma:
+  <<: *default_settings
+  database: <%= Pvcglue.cloud.app_name + '_gamma' %>
+
+delta:
+  <<: *default_settings
+  database: <%= Pvcglue.cloud.app_name + '_delta' %>
+
+preview:
+  <<: *default_settings
+  database: <%= Pvcglue.cloud.app_name + '_preview' %>
+
+production:
+  <<: *default_settings
+  database: <%= Pvcglue.cloud.app_name + '_production' %>

data/lib/pvcglue/templates/denial_of_service.erb

@@ -0,0 +1,3 @@
+
+  limit_conn conn_limit_per_ip 10;
+  limit_req zone=req_limit_per_ip burst=30 nodelay;

data/lib/pvcglue/templates/deploy.rb.erb

@@ -0,0 +1,81 @@
+# This is a generated file.  Do not modify...or else!  :)
+
+set :application, '<%= Pvcglue.configuration.application_name %>'
+set :repo_url, '<%= Pvcglue.cloud.repo_url %>'
+
+set :branch, proc { `git rev-parse --abbrev-ref HEAD`.chomp }
+
+set :linked_dirs, %w{log tmp/pids tmp/cache tmp/sockets}
+
+set :bundle_flags, '--deployment' # Remove the `--quiet` flag
+
+namespace :deploy do
+<% if Pvcglue.cloud.gems[:delayed_job] %>
+  def args
+    fetch(:delayed_job_args, "")
+  end
+
+  def delayed_job_roles
+    fetch(:delayed_job_server_role, :app)
+  end
+
+  desc 'Stop the delayed_job process'
+  task :delayed_job_stop do
+    on roles(delayed_job_roles) do
+      within release_path do
+        with rails_env: fetch(:rails_env) do
+          execute :'script/delayed_job', :stop
+        end
+      end
+    end
+  end
+
+  desc 'Start the delayed_job process'
+  task :delayed_job_start do
+    on roles(delayed_job_roles) do
+      within release_path do
+        with rails_env: fetch(:rails_env) do
+          execute :'script/delayed_job', args, :start
+        end
+      end
+    end
+  end
+
+  desc 'Restart the delayed_job process'
+  task :delayed_job_restart do
+    on roles(delayed_job_roles) do
+      within release_path do
+        with rails_env: fetch(:rails_env) do
+          execute :'script/delayed_job', args, :restart
+        end
+      end
+    end
+  end
+
+  #desc 'Restart Delayed Job'
+  #task :restart_delayed_job do
+  #  on roles(:app), in: :sequence, wait: 5 do
+  #    invoke 'delayed_job_restart'
+  #  end
+  #end
+
+  #task :restart_delayed_job do
+  #  invoke 'delayed_job:restart'
+  #end
+
+
+  after :publishing, :delayed_job_restart # calling this directly is a work-around due to "NoMethodError: undefined method `verbosity'" error when calling task from a task in capistrano 3.1.0 and SSHKit 1.3.0
+<% end %>
+
+  desc 'Restart passenger app'
+  task :restart_passenger do
+    on roles(:app), in: :sequence, wait: 5 do
+      execute :touch, release_path.join('tmp/restart.txt')
+      #invoke 'delayed_job_restart'
+    end
+  end
+
+  after :publishing, :restart_passenger
+
+  after :finishing, 'deploy:cleanup'
+end

data/lib/pvcglue/templates/gemrc.erb

@@ -0,0 +1 @@
+gem: --no-ri --no-rdoc

data/lib/pvcglue/templates/hosts.erb

@@ -0,0 +1,9 @@
+127.0.0.1       localhost
+127.0.1.1       <%= Pvcglue.cloud.current_hostname %>
+
+# The following lines are desirable for IPv6 capable hosts
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters

data/lib/pvcglue/templates/lb.nginx.conf.erb

@@ -0,0 +1,88 @@
+user www-data;
+
+# TODO:  Should be set to the same as `grep processor /proc/cpuinfo | wc -l`
+worker_processes 1;
+
+pid /var/run/nginx.pid;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# nginx-naxsi config
+	##
+	# Uncomment it if you installed nginx-naxsi
+	##
+
+	# include /etc/nginx/naxsi_core.rules;
+
+	##
+	# Phusion Passenger config
+	##
+	# Uncomment it if you installed passenger or passenger-enterprise
+	##
+
+  # passenger_root /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini;
+  # passenger_ruby /home/deploy/.rvm/gems/ruby-2.0.0-p353/wrappers/ruby;
+	# passenger_ruby /usr/bin/ruby;
+
+	##
+	# Virtual Host Configs
+	##
+
+  # disable the default server
+  #server {
+  #    listen      80;
+  #    server_name _;
+  #    return      444;
+  #}
+
+  # DoS prevention
+  limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
+  limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=1r/s;
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}

data/lib/pvcglue/templates/lb.sites-enabled.erb

@@ -0,0 +1,74 @@
+upstream <%= Pvcglue.cloud.app_and_stage_name %>_application  {
+  <% Pvcglue.cloud.nodes_in_stage('web').each do |_, node_config| %>
+  server <%= node_config[:private_ip] %> max_fails=1 fail_timeout=10s;
+  <% end %>
+}
+
+server {
+  listen 80;
+  server_name <%= Pvcglue.cloud.domains.join(' ') %>;
+
+  access_log  /var/log/nginx/<%= Pvcglue.cloud.app_and_stage_name %>.access.log;
+  error_log  /var/log/nginx/<%= Pvcglue.cloud.app_and_stage_name %>.error.log;
+
+  root <%= Pvcglue.cloud.deploy_to_app_dir %>;
+
+  <%= Pvcglue.render_template('denial_of_service.erb') %>
+  <%= Pvcglue.render_template('maintenance_mode.erb') %>
+
+  <% case Pvcglue.cloud.ssl_mode
+    when :none %>
+      location / {
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Maintenance-Bypass $maintenance_bypass;
+
+        proxy_pass  http://<%= Pvcglue.cloud.app_and_stage_name %>_application;
+      }
+    <% when :load_balancer_force_ssl %>
+      location / {
+        # According to http://serverfault.com/a/401632/156820 this is the correct way to redirect all http to https
+        return 301 https://$host$request_uri;
+      }
+    <% else
+         raise "Unsupported SSL option '#{Pvcglue.cloud.ssl_mode}'" %>
+  <% end %>
+}
+
+<% unless Pvcglue.cloud.ssl_mode == :none %>
+server {
+  listen 443 ssl;
+  server_name <%= Pvcglue.cloud.domains.join(' ') %>;
+
+  access_log  /var/log/nginx/<%= Pvcglue.cloud.app_and_stage_name %>.ssl.access.log;
+  error_log  /var/log/nginx/<%= Pvcglue.cloud.app_and_stage_name %>.ssl.error.log;
+
+  root <%= Pvcglue.cloud.deploy_to_app_dir %>;
+
+  <%= Pvcglue.render_template('denial_of_service.erb') %>
+  <%= Pvcglue.render_template('maintenance_mode.erb') %>
+
+  <% case Pvcglue.cloud.ssl_mode
+     when :none %>
+       # ssl_mode: none
+  <% when :load_balancer_force_ssl %>
+    ssl on;
+    ssl_certificate <%= Pvcglue.cloud.nginx_ssl_crt_file_name %>;
+    ssl_certificate_key <%= Pvcglue.cloud.nginx_ssl_key_file_name %>;
+  <% else
+     raise "Unsupported SSL option '#{Pvcglue.cloud.ssl_mode}'" %>
+  <% end %>
+
+  location / {
+
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Maintenance-Bypass $maintenance_bypass;
+    proxy_set_header X-Forwarded-Proto https;
+
+    proxy_pass  http://<%= Pvcglue.cloud.app_and_stage_name %>_application;
+  }
+}
+<% end %>

data/lib/pvcglue/templates/maintenance_mode.erb

@@ -0,0 +1,46 @@
+
+  # partially based on https://onehub.com/blog/2009/03/06/rails-maintenance-pages-done-right/
+  recursive_error_pages on;
+
+  set $maintenance off;
+  set $maintenance_bypass off;
+  # https://blog.ed.gs/2013/01/25/nginx-multiple-if-statements/
+  set $bypass_test no;
+
+  if (-f $document_root/maintenance/maintenance.on) {
+    set $maintenance on;
+    set $bypass_test yes;
+  }
+
+  if ($remote_addr ~ <%= Pvcglue.cloud.dev_ip_addresses.join('|').gsub('.', '\.') %>) {
+    set $maintenance off;
+    set $bypass_test "${bypass_test}yes";
+  }
+
+  if ($bypass_test = yesyes) {
+    set $maintenance_bypass on; # only add header when maintenance is on and the remote address is a dev ip address
+  }
+
+  if ($uri ~ ^/maintenance/.*) {
+    set $maintenance off;
+  }
+
+  if ($maintenance = on) {
+    return 503; # 503 - Service unavailable
+  }
+
+  location /maintenance {
+  }
+
+  #error_page 404 /404.html;
+  #error_page 500 502 504 /500.html;
+  error_page 503 @503;
+
+  location @503 {
+
+    error_page 405 = /maintenance/maintenance.html;
+
+    # Serve static assets if found.
+    rewrite ^(.*)$ /maintenance/maintenance.html break;
+  }
+