railslove_deploy 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. data/LICENSE +20 -0
  2. data/README +12 -0
  3. data/TODO +4 -0
  4. data/bin/deployify +31 -0
  5. data/lib/railslove/recipes/apache.rb +45 -0
  6. data/lib/railslove/recipes/backup.rb +8 -0
  7. data/lib/railslove/recipes/db.rb +52 -0
  8. data/lib/railslove/recipes/deploy.rb +49 -0
  9. data/lib/railslove/recipes/ferm.rb +12 -0
  10. data/lib/railslove/recipes/gems.rb +50 -0
  11. data/lib/railslove/recipes/helpers.rb +35 -0
  12. data/lib/railslove/recipes/hooks.rb +31 -0
  13. data/lib/railslove/recipes/job_runner.rb +17 -0
  14. data/lib/railslove/recipes/logrotate.rb +35 -0
  15. data/lib/railslove/recipes/memcache.rb +21 -0
  16. data/lib/railslove/recipes/misc.rb +36 -0
  17. data/lib/railslove/recipes/monit.rb +32 -0
  18. data/lib/railslove/recipes/passenger.rb +25 -0
  19. data/lib/railslove/recipes/shared.rb +16 -0
  20. data/lib/railslove/recipes/sphinx.rb +37 -0
  21. data/lib/railslove/recipes/workling.rb +26 -0
  22. data/lib/railslove/recipes.rb +7 -0
  23. data/lib/railslove/sprinkle/apache.rb +45 -0
  24. data/lib/railslove/sprinkle/essentials.rb +14 -0
  25. data/lib/railslove/sprinkle/ferm.rb +23 -0
  26. data/lib/railslove/sprinkle/git.rb +15 -0
  27. data/lib/railslove/sprinkle/image_magick.rb +5 -0
  28. data/lib/railslove/sprinkle/memcache.rb +42 -0
  29. data/lib/railslove/sprinkle/monit.rb +34 -0
  30. data/lib/railslove/sprinkle/mysql.rb +20 -0
  31. data/lib/railslove/sprinkle/nginx.rb +16 -0
  32. data/lib/railslove/sprinkle/passenger.rb +68 -0
  33. data/lib/railslove/sprinkle/rails_user.rb +19 -0
  34. data/lib/railslove/sprinkle/ruby_enterprise.rb +38 -0
  35. data/lib/railslove/sprinkle/sphinx.rb +14 -0
  36. data/lib/railslove/sprinkle/sqlite.rb +15 -0
  37. data/lib/railslove/sprinkle/subversion.rb +4 -0
  38. data/lib/railslove/sprinkle/usefull_gems.rb +10 -0
  39. data/lib/railslove/sprinkle.rb +3 -0
  40. data/lib/railslove/templates/deploy.rb +177 -0
  41. data/lib/railslove/templates/ferm.conf.erb +56 -0
  42. data/lib/railslove/templates/maintenance.html +0 -0
  43. data/lib/railslove/templates/memcache_init +31 -0
  44. data/lib/railslove/templates/monit_init +115 -0
  45. data/lib/railslove/templates/monitoring/apache.monit.erb +18 -0
  46. data/lib/railslove/templates/monitoring/job_worker.monit.erb +4 -0
  47. data/lib/railslove/templates/monitoring/memcached.monit.erb +4 -0
  48. data/lib/railslove/templates/monitoring/mysql.monit.erb +5 -0
  49. data/lib/railslove/templates/monitoring/nginx.monit.erb +4 -0
  50. data/lib/railslove/templates/monitoring/sphinx.monit.erb +0 -0
  51. data/lib/railslove/templates/monitoring/sshd.monit.erb +5 -0
  52. data/lib/railslove/templates/monitrc.erb +236 -0
  53. data/lib/railslove/templates/nginx.conf +0 -0
  54. data/lib/railslove/templates/nginx_init +65 -0
  55. data/lib/railslove/templates/passenger.conf +3 -0
  56. data/lib/railslove/templates/passenger.load +1 -0
  57. data/lib/railslove/templates/post_logrotate +1 -0
  58. data/lib/railslove/templates/safe.rb +42 -0
  59. data/lib/railslove/templates/sprinkle.rb +43 -0
  60. data/lib/railslove/templates/sprinkle_config.rb +2 -0
  61. data/lib/railslove/templates/sshd_config.erb +81 -0
  62. data/lib/railslove/templates/stack_readme.txt +4 -0
  63. data/lib/railslove/templates/vhost.erb +42 -0
  64. data/lib/railslove_deploy.rb +0 -0
  65. data/test/railslove_deploy_test.rb +7 -0
  66. data/test/test_helper.rb +7 -0
  67. metadata +132 -0
@@ -0,0 +1,115 @@
1
+ #!/bin/sh
2
+ # /etc/init.d/monit start and stop monit daemon monitor process.
3
+ # Fredrik Steen, stone@debian.org
4
+ :
5
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin
6
+ DAEMON=/usr/local/bin/monit
7
+ CONFIG="/etc/monit/monitrc"
8
+ DELAY="/etc/monit/monit_delay"
9
+ CHECK_INTERVALS=180
10
+ # We default to 180s (3min) check intervals
11
+ NAME=monit
12
+ DESC="daemon monitor"
13
+
14
+ set -e
15
+
16
+ # Check if DAEMON binary exist
17
+ test -f $DAEMON || exit 0
18
+
19
+ if [ -f "/etc/default/monit" ]; then
20
+ . /etc/default/monit
21
+ fi
22
+
23
+ ARGS="-d $CHECK_INTERVALS -c $CONFIG -s /var/lib/monit/monit.state"
24
+
25
+ monit_not_configured () {
26
+ echo -e "monit won't be started/stopped\n\tunless it it's configured"
27
+ if [ "$1" != "stop" ]
28
+ then
29
+ echo -e "\tplease configure monit and then edit /etc/default/monit"
30
+ echo -e "\tand set the \"startup\" variable to 1 in order to allow "
31
+ echo -e "\tmonit to start"
32
+ fi
33
+ exit 0
34
+ }
35
+
36
+ monit_check_config () {
37
+ # Check for emtpy config, probably default configfile.
38
+ if [ "`grep -s -v \"^#\" $CONFIG`" = "" ]; then
39
+ echo "empty config, please edit $CONFIG."
40
+ exit 0
41
+ fi
42
+ }
43
+
44
+ monit_check_perms () {
45
+ # Check the permission on configfile.
46
+ # The permission must not have more than -rwx------ (0700) permissions.
47
+
48
+ # Skip checking, fix perms instead.
49
+ /bin/chmod go-rwx $CONFIG
50
+
51
+ }
52
+
53
+ monit_delayed_monitoring () {
54
+ if [ -x $DELAY ]; then
55
+ $DELAY &
56
+ elif [ -f $DELAY ]; then
57
+ echo
58
+ echo "[WARNING] A delayed start file exists ($DELAY) but it is not executable."
59
+ fi
60
+ }
61
+
62
+ monit_check_syntax () {
63
+ $DAEMON -t;
64
+ # if [ $? ] ; then
65
+ # echo "syntax good"
66
+ # else
67
+ # echo "syntax bad"
68
+ # fi
69
+ }
70
+
71
+
72
+ monit_checks () {
73
+ # Check if startup variable is set to 1, if not we exit.
74
+ if [ "$startup" != "1" ]; then
75
+ monit_not_configured $1
76
+ fi
77
+ # Check for emtpy configfile
78
+ monit_check_config
79
+ # Check permissions of configfile
80
+ monit_check_perms
81
+ }
82
+
83
+ case "$1" in
84
+ start)
85
+ echo -n "Starting $DESC: "
86
+ monit_checks $1
87
+ echo -n "$NAME"
88
+ start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
89
+ --exec $DAEMON > /dev/null 2>&1 -- $ARGS
90
+ monit_delayed_monitoring
91
+ echo "."
92
+ ;;
93
+ stop)
94
+ echo -n "Stopping $DESC: "
95
+ #monit_checks $1
96
+ echo -n "$NAME"
97
+ start-stop-daemon --retry 5 --oknodo --stop --quiet --pidfile /var/run/$NAME.pid \
98
+ --exec $DAEMON > /dev/null 2>&1
99
+ echo "."
100
+ ;;
101
+ restart|force-reload)
102
+ $0 stop
103
+ $0 start
104
+ ;;
105
+ syntax)
106
+ monit_check_syntax
107
+ ;;
108
+ *)
109
+ N=/etc/init.d/$NAME
110
+ echo "Usage: $N {start|stop|restart|force-reload|syntax}" >&2
111
+ exit 1
112
+ ;;
113
+ esac
114
+
115
+ exit 0
@@ -0,0 +1,18 @@
1
+ # from http://mmonit.com/wiki/Monit
2
+ # Hint: It is recommended to use a "token" file (an empty file) for monit to request. That way, it is easy to filter out all the requests made by monit in the httpd access log file. Here's a trick shared by Marco Ermini, place the following in httpd.conf to stop apache from loggin any requests done by monit:
3
+ # SetEnvIf Request_URI "^\/monit\/token$" dontlog
4
+ # CustomLog logs/access.log common env=!dontlog
5
+ #
6
+ #
7
+ #check process apache with pidfile /var/run/apache2.pid
8
+ # group web
9
+ # start program = "/etc/init.d/apache2 start"
10
+ # stop program = "/etc/init.d/apache2 stop"
11
+ # if cpu > 60% for 2 cycles then alert
12
+ # if cpu > 80% for 5 cycles then restart
13
+ # if totalmem > 200.0 MB for 5 cycles then restart
14
+ # if children > 250 then restart
15
+ # if loadavg(5min) greater than 20 for 8 cycles then alert
16
+ # if failed host localhost port 80
17
+ # protocol HTTP request "/monit/token" then restart
18
+ #
@@ -0,0 +1,4 @@
1
+ #check process job_runner with pidfile /var/www/rails_apps/<%= application %>/current/log/job_runner.1.pid
2
+ # start program = "/var/www/rails_apps/<%= application %>/current/script/job_runner start production" as uid rails and gid rails
3
+ # stop program = "/var/www/rails_apps/<%= application %>/current/script/job_runner stop production" as uid rails and gid rails
4
+ # group <%= application %>
@@ -0,0 +1,4 @@
1
+ #check process memcached with pidfile /var/run/memcached/memcached.pid
2
+ # start program = "/etc/init.d/memcached start"
3
+ # stop program = "/etc/init.d/memcached stop"
4
+ # if failed host 127.0.0.1 port 11211 then restart
@@ -0,0 +1,5 @@
1
+ #check process mysql with pidfile /var/run/mysqld/mysqld.pid
2
+ # start program = "/etc/init.d/mysql start"
3
+ # stop program = "/etc/init.d/mysql stop"
4
+ # if failed host 127.0.0.1 port 3306 then restart
5
+ # if 5 restarts within 5 cycles then timeout
@@ -0,0 +1,4 @@
1
+ #check process nginx with pidfile /var/run/nginx.pid
2
+ # group web
3
+ # start program = "/etc/init.d/nginx start"
4
+ # stop program = "/etc/init.d/nginx stop"
@@ -0,0 +1,5 @@
1
+ #check process sshd with pidfile /var/run/sshd.pid
2
+ # start program = "/etc/init.d/ssh start"
3
+ # stop program = "/etc/init.d/ssh stop"
4
+ # if failed port 22 protocol ssh then restart
5
+ # if 5 restarts within 5 cycles then timeout
@@ -0,0 +1,236 @@
1
+ ###############################################################################
2
+ ## Monit control file
3
+ ###############################################################################
4
+ ##
5
+ ## Comments begin with a '#' and extend through the end of the line. Keywords
6
+ ## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
7
+ ##
8
+ ## Bellow is the example of some frequently used statements. For information
9
+ ## about the control file, a complete list of statements and options please
10
+ ## have a look in the monit manual.
11
+ ##
12
+ ##
13
+ ###############################################################################
14
+ ## Global section
15
+ ###############################################################################
16
+ ##
17
+ ## Start monit in background (run as daemon) and check the services at 1-minute
18
+ ## intervals.
19
+ #
20
+
21
+ set daemon 60
22
+
23
+ #
24
+ #
25
+ ## Set syslog logging with the 'daemon' facility. If the FACILITY option is
26
+ ## omited, monit will use 'user' facility by default. You can specify the
27
+ ## path to the file for monit native logging.
28
+ #
29
+ # set logfile syslog facility log_daemon
30
+
31
+ set logfile /var/log/monit
32
+
33
+ #
34
+ #
35
+ ## Set list of mailservers for alert delivery. Multiple servers may be
36
+ ## specified using comma separator. By default monit uses port 25 - it is
37
+ ## possible to override it with the PORT option.
38
+ #
39
+ #set mailserver mail.bar.baz, # primary mailserver
40
+ # backup.bar.baz port 10025, # backup mailserver on port 10025
41
+ # localhost # fallback relay
42
+ #
43
+ #
44
+
45
+ <%= monit_config[:mailserver] %>
46
+
47
+
48
+ ## By default monit will drop the event alert, in the case that there is no
49
+ ## mailserver available. In the case that you want to keep the events for
50
+ ## later delivery retry, you can use the EVENTQUEUE statement. The base
51
+ ## directory where undelivered events will be stored is specified by the
52
+ ## BASEDIR option. You can limit the maximal queue size using the SLOTS
53
+ ## option (if omited then the queue is limited just by the backend filesystem).
54
+ #
55
+ # set eventqueue
56
+ # basedir /var/monit # set the base directory where events will be stored
57
+ # slots 100 # optionaly limit the queue size
58
+ #
59
+ #
60
+ ## Monit by default uses the following alert mail format:
61
+ ##
62
+ ## --8<--
63
+ ## From: monit@$HOST # sender
64
+ ## Subject: monit alert -- $EVENT $SERVICE # subject
65
+ ##
66
+ ## $EVENT Service $SERVICE #
67
+ ## #
68
+ ## Date: $DATE #
69
+ ## Action: $ACTION #
70
+ ## Host: $HOST # body
71
+ ## Description: $DESCRIPTION #
72
+ ## #
73
+ ## Your faithful employee, #
74
+ ## monit #
75
+ ## --8<--
76
+ ##
77
+ ## You can override the alert message format or its parts such as subject
78
+ ## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
79
+ ## are expanded on runtime. For example to override the sender:
80
+ #
81
+ # set mail-format { from: monit@foo.bar }
82
+ #
83
+
84
+ <%= monit_config[:mail_format] %>
85
+
86
+ #
87
+ ## You can set the alert recipients here, which will receive the alert for
88
+ ## each service. The event alerts may be restricted using the list.
89
+ #
90
+ # set alert sysadm@foo.bar # receive all alerts
91
+ # set alert manager@foo.bar only on { timeout } # receive just service-
92
+ # # timeout alert
93
+ #
94
+
95
+
96
+ <%= monit_config[:alerts] %>
97
+
98
+ #
99
+ ## Monit has an embedded webserver, which can be used to view the
100
+ ## configuration, actual services parameters or manage the services using the
101
+ ## web interface.
102
+ #
103
+ # set httpd port 2812 and
104
+ # use address localhost # only accept connection from localhost
105
+ # allow localhost # allow localhost to connect to the server and
106
+ # allow admin:monit # require user 'admin' with password 'monit'
107
+ #
108
+
109
+ <%= monit_config[:webserver] %>
110
+
111
+ #
112
+ ###############################################################################
113
+ ## Services
114
+ ###############################################################################
115
+ ##
116
+ ## Check the general system resources such as load average, cpu and memory
117
+ ## usage. Each rule specifies the tested resource, the limit and the action
118
+ ## which will be performed in the case that the test failed.
119
+ #
120
+ check system localhost
121
+ if loadavg (1min) > 4 then alert
122
+ if loadavg (5min) > 2 then alert
123
+ if memory usage > 75% then alert
124
+ if cpu usage (user) > 70% then alert
125
+ if cpu usage (system) > 30% then alert
126
+ if cpu usage (wait) > 20% then alert
127
+ #
128
+ #
129
+ ## Check a file for existence, checksum, permissions, uid and gid. In addition
130
+ ## to the recipients in the global section, customized alert will be send to
131
+ ## the additional recipient. The service may be grouped using the GROUP option.
132
+ #
133
+ # check file apache_bin with path /usr/local/apache/bin/httpd
134
+ # if failed checksum and
135
+ # expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
136
+ # if failed permission 755 then unmonitor
137
+ # if failed uid root then unmonitor
138
+ # if failed gid root then unmonitor
139
+ # alert security@foo.bar on {
140
+ # checksum, permission, uid, gid, unmonitor
141
+ # } with the mail-format { subject: Alarm! }
142
+ # group server
143
+ #
144
+ #
145
+ ## Check that a process is running, responding on the HTTP and HTTPS request,
146
+ ## check its resource usage such as cpu and memory, number of childrens.
147
+ ## In the case that the process is not running, monit will restart it by
148
+ ## default. In the case that the service was restarted very often and the
149
+ ## problem remains, it is possible to disable the monitoring using the
150
+ ## TIMEOUT statement. The service depends on another service (apache_bin) which
151
+ ## is defined in the monit control file as well.
152
+ #
153
+ # check process apache with pidfile /usr/local/apache/logs/httpd.pid
154
+ # start program = "/etc/init.d/httpd start"
155
+ # stop program = "/etc/init.d/httpd stop"
156
+ # if cpu > 60% for 2 cycles then alert
157
+ # if cpu > 80% for 5 cycles then restart
158
+ # if totalmem > 200.0 MB for 5 cycles then restart
159
+ # if children > 250 then restart
160
+ # if loadavg(5min) greater than 10 for 8 cycles then stop
161
+ # if failed host www.tildeslash.com port 80 protocol http
162
+ # and request "/monit/doc/next.php"
163
+ # then restart
164
+ # if failed port 443 type tcpssl protocol http
165
+ # with timeout 15 seconds
166
+ # then restart
167
+ # if 3 restarts within 5 cycles then timeout
168
+ # depends on apache_bin
169
+ # group server
170
+ #
171
+ #
172
+ ## Check the device permissions, uid, gid, space and inode usage. Other
173
+ ## services such as databases may depend on this resource and automatical
174
+ ## graceful stop may be cascaded to them before the filesystem will become
175
+ ## full and the data will be lost.
176
+ #
177
+ # check device datafs with path /dev/sdb1
178
+ # start program = "/bin/mount /data"
179
+ # stop program = "/bin/umount /data"
180
+ # if failed permission 660 then unmonitor
181
+ # if failed uid root then unmonitor
182
+ # if failed gid disk then unmonitor
183
+ # if space usage > 80% for 5 times within 15 cycles then alert
184
+ # if space usage > 99% then stop
185
+ # if inode usage > 30000 then alert
186
+ # if inode usage > 99% then stop
187
+ # group server
188
+ #
189
+ #
190
+ ## Check a file's timestamp: when it becomes older then 15 minutes, the
191
+ ## file is not updated and something is wrong. In the case that the size
192
+ ## of the file exceeded given limit, perform the script.
193
+ #
194
+ # check file database with path /data/mydatabase.db
195
+ # if failed permission 700 then alert
196
+ # if failed uid data then alert
197
+ # if failed gid data then alert
198
+ # if timestamp > 15 minutes then alert
199
+ # if size > 100 MB then exec "/my/cleanup/script"
200
+ #
201
+ #
202
+ ## Check the directory permission, uid and gid. An event is triggered
203
+ ## if the directory does not belong to the user with the uid 0 and
204
+ ## the gid 0. In the addition the permissions have to match the octal
205
+ ## description of 755 (see chmod(1)).
206
+ #
207
+ # check directory bin with path /bin
208
+ # if failed permission 755 then unmonitor
209
+ # if failed uid 0 then unmonitor
210
+ # if failed gid 0 then unmonitor
211
+ #
212
+ #
213
+ ## Check the remote host network services availability and the response
214
+ ## content. One of three pings, a successfull connection to a port and
215
+ ## application level network check is performed.
216
+ #
217
+ # check host myserver with address 192.168.1.1
218
+ # if failed icmp type echo count 3 with timeout 3 seconds then alert
219
+ # if failed port 3306 protocol mysql with timeout 15 seconds then alert
220
+ # if failed url
221
+ # http://user:password@www.foo.bar:8080/?querystring
222
+ # and content == 'action="j_security_check"'
223
+ # then alert
224
+ #
225
+ #
226
+ ###############################################################################
227
+ ## Includes
228
+ ###############################################################################
229
+ ##
230
+ ## It is possible to include the configuration or its parts from other files or
231
+ ## directories.
232
+ #
233
+ include /etc/monit.d/*
234
+ include /var/www/rails_apps/*/current/config/server/monit/*
235
+ #
236
+ #
File without changes
@@ -0,0 +1,65 @@
1
+ #! /bin/sh
2
+
3
+ # Description: Startup script for nginx webserver on Debian. Place in /etc/init.d and
4
+ # run 'sudo update-rc.d nginx defaults', or use the appropriate command on your
5
+ # distro.
6
+ #
7
+ # Author: Ryan Norbauer <ryan.norbauer@gmail.com>
8
+ # Modified: Geoffrey Grosenbach http://topfunky.com
9
+ # Modified: Michael Bumann http://railslove.com
10
+
11
+ set -e
12
+
13
+ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
14
+ DESC="nginx daemon"
15
+ NAME=nginx
16
+ DAEMON=/opt/nginx/sbin/nginx
17
+ CONFIGFILE=/opt/nginx/conf/nginx.conf
18
+ PIDFILE=/var/run/$NAME.pid
19
+ SCRIPTNAME=/etc/init.d/$NAME
20
+
21
+ # Gracefully exit if the package has been removed.
22
+ test -x $DAEMON || exit 0
23
+
24
+ d_start() {
25
+ $DAEMON -c $CONFIGFILE || echo -n " already running"
26
+ }
27
+
28
+ d_stop() {
29
+ kill -QUIT `cat $PIDFILE` || echo -n " not running"
30
+ }
31
+
32
+ d_reload() {
33
+ kill -HUP `cat $PIDFILE` || echo -n " can't reload"
34
+ }
35
+
36
+ case "$1" in
37
+ start)
38
+ echo -n "Starting $DESC: $NAME"
39
+ d_start
40
+ echo "."
41
+ ;;
42
+ stop)
43
+ echo -n "Stopping $DESC: $NAME"
44
+ d_stop
45
+ echo "."
46
+ ;;
47
+ reload)
48
+ echo -n "Reloading $DESC configuration..."
49
+ d_reload
50
+ echo "reloaded."
51
+ ;;
52
+ restart)
53
+ echo -n "Restarting $DESC: $NAME"
54
+ d_stop
55
+ sleep 2
56
+ d_start
57
+ echo "."
58
+ ;;
59
+ *)
60
+ echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
61
+ exit 3
62
+ ;;
63
+ esac
64
+
65
+ exit 0
@@ -0,0 +1,3 @@
1
+ PassengerRoot /usr/local/ruby-enterprise/lib/ruby/gems/1.8/gems/passenger-<%= passenger_version || "2.2.8" %>
2
+ PassengerRuby /usr/local/ruby-enterprise/bin/ruby
3
+ RailsEnv production
@@ -0,0 +1 @@
1
+ LoadModule passenger_module /usr/local/ruby-enterprise/lib/ruby/gems/1.8/gems/passenger-<%= passenger_version || "2.2.8" %>/ext/apache2/mod_passenger.so
@@ -0,0 +1 @@
1
+ #!/usr/bin/env ruby
@@ -0,0 +1,42 @@
1
+ # Example of a safe script to backup your server
2
+ #
3
+ # for more detail have a look at:
4
+ # http://github.com/astrails/safe/tree/master
5
+ # http://blog.astrails.com/2009/4/6/simple-backups-can-be-simple
6
+ safe do
7
+ local :path => "/backup/:kind/:id"
8
+
9
+ s3 do
10
+ key "...................."
11
+ secret "........................................"
12
+ bucket "backup.astrails.com"
13
+ path "servers/alpha/:kind/:id"
14
+ end
15
+
16
+ keep do
17
+ local 15
18
+ s3 15
19
+ end
20
+
21
+ mysqldump do
22
+ options "-ceKq --single-transaction --create-options"
23
+
24
+ user "readonly"
25
+ password ""
26
+ #socket "/var/run/mysqld/mysqld.sock"
27
+
28
+ database :your_app_production
29
+
30
+ end
31
+
32
+ tar do
33
+ archive "dot-configs", :files => "/home/*/.[^.]*"
34
+ archive "etc", :files => "/etc"
35
+
36
+ archive "your_app" do
37
+ files "/var/www/rails_apps/your_app/"
38
+ exclude ["/var/www/rails_apps/your_app/shared/logs"]
39
+ end
40
+
41
+ end
42
+ end
@@ -0,0 +1,43 @@
1
+ # Require our stack
2
+ require "railslove/sprinkle"
3
+
4
+ policy :passenger_stack, :roles => :app do
5
+ requires :webserver # Apache
6
+ requires :database # MySQL, SQLite
7
+
8
+ # memcached
9
+ requires :memcached_daemon # Memcached
10
+ requires :libmemcached # libmemcached
11
+ requires :memcached_conf # memcached-user, init.d config
12
+
13
+ requires :scm # Git, SVN
14
+ requires :ruby # Ruby Enterprise
15
+ requires :searchengine # Sphinx
16
+ requires :appserver # passenger
17
+ requires :rails_user # special rails user with sudo rights
18
+ requires :database_driver # Ruby database driver
19
+ requires :usefull_gems # usefull, frequently needed gems
20
+ requires :image_magick # image magick
21
+ requires :ferm # ferm iptable configuration tool
22
+ requires :ferm_conf # configure ferm (allow http, https and ssh)
23
+ requires :monit # monit - system process monitoring
24
+ end
25
+
26
+ deployment do
27
+ # mechanism for deployment
28
+ delivery :capistrano do
29
+ begin
30
+ recipes 'Capfile'
31
+ rescue LoadError
32
+ recipes 'config/deploy'
33
+ end
34
+ recipes 'config/server/config.rb'
35
+ end
36
+
37
+ # source based package installer defaults
38
+ source do
39
+ prefix '/usr/local'
40
+ archives '/usr/local/sources'
41
+ builds '/usr/local/build'
42
+ end
43
+ end
@@ -0,0 +1,2 @@
1
+ set :use_sudo, false
2
+ set :user, "root"
@@ -0,0 +1,81 @@
1
+ # Package generated configuration file
2
+ # See the sshd(8) manpage for details
3
+
4
+ # What ports, IPs and protocols we listen for
5
+ Port <%= ssh_options[:port] %>
6
+ # Use these options to restrict which interfaces/protocols sshd will bind to
7
+ #ListenAddress ::
8
+ #ListenAddress 0.0.0.0
9
+ Protocol 2
10
+ # HostKeys for protocol version 2
11
+ HostKey /etc/ssh/ssh_host_rsa_key
12
+ HostKey /etc/ssh/ssh_host_dsa_key
13
+ #Privilege Separation is turned on for security
14
+ UsePrivilegeSeparation yes
15
+
16
+ # Lifetime and size of ephemeral version 1 server key
17
+ KeyRegenerationInterval 3600
18
+ ServerKeyBits 768
19
+
20
+ # Logging
21
+ SyslogFacility AUTH
22
+ LogLevel INFO
23
+
24
+ # Authentication:
25
+ LoginGraceTime 120
26
+ PermitRootLogin no
27
+ StrictModes yes
28
+
29
+ RSAAuthentication yes
30
+ PubkeyAuthentication yes
31
+ #AuthorizedKeysFile %h/.ssh/authorized_keys
32
+
33
+ # Don't read the user's ~/.rhosts and ~/.shosts files
34
+ IgnoreRhosts yes
35
+ # For this to work you will also need host keys in /etc/ssh_known_hosts
36
+ RhostsRSAAuthentication no
37
+ # similar for protocol version 2
38
+ HostbasedAuthentication no
39
+ # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
40
+ #IgnoreUserKnownHosts yes
41
+
42
+ # To enable empty passwords, change to yes (NOT RECOMMENDED)
43
+ PermitEmptyPasswords no
44
+
45
+ # Change to yes to enable challenge-response passwords (beware issues with
46
+ # some PAM modules and threads)
47
+ ChallengeResponseAuthentication no
48
+
49
+ # Change to no to disable tunnelled clear text passwords
50
+ PasswordAuthentication no
51
+
52
+ # Kerberos options
53
+ #KerberosAuthentication no
54
+ #KerberosGetAFSToken no
55
+ #KerberosOrLocalPasswd yes
56
+ #KerberosTicketCleanup yes
57
+
58
+ # GSSAPI options
59
+ GSSAPIAuthentication no
60
+ #GSSAPICleanupCredentials yes
61
+
62
+ X11Forwarding no
63
+ X11DisplayOffset 10
64
+ PrintMotd no
65
+ PrintLastLog yes
66
+ KeepAlive yes
67
+ #UseLogin no
68
+
69
+ #MaxStartups 10:30:60
70
+ #Banner /etc/issue.net
71
+
72
+ # Allow client to pass locale environment variables
73
+ AcceptEnv LANG LC_*
74
+
75
+ Subsystem sftp /usr/lib/openssh/sftp-server
76
+
77
+ UsePAM no
78
+
79
+ UseDNS no
80
+
81
+ AllowUsers <%= user %>
@@ -0,0 +1,4 @@
1
+ * change mySQL password
2
+ * change root password
3
+ * change password of rails user
4
+ * harden your system