railslove_deploy 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/LICENSE +20 -0
- data/README +12 -0
- data/TODO +4 -0
- data/bin/deployify +31 -0
- data/lib/railslove/recipes/apache.rb +45 -0
- data/lib/railslove/recipes/backup.rb +8 -0
- data/lib/railslove/recipes/db.rb +52 -0
- data/lib/railslove/recipes/deploy.rb +49 -0
- data/lib/railslove/recipes/ferm.rb +12 -0
- data/lib/railslove/recipes/gems.rb +50 -0
- data/lib/railslove/recipes/helpers.rb +35 -0
- data/lib/railslove/recipes/hooks.rb +31 -0
- data/lib/railslove/recipes/job_runner.rb +17 -0
- data/lib/railslove/recipes/logrotate.rb +35 -0
- data/lib/railslove/recipes/memcache.rb +21 -0
- data/lib/railslove/recipes/misc.rb +36 -0
- data/lib/railslove/recipes/monit.rb +32 -0
- data/lib/railslove/recipes/passenger.rb +25 -0
- data/lib/railslove/recipes/shared.rb +16 -0
- data/lib/railslove/recipes/sphinx.rb +37 -0
- data/lib/railslove/recipes/workling.rb +26 -0
- data/lib/railslove/recipes.rb +7 -0
- data/lib/railslove/sprinkle/apache.rb +45 -0
- data/lib/railslove/sprinkle/essentials.rb +14 -0
- data/lib/railslove/sprinkle/ferm.rb +23 -0
- data/lib/railslove/sprinkle/git.rb +15 -0
- data/lib/railslove/sprinkle/image_magick.rb +5 -0
- data/lib/railslove/sprinkle/memcache.rb +42 -0
- data/lib/railslove/sprinkle/monit.rb +34 -0
- data/lib/railslove/sprinkle/mysql.rb +20 -0
- data/lib/railslove/sprinkle/nginx.rb +16 -0
- data/lib/railslove/sprinkle/passenger.rb +68 -0
- data/lib/railslove/sprinkle/rails_user.rb +19 -0
- data/lib/railslove/sprinkle/ruby_enterprise.rb +38 -0
- data/lib/railslove/sprinkle/sphinx.rb +14 -0
- data/lib/railslove/sprinkle/sqlite.rb +15 -0
- data/lib/railslove/sprinkle/subversion.rb +4 -0
- data/lib/railslove/sprinkle/usefull_gems.rb +10 -0
- data/lib/railslove/sprinkle.rb +3 -0
- data/lib/railslove/templates/deploy.rb +177 -0
- data/lib/railslove/templates/ferm.conf.erb +56 -0
- data/lib/railslove/templates/maintenance.html +0 -0
- data/lib/railslove/templates/memcache_init +31 -0
- data/lib/railslove/templates/monit_init +115 -0
- data/lib/railslove/templates/monitoring/apache.monit.erb +18 -0
- data/lib/railslove/templates/monitoring/job_worker.monit.erb +4 -0
- data/lib/railslove/templates/monitoring/memcached.monit.erb +4 -0
- data/lib/railslove/templates/monitoring/mysql.monit.erb +5 -0
- data/lib/railslove/templates/monitoring/nginx.monit.erb +4 -0
- data/lib/railslove/templates/monitoring/sphinx.monit.erb +0 -0
- data/lib/railslove/templates/monitoring/sshd.monit.erb +5 -0
- data/lib/railslove/templates/monitrc.erb +236 -0
- data/lib/railslove/templates/nginx.conf +0 -0
- data/lib/railslove/templates/nginx_init +65 -0
- data/lib/railslove/templates/passenger.conf +3 -0
- data/lib/railslove/templates/passenger.load +1 -0
- data/lib/railslove/templates/post_logrotate +1 -0
- data/lib/railslove/templates/safe.rb +42 -0
- data/lib/railslove/templates/sprinkle.rb +43 -0
- data/lib/railslove/templates/sprinkle_config.rb +2 -0
- data/lib/railslove/templates/sshd_config.erb +81 -0
- data/lib/railslove/templates/stack_readme.txt +4 -0
- data/lib/railslove/templates/vhost.erb +42 -0
- data/lib/railslove_deploy.rb +0 -0
- data/test/railslove_deploy_test.rb +7 -0
- data/test/test_helper.rb +7 -0
- metadata +132 -0
@@ -0,0 +1,115 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
# /etc/init.d/monit start and stop monit daemon monitor process.
|
3
|
+
# Fredrik Steen, stone@debian.org
|
4
|
+
:
|
5
|
+
PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
6
|
+
DAEMON=/usr/local/bin/monit
|
7
|
+
CONFIG="/etc/monit/monitrc"
|
8
|
+
DELAY="/etc/monit/monit_delay"
|
9
|
+
CHECK_INTERVALS=180
|
10
|
+
# We default to 180s (3min) check intervals
|
11
|
+
NAME=monit
|
12
|
+
DESC="daemon monitor"
|
13
|
+
|
14
|
+
set -e
|
15
|
+
|
16
|
+
# Check if DAEMON binary exist
|
17
|
+
test -f $DAEMON || exit 0
|
18
|
+
|
19
|
+
if [ -f "/etc/default/monit" ]; then
|
20
|
+
. /etc/default/monit
|
21
|
+
fi
|
22
|
+
|
23
|
+
ARGS="-d $CHECK_INTERVALS -c $CONFIG -s /var/lib/monit/monit.state"
|
24
|
+
|
25
|
+
monit_not_configured () {
|
26
|
+
echo -e "monit won't be started/stopped\n\tunless it it's configured"
|
27
|
+
if [ "$1" != "stop" ]
|
28
|
+
then
|
29
|
+
echo -e "\tplease configure monit and then edit /etc/default/monit"
|
30
|
+
echo -e "\tand set the \"startup\" variable to 1 in order to allow "
|
31
|
+
echo -e "\tmonit to start"
|
32
|
+
fi
|
33
|
+
exit 0
|
34
|
+
}
|
35
|
+
|
36
|
+
monit_check_config () {
|
37
|
+
# Check for emtpy config, probably default configfile.
|
38
|
+
if [ "`grep -s -v \"^#\" $CONFIG`" = "" ]; then
|
39
|
+
echo "empty config, please edit $CONFIG."
|
40
|
+
exit 0
|
41
|
+
fi
|
42
|
+
}
|
43
|
+
|
44
|
+
monit_check_perms () {
|
45
|
+
# Check the permission on configfile.
|
46
|
+
# The permission must not have more than -rwx------ (0700) permissions.
|
47
|
+
|
48
|
+
# Skip checking, fix perms instead.
|
49
|
+
/bin/chmod go-rwx $CONFIG
|
50
|
+
|
51
|
+
}
|
52
|
+
|
53
|
+
monit_delayed_monitoring () {
|
54
|
+
if [ -x $DELAY ]; then
|
55
|
+
$DELAY &
|
56
|
+
elif [ -f $DELAY ]; then
|
57
|
+
echo
|
58
|
+
echo "[WARNING] A delayed start file exists ($DELAY) but it is not executable."
|
59
|
+
fi
|
60
|
+
}
|
61
|
+
|
62
|
+
monit_check_syntax () {
|
63
|
+
$DAEMON -t;
|
64
|
+
# if [ $? ] ; then
|
65
|
+
# echo "syntax good"
|
66
|
+
# else
|
67
|
+
# echo "syntax bad"
|
68
|
+
# fi
|
69
|
+
}
|
70
|
+
|
71
|
+
|
72
|
+
monit_checks () {
|
73
|
+
# Check if startup variable is set to 1, if not we exit.
|
74
|
+
if [ "$startup" != "1" ]; then
|
75
|
+
monit_not_configured $1
|
76
|
+
fi
|
77
|
+
# Check for emtpy configfile
|
78
|
+
monit_check_config
|
79
|
+
# Check permissions of configfile
|
80
|
+
monit_check_perms
|
81
|
+
}
|
82
|
+
|
83
|
+
case "$1" in
|
84
|
+
start)
|
85
|
+
echo -n "Starting $DESC: "
|
86
|
+
monit_checks $1
|
87
|
+
echo -n "$NAME"
|
88
|
+
start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
|
89
|
+
--exec $DAEMON > /dev/null 2>&1 -- $ARGS
|
90
|
+
monit_delayed_monitoring
|
91
|
+
echo "."
|
92
|
+
;;
|
93
|
+
stop)
|
94
|
+
echo -n "Stopping $DESC: "
|
95
|
+
#monit_checks $1
|
96
|
+
echo -n "$NAME"
|
97
|
+
start-stop-daemon --retry 5 --oknodo --stop --quiet --pidfile /var/run/$NAME.pid \
|
98
|
+
--exec $DAEMON > /dev/null 2>&1
|
99
|
+
echo "."
|
100
|
+
;;
|
101
|
+
restart|force-reload)
|
102
|
+
$0 stop
|
103
|
+
$0 start
|
104
|
+
;;
|
105
|
+
syntax)
|
106
|
+
monit_check_syntax
|
107
|
+
;;
|
108
|
+
*)
|
109
|
+
N=/etc/init.d/$NAME
|
110
|
+
echo "Usage: $N {start|stop|restart|force-reload|syntax}" >&2
|
111
|
+
exit 1
|
112
|
+
;;
|
113
|
+
esac
|
114
|
+
|
115
|
+
exit 0
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# from http://mmonit.com/wiki/Monit
|
2
|
+
# Hint: It is recommended to use a "token" file (an empty file) for monit to request. That way, it is easy to filter out all the requests made by monit in the httpd access log file. Here's a trick shared by Marco Ermini, place the following in httpd.conf to stop apache from loggin any requests done by monit:
|
3
|
+
# SetEnvIf Request_URI "^\/monit\/token$" dontlog
|
4
|
+
# CustomLog logs/access.log common env=!dontlog
|
5
|
+
#
|
6
|
+
#
|
7
|
+
#check process apache with pidfile /var/run/apache2.pid
|
8
|
+
# group web
|
9
|
+
# start program = "/etc/init.d/apache2 start"
|
10
|
+
# stop program = "/etc/init.d/apache2 stop"
|
11
|
+
# if cpu > 60% for 2 cycles then alert
|
12
|
+
# if cpu > 80% for 5 cycles then restart
|
13
|
+
# if totalmem > 200.0 MB for 5 cycles then restart
|
14
|
+
# if children > 250 then restart
|
15
|
+
# if loadavg(5min) greater than 20 for 8 cycles then alert
|
16
|
+
# if failed host localhost port 80
|
17
|
+
# protocol HTTP request "/monit/token" then restart
|
18
|
+
#
|
@@ -0,0 +1,4 @@
|
|
1
|
+
#check process job_runner with pidfile /var/www/rails_apps/<%= application %>/current/log/job_runner.1.pid
|
2
|
+
# start program = "/var/www/rails_apps/<%= application %>/current/script/job_runner start production" as uid rails and gid rails
|
3
|
+
# stop program = "/var/www/rails_apps/<%= application %>/current/script/job_runner stop production" as uid rails and gid rails
|
4
|
+
# group <%= application %>
|
File without changes
|
@@ -0,0 +1,236 @@
|
|
1
|
+
###############################################################################
|
2
|
+
## Monit control file
|
3
|
+
###############################################################################
|
4
|
+
##
|
5
|
+
## Comments begin with a '#' and extend through the end of the line. Keywords
|
6
|
+
## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
|
7
|
+
##
|
8
|
+
## Bellow is the example of some frequently used statements. For information
|
9
|
+
## about the control file, a complete list of statements and options please
|
10
|
+
## have a look in the monit manual.
|
11
|
+
##
|
12
|
+
##
|
13
|
+
###############################################################################
|
14
|
+
## Global section
|
15
|
+
###############################################################################
|
16
|
+
##
|
17
|
+
## Start monit in background (run as daemon) and check the services at 1-minute
|
18
|
+
## intervals.
|
19
|
+
#
|
20
|
+
|
21
|
+
set daemon 60
|
22
|
+
|
23
|
+
#
|
24
|
+
#
|
25
|
+
## Set syslog logging with the 'daemon' facility. If the FACILITY option is
|
26
|
+
## omited, monit will use 'user' facility by default. You can specify the
|
27
|
+
## path to the file for monit native logging.
|
28
|
+
#
|
29
|
+
# set logfile syslog facility log_daemon
|
30
|
+
|
31
|
+
set logfile /var/log/monit
|
32
|
+
|
33
|
+
#
|
34
|
+
#
|
35
|
+
## Set list of mailservers for alert delivery. Multiple servers may be
|
36
|
+
## specified using comma separator. By default monit uses port 25 - it is
|
37
|
+
## possible to override it with the PORT option.
|
38
|
+
#
|
39
|
+
#set mailserver mail.bar.baz, # primary mailserver
|
40
|
+
# backup.bar.baz port 10025, # backup mailserver on port 10025
|
41
|
+
# localhost # fallback relay
|
42
|
+
#
|
43
|
+
#
|
44
|
+
|
45
|
+
<%= monit_config[:mailserver] %>
|
46
|
+
|
47
|
+
|
48
|
+
## By default monit will drop the event alert, in the case that there is no
|
49
|
+
## mailserver available. In the case that you want to keep the events for
|
50
|
+
## later delivery retry, you can use the EVENTQUEUE statement. The base
|
51
|
+
## directory where undelivered events will be stored is specified by the
|
52
|
+
## BASEDIR option. You can limit the maximal queue size using the SLOTS
|
53
|
+
## option (if omited then the queue is limited just by the backend filesystem).
|
54
|
+
#
|
55
|
+
# set eventqueue
|
56
|
+
# basedir /var/monit # set the base directory where events will be stored
|
57
|
+
# slots 100 # optionaly limit the queue size
|
58
|
+
#
|
59
|
+
#
|
60
|
+
## Monit by default uses the following alert mail format:
|
61
|
+
##
|
62
|
+
## --8<--
|
63
|
+
## From: monit@$HOST # sender
|
64
|
+
## Subject: monit alert -- $EVENT $SERVICE # subject
|
65
|
+
##
|
66
|
+
## $EVENT Service $SERVICE #
|
67
|
+
## #
|
68
|
+
## Date: $DATE #
|
69
|
+
## Action: $ACTION #
|
70
|
+
## Host: $HOST # body
|
71
|
+
## Description: $DESCRIPTION #
|
72
|
+
## #
|
73
|
+
## Your faithful employee, #
|
74
|
+
## monit #
|
75
|
+
## --8<--
|
76
|
+
##
|
77
|
+
## You can override the alert message format or its parts such as subject
|
78
|
+
## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
|
79
|
+
## are expanded on runtime. For example to override the sender:
|
80
|
+
#
|
81
|
+
# set mail-format { from: monit@foo.bar }
|
82
|
+
#
|
83
|
+
|
84
|
+
<%= monit_config[:mail_format] %>
|
85
|
+
|
86
|
+
#
|
87
|
+
## You can set the alert recipients here, which will receive the alert for
|
88
|
+
## each service. The event alerts may be restricted using the list.
|
89
|
+
#
|
90
|
+
# set alert sysadm@foo.bar # receive all alerts
|
91
|
+
# set alert manager@foo.bar only on { timeout } # receive just service-
|
92
|
+
# # timeout alert
|
93
|
+
#
|
94
|
+
|
95
|
+
|
96
|
+
<%= monit_config[:alerts] %>
|
97
|
+
|
98
|
+
#
|
99
|
+
## Monit has an embedded webserver, which can be used to view the
|
100
|
+
## configuration, actual services parameters or manage the services using the
|
101
|
+
## web interface.
|
102
|
+
#
|
103
|
+
# set httpd port 2812 and
|
104
|
+
# use address localhost # only accept connection from localhost
|
105
|
+
# allow localhost # allow localhost to connect to the server and
|
106
|
+
# allow admin:monit # require user 'admin' with password 'monit'
|
107
|
+
#
|
108
|
+
|
109
|
+
<%= monit_config[:webserver] %>
|
110
|
+
|
111
|
+
#
|
112
|
+
###############################################################################
|
113
|
+
## Services
|
114
|
+
###############################################################################
|
115
|
+
##
|
116
|
+
## Check the general system resources such as load average, cpu and memory
|
117
|
+
## usage. Each rule specifies the tested resource, the limit and the action
|
118
|
+
## which will be performed in the case that the test failed.
|
119
|
+
#
|
120
|
+
check system localhost
|
121
|
+
if loadavg (1min) > 4 then alert
|
122
|
+
if loadavg (5min) > 2 then alert
|
123
|
+
if memory usage > 75% then alert
|
124
|
+
if cpu usage (user) > 70% then alert
|
125
|
+
if cpu usage (system) > 30% then alert
|
126
|
+
if cpu usage (wait) > 20% then alert
|
127
|
+
#
|
128
|
+
#
|
129
|
+
## Check a file for existence, checksum, permissions, uid and gid. In addition
|
130
|
+
## to the recipients in the global section, customized alert will be send to
|
131
|
+
## the additional recipient. The service may be grouped using the GROUP option.
|
132
|
+
#
|
133
|
+
# check file apache_bin with path /usr/local/apache/bin/httpd
|
134
|
+
# if failed checksum and
|
135
|
+
# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
|
136
|
+
# if failed permission 755 then unmonitor
|
137
|
+
# if failed uid root then unmonitor
|
138
|
+
# if failed gid root then unmonitor
|
139
|
+
# alert security@foo.bar on {
|
140
|
+
# checksum, permission, uid, gid, unmonitor
|
141
|
+
# } with the mail-format { subject: Alarm! }
|
142
|
+
# group server
|
143
|
+
#
|
144
|
+
#
|
145
|
+
## Check that a process is running, responding on the HTTP and HTTPS request,
|
146
|
+
## check its resource usage such as cpu and memory, number of childrens.
|
147
|
+
## In the case that the process is not running, monit will restart it by
|
148
|
+
## default. In the case that the service was restarted very often and the
|
149
|
+
## problem remains, it is possible to disable the monitoring using the
|
150
|
+
## TIMEOUT statement. The service depends on another service (apache_bin) which
|
151
|
+
## is defined in the monit control file as well.
|
152
|
+
#
|
153
|
+
# check process apache with pidfile /usr/local/apache/logs/httpd.pid
|
154
|
+
# start program = "/etc/init.d/httpd start"
|
155
|
+
# stop program = "/etc/init.d/httpd stop"
|
156
|
+
# if cpu > 60% for 2 cycles then alert
|
157
|
+
# if cpu > 80% for 5 cycles then restart
|
158
|
+
# if totalmem > 200.0 MB for 5 cycles then restart
|
159
|
+
# if children > 250 then restart
|
160
|
+
# if loadavg(5min) greater than 10 for 8 cycles then stop
|
161
|
+
# if failed host www.tildeslash.com port 80 protocol http
|
162
|
+
# and request "/monit/doc/next.php"
|
163
|
+
# then restart
|
164
|
+
# if failed port 443 type tcpssl protocol http
|
165
|
+
# with timeout 15 seconds
|
166
|
+
# then restart
|
167
|
+
# if 3 restarts within 5 cycles then timeout
|
168
|
+
# depends on apache_bin
|
169
|
+
# group server
|
170
|
+
#
|
171
|
+
#
|
172
|
+
## Check the device permissions, uid, gid, space and inode usage. Other
|
173
|
+
## services such as databases may depend on this resource and automatical
|
174
|
+
## graceful stop may be cascaded to them before the filesystem will become
|
175
|
+
## full and the data will be lost.
|
176
|
+
#
|
177
|
+
# check device datafs with path /dev/sdb1
|
178
|
+
# start program = "/bin/mount /data"
|
179
|
+
# stop program = "/bin/umount /data"
|
180
|
+
# if failed permission 660 then unmonitor
|
181
|
+
# if failed uid root then unmonitor
|
182
|
+
# if failed gid disk then unmonitor
|
183
|
+
# if space usage > 80% for 5 times within 15 cycles then alert
|
184
|
+
# if space usage > 99% then stop
|
185
|
+
# if inode usage > 30000 then alert
|
186
|
+
# if inode usage > 99% then stop
|
187
|
+
# group server
|
188
|
+
#
|
189
|
+
#
|
190
|
+
## Check a file's timestamp: when it becomes older then 15 minutes, the
|
191
|
+
## file is not updated and something is wrong. In the case that the size
|
192
|
+
## of the file exceeded given limit, perform the script.
|
193
|
+
#
|
194
|
+
# check file database with path /data/mydatabase.db
|
195
|
+
# if failed permission 700 then alert
|
196
|
+
# if failed uid data then alert
|
197
|
+
# if failed gid data then alert
|
198
|
+
# if timestamp > 15 minutes then alert
|
199
|
+
# if size > 100 MB then exec "/my/cleanup/script"
|
200
|
+
#
|
201
|
+
#
|
202
|
+
## Check the directory permission, uid and gid. An event is triggered
|
203
|
+
## if the directory does not belong to the user with the uid 0 and
|
204
|
+
## the gid 0. In the addition the permissions have to match the octal
|
205
|
+
## description of 755 (see chmod(1)).
|
206
|
+
#
|
207
|
+
# check directory bin with path /bin
|
208
|
+
# if failed permission 755 then unmonitor
|
209
|
+
# if failed uid 0 then unmonitor
|
210
|
+
# if failed gid 0 then unmonitor
|
211
|
+
#
|
212
|
+
#
|
213
|
+
## Check the remote host network services availability and the response
|
214
|
+
## content. One of three pings, a successfull connection to a port and
|
215
|
+
## application level network check is performed.
|
216
|
+
#
|
217
|
+
# check host myserver with address 192.168.1.1
|
218
|
+
# if failed icmp type echo count 3 with timeout 3 seconds then alert
|
219
|
+
# if failed port 3306 protocol mysql with timeout 15 seconds then alert
|
220
|
+
# if failed url
|
221
|
+
# http://user:password@www.foo.bar:8080/?querystring
|
222
|
+
# and content == 'action="j_security_check"'
|
223
|
+
# then alert
|
224
|
+
#
|
225
|
+
#
|
226
|
+
###############################################################################
|
227
|
+
## Includes
|
228
|
+
###############################################################################
|
229
|
+
##
|
230
|
+
## It is possible to include the configuration or its parts from other files or
|
231
|
+
## directories.
|
232
|
+
#
|
233
|
+
include /etc/monit.d/*
|
234
|
+
include /var/www/rails_apps/*/current/config/server/monit/*
|
235
|
+
#
|
236
|
+
#
|
File without changes
|
@@ -0,0 +1,65 @@
|
|
1
|
+
#! /bin/sh
|
2
|
+
|
3
|
+
# Description: Startup script for nginx webserver on Debian. Place in /etc/init.d and
|
4
|
+
# run 'sudo update-rc.d nginx defaults', or use the appropriate command on your
|
5
|
+
# distro.
|
6
|
+
#
|
7
|
+
# Author: Ryan Norbauer <ryan.norbauer@gmail.com>
|
8
|
+
# Modified: Geoffrey Grosenbach http://topfunky.com
|
9
|
+
# Modified: Michael Bumann http://railslove.com
|
10
|
+
|
11
|
+
set -e
|
12
|
+
|
13
|
+
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
14
|
+
DESC="nginx daemon"
|
15
|
+
NAME=nginx
|
16
|
+
DAEMON=/opt/nginx/sbin/nginx
|
17
|
+
CONFIGFILE=/opt/nginx/conf/nginx.conf
|
18
|
+
PIDFILE=/var/run/$NAME.pid
|
19
|
+
SCRIPTNAME=/etc/init.d/$NAME
|
20
|
+
|
21
|
+
# Gracefully exit if the package has been removed.
|
22
|
+
test -x $DAEMON || exit 0
|
23
|
+
|
24
|
+
d_start() {
|
25
|
+
$DAEMON -c $CONFIGFILE || echo -n " already running"
|
26
|
+
}
|
27
|
+
|
28
|
+
d_stop() {
|
29
|
+
kill -QUIT `cat $PIDFILE` || echo -n " not running"
|
30
|
+
}
|
31
|
+
|
32
|
+
d_reload() {
|
33
|
+
kill -HUP `cat $PIDFILE` || echo -n " can't reload"
|
34
|
+
}
|
35
|
+
|
36
|
+
case "$1" in
|
37
|
+
start)
|
38
|
+
echo -n "Starting $DESC: $NAME"
|
39
|
+
d_start
|
40
|
+
echo "."
|
41
|
+
;;
|
42
|
+
stop)
|
43
|
+
echo -n "Stopping $DESC: $NAME"
|
44
|
+
d_stop
|
45
|
+
echo "."
|
46
|
+
;;
|
47
|
+
reload)
|
48
|
+
echo -n "Reloading $DESC configuration..."
|
49
|
+
d_reload
|
50
|
+
echo "reloaded."
|
51
|
+
;;
|
52
|
+
restart)
|
53
|
+
echo -n "Restarting $DESC: $NAME"
|
54
|
+
d_stop
|
55
|
+
sleep 2
|
56
|
+
d_start
|
57
|
+
echo "."
|
58
|
+
;;
|
59
|
+
*)
|
60
|
+
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
|
61
|
+
exit 3
|
62
|
+
;;
|
63
|
+
esac
|
64
|
+
|
65
|
+
exit 0
|
@@ -0,0 +1 @@
|
|
1
|
+
LoadModule passenger_module /usr/local/ruby-enterprise/lib/ruby/gems/1.8/gems/passenger-<%= passenger_version || "2.2.8" %>/ext/apache2/mod_passenger.so
|
@@ -0,0 +1 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# Example of a safe script to backup your server
|
2
|
+
#
|
3
|
+
# for more detail have a look at:
|
4
|
+
# http://github.com/astrails/safe/tree/master
|
5
|
+
# http://blog.astrails.com/2009/4/6/simple-backups-can-be-simple
|
6
|
+
safe do
|
7
|
+
local :path => "/backup/:kind/:id"
|
8
|
+
|
9
|
+
s3 do
|
10
|
+
key "...................."
|
11
|
+
secret "........................................"
|
12
|
+
bucket "backup.astrails.com"
|
13
|
+
path "servers/alpha/:kind/:id"
|
14
|
+
end
|
15
|
+
|
16
|
+
keep do
|
17
|
+
local 15
|
18
|
+
s3 15
|
19
|
+
end
|
20
|
+
|
21
|
+
mysqldump do
|
22
|
+
options "-ceKq --single-transaction --create-options"
|
23
|
+
|
24
|
+
user "readonly"
|
25
|
+
password ""
|
26
|
+
#socket "/var/run/mysqld/mysqld.sock"
|
27
|
+
|
28
|
+
database :your_app_production
|
29
|
+
|
30
|
+
end
|
31
|
+
|
32
|
+
tar do
|
33
|
+
archive "dot-configs", :files => "/home/*/.[^.]*"
|
34
|
+
archive "etc", :files => "/etc"
|
35
|
+
|
36
|
+
archive "your_app" do
|
37
|
+
files "/var/www/rails_apps/your_app/"
|
38
|
+
exclude ["/var/www/rails_apps/your_app/shared/logs"]
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
# Require our stack
|
2
|
+
require "railslove/sprinkle"
|
3
|
+
|
4
|
+
policy :passenger_stack, :roles => :app do
|
5
|
+
requires :webserver # Apache
|
6
|
+
requires :database # MySQL, SQLite
|
7
|
+
|
8
|
+
# memcached
|
9
|
+
requires :memcached_daemon # Memcached
|
10
|
+
requires :libmemcached # libmemcached
|
11
|
+
requires :memcached_conf # memcached-user, init.d config
|
12
|
+
|
13
|
+
requires :scm # Git, SVN
|
14
|
+
requires :ruby # Ruby Enterprise
|
15
|
+
requires :searchengine # Sphinx
|
16
|
+
requires :appserver # passenger
|
17
|
+
requires :rails_user # special rails user with sudo rights
|
18
|
+
requires :database_driver # Ruby database driver
|
19
|
+
requires :usefull_gems # usefull, frequently needed gems
|
20
|
+
requires :image_magick # image magick
|
21
|
+
requires :ferm # ferm iptable configuration tool
|
22
|
+
requires :ferm_conf # configure ferm (allow http, https and ssh)
|
23
|
+
requires :monit # monit - system process monitoring
|
24
|
+
end
|
25
|
+
|
26
|
+
deployment do
|
27
|
+
# mechanism for deployment
|
28
|
+
delivery :capistrano do
|
29
|
+
begin
|
30
|
+
recipes 'Capfile'
|
31
|
+
rescue LoadError
|
32
|
+
recipes 'config/deploy'
|
33
|
+
end
|
34
|
+
recipes 'config/server/config.rb'
|
35
|
+
end
|
36
|
+
|
37
|
+
# source based package installer defaults
|
38
|
+
source do
|
39
|
+
prefix '/usr/local'
|
40
|
+
archives '/usr/local/sources'
|
41
|
+
builds '/usr/local/build'
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,81 @@
|
|
1
|
+
# Package generated configuration file
|
2
|
+
# See the sshd(8) manpage for details
|
3
|
+
|
4
|
+
# What ports, IPs and protocols we listen for
|
5
|
+
Port <%= ssh_options[:port] %>
|
6
|
+
# Use these options to restrict which interfaces/protocols sshd will bind to
|
7
|
+
#ListenAddress ::
|
8
|
+
#ListenAddress 0.0.0.0
|
9
|
+
Protocol 2
|
10
|
+
# HostKeys for protocol version 2
|
11
|
+
HostKey /etc/ssh/ssh_host_rsa_key
|
12
|
+
HostKey /etc/ssh/ssh_host_dsa_key
|
13
|
+
#Privilege Separation is turned on for security
|
14
|
+
UsePrivilegeSeparation yes
|
15
|
+
|
16
|
+
# Lifetime and size of ephemeral version 1 server key
|
17
|
+
KeyRegenerationInterval 3600
|
18
|
+
ServerKeyBits 768
|
19
|
+
|
20
|
+
# Logging
|
21
|
+
SyslogFacility AUTH
|
22
|
+
LogLevel INFO
|
23
|
+
|
24
|
+
# Authentication:
|
25
|
+
LoginGraceTime 120
|
26
|
+
PermitRootLogin no
|
27
|
+
StrictModes yes
|
28
|
+
|
29
|
+
RSAAuthentication yes
|
30
|
+
PubkeyAuthentication yes
|
31
|
+
#AuthorizedKeysFile %h/.ssh/authorized_keys
|
32
|
+
|
33
|
+
# Don't read the user's ~/.rhosts and ~/.shosts files
|
34
|
+
IgnoreRhosts yes
|
35
|
+
# For this to work you will also need host keys in /etc/ssh_known_hosts
|
36
|
+
RhostsRSAAuthentication no
|
37
|
+
# similar for protocol version 2
|
38
|
+
HostbasedAuthentication no
|
39
|
+
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|
40
|
+
#IgnoreUserKnownHosts yes
|
41
|
+
|
42
|
+
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
43
|
+
PermitEmptyPasswords no
|
44
|
+
|
45
|
+
# Change to yes to enable challenge-response passwords (beware issues with
|
46
|
+
# some PAM modules and threads)
|
47
|
+
ChallengeResponseAuthentication no
|
48
|
+
|
49
|
+
# Change to no to disable tunnelled clear text passwords
|
50
|
+
PasswordAuthentication no
|
51
|
+
|
52
|
+
# Kerberos options
|
53
|
+
#KerberosAuthentication no
|
54
|
+
#KerberosGetAFSToken no
|
55
|
+
#KerberosOrLocalPasswd yes
|
56
|
+
#KerberosTicketCleanup yes
|
57
|
+
|
58
|
+
# GSSAPI options
|
59
|
+
GSSAPIAuthentication no
|
60
|
+
#GSSAPICleanupCredentials yes
|
61
|
+
|
62
|
+
X11Forwarding no
|
63
|
+
X11DisplayOffset 10
|
64
|
+
PrintMotd no
|
65
|
+
PrintLastLog yes
|
66
|
+
KeepAlive yes
|
67
|
+
#UseLogin no
|
68
|
+
|
69
|
+
#MaxStartups 10:30:60
|
70
|
+
#Banner /etc/issue.net
|
71
|
+
|
72
|
+
# Allow client to pass locale environment variables
|
73
|
+
AcceptEnv LANG LC_*
|
74
|
+
|
75
|
+
Subsystem sftp /usr/lib/openssh/sftp-server
|
76
|
+
|
77
|
+
UsePAM no
|
78
|
+
|
79
|
+
UseDNS no
|
80
|
+
|
81
|
+
AllowUsers <%= user %>
|