salted-rails 0.0.7 → 0.0.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (21) hide show
  1. data/lib/salted-rails/capistrano_helper.rb +3 -3
  2. data/lib/salted-rails/config.rb +85 -72
  3. data/lib/salted-rails/helper_base.rb +8 -7
  4. data/lib/salted-rails/vagrant_helper.rb +8 -6
  5. data/lib/salted-rails/version.rb +1 -1
  6. data/salt/apt/dist_upgrade.sls +5 -0
  7. data/salt/apt/salt_packages.sls +8 -0
  8. data/salt/apt/update_packages.sls +1 -1
  9. data/salt/bin/change_mirror.sh +6 -5
  10. data/salt/net/ufw.sls +4 -0
  11. data/salt/top.sls +15 -3
  12. data/salt/www/nginx/etc/nginx/sites-available/admin.conf +14 -8
  13. data/salt/www/nginx/init.sls +0 -16
  14. data/salt/www/nginx/srv/www/admin/df.php +13 -0
  15. data/salt/www/nginx/srv/www/admin/dpkg.php +13 -0
  16. data/salt/www/nginx/srv/www/admin/facter.php +13 -0
  17. data/salt/www/nginx/srv/www/admin/free.php +13 -0
  18. data/salt/www/nginx/srv/www/admin/ifconfig.php +13 -0
  19. data/salt/www/nginx/srv/www/admin/index.php +11 -0
  20. data/salt/www/nginx/srv/www/admin/ps.php +13 -0
  21. metadata +10 -2
data/lib/salted-rails/capistrano_helper.rb CHANGED
@@ -10,7 +10,7 @@ require 'salted-rails/helper_base'
10
10
  module SaltedRails
11
11
  class CapistranoHelper < HelperBase
12
12
 
13
- def initialize(rails_root, logger = Log4r::Logger.new("salted_rails::capistrano_helper"))
13
+ def initialize(project_root, logger = Log4r::Logger.new("salted_rails::capistrano_helper"))
14
14
  super(rail_root, logger)
15
15
  end
16
16
 
@@ -55,7 +55,7 @@ module SaltedRails
55
55
  # # Provisioning #2: masterless highstate call
56
56
  # config.vm.provision :salt do |salt|
57
57
  # @logger.info 'Configuring salt provisioner' if @logger
58
- # minion_file = @rails_root + 'config/salt/vagrant/minion'
58
+ # minion_file = @project_root + 'config/salt/vagrant/minion'
59
59
  # minion_file = @salt_root + 'salt/vagrant/minion' unless File.exists? minion_file
60
60
  # salt.minion_config = minion_file
61
61
  # salt.run_highstate = true
@@ -75,7 +75,7 @@ module SaltedRails
75
75
  # configure_memory(memory)
76
76
  # vm_config.vm.boot_mode == :gui
77
77
  # vm_config.vm.provision :salt do |salt|
78
- # minion_file = @rails_root + 'config/salt/vagrant/gui_minion'
78
+ # minion_file = @project_root + 'config/salt/vagrant/gui_minion'
79
79
  # minion_file = @salt_root + 'salt/vagrant/gui_minion' unless File.exists? minion_file
80
80
  # salt.minion_config = minion_file
81
81
  # end
data/lib/salted-rails/config.rb CHANGED
@@ -7,11 +7,10 @@ require 'log4r'
7
7
  module SaltedRails
8
8
  class Config
9
9
 
10
+ attr_accessor :admin_password
10
11
  attr_accessor :box
11
12
  attr_accessor :ca_path
12
13
  attr_accessor :copy_from_home
13
- attr_accessor :admin_password
14
- attr_accessor :web_password
15
14
  attr_accessor :databases
16
15
  attr_accessor :domain
17
16
  attr_accessor :files
@@ -21,16 +20,17 @@ module SaltedRails
21
20
  attr_accessor :logger
22
21
  attr_accessor :machine
23
22
  attr_accessor :machines
23
+ attr_accessor :mapped_ports
24
24
  attr_accessor :memory
25
25
  attr_accessor :mirror
26
26
  attr_accessor :packages
27
27
  attr_accessor :ports
28
- attr_accessor :mapped_ports
29
28
  attr_accessor :private_key_path
30
- attr_accessor :rails_root
29
+ attr_accessor :project_root
31
30
  attr_accessor :region
32
31
  attr_accessor :roles
33
32
  attr_accessor :salt_root
33
+ attr_accessor :staging_password
34
34
  attr_accessor :sync_vagrant
35
35
  attr_accessor :versions
36
36
 
@@ -39,17 +39,17 @@ module SaltedRails
39
39
  end
40
40
 
41
41
  # pass vm.ui for the logger if you want debugging info
42
- def initialize(rails_root, machine = 'default')
42
+ def initialize(project_root, machine = 'default')
43
43
  @logger = Log4r::Logger.new("vagrant::salted-rails")
44
44
  @machine = machine
45
- @rails_root = rails_root
46
- @rails_root += '/' unless @rails_root =~ /\/$/
45
+ @project_root = project_root
46
+ @project_root += '/' unless @project_root =~ /\/$/
47
47
  @salt_root = nil
48
48
  # see salt/vagrant/top.sls for other roles
49
49
  @roles = %w{ app web db }
50
50
  @domain = nil
51
51
  @admin_password = nil
52
- @web_password = nil
52
+ @staging_password = nil
53
53
  @private_key_path = nil
54
54
  @mirror = nil
55
55
  @memory = nil
@@ -60,18 +60,18 @@ module SaltedRails
60
60
  @ca_path = nil
61
61
  @region = nil
62
62
  @forward_agent = true
63
- @files = [ '.ruby-version', '.java-version', '.php-version', 'config/database.yml', 'Gemfile', 'Gemfile.lock' ].select{ |f| File.exist?(@rails_root + f) }
63
+ @files = [ '.ruby-version', '.java-version', '.php-version', 'config/database.yml', 'Gemfile', 'Gemfile.lock' ].select{ |f| File.exist?(@project_root + f) }
64
64
  @packages = nil
65
65
  @copy_from_home = [ ]
66
66
 
67
67
  ENV['REMOTE_MACHINE'] = 'true'
68
- database_file = @rails_root + 'config/database.yml'
68
+ database_file = @project_root + 'config/database.yml'
69
69
  @databases = YAML.load(ERB.new(IO.read(database_file)).result) rescue { }
70
70
  ENV['REMOTE_MACHINE'] = nil
71
71
 
72
72
  @gems = { }
73
- if File.exists? @rails_root + 'Gemfile'
74
- File.foreach(@rails_root + 'Gemfile') do |line|
73
+ if File.exists? @project_root + 'Gemfile'
74
+ File.foreach(@project_root + 'Gemfile') do |line|
75
75
  if line =~ /^\s*gem\s*['"]([^'"]+)['"][,\s]*(['"]([^'"]+)['"])?/
76
76
  gem = $1
77
77
  version = $3.to_s
@@ -96,6 +96,71 @@ module SaltedRails
96
96
  @roles.include? 'gui'
97
97
  end
98
98
 
99
+ def define(machine, &block)
100
+ obj = self.clone
101
+ obj.machine = machine
102
+ obj.machines = [ ]
103
+ obj.logger = @logger
104
+ @machines << obj
105
+ yield(obj) if block_given?
106
+ end
107
+
108
+ def provider
109
+ pat = File.join(@project_root, '.vagrant','machines',@machine,'*','id')
110
+ prov = Dir.glob(pat).collect{|path| File.basename(File.dirname(path))}.first
111
+ prov ||= ARGV.select{|a| a =~ /^--provider=/}.collect{|a| a.sub(/.*=/, '')}.first
112
+ prov ||= ENV['VAGRANT_DEFAULT_PROVIDER'] || 'virtualbox'
113
+ prov
114
+ end
115
+
116
+ # Clone
117
+ def clone
118
+ obj = self.dup
119
+ obj.roles = @roles.dup
120
+ obj.ports = @ports.dup
121
+ obj.mapped_ports = @mapped_ports.dup
122
+ obj.files = @files.dup
123
+ obj.copy_from_home = @copy_from_home.dup
124
+ obj.databases = @databases.dup
125
+ obj.gems = @gems.dup
126
+ obj
127
+ end
128
+
129
+ def to_hash
130
+ {
131
+ 'admin_password' => @admin_password,
132
+ 'databases' => @databases,
133
+ 'disable_vagrant_sync' => @disable_vagrant_sync,
134
+ 'domain' => @domain,
135
+ 'files' => @files,
136
+ 'forward_agent' => @forward_agent,
137
+ 'gems' => @gems,
138
+ 'hostname' => @hostname,
139
+ 'machine' => @machine,
140
+ 'mapped_ports' => @mapped_ports,
141
+ 'memory' => @memory,
142
+ 'mirror' => @mirror,
143
+ 'ports' => @ports,
144
+ 'region' => @region,
145
+ 'roles' => @roles,
146
+ 'provider' => provider,
147
+ 'staging_password' => @staging_password,
148
+ 'versions' => @versions
149
+ }
150
+ end
151
+
152
+ def to_yaml
153
+ normalize
154
+ self.to_hash.to_yaml
155
+ end
156
+
157
+ def configure_vagrant(config)
158
+ require 'salted-rails/vagrant_helper'
159
+ normalize
160
+ helper = SaltedRails::VagrantHelper.new(self)
161
+ helper.configure_vagrant(config)
162
+ end
163
+
99
164
  def normalize
100
165
  @versions['mysql'] ||= '5.5' if @roles.include?('mysql')
101
166
  @versions['teamcity'] ||= '8.0.4' if @roles.include?('teamcity')
@@ -103,13 +168,13 @@ module SaltedRails
103
168
  @roles << 'gui' if @roles.include?('rubymine') and not @roles.include?('gui')
104
169
 
105
170
  %w{ ruby php java }.each do |lang|
106
- version = File.open(@rails_root + ".#{lang}-version", 'r') do |f_in|
171
+ version = File.open(@project_root + ".#{lang}-version", 'r') do |f_in|
107
172
  f_in.gets.gsub(/\s/,'')
108
173
  end rescue nil
109
174
  @versions[lang] ||= version if version
110
175
  end
111
176
  unless @versions.include?('ruby')
112
- File.open(@rails_root + '.rvmrc', 'r') do |f_in|
177
+ File.open(@project_root + '.rvmrc', 'r') do |f_in|
113
178
  while (line = f_in.gets) and not @versions.include('ruby')
114
179
  @versions['ruby'] = $1 if line =~ /^\s*environment_id=['"]([^"'@]+)/
115
180
  end
@@ -131,7 +196,7 @@ module SaltedRails
131
196
  if @hostname
132
197
  @domain = @hostname.sub(/^[^.]*\.?/, '')
133
198
  else
134
- @domain = sanitize_dns_name(File.basename(File.expand_path(@rails_root).sub(/\/$/, '').sub(/\/(app|site|web|www|website)\d*$/, ''))) + '.test'
199
+ @domain = sanitize_dns_name(File.basename(File.expand_path(@project_root).sub(/\/$/, '').sub(/\/(app|site|web|www|website)\d*$/, ''))) + '.test'
135
200
  @domain = 'railsapp.test' if @domain == '.test'
136
201
  end
137
202
  end
@@ -153,8 +218,8 @@ module SaltedRails
153
218
  @mirror ||= 'auto'
154
219
  @salt_root ||= File.dirname(__FILE__) + '/../../'
155
220
  @ca_path ||= '/etc/ssl/certs/ca-certificates.crt'
221
+ @ca_path = nil unless File.exist?(@ca_path)
156
222
  @box ||= 'preciseCloud32'
157
- @ca_path = nil unless File.exist?(@ca_path)
158
223
  @region ||= 'San Francisco 1'
159
224
 
160
225
  {
@@ -164,65 +229,13 @@ module SaltedRails
164
229
  @ports << port if @roles.include?(role) and not @ports.include?(port)
165
230
  end
166
231
 
167
- @sync_vagrant = true if @sync_vagrant.nil?
232
+ @sync_vagrant = (provider == 'virtualbox') if @sync_vagrant.nil?
168
233
 
234
+ unless @roles.include?('secure') or @roles.include?('insecure')
235
+ @roles << (provider == 'virtualbox' ? 'insecure' : 'secure')
236
+ end
169
237
  @machines.each {|m| m.normalize}
170
238
  end
171
239
 
172
- def define(machine, &block)
173
- obj = self.clone
174
- obj.machine = machine
175
- obj.machines = [ ]
176
- obj.logger = @logger
177
- @machines << obj
178
- yield(obj) if block_given?
179
- end
180
-
181
- # Clone
182
- def clone
183
- obj = self.dup
184
- obj.roles = @roles.dup
185
- obj.ports = @ports.dup
186
- obj.files = @files.dup
187
- obj.copy_from_home = @copy_from_home.dup
188
- obj.databases = @databases.dup
189
- obj.gems = @gems.dup
190
- obj
191
- end
192
-
193
- def to_hash
194
- {
195
- 'admin_password' => @admin_password,
196
- 'databases' => @databases,
197
- 'disable_vagrant_sync' => @disable_vagrant_sync,
198
- 'domain' => @domain,
199
- 'files' => @files,
200
- 'forward_agent' => @forward_agent,
201
- 'gems' => @gems,
202
- 'hostname' => @hostname,
203
- 'machine' => @machine,
204
- 'mapped_ports' => @mapped_ports,
205
- 'memory' => @memory,
206
- 'mirror' => @mirror,
207
- 'ports' => @ports,
208
- 'region' => @region,
209
- 'roles' => @roles,
210
- 'user_password' => @user_password,
211
- 'versions' => @versions
212
- }
213
- end
214
-
215
- def to_yaml
216
- normalize
217
- self.to_hash.to_yaml
218
- end
219
-
220
- def configure_vagrant(config)
221
- require 'salted-rails/vagrant_helper'
222
- normalize
223
- helper = SaltedRails::VagrantHelper.new(self)
224
- helper.configure_vagrant(config)
225
- end
226
-
227
240
  end
228
241
  end
data/lib/salted-rails/helper_base.rb CHANGED
@@ -13,7 +13,7 @@ module SaltedRails
13
13
 
14
14
  def initialize(config)
15
15
  @config = config
16
- @config.logger.info "SaltedRails: Helper created with config.rails_root = #{@config.rails_root}"
16
+ @config.logger.info "SaltedRails: Helper created with config.project_root = #{@config.project_root}"
17
17
  end
18
18
 
19
19
  private
@@ -25,7 +25,7 @@ module SaltedRails
25
25
  #
26
26
  # # Create custom files
27
27
  # [ 'pillar/vagrant', 'pillar/capistrano', 'salt/vagrant', 'salt/capistrano'].each do |custom|
28
- # file = @config.rails_root + 'config/' + custom + '.sls'
28
+ # file = @config.project_root + 'config/' + custom + '.sls'
29
29
  # dir = File.dirname(file)
30
30
  # unless File.directory? dir
31
31
  # FileUtils.mkdir_p dir
@@ -41,12 +41,13 @@ module SaltedRails
41
41
 
42
42
  def pillarize_application_configuration
43
43
  @config.logger.info 'SaltedRails: Creating pillar application data'
44
+ @config.normalize
44
45
 
45
46
  # Destination
46
- salt_dir = @config.rails_root + 'tmp/salt/'
47
+ salt_dir = @config.project_root + 'tmp/salt/'
47
48
  FileUtils.rm_rf salt_dir if File.directory? salt_dir
48
49
  FileUtils.mkdir_p salt_dir unless File.directory? salt_dir
49
- pillar_dir = @config.rails_root + 'tmp/pillar/'
50
+ pillar_dir = @config.project_root + 'tmp/pillar/'
50
51
  FileUtils.rm_rf pillar_dir if File.directory? pillar_dir
51
52
  FileUtils.mkdir_p pillar_dir unless File.directory? pillar_dir
52
53
  pillar_app_file = pillar_dir + 'railsapp.sls'
@@ -57,12 +58,12 @@ module SaltedRails
57
58
  unless File.directory? dir
58
59
  FileUtils.mkdir_p dir
59
60
  end
60
- FileUtils.cp(@config.rails_root + f, dest)
61
+ FileUtils.cp(@config.project_root + f, dest)
61
62
  end
62
63
  dest = salt_dir + 'packages.txt'
63
64
  if @config.packages
64
65
  src = @config.packages
65
- src = @config.rails_root + src unless src =~ /^\//
66
+ src = @config.project_root + src unless src =~ /^\//
66
67
  dir = File.dirname(dest)
67
68
  unless File.directory? dir
68
69
  FileUtils.mkdir_p dir
@@ -92,7 +93,7 @@ module SaltedRails
92
93
  File.open(pillar_app_file, 'w') do |f_out|
93
94
  if_command = 'if'
94
95
  @config.machines.each do |machine_config|
95
- f_out.puts "{% #{if_command} grains['fqdn'] == '#{machine_config.hostname}' %}"
96
+ f_out.puts "{% #{if_command} (grains['fqdn'] == '#{machine_config.hostname}') or (grains['fqdn'] == '#{machine_config.machine}') %}"
96
97
  if_command = 'elif'
97
98
  f_out.puts machine_config.to_yaml
98
99
  end
data/lib/salted-rails/vagrant_helper.rb CHANGED
@@ -12,6 +12,7 @@ module SaltedRails
12
12
  end
13
13
 
14
14
  def configure_vagrant(vagrant_config)
15
+ @config.normalize
15
16
  port_offset = 0
16
17
  configure_virtualbox(vagrant_config)
17
18
  configure_vbguest(vagrant_config)
@@ -109,10 +110,10 @@ module SaltedRails
109
110
 
110
111
  def configure_salt(vagrant_config, config = @config)
111
112
  config.logger.info "Configuring saltstack (#{config.machine})"
112
- vagrant_config.vm.synced_folder config.rails_root + 'config/salt/', '/srv/salt/config/'
113
- vagrant_config.vm.synced_folder config.rails_root + 'config/pillar/', '/srv/pillar/config/'
114
- vagrant_config.vm.synced_folder config.rails_root + 'tmp/salt/', '/srv/salt/generated/'
115
- vagrant_config.vm.synced_folder config.rails_root + 'tmp/pillar/', '/srv/pillar/generated/'
113
+ vagrant_config.vm.synced_folder config.project_root + 'config/salt/', '/srv/salt/config/'
114
+ vagrant_config.vm.synced_folder config.project_root + 'config/pillar/', '/srv/pillar/config/'
115
+ vagrant_config.vm.synced_folder config.project_root + 'tmp/salt/', '/srv/salt/generated/'
116
+ vagrant_config.vm.synced_folder config.project_root + 'tmp/pillar/', '/srv/pillar/generated/'
116
117
  vagrant_config.vm.synced_folder config.salt_root + 'salt/', '/srv/salt/salted-rails/'
117
118
  vagrant_config.vm.synced_folder config.salt_root + 'pillar/', '/srv/pillar/salted-rails/'
118
119
  # Bootstrap salt
@@ -120,7 +121,7 @@ module SaltedRails
120
121
  # Provisioning #2: masterless highstate call
121
122
  vagrant_config.vm.provision :salt do |salt|
122
123
  config.logger.info 'Configuring salt provisioner'
123
- minion_file = config.rails_root + 'config/salt/vagrant/minion'
124
+ minion_file = config.project_root + 'config/salt/vagrant/minion'
124
125
  minion_file = config.salt_root + 'salt/vagrant/minion' unless File.exist?(minion_file)
125
126
  salt.minion_config = minion_file
126
127
  salt.run_highstate = true
@@ -128,7 +129,8 @@ module SaltedRails
128
129
  # current package (salt-minion_0.17.0.1-1precise_all.deb) in ppa:saltstack/salt is broken as of Oct 10 2013:
129
130
  # Unable to run multiple states and returns unhelpfull messages about list and get
130
131
  salt.install_type = 'git'
131
- salt.install_args = 'v0.16.4'
132
+ #salt.install_args = 'v0.16.4'
133
+ salt.install_args = 'v0.17.1'
132
134
  end
133
135
  end
134
136
 
data/lib/salted-rails/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SaltedRails
2
- VERSION = "0.0.7"
2
+ VERSION = "0.0.8"
3
3
  end
data/salt/apt/dist_upgrade.sls ADDED
@@ -0,0 +1,5 @@
1
+ upgrade_packages:
2
+ cmd.run:
3
+ - name: env DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade
4
+ - unless: test -s /srv/salt/generated/packages.txt
5
+
data/salt/apt/salt_packages.sls ADDED
@@ -0,0 +1,8 @@
1
+ salt_packages:
2
+ pkg.installed:
3
+ - pkgs:
4
+ - openssl
5
+ - python-openssl
6
+ - python-mysqldb
7
+ - apache2-utils
8
+
data/salt/apt/update_packages.sls CHANGED
@@ -1,5 +1,5 @@
1
1
  load_packages:
2
2
  cmd.run:
3
3
  - name: dpkg --set-selections < /srv/salt/generated/packages.txt && apt-get -u dselect-upgrade
4
- - /srv/salt/generated/packages.txt
4
+ - onlyif: test -s /srv/salt/generated/packages.txt
5
5
 
data/salt/bin/change_mirror.sh CHANGED
@@ -11,29 +11,30 @@ if grep 'http://[a-z.]*archive.ubuntu.com/ubuntu' /etc/apt/sources.list > /dev/n
11
11
  case "$1" in
12
12
  [a-z][a-z]|usa)
13
13
  echo "Configuring mirror for region: $1"
14
- exec sed -i.original -e 's#http://[a-z.]*[archivesecurity]*.ubuntu.com/ubuntu#http://'"$1"'.archive.ubuntu.com/ubuntu/#' /etc/apt/sources.list
14
+ sed -i.original -e 's#http://[a-z.]*[archivesecurity]*.ubuntu.com/ubuntu#http://'"$1"'.archive.ubuntu.com/ubuntu/#' /etc/apt/sources.list
15
15
  ;;
16
16
  mirror|auto)
17
17
  echo "Configuring automatic selection of mirror"
18
- exec sed -i.original -e 's#http://[a-z.]*[archivesecurity]*.ubuntu.com/ubuntu#mirror://mirrors.ubuntu.com/mirrors.txt#' /etc/apt/sources.list
18
+ sed -i.original -e 's#http://[a-z.]*[archivesecurity]*.ubuntu.com/ubuntu#mirror://mirrors.ubuntu.com/mirrors.txt#' /etc/apt/sources.list
19
19
  ;;
20
20
  sfo1)
21
21
  echo "Configuring mirror for DIGITAL OCEAN: $1"
22
- exec sed -i.original -e 's#http://[a-z.]*[archivesecurity]*.ubuntu.com/ubuntu#http://mirrors.sfo1.digitalocean.com/ubuntu/#' /etc/apt/sources.list
22
+ sed -i.original -e 's#http://[a-z.]*[archivesecurity]*.ubuntu.com/ubuntu#http://mirrors.sfo1.digitalocean.com/ubuntu/#' /etc/apt/sources.list
23
23
  ;;
24
24
  internode)
25
25
  echo "Configuring mirror for ISP: $1"
26
- exec sed -i.original -e 's#http://[a-z.]*[archivesecurity]*.ubuntu.com/ubuntu#http://mirror.internode.on.net/pub/ubuntu/ubuntu/#' /etc/apt/sources.list
26
+ sed -i.original -e 's#http://[a-z.]*[archivesecurity]*.ubuntu.com/ubuntu#http://mirror.internode.on.net/pub/ubuntu/ubuntu/#' /etc/apt/sources.list
27
27
  ;;
28
28
  [hmf]*://*ubuntu*)
29
29
  echo "Configuring mirror for $1"
30
- exec sed -i.original -e 's#http://[a-z.]*[archivesecurity]*.ubuntu.com/ubuntu#'"$1"'#' /etc/apt/sources.list
30
+ sed -i.original -e 's#http://[a-z.]*[archivesecurity]*.ubuntu.com/ubuntu#'"$1"'#' /etc/apt/sources.list
31
31
  ;;
32
32
  *)
33
33
  echo "Invalid mirror ($1) ignored!" >&2
34
34
  exit 1
35
35
  ;;
36
36
  esac
37
+ apt-get update
37
38
  else
38
39
  echo "/etc/apt/sources.list has already been changed to non ubuntu.com mirror (leaving as is)"
39
40
  fi
data/salt/net/ufw.sls CHANGED
@@ -6,3 +6,7 @@ ufw:
6
6
  {%- if 'gui' in pillar['roles'] %}
7
7
  - gufw
8
8
  {%- endif %}
9
+ cmd.run:
10
+ - name: ufw limit ssh ; ufw --force enable
11
+ - requires:
12
+ - pkg: ufw
data/salt/top.sls CHANGED
@@ -3,13 +3,14 @@ base:
3
3
  - apt.partner-sources
4
4
  - apt.unwanted
5
5
  - apt.load_packages
6
+ - apt.dist_upgrade
7
+ - apt.salt_packages
6
8
  - vagrant.minion
7
9
  - www.users
8
10
  - utils
9
11
  - crons
10
12
  - net.hosts
11
13
  - net.ntp
12
- - net.ufw
13
14
  - scm
14
15
  - editors.vim
15
16
  - lang.ruby
@@ -38,12 +39,23 @@ base:
38
39
  - editors.gvim
39
40
  - www.chromium
40
41
  {%- endif %}
41
- {%- if 'rubymine' in pillar['versions'] %}
42
+ {%- if 'rubymine' in pillar['roles'] %}
42
43
  - editors.rubymine
43
44
  {%- endif %}
44
- {%- if 'teamcity' in pillar['versions'] %}
45
+ {%- if 'teamcity' in pillar['roles'] %}
45
46
  - ci.teamcity
46
47
  {%- endif %}
47
48
  {%- if 'cruisecontrolrb' in pillar['roles'] %}
48
49
  - ci.cruisecontrolrb
49
50
  {%- endif %}
51
+ {%- if 'secure' in pillar['roles'] %}
52
+ - net.ufw
53
+ #TODO: net.fail2ban
54
+ {%- endif %}
55
+ {%- if 'monitored' in pillar['roles'] %}
56
+ #TODO: - server.monit
57
+ #TODO: - server.munin
58
+ {%- endif %}
59
+
60
+ # # cookbook 'ack' ?
61
+
data/salt/www/nginx/etc/nginx/sites-available/admin.conf CHANGED
@@ -1,24 +1,30 @@
1
1
  server {
2
- listen *:880;
3
2
 
4
- {%- if pillar['admin_password'] %}
5
- ssl on;
3
+ {%- if 'secure' in pillar['roles'] %}
4
+ listen 880 ssl;
6
5
  ssl_certificate /etc/pki/self_signed/certs/localhost.crt;
7
6
  ssl_certificate_key /etc/pki/self_signed/certs/localhost.key;
8
7
 
8
+ error_page 497 https://$http_host$request_uri;
9
+
10
+ satisfy all;
11
+ {%- else %}
12
+ listen 880;
13
+ satisfy any;
14
+ {%- endif %}
15
+
16
+ {%- if ('secure' in pillar['roles']) or pillar['admin_password'] %}
9
17
  auth_basic "Restricted site";
10
18
  auth_basic_user_file /etc/nginx/admin.d/htpasswd;
11
19
  {%- endif %}
12
20
 
13
- satisfy all;
14
-
15
- # Allow private IP range.
21
+ # Allow ssh (localhost)
22
+ allow 127.0.0.0/8;
23
+ # Allow private IP range (virtualbox)
16
24
  allow 10.0.0.0/8;
17
25
  allow 172.16.0.0/12;
18
26
  allow 192.168.0.0/16;
19
-
20
27
  # todo: add list of dynamic ips - of admins
21
-
22
28
  deny all;
23
29
 
24
30
  #listen [::1]:880 default ipv6only=on; ## listen for ipv6
data/salt/www/nginx/init.sls CHANGED
@@ -100,20 +100,4 @@ admin-user:
100
100
  - require:
101
101
  - file: {{ pillar['etc_dir'] }}/nginx/admin.d/htpasswd
102
102
 
103
- # module.run:
104
- # - name: apache.useradd
105
- # - pwfile: {{ pillar['etc_dir'] }}/nginx/admin.d/htpasswd
106
- # - user: 'admin'
107
- # - password: '{{ pillar['admin_password'] }}'
108
- # - require:
109
- # - file: {{ pillar['etc_dir'] }}/nginx/admin.d/htpasswd
110
- #
111
- # Unfortunately this produces an error even when htpasswd is present:
112
- # State: - module
113
- # Name: apache.useradd
114
- # Function: run
115
- # Result: False
116
- # Comment: Module function apache.useradd is not available
117
- # Changes:
118
-
119
103
  {%- endif %}
data/salt/www/nginx/srv/www/admin/df.php ADDED
@@ -0,0 +1,13 @@
1
+ <html>
2
+ <head>
3
+ <title>Disk Status</title>
4
+ </head><body>
5
+ <h1>Disk Status</h1>
6
+ <pre>
7
+ <?php
8
+ $output = shell_exec('df -v -h');
9
+ echo htmlspecialchars($output);
10
+ ?>
11
+ </pre>
12
+ </body>
13
+ </html>
data/salt/www/nginx/srv/www/admin/dpkg.php ADDED
@@ -0,0 +1,13 @@
1
+ <html>
2
+ <head>
3
+ <title>Packages</title>
4
+ </head><body>
5
+ <h1>Packages</h1>
6
+ <pre>
7
+ <?php
8
+ $output = shell_exec('dpkg --get-selections');
9
+ echo htmlspecialchars($output);
10
+ ?>
11
+ </pre>
12
+ </body>
13
+ </html>
data/salt/www/nginx/srv/www/admin/facter.php ADDED
@@ -0,0 +1,13 @@
1
+ <html>
2
+ <head>
3
+ <title>Facter></title>
4
+ </head><body>
5
+ <h1>Facter></h1>
6
+ <pre>
7
+ <?php
8
+ $output = shell_exec('facter');
9
+ echo htmlspecialchars($output);
10
+ ?>
11
+ </pre>
12
+ </body>
13
+ </html>
data/salt/www/nginx/srv/www/admin/free.php ADDED
@@ -0,0 +1,13 @@
1
+ <html>
2
+ <head>
3
+ <title>Memory Free</title>
4
+ </head><body>
5
+ <h1>Memory Free (MB)</h1>
6
+ <pre>
7
+ <?php
8
+ $output = shell_exec('free -m');
9
+ echo htmlspecialchars($output);
10
+ ?>
11
+ </pre>
12
+ </body>
13
+ </html>
data/salt/www/nginx/srv/www/admin/ifconfig.php ADDED
@@ -0,0 +1,13 @@
1
+ <html>
2
+ <head>
3
+ <title>Network Interfaces</title>
4
+ </head><body>
5
+ <h1>Network Interfaces</h1>
6
+ <pre>
7
+ <?php
8
+ $output = shell_exec('ifconfig');
9
+ echo htmlspecialchars($output);
10
+ ?>
11
+ </pre>
12
+ </body>
13
+ </html>
data/salt/www/nginx/srv/www/admin/index.php CHANGED
@@ -13,6 +13,17 @@ while (false !== ($entry = $d->read())) {
13
13
  }
14
14
  }
15
15
  $d->close();
16
+
17
+ function command_exist($cmd) {
18
+ $returnVal = shell_exec("which $cmd");
19
+ return !empty($returnVal);
20
+ }
21
+
22
+ $commands = array('facter' => 'System info', 'df' => 'Disk Free', 'ps' => 'Process Status', 'free' => 'Memory Free Status', 'dpkg' => 'Packages installed', 'ifconfig' => 'Network Interfaces');
23
+ foreach ($commands as $cmd => $desc) {
24
+ echo '<li><a href="/' . $cmd . '.php">' . $cmd . ' - ' . $desc . "</a>\n";
25
+ }
26
+
16
27
  ?>
17
28
  <li><a href="phpinfo.php">phpinfo</a>
18
29
  </ul>
data/salt/www/nginx/srv/www/admin/ps.php ADDED
@@ -0,0 +1,13 @@
1
+ <html>
2
+ <head>
3
+ <title>Process Status</title>
4
+ </head><body>
5
+ <h1>Process Status</h1>
6
+ <pre>
7
+ <?php
8
+ $output = shell_exec('ps axww --forest -O user,pmem');
9
+ echo htmlspecialchars($output);
10
+ ?>
11
+ </pre>
12
+ </body>
13
+ </html>
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: salted-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.7
4
+ version: 0.0.8
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-10-27 00:00:00.000000000 Z
12
+ date: 2013-10-31 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler
@@ -69,8 +69,10 @@ files:
69
69
  - pillar/common.sls
70
70
  - pillar/vagrant.sls
71
71
  - pillar/vagrant/top.sls
72
+ - salt/apt/dist_upgrade.sls
72
73
  - salt/apt/load_packages.sls
73
74
  - salt/apt/partner-sources.sls
75
+ - salt/apt/salt_packages.sls
74
76
  - salt/apt/unwanted.sls
75
77
  - salt/apt/update_packages.sls
76
78
  - salt/bin/change_mirror.sh
@@ -175,10 +177,16 @@ files:
175
177
  - salt/www/nginx/etc/nginx/sites-available/.gitignore
176
178
  - salt/www/nginx/etc/nginx/sites-available/admin.conf
177
179
  - salt/www/nginx/init.sls
180
+ - salt/www/nginx/srv/www/admin/df.php
181
+ - salt/www/nginx/srv/www/admin/dpkg.php
182
+ - salt/www/nginx/srv/www/admin/facter.php
178
183
  - salt/www/nginx/srv/www/admin/favicon.ico
179
184
  - salt/www/nginx/srv/www/admin/favicon.png
185
+ - salt/www/nginx/srv/www/admin/free.php
186
+ - salt/www/nginx/srv/www/admin/ifconfig.php
180
187
  - salt/www/nginx/srv/www/admin/index.php
181
188
  - salt/www/nginx/srv/www/admin/phpinfo.php
189
+ - salt/www/nginx/srv/www/admin/ps.php
182
190
  - salt/www/nginx/srv/www/admin/robots.txt
183
191
  - salt/www/users.sls
184
192
  - salted-rails.gemspec