sml-rubber 0.9.9 → 0.9.10

data/VERSION

@@ -1 +1 @@
-0.9.9
+0.9.10

data/generators/vulcanize/templates/apache/config/rubber/deploy-apache.rb

@@ -4,14 +4,20 @@ namespace :rubber do
   namespace :apache do
   
     rubber.allow_optional_tasks(self)
-  
+
+    after "rubber:install_packages", "rubber:apache:custom_install"
+
+    task :custom_install, :roles => :apache do
+      sudo "a2dissite default"
+    end
+
     # serial_task can only be called after roles defined - not normally a problem, but
     # rubber auto-roles don't get defined till after all tasks are defined
     on :load do
-      rubber.serial_task self, :serial_restart, :roles => :web do
+      rubber.serial_task self, :serial_restart, :roles => :apache do
         run "/etc/init.d/apache2 restart"
       end
-      rubber.serial_task self, :serial_reload, :roles => :web do
+      rubber.serial_task self, :serial_reload, :roles => :apache do
         run "if ! ps ax | grep -v grep | grep -c apache2 &> /dev/null; then /etc/init.d/apache2 start; else /etc/init.d/apache2 reload; fi"
       end
     end
@@ -21,22 +27,22 @@ namespace :rubber do
     after "deploy:restart", "rubber:apache:reload"
     
     desc "Stops the apache web server"
-    task :stop, :roles => :web, :on_error => :continue do
+    task :stop, :roles => :apache, :on_error => :continue do
       run "/etc/init.d/apache2 stop"
     end
     
     desc "Starts the apache web server"
-    task :start, :roles => :web do
+    task :start, :roles => :apache do
       run "/etc/init.d/apache2 start"
     end
     
     desc "Restarts the apache web server"
-    task :restart, :roles => :web do
+    task :restart, :roles => :apache do
       serial_restart
     end
   
     desc "Reloads the apache web server"
-    task :reload, :roles => :web do
+    task :reload, :roles => :apache do
       serial_reload
     end
   

data/generators/vulcanize/templates/apache/config/rubber/role/apache/monit-apache.conf

@@ -0,0 +1,8 @@
+<%
+  @path = '/etc/monit/monit.d/monit-apache.conf'
+%>
+<% PIDFILE = "/var/run/apache2.pid" %>
+check process apache with pidfile <%= PIDFILE %>
+  group apache-<%= RUBBER_ENV %>
+  start program = "/etc/init.d/apache2 start"
+  stop program = "/etc/init.d/apache2 stop"

data/generators/vulcanize/templates/apache/config/rubber/role/apache/ports.conf

@@ -0,0 +1,5 @@
+<%
+  @path = '/etc/apache2/ports.conf'
+%>
+# empty ports file since other modules contribute which ports to open (vhosts)
+

data/generators/vulcanize/templates/apache/config/rubber/role/web_tools/tools-apache-vhost.conf

@@ -0,0 +1,62 @@
+<%
+  @path = "/etc/apache2/sites-available/#{rubber_env.app_name}-tools"
+  @post = "a2enmod rewrite && a2enmod ssl && a2enmod proxy_http && a2enmod proxy_html && a2ensite #{rubber_env.app_name}-tools"
+%>
+
+Listen <%= rubber_env.web_tools_port %>
+<VirtualHost *:<%= rubber_env.web_tools_port %>>
+  ServerName      <%= rubber_env.full_host %>
+
+  RewriteEngine   on
+  RewriteCond     %{HTTPS} !=on
+  RewriteRule     ^/(.*)$ https://%{SERVER_NAME}:<%= rubber_env.web_tools_ssl_port %>/$1 [L,R]
+  RewriteLog      "/var/log/apache2/rewrite.log"
+</VirtualHost>
+
+Listen <%= rubber_env.web_tools_ssl_port %>
+<VirtualHost *:<%= rubber_env.web_tools_ssl_port %>>
+  ServerName      <%= rubber_env.full_host %>
+  DocumentRoot    /var/www
+
+  SSLEngine on
+  SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+  SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
+  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+  # SSLCertificateFile <%= RUBBER_ROOT %>/config/<%= rubber_env.domain %>.crt
+  # SSLCertificateKeyFile <%= RUBBER_ROOT %>/config/<%= rubber_env.domain %>.key
+  # SSLCertificateChainFile /etc/ssl/certs/gd_intermediate_bundle.crt
+
+  <Location />
+    AuthType Basic
+    AuthName "Rubber Admin Tools"
+    AuthUserFile <%= RUBBER_ROOT %>/config/<%= rubber_env.app_name %>.auth
+    Require valid-user
+
+    Allow from all
+  </Location>
+
+  SetOutputFilter  proxy-html
+
+  <% rubber_instances.for_role('haproxy').each do |ic| %>
+    ProxyPass       /haproxy_<%= ic.name %>/  http://<%= ic.full_name %>:<%= rubber_env.haproxy_admin_port %>/haproxy/
+    ProxyPassReverse /haproxy_<%= ic.name %>/ http://<%= ic.full_name %>:<%= rubber_env.haproxy_admin_port %>/haproxy/
+    ProxyHTMLURLMap http://<%= ic.full_name %>:<%= rubber_env.haproxy_admin_port %>/ /haproxy_<%= ic.name %>/
+    ProxyHTMLURLMap /haproxy/ /haproxy_<%= ic.name %>/
+    ProxyHTMLURLMap /haproxy /haproxy_<%= ic.name %>/
+  <% end %>
+
+  <% if cruise_host = rubber_instances.for_role('cruise').first %>
+    ProxyPass       /cruise/  http://<%= cruise_host.full_name %>:<%= rubber_env.cruise_port %>/
+    ProxyPassReverse /cruise/  http://<%= cruise_host.full_name %>:<%= rubber_env.cruise_port %>/
+    ProxyHTMLURLMap http://<%= cruise_host.full_name %>:<%= rubber_env.cruise_port %>/ /cruise/
+    ProxyHTMLURLMap / /cruise/
+  <% end %>
+
+  <% rubber_instances.each do |ic| %>
+    ProxyPass        /monit_<%= ic.name %>/ http://<%= ic.full_name %>:<%= rubber_env.monit_admin_port %>/
+    ProxyPassReverse /monit_<%= ic.name %>/ http://<%= ic.full_name %>:<%= rubber_env.monit_admin_port %>/
+    ProxyHTMLURLMap http://<%= ic.full_name %>:<%= rubber_env.monit_admin_port %>/ /monit_<%= ic.name %>/
+    ProxyHTMLURLMap / /monit_<%= ic.name %>/
+  <% end %>
+  
+</VirtualHost>

data/generators/vulcanize/templates/apache/config/rubber/role/web_tools/tools-apache.auth

@@ -0,0 +1,7 @@
+<%
+  @path = "#{RUBBER_ROOT}/config/#{rubber_env.app_name}.auth"
+  user = rubber_env.web_tools_user || 'admin'
+  pass = rubber_env.web_tools_password || rand(1000000000).to_s
+%>
+
+<%= `htpasswd -nb #{user} #{pass}` %>

data/generators/vulcanize/templates/{nginx/config/rubber/role/web_tools/index.html → apache/config/rubber/role/web_tools/tools-index.html}

@@ -10,14 +10,21 @@
 	<body>
 		<h1>Rubber Admin Tools</h1>
 		<ul>
+
       <li><a href="/munin/">Munin</a></li>
-      <li><a href="/cruise/">CruiseControl</a></li>
+
+      <% if cruise_host = rubber_instances.for_role('cruise').first %>
+        <li><a href="http://<%= cruise_host %>/cruise/">CruiseControl</a></li>
+      <% end %>
+
 		  <% rubber_instances.for_role('haproxy').each do |ic| %>
 		      <li><a href="/haproxy_<%= ic.name %>/">HAProxy <%= ic.name %></a></li>
 		  <% end %>
+
       <% rubber_instances.each do |ic| %>
           <li><a href="/monit_<%= ic.name %>/">Monit <%= ic.name %></a></li>
       <% end %>
+
 		</ul>
 	</body>
 </html>

data/generators/vulcanize/templates/apache/config/rubber/rubber-apache.yml

@@ -1,15 +1,7 @@
-web_aliases: [www.foo.com *.foo.com]
-
-security_groups:
-  web:
-    description: To open up port 80 for http server on web role
-    rules:
-      - protocol: tcp
-        from_port: 80
-        to_port: 80
-        source_ips: [0.0.0.0/0]
 
 roles:
-  web:
+  apache:
     packages: [apache2]
-    assigned_security_groups: [web]
+roles:
+  web_tools:
+    packages: [libapache2-mod-proxy-html]

data/generators/vulcanize/templates/base/config/deploy.rb

@@ -3,8 +3,9 @@
 set :rails_env, RUBBER_ENV
 
 on :load do
-  set :application, rubber_cfg.environment.bind().app_name
-  set :deploy_to,     "/mnt/#{application}-#{RUBBER_ENV}"
+  set :application, rubber_env.app_name
+  set :runner,      rubber_env.app_user
+  set :deploy_to,   "/mnt/#{application}-#{RUBBER_ENV}"
 end
 
 # Use a simple directory tree copy here to make demo easier.
@@ -20,8 +21,7 @@ set :password, nil
 
 # Use sudo with user rails for cap deploy:[stop|start|restart]
 # This way exposed services (mongrel) aren't running as a privileged user
-set :use_sudo,      true
-set :runner,        'rails'
+set :use_sudo, true
 
 # How many old releases should be kept around when running "cleanup" task
 set :keep_releases, 3
@@ -47,38 +47,9 @@ namespace :deploy do
   end
 end
 
-# =============================================================================
-# TASKS
-# =============================================================================
-
-
+# load in the deploy scripts installed by vulcanize for each rubber module
 Dir["#{File.dirname(__FILE__)}/rubber/deploy-*.rb"].each do |deploy_file|
   load deploy_file
 end
 
-# Don't want to do rubber:config for update_code as that tree isn't official
-# until it is 'committed' by the symlink task (and doing so causes it to run
-# for bootstrap_db which should only config the db config file).  However, 
-# deploy:migrations doesn't call update, so we need an additional trigger for
-# it
-after "deploy:update", "rubber:config"
-after "deploy:rollback_code", "rubber:config"
-before "deploy:migrate", "rubber:config"
-
-before "rubber:pre_start", "setup_perms"
-before "rubber:pre_restart", "setup_perms"
 after "deploy", "deploy:cleanup"
-
-# Fix perms because we start server as rails user, but migrate as root,
-# server needs to be able to write logs, etc.
-task :setup_perms do
-  run "find #{shared_path} -name cached-copy -prune -o -print | xargs chown #{runner}:#{runner}"
-  run "chown -R #{runner}:#{runner} #{current_path}/tmp"
-end
-
-# Uncomment this is you want to install gems defined in the rails environment.rb
-# after "deploy:update", "install_rails_gems"
-task :install_rails_gems do
-  sudo "sh -c 'cd #{current_path} && RAILS_ENV=#{RUBBER_ENV} rake gems:install'"
-end
-

data/generators/vulcanize/templates/base/config/rubber/deploy-setup.rb

@@ -10,7 +10,7 @@ namespace :rubber do
       # figure out which hosts we have specified enterprise ruby for
       sys_ruby_hosts = []
       ent_ruby_hosts = []
-      rubber_cfg.instance.filtered.each do |ic|
+      rubber_instances.filtered.each do |ic|
         env = rubber_cfg.environment.bind(ic.role_names, ic.name)
         if env.use_enterprise_ruby
           ent_ruby_hosts << ic.full_name
@@ -54,13 +54,12 @@ namespace :rubber do
       src_url = "http://rubyforge.org/frs/download.php/60718/rubygems-#{ver}.tgz"
       rubber.sudo_script 'install_rubygems', <<-ENDSCRIPT
         if [[ `gem --version 2>&1` != "#{ver}" ]]; then
-          wget -qP /tmp #{src_url}
+          wget -qNP /tmp #{src_url}
           tar -C /tmp -xzf /tmp/rubygems-#{ver}.tgz
           ruby -C /tmp/rubygems-#{ver} setup.rb
           ln -sf /usr/bin/gem1.8 /usr/bin/gem
           rm -rf /tmp/rubygems*
           gem source -l > /dev/null
-          gem sources -a http://gems.github.com
         fi
       ENDSCRIPT
     end
@@ -93,9 +92,8 @@ namespace :rubber do
     after "rubber:install_packages", "rubber:base:custom_install"
     task :custom_install do
       rubber.sudo_script 'custom_install', <<-ENDSCRIPT
-        # add the rails user for running app server with
-        appuser="rails"
-        if ! id ${appuser} &> /dev/null; then adduser --system --group ${appuser}; fi
+        # add the user for running app server with
+        if ! id #{rubber_env.app_user} &> /dev/null; then adduser --system --group #{rubber_env.app_user}; fi
           
         # add ssh keys for root 
         if [[ ! -f /root/.ssh/id_dsa ]]; then ssh-keygen -q -t dsa -N '' -f /root/.ssh/id_dsa; fi

data/generators/vulcanize/templates/base/config/rubber/rubber.yml

@@ -11,12 +11,20 @@
 #     packages: [awstats]
 
 # REQUIRED: The name of your application
-app_name: your_app_name
+app_name: "#{File.basename(RUBBER_ROOT)}"
+
+# REQUIRED: The system user to run your app servers as
+app_user: app
 
 # REQUIRED: Notification emails (e.g. monit) get sent to this address
 #
 admin_email: root@localhost
 
+# OPTIONAL: If not set, you won't be able to access web_tools
+# server (munin stats, monit status, etc)
+# web_tools_user: admin
+# web_tools_password: sekret
+
 # REQUIRED: The timezone the server should be in
 timezone: US/Eastern
 
@@ -127,13 +135,31 @@ auto_security_groups: true
 # account, or even multiple apps
 isolate_security_groups: true
 
+# OPTIONAL: Automatically provision and assign instances to a Cloud provided
+# load balancer.
+load_balancers:
+  my_lb_name:
+    listeners:
+      - protocol: http
+        port: 80
+        instance_port: 8080
+      - protocol: tcp
+        port: 443
+        instance_port: 8080
+    target_roles: [app]
+
+isolate_load_balancers: true
+
 # OPTIONAL: Set if you want to use Ruby Enterprise Edition instead of the standard ubuntu one
 use_enterprise_ruby: false
 
 # OPTIONAL: The packages to install on all instances
 # You can install a specific version of a package by using a sub-array of pkg, version
 # For example, packages: [[rake, 0.7.1], irb]
-packages: [build-essential, ruby-full, ruby1.8-dev, rake, irb]
+packages: [postfix, build-essential, ruby-full, ruby1.8-dev, rake, irb]
+
+# OPTIONAL: gem sources to setup for rubygems
+gemsources: ["http://gems.rubyforge.org/", "http://gems.github.com"]
 
 # OPTIONAL: The gems to install on all instances
 # You can install a specific version of a gem by using a sub-array of gem, version
@@ -151,7 +177,7 @@ stop_on_error_cmd: "function error_exit { exit 99; }; trap error_exit ERR"
 # but this is not always desired for staging, so you can specify a different
 # set here
 #
-staging_roles: "web,haproxy,app,mysql_master"
+staging_roles: "web,app,db:primary=true"
 
 
 # OPTIONAL: Lets one assign amazon elastic IPs (static IPs) to your instances

data/generators/vulcanize/templates/complete_mongrel_mysql/config/rubber/role/haproxy/haproxy-mongrel.conf

@@ -0,0 +1,23 @@
+<%
+  @path = "/etc/haproxy/haproxy.cfg"
+  @additive = ["# start haproxy mongrel", "# end haproxy mongrel"]
+%>
+
+listen mongrel_proxy 0.0.0.0:<%= rubber_env.haproxy_listen_port %>
+  <%
+    # Since we do "fair" load balancing to the mongrels, we don't want to share mongrels
+    # between haproxy instances otherwise we still end up with requests getting queued behind
+    # slow ones.
+    mongrel_hosts = rubber_instances.for_role('mongrel').collect { |i| i.name }
+    haproxy_hosts = rubber_instances.for_role('haproxy').collect { |i| i.name }
+    ports = (rubber_env.mongrel_base_port.to_i ... rubber_env.mongrel_base_port.to_i + rubber_env.mongrel_count.to_i).to_a
+    host_count = haproxy_hosts.size
+    host_mod = haproxy_hosts.sort.index(rubber_env.host) rescue 0
+    ports = ports.find_all {|x| x % host_count == host_mod}
+  %>
+  <% mongrel_hosts.each do |server| %>
+    <% ports.each do |port| %>
+      server <%= server %>_<%= port %> <%= server %>:<%= port %> maxconn 1 check
+    <% end %>
+  <% end %>
+

data/generators/vulcanize/templates/{nginx/config/rubber/role/web/nginx.conf → complete_mongrel_mysql/config/rubber/role/nginx/nginx-mongrel.conf}

@@ -1,55 +1,31 @@
 <%
-  @path = "/etc/nginx/nginx.conf"
-  @post = "mkdir -p /mnt/nginx/logs"
+  @path = "/etc/nginx/rubber/mongrel.conf"
 %>
 
-user www-data;
-worker_processes 10;
-
-pid /var/run/nginx.pid;
-
-events
+upstream haproxy_mongrel
 {
-  worker_connections 1024;
+  <% rubber_instances.for_role('haproxy').each do |ic| %>
+    server <%= ic.name %>:<%= rubber_env.haproxy_listen_port %>;
+  <% end %>
 }
 
-http
-{
-  include           /etc/nginx/mime.types;
-  default_type      application/octet-stream;
-
-  sendfile          on;
-  tcp_nopush        on;
-  tcp_nodelay       off;
-
-  gzip              on;
-  gzip_http_version 1.0;
-  gzip_comp_level   2;
-  gzip_proxied      any;
-  gzip_types        text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
-
-  # configure log format like to Apache's "combined" log format
-  log_format        main
-                      '$remote_addr - $remote_user [$time_local] '
-                      '"$request" $status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_cookie"';
-
-  # default log files
-  error_log         /mnt/nginx/logs/error.log notice;
-  access_log        /mnt/nginx/logs/access.log main;
-
-        
-  upstream mongrel
-  {
-    <% proxy_hosts = rubber_instances.for_role('haproxy').each do |ic| %>
-      server <%= ic.name %>:<%= rubber_env.haproxy_listen_port %>;
-    <% end %>
-  }
 
-  # This server is setup to serve www.
+<% %w[http https].each do |protocol| %>
+
+  # This server is setup to serve www over <%= protocol %>.
   server
   {
-    listen 80;
+    <% if protocol == 'https' %>
+      listen               <%= rubber_env.web_ssl_port %>;
+      ssl                  on;
+      ssl_certificate    /etc/ssl/certs/ssl-cert-snakeoil.pem;
+      ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+      # ssl_certificate      <%= RUBBER_ROOT %>/config/snapmylife.com.crt;
+      # ssl_certificate_key  <%= RUBBER_ROOT %>/config/snapmylife.com.key;
+    <% else %>
+      listen <%= rubber_env.web_port %>;
+    <% end %>
+
     client_max_body_size 10M;
 
     server_name <%= rubber_env.domain %>;
@@ -72,6 +48,9 @@ http
 
     location /
     {
+      <%# nginx -> rails is http, so this tells rails the source protocol was https %>
+      <%= 'proxy_set_header X_FORWARDED_PROTO https;' if protocol == 'https' %>
+    
       # needed to forward user's IP address to rails
       proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
 
@@ -111,7 +90,7 @@ http
 
       if (!-f $request_filename)
       {
-        proxy_pass http://mongrel;
+        proxy_pass http://haproxy_mongrel;
         break;
       }
     }
@@ -130,4 +109,5 @@ http
       root <%= RUBBER_ROOT + "/public" %>;
     }
   }
-}
+
+<% end %>