standard-procedure-anvil 0.1.3.1 → 0.1.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/assets/cloudinit/dokku.mysql.ubuntu-22.yml +61 -0
- data/assets/cloudinit/dokku.ubuntu-22.yml +1 -12
- data/assets/install/dokku.txt +13 -0
- data/checksums/standard-procedure-anvil-0.1.4.gem.sha512 +1 -0
- data/checksums/standard-procedure-anvil-0.1.5.gem.sha512 +1 -0
- data/checksums/standard-procedure-anvil-0.1.6.gem.sha512 +1 -0
- data/lib/anvil/app/host_installer.rb +10 -3
- data/lib/anvil/app.rb +6 -14
- data/lib/anvil/cli.rb +6 -2
- data/lib/anvil/cloudinit.rb +1 -4
- data/lib/anvil/mysql/create.rb +70 -0
- data/lib/anvil/mysql/database_creator.rb +25 -0
- data/lib/anvil/mysql/grant.rb +22 -0
- data/lib/anvil/mysql/password.rb +16 -0
- data/lib/anvil/mysql/privileges_granter.rb +24 -0
- data/lib/anvil/mysql/user_creator.rb +24 -0
- data/lib/anvil/mysql.rb +16 -0
- data/lib/anvil/script_runner.rb +12 -0
- data/lib/anvil/ssh_executor.rb +1 -1
- data/lib/anvil/version.rb +1 -1
- metadata +29 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7ce4bfd700a5d2b870087b7d983902c43bc377ebcba1abbb911caea507aba0e8
|
4
|
+
data.tar.gz: 4e902474667b96efaf5a86435b381f6e54f28d58a1ae6a216441d9de6eb35925
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6a6c16d63f3b0c2bbbafcce079bdb7ba7ea8b44f2c5e0f4ac0f5a9beb3e1f2999852be11aeaed5c107bb88eaef1b7a09b0bf3fef4eaeabb9f5760c625f73c845
|
7
|
+
data.tar.gz: ca793262284e8938121d155fe18f0b6c527a50b9bf0bf437f9a3973d02d708060c317ece52f85713913ec0995937a88eb93d58af85293d01abcf50f5005d5493
|
@@ -0,0 +1,61 @@
|
|
1
|
+
#cloud-config
|
2
|
+
users:
|
3
|
+
- name: %{USER}
|
4
|
+
groups: users, admin, docker
|
5
|
+
sudo: ALL=(ALL) NOPASSWD:ALL
|
6
|
+
shell: /bin/bash
|
7
|
+
ssh_authorized_keys:
|
8
|
+
- %{PUBLIC_KEY}
|
9
|
+
packages:
|
10
|
+
- fail2ban
|
11
|
+
- ufw
|
12
|
+
- wget
|
13
|
+
- apt-transport-https
|
14
|
+
- mysql-client
|
15
|
+
- libmysqlclient-dev
|
16
|
+
package_update: true
|
17
|
+
package_upgrade: true
|
18
|
+
runcmd:
|
19
|
+
# General server setup
|
20
|
+
- timedatectl set-timezone UTC
|
21
|
+
# Install MySQL
|
22
|
+
- echo "mysql-server mysql-server/root_password password root" | sudo debconf-set-selections
|
23
|
+
- echo "mysql-server mysql-server/root_password_again password root" | sudo debconf-set-selections
|
24
|
+
- sudo apt-get -y install mysql-server
|
25
|
+
- |
|
26
|
+
cat >> /etc/mysql/mysql.conf.d/utf8.cnf << CONF
|
27
|
+
[client]
|
28
|
+
default-character-set=utf8mb4
|
29
|
+
|
30
|
+
[mysql]
|
31
|
+
default-character-set=utf8mb4
|
32
|
+
|
33
|
+
[mysqld]
|
34
|
+
init_connect='SET collation_connection = utf8mb4_unicode_ci'
|
35
|
+
init_connect='SET NAMES utf8mb4'
|
36
|
+
character-set-server=utf8mb4
|
37
|
+
collation-server=utf8mb4_unicode_ci
|
38
|
+
skip-character-set-client-handshake
|
39
|
+
CONF
|
40
|
+
- sed -i -e '/^\(#\|\)bind-address/s/^.*$/bind-address = 0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf
|
41
|
+
# Start MySQL
|
42
|
+
- systemctl start mysql.service
|
43
|
+
# Fail2Ban setup
|
44
|
+
- printf "[sshd]\nenabled = true\nbanaction = iptables-multiport" > /etc/fail2ban/jail.local
|
45
|
+
- systemctl enable fail2ban
|
46
|
+
# UFW and SSH setup
|
47
|
+
- ufw allow 22/tcp
|
48
|
+
- ufw allow 80/tcp
|
49
|
+
- ufw allow 443/tcp
|
50
|
+
- ufw enable
|
51
|
+
# Harden SSH
|
52
|
+
- sed -i -e '/^\(#\|\)PermitRootLogin/s/^.*$/PermitRootLogin no/' /etc/ssh/sshd_config
|
53
|
+
- sed -i -e '/^\(#\|\)PasswordAuthentication/s/^.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
|
54
|
+
- sed -i -e '/^\(#\|\)X11Forwarding/s/^.*$/X11Forwarding no/' /etc/ssh/sshd_config
|
55
|
+
- sed -i -e '/^\(#\|\)MaxAuthTries/s/^.*$/MaxAuthTries 2/' /etc/ssh/sshd_config
|
56
|
+
- sed -i -e '/^\(#\|\)AllowTcpForwarding/s/^.*$/AllowTcpForwarding no/' /etc/ssh/sshd_config
|
57
|
+
- sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
|
58
|
+
- sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
|
59
|
+
- sed -i '$a AllowUsers %{USER} dokku' /etc/ssh/sshd_config
|
60
|
+
# And we're done
|
61
|
+
- reboot
|
@@ -33,16 +33,5 @@ runcmd:
|
|
33
33
|
- sed -i -e '/^\(#\|\)AllowAgentForwarding/s/^.*$/AllowAgentForwarding no/' /etc/ssh/sshd_config
|
34
34
|
- sed -i -e '/^\(#\|\)AuthorizedKeysFile/s/^.*$/AuthorizedKeysFile .ssh\/authorized_keys/' /etc/ssh/sshd_config
|
35
35
|
- sed -i '$a AllowUsers %{USER} dokku' /etc/ssh/sshd_config
|
36
|
-
#
|
37
|
-
- echo "dokku dokku/vhost_enable boolean true" | sudo debconf-set-selections
|
38
|
-
- wget https://dokku.com/install/v0.30.7/bootstrap.sh && sudo DOKKU_TAG=v0.30.7 bash bootstrap.sh
|
39
|
-
- cat /home/%{USER}/.ssh/authorized_keys | dokku ssh-keys:add admin
|
40
|
-
- dokku plugin:install https://github.com/dokku/dokku-cron-restart.git cron-restart
|
41
|
-
- dokku plugin:install https://github.com/dokku/dokku-maintenance.git maintenance
|
42
|
-
- dokku plugin:install https://github.com/dokku/dokku-redis.git redis
|
43
|
-
- dokku plugin:install https://github.com/dokku/dokku-mariadb.git mariadb
|
44
|
-
- dokku plugin:install https://github.com/dokku/dokku-memcached.git memcached
|
45
|
-
- dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git letsencrypt
|
46
|
-
- dokku config:set --global DOKKU_LETSENCRYPT_EMAIL=sysadmin@echodek.co
|
47
|
-
- dokku git:set --global deploy-branch main
|
36
|
+
# And we're done
|
48
37
|
- reboot
|
@@ -0,0 +1,13 @@
|
|
1
|
+
# SSH into your server and paste the script
|
2
|
+
sudo bash
|
3
|
+
echo "dokku dokku/vhost_enable boolean true" | sudo debconf-set-selections
|
4
|
+
wget https://dokku.com/install/v0.30.7/bootstrap.sh && sudo DOKKU_TAG=v0.30.7 bash bootstrap.sh
|
5
|
+
cat /home/app/.ssh/authorized_keys | dokku ssh-keys:add admin
|
6
|
+
dokku plugin:install https://github.com/dokku/dokku-cron-restart.git cron-restart
|
7
|
+
dokku plugin:install https://github.com/dokku/dokku-maintenance.git maintenance
|
8
|
+
dokku plugin:install https://github.com/dokku/dokku-redis.git redis
|
9
|
+
dokku plugin:install https://github.com/dokku/dokku-memcached.git memcached
|
10
|
+
dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git letsencrypt
|
11
|
+
dokku config:set --global DOKKU_LETSENCRYPT_EMAIL=sysadmin@echodek.co
|
12
|
+
dokku git:set --global deploy-branch main
|
13
|
+
exit
|
@@ -0,0 +1 @@
|
|
1
|
+
2b49b3137b8c3bbe046aa080a6bd695eedc5afe6cd6c01ff4f37a22864f76ba7c3256c5e5a4f961977eac7dac1119cc805988365a7fa505530bd0a4688cba039
|
@@ -0,0 +1 @@
|
|
1
|
+
185f01d498e635d91fcbc77ae60a47529b68f927302c67dc7b052a4b190d6aa1197c9c7d46d9626f927ea80b5d40162ed3e86177d63d5dbcd93b957dbf4238b7
|
@@ -0,0 +1 @@
|
|
1
|
+
11a59b33098151fd6205adbd24c410acd58168066dc2942b93feb601557f527fecce250002d6157bacf0007a546a4a23abdc219f269bc73820236cae738b63a0
|
@@ -5,11 +5,13 @@ module Anvil
|
|
5
5
|
require_relative "../logger"
|
6
6
|
require_relative "../ssh_executor"
|
7
7
|
require_relative "env"
|
8
|
+
require_relative "../configuration_reader"
|
8
9
|
class App
|
9
10
|
class HostInstaller < Struct.new(:configuration, :host, :secrets)
|
10
11
|
include StandardProcedure::Async::Actor
|
12
|
+
include Anvil::ConfigurationReader
|
11
13
|
|
12
|
-
|
14
|
+
def call
|
13
15
|
Anvil::SshExecutor.new(host, user_for(host), logger).call do |ssh|
|
14
16
|
create_app ssh
|
15
17
|
set_environment ssh
|
@@ -32,8 +34,13 @@ module Anvil
|
|
32
34
|
ssh.exec! "dokku docker-options:add app run \"--add-host=host.docker.internal:host-gateway\"", "set_dokku_options"
|
33
35
|
ssh.exec! "dokku domains:set app #{configuration_for_app["domain"]}", "set_dokku_options"
|
34
36
|
ssh.exec! "dokku proxy:ports-add app http:80:#{configuration_for_app["port"]}", "set_dokku_options"
|
35
|
-
ssh.exec! "dokku nginx:set app client-max-body-size
|
36
|
-
ssh.exec! "dokku nginx:set app proxy-read-timeout
|
37
|
+
ssh.exec! "dokku nginx:set app client-max-body-size #{configuration_for_app["nginx"]["client_max_body_size"]}", "set_dokku_options"
|
38
|
+
ssh.exec! "dokku nginx:set app proxy-read-timeout #{configuration_for_app["nginx"]["proxy_read_timeout"]}", "set_dokku_options"
|
39
|
+
if configuration_for_app["nginx"]["forward_proxy_headers"]
|
40
|
+
ssh.exec! "dokku nginx:set $APP x-forwarded-for-value \"$http_x_forwarded_for\"", "set_dokku_options"
|
41
|
+
ssh.exec! "dokku nginx:set $APP x-forwarded-port-value \"$http_x_forwarded_port\"", "set_dokku_options"
|
42
|
+
ssh.exec! "dokku nginx:set $APP x-forwarded-proto-value \"$http_x_forwarded_proto\"", "set_dokku_options"
|
43
|
+
end
|
37
44
|
ssh.exec! "dokku proxy:build-config app", "set_dokku_options"
|
38
45
|
end
|
39
46
|
|
data/lib/anvil/app.rb
CHANGED
@@ -6,8 +6,9 @@ require "yaml"
|
|
6
6
|
module Anvil
|
7
7
|
class App < Anvil::SubCommandBase
|
8
8
|
require_relative "app/env"
|
9
|
+
require_relative "app/install"
|
9
10
|
|
10
|
-
desc "env", "Generate environment variables for an app"
|
11
|
+
desc "env /path/to/config.yml", "Generate environment variables for an app"
|
11
12
|
long_desc <<-DESC
|
12
13
|
List the environment variables for an app (on a given host)
|
13
14
|
|
@@ -16,13 +17,6 @@ module Anvil
|
|
16
17
|
|
17
18
|
If the /path/to/config is not supplied, it defaults to deploy.yml
|
18
19
|
|
19
|
-
Options:
|
20
|
-
|
21
|
-
--host, -h: The server that the environment variables should be generated for - only required if multiple servers are configured
|
22
|
-
|
23
|
-
--secrets, -s: The path to a file containing secrets to be injected into the environment variables
|
24
|
-
|
25
|
-
--secrets-stdin, -S: Read secrets from STDIN instead of a file
|
26
20
|
DESC
|
27
21
|
option :host, type: :string, default: nil, aliases: "-h"
|
28
22
|
option :secrets, type: :string, default: nil, aliases: "-s"
|
@@ -33,7 +27,7 @@ module Anvil
|
|
33
27
|
puts Anvil::App::Env.new(configuration, options[:host], secrets).call
|
34
28
|
end
|
35
29
|
|
36
|
-
desc "install", "Install an app"
|
30
|
+
desc "install /path/to/config.yml", "Install an app"
|
37
31
|
long_desc <<-DESC
|
38
32
|
Install an app on the hosts specified in the configuration.
|
39
33
|
|
@@ -45,12 +39,10 @@ module Anvil
|
|
45
39
|
anvil app install /path/to/config
|
46
40
|
If the /path/to/config is not supplied, it defaults to deploy.yml
|
47
41
|
|
48
|
-
|
49
|
-
|
50
|
-
--secrets, -s: The path to a file containing secrets to be injected into the environment variables
|
51
|
-
|
52
|
-
--secrets-stdin, -S: Read secrets from STDIN instead of a file
|
42
|
+
If --secrets-stdin is specified then additional environment variable values will be read from STDIN, if --secrets=/path/to/secrets is specified then they will be read from the file specified. This is so you can specify environment variables that you do not want stored in source control. These should be formatted as "VAR=value VAR2=value2" etc.
|
53
43
|
DESC
|
44
|
+
option :secrets, type: :string, default: nil, aliases: "-s"
|
45
|
+
option :secrets_stdin, type: :boolean, default: false, aliases: "-S"
|
54
46
|
def install filename = "deploy.yml"
|
55
47
|
configuration = YAML.load_file(filename)
|
56
48
|
secrets = read_secrets filename: options[:secrets], stdin: options[:secrets_stdin]
|
data/lib/anvil/cli.rb
CHANGED
@@ -1,14 +1,18 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require "thor"
|
4
|
-
require_relative "cloudinit"
|
5
|
-
require_relative "app"
|
6
4
|
|
7
5
|
module Anvil
|
6
|
+
require_relative "cloudinit"
|
7
|
+
require_relative "app"
|
8
|
+
require_relative "mysql"
|
8
9
|
class Cli < Thor
|
9
10
|
desc "cloudinit", "Generate a cloudinit configuration"
|
10
11
|
subcommand "cloudinit", Anvil::Cloudinit
|
11
12
|
|
13
|
+
desc "mysql", "Manage mysql"
|
14
|
+
subcommand "mysql", Anvil::Mysql
|
15
|
+
|
12
16
|
desc "app", "Install or deploy a dokku app"
|
13
17
|
subcommand "app", Anvil::App
|
14
18
|
|
data/lib/anvil/cloudinit.rb
CHANGED
@@ -13,16 +13,13 @@ module Anvil
|
|
13
13
|
end
|
14
14
|
end
|
15
15
|
|
16
|
-
desc "generate", "Generate a cloudinit configuration"
|
16
|
+
desc "generate configuration", "Generate a cloudinit configuration"
|
17
17
|
long_desc <<-DESC
|
18
18
|
Generate a cloudinit configuration for a server
|
19
19
|
|
20
20
|
Example:
|
21
21
|
anvil cloudinit generate mysql.ubuntu-22 --user dbuser --public_key ~/.ssh/my_key.pub
|
22
22
|
|
23
|
-
Options:
|
24
|
-
--user, -u: The user to create on the server - defaults to app
|
25
|
-
--public_key, -k: The path to the public key file that will be installed for the user - default to ~/.ssh/id_rsa.pub
|
26
23
|
DESC
|
27
24
|
option :user, type: :string, default: "app", aliases: "-u"
|
28
25
|
option :public_key, type: :string, default: "~/.ssh/id_rsa.pub", aliases: "-k"
|
@@ -0,0 +1,70 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative "../subcommand"
|
4
|
+
require "rujitsu"
|
5
|
+
module Anvil
|
6
|
+
class Mysql
|
7
|
+
require_relative "password"
|
8
|
+
require_relative "database_creator"
|
9
|
+
require_relative "user_creator"
|
10
|
+
|
11
|
+
class Create < Anvil::SubCommandBase
|
12
|
+
include Password
|
13
|
+
|
14
|
+
desc "database db_name user host", "Create a mysql database"
|
15
|
+
long_desc <<-DESC
|
16
|
+
Create a mysql database by SSHing into a server and then connecting to MySQL to create the database.
|
17
|
+
|
18
|
+
Example:
|
19
|
+
|
20
|
+
anvil mysql create database my_database user server.example.com --mysql-user root --mysql-host data.internal.example.com
|
21
|
+
|
22
|
+
This command will SSH into user@server.example.com, then connect to the MySQL server on data.internal.example.com as root to create the database. It will take the root password from STDIN.
|
23
|
+
|
24
|
+
The assumption is that your MySQL server is not accessible from your local development machine.
|
25
|
+
|
26
|
+
The SSH command assumes you have a current SSH Agent to load your private key.
|
27
|
+
|
28
|
+
You can optionally supply a password for the MySQL user, or it will be read from STDIN.
|
29
|
+
DESC
|
30
|
+
option :mysql_user, type: :string, default: "root", aliases: "-m"
|
31
|
+
option :mysql_password, type: :string, default: nil, aliases: "-p"
|
32
|
+
option :mysql_host, type: :string, default: "localhost", aliases: "-H"
|
33
|
+
option :mysql_port, type: :numeric, default: 3306, aliases: "-P"
|
34
|
+
def database db_name, user, host
|
35
|
+
password = get_password_from options[:mysql_password]
|
36
|
+
Anvil::Mysql::DatabaseCreator.new(db_name, user, host, options[:mysql_user], password, options[:mysql_host], options[:mysql_port]).call
|
37
|
+
end
|
38
|
+
|
39
|
+
desc "user db_username user host", "Create a mysql user"
|
40
|
+
long_desc <<-DESC
|
41
|
+
Create a database user by SSHing into a server and then connecting to MySQL to create the user.
|
42
|
+
|
43
|
+
You can optionally specify a password for your database user, or it will be generated for you and returned to STDOUT.
|
44
|
+
|
45
|
+
Example:
|
46
|
+
|
47
|
+
anvil mysql create user my_user user server.example.com --mysql-user root --mysql-host data.internal.example.com
|
48
|
+
|
49
|
+
This command will SSH into user@server.example.com, then connect to the MySQL server on data.internal.example.com as root to create the user. It will take the root password from STDIN.
|
50
|
+
|
51
|
+
The assumption is that your MySQL server is not accessible from your local development machine.
|
52
|
+
|
53
|
+
The SSH command assumes you have a current SSH Agent to load your private key.
|
54
|
+
|
55
|
+
You can optionally supply a password for the MySQL user, or it will be read from STDIN.
|
56
|
+
DESC
|
57
|
+
option :db_password, type: :string, default: nil, aliases: "-d"
|
58
|
+
option :mysql_user, type: :string, default: "root", aliases: "-m"
|
59
|
+
option :mysql_password, type: :string, default: nil, aliases: "-p"
|
60
|
+
option :mysql_host, type: :string, default: "localhost", aliases: "-H"
|
61
|
+
option :mysql_port, type: :numeric, default: 3306, aliases: "-P"
|
62
|
+
def user db_user, user, host
|
63
|
+
mysql_password = options[:mysql_password] || $stdin.gets.chomp
|
64
|
+
db_password = options[:db_password] || "#{4.random_letters}-#{4.random_characters}-#{4.random_numbers}-#{4.random_letters}-#{4.random_characters}"
|
65
|
+
Anvil::Mysql::UserCreator.new(db_user, db_password, user, host, options[:mysql_user], mysql_password, options[:mysql_host], options[:mysql_port]).call
|
66
|
+
puts db_password if options[:db_password].nil?
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require_relative "../ssh_executor"
|
2
|
+
require_relative "../logger"
|
3
|
+
require_relative "../script_runner"
|
4
|
+
|
5
|
+
module Anvil
|
6
|
+
class Mysql
|
7
|
+
class DatabaseCreator < Struct.new(:db_name, :user, :host, :mysql_user, :mysql_password, :mysql_host, :mysql_port)
|
8
|
+
def call
|
9
|
+
ScriptRunner.new(script, user, host, logger).call
|
10
|
+
end
|
11
|
+
|
12
|
+
def db_script
|
13
|
+
"CREATE DATABASE #{db_name};"
|
14
|
+
end
|
15
|
+
|
16
|
+
def script
|
17
|
+
"mysql -u#{mysql_user} -p#{mysql_password} -h #{mysql_host} -P #{mysql_port} -e \"#{db_script}\""
|
18
|
+
end
|
19
|
+
|
20
|
+
def logger
|
21
|
+
Anvil::Logger.new(self.class.name)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative "../subcommand"
|
4
|
+
module Anvil
|
5
|
+
class Mysql
|
6
|
+
require_relative "password"
|
7
|
+
require_relative "privileges_granter"
|
8
|
+
class Grant < Anvil::SubCommandBase
|
9
|
+
include Password
|
10
|
+
|
11
|
+
desc "all db_name db_username user host", "Grant all privileges on db_name to db_user"
|
12
|
+
option :mysql_user, type: :string, default: "root", aliases: "-m"
|
13
|
+
option :mysql_password, type: :string, default: nil, aliases: "-p"
|
14
|
+
option :mysql_host, type: :string, default: "localhost", aliases: "-H"
|
15
|
+
option :mysql_port, type: :numeric, default: 3306, aliases: "-P"
|
16
|
+
def all db_name, db_username, user, host
|
17
|
+
password = get_password_from options[:mysql_password]
|
18
|
+
Anvil::Mysql::PrivilegesGranter.new(db_name, db_username, user, host, options[:mysql_user], password, options[:mysql_host], options[:mysql_port]).call
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require_relative "../ssh_executor"
|
2
|
+
require_relative "../logger"
|
3
|
+
require_relative "../script_runner"
|
4
|
+
module Anvil
|
5
|
+
class Mysql
|
6
|
+
class PrivilegesGranter < Struct.new(:db_name, :db_user, :user, :host, :mysql_user, :mysql_password, :mysql_host, :mysql_port)
|
7
|
+
def call
|
8
|
+
ScriptRunner.new(script, user, host, logger).call
|
9
|
+
end
|
10
|
+
|
11
|
+
def db_script
|
12
|
+
"GRANT ALL PRIVILEGES on #{db_name}.* to '#{db_user}'@'%';"
|
13
|
+
end
|
14
|
+
|
15
|
+
def script
|
16
|
+
"mysql -u#{mysql_user} -p#{mysql_password} -h #{mysql_host} -P #{mysql_port} -e \"#{db_script}\""
|
17
|
+
end
|
18
|
+
|
19
|
+
def logger
|
20
|
+
Anvil::Logger.new(self.class.name)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require_relative "../ssh_executor"
|
2
|
+
require_relative "../logger"
|
3
|
+
require_relative "../script_runner"
|
4
|
+
module Anvil
|
5
|
+
class Mysql
|
6
|
+
class UserCreator < Struct.new(:db_user, :db_password, :user, :host, :mysql_user, :mysql_password, :mysql_host, :mysql_port)
|
7
|
+
def call
|
8
|
+
ScriptRunner.new(script, user, host, logger).call
|
9
|
+
end
|
10
|
+
|
11
|
+
def db_script
|
12
|
+
"CREATE USER '#{db_user}'@'%' IDENTIFIED BY '#{db_password}';"
|
13
|
+
end
|
14
|
+
|
15
|
+
def script
|
16
|
+
"mysql -u#{mysql_user} -p#{mysql_password} -h #{mysql_host} -P #{mysql_port} -e \"#{db_script}\""
|
17
|
+
end
|
18
|
+
|
19
|
+
def logger
|
20
|
+
Anvil::Logger.new(self.class.name)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
data/lib/anvil/mysql.rb
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative "subcommand"
|
4
|
+
|
5
|
+
module Anvil
|
6
|
+
class Mysql < Anvil::SubCommandBase
|
7
|
+
require_relative "mysql/create"
|
8
|
+
require_relative "mysql/grant"
|
9
|
+
|
10
|
+
desc "create", "Create mysql databases and users "
|
11
|
+
subcommand "create", Anvil::Mysql::Create
|
12
|
+
|
13
|
+
desc "grant", "Grant mysql permissions"
|
14
|
+
subcommand "grant", Anvil::Mysql::Grant
|
15
|
+
end
|
16
|
+
end
|
data/lib/anvil/ssh_executor.rb
CHANGED
@@ -10,7 +10,7 @@ require "net/ssh"
|
|
10
10
|
module Anvil
|
11
11
|
class SshExecutor < Struct.new(:hostname, :user, :logger)
|
12
12
|
def call &block
|
13
|
-
@connection = Net::SSH.start hostname, user, use_agent: true
|
13
|
+
@connection = Net::SSH.start hostname, user, use_agent: true, verify_host_key: :accept_new
|
14
14
|
block.call self
|
15
15
|
end
|
16
16
|
|
data/lib/anvil/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: standard-procedure-anvil
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rahoul Baruah
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-07-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -66,6 +66,20 @@ dependencies:
|
|
66
66
|
- - ">="
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rujitsu
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
69
83
|
- !ruby/object:Gem::Dependency
|
70
84
|
name: standard-procedure-async
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -96,11 +110,16 @@ files:
|
|
96
110
|
- LICENSE.txt
|
97
111
|
- README.md
|
98
112
|
- Rakefile
|
113
|
+
- assets/cloudinit/dokku.mysql.ubuntu-22.yml
|
99
114
|
- assets/cloudinit/dokku.ubuntu-22.yml
|
100
115
|
- assets/cloudinit/memcached.ubuntu-22.yml
|
101
116
|
- assets/cloudinit/mysql.ubuntu-22.yml
|
102
117
|
- assets/cloudinit/opensearch.ubuntu-22.yml
|
103
118
|
- assets/cloudinit/redis.ubuntu-22.yml
|
119
|
+
- assets/install/dokku.txt
|
120
|
+
- checksums/standard-procedure-anvil-0.1.4.gem.sha512
|
121
|
+
- checksums/standard-procedure-anvil-0.1.5.gem.sha512
|
122
|
+
- checksums/standard-procedure-anvil-0.1.6.gem.sha512
|
104
123
|
- exe/anvil
|
105
124
|
- lib/anvil.rb
|
106
125
|
- lib/anvil/app.rb
|
@@ -112,6 +131,14 @@ files:
|
|
112
131
|
- lib/anvil/cloudinit/generator.rb
|
113
132
|
- lib/anvil/configuration_reader.rb
|
114
133
|
- lib/anvil/logger.rb
|
134
|
+
- lib/anvil/mysql.rb
|
135
|
+
- lib/anvil/mysql/create.rb
|
136
|
+
- lib/anvil/mysql/database_creator.rb
|
137
|
+
- lib/anvil/mysql/grant.rb
|
138
|
+
- lib/anvil/mysql/password.rb
|
139
|
+
- lib/anvil/mysql/privileges_granter.rb
|
140
|
+
- lib/anvil/mysql/user_creator.rb
|
141
|
+
- lib/anvil/script_runner.rb
|
115
142
|
- lib/anvil/ssh_executor.rb
|
116
143
|
- lib/anvil/subcommand.rb
|
117
144
|
- lib/anvil/version.rb
|