suitmymind-ubuntu-machine 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +20 -0
- data/README +2 -0
- data/lib/capistrano/ext/ubuntu-machine/apache.rb +118 -0
- data/lib/capistrano/ext/ubuntu-machine/aptitude.rb +102 -0
- data/lib/capistrano/ext/ubuntu-machine/gems.rb +39 -0
- data/lib/capistrano/ext/ubuntu-machine/git.rb +15 -0
- data/lib/capistrano/ext/ubuntu-machine/iptables.rb +20 -0
- data/lib/capistrano/ext/ubuntu-machine/machine.rb +50 -0
- data/lib/capistrano/ext/ubuntu-machine/mysql.rb +60 -0
- data/lib/capistrano/ext/ubuntu-machine/php.rb +8 -0
- data/lib/capistrano/ext/ubuntu-machine/render.rb +6 -0
- data/lib/capistrano/ext/ubuntu-machine/ruby.rb +72 -0
- data/lib/capistrano/ext/ubuntu-machine/ssh.rb +64 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/apache2.erb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/iptables.erb +46 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/new_db.erb +5 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/passenger.conf.erb +2 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/passenger.load.erb +1 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/sshd_config.erb +80 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/vhost.erb +17 -0
- data/lib/capistrano/ext/ubuntu-machine/utils.rb +24 -0
- data/lib/capistrano/ext/ubuntu-machine.rb +7 -0
- metadata +84 -0
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2008 Thomas Balthazar
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README
ADDED
@@ -0,0 +1,118 @@
|
|
1
|
+
namespace :apache do
|
2
|
+
desc "Install Apache"
|
3
|
+
task :install, :roles => :web do
|
4
|
+
sudo "aptitude install apache2 apache2.2-common apache2-mpm-prefork apache2-utils libexpat1 ssl-cert -y"
|
5
|
+
|
6
|
+
run "cat /etc/apache2/apache2.conf > ~/apache2.conf.tmp"
|
7
|
+
put render("apache2", binding), "apache2.append.conf.tmp"
|
8
|
+
run "cat apache2.append.conf.tmp >> ~/apache2.conf.tmp"
|
9
|
+
sudo "mv ~/apache2.conf.tmp /etc/apache2/apache2.conf"
|
10
|
+
run "rm apache2.append.conf.tmp"
|
11
|
+
restart
|
12
|
+
end
|
13
|
+
|
14
|
+
desc "Restarts Apache webserver"
|
15
|
+
task :restart, :roles => :web do
|
16
|
+
sudo "/etc/init.d/apache2 restart"
|
17
|
+
end
|
18
|
+
|
19
|
+
desc "Starts Apache webserver"
|
20
|
+
task :start, :roles => :web do
|
21
|
+
sudo "/etc/init.d/apache2 start"
|
22
|
+
end
|
23
|
+
|
24
|
+
desc "Stops Apache webserver"
|
25
|
+
task :stop, :roles => :web do
|
26
|
+
sudo "/etc/init.d/apache2 stop"
|
27
|
+
end
|
28
|
+
|
29
|
+
desc "Reload Apache webserver"
|
30
|
+
task :reload, :roles => :web do
|
31
|
+
sudo "/etc/init.d/apache2 reload"
|
32
|
+
end
|
33
|
+
|
34
|
+
desc "Force reload Apache webserver"
|
35
|
+
task :force_reload, :roles => :web do
|
36
|
+
sudo "/etc/init.d/apache2 force-reload"
|
37
|
+
end
|
38
|
+
|
39
|
+
desc "List enabled Apache sites"
|
40
|
+
task :enabled_sites, :roles => :web do
|
41
|
+
run "ls /etc/apache2/sites-enabled"
|
42
|
+
end
|
43
|
+
|
44
|
+
desc "List available Apache sites"
|
45
|
+
task :available_sites, :roles => :web do
|
46
|
+
run "ls /etc/apache2/sites-available"
|
47
|
+
end
|
48
|
+
|
49
|
+
desc "List enabled Apache modules"
|
50
|
+
task :enabled_modules, :roles => :web do
|
51
|
+
run "ls /etc/apache2/mods-enabled"
|
52
|
+
end
|
53
|
+
|
54
|
+
desc "List available Apache modules"
|
55
|
+
task :available_modules, :roles => :web do
|
56
|
+
run "ls /etc/apache2/mods-available"
|
57
|
+
end
|
58
|
+
|
59
|
+
desc "Disable Apache site"
|
60
|
+
task :disable_site, :roles => :web do
|
61
|
+
site = Capistrano::CLI.ui.ask("Which site should we disable: ")
|
62
|
+
sudo "sudo a2dissite #{site}"
|
63
|
+
reload
|
64
|
+
end
|
65
|
+
|
66
|
+
desc "Enable Apache site"
|
67
|
+
task :enable_site, :roles => :web do
|
68
|
+
site = Capistrano::CLI.ui.ask("Which site should we enable: ")
|
69
|
+
sudo "sudo a2ensite #{site}"
|
70
|
+
reload
|
71
|
+
end
|
72
|
+
|
73
|
+
desc "Disable Apache module"
|
74
|
+
task :disable_module, :roles => :web do
|
75
|
+
mod = Capistrano::CLI.ui.ask("Which module should we disable: ")
|
76
|
+
sudo "sudo a2dismod #{mod}"
|
77
|
+
force_reload
|
78
|
+
end
|
79
|
+
|
80
|
+
desc "Enable Apache module"
|
81
|
+
task :enable_module, :roles => :web do
|
82
|
+
mod = Capistrano::CLI.ui.ask("Which module should we enable: ")
|
83
|
+
sudo "sudo a2enmod #{mod}"
|
84
|
+
force_reload
|
85
|
+
end
|
86
|
+
|
87
|
+
desc "Create a new website"
|
88
|
+
task :create_website, :roles => :web do
|
89
|
+
server_admin = Capistrano::CLI.ui.ask("Server admin (#{default_server_admin}) if blank : ")
|
90
|
+
server_admin = default_server_admin if server_admin.empty?
|
91
|
+
server_name = Capistrano::CLI.ui.ask("Server name : ")
|
92
|
+
server_alias = Capistrano::CLI.ui.ask("Server alias : ")
|
93
|
+
directory_index = Capistrano::CLI.ui.ask("Directory index (#{default_directory_index}) if blank : ")
|
94
|
+
directory_index = default_directory_index if directory_index.empty?
|
95
|
+
|
96
|
+
# Website skeleton
|
97
|
+
%w{backup cap cgi-bin logs private public tmp}.each { |d|
|
98
|
+
run "mkdir -p /home/#{user}/websites/#{server_name}/#{d}"
|
99
|
+
}
|
100
|
+
|
101
|
+
put render("vhost", binding), server_name
|
102
|
+
sudo "mv #{server_name} /etc/apache2/sites-available/#{server_name}"
|
103
|
+
sudo "sudo a2ensite #{server_name}"
|
104
|
+
reload
|
105
|
+
end
|
106
|
+
|
107
|
+
desc "Delete a website (! delete all file and folders)"
|
108
|
+
task :delete_website, :roles => :web do
|
109
|
+
server_name = Capistrano::CLI.ui.ask("Server name you want to delete : ")
|
110
|
+
sure = Capistrano::CLI.ui.ask("Are you sure you want to delete #{server_name} and all its files? (y/n) : ")
|
111
|
+
if sure=="y"
|
112
|
+
sudo "sudo a2dissite #{server_name}"
|
113
|
+
sudo "rm /etc/apache2/sites-available/#{server_name}"
|
114
|
+
sudo "rm -Rf /home/#{user}/websites/#{server_name}"
|
115
|
+
reload
|
116
|
+
end
|
117
|
+
end
|
118
|
+
end
|
@@ -0,0 +1,102 @@
|
|
1
|
+
namespace :aptitude do
|
2
|
+
desc <<-DESC
|
3
|
+
Updates your software package list. This will not "upgrade" any of your \
|
4
|
+
installed software.
|
5
|
+
|
6
|
+
See "Update" section on \
|
7
|
+
http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
|
8
|
+
DESC
|
9
|
+
task :update, :roles => :app do
|
10
|
+
sudo "aptitude update"
|
11
|
+
end
|
12
|
+
|
13
|
+
desc "Alias for 'aptitude:safe_upgrade'"
|
14
|
+
task :upgrade, :roles => :app do
|
15
|
+
safe_upgrade
|
16
|
+
end
|
17
|
+
|
18
|
+
desc <<-DESC
|
19
|
+
Upgrades your installed software packages.
|
20
|
+
|
21
|
+
From the aptitude man pages:
|
22
|
+
|
23
|
+
This command will upgrade as many packages as it can upgrade without \
|
24
|
+
removing existing packages or installing new ones.
|
25
|
+
|
26
|
+
It is sometimes necessary to remove or install one package in order to \
|
27
|
+
upgrade another; this command is not able to upgrade packages in such \
|
28
|
+
situations. Use the full-upgrade to upgrade those packages as well.
|
29
|
+
|
30
|
+
See "Upgrade" section on \
|
31
|
+
http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
|
32
|
+
DESC
|
33
|
+
task :safe_upgrade, :roles => :app do
|
34
|
+
# sudo "aptitude safe-upgrade -y", :pty => true
|
35
|
+
|
36
|
+
# By default, OVH replace the original /etc/issue. The safe_upgrade will then ask \
|
37
|
+
# if it must overwrite this file, since it has been modified by OVH. \
|
38
|
+
# data =~ /^\*\*\*\sissue/ looks for the interactive prompt to enable you to answer
|
39
|
+
sudo 'aptitude safe-upgrade -y', :pty => true do |ch, stream, data|
|
40
|
+
if data =~ /^\*\*\*\sissue/
|
41
|
+
# prompt, and then send the response to the remote process
|
42
|
+
ch.send_data(Capistrano::CLI.password_prompt(data) + "\n")
|
43
|
+
else
|
44
|
+
# use the default handler for all other text
|
45
|
+
Capistrano::Configuration.default_io_proc.call(ch, stream, data)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
desc <<-DESC
|
51
|
+
Upgrades your installed software packages.
|
52
|
+
|
53
|
+
From the aptitude man pages:
|
54
|
+
|
55
|
+
Like safe-upgrade, this command will attempt to upgrade packages, but it is \
|
56
|
+
more aggressive about solving dependency problems: it will install and \
|
57
|
+
remove packages until all dependencies are satisfied. Because of the nature \
|
58
|
+
of this command, it is possible that it will do undesirable things, and so \
|
59
|
+
you should be careful when using it.
|
60
|
+
|
61
|
+
See "Upgrade" section on \
|
62
|
+
http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
|
63
|
+
DESC
|
64
|
+
task :full_upgrade, :roles => :app do
|
65
|
+
sudo "aptitude full-upgrade -y"
|
66
|
+
end
|
67
|
+
|
68
|
+
desc <<-DESC
|
69
|
+
Installs a software package via aptitude. You will be prompted for the \
|
70
|
+
package name after running this commmand.
|
71
|
+
DESC
|
72
|
+
task :install, :roles => :app do
|
73
|
+
package = Capistrano::CLI.ui.ask("Which package should we install: ")
|
74
|
+
sudo "aptitude install #{package}"
|
75
|
+
end
|
76
|
+
|
77
|
+
desc <<-DESC
|
78
|
+
Uninstalls a software package via aptitude. You will be prompted for the \
|
79
|
+
package name after running this commmand.
|
80
|
+
DESC
|
81
|
+
task :uninstall, :roles => :app do
|
82
|
+
package = Capistrano::CLI.ui.ask("Which package should we uninstall: ")
|
83
|
+
sudo "aptitude remove #{package}"
|
84
|
+
end
|
85
|
+
|
86
|
+
desc <<-DESC
|
87
|
+
Updates software packages and creates "a solid base for the 'meat' of the \
|
88
|
+
server". This task should be run only once when you are first setting up your \
|
89
|
+
new slice.
|
90
|
+
|
91
|
+
See "Update", "locales", "Upgrade" and "build essentials" sections on \
|
92
|
+
http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
|
93
|
+
DESC
|
94
|
+
task :setup, :roles => :app do
|
95
|
+
update
|
96
|
+
sudo "locale-gen en_GB.UTF-8"
|
97
|
+
sudo "/usr/sbin/update-locale LANG=en_GB.UTF-8"
|
98
|
+
safe_upgrade
|
99
|
+
full_upgrade
|
100
|
+
sudo "aptitude install -y build-essential"
|
101
|
+
end
|
102
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
namespace :gems do
|
2
|
+
desc "Install RubyGems"
|
3
|
+
task :install_rubygems, :roles => :app do
|
4
|
+
run "curl -LO http://rubyforge.org/frs/download.php/45905/rubygems-#{rubygem_version}.tgz"
|
5
|
+
run "tar xvzf rubygems-#{rubygem_version}.tgz"
|
6
|
+
run "cd rubygems-#{rubygem_version} && sudo ruby setup.rb"
|
7
|
+
sudo "ln -s /usr/bin/gem1.8 /usr/bin/gem"
|
8
|
+
sudo "gem update"
|
9
|
+
sudo "gem update --system"
|
10
|
+
run "rm -Rf rubygems-#{rubygem_version}*"
|
11
|
+
end
|
12
|
+
|
13
|
+
desc "List gems on remote server"
|
14
|
+
task :list, :roles => :app do
|
15
|
+
stream "gem list"
|
16
|
+
end
|
17
|
+
|
18
|
+
desc "Update gems on remote server"
|
19
|
+
task :update, :roles => :app do
|
20
|
+
sudo "gem update"
|
21
|
+
end
|
22
|
+
|
23
|
+
desc "Update gem system on remote server"
|
24
|
+
task :update_system, :roles => :app do
|
25
|
+
sudo "gem update --system"
|
26
|
+
end
|
27
|
+
|
28
|
+
desc "Install a gem on the remote server"
|
29
|
+
task :install, :roles => :app do
|
30
|
+
name = Capistrano::CLI.ui.ask("Which gem should we install: ")
|
31
|
+
sudo "gem install #{name}"
|
32
|
+
end
|
33
|
+
|
34
|
+
desc "Uninstall a gem on the remote server"
|
35
|
+
task :uninstall, :roles => :app do
|
36
|
+
name = Capistrano::CLI.ui.ask("Which gem should we uninstall: ")
|
37
|
+
sudo "gem uninstall #{name}"
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
namespace :git do
|
2
|
+
desc "Install git"
|
3
|
+
task :install, :roles => :app do
|
4
|
+
sudo "sudo apt-get build-dep git-core -y"
|
5
|
+
run "curl -O http://kernel.org/pub/software/scm/git/#{git_version}.tar.gz"
|
6
|
+
run "tar xvzf #{git_version}.tar.gz"
|
7
|
+
run "cd #{git_version}"
|
8
|
+
run "cd #{git_version} && ./configure"
|
9
|
+
run "cd #{git_version} && make"
|
10
|
+
run "cd #{git_version} && sudo make install"
|
11
|
+
run "rm #{git_version}.tar.gz"
|
12
|
+
run "rm -Rf #{git_version}"
|
13
|
+
end
|
14
|
+
|
15
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
namespace :iptables do
|
2
|
+
desc <<-DESC
|
3
|
+
Harden iptables configuration. Only allows ssh, http, and https connections and packets from SAN.
|
4
|
+
|
5
|
+
See "iptables" section on \
|
6
|
+
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
7
|
+
DESC
|
8
|
+
task :configure, :roles => :gateway do
|
9
|
+
sudo "aptitude install iptables -y"
|
10
|
+
put render("iptables", binding), "iptables.up.rules"
|
11
|
+
sudo "mv iptables.up.rules /etc/iptables.up.rules"
|
12
|
+
|
13
|
+
sudo "iptables-restore < /etc/iptables.up.rules"
|
14
|
+
|
15
|
+
# ensure that the iptables rules are applied when we reboot the server
|
16
|
+
run "cat /etc/network/interfaces > ~/tmp_interfaces"
|
17
|
+
run "echo 'pre-up iptables-restore < /etc/iptables.up.rules' >> ~/tmp_interfaces"
|
18
|
+
sudo "mv ~/tmp_interfaces /etc/network/interfaces"
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
namespace :machine do
|
2
|
+
|
3
|
+
desc "Change the root password, create a new user and allow him to sudo and to SSH"
|
4
|
+
task :initial_setup do
|
5
|
+
set :user_to_create , user
|
6
|
+
set :user, 'root'
|
7
|
+
|
8
|
+
|
9
|
+
run "passwd", :pty => true do |ch, stream, data|
|
10
|
+
if data =~ /Enter new UNIX password/ || data=~ /Retype new UNIX password:/
|
11
|
+
# prompt, and then send the response to the remote process
|
12
|
+
ch.send_data(Capistrano::CLI.password_prompt(data) + "\n")
|
13
|
+
else
|
14
|
+
# use the default handler for all other text
|
15
|
+
Capistrano::Configuration.default_io_proc.call(ch, stream, data)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
run "adduser #{user_to_create}", :pty => true do |ch, stream, data|
|
20
|
+
if data =~ /Enter new UNIX password/ || data=~ /Retype new UNIX password:/ || data=~/\[\]\:/ || data=~/\[y\/N\]/
|
21
|
+
# prompt, and then send the response to the remote process
|
22
|
+
ch.send_data(Capistrano::CLI.password_prompt(data) + "\n")
|
23
|
+
else
|
24
|
+
# use the default handler for all other text
|
25
|
+
Capistrano::Configuration.default_io_proc.call(ch, stream, data)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
run "echo '#{user_to_create} ALL=(ALL)ALL' >> /etc/sudoers"
|
30
|
+
run "echo 'AllowUsers #{user_to_create}' >> /etc/ssh/sshd_config"
|
31
|
+
run "/etc/init.d/ssh reload"
|
32
|
+
end
|
33
|
+
|
34
|
+
task :configure do
|
35
|
+
ssh.setup
|
36
|
+
iptables.configure
|
37
|
+
aptitude.setup
|
38
|
+
end
|
39
|
+
|
40
|
+
task :install_dev_tools do
|
41
|
+
mysql.install
|
42
|
+
apache.install
|
43
|
+
ruby.install
|
44
|
+
gems.install_rubygems
|
45
|
+
ruby.install_enterprise
|
46
|
+
ruby.install_passenger
|
47
|
+
git.install
|
48
|
+
php.install
|
49
|
+
end
|
50
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
#TODO : change root password
|
2
|
+
|
3
|
+
namespace :mysql do
|
4
|
+
desc "Restarts MySQL database server"
|
5
|
+
task :restart, :roles => :db do
|
6
|
+
sudo "/etc/init.d/mysql restart"
|
7
|
+
end
|
8
|
+
|
9
|
+
desc "Starts MySQL database server"
|
10
|
+
task :start, :roles => :db do
|
11
|
+
sudo "/etc/init.d/mysql start"
|
12
|
+
end
|
13
|
+
|
14
|
+
desc "Stops MySQL database server"
|
15
|
+
task :stop, :roles => :db do
|
16
|
+
sudo "/etc/init.d/mysql stop"
|
17
|
+
end
|
18
|
+
|
19
|
+
desc "Export MySQL database"
|
20
|
+
task :export, :roles => :db do
|
21
|
+
database = Capistrano::CLI.ui.ask("Which database should we export: ")
|
22
|
+
# sudo "mysqldump -u root -p #{database} > #{database}.sql", :pty => true
|
23
|
+
sudo "mysqldump -u root -p #{database} > #{database}.sql", :pty => true do |ch, stream, data|
|
24
|
+
if data =~ /Enter\spassword/
|
25
|
+
# prompt, and then send the response to the remote process
|
26
|
+
ch.send_data(Capistrano::CLI.password_prompt(data) + "\n")
|
27
|
+
else
|
28
|
+
# use the default handler for all other text
|
29
|
+
Capistrano::Configuration.default_io_proc.call(ch, stream, data)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
download "#{database}.sql", "#{default_local_files_path}/database.sql"
|
33
|
+
run "rm #{database}.sql"
|
34
|
+
end
|
35
|
+
|
36
|
+
desc "Create a new MySQL database, a new MySQL user, and load a local MySQL dump file"
|
37
|
+
task :create_database, :roles => :db do
|
38
|
+
db_root_password = Capistrano::CLI.ui.ask("MySQL root password : ")
|
39
|
+
db_name = Capistrano::CLI.ui.ask("Which database should we create: ")
|
40
|
+
db_username = Capistrano::CLI.ui.ask("Which database username should we create: ")
|
41
|
+
db_user_password = Capistrano::CLI.ui.ask("Choose a password for the new database username: ")
|
42
|
+
file = Capistrano::CLI.ui.ask("Which database file should we import (it must be located in #{default_local_files_path}): ")
|
43
|
+
upload "#{default_local_files_path}/#{file}", "#{file}"
|
44
|
+
|
45
|
+
create_db_tmp_file = "create_#{db_name}.sql"
|
46
|
+
put render("new_db", binding), create_db_tmp_file
|
47
|
+
run "mysql -u root -p#{db_root_password} < #{create_db_tmp_file}"
|
48
|
+
|
49
|
+
run "mysql -u root -p#{db_root_password} #{db_name} < #{file}"
|
50
|
+
run "rm #{file} #{create_db_tmp_file}"
|
51
|
+
end
|
52
|
+
|
53
|
+
desc "Install MySQL"
|
54
|
+
task :install, :roles => :db do
|
55
|
+
db_root_password = Capistrano::CLI.ui.ask("Choose a MySQL root password : ")
|
56
|
+
sudo "aptitude install -y mysql-server mysql-client libmysqlclient15-dev"
|
57
|
+
sudo "aptitude install -y libmysql-ruby1.8"
|
58
|
+
run "mysqladmin -u root password #{db_root_password}"
|
59
|
+
end
|
60
|
+
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
namespace :php do
|
2
|
+
desc "Install PHP 5"
|
3
|
+
task :install, :roles => :app do
|
4
|
+
sudo "aptitude install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl -y"
|
5
|
+
sudo "/etc/init.d/apache2 reload"
|
6
|
+
end
|
7
|
+
|
8
|
+
end
|
@@ -0,0 +1,72 @@
|
|
1
|
+
namespace :ruby do
|
2
|
+
desc "Install Ruby 1.8"
|
3
|
+
task :install, :roles => :app do
|
4
|
+
sudo "aptitude install -y ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8 libreadline-ruby1.8 libruby1.8 libopenssl-ruby sqlite3 libsqlite3-ruby1.8"
|
5
|
+
|
6
|
+
sudo "ln -s /usr/bin/ruby1.8 /usr/bin/ruby"
|
7
|
+
sudo "ln -s /usr/bin/ri1.8 /usr/bin/ri"
|
8
|
+
sudo "ln -s /usr/bin/rdoc1.8 /usr/bin/rdoc"
|
9
|
+
sudo "ln -s /usr/bin/irb1.8 /usr/bin/irb"
|
10
|
+
end
|
11
|
+
|
12
|
+
desc "Install Ruby Enterpise Edition"
|
13
|
+
task :install_enterprise, :roles => :app do
|
14
|
+
sudo "apt-get install libssl-dev -y"
|
15
|
+
|
16
|
+
run "test ! -d /opt/#{ruby_enterprise_version}"
|
17
|
+
run "curl -LO http://rubyforge.org/frs/download.php/48623/#{ruby_enterprise_version}.tar.gz"
|
18
|
+
run "tar xzvf #{ruby_enterprise_version}.tar.gz"
|
19
|
+
run "rm #{ruby_enterprise_version}.tar.gz"
|
20
|
+
sudo "./#{ruby_enterprise_version}/installer --auto /opt/#{ruby_enterprise_version}"
|
21
|
+
sudo "rm -rf #{ruby_enterprise_version}/"
|
22
|
+
|
23
|
+
# create a "permanent" link to the current REE install
|
24
|
+
sudo "ln -s /opt/#{ruby_enterprise_version} /opt/ruby-enterprise"
|
25
|
+
end
|
26
|
+
|
27
|
+
desc "USELESS Install Phusion Passenger"
|
28
|
+
task :useless_install_passenger, :roles => :app do
|
29
|
+
# because passenger-install-apache2-module do not find the rake installed by REE
|
30
|
+
sudo "gem install rake"
|
31
|
+
|
32
|
+
sudo "apt-get install apache2-mpm-prefork -y"
|
33
|
+
sudo "aptitude install libapr1-dev -y"
|
34
|
+
sudo "apt-get install apache2-prefork-dev -y"
|
35
|
+
|
36
|
+
sudo "/usr/bin/gem install passenger"
|
37
|
+
run "echo -en '\n\n\n\n\n' | sudo passenger-install-apache2-module"
|
38
|
+
|
39
|
+
put render("passenger.load", binding), "/home/#{user}/passenger.load"
|
40
|
+
put render("passenger.conf", binding), "/home/#{user}/passenger.conf"
|
41
|
+
|
42
|
+
sudo "mv /home/#{user}/passenger.load /etc/apache2/mods-available/"
|
43
|
+
sudo "mv /home/#{user}/passenger.conf /etc/apache2/mods-available/"
|
44
|
+
|
45
|
+
sudo "a2enmod passenger"
|
46
|
+
apache.force_reload
|
47
|
+
end
|
48
|
+
|
49
|
+
desc "Install Phusion Passenger"
|
50
|
+
task :install_passenger, :roles => :app do
|
51
|
+
# because passenger-install-apache2-module do not find the rake installed by REE
|
52
|
+
sudo "gem install rake"
|
53
|
+
|
54
|
+
sudo "apt-get install apache2-mpm-prefork -y"
|
55
|
+
sudo "aptitude install libapr1-dev -y"
|
56
|
+
sudo "apt-get install apache2-prefork-dev -y"
|
57
|
+
|
58
|
+
sudo "/opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/gem install passenger"
|
59
|
+
|
60
|
+
run "echo -en '\n\n\n\n\n' | sudo /opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/passenger-install-apache2-module"
|
61
|
+
|
62
|
+
put render("passenger.load", binding), "/home/#{user}/passenger.load"
|
63
|
+
put render("passenger.conf", binding), "/home/#{user}/passenger.conf"
|
64
|
+
|
65
|
+
sudo "mv /home/#{user}/passenger.load /etc/apache2/mods-available/"
|
66
|
+
sudo "mv /home/#{user}/passenger.conf /etc/apache2/mods-available/"
|
67
|
+
|
68
|
+
sudo "a2enmod passenger"
|
69
|
+
apache.force_reload
|
70
|
+
end
|
71
|
+
|
72
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
namespace :ssh do
|
2
|
+
|
3
|
+
desc <<-DESC
|
4
|
+
Setup SSH on the gateway host. Runs `upload_keys`, `install_ovh_ssh_key` AND \
|
5
|
+
`configure_sshd` then reloads the SSH service to finalize the changes.
|
6
|
+
DESC
|
7
|
+
task :setup, :roles => :gateway do
|
8
|
+
upload_keys
|
9
|
+
configure_sshd
|
10
|
+
install_ovh_ssh_key if ["ovh-rps", "ovh-dedie"].include?(hosting_provider)
|
11
|
+
reload
|
12
|
+
end
|
13
|
+
|
14
|
+
|
15
|
+
desc <<-DESC
|
16
|
+
Uploads your local public SSH keys to the server. A .ssh folder is created if \
|
17
|
+
one does not already exist. The SSH keys default to the ones set in \
|
18
|
+
Capistrano's ssh_options. You can change this by setting ssh_options[:keys] = \
|
19
|
+
["/home/user/.ssh/id_dsa"].
|
20
|
+
|
21
|
+
See "SSH copy" and "SSH Permissions" sections on \
|
22
|
+
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
23
|
+
DESC
|
24
|
+
task :upload_keys, :roles => :gateway do
|
25
|
+
run "mkdir -p ~/.ssh"
|
26
|
+
run "chown -R #{user}:#{user} ~/.ssh"
|
27
|
+
run "chmod 700 ~/.ssh"
|
28
|
+
|
29
|
+
authorized_keys = ssh_options[:keys].collect { |key| File.read("#{key}.pub") }.join("\n")
|
30
|
+
put authorized_keys, "./.ssh/authorized_keys2", :mode => 0600
|
31
|
+
end
|
32
|
+
|
33
|
+
desc <<-DESC
|
34
|
+
Configure SSH daemon with more secure settings recommended by Slicehost. The \
|
35
|
+
will be configured to run on the port configured in Capistrano's "ssh_options". \
|
36
|
+
This defaults to the standard SSH port 22. You can change this by setting \
|
37
|
+
ssh_options[:port] = 3000. Note that this change will not take affect until \
|
38
|
+
reload the SSH service with `cap ssh:reload`.
|
39
|
+
|
40
|
+
See "SSH config" section on \
|
41
|
+
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
42
|
+
DESC
|
43
|
+
task :configure_sshd, :roles => :gateway do
|
44
|
+
put render("sshd_config", binding), "sshd_config"
|
45
|
+
sudo "mv sshd_config /etc/ssh/sshd_config"
|
46
|
+
end
|
47
|
+
|
48
|
+
desc <<-DESC
|
49
|
+
Install OVH SSH Keys
|
50
|
+
DESC
|
51
|
+
task :install_ovh_ssh_key, :roles => :gateway do
|
52
|
+
sudo "wget ftp://ftp.ovh.net/made-in-ovh/cle-ssh-public/installer_la_cle.sh -O installer_la_cle.sh"
|
53
|
+
sudo "sh installer_la_cle.sh"
|
54
|
+
end
|
55
|
+
|
56
|
+
desc <<-DESC
|
57
|
+
Reload SSH service.
|
58
|
+
DESC
|
59
|
+
task :reload, :roles => :gateway do
|
60
|
+
sudo "/etc/init.d/ssh reload"
|
61
|
+
end
|
62
|
+
|
63
|
+
|
64
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
*filter
|
2
|
+
|
3
|
+
|
4
|
+
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
|
5
|
+
-A INPUT -i lo -j ACCEPT
|
6
|
+
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
|
7
|
+
|
8
|
+
|
9
|
+
# Accepts all established inbound connections
|
10
|
+
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
11
|
+
|
12
|
+
|
13
|
+
# Allows all outbound traffic
|
14
|
+
# You can modify this to only allow certain traffic
|
15
|
+
-A OUTPUT -j ACCEPT
|
16
|
+
|
17
|
+
|
18
|
+
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
|
19
|
+
-A INPUT -p tcp --dport 80 -j ACCEPT
|
20
|
+
-A INPUT -p tcp --dport 443 -j ACCEPT
|
21
|
+
|
22
|
+
|
23
|
+
# Allows SSH connections
|
24
|
+
#
|
25
|
+
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
|
26
|
+
#
|
27
|
+
-A INPUT -p tcp -m state --state NEW --dport <%= ssh_options[:port] %> -j ACCEPT
|
28
|
+
|
29
|
+
<% if hosting_provider=="ovh-rps" %>
|
30
|
+
# allow packets from SAN, only for ovh-rps
|
31
|
+
-A OUTPUT -p tcp --dport 3260 -j ACCEPT
|
32
|
+
<% end %>
|
33
|
+
|
34
|
+
# Allow ping
|
35
|
+
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
|
36
|
+
|
37
|
+
|
38
|
+
# log iptables denied calls
|
39
|
+
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
|
40
|
+
|
41
|
+
|
42
|
+
# Reject all other inbound - default deny unless explicitly allowed policy
|
43
|
+
-A INPUT -j REJECT
|
44
|
+
-A FORWARD -j REJECT
|
45
|
+
|
46
|
+
COMMIT
|
@@ -0,0 +1,5 @@
|
|
1
|
+
CREATE DATABASE `<%= db_name %>` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
|
2
|
+
CREATE USER '<%= db_username %>'@'localhost' IDENTIFIED BY '<%= db_user_password %>';
|
3
|
+
GRANT USAGE ON * . * TO '<%= db_username %>'@'localhost' IDENTIFIED BY '<%= db_user_password %>' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
|
4
|
+
GRANT ALL PRIVILEGES ON `<%= db_name %>` . * TO '<%= db_username %>'@'localhost' WITH GRANT OPTION ;
|
5
|
+
FLUSH PRIVILEGES ;
|
@@ -0,0 +1 @@
|
|
1
|
+
LoadModule passenger_module /opt/<%= ruby_enterprise_version %>/lib/ruby/gems/1.8/gems/passenger-<%= passenger_version %>/ext/apache2/mod_passenger.so
|
@@ -0,0 +1,80 @@
|
|
1
|
+
# Package generated configuration file
|
2
|
+
# See the sshd(8) manpage for details
|
3
|
+
|
4
|
+
# What ports, IPs and protocols we listen for
|
5
|
+
Port <%= ssh_options[:port] %>
|
6
|
+
# Use these options to restrict which interfaces/protocols sshd will bind to
|
7
|
+
#ListenAddress ::
|
8
|
+
#ListenAddress 0.0.0.0
|
9
|
+
Protocol 2
|
10
|
+
# HostKeys for protocol version 2
|
11
|
+
HostKey /etc/ssh/ssh_host_rsa_key
|
12
|
+
HostKey /etc/ssh/ssh_host_dsa_key
|
13
|
+
#Privilege Separation is turned on for security
|
14
|
+
UsePrivilegeSeparation yes
|
15
|
+
|
16
|
+
# Lifetime and size of ephemeral version 1 server key
|
17
|
+
KeyRegenerationInterval 3600
|
18
|
+
ServerKeyBits 768
|
19
|
+
|
20
|
+
# Logging
|
21
|
+
SyslogFacility AUTH
|
22
|
+
LogLevel INFO
|
23
|
+
|
24
|
+
# Authentication:
|
25
|
+
LoginGraceTime 120
|
26
|
+
PermitRootLogin yes # allow it to enable OVH to connect to your server
|
27
|
+
StrictModes yes
|
28
|
+
|
29
|
+
RSAAuthentication yes
|
30
|
+
PubkeyAuthentication yes
|
31
|
+
AuthorizedKeysFile .ssh/authorized_keys2
|
32
|
+
UsePam yes
|
33
|
+
|
34
|
+
# Don't read the user's ~/.rhosts and ~/.shosts files
|
35
|
+
IgnoreRhosts yes
|
36
|
+
# For this to work you will also need host keys in /etc/ssh_known_hosts
|
37
|
+
RhostsRSAAuthentication no
|
38
|
+
# similar for protocol version 2
|
39
|
+
HostbasedAuthentication no
|
40
|
+
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|
41
|
+
#IgnoreUserKnownHosts yes
|
42
|
+
|
43
|
+
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
44
|
+
PermitEmptyPasswords no
|
45
|
+
|
46
|
+
# Change to yes to enable challenge-response passwords (beware issues with
|
47
|
+
# some PAM modules and threads)
|
48
|
+
ChallengeResponseAuthentication no
|
49
|
+
|
50
|
+
# Change to no to disable tunnelled clear text passwords
|
51
|
+
PasswordAuthentication no
|
52
|
+
|
53
|
+
# Kerberos options
|
54
|
+
#KerberosAuthentication no
|
55
|
+
#KerberosGetAFSToken no
|
56
|
+
#KerberosOrLocalPasswd yes
|
57
|
+
#KerberosTicketCleanup yes
|
58
|
+
|
59
|
+
# GSSAPI options
|
60
|
+
GSSAPIAuthentication no
|
61
|
+
#GSSAPICleanupCredentials yes
|
62
|
+
|
63
|
+
X11Forwarding no
|
64
|
+
X11DisplayOffset 10
|
65
|
+
PrintMotd no
|
66
|
+
PrintLastLog yes
|
67
|
+
KeepAlive yes
|
68
|
+
#UseLogin no
|
69
|
+
|
70
|
+
#MaxStartups 10:30:60
|
71
|
+
#Banner /etc/issue.net
|
72
|
+
|
73
|
+
# Allow client to pass locale environment variables
|
74
|
+
AcceptEnv LANG LC_*
|
75
|
+
|
76
|
+
Subsystem sftp /usr/lib/openssh/sftp-server
|
77
|
+
|
78
|
+
UseDNS no
|
79
|
+
|
80
|
+
AllowUsers <%= user %>
|
@@ -0,0 +1,17 @@
|
|
1
|
+
<VirtualHost *:80>
|
2
|
+
|
3
|
+
# Admin email, Server Name (domain name) and any aliases
|
4
|
+
ServerAdmin <%= server_admin %>
|
5
|
+
ServerName <%= server_name %>
|
6
|
+
ServerAlias <%= server_alias %>
|
7
|
+
|
8
|
+
# Index file and Document Root (where the public files are located)
|
9
|
+
DirectoryIndex <%= directory_index %>
|
10
|
+
DocumentRoot /home/<%= user %>/websites/<%= server_name %>/public
|
11
|
+
|
12
|
+
# Custom log file locations
|
13
|
+
LogLevel warn
|
14
|
+
ErrorLog /home/<%= user %>/websites/<%= server_name %>/logs/error.log
|
15
|
+
CustomLog /home/<%= user %>/websites/<%= server_name %>/logs/access.log combined
|
16
|
+
|
17
|
+
</VirtualHost>
|
@@ -0,0 +1,24 @@
|
|
1
|
+
namespace :utils do
|
2
|
+
|
3
|
+
desc "Reboot the system."
|
4
|
+
task :reboot, :roles => :gateway do
|
5
|
+
sure = Capistrano::CLI.ui.ask("Are you sure you want to reboot now? (y/n) : ")
|
6
|
+
sudo "reboot" if sure=="y"
|
7
|
+
end
|
8
|
+
|
9
|
+
desc "Force a reboot of the system."
|
10
|
+
task :force_reboot, :roles => :gateway do
|
11
|
+
sudo "reboot"
|
12
|
+
end
|
13
|
+
|
14
|
+
desc "Show the amount of free disk space."
|
15
|
+
task :disk_space, :roles => :gateway do
|
16
|
+
run "df -h /"
|
17
|
+
end
|
18
|
+
|
19
|
+
desc "Display amount of free and used memory in the system."
|
20
|
+
task :free, :roles => :gateway do
|
21
|
+
run "free -m"
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
metadata
ADDED
@@ -0,0 +1,84 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: suitmymind-ubuntu-machine
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.2
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Thomas Balthazar
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2008-10-01 00:00:00 -07:00
|
13
|
+
default_executable:
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: capistrano
|
17
|
+
version_requirement:
|
18
|
+
version_requirements: !ruby/object:Gem::Requirement
|
19
|
+
requirements:
|
20
|
+
- - ">"
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 2.5.2
|
23
|
+
version:
|
24
|
+
description: Capistrano recipes for setting up and deploying to a Ubuntu Machine
|
25
|
+
email: thomas@suitmymind.com
|
26
|
+
executables: []
|
27
|
+
|
28
|
+
extensions: []
|
29
|
+
|
30
|
+
extra_rdoc_files: []
|
31
|
+
|
32
|
+
files:
|
33
|
+
- README
|
34
|
+
- MIT-LICENSE
|
35
|
+
- lib/capistrano/ext/ubuntu-machine.rb
|
36
|
+
- lib/capistrano/ext/ubuntu-machine
|
37
|
+
- lib/capistrano/ext/ubuntu-machine/ruby.rb
|
38
|
+
- lib/capistrano/ext/ubuntu-machine/gems.rb
|
39
|
+
- lib/capistrano/ext/ubuntu-machine/git.rb
|
40
|
+
- lib/capistrano/ext/ubuntu-machine/aptitude.rb
|
41
|
+
- lib/capistrano/ext/ubuntu-machine/php.rb
|
42
|
+
- lib/capistrano/ext/ubuntu-machine/ssh.rb
|
43
|
+
- lib/capistrano/ext/ubuntu-machine/machine.rb
|
44
|
+
- lib/capistrano/ext/ubuntu-machine/render.rb
|
45
|
+
- lib/capistrano/ext/ubuntu-machine/apache.rb
|
46
|
+
- lib/capistrano/ext/ubuntu-machine/iptables.rb
|
47
|
+
- lib/capistrano/ext/ubuntu-machine/mysql.rb
|
48
|
+
- lib/capistrano/ext/ubuntu-machine/templates
|
49
|
+
- lib/capistrano/ext/ubuntu-machine/templates/apache2.erb
|
50
|
+
- lib/capistrano/ext/ubuntu-machine/templates/passenger.conf.erb
|
51
|
+
- lib/capistrano/ext/ubuntu-machine/templates/vhost.erb
|
52
|
+
- lib/capistrano/ext/ubuntu-machine/templates/passenger.load.erb
|
53
|
+
- lib/capistrano/ext/ubuntu-machine/templates/sshd_config.erb
|
54
|
+
- lib/capistrano/ext/ubuntu-machine/templates/iptables.erb
|
55
|
+
- lib/capistrano/ext/ubuntu-machine/templates/new_db.erb
|
56
|
+
- lib/capistrano/ext/ubuntu-machine/utils.rb
|
57
|
+
has_rdoc: false
|
58
|
+
homepage: http://suitmymind.github.com/ubuntu-machine
|
59
|
+
post_install_message:
|
60
|
+
rdoc_options: []
|
61
|
+
|
62
|
+
require_paths:
|
63
|
+
- lib
|
64
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: "0"
|
69
|
+
version:
|
70
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - ">="
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: "0"
|
75
|
+
version:
|
76
|
+
requirements: []
|
77
|
+
|
78
|
+
rubyforge_project:
|
79
|
+
rubygems_version: 1.2.0
|
80
|
+
signing_key:
|
81
|
+
specification_version: 2
|
82
|
+
summary: Capistrano recipes for setting up and deploying to a Ubuntu Machine
|
83
|
+
test_files: []
|
84
|
+
|