suitmymind-ubuntu-machine 0.4.0 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- metadata +5 -27
- data/MIT-LICENSE +0 -20
- data/README +0 -9
- data/lib/capistrano/ext/ubuntu-machine/apache.rb +0 -118
- data/lib/capistrano/ext/ubuntu-machine/aptitude.rb +0 -95
- data/lib/capistrano/ext/ubuntu-machine/gems.rb +0 -39
- data/lib/capistrano/ext/ubuntu-machine/git.rb +0 -15
- data/lib/capistrano/ext/ubuntu-machine/helpers.rb +0 -36
- data/lib/capistrano/ext/ubuntu-machine/iptables.rb +0 -20
- data/lib/capistrano/ext/ubuntu-machine/machine.rb +0 -40
- data/lib/capistrano/ext/ubuntu-machine/mysql.rb +0 -63
- data/lib/capistrano/ext/ubuntu-machine/php.rb +0 -8
- data/lib/capistrano/ext/ubuntu-machine/ruby.rb +0 -69
- data/lib/capistrano/ext/ubuntu-machine/ssh.rb +0 -64
- data/lib/capistrano/ext/ubuntu-machine/templates/apache2.erb +0 -7
- data/lib/capistrano/ext/ubuntu-machine/templates/iptables.erb +0 -46
- data/lib/capistrano/ext/ubuntu-machine/templates/new_db.erb +0 -5
- data/lib/capistrano/ext/ubuntu-machine/templates/passenger.conf.erb +0 -2
- data/lib/capistrano/ext/ubuntu-machine/templates/passenger.load.erb +0 -1
- data/lib/capistrano/ext/ubuntu-machine/templates/sshd_config.erb +0 -80
- data/lib/capistrano/ext/ubuntu-machine/templates/vhost.erb +0 -17
- data/lib/capistrano/ext/ubuntu-machine/utils.rb +0 -40
- data/lib/capistrano/ext/ubuntu-machine.rb +0 -7
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: suitmymind-ubuntu-machine
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Thomas Balthazar
|
@@ -9,11 +9,12 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-02-
|
12
|
+
date: 2009-02-26 00:00:00 -08:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: capistrano
|
17
|
+
type: :runtime
|
17
18
|
version_requirement:
|
18
19
|
version_requirements: !ruby/object:Gem::Requirement
|
19
20
|
requirements:
|
@@ -29,31 +30,8 @@ extensions: []
|
|
29
30
|
|
30
31
|
extra_rdoc_files: []
|
31
32
|
|
32
|
-
files:
|
33
|
-
|
34
|
-
- MIT-LICENSE
|
35
|
-
- lib/capistrano/ext/ubuntu-machine.rb
|
36
|
-
- lib/capistrano/ext/ubuntu-machine
|
37
|
-
- lib/capistrano/ext/ubuntu-machine/helpers.rb
|
38
|
-
- lib/capistrano/ext/ubuntu-machine/ruby.rb
|
39
|
-
- lib/capistrano/ext/ubuntu-machine/gems.rb
|
40
|
-
- lib/capistrano/ext/ubuntu-machine/git.rb
|
41
|
-
- lib/capistrano/ext/ubuntu-machine/aptitude.rb
|
42
|
-
- lib/capistrano/ext/ubuntu-machine/php.rb
|
43
|
-
- lib/capistrano/ext/ubuntu-machine/ssh.rb
|
44
|
-
- lib/capistrano/ext/ubuntu-machine/machine.rb
|
45
|
-
- lib/capistrano/ext/ubuntu-machine/apache.rb
|
46
|
-
- lib/capistrano/ext/ubuntu-machine/iptables.rb
|
47
|
-
- lib/capistrano/ext/ubuntu-machine/mysql.rb
|
48
|
-
- lib/capistrano/ext/ubuntu-machine/templates
|
49
|
-
- lib/capistrano/ext/ubuntu-machine/templates/apache2.erb
|
50
|
-
- lib/capistrano/ext/ubuntu-machine/templates/passenger.conf.erb
|
51
|
-
- lib/capistrano/ext/ubuntu-machine/templates/vhost.erb
|
52
|
-
- lib/capistrano/ext/ubuntu-machine/templates/passenger.load.erb
|
53
|
-
- lib/capistrano/ext/ubuntu-machine/templates/sshd_config.erb
|
54
|
-
- lib/capistrano/ext/ubuntu-machine/templates/iptables.erb
|
55
|
-
- lib/capistrano/ext/ubuntu-machine/templates/new_db.erb
|
56
|
-
- lib/capistrano/ext/ubuntu-machine/utils.rb
|
33
|
+
files: []
|
34
|
+
|
57
35
|
has_rdoc: false
|
58
36
|
homepage: http://suitmymind.github.com/ubuntu-machine
|
59
37
|
post_install_message:
|
data/MIT-LICENSE
DELETED
@@ -1,20 +0,0 @@
|
|
1
|
-
Copyright (c) 2008 Thomas Balthazar
|
2
|
-
|
3
|
-
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
-
a copy of this software and associated documentation files (the
|
5
|
-
"Software"), to deal in the Software without restriction, including
|
6
|
-
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
-
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
-
permit persons to whom the Software is furnished to do so, subject to
|
9
|
-
the following conditions:
|
10
|
-
|
11
|
-
The above copyright notice and this permission notice shall be
|
12
|
-
included in all copies or substantial portions of the Software.
|
13
|
-
|
14
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
-
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
-
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
-
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
-
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
-
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
-
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README
DELETED
@@ -1,118 +0,0 @@
|
|
1
|
-
namespace :apache do
|
2
|
-
desc "Install Apache"
|
3
|
-
task :install, :roles => :web do
|
4
|
-
sudo "aptitude install apache2 apache2.2-common apache2-mpm-prefork apache2-utils libexpat1 ssl-cert -y"
|
5
|
-
|
6
|
-
run "cat /etc/apache2/apache2.conf > ~/apache2.conf.tmp"
|
7
|
-
put render("apache2", binding), "apache2.append.conf.tmp"
|
8
|
-
run "cat apache2.append.conf.tmp >> ~/apache2.conf.tmp"
|
9
|
-
sudo "mv ~/apache2.conf.tmp /etc/apache2/apache2.conf"
|
10
|
-
run "rm apache2.append.conf.tmp"
|
11
|
-
restart
|
12
|
-
end
|
13
|
-
|
14
|
-
desc "Restarts Apache webserver"
|
15
|
-
task :restart, :roles => :web do
|
16
|
-
sudo "/etc/init.d/apache2 restart"
|
17
|
-
end
|
18
|
-
|
19
|
-
desc "Starts Apache webserver"
|
20
|
-
task :start, :roles => :web do
|
21
|
-
sudo "/etc/init.d/apache2 start"
|
22
|
-
end
|
23
|
-
|
24
|
-
desc "Stops Apache webserver"
|
25
|
-
task :stop, :roles => :web do
|
26
|
-
sudo "/etc/init.d/apache2 stop"
|
27
|
-
end
|
28
|
-
|
29
|
-
desc "Reload Apache webserver"
|
30
|
-
task :reload, :roles => :web do
|
31
|
-
sudo "/etc/init.d/apache2 reload"
|
32
|
-
end
|
33
|
-
|
34
|
-
desc "Force reload Apache webserver"
|
35
|
-
task :force_reload, :roles => :web do
|
36
|
-
sudo "/etc/init.d/apache2 force-reload"
|
37
|
-
end
|
38
|
-
|
39
|
-
desc "List enabled Apache sites"
|
40
|
-
task :enabled_sites, :roles => :web do
|
41
|
-
run "ls /etc/apache2/sites-enabled"
|
42
|
-
end
|
43
|
-
|
44
|
-
desc "List available Apache sites"
|
45
|
-
task :available_sites, :roles => :web do
|
46
|
-
run "ls /etc/apache2/sites-available"
|
47
|
-
end
|
48
|
-
|
49
|
-
desc "List enabled Apache modules"
|
50
|
-
task :enabled_modules, :roles => :web do
|
51
|
-
run "ls /etc/apache2/mods-enabled"
|
52
|
-
end
|
53
|
-
|
54
|
-
desc "List available Apache modules"
|
55
|
-
task :available_modules, :roles => :web do
|
56
|
-
run "ls /etc/apache2/mods-available"
|
57
|
-
end
|
58
|
-
|
59
|
-
desc "Disable Apache site"
|
60
|
-
task :disable_site, :roles => :web do
|
61
|
-
site = Capistrano::CLI.ui.ask("Which site should we disable: ")
|
62
|
-
sudo "sudo a2dissite #{site}"
|
63
|
-
reload
|
64
|
-
end
|
65
|
-
|
66
|
-
desc "Enable Apache site"
|
67
|
-
task :enable_site, :roles => :web do
|
68
|
-
site = Capistrano::CLI.ui.ask("Which site should we enable: ")
|
69
|
-
sudo "sudo a2ensite #{site}"
|
70
|
-
reload
|
71
|
-
end
|
72
|
-
|
73
|
-
desc "Disable Apache module"
|
74
|
-
task :disable_module, :roles => :web do
|
75
|
-
mod = Capistrano::CLI.ui.ask("Which module should we disable: ")
|
76
|
-
sudo "sudo a2dismod #{mod}"
|
77
|
-
force_reload
|
78
|
-
end
|
79
|
-
|
80
|
-
desc "Enable Apache module"
|
81
|
-
task :enable_module, :roles => :web do
|
82
|
-
mod = Capistrano::CLI.ui.ask("Which module should we enable: ")
|
83
|
-
sudo "sudo a2enmod #{mod}"
|
84
|
-
force_reload
|
85
|
-
end
|
86
|
-
|
87
|
-
desc "Create a new website"
|
88
|
-
task :create_website, :roles => :web do
|
89
|
-
server_admin = Capistrano::CLI.ui.ask("Server admin (#{default_server_admin}) if blank : ")
|
90
|
-
server_admin = default_server_admin if server_admin.empty?
|
91
|
-
server_name = Capistrano::CLI.ui.ask("Server name : ")
|
92
|
-
server_alias = Capistrano::CLI.ui.ask("Server alias : ")
|
93
|
-
directory_index = Capistrano::CLI.ui.ask("Directory index (#{default_directory_index}) if blank : ")
|
94
|
-
directory_index = default_directory_index if directory_index.empty?
|
95
|
-
|
96
|
-
# Website skeleton
|
97
|
-
%w{backup cap cgi-bin logs private public tmp}.each { |d|
|
98
|
-
run "mkdir -p /home/#{user}/websites/#{server_name}/#{d}"
|
99
|
-
}
|
100
|
-
|
101
|
-
put render("vhost", binding), server_name
|
102
|
-
sudo "mv #{server_name} /etc/apache2/sites-available/#{server_name}"
|
103
|
-
sudo "sudo a2ensite #{server_name}"
|
104
|
-
reload
|
105
|
-
end
|
106
|
-
|
107
|
-
desc "Delete a website (! delete all file and folders)"
|
108
|
-
task :delete_website, :roles => :web do
|
109
|
-
server_name = Capistrano::CLI.ui.ask("Server name you want to delete : ")
|
110
|
-
sure = Capistrano::CLI.ui.ask("Are you sure you want to delete #{server_name} and all its files? (y/n) : ")
|
111
|
-
if sure=="y"
|
112
|
-
sudo "sudo a2dissite #{server_name}"
|
113
|
-
sudo "rm /etc/apache2/sites-available/#{server_name}"
|
114
|
-
sudo "rm -Rf /home/#{user}/websites/#{server_name}"
|
115
|
-
reload
|
116
|
-
end
|
117
|
-
end
|
118
|
-
end
|
@@ -1,95 +0,0 @@
|
|
1
|
-
namespace :aptitude do
|
2
|
-
desc <<-DESC
|
3
|
-
Updates your software package list. This will not "upgrade" any of your \
|
4
|
-
installed software.
|
5
|
-
|
6
|
-
See "Update" section on \
|
7
|
-
http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
|
8
|
-
DESC
|
9
|
-
task :update, :roles => :app do
|
10
|
-
sudo "aptitude update"
|
11
|
-
end
|
12
|
-
|
13
|
-
desc "Alias for 'aptitude:safe_upgrade'"
|
14
|
-
task :upgrade, :roles => :app do
|
15
|
-
safe_upgrade
|
16
|
-
end
|
17
|
-
|
18
|
-
desc <<-DESC
|
19
|
-
Upgrades your installed software packages.
|
20
|
-
|
21
|
-
From the aptitude man pages:
|
22
|
-
|
23
|
-
This command will upgrade as many packages as it can upgrade without \
|
24
|
-
removing existing packages or installing new ones.
|
25
|
-
|
26
|
-
It is sometimes necessary to remove or install one package in order to \
|
27
|
-
upgrade another; this command is not able to upgrade packages in such \
|
28
|
-
situations. Use the full-upgrade to upgrade those packages as well.
|
29
|
-
|
30
|
-
See "Upgrade" section on \
|
31
|
-
http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
|
32
|
-
DESC
|
33
|
-
task :safe_upgrade, :roles => :app do
|
34
|
-
# sudo "aptitude safe-upgrade -y", :pty => true
|
35
|
-
|
36
|
-
# By default, OVH replace the original /etc/issue. The safe_upgrade will then ask \
|
37
|
-
# if it must overwrite this file, since it has been modified by OVH. \
|
38
|
-
# data =~ /^\*\*\*\sissue/ looks for the interactive prompt to enable you to answer
|
39
|
-
sudo 'aptitude hold console-setup -y'
|
40
|
-
sudo_and_watch_prompt("aptitude safe-upgrade -y", /^\*\*\*\sissue/)
|
41
|
-
end
|
42
|
-
|
43
|
-
desc <<-DESC
|
44
|
-
Upgrades your installed software packages.
|
45
|
-
|
46
|
-
From the aptitude man pages:
|
47
|
-
|
48
|
-
Like safe-upgrade, this command will attempt to upgrade packages, but it is \
|
49
|
-
more aggressive about solving dependency problems: it will install and \
|
50
|
-
remove packages until all dependencies are satisfied. Because of the nature \
|
51
|
-
of this command, it is possible that it will do undesirable things, and so \
|
52
|
-
you should be careful when using it.
|
53
|
-
|
54
|
-
See "Upgrade" section on \
|
55
|
-
http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
|
56
|
-
DESC
|
57
|
-
task :full_upgrade, :roles => :app do
|
58
|
-
sudo "aptitude full-upgrade -y"
|
59
|
-
end
|
60
|
-
|
61
|
-
desc <<-DESC
|
62
|
-
Installs a software package via aptitude. You will be prompted for the \
|
63
|
-
package name after running this commmand.
|
64
|
-
DESC
|
65
|
-
task :install, :roles => :app do
|
66
|
-
package = Capistrano::CLI.ui.ask("Which package should we install: ")
|
67
|
-
sudo "aptitude install #{package}"
|
68
|
-
end
|
69
|
-
|
70
|
-
desc <<-DESC
|
71
|
-
Uninstalls a software package via aptitude. You will be prompted for the \
|
72
|
-
package name after running this commmand.
|
73
|
-
DESC
|
74
|
-
task :uninstall, :roles => :app do
|
75
|
-
package = Capistrano::CLI.ui.ask("Which package should we uninstall: ")
|
76
|
-
sudo "aptitude remove #{package}"
|
77
|
-
end
|
78
|
-
|
79
|
-
desc <<-DESC
|
80
|
-
Updates software packages and creates "a solid base for the 'meat' of the \
|
81
|
-
server". This task should be run only once when you are first setting up your \
|
82
|
-
new slice.
|
83
|
-
|
84
|
-
See "Update", "locales", "Upgrade" and "build essentials" sections on \
|
85
|
-
http://articles.slicehost.com/2007/11/6/ubuntu-gutsy-setup-page-2
|
86
|
-
DESC
|
87
|
-
task :setup, :roles => :app do
|
88
|
-
update
|
89
|
-
sudo "locale-gen en_GB.UTF-8"
|
90
|
-
sudo "/usr/sbin/update-locale LANG=en_GB.UTF-8"
|
91
|
-
safe_upgrade
|
92
|
-
full_upgrade
|
93
|
-
sudo "aptitude install -y build-essential"
|
94
|
-
end
|
95
|
-
end
|
@@ -1,39 +0,0 @@
|
|
1
|
-
namespace :gems do
|
2
|
-
desc "Install RubyGems"
|
3
|
-
task :install_rubygems, :roles => :app do
|
4
|
-
run "curl -LO http://rubyforge.org/frs/download.php/45905/rubygems-#{rubygem_version}.tgz"
|
5
|
-
run "tar xvzf rubygems-#{rubygem_version}.tgz"
|
6
|
-
run "cd rubygems-#{rubygem_version} && sudo ruby setup.rb"
|
7
|
-
sudo "ln -s /usr/bin/gem1.8 /usr/bin/gem"
|
8
|
-
sudo "gem update"
|
9
|
-
sudo "gem update --system"
|
10
|
-
run "rm -Rf rubygems-#{rubygem_version}*"
|
11
|
-
end
|
12
|
-
|
13
|
-
desc "List gems on remote server"
|
14
|
-
task :list, :roles => :app do
|
15
|
-
stream "gem list"
|
16
|
-
end
|
17
|
-
|
18
|
-
desc "Update gems on remote server"
|
19
|
-
task :update, :roles => :app do
|
20
|
-
sudo "gem update"
|
21
|
-
end
|
22
|
-
|
23
|
-
desc "Update gem system on remote server"
|
24
|
-
task :update_system, :roles => :app do
|
25
|
-
sudo "gem update --system"
|
26
|
-
end
|
27
|
-
|
28
|
-
desc "Install a gem on the remote server"
|
29
|
-
task :install, :roles => :app do
|
30
|
-
name = Capistrano::CLI.ui.ask("Which gem should we install: ")
|
31
|
-
sudo "gem install #{name}"
|
32
|
-
end
|
33
|
-
|
34
|
-
desc "Uninstall a gem on the remote server"
|
35
|
-
task :uninstall, :roles => :app do
|
36
|
-
name = Capistrano::CLI.ui.ask("Which gem should we uninstall: ")
|
37
|
-
sudo "gem uninstall #{name}"
|
38
|
-
end
|
39
|
-
end
|
@@ -1,15 +0,0 @@
|
|
1
|
-
namespace :git do
|
2
|
-
desc "Install git"
|
3
|
-
task :install, :roles => :app do
|
4
|
-
sudo "sudo apt-get build-dep git-core -y"
|
5
|
-
run "curl -O http://kernel.org/pub/software/scm/git/#{git_version}.tar.gz"
|
6
|
-
run "tar xvzf #{git_version}.tar.gz"
|
7
|
-
run "cd #{git_version}"
|
8
|
-
run "cd #{git_version} && ./configure"
|
9
|
-
run "cd #{git_version} && make"
|
10
|
-
run "cd #{git_version} && sudo make install"
|
11
|
-
run "rm #{git_version}.tar.gz"
|
12
|
-
run "rm -Rf #{git_version}"
|
13
|
-
end
|
14
|
-
|
15
|
-
end
|
@@ -1,36 +0,0 @@
|
|
1
|
-
require 'erb'
|
2
|
-
|
3
|
-
# render a template
|
4
|
-
def render(file, binding)
|
5
|
-
template = File.read("#{File.dirname(__FILE__)}/templates/#{file}.erb")
|
6
|
-
result = ERB.new(template).result(binding)
|
7
|
-
end
|
8
|
-
|
9
|
-
# allows to sudo a command which require the user input via the prompt
|
10
|
-
def sudo_and_watch_prompt(cmd, regex_to_watch)
|
11
|
-
sudo cmd, :pty => true do |ch, stream, data|
|
12
|
-
watch_prompt(ch, stream, data, regex_to_watch)
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
# allows to run a command which require the user input via the prompt
|
17
|
-
def run_and_watch_prompt(cmd, regex_to_watch)
|
18
|
-
run cmd, :pty => true do |ch, stream, data|
|
19
|
-
watch_prompt(ch, stream, data, regex_to_watch)
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
# utility method called by sudo_and_watch_prompt and run_and_watch_prompt
|
24
|
-
def watch_prompt(ch, stream, data, regex_to_watch)
|
25
|
-
|
26
|
-
# the regex can be an array or a single regex -> we force it to always be an array with [*xx]
|
27
|
-
if [*regex_to_watch].find { |regex| data =~ regex}
|
28
|
-
# prompt, and then send the response to the remote process
|
29
|
-
ch.send_data(Capistrano::CLI.password_prompt(data) + "\n")
|
30
|
-
else
|
31
|
-
# use the default handler for all other text
|
32
|
-
Capistrano::Configuration.default_io_proc.call(ch, stream, data)
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
|
@@ -1,20 +0,0 @@
|
|
1
|
-
namespace :iptables do
|
2
|
-
desc <<-DESC
|
3
|
-
Harden iptables configuration. Only allows ssh, http, and https connections and packets from SAN.
|
4
|
-
|
5
|
-
See "iptables" section on \
|
6
|
-
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
7
|
-
DESC
|
8
|
-
task :configure, :roles => :gateway do
|
9
|
-
sudo "aptitude install iptables -y"
|
10
|
-
put render("iptables", binding), "iptables.up.rules"
|
11
|
-
sudo "mv iptables.up.rules /etc/iptables.up.rules"
|
12
|
-
|
13
|
-
sudo "iptables-restore < /etc/iptables.up.rules"
|
14
|
-
|
15
|
-
# ensure that the iptables rules are applied when we reboot the server
|
16
|
-
run "cat /etc/network/interfaces > ~/tmp_interfaces"
|
17
|
-
run "echo 'pre-up iptables-restore < /etc/iptables.up.rules' >> ~/tmp_interfaces"
|
18
|
-
sudo "mv ~/tmp_interfaces /etc/network/interfaces"
|
19
|
-
end
|
20
|
-
end
|
@@ -1,40 +0,0 @@
|
|
1
|
-
namespace :machine do
|
2
|
-
|
3
|
-
desc "Change the root password, create a new user and allow him to sudo and to SSH"
|
4
|
-
task :initial_setup do
|
5
|
-
set :user_to_create , user
|
6
|
-
set :user, 'root'
|
7
|
-
|
8
|
-
run_and_watch_prompt("passwd", [/Enter new UNIX password/, /Retype new UNIX password:/])
|
9
|
-
|
10
|
-
run_and_watch_prompt("adduser #{user_to_create}", [/Enter new UNIX password/, /Retype new UNIX password:/, /\[\]\:/, /\[y\/N\]/i])
|
11
|
-
|
12
|
-
run "echo '#{user_to_create} ALL=(ALL)ALL' >> /etc/sudoers"
|
13
|
-
run "echo 'AllowUsers #{user_to_create}' >> /etc/ssh/sshd_config"
|
14
|
-
run "/etc/init.d/ssh reload"
|
15
|
-
end
|
16
|
-
|
17
|
-
task :configure do
|
18
|
-
ssh.setup
|
19
|
-
iptables.configure
|
20
|
-
aptitude.setup
|
21
|
-
end
|
22
|
-
|
23
|
-
task :install_dev_tools do
|
24
|
-
mysql.install
|
25
|
-
apache.install
|
26
|
-
ruby.install
|
27
|
-
gems.install_rubygems
|
28
|
-
ruby.install_enterprise
|
29
|
-
ruby.install_passenger
|
30
|
-
git.install
|
31
|
-
php.install
|
32
|
-
end
|
33
|
-
|
34
|
-
desc = "Ask for a user and change his password"
|
35
|
-
task :change_password do
|
36
|
-
user_to_update = Capistrano::CLI.ui.ask("Name of the user whose you want to update the password : ")
|
37
|
-
|
38
|
-
run_and_watch_prompt("passwd #{user_to_update}", [/Enter new UNIX password/, /Retype new UNIX password:/])
|
39
|
-
end
|
40
|
-
end
|
@@ -1,63 +0,0 @@
|
|
1
|
-
#TODO : change root password
|
2
|
-
|
3
|
-
namespace :mysql do
|
4
|
-
desc "Restarts MySQL database server"
|
5
|
-
task :restart, :roles => :db do
|
6
|
-
sudo "/etc/init.d/mysql restart"
|
7
|
-
end
|
8
|
-
|
9
|
-
desc "Starts MySQL database server"
|
10
|
-
task :start, :roles => :db do
|
11
|
-
sudo "/etc/init.d/mysql start"
|
12
|
-
end
|
13
|
-
|
14
|
-
desc "Stops MySQL database server"
|
15
|
-
task :stop, :roles => :db do
|
16
|
-
sudo "/etc/init.d/mysql stop"
|
17
|
-
end
|
18
|
-
|
19
|
-
desc "Export MySQL database"
|
20
|
-
task :export, :roles => :db do
|
21
|
-
database = Capistrano::CLI.ui.ask("Which database should we export: ")
|
22
|
-
sudo_and_watch_prompt("mysqldump -u root -p #{database} > #{database}.sql", /Enter\spassword/)
|
23
|
-
download "#{database}.sql", "#{default_local_files_path}/database.sql"
|
24
|
-
run "rm #{database}.sql"
|
25
|
-
end
|
26
|
-
|
27
|
-
desc "Create a new MySQL database, a new MySQL user, and load a local MySQL dump file"
|
28
|
-
task :create_database, :roles => :db do
|
29
|
-
db_root_password = Capistrano::CLI.ui.ask("MySQL root password : ")
|
30
|
-
db_name = Capistrano::CLI.ui.ask("Which database should we create: ")
|
31
|
-
db_username = Capistrano::CLI.ui.ask("Which database username should we create: ")
|
32
|
-
db_user_password = Capistrano::CLI.ui.ask("Choose a password for the new database username: ")
|
33
|
-
file_to_upload = Capistrano::CLI.ui.ask("Do you want to import a database file? (y/n) : ")
|
34
|
-
if file_to_upload == "y"
|
35
|
-
file = Capistrano::CLI.ui.ask("Which database file should we import (it must be located in #{default_local_files_path}): ")
|
36
|
-
upload "#{default_local_files_path}/#{file}", "#{file}"
|
37
|
-
end
|
38
|
-
create_db_tmp_file = "create_#{db_name}.sql"
|
39
|
-
put render("new_db", binding), create_db_tmp_file
|
40
|
-
run "mysql -u root -p#{db_root_password} < #{create_db_tmp_file}"
|
41
|
-
if file_to_upload == "y"
|
42
|
-
run "mysql -u root -p#{db_root_password} #{db_name} < #{file}"
|
43
|
-
run "rm #{file}"
|
44
|
-
end
|
45
|
-
run "rm #{create_db_tmp_file}"
|
46
|
-
end
|
47
|
-
|
48
|
-
desc "Install MySQL"
|
49
|
-
task :install, :roles => :db do
|
50
|
-
db_root_password = Capistrano::CLI.ui.ask("Choose a MySQL root password : ")
|
51
|
-
sudo "aptitude install -y mysql-server mysql-client libmysqlclient15-dev"
|
52
|
-
run "mysqladmin -u root password #{db_root_password}"
|
53
|
-
end
|
54
|
-
|
55
|
-
desc "Ask for a MySQL user and change his password"
|
56
|
-
task :change_password, :roles => :db do
|
57
|
-
user_to_update = Capistrano::CLI.ui.ask("Name of the MySQL user whose you want to update the password : ")
|
58
|
-
old_password = Capistrano::CLI.ui.ask("Old password for #{user_to_update} : ")
|
59
|
-
new_password = Capistrano::CLI.ui.ask("New password for #{user_to_update} : ")
|
60
|
-
|
61
|
-
run "mysqladmin -u #{user_to_update} -p#{old_password} password \"#{new_password}\""
|
62
|
-
end
|
63
|
-
end
|
@@ -1,8 +0,0 @@
|
|
1
|
-
namespace :php do
|
2
|
-
desc "Install PHP 5"
|
3
|
-
task :install, :roles => :app do
|
4
|
-
sudo "aptitude install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl -y"
|
5
|
-
sudo "/etc/init.d/apache2 reload"
|
6
|
-
end
|
7
|
-
|
8
|
-
end
|
@@ -1,69 +0,0 @@
|
|
1
|
-
require 'net/http'
|
2
|
-
|
3
|
-
namespace :ruby do
|
4
|
-
desc "Install Ruby 1.8"
|
5
|
-
task :install, :roles => :app do
|
6
|
-
sudo "aptitude install -y ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8 libreadline-ruby1.8 libruby1.8 libopenssl-ruby sqlite3 libsqlite3-ruby1.8"
|
7
|
-
sudo "aptitude install -y libmysql-ruby1.8"
|
8
|
-
|
9
|
-
sudo "ln -s /usr/bin/ruby1.8 /usr/bin/ruby"
|
10
|
-
sudo "ln -s /usr/bin/ri1.8 /usr/bin/ri"
|
11
|
-
sudo "ln -s /usr/bin/rdoc1.8 /usr/bin/rdoc"
|
12
|
-
sudo "ln -s /usr/bin/irb1.8 /usr/bin/irb"
|
13
|
-
end
|
14
|
-
|
15
|
-
|
16
|
-
set :ruby_enterprise_url do
|
17
|
-
Net::HTTP.get('www.rubyenterpriseedition.com', '/download.html').scan(/http:.*\.tar\.gz/).first
|
18
|
-
end
|
19
|
-
|
20
|
-
set :ruby_enterprise_version do
|
21
|
-
"#{ruby_enterprise_url[/(ruby-enterprise.*)(.tar.gz)/, 1]}"
|
22
|
-
end
|
23
|
-
|
24
|
-
desc "Install Ruby Enterpise Edition"
|
25
|
-
task :install_enterprise, :roles => :app do
|
26
|
-
sudo "apt-get install libssl-dev -y"
|
27
|
-
sudo "apt-get install libreadline5-dev -y"
|
28
|
-
|
29
|
-
run "test ! -d /opt/#{ruby_enterprise_version}"
|
30
|
-
# run "curl -LO http://rubyforge.org/frs/download.php/50087/#{ruby_enterprise_version}.tar.gz"
|
31
|
-
run "curl -LO #{ruby_enterprise_url}"
|
32
|
-
run "tar xzvf #{ruby_enterprise_version}.tar.gz"
|
33
|
-
run "rm #{ruby_enterprise_version}.tar.gz"
|
34
|
-
sudo "./#{ruby_enterprise_version}/installer --auto /opt/#{ruby_enterprise_version}"
|
35
|
-
sudo "rm -rf #{ruby_enterprise_version}/"
|
36
|
-
|
37
|
-
# create a "permanent" link to the current REE install
|
38
|
-
sudo "ln -s /opt/#{ruby_enterprise_version} /opt/ruby-enterprise"
|
39
|
-
|
40
|
-
# add REE bin to the path
|
41
|
-
run "cat /etc/environment > ~/environment.tmp"
|
42
|
-
run 'echo PATH="/opt/ruby-enterprise/bin:$PATH" >> ~/environment.tmp'
|
43
|
-
sudo 'mv ~/environment.tmp /etc/environment'
|
44
|
-
end
|
45
|
-
|
46
|
-
desc "Install Phusion Passenger"
|
47
|
-
task :install_passenger, :roles => :app do
|
48
|
-
# because passenger-install-apache2-module do not find the rake installed by REE
|
49
|
-
sudo "gem install rake"
|
50
|
-
|
51
|
-
sudo "apt-get install apache2-mpm-prefork -y"
|
52
|
-
sudo "aptitude install libapr1-dev -y"
|
53
|
-
sudo "apt-get install apache2-prefork-dev -y"
|
54
|
-
|
55
|
-
sudo "/opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/gem install passenger"
|
56
|
-
|
57
|
-
run "echo -en '\n\n\n\n\n' | sudo /opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/passenger-install-apache2-module"
|
58
|
-
|
59
|
-
put render("passenger.load", binding), "/home/#{user}/passenger.load"
|
60
|
-
put render("passenger.conf", binding), "/home/#{user}/passenger.conf"
|
61
|
-
|
62
|
-
sudo "mv /home/#{user}/passenger.load /etc/apache2/mods-available/"
|
63
|
-
sudo "mv /home/#{user}/passenger.conf /etc/apache2/mods-available/"
|
64
|
-
|
65
|
-
sudo "a2enmod passenger"
|
66
|
-
apache.force_reload
|
67
|
-
end
|
68
|
-
|
69
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
namespace :ssh do
|
2
|
-
|
3
|
-
desc <<-DESC
|
4
|
-
Setup SSH on the gateway host. Runs `upload_keys`, `install_ovh_ssh_key` AND \
|
5
|
-
`configure_sshd` then reloads the SSH service to finalize the changes.
|
6
|
-
DESC
|
7
|
-
task :setup, :roles => :gateway do
|
8
|
-
upload_keys
|
9
|
-
configure_sshd
|
10
|
-
install_ovh_ssh_key if ["ovh-rps", "ovh-dedie"].include?(hosting_provider)
|
11
|
-
reload
|
12
|
-
end
|
13
|
-
|
14
|
-
|
15
|
-
desc <<-DESC
|
16
|
-
Uploads your local public SSH keys to the server. A .ssh folder is created if \
|
17
|
-
one does not already exist. The SSH keys default to the ones set in \
|
18
|
-
Capistrano's ssh_options. You can change this by setting ssh_options[:keys] = \
|
19
|
-
["/home/user/.ssh/id_dsa"].
|
20
|
-
|
21
|
-
See "SSH copy" and "SSH Permissions" sections on \
|
22
|
-
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
23
|
-
DESC
|
24
|
-
task :upload_keys, :roles => :gateway do
|
25
|
-
run "mkdir -p ~/.ssh"
|
26
|
-
run "chown -R #{user}:#{user} ~/.ssh"
|
27
|
-
run "chmod 700 ~/.ssh"
|
28
|
-
|
29
|
-
authorized_keys = ssh_options[:keys].collect { |key| File.read("#{key}.pub") }.join("\n")
|
30
|
-
put authorized_keys, "./.ssh/authorized_keys2", :mode => 0600
|
31
|
-
end
|
32
|
-
|
33
|
-
desc <<-DESC
|
34
|
-
Configure SSH daemon with more secure settings recommended by Slicehost. The \
|
35
|
-
will be configured to run on the port configured in Capistrano's "ssh_options". \
|
36
|
-
This defaults to the standard SSH port 22. You can change this by setting \
|
37
|
-
ssh_options[:port] = 3000. Note that this change will not take affect until \
|
38
|
-
reload the SSH service with `cap ssh:reload`.
|
39
|
-
|
40
|
-
See "SSH config" section on \
|
41
|
-
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
42
|
-
DESC
|
43
|
-
task :configure_sshd, :roles => :gateway do
|
44
|
-
put render("sshd_config", binding), "sshd_config"
|
45
|
-
sudo "mv sshd_config /etc/ssh/sshd_config"
|
46
|
-
end
|
47
|
-
|
48
|
-
desc <<-DESC
|
49
|
-
Install OVH SSH Keys
|
50
|
-
DESC
|
51
|
-
task :install_ovh_ssh_key, :roles => :gateway do
|
52
|
-
sudo "wget ftp://ftp.ovh.net/made-in-ovh/cle-ssh-public/installer_la_cle.sh -O installer_la_cle.sh"
|
53
|
-
sudo "sh installer_la_cle.sh"
|
54
|
-
end
|
55
|
-
|
56
|
-
desc <<-DESC
|
57
|
-
Reload SSH service.
|
58
|
-
DESC
|
59
|
-
task :reload, :roles => :gateway do
|
60
|
-
sudo "/etc/init.d/ssh reload"
|
61
|
-
end
|
62
|
-
|
63
|
-
|
64
|
-
end
|
@@ -1,46 +0,0 @@
|
|
1
|
-
*filter
|
2
|
-
|
3
|
-
|
4
|
-
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
|
5
|
-
-A INPUT -i lo -j ACCEPT
|
6
|
-
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
|
7
|
-
|
8
|
-
|
9
|
-
# Accepts all established inbound connections
|
10
|
-
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
11
|
-
|
12
|
-
|
13
|
-
# Allows all outbound traffic
|
14
|
-
# You can modify this to only allow certain traffic
|
15
|
-
-A OUTPUT -j ACCEPT
|
16
|
-
|
17
|
-
|
18
|
-
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
|
19
|
-
-A INPUT -p tcp --dport 80 -j ACCEPT
|
20
|
-
-A INPUT -p tcp --dport 443 -j ACCEPT
|
21
|
-
|
22
|
-
|
23
|
-
# Allows SSH connections
|
24
|
-
#
|
25
|
-
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
|
26
|
-
#
|
27
|
-
-A INPUT -p tcp -m state --state NEW --dport <%= ssh_options[:port] %> -j ACCEPT
|
28
|
-
|
29
|
-
<% if hosting_provider=="ovh-rps" %>
|
30
|
-
# allow packets from SAN, only for ovh-rps
|
31
|
-
-A OUTPUT -p tcp --dport 3260 -j ACCEPT
|
32
|
-
<% end %>
|
33
|
-
|
34
|
-
# Allow ping
|
35
|
-
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
|
36
|
-
|
37
|
-
|
38
|
-
# log iptables denied calls
|
39
|
-
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
|
40
|
-
|
41
|
-
|
42
|
-
# Reject all other inbound - default deny unless explicitly allowed policy
|
43
|
-
-A INPUT -j REJECT
|
44
|
-
-A FORWARD -j REJECT
|
45
|
-
|
46
|
-
COMMIT
|
@@ -1,5 +0,0 @@
|
|
1
|
-
CREATE DATABASE `<%= db_name %>` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
|
2
|
-
CREATE USER '<%= db_username %>'@'localhost' IDENTIFIED BY '<%= db_user_password %>';
|
3
|
-
GRANT USAGE ON * . * TO '<%= db_username %>'@'localhost' IDENTIFIED BY '<%= db_user_password %>' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
|
4
|
-
GRANT ALL PRIVILEGES ON `<%= db_name %>` . * TO '<%= db_username %>'@'localhost' WITH GRANT OPTION ;
|
5
|
-
FLUSH PRIVILEGES ;
|
@@ -1 +0,0 @@
|
|
1
|
-
LoadModule passenger_module /opt/<%= ruby_enterprise_version %>/lib/ruby/gems/1.8/gems/passenger-<%= passenger_version %>/ext/apache2/mod_passenger.so
|
@@ -1,80 +0,0 @@
|
|
1
|
-
# Package generated configuration file
|
2
|
-
# See the sshd(8) manpage for details
|
3
|
-
|
4
|
-
# What ports, IPs and protocols we listen for
|
5
|
-
Port <%= ssh_options[:port] %>
|
6
|
-
# Use these options to restrict which interfaces/protocols sshd will bind to
|
7
|
-
#ListenAddress ::
|
8
|
-
#ListenAddress 0.0.0.0
|
9
|
-
Protocol 2
|
10
|
-
# HostKeys for protocol version 2
|
11
|
-
HostKey /etc/ssh/ssh_host_rsa_key
|
12
|
-
HostKey /etc/ssh/ssh_host_dsa_key
|
13
|
-
#Privilege Separation is turned on for security
|
14
|
-
UsePrivilegeSeparation yes
|
15
|
-
|
16
|
-
# Lifetime and size of ephemeral version 1 server key
|
17
|
-
KeyRegenerationInterval 3600
|
18
|
-
ServerKeyBits 768
|
19
|
-
|
20
|
-
# Logging
|
21
|
-
SyslogFacility AUTH
|
22
|
-
LogLevel INFO
|
23
|
-
|
24
|
-
# Authentication:
|
25
|
-
LoginGraceTime 120
|
26
|
-
PermitRootLogin yes # allow it to enable OVH to connect to your server
|
27
|
-
StrictModes yes
|
28
|
-
|
29
|
-
RSAAuthentication yes
|
30
|
-
PubkeyAuthentication yes
|
31
|
-
AuthorizedKeysFile .ssh/authorized_keys2
|
32
|
-
UsePam yes
|
33
|
-
|
34
|
-
# Don't read the user's ~/.rhosts and ~/.shosts files
|
35
|
-
IgnoreRhosts yes
|
36
|
-
# For this to work you will also need host keys in /etc/ssh_known_hosts
|
37
|
-
RhostsRSAAuthentication no
|
38
|
-
# similar for protocol version 2
|
39
|
-
HostbasedAuthentication no
|
40
|
-
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|
41
|
-
#IgnoreUserKnownHosts yes
|
42
|
-
|
43
|
-
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
44
|
-
PermitEmptyPasswords no
|
45
|
-
|
46
|
-
# Change to yes to enable challenge-response passwords (beware issues with
|
47
|
-
# some PAM modules and threads)
|
48
|
-
ChallengeResponseAuthentication no
|
49
|
-
|
50
|
-
# Change to no to disable tunnelled clear text passwords
|
51
|
-
PasswordAuthentication no
|
52
|
-
|
53
|
-
# Kerberos options
|
54
|
-
#KerberosAuthentication no
|
55
|
-
#KerberosGetAFSToken no
|
56
|
-
#KerberosOrLocalPasswd yes
|
57
|
-
#KerberosTicketCleanup yes
|
58
|
-
|
59
|
-
# GSSAPI options
|
60
|
-
GSSAPIAuthentication no
|
61
|
-
#GSSAPICleanupCredentials yes
|
62
|
-
|
63
|
-
X11Forwarding no
|
64
|
-
X11DisplayOffset 10
|
65
|
-
PrintMotd no
|
66
|
-
PrintLastLog yes
|
67
|
-
KeepAlive yes
|
68
|
-
#UseLogin no
|
69
|
-
|
70
|
-
#MaxStartups 10:30:60
|
71
|
-
#Banner /etc/issue.net
|
72
|
-
|
73
|
-
# Allow client to pass locale environment variables
|
74
|
-
AcceptEnv LANG LC_*
|
75
|
-
|
76
|
-
Subsystem sftp /usr/lib/openssh/sftp-server
|
77
|
-
|
78
|
-
UseDNS no
|
79
|
-
|
80
|
-
AllowUsers <%= user %>
|
@@ -1,17 +0,0 @@
|
|
1
|
-
<VirtualHost *:80>
|
2
|
-
|
3
|
-
# Admin email, Server Name (domain name) and any aliases
|
4
|
-
ServerAdmin <%= server_admin %>
|
5
|
-
ServerName <%= server_name %>
|
6
|
-
ServerAlias <%= server_alias %>
|
7
|
-
|
8
|
-
# Index file and Document Root (where the public files are located)
|
9
|
-
DirectoryIndex <%= directory_index %>
|
10
|
-
DocumentRoot /home/<%= user %>/websites/<%= server_name %>/public
|
11
|
-
|
12
|
-
# Custom log file locations
|
13
|
-
LogLevel warn
|
14
|
-
ErrorLog /home/<%= user %>/websites/<%= server_name %>/logs/error.log
|
15
|
-
CustomLog /home/<%= user %>/websites/<%= server_name %>/logs/access.log combined
|
16
|
-
|
17
|
-
</VirtualHost>
|
@@ -1,40 +0,0 @@
|
|
1
|
-
namespace :utils do
|
2
|
-
|
3
|
-
desc "Reboot the system."
|
4
|
-
task :reboot, :roles => :gateway do
|
5
|
-
sure = Capistrano::CLI.ui.ask("Are you sure you want to reboot now? (y/n) : ")
|
6
|
-
sudo "reboot" if sure=="y"
|
7
|
-
end
|
8
|
-
|
9
|
-
desc "Force a reboot of the system."
|
10
|
-
task :force_reboot, :roles => :gateway do
|
11
|
-
sudo "reboot"
|
12
|
-
end
|
13
|
-
|
14
|
-
desc "Show the amount of free disk space."
|
15
|
-
task :disk_space, :roles => :gateway do
|
16
|
-
run "df -h /"
|
17
|
-
end
|
18
|
-
|
19
|
-
desc "Display amount of free and used memory in the system."
|
20
|
-
task :free, :roles => :gateway do
|
21
|
-
run "free -m"
|
22
|
-
end
|
23
|
-
|
24
|
-
desc "Display passenger status information."
|
25
|
-
task :passenger_status, :roles => :gateway do
|
26
|
-
sudo "/opt/ruby-enterprise/bin/passenger-status"
|
27
|
-
end
|
28
|
-
|
29
|
-
desc "Display passenger memory usage information."
|
30
|
-
task :passenger_memory, :roles => :gateway do
|
31
|
-
sudo "/opt/ruby-enterprise/bin/passenger-memory-stats"
|
32
|
-
end
|
33
|
-
|
34
|
-
desc "Activate Phusion Passenger Enterprise Edition."
|
35
|
-
task :passenger_enterprise, :roles => :gateway do
|
36
|
-
|
37
|
-
sudo_and_watch_prompt("/opt/ruby-enterprise/bin/passenger-make-enterprisey", [/Key\:/, /again\:/])
|
38
|
-
end
|
39
|
-
|
40
|
-
end
|