ubuntu-machine 0.5.3.2.25
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/MIT-LICENSE +20 -0
- data/README +15 -0
- data/lib/capistrano/ext/ubuntu-machine.rb +30 -0
- data/lib/capistrano/ext/ubuntu-machine/apache.rb +118 -0
- data/lib/capistrano/ext/ubuntu-machine/aptitude.rb +99 -0
- data/lib/capistrano/ext/ubuntu-machine/extras.rb +39 -0
- data/lib/capistrano/ext/ubuntu-machine/ffmpeg.rb +43 -0
- data/lib/capistrano/ext/ubuntu-machine/gems.rb +41 -0
- data/lib/capistrano/ext/ubuntu-machine/git.rb +15 -0
- data/lib/capistrano/ext/ubuntu-machine/helpers.rb +36 -0
- data/lib/capistrano/ext/ubuntu-machine/iptables.rb +20 -0
- data/lib/capistrano/ext/ubuntu-machine/lmsensors.rb +26 -0
- data/lib/capistrano/ext/ubuntu-machine/machine.rb +50 -0
- data/lib/capistrano/ext/ubuntu-machine/mysql.rb +64 -0
- data/lib/capistrano/ext/ubuntu-machine/network.rb +42 -0
- data/lib/capistrano/ext/ubuntu-machine/ntp.rb +37 -0
- data/lib/capistrano/ext/ubuntu-machine/odbc.rb +44 -0
- data/lib/capistrano/ext/ubuntu-machine/php.rb +8 -0
- data/lib/capistrano/ext/ubuntu-machine/postfix.rb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/rails3.rb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/ruby.rb +86 -0
- data/lib/capistrano/ext/ubuntu-machine/ssh.rb +64 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/apache2.erb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/deflate.conf.erb +3 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/freetds.conf.erb +8 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/iptables.erb +46 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/my.cnf.erb +3 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/new_db.erb +5 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/ntp.conf.erb +16 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/ntpdate.erb +13 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/odbc.ini.erb +8 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/odbcinst.ini.erb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/passenger.conf.erb +2 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/passenger.load.erb +1 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/sources.jaunty.erb +55 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/sources.lucid.erb +22 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/sshd_config.erb +80 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/vhost.erb +17 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/vsftpd.conf.erb +158 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/xsendfile.load.erb +1 -0
- data/lib/capistrano/ext/ubuntu-machine/tmpfs.rb +17 -0
- data/lib/capistrano/ext/ubuntu-machine/utils.rb +49 -0
- data/lib/capistrano/ext/ubuntu-machine/vsftpd.rb +63 -0
- metadata +130 -0
@@ -0,0 +1,20 @@
|
|
1
|
+
namespace :iptables do
|
2
|
+
desc <<-DESC
|
3
|
+
Harden iptables configuration. Only allows ssh, http, and https connections and packets from SAN.
|
4
|
+
|
5
|
+
See "iptables" section on \
|
6
|
+
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
7
|
+
DESC
|
8
|
+
task :configure, :roles => :gateway do
|
9
|
+
sudo "apt-get install iptables -y"
|
10
|
+
put render("iptables", binding), "iptables.up.rules"
|
11
|
+
sudo "mv iptables.up.rules /etc/iptables.up.rules"
|
12
|
+
|
13
|
+
sudo "iptables-restore < /etc/iptables.up.rules"
|
14
|
+
|
15
|
+
# ensure that the iptables rules are applied when we reboot the server
|
16
|
+
run "cat /etc/network/interfaces > ~/tmp_interfaces"
|
17
|
+
run "echo 'pre-up iptables-restore < /etc/iptables.up.rules' >> ~/tmp_interfaces"
|
18
|
+
sudo "mv ~/tmp_interfaces /etc/network/interfaces"
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
namespace :lmsensors do
|
3
|
+
desc "Install lmsensors. Not relevant for virtual servers as they usually do not have sensors available."
|
4
|
+
task :install do
|
5
|
+
sudo "aptitude install -y lm-sensors"
|
6
|
+
to_probe = []
|
7
|
+
sudo "sensors-detect", :pty => true do |ch, stream, data|
|
8
|
+
if [/YES\/no/,/yes\/NO/,/to continue/].find { |regex| data =~ regex}
|
9
|
+
# prompt, and then send the response to the remote process
|
10
|
+
ch.send_data(Capistrano::CLI.ui.ask(data) + "\n")
|
11
|
+
elsif offset = data =~ /#----cut here----\s+# Chip drivers/
|
12
|
+
text = data[offset,data.size - offset]
|
13
|
+
text.gsub!('# Chip drivers','').gsub!('#----cut here----','')
|
14
|
+
to_probe = text.strip.split("\n").map{|str| str.strip}
|
15
|
+
Capistrano::Configuration.default_io_proc.call(ch, stream, data)
|
16
|
+
else
|
17
|
+
# use the default handler for all other text
|
18
|
+
Capistrano::Configuration.default_io_proc.call(ch, stream, data)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
puts "Will modprobe the following modules: %s" % to_probe.join(',')
|
22
|
+
to_probe.each do |mod|
|
23
|
+
sudo "modprobe #{mod}"
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
namespace :machine do
|
2
|
+
|
3
|
+
desc "Change the root password, create a new user and allow him to sudo and to SSH"
|
4
|
+
task :initial_setup do
|
5
|
+
set :user_to_create , user
|
6
|
+
set :user, 'root'
|
7
|
+
|
8
|
+
run_and_watch_prompt("passwd", [/Enter new UNIX password/, /Retype new UNIX password:/])
|
9
|
+
|
10
|
+
run_and_watch_prompt("adduser #{user_to_create}", [/Enter new UNIX password/, /Retype new UNIX password:/, /\[\]\:/, /\[y\/N\]/i])
|
11
|
+
|
12
|
+
# force the non-interactive mode
|
13
|
+
run "cat /etc/environment > ~/environment.tmp"
|
14
|
+
run 'echo DEBIAN_FRONTEND=noninteractive >> ~/environment.tmp'
|
15
|
+
sudo 'mv ~/environment.tmp /etc/environment'
|
16
|
+
# prevent this env variable to be skipped by sudo
|
17
|
+
run "echo 'Defaults env_keep = \"DEBIAN_FRONTEND\"' >> /etc/sudoers"
|
18
|
+
|
19
|
+
run "echo '#{user_to_create} ALL=(ALL)ALL' >> /etc/sudoers"
|
20
|
+
run "echo 'AllowUsers #{user_to_create}' >> /etc/ssh/sshd_config"
|
21
|
+
run "/etc/init.d/ssh reload"
|
22
|
+
end
|
23
|
+
|
24
|
+
task :configure do
|
25
|
+
ssh.setup
|
26
|
+
iptables.configure
|
27
|
+
aptitude.setup
|
28
|
+
end
|
29
|
+
|
30
|
+
task :install_dev_tools do
|
31
|
+
mysql.install
|
32
|
+
apache.install
|
33
|
+
ruby.install
|
34
|
+
postfix.install
|
35
|
+
gems.install_rubygems
|
36
|
+
ruby.install_enterprise
|
37
|
+
ruby.install_passenger
|
38
|
+
git.install
|
39
|
+
php.install
|
40
|
+
rails3.install
|
41
|
+
end
|
42
|
+
|
43
|
+
|
44
|
+
desc = "Ask for a user and change his password"
|
45
|
+
task :change_password do
|
46
|
+
user_to_update = Capistrano::CLI.ui.ask("Name of the user whose you want to update the password : ")
|
47
|
+
|
48
|
+
run_and_watch_prompt("passwd #{user_to_update}", [/Enter new UNIX password/, /Retype new UNIX password:/])
|
49
|
+
end
|
50
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
#TODO : change root password
|
2
|
+
|
3
|
+
namespace :mysql do
|
4
|
+
desc "Restarts MySQL database server"
|
5
|
+
task :restart, :roles => :db do
|
6
|
+
sudo "/etc/init.d/mysql restart"
|
7
|
+
end
|
8
|
+
|
9
|
+
desc "Starts MySQL database server"
|
10
|
+
task :start, :roles => :db do
|
11
|
+
sudo "/etc/init.d/mysql start"
|
12
|
+
end
|
13
|
+
|
14
|
+
desc "Stops MySQL database server"
|
15
|
+
task :stop, :roles => :db do
|
16
|
+
sudo "/etc/init.d/mysql stop"
|
17
|
+
end
|
18
|
+
|
19
|
+
desc "Export MySQL database"
|
20
|
+
task :export, :roles => :db do
|
21
|
+
database = Capistrano::CLI.ui.ask("Which database should we export: ")
|
22
|
+
sudo_and_watch_prompt("mysqldump -u root -p #{database} > #{database}.sql", /Enter\spassword/)
|
23
|
+
download "#{database}.sql", "#{default_local_files_path}/database.sql"
|
24
|
+
run "rm #{database}.sql"
|
25
|
+
end
|
26
|
+
|
27
|
+
desc "Create a new MySQL database, a new MySQL user, and load a local MySQL dump file"
|
28
|
+
task :create_database, :roles => :db do
|
29
|
+
db_root_password = Capistrano::CLI.ui.ask("MySQL root password : ")
|
30
|
+
db_name = Capistrano::CLI.ui.ask("Which database should we create: ")
|
31
|
+
db_username = Capistrano::CLI.ui.ask("Which database username should we create: ")
|
32
|
+
db_user_password = Capistrano::CLI.ui.ask("Choose a password for the new database username: ")
|
33
|
+
file_to_upload = Capistrano::CLI.ui.ask("Do you want to import a database file? (y/n) : ")
|
34
|
+
if file_to_upload == "y"
|
35
|
+
file = Capistrano::CLI.ui.ask("Which database file should we import (it must be located in #{default_local_files_path}): ")
|
36
|
+
upload "#{default_local_files_path}/#{file}", "#{file}"
|
37
|
+
end
|
38
|
+
create_db_tmp_file = "create_#{db_name}.sql"
|
39
|
+
put render("new_db", binding), create_db_tmp_file
|
40
|
+
run "mysql -u root -p#{db_root_password} < #{create_db_tmp_file}"
|
41
|
+
if file_to_upload == "y"
|
42
|
+
run "mysql -u root -p#{db_root_password} #{db_name} < #{file}"
|
43
|
+
run "rm #{file}"
|
44
|
+
end
|
45
|
+
run "rm #{create_db_tmp_file}"
|
46
|
+
end
|
47
|
+
|
48
|
+
desc "Install MySQL"
|
49
|
+
task :install, :roles => :db do
|
50
|
+
db_root_password = Capistrano::CLI.ui.ask("Choose a MySQL root password : ")
|
51
|
+
|
52
|
+
sudo "aptitude install -y mysql-server mysql-client libmysqlclient15-dev"
|
53
|
+
run "mysqladmin -u root password #{db_root_password}"
|
54
|
+
end
|
55
|
+
|
56
|
+
desc "Ask for a MySQL user and change his password"
|
57
|
+
task :change_password, :roles => :db do
|
58
|
+
user_to_update = Capistrano::CLI.ui.ask("Name of the MySQL user whose you want to update the password : ")
|
59
|
+
old_password = Capistrano::CLI.ui.ask("Old password for #{user_to_update} : ")
|
60
|
+
new_password = Capistrano::CLI.ui.ask("New password for #{user_to_update} : ")
|
61
|
+
|
62
|
+
run "mysqladmin -u #{user_to_update} -p#{old_password} password \"#{new_password}\""
|
63
|
+
end
|
64
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
namespace :network do
|
2
|
+
_cset :network_interfaces_config do
|
3
|
+
abort "Please specify the location of the /etc/network/interfaces config you want to upload.\n For example:\n set :network_interfaces_config, File.expand_path(File.join(File.dirname(__FILE__),'interfaces'))"
|
4
|
+
end
|
5
|
+
_cset :resolv_config do
|
6
|
+
abort "Please specify the location of the /etc/resolv.conf config you want to upload.\n For example:\n set :resolv_config, File.expand_path(File.join(File.dirname(__FILE__),'resolv.conf'))"
|
7
|
+
end
|
8
|
+
|
9
|
+
desc "Configure /etc/resolv.conf and /etc/network/interfaces"
|
10
|
+
task :configure do
|
11
|
+
configure_resolv_conf
|
12
|
+
configure_network_interfaces
|
13
|
+
end
|
14
|
+
|
15
|
+
desc "Configure network interfaces"
|
16
|
+
task :configure_network_interfaces do
|
17
|
+
put File.read(network_interfaces_config), "interfaces.tmp"
|
18
|
+
sudo "mv interfaces.tmp /etc/network/interfaces"
|
19
|
+
restart
|
20
|
+
end
|
21
|
+
|
22
|
+
desc "Configure /etc/resolv.conf"
|
23
|
+
task :configure_resolv_conf do
|
24
|
+
put File.read(resolv_config), "resolv.conf.tmp"
|
25
|
+
sudo "mv resolv.conf.tmp /etc/resolv.conf"
|
26
|
+
end
|
27
|
+
|
28
|
+
desc "Start the network"
|
29
|
+
task :start do
|
30
|
+
sudo "/etc/init.d/networking start"
|
31
|
+
end
|
32
|
+
|
33
|
+
desc "Restart the network"
|
34
|
+
task :restart do
|
35
|
+
sudo "/etc/init.d/networking restart"
|
36
|
+
end
|
37
|
+
|
38
|
+
desc "Stop the network"
|
39
|
+
task :stop do
|
40
|
+
sudo "/etc/init.d/networking stop"
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
namespace :ntp do
|
3
|
+
set :ntp_default_ntpd_opts, "NTPD_OPTS='-g'"
|
4
|
+
set :ntp_pool_servers, (0..2).map {|num| "#{num}.pool.ntp.org"}
|
5
|
+
|
6
|
+
desc "Install NTP"
|
7
|
+
task :install do
|
8
|
+
sudo "aptitude install -y ntp"
|
9
|
+
configure
|
10
|
+
end
|
11
|
+
|
12
|
+
desc "Configure NTP"
|
13
|
+
task :configure do
|
14
|
+
put render("ntpdate", binding), "ntpdate.tmp"
|
15
|
+
sudo "mv ntpdate.tmp /etc/default/ntpdate"
|
16
|
+
put render("ntp.conf", binding), "ntp.conf.tmp"
|
17
|
+
sudo "mv ntp.conf.tmp /etc/ntp.conf"
|
18
|
+
run "echo '#{ntp_default_ntpd_opts}' > ntp.tmp"
|
19
|
+
sudo "mv ntp.tmp /etc/default/ntp"
|
20
|
+
restart
|
21
|
+
end
|
22
|
+
|
23
|
+
desc "Start the NTP server"
|
24
|
+
task :start do
|
25
|
+
sudo "/etc/init.d/ntp start"
|
26
|
+
end
|
27
|
+
|
28
|
+
desc "Restart the NTP server"
|
29
|
+
task :restart do
|
30
|
+
sudo "/etc/init.d/ntp restart"
|
31
|
+
end
|
32
|
+
|
33
|
+
desc "Stop the NTP server"
|
34
|
+
task :stop do
|
35
|
+
sudo "/etc/init.d/ntp stop"
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
namespace :odbc do
|
2
|
+
_cset(:odbc_sourcename) { abort "Please specify the odbc sourcename:\n set :odbc_sourcename, 'MyFirstSQLServer'" }
|
3
|
+
_cset(:odbc_database) { abort "Please specify the odbc database:\n set :odbc_database, 'MyDB'" }
|
4
|
+
_cset(:odbc_host) { abort "Please specify the odbc host:\n set :odbc_host, '127.0.0.1'" }
|
5
|
+
_cset :odbc_port, '1433'
|
6
|
+
|
7
|
+
desc "Install ODBC/FreeTDS"
|
8
|
+
task :install, :roles => :app do
|
9
|
+
profile_lines = ["export ODBCINI=/etc/odbc.ini",
|
10
|
+
"export ODBCSYSINI=/etc",
|
11
|
+
"export FREETDSCONF=/etc/freetds/freetds.conf"]
|
12
|
+
sudo_add_to_file('/etc/profile',profile_lines)
|
13
|
+
|
14
|
+
freetds = "freetds-0.82"
|
15
|
+
sudo "sudo apt-get install unixodbc unixodbc-dev tdsodbc -y"
|
16
|
+
run "wget -nv ftp://ftp.ibiblio.org/pub/Linux/ALPHA/freetds/stable/#{freetds}.tar.gz"
|
17
|
+
run "tar xvzf #{freetds}.tar.gz && cd #{freetds} && ./configure && make"
|
18
|
+
sudo_keepalive
|
19
|
+
run "cd #{freetds} && sudo make install"
|
20
|
+
run "rm #{freetds}.tar.gz && rm -Rf #{freetds}"
|
21
|
+
end
|
22
|
+
|
23
|
+
desc "Install the ruby ODBC library"
|
24
|
+
task :install_rubyodbc, :roles => :app do
|
25
|
+
rubyodbc = "ruby-odbc-0.9996"
|
26
|
+
run "wget -nv http://www.ch-werner.de/rubyodbc/#{rubyodbc}.tar.gz"
|
27
|
+
run "tar xvzf #{rubyodbc}.tar.gz && cd #{rubyodbc} && ruby extconf.rb && make"
|
28
|
+
sudo_keepalive
|
29
|
+
run "cd #{rubyodbc} && sudo make install"
|
30
|
+
run "rm #{rubyodbc}.tar.gz && rm -Rf #{rubyodbc}"
|
31
|
+
end
|
32
|
+
|
33
|
+
desc "Install FreeTDS/ODBC configuration files"
|
34
|
+
task :config_files, :roles => :app do
|
35
|
+
put render("odbc.ini", binding), "odbc.ini"
|
36
|
+
sudo "mv odbc.ini /etc/odbc.ini"
|
37
|
+
put render("odbcinst.ini", binding), "odbcinst.ini"
|
38
|
+
sudo "mv odbcinst.ini /etc/odbcinst.ini"
|
39
|
+
put render("freetds.conf", binding), "more_freetds.conf"
|
40
|
+
run "cat /etc/freetds/freetds.conf more_freetds.conf > freetds.conf"
|
41
|
+
sudo "mv freetds.conf /etc/freetds/freetds.conf"
|
42
|
+
run "rm more_freetds.conf"
|
43
|
+
end
|
44
|
+
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
namespace :php do
|
2
|
+
desc "Install PHP 5"
|
3
|
+
task :install, :roles => :app do
|
4
|
+
sudo "apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl -y"
|
5
|
+
sudo "/etc/init.d/apache2 reload"
|
6
|
+
end
|
7
|
+
|
8
|
+
end
|
@@ -0,0 +1,86 @@
|
|
1
|
+
require 'net/http'
|
2
|
+
|
3
|
+
namespace :ruby do
|
4
|
+
desc "Install Ruby 1.8"
|
5
|
+
task :install, :roles => :app do
|
6
|
+
sudo "apt-get install -y ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8 libreadline-ruby1.8 libruby1.8 libopenssl-ruby sqlite3 libsqlite3-ruby1.8"
|
7
|
+
sudo "apt-get install -y libmysql-ruby1.8"
|
8
|
+
|
9
|
+
sudo "ln -s /usr/bin/ruby1.8 /usr/bin/ruby"
|
10
|
+
sudo "ln -s /usr/bin/ri1.8 /usr/bin/ri"
|
11
|
+
sudo "ln -s /usr/bin/rdoc1.8 /usr/bin/rdoc"
|
12
|
+
sudo "ln -s /usr/bin/irb1.8 /usr/bin/irb"
|
13
|
+
end
|
14
|
+
|
15
|
+
|
16
|
+
set :ruby_enterprise_url do
|
17
|
+
Net::HTTP.get('www.rubyenterpriseedition.com', '/download.html').scan(/http:.*\.tar\.gz/).first
|
18
|
+
end
|
19
|
+
|
20
|
+
set :ruby_enterprise_version do
|
21
|
+
"#{ruby_enterprise_url[/(ruby-enterprise.*)(.tar.gz)/, 1]}"
|
22
|
+
end
|
23
|
+
|
24
|
+
set :passenger_version do
|
25
|
+
`gem list passenger$ -r`.gsub(/[\n|\s|passenger|(|)]/,"")
|
26
|
+
end
|
27
|
+
|
28
|
+
|
29
|
+
desc "Install Ruby Enterpise Edition"
|
30
|
+
task :install_enterprise, :roles => :app do
|
31
|
+
sudo "apt-get install libssl-dev -y"
|
32
|
+
sudo "apt-get install libreadline5-dev -y"
|
33
|
+
|
34
|
+
run "test ! -d /opt/#{ruby_enterprise_version}"
|
35
|
+
run "wget #{ruby_enterprise_url}"
|
36
|
+
run "tar xzvf #{ruby_enterprise_version}.tar.gz"
|
37
|
+
run "rm #{ruby_enterprise_version}.tar.gz"
|
38
|
+
sudo "./#{ruby_enterprise_version}/installer --auto /opt/#{ruby_enterprise_version}"
|
39
|
+
sudo "rm -rf #{ruby_enterprise_version}/"
|
40
|
+
|
41
|
+
# create a "permanent" link to the current REE install
|
42
|
+
sudo "ln -s /opt/#{ruby_enterprise_version} /opt/ruby-enterprise"
|
43
|
+
|
44
|
+
# add REE bin to the path
|
45
|
+
run "cat /etc/environment > ~/environment.tmp"
|
46
|
+
run 'echo PATH="/opt/ruby-enterprise/bin:$PATH" >> ~/environment.tmp'
|
47
|
+
sudo 'mv ~/environment.tmp /etc/environment'
|
48
|
+
end
|
49
|
+
|
50
|
+
desc "Install Phusion Passenger"
|
51
|
+
task :install_passenger, :roles => :app do
|
52
|
+
# sudo apt-get install libcurl4-openssl-dev
|
53
|
+
sudo "apt-get install libcurl4-openssl-dev -y"
|
54
|
+
|
55
|
+
|
56
|
+
# rake 0.8.5 needs latest version of rdoc
|
57
|
+
sudo "gem install rdoc"
|
58
|
+
|
59
|
+
# because passenger-install-apache2-module do not find the rake installed by REE
|
60
|
+
sudo "gem install rake"
|
61
|
+
|
62
|
+
sudo "apt-get install apache2-mpm-prefork -y"
|
63
|
+
sudo "apt-get install libapr1-dev -y"
|
64
|
+
sudo "apt-get install apache2-prefork-dev -y"
|
65
|
+
|
66
|
+
# call the upgrade_passenger task
|
67
|
+
upgrade_passenger
|
68
|
+
end
|
69
|
+
|
70
|
+
desc "Upgrade Phusion Passenger"
|
71
|
+
task :upgrade_passenger, :roles => :app do
|
72
|
+
sudo "/opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/gem install passenger"
|
73
|
+
run "sudo /opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/passenger-install-apache2-module --auto"
|
74
|
+
|
75
|
+
put render("passenger.load", binding), "/home/#{user}/passenger.load"
|
76
|
+
put render("passenger.conf", binding), "/home/#{user}/passenger.conf"
|
77
|
+
|
78
|
+
sudo "mv /home/#{user}/passenger.load /etc/apache2/mods-available/"
|
79
|
+
sudo "mv /home/#{user}/passenger.conf /etc/apache2/mods-available/"
|
80
|
+
|
81
|
+
sudo "a2enmod passenger"
|
82
|
+
apache.force_reload
|
83
|
+
end
|
84
|
+
|
85
|
+
|
86
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
namespace :ssh do
|
2
|
+
|
3
|
+
desc <<-DESC
|
4
|
+
Setup SSH on the gateway host. Runs `upload_keys`, `install_ovh_ssh_key` AND \
|
5
|
+
`configure_sshd` then reloads the SSH service to finalize the changes.
|
6
|
+
DESC
|
7
|
+
task :setup, :roles => :gateway do
|
8
|
+
upload_keys
|
9
|
+
configure_sshd
|
10
|
+
install_ovh_ssh_key if ["ovh-rps", "ovh-dedie"].include?(hosting_provider)
|
11
|
+
reload
|
12
|
+
end
|
13
|
+
|
14
|
+
|
15
|
+
desc <<-DESC
|
16
|
+
Uploads your local public SSH keys to the server. A .ssh folder is created if \
|
17
|
+
one does not already exist. The SSH keys default to the ones set in \
|
18
|
+
Capistrano's ssh_options. You can change this by setting ssh_options[:keys] = \
|
19
|
+
["/home/user/.ssh/id_dsa"].
|
20
|
+
|
21
|
+
See "SSH copy" and "SSH Permissions" sections on \
|
22
|
+
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
23
|
+
DESC
|
24
|
+
task :upload_keys, :roles => :gateway do
|
25
|
+
run "mkdir -p ~/.ssh"
|
26
|
+
run "chown -R #{user}:#{user} ~/.ssh"
|
27
|
+
run "chmod 700 ~/.ssh"
|
28
|
+
|
29
|
+
authorized_keys = ssh_options[:keys].collect { |key| File.read("#{key}.pub") }.join("\n")
|
30
|
+
put authorized_keys, "./.ssh/authorized_keys2", :mode => 0600
|
31
|
+
end
|
32
|
+
|
33
|
+
desc <<-DESC
|
34
|
+
Configure SSH daemon with more secure settings recommended by Slicehost. The \
|
35
|
+
will be configured to run on the port configured in Capistrano's "ssh_options". \
|
36
|
+
This defaults to the standard SSH port 22. You can change this by setting \
|
37
|
+
ssh_options[:port] = 3000. Note that this change will not take affect until \
|
38
|
+
reload the SSH service with `cap ssh:reload`.
|
39
|
+
|
40
|
+
See "SSH config" section on \
|
41
|
+
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
42
|
+
DESC
|
43
|
+
task :configure_sshd, :roles => :gateway do
|
44
|
+
put render("sshd_config", binding), "sshd_config"
|
45
|
+
sudo "mv sshd_config /etc/ssh/sshd_config"
|
46
|
+
end
|
47
|
+
|
48
|
+
desc <<-DESC
|
49
|
+
Install OVH SSH Keys
|
50
|
+
DESC
|
51
|
+
task :install_ovh_ssh_key, :roles => :gateway do
|
52
|
+
sudo "wget ftp://ftp.ovh.net/made-in-ovh/cle-ssh-public/installer_la_cle.sh -O installer_la_cle.sh"
|
53
|
+
sudo "sh installer_la_cle.sh"
|
54
|
+
end
|
55
|
+
|
56
|
+
desc <<-DESC
|
57
|
+
Reload SSH service.
|
58
|
+
DESC
|
59
|
+
task :reload, :roles => :gateway do
|
60
|
+
sudo "/etc/init.d/ssh reload"
|
61
|
+
end
|
62
|
+
|
63
|
+
|
64
|
+
end
|