ubuntu-machine 0.5.3.2.25
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +20 -0
- data/README +15 -0
- data/lib/capistrano/ext/ubuntu-machine.rb +30 -0
- data/lib/capistrano/ext/ubuntu-machine/apache.rb +118 -0
- data/lib/capistrano/ext/ubuntu-machine/aptitude.rb +99 -0
- data/lib/capistrano/ext/ubuntu-machine/extras.rb +39 -0
- data/lib/capistrano/ext/ubuntu-machine/ffmpeg.rb +43 -0
- data/lib/capistrano/ext/ubuntu-machine/gems.rb +41 -0
- data/lib/capistrano/ext/ubuntu-machine/git.rb +15 -0
- data/lib/capistrano/ext/ubuntu-machine/helpers.rb +36 -0
- data/lib/capistrano/ext/ubuntu-machine/iptables.rb +20 -0
- data/lib/capistrano/ext/ubuntu-machine/lmsensors.rb +26 -0
- data/lib/capistrano/ext/ubuntu-machine/machine.rb +50 -0
- data/lib/capistrano/ext/ubuntu-machine/mysql.rb +64 -0
- data/lib/capistrano/ext/ubuntu-machine/network.rb +42 -0
- data/lib/capistrano/ext/ubuntu-machine/ntp.rb +37 -0
- data/lib/capistrano/ext/ubuntu-machine/odbc.rb +44 -0
- data/lib/capistrano/ext/ubuntu-machine/php.rb +8 -0
- data/lib/capistrano/ext/ubuntu-machine/postfix.rb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/rails3.rb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/ruby.rb +86 -0
- data/lib/capistrano/ext/ubuntu-machine/ssh.rb +64 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/apache2.erb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/deflate.conf.erb +3 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/freetds.conf.erb +8 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/iptables.erb +46 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/my.cnf.erb +3 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/new_db.erb +5 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/ntp.conf.erb +16 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/ntpdate.erb +13 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/odbc.ini.erb +8 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/odbcinst.ini.erb +7 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/passenger.conf.erb +2 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/passenger.load.erb +1 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/sources.jaunty.erb +55 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/sources.lucid.erb +22 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/sshd_config.erb +80 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/vhost.erb +17 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/vsftpd.conf.erb +158 -0
- data/lib/capistrano/ext/ubuntu-machine/templates/xsendfile.load.erb +1 -0
- data/lib/capistrano/ext/ubuntu-machine/tmpfs.rb +17 -0
- data/lib/capistrano/ext/ubuntu-machine/utils.rb +49 -0
- data/lib/capistrano/ext/ubuntu-machine/vsftpd.rb +63 -0
- metadata +130 -0
@@ -0,0 +1,20 @@
|
|
1
|
+
namespace :iptables do
|
2
|
+
desc <<-DESC
|
3
|
+
Harden iptables configuration. Only allows ssh, http, and https connections and packets from SAN.
|
4
|
+
|
5
|
+
See "iptables" section on \
|
6
|
+
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
7
|
+
DESC
|
8
|
+
task :configure, :roles => :gateway do
|
9
|
+
sudo "apt-get install iptables -y"
|
10
|
+
put render("iptables", binding), "iptables.up.rules"
|
11
|
+
sudo "mv iptables.up.rules /etc/iptables.up.rules"
|
12
|
+
|
13
|
+
sudo "iptables-restore < /etc/iptables.up.rules"
|
14
|
+
|
15
|
+
# ensure that the iptables rules are applied when we reboot the server
|
16
|
+
run "cat /etc/network/interfaces > ~/tmp_interfaces"
|
17
|
+
run "echo 'pre-up iptables-restore < /etc/iptables.up.rules' >> ~/tmp_interfaces"
|
18
|
+
sudo "mv ~/tmp_interfaces /etc/network/interfaces"
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
namespace :lmsensors do
|
3
|
+
desc "Install lmsensors. Not relevant for virtual servers as they usually do not have sensors available."
|
4
|
+
task :install do
|
5
|
+
sudo "aptitude install -y lm-sensors"
|
6
|
+
to_probe = []
|
7
|
+
sudo "sensors-detect", :pty => true do |ch, stream, data|
|
8
|
+
if [/YES\/no/,/yes\/NO/,/to continue/].find { |regex| data =~ regex}
|
9
|
+
# prompt, and then send the response to the remote process
|
10
|
+
ch.send_data(Capistrano::CLI.ui.ask(data) + "\n")
|
11
|
+
elsif offset = data =~ /#----cut here----\s+# Chip drivers/
|
12
|
+
text = data[offset,data.size - offset]
|
13
|
+
text.gsub!('# Chip drivers','').gsub!('#----cut here----','')
|
14
|
+
to_probe = text.strip.split("\n").map{|str| str.strip}
|
15
|
+
Capistrano::Configuration.default_io_proc.call(ch, stream, data)
|
16
|
+
else
|
17
|
+
# use the default handler for all other text
|
18
|
+
Capistrano::Configuration.default_io_proc.call(ch, stream, data)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
puts "Will modprobe the following modules: %s" % to_probe.join(',')
|
22
|
+
to_probe.each do |mod|
|
23
|
+
sudo "modprobe #{mod}"
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,50 @@
|
|
1
|
+
namespace :machine do
|
2
|
+
|
3
|
+
desc "Change the root password, create a new user and allow him to sudo and to SSH"
|
4
|
+
task :initial_setup do
|
5
|
+
set :user_to_create , user
|
6
|
+
set :user, 'root'
|
7
|
+
|
8
|
+
run_and_watch_prompt("passwd", [/Enter new UNIX password/, /Retype new UNIX password:/])
|
9
|
+
|
10
|
+
run_and_watch_prompt("adduser #{user_to_create}", [/Enter new UNIX password/, /Retype new UNIX password:/, /\[\]\:/, /\[y\/N\]/i])
|
11
|
+
|
12
|
+
# force the non-interactive mode
|
13
|
+
run "cat /etc/environment > ~/environment.tmp"
|
14
|
+
run 'echo DEBIAN_FRONTEND=noninteractive >> ~/environment.tmp'
|
15
|
+
sudo 'mv ~/environment.tmp /etc/environment'
|
16
|
+
# prevent this env variable to be skipped by sudo
|
17
|
+
run "echo 'Defaults env_keep = \"DEBIAN_FRONTEND\"' >> /etc/sudoers"
|
18
|
+
|
19
|
+
run "echo '#{user_to_create} ALL=(ALL)ALL' >> /etc/sudoers"
|
20
|
+
run "echo 'AllowUsers #{user_to_create}' >> /etc/ssh/sshd_config"
|
21
|
+
run "/etc/init.d/ssh reload"
|
22
|
+
end
|
23
|
+
|
24
|
+
task :configure do
|
25
|
+
ssh.setup
|
26
|
+
iptables.configure
|
27
|
+
aptitude.setup
|
28
|
+
end
|
29
|
+
|
30
|
+
task :install_dev_tools do
|
31
|
+
mysql.install
|
32
|
+
apache.install
|
33
|
+
ruby.install
|
34
|
+
postfix.install
|
35
|
+
gems.install_rubygems
|
36
|
+
ruby.install_enterprise
|
37
|
+
ruby.install_passenger
|
38
|
+
git.install
|
39
|
+
php.install
|
40
|
+
rails3.install
|
41
|
+
end
|
42
|
+
|
43
|
+
|
44
|
+
desc = "Ask for a user and change his password"
|
45
|
+
task :change_password do
|
46
|
+
user_to_update = Capistrano::CLI.ui.ask("Name of the user whose you want to update the password : ")
|
47
|
+
|
48
|
+
run_and_watch_prompt("passwd #{user_to_update}", [/Enter new UNIX password/, /Retype new UNIX password:/])
|
49
|
+
end
|
50
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
#TODO : change root password
|
2
|
+
|
3
|
+
namespace :mysql do
|
4
|
+
desc "Restarts MySQL database server"
|
5
|
+
task :restart, :roles => :db do
|
6
|
+
sudo "/etc/init.d/mysql restart"
|
7
|
+
end
|
8
|
+
|
9
|
+
desc "Starts MySQL database server"
|
10
|
+
task :start, :roles => :db do
|
11
|
+
sudo "/etc/init.d/mysql start"
|
12
|
+
end
|
13
|
+
|
14
|
+
desc "Stops MySQL database server"
|
15
|
+
task :stop, :roles => :db do
|
16
|
+
sudo "/etc/init.d/mysql stop"
|
17
|
+
end
|
18
|
+
|
19
|
+
desc "Export MySQL database"
|
20
|
+
task :export, :roles => :db do
|
21
|
+
database = Capistrano::CLI.ui.ask("Which database should we export: ")
|
22
|
+
sudo_and_watch_prompt("mysqldump -u root -p #{database} > #{database}.sql", /Enter\spassword/)
|
23
|
+
download "#{database}.sql", "#{default_local_files_path}/database.sql"
|
24
|
+
run "rm #{database}.sql"
|
25
|
+
end
|
26
|
+
|
27
|
+
desc "Create a new MySQL database, a new MySQL user, and load a local MySQL dump file"
|
28
|
+
task :create_database, :roles => :db do
|
29
|
+
db_root_password = Capistrano::CLI.ui.ask("MySQL root password : ")
|
30
|
+
db_name = Capistrano::CLI.ui.ask("Which database should we create: ")
|
31
|
+
db_username = Capistrano::CLI.ui.ask("Which database username should we create: ")
|
32
|
+
db_user_password = Capistrano::CLI.ui.ask("Choose a password for the new database username: ")
|
33
|
+
file_to_upload = Capistrano::CLI.ui.ask("Do you want to import a database file? (y/n) : ")
|
34
|
+
if file_to_upload == "y"
|
35
|
+
file = Capistrano::CLI.ui.ask("Which database file should we import (it must be located in #{default_local_files_path}): ")
|
36
|
+
upload "#{default_local_files_path}/#{file}", "#{file}"
|
37
|
+
end
|
38
|
+
create_db_tmp_file = "create_#{db_name}.sql"
|
39
|
+
put render("new_db", binding), create_db_tmp_file
|
40
|
+
run "mysql -u root -p#{db_root_password} < #{create_db_tmp_file}"
|
41
|
+
if file_to_upload == "y"
|
42
|
+
run "mysql -u root -p#{db_root_password} #{db_name} < #{file}"
|
43
|
+
run "rm #{file}"
|
44
|
+
end
|
45
|
+
run "rm #{create_db_tmp_file}"
|
46
|
+
end
|
47
|
+
|
48
|
+
desc "Install MySQL"
|
49
|
+
task :install, :roles => :db do
|
50
|
+
db_root_password = Capistrano::CLI.ui.ask("Choose a MySQL root password : ")
|
51
|
+
|
52
|
+
sudo "aptitude install -y mysql-server mysql-client libmysqlclient15-dev"
|
53
|
+
run "mysqladmin -u root password #{db_root_password}"
|
54
|
+
end
|
55
|
+
|
56
|
+
desc "Ask for a MySQL user and change his password"
|
57
|
+
task :change_password, :roles => :db do
|
58
|
+
user_to_update = Capistrano::CLI.ui.ask("Name of the MySQL user whose you want to update the password : ")
|
59
|
+
old_password = Capistrano::CLI.ui.ask("Old password for #{user_to_update} : ")
|
60
|
+
new_password = Capistrano::CLI.ui.ask("New password for #{user_to_update} : ")
|
61
|
+
|
62
|
+
run "mysqladmin -u #{user_to_update} -p#{old_password} password \"#{new_password}\""
|
63
|
+
end
|
64
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
namespace :network do
|
2
|
+
_cset :network_interfaces_config do
|
3
|
+
abort "Please specify the location of the /etc/network/interfaces config you want to upload.\n For example:\n set :network_interfaces_config, File.expand_path(File.join(File.dirname(__FILE__),'interfaces'))"
|
4
|
+
end
|
5
|
+
_cset :resolv_config do
|
6
|
+
abort "Please specify the location of the /etc/resolv.conf config you want to upload.\n For example:\n set :resolv_config, File.expand_path(File.join(File.dirname(__FILE__),'resolv.conf'))"
|
7
|
+
end
|
8
|
+
|
9
|
+
desc "Configure /etc/resolv.conf and /etc/network/interfaces"
|
10
|
+
task :configure do
|
11
|
+
configure_resolv_conf
|
12
|
+
configure_network_interfaces
|
13
|
+
end
|
14
|
+
|
15
|
+
desc "Configure network interfaces"
|
16
|
+
task :configure_network_interfaces do
|
17
|
+
put File.read(network_interfaces_config), "interfaces.tmp"
|
18
|
+
sudo "mv interfaces.tmp /etc/network/interfaces"
|
19
|
+
restart
|
20
|
+
end
|
21
|
+
|
22
|
+
desc "Configure /etc/resolv.conf"
|
23
|
+
task :configure_resolv_conf do
|
24
|
+
put File.read(resolv_config), "resolv.conf.tmp"
|
25
|
+
sudo "mv resolv.conf.tmp /etc/resolv.conf"
|
26
|
+
end
|
27
|
+
|
28
|
+
desc "Start the network"
|
29
|
+
task :start do
|
30
|
+
sudo "/etc/init.d/networking start"
|
31
|
+
end
|
32
|
+
|
33
|
+
desc "Restart the network"
|
34
|
+
task :restart do
|
35
|
+
sudo "/etc/init.d/networking restart"
|
36
|
+
end
|
37
|
+
|
38
|
+
desc "Stop the network"
|
39
|
+
task :stop do
|
40
|
+
sudo "/etc/init.d/networking stop"
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
namespace :ntp do
|
3
|
+
set :ntp_default_ntpd_opts, "NTPD_OPTS='-g'"
|
4
|
+
set :ntp_pool_servers, (0..2).map {|num| "#{num}.pool.ntp.org"}
|
5
|
+
|
6
|
+
desc "Install NTP"
|
7
|
+
task :install do
|
8
|
+
sudo "aptitude install -y ntp"
|
9
|
+
configure
|
10
|
+
end
|
11
|
+
|
12
|
+
desc "Configure NTP"
|
13
|
+
task :configure do
|
14
|
+
put render("ntpdate", binding), "ntpdate.tmp"
|
15
|
+
sudo "mv ntpdate.tmp /etc/default/ntpdate"
|
16
|
+
put render("ntp.conf", binding), "ntp.conf.tmp"
|
17
|
+
sudo "mv ntp.conf.tmp /etc/ntp.conf"
|
18
|
+
run "echo '#{ntp_default_ntpd_opts}' > ntp.tmp"
|
19
|
+
sudo "mv ntp.tmp /etc/default/ntp"
|
20
|
+
restart
|
21
|
+
end
|
22
|
+
|
23
|
+
desc "Start the NTP server"
|
24
|
+
task :start do
|
25
|
+
sudo "/etc/init.d/ntp start"
|
26
|
+
end
|
27
|
+
|
28
|
+
desc "Restart the NTP server"
|
29
|
+
task :restart do
|
30
|
+
sudo "/etc/init.d/ntp restart"
|
31
|
+
end
|
32
|
+
|
33
|
+
desc "Stop the NTP server"
|
34
|
+
task :stop do
|
35
|
+
sudo "/etc/init.d/ntp stop"
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
namespace :odbc do
|
2
|
+
_cset(:odbc_sourcename) { abort "Please specify the odbc sourcename:\n set :odbc_sourcename, 'MyFirstSQLServer'" }
|
3
|
+
_cset(:odbc_database) { abort "Please specify the odbc database:\n set :odbc_database, 'MyDB'" }
|
4
|
+
_cset(:odbc_host) { abort "Please specify the odbc host:\n set :odbc_host, '127.0.0.1'" }
|
5
|
+
_cset :odbc_port, '1433'
|
6
|
+
|
7
|
+
desc "Install ODBC/FreeTDS"
|
8
|
+
task :install, :roles => :app do
|
9
|
+
profile_lines = ["export ODBCINI=/etc/odbc.ini",
|
10
|
+
"export ODBCSYSINI=/etc",
|
11
|
+
"export FREETDSCONF=/etc/freetds/freetds.conf"]
|
12
|
+
sudo_add_to_file('/etc/profile',profile_lines)
|
13
|
+
|
14
|
+
freetds = "freetds-0.82"
|
15
|
+
sudo "sudo apt-get install unixodbc unixodbc-dev tdsodbc -y"
|
16
|
+
run "wget -nv ftp://ftp.ibiblio.org/pub/Linux/ALPHA/freetds/stable/#{freetds}.tar.gz"
|
17
|
+
run "tar xvzf #{freetds}.tar.gz && cd #{freetds} && ./configure && make"
|
18
|
+
sudo_keepalive
|
19
|
+
run "cd #{freetds} && sudo make install"
|
20
|
+
run "rm #{freetds}.tar.gz && rm -Rf #{freetds}"
|
21
|
+
end
|
22
|
+
|
23
|
+
desc "Install the ruby ODBC library"
|
24
|
+
task :install_rubyodbc, :roles => :app do
|
25
|
+
rubyodbc = "ruby-odbc-0.9996"
|
26
|
+
run "wget -nv http://www.ch-werner.de/rubyodbc/#{rubyodbc}.tar.gz"
|
27
|
+
run "tar xvzf #{rubyodbc}.tar.gz && cd #{rubyodbc} && ruby extconf.rb && make"
|
28
|
+
sudo_keepalive
|
29
|
+
run "cd #{rubyodbc} && sudo make install"
|
30
|
+
run "rm #{rubyodbc}.tar.gz && rm -Rf #{rubyodbc}"
|
31
|
+
end
|
32
|
+
|
33
|
+
desc "Install FreeTDS/ODBC configuration files"
|
34
|
+
task :config_files, :roles => :app do
|
35
|
+
put render("odbc.ini", binding), "odbc.ini"
|
36
|
+
sudo "mv odbc.ini /etc/odbc.ini"
|
37
|
+
put render("odbcinst.ini", binding), "odbcinst.ini"
|
38
|
+
sudo "mv odbcinst.ini /etc/odbcinst.ini"
|
39
|
+
put render("freetds.conf", binding), "more_freetds.conf"
|
40
|
+
run "cat /etc/freetds/freetds.conf more_freetds.conf > freetds.conf"
|
41
|
+
sudo "mv freetds.conf /etc/freetds/freetds.conf"
|
42
|
+
run "rm more_freetds.conf"
|
43
|
+
end
|
44
|
+
end
|
@@ -0,0 +1,8 @@
|
|
1
|
+
namespace :php do
|
2
|
+
desc "Install PHP 5"
|
3
|
+
task :install, :roles => :app do
|
4
|
+
sudo "apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl -y"
|
5
|
+
sudo "/etc/init.d/apache2 reload"
|
6
|
+
end
|
7
|
+
|
8
|
+
end
|
@@ -0,0 +1,86 @@
|
|
1
|
+
require 'net/http'
|
2
|
+
|
3
|
+
namespace :ruby do
|
4
|
+
desc "Install Ruby 1.8"
|
5
|
+
task :install, :roles => :app do
|
6
|
+
sudo "apt-get install -y ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8 libreadline-ruby1.8 libruby1.8 libopenssl-ruby sqlite3 libsqlite3-ruby1.8"
|
7
|
+
sudo "apt-get install -y libmysql-ruby1.8"
|
8
|
+
|
9
|
+
sudo "ln -s /usr/bin/ruby1.8 /usr/bin/ruby"
|
10
|
+
sudo "ln -s /usr/bin/ri1.8 /usr/bin/ri"
|
11
|
+
sudo "ln -s /usr/bin/rdoc1.8 /usr/bin/rdoc"
|
12
|
+
sudo "ln -s /usr/bin/irb1.8 /usr/bin/irb"
|
13
|
+
end
|
14
|
+
|
15
|
+
|
16
|
+
set :ruby_enterprise_url do
|
17
|
+
Net::HTTP.get('www.rubyenterpriseedition.com', '/download.html').scan(/http:.*\.tar\.gz/).first
|
18
|
+
end
|
19
|
+
|
20
|
+
set :ruby_enterprise_version do
|
21
|
+
"#{ruby_enterprise_url[/(ruby-enterprise.*)(.tar.gz)/, 1]}"
|
22
|
+
end
|
23
|
+
|
24
|
+
set :passenger_version do
|
25
|
+
`gem list passenger$ -r`.gsub(/[\n|\s|passenger|(|)]/,"")
|
26
|
+
end
|
27
|
+
|
28
|
+
|
29
|
+
desc "Install Ruby Enterpise Edition"
|
30
|
+
task :install_enterprise, :roles => :app do
|
31
|
+
sudo "apt-get install libssl-dev -y"
|
32
|
+
sudo "apt-get install libreadline5-dev -y"
|
33
|
+
|
34
|
+
run "test ! -d /opt/#{ruby_enterprise_version}"
|
35
|
+
run "wget #{ruby_enterprise_url}"
|
36
|
+
run "tar xzvf #{ruby_enterprise_version}.tar.gz"
|
37
|
+
run "rm #{ruby_enterprise_version}.tar.gz"
|
38
|
+
sudo "./#{ruby_enterprise_version}/installer --auto /opt/#{ruby_enterprise_version}"
|
39
|
+
sudo "rm -rf #{ruby_enterprise_version}/"
|
40
|
+
|
41
|
+
# create a "permanent" link to the current REE install
|
42
|
+
sudo "ln -s /opt/#{ruby_enterprise_version} /opt/ruby-enterprise"
|
43
|
+
|
44
|
+
# add REE bin to the path
|
45
|
+
run "cat /etc/environment > ~/environment.tmp"
|
46
|
+
run 'echo PATH="/opt/ruby-enterprise/bin:$PATH" >> ~/environment.tmp'
|
47
|
+
sudo 'mv ~/environment.tmp /etc/environment'
|
48
|
+
end
|
49
|
+
|
50
|
+
desc "Install Phusion Passenger"
|
51
|
+
task :install_passenger, :roles => :app do
|
52
|
+
# sudo apt-get install libcurl4-openssl-dev
|
53
|
+
sudo "apt-get install libcurl4-openssl-dev -y"
|
54
|
+
|
55
|
+
|
56
|
+
# rake 0.8.5 needs latest version of rdoc
|
57
|
+
sudo "gem install rdoc"
|
58
|
+
|
59
|
+
# because passenger-install-apache2-module do not find the rake installed by REE
|
60
|
+
sudo "gem install rake"
|
61
|
+
|
62
|
+
sudo "apt-get install apache2-mpm-prefork -y"
|
63
|
+
sudo "apt-get install libapr1-dev -y"
|
64
|
+
sudo "apt-get install apache2-prefork-dev -y"
|
65
|
+
|
66
|
+
# call the upgrade_passenger task
|
67
|
+
upgrade_passenger
|
68
|
+
end
|
69
|
+
|
70
|
+
desc "Upgrade Phusion Passenger"
|
71
|
+
task :upgrade_passenger, :roles => :app do
|
72
|
+
sudo "/opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/gem install passenger"
|
73
|
+
run "sudo /opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/passenger-install-apache2-module --auto"
|
74
|
+
|
75
|
+
put render("passenger.load", binding), "/home/#{user}/passenger.load"
|
76
|
+
put render("passenger.conf", binding), "/home/#{user}/passenger.conf"
|
77
|
+
|
78
|
+
sudo "mv /home/#{user}/passenger.load /etc/apache2/mods-available/"
|
79
|
+
sudo "mv /home/#{user}/passenger.conf /etc/apache2/mods-available/"
|
80
|
+
|
81
|
+
sudo "a2enmod passenger"
|
82
|
+
apache.force_reload
|
83
|
+
end
|
84
|
+
|
85
|
+
|
86
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
namespace :ssh do
|
2
|
+
|
3
|
+
desc <<-DESC
|
4
|
+
Setup SSH on the gateway host. Runs `upload_keys`, `install_ovh_ssh_key` AND \
|
5
|
+
`configure_sshd` then reloads the SSH service to finalize the changes.
|
6
|
+
DESC
|
7
|
+
task :setup, :roles => :gateway do
|
8
|
+
upload_keys
|
9
|
+
configure_sshd
|
10
|
+
install_ovh_ssh_key if ["ovh-rps", "ovh-dedie"].include?(hosting_provider)
|
11
|
+
reload
|
12
|
+
end
|
13
|
+
|
14
|
+
|
15
|
+
desc <<-DESC
|
16
|
+
Uploads your local public SSH keys to the server. A .ssh folder is created if \
|
17
|
+
one does not already exist. The SSH keys default to the ones set in \
|
18
|
+
Capistrano's ssh_options. You can change this by setting ssh_options[:keys] = \
|
19
|
+
["/home/user/.ssh/id_dsa"].
|
20
|
+
|
21
|
+
See "SSH copy" and "SSH Permissions" sections on \
|
22
|
+
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
23
|
+
DESC
|
24
|
+
task :upload_keys, :roles => :gateway do
|
25
|
+
run "mkdir -p ~/.ssh"
|
26
|
+
run "chown -R #{user}:#{user} ~/.ssh"
|
27
|
+
run "chmod 700 ~/.ssh"
|
28
|
+
|
29
|
+
authorized_keys = ssh_options[:keys].collect { |key| File.read("#{key}.pub") }.join("\n")
|
30
|
+
put authorized_keys, "./.ssh/authorized_keys2", :mode => 0600
|
31
|
+
end
|
32
|
+
|
33
|
+
desc <<-DESC
|
34
|
+
Configure SSH daemon with more secure settings recommended by Slicehost. The \
|
35
|
+
will be configured to run on the port configured in Capistrano's "ssh_options". \
|
36
|
+
This defaults to the standard SSH port 22. You can change this by setting \
|
37
|
+
ssh_options[:port] = 3000. Note that this change will not take affect until \
|
38
|
+
reload the SSH service with `cap ssh:reload`.
|
39
|
+
|
40
|
+
See "SSH config" section on \
|
41
|
+
http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
|
42
|
+
DESC
|
43
|
+
task :configure_sshd, :roles => :gateway do
|
44
|
+
put render("sshd_config", binding), "sshd_config"
|
45
|
+
sudo "mv sshd_config /etc/ssh/sshd_config"
|
46
|
+
end
|
47
|
+
|
48
|
+
desc <<-DESC
|
49
|
+
Install OVH SSH Keys
|
50
|
+
DESC
|
51
|
+
task :install_ovh_ssh_key, :roles => :gateway do
|
52
|
+
sudo "wget ftp://ftp.ovh.net/made-in-ovh/cle-ssh-public/installer_la_cle.sh -O installer_la_cle.sh"
|
53
|
+
sudo "sh installer_la_cle.sh"
|
54
|
+
end
|
55
|
+
|
56
|
+
desc <<-DESC
|
57
|
+
Reload SSH service.
|
58
|
+
DESC
|
59
|
+
task :reload, :roles => :gateway do
|
60
|
+
sudo "/etc/init.d/ssh reload"
|
61
|
+
end
|
62
|
+
|
63
|
+
|
64
|
+
end
|