ubuntu-machine 0.5.3.2.25

data/lib/capistrano/ext/ubuntu-machine/iptables.rb

@@ -0,0 +1,20 @@
+namespace :iptables do
+  desc <<-DESC
+    Harden iptables configuration. Only allows ssh, http, and https connections and packets from SAN.
+
+    See "iptables" section on \
+    http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
+  DESC
+  task :configure, :roles => :gateway do
+    sudo "apt-get install iptables -y"
+    put render("iptables", binding), "iptables.up.rules"
+    sudo "mv iptables.up.rules /etc/iptables.up.rules"
+    
+    sudo "iptables-restore < /etc/iptables.up.rules"
+    
+    # ensure that the iptables rules are applied when we reboot the server
+    run "cat /etc/network/interfaces > ~/tmp_interfaces"
+    run "echo 'pre-up iptables-restore < /etc/iptables.up.rules' >> ~/tmp_interfaces"
+    sudo "mv ~/tmp_interfaces /etc/network/interfaces"
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/lmsensors.rb

@@ -0,0 +1,26 @@
+require 'yaml'
+namespace :lmsensors do
+  desc "Install lmsensors. Not relevant for virtual servers as they usually do not have sensors available."
+  task :install do
+    sudo "aptitude install -y lm-sensors"
+    to_probe = []
+    sudo "sensors-detect", :pty => true do |ch, stream, data|
+      if [/YES\/no/,/yes\/NO/,/to continue/].find { |regex| data =~ regex}
+        # prompt, and then send the response to the remote process
+        ch.send_data(Capistrano::CLI.ui.ask(data) + "\n")
+      elsif offset = data =~ /#----cut here----\s+# Chip drivers/
+        text = data[offset,data.size - offset]
+        text.gsub!('# Chip drivers','').gsub!('#----cut here----','')
+        to_probe = text.strip.split("\n").map{|str| str.strip}
+        Capistrano::Configuration.default_io_proc.call(ch, stream, data)
+      else
+        # use the default handler for all other text
+        Capistrano::Configuration.default_io_proc.call(ch, stream, data)
+      end
+    end
+    puts "Will modprobe the following modules: %s" % to_probe.join(',')
+    to_probe.each do |mod|
+      sudo "modprobe #{mod}"
+    end
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/machine.rb

@@ -0,0 +1,50 @@
+namespace :machine do
+
+  desc "Change the root password, create a new user and allow him to sudo and to SSH"
+  task :initial_setup do
+    set :user_to_create , user
+    set :user, 'root'
+    
+    run_and_watch_prompt("passwd", [/Enter new UNIX password/, /Retype new UNIX password:/])
+    
+    run_and_watch_prompt("adduser #{user_to_create}", [/Enter new UNIX password/, /Retype new UNIX password:/, /\[\]\:/, /\[y\/N\]/i])
+    
+    # force the non-interactive mode
+    run "cat /etc/environment > ~/environment.tmp"
+    run 'echo DEBIAN_FRONTEND=noninteractive >> ~/environment.tmp'
+    sudo 'mv ~/environment.tmp /etc/environment'
+    # prevent this env variable to be skipped by sudo
+    run "echo 'Defaults env_keep = \"DEBIAN_FRONTEND\"' >> /etc/sudoers"
+
+    run "echo '#{user_to_create} ALL=(ALL)ALL' >> /etc/sudoers"
+    run "echo 'AllowUsers #{user_to_create}' >> /etc/ssh/sshd_config"
+    run "/etc/init.d/ssh reload"
+  end
+  
+  task :configure do
+    ssh.setup
+    iptables.configure
+    aptitude.setup
+  end
+  
+  task :install_dev_tools do
+    mysql.install
+    apache.install
+    ruby.install
+    postfix.install
+    gems.install_rubygems
+    ruby.install_enterprise
+    ruby.install_passenger
+    git.install
+    php.install
+    rails3.install
+  end
+
+  
+  desc = "Ask for a user and change his password"
+  task :change_password do
+    user_to_update = Capistrano::CLI.ui.ask("Name of the user whose you want to update the password : ")
+    
+    run_and_watch_prompt("passwd #{user_to_update}", [/Enter new UNIX password/, /Retype new UNIX password:/])
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/mysql.rb

@@ -0,0 +1,64 @@
+#TODO : change root password
+
+namespace :mysql do
+  desc "Restarts MySQL database server"
+  task :restart, :roles => :db do
+    sudo "/etc/init.d/mysql restart"
+  end
+
+  desc "Starts MySQL database server"
+  task :start, :roles => :db do
+    sudo "/etc/init.d/mysql start"
+  end
+
+  desc "Stops MySQL database server"
+  task :stop, :roles => :db do
+    sudo "/etc/init.d/mysql stop"
+  end
+
+  desc "Export MySQL database"
+  task :export, :roles => :db do
+    database = Capistrano::CLI.ui.ask("Which database should we export: ")
+    sudo_and_watch_prompt("mysqldump -u root -p #{database} > #{database}.sql", /Enter\spassword/)
+    download "#{database}.sql", "#{default_local_files_path}/database.sql"
+    run "rm #{database}.sql"
+  end
+
+  desc "Create a new MySQL database, a new MySQL user, and load a local MySQL dump file"
+  task :create_database, :roles => :db do
+    db_root_password = Capistrano::CLI.ui.ask("MySQL root password : ")
+    db_name = Capistrano::CLI.ui.ask("Which database should we create: ")
+    db_username = Capistrano::CLI.ui.ask("Which database username should we create: ")
+    db_user_password = Capistrano::CLI.ui.ask("Choose a password for the new database username: ")
+    file_to_upload = Capistrano::CLI.ui.ask("Do you want to import a database file? (y/n) : ")
+    if file_to_upload == "y"
+      file = Capistrano::CLI.ui.ask("Which database file should we import (it must be located in #{default_local_files_path}): ")
+      upload "#{default_local_files_path}/#{file}", "#{file}"
+    end
+    create_db_tmp_file = "create_#{db_name}.sql"
+    put render("new_db", binding), create_db_tmp_file
+    run "mysql -u root -p#{db_root_password} < #{create_db_tmp_file}"
+    if file_to_upload == "y"
+      run "mysql -u root -p#{db_root_password} #{db_name} < #{file}"
+      run "rm #{file}"
+    end
+    run "rm #{create_db_tmp_file}"
+  end
+
+  desc "Install MySQL"
+  task :install, :roles => :db do
+    db_root_password = Capistrano::CLI.ui.ask("Choose a MySQL root password : ")
+
+    sudo "aptitude install -y mysql-server mysql-client libmysqlclient15-dev"    
+    run "mysqladmin -u root password #{db_root_password}"    
+  end
+    
+  desc "Ask for a MySQL user and change his password"
+  task :change_password, :roles => :db do
+    user_to_update = Capistrano::CLI.ui.ask("Name of the MySQL user whose you want to update the password : ")
+    old_password = Capistrano::CLI.ui.ask("Old password for #{user_to_update} : ")
+    new_password = Capistrano::CLI.ui.ask("New password for #{user_to_update} : ")
+    
+    run "mysqladmin -u #{user_to_update} -p#{old_password} password \"#{new_password}\""
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/network.rb

@@ -0,0 +1,42 @@
+namespace :network do
+  _cset :network_interfaces_config do
+    abort "Please specify the location of the /etc/network/interfaces config you want to upload.\n For example:\n  set :network_interfaces_config, File.expand_path(File.join(File.dirname(__FILE__),'interfaces'))"
+  end
+  _cset :resolv_config do
+    abort "Please specify the location of the /etc/resolv.conf config you want to upload.\n For example:\n  set :resolv_config, File.expand_path(File.join(File.dirname(__FILE__),'resolv.conf'))"
+  end
+
+  desc "Configure /etc/resolv.conf and /etc/network/interfaces"
+  task :configure do
+    configure_resolv_conf
+    configure_network_interfaces
+  end
+
+  desc "Configure network interfaces"
+  task :configure_network_interfaces do
+    put File.read(network_interfaces_config), "interfaces.tmp"
+    sudo "mv interfaces.tmp /etc/network/interfaces"
+    restart
+  end
+
+  desc "Configure /etc/resolv.conf"
+  task :configure_resolv_conf do
+    put File.read(resolv_config), "resolv.conf.tmp"
+    sudo "mv resolv.conf.tmp /etc/resolv.conf"
+  end
+
+  desc "Start the network"
+  task :start do
+    sudo "/etc/init.d/networking start"
+  end
+
+  desc "Restart the network"
+  task :restart do
+    sudo "/etc/init.d/networking restart"
+  end
+
+  desc "Stop the network"
+  task :stop do
+    sudo "/etc/init.d/networking stop"
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/ntp.rb

@@ -0,0 +1,37 @@
+require 'yaml'
+namespace :ntp do
+  set :ntp_default_ntpd_opts, "NTPD_OPTS='-g'"
+  set :ntp_pool_servers, (0..2).map {|num| "#{num}.pool.ntp.org"}
+
+  desc "Install NTP"
+  task :install do
+    sudo "aptitude install -y ntp"
+    configure
+  end
+
+  desc "Configure NTP"
+  task :configure do
+    put render("ntpdate", binding), "ntpdate.tmp"
+    sudo "mv ntpdate.tmp /etc/default/ntpdate"
+    put render("ntp.conf", binding), "ntp.conf.tmp"
+    sudo "mv ntp.conf.tmp /etc/ntp.conf"
+    run "echo '#{ntp_default_ntpd_opts}' > ntp.tmp"
+    sudo "mv ntp.tmp /etc/default/ntp"
+    restart
+  end
+
+  desc "Start the NTP server"
+  task :start do
+    sudo "/etc/init.d/ntp start"
+  end
+
+  desc "Restart the NTP server"
+  task :restart do
+    sudo "/etc/init.d/ntp restart"
+  end
+
+  desc "Stop the NTP server"
+  task :stop do
+    sudo "/etc/init.d/ntp stop"
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/odbc.rb

@@ -0,0 +1,44 @@
+namespace :odbc do
+  _cset(:odbc_sourcename)  { abort "Please specify the odbc sourcename:\n  set :odbc_sourcename, 'MyFirstSQLServer'" }
+  _cset(:odbc_database)    { abort "Please specify the odbc database:\n  set :odbc_database, 'MyDB'" }
+  _cset(:odbc_host)        { abort "Please specify the odbc host:\n  set :odbc_host, '127.0.0.1'" }
+  _cset :odbc_port,       '1433'
+
+  desc "Install ODBC/FreeTDS"
+  task :install, :roles => :app do
+    profile_lines = ["export ODBCINI=/etc/odbc.ini",
+      "export ODBCSYSINI=/etc",
+      "export FREETDSCONF=/etc/freetds/freetds.conf"]
+    sudo_add_to_file('/etc/profile',profile_lines)
+
+    freetds = "freetds-0.82"
+    sudo "sudo apt-get install unixodbc unixodbc-dev tdsodbc -y"
+    run "wget -nv ftp://ftp.ibiblio.org/pub/Linux/ALPHA/freetds/stable/#{freetds}.tar.gz"
+    run "tar xvzf #{freetds}.tar.gz && cd #{freetds} && ./configure && make"
+    sudo_keepalive
+    run "cd #{freetds} && sudo make install"
+    run "rm #{freetds}.tar.gz && rm -Rf #{freetds}"
+  end
+
+  desc "Install the ruby ODBC library"
+  task :install_rubyodbc, :roles => :app do
+    rubyodbc = "ruby-odbc-0.9996"
+    run "wget -nv http://www.ch-werner.de/rubyodbc/#{rubyodbc}.tar.gz"
+    run "tar xvzf #{rubyodbc}.tar.gz && cd #{rubyodbc} && ruby extconf.rb && make"
+    sudo_keepalive
+    run "cd #{rubyodbc} && sudo make install"
+    run "rm #{rubyodbc}.tar.gz && rm -Rf #{rubyodbc}"
+  end
+
+  desc "Install FreeTDS/ODBC configuration files"
+  task :config_files, :roles => :app do
+    put render("odbc.ini", binding), "odbc.ini"
+    sudo "mv odbc.ini /etc/odbc.ini"
+    put render("odbcinst.ini", binding), "odbcinst.ini"
+    sudo "mv odbcinst.ini /etc/odbcinst.ini"
+    put render("freetds.conf", binding), "more_freetds.conf"
+    run "cat /etc/freetds/freetds.conf more_freetds.conf > freetds.conf"
+    sudo "mv freetds.conf /etc/freetds/freetds.conf"
+    run "rm more_freetds.conf"
+  end
+end

data/lib/capistrano/ext/ubuntu-machine/php.rb

@@ -0,0 +1,8 @@
+namespace :php do
+  desc "Install PHP 5"
+  task :install, :roles => :app do    
+    sudo "apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl -y"
+    sudo "/etc/init.d/apache2 reload"
+  end
+
+end

data/lib/capistrano/ext/ubuntu-machine/postfix.rb

@@ -0,0 +1,7 @@
+namespace :postfix do
+  desc "Install postfix"
+  task :install, :roles => :app do
+    sudo "sudo apt-get install postfix -y"
+  end
+
+end

data/lib/capistrano/ext/ubuntu-machine/rails3.rb

@@ -0,0 +1,7 @@
+namespace :rails3 do
+  desc "Install Rails3"
+  task :install, :roles => :app do
+     sudo "/opt/ruby-enterprise/bin/gem install rails --no-ri --no-rdoc"
+     sudo "apt-get install libxml2-dev libxslt1-dev"
+    end
+end

data/lib/capistrano/ext/ubuntu-machine/ruby.rb

@@ -0,0 +1,86 @@
+require 'net/http'
+
+namespace :ruby do
+  desc "Install Ruby 1.8"
+  task :install, :roles => :app do
+    sudo "apt-get install -y ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8 libreadline-ruby1.8 libruby1.8 libopenssl-ruby sqlite3 libsqlite3-ruby1.8"
+    sudo "apt-get install -y libmysql-ruby1.8"
+
+    sudo "ln -s /usr/bin/ruby1.8 /usr/bin/ruby"
+    sudo "ln -s /usr/bin/ri1.8 /usr/bin/ri"
+    sudo "ln -s /usr/bin/rdoc1.8 /usr/bin/rdoc"
+    sudo "ln -s /usr/bin/irb1.8 /usr/bin/irb"
+  end
+  
+
+  set :ruby_enterprise_url do
+    Net::HTTP.get('www.rubyenterpriseedition.com', '/download.html').scan(/http:.*\.tar\.gz/).first
+  end
+
+  set :ruby_enterprise_version do
+    "#{ruby_enterprise_url[/(ruby-enterprise.*)(.tar.gz)/, 1]}"
+  end
+  
+  set :passenger_version do
+    `gem list passenger$ -r`.gsub(/[\n|\s|passenger|(|)]/,"")
+  end
+  
+
+  desc "Install Ruby Enterpise Edition"
+  task :install_enterprise, :roles => :app do
+    sudo "apt-get install libssl-dev -y"
+    sudo "apt-get install libreadline5-dev -y"
+    
+    run "test ! -d /opt/#{ruby_enterprise_version}"
+    run "wget #{ruby_enterprise_url}"
+    run "tar xzvf #{ruby_enterprise_version}.tar.gz"
+    run "rm #{ruby_enterprise_version}.tar.gz"
+    sudo "./#{ruby_enterprise_version}/installer --auto /opt/#{ruby_enterprise_version}"
+    sudo "rm -rf #{ruby_enterprise_version}/"
+    
+    # create a "permanent" link to the current REE install
+    sudo "ln -s /opt/#{ruby_enterprise_version} /opt/ruby-enterprise" 
+    
+    # add REE bin to the path
+    run "cat /etc/environment > ~/environment.tmp"
+    run 'echo PATH="/opt/ruby-enterprise/bin:$PATH" >> ~/environment.tmp'
+    sudo 'mv ~/environment.tmp /etc/environment'
+  end
+  
+  desc "Install Phusion Passenger"
+  task :install_passenger, :roles => :app do
+    # sudo apt-get install libcurl4-openssl-dev
+	sudo "apt-get install libcurl4-openssl-dev -y"
+
+
+	# rake 0.8.5 needs latest version of rdoc
+    sudo "gem install rdoc"
+    
+    # because  passenger-install-apache2-module do not find the rake installed by REE
+    sudo "gem install rake"
+
+    sudo "apt-get install apache2-mpm-prefork -y"
+    sudo "apt-get install libapr1-dev -y"
+    sudo "apt-get install apache2-prefork-dev -y"
+
+    # call the upgrade_passenger task
+    upgrade_passenger
+  end 
+  
+  desc "Upgrade Phusion Passenger"
+  task :upgrade_passenger, :roles => :app do
+    sudo "/opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/gem install passenger"
+    run "sudo /opt/#{ruby_enterprise_version}/bin/ruby /opt/#{ruby_enterprise_version}/bin/passenger-install-apache2-module --auto"
+
+    put render("passenger.load", binding), "/home/#{user}/passenger.load"
+    put render("passenger.conf", binding), "/home/#{user}/passenger.conf"
+   
+    sudo "mv /home/#{user}/passenger.load /etc/apache2/mods-available/"
+    sudo "mv /home/#{user}/passenger.conf /etc/apache2/mods-available/"
+    
+    sudo "a2enmod passenger"
+    apache.force_reload
+  end
+  
+       
+end

data/lib/capistrano/ext/ubuntu-machine/ssh.rb

@@ -0,0 +1,64 @@
+namespace :ssh do
+  
+  desc <<-DESC
+    Setup SSH on the gateway host. Runs `upload_keys`, `install_ovh_ssh_key` AND \
+    `configure_sshd` then reloads the SSH service to finalize the changes.
+  DESC
+  task :setup, :roles => :gateway do
+    upload_keys
+    configure_sshd
+    install_ovh_ssh_key if ["ovh-rps", "ovh-dedie"].include?(hosting_provider)
+    reload
+  end
+  
+  
+  desc <<-DESC
+    Uploads your local public SSH keys to the server. A .ssh folder is created if \
+    one does not already exist. The SSH keys default to the ones set in \
+    Capistrano's ssh_options. You can change this by setting ssh_options[:keys] = \
+    ["/home/user/.ssh/id_dsa"].
+
+    See "SSH copy" and "SSH Permissions" sections on \
+    http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
+  DESC
+  task :upload_keys, :roles => :gateway do
+    run "mkdir -p ~/.ssh"
+    run "chown -R #{user}:#{user} ~/.ssh"
+    run "chmod 700 ~/.ssh"
+
+    authorized_keys = ssh_options[:keys].collect { |key| File.read("#{key}.pub") }.join("\n")
+    put authorized_keys, "./.ssh/authorized_keys2", :mode => 0600
+  end
+  
+  desc <<-DESC
+    Configure SSH daemon with more secure settings recommended by Slicehost. The \
+    will be configured to run on the port configured in Capistrano's "ssh_options". \
+    This defaults to the standard SSH port 22. You can change this by setting \
+    ssh_options[:port] = 3000. Note that this change will not take affect until \
+    reload the SSH service with `cap ssh:reload`.
+
+    See "SSH config" section on \
+    http://articles.slicehost.com/2008/4/25/ubuntu-hardy-setup-page-1
+  DESC
+  task :configure_sshd, :roles => :gateway do
+    put render("sshd_config", binding), "sshd_config"
+    sudo "mv sshd_config /etc/ssh/sshd_config"
+  end
+  
+  desc <<-DESC
+    Install OVH SSH Keys
+  DESC
+  task :install_ovh_ssh_key, :roles => :gateway do
+    sudo "wget ftp://ftp.ovh.net/made-in-ovh/cle-ssh-public/installer_la_cle.sh -O installer_la_cle.sh"
+    sudo "sh installer_la_cle.sh"
+  end
+  
+  desc <<-DESC
+    Reload SSH service.
+  DESC
+  task :reload, :roles => :gateway do
+    sudo "/etc/init.d/ssh reload"
+  end
+  
+  
+end