winton-cookbook 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/MIT-LICENSE +20 -0
- data/README.markdown +134 -0
- data/config/debian/bash_profile.erb +9 -0
- data/config/debian/iptables.rules.erb +47 -0
- data/config/debian/locale.gen.erb +1 -0
- data/config/debian/sshd_config.erb +78 -0
- data/config/log/rotate.conf.erb +9 -0
- data/config/mongrel/mongrel.yml.erb +10 -0
- data/config/mongrel/nginx.vhost.erb +177 -0
- data/config/monit/mongrel.erb +12 -0
- data/config/monit/monit.erb +11 -0
- data/config/monit/monitrc.erb +32 -0
- data/config/monit/nginx.vhost.erb +26 -0
- data/config/mysql/my.cnf.erb +137 -0
- data/config/nginx/nginx.conf.erb +30 -0
- data/config/nginx/nginx.erb +57 -0
- data/config/php/init-fastcgi.erb +26 -0
- data/config/php/nginx.vhost.erb +27 -0
- data/config/php/php-fastcgi.erb +2 -0
- data/config/rails/database.yml.erb +13 -0
- data/cookbook.rb +66 -0
- data/cookbook_helpers.rb +119 -0
- data/deploy.rb.example +45 -0
- data/recipes/debian.rb +200 -0
- data/recipes/deploy.rb +50 -0
- data/recipes/gems.rb +77 -0
- data/recipes/log.rb +47 -0
- data/recipes/mongrel.rb +48 -0
- data/recipes/monit.rb +47 -0
- data/recipes/mysql.rb +106 -0
- data/recipes/nginx.rb +79 -0
- data/recipes/php.rb +17 -0
- data/recipes/rails.rb +65 -0
- data/recipes/ssh.rb +64 -0
- data/recipes/stage.rb +34 -0
- metadata +95 -0
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2008 Winton Welsh <mail@wintoni.us>
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.markdown
ADDED
@@ -0,0 +1,134 @@
|
|
1
|
+
Cookbook
|
2
|
+
========
|
3
|
+
|
4
|
+
Cookbook takes you from a fresh Debian/Ubuntu server to a complete Nginx/Rails/PHP stack using purely Capistrano. It also takes care of app deployment and pretty much writes your **config/deploy.rb** file for you.
|
5
|
+
|
6
|
+
|
7
|
+
The stack
|
8
|
+
---------
|
9
|
+
|
10
|
+
* Git
|
11
|
+
* Nginx
|
12
|
+
* Mongrel cluster
|
13
|
+
* Monit
|
14
|
+
* MySQL
|
15
|
+
* PHP (Nginx w/ spawn-fcgi)
|
16
|
+
* Rails
|
17
|
+
* Ruby
|
18
|
+
* RubyGems
|
19
|
+
* Sphinx
|
20
|
+
|
21
|
+
|
22
|
+
Install
|
23
|
+
-------
|
24
|
+
|
25
|
+
(Goto **Set up a PHP app** if deploying a PHP project)
|
26
|
+
|
27
|
+
### Capify your project
|
28
|
+
|
29
|
+
capify .
|
30
|
+
|
31
|
+
### Add cookbook as a Git submodule
|
32
|
+
|
33
|
+
git submodule add git://github.com:winton/cookbook.git config/cookbook
|
34
|
+
|
35
|
+
### Copy deploy.rb
|
36
|
+
|
37
|
+
Copy **config/cookbook/deploy.rb.example** to **config/deploy.rb**
|
38
|
+
|
39
|
+
Edit **config/deploy.rb** to your liking. Run `cap -T` to check out your new tasks.
|
40
|
+
|
41
|
+
|
42
|
+
Create the deploy user
|
43
|
+
----------------------
|
44
|
+
|
45
|
+
### Log in remotely as root
|
46
|
+
|
47
|
+
If you can't log in as root directly, but have the password (ServerBeach):
|
48
|
+
|
49
|
+
su
|
50
|
+
|
51
|
+
### Change root's password if you already haven't
|
52
|
+
|
53
|
+
passwd
|
54
|
+
|
55
|
+
### Add a deploy user
|
56
|
+
|
57
|
+
adduser deploy
|
58
|
+
|
59
|
+
### Edit /etc/sudoers
|
60
|
+
|
61
|
+
visudo
|
62
|
+
|
63
|
+
Add this line to the end of the file. This gives the deploy user "sudo without password" privileges:
|
64
|
+
|
65
|
+
deploy ALL=NOPASSWD: ALL
|
66
|
+
|
67
|
+
### Upload your SSH keys
|
68
|
+
|
69
|
+
cap ssh:setup
|
70
|
+
|
71
|
+
(Just answer no to the first question if you already have local keys generated.)
|
72
|
+
|
73
|
+
|
74
|
+
Set up your fresh Debian server
|
75
|
+
-------------------------------
|
76
|
+
|
77
|
+
### On your machine
|
78
|
+
|
79
|
+
cap debian:setup
|
80
|
+
|
81
|
+
(See **config/cookbook/recipes/debian.rb**. You might want to run the tasks individually to know what's going on.)
|
82
|
+
|
83
|
+
### On the server
|
84
|
+
|
85
|
+
Its probably a good idea to restart the server after all that:
|
86
|
+
|
87
|
+
sudo shutdown -r now
|
88
|
+
|
89
|
+
|
90
|
+
Deploy your app
|
91
|
+
---------------
|
92
|
+
|
93
|
+
### First deploy
|
94
|
+
|
95
|
+
cap deploy:create
|
96
|
+
|
97
|
+
(See **config/cookbook/recipes/deploy.rb** to know what's going on here.)
|
98
|
+
|
99
|
+
Optionally set up log rotation and a monit entry for your mongrels:
|
100
|
+
|
101
|
+
cap log:rotate
|
102
|
+
cap monit:config:mongrel
|
103
|
+
|
104
|
+
### Subsequent deploys
|
105
|
+
|
106
|
+
cap deploy
|
107
|
+
|
108
|
+
|
109
|
+
Deploy staging
|
110
|
+
--------------
|
111
|
+
|
112
|
+
See *Deploy your app*, but replace `cap` with `cap staging`.
|
113
|
+
|
114
|
+
Example:
|
115
|
+
|
116
|
+
cap staging deploy:create
|
117
|
+
|
118
|
+
|
119
|
+
Set up a PHP app
|
120
|
+
----------------
|
121
|
+
|
122
|
+
### Create directories
|
123
|
+
|
124
|
+
config/
|
125
|
+
public/
|
126
|
+
|
127
|
+
Move your site contents into the public directory. Follow instructions in the *Install* section.
|
128
|
+
|
129
|
+
Uncomment this line in deploy.rb:
|
130
|
+
|
131
|
+
#:platform => :php,
|
132
|
+
|
133
|
+
|
134
|
+
##### Copyright (c) 2008 Winton Welsh, released under the MIT license
|
@@ -0,0 +1,9 @@
|
|
1
|
+
export PS1='\e[01;30m\h \e[33m\u \e[01;34m\w\e[00m: '
|
2
|
+
|
3
|
+
alias free="free -m"
|
4
|
+
|
5
|
+
alias aptitude="sudo aptitude"
|
6
|
+
alias update="sudo aptitude update"
|
7
|
+
alias upgrade="sudo aptitude upgrade"
|
8
|
+
alias install="sudo aptitude install"
|
9
|
+
alias remove="sudo aptitude remove"
|
@@ -0,0 +1,47 @@
|
|
1
|
+
*filter
|
2
|
+
|
3
|
+
|
4
|
+
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
|
5
|
+
-A INPUT -i lo -j ACCEPT
|
6
|
+
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
|
7
|
+
|
8
|
+
|
9
|
+
# Accepts all established inbound connections
|
10
|
+
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
11
|
+
|
12
|
+
|
13
|
+
# Allows all outbound traffic
|
14
|
+
# You can modify this to only allow certain traffic
|
15
|
+
-A OUTPUT -j ACCEPT
|
16
|
+
|
17
|
+
|
18
|
+
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
|
19
|
+
-A INPUT -p tcp --dport 80 -j ACCEPT
|
20
|
+
-A INPUT -p tcp --dport 443 -j ACCEPT
|
21
|
+
|
22
|
+
|
23
|
+
# Allows IMAP
|
24
|
+
-A INPUT -p tcp --dport 143 -j ACCEPT
|
25
|
+
|
26
|
+
|
27
|
+
# Allows SSH connections
|
28
|
+
#
|
29
|
+
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
|
30
|
+
#
|
31
|
+
-A INPUT -p tcp -m state --state NEW --dport <%= ssh_port %> -j ACCEPT
|
32
|
+
|
33
|
+
|
34
|
+
# Allow ping
|
35
|
+
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
|
36
|
+
|
37
|
+
|
38
|
+
# log iptables denied calls
|
39
|
+
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
|
40
|
+
|
41
|
+
|
42
|
+
# Reject all other inbound - default deny unless explicitly allowed policy
|
43
|
+
-A INPUT -j REJECT
|
44
|
+
-A FORWARD -j REJECT
|
45
|
+
|
46
|
+
COMMIT
|
47
|
+
# There MUST be a new line after this line!
|
@@ -0,0 +1 @@
|
|
1
|
+
en_US.UTF-8 UTF-8
|
@@ -0,0 +1,78 @@
|
|
1
|
+
# Package generated configuration file
|
2
|
+
# See the sshd(8) manpage for details
|
3
|
+
|
4
|
+
# What ports, IPs and protocols we listen for
|
5
|
+
Port <%= ssh_port %>
|
6
|
+
# Use these options to restrict which interfaces/protocols sshd will bind to
|
7
|
+
#ListenAddress ::
|
8
|
+
#ListenAddress 0.0.0.0
|
9
|
+
Protocol 2
|
10
|
+
# HostKeys for protocol version 2
|
11
|
+
HostKey /etc/ssh/ssh_host_rsa_key
|
12
|
+
HostKey /etc/ssh/ssh_host_dsa_key
|
13
|
+
#Privilege Separation is turned on for security
|
14
|
+
UsePrivilegeSeparation yes
|
15
|
+
|
16
|
+
# Lifetime and size of ephemeral version 1 server key
|
17
|
+
KeyRegenerationInterval 3600
|
18
|
+
ServerKeyBits 768
|
19
|
+
|
20
|
+
# Logging
|
21
|
+
SyslogFacility AUTH
|
22
|
+
LogLevel INFO
|
23
|
+
|
24
|
+
# Authentication:
|
25
|
+
LoginGraceTime 120
|
26
|
+
PermitRootLogin no
|
27
|
+
StrictModes yes
|
28
|
+
|
29
|
+
RSAAuthentication yes
|
30
|
+
PubkeyAuthentication yes
|
31
|
+
#AuthorizedKeysFile %h/.ssh/authorized_keys
|
32
|
+
|
33
|
+
# Don't read the user's ~/.rhosts and ~/.shosts files
|
34
|
+
IgnoreRhosts yes
|
35
|
+
# For this to work you will also need host keys in /etc/ssh_known_hosts
|
36
|
+
RhostsRSAAuthentication no
|
37
|
+
# similar for protocol version 2
|
38
|
+
HostbasedAuthentication no
|
39
|
+
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
|
40
|
+
#IgnoreUserKnownHosts yes
|
41
|
+
|
42
|
+
# To enable empty passwords, change to yes (NOT RECOMMENDED)
|
43
|
+
PermitEmptyPasswords no
|
44
|
+
|
45
|
+
# Change to yes to enable challenge-response passwords (beware issues with
|
46
|
+
# some PAM modules and threads)
|
47
|
+
ChallengeResponseAuthentication no
|
48
|
+
|
49
|
+
# Change to no to disable tunnelled clear text passwords
|
50
|
+
#PasswordAuthentication yes
|
51
|
+
|
52
|
+
# Kerberos options
|
53
|
+
#KerberosAuthentication no
|
54
|
+
#KerberosGetAFSToken no
|
55
|
+
#KerberosOrLocalPasswd yes
|
56
|
+
#KerberosTicketCleanup yes
|
57
|
+
|
58
|
+
# GSSAPI options
|
59
|
+
#GSSAPIAuthentication no
|
60
|
+
#GSSAPICleanupCredentials yes
|
61
|
+
|
62
|
+
X11Forwarding no
|
63
|
+
X11DisplayOffset 10
|
64
|
+
PrintMotd no
|
65
|
+
PrintLastLog yes
|
66
|
+
TCPKeepAlive yes
|
67
|
+
#UseLogin no
|
68
|
+
|
69
|
+
#MaxStartups 10:30:60
|
70
|
+
#Banner /etc/issue.net
|
71
|
+
|
72
|
+
# Allow client to pass locale environment variables
|
73
|
+
AcceptEnv LANG LC_*
|
74
|
+
|
75
|
+
Subsystem sftp /usr/lib/openssh/sftp-server
|
76
|
+
|
77
|
+
UsePAM no
|
78
|
+
UseDNS no
|
@@ -0,0 +1,10 @@
|
|
1
|
+
---
|
2
|
+
user: <%= user %>
|
3
|
+
group: <%= user %>
|
4
|
+
log_file: <%= deploy_to %>/shared/log/mongrel.log
|
5
|
+
cwd: <%= deploy_to %>/current
|
6
|
+
port: <%= mongrel_port %>
|
7
|
+
environment: production
|
8
|
+
pid_file: <%= deploy_to %>/shared/pids/mongrel.pid
|
9
|
+
address: 127.0.0.1
|
10
|
+
servers: <%= mongrels %>
|
@@ -0,0 +1,177 @@
|
|
1
|
+
<% if mongrels > 1 %>
|
2
|
+
upstream mongrel_<%= application %>_<%= stage %> {
|
3
|
+
<% mongrels.times do |x| %>
|
4
|
+
server 127.0.0.1:<%= mongrel_port + x %>;
|
5
|
+
<% end %>
|
6
|
+
}
|
7
|
+
<% end %>
|
8
|
+
|
9
|
+
server {
|
10
|
+
listen 80;
|
11
|
+
|
12
|
+
# Set the max size for file uploads to 50Mb
|
13
|
+
client_max_body_size 50M;
|
14
|
+
|
15
|
+
# sets the domain[s] that this vhost server requests for
|
16
|
+
server_name <%= domains.join ' ' %>;
|
17
|
+
|
18
|
+
# doc root
|
19
|
+
root <%= deploy_to %>/current/public;
|
20
|
+
|
21
|
+
# vhost specific access log
|
22
|
+
access_log <%= deploy_to %>/shared/log/nginx.log main;
|
23
|
+
|
24
|
+
# this rewrites all the requests to the maintenance.html
|
25
|
+
# page if it exists in the doc root. This is for capistrano's
|
26
|
+
# disable web task
|
27
|
+
if (-f $document_root/system/maintenance.html) {
|
28
|
+
rewrite ^(.*)$ /system/maintenance.html last;
|
29
|
+
break;
|
30
|
+
}
|
31
|
+
|
32
|
+
location / {
|
33
|
+
<% if auth_user %>
|
34
|
+
auth_basic "Restricted";
|
35
|
+
auth_basic_user_file <%= nginx_dir %>/htpasswd/<%= application %>_<%= stage %>;
|
36
|
+
<% end %>
|
37
|
+
|
38
|
+
# needed to forward user's IP address to rails
|
39
|
+
proxy_set_header X-Real-IP $remote_addr;
|
40
|
+
|
41
|
+
# needed for HTTPS
|
42
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
43
|
+
proxy_set_header Host $http_host;
|
44
|
+
proxy_redirect false;
|
45
|
+
proxy_max_temp_file_size 0;
|
46
|
+
|
47
|
+
# If the file exists as a static file serve it directly without
|
48
|
+
# running all the other rewite tests on it
|
49
|
+
if (-f $request_filename) {
|
50
|
+
break;
|
51
|
+
}
|
52
|
+
|
53
|
+
# check for index.html for directory index
|
54
|
+
# if its there on the filesystem then rewite
|
55
|
+
# the url to add /index.html to the end of it
|
56
|
+
# and then break to send it to the next config rules.
|
57
|
+
if (-f $request_filename/index.html) {
|
58
|
+
rewrite (.*) $1/index.html break;
|
59
|
+
}
|
60
|
+
|
61
|
+
# this is the meat of the rails page caching config
|
62
|
+
# it adds .html to the end of the url and then checks
|
63
|
+
# the filesystem for that file. If it exists, then we
|
64
|
+
# rewite the url to have explicit .html on the end
|
65
|
+
# and then send it on its way to the next config rule.
|
66
|
+
# if there is no file on the fs then it sets all the
|
67
|
+
# necessary headers and proxies to our upstream mongrels
|
68
|
+
if (-f $request_filename.html) {
|
69
|
+
rewrite (.*) $1.html break;
|
70
|
+
}
|
71
|
+
|
72
|
+
if (!-f $request_filename) {
|
73
|
+
# Use other cluster name here if you are running multiple
|
74
|
+
# virtual hosts.
|
75
|
+
<% if mongrels == 1 %>
|
76
|
+
proxy_pass http://127.0.0.1:<%= mongrel_port %>;
|
77
|
+
<% else %>
|
78
|
+
proxy_pass http://mongrel_<%= application %>_<%= stage %>;
|
79
|
+
<% end %>
|
80
|
+
break;
|
81
|
+
}
|
82
|
+
}
|
83
|
+
|
84
|
+
error_page 500 502 503 504 /500.html;
|
85
|
+
location = /500.html {
|
86
|
+
root <%= deploy_to %>/current/public;
|
87
|
+
}
|
88
|
+
}
|
89
|
+
|
90
|
+
<% if ssl_cert %>
|
91
|
+
server {
|
92
|
+
# port to listen on. Can also be set to an IP:PORT
|
93
|
+
listen 443;
|
94
|
+
|
95
|
+
ssl on;
|
96
|
+
ssl_certificate <%= deploy_to %>/current/cert/cert;
|
97
|
+
ssl_certificate_key <%= deploy_to %>/current/cert/key;
|
98
|
+
|
99
|
+
# Set the max size for file uploads to 50Mb
|
100
|
+
client_max_body_size 50M;
|
101
|
+
|
102
|
+
# sets the domain[s] that this vhost server requests for
|
103
|
+
server_name <%= domains.join ' ' %>;
|
104
|
+
|
105
|
+
# doc root
|
106
|
+
root <%= deploy_to %>/current/public;
|
107
|
+
|
108
|
+
# vhost specific access log
|
109
|
+
access_log <%= deploy_to %>/shared/log/nginx.log main;
|
110
|
+
|
111
|
+
# this rewrites all the requests to the maintenance.html
|
112
|
+
# page if it exists in the doc root. This is for capistrano's
|
113
|
+
# disable web task
|
114
|
+
if (-f $document_root/system/maintenance.html) {
|
115
|
+
rewrite ^(.*)$ /system/maintenance.html last;
|
116
|
+
break;
|
117
|
+
}
|
118
|
+
|
119
|
+
location / {
|
120
|
+
<% if auth_user %>
|
121
|
+
auth_basic "Restricted";
|
122
|
+
auth_basic_user_file <%= nginx_dir %>/htpasswd/<%= application %>_<%= stage %>;
|
123
|
+
<% end %>
|
124
|
+
|
125
|
+
# needed to forward user's IP address to rails
|
126
|
+
proxy_set_header X-Real-IP $remote_addr;
|
127
|
+
|
128
|
+
# needed for HTTPS
|
129
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
130
|
+
proxy_set_header X-FORWARDED_PROTO https;
|
131
|
+
proxy_set_header Host $http_host;
|
132
|
+
proxy_redirect false;
|
133
|
+
proxy_max_temp_file_size 0;
|
134
|
+
|
135
|
+
# If the file exists as a static file serve it directly without
|
136
|
+
# running all the other rewite tests on it
|
137
|
+
if (-f $request_filename) {
|
138
|
+
break;
|
139
|
+
}
|
140
|
+
|
141
|
+
# check for index.html for directory index
|
142
|
+
# if its there on the filesystem then rewite
|
143
|
+
# the url to add /index.html to the end of it
|
144
|
+
# and then break to send it to the next config rules.
|
145
|
+
if (-f $request_filename/index.html) {
|
146
|
+
rewrite (.*) $1/index.html break;
|
147
|
+
}
|
148
|
+
|
149
|
+
# this is the meat of the rails page caching config
|
150
|
+
# it adds .html to the end of the url and then checks
|
151
|
+
# the filesystem for that file. If it exists, then we
|
152
|
+
# rewite the url to have explicit .html on the end
|
153
|
+
# and then send it on its way to the next config rule.
|
154
|
+
# if there is no file on the fs then it sets all the
|
155
|
+
# necessary headers and proxies to our upstream mongrels
|
156
|
+
if (-f $request_filename.html) {
|
157
|
+
rewrite (.*) $1.html break;
|
158
|
+
}
|
159
|
+
|
160
|
+
if (!-f $request_filename) {
|
161
|
+
# Use other cluster name here if you are running multiple
|
162
|
+
# virtual hosts.
|
163
|
+
<% if mongrels == 1 %>
|
164
|
+
proxy_pass http://127.0.0.1:<%= mongrel_port %>;
|
165
|
+
<% else %>
|
166
|
+
proxy_pass http://mongrel_<%= application %>_<%= stage %>;
|
167
|
+
<% end %>
|
168
|
+
break;
|
169
|
+
}
|
170
|
+
}
|
171
|
+
|
172
|
+
error_page 500 502 503 504 /500.html;
|
173
|
+
location = /500.html {
|
174
|
+
root <%= deploy_to %>/current/public;
|
175
|
+
}
|
176
|
+
}
|
177
|
+
<% end %>
|
@@ -0,0 +1,12 @@
|
|
1
|
+
<% mongrels.times do |x| %>
|
2
|
+
check process mongrel_<%= application %>_<%= mongrel_port + x %> with pidfile <%= deploy_to %>/shared/pids/mongrel.<%= mongrel_port + x %>.pid
|
3
|
+
group mongrel
|
4
|
+
start program = "mongrel_rails cluster::start -C <%= "#{mongrel_etc_dir}/#{application}_#{stage}.yml" %> --clean --only <%= mongrel_port + x %>"
|
5
|
+
stop program = "mongrel_rails cluster::stop -C <%= "#{mongrel_etc_dir}/#{application}_#{stage}.yml" %> --clean --only <%= mongrel_port + x %>"
|
6
|
+
if failed host 127.0.0.1 port <%= mongrel_port + x %> protocol http with timeout 10 seconds then restart
|
7
|
+
if totalmem is greater than 110.0 MB for 4 cycles then restart # eating up memory?
|
8
|
+
if cpu is greater than 50% for 2 cycles then alert # send an email to admin
|
9
|
+
if cpu is greater than 80% for 3 cycles then restart # hung process?
|
10
|
+
if loadavg(5min) greater than 10 for 8 cycles then restart # bad, bad, bad
|
11
|
+
if 20 restarts within 20 cycles then timeout # something is wrong, call the sys-admin
|
12
|
+
<% end %>
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# Defaults for monit initscript
|
2
|
+
# sourced by /etc/init.d/monit
|
3
|
+
# installed at /etc/default/monit by maintainer scripts
|
4
|
+
# Fredrik Steen <stone@debian.org>
|
5
|
+
|
6
|
+
# You must set this variable to for monit to start
|
7
|
+
startup=1
|
8
|
+
|
9
|
+
# To change the intervals which monit should run uncomment
|
10
|
+
# and change this variable.
|
11
|
+
# CHECK_INTERVALS=180
|
@@ -0,0 +1,32 @@
|
|
1
|
+
set daemon 60
|
2
|
+
set logfile /var/log/monit.log
|
3
|
+
set mailserver localhost
|
4
|
+
set mail-format { from: <%= monit_from %> }
|
5
|
+
set alert <%= monit_to %>
|
6
|
+
set httpd port <%= monit_port %> and allow <%= monit_auth_user %>:<%= monit_auth_pass %>
|
7
|
+
|
8
|
+
check process sshd with pidfile /var/run/sshd.pid
|
9
|
+
start program "/etc/init.d/ssh start"
|
10
|
+
stop program "/etc/init.d/ssh stop"
|
11
|
+
if failed port <%= ssh_port %> protocol ssh then restart
|
12
|
+
if 5 restarts within 5 cycles then timeout
|
13
|
+
|
14
|
+
check process mysql with pidfile /var/run/mysqld/mysqld.pid
|
15
|
+
group database
|
16
|
+
start program = "/etc/init.d/mysql start"
|
17
|
+
stop program = "/etc/init.d/mysql stop"
|
18
|
+
if failed host 127.0.0.1 port 3306 then restart
|
19
|
+
if 5 restarts within 5 cycles then timeout
|
20
|
+
|
21
|
+
check process nginx with pidfile /usr/local/nginx/logs/nginx.pid
|
22
|
+
group www
|
23
|
+
start program = "/etc/init.d/nginx start"
|
24
|
+
stop program = "/etc/init.d/nginx stop"
|
25
|
+
if 5 restarts with 5 cycles then timeout
|
26
|
+
|
27
|
+
check process spawn-fcgi with pidfile /var/run/spawn-fcgi.pid
|
28
|
+
group php
|
29
|
+
start program = "/etc/init.d/init-fastcgi start"
|
30
|
+
stop program = "/etc/init.d/init-fastcgi stop"
|
31
|
+
if failed host 127.0.0.1 port 9000 then restart
|
32
|
+
if 5 restarts within 5 cycles then timeout
|
@@ -0,0 +1,26 @@
|
|
1
|
+
upstream monit_httpd {
|
2
|
+
server 127.0.0.1:<%= monit_port %>;
|
3
|
+
}
|
4
|
+
|
5
|
+
server {
|
6
|
+
listen 80;
|
7
|
+
|
8
|
+
# sets the domain[s] that this vhost server requests for
|
9
|
+
server_name <%= monit_domain %>;
|
10
|
+
|
11
|
+
# vhost specific access log
|
12
|
+
access_log /var/log/monit.nginx.log main;
|
13
|
+
|
14
|
+
location / {
|
15
|
+
# needed to forward user's IP address
|
16
|
+
proxy_set_header X-Real-IP $remote_addr;
|
17
|
+
|
18
|
+
# needed for HTTPS
|
19
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
20
|
+
proxy_set_header Host $http_host;
|
21
|
+
proxy_redirect false;
|
22
|
+
proxy_max_temp_file_size 0;
|
23
|
+
|
24
|
+
proxy_pass http://monit_httpd;
|
25
|
+
}
|
26
|
+
}
|