winton-cookbook 1.0.2 → 1.0.3

data/lib/recipes/mysql.rb

@@ -0,0 +1,106 @@
+Capistrano::Configuration.instance(:must_exist).load do
+  
+  namespace :mysql do 
+    namespace :create do
+      desc "Create database and user"
+      task :default, :roles => :db do
+        mysql.create.db
+        mysql.create.user
+      end
+      
+      desc "Create database"
+      task :db, :roles => :db do
+        mysql_run "CREATE DATABASE #{db_table}"
+      end
+    
+      desc "Create database user"
+      task :user, :roles => :db do
+        mysql_run [
+          "CREATE USER '#{db_user}'@'localhost' IDENTIFIED BY '#{db_pass}'",
+          "GRANT ALL PRIVILEGES ON *.* TO '#{db_user}'@'localhost'"
+        ]
+      end
+    end
+    
+    namespace :update do
+      desc 'Update mysql root password'
+      task :root_password, :roles => :db do
+        old_pass = ask "Current root password? (default: none)"
+        new_pass = ask "New root password? (default: none)"
+        sudo "mysqladmin -u root #{old_pass.empty? ? '' : "--password=#{old_pass} "}password #{new_pass}"
+      end
+    end
+  
+    namespace :destroy do
+      desc "Destroy database and user"
+      task :default, :roles => :db do
+        mysql.destroy.db
+        mysql.destroy.user
+      end
+      
+      desc "Destroy database"
+      task :db, :roles => :db do
+        mysql_run "DROP DATABASE #{db_table}"
+      end
+      
+      desc "Destroy database user"
+      task :user, :roles => :db do
+        mysql_run [
+          "REVOKE ALL PRIVILEGES, GRANT OPTION FROM '#{db_user}'@'localhost'",
+          "DROP USER '#{db_user}'@'localhost'"
+        ]
+      end
+    end
+    
+    desc "Updates my.cnf from the file in config/cookbook"
+    task :config, :roles => :db do
+      question = [
+        "This task updates your server's my.cnf (MySQL config) with the one in config/cookbook.",
+        "OK?"
+      ]
+      if yes(question)
+        upload_from_erb "#{mysql_dir}/my.cnf", binding, :chown => 'root', :chmod => '0644', :folder => 'mysql'
+        sudo "/etc/init.d/mysql restart"
+      end
+    end
+    
+    namespace :backup do
+      desc "Backup database to local"
+      task :to_local, :roles => :db do
+        to_server
+        system "mkdir -p ~/db_backups/#{stage}/#{application}"
+        get "#{shared_path}/db_backups/#{backup_name}.bz2", File.expand_path("~/db_backups/#{stage}/#{application}/#{backup_name}.bz2")
+      end
+      
+      desc "Backup database to remote"
+      task :to_server, :roles => :db do
+        run_each [
+          "mkdir -p #{shared_path}/db_backups",
+          "mysqldump --add-drop-table -u #{db_user} -p#{db_pass} #{db_table}_production | bzip2 -c > #{shared_path}/db_backups/#{backup_name}.bz2"
+        ]
+      end
+      
+      desc "Upload local backup to remote"
+      task :local_to_server, :roles => :db do
+        from = File.expand_path("~/db_backups/#{stage}/#{application}/#{backup_name}.bz2")
+        if File.exists?(from)
+          run_each "mkdir -p #{shared_path}/db_backups"
+          upload from, "#{shared_path}/db_backups/#{backup_name}.bz2"
+        else
+          puts "Does not exist: #{from}"
+        end
+      end
+      
+      desc "Restore remote database from backup"
+      task :restore, :roles => :db do
+        run_each "bunzip2 < #{shared_path}/db_backups/#{backup_name}.bz2 | mysql -u #{db_user} --password=#{db_pass} #{db_table}"
+      end
+      
+      def backup_name
+        now = Time.now
+        [ now.year, now.month, now.day ].join('-') + '.sql'
+      end
+    end
+  end
+
+end

data/lib/recipes/nginx.rb

@@ -0,0 +1,79 @@
+Capistrano::Configuration.instance(:must_exist).load do
+
+  namespace :nginx do
+    desc "Restart nginx"
+    task :restart, :roles => :app do
+      deploy.nginx.stop
+      deploy.nginx.start
+    end
+
+    desc "Start nginx"
+    task :start, :roles => :app do
+      sudo "/etc/init.d/nginx start"
+    end
+
+    desc "Stop nginx"
+    task :stop, :roles => :app do
+      sudo "/etc/init.d/nginx stop"
+    end
+    
+    namespace :config do
+      desc "Generate remote application config"
+      task :default, :roles => :app do
+        if auth_user
+          sudo_each [
+            "mkdir -p #{nginx_dir}/htpasswd",
+            "htpasswd -bc #{nginx_dir}/htpasswd/#{application}_#{stage} #{auth_user} #{auth_pass}"
+          ]
+        end
+      end
+      
+      desc "Destroy all files created by config"
+      task :destroy, :roles => :app do
+        sudo_each "rm -f #{nginx_dir}/htpasswd/#{application}_#{stage}"
+      end
+      
+      namespace :run_once do
+        desc "Generate remote system config (run once)"
+        task :default, :roles => :app do
+          question = [
+            "This task updates your server's nginx.conf with the one in config/cookbook.",
+            "OK?"
+          ]
+          if yes(question)
+            sudo_each [
+              "mkdir -p #{nginx_dir}/vhosts",
+              "chmod 0755 #{nginx_dir}/vhosts"
+            ]
+            upload_from_erb "#{nginx_dir}/nginx.conf", binding, :chown => 'root', :chmod => '0644', :folder => 'nginx'
+          end
+        end
+        
+        desc "Destroy remote system config"
+        task :destroy, :roles => :app do
+          sudo_each "rm -f #{nginx_dir}/nginx.conf"
+        end
+      end
+      
+      namespace :ssl do
+        desc "Generate SSL key"
+        task :default, :roles => :app do
+          # http://www.geotrust.com/quickssl/csr
+          question = [
+            "This task creates cert/key and cert/csr. Press enter for all optional SSL questions.",
+            "Use these files when buying an SSL cert.",
+            '',
+            "Place the purchased cert in cert/cert. Set :ssl_cert => true in deploy.rb.",
+            "OK?"
+          ]
+          if yes(question)
+            system 'mkdir -p cert'
+            system 'openssl genrsa -out cert/key 1024'
+            system 'openssl req -new -key cert/key -out cert/csr'
+          end
+        end
+      end
+    end
+  end
+
+end

data/lib/recipes/php.rb

@@ -0,0 +1,17 @@
+Capistrano::Configuration.instance(:must_exist).load do
+  
+  namespace :php do
+    namespace :config do
+      desc "Generate remote application config"
+      task :default, :roles => :app do
+        php.config.nginx
+      end
+      
+      desc "Generate remote Nginx vhost"
+      task :nginx, :roles => :app do
+        upload_from_erb "#{nginx_dir}/vhosts/#{application}_#{stage}.conf", binding, :folder => 'php', :name => 'nginx.vhost'
+      end
+    end
+  end
+  
+end

data/lib/recipes/rails.rb

@@ -0,0 +1,65 @@
+Capistrano::Configuration.instance(:must_exist).load do
+
+  namespace :rails do
+    namespace :config do
+      desc "Copies all files in cookbook/rails to shared config"
+      task :default, :roles => :app do
+        run "mkdir -p #{shared_path}/config"
+        Dir[File.expand_path('../config/rails/*', File.dirname(__FILE__))].each do |f|
+          upload_from_erb "#{shared_path}/config/#{File.basename(f, '.erb')}", binding, :folder => 'rails'
+        end
+      end
+      
+      desc "Copies yml files in the shared config folder into our app config"
+      task :to_app, :roles => :app do
+        run "cp -Rf #{shared_path}/config/* #{release_path}/config"
+      end
+      
+      desc "Configure asset_packager" 
+      task :asset_packager do
+        run "source ~/.bash_profile && cd #{release_path} && rake RAILS_ENV=production asset:packager:build_all"
+      end
+      
+      desc "Configure attachment_fu"
+      task :attachment_fu, :roles => :app do
+        run_each [
+          "mkdir -p #{shared_path}/media",
+          "ln -sf #{shared_path}/media #{release_path}/public/media"
+        ]
+        sudo_each [
+          "mkdir -p #{release_path}/tmp/attachment_fu",
+          "chown -R #{user} #{release_path}/tmp/attachment_fu"
+        ]
+      end
+      
+      namespace :ultrasphinx do
+        desc "Configures ultrasphinx"
+        task :default, :roles => :app do
+          sudo "cd #{release_path} && rake RAILS_ENV=production ultrasphinx:configure"
+        end
+        
+        desc "Stop ultrasphinx"
+        task :stop, :roles => :app do
+          sudo "cd #{release_path} && rake RAILS_ENV=production ultrasphinx:daemon:stop"
+        end
+        
+        desc "Start ultrasphinx"
+        task :start, :roles => :app do
+          sudo "cd #{release_path} && rake RAILS_ENV=production ultrasphinx:daemon:start"
+        end
+        
+        desc "Restart ultrasphinx"
+        task :restart, :roles => :app do
+          rails.config.ultrasphinx.stop
+          rails.config.ultrasphinx.start
+        end
+      end
+    end
+    
+    desc "Intialize Git submodules"
+    task :setup_git, :roles => :app do
+      run "cd #{release_path}; git submodule init; git submodule update"
+    end
+  end
+
+end

data/lib/recipes/ssh.rb

@@ -0,0 +1,64 @@
+Capistrano::Configuration.instance(:must_exist).load do
+  
+  namespace :ssh do
+    desc 'Generate ssh keys and upload to server'
+    task :setup do
+      ssh.create_keys
+      ssh.upload_keys
+    end
+    
+    desc "Creates an rsa ssh key pair in your ~/.ssh folder"
+    task :create_keys do
+      question = [
+        "This task generates a rsa ssh key pair in your ~/.ssh folder.",
+        "OK?"
+      ]
+      system('ssh-keygen -t rsa') if yes(question)
+    end
+    
+    desc "Creates an rsa ssh key pair in the server's ~/.ssh folder"
+    task :create_server_keys do
+      question = [
+        "This task generates a rsa ssh key pair in the server's ~/.ssh folder and displays the public key.",
+        "OK?"
+      ]
+      if yes(question)
+        usr  = ask "Create ssh keys for which user? (default: #{user})", user
+        pass = ask "Enter a password for this key:"
+        
+        sudo_each [
+          "ssh-keygen -t rsa -N '#{pass}' -q -f /home/#{usr}/.ssh/id_rsa",
+          "chmod 0700 /home/#{usr}/.ssh",
+          "chown -R #{usr} /home/#{usr}/.ssh"
+        ]
+        sudo_puts "tail -1 /home/#{usr}/.ssh/id_rsa.pub"
+      end
+    end
+    
+    desc "Copies contents of ssh public keys into authorized_keys file"
+    task :upload_keys do
+      question = [
+        "This task copies all of your public keys in ~/.ssh to the server's authorized_keys.",
+        "OK?"
+      ]
+      if yes(question)
+        usr  = ask "Upload ssh public keys to which user? (default: #{user})", user
+        keys = ask "Press enter to copy all public keys (~/.ssh/*.pub), or paste a key: ", get_ssh_keys
+      
+        if k.empty?
+          ssh.setup if yes("No keys found. Generate ssh keys now?")
+        else
+          sudo_each [
+            "mkdir /home/#{usr}/.ssh",
+            "touch /home/#{usr}/.ssh/authorized_keys",
+            "echo \"#{keys}\" >> /home/#{usr}/.ssh/authorized_keys",
+            "chmod 0700 /home/#{usr}/.ssh",
+            "chmod 0600 /home/#{usr}/.ssh/authorized_keys",
+            "chown -R #{usr} /home/#{usr}/.ssh",
+          ]
+        end
+      end
+    end
+  end
+
+end

data/lib/recipes/stage.rb

@@ -0,0 +1,34 @@
+Capistrano::Configuration.instance(:must_exist).load do
+
+  desc 'Set the target stage to staging'
+  task :staging do
+    set :stage, :staging
+  end
+
+  desc 'Set the target stage to test'
+  task :testing do
+    set :stage, :test
+  end
+  
+  # None of this works in a namespace
+  desc 'Set up stage-dependent properties'
+  task :setup_stage do
+    set :base_dir,       "#{cookbook[:base_dir]}/#{stage}"
+    set :deploy_to,      "#{base_dir}/#{application}"
+  
+    set :db_table,       application + (stage == :staging ? "_#{stage}" : '')
+    set :mongrel_port,   cookbook[:mongrel_port] + production_mongrels if stage == :staging
+    
+    set :domain,         cookbook[stage][:domain]
+    set :domains,       (cookbook[stage][:other_domains] || []) + [ domain ]
+    set :branch,         cookbook[stage][:branch] || 'master'
+    set :mongrels,       cookbook[stage][:mongrels]
+    set :auth_user,      cookbook[stage][:auth_user]
+    set :auth_pass,      cookbook[stage][:auth_pass]
+
+    role :app, domain
+    role :web, domain
+    role :db,  domain, :primary => true
+  end
+  
+end

data/lib/templates/debian/bash_profile.erb

@@ -0,0 +1,9 @@
+export PS1='\e[01;30m\h \e[33m\u \e[01;34m\w\e[00m: '
+
+alias free="free -m"
+
+alias aptitude="sudo aptitude"
+alias update="sudo aptitude update"
+alias upgrade="sudo aptitude upgrade"
+alias install="sudo aptitude install"
+alias remove="sudo aptitude remove"

data/lib/templates/debian/iptables.rules.erb

@@ -0,0 +1,47 @@
+*filter
+
+
+#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
+
+
+#  Accepts all established inbound connections
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+
+#  Allows all outbound traffic
+#  You can modify this to only allow certain traffic
+-A OUTPUT -j ACCEPT
+
+
+# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
+-A INPUT -p tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp --dport 443 -j ACCEPT
+
+
+# Allows IMAP
+-A INPUT -p tcp --dport 143 -j ACCEPT
+
+
+# Allows SSH connections
+#
+# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
+#
+-A INPUT -p tcp -m state --state NEW --dport <%= ssh_port %> -j ACCEPT
+
+
+# Allow ping
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
+
+
+# log iptables denied calls
+-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
+
+
+# Reject all other inbound - default deny unless explicitly allowed policy
+-A INPUT -j REJECT
+-A FORWARD -j REJECT
+
+COMMIT
+# There MUST be a new line after this line!

data/lib/templates/debian/locale.gen.erb

@@ -0,0 +1 @@
+en_US.UTF-8 UTF-8

data/lib/templates/debian/sshd_config.erb

@@ -0,0 +1,78 @@
+# Package generated configuration file
+# See the sshd(8) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port <%= ssh_port %>
+# Use these options to restrict which interfaces/protocols sshd will bind to
+#ListenAddress ::
+#ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+#Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+# Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin no
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+#AuthorizedKeysFile     %h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+#PasswordAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding no
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+UsePAM no
+UseDNS no

data/lib/templates/log/rotate.conf.erb

@@ -0,0 +1,9 @@
+<%= shared_path %>/log/*.log {
+  daily
+  missingok
+  rotate 7
+  compress
+  delaycompress
+  notifempty
+  copytruncate
+}

data/lib/templates/mongrel/mongrel.yml.erb

@@ -0,0 +1,10 @@
+--- 
+user: <%= user %>
+group: <%= user %>
+log_file: <%= deploy_to %>/shared/log/mongrel.log
+cwd: <%= deploy_to %>/current
+port: <%= mongrel_port %>
+environment: production
+pid_file: <%= deploy_to %>/shared/pids/mongrel.pid
+address: 127.0.0.1
+servers: <%= mongrels %>