winton-cookbook 1.0.2 → 1.0.3

data/lib/templates/mongrel/nginx.vhost.erb

@@ -0,0 +1,177 @@
+<% if mongrels > 1 %>
+upstream mongrel_<%= application %>_<%= stage %> {
+<% mongrels.times do |x| %>
+  server 127.0.0.1:<%= mongrel_port + x %>;
+<% end %>
+}
+<% end %>
+
+server {
+  listen 80;
+  
+  # Set the max size for file uploads to 50Mb
+  client_max_body_size 50M;
+
+  # sets the domain[s] that this vhost server requests for
+  server_name <%= domains.join ' ' %>;
+
+  # doc root
+  root <%= deploy_to %>/current/public;
+
+  # vhost specific access log
+  access_log  <%= deploy_to %>/shared/log/nginx.log main;
+
+  # this rewrites all the requests to the maintenance.html
+  # page if it exists in the doc root. This is for capistrano's
+  # disable web task
+  if (-f $document_root/system/maintenance.html) {
+    rewrite  ^(.*)$  /system/maintenance.html last;
+    break;
+  }
+
+  location / {
+<% if auth_user %>
+    auth_basic            "Restricted";
+    auth_basic_user_file  <%= nginx_dir %>/htpasswd/<%= application %>_<%= stage %>;
+<% end %>
+    
+    # needed to forward user's IP address to rails
+    proxy_set_header  X-Real-IP  $remote_addr;
+
+    # needed for HTTPS
+    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+    proxy_redirect false;
+    proxy_max_temp_file_size 0;
+    
+    # If the file exists as a static file serve it directly without
+    # running all the other rewite tests on it
+    if (-f $request_filename) { 
+      break; 
+    }
+
+    # check for index.html for directory index
+    # if its there on the filesystem then rewite 
+    # the url to add /index.html to the end of it
+    # and then break to send it to the next config rules.
+    if (-f $request_filename/index.html) {
+      rewrite (.*) $1/index.html break;
+    }
+
+    # this is the meat of the rails page caching config
+    # it adds .html to the end of the url and then checks
+    # the filesystem for that file. If it exists, then we
+    # rewite the url to have explicit .html on the end 
+    # and then send it on its way to the next config rule.
+    # if there is no file on the fs then it sets all the 
+    # necessary headers and proxies to our upstream mongrels
+    if (-f $request_filename.html) {
+      rewrite (.*) $1.html break;
+    }
+
+    if (!-f $request_filename) {
+      # Use other cluster name here if you are running multiple
+      # virtual hosts.
+      <% if mongrels == 1 %>
+      proxy_pass http://127.0.0.1:<%= mongrel_port %>;
+      <% else %>
+      proxy_pass http://mongrel_<%= application %>_<%= stage %>;
+      <% end %>
+      break;
+    }
+  }
+
+  error_page   500 502 503 504  /500.html;
+  location = /500.html {
+    root <%= deploy_to %>/current/public;
+  }
+}
+
+<% if ssl_cert %>
+server {
+  # port to listen on. Can also be set to an IP:PORT
+  listen 443;
+  
+  ssl on;
+  ssl_certificate     <%= deploy_to %>/current/cert/cert;
+  ssl_certificate_key <%= deploy_to %>/current/cert/key;
+    
+  # Set the max size for file uploads to 50Mb
+  client_max_body_size 50M;
+
+  # sets the domain[s] that this vhost server requests for
+  server_name <%= domains.join ' ' %>;
+
+  # doc root
+  root <%= deploy_to %>/current/public;
+
+  # vhost specific access log
+  access_log  <%= deploy_to %>/shared/log/nginx.log main;
+
+  # this rewrites all the requests to the maintenance.html
+  # page if it exists in the doc root. This is for capistrano's
+  # disable web task
+  if (-f $document_root/system/maintenance.html) {
+    rewrite  ^(.*)$  /system/maintenance.html last;
+    break;
+  }
+
+  location / {
+<% if auth_user %>
+    auth_basic            "Restricted";
+    auth_basic_user_file  <%= nginx_dir %>/htpasswd/<%= application %>_<%= stage %>;
+<% end %>
+
+    # needed to forward user's IP address to rails
+    proxy_set_header  X-Real-IP  $remote_addr;
+
+    # needed for HTTPS
+    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-FORWARDED_PROTO https;
+    proxy_set_header Host $http_host;
+    proxy_redirect false;
+    proxy_max_temp_file_size 0;
+
+    # If the file exists as a static file serve it directly without
+    # running all the other rewite tests on it
+    if (-f $request_filename) { 
+      break; 
+    }
+
+    # check for index.html for directory index
+    # if its there on the filesystem then rewite 
+    # the url to add /index.html to the end of it
+    # and then break to send it to the next config rules.
+    if (-f $request_filename/index.html) {
+      rewrite (.*) $1/index.html break;
+    }
+
+    # this is the meat of the rails page caching config
+    # it adds .html to the end of the url and then checks
+    # the filesystem for that file. If it exists, then we
+    # rewite the url to have explicit .html on the end 
+    # and then send it on its way to the next config rule.
+    # if there is no file on the fs then it sets all the 
+    # necessary headers and proxies to our upstream mongrels
+    if (-f $request_filename.html) {
+      rewrite (.*) $1.html break;
+    }
+
+    if (!-f $request_filename) {
+      # Use other cluster name here if you are running multiple
+      # virtual hosts.
+      <% if mongrels == 1 %>
+      proxy_pass http://127.0.0.1:<%= mongrel_port %>;
+      <% else %>
+      proxy_pass http://mongrel_<%= application %>_<%= stage %>;
+      <% end %>
+      break;
+    }
+  }
+
+  error_page   500 502 503 504  /500.html;
+  location = /500.html {
+    root <%= deploy_to %>/current/public;
+  }
+}
+<% end %>

data/lib/templates/monit/mongrel.erb

@@ -0,0 +1,12 @@
+<% mongrels.times do |x| %>
+check process mongrel_<%= application %>_<%= mongrel_port + x %> with pidfile <%= deploy_to %>/shared/pids/mongrel.<%= mongrel_port + x %>.pid
+  group mongrel
+  start program = "mongrel_rails cluster::start -C <%= "#{mongrel_etc_dir}/#{application}_#{stage}.yml" %> --clean --only <%= mongrel_port + x %>"
+  stop program  = "mongrel_rails cluster::stop -C <%= "#{mongrel_etc_dir}/#{application}_#{stage}.yml" %> --clean --only <%= mongrel_port + x %>"
+  if failed host 127.0.0.1 port <%= mongrel_port + x %> protocol http with timeout 10 seconds then restart
+  if totalmem is greater than 110.0 MB for 4 cycles then restart      # eating up memory?
+  if cpu is greater than 50% for 2 cycles then alert                  # send an email to admin
+  if cpu is greater than 80% for 3 cycles then restart                # hung process?
+  if loadavg(5min) greater than 10 for 8 cycles then restart          # bad, bad, bad
+  if 20 restarts within 20 cycles then timeout                        # something is wrong, call the sys-admin
+<% end %>

data/lib/templates/monit/monit.erb

@@ -0,0 +1,11 @@
+# Defaults for monit initscript
+# sourced by /etc/init.d/monit
+# installed at /etc/default/monit by maintainer scripts
+# Fredrik Steen <stone@debian.org>
+
+# You must set this variable to for monit to start
+startup=1
+
+# To change the intervals which monit should run uncomment
+# and change this variable.
+# CHECK_INTERVALS=180

data/lib/templates/monit/monitrc.erb

@@ -0,0 +1,32 @@
+set daemon  60
+set logfile /var/log/monit.log
+set mailserver localhost
+set mail-format { from: <%= monit_from %> }
+set alert <%= monit_to %>
+set httpd port <%= monit_port %> and allow <%= monit_auth_user %>:<%= monit_auth_pass %>
+
+check process sshd with pidfile /var/run/sshd.pid
+  start program  "/etc/init.d/ssh start"
+  stop program  "/etc/init.d/ssh stop"
+  if failed port <%= ssh_port %> protocol ssh then restart
+  if 5 restarts within 5 cycles then timeout
+
+check process mysql with pidfile /var/run/mysqld/mysqld.pid
+  group database
+  start program = "/etc/init.d/mysql start"
+  stop program = "/etc/init.d/mysql stop"
+  if failed host 127.0.0.1 port 3306 then restart
+  if 5 restarts within 5 cycles then timeout
+
+check process nginx with pidfile /usr/local/nginx/logs/nginx.pid
+  group www
+  start program = "/etc/init.d/nginx start"
+  stop program  = "/etc/init.d/nginx stop"
+  if 5 restarts with 5 cycles then timeout
+
+check process spawn-fcgi with pidfile /var/run/spawn-fcgi.pid
+  group php
+  start program = "/etc/init.d/init-fastcgi start"
+  stop program = "/etc/init.d/init-fastcgi stop"
+  if failed host 127.0.0.1 port 9000 then restart
+  if 5 restarts within 5 cycles then timeout

data/lib/templates/monit/nginx.vhost.erb

@@ -0,0 +1,26 @@
+upstream monit_httpd {
+  server 127.0.0.1:<%= monit_port %>;
+}
+
+server {
+  listen 80;
+  
+  # sets the domain[s] that this vhost server requests for
+  server_name <%= monit_domain %>;
+
+  # vhost specific access log
+  access_log  /var/log/monit.nginx.log main;
+
+  location / {    
+    # needed to forward user's IP address
+    proxy_set_header  X-Real-IP  $remote_addr;
+
+    # needed for HTTPS
+    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+    proxy_redirect false;
+    proxy_max_temp_file_size 0;
+
+    proxy_pass http://monit_httpd;
+  }
+}

data/lib/templates/mysql/my.cnf.erb

@@ -0,0 +1,137 @@
+#
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+# 
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+[client]
+port            = 3306
+socket          = /var/run/mysqld/mysqld.sock
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+# This was formally known as [safe_mysqld]. Both versions are currently parsed.
+[mysqld_safe]
+socket          = /var/run/mysqld/mysqld.sock
+nice            = 0
+
+[mysqld]
+#
+# * Basic Settings
+#
+user            = mysql
+pid-file        = /var/run/mysqld/mysqld.pid
+socket          = /var/run/mysqld/mysqld.sock
+port            = 3306
+basedir         = /usr
+datadir         = /var/lib/mysql
+tmpdir          = /tmp
+language        = /usr/share/mysql/english
+skip-external-locking
+#
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address            = 127.0.0.1
+#
+# * Fine Tuning
+#
+key_buffer              = 256M
+max_allowed_packet      = 16M
+thread_stack            = 128K
+thread_cache_size       = 8
+max_connections         = 500
+table_cache             = 1536
+#thread_concurrency     = 10
+#
+# * Query Cache Configuration
+#
+query_cache_limit       = 1M
+query_cache_size        = 16M
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+#log            = /var/log/mysql/mysql.log
+#
+# Error logging goes to syslog. This is a Debian improvement :)
+#
+# Here you can see queries with especially long duration
+#log_slow_queries       = /var/log/mysql/mysql-slow.log
+#long_query_time = 2
+#log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+#server-id              = 1
+log_bin                 = /var/log/mysql/mysql-bin.log
+# WARNING: Using expire_logs_days without bin_log crashes the server! See README.Debian!
+expire_logs_days        = 10
+max_binlog_size         = 100M
+#binlog_do_db           = include_database_name
+#binlog_ignore_db       = include_database_name
+#
+# * BerkeleyDB
+#
+# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
+skip-bdb
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
+skip-innodb
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+
+
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet      = 16M
+
+[mysql]
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer              = 16M
+
+#
+# * NDB Cluster
+#
+# See /usr/share/doc/mysql-server-*/README.Debian for more information.
+#
+# The following configuration is read by the NDB Data Nodes (ndbd processes)
+# not from the NDB Management Nodes (ndb_mgmd processes).
+#
+# [MYSQL_CLUSTER]
+# ndb-connectstring=127.0.0.1
+
+
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+#
+!includedir /etc/mysql/conf.d/

data/lib/templates/nginx/nginx.conf.erb

@@ -0,0 +1,30 @@
+worker_processes  3;
+
+events {
+    worker_connections  1024;
+}
+
+http {    
+    default_type  application/octet-stream;
+
+    sendfile      on;
+    tcp_nopush    on;
+    tcp_nodelay   off;
+
+    keepalive_timeout  65;
+
+    gzip              on;
+    gzip_http_version 1.0;
+    gzip_comp_level   2;
+    gzip_proxied      any;
+    gzip_types        text/plain text/html text/css application/x-javascript text/xml 
+                      application/xml application/xml+rss text/javascript;
+    
+    log_format  main  '$remote_addr - $remote_user [$time_local] $request '
+                      '"$status" $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+    
+    include   mime.types;
+    include   fastcgi_params;
+    include   vhosts/*.conf;
+}

data/lib/templates/nginx/nginx.erb

@@ -0,0 +1,57 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides:          nginx
+# Required-Start:    $all
+# Required-Stop:     $all
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: starts the nginx web server
+# Description:       starts nginx using start-stop-daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/local/sbin/nginx
+NAME=nginx
+DESC=nginx
+
+test -x $DAEMON || exit 0
+set -e
+
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        start-stop-daemon --start --quiet --pidfile /usr/local/nginx/logs/$NAME.pid \
+                --exec $DAEMON -- $DAEMON_OPTS
+        echo "$NAME started."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        start-stop-daemon --stop --quiet --pidfile /usr/local/nginx/logs/$NAME.pid \
+                --exec $DAEMON
+        echo "$NAME stopped."
+        ;;
+
+  restart|force-reload)
+        echo -n "Restarting $DESC: "
+        start-stop-daemon --stop --quiet --pidfile \
+                /usr/local/nginx/logs/$NAME.pid --exec $DAEMON
+        sleep 1
+        start-stop-daemon --start --quiet --pidfile \
+                /usr/local/nginx/logs/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS
+        echo "$NAME restarted."
+        ;;
+  reload)
+      echo -n "Reloading $DESC configuration: "
+      start-stop-daemon --stop --signal HUP --quiet --pidfile /usr/local/nginx/logs/$NAME.pid \
+          --exec $DAEMON
+      echo "$NAME reloaded."
+      ;;
+  *)
+        N=/etc/init.d/$NAME
+        echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+        exit 1
+        ;;
+esac
+
+exit 0

data/lib/templates/php/init-fastcgi.erb

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+PHP_SCRIPT=/usr/local/bin/php-fastcgi
+RETVAL=0
+
+case "$1" in
+ start)
+  $PHP_SCRIPT
+  RETVAL=$?
+;;
+ stop)
+  killall -9 php5-cgi
+  RETVAL=$?
+;;
+ restart)
+  killall -9 php5-cgi
+  $PHP_SCRIPT
+  RETVAL=$?
+;;
+ *)
+  echo "Usage: php-fastcgi {start|stop|restart}"
+  exit 1
+;;
+esac
+
+exit $RETVAL

data/lib/templates/php/nginx.vhost.erb

@@ -0,0 +1,27 @@
+server {
+  listen       80;
+  server_name  <%= domains.join ' ' %>;
+
+  access_log  <%= deploy_to %>/shared/log/nginx.log main;
+
+  location / {
+      root   <%= deploy_to %>/current/public;
+      index  index.html index.htm;
+  }
+  
+  # redirect server error pages to the static page /50x.html
+  
+  error_page   500 502 503 504  /50x.html;
+  location = /50x.html {
+      root   <%= deploy_to %>/current/public;
+  }
+
+  # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+  
+  location ~ \.php$ {
+      fastcgi_pass   127.0.0.1:9000;
+      fastcgi_index  index.php;
+      fastcgi_param  SCRIPT_FILENAME  <%= deploy_to %>/current/public$fastcgi_script_name;
+      include        fastcgi_params;
+  }
+}

data/lib/templates/php/php-fastcgi.erb

@@ -0,0 +1,2 @@
+#!/bin/sh
+/usr/local/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -f /usr/bin/php5-cgi -P /var/run/spawn-fcgi.pid

data/lib/templates/rails/database.yml.erb

@@ -0,0 +1,13 @@
+development: &defaults
+  adapter: mysql
+  database: <%= db_table %>
+  username: <%= db_user %>
+  password: <%= db_pass %>
+  host: localhost
+  socket: /var/run/mysqld/mysqld.sock
+
+test:
+  <<: *defaults
+
+production:
+  <<: *defaults

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: winton-cookbook
 version: !ruby/object:Gem::Version 
-  version: 1.0.2
+  version: 1.0.3
 platform: ruby
 authors: 
 - Winton Welsh
@@ -23,6 +23,48 @@ extra_rdoc_files: []
 
 files: 
 - deploy.rb.example
+- lib/recipes
+- lib/cookbook.rb
+- lib/cookbook_helpers.rb
+- lib/templates
+- lib/recipes/debian.rb
+- lib/recipes/mongrel.rb
+- lib/recipes/deploy.rb
+- lib/recipes/rails.rb
+- lib/recipes/monit.rb
+- lib/recipes/gems.rb
+- lib/recipes/log.rb
+- lib/recipes/php.rb
+- lib/recipes/ssh.rb
+- lib/recipes/stage.rb
+- lib/recipes/nginx.rb
+- lib/recipes/mysql.rb
+- lib/templates/log
+- lib/templates/log/rotate.conf.erb
+- lib/templates/php
+- lib/templates/php/php-fastcgi.erb
+- lib/templates/php/init-fastcgi.erb
+- lib/templates/php/nginx.vhost.erb
+- lib/templates/monit
+- lib/templates/monit/nginx.vhost.erb
+- lib/templates/monit/monitrc.erb
+- lib/templates/monit/mongrel.erb
+- lib/templates/monit/monit.erb
+- lib/templates/nginx
+- lib/templates/nginx/nginx.erb
+- lib/templates/nginx/nginx.conf.erb
+- lib/templates/mysql
+- lib/templates/mysql/my.cnf.erb
+- lib/templates/rails
+- lib/templates/rails/database.yml.erb
+- lib/templates/debian
+- lib/templates/debian/sshd_config.erb
+- lib/templates/debian/iptables.rules.erb
+- lib/templates/debian/bash_profile.erb
+- lib/templates/debian/locale.gen.erb
+- lib/templates/mongrel
+- lib/templates/mongrel/nginx.vhost.erb
+- lib/templates/mongrel/mongrel.yml.erb
 - MIT-LICENSE
 - README.markdown
 has_rdoc: false