winton-cookbook 1.0.1 → 1.0.2

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: winton-cookbook
 version: !ruby/object:Gem::Version 
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors: 
 - Winton Welsh
@@ -22,49 +22,9 @@ extensions: []
 extra_rdoc_files: []
 
 files: 
-- config/log
-- config/log/rotate.conf.erb
-- config/php
-- config/php/php-fastcgi.erb
-- config/php/init-fastcgi.erb
-- config/php/nginx.vhost.erb
-- config/monit
-- config/monit/nginx.vhost.erb
-- config/monit/monitrc.erb
-- config/monit/mongrel.erb
-- config/monit/monit.erb
-- config/nginx
-- config/nginx/nginx.erb
-- config/nginx/nginx.conf.erb
-- config/mysql
-- config/mysql/my.cnf.erb
-- config/rails
-- config/rails/database.yml.erb
-- config/debian
-- config/debian/sshd_config.erb
-- config/debian/iptables.rules.erb
-- config/debian/bash_profile.erb
-- config/debian/locale.gen.erb
-- config/mongrel
-- config/mongrel/nginx.vhost.erb
-- config/mongrel/mongrel.yml.erb
-- cookbook.rb
-- cookbook_helpers.rb
 - deploy.rb.example
 - MIT-LICENSE
 - README.markdown
-- recipes/debian.rb
-- recipes/mongrel.rb
-- recipes/deploy.rb
-- recipes/rails.rb
-- recipes/monit.rb
-- recipes/gems.rb
-- recipes/log.rb
-- recipes/php.rb
-- recipes/ssh.rb
-- recipes/stage.rb
-- recipes/nginx.rb
-- recipes/mysql.rb
 has_rdoc: false
 homepage: http://github.com/winton/cookbook
 post_install_message: 

data/config/debian/bash_profile.erb

@@ -1,9 +0,0 @@
-export PS1='\e[01;30m\h \e[33m\u \e[01;34m\w\e[00m: '
-
-alias free="free -m"
-
-alias aptitude="sudo aptitude"
-alias update="sudo aptitude update"
-alias upgrade="sudo aptitude upgrade"
-alias install="sudo aptitude install"
-alias remove="sudo aptitude remove"

data/config/debian/iptables.rules.erb

@@ -1,47 +0,0 @@
-*filter
-
-
-#  Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
--A INPUT -i lo -j ACCEPT
--A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
-
-
-#  Accepts all established inbound connections
--A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-
-
-#  Allows all outbound traffic
-#  You can modify this to only allow certain traffic
--A OUTPUT -j ACCEPT
-
-
-# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
--A INPUT -p tcp --dport 80 -j ACCEPT
--A INPUT -p tcp --dport 443 -j ACCEPT
-
-
-# Allows IMAP
--A INPUT -p tcp --dport 143 -j ACCEPT
-
-
-# Allows SSH connections
-#
-# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
-#
--A INPUT -p tcp -m state --state NEW --dport <%= ssh_port %> -j ACCEPT
-
-
-# Allow ping
--A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-
-
-# log iptables denied calls
--A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-
-
-# Reject all other inbound - default deny unless explicitly allowed policy
--A INPUT -j REJECT
--A FORWARD -j REJECT
-
-COMMIT
-# There MUST be a new line after this line!

data/config/debian/locale.gen.erb

@@ -1 +0,0 @@
-en_US.UTF-8 UTF-8

data/config/debian/sshd_config.erb

@@ -1,78 +0,0 @@
-# Package generated configuration file
-# See the sshd(8) manpage for details
-
-# What ports, IPs and protocols we listen for
-Port <%= ssh_port %>
-# Use these options to restrict which interfaces/protocols sshd will bind to
-#ListenAddress ::
-#ListenAddress 0.0.0.0
-Protocol 2
-# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-#Privilege Separation is turned on for security
-UsePrivilegeSeparation yes
-
-# Lifetime and size of ephemeral version 1 server key
-KeyRegenerationInterval 3600
-ServerKeyBits 768
-
-# Logging
-SyslogFacility AUTH
-LogLevel INFO
-
-# Authentication:
-LoginGraceTime 120
-PermitRootLogin no
-StrictModes yes
-
-RSAAuthentication yes
-PubkeyAuthentication yes
-#AuthorizedKeysFile     %h/.ssh/authorized_keys
-
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-RhostsRSAAuthentication no
-# similar for protocol version 2
-HostbasedAuthentication no
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
-
-# To enable empty passwords, change to yes (NOT RECOMMENDED)
-PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Change to no to disable tunnelled clear text passwords
-#PasswordAuthentication yes
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosGetAFSToken no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-X11Forwarding no
-X11DisplayOffset 10
-PrintMotd no
-PrintLastLog yes
-TCPKeepAlive yes
-#UseLogin no
-
-#MaxStartups 10:30:60
-#Banner /etc/issue.net
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-UsePAM no
-UseDNS no

data/config/log/rotate.conf.erb

@@ -1,9 +0,0 @@
-<%= shared_path %>/log/*.log {
-  daily
-  missingok
-  rotate 7
-  compress
-  delaycompress
-  notifempty
-  copytruncate
-}

data/config/mongrel/mongrel.yml.erb

@@ -1,10 +0,0 @@
---- 
-user: <%= user %>
-group: <%= user %>
-log_file: <%= deploy_to %>/shared/log/mongrel.log
-cwd: <%= deploy_to %>/current
-port: <%= mongrel_port %>
-environment: production
-pid_file: <%= deploy_to %>/shared/pids/mongrel.pid
-address: 127.0.0.1
-servers: <%= mongrels %>

data/config/mongrel/nginx.vhost.erb

@@ -1,177 +0,0 @@
-<% if mongrels > 1 %>
-upstream mongrel_<%= application %>_<%= stage %> {
-<% mongrels.times do |x| %>
-  server 127.0.0.1:<%= mongrel_port + x %>;
-<% end %>
-}
-<% end %>
-
-server {
-  listen 80;
-  
-  # Set the max size for file uploads to 50Mb
-  client_max_body_size 50M;
-
-  # sets the domain[s] that this vhost server requests for
-  server_name <%= domains.join ' ' %>;
-
-  # doc root
-  root <%= deploy_to %>/current/public;
-
-  # vhost specific access log
-  access_log  <%= deploy_to %>/shared/log/nginx.log main;
-
-  # this rewrites all the requests to the maintenance.html
-  # page if it exists in the doc root. This is for capistrano's
-  # disable web task
-  if (-f $document_root/system/maintenance.html) {
-    rewrite  ^(.*)$  /system/maintenance.html last;
-    break;
-  }
-
-  location / {
-<% if auth_user %>
-    auth_basic            "Restricted";
-    auth_basic_user_file  <%= nginx_dir %>/htpasswd/<%= application %>_<%= stage %>;
-<% end %>
-    
-    # needed to forward user's IP address to rails
-    proxy_set_header  X-Real-IP  $remote_addr;
-
-    # needed for HTTPS
-    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    proxy_redirect false;
-    proxy_max_temp_file_size 0;
-    
-    # If the file exists as a static file serve it directly without
-    # running all the other rewite tests on it
-    if (-f $request_filename) { 
-      break; 
-    }
-
-    # check for index.html for directory index
-    # if its there on the filesystem then rewite 
-    # the url to add /index.html to the end of it
-    # and then break to send it to the next config rules.
-    if (-f $request_filename/index.html) {
-      rewrite (.*) $1/index.html break;
-    }
-
-    # this is the meat of the rails page caching config
-    # it adds .html to the end of the url and then checks
-    # the filesystem for that file. If it exists, then we
-    # rewite the url to have explicit .html on the end 
-    # and then send it on its way to the next config rule.
-    # if there is no file on the fs then it sets all the 
-    # necessary headers and proxies to our upstream mongrels
-    if (-f $request_filename.html) {
-      rewrite (.*) $1.html break;
-    }
-
-    if (!-f $request_filename) {
-      # Use other cluster name here if you are running multiple
-      # virtual hosts.
-      <% if mongrels == 1 %>
-      proxy_pass http://127.0.0.1:<%= mongrel_port %>;
-      <% else %>
-      proxy_pass http://mongrel_<%= application %>_<%= stage %>;
-      <% end %>
-      break;
-    }
-  }
-
-  error_page   500 502 503 504  /500.html;
-  location = /500.html {
-    root <%= deploy_to %>/current/public;
-  }
-}
-
-<% if ssl_cert %>
-server {
-  # port to listen on. Can also be set to an IP:PORT
-  listen 443;
-  
-  ssl on;
-  ssl_certificate     <%= deploy_to %>/current/cert/cert;
-  ssl_certificate_key <%= deploy_to %>/current/cert/key;
-    
-  # Set the max size for file uploads to 50Mb
-  client_max_body_size 50M;
-
-  # sets the domain[s] that this vhost server requests for
-  server_name <%= domains.join ' ' %>;
-
-  # doc root
-  root <%= deploy_to %>/current/public;
-
-  # vhost specific access log
-  access_log  <%= deploy_to %>/shared/log/nginx.log main;
-
-  # this rewrites all the requests to the maintenance.html
-  # page if it exists in the doc root. This is for capistrano's
-  # disable web task
-  if (-f $document_root/system/maintenance.html) {
-    rewrite  ^(.*)$  /system/maintenance.html last;
-    break;
-  }
-
-  location / {
-<% if auth_user %>
-    auth_basic            "Restricted";
-    auth_basic_user_file  <%= nginx_dir %>/htpasswd/<%= application %>_<%= stage %>;
-<% end %>
-
-    # needed to forward user's IP address to rails
-    proxy_set_header  X-Real-IP  $remote_addr;
-
-    # needed for HTTPS
-    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-FORWARDED_PROTO https;
-    proxy_set_header Host $http_host;
-    proxy_redirect false;
-    proxy_max_temp_file_size 0;
-
-    # If the file exists as a static file serve it directly without
-    # running all the other rewite tests on it
-    if (-f $request_filename) { 
-      break; 
-    }
-
-    # check for index.html for directory index
-    # if its there on the filesystem then rewite 
-    # the url to add /index.html to the end of it
-    # and then break to send it to the next config rules.
-    if (-f $request_filename/index.html) {
-      rewrite (.*) $1/index.html break;
-    }
-
-    # this is the meat of the rails page caching config
-    # it adds .html to the end of the url and then checks
-    # the filesystem for that file. If it exists, then we
-    # rewite the url to have explicit .html on the end 
-    # and then send it on its way to the next config rule.
-    # if there is no file on the fs then it sets all the 
-    # necessary headers and proxies to our upstream mongrels
-    if (-f $request_filename.html) {
-      rewrite (.*) $1.html break;
-    }
-
-    if (!-f $request_filename) {
-      # Use other cluster name here if you are running multiple
-      # virtual hosts.
-      <% if mongrels == 1 %>
-      proxy_pass http://127.0.0.1:<%= mongrel_port %>;
-      <% else %>
-      proxy_pass http://mongrel_<%= application %>_<%= stage %>;
-      <% end %>
-      break;
-    }
-  }
-
-  error_page   500 502 503 504  /500.html;
-  location = /500.html {
-    root <%= deploy_to %>/current/public;
-  }
-}
-<% end %>

data/config/monit/mongrel.erb

@@ -1,12 +0,0 @@
-<% mongrels.times do |x| %>
-check process mongrel_<%= application %>_<%= mongrel_port + x %> with pidfile <%= deploy_to %>/shared/pids/mongrel.<%= mongrel_port + x %>.pid
-  group mongrel
-  start program = "mongrel_rails cluster::start -C <%= "#{mongrel_etc_dir}/#{application}_#{stage}.yml" %> --clean --only <%= mongrel_port + x %>"
-  stop program  = "mongrel_rails cluster::stop -C <%= "#{mongrel_etc_dir}/#{application}_#{stage}.yml" %> --clean --only <%= mongrel_port + x %>"
-  if failed host 127.0.0.1 port <%= mongrel_port + x %> protocol http with timeout 10 seconds then restart
-  if totalmem is greater than 110.0 MB for 4 cycles then restart      # eating up memory?
-  if cpu is greater than 50% for 2 cycles then alert                  # send an email to admin
-  if cpu is greater than 80% for 3 cycles then restart                # hung process?
-  if loadavg(5min) greater than 10 for 8 cycles then restart          # bad, bad, bad
-  if 20 restarts within 20 cycles then timeout                        # something is wrong, call the sys-admin
-<% end %>

data/config/monit/monit.erb

@@ -1,11 +0,0 @@
-# Defaults for monit initscript
-# sourced by /etc/init.d/monit
-# installed at /etc/default/monit by maintainer scripts
-# Fredrik Steen <stone@debian.org>
-
-# You must set this variable to for monit to start
-startup=1
-
-# To change the intervals which monit should run uncomment
-# and change this variable.
-# CHECK_INTERVALS=180

data/config/monit/monitrc.erb

@@ -1,32 +0,0 @@
-set daemon  60
-set logfile /var/log/monit.log
-set mailserver localhost
-set mail-format { from: <%= monit_from %> }
-set alert <%= monit_to %>
-set httpd port <%= monit_port %> and allow <%= monit_auth_user %>:<%= monit_auth_pass %>
-
-check process sshd with pidfile /var/run/sshd.pid
-  start program  "/etc/init.d/ssh start"
-  stop program  "/etc/init.d/ssh stop"
-  if failed port <%= ssh_port %> protocol ssh then restart
-  if 5 restarts within 5 cycles then timeout
-
-check process mysql with pidfile /var/run/mysqld/mysqld.pid
-  group database
-  start program = "/etc/init.d/mysql start"
-  stop program = "/etc/init.d/mysql stop"
-  if failed host 127.0.0.1 port 3306 then restart
-  if 5 restarts within 5 cycles then timeout
-
-check process nginx with pidfile /usr/local/nginx/logs/nginx.pid
-  group www
-  start program = "/etc/init.d/nginx start"
-  stop program  = "/etc/init.d/nginx stop"
-  if 5 restarts with 5 cycles then timeout
-
-check process spawn-fcgi with pidfile /var/run/spawn-fcgi.pid
-  group php
-  start program = "/etc/init.d/init-fastcgi start"
-  stop program = "/etc/init.d/init-fastcgi stop"
-  if failed host 127.0.0.1 port 9000 then restart
-  if 5 restarts within 5 cycles then timeout

data/config/monit/nginx.vhost.erb

@@ -1,26 +0,0 @@
-upstream monit_httpd {
-  server 127.0.0.1:<%= monit_port %>;
-}
-
-server {
-  listen 80;
-  
-  # sets the domain[s] that this vhost server requests for
-  server_name <%= monit_domain %>;
-
-  # vhost specific access log
-  access_log  /var/log/monit.nginx.log main;
-
-  location / {    
-    # needed to forward user's IP address
-    proxy_set_header  X-Real-IP  $remote_addr;
-
-    # needed for HTTPS
-    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    proxy_redirect false;
-    proxy_max_temp_file_size 0;
-
-    proxy_pass http://monit_httpd;
-  }
-}

data/config/mysql/my.cnf.erb

@@ -1,137 +0,0 @@
-#
-# The MySQL database server configuration file.
-#
-# You can copy this to one of:
-# - "/etc/mysql/my.cnf" to set global options,
-# - "~/.my.cnf" to set user-specific options.
-# 
-# One can use all long options that the program supports.
-# Run program with --help to get a list of available options and with
-# --print-defaults to see which it would actually understand and use.
-#
-# For explanations see
-# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
-
-# This will be passed to all mysql clients
-# It has been reported that passwords should be enclosed with ticks/quotes
-# escpecially if they contain "#" chars...
-# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
-[client]
-port            = 3306
-socket          = /var/run/mysqld/mysqld.sock
-
-# Here is entries for some specific programs
-# The following values assume you have at least 32M ram
-
-# This was formally known as [safe_mysqld]. Both versions are currently parsed.
-[mysqld_safe]
-socket          = /var/run/mysqld/mysqld.sock
-nice            = 0
-
-[mysqld]
-#
-# * Basic Settings
-#
-user            = mysql
-pid-file        = /var/run/mysqld/mysqld.pid
-socket          = /var/run/mysqld/mysqld.sock
-port            = 3306
-basedir         = /usr
-datadir         = /var/lib/mysql
-tmpdir          = /tmp
-language        = /usr/share/mysql/english
-skip-external-locking
-#
-# Instead of skip-networking the default is now to listen only on
-# localhost which is more compatible and is not less secure.
-bind-address            = 127.0.0.1
-#
-# * Fine Tuning
-#
-key_buffer              = 256M
-max_allowed_packet      = 16M
-thread_stack            = 128K
-thread_cache_size       = 8
-max_connections         = 500
-table_cache             = 1536
-#thread_concurrency     = 10
-#
-# * Query Cache Configuration
-#
-query_cache_limit       = 1M
-query_cache_size        = 16M
-#
-# * Logging and Replication
-#
-# Both location gets rotated by the cronjob.
-# Be aware that this log type is a performance killer.
-#log            = /var/log/mysql/mysql.log
-#
-# Error logging goes to syslog. This is a Debian improvement :)
-#
-# Here you can see queries with especially long duration
-#log_slow_queries       = /var/log/mysql/mysql-slow.log
-#long_query_time = 2
-#log-queries-not-using-indexes
-#
-# The following can be used as easy to replay backup logs or for replication.
-#server-id              = 1
-log_bin                 = /var/log/mysql/mysql-bin.log
-# WARNING: Using expire_logs_days without bin_log crashes the server! See README.Debian!
-expire_logs_days        = 10
-max_binlog_size         = 100M
-#binlog_do_db           = include_database_name
-#binlog_ignore_db       = include_database_name
-#
-# * BerkeleyDB
-#
-# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
-skip-bdb
-#
-# * InnoDB
-#
-# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
-# Read the manual for more InnoDB related options. There are many!
-# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
-skip-innodb
-#
-# * Security Features
-#
-# Read the manual, too, if you want chroot!
-# chroot = /var/lib/mysql/
-#
-# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
-#
-# ssl-ca=/etc/mysql/cacert.pem
-# ssl-cert=/etc/mysql/server-cert.pem
-# ssl-key=/etc/mysql/server-key.pem
-
-
-
-[mysqldump]
-quick
-quote-names
-max_allowed_packet      = 16M
-
-[mysql]
-#no-auto-rehash # faster start of mysql but no tab completition
-
-[isamchk]
-key_buffer              = 16M
-
-#
-# * NDB Cluster
-#
-# See /usr/share/doc/mysql-server-*/README.Debian for more information.
-#
-# The following configuration is read by the NDB Data Nodes (ndbd processes)
-# not from the NDB Management Nodes (ndb_mgmd processes).
-#
-# [MYSQL_CLUSTER]
-# ndb-connectstring=127.0.0.1
-
-
-#
-# * IMPORTANT: Additional settings that can override those from this file!
-#
-!includedir /etc/mysql/conf.d/

data/config/nginx/nginx.conf.erb

@@ -1,30 +0,0 @@
-worker_processes  3;
-
-events {
-    worker_connections  1024;
-}
-
-http {    
-    default_type  application/octet-stream;
-
-    sendfile      on;
-    tcp_nopush    on;
-    tcp_nodelay   off;
-
-    keepalive_timeout  65;
-
-    gzip              on;
-    gzip_http_version 1.0;
-    gzip_comp_level   2;
-    gzip_proxied      any;
-    gzip_types        text/plain text/html text/css application/x-javascript text/xml 
-                      application/xml application/xml+rss text/javascript;
-    
-    log_format  main  '$remote_addr - $remote_user [$time_local] $request '
-                      '"$status" $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-    
-    include   mime.types;
-    include   fastcgi_params;
-    include   vhosts/*.conf;
-}