winton-ubistrano 1.2.2

data/lib/ubistrano/ubuntu.rb

@@ -0,0 +1,275 @@
+Capistrano::Configuration.instance(:must_exist).load do
+  
+  namespace :ubuntu do
+    desc "Set up a fresh Ubuntu server"
+    task :default do
+      puts space(msg(:about_templates))
+      exit unless yes(msg(:visudo))
+      if yes("Create the remote deploy user?")
+        exit unless yes(msg(:add_user))
+      end
+      ssh.default
+      ubuntu.config.default
+      ubuntu.aptitude.default
+      puts space(msg(:run_ubuntu_install))
+    end
+    
+    desc "Restart Ubuntu server"
+    task :restart do
+      if yes(msg(:ubuntu_restart))
+        sudo_each 'shutdown -r now'
+      end
+    end
+    
+    namespace :aptitude do
+      desc 'Run all aptitude tasks'
+      task :default do
+        if yes(msg(:aptitude_default))
+          aptitude.update
+          aptitude.upgrade
+          aptitude.essential
+          ubuntu.restart
+        else
+          exit unless yes(msg(:aptitude_instructions))
+        end
+      end
+      
+      desc 'Aptitude update'
+      task :update do
+        sudo_puts 'aptitude update -q -y'
+      end
+      
+      desc 'Aptitude upgrade'
+      task :upgrade do
+        sudo_puts 'aptitude upgrade -q -y'
+      end
+      
+      desc 'Aptitude install build-essential'
+      task :essential do
+        sudo_puts 'aptitude install build-essential -q -y'
+      end
+    end
+    
+    namespace :config do
+      desc 'Run all tasks'
+      task :default do
+        ubuntu.config.sshd_config
+        ubuntu.config.ssh_config
+        ubuntu.config.iptables
+      end
+
+      desc "Updates server iptables"
+      task :iptables do
+        if yes(msg(:iptables))
+          upload_from_erb '/etc/iptables.rules', binding, :folder => 'ubuntu'
+          sudo_each [
+            'iptables-restore < /etc/iptables.rules',
+            'rm /etc/iptables.rules'
+          ]
+        end
+      end
+      
+      desc "Updates sshd_config"
+      task :sshd_config do
+        if yes(msg(:sshd_config))
+          set :ssh_port, port
+          set :port, 22
+          change_line '/etc/ssh/sshd_config', 'Port 22',              "Port #{port}"
+          change_line '/etc/ssh/sshd_config', 'PermitRootLogin yes',  'PermitRootLogin no'
+          change_line '/etc/ssh/sshd_config', 'X11Forwarding yes',    'X11Forwarding no'
+          change_line '/etc/ssh/sshd_config', 'UsePAM yes',           'UsePAM no'
+          remove_line '/etc/ssh/sshd_config', 'UseDNS .*'
+          add_line    '/etc/ssh/sshd_config', 'UseDNS no'
+          remove_line '/etc/ssh/sshd_config', 'StrictHostKeyChecking .*'
+          sudo_puts '/etc/init.d/ssh reload'
+          set :port, ssh_port
+        end
+      end
+      
+      desc "Updates ssh_config"
+      task :ssh_config do
+        if yes(msg(:ssh_config))
+          remove_line '/etc/ssh/ssh_config', 'StrictHostKeyChecking .*'
+          add_line    '/etc/ssh/ssh_config', 'StrictHostKeyChecking no'
+        end
+      end
+    end
+    
+    namespace :install do
+      desc 'Run all install tasks'
+      task :default do
+        ubuntu.install.apache
+        ubuntu.install.git
+        ubuntu.install.mysql
+        ubuntu.install.mysqltuner
+        ubuntu.install.perl
+        ubuntu.install.php
+        ubuntu.install.postfix
+        ubuntu.install.ruby
+        ubuntu.install.rubygems
+        ubuntu.install.passenger
+        ubuntu.install.god
+        ubuntu.install.rails
+        ubuntu.install.sinatra
+        ubuntu.install.sphinx
+        ubuntu.restart
+        puts space(msg(:ubuntu_finished))
+      end
+      
+      desc 'Install Apache'
+      task :apache, :roles => :web do
+        if yes("May I install Apache?")
+          sudo_puts [
+            'aptitude install apache2 apache2-mpm-prefork apache2-utils apache2.2-common libapr1 libaprutil1 ssl-cert -q -y',
+            'a2enmod rewrite',
+            'a2enmod ssl',
+            'a2dissite default'
+          ]
+        end
+      end
+      
+      desc 'Install Git'
+      task :git, :roles => :app do
+        install_source(:git) do |path|
+          sudo_puts [
+            'apt-get build-dep git-core -q -y',
+            make_install(path)
+          ]
+        end if yes("May I install Git?")
+      end
+      
+      desc 'Install MySQL'
+      task :mysql, :roles => :db do
+        if yes("May I install MySQL?")
+          sudo_puts 'aptitude install mysql-client-5.0 mysql-common mysql-server mysql-server-5.0 libmysqlclient15-dev libmysqlclient15off -q -y'
+          ROOT.mysql.create.user
+          exit unless yes(msg(:secure_mysql))
+        end
+      end
+      
+      desc "Install MySQLTuner"
+      task :mysqltuner, :roles => :db do
+        if yes(msg(:mysqltuner))
+          bin = "/usr/local/bin"
+          run_each [
+            "cd #{bin} && sudo wget --quiet #{sources[:mysqltuner]}",
+            "cd #{bin} && sudo chmod 0700 mysqltuner.pl",
+            "cd #{bin} && sudo mv mysqltuner.pl mysqltuner"
+          ]
+          exit unless yes(msg(:mysqltuner_instructions))
+        end
+      end
+      
+      desc 'Install Perl'
+      task :perl, :roles => :web do
+        if yes("May I install Perl?")
+          sudo_puts 'aptitude install libdbi-perl libnet-daemon-perl libplrpc-perl libdbd-mysql-perl -q -y'
+        end
+      end
+      
+      desc 'Install PHP'
+      task :php, :roles => :web do
+        if yes("May I install PHP?")
+          sudo_puts 'aptitude install php5-common php5-mysql libapache2-mod-php5 php-pear php-mail php-net-smtp -q -y'
+        end
+      end
+      
+      desc 'Install Postfix'
+      task :postfix, :roles => :web do
+        if yes("May I install Postfix and set it up as a relay?")
+          smtp  = ask 'What is your SMTP server address?'
+          login = ask 'What is your SMTP server username?'
+          pass  = ask 'What is your SMTP server password?'
+          sudo_puts 'aptitude install postfix -q -y'
+          add_line  '/etc/postfix/main.cf',
+            'smtp_sasl_auth_enable = yes',
+            'smtp_sasl_security_options = noanonymous',
+            'smtp_sasl_password_maps = hash:/etc/postfix/saslpasswd',
+            'smtp_always_send_ehlo = yes',
+            "relayhost = #{smtp}"
+          sudo_each 'touch /etc/postfix/saslpasswd'
+          add_line  '/etc/postfix/saslpasswd', "#{smtp} #{login}:#{pass}"
+          sudo_each [
+            'postmap /etc/postfix/saslpasswd',
+            '/etc/init.d/postfix restart'
+          ]
+        end
+      end
+      
+      desc 'Install Ruby'
+      task :ruby, :roles => :app do
+        if yes("May I install Ruby?")
+          sudo_puts "aptitude install libopenssl-ruby -q -y"
+          install_source(:ruby) do |path|
+            sudo_puts make_install(path)
+            sudo_puts make_install(path) # install twice because openssl doesn't the first time
+          end
+        end
+      end
+      
+      desc 'Install RubyGems'
+      task :rubygems, :roles => :app do
+        if yes("May I install RubyGems?")
+          install_source(:rubygems) do |path|
+            run_puts "cd #{path} && sudo ruby setup.rb"
+          end
+          gems.update
+        end
+      end
+      
+      desc 'Install Passenger'
+      task :passenger, :roles => :app do
+        if yes("May I install Passenger (mod_rails)?")
+          sudo_puts 'aptitude install apache2-prefork-dev -q -y'
+          gem_install :passenger
+          ROOT.apache.reload if yes(msg(:passenger))
+        end
+      end
+      
+      desc 'Install God'
+      task :god, :roles => :app do
+        if yes(msg(:god))
+          gem_install 'god'
+          upload_from_erb '/etc/init.d/god', binding, :folder => 'ubuntu'
+          sudo_each [
+            ';cd /etc/init.d && sudo chmod +x god',
+            'mkdir -p /usr/local/etc/god'
+          ]
+          upload_from_erb('/usr/local/etc/god.god',        binding, :folder => 'ubuntu')
+          upload_from_erb('/usr/local/etc/god/apache.god', binding, :folder => 'ubuntu') if yes(msg(:god_apache))
+          upload_from_erb('/usr/local/etc/god/mysql.god',  binding, :folder => 'ubuntu') if yes(msg(:god_mysql))
+          upload_from_erb('/usr/local/etc/god/sshd.god',   binding, :folder => 'ubuntu') if yes(msg(:god_sshd))
+          sudo_puts [
+            'update-rc.d god defaults',
+            '/etc/init.d/god start'
+          ]
+        end
+      end
+      
+      desc 'Install Rails'
+      task :rails, :roles => :app do
+        if yes("May I install Rails?")
+          gem_install :mysql
+          gem_install :rails
+        end
+      end
+      
+      desc 'Install Sinatra'
+      task :sinatra, :roles => :app do
+        if yes("May I install Sinatra?")
+          gem_install :do_mysql  # Datamapper
+          gem_install 'dm-core'
+          gem_install :sinatra   # Sinatra
+        end
+      end
+      
+      desc 'Install Sphinx'
+      task :sphinx, :roles => :app do
+        install_source(:sphinx) do |path|
+          sudo_puts make_install(path)
+        end if yes("May I install Sphinx?")
+      end
+    end
+  end
+
+end

data/lib/ubistrano.rb

@@ -0,0 +1,82 @@
+
+require 'EC2'
+require 'pp'
+
+# Require helpers and recipes
+Dir["#{File.dirname(__FILE__)}/ubistrano/*.rb"].each { |f| require f }
+
+
+Capistrano::Configuration.instance(:must_exist).load do
+  
+  # Default capistrano/ubistrano values
+  set :ubistrano, {
+    :base_dir         => '/var/www',
+    :db_user          => 'app',
+    :db_pass          => '',
+    :deploy_via       => :remote_cache,
+    :domains          => [],
+    :platform         => :rails,
+    :plugins          => {},
+    :port             => 22,
+    :repository_cache => 'git_cache',
+    :scm              => :git,
+    :ssl              => [],
+    :stage            => :production,
+    :use_sudo         => false,
+    :user             => 'deploy',
+    :versions         => {}
+  }.merge(ubistrano)
+  
+  # Default plugins
+  ubistrano[:plugins] = {
+    :app_helpers     => false,
+    :asset_packager  => false,
+    :attachment_fu   => false,
+    :rails_widget    => false,
+    :thinking_sphinx => false
+  }.merge(ubistrano[:plugins])
+  
+  # Default versions
+  ubistrano[:versions] = {
+    :git            => '1.6.0.4',
+    :mysecureshell  => '1.1',
+    :rails          => '2.2.2',
+    :ruby           => '1.8.7-p72',
+    :rubygems       => '1.3.1',
+    :sphinx         => '0.9.8.1'
+  }.merge(ubistrano[:versions])
+  
+  # Merge ubistrano hash with capistrano
+  ubistrano.each do |key, value|
+    value.respond_to?(:keys) ?
+      value.each { |k, v| set "#{key}_#{k}".intern, v } :
+      set(key, value)
+  end
+  
+  # Default sources
+  set :sources, {
+    :git           => "http://kernel.org/pub/software/scm/git/git-#{versions_git}.tar.gz",
+    :mysecureshell => "http://internap.dl.sourceforge.net/sourceforge/mysecureshell/MySecureShell-#{versions_mysecureshell}_source.tgz",
+    :mysqltuner    => "http://mysqltuner.com/mysqltuner.pl",
+    :ruby          => "ftp://ftp.ruby-lang.org/pub/ruby/#{versions_ruby.split('.')[0..1].join('.')}/ruby-#{versions_ruby}.tar.gz",
+    :rubygems      => "http://rubyforge.org/frs/download.php/45905/rubygems-#{versions_rubygems}.tgz",
+    :sphinx        => "http://www.sphinxsearch.com/downloads/sphinx-#{versions_sphinx}.tar.gz"
+  }.merge(fetch(:sources, {}))
+  
+  # Events
+  on :before, 'setup_stage', :except => [ :staging, :testing ] # Executed before every task
+  after('deploy:update_code', 'rails:config:to_app'  )        if platform == :rails
+  after('deploy:update_code', 'sinatra:config:to_app')        if platform == :sinatra
+  after('deploy:update_code', 'rails:config:app_helpers')     if plugins_app_helpers
+  after('deploy:update_code', 'rails:config:asset_packager')  if plugins_asset_packager
+  after('deploy:update_code', 'rails:config:attachment_fu')   if plugins_attachment_fu
+  after('deploy:update_code', 'rails:config:rails_widget')    if plugins_rails_widget
+  after('deploy:update_code', 'rails:config:thinking_sphinx') if plugins_thinking_sphinx
+  
+  # Other options
+  ssh_options[:paranoid] = false
+  
+  # Reference ROOT when namespaces clash
+  ROOT = self
+  
+end

data/templates/apache/virtual_host.erb

@@ -0,0 +1,32 @@
+NameVirtualHost *:80
+<% unless ssl.empty? %>
+NameVirtualHost *:443
+<% end %>
+
+<VirtualHost *:80>
+<% unless domains.empty? %>
+  ServerName  <%= domains.first %>
+<% if domains.length > 1 %>
+  ServerAlias <%= domains[1..-1].join ' ' %>
+<% end %>
+<% end %>
+  DocumentRoot <%= deploy_to %>/current/public
+  ErrorLog  <%= deploy_to %>/current/log/error.log
+  CustomLog <%= deploy_to %>/current/log/access.log combined
+<% unless ssl.empty? %>
+  Redirect / https://<%= ssl.first %>/
+<% end %>
+</VirtualHost>
+
+<% ssl.each do |s| %>
+<VirtualHost *:443>
+  ServerName <%= s %>
+  DocumentRoot <%= deploy_to %>/current/public
+  ErrorLog  <%= deploy_to %>/current/log/error.log
+  CustomLog <%= deploy_to %>/current/log/access.log combined
+  
+  SSLEngine On
+  SSLCertificateFile <%= deploy_to %>/current/cert/<%= s %>.crt
+  SSLCertificateKeyFile <%= deploy_to %>/current/cert/<%= s %>.key
+</VirtualHost>
+<% end unless ssl.empty? %>

data/templates/log/rotate.conf.erb

@@ -0,0 +1,9 @@
+<%= shared_path %>/log/*.log {
+  daily
+  missingok
+  rotate 7
+  compress
+  delaycompress
+  notifempty
+  copytruncate
+}

data/templates/rails/database.yml.erb

@@ -0,0 +1,13 @@
+development: &defaults
+  adapter: mysql
+  database: <%= db_table %>
+  username: <%= db_user %>
+  password: <%= db_pass %>
+  host: localhost
+  socket: /var/run/mysqld/mysqld.sock
+
+test:
+  <<: *defaults
+
+production:
+  <<: *defaults

data/templates/sinatra/config.ru.erb

@@ -0,0 +1,19 @@
+require 'sinatra'
+require 'rubygems'
+
+Sinatra::Application.default_options.merge!(
+  :run => false,
+  :env => :production,
+  :raise_errors => true,
+  :app_file => 'app.rb',
+  :root => '<%= deploy_to %>/current',
+  :views => '<%= deploy_to %>/current/views',
+  :public => '<%= deploy_to %>/current/public'
+)
+
+log = File.new('<%= deploy_to %>/shared/log/sinatra.log', 'a')
+STDOUT.reopen(log)
+STDERR.reopen(log)
+
+require 'app'
+run Sinatra.application

data/templates/ubuntu/apache.god.erb

@@ -0,0 +1,31 @@
+God.watch do |w|
+  w.name = 'apache'
+  w.start = "/etc/init.d/apache2 start"
+  w.stop = "/etc/init.d/apache2 stop"
+  w.restart = "/etc/init.d/apache2 restart"
+  w.interval = 30.seconds
+  w.start_grace = 10.seconds
+  w.restart_grace = 10.seconds
+  w.pid_file = '/var/run/apache2.pid'
+  w.behavior(:clean_pid_file)
+
+  w.start_if do |start|
+    start.condition(:process_running) do |c|
+      c.interval = 5.seconds
+      c.running = false
+    end
+  end
+
+  # lifecycle
+  w.lifecycle do |on|
+    on.condition(:flapping) do |c|
+      c.to_state = [:start, :restart]
+      c.times = 5
+      c.within = 5.minute
+      c.transition = :unmonitored
+      c.retry_in = 10.minutes
+      c.retry_times = 5
+      c.retry_within = 2.hours
+    end
+  end
+end

data/templates/ubuntu/god.erb

@@ -0,0 +1,36 @@
+#!/bin/bash
+#
+# God
+#
+# chkconfig: - 85 15
+# description: start, stop, restart God (bet you feel powerful)
+#              
+
+RETVAL=0
+
+case "$1" in
+    start)
+      /usr/local/bin/god -P /var/run/god.pid -l /var/log/god.log
+      /usr/local/bin/god load /usr/local/etc/god.god
+      RETVAL=$?
+  ;;
+    stop)
+      kill `cat /var/run/god.pid`
+      RETVAL=$?
+  ;;
+    restart)
+      kill `cat /var/run/god.pid`
+      /usr/local/bin/god -P /var/run/god.pid -l /var/log/god.log
+      /usr/local/bin/god load /usr/local/etc/god.god
+      RETVAL=$?
+  ;;
+    status)
+      RETVAL=$?
+  ;;
+    *)
+      echo "Usage: god {start|stop|restart|status}"
+      exit 1
+  ;;
+esac      
+
+exit $RETVAL

data/templates/ubuntu/god.god.erb

@@ -0,0 +1 @@
+God.load "/usr/local/etc/god/*.god"

data/templates/ubuntu/iptables.rules.erb

@@ -0,0 +1,31 @@
+*filter
+
+# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT
+
+# Accept all established inbound connections
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+# Allow all outbound traffic
+-A OUTPUT -j ACCEPT
+
+# Allow HTTP and HTTPS connections
+-A INPUT -p tcp --dport 80 -j ACCEPT
+-A INPUT -p tcp --dport 443 -j ACCEPT
+
+# Allow SSH connections
+-A INPUT -p tcp -m state --state NEW --dport <%= port %> -j ACCEPT
+
+# Allow ping
+-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
+
+# Log iptables denied calls
+-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
+
+# Reject all other inbound
+-A INPUT -j REJECT
+-A FORWARD -j REJECT
+
+COMMIT
+# There MUST be a new line after this line!

data/templates/ubuntu/mysql.god.erb

@@ -0,0 +1,31 @@
+God.watch do |w|
+  w.name = 'mysql'
+  w.start = "/etc/init.d/mysqld start" 
+  w.stop = "/etc/init.d/mysqld start" 
+  w.restart = "/etc/init.d/mysqld restart" 
+  w.interval = 30.seconds
+  w.start_grace = 10.seconds
+  w.restart_grace = 10.seconds
+  w.pid_file = '/var/run/mysqld/mysqld.pid'
+  w.behavior(:clean_pid_file)
+
+  w.start_if do |start|
+    start.condition(:process_running) do |c|
+      c.interval = 5.seconds
+      c.running = false
+    end
+  end
+
+  # lifecycle
+  w.lifecycle do |on|
+    on.condition(:flapping) do |c|
+      c.to_state = [:start, :restart]
+      c.times = 5
+      c.within = 5.minute
+      c.transition = :unmonitored
+      c.retry_in = 10.minutes
+      c.retry_times = 5
+      c.retry_within = 2.hours
+    end
+  end
+end

data/templates/ubuntu/sshd.god.erb

@@ -0,0 +1,31 @@
+God.watch do |w|
+  w.name = 'sshd'
+  w.start = "/etc/init.d/ssh start"
+  w.stop = "/etc/init.d/ssh stop"
+  w.restart = "/etc/init.d/ssh restart"
+  w.interval = 30.seconds
+  w.start_grace = 10.seconds
+  w.restart_grace = 10.seconds
+  w.pid_file = '/var/run/sshd.pid'
+  w.behavior(:clean_pid_file)
+
+  w.start_if do |start|
+    start.condition(:process_running) do |c|
+      c.interval = 5.seconds
+      c.running = false
+    end
+  end
+
+  # lifecycle
+  w.lifecycle do |on|
+    on.condition(:flapping) do |c|
+      c.to_state = [:start, :restart]
+      c.times = 5
+      c.within = 5.minute
+      c.transition = :unmonitored
+      c.retry_in = 10.minutes
+      c.retry_times = 5
+      c.retry_within = 2.hours
+    end
+  end
+end

data/ubistrano.gemspec

@@ -0,0 +1,49 @@
+Gem::Specification.new do |s|
+  s.name    = 'ubistrano'
+  s.version = '1.2.2'
+  s.date    = '2008-02-22'
+  
+  s.summary     = "Provision and deploy to an Ubuntu/God/Apache/Passenger stack using Capistrano"
+  s.description = "Provision and deploy to an Ubuntu/God/Apache/Passenger stack using Capistrano"
+  
+  s.author   = 'Winton Welsh'
+  s.email    = 'mail@wintoni.us'
+  s.homepage = 'http://github.com/winton/ubistrano'
+  
+  s.has_rdoc = false
+  s.add_dependency 'amazon-ec2', '>= 0.3.2'
+  
+  # = MANIFEST =
+  s.files = %w[
+    MIT-LICENSE
+    README.markdown
+    Rakefile
+    changelog.markdown
+    example/deploy.rb
+    lib/ubistrano.rb
+    lib/ubistrano/apache.rb
+    lib/ubistrano/deploy.rb
+    lib/ubistrano/ec2.rb
+    lib/ubistrano/gems.rb
+    lib/ubistrano/helpers.rb
+    lib/ubistrano/log.rb
+    lib/ubistrano/mysql.rb
+    lib/ubistrano/rails.rb
+    lib/ubistrano/sinatra.rb
+    lib/ubistrano/ssh.rb
+    lib/ubistrano/stage.rb
+    lib/ubistrano/ubuntu.rb
+    templates/apache/virtual_host.erb
+    templates/log/rotate.conf.erb
+    templates/rails/database.yml.erb
+    templates/sinatra/config.ru.erb
+    templates/ubuntu/apache.god.erb
+    templates/ubuntu/god.erb
+    templates/ubuntu/god.god.erb
+    templates/ubuntu/iptables.rules.erb
+    templates/ubuntu/mysql.god.erb
+    templates/ubuntu/sshd.god.erb
+    ubistrano.gemspec
+  ]
+  # = MANIFEST =
+end