Last active
February 19, 2017 14:58
-
-
Save JohnSmall/0df1e5371928c88c7b730ffaa7636a4b to your computer and use it in GitHub Desktop.
Handy script to prepare a bare Digital Ocean droplet for Rails deployed via Capistrano
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# this is a useful little script to setup a rails user, with postgresql, and nginx version of Phusion Passenger on a Digital Ocean droplet | |
# Once run it's ready to recieve a Capistrano deployment. | |
# The best way to run it is ssh root@my_do_host 'bash -s' < digital-ocean-rails.sh | |
set -e -x # die on the first error and send stdout to /var/log/syslog | |
#create a password and save it | |
PWD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) | |
mkdir -p passwords | |
echo "rails,$PWD" >> passwords/users.txt | |
#create a user called rails and allow them to sudo without a password | |
useradd -m -U -p $PWD -s /bin/bash rails | |
usermod -aG sudo rails | |
chmod u=rw /etc/sudoers.d/90-cloud-init-users | |
echo "rails ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/90-cloud-init-users | |
chmod u=r /etc/sudoers.d/90-cloud-init-users | |
#copy the authorized keys you used to create your droplet to the rails account | |
mkdir /home/rails/.ssh | |
cp .ssh/authorized_keys /home/rails/.ssh | |
chown -R rails:rails /home/rails/.ssh | |
# now start installing stuff | |
export DEBIAN_FRONTEND=noninteractive # no prompts please | |
apt-get update && apt-get upgrade -y | |
apt-get -y -q install build-essential | |
apt-get -y -q install libreadline6 libreadline6-dev | |
apt-get -y -q install libnotify-bin | |
apt-get install -y git-core | |
apt-get install -y postgresql postgresql-client postgresql-contrib | |
apt-get install -y libpq-dev | |
apt-get -y install xsltproc | |
apt-get -y install unzip | |
apt-get install -y libxslt1-dev libxml2-dev | |
apt-get install -y sqlite3 | |
apt-get -y -q install libcurl4-openssl-dev | |
#you can cut this out if you want to use the rubyracer | |
curl -sL https://deb.nodesource.com/setup | bash - | |
apt-get -y -q install nodejs | |
#create a postgresql rails user | |
su postgres -c "cd && createuser rails --superuser" | |
su rails -c "cd & createdb rails" | |
#create a db password | |
DBPWD=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1) | |
echo "rails,$DBPWD" >> passwords/db_passwords.txt | |
#make sure the environment variable for the database password is the first line in .bashrc. | |
#this is required for Capistrano to deploy properly | |
#see http://superuser.com/questions/246837/how-do-i-add-text-to-the-beginning-of-a-file-in-bash | |
#and http://stackoverflow.com/questions/23672631/capistrano-and-environment-variables | |
sed -i "1iexport RAILS_PASSWORD=$DBPWD" /home/rails/.bashrc | |
# now put together a string with substrings that contain single and double quotes because we're going to be sending a string to su rails -c | |
# to set up the rails db password | |
temp1="alter role rails with password '$DBPWD'" | |
temp2="cd && psql -c \"$temp1\"" | |
su rails -lc "$temp2" | |
#passenger phusion | |
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7 | |
apt-get install -y apt-transport-https ca-certificates | |
sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger xenial main > /etc/apt/sources.list.d/passenger.list' | |
apt-get update | |
apt-get install -y nginx-extras passenger | |
sed -i 's/# include \/etc\/nginx\/passenger.conf/include \/etc\/nginx\/passenger.conf/g' /etc/nginx/nginx.conf | |
service nginx restart | |
/usr/bin/passenger-config validate-install | |
/usr/sbin/passenger-memory-stats | |
#setup RVM in the rails account | |
su rails -c 'gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3' | |
su rails -c '\curl -sSL https://get.rvm.io | bash -s stable --ruby' | |
#and make sure bundler is in the shared global gems so Capistrano can run it to install your gems | |
#assuming you've got Capistrano3 rvm gem in your project | |
su rails -lc 'cd && rvm @global do gem install bundler' | |
#you might need this. But rails is in the sudoers group and has passwordless sudo rights | |
echo "Rails user password is $PWD" | |
#you'll might need this. But if you set | |
# password: <%= ENV['RAILS_PASSWORD'] %> | |
# in your database.yml then it'll pick it up from the environment set up in the first line of .bashrc | |
echo "Rails db password is $DBPWD" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment