cchandler · October 3, 2009 01:01
diff --git a/provision19.rb b/provision19.rb
 #!/usr/bin/ruby
 ## Configured against AMI 5f46a736 e146a788

 APP_NAME = "app_name"
 SERVER_NAME = "app_name.somewhere.com"
 DEPLOY_KEY_LOCATION="http://s3.amazonaws.com/bucket"
 DEPLOY_KEY_FILE="deploy_key.tar.gz"
 AUTHORIZED_KEYS_LOCATION="http://s3.amazonaws.com/bucket"
 AUTHORIZED_KEYS_FILE="authorized_keys.tar.gz"
 ENVIRONMENT="staging"

 # Update apt-get
 system("aptitude update")

 #System requirements for Ruby 1.9.1 on Intrepid
 system("aptitude -q -y install libc6-dev libssl-dev libmysql++-dev libsqlite3-dev make build-essential libssl-dev libreadline5-dev zlib1g-dev")

 # General system help
 system("aptitude -q -y install wget vim xfsprogs graphicsmagick-imagemagick-compat")

 # MySQL + headers
 system("export DEBIAN_FRONTEND=noninteractve && aptitude -q -y install mysql-server libmysqlclient15-dev")

 # Ruby 1.9.1
 system("cd ~ && wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p243.tar.gz && tar zxvf ruby-1.9.1-p243.tar.gz && cd ruby-1.9.1-p243 && ./configure && make && make install")

 # Update ruby gems
 system("gem update --system && gem sources -a http://gems.github.com")

 # HTTP servers
 system("aptitude install -q -y nginx")

 nginx_config = <<here
 upstream #{APP_NAME}{
        server 127.0.0.1:3000;
        server 127.0.0.1:3001;
        server 127.0.0.1:3002;
 }

 server {
        listen   #{SERVER_NAME}:80;
        server_name  #{SERVER_NAME};

        access_log  /var/log/nginx/#{APP_NAME}.access.log;

        location / {
                root   /home/deploy/apps/#{APP_NAME}/current/public;
                index  index.html index.htm;

                 proxy_set_header  X-Real-IP  $remote_addr;
                 proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header Host $http_host;
                 proxy_redirect false;

                 if (-f $request_filename/index.html) {
                    rewrite (.*) $1/index.html break;
                 }

                 if (-f $request_filename.html) {
                    rewrite (.*) $1.html break;
                 }

                 if (!-f $request_filename) {
                    proxy_pass http://#{APP_NAME};
                    break;
                 }
        }

        #error_page  404  /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        root   /var/www/nginx-default;
 }
 }


 # HTTPS server
 #
 #server {
 #listen   443;
 #server_name  localhost;

 #ssl  on;
 #ssl_certificate  cert.pem;
 #ssl_certificate_key  cert.key;

 #ssl_session_timeout  5m;

 #ssl_protocols  SSLv2 SSLv3 TLSv1;
 #ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
 #ssl_prefer_server_ciphers   on;

 #location / {
 #root   html;
 #index  index.html index.htm;
 #}
 #}

 here

 system("echo '#{nginx_config}' >> /etc/nginx/sites-available/app_site")
 system("ln -s /etc/nginx/sites-available/app_site /etc/nginx/sites-enabled/app_site")
 system("rm /etc/nginx/sites-enabled/default")

 # MTA (Postfix)
 system("export DEBIAN_FRONTEND=noninteractve && aptitude -q -y install postfix")
 tls_patch = <<here
 23c23
 < smtpd_use_tls=yes
 ---
 > smtpd_use_tls=no
 here

 system("echo '#{tls_patch}' >> ~/tls_postfix.patch")
 system("patch /etc/postfix/main.cf ~/tls_postfix.patch")


 # Basic gems
 system("gem install rails rake rack sqlite3-ruby eventmachine thin mysql --no-ri --no-rdoc")

 system("mkdir -p /etc/thin")

 thin_config = <<here
 pid: tmp/pids/thin.pid
 log: log/thin.log
 timeout: 30
 max_conns: 1024
 port: 3000
 max_persistent_conns: 512
 chdir: /home/deploy/apps/#{APP_NAME}/current
 environment: #{ENVIRONMENT}
 servers: 3
 address: 0.0.0.0
 daemonize: true
 user: deploy
 group: deploy
 here

 system("echo '#{thin_config}' >> /etc/thin/#{APP_NAME}.yml")

 # App deployment related
 system("aptitude install -q -y git-core")
 system("adduser deploy --disabled-password --quiet --gecos '' ")
 system("mkdir -p /home/deploy/.ssh")
 unless DEPLOY_KEY_LOCATION == ""
  system("wget #{DEPLOY_KEY_LOCATION}/#{DEPLOY_KEY_FILE} && tar zxvf #{DEPLOY_KEY_FILE}")
  system("cp id_rsa /home/deploy/.ssh/id_rsa")
  system("cp id_rsa.pub /home/deploy/.ssh/id_rsa.pub")
  system("chmod 600 /home/deploy/.ssh/id_rsa")
 end

 unless AUTHORIZED_KEYS_LOCATION == ""
  system("wget #{AUTHORIZED_KEYS_LOCATION}/#{AUTHORIZED_KEYS_FILE} && tar zxvf #{AUTHORIZED_KEYS_FILE}")
  system("cp authorized_keys /home/deploy/.ssh/authorized_keys")
 end

 system("chown -R deploy:deploy /home/deploy/.ssh")
 system("chmod 700 /home/deploy/.ssh")
 system("chmod 644 /home/deploy/.ssh/authorized_keys")

 # Security related
 system("aptitude install -q -y aide")
 system("mysql -uroot -e 'DELETE FROM mysql.user WHERE User = \"\"; flush privileges;' ")
	#!/usr/bin/ruby
	## Configured against AMI 5f46a736 e146a788

	APP_NAME = "app_name"
	SERVER_NAME = "app_name.somewhere.com"
	DEPLOY_KEY_LOCATION="http://s3.amazonaws.com/bucket"
	DEPLOY_KEY_FILE="deploy_key.tar.gz"
	AUTHORIZED_KEYS_LOCATION="http://s3.amazonaws.com/bucket"
	AUTHORIZED_KEYS_FILE="authorized_keys.tar.gz"
	ENVIRONMENT="staging"

	# Update apt-get
	system("aptitude update")

	#System requirements for Ruby 1.9.1 on Intrepid
	system("aptitude -q -y install libc6-dev libssl-dev libmysql++-dev libsqlite3-dev make build-essential libssl-dev libreadline5-dev zlib1g-dev")

	# General system help
	system("aptitude -q -y install wget vim xfsprogs graphicsmagick-imagemagick-compat")

	# MySQL + headers
	system("export DEBIAN_FRONTEND=noninteractve && aptitude -q -y install mysql-server libmysqlclient15-dev")

	# Ruby 1.9.1
	system("cd ~ && wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p243.tar.gz && tar zxvf ruby-1.9.1-p243.tar.gz && cd ruby-1.9.1-p243 && ./configure && make && make install")

	# Update ruby gems
	system("gem update --system && gem sources -a http://gems.github.com")

	# HTTP servers
	system("aptitude install -q -y nginx")

	nginx_config = <<here
	upstream #{APP_NAME}{
	server 127.0.0.1:3000;
	server 127.0.0.1:3001;
	server 127.0.0.1:3002;
	}

	server {
	listen #{SERVER_NAME}:80;
	server_name #{SERVER_NAME};

	access_log /var/log/nginx/#{APP_NAME}.access.log;

	location / {
	root /home/deploy/apps/#{APP_NAME}/current/public;
	index index.html index.htm;

	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_redirect false;

	if (-f $request_filename/index.html) {
	rewrite (.*) $1/index.html break;
	}

	if (-f $request_filename.html) {
	rewrite (.*) $1.html break;
	}

	if (!-f $request_filename) {
	proxy_pass http://#{APP_NAME};
	break;
	}
	}

	#error_page 404 /404.html;

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /var/www/nginx-default;
	}
	}


	# HTTPS server
	#
	#server {
	#listen 443;
	#server_name localhost;

	#ssl on;
	#ssl_certificate cert.pem;
	#ssl_certificate_key cert.key;

	#ssl_session_timeout 5m;

	#ssl_protocols SSLv2 SSLv3 TLSv1;
	#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
	#ssl_prefer_server_ciphers on;

	#location / {
	#root html;
	#index index.html index.htm;
	#}
	#}

	here

	system("echo '#{nginx_config}' >> /etc/nginx/sites-available/app_site")
	system("ln -s /etc/nginx/sites-available/app_site /etc/nginx/sites-enabled/app_site")
	system("rm /etc/nginx/sites-enabled/default")

	# MTA (Postfix)
	system("export DEBIAN_FRONTEND=noninteractve && aptitude -q -y install postfix")
	tls_patch = <<here
	23c23
	< smtpd_use_tls=yes
	---
	> smtpd_use_tls=no
	here

	system("echo '#{tls_patch}' >> ~/tls_postfix.patch")
	system("patch /etc/postfix/main.cf ~/tls_postfix.patch")


	# Basic gems
	system("gem install rails rake rack sqlite3-ruby eventmachine thin mysql --no-ri --no-rdoc")

	system("mkdir -p /etc/thin")

	thin_config = <<here
	pid: tmp/pids/thin.pid
	log: log/thin.log
	timeout: 30
	max_conns: 1024
	port: 3000
	max_persistent_conns: 512
	chdir: /home/deploy/apps/#{APP_NAME}/current
	environment: #{ENVIRONMENT}
	servers: 3
	address: 0.0.0.0
	daemonize: true
	user: deploy
	group: deploy
	here

	system("echo '#{thin_config}' >> /etc/thin/#{APP_NAME}.yml")

	# App deployment related
	system("aptitude install -q -y git-core")
	system("adduser deploy --disabled-password --quiet --gecos '' ")
	system("mkdir -p /home/deploy/.ssh")
	unless DEPLOY_KEY_LOCATION == ""
	system("wget #{DEPLOY_KEY_LOCATION}/#{DEPLOY_KEY_FILE} && tar zxvf #{DEPLOY_KEY_FILE}")
	system("cp id_rsa /home/deploy/.ssh/id_rsa")
	system("cp id_rsa.pub /home/deploy/.ssh/id_rsa.pub")
	system("chmod 600 /home/deploy/.ssh/id_rsa")
	end

	unless AUTHORIZED_KEYS_LOCATION == ""
	system("wget #{AUTHORIZED_KEYS_LOCATION}/#{AUTHORIZED_KEYS_FILE} && tar zxvf #{AUTHORIZED_KEYS_FILE}")
	system("cp authorized_keys /home/deploy/.ssh/authorized_keys")
	end

	system("chown -R deploy:deploy /home/deploy/.ssh")
	system("chmod 700 /home/deploy/.ssh")
	system("chmod 644 /home/deploy/.ssh/authorized_keys")

	# Security related
	system("aptitude install -q -y aide")
	system("mysql -uroot -e 'DELETE FROM mysql.user WHERE User = \"\"; flush privileges;' ")