jeffrafter · September 13, 2008 13:18
diff --git a/SERVER_INSTALLS b/SERVER_INSTALLS
 ## Install
 ## See also (http://codeplot.com/documents/3186/edit)
 I Installed Ubuntu 8.04 Server 
 US Keyboard Layout
 Zimbabwe region
 If this machine was using an SSD drive configure the paritions so that it has no swap
 I did a single partition marked as bootable and setup for the root on EXT3+Journaling
 I marked the OpenSSH server as an additional option
 I did not set it as a DNS server or Mail Server

 ## Naming
 For baobab we name our computers after trees so I called this one Sapele
 I added the default user as baobab

 ## Reboot and login
 hostname datadyne

 ## Get the stuff you will need (you may want to combine these steps so you can leave the download running)
 sudo apt-get update
 sudo apt-get install mysql-server nginx build-essential sudo git-core openssl lynx

 ## At the end you will need to input the mysql root password
 In general we create paswords with a hash of the machine name, a common nonce value and some special characters

 ## Update the ssh for Debian security vulnerability
 ## If you are running Ubuntu/Debian locally, you should do this on your machine *before*
 ## You ssh into the server!
 sudo apt-get install openssh-client

 ## Check for vulnerable keys
 If you are using 8.04 like me (I think that Intrepid will include this fix by default)
 Then you will get a message saying that it is correcting the blacklisted keys
 When completed, you should run ssh-vulnkey to make sure your root user is 
 Not blacklisted. You should see two keys listed and both should start with 
 "Not blacklisted:"
 ssh-vulnkey

 ## Setup users on your server 
 sudo adduser --disabled-password deploy 
 sudo adduser --system --no-create-home --group --disabled-password www
 sudo visudo

 ## Add to the end of the visudo file (someone needs to add a quick vi how-to here)
 deploy  ALL=(ALL) ALL

 ## As an option you can give the deploy user more freedom if you control the keys carefully:
 deploy  ALL=(ALL) NOPASSWD:ALL

 ## For extra credit, change the defaults in the visudo file to insult people that try to enter passwords
 Defaults env_reset, insults

 ## Back on your local create your public key if you have not done so already
 ## Read the earlier note on Ubuntu <= 8.04 and openssh-client
 ## ****** If you have already generated your key ** DO NOT REGENERATE ************
 cd 
 ssh-keygen -t rsa
 Enter file in which to save the key (/home/YOURLOCALUSER/.ssh/id_rsa): <Enter>
 Enter passphrase (empty for no passphrase): <Enter>
 Enter same passphrase again: <Enter>

 ## On your local scp your public key up (note that I use the baobab user I created when installing Ubuntu on the server)
 ## Make sure you copy the id_rsa.pub and not the id_rsa, the id_rsa file is your private key and you want to keep it safe!
 ## If you don't know your server's ip address, type ifconfig on the server
 scp ~/.ssh/id_rsa.pub baobab@YOURSERVERIP:/tmp
 password: <Enter your server's baobab user password>

 ## On the server setup the key for your deploy user (you need to be root)
 sudo su
 mkdir /home/deploy/.ssh
 chmod 700 /home/deploy/.ssh
 cat /tmp/id_rsa.pub >> /home/deploy/.ssh/authorized_keys
 chmod 600 /home/deploy/.ssh/authorized_keys 
 chown -R deploy:deploy /home/deploy/.ssh
 exit

 ## On the server, create the root project folder (our project is called "mateme")
 sudo mkdir /var/www/mateme
 sudo chown deploy:deploy /var/www/mateme

 sudo mkdir /var/www/staging
 sudo chown deploy:deploy /var/www/staging

 ## On the server, setup the database
 ## We should be calling the database openmrs, with the user openmrs
 ## The password should be common probably

 ## ***** IF YOU ARE WORKING WITH AN EXISTING INSTALLATION DO NOT CHANGE THE OPENMRS DATABASE *******
 mysql -u root -p
 > CREATE DATABASE openmrs;
 > GRANT ALL on openmrs.* to 'openmrs' IDENTIFIED BY 'YOURPASS'

 ## On the server, you need to install RubyEE.
 wget http://rubyforge.org/frs/download.php/51101/ruby-enterprise_1.8.6-20090201_i386.deb
 sudo dpkg -i ruby-enterprise_1.8.6-20090201_i386.deb
 /opt/ruby-enterprise/bin/passenger-install-apache2-module


 ## On your local, cross your fingers and deploy (cap -T if you want to see all tasks)
 ## I have noticed that the deploy and deploy:setup tasks rely on each other
 ## So you have to run cap deploy first and let it fail... 
 ## then run setup, then run deploy again
 cap deploy

 ## Everytime you will be asked a series of questions:

 $ cap deploy
 Do you want to stage this deployment? (y/n): y  ## changes the target folder (either /var/www/mateme or /var/www/staging)
 Domain you are deploying to (IP Address or Hostname): neno ## I have "neno" in my /etc/hosts point to the server. If you can use an internal address it will save the round trip to the internet
 Pull from current machine (192.168.1.111)? (y/n): n ## If the server can see your machine on the network (at the address shown) then do it, this will also save a round trip to the internet
 Pull from distributed git repository? (y/n): n ## generally just say no here
 Pull from shared github.com (public)? (y/n): n ## This pulls from baobab/mateme on github... not currently in sync with neno
 Pull from alternate github.com (public)? (y/n): y ## if you said no to everything else, you need to say yes here
 Github Repository (jeffrafter/mateme): cherodney/mateme ## pulls from master on a specific fork... specify the fork as shown

 ## 






 cap deploy:setup
 cap deploy

 # ------------- Firefox
 # READ the firefox README
 # If you don't have the firefox daemon it is here http://github.com/baobab/firefox-daemon
	## Install
	## See also (http://codeplot.com/documents/3186/edit)
	I Installed Ubuntu 8.04 Server
	US Keyboard Layout
	Zimbabwe region
	If this machine was using an SSD drive configure the paritions so that it has no swap
	I did a single partition marked as bootable and setup for the root on EXT3+Journaling
	I marked the OpenSSH server as an additional option
	I did not set it as a DNS server or Mail Server

	## Naming
	For baobab we name our computers after trees so I called this one Sapele
	I added the default user as baobab

	## Reboot and login
	hostname datadyne

	## Get the stuff you will need (you may want to combine these steps so you can leave the download running)
	sudo apt-get update
	sudo apt-get install mysql-server nginx build-essential sudo git-core openssl lynx

	## At the end you will need to input the mysql root password
	In general we create paswords with a hash of the machine name, a common nonce value and some special characters

	## Update the ssh for Debian security vulnerability
	## If you are running Ubuntu/Debian locally, you should do this on your machine before
	## You ssh into the server!
	sudo apt-get install openssh-client

	## Check for vulnerable keys
	If you are using 8.04 like me (I think that Intrepid will include this fix by default)
	Then you will get a message saying that it is correcting the blacklisted keys
	When completed, you should run ssh-vulnkey to make sure your root user is
	Not blacklisted. You should see two keys listed and both should start with
	"Not blacklisted:"
	ssh-vulnkey

	## Setup users on your server
	sudo adduser --disabled-password deploy
	sudo adduser --system --no-create-home --group --disabled-password www
	sudo visudo

	## Add to the end of the visudo file (someone needs to add a quick vi how-to here)
	deploy ALL=(ALL) ALL

	## As an option you can give the deploy user more freedom if you control the keys carefully:
	deploy ALL=(ALL) NOPASSWD:ALL

	## For extra credit, change the defaults in the visudo file to insult people that try to enter passwords
	Defaults env_reset, insults

	## Back on your local create your public key if you have not done so already
	## Read the earlier note on Ubuntu <= 8.04 and openssh-client
	## **** If you have already generated your key DO NOT REGENERATE ************
	cd
	ssh-keygen -t rsa
	Enter file in which to save the key (/home/YOURLOCALUSER/.ssh/id_rsa): <Enter>
	Enter passphrase (empty for no passphrase): <Enter>
	Enter same passphrase again: <Enter>

	## On your local scp your public key up (note that I use the baobab user I created when installing Ubuntu on the server)
	## Make sure you copy the id_rsa.pub and not the id_rsa, the id_rsa file is your private key and you want to keep it safe!
	## If you don't know your server's ip address, type ifconfig on the server
	scp ~/.ssh/id_rsa.pub baobab@YOURSERVERIP:/tmp
	password: <Enter your server's baobab user password>

	## On the server setup the key for your deploy user (you need to be root)
	sudo su
	mkdir /home/deploy/.ssh
	chmod 700 /home/deploy/.ssh
	cat /tmp/id_rsa.pub >> /home/deploy/.ssh/authorized_keys
	chmod 600 /home/deploy/.ssh/authorized_keys
	chown -R deploy:deploy /home/deploy/.ssh
	exit

	## On the server, create the root project folder (our project is called "mateme")
	sudo mkdir /var/www/mateme
	sudo chown deploy:deploy /var/www/mateme

	sudo mkdir /var/www/staging
	sudo chown deploy:deploy /var/www/staging

	## On the server, setup the database
	## We should be calling the database openmrs, with the user openmrs
	## The password should be common probably

	## *** IF YOU ARE WORKING WITH AN EXISTING INSTALLATION DO NOT CHANGE THE OPENMRS DATABASE *****
	mysql -u root -p
	> CREATE DATABASE openmrs;
	> GRANT ALL on openmrs.* to 'openmrs' IDENTIFIED BY 'YOURPASS'

	## On the server, you need to install RubyEE.
	wget http://rubyforge.org/frs/download.php/51101/ruby-enterprise_1.8.6-20090201_i386.deb
	sudo dpkg -i ruby-enterprise_1.8.6-20090201_i386.deb
	/opt/ruby-enterprise/bin/passenger-install-apache2-module


	## On your local, cross your fingers and deploy (cap -T if you want to see all tasks)
	## I have noticed that the deploy and deploy:setup tasks rely on each other
	## So you have to run cap deploy first and let it fail...
	## then run setup, then run deploy again
	cap deploy

	## Everytime you will be asked a series of questions:

	$ cap deploy
	Do you want to stage this deployment? (y/n): y ## changes the target folder (either /var/www/mateme or /var/www/staging)
	Domain you are deploying to (IP Address or Hostname): neno ## I have "neno" in my /etc/hosts point to the server. If you can use an internal address it will save the round trip to the internet
	Pull from current machine (192.168.1.111)? (y/n): n ## If the server can see your machine on the network (at the address shown) then do it, this will also save a round trip to the internet
	Pull from distributed git repository? (y/n): n ## generally just say no here
	Pull from shared github.com (public)? (y/n): n ## This pulls from baobab/mateme on github... not currently in sync with neno
	Pull from alternate github.com (public)? (y/n): y ## if you said no to everything else, you need to say yes here
	Github Repository (jeffrafter/mateme): cherodney/mateme ## pulls from master on a specific fork... specify the fork as shown

	##






	cap deploy:setup
	cap deploy

	# ------------- Firefox
	# READ the firefox README
	# If you don't have the firefox daemon it is here http://github.com/baobab/firefox-daemon