vangie · August 29, 2015 14:01
diff --git a/01_kivivm.js b/01_kivivm.js
 /**
 * kivivm设置脚本
 *
 * 在浏览器控制台执行，可以设定域名解析，反向域名解析
 * 控制台输出如下结构,包括root密码，ssh端口号，IP地址，
 *
 *  "www" => { "passwd" => "vd7sdfMfwdz", "port" => "26212", "ips" => %w(101.182.180.163 137.182.180.204 107.184.180.214 107.122.181.209)} 
 * 
 * 可用于kivivm.rb脚本设定
 * 		DNSPod的域名解析
 * 		修改.ssh/config文件
 * 		上传SSH公钥
 *
 * @author  Vangie Du
 * @email [email protected]
 */
 (function(sub_domain,root_domain){
 	var domain = sub_domain + "." + root_domain;
 	var token = $('input[name="token"]').val();
 	$.post('?mode=changehostname',{newhostname:domain,token:token});
 	var trs = $('#index_page .dataTable').first().find('tr')
 	var ips = trs.get(2).children[1].innerText.split(', ');
 	$.each(ips ,function(idx,ip){
 		$.post('?mode=changeptr&ip='+ip,{newptr:domain,token:token})
 	})

 	$.post('main-exec.php?mode=rootpassword',{step:"2",token:token},function(result){
 		var passwd = $(result).find('input').val();
 		var port = trs.get(3).children[1].innerText;
 		console.log('"'+sub_domain+'" => { "passwd" => "'+passwd+'", "port" => "'+port+'", "ips" => %w('+ips.join(' ')+')}');
 	})
 })("www","codelife.me");
diff --git a/02_kivivm.rb b/02_kivivm.rb
 #!/usr/bin/env ruby
 # 
 # 该脚本接受kivivm.js的输出，完成如下3件事
 # 
 #   通过DNSPod API添加二级域名A记录
 #   修改.ssh/config对应Port
 #   上传SSH公钥
 #
 #
 # @author Vangie Du
 # @email [email protected]
 #

 login_email="your_email"
 password="your_passwd"
 #curl -X POST https://dnsapi.cn/Domain.Info  -d 'login_email=your_email&login_password=your_passwd&format=json&domain=your_domain'
 domain_id="2002268"

 {
  # output from kivivm.js
  "www1" => { "passwd" => "m2ze5CDpex", "port" => "29214", "ips" => %w(107.177.180.16 107.177.181.92 107.177.181.135 107.177.181.196)} ,
  "www2" => { "passwd" => "YwvxS5tQNG", "port" => "28990", "ips" => %w(107.177.181.106 107.177.177.95 107.177.177.106 107.177.185.242)} ,
  "www3" => { "passwd" => "3Z5C85rb2s", "port" => "28462", "ips" => %w(107.177.180.119 107.177.180.192 107.177.177.93 107.177.177.154)} 
 }.each do |sub_domain, v|
  passwd = v["passwd"]
  port = v["port"]
  v["ips"].each do |ip|
    puts `curl -X POST https://dnsapi.cn/Record.Create -d 'login_email=#{login_email}&login_password=#{password}&format=json&domain_id=#{domain_id}&sub_domain=#{sub_domain}&record_type=A&record_line=默认&value=#{ip}'`
  end

  `sshpass -p #{passwd} ssh-copy-id -o StrictHostKeyChecking=no #{sub_domain} -p #{port}`

  `gsed -i '/HostName #{sub_domain}/{n;n;s/\\s\\+Port.*/   Port #{port}/;}' ~/.ssh/config`
 end
diff --git a/03_kivivm.sh b/03_kivivm.sh
 #update the default tools
 yum -y update

 #Install the bundle containing development tools 
 yum groupinstall -y 'development tools'

 #add the EPEL repository
 sudo su -c 'rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm'
 yum -y update

 #Install curl vim sqlite yaml
 yum install -y curl-devel vim sqlite-devel libyaml-devel

 #install rvm & ruby
 yum remove -y ruby
 curl -L get.rvm.io | bash -s stable

 source /etc/profile.d/rvm.sh
 rvm reload
 rvm install 2.1.1
 grep -q rvm_autoupdate_flag /etc/rvmrc || echo rvm_autoupdate_flag=2 >> /etc/rvmrc

 #Rails needs a JavaScript interpreter
 yum install -y nodejs

 #install bundler & rails
 gem install bundler rails

 #install passenger
 gem install passenger

 #compile nginx
 yum remove -y nginx
 [ ! -f /opt/nginx/sbin/nginx ] && passenger-install-nginx-module --auto --auto-download --prefix=/opt/nginx


 wget -q https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/nginx -O /etc/init.d/nginx
 chmod +x /etc/init.d/nginx

 #add include conf.d to nginx.conf
 mkdir -p /opt/nginx/conf/conf.d
 if ! grep -q 'include /opt/nginx/conf/conf.d/' "/opt/nginx/conf/nginx.conf"; then
   sed -i '$i \
    include /opt/nginx/conf/conf.d/*.conf;' /opt/nginx/conf/nginx.conf
 fi

 #create passeger app conf
 wget -q https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/nginx_passenger_conf.rb -O /tmp/nginx_passenger_conf.rb
 ruby /tmp/nginx_passenger_conf.rb  --domain `hostname` --port 3100 --root /var/www/vagex-agent > /opt/nginx/conf/conf.d/vagex-agent.conf
 rm -f /tmp/nginx_passenger_conf.rb; 

 #install php
 rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
 rpm --import  /etc/pki/rpm-gpg/RPM-GPG-KEY-remi
 yum --enablerepo=remi install -y php php-fpm
 chkconfig --level 345 php-fpm on
 /etc/init.d/php-fpm restart

 #stop apache
 service httpd stop
 chkconfig httpd off

 #start nginx
 chkconfig nginx on
 service nginx restart

 #add deploy user
 curl -Ls https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/add_deploy_user.sh | bash -l

 #create deploy to dir
 curl -Ls https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/deploy_to.sh | bash -ls vagex-agent
diff --git a/add_deploy_user.sh b/add_deploy_user.sh
 #!/usr/bin/bash

 #Add user
 id deploy || adduser deploy
 #changes the user's password to an untypable string, guaranteeing that the user has no password which can be used to log in.
 passwd -l deploy
 #add to rvm group
 usermod -a -G rvm deploy

 #copy ssh public key from root
 sudo -u deploy -H mkdir -p /home/deploy/.ssh
 sudo -u deploy -H touch /home/deploy/.ssh/authorized_keys
 if ! grep -q "vangie" /home/deploy/.ssh/authorized_keys ;then
    cat /root/.ssh/authorized_keys |sudo -u deploy -H grep vangie >> /home/deploy/.ssh/authorized_keys
 fi

 curl -Ls https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/edit_sudoers.sh | bash -ls "deploy ALL=NOPASSWD:/etc/init.d/nginx"
diff --git a/deploy_to.sh b/deploy_to.sh
 #!/usr/bin/bash

 deploy_to="/var/www/$1"

 mkdir -p ${deploy_to}
 rm -rf ${deploy_to}/*

 chown deploy:deploy ${deploy_to}

 # ensures that the files created during this session are created with the permissions 
 # owner read/write, group: read/write, other: none. 
 umask 0002

 # directory will inherit the group ownership, that means in this case even though we are root, 
 # the files will be created being owned by root with the group deploy
 chmod g+s ${deploy_to}

 mkdir -p ${deploy_to}/{releases,shared}
 mkdir -p ${deploy_to}/shared/{tmp,bin,log,db}
 mkdir -p ${deploy_to}/shared/tmp/{pids,cache,sockets}
 mkdir -p ${deploy_to}/shared/vendor/bundle 
 mkdir -p ${deploy_to}/shared/public/system

 touch ${deploy_to}/shared/.env
 touch ${deploy_to}/shared/db/production.sqlite3

 chown deploy -R ${deploy_to}
diff --git a/edit_sudoers.sh b/edit_sudoers.sh
 #!/usr/bin/bash
 # Edit sudoers

 if grep -q "$1" /etc/sudoers ;then
  exit 0
 fi

 # try lock 
 if [ -f "/etc/sudoers.tmp" ]; then
    exit 1
 fi
 touch /etc/sudoers.tmp
 \cp -f /etc/sudoers /tmp/sudoers.new
 echo "$1" >> /tmp/sudoers.new
 visudo -c -f /tmp/sudoers.new
 if [ "$?" -eq "0" ]; then
    \mv -f /tmp/sudoers.new /etc/sudoers
 fi
 #release lock
 \rm /etc/sudoers.tmp
diff --git a/nginx b/nginx
 #!/bin/sh
 #
 # nginx - this script starts and stops the nginx daemon
 #
 # chkconfig:   - 85 15 
 # description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
 #               proxy and IMAP/POP3 proxy server
 # processname: nginx
 # config:      /opt/nginx/conf/nginx.conf
 # pidfile:     /opt/nginx/logs/nginx.pid

 # Source function library.
 . /etc/rc.d/init.d/functions

 # Source networking configuration.
 . /etc/sysconfig/network

 # Check that networking is up.
 [ "$NETWORKING" = "no" ] && exit 0

 nginx="/opt/nginx/sbin/nginx"
 prog=$(basename $nginx)

 NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"

 lockfile=/var/lock/subsys/nginx

 start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
 }

 stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
 }

 restart() {
    configtest || return $?
    stop
    start
 }

 reload() {
    configtest || return $?
    echo -n $”Reloading $prog: ”
    killproc $nginx -HUP
    RETVAL=$?
    echo
 }

 force_reload() {
    restart
 }

 configtest() {
    $nginx -t -c $NGINX_CONF_FILE
 }

 rh_status() {
    status $prog
 }

 rh_status_q() {
    rh_status >/dev/null 2>&1
 }

 case "$1" in
 start)
 rh_status_q && exit 0
 $1
 ;;
 stop)
 rh_status_q || exit 0
 $1
 ;;
 restart|configtest)
 $1
 ;;
 reload)
 rh_status_q || exit 7
 $1
 ;;
 force-reload)
 force_reload
 ;;
 status)
 rh_status
 ;;
 condrestart|try-restart)
 rh_status_q || exit 0
 ;;
 *)
 echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
 exit 2
 esac
diff --git a/nginx_passenger_conf.rb b/nginx_passenger_conf.rb
 #!/usr/bin/env ruby

 require 'optparse'

 options = {}
 # default value
 options[:port] = "80"
 options[:domain] = "_"
 options[:root] = "/var/www/html"

 optparse = OptionParser.new do |opts|
  opts.banner = "Usage: nginx_passenger.rb [options]"

  opts.on("-p", "--port PORT", "Listen port") do |v|
    options[:port] = v
  end

  opts.on("-d", "--domain DOMAIN", "Server name") do |v|
    options[:domain] = v
  end

  opts.on("-r", "--root ROOT", "Root path") do |v|
    options[:root] = v
  end

 end
 begin
  optparse.parse!
 rescue OptionParser::InvalidOption
  puts optparse
  exit
 end

 conf = %|#passenger_root #{`passenger-config --root`.chomp};
 #passenger_ruby #{`which ruby`.chomp};


 server {
  listen #{options[:port]};
  server_name #{options[:domain]};
  root #{options[:root]}/current/public;
  passenger_enabled on;
  
  location ~ \.php$ {  
    fastcgi_pass   127.0.0.1:9000;  
    fastcgi_index  index.php;  
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;  
    include        fastcgi_params;  
  } 
 }
 |

 puts conf
	/**
	* kivivm设置脚本
	*
	* 在浏览器控制台执行，可以设定域名解析，反向域名解析
	* 控制台输出如下结构,包括root密码，ssh端口号，IP地址，
	*
	* "www" => { "passwd" => "vd7sdfMfwdz", "port" => "26212", "ips" => %w(101.182.180.163 137.182.180.204 107.184.180.214 107.122.181.209)}
	*
	* 可用于kivivm.rb脚本设定
	* DNSPod的域名解析
	* 修改.ssh/config文件
	* 上传SSH公钥
	*
	* @author Vangie Du
	* @email [email protected]
	*/
	(function(sub_domain,root_domain){
	var domain = sub_domain + "." + root_domain;
	var token = $('input[name="token"]').val();
	$.post('?mode=changehostname',{newhostname:domain,token:token});
	var trs = $('#index_page .dataTable').first().find('tr')
	var ips = trs.get(2).children[1].innerText.split(', ');
	$.each(ips ,function(idx,ip){
	$.post('?mode=changeptr&ip='+ip,{newptr:domain,token:token})
	})

	$.post('main-exec.php?mode=rootpassword',{step:"2",token:token},function(result){
	var passwd = $(result).find('input').val();
	var port = trs.get(3).children[1].innerText;
	console.log('"'+sub_domain+'" => { "passwd" => "'+passwd+'", "port" => "'+port+'", "ips" => %w('+ips.join(' ')+')}');
	})
	})("www","codelife.me");
	#!/usr/bin/env ruby
	#
	# 该脚本接受kivivm.js的输出，完成如下3件事
	#
	# 通过DNSPod API添加二级域名A记录
	# 修改.ssh/config对应Port
	# 上传SSH公钥
	#
	#
	# @author Vangie Du
	# @email [email protected]
	#

	login_email="your_email"
	password="your_passwd"
	#curl -X POST https://dnsapi.cn/Domain.Info -d 'login_email=your_email&login_password=your_passwd&format=json&domain=your_domain'
	domain_id="2002268"

	{
	# output from kivivm.js
	"www1" => { "passwd" => "m2ze5CDpex", "port" => "29214", "ips" => %w(107.177.180.16 107.177.181.92 107.177.181.135 107.177.181.196)} ,
	"www2" => { "passwd" => "YwvxS5tQNG", "port" => "28990", "ips" => %w(107.177.181.106 107.177.177.95 107.177.177.106 107.177.185.242)} ,
	"www3" => { "passwd" => "3Z5C85rb2s", "port" => "28462", "ips" => %w(107.177.180.119 107.177.180.192 107.177.177.93 107.177.177.154)}
	}.each do \|sub_domain, v\|
	passwd = v["passwd"]
	port = v["port"]
	v["ips"].each do \|ip\|
	puts `curl -X POST https://dnsapi.cn/Record.Create -d 'login_email=#{login_email}&login_password=#{password}&format=json&domain_id=#{domain_id}&sub_domain=#{sub_domain}&record_type=A&record_line=默认&value=#{ip}'`
	end

	`sshpass -p #{passwd} ssh-copy-id -o StrictHostKeyChecking=no #{sub_domain} -p #{port}`

	`gsed -i '/HostName #{sub_domain}/{n;n;s/\\s\\+Port.*/ Port #{port}/;}' ~/.ssh/config`
	end
	#update the default tools
	yum -y update

	#Install the bundle containing development tools
	yum groupinstall -y 'development tools'

	#add the EPEL repository
	sudo su -c 'rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm'
	yum -y update

	#Install curl vim sqlite yaml
	yum install -y curl-devel vim sqlite-devel libyaml-devel

	#install rvm & ruby
	yum remove -y ruby
	curl -L get.rvm.io \| bash -s stable

	source /etc/profile.d/rvm.sh
	rvm reload
	rvm install 2.1.1
	grep -q rvm_autoupdate_flag /etc/rvmrc \|\| echo rvm_autoupdate_flag=2 >> /etc/rvmrc

	#Rails needs a JavaScript interpreter
	yum install -y nodejs

	#install bundler & rails
	gem install bundler rails

	#install passenger
	gem install passenger

	#compile nginx
	yum remove -y nginx
	[ ! -f /opt/nginx/sbin/nginx ] && passenger-install-nginx-module --auto --auto-download --prefix=/opt/nginx


	wget -q https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/nginx -O /etc/init.d/nginx
	chmod +x /etc/init.d/nginx

	#add include conf.d to nginx.conf
	mkdir -p /opt/nginx/conf/conf.d
	if ! grep -q 'include /opt/nginx/conf/conf.d/' "/opt/nginx/conf/nginx.conf"; then
	sed -i '$i \
	include /opt/nginx/conf/conf.d/*.conf;' /opt/nginx/conf/nginx.conf
	fi

	#create passeger app conf
	wget -q https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/nginx_passenger_conf.rb -O /tmp/nginx_passenger_conf.rb
	ruby /tmp/nginx_passenger_conf.rb --domain `hostname` --port 3100 --root /var/www/vagex-agent > /opt/nginx/conf/conf.d/vagex-agent.conf
	rm -f /tmp/nginx_passenger_conf.rb;

	#install php
	rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
	rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-remi
	yum --enablerepo=remi install -y php php-fpm
	chkconfig --level 345 php-fpm on
	/etc/init.d/php-fpm restart

	#stop apache
	service httpd stop
	chkconfig httpd off

	#start nginx
	chkconfig nginx on
	service nginx restart

	#add deploy user
	curl -Ls https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/add_deploy_user.sh \| bash -l

	#create deploy to dir
	curl -Ls https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/deploy_to.sh \| bash -ls vagex-agent
	#!/usr/bin/bash

	#Add user
	id deploy \|\| adduser deploy
	#changes the user's password to an untypable string, guaranteeing that the user has no password which can be used to log in.
	passwd -l deploy
	#add to rvm group
	usermod -a -G rvm deploy

	#copy ssh public key from root
	sudo -u deploy -H mkdir -p /home/deploy/.ssh
	sudo -u deploy -H touch /home/deploy/.ssh/authorized_keys
	if ! grep -q "vangie" /home/deploy/.ssh/authorized_keys ;then
	cat /root/.ssh/authorized_keys \|sudo -u deploy -H grep vangie >> /home/deploy/.ssh/authorized_keys
	fi

	curl -Ls https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/edit_sudoers.sh \| bash -ls "deploy ALL=NOPASSWD:/etc/init.d/nginx"
	#!/usr/bin/bash

	deploy_to="/var/www/$1"

	mkdir -p ${deploy_to}
	rm -rf ${deploy_to}/*

	chown deploy:deploy ${deploy_to}

	# ensures that the files created during this session are created with the permissions
	# owner read/write, group: read/write, other: none.
	umask 0002

	# directory will inherit the group ownership, that means in this case even though we are root,
	# the files will be created being owned by root with the group deploy
	chmod g+s ${deploy_to}

	mkdir -p ${deploy_to}/{releases,shared}
	mkdir -p ${deploy_to}/shared/{tmp,bin,log,db}
	mkdir -p ${deploy_to}/shared/tmp/{pids,cache,sockets}
	mkdir -p ${deploy_to}/shared/vendor/bundle
	mkdir -p ${deploy_to}/shared/public/system

	touch ${deploy_to}/shared/.env
	touch ${deploy_to}/shared/db/production.sqlite3

	chown deploy -R ${deploy_to}
	#!/usr/bin/bash
	# Edit sudoers

	if grep -q "$1" /etc/sudoers ;then
	exit 0
	fi

	# try lock
	if [ -f "/etc/sudoers.tmp" ]; then
	exit 1
	fi
	touch /etc/sudoers.tmp
	\cp -f /etc/sudoers /tmp/sudoers.new
	echo "$1" >> /tmp/sudoers.new
	visudo -c -f /tmp/sudoers.new
	if [ "$?" -eq "0" ]; then
	\mv -f /tmp/sudoers.new /etc/sudoers
	fi
	#release lock
	\rm /etc/sudoers.tmp
	#!/bin/sh
	#
	# nginx - this script starts and stops the nginx daemon
	#
	# chkconfig: - 85 15
	# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
	# proxy and IMAP/POP3 proxy server
	# processname: nginx
	# config: /opt/nginx/conf/nginx.conf
	# pidfile: /opt/nginx/logs/nginx.pid

	# Source function library.
	. /etc/rc.d/init.d/functions

	# Source networking configuration.
	. /etc/sysconfig/network

	# Check that networking is up.
	[ "$NETWORKING" = "no" ] && exit 0

	nginx="/opt/nginx/sbin/nginx"
	prog=$(basename $nginx)

	NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"

	lockfile=/var/lock/subsys/nginx

	start() {
	[ -x $nginx ] \|\| exit 5
	[ -f $NGINX_CONF_FILE ] \|\| exit 6
	echo -n $"Starting $prog: "
	daemon $nginx -c $NGINX_CONF_FILE
	retval=$?
	echo
	[ $retval -eq 0 ] && touch $lockfile
	return $retval
	}

	stop() {
	echo -n $"Stopping $prog: "
	killproc $prog -QUIT
	retval=$?
	echo
	[ $retval -eq 0 ] && rm -f $lockfile
	return $retval
	}

	restart() {
	configtest \|\| return $?
	stop
	start
	}

	reload() {
	configtest \|\| return $?
	echo -n $”Reloading $prog: ”
	killproc $nginx -HUP
	RETVAL=$?
	echo
	}

	force_reload() {
	restart
	}

	configtest() {
	$nginx -t -c $NGINX_CONF_FILE
	}

	rh_status() {
	status $prog
	}

	rh_status_q() {
	rh_status >/dev/null 2>&1
	}

	case "$1" in
	start)
	rh_status_q && exit 0
	$1
	;;
	stop)
	rh_status_q \|\| exit 0
	$1
	;;
	restart\|configtest)
	$1
	;;
	reload)
	rh_status_q \|\| exit 7
	$1
	;;
	force-reload)
	force_reload
	;;
	status)
	rh_status
	;;
	condrestart\|try-restart)
	rh_status_q \|\| exit 0
	;;
	*)
	echo $"Usage: $0 {start\|stop\|status\|restart\|condrestart\|try-restart\|reload\|force-reload\|configtest}"
	exit 2
	esac
	#!/usr/bin/env ruby

	require 'optparse'

	options = {}
	# default value
	options[:port] = "80"
	options[:domain] = "_"
	options[:root] = "/var/www/html"

	optparse = OptionParser.new do \|opts\|
	opts.banner = "Usage: nginx_passenger.rb [options]"

	opts.on("-p", "--port PORT", "Listen port") do \|v\|
	options[:port] = v
	end

	opts.on("-d", "--domain DOMAIN", "Server name") do \|v\|
	options[:domain] = v
	end

	opts.on("-r", "--root ROOT", "Root path") do \|v\|
	options[:root] = v
	end

	end
	begin
	optparse.parse!
	rescue OptionParser::InvalidOption
	puts optparse
	exit
	end

	conf = %\|#passenger_root #{`passenger-config --root`.chomp};
	#passenger_ruby #{`which ruby`.chomp};


	server {
	listen #{options[:port]};
	server_name #{options[:domain]};
	root #{options[:root]}/current/public;
	passenger_enabled on;

	location ~ \.php$ {
	fastcgi_pass 127.0.0.1:9000;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include fastcgi_params;
	}
	}
	\|

	puts conf