cchandler/provision19.rb

## provision19.rb
#!/usr/bin/ruby
## Configured against AMI 5f46a736 e146a788

APP_NAME = "app_name"
SERVER_NAME = "app_name.somewhere.com"
DEPLOY_KEY_LOCATION="http://s3.amazonaws.com/bucket"
DEPLOY_KEY_FILE="deploy_key.tar.gz"
AUTHORIZED_KEYS_LOCATION="http://s3.amazonaws.com/bucket"
AUTHORIZED_KEYS_FILE="authorized_keys.tar.gz"
ENVIRONMENT="staging"

# Update apt-get
system("aptitude update")

#System requirements for Ruby 1.9.1 on Intrepid
system("aptitude -q -y install libc6-dev libssl-dev libmysql++-dev libsqlite3-dev make build-essential libssl-dev libreadline5-dev zlib1g-dev")

# General system help
system("aptitude -q -y install wget vim xfsprogs graphicsmagick-imagemagick-compat")

# MySQL + headers
system("export DEBIAN_FRONTEND=noninteractve && aptitude -q -y install mysql-server libmysqlclient15-dev")

# Ruby 1.9.1
system("cd ~ && wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p243.tar.gz && tar zxvf ruby-1.9.1-p243.tar.gz && cd ruby-1.9.1-p243 && ./configure && make && make install")

# Update ruby gems
system("gem update --system && gem sources -a http://gems.github.com")

# HTTP servers
system("aptitude install -q -y nginx")

nginx_config = <<here
upstream #{APP_NAME}{
        server 127.0.0.1:3000;
        server 127.0.0.1:3001;
        server 127.0.0.1:3002;
}

server {
        listen   #{SERVER_NAME}:80;
        server_name  #{SERVER_NAME};

        access_log  /var/log/nginx/#{APP_NAME}.access.log;

        location / {
                root   /home/deploy/apps/#{APP_NAME}/current/public;
                index  index.html index.htm;

                 proxy_set_header  X-Real-IP  $remote_addr;
                 proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header Host $http_host;
                 proxy_redirect false;

                 if (-f $request_filename/index.html) {
                    rewrite (.*) $1/index.html break;
                 }

                 if (-f $request_filename.html) {
                    rewrite (.*) $1.html break;
                 }

                 if (!-f $request_filename) {
                    proxy_pass http://#{APP_NAME};
                    break;
                 }
        }

        #error_page  404  /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
        root   /var/www/nginx-default;
 }
}


# HTTPS server
#
#server {
#listen   443;
#server_name  localhost;

#ssl  on;
#ssl_certificate  cert.pem;
#ssl_certificate_key  cert.key;

#ssl_session_timeout  5m;

#ssl_protocols  SSLv2 SSLv3 TLSv1;
#ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#ssl_prefer_server_ciphers   on;

#location / {
#root   html;
#index  index.html index.htm;
#}
#}

here

system("echo '#{nginx_config}' >> /etc/nginx/sites-available/app_site")
system("ln -s /etc/nginx/sites-available/app_site /etc/nginx/sites-enabled/app_site")
system("rm /etc/nginx/sites-enabled/default")

# MTA (Postfix)
system("export DEBIAN_FRONTEND=noninteractve && aptitude -q -y install postfix")
tls_patch = <<here
23c23
< smtpd_use_tls=yes
---
> smtpd_use_tls=no
here

system("echo '#{tls_patch}' >> ~/tls_postfix.patch")
system("patch /etc/postfix/main.cf ~/tls_postfix.patch")


# Basic gems
system("gem install rails rake rack sqlite3-ruby eventmachine thin mysql --no-ri --no-rdoc")

system("mkdir -p /etc/thin")

thin_config = <<here
pid: tmp/pids/thin.pid
log: log/thin.log
timeout: 30
max_conns: 1024
port: 3000
max_persistent_conns: 512
chdir: /home/deploy/apps/#{APP_NAME}/current
environment: #{ENVIRONMENT}
servers: 3
address: 0.0.0.0
daemonize: true
user: deploy
group: deploy
here

system("echo '#{thin_config}' >> /etc/thin/#{APP_NAME}.yml")

# App deployment related
system("aptitude install -q -y git-core")
system("adduser deploy --disabled-password --quiet --gecos '' ")
system("mkdir -p /home/deploy/.ssh")
unless DEPLOY_KEY_LOCATION == ""
  system("wget #{DEPLOY_KEY_LOCATION}/#{DEPLOY_KEY_FILE} && tar zxvf #{DEPLOY_KEY_FILE}")
  system("cp id_rsa /home/deploy/.ssh/id_rsa")
  system("cp id_rsa.pub /home/deploy/.ssh/id_rsa.pub")
  system("chmod 600 /home/deploy/.ssh/id_rsa")
end

unless AUTHORIZED_KEYS_LOCATION == ""
  system("wget #{AUTHORIZED_KEYS_LOCATION}/#{AUTHORIZED_KEYS_FILE} && tar zxvf #{AUTHORIZED_KEYS_FILE}")
  system("cp authorized_keys /home/deploy/.ssh/authorized_keys")
end

system("chown -R deploy:deploy /home/deploy/.ssh")
system("chmod 700 /home/deploy/.ssh")
system("chmod 644 /home/deploy/.ssh/authorized_keys")

# Security related
system("aptitude install -q -y aide")
system("mysql -uroot -e 'DELETE FROM mysql.user WHERE User = \"\"; flush privileges;' ")
	#!/usr/bin/ruby
	## Configured against AMI 5f46a736 e146a788

	APP_NAME = "app_name"
	SERVER_NAME = "app_name.somewhere.com"
	DEPLOY_KEY_LOCATION="http://s3.amazonaws.com/bucket"
	DEPLOY_KEY_FILE="deploy_key.tar.gz"
	AUTHORIZED_KEYS_LOCATION="http://s3.amazonaws.com/bucket"
	AUTHORIZED_KEYS_FILE="authorized_keys.tar.gz"
	ENVIRONMENT="staging"

	# Update apt-get
	system("aptitude update")

	#System requirements for Ruby 1.9.1 on Intrepid
	system("aptitude -q -y install libc6-dev libssl-dev libmysql++-dev libsqlite3-dev make build-essential libssl-dev libreadline5-dev zlib1g-dev")

	# General system help
	system("aptitude -q -y install wget vim xfsprogs graphicsmagick-imagemagick-compat")

	# MySQL + headers
	system("export DEBIAN_FRONTEND=noninteractve && aptitude -q -y install mysql-server libmysqlclient15-dev")

	# Ruby 1.9.1
	system("cd ~ && wget ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.1-p243.tar.gz && tar zxvf ruby-1.9.1-p243.tar.gz && cd ruby-1.9.1-p243 && ./configure && make && make install")

	# Update ruby gems
	system("gem update --system && gem sources -a http://gems.github.com")

	# HTTP servers
	system("aptitude install -q -y nginx")

	nginx_config = <<here
	upstream #{APP_NAME}{
	server 127.0.0.1:3000;
	server 127.0.0.1:3001;
	server 127.0.0.1:3002;
	}

	server {
	listen #{SERVER_NAME}:80;
	server_name #{SERVER_NAME};

	access_log /var/log/nginx/#{APP_NAME}.access.log;

	location / {
	root /home/deploy/apps/#{APP_NAME}/current/public;
	index index.html index.htm;

	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_redirect false;

	if (-f $request_filename/index.html) {
	rewrite (.*) $1/index.html break;
	}

	if (-f $request_filename.html) {
	rewrite (.*) $1.html break;
	}

	if (!-f $request_filename) {
	proxy_pass http://#{APP_NAME};
	break;
	}
	}

	#error_page 404 /404.html;

	# redirect server error pages to the static page /50x.html
	#
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /var/www/nginx-default;
	}
	}


	# HTTPS server
	#
	#server {
	#listen 443;
	#server_name localhost;

	#ssl on;
	#ssl_certificate cert.pem;
	#ssl_certificate_key cert.key;

	#ssl_session_timeout 5m;

	#ssl_protocols SSLv2 SSLv3 TLSv1;
	#ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
	#ssl_prefer_server_ciphers on;

	#location / {
	#root html;
	#index index.html index.htm;
	#}
	#}

	here

	system("echo '#{nginx_config}' >> /etc/nginx/sites-available/app_site")
	system("ln -s /etc/nginx/sites-available/app_site /etc/nginx/sites-enabled/app_site")
	system("rm /etc/nginx/sites-enabled/default")

	# MTA (Postfix)
	system("export DEBIAN_FRONTEND=noninteractve && aptitude -q -y install postfix")
	tls_patch = <<here
	23c23
	< smtpd_use_tls=yes
	---
	> smtpd_use_tls=no
	here

	system("echo '#{tls_patch}' >> ~/tls_postfix.patch")
	system("patch /etc/postfix/main.cf ~/tls_postfix.patch")


	# Basic gems
	system("gem install rails rake rack sqlite3-ruby eventmachine thin mysql --no-ri --no-rdoc")

	system("mkdir -p /etc/thin")

	thin_config = <<here
	pid: tmp/pids/thin.pid
	log: log/thin.log
	timeout: 30
	max_conns: 1024
	port: 3000
	max_persistent_conns: 512
	chdir: /home/deploy/apps/#{APP_NAME}/current
	environment: #{ENVIRONMENT}
	servers: 3
	address: 0.0.0.0
	daemonize: true
	user: deploy
	group: deploy
	here

	system("echo '#{thin_config}' >> /etc/thin/#{APP_NAME}.yml")

	# App deployment related
	system("aptitude install -q -y git-core")
	system("adduser deploy --disabled-password --quiet --gecos '' ")
	system("mkdir -p /home/deploy/.ssh")
	unless DEPLOY_KEY_LOCATION == ""
	system("wget #{DEPLOY_KEY_LOCATION}/#{DEPLOY_KEY_FILE} && tar zxvf #{DEPLOY_KEY_FILE}")
	system("cp id_rsa /home/deploy/.ssh/id_rsa")
	system("cp id_rsa.pub /home/deploy/.ssh/id_rsa.pub")
	system("chmod 600 /home/deploy/.ssh/id_rsa")
	end

	unless AUTHORIZED_KEYS_LOCATION == ""
	system("wget #{AUTHORIZED_KEYS_LOCATION}/#{AUTHORIZED_KEYS_FILE} && tar zxvf #{AUTHORIZED_KEYS_FILE}")
	system("cp authorized_keys /home/deploy/.ssh/authorized_keys")
	end

	system("chown -R deploy:deploy /home/deploy/.ssh")
	system("chmod 700 /home/deploy/.ssh")
	system("chmod 644 /home/deploy/.ssh/authorized_keys")

	# Security related
	system("aptitude install -q -y aide")
	system("mysql -uroot -e 'DELETE FROM mysql.user WHERE User = \"\"; flush privileges;' ")