jeffrafter/SERVER_INSTALLS

## SERVER_INSTALLS
## Install
## See also (http://codeplot.com/documents/3186/edit)
I Installed Ubuntu 8.04 Server
US Keyboard Layout
Zimbabwe region
If this machine was using an SSD drive configure the paritions so that it has no swap
I did a single partition marked as bootable and setup for the root on EXT3+Journaling
I marked the OpenSSH server as an additional option
I did not set it as a DNS server or Mail Server

## Naming
For baobab we name our computers after trees so I called this one Sapele
I added the default user as baobab

## Reboot and login
hostname datadyne

## Get the stuff you will need (you may want to combine these steps so you can leave the download running)
sudo apt-get update
sudo apt-get install mysql-server nginx build-essential sudo git-core openssl lynx

## At the end you will need to input the mysql root password
In general we create paswords with a hash of the machine name, a common nonce value and some special characters

## Update the ssh for Debian security vulnerability
## If you are running Ubuntu/Debian locally, you should do this on your machine *before*
## You ssh into the server!
sudo apt-get install openssh-client

## Check for vulnerable keys
If you are using 8.04 like me (I think that Intrepid will include this fix by default)
Then you will get a message saying that it is correcting the blacklisted keys
When completed, you should run ssh-vulnkey to make sure your root user is
Not blacklisted. You should see two keys listed and both should start with
"Not blacklisted:"
ssh-vulnkey

## Setup users on your server
sudo adduser --disabled-password deploy
sudo adduser --system --no-create-home --group --disabled-password www
sudo visudo

## Add to the end of the visudo file (someone needs to add a quick vi how-to here)
deploy  ALL=(ALL) ALL

## As an option you can give the deploy user more freedom if you control the keys carefully:
deploy  ALL=(ALL) NOPASSWD:ALL

## For extra credit, change the defaults in the visudo file to insult people that try to enter passwords
Defaults env_reset, insults

## Back on your local create your public key if you have not done so already
## Read the earlier note on Ubuntu <= 8.04 and openssh-client
## ****** If you have already generated your key ** DO NOT REGENERATE ************
cd
ssh-keygen -t rsa
Enter file in which to save the key (/home/YOURLOCALUSER/.ssh/id_rsa): <Enter>
Enter passphrase (empty for no passphrase): <Enter>
Enter same passphrase again: <Enter>

## On your local scp your public key up (note that I use the baobab user I created when installing Ubuntu on the server)
## Make sure you copy the id_rsa.pub and not the id_rsa, the id_rsa file is your private key and you want to keep it safe!
## If you don't know your server's ip address, type ifconfig on the server
scp ~/.ssh/id_rsa.pub baobab@YOURSERVERIP:/tmp
password: <Enter your server's baobab user password>

## On the server setup the key for your deploy user (you need to be root)
sudo su
mkdir /home/deploy/.ssh
chmod 700 /home/deploy/.ssh
cat /tmp/id_rsa.pub >> /home/deploy/.ssh/authorized_keys
chmod 600 /home/deploy/.ssh/authorized_keys
chown -R deploy:deploy /home/deploy/.ssh
exit

## On the server, create the root project folder (our project is called "mateme")
sudo mkdir /var/www/mateme
sudo chown deploy:deploy /var/www/mateme

sudo mkdir /var/www/staging
sudo chown deploy:deploy /var/www/staging

## On the server, setup the database
## We should be calling the database openmrs, with the user openmrs
## The password should be common probably

## ***** IF YOU ARE WORKING WITH AN EXISTING INSTALLATION DO NOT CHANGE THE OPENMRS DATABASE *******
mysql -u root -p
> CREATE DATABASE openmrs;
> GRANT ALL on openmrs.* to 'openmrs' IDENTIFIED BY 'YOURPASS'

## On the server, you need to install RubyEE.
wget http://rubyforge.org/frs/download.php/51101/ruby-enterprise_1.8.6-20090201_i386.deb
sudo dpkg -i ruby-enterprise_1.8.6-20090201_i386.deb
/opt/ruby-enterprise/bin/passenger-install-apache2-module


## On your local, cross your fingers and deploy (cap -T if you want to see all tasks)
## I have noticed that the deploy and deploy:setup tasks rely on each other
## So you have to run cap deploy first and let it fail...
## then run setup, then run deploy again
cap deploy

## Everytime you will be asked a series of questions:

$ cap deploy
Do you want to stage this deployment? (y/n): y  ## changes the target folder (either /var/www/mateme or /var/www/staging)
Domain you are deploying to (IP Address or Hostname): neno ## I have "neno" in my /etc/hosts point to the server. If you can use an internal address it will save the round trip to the internet
Pull from current machine (192.168.1.111)? (y/n): n ## If the server can see your machine on the network (at the address shown) then do it, this will also save a round trip to the internet
Pull from distributed git repository? (y/n): n ## generally just say no here
Pull from shared github.com (public)? (y/n): n ## This pulls from baobab/mateme on github... not currently in sync with neno
Pull from alternate github.com (public)? (y/n): y ## if you said no to everything else, you need to say yes here
Github Repository (jeffrafter/mateme): cherodney/mateme ## pulls from master on a specific fork... specify the fork as shown

##


cap deploy:setup
cap deploy

# ------------- Firefox
# READ the firefox README
# If you don't have the firefox daemon it is here http://github.com/baobab/firefox-daemon
	## Install
	## See also (http://codeplot.com/documents/3186/edit)
	I Installed Ubuntu 8.04 Server
	US Keyboard Layout
	Zimbabwe region
	If this machine was using an SSD drive configure the paritions so that it has no swap
	I did a single partition marked as bootable and setup for the root on EXT3+Journaling
	I marked the OpenSSH server as an additional option
	I did not set it as a DNS server or Mail Server

	## Naming
	For baobab we name our computers after trees so I called this one Sapele
	I added the default user as baobab

	## Reboot and login
	hostname datadyne

	## Get the stuff you will need (you may want to combine these steps so you can leave the download running)
	sudo apt-get update
	sudo apt-get install mysql-server nginx build-essential sudo git-core openssl lynx

	## At the end you will need to input the mysql root password
	In general we create paswords with a hash of the machine name, a common nonce value and some special characters

	## Update the ssh for Debian security vulnerability
	## If you are running Ubuntu/Debian locally, you should do this on your machine before
	## You ssh into the server!
	sudo apt-get install openssh-client

	## Check for vulnerable keys
	If you are using 8.04 like me (I think that Intrepid will include this fix by default)
	Then you will get a message saying that it is correcting the blacklisted keys
	When completed, you should run ssh-vulnkey to make sure your root user is
	Not blacklisted. You should see two keys listed and both should start with
	"Not blacklisted:"
	ssh-vulnkey

	## Setup users on your server
	sudo adduser --disabled-password deploy
	sudo adduser --system --no-create-home --group --disabled-password www
	sudo visudo

	## Add to the end of the visudo file (someone needs to add a quick vi how-to here)
	deploy ALL=(ALL) ALL

	## As an option you can give the deploy user more freedom if you control the keys carefully:
	deploy ALL=(ALL) NOPASSWD:ALL

	## For extra credit, change the defaults in the visudo file to insult people that try to enter passwords
	Defaults env_reset, insults

	## Back on your local create your public key if you have not done so already
	## Read the earlier note on Ubuntu <= 8.04 and openssh-client
	## **** If you have already generated your key DO NOT REGENERATE ************
	cd
	ssh-keygen -t rsa
	Enter file in which to save the key (/home/YOURLOCALUSER/.ssh/id_rsa): <Enter>
	Enter passphrase (empty for no passphrase): <Enter>
	Enter same passphrase again: <Enter>

	## On your local scp your public key up (note that I use the baobab user I created when installing Ubuntu on the server)
	## Make sure you copy the id_rsa.pub and not the id_rsa, the id_rsa file is your private key and you want to keep it safe!
	## If you don't know your server's ip address, type ifconfig on the server
	scp ~/.ssh/id_rsa.pub baobab@YOURSERVERIP:/tmp
	password: <Enter your server's baobab user password>

	## On the server setup the key for your deploy user (you need to be root)
	sudo su
	mkdir /home/deploy/.ssh
	chmod 700 /home/deploy/.ssh
	cat /tmp/id_rsa.pub >> /home/deploy/.ssh/authorized_keys
	chmod 600 /home/deploy/.ssh/authorized_keys
	chown -R deploy:deploy /home/deploy/.ssh
	exit

	## On the server, create the root project folder (our project is called "mateme")
	sudo mkdir /var/www/mateme
	sudo chown deploy:deploy /var/www/mateme

	sudo mkdir /var/www/staging
	sudo chown deploy:deploy /var/www/staging

	## On the server, setup the database
	## We should be calling the database openmrs, with the user openmrs
	## The password should be common probably

	## *** IF YOU ARE WORKING WITH AN EXISTING INSTALLATION DO NOT CHANGE THE OPENMRS DATABASE *****
	mysql -u root -p
	> CREATE DATABASE openmrs;
	> GRANT ALL on openmrs.* to 'openmrs' IDENTIFIED BY 'YOURPASS'

	## On the server, you need to install RubyEE.
	wget http://rubyforge.org/frs/download.php/51101/ruby-enterprise_1.8.6-20090201_i386.deb
	sudo dpkg -i ruby-enterprise_1.8.6-20090201_i386.deb
	/opt/ruby-enterprise/bin/passenger-install-apache2-module


	## On your local, cross your fingers and deploy (cap -T if you want to see all tasks)
	## I have noticed that the deploy and deploy:setup tasks rely on each other
	## So you have to run cap deploy first and let it fail...
	## then run setup, then run deploy again
	cap deploy

	## Everytime you will be asked a series of questions:

	$ cap deploy
	Do you want to stage this deployment? (y/n): y ## changes the target folder (either /var/www/mateme or /var/www/staging)
	Domain you are deploying to (IP Address or Hostname): neno ## I have "neno" in my /etc/hosts point to the server. If you can use an internal address it will save the round trip to the internet
	Pull from current machine (192.168.1.111)? (y/n): n ## If the server can see your machine on the network (at the address shown) then do it, this will also save a round trip to the internet
	Pull from distributed git repository? (y/n): n ## generally just say no here
	Pull from shared github.com (public)? (y/n): n ## This pulls from baobab/mateme on github... not currently in sync with neno
	Pull from alternate github.com (public)? (y/n): y ## if you said no to everything else, you need to say yes here
	Github Repository (jeffrafter/mateme): cherodney/mateme ## pulls from master on a specific fork... specify the fork as shown

	##






	cap deploy:setup
	cap deploy

	# ------------- Firefox
	# READ the firefox README
	# If you don't have the firefox daemon it is here http://github.com/baobab/firefox-daemon