mikeymckay/prepare_fresh_ubuntu_for_deploy.sh

## prepare_fresh_ubuntu_for_deploy.sh
#!/bin/sh

# the command= trick gets screwed up with quotes so be careful

echo "Hostname is currently `hostname`"

# TODO setup hostname

# TODO setup LibertyNet/connectivity

echo "Becoming root user"
command="sudo su"
echo "Running: $command"
read -p "Press any key to begin"
$command

echo "Make it so that the OS doesn't record the read time of every file (an optimization and SSD saver)"
read -p "Press any key to begin"
cat /etc/fstab | sed -e 's/relatime,errors=remount-ro/relatime,noatime,errors=remount-ro/' > /tmp/fstab
mv /tmp/fstab /etc/fstab

echo "Reduce swappiness factor so that the swap file is only needed in extreme situations"
read -p "Press any key to begin"
echo "# Set swappiness to zero to save SSD and maximize use of memory
vm.swappiness=0" >> /etc/sysctl.conf

echo "

## Install
## See also (http://codeplot.com/documents/3186/edit)
#I Installed Ubuntu 8.04 Server
#US Keyboard Layout
#Zimbabwe region
#If this machine was using an SSD drive configure the paritions so that it has no swap
#I did a single partition marked as bootable and setup for the root on EXT3+Journaling
#I marked the OpenSSH server as an additional option
#I did not set it as a DNS server or Mail Server

## Naming
# For baobab we name our computers after trees so I called this one Sapele
# I added the default user as baobab

## Reboot and login

## Get the stuff you will need (you may want to combine these steps so you can leave the download running)

   "

command="apt-get update"
echo "Running: $command"
read -p "Press any key to continue"
$command

command="apt-get install mysql-server nginx build-essential sudo git-core openssl lynx openssh-client vim libmysql irb ruby1.8-dev"
echo "Running: $command"
read -p "Press any key to continue"
$command

echo "Downloading and installing rubygems"
read -p "Press any key to continue"
wget http://rubyforge.org/frs/download.php/35283/rubygems-1.1.1.tgz
tar xvzf rubygems-1.1.1.tgz
cd rubygems-1.1.1
ruby setup.rb

read -p "Press any key to continue"
command="sudo gem install mongrel --no-rdoc --no-ri"
echo "Running: $command"
read -p "Press any key to continue"
$command

command="sudo gem install mongrel-cluster --no-rdoc --no-ri"
echo "Running: $command"
read -p "Press any key to continue"
$command

echo "
## At the end you will need to input the mysql root password
#    In general we create paswords with a hash of the machine name, a common nonce value and some special characters
      "

## Ubuntu 8.0.4.1 and beyond don't need to worry about this
## Update the ssh for Debian security vulnerability
## If you are running Ubuntu/Debian locally, you should do this on your machine *before*
## You ssh into the server!

## Check for vulnerable keys
#      If you are using 8.04 like me (I think that Intrepid will include this fix by default)
#      Then you will get a message saying that it is correcting the blacklisted keys
#      When completed, you should run ssh-vulnkey to make sure your root user is
#      Not blacklisted. You should see two keys listed and both should start with
#      Not blacklisted:
# read -p "Press any key to continue"
#      ssh-vulnkey

echo "## Creating deploy and www users on server"
command="adduser --disabled-password deploy"
echo "Running: $command"
read -p "Press any key to continue"
$command

command="adduser --system --no-create-home --group --disabled-password www"
echo "Running: $command"
read -p "Press any key to continue"
$command

visudo_commands="deploy ALL=(ALL) NOPASSWD:ALL
Defaults env_reset, insults"
Defaults env_reset, insults"
echo "Adding:
-----
$visudo_commands
-----
to /etc/sudoers"
read -p "Press any key to continue"

echo "$visudo_commands" >> /etc/sudoers

echo "
           Enter file in which to save the key (/home/YOURLOCALUSER/.ssh/id_rsa): <Enter>
           Enter passphrase (empty for no passphrase): <Enter>
           Enter same passphrase again: <Enter>


## On your local scp your public key up (note that I use the baobab user I created when installing Ubuntu on the server)
## Make sure you copy the id_rsa.pub and not the id_rsa, the id_rsa file is your private key and you want to keep it safe!
## If you don't know your server's ip address, type ifconfig on the server
            scp ~/.ssh/id_rsa.pub baobab@YOURSERVERIP:/tmp
            password: <Enter your server's baobab user password>

Generating keys for the deploy user now...

Press enter twice when asked for a passphrase (we want an empty passphrase)

"
read -p "Press any key to continue"
echo "Running: su deploy -c \"ssh-keygen -t rsa\""
read -p "Press any key to continue"
su deploy -c "ssh-keygen -t rsa"

echo "## Adding public keys for all Baobab programmers
This should be safe to do - public keys are only have of the authentication puzzle -
hence private and public keys.
"
read -p "Press any key to continue"

echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyUvMIvhJUYs7nIaiLBnUcs03XuOeHiw1JGh1M/ovbKc9YO4SJsl9CYxpyDeh9jSyvdNhNdeUSg7PBSSyAYpVXeK6WXN9LnqKOWRu8n5rXGNSycM2tenaADiS/xtMkHmIFYOE/QFQF+Amg5lKR1DjsfZXzscdtYsmAT09j6GFYfgY/KIP/gxSsEDzOGSIxYqJwpCzV+/nwub72ElzVcW9EJu2HpSD8jhKF6XrZ3VExsCk9v86qrTGWeVOyFubRb7+V6Db4xc+x2HirdyMW7hZceDfTpB0xX1GXd4PYZ023gfvNkGbIj/aOSDeJtDIJyQhzCbIXY+CiLkU556e0rg2Nw== njero@alexandria.local
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzFtSLwtu0GoHLWG8X5ScMBX0xYtxjlWiEhEJRPWoIq+e4MQg34mtSEUtVt9lyeiAx9PfrmFhcbFeL72Y1bRi7bxEy+9Nu72bEPicVibukTuiFz1M0snoHVCtr6FnHd8q29+hcfeaqFwn2lIyE11DiH5aHOd2hAPNAVQ/p1CPY5HCmIerIuuE+QgEQTE6Zm3Lp8L4LvyFhZl4kZ5CLx8mOQWIj8ZVh3HUvCCh2b3AZdZzOE4E2Jk0ST4QJ7IlenRQ+9E6RKQ6pVOYgYunfhD0IIaXrd9UiGTGm+G/3YfKHhIznF3QyBv5lW06A5BKz37v8rXil7zu0jKLh5Kf41BiAQ== ace@lalanje
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzb5cQe46LoJB5PQou+Rc+BNyRLC5iMILS8/KddZUJGdQobzzx6pxyvS6Wq9i6EGj6X8WzGTa9FLgFUNI1EGg0wLMANTpDwiMYyBLZQ8oLwbUkTrQaDKw8Bf/FwLQiaUjx0DB7U7YNJlGMZBtUgshD/4Z7KjThsB5ZA7dhtGiWws= crazy@sequoyah
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyEB1sXJNJxzoUd4XZlwPBjmcnpyM1L6DWOHXgN/i/duVsqJrotxwtg9Qs0n5N9i8NxydzuwcMAb18RbtbSsGNxEcufOrNWyCHnBCDYfnt13eXjY+hpB4mMREg8xe5hzWdrQyCwdOHwqxDWOLmIsWrvfCrKtXH29+v3DvaFiJ1ndPx0wxrZ4hptRsnwuMyiNLRhuD616YzbSEASus+CKIKiVTtm/AvGr+YMS5vDt3bQsiRfvbp5dktUOZH+4Wsi4W93BQ2+bGFfNgu3BrtqKCsCb9K7UPFORyADVmgqD3vvcB8QCO3NRjOgq+9quVoynr9PAwxEONfVTFCg0gOgLXDQ== soyapi@masau
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq7R5LvOBW5U1Vgn8ce/WDYr6A2/stqDvMwCAlZFqpBZExjWcFDC30aNX7bjdESwJ+BJTSZ6P7pCe4N+uia8nFLvxfUCMSXTvQ+cmOKnpmRbMDvctAafuk5fSLuPS9bReY/sh76ax135jrQejbGW4q+pLpUV3D0Ff9vgo905OCVjpCx+QrYMr4bqQ38h/a/GvdLx8Ow6c7fHJPDzJx+lxXQ6YUhm1AIzJFAgtVg1JXs0tkC4/9TxreRUnHyIWH7h4c+lzdPoJT8a2QV4IkHf3xMhki/mCYRFx7GBk3N8pnTO9b2PWlTN6dZtDYixrnVpkGxp4zKAmAa3i6G3IQ9QBkQ== bond@nkungudza
" >> /home/deploy/.ssh/authorized_keys

chmod 600 /home/deploy/.ssh/authorized_keys

echo "## On the server, create the root project folder (our project is called 'bart')"
$command="mkdir /var/www/bart"
echo "Running: $command"
read -p "Press any key to continue"
$command

$command="chown deploy:deploy /var/www/bart"
echo "Running: $command"
read -p "Press any key to continue"
$command


$command="mkdir /etc/mongrel_cluster"
echo "Running: $command"
read -p "Press any key to continue"
$command

echo "Creating mongrel user"
$command="sudo adduser --system --no-create-home --group --disabled-password mongrel"
echo "Running: $command"
read -p "Press any key to continue"
$command

echo "
## On the server, setup the database
## We should be calling the database openmrs, with the user openmrs
## The password should be common probably

Enter the password you want to use for the openmrs database"
read -e PASSWORD

echo "Creating the openmrs database and the openmrs user"
read -p "Press any key to continue"

echo "CREATE DATABASE openmrs; GRANT ALL on openmrs to 'openmrs'@'localhost' IDENTIFIED BY '$PASSWORD'" | mysql -u root -p

echo "
## On your LOCAL MACHINE (NOT THE SERVER), cross your fingers and deploy (cap -T if you want to see all tasks)
## I have noticed that the deploy and deploy:setup tasks rely on each other
## So you have to run cap deploy first and let it fail...
## then run setup, then run deploy again
                 cap deploy
                 cap deploy:setup
                 cap deploy

                  cap nginx:setup
                  cap nginx:start

                   * run the db/migrate scripts
                   * run the bootstrap

                    cap deploy:restart

# ------------- Firefox
# READ the firefox README
# If you don't have the firefox daemon it is here http://github.com/baobab/firefox-daemon
                     "
	#!/bin/sh

	# the command= trick gets screwed up with quotes so be careful

	echo "Hostname is currently `hostname`"

	# TODO setup hostname

	# TODO setup LibertyNet/connectivity

	echo "Becoming root user"
	command="sudo su"
	echo "Running: $command"
	read -p "Press any key to begin"
	$command

	echo "Make it so that the OS doesn't record the read time of every file (an optimization and SSD saver)"
	read -p "Press any key to begin"
	cat /etc/fstab \| sed -e 's/relatime,errors=remount-ro/relatime,noatime,errors=remount-ro/' > /tmp/fstab
	mv /tmp/fstab /etc/fstab

	echo "Reduce swappiness factor so that the swap file is only needed in extreme situations"
	read -p "Press any key to begin"
	echo "# Set swappiness to zero to save SSD and maximize use of memory
	vm.swappiness=0" >> /etc/sysctl.conf

	echo "

	## Install
	## See also (http://codeplot.com/documents/3186/edit)
	#I Installed Ubuntu 8.04 Server
	#US Keyboard Layout
	#Zimbabwe region
	#If this machine was using an SSD drive configure the paritions so that it has no swap
	#I did a single partition marked as bootable and setup for the root on EXT3+Journaling
	#I marked the OpenSSH server as an additional option
	#I did not set it as a DNS server or Mail Server

	## Naming
	# For baobab we name our computers after trees so I called this one Sapele
	# I added the default user as baobab

	## Reboot and login

	## Get the stuff you will need (you may want to combine these steps so you can leave the download running)

	"

	command="apt-get update"
	echo "Running: $command"
	read -p "Press any key to continue"
	$command

	command="apt-get install mysql-server nginx build-essential sudo git-core openssl lynx openssh-client vim libmysql irb ruby1.8-dev"
	echo "Running: $command"
	read -p "Press any key to continue"
	$command

	echo "Downloading and installing rubygems"
	read -p "Press any key to continue"
	wget http://rubyforge.org/frs/download.php/35283/rubygems-1.1.1.tgz
	tar xvzf rubygems-1.1.1.tgz
	cd rubygems-1.1.1
	ruby setup.rb

	read -p "Press any key to continue"
	command="sudo gem install mongrel --no-rdoc --no-ri"
	echo "Running: $command"
	read -p "Press any key to continue"
	$command

	command="sudo gem install mongrel-cluster --no-rdoc --no-ri"
	echo "Running: $command"
	read -p "Press any key to continue"
	$command

	echo "
	## At the end you will need to input the mysql root password
	# In general we create paswords with a hash of the machine name, a common nonce value and some special characters
	"

	## Ubuntu 8.0.4.1 and beyond don't need to worry about this
	## Update the ssh for Debian security vulnerability
	## If you are running Ubuntu/Debian locally, you should do this on your machine before
	## You ssh into the server!

	## Check for vulnerable keys
	# If you are using 8.04 like me (I think that Intrepid will include this fix by default)
	# Then you will get a message saying that it is correcting the blacklisted keys
	# When completed, you should run ssh-vulnkey to make sure your root user is
	# Not blacklisted. You should see two keys listed and both should start with
	# Not blacklisted:
	# read -p "Press any key to continue"
	# ssh-vulnkey

	echo "## Creating deploy and www users on server"
	command="adduser --disabled-password deploy"
	echo "Running: $command"
	read -p "Press any key to continue"
	$command

	command="adduser --system --no-create-home --group --disabled-password www"
	echo "Running: $command"
	read -p "Press any key to continue"
	$command

	visudo_commands="deploy ALL=(ALL) NOPASSWD:ALL
	Defaults env_reset, insults"
	Defaults env_reset, insults"
	echo "Adding:
	-----
	$visudo_commands
	-----
	to /etc/sudoers"
	read -p "Press any key to continue"

	echo "$visudo_commands" >> /etc/sudoers

	echo "
	Enter file in which to save the key (/home/YOURLOCALUSER/.ssh/id_rsa): <Enter>
	Enter passphrase (empty for no passphrase): <Enter>
	Enter same passphrase again: <Enter>


	## On your local scp your public key up (note that I use the baobab user I created when installing Ubuntu on the server)
	## Make sure you copy the id_rsa.pub and not the id_rsa, the id_rsa file is your private key and you want to keep it safe!
	## If you don't know your server's ip address, type ifconfig on the server
	scp ~/.ssh/id_rsa.pub baobab@YOURSERVERIP:/tmp
	password: <Enter your server's baobab user password>

	Generating keys for the deploy user now...

	Press enter twice when asked for a passphrase (we want an empty passphrase)

	"
	read -p "Press any key to continue"
	echo "Running: su deploy -c \"ssh-keygen -t rsa\""
	read -p "Press any key to continue"
	su deploy -c "ssh-keygen -t rsa"

	echo "## Adding public keys for all Baobab programmers
	This should be safe to do - public keys are only have of the authentication puzzle -
	hence private and public keys.
	"
	read -p "Press any key to continue"

	echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyUvMIvhJUYs7nIaiLBnUcs03XuOeHiw1JGh1M/ovbKc9YO4SJsl9CYxpyDeh9jSyvdNhNdeUSg7PBSSyAYpVXeK6WXN9LnqKOWRu8n5rXGNSycM2tenaADiS/xtMkHmIFYOE/QFQF+Amg5lKR1DjsfZXzscdtYsmAT09j6GFYfgY/KIP/gxSsEDzOGSIxYqJwpCzV+/nwub72ElzVcW9EJu2HpSD8jhKF6XrZ3VExsCk9v86qrTGWeVOyFubRb7+V6Db4xc+x2HirdyMW7hZceDfTpB0xX1GXd4PYZ023gfvNkGbIj/aOSDeJtDIJyQhzCbIXY+CiLkU556e0rg2Nw== njero@alexandria.local
	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzFtSLwtu0GoHLWG8X5ScMBX0xYtxjlWiEhEJRPWoIq+e4MQg34mtSEUtVt9lyeiAx9PfrmFhcbFeL72Y1bRi7bxEy+9Nu72bEPicVibukTuiFz1M0snoHVCtr6FnHd8q29+hcfeaqFwn2lIyE11DiH5aHOd2hAPNAVQ/p1CPY5HCmIerIuuE+QgEQTE6Zm3Lp8L4LvyFhZl4kZ5CLx8mOQWIj8ZVh3HUvCCh2b3AZdZzOE4E2Jk0ST4QJ7IlenRQ+9E6RKQ6pVOYgYunfhD0IIaXrd9UiGTGm+G/3YfKHhIznF3QyBv5lW06A5BKz37v8rXil7zu0jKLh5Kf41BiAQ== ace@lalanje
	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzb5cQe46LoJB5PQou+Rc+BNyRLC5iMILS8/KddZUJGdQobzzx6pxyvS6Wq9i6EGj6X8WzGTa9FLgFUNI1EGg0wLMANTpDwiMYyBLZQ8oLwbUkTrQaDKw8Bf/FwLQiaUjx0DB7U7YNJlGMZBtUgshD/4Z7KjThsB5ZA7dhtGiWws= crazy@sequoyah
	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyEB1sXJNJxzoUd4XZlwPBjmcnpyM1L6DWOHXgN/i/duVsqJrotxwtg9Qs0n5N9i8NxydzuwcMAb18RbtbSsGNxEcufOrNWyCHnBCDYfnt13eXjY+hpB4mMREg8xe5hzWdrQyCwdOHwqxDWOLmIsWrvfCrKtXH29+v3DvaFiJ1ndPx0wxrZ4hptRsnwuMyiNLRhuD616YzbSEASus+CKIKiVTtm/AvGr+YMS5vDt3bQsiRfvbp5dktUOZH+4Wsi4W93BQ2+bGFfNgu3BrtqKCsCb9K7UPFORyADVmgqD3vvcB8QCO3NRjOgq+9quVoynr9PAwxEONfVTFCg0gOgLXDQ== soyapi@masau
	ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq7R5LvOBW5U1Vgn8ce/WDYr6A2/stqDvMwCAlZFqpBZExjWcFDC30aNX7bjdESwJ+BJTSZ6P7pCe4N+uia8nFLvxfUCMSXTvQ+cmOKnpmRbMDvctAafuk5fSLuPS9bReY/sh76ax135jrQejbGW4q+pLpUV3D0Ff9vgo905OCVjpCx+QrYMr4bqQ38h/a/GvdLx8Ow6c7fHJPDzJx+lxXQ6YUhm1AIzJFAgtVg1JXs0tkC4/9TxreRUnHyIWH7h4c+lzdPoJT8a2QV4IkHf3xMhki/mCYRFx7GBk3N8pnTO9b2PWlTN6dZtDYixrnVpkGxp4zKAmAa3i6G3IQ9QBkQ== bond@nkungudza
	" >> /home/deploy/.ssh/authorized_keys

	chmod 600 /home/deploy/.ssh/authorized_keys

	echo "## On the server, create the root project folder (our project is called 'bart')"
	$command="mkdir /var/www/bart"
	echo "Running: $command"
	read -p "Press any key to continue"
	$command

	$command="chown deploy:deploy /var/www/bart"
	echo "Running: $command"
	read -p "Press any key to continue"
	$command


	$command="mkdir /etc/mongrel_cluster"
	echo "Running: $command"
	read -p "Press any key to continue"
	$command

	echo "Creating mongrel user"
	$command="sudo adduser --system --no-create-home --group --disabled-password mongrel"
	echo "Running: $command"
	read -p "Press any key to continue"
	$command

	echo "
	## On the server, setup the database
	## We should be calling the database openmrs, with the user openmrs
	## The password should be common probably

	Enter the password you want to use for the openmrs database"
	read -e PASSWORD

	echo "Creating the openmrs database and the openmrs user"
	read -p "Press any key to continue"

	echo "CREATE DATABASE openmrs; GRANT ALL on openmrs to 'openmrs'@'localhost' IDENTIFIED BY '$PASSWORD'" \| mysql -u root -p

	echo "
	## On your LOCAL MACHINE (NOT THE SERVER), cross your fingers and deploy (cap -T if you want to see all tasks)
	## I have noticed that the deploy and deploy:setup tasks rely on each other
	## So you have to run cap deploy first and let it fail...
	## then run setup, then run deploy again
	cap deploy
	cap deploy:setup
	cap deploy

	cap nginx:setup
	cap nginx:start

	* run the db/migrate scripts
	* run the bootstrap

	cap deploy:restart

	# ------------- Firefox
	# READ the firefox README
	# If you don't have the firefox daemon it is here http://github.com/baobab/firefox-daemon
	"