vangie/01_kivivm.js

## 01_kivivm.js
/**
 * kivivm设置脚本
 *
 * 在浏览器控制台执行，可以设定域名解析，反向域名解析
 * 控制台输出如下结构,包括root密码，ssh端口号，IP地址，
 *
 *  "www" => { "passwd" => "vd7sdfMfwdz", "port" => "26212", "ips" => %w(101.182.180.163 137.182.180.204 107.184.180.214 107.122.181.209)}
 *
 * 可用于kivivm.rb脚本设定
 * 		DNSPod的域名解析
 * 		修改.ssh/config文件
 * 		上传SSH公钥
 *
 * @author  Vangie Du
 * @email duwan@live.com
 */
(function(sub_domain,root_domain){
	var domain = sub_domain + "." + root_domain;
	var token = $('input[name="token"]').val();
	$.post('?mode=changehostname',{newhostname:domain,token:token});
	var trs = $('#index_page .dataTable').first().find('tr')
	var ips = trs.get(2).children[1].innerText.split(', ');
	$.each(ips ,function(idx,ip){
		$.post('?mode=changeptr&ip='+ip,{newptr:domain,token:token})
	})

	$.post('main-exec.php?mode=rootpassword',{step:"2",token:token},function(result){
		var passwd = $(result).find('input').val();
		var port = trs.get(3).children[1].innerText;
		console.log('"'+sub_domain+'" => { "passwd" => "'+passwd+'", "port" => "'+port+'", "ips" => %w('+ips.join(' ')+')}');
	})
})("www","codelife.me");

## 02_kivivm.rb
#!/usr/bin/env ruby
#
# 该脚本接受kivivm.js的输出，完成如下3件事
#
#   通过DNSPod API添加二级域名A记录
#   修改.ssh/config对应Port
#   上传SSH公钥
#
#
# @author Vangie Du
# @email duwan@live.com
#

login_email="your_email"
password="your_passwd"
#curl -X POST https://dnsapi.cn/Domain.Info  -d 'login_email=your_email&login_password=your_passwd&format=json&domain=your_domain'
domain_id="2002268"

{
  # output from kivivm.js
  "www1" => { "passwd" => "m2ze5CDpex", "port" => "29214", "ips" => %w(107.177.180.16 107.177.181.92 107.177.181.135 107.177.181.196)} ,
  "www2" => { "passwd" => "YwvxS5tQNG", "port" => "28990", "ips" => %w(107.177.181.106 107.177.177.95 107.177.177.106 107.177.185.242)} ,
  "www3" => { "passwd" => "3Z5C85rb2s", "port" => "28462", "ips" => %w(107.177.180.119 107.177.180.192 107.177.177.93 107.177.177.154)}
}.each do |sub_domain, v|
  passwd = v["passwd"]
  port = v["port"]
  v["ips"].each do |ip|
    puts `curl -X POST https://dnsapi.cn/Record.Create -d 'login_email=#{login_email}&login_password=#{password}&format=json&domain_id=#{domain_id}&sub_domain=#{sub_domain}&record_type=A&record_line=默认&value=#{ip}'`
  end

  `sshpass -p #{passwd} ssh-copy-id -o StrictHostKeyChecking=no #{sub_domain} -p #{port}`

  `gsed -i '/HostName #{sub_domain}/{n;n;s/\\s\\+Port.*/   Port #{port}/;}' ~/.ssh/config`
end

## 03_kivivm.sh
#update the default tools
yum -y update

#Install the bundle containing development tools
yum groupinstall -y 'development tools'

#add the EPEL repository
sudo su -c 'rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm'
yum -y update

#Install curl vim sqlite yaml
yum install -y curl-devel vim sqlite-devel libyaml-devel

#install rvm & ruby
yum remove -y ruby
curl -L get.rvm.io | bash -s stable

source /etc/profile.d/rvm.sh
rvm reload
rvm install 2.1.1
grep -q rvm_autoupdate_flag /etc/rvmrc || echo rvm_autoupdate_flag=2 >> /etc/rvmrc

#Rails needs a JavaScript interpreter
yum install -y nodejs

#install bundler & rails
gem install bundler rails

#install passenger
gem install passenger

#compile nginx
yum remove -y nginx
[ ! -f /opt/nginx/sbin/nginx ] && passenger-install-nginx-module --auto --auto-download --prefix=/opt/nginx


wget -q https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/nginx -O /etc/init.d/nginx
chmod +x /etc/init.d/nginx

#add include conf.d to nginx.conf
mkdir -p /opt/nginx/conf/conf.d
if ! grep -q 'include /opt/nginx/conf/conf.d/' "/opt/nginx/conf/nginx.conf"; then
   sed -i '$i \
    include /opt/nginx/conf/conf.d/*.conf;' /opt/nginx/conf/nginx.conf
fi

#create passeger app conf
wget -q https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/nginx_passenger_conf.rb -O /tmp/nginx_passenger_conf.rb
ruby /tmp/nginx_passenger_conf.rb  --domain `hostname` --port 3100 --root /var/www/vagex-agent > /opt/nginx/conf/conf.d/vagex-agent.conf
rm -f /tmp/nginx_passenger_conf.rb;

#install php
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm --import  /etc/pki/rpm-gpg/RPM-GPG-KEY-remi
yum --enablerepo=remi install -y php php-fpm
chkconfig --level 345 php-fpm on
/etc/init.d/php-fpm restart

#stop apache
service httpd stop
chkconfig httpd off

#start nginx
chkconfig nginx on
service nginx restart

#add deploy user
curl -Ls https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/add_deploy_user.sh | bash -l

#create deploy to dir
curl -Ls https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/deploy_to.sh | bash -ls vagex-agent

## add_deploy_user.sh
#!/usr/bin/bash

#Add user
id deploy || adduser deploy
#changes the user's password to an untypable string, guaranteeing that the user has no password which can be used to log in.
passwd -l deploy
#add to rvm group
usermod -a -G rvm deploy

#copy ssh public key from root
sudo -u deploy -H mkdir -p /home/deploy/.ssh
sudo -u deploy -H touch /home/deploy/.ssh/authorized_keys
if ! grep -q "vangie" /home/deploy/.ssh/authorized_keys ;then
    cat /root/.ssh/authorized_keys |sudo -u deploy -H grep vangie >> /home/deploy/.ssh/authorized_keys
fi

curl -Ls https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/edit_sudoers.sh | bash -ls "deploy ALL=NOPASSWD:/etc/init.d/nginx"

## deploy_to.sh
#!/usr/bin/bash

deploy_to="/var/www/$1"

mkdir -p ${deploy_to}
rm -rf ${deploy_to}/*

chown deploy:deploy ${deploy_to}

# ensures that the files created during this session are created with the permissions
# owner read/write, group: read/write, other: none.
umask 0002

# directory will inherit the group ownership, that means in this case even though we are root,
# the files will be created being owned by root with the group deploy
chmod g+s ${deploy_to}

mkdir -p ${deploy_to}/{releases,shared}
mkdir -p ${deploy_to}/shared/{tmp,bin,log,db}
mkdir -p ${deploy_to}/shared/tmp/{pids,cache,sockets}
mkdir -p ${deploy_to}/shared/vendor/bundle
mkdir -p ${deploy_to}/shared/public/system

touch ${deploy_to}/shared/.env
touch ${deploy_to}/shared/db/production.sqlite3

chown deploy -R ${deploy_to}

## edit_sudoers.sh
#!/usr/bin/bash
# Edit sudoers

if grep -q "$1" /etc/sudoers ;then
  exit 0
fi

# try lock
if [ -f "/etc/sudoers.tmp" ]; then
    exit 1
fi
touch /etc/sudoers.tmp
\cp -f /etc/sudoers /tmp/sudoers.new
echo "$1" >> /tmp/sudoers.new
visudo -c -f /tmp/sudoers.new
if [ "$?" -eq "0" ]; then
    \mv -f /tmp/sudoers.new /etc/sudoers
fi
#release lock
\rm /etc/sudoers.tmp

## nginx
#!/bin/sh
#
# nginx - this script starts and stops the nginx daemon
#
# chkconfig:   - 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /opt/nginx/conf/nginx.conf
# pidfile:     /opt/nginx/logs/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx="/opt/nginx/sbin/nginx"
prog=$(basename $nginx)

NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"

lockfile=/var/lock/subsys/nginx

start() {
    [ -x $nginx ] || exit 5
    [ -f $NGINX_CONF_FILE ] || exit 6
    echo -n $"Starting $prog: "
    daemon $nginx -c $NGINX_CONF_FILE
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $prog: "
    killproc $prog -QUIT
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    configtest || return $?
    stop
    start
}

reload() {
    configtest || return $?
    echo -n $”Reloading $prog: ”
    killproc $nginx -HUP
    RETVAL=$?
    echo
}

force_reload() {
    restart
}

configtest() {
    $nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
    status $prog
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}

case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac

## nginx_passenger_conf.rb
#!/usr/bin/env ruby

require 'optparse'

options = {}
# default value
options[:port] = "80"
options[:domain] = "_"
options[:root] = "/var/www/html"

optparse = OptionParser.new do |opts|
  opts.banner = "Usage: nginx_passenger.rb [options]"

  opts.on("-p", "--port PORT", "Listen port") do |v|
    options[:port] = v
  end

  opts.on("-d", "--domain DOMAIN", "Server name") do |v|
    options[:domain] = v
  end

  opts.on("-r", "--root ROOT", "Root path") do |v|
    options[:root] = v
  end

end
begin
  optparse.parse!
rescue OptionParser::InvalidOption
  puts optparse
  exit
end

conf = %|#passenger_root #{`passenger-config --root`.chomp};
#passenger_ruby #{`which ruby`.chomp};


server {
  listen #{options[:port]};
  server_name #{options[:domain]};
  root #{options[:root]}/current/public;
  passenger_enabled on;

  location ~ \.php$ {
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    include        fastcgi_params;
  }
}
|

puts conf
	/**
	* kivivm设置脚本
	*
	* 在浏览器控制台执行，可以设定域名解析，反向域名解析
	* 控制台输出如下结构,包括root密码，ssh端口号，IP地址，
	*
	* "www" => { "passwd" => "vd7sdfMfwdz", "port" => "26212", "ips" => %w(101.182.180.163 137.182.180.204 107.184.180.214 107.122.181.209)}
	*
	* 可用于kivivm.rb脚本设定
	* DNSPod的域名解析
	* 修改.ssh/config文件
	* 上传SSH公钥
	*
	* @author Vangie Du
	* @email duwan@live.com
	*/
	(function(sub_domain,root_domain){
	var domain = sub_domain + "." + root_domain;
	var token = $('input[name="token"]').val();
	$.post('?mode=changehostname',{newhostname:domain,token:token});
	var trs = $('#index_page .dataTable').first().find('tr')
	var ips = trs.get(2).children[1].innerText.split(', ');
	$.each(ips ,function(idx,ip){
	$.post('?mode=changeptr&ip='+ip,{newptr:domain,token:token})
	})

	$.post('main-exec.php?mode=rootpassword',{step:"2",token:token},function(result){
	var passwd = $(result).find('input').val();
	var port = trs.get(3).children[1].innerText;
	console.log('"'+sub_domain+'" => { "passwd" => "'+passwd+'", "port" => "'+port+'", "ips" => %w('+ips.join(' ')+')}');
	})
	})("www","codelife.me");
	#!/usr/bin/env ruby
	#
	# 该脚本接受kivivm.js的输出，完成如下3件事
	#
	# 通过DNSPod API添加二级域名A记录
	# 修改.ssh/config对应Port
	# 上传SSH公钥
	#
	#
	# @author Vangie Du
	# @email duwan@live.com
	#

	login_email="your_email"
	password="your_passwd"
	#curl -X POST https://dnsapi.cn/Domain.Info -d 'login_email=your_email&login_password=your_passwd&format=json&domain=your_domain'
	domain_id="2002268"

	{
	# output from kivivm.js
	"www1" => { "passwd" => "m2ze5CDpex", "port" => "29214", "ips" => %w(107.177.180.16 107.177.181.92 107.177.181.135 107.177.181.196)} ,
	"www2" => { "passwd" => "YwvxS5tQNG", "port" => "28990", "ips" => %w(107.177.181.106 107.177.177.95 107.177.177.106 107.177.185.242)} ,
	"www3" => { "passwd" => "3Z5C85rb2s", "port" => "28462", "ips" => %w(107.177.180.119 107.177.180.192 107.177.177.93 107.177.177.154)}
	}.each do \|sub_domain, v\|
	passwd = v["passwd"]
	port = v["port"]
	v["ips"].each do \|ip\|
	puts `curl -X POST https://dnsapi.cn/Record.Create -d 'login_email=#{login_email}&login_password=#{password}&format=json&domain_id=#{domain_id}&sub_domain=#{sub_domain}&record_type=A&record_line=默认&value=#{ip}'`
	end

	`sshpass -p #{passwd} ssh-copy-id -o StrictHostKeyChecking=no #{sub_domain} -p #{port}`

	`gsed -i '/HostName #{sub_domain}/{n;n;s/\\s\\+Port.*/ Port #{port}/;}' ~/.ssh/config`
	end
	#update the default tools
	yum -y update

	#Install the bundle containing development tools
	yum groupinstall -y 'development tools'

	#add the EPEL repository
	sudo su -c 'rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm'
	yum -y update

	#Install curl vim sqlite yaml
	yum install -y curl-devel vim sqlite-devel libyaml-devel

	#install rvm & ruby
	yum remove -y ruby
	curl -L get.rvm.io \| bash -s stable

	source /etc/profile.d/rvm.sh
	rvm reload
	rvm install 2.1.1
	grep -q rvm_autoupdate_flag /etc/rvmrc \|\| echo rvm_autoupdate_flag=2 >> /etc/rvmrc

	#Rails needs a JavaScript interpreter
	yum install -y nodejs

	#install bundler & rails
	gem install bundler rails

	#install passenger
	gem install passenger

	#compile nginx
	yum remove -y nginx
	[ ! -f /opt/nginx/sbin/nginx ] && passenger-install-nginx-module --auto --auto-download --prefix=/opt/nginx


	wget -q https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/nginx -O /etc/init.d/nginx
	chmod +x /etc/init.d/nginx

	#add include conf.d to nginx.conf
	mkdir -p /opt/nginx/conf/conf.d
	if ! grep -q 'include /opt/nginx/conf/conf.d/' "/opt/nginx/conf/nginx.conf"; then
	sed -i '$i \
	include /opt/nginx/conf/conf.d/*.conf;' /opt/nginx/conf/nginx.conf
	fi

	#create passeger app conf
	wget -q https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/nginx_passenger_conf.rb -O /tmp/nginx_passenger_conf.rb
	ruby /tmp/nginx_passenger_conf.rb --domain `hostname` --port 3100 --root /var/www/vagex-agent > /opt/nginx/conf/conf.d/vagex-agent.conf
	rm -f /tmp/nginx_passenger_conf.rb;

	#install php
	rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
	rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-remi
	yum --enablerepo=remi install -y php php-fpm
	chkconfig --level 345 php-fpm on
	/etc/init.d/php-fpm restart

	#stop apache
	service httpd stop
	chkconfig httpd off

	#start nginx
	chkconfig nginx on
	service nginx restart

	#add deploy user
	curl -Ls https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/add_deploy_user.sh \| bash -l

	#create deploy to dir
	curl -Ls https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/deploy_to.sh \| bash -ls vagex-agent
	#!/usr/bin/bash

	#Add user
	id deploy \|\| adduser deploy
	#changes the user's password to an untypable string, guaranteeing that the user has no password which can be used to log in.
	passwd -l deploy
	#add to rvm group
	usermod -a -G rvm deploy

	#copy ssh public key from root
	sudo -u deploy -H mkdir -p /home/deploy/.ssh
	sudo -u deploy -H touch /home/deploy/.ssh/authorized_keys
	if ! grep -q "vangie" /home/deploy/.ssh/authorized_keys ;then
	cat /root/.ssh/authorized_keys \|sudo -u deploy -H grep vangie >> /home/deploy/.ssh/authorized_keys
	fi

	curl -Ls https://gist.github.com/vangie/771fe06c46a9dda9cc3e/raw/edit_sudoers.sh \| bash -ls "deploy ALL=NOPASSWD:/etc/init.d/nginx"
	#!/usr/bin/bash

	deploy_to="/var/www/$1"

	mkdir -p ${deploy_to}
	rm -rf ${deploy_to}/*

	chown deploy:deploy ${deploy_to}

	# ensures that the files created during this session are created with the permissions
	# owner read/write, group: read/write, other: none.
	umask 0002

	# directory will inherit the group ownership, that means in this case even though we are root,
	# the files will be created being owned by root with the group deploy
	chmod g+s ${deploy_to}

	mkdir -p ${deploy_to}/{releases,shared}
	mkdir -p ${deploy_to}/shared/{tmp,bin,log,db}
	mkdir -p ${deploy_to}/shared/tmp/{pids,cache,sockets}
	mkdir -p ${deploy_to}/shared/vendor/bundle
	mkdir -p ${deploy_to}/shared/public/system

	touch ${deploy_to}/shared/.env
	touch ${deploy_to}/shared/db/production.sqlite3

	chown deploy -R ${deploy_to}
	#!/usr/bin/bash
	# Edit sudoers

	if grep -q "$1" /etc/sudoers ;then
	exit 0
	fi

	# try lock
	if [ -f "/etc/sudoers.tmp" ]; then
	exit 1
	fi
	touch /etc/sudoers.tmp
	\cp -f /etc/sudoers /tmp/sudoers.new
	echo "$1" >> /tmp/sudoers.new
	visudo -c -f /tmp/sudoers.new
	if [ "$?" -eq "0" ]; then
	\mv -f /tmp/sudoers.new /etc/sudoers
	fi
	#release lock
	\rm /etc/sudoers.tmp
	#!/bin/sh
	#
	# nginx - this script starts and stops the nginx daemon
	#
	# chkconfig: - 85 15
	# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
	# proxy and IMAP/POP3 proxy server
	# processname: nginx
	# config: /opt/nginx/conf/nginx.conf
	# pidfile: /opt/nginx/logs/nginx.pid

	# Source function library.
	. /etc/rc.d/init.d/functions

	# Source networking configuration.
	. /etc/sysconfig/network

	# Check that networking is up.
	[ "$NETWORKING" = "no" ] && exit 0

	nginx="/opt/nginx/sbin/nginx"
	prog=$(basename $nginx)

	NGINX_CONF_FILE="/opt/nginx/conf/nginx.conf"

	lockfile=/var/lock/subsys/nginx

	start() {
	[ -x $nginx ] \|\| exit 5
	[ -f $NGINX_CONF_FILE ] \|\| exit 6
	echo -n $"Starting $prog: "
	daemon $nginx -c $NGINX_CONF_FILE
	retval=$?
	echo
	[ $retval -eq 0 ] && touch $lockfile
	return $retval
	}

	stop() {
	echo -n $"Stopping $prog: "
	killproc $prog -QUIT
	retval=$?
	echo
	[ $retval -eq 0 ] && rm -f $lockfile
	return $retval
	}

	restart() {
	configtest \|\| return $?
	stop
	start
	}

	reload() {
	configtest \|\| return $?
	echo -n $”Reloading $prog: ”
	killproc $nginx -HUP
	RETVAL=$?
	echo
	}

	force_reload() {
	restart
	}

	configtest() {
	$nginx -t -c $NGINX_CONF_FILE
	}

	rh_status() {
	status $prog
	}

	rh_status_q() {
	rh_status >/dev/null 2>&1
	}

	case "$1" in
	start)
	rh_status_q && exit 0
	$1
	;;
	stop)
	rh_status_q \|\| exit 0
	$1
	;;
	restart\|configtest)
	$1
	;;
	reload)
	rh_status_q \|\| exit 7
	$1
	;;
	force-reload)
	force_reload
	;;
	status)
	rh_status
	;;
	condrestart\|try-restart)
	rh_status_q \|\| exit 0
	;;
	*)
	echo $"Usage: $0 {start\|stop\|status\|restart\|condrestart\|try-restart\|reload\|force-reload\|configtest}"
	exit 2
	esac
	#!/usr/bin/env ruby

	require 'optparse'

	options = {}
	# default value
	options[:port] = "80"
	options[:domain] = "_"
	options[:root] = "/var/www/html"

	optparse = OptionParser.new do \|opts\|
	opts.banner = "Usage: nginx_passenger.rb [options]"

	opts.on("-p", "--port PORT", "Listen port") do \|v\|
	options[:port] = v
	end

	opts.on("-d", "--domain DOMAIN", "Server name") do \|v\|
	options[:domain] = v
	end

	opts.on("-r", "--root ROOT", "Root path") do \|v\|
	options[:root] = v
	end

	end
	begin
	optparse.parse!
	rescue OptionParser::InvalidOption
	puts optparse
	exit
	end

	conf = %\|#passenger_root #{`passenger-config --root`.chomp};
	#passenger_ruby #{`which ruby`.chomp};


	server {
	listen #{options[:port]};
	server_name #{options[:domain]};
	root #{options[:root]}/current/public;
	passenger_enabled on;

	location ~ \.php$ {
	fastcgi_pass 127.0.0.1:9000;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	include fastcgi_params;
	}
	}
	\|

	puts conf