def install():
util.start()
# If Redis host is not specified, that means we will run a local one
if (env.redis_host and env.redis_host != ''):
print("Not installing Redis ...")
print("Using Redis @ %s:%s" % (env.redis_host, env.redis_port))
else:
print("Installing Redis ...")
sudo('apt-get install -yq redis-server')
# Secure Redis http://redis.io/topics/security
sed('/etc/redis/redis.conf',
'# requirepass foobared',
'# requirepass foobared\\nrequirepass %s' % env.password,
use_sudo=True,
backup='.bak',
flags='')
# Open redis to all IPs
sed('/etc/redis/redis.conf',
'#bind 127.0.0.1',
'#bind 127.0.0.1\\nbind 0.0.0.0',
use_sudo=True,
backup='.bak',
flags='')
# Restart redis
sudo('/etc/init.d/redis-server restart')
util.done()
def configure():
util.start()
# Have php-fpm use a unix socket
print('Switching php-fpm to socket')
sed('/etc/php5/fpm/pool.d/www.conf',
'listen = 127.0.0.1:9000',
';listen = 127.0.0.1:9000\\nlisten = /var/run/php5-fpm.sock',
use_sudo=True,
backup='.bak',
flags='')
# Enable php for nginx
print('Routing .php from nginx to php-fpm')
if exists('/etc/nginx/conf.d/php.conf'):
sudo('rm /etc/nginx/conf.d/php.conf')
put(util.template('php.conf'), '/etc/nginx/conf.d/php.conf', use_sudo=True)
# Add custom php.ini settings
print('Adding custom php.ini settings')
if exists('/etc/nginx/conf.d/php.conf'):
if exists('/etc/php5/fpm/conf.d/php-custom.ini'):
sudo('rm /etc/php5/fpm/conf.d/php-custom.ini')
put(util.template('php-custom.ini'),
'/etc/php5/fpm/conf.d/php-custom.ini',
use_sudo=True)
# Reload php-fpm
sudo('/etc/init.d/php5-fpm restart')
util.done()
def configure():
util.start()
# Have php-fpm use a unix socket
print('Switching php-fpm to socket')
sed('/etc/php5/fpm/pool.d/www.conf',
'listen = 127.0.0.1:9000',
';listen = 127.0.0.1:9000\\nlisten = /var/run/php5-fpm.sock',
use_sudo=True, backup='.bak', flags='')
# Enable php for nginx
print('Routing .php from nginx to php-fpm')
if exists('/etc/nginx/conf.d/php.conf'):
sudo('rm /etc/nginx/conf.d/php.conf')
put(util.template('php.conf'), '/etc/nginx/conf.d/php.conf', use_sudo=True)
# Add custom php.ini settings
print('Adding custom php.ini settings')
if exists('/etc/nginx/conf.d/php.conf'):
if exists('/etc/php5/fpm/conf.d/php-custom.ini'):
sudo('rm /etc/php5/fpm/conf.d/php-custom.ini')
put(util.template('php-custom.ini'), '/etc/php5/fpm/conf.d/php-custom.ini', use_sudo=True)
# Reload php-fpm
sudo('/etc/init.d/php5-fpm restart')
util.done()
def configure():
util.start()
# http://guides.webbynode.com/articles/security/ubuntu-ufw.html
# http://niteowebfabfile.readthedocs.org/en/latest/_modules/niteoweb/fabfile/server.html
print("Enabling UFW (firewall)")
# Change some things per here to eliminate errors
# http://blog.kylemanna.com/linux/2013/04/26/ufw-vps/
sed('/etc/default/ufw',
'IPV6=yes',
'IPV6=no',
use_sudo=True, backup='.bak', flags='')
sed('/etc/default/ufw',
'IPT_MODULES=',
'#IPT_MODULES=',
use_sudo=True, backup='.bak', flags='')
# Reset
sudo('ufw --force reset')
# Apply rules
sudo('ufw default deny')
sudo('ufw allow 22') # ssh
sudo('ufw allow 80') # web/http
sudo('ufw allow 443') # web/https
sudo('ufw allow 3306') # mysql
sudo('ufw allow 5678') # resque-web
sudo('ufw allow 6379') # redis
# re-enable firewall and print rules
sudo('ufw --force enable')
sudo('ufw status verbose')
util.done()
def configure():
util.start()
# http://guides.webbynode.com/articles/security/ubuntu-ufw.html
# http://niteowebfabfile.readthedocs.org/en/latest/_modules/niteoweb/fabfile/server.html
print("Enabling UFW (firewall)")
# Change some things per here to eliminate errors
# http://blog.kylemanna.com/linux/2013/04/26/ufw-vps/
sed('/etc/default/ufw',
'IPV6=yes',
'IPV6=no',
use_sudo=True,
backup='.bak',
flags='')
sed('/etc/default/ufw',
'IPT_MODULES=',
'#IPT_MODULES=',
use_sudo=True,
backup='.bak',
flags='')
# Reset
sudo('ufw --force reset')
# Apply rules
sudo('ufw default deny')
sudo('ufw allow 22') # ssh
sudo('ufw allow 80') # web/http
sudo('ufw allow 443') # web/https
sudo('ufw allow 3306') # mysql
sudo('ufw allow 5678') # resque-web
sudo('ufw allow 6379') # redis
# re-enable firewall and print rules
sudo('ufw --force enable')
sudo('ufw status verbose')
util.done()
def install():
util.start()
# Install Percona XtraBackup (Hot backup software)
put('fabfile/lib/database/etc-apt-percona.list',
'/etc/apt/sources.list.d/percona.list',
use_sudo=True)
sudo('apt-key adv --keyserver keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A')
sudo('apt-get update')
sudo('apt-get install -yq xtrabackup')
util.done()
def install():
util.start()
# Install basic Ruby stuff
sudo('apt-get install -yq ruby1.8 ruby1.8-dev rails rake gem rubygems')
# Install gems: resque + unicorn
sudo('gem install --no-rdoc --no-ri bundler')
sudo('gem install --no-rdoc --no-ri json')
sudo('gem install --no-rdoc --no-ri resque')
sudo('gem install --no-rdoc --no-ri unicorn')
util.done()
def configure(mount_root):
util.start()
# Create document root
mount_root = env.config.get('mount_root')
if ('%s' in document_root):
mount_root = mount_root % env.git_project.lower()
# Create document root directory if it doesn't exist
if not exists(mount_root):
sudo("mkdir -m 775 -p %s" % mount_root)
util.done()
def install_mysql_agent():
util.start()
if (not(env.newrelic_key)):
util.done('Missing Key')
return
if (not(util.enabled('newrelic'))):
util.done('Not enabled in environment settings')
return
# Do it
util.done()
def install():
util.start()
# Install basic Ruby stuff
sudo('apt-get install -yq ruby1.8 ruby1.8-dev rails rake gem rubygems')
# Install gems: resque + unicorn
sudo('gem install --no-rdoc --no-ri bundler')
sudo('gem install --no-rdoc --no-ri json')
sudo('gem install --no-rdoc --no-ri resque')
sudo('gem install --no-rdoc --no-ri unicorn')
util.done()
def configure():
util.start()
if (not(env.newrelic_key)):
util.done('Missing Key')
return
if (not(util.enabled('newrelic'))):
util.done('Not enabled in environment settings')
return
sudo('nrsysmond-config --set license_key=%s' % env.newrelic_key)
sudo('/etc/init.d/newrelic-sysmond start')
util.done()
def configure(): util.start() util.done()
def install():
util.start()
if (not(env.newrelic_key)):
util.done('Missing Key')
return
if (not(util.enabled('newrelic'))):
util.done('Not enabled in environment settings')
return
sudo('wget -O /etc/apt/sources.list.d/newrelic.list http://download.newrelic.com/debian/newrelic.list')
sudo('apt-key adv --keyserver hkp://subkeys.pgp.net --recv-keys 548C16BF')
sudo('apt-get update')
sudo('apt-get install -yq newrelic-sysmond')
util.done()
def configure():
util.start()
# Open up mysql
sed('/etc/mysql/my.cnf',
'bind-address = 127.0.0.1',
'bind-address = 0.0.0.0',
use_sudo=True, backup='.bak', flags='')
# Update root password (do we need to do this??)
#query = "update user set password=PASSWORD('%s') where user='******';" % (env.password)
#run('mysql --batch --raw --skip-column-names --user=root --execute="%s"' % query)
#print("Updated database root user password")
sudo('/etc/init.d/mysql restart')
util.done()
def configure_slave(host): util.start() util.done()
def mkdirs(directories):
util.start()
if (directories):
for directory in directories:
print("Processing dir: %s" % directory)
if not exists(directory):
sudo("mkdir -m 777 -p %s" % directory)
util.done()
def install():
util.start()
sudo('apt-get install -yq php5-fpm')
sudo('apt-get install -yq php5-mysql')
sudo('apt-get install -yq php5-gd')
sudo('apt-get install -yq php5-curl')
# May not be needed anymore
#http://stackoverflow.com/questions/14405053/is-php-5-4-safe-without-suhosin
#sudo('apt-get install -y php5-suhosin')
sudo('apt-get install -yq php-apc')
sudo('apt-get install -yq php-pear')
sudo('apt-get install -yq mcrypt')
sudo('apt-get install -yq php5-mcrypt')
util.done()
def install():
util.start()
sudo('apt-get install -yq php5-fpm')
sudo('apt-get install -yq php5-mysql')
sudo('apt-get install -yq php5-gd')
sudo('apt-get install -yq php5-curl')
# May not be needed anymore
#http://stackoverflow.com/questions/14405053/is-php-5-4-safe-without-suhosin
#sudo('apt-get install -y php5-suhosin')
sudo('apt-get install -yq php-apc')
sudo('apt-get install -yq php-pear')
sudo('apt-get install -yq mcrypt')
sudo('apt-get install -yq php5-mcrypt')
util.done()
def configure():
util.start()
if (not (env.papertrail_key)):
util.done('Missing Key')
return
if (not (util.is_production())):
util.done('Not PRODUCTION')
return
# Papertrail
# Add this to end of rsyslog
# *.* @logs.papertrailapp.com:31784
# Restart
#sudo /etc/init.d/rsyslog restart
util.done()
def checkout(project_name, project_dir, branch=''):
util.start()
# Check out source code for the first time (always use master)
print('Checking out code for the first time')
if not exists("%s" % project_dir.lower()):
run('mkdir -p %s' % project_dir.lower())
if not exists("%s/%s" % (project_dir.lower(), project_name.lower())):
with cd(project_dir.lower()):
if (branch != "" and branch != None):
run('git clone -b %s ssh://git@git-server/%s.git %s' %
(branch, git_project.lower(), git_project.lower()))
else:
run('git clone ssh://git@git-server/%s.git %s' %
(git_project.lower(), git_project.lower()))
util.done()
def configure():
util.start()
# Open up mysql
sed('/etc/mysql/my.cnf',
'bind-address = 127.0.0.1',
'bind-address = 0.0.0.0',
use_sudo=True,
backup='.bak',
flags='')
# Update root password (do we need to do this??)
#query = "update user set password=PASSWORD('%s') where user='******';" % (env.password)
#run('mysql --batch --raw --skip-column-names --user=root --execute="%s"' % query)
#print("Updated database root user password")
sudo('/etc/init.d/mysql restart')
util.done()
def install():
util.start()
# Install standard packages
with settings(hide('warnings', 'stderr'), warn_only=True):
result = sudo('dpkg-query --show mysql-server')
if ("No packages" in result):
print("Installing MySQL ...")
sudo('echo "mysql-server-5.5 mysql-server/root_password password ' \
'%s" | debconf-set-selections' % env.password)
sudo('echo "mysql-server-5.5 mysql-server/root_password_again password ' \
'%s" | debconf-set-selections' % env.password)
sudo('apt-get install -yq mysql-server')
# Load timezone info
run('mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql --user=%s --password=%s mysql'
% ('root', env.password))
sudo('/etc/init.d/mysql restart')
util.done()
def install():
util.start()
# Install standard packages
with settings(hide('warnings', 'stderr'), warn_only=True):
result = sudo('dpkg-query --show mysql-server')
if ("No packages" in result):
print("Installing MySQL ...")
sudo('echo "mysql-server-5.5 mysql-server/root_password password ' \
'%s" | debconf-set-selections' % env.password)
sudo('echo "mysql-server-5.5 mysql-server/root_password_again password ' \
'%s" | debconf-set-selections' % env.password)
sudo('apt-get install -yq mysql-server')
# Load timezone info
run('mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql --user=%s --password=%s mysql' %
('root', env.password))
sudo('/etc/init.d/mysql restart')
util.done()
def install():
util.start()
print('Adding dotdeb repostories ...')
print('Dotdeb ...')
sudo('echo "deb http://packages.dotdeb.org wheezy all" >> /etc/apt/sources.list.d/wheezy-dotdeb.list')
sudo('echo "deb-src http://packages.dotdeb.org wheezy all" >> /etc/apt/sources.list.d/wheezy-dotdeb.list')
sudo('wget http://www.dotdeb.org/dotdeb.gpg')
sudo('cat dotdeb.gpg | sudo apt-key add -')
sudo('rm dotdeb.gpg')
# Run an update
sudo('apt-get update')
#sudo('DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade')
sudo('apt-get install -yq ntp')
sudo('apt-get install -yq mysql-client')
sudo('apt-get install -yq git-core')
sudo('apt-get install -yq vim')
util.done()
def configure():
util.start()
# Nginx conf changes
sed('/etc/nginx/nginx.conf',
'# server_names_hash_bucket_size 64',
'server_names_hash_bucket_size 64',
use_sudo=True, backup='.bak', flags='')
# Nginx breaks due to 2 port 80 listeners
sed('/etc/nginx/sites-available/default',
'listen ',
'#listen ',
use_sudo=True, flags='')
# Restart nginx
sudo('/etc/init.d/nginx restart')
# TODO: Load up check.php for Amazon health check
put(util.template('check.php'), '/usr/share/nginx/html/check.php', use_sudo=True)
util.done()
def install_php_agent():
util.start()
if (not(env.newrelic_key)):
util.done('Missing Key')
return
if (not(util.enabled('newrelic'))):
util.done('Not enabled in environment settings')
return
sudo('wget -O - http://download.newrelic.com/548C16BF.gpg | apt-key add -')
sudo('echo "deb http://apt.newrelic.com/debian/ newrelic non-free" > /etc/apt/sources.list.d/newrelic.list')
sudo('apt-get update')
sudo('apt-get install -yq newrelic-php5')
sudo('newrelic-install')
sudo('/etc/init.d/newrelic-daemon restart')
sudo('/etc/init.d/php5-fpm restart')
sudo('/etc/init.d/nginx restart')
util.done()
def install():
util.start()
# Get MariaDB Repo
sudo('apt-get install -y python-software-properties')
sudo('apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db')
put('fabfile/lib/database/etc-apt-mariadb.list',
'/etc/apt/sources.list.d/mariadb.list',
use_sudo=True)
sudo('apt-get update')
# See if we can pad the mariadb install for unattended more
#sudo('echo "mysql-server-5.5 mysql-server/root_password password ' \
# '%s" | debconf-set-selections' % env.password)
#sudo('echo "mysql-server-5.5 mysql-server/root_password_again password ' \
# '%s" | debconf-set-selections' % env.password)
# Install MariaDB Galera Cluster
sudo('apt-get install -yq rsync mariadb-galera-server galera')
sudo('/etc/init.d/mysql stop')
util.done()
def configure():
util.start()
# Set the timezone
print('Setting Timezone')
# Set timezone
sudo('echo "%s" > /etc/timezone' % env.timezone)
sudo('dpkg-reconfigure -f noninteractive tzdata')
# Make bash the default shell
print('Settings /bin/bash as default shell')
sudo('chsh -s /bin/bash %s' % env.user)
# Make vim the default editor
# http://shallowsky.com/blog/linux/ubuntu-default-browser.html
#sudo rm /etc/alternatives/gnome-www-browser
# sudo ln -s /usr/local/firefox11/firefox /etc/alternatives/gnome-www-browser
# sudo rm /etc/alternatives/x-www-browser
# sudo ln -s /usr/local/firefox11/firefox /etc/alternatives/x-www-browser
#sudo('update-alternatives --config editor')
util.done()
def install():
util.start()
if (not(util.enabled('s3fs'))):
util.done('Not enabled in environment settings')
return
s3fs_version = "1.61"
sudo('apt-get install -yq libfuse2')
sudo('apt-get install -yq fuse-utils')
sudo('apt-get install -yq make g++ pkg-config gcc build-essential')
sudo('apt-get install -yq libfuse-dev libxml2 libxml2-dev curl libcurl3 libcurl3-dev')
with cd('~'):
sudo('wget http://s3fs.googlecode.com/files/s3fs-%s.tar.gz' % s3fs_version)
sudo('tar xzvf s3fs-%s.tar.gz' % s3fs_version)
with cd('~/s3fs-%s' % s3fs_version):
sudo('./configure --prefix=/usr')
sudo('make')
with cd('~/s3fs-%s' % s3fs_version):
sudo('make install')
util.done()
def add_keys():
util.start()
# Create the private/public key for the user on this server
if not exists('/home/%s/.ssh/id_rsa.pub' % env.user):
print("... creating new SSH key")
with settings(warn_only=True):
run('mkdir ~/.ssh')
# Try to get rid of the prompts
#prompts = []
#prompts += expect('What is your name?','Jasper')
#with expecting(prompts):
# expect_run('ssh-keygen -t rsa', pty=False)
# http://unix.stackexchange.com/questions/69314/automated-ssh-keygen-without-passphrase-how
# ssh-kegen -b 2048 -t rsa -f /tmp/sshkey -q -N ""
#
#run('ssh-keygen -t rsa', pty=False)
run('ssh-keygen -t rsa -f /tmp/sshkey -q -N ""', pty=False)
util.done()
else:
util.done('Existing key found')
def install():
util.start()
# Get MariaDB Repo
sudo('apt-get install -y python-software-properties')
sudo(
'apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db'
)
put('fabfile/lib/database/etc-apt-mariadb.list',
'/etc/apt/sources.list.d/mariadb.list',
use_sudo=True)
sudo('apt-get update')
# See if we can pad the mariadb install for unattended more
#sudo('echo "mysql-server-5.5 mysql-server/root_password password ' \
# '%s" | debconf-set-selections' % env.password)
#sudo('echo "mysql-server-5.5 mysql-server/root_password_again password ' \
# '%s" | debconf-set-selections' % env.password)
# Install MariaDB Galera Cluster
sudo('apt-get install -yq rsync mariadb-galera-server galera')
sudo('/etc/init.d/mysql stop')
util.done()
def rsync(project_name, project_dir, app_root, www_root, username):
util.start()
# Check to make sure directory exists
if not exists(www_root):
print('Creating project folder for web server: %s' % www_root)
sudo('mkdir -p %s' % www_root)
sudo('chown -R %s:%s %s' % (username, username, www_root))
sudo('chmod -R 775 %s' % www_root)
# Rsync the entire directory over
print('Performing rsync to %s' % www_root)
source = '%s%s/%s' % (project_dir.lower(), project_name.lower(), app_root)
target = www_root
run("rsync -oavz --exclude 'application/log*' \
--exclude 'application/cache*' \
%s %s" % (source, target))
run('mkdir -p %sapplication/cache' % www_root)
run('mkdir -p %sapplication/logs' % www_root)
run('chmod -R 777 %sapplication/cache' % www_root)
run('chmod -R 777 %sapplication/logs' % www_root)
util.done()
def mount(mount_root, aws_buckets):
util.start()
if (not(util.enabled('s3fs'))):
util.done('Not enabled in environment settings')
return
# Create the password file
print("Mounting S3FS ...")
if exists('/etc/passwd-s3fs'):
print("Delete existing passwd file ...")
sudo('rm -fR /etc/passwd-s3fs')
print('Create s3fs passwd file')
sudo('touch /etc/passwd-s3fs')
for aws_bucket in aws_buckets:
sudo('echo %s:%s:%s >> /etc/passwd-s3fs' %
(aws_bucket['name'], aws_bucket['access_key'], aws_bucket['secret_key']))
sudo('chown root:root /etc/passwd-s3fs')
sudo('chmod 400 /etc/passwd-s3fs')
# Update fstab
print('Update fstab to automount')
# If this is the first ever touch, the .orig file should not exist
if not exists('/etc/fstab.orig'):
sudo('cp /etc/fstab /etc/fstab.orig')
# Backup the current fstab with timestamp as well
sudo('cp /etc/fstab /etc/%s' % util.timestamp('fstab'))
# If the fstab.orig file exists, this means that this is NOT
# the first time fabric has come around so we want to copy
# the original
if exists('/etc/fstab.orig'):
sudo('rm /etc/fstab')
sudo('cp /etc/fstab.orig /etc/fstab')
for aws_bucket in aws_buckets:
mount_point = "%s%s" % (mount_root, aws_bucket['mount'])
print("Mounting bucket: %s => %s" % (aws_bucket['name'], mount_point))
sudo('echo "\n" >> /etc/fstab')
# s3fs#s3fs.domain.com /mnt/s3fs/ fuse allow_other 0 0
sudo('echo "s3fs#%s %s fuse allow_other 0 0" >> /etc/fstab' %
(aws_bucket['name'], mount_point))
sudo('mount -a')
util.done()
def configure():
util.start()
# Configure
put('fabfile/lib/database/galera.cnf',
'/etc/mysql/conf.d/galera.cnf',
use_sudo=True)
# Set the ips
ips = env.config.get('ips')
ips_string = ','.join(ips['database'])
sed('/etc/mysql/conf.d/galera.cnf',
'\{\{ips\}\}',
ips_string,
use_sudo=True,
flags='')
# Set the current box hostname and IP
current_ip = get_current_ip()
sed('/etc/mysql/conf.d/galera.cnf',
'\{\{ip\}\}',
current_ip,
use_sudo=True,
flags='')
sed('/etc/mysql/conf.d/galera.cnf',
'\{\{hostname\}\}',
env.host_string,
use_sudo=True,
flags='')
# We have to start the first cluster with a special flag
# roledefs = env.config.get('roledefs')
# first_host = roledefs[0]
# if env.host_string == first_host:
# sudo('/etc/init.d/mysql start --wsrep-new-cluster')
# else:
# sudo('/etc/init.d/mysql start')
# Now we have to copy /etc/mysql/debian.cnf from one to others
put('fabfile/lib/database/etc-mysql-debian.cnf',
'/etc/mysql/debian.cnf',
use_sudo=True)
util.done()
def configure():
util.start()
# Configure
put('fabfile/lib/database/galera.cnf',
'/etc/mysql/conf.d/galera.cnf',
use_sudo=True)
# Set the ips
ips = env.config.get('ips')
ips_string = ','.join(ips['database'])
sed('/etc/mysql/conf.d/galera.cnf',
'\{\{ips\}\}',
ips_string,
use_sudo=True, flags='')
# Set the current box hostname and IP
current_ip = get_current_ip()
sed('/etc/mysql/conf.d/galera.cnf',
'\{\{ip\}\}',
current_ip,
use_sudo=True, flags='')
sed('/etc/mysql/conf.d/galera.cnf',
'\{\{hostname\}\}',
env.host_string,
use_sudo=True, flags='')
# We have to start the first cluster with a special flag
# roledefs = env.config.get('roledefs')
# first_host = roledefs[0]
# if env.host_string == first_host:
# sudo('/etc/init.d/mysql start --wsrep-new-cluster')
# else:
# sudo('/etc/init.d/mysql start')
# Now we have to copy /etc/mysql/debian.cnf from one to others
put('fabfile/lib/database/etc-mysql-debian.cnf',
'/etc/mysql/debian.cnf',
use_sudo=True)
util.done()
def configure():
util.start()
#
# Additionally, for extra security, we can use IP tables
#
# Comment out the bind
#sed('/etc/redis/redis.conf', 'bind 127.0.0.1', '#bind 127.0.0.1', use_sudo=True)
# Restart redis
#sudo('/etc/init.d/redis-server restart')
# Setup IP tables
# Block Redis port (6379) and resque-web port (5678)
#sudo('iptables -A INPUT -j DROP -p tcp --destination-port 6379 -i eth0')
#sudo('iptables -A INPUT -j DROP -p tcp --destination-port 5678 -i eth0')
# IPs for dev computers
ips = ['68.111.83.216', '198.15.79.146']
# IPs for Linode servers
ips.extend(['173.255.196.166', '173.230.148.249', '173.255.255.61'])
# IPs for Uptimerobot
ips.extend(['74.86.158.106', '74.86.158.107', '74.86.179.130'])
ips.extend(['74.86.179.131', '46.137.190.132', '122.248.234.23'])
# Add back the IPs
#for ip in ips:
# sudo('iptables -I INPUT -s %s -j ACCEPT' % ip)
util.done()
def register(git_hostname, username):
util.start()
# Copy the deploy private key to the server
print("Copying deployment private key to server")
put(util.template('id_rsa_deploy'),
'/home/%s/.ssh/id_rsa_deploy' % username,
use_sudo=False,
mode=0600)
# Copy ssh config file to server
put(util.template('ssh_config'),
'/home/%s/.ssh/config' % username,
use_sudo=False)
# Replace tokens in config file
sed('/home/%s/.ssh/config' % username,
'\{\{git-server\}\}',
'%s' % git_hostname,
use_sudo=False,
flags='')
sed('/home/%s/.ssh/config' % username,
'\{\{home\}\}',
'%s' % username,
use_sudo=False,
flags='')
util.done()
def install():
util.start()
#sudo('apt-get install -y ufw')
util.done()
def add_host(project_name,
www_root,
host_string,
environment = "DEVELOPMENT",
server_names = ""):
util.start()
project_name = project_name.lower()
# Add new virtual host
print('Adding new virtual host: %s' % host_string)
# Delete old virtual host file
if exists('/etc/nginx/sites-available/%s' % project_name):
print('Found old virtual host, archiving')
orig = '/etc/nginx/sites-available/%s' % project_name
backup = '/etc/nginx/sites-available/%s' % util.timestamp(project_name)
sudo('mv %s %s' % (orig, backup))
#sudo('rm -fR /etc/nginx/sites-available/%s' % project_name)
sudo('rm -fR /etc/nginx/sites-enabled/%s' % project_name)
# Deal with SSL portion of site
if (util.enabled('ssl')):
# Copy some files from lib/ssl to server
run('rm -fR ~/ssl')
run('mkdir ~/ssl')
put('fabfile/project/ssl/%s.com.bundle.crt' % project_name,
'~/ssl/%s.com.bundle.crt' % project_name)
put('fabfile/project/ssl/%s.com.key' % project_name,
'~/ssl/%s.com.key' % project_name)
nginx_site_file = "nginx-site-ssl";
else:
nginx_site_file = "nginx-site";
print('Copying from local project virtual host')
put(util.template("%s") % nginx_site_file,
'/etc/nginx/sites-available/%s' % project_name,
use_sudo=True)
print('Replacing some tokens')
# TODO: Token needs to be sync'd with Vagrantfile share folders
# TODO: Token needs to by sync'd with dev_chris.py
# TODO: Token needs to by sync'd with main fabric __init__.py
sed('/etc/nginx/sites-available/%s' % project_name,
'\{\{www_root\}\}',
'%s' % www_root,
use_sudo=True, backup='.bak', flags='')
# Munge the server_names to create a unique list
# TODO: Move to separate function
if (server_names != "" and server_names['www'] != ""):
server_names = server_names['www']
server_names.append(host_string)
server_names = set(server_names)
nginx_server_name = " ".join(server_names)
else:
nginx_server_name = host_string
print("Setting nginx server_name: %s" % nginx_server_name)
sed('/etc/nginx/sites-available/%s' % project_name,
'\{\{localhost\}\}',
'%s' % nginx_server_name,
use_sudo=True, backup='.bak', flags='')
sed('/etc/nginx/sites-available/%s' % project_name,
'\{\{environment\}\}',
'%s' % environment,
use_sudo=True, backup='.bak', flags='')
util.done()
def install():
util.start()
sudo('apt-get install -yq nginx')
util.done()
def install():
util.start()
#sudo('apt-get install -y ufw')
util.done()
def configure():
util.start()
util.done()
def configure_master(host): util.start() util.done()
def configure():
util.start()
# Create the resque-web directory structure
sudo('mkdir -p /etc/unicorn')
sudo('mkdir -p /var/www/resque-web')
sudo('mkdir -p /var/www/resque-web/shared')
sudo('mkdir -p /var/www/resque-web/config')
sudo('mkdir -p /var/www/resque-web/log')
sudo('mkdir -p /var/www/resque-web/shared')
sudo('chown -R www-data:www-data /var/www/resque-web')
sudo('chmod -R 775 /var/www/resque-web')
put(util.template('etc-init.d-unicorn'), '/etc/init.d/unicorn', use_sudo=True)
put(util.template('etc-nginx-resque-web'), '/etc/nginx/sites-available/resque-web', use_sudo=True)
put(util.template('etc-unicorn-resque-web.conf'), '/etc/unicorn/resque-web.conf', use_sudo=True)
put(util.template('var-www-config.ru'), '/var/www/resque-web/config.ru', use_sudo=True)
put(util.template('var-www-unicorn.rb'), '/var/www/resque-web/config/unicorn.rb', use_sudo=True)
put(util.template('var-www-resque.rb'), '/var/www/resque-web/config/resque.rb', use_sudo=True)
# Munge the server_names to create a unique list
# TODO: Move to separate function
server_names = env.config.get('server_names', "")
if (server_names != "" and server_names['resque'] != ""):
server_names = server_names['resque']
server_names.append(env.host_string)
server_names = set(server_names)
nginx_server_name = " ".join(server_names)
else:
nginx_server_name = env.host_string
print("Setting nginx server_name: %s" % nginx_server_name)
sed('/etc/nginx/sites-available/resque-web',
'\{\{localhost\}\}',
'%s' % nginx_server_name,
use_sudo=True, backup='.bak', flags='')
# Configure resque to the correct Redis server
redis_host = 'localhost'
redis_port = 6379
redis_password = env.password
if (env.redis_host and env.redis_host != ''):
redis_host = env.redis_host
redis_port = env.redis_port
redis_password = env.redis_password
print("Using redis server @ %s:%s" % (redis_host, redis_port))
sed('/var/www/resque-web/config.ru',
'\{\{host\}\}',
'%s' % redis_host,
use_sudo=True, backup='.bak', flags='')
sed('/var/www/resque-web/config.ru',
'\{\{port\}\}',
'%s' % redis_port,
use_sudo=True, backup='.bak', flags='')
sed('/var/www/resque-web/config.ru',
'\{\{password\}\}',
'%s' % redis_password,
use_sudo=True, backup='.bak', flags='')
# Continue configuring resque server
sed('/var/www/resque-web/config/resque.rb',
'\{\{password\}\}',
'%s' % env.password,
use_sudo=True, backup='.bak', flags='')
if not exists('/etc/nginx/sites-enabled/resque-web'):
sudo('ln -s /etc/nginx/sites-available/resque-web /etc/nginx/sites-enabled/resque-web')
sudo('chown root:root /etc/init.d/unicorn')
sudo('chmod 775 /etc/init.d/unicorn')
# Have unicorn (resque-web) start on boot
sudo('update-rc.d unicorn defaults')
# Restart unicorn and nginx
sudo('/etc/init.d/unicorn restart')
sudo('/etc/init.d/nginx restart')
util.done()
def configure():
util.start()
# Create the resque-web directory structure
sudo('mkdir -p /etc/unicorn')
sudo('mkdir -p /var/www/resque-web')
sudo('mkdir -p /var/www/resque-web/shared')
sudo('mkdir -p /var/www/resque-web/config')
sudo('mkdir -p /var/www/resque-web/log')
sudo('mkdir -p /var/www/resque-web/shared')
sudo('chown -R www-data:www-data /var/www/resque-web')
sudo('chmod -R 775 /var/www/resque-web')
put(util.template('etc-init.d-unicorn'),
'/etc/init.d/unicorn',
use_sudo=True)
put(util.template('etc-nginx-resque-web'),
'/etc/nginx/sites-available/resque-web',
use_sudo=True)
put(util.template('etc-unicorn-resque-web.conf'),
'/etc/unicorn/resque-web.conf',
use_sudo=True)
put(util.template('var-www-config.ru'),
'/var/www/resque-web/config.ru',
use_sudo=True)
put(util.template('var-www-unicorn.rb'),
'/var/www/resque-web/config/unicorn.rb',
use_sudo=True)
put(util.template('var-www-resque.rb'),
'/var/www/resque-web/config/resque.rb',
use_sudo=True)
# Munge the server_names to create a unique list
# TODO: Move to separate function
server_names = env.config.get('server_names', "")
if (server_names != "" and server_names['resque'] != ""):
server_names = server_names['resque']
server_names.append(env.host_string)
server_names = set(server_names)
nginx_server_name = " ".join(server_names)
else:
nginx_server_name = env.host_string
print("Setting nginx server_name: %s" % nginx_server_name)
sed('/etc/nginx/sites-available/resque-web',
'\{\{localhost\}\}',
'%s' % nginx_server_name,
use_sudo=True,
backup='.bak',
flags='')
# Configure resque to the correct Redis server
redis_host = 'localhost'
redis_port = 6379
redis_password = env.password
if (env.redis_host and env.redis_host != ''):
redis_host = env.redis_host
redis_port = env.redis_port
redis_password = env.redis_password
print("Using redis server @ %s:%s" % (redis_host, redis_port))
sed('/var/www/resque-web/config.ru',
'\{\{host\}\}',
'%s' % redis_host,
use_sudo=True,
backup='.bak',
flags='')
sed('/var/www/resque-web/config.ru',
'\{\{port\}\}',
'%s' % redis_port,
use_sudo=True,
backup='.bak',
flags='')
sed('/var/www/resque-web/config.ru',
'\{\{password\}\}',
'%s' % redis_password,
use_sudo=True,
backup='.bak',
flags='')
# Continue configuring resque server
sed('/var/www/resque-web/config/resque.rb',
'\{\{password\}\}',
'%s' % env.password,
use_sudo=True,
backup='.bak',
flags='')
if not exists('/etc/nginx/sites-enabled/resque-web'):
sudo(
'ln -s /etc/nginx/sites-available/resque-web /etc/nginx/sites-enabled/resque-web'
)
sudo('chown root:root /etc/init.d/unicorn')
sudo('chmod 775 /etc/init.d/unicorn')
# Have unicorn (resque-web) start on boot
sudo('update-rc.d unicorn defaults')
# Restart unicorn and nginx
sudo('/etc/init.d/unicorn restart')
sudo('/etc/init.d/nginx restart')
util.done()
def configure_master(host):
util.start()
util.done()
def configure_slave(host):
util.start()
util.done()
def install():
util.start()
# Install automysqlbackup
sudo('apt-get install -yq automysqlbackup')
util.done()
def install(): util.start() util.done()
