def install_nginx(): install_packages('nginx') sudo('pip install uwsgi') # Global configuration sudo('cp /etc/nginx/nginx.conf /etc/nginx/nginx-prev.conf') nginx_conf = open(os.path.normpath( os.path.join(os.path.abspath(__file__), '..', '..', 'templates', 'nginx.conf') )) put(nginx_conf, '/etc/nginx/nginx.conf') sudo('rm -f /etc/nginx/sites-enabled/default')
def init(): # Install libraries and applications sudo('aptitude -y update') sudo('aptitude -y upgrade') install_packages(*UBUNTU_PACKAGES) install_postgres() install_nginx() # Create user and make him sudoer sudo('useradd -s /bin/bash -d /home/%(user)s -m %(user)s -G sudo' % { 'user': env.deploy_user, 'password': env.passwords[env.host_string]}) sudo('passwd %s' % env.deploy_user) # Set default text editor cmd('echo "SELECTED_EDITOR=\"/usr/bin/mcedit\"" > /home/%s/.selected_editor' % env.deploy_user) sudo('echo "SELECTED_EDITOR=\"/usr/bin/mcedit\"" > /root/.selected_editor') # Generate ssh key cmd('mkdir /home/%s/.ssh' % env.deploy_user) cmd('ssh-keygen -t rsa -f /home/%s/.ssh/id_rsa -N %s -C "%s"' % ( env.deploy_user, env.conf['SSH_KEY_PASSPHRASE'], env.conf['GITHUB_EMAIL'])) # Wait until user adds the key to github print "\033[92mCopy the following public key and add it to the list of deploy keys on github\033[0m" cmd('cat /home/%s/.ssh/id_rsa.pub' % env.deploy_user) res = prompt('Have you added the key? (type "yes"): ') while res != 'yes': res = prompt('Have you added the key? (type "yes"): ') # Test access to repo with settings(warn_only=True): cmd('ssh -T [email protected]') prompt('Have you seen "You\'ve successfully authenticated" message above?') # Allow developers to login with ssh keys cmd('echo "%s" >> /home/%s/.ssh/authorized_keys' % ('\n'.join(env.conf['developers_ssh_pubkey']), env.deploy_user)) sudo('mkdir -p /root/.ssh') sudo('echo -e "%s" >> /root/.ssh/authorized_keys' % '\n'.join(env.conf['developers_ssh_pubkey'])) # TODO: after blocking password access env.passwords shouldn't be set # Prohibit ssh password authentication sudo('echo -e "\n\nChallengeResponseAuthentication no\nPasswordAuthentication no\nUsePAM no" >> /etc/ssh/sshd_config') sudo('reload ssh')
def install_postgres(): install_packages('postgresql', 'postgresql-client', 'postgresql-server-dev-all') # Create postgres user and database sudo('createuser -l -E -S -D -R %s' % env.conf['database.USER'], user='******') sudo('createdb -O %s %s' % (env.conf['database.USER'], env.conf['database.NAME']), user='******') # Database settings recommended by Django postgres_conf = { 'client_encoding': "'UTF8'", 'default_transaction_isolation': "'read committed'", 'timezone': "'UTC'", } for param, value in postgres_conf.iteritems(): sudo('echo "ALTER ROLE %s in DATABASE %s SET %s = %s;" | psql' % ( env.conf['database.USER'], env.conf['database.NAME'], param, value), user='******') sudo('echo "ALTER USER %s WITH PASSWORD \'%s\';" | psql' % ( env.conf['database.USER'], env.conf['database.PASSWORD']), user='******')