def install(): util.start() # If Redis host is not specified, that means we will run a local one if (env.redis_host and env.redis_host != ''): print("Not installing Redis ...") print("Using Redis @ %s:%s" % (env.redis_host, env.redis_port)) else: print("Installing Redis ...") sudo('apt-get install -yq redis-server') # Secure Redis http://redis.io/topics/security sed('/etc/redis/redis.conf', '# requirepass foobared', '# requirepass foobared\\nrequirepass %s' % env.password, use_sudo=True, backup='.bak', flags='') # Open redis to all IPs sed('/etc/redis/redis.conf', '#bind 127.0.0.1', '#bind 127.0.0.1\\nbind 0.0.0.0', use_sudo=True, backup='.bak', flags='') # Restart redis sudo('/etc/init.d/redis-server restart') util.done()
def configure(): util.start() # Have php-fpm use a unix socket print('Switching php-fpm to socket') sed('/etc/php5/fpm/pool.d/www.conf', 'listen = 127.0.0.1:9000', ';listen = 127.0.0.1:9000\\nlisten = /var/run/php5-fpm.sock', use_sudo=True, backup='.bak', flags='') # Enable php for nginx print('Routing .php from nginx to php-fpm') if exists('/etc/nginx/conf.d/php.conf'): sudo('rm /etc/nginx/conf.d/php.conf') put(util.template('php.conf'), '/etc/nginx/conf.d/php.conf', use_sudo=True) # Add custom php.ini settings print('Adding custom php.ini settings') if exists('/etc/nginx/conf.d/php.conf'): if exists('/etc/php5/fpm/conf.d/php-custom.ini'): sudo('rm /etc/php5/fpm/conf.d/php-custom.ini') put(util.template('php-custom.ini'), '/etc/php5/fpm/conf.d/php-custom.ini', use_sudo=True) # Reload php-fpm sudo('/etc/init.d/php5-fpm restart') util.done()
def configure(): util.start() # http://guides.webbynode.com/articles/security/ubuntu-ufw.html # http://niteowebfabfile.readthedocs.org/en/latest/_modules/niteoweb/fabfile/server.html print("Enabling UFW (firewall)") # Change some things per here to eliminate errors # http://blog.kylemanna.com/linux/2013/04/26/ufw-vps/ sed('/etc/default/ufw', 'IPV6=yes', 'IPV6=no', use_sudo=True, backup='.bak', flags='') sed('/etc/default/ufw', 'IPT_MODULES=', '#IPT_MODULES=', use_sudo=True, backup='.bak', flags='') # Reset sudo('ufw --force reset') # Apply rules sudo('ufw default deny') sudo('ufw allow 22') # ssh sudo('ufw allow 80') # web/http sudo('ufw allow 443') # web/https sudo('ufw allow 3306') # mysql sudo('ufw allow 5678') # resque-web sudo('ufw allow 6379') # redis # re-enable firewall and print rules sudo('ufw --force enable') sudo('ufw status verbose') util.done()
def configure(): util.start() # http://guides.webbynode.com/articles/security/ubuntu-ufw.html # http://niteowebfabfile.readthedocs.org/en/latest/_modules/niteoweb/fabfile/server.html print("Enabling UFW (firewall)") # Change some things per here to eliminate errors # http://blog.kylemanna.com/linux/2013/04/26/ufw-vps/ sed('/etc/default/ufw', 'IPV6=yes', 'IPV6=no', use_sudo=True, backup='.bak', flags='') sed('/etc/default/ufw', 'IPT_MODULES=', '#IPT_MODULES=', use_sudo=True, backup='.bak', flags='') # Reset sudo('ufw --force reset') # Apply rules sudo('ufw default deny') sudo('ufw allow 22') # ssh sudo('ufw allow 80') # web/http sudo('ufw allow 443') # web/https sudo('ufw allow 3306') # mysql sudo('ufw allow 5678') # resque-web sudo('ufw allow 6379') # redis # re-enable firewall and print rules sudo('ufw --force enable') sudo('ufw status verbose') util.done()
def configure(): util.start() # Have php-fpm use a unix socket print('Switching php-fpm to socket') sed('/etc/php5/fpm/pool.d/www.conf', 'listen = 127.0.0.1:9000', ';listen = 127.0.0.1:9000\\nlisten = /var/run/php5-fpm.sock', use_sudo=True, backup='.bak', flags='') # Enable php for nginx print('Routing .php from nginx to php-fpm') if exists('/etc/nginx/conf.d/php.conf'): sudo('rm /etc/nginx/conf.d/php.conf') put(util.template('php.conf'), '/etc/nginx/conf.d/php.conf', use_sudo=True) # Add custom php.ini settings print('Adding custom php.ini settings') if exists('/etc/nginx/conf.d/php.conf'): if exists('/etc/php5/fpm/conf.d/php-custom.ini'): sudo('rm /etc/php5/fpm/conf.d/php-custom.ini') put(util.template('php-custom.ini'), '/etc/php5/fpm/conf.d/php-custom.ini', use_sudo=True) # Reload php-fpm sudo('/etc/init.d/php5-fpm restart') util.done()
def install(): util.start() # Install basic Ruby stuff sudo('apt-get install -yq ruby1.8 ruby1.8-dev rails rake gem rubygems') # Install gems: resque + unicorn sudo('gem install --no-rdoc --no-ri bundler') sudo('gem install --no-rdoc --no-ri json') sudo('gem install --no-rdoc --no-ri resque') sudo('gem install --no-rdoc --no-ri unicorn') util.done()
def configure(mount_root): util.start() # Create document root mount_root = env.config.get('mount_root') if ('%s' in document_root): mount_root = mount_root % env.git_project.lower() # Create document root directory if it doesn't exist if not exists(mount_root): sudo("mkdir -m 775 -p %s" % mount_root) util.done()
def install(): util.start() # Install basic Ruby stuff sudo('apt-get install -yq ruby1.8 ruby1.8-dev rails rake gem rubygems') # Install gems: resque + unicorn sudo('gem install --no-rdoc --no-ri bundler') sudo('gem install --no-rdoc --no-ri json') sudo('gem install --no-rdoc --no-ri resque') sudo('gem install --no-rdoc --no-ri unicorn') util.done()
def install(): util.start() # Install Percona XtraBackup (Hot backup software) put('fabfile/lib/database/etc-apt-percona.list', '/etc/apt/sources.list.d/percona.list', use_sudo=True) sudo('apt-key adv --keyserver keys.gnupg.net --recv-keys 1C4CBDCDCD2EFD2A') sudo('apt-get update') sudo('apt-get install -yq xtrabackup') util.done()
def configure(): util.start() util.done()
def configure_slave(host): util.start() util.done()
def mkdirs(directories): util.start() if (directories): for directory in directories: print("Processing dir: %s" % directory) if not exists(directory): sudo("mkdir -m 777 -p %s" % directory) util.done()
def configure(): util.start() # Open up mysql sed('/etc/mysql/my.cnf', 'bind-address = 127.0.0.1', 'bind-address = 0.0.0.0', use_sudo=True, backup='.bak', flags='') # Update root password (do we need to do this??) #query = "update user set password=PASSWORD('%s') where user='******';" % (env.password) #run('mysql --batch --raw --skip-column-names --user=root --execute="%s"' % query) #print("Updated database root user password") sudo('/etc/init.d/mysql restart') util.done()
def install(): util.start() sudo('apt-get install -yq php5-fpm') sudo('apt-get install -yq php5-mysql') sudo('apt-get install -yq php5-gd') sudo('apt-get install -yq php5-curl') # May not be needed anymore #http://stackoverflow.com/questions/14405053/is-php-5-4-safe-without-suhosin #sudo('apt-get install -y php5-suhosin') sudo('apt-get install -yq php-apc') sudo('apt-get install -yq php-pear') sudo('apt-get install -yq mcrypt') sudo('apt-get install -yq php5-mcrypt') util.done()
def install(): util.start() sudo('apt-get install -yq php5-fpm') sudo('apt-get install -yq php5-mysql') sudo('apt-get install -yq php5-gd') sudo('apt-get install -yq php5-curl') # May not be needed anymore #http://stackoverflow.com/questions/14405053/is-php-5-4-safe-without-suhosin #sudo('apt-get install -y php5-suhosin') sudo('apt-get install -yq php-apc') sudo('apt-get install -yq php-pear') sudo('apt-get install -yq mcrypt') sudo('apt-get install -yq php5-mcrypt') util.done()
def checkout(project_name, project_dir, branch=''): util.start() # Check out source code for the first time (always use master) print('Checking out code for the first time') if not exists("%s" % project_dir.lower()): run('mkdir -p %s' % project_dir.lower()) if not exists("%s/%s" % (project_dir.lower(), project_name.lower())): with cd(project_dir.lower()): if (branch != "" and branch != None): run('git clone -b %s ssh://git@git-server/%s.git %s' % (branch, git_project.lower(), git_project.lower())) else: run('git clone ssh://git@git-server/%s.git %s' % (git_project.lower(), git_project.lower())) util.done()
def configure(): util.start() # Open up mysql sed('/etc/mysql/my.cnf', 'bind-address = 127.0.0.1', 'bind-address = 0.0.0.0', use_sudo=True, backup='.bak', flags='') # Update root password (do we need to do this??) #query = "update user set password=PASSWORD('%s') where user='******';" % (env.password) #run('mysql --batch --raw --skip-column-names --user=root --execute="%s"' % query) #print("Updated database root user password") sudo('/etc/init.d/mysql restart') util.done()
def install(): util.start() # Install standard packages with settings(hide('warnings', 'stderr'), warn_only=True): result = sudo('dpkg-query --show mysql-server') if ("No packages" in result): print("Installing MySQL ...") sudo('echo "mysql-server-5.5 mysql-server/root_password password ' \ '%s" | debconf-set-selections' % env.password) sudo('echo "mysql-server-5.5 mysql-server/root_password_again password ' \ '%s" | debconf-set-selections' % env.password) sudo('apt-get install -yq mysql-server') # Load timezone info run('mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql --user=%s --password=%s mysql' % ('root', env.password)) sudo('/etc/init.d/mysql restart') util.done()
def configure(): util.start() # Nginx conf changes sed('/etc/nginx/nginx.conf', '# server_names_hash_bucket_size 64', 'server_names_hash_bucket_size 64', use_sudo=True, backup='.bak', flags='') # Nginx breaks due to 2 port 80 listeners sed('/etc/nginx/sites-available/default', 'listen ', '#listen ', use_sudo=True, flags='') # Restart nginx sudo('/etc/init.d/nginx restart') # TODO: Load up check.php for Amazon health check put(util.template('check.php'), '/usr/share/nginx/html/check.php', use_sudo=True) util.done()
def install(): util.start() print('Adding dotdeb repostories ...') print('Dotdeb ...') sudo('echo "deb http://packages.dotdeb.org wheezy all" >> /etc/apt/sources.list.d/wheezy-dotdeb.list') sudo('echo "deb-src http://packages.dotdeb.org wheezy all" >> /etc/apt/sources.list.d/wheezy-dotdeb.list') sudo('wget http://www.dotdeb.org/dotdeb.gpg') sudo('cat dotdeb.gpg | sudo apt-key add -') sudo('rm dotdeb.gpg') # Run an update sudo('apt-get update') #sudo('DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade') sudo('apt-get install -yq ntp') sudo('apt-get install -yq mysql-client') sudo('apt-get install -yq git-core') sudo('apt-get install -yq vim') util.done()
def install(): util.start() # Install standard packages with settings(hide('warnings', 'stderr'), warn_only=True): result = sudo('dpkg-query --show mysql-server') if ("No packages" in result): print("Installing MySQL ...") sudo('echo "mysql-server-5.5 mysql-server/root_password password ' \ '%s" | debconf-set-selections' % env.password) sudo('echo "mysql-server-5.5 mysql-server/root_password_again password ' \ '%s" | debconf-set-selections' % env.password) sudo('apt-get install -yq mysql-server') # Load timezone info run('mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql --user=%s --password=%s mysql' % ('root', env.password)) sudo('/etc/init.d/mysql restart') util.done()
def install(): util.start() # Get MariaDB Repo sudo('apt-get install -y python-software-properties') sudo('apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db') put('fabfile/lib/database/etc-apt-mariadb.list', '/etc/apt/sources.list.d/mariadb.list', use_sudo=True) sudo('apt-get update') # See if we can pad the mariadb install for unattended more #sudo('echo "mysql-server-5.5 mysql-server/root_password password ' \ # '%s" | debconf-set-selections' % env.password) #sudo('echo "mysql-server-5.5 mysql-server/root_password_again password ' \ # '%s" | debconf-set-selections' % env.password) # Install MariaDB Galera Cluster sudo('apt-get install -yq rsync mariadb-galera-server galera') sudo('/etc/init.d/mysql stop') util.done()
def configure(): util.start() # Set the timezone print('Setting Timezone') # Set timezone sudo('echo "%s" > /etc/timezone' % env.timezone) sudo('dpkg-reconfigure -f noninteractive tzdata') # Make bash the default shell print('Settings /bin/bash as default shell') sudo('chsh -s /bin/bash %s' % env.user) # Make vim the default editor # http://shallowsky.com/blog/linux/ubuntu-default-browser.html #sudo rm /etc/alternatives/gnome-www-browser # sudo ln -s /usr/local/firefox11/firefox /etc/alternatives/gnome-www-browser # sudo rm /etc/alternatives/x-www-browser # sudo ln -s /usr/local/firefox11/firefox /etc/alternatives/x-www-browser #sudo('update-alternatives --config editor') util.done()
def install(): util.start() if (not(util.enabled('s3fs'))): util.done('Not enabled in environment settings') return s3fs_version = "1.61" sudo('apt-get install -yq libfuse2') sudo('apt-get install -yq fuse-utils') sudo('apt-get install -yq make g++ pkg-config gcc build-essential') sudo('apt-get install -yq libfuse-dev libxml2 libxml2-dev curl libcurl3 libcurl3-dev') with cd('~'): sudo('wget http://s3fs.googlecode.com/files/s3fs-%s.tar.gz' % s3fs_version) sudo('tar xzvf s3fs-%s.tar.gz' % s3fs_version) with cd('~/s3fs-%s' % s3fs_version): sudo('./configure --prefix=/usr') sudo('make') with cd('~/s3fs-%s' % s3fs_version): sudo('make install') util.done()
def install(): util.start() # Get MariaDB Repo sudo('apt-get install -y python-software-properties') sudo( 'apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db' ) put('fabfile/lib/database/etc-apt-mariadb.list', '/etc/apt/sources.list.d/mariadb.list', use_sudo=True) sudo('apt-get update') # See if we can pad the mariadb install for unattended more #sudo('echo "mysql-server-5.5 mysql-server/root_password password ' \ # '%s" | debconf-set-selections' % env.password) #sudo('echo "mysql-server-5.5 mysql-server/root_password_again password ' \ # '%s" | debconf-set-selections' % env.password) # Install MariaDB Galera Cluster sudo('apt-get install -yq rsync mariadb-galera-server galera') sudo('/etc/init.d/mysql stop') util.done()
def add_keys(): util.start() # Create the private/public key for the user on this server if not exists('/home/%s/.ssh/id_rsa.pub' % env.user): print("... creating new SSH key") with settings(warn_only=True): run('mkdir ~/.ssh') # Try to get rid of the prompts #prompts = [] #prompts += expect('What is your name?','Jasper') #with expecting(prompts): # expect_run('ssh-keygen -t rsa', pty=False) # http://unix.stackexchange.com/questions/69314/automated-ssh-keygen-without-passphrase-how # ssh-kegen -b 2048 -t rsa -f /tmp/sshkey -q -N "" # #run('ssh-keygen -t rsa', pty=False) run('ssh-keygen -t rsa -f /tmp/sshkey -q -N ""', pty=False) util.done() else: util.done('Existing key found')
def rsync(project_name, project_dir, app_root, www_root, username): util.start() # Check to make sure directory exists if not exists(www_root): print('Creating project folder for web server: %s' % www_root) sudo('mkdir -p %s' % www_root) sudo('chown -R %s:%s %s' % (username, username, www_root)) sudo('chmod -R 775 %s' % www_root) # Rsync the entire directory over print('Performing rsync to %s' % www_root) source = '%s%s/%s' % (project_dir.lower(), project_name.lower(), app_root) target = www_root run("rsync -oavz --exclude 'application/log*' \ --exclude 'application/cache*' \ %s %s" % (source, target)) run('mkdir -p %sapplication/cache' % www_root) run('mkdir -p %sapplication/logs' % www_root) run('chmod -R 777 %sapplication/cache' % www_root) run('chmod -R 777 %sapplication/logs' % www_root) util.done()
def mount(mount_root, aws_buckets): util.start() if (not(util.enabled('s3fs'))): util.done('Not enabled in environment settings') return # Create the password file print("Mounting S3FS ...") if exists('/etc/passwd-s3fs'): print("Delete existing passwd file ...") sudo('rm -fR /etc/passwd-s3fs') print('Create s3fs passwd file') sudo('touch /etc/passwd-s3fs') for aws_bucket in aws_buckets: sudo('echo %s:%s:%s >> /etc/passwd-s3fs' % (aws_bucket['name'], aws_bucket['access_key'], aws_bucket['secret_key'])) sudo('chown root:root /etc/passwd-s3fs') sudo('chmod 400 /etc/passwd-s3fs') # Update fstab print('Update fstab to automount') # If this is the first ever touch, the .orig file should not exist if not exists('/etc/fstab.orig'): sudo('cp /etc/fstab /etc/fstab.orig') # Backup the current fstab with timestamp as well sudo('cp /etc/fstab /etc/%s' % util.timestamp('fstab')) # If the fstab.orig file exists, this means that this is NOT # the first time fabric has come around so we want to copy # the original if exists('/etc/fstab.orig'): sudo('rm /etc/fstab') sudo('cp /etc/fstab.orig /etc/fstab') for aws_bucket in aws_buckets: mount_point = "%s%s" % (mount_root, aws_bucket['mount']) print("Mounting bucket: %s => %s" % (aws_bucket['name'], mount_point)) sudo('echo "\n" >> /etc/fstab') # s3fs#s3fs.domain.com /mnt/s3fs/ fuse allow_other 0 0 sudo('echo "s3fs#%s %s fuse allow_other 0 0" >> /etc/fstab' % (aws_bucket['name'], mount_point)) sudo('mount -a') util.done()
def configure(): util.start() # Configure put('fabfile/lib/database/galera.cnf', '/etc/mysql/conf.d/galera.cnf', use_sudo=True) # Set the ips ips = env.config.get('ips') ips_string = ','.join(ips['database']) sed('/etc/mysql/conf.d/galera.cnf', '\{\{ips\}\}', ips_string, use_sudo=True, flags='') # Set the current box hostname and IP current_ip = get_current_ip() sed('/etc/mysql/conf.d/galera.cnf', '\{\{ip\}\}', current_ip, use_sudo=True, flags='') sed('/etc/mysql/conf.d/galera.cnf', '\{\{hostname\}\}', env.host_string, use_sudo=True, flags='') # We have to start the first cluster with a special flag # roledefs = env.config.get('roledefs') # first_host = roledefs[0] # if env.host_string == first_host: # sudo('/etc/init.d/mysql start --wsrep-new-cluster') # else: # sudo('/etc/init.d/mysql start') # Now we have to copy /etc/mysql/debian.cnf from one to others put('fabfile/lib/database/etc-mysql-debian.cnf', '/etc/mysql/debian.cnf', use_sudo=True) util.done()
def configure(): util.start() # Configure put('fabfile/lib/database/galera.cnf', '/etc/mysql/conf.d/galera.cnf', use_sudo=True) # Set the ips ips = env.config.get('ips') ips_string = ','.join(ips['database']) sed('/etc/mysql/conf.d/galera.cnf', '\{\{ips\}\}', ips_string, use_sudo=True, flags='') # Set the current box hostname and IP current_ip = get_current_ip() sed('/etc/mysql/conf.d/galera.cnf', '\{\{ip\}\}', current_ip, use_sudo=True, flags='') sed('/etc/mysql/conf.d/galera.cnf', '\{\{hostname\}\}', env.host_string, use_sudo=True, flags='') # We have to start the first cluster with a special flag # roledefs = env.config.get('roledefs') # first_host = roledefs[0] # if env.host_string == first_host: # sudo('/etc/init.d/mysql start --wsrep-new-cluster') # else: # sudo('/etc/init.d/mysql start') # Now we have to copy /etc/mysql/debian.cnf from one to others put('fabfile/lib/database/etc-mysql-debian.cnf', '/etc/mysql/debian.cnf', use_sudo=True) util.done()
def configure(): util.start() # # Additionally, for extra security, we can use IP tables # # Comment out the bind #sed('/etc/redis/redis.conf', 'bind 127.0.0.1', '#bind 127.0.0.1', use_sudo=True) # Restart redis #sudo('/etc/init.d/redis-server restart') # Setup IP tables # Block Redis port (6379) and resque-web port (5678) #sudo('iptables -A INPUT -j DROP -p tcp --destination-port 6379 -i eth0') #sudo('iptables -A INPUT -j DROP -p tcp --destination-port 5678 -i eth0') # IPs for dev computers ips = ['68.111.83.216', '198.15.79.146'] # IPs for Linode servers ips.extend(['173.255.196.166', '173.230.148.249', '173.255.255.61']) # IPs for Uptimerobot ips.extend(['74.86.158.106', '74.86.158.107', '74.86.179.130']) ips.extend(['74.86.179.131', '46.137.190.132', '122.248.234.23']) # Add back the IPs #for ip in ips: # sudo('iptables -I INPUT -s %s -j ACCEPT' % ip) util.done()
def register(git_hostname, username): util.start() # Copy the deploy private key to the server print("Copying deployment private key to server") put(util.template('id_rsa_deploy'), '/home/%s/.ssh/id_rsa_deploy' % username, use_sudo=False, mode=0600) # Copy ssh config file to server put(util.template('ssh_config'), '/home/%s/.ssh/config' % username, use_sudo=False) # Replace tokens in config file sed('/home/%s/.ssh/config' % username, '\{\{git-server\}\}', '%s' % git_hostname, use_sudo=False, flags='') sed('/home/%s/.ssh/config' % username, '\{\{home\}\}', '%s' % username, use_sudo=False, flags='') util.done()
def install_mysql_agent(): util.start() if (not(env.newrelic_key)): util.done('Missing Key') return if (not(util.enabled('newrelic'))): util.done('Not enabled in environment settings') return # Do it util.done()
def configure(): util.start() if (not(env.newrelic_key)): util.done('Missing Key') return if (not(util.enabled('newrelic'))): util.done('Not enabled in environment settings') return sudo('nrsysmond-config --set license_key=%s' % env.newrelic_key) sudo('/etc/init.d/newrelic-sysmond start') util.done()
def install(): util.start() if (not(env.newrelic_key)): util.done('Missing Key') return if (not(util.enabled('newrelic'))): util.done('Not enabled in environment settings') return sudo('wget -O /etc/apt/sources.list.d/newrelic.list http://download.newrelic.com/debian/newrelic.list') sudo('apt-key adv --keyserver hkp://subkeys.pgp.net --recv-keys 548C16BF') sudo('apt-get update') sudo('apt-get install -yq newrelic-sysmond') util.done()
def configure(): util.start() if (not (env.papertrail_key)): util.done('Missing Key') return if (not (util.is_production())): util.done('Not PRODUCTION') return # Papertrail # Add this to end of rsyslog # *.* @logs.papertrailapp.com:31784 # Restart #sudo /etc/init.d/rsyslog restart util.done()
def install_php_agent(): util.start() if (not(env.newrelic_key)): util.done('Missing Key') return if (not(util.enabled('newrelic'))): util.done('Not enabled in environment settings') return sudo('wget -O - http://download.newrelic.com/548C16BF.gpg | apt-key add -') sudo('echo "deb http://apt.newrelic.com/debian/ newrelic non-free" > /etc/apt/sources.list.d/newrelic.list') sudo('apt-get update') sudo('apt-get install -yq newrelic-php5') sudo('newrelic-install') sudo('/etc/init.d/newrelic-daemon restart') sudo('/etc/init.d/php5-fpm restart') sudo('/etc/init.d/nginx restart') util.done()
def configure(): util.start() util.done()
def install(): util.start() #sudo('apt-get install -y ufw') util.done()
def configure(): util.start() # Create the resque-web directory structure sudo('mkdir -p /etc/unicorn') sudo('mkdir -p /var/www/resque-web') sudo('mkdir -p /var/www/resque-web/shared') sudo('mkdir -p /var/www/resque-web/config') sudo('mkdir -p /var/www/resque-web/log') sudo('mkdir -p /var/www/resque-web/shared') sudo('chown -R www-data:www-data /var/www/resque-web') sudo('chmod -R 775 /var/www/resque-web') put(util.template('etc-init.d-unicorn'), '/etc/init.d/unicorn', use_sudo=True) put(util.template('etc-nginx-resque-web'), '/etc/nginx/sites-available/resque-web', use_sudo=True) put(util.template('etc-unicorn-resque-web.conf'), '/etc/unicorn/resque-web.conf', use_sudo=True) put(util.template('var-www-config.ru'), '/var/www/resque-web/config.ru', use_sudo=True) put(util.template('var-www-unicorn.rb'), '/var/www/resque-web/config/unicorn.rb', use_sudo=True) put(util.template('var-www-resque.rb'), '/var/www/resque-web/config/resque.rb', use_sudo=True) # Munge the server_names to create a unique list # TODO: Move to separate function server_names = env.config.get('server_names', "") if (server_names != "" and server_names['resque'] != ""): server_names = server_names['resque'] server_names.append(env.host_string) server_names = set(server_names) nginx_server_name = " ".join(server_names) else: nginx_server_name = env.host_string print("Setting nginx server_name: %s" % nginx_server_name) sed('/etc/nginx/sites-available/resque-web', '\{\{localhost\}\}', '%s' % nginx_server_name, use_sudo=True, backup='.bak', flags='') # Configure resque to the correct Redis server redis_host = 'localhost' redis_port = 6379 redis_password = env.password if (env.redis_host and env.redis_host != ''): redis_host = env.redis_host redis_port = env.redis_port redis_password = env.redis_password print("Using redis server @ %s:%s" % (redis_host, redis_port)) sed('/var/www/resque-web/config.ru', '\{\{host\}\}', '%s' % redis_host, use_sudo=True, backup='.bak', flags='') sed('/var/www/resque-web/config.ru', '\{\{port\}\}', '%s' % redis_port, use_sudo=True, backup='.bak', flags='') sed('/var/www/resque-web/config.ru', '\{\{password\}\}', '%s' % redis_password, use_sudo=True, backup='.bak', flags='') # Continue configuring resque server sed('/var/www/resque-web/config/resque.rb', '\{\{password\}\}', '%s' % env.password, use_sudo=True, backup='.bak', flags='') if not exists('/etc/nginx/sites-enabled/resque-web'): sudo( 'ln -s /etc/nginx/sites-available/resque-web /etc/nginx/sites-enabled/resque-web' ) sudo('chown root:root /etc/init.d/unicorn') sudo('chmod 775 /etc/init.d/unicorn') # Have unicorn (resque-web) start on boot sudo('update-rc.d unicorn defaults') # Restart unicorn and nginx sudo('/etc/init.d/unicorn restart') sudo('/etc/init.d/nginx restart') util.done()
def configure_master(host): util.start() util.done()
def install(): util.start() sudo('apt-get install -yq nginx') util.done()
def add_host(project_name, www_root, host_string, environment = "DEVELOPMENT", server_names = ""): util.start() project_name = project_name.lower() # Add new virtual host print('Adding new virtual host: %s' % host_string) # Delete old virtual host file if exists('/etc/nginx/sites-available/%s' % project_name): print('Found old virtual host, archiving') orig = '/etc/nginx/sites-available/%s' % project_name backup = '/etc/nginx/sites-available/%s' % util.timestamp(project_name) sudo('mv %s %s' % (orig, backup)) #sudo('rm -fR /etc/nginx/sites-available/%s' % project_name) sudo('rm -fR /etc/nginx/sites-enabled/%s' % project_name) # Deal with SSL portion of site if (util.enabled('ssl')): # Copy some files from lib/ssl to server run('rm -fR ~/ssl') run('mkdir ~/ssl') put('fabfile/project/ssl/%s.com.bundle.crt' % project_name, '~/ssl/%s.com.bundle.crt' % project_name) put('fabfile/project/ssl/%s.com.key' % project_name, '~/ssl/%s.com.key' % project_name) nginx_site_file = "nginx-site-ssl"; else: nginx_site_file = "nginx-site"; print('Copying from local project virtual host') put(util.template("%s") % nginx_site_file, '/etc/nginx/sites-available/%s' % project_name, use_sudo=True) print('Replacing some tokens') # TODO: Token needs to be sync'd with Vagrantfile share folders # TODO: Token needs to by sync'd with dev_chris.py # TODO: Token needs to by sync'd with main fabric __init__.py sed('/etc/nginx/sites-available/%s' % project_name, '\{\{www_root\}\}', '%s' % www_root, use_sudo=True, backup='.bak', flags='') # Munge the server_names to create a unique list # TODO: Move to separate function if (server_names != "" and server_names['www'] != ""): server_names = server_names['www'] server_names.append(host_string) server_names = set(server_names) nginx_server_name = " ".join(server_names) else: nginx_server_name = host_string print("Setting nginx server_name: %s" % nginx_server_name) sed('/etc/nginx/sites-available/%s' % project_name, '\{\{localhost\}\}', '%s' % nginx_server_name, use_sudo=True, backup='.bak', flags='') sed('/etc/nginx/sites-available/%s' % project_name, '\{\{environment\}\}', '%s' % environment, use_sudo=True, backup='.bak', flags='') util.done()
def install(): util.start() util.done()
def install(): util.start() # Install automysqlbackup sudo('apt-get install -yq automysqlbackup') util.done()
def configure(): util.start() # Create the resque-web directory structure sudo('mkdir -p /etc/unicorn') sudo('mkdir -p /var/www/resque-web') sudo('mkdir -p /var/www/resque-web/shared') sudo('mkdir -p /var/www/resque-web/config') sudo('mkdir -p /var/www/resque-web/log') sudo('mkdir -p /var/www/resque-web/shared') sudo('chown -R www-data:www-data /var/www/resque-web') sudo('chmod -R 775 /var/www/resque-web') put(util.template('etc-init.d-unicorn'), '/etc/init.d/unicorn', use_sudo=True) put(util.template('etc-nginx-resque-web'), '/etc/nginx/sites-available/resque-web', use_sudo=True) put(util.template('etc-unicorn-resque-web.conf'), '/etc/unicorn/resque-web.conf', use_sudo=True) put(util.template('var-www-config.ru'), '/var/www/resque-web/config.ru', use_sudo=True) put(util.template('var-www-unicorn.rb'), '/var/www/resque-web/config/unicorn.rb', use_sudo=True) put(util.template('var-www-resque.rb'), '/var/www/resque-web/config/resque.rb', use_sudo=True) # Munge the server_names to create a unique list # TODO: Move to separate function server_names = env.config.get('server_names', "") if (server_names != "" and server_names['resque'] != ""): server_names = server_names['resque'] server_names.append(env.host_string) server_names = set(server_names) nginx_server_name = " ".join(server_names) else: nginx_server_name = env.host_string print("Setting nginx server_name: %s" % nginx_server_name) sed('/etc/nginx/sites-available/resque-web', '\{\{localhost\}\}', '%s' % nginx_server_name, use_sudo=True, backup='.bak', flags='') # Configure resque to the correct Redis server redis_host = 'localhost' redis_port = 6379 redis_password = env.password if (env.redis_host and env.redis_host != ''): redis_host = env.redis_host redis_port = env.redis_port redis_password = env.redis_password print("Using redis server @ %s:%s" % (redis_host, redis_port)) sed('/var/www/resque-web/config.ru', '\{\{host\}\}', '%s' % redis_host, use_sudo=True, backup='.bak', flags='') sed('/var/www/resque-web/config.ru', '\{\{port\}\}', '%s' % redis_port, use_sudo=True, backup='.bak', flags='') sed('/var/www/resque-web/config.ru', '\{\{password\}\}', '%s' % redis_password, use_sudo=True, backup='.bak', flags='') # Continue configuring resque server sed('/var/www/resque-web/config/resque.rb', '\{\{password\}\}', '%s' % env.password, use_sudo=True, backup='.bak', flags='') if not exists('/etc/nginx/sites-enabled/resque-web'): sudo('ln -s /etc/nginx/sites-available/resque-web /etc/nginx/sites-enabled/resque-web') sudo('chown root:root /etc/init.d/unicorn') sudo('chmod 775 /etc/init.d/unicorn') # Have unicorn (resque-web) start on boot sudo('update-rc.d unicorn defaults') # Restart unicorn and nginx sudo('/etc/init.d/unicorn restart') sudo('/etc/init.d/nginx restart') util.done()
def configure_slave(host): util.start() util.done()
def install(): util.start() #sudo('apt-get install -y ufw') util.done()
def configure_master(host): util.start() util.done()