Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Tweaking ruby-shadow recipe and adding a simple rails app deploy with…

… a git repo and post receive hook for continuous deployment
  • Loading branch information...
commit 001a5b744f56a0f140874a21f501f8a72c5b17a2 1 parent 55c84ac
Fabio Akita authored
1  iptables/templates/default/restrictive.erb
View
@@ -1,5 +1,4 @@
# Very restricted, only accepts 22, 80, 443 and loopback
--A FWR -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 -j ACCEPT
1  ruby-shadow/attributes/ruby-shadow.rb
View
@@ -0,0 +1 @@
+set_unless[:ruby_shadow][:site_ruby] = "/usr/local/lib/ruby/site_ruby/1.8"
4 ruby-shadow/recipes/default.rb
View
@@ -1,6 +1,6 @@
remote_directory "/usr/local/src/shadow-1.4.1" do
source 'shadow-1.4.1'
- not_if { File.exists?("/usr/local/lib/ruby/site_ruby/1.8/#{node[:languages][:ruby][:platform]}/shadow.so") }
+ not_if { File.exists?(File.join(node[:ruby_shadow][:site_ruby], "#{node[:languages][:ruby][:platform]}/shadow.so")) }
end
bash "install ruby shadow library" do
@@ -11,5 +11,5 @@
ruby extconf.rb
make install
EOH
- not_if { File.exists?("/usr/local/lib/ruby/site_ruby/1.8/#{node[:languages][:ruby][:platform]}/shadow.so") }
+ not_if { File.exists?(File.join(node[:ruby_shadow][:site_ruby], "/#{node[:languages][:ruby][:platform]}/shadow.so")) }
end
1  simple_rails_app/attributes/simple_rails_app.rb
View
@@ -0,0 +1 @@
+set_unless[:apps] = [{ :name => "enki", :username => "site", :git_branch => "master"}]
34 simple_rails_app/recipes/default.rb
View
@@ -0,0 +1,34 @@
+include_recipe "git"
+
+node[:apps].each do |app|
+ home_path = "/home/#{app[:username]}"
+ repos_path = "#{home_path}/repos/#{app[:name]}.git"
+ app_path = "#{home_path}/#{app[:name]}"
+
+ # initialize bare git repo
+ bash "create repo folder" do
+ user app[:username]
+ code "mkdir -p #{repos_path} && cd #{repos_path} && git init --bare"
+ not_if { File.exists?(repos_path) }
+ end
+
+ template "#{repos_path}/hooks/post-receive" do
+ path "#{repos_path}/hooks/post-receive"
+ source "post-receive.erb"
+ owner app[:username]
+ group app[:group] || app[:username]
+ mode 0755
+ variables(
+ :app_path => app_path,
+ :git_branch => app[:git_branch] || "master"
+ )
+ action :create
+ end
+
+ # set web app permissions
+ bash "clone git repo" do
+ user app[:username]
+ code "cd #{home_path} && git clone #{repos_path} #{app[:name]}"
+ not_if { File.exists?(app_path) }
+ end
+end
21 simple_rails_app/templates/default/post-receive.erb
View
@@ -0,0 +1,21 @@
+#!/bin/sh
+cd <%= @app_path %>
+env -i git reset --hard
+env -i git pull origin <%= @git_branch %>
+env -i [ -f .gitmodules ] && git submodule update
+env -i rake db:migrate RAILS_ENV=production
+env -i touch tmp/restart.txt
+
+#
+# An example hook script for the post-receive event
+#
+# This script is run after receive-pack has accepted a pack and the
+# repository has been updated. It is passed arguments in through stdin
+# in the form
+# <oldrev> <newrev> <refname>
+# For example:
+# aa453216d1b3e49e7f6f98441fa56946ddcd6a20 68f7abf4e6f922807889f52bc043ecd31b79f814 refs/heads/master
+#
+# see contrib/hooks/ for an sample, or uncomment the next line (on debian)
+#
+#. /usr/share/doc/git-core/contrib/hooks/post-receive-email
17 users/attributes/default.rb
View
@@ -1,19 +1,4 @@
users Mash.new unless attribute?("users")
-groups Mash.new unless attribute?("groups")
-ssh_keys Mash.new unless attribute?("ssh_keys")
-roles Mash.new unless attribute?("roles")
-
-groups[:app] = {:gid => 5000}
-groups[:site] = {:gid => 6000}
-groups[:admin] = {:gid => 7000}
-
-roles[:chef] = {:groups => [:admin], :sudo_groups => [:admin]}
-roles[:app] = {:groups => [:admin, :app], :sudo_groups => [:admin]}
# passwords must be in shadow password format with a salt. To generate: openssl passwd -1
-
-users[:jose] = {:password => "shadowpass", :comment => "José Amador", :uid => 4001, :group => :admin}
-users[:francisco] = {:password => "shadowpass", :comment => "Paco de Lucena", :uid => 4002, :group => :admin}
-
-ssh_keys[:jose] = "ssh-dss keydata"
-ssh_keys[:francisco] = "ssh-rsa keydata"
+# users[:jose] = {:password => "shadowpass", :comment => "José Amador" }
82 users/recipes/default.rb
View
@@ -1,18 +1,10 @@
-node[:groups].each do |group_key, config|
- group group_key do
- group_name group_key.to_s
- gid config[:gid]
- action [:create, :manage]
- end
-end
+include_recipe "ruby-shadow"
-if node[:active_users]
- node[:active_users].each do |username|
+if node[:users]
+ node[:users].keys.each do |username|
config = node[:users][username]
user username do
comment config[:comment]
- uid config[:uid]
- gid config[:groups].first
home "/home/#{username}"
shell "/bin/bash"
password config[:password]
@@ -21,71 +13,3 @@
end
end
end
-
-node[:active_groups].each do |group_name, config|
- users = node[:users].find_all { |u| u.last[:groups].include?(group_name) }
-
- users.each do |u, config|
- user u do
- comment config[:comment]
- uid config[:uid]
- gid config[:groups].first
- home "/home/#{u}"
- shell "/bin/bash"
- password config[:password]
- supports :manage_home => true
- action [:create, :manage]
- end
-
- config[:groups].each do |g|
- group g do
- group_name g.to_s
- gid node[:groups][g][:gid]
- members [ u ]
- append true
- action [:modify]
- end
- end
-
- remote_file "/home/#{u}/.profile" do
- source "users/#{u}/.profile"
- mode 0750
- owner u
- group config[:groups].first.to_s
- end
-
- directory "/home/#{u}/.ssh" do
- action :create
- owner u
- group config[:groups].first.to_s
- mode 0700
- end
-
- add_keys u do
- conf config
- end
- end
-
- # remove users who may have been added but are now restricted from this node's role
- # (node[:users] - users).each do |u|
- # user u do
- # action :remove
- # end
- # end
-end
-
-# Remove initial setup user and group.
-user "ubuntu" do
- action :remove
-end
-
-group "ubuntu" do
- action :remove
-end
-
-directory "/u" do
- action :create
- owner "root"
- group "admin"
- mode 0775
-end
Please sign in to comment.
Something went wrong with that request. Please try again.