Initial commit

jlund · Jun 11, 2013 · df2fcab · df2fcab
commit df2fcab
Show file tree

Hide file tree

Showing 20 changed files with 493 additions and 0 deletions.
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,9 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Joshua Lund
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README.md b/README.md
@@ -0,0 +1,27 @@
+salt-rack
+=========
+
+ Sample Rack application [Salt](http://saltstack.com/) States that will install Nginx, Passenger, Ruby 1.9.3 + the [Falcon patch](https://gist.github.com/funny-falcon/4755042). They also demonstrate how to deploy a [sample Rack application](https://github.com/jlund/imgur-display) using git.
+
+ Specifically, these states do the following:
+
+ * Install a few crucial packages like git and NTP
+ * Create a deploy user that the application files will belong to
+ * Add an SSH public key to the deploy user's Authorized Keys file
+ * Reconfigure OpenSSH to only allow access via SSH keys
+ * Install Ruby 1.9.3 + the Falcon patch
+ * Install Bundler
+ * Install Nginx + Passenger
+ * Set up and enable an Nginx vhost
+ * Create all necessary application directories
+ * Use git to checkout the latest revision of the [imgur-display](https://github.com/jlund/imgur-display) codebase
+ * Create required symlinks
+ * Use bundler to install all Gem dependencies
+
+Running these states will leave you with a fully-functional Rack application server that is ready to show you a random picture from imgur. With some incredibly minor adjustments, these states will deploy your own application! It's my hope that they will be helpful to anyone who needs to set up a similar server using Salt.
+
+A cloudinit template is also included that you can use to automatically provision Salt on a new Ubuntu server.
+
+These states were tested on Ubuntu 12.04.2 LTS but should also work on Debian 7.
+
+Enjoy!
diff --git a/cloudinit-template.sh b/cloudinit-template.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+HOSTNAME=hostname_here
+SALT_MASTER=internal_ip_here
+
+echo $HOSTNAME > /etc/hostname
+hostname --file /etc/hostname
+
+sed --in-place -e "s/127.0.0.1 localhost/127.0.0.1 $HOSTNAME localhost/" /etc/hosts
+sed --in-place -e "s/::1 ip6-localhost ip6-loopback/::1 $HOSTNAME ip6-localhost ip6-loopback/" /etc/hosts
+sed --in-place "2i $SALT_MASTER salt" /etc/hosts
+
+add-apt-repository -y ppa:saltstack/salt
+
+apt-get update
+apt-get --yes dist-upgrade
+
+apt-get --yes install salt-minion
+reboot
diff --git a/pillar/imgur-display.sls b/pillar/imgur-display.sls
@@ -0,0 +1,5 @@
+imgur_display_location:  "/var/www/imgur-display"
+passenger_max_pool_size: "4"
+passenger_max_requests:  "2000"
+passenger_version:       "4.0.5"
+ruby_location:           "/opt/ruby-1.9.3-p385-falcon-gc"
diff --git a/pillar/top.sls b/pillar/top.sls
@@ -0,0 +1,3 @@
+base:
+  '*':
+    - imgur-display
diff --git a/salt/app/imgur-display/init.sls b/salt/app/imgur-display/init.sls
@@ -0,0 +1,73 @@
+include:
+  - deploy-user
+  - nginx-passenger
+  - ruby-falcon
+
+# Generate the imgur-display virtual host
+imgur-display-vhost:
+  file.managed:
+    - name: /etc/nginx/sites-available/imgur-display
+    - source: salt://app/imgur-display/vhost
+    - template: jinja
+    - require:
+      - file: /etc/nginx/sites-available
+
+# Enable the imgur-display virtual host
+imgur-display-vhost-symlink:
+  file.symlink:
+    - name: /etc/nginx/sites-enabled/imgur-display
+    - target: /etc/nginx/sites-available/imgur-display
+    - require:
+      - file: imgur-display-vhost
+      - file: /etc/nginx/sites-enabled
+
+# Create the application directories
+{% for directory in 'bundle', 'log' %}
+{{ pillar['imgur_display_location'] }}/shared/{{ directory }}:
+  file.directory:
+    - user: deploy
+    - group: deploy
+    - makedirs: True
+    - require:
+      - user: deploy
+{% endfor %}
+
+# Check out the latest revision of the codebase
+imgur-display-codebase:
+  git.latest:
+    - name: https://github.com/jlund/imgur-display.git
+    - target: {{ pillar['imgur_display_location'] }}/current
+    - runas: deploy
+    - require:
+      - pkg: git
+      - user: deploy
+      - file: {{ pillar['imgur_display_location'] }}/shared/bundle
+
+# Symlink the log directory to the shared location
+imgur-display-log-symlink:
+  file.symlink:
+    - name: {{ pillar['imgur_display_location'] }}/current/log
+    - target: {{ pillar['imgur_display_location'] }}/shared/log
+    - require:
+      - git: imgur-display-codebase
+      - file: {{ pillar['imgur_display_location'] }}/shared/log
+
+# Install the bundle
+bundle-install:
+  cmd.run:
+    - name: bundle install --deployment --path {{ pillar['imgur_display_location'] }}
+    - user: deploy
+    - cwd: {{ pillar['imgur_display_location'] }}/current
+    - require:
+      - cmd: bundler
+      - file: /usr/local/bin/bundle
+      - git: imgur-display-codebase
+      - user: deploy
+
+# Restart the imgur-display application if the codebase or virtual host change
+extend:
+  nginx:
+    service:
+      - watch:
+        - git: imgur-display-codebase
+        - file: imgur-display-vhost
diff --git a/salt/app/imgur-display/vhost b/salt/app/imgur-display/vhost
@@ -0,0 +1,14 @@
+server {
+  listen 80 default_server;
+  server_name imgur-display.local;
+
+  root {{ pillar['imgur_display_location'] }}/current/public;
+
+  access_log {{ pillar['imgur_display_location'] }}/shared/log/nginx-access.log;
+  error_log  {{ pillar['imgur_display_location'] }}/shared/log/nginx-error.log;
+
+  passenger_enabled on;
+  passenger_user    www-data;
+  passenger_group   www-data;
+  rack_env          production;
+}
diff --git a/salt/common.sls b/salt/common.sls
@@ -0,0 +1,7 @@
+# Install git
+git:
+  pkg.installed
+
+# Install NTP
+ntp:
+  pkg.installed
diff --git a/salt/deploy-user/init.sls b/salt/deploy-user/init.sls
@@ -0,0 +1,23 @@
+deploy:
+  group.present:
+    - system: False
+
+  # Add the deploy user
+  user.present:
+    - fullname: Deploy User
+    - home: /home/deploy
+    - shell: /bin/bash
+    - gid_from_name: True
+    # Enable sudo access for the deploy user
+    - groups:
+      - sudo
+    - require:
+      - group: deploy
+
+  # Set up authorized_keys for the deploy user
+  ssh_auth.present:
+    - user: deploy
+    - names:
+      - ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC3jdO0ojv6W28wA95qJQexaFNMtVte1xEASeNTAPgyjTqzojZ3cINVXbZS55UD83upMJd5jugohfKp+k/Dus+Y= jlund@Mal
+    - require:
+      - user: deploy
diff --git a/salt/nginx-passenger/init.sls b/salt/nginx-passenger/init.sls
@@ -0,0 +1,94 @@
+include:
+  - ruby-falcon
+
+# Install the libcurl OpenSSL development files that Passenger requires
+libcurl4-openssl-dev:
+  pkg.installed
+
+# Install Passenger
+passenger:
+  cmd.run:
+    - name: {{ pillar['ruby_location'] }}/bin/gem install passenger -v {{ pillar['passenger_version'] }}
+    - unless: {{ pillar['ruby_location'] }}/bin/gem list | grep -e passenger -e {{ pillar['passenger_version'] }}
+    - require:
+      - cmd: bundler
+      - pkg: libcurl4-openssl-dev
+
+# Make Passenger Symlinks
+# --
+{% for binary in 'passenger-memory-stats', 'passenger-status' %}
+/usr/local/bin/{{ binary }}:
+  file.symlink:
+    - target: {{ pillar['ruby_location'] }}/bin/{{ binary }}
+    - require:
+      - cmd: passenger
+{% endfor %}
+
+# Download the Nginx source code
+nginx-source:
+  file.managed:
+    - name: /usr/local/src/nginx-1.4.1.tar.gz
+    - source: http://nginx.org/download/nginx-1.4.1.tar.gz
+    - source_hash: sha256=bca5d1e89751ba29406185e1736c390412603a7e6b604f5b4575281f6565d119
+
+# Run the Nginx install script
+nginx-install:
+  cmd.script:
+    - name: salt://nginx-passenger/install.sh
+    - unless: /opt/nginx/sbin/nginx -v 2>&1 | grep 1.4.1
+    - template: jinja
+    - require:
+      - file: nginx-source
+      - cmd: passenger
+      - file: /usr/local/bin/rake
+      - file: /usr/local/bin/ruby
+
+# Generate the Nginx configuration file
+nginx-configuration:
+  file.managed:
+    - name: /opt/nginx/conf/nginx.conf
+    - source: salt://nginx-passenger/nginx-conf
+    - template: jinja
+    - require:
+      - cmd: nginx-install
+
+# Copy Nginx init script
+nginx-init-script:
+  file.managed:
+    - name: /etc/init.d/nginx
+    - source: salt://nginx-passenger/nginx-init
+    - mode: 755
+    - require:
+      - cmd: nginx-install
+
+# Enable the Nginx init script so the service will start at boot
+# Watch for changes to the configuration and init script, which will
+# trigger a restart
+nginx:
+  service:
+    - running
+    - enable: True
+    - watch:
+      - file: nginx-configuration
+      - file: nginx-init-script
+
+# Set up Nginx vhost directories
+{% for dir in 'sites-available', 'sites-enabled' %}
+/etc/nginx/{{ dir }}:
+  file.directory:
+    - makedirs: True
+    - user: root
+    - group: root
+    - require:
+      - cmd: nginx-install
+{% endfor %}
+
+# Set up log rotation for Nginx and Passenger
+{% for rotate_target in 'nginx', 'passenger' %}
+/etc/logrotate.d/{{ rotate_target }}:
+  file.managed:
+    - source: salt://nginx-passenger/{{ rotate_target }}-logrotate
+    - require:
+      - cmd: nginx-install
+      - cmd: passenger
+{% endfor %}
diff --git a/salt/nginx-passenger/install.sh b/salt/nginx-passenger/install.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+cd /usr/local/src/
+tar xvfz nginx-1.4.1.tar.gz
+{{ pillar['ruby_location'] }}/bin/passenger-install-nginx-module --auto --prefix=/opt/nginx --nginx-source-dir=/usr/local/src/nginx-1.4.1 --extra-configure-flags="--with-http_gzip_static_module"
diff --git a/salt/nginx-passenger/nginx-conf b/salt/nginx-passenger/nginx-conf
@@ -0,0 +1,29 @@
+user  www-data;
+worker_processes  4;  
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    passenger_root {{ pillar['ruby_location'] }}/lib/ruby/gems/1.9.1/gems/passenger-{{ pillar['passenger_version'] }};
+    passenger_ruby /usr/local/bin/ruby-falcon-wrapper;
+    passenger_max_pool_size {{ pillar['passenger_max_pool_size'] }};
+    passenger_max_requests {{ pillar['passenger_max_requests'] }};
+
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    sendfile       on;
+    tcp_nopush     on;
+    client_max_body_size  10M;
+
+    keepalive_timeout  10;
+
+    gzip  on;
+    gzip_types  text/css text/xml text/plain application/x-javascript application/atom+xml application/rss+xml;
+
+
+    include /etc/nginx/sites-enabled/*;
+}
diff --git a/salt/nginx-passenger/nginx-init b/salt/nginx-passenger/nginx-init
@@ -0,0 +1,62 @@
+#! /bin/sh
+
+### BEGIN INIT INFO
+# Provides:          nginx
+# Required-Start:    $all
+# Required-Stop:     $all
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: starts the nginx web server
+# Description:       starts nginx using start-stop-daemon
+### END INIT INFO
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/opt/nginx/sbin/nginx
+NAME=nginx
+DESC=nginx
+
+test -x $DAEMON || exit 0
+
+# Include nginx defaults if available
+if [ -f /etc/default/nginx ] ; then
+  . /etc/default/nginx
+fi
+
+set -e
+
+case "$1" in
+  start)
+  echo -n "Starting $DESC: "
+  start-stop-daemon --start --quiet --pidfile /opt/nginx/logs/nginx.pid \
+    --exec $DAEMON -- $DAEMON_OPTS || true
+  echo "Done."
+  ;;
+  stop)
+  echo -n "Stopping $DESC: "
+  start-stop-daemon --stop --quiet --pidfile /opt/nginx/logs/nginx.pid \
+    --exec $DAEMON || true
+  echo "Done."
+  ;;
+  restart|force-reload)
+  echo -n "Restarting $DESC: "
+  start-stop-daemon --stop --quiet --pidfile \
+    /opt/nginx/logs/nginx.pid --exec $DAEMON || true
+  sleep 1
+  start-stop-daemon --start --quiet --pidfile \
+    /opt/nginx/logs/nginx.pid --exec $DAEMON -- $DAEMON_OPTS || true
+  echo "Done."
+  ;;
+  reload)
+      echo -n "Reloading $DESC configuration: "
+      start-stop-daemon --stop --signal HUP --quiet --pidfile /opt/nginx/logs/nginx.pid \
+          --exec $DAEMON || true
+      echo "Done."
+      ;;
+  *)
+  N=/etc/init.d/$NAME
+  echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+  exit 1
+  ;;
+esac
+
+exit 0
diff --git a/salt/nginx-passenger/nginx-logrotate b/salt/nginx-passenger/nginx-logrotate
@@ -0,0 +1,11 @@
+/opt/nginx/logs/*.log {
+  daily
+  missingok
+  compress
+  rotate 7
+  dateext
+  notifempty
+  sharedscripts
+  extension gz
+  copytruncate
+}