-
Notifications
You must be signed in to change notification settings - Fork 0
/
deploy.sh
executable file
·316 lines (266 loc) · 8.5 KB
/
deploy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
#!/bin/bash
set -e
## Default values
DEPLOYHOME=/opt/4am/
NGINXHOME=${DEPLOYHOME}/nginx/
NGINXWORKERS=$(awk '/^processor/ { N++} END { print N }' /proc/cpuinfo)
RUBYVERS="ruby-1.9.2-p320"
DBNAME="4amcore"
DBUSERNAME="root"
DBPASS=''
DBHOST='127.0.0.1'
## End default values
if [ $(id -u) -ne 0 ]
then
echo "Must be run as root"
exit 1
fi
function usage
{
cat <<EOF
Usage: $0 [options]
Options:
-h, --help show this help message and exit
--db-engine mysql|postgresql
configure mysql or postgresql
--db-install install the database
--db-pass pass for the database
--home PATH
full path to the users home directory (default $DEPLOYHOME)
EOF
}
while :
do
case "$1" in
-h | --help)
usage
exit 0
;;
--db-engine)
#if [ "$2" != 'mysql' ] && [ "$2" != 'postgresql' ]
if [ "$2" != 'mysql' ]
then
echo "Error: Unknown/unsupported engine: '$2'" >&2
usage
exit 1
fi
DATABASE=$2
shift 2
;;
--home)
DEPLOYHOME=$2
shift 2
;;
--db-pass)
DBPASS=$2
shift 2
;;
--db-install)
DBINSTALL="yes"
shift 1
;;
-*)
echo "Error: Unknown option: $1" >&2
usage
exit 1
;;
*) # No more options
break
;;
esac
done
# Define different functions depending on the operating system
if [ -f /etc/debian_version ]
then
# DEBIAN
function dependencies
{
DEBIANDEP="build-essential openssl libreadline6 \
libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev \
libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf \
libc6-dev ncurses-dev automake libtool bison subversion"
DEBIANDEP=${DEBIANDEP}" libcurl4-openssl-dev" # Needed for NGINX/Passenger
DEBIANDEP=${DEBIANDEP}" libmysqlclient-dev" # Needed for NGINX/Passenger
echo "Updating the system."
apt-get update && apt-get dist-upgrade -y
echo "Installing some interesting package."
/usr/bin/apt-get install -y $DEBIANDEP
}
function mysql_install
{
#INSTALLER_LOG=/var/log/non-interactive-installer.log
DEBIAN_FRONTEND=noninteractive apt-get install -q -y mysql-server pwgen
# Alternatively you can set the mysql password with debconf-set-selections
DBPASS=$(pwgen -s 12 1)
mysql -uroot -e "UPDATE mysql.user SET password=PASSWORD('${DBPASS}') WHERE user='root'; FLUSH PRIVILEGES;"
echo "MySQL Password set to '${DBPASS}'. Remember to delete ~/.mysql.passwd" | tee ~/.mysql.passwd
}
function add_dedicated_user
{
echo "Adding user..."
adduser --system --force-badname --home $DEPLOYHOME --shell /bin/bash --disabled-password 4am
addgroup --system --force-badname 4am
adduser 4am 4am
}
elif [ -f /etc/centos-release ]
then
function dependencies
{
echo "Updating the system."
yum update -y
echo "Installing some interesting package."
yum install -y gcc-c++ patch readline readline-devel zlib zlib-devel \
libyaml-devel libffi-devel openssl-devel make bzip2 autoconf automake \
libtool bison git \
curl-devel mysql-devel # curl-dev needed for passenger/nginx and mysql-devel for... mysql
yum install -y sqlite-devel # FIXME Useless in prod, Gemfile/rvmrc need to be improved
}
function add_dedicated_user
{
echo "Adding user..."
adduser --system --home $DEPLOYHOME --shell /bin/bash --create-home 4am
}
function mysql_install
{
#INSTALLER_LOG=/var/log/non-interactive-installer.log
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
echo "Installing mysql and pwgen."
yum install -y mysql-server pwgen
/etc/init.d/mysqld start
DBPASS=$(pwgen -s 12 1)
/usr/bin/mysqladmin -u root password "${DBPASS}"
echo "MySQL Password set to '${DBPASS}'. Remember to delete ~/.mysql.passwd" | tee ~/.mysql.passwd
}
else
echo "Unsupported operating system, sorry."
exit 1
fi
#function mysql_create_db
#{
# mysql -u root -p$MYSQL_PASS <<EOF
# CREATE DATABASE $DBNAME CHARACTER SET utf8;
#EOF
#}
dependencies
if [ "$DBINSTALL" = "yes" ]
then
if [ "$DATABASE" = "mysql" ]
then
echo "Configuring $DATABASE"
mysql_install
elif [ "$DATABASE" = "postgresql" ]
then
postgresql_install
fi
fi
add_dedicated_user
function install_rvm
{
echo "Installing rvm."
curl -L https://get.rvm.io | bash -s stable
source /usr/local/rvm/scripts/rvm
echo "Installation of rvm completed."
}
function install_ruby
{
echo "Installing ruby through rvm."
command rvm install ${RUBYVERS}
#rvm use ${RUBYVERS}
echo "Installation of ruby completed."
}
install_rvm
install_ruby
### NGINX & PASSENGER
gem install passenger
passenger-install-nginx-module --auto --auto-download --prefix=${NGINXHOME}
## Self signed certificate for nginx and the client authentication
mkdir ${NGINXHOME}/conf/ssl
cat <<EOF > ${NGINXHOME}/conf/ssl/server-openssl.cnf
[ req ]
default_bits = 4096
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
#attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# req_extensions = v3_req # The extensions to add to a certificate request
encrypt_key = no
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = FR
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = IDF
localityName = Locality Name (eg, city)
localityName_default = Paris
0.organizationName = Organization Name (eg, company)
0.organizationName_default = sx4it
organizationalUnitName = Organizational Unit Name (eg, section)
#organizationalUnitName_default = 4am
commonName = Common Name (eg, YOUR name)
commonName_default = $(hostname --fqdn)
emailAddress = Email Address
emailAddress_default = contact@sx4it.com
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
EOF
echo -e "\n\n\n\n\n\n\n" | \
openssl req -new -x509 -days 10000 -keyout ${NGINXHOME}/conf/ssl/server.key -out \
${NGINXHOME}/conf/ssl/server.crt -config ${NGINXHOME}/conf/ssl/server-openssl.cnf
mv ${NGINXHOME}/conf/nginx.conf ${NGINXHOME}/conf/nginx.conf.bak
cat <<EOF > ${NGINXHOME}/conf/nginx.conf
user 4am;
worker_processes ${NGINXWORKERS};
error_log logs/error.log info;
pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
passenger_root /usr/local/rvm/gems/${RUBYVERS}@4am-ui/gems/passenger-3.0.13;
passenger_ruby /usr/local/rvm/wrappers/${RUBYVERS}@4am-ui/ruby;
include mime.types;
default_type application/octet-stream;
error_log logs/error.log debug;
sendfile on;
keepalive_timeout 65;
server {
listen 443 default_server ssl;
server_name _;
access_log logs/access.log;
ssl_certificate ssl/server.crt;
ssl_certificate_key ssl/server.key;
# We need a CA, otherwise the client is not prompted for his certificate
ssl_client_certificate ssl/server.crt;
ssl_verify_client optional;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
root ${DEPLOYHOME}/www/current/public/;
passenger_enabled on;
passenger_set_cgi_param X-SSL_CLIENT_CERT \$ssl_client_raw_cert;
passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https;
passenger_use_global_queue on;
passenger_min_instances 2;
location ~ ^/(assets)/ {
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
}
passenger_pre_start https://localhost/;
}
EOF
cat <<EOF
------ SUCCESS ------
Your installation is finished.
You Can now run
cap deploy:setup
-Configure your database, and then
cap deploy
cap deploy:migrate
EOF
exit 0