Commit 4df6b65d authored by Tray Torrance's avatar Tray Torrance

Remove chef

parent 0e5bb81d
......@@ -27,10 +27,6 @@ gem 'twitter', '2.0.2'
gem 'messagebus_ruby_api', '1.0.1'
group :production do # we don't install these on travis to speed up test runs
# chef
gem 'chef', '~> 0.10.4', :require => false
gem 'ohai', '~> 0.6.10', :require => false
# reporting
gem 'hoptoad_notifier'
gem 'newrelic_rpm'
......
......@@ -87,7 +87,6 @@ GEM
arel (2.0.10)
bcrypt-ruby (2.1.4)
builder (2.1.2)
bunny (0.7.8)
capistrano (2.9.0)
highline
net-scp (>= 1.0.0)
......@@ -107,22 +106,6 @@ GEM
carrierwave (0.5.8)
activesupport (~> 3.0)
cgi_multipart_eof_fix (2.5.0)
chef (0.10.8)
bunny (>= 0.6.0)
erubis
highline
json (>= 1.4.4, <= 1.6.1)
mixlib-authentication (>= 1.1.0)
mixlib-cli (>= 1.1.0)
mixlib-config (>= 1.1.2)
mixlib-log (>= 1.3.0)
moneta
net-ssh (~> 2.1.3)
net-ssh-multi (~> 1.1.0)
ohai (>= 0.6.0)
rest-client (>= 1.0.4, < 1.7.0)
treetop (~> 1.4.9)
uuidtools
childprocess (0.2.5)
ffi (~> 1.0.6)
chronic (0.6.6)
......@@ -243,16 +226,10 @@ GEM
mime-types (1.17.2)
mini_magick (3.3)
subexec (~> 0.1.0)
mixlib-authentication (1.1.4)
mixlib-log
mixlib-cli (1.2.2)
mixlib-config (1.1.2)
mixlib-log (1.3.0)
mobile-fu (0.3.0)
rack-mobile-detect
rails
mock_redis (0.3.0)
moneta (0.6.0)
mongrel (1.1.5)
cgi_multipart_eof_fix (>= 2.4)
daemons (>= 1.0.3)
......@@ -268,9 +245,6 @@ GEM
net-ssh (2.1.4)
net-ssh-gateway (1.1.0)
net-ssh (>= 1.99.1)
net-ssh-multi (1.1)
net-ssh (>= 2.1.4)
net-ssh-gateway (>= 0.99.0)
newrelic_rpm (3.3.1)
nokogiri (1.5.0)
oauth (0.4.5)
......@@ -280,12 +254,6 @@ GEM
oauth2-provider (0.0.19)
activesupport (~> 3.0)
addressable (~> 2.2)
ohai (0.6.10)
mixlib-cli
mixlib-config
mixlib-log
systemu (~> 2.2.0)
yajl-ruby
omniauth (1.0.1)
hashie (~> 1.2)
rack
......@@ -399,7 +367,6 @@ GEM
tilt (>= 1.2.2, < 2.0)
sqlite3 (1.3.5)
subexec (0.1.0)
systemu (2.2.0)
term-ansicolor (1.0.7)
thin (1.3.1)
daemons (>= 1.0.9)
......@@ -419,7 +386,6 @@ GEM
typhoeus (0.3.3)
mime-types
tzinfo (0.3.31)
uuidtools (2.1.2)
vegas (0.1.8)
rack (>= 1.0.0)
warden (1.0.6)
......@@ -433,7 +399,6 @@ GEM
will_paginate (3.0.2)
xpath (0.1.4)
nokogiri (~> 1.3)
yajl-ruby (1.1.0)
yard (0.7.4)
yui-compressor (0.9.6)
POpen4 (>= 0.1.4)
......@@ -453,7 +418,6 @@ DEPENDENCIES
capistrano_colors
capybara (~> 1.1.2)
carrierwave (= 0.5.8)
chef (~> 0.10.4)
client_side_validations
cucumber-api-steps (= 0.6)
cucumber-rails (= 1.2.1)
......@@ -490,7 +454,6 @@ DEPENDENCIES
newrelic_rpm
nokogiri (~> 1.5.0)
oauth2-provider (= 0.0.19)
ohai (~> 0.6.10)
omniauth (= 1.0.1)
omniauth-facebook
omniauth-tumblr
......
{"run_list": ["recipe[diaspora::bootstrap"]}
#statistics
42 15 * * * cd /usr/local/app/diaspora && exec /usr/local/bin/ruby /usr/local/bin/bundle exec rake --trace statistics:users_splunk &> /usr/local/app/diaspora/log/stats.log
42 15 * * * cd /usr/local/app/diaspora && exec /usr/local/bin/ruby /usr/local/bin/bundle exec rake --trace statistics:content_splunk &> /usr/local/app/diaspora/log/stats.log
0 * * * * cd /usr/local/app/diaspora && exec /usr/local/bin/ruby /usr/local/bin/bundle exec rake --trace backup:mysql
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>
# Firewall configuration, manually edited AGAINST ALL REASON
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#SSH
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
#HTTP
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
#HTTPS
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
#Resque-Web
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7894 -j ACCEPT
#Websocket
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
#Crossdomain policy file for Flash sockets
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 843 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
This diff is collapsed.
This source diff could not be displayed because it is too large. You can view the blob instead.
thins:
- port: '3001'
- port: '3002'
- port: '3003'
url: 'joindiaspora.com'
cert_location: '/usr/local/nginx/conf/diaspora.crt'
key_location: '/usr/local/nginx/conf/diaspora.key'
s3_bucket: "https://joindiaspora.s3.amazonaws.com"
s3_path: "/uploads/images/"
{"run_list": ["recipe[diaspora::main]"]}
cron "user stats" do
minute 42
hour 15
command "cd /usr/local/app/diaspora && exec /usr/local/bin/ruby /usr/local/bin/bundle exec rake --trace statistics:users_splunk &> /usr/local/app/diaspora/log/stats.log"
end
cron "backup mysql" do
minute 0
command "cd /usr/local/app/diaspora && exec /usr/local/bin/ruby /usr/local/bin/bundle exec rake --trace backup:mysql"
end
common_pkgs = [
"cpio",
"gcc-c++",
"htop",
"psmisc",
"screen",
"bzip2"
]
dev_pkgs = value_for_platform(
"debian" => {
"default" => [
"libxml2-dev",
"libxslt1-dev",
"libsqlite3-dev",
"libmysqlclient-dev",
"libssl-dev",
"libcurl4-openssl-dev"
]
},
"centos" => {
"default" => [
"libxml2-devel",
"libxslt-devel",
"openssl-devel",
]
}
)
execute "apt-get update" do
action :nothing
end.run_action(:run) if platform?("debian")
common_pkgs.each do |pkg|
package pkg
end
dev_pkgs do |pkg|
package pkg
end
def harden_ruby(ruby_string)
Dir.glob("/usr/local/rvm/wrappers/#{ruby_string}/*").each do |file|
link "/usr/local/bin/#{file.split('/').last}" do
to file
end
end
Dir.glob("/usr/local/rvm/gems/#{ruby_string}/bin/*").each do |file|
link "/usr/local/bin/#{file.split('/').last}" do
to file
end
end
end
harden_ruby("ree-1.8.7-2010.02")
include_recipe "diaspora::java"
curl = 'curl-7.21.4'
execute 'download curl' do
command "mkdir -p /tmp/install && cd /tmp/install/ && wget http://curl.download.nextag.com/download/#{curl}.tar.gz"
not_if do
File.exists?("/tmp/install/#{curl}.tar.gz")
end
end
execute "unzip curl" do
command "cd /tmp/install && tar -xvf #{curl}.tar.gz"
not_if do
File.exists?("/tmp/install/#{curl}/README")
end
end
execute "configure curl" do
command "cd /tmp/install/#{curl} && ./configure --with-ssl"
not_if do
File.exists?('/usr/local/lib/libcurl.so.4')
end
end
execute "compile curl" do
command "cd /tmp/install/#{curl} && make"
not_if do
File.exists?('/usr/local/lib/libcurl.so.4')
end
end
execute "install curl" do
command "cd /tmp/install/#{curl} && make install"
not_if do
File.exists?('/usr/local/lib/libcurl.so.4')
end
end
execute 'update dynamic loader cache for curl' do
command "echo '/usr/local/lib' >> /etc/ld.so.conf"
not_if "grep /usr/local/lib /etc/ld.so.conf"
end
execute 'run dynamic linker' do
command '/sbin/ldconfig'
end
execute 'rebundle' do
command 'bundle install'
end
include_recipe "diaspora::startcom_bundle"
execute "get the daemontools repo" do
command "mkdir -p /package/admin && cd /package/admin && git clone git://github.com/MikeSofaer/daemontools.git daemontools-0.76 || true"
end
execute "compile daemontools" do
command "cd /package/admin/daemontools-0.76 && ./package/install"
end
execute "mysql run" do
command "mkdir -p /service/mysql && echo '#!/bin/sh' > /service/mysql/run && echo 'exec /usr/libexec/mysqld --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --user=mysql' >> /service/mysql/run"
end
execute "executable" do
command "chmod -R 755 /service/mysql"
end
config = YAML.load_file("/usr/local/app/diaspora/chef/cookbooks/diaspora/files/default/thins.yml")
config['thins'].each do |thin|
port = thin["port"]
dir = "/service/thin_#{port}"
flags = []
flags << "-c /usr/local/app/diaspora" #directory to run from
flags << "-e production" #run in production mode
flags << "-p #{port}" #use a socket
execute "thin run" do
command "mkdir -p #{dir} && echo '#!/bin/sh' > #{dir}/run && echo 'exec /usr/local/bin/ruby /usr/local/bin/thin start #{flags.join(" ")}' >> #{dir}/run"
end
execute "executable" do
command "chmod -R 755 " + dir
end
end
execute "websocket run" do
command "mkdir -p /service/websocket && echo '#!/bin/sh' > /service/websocket/run && echo 'cd /usr/local/app/diaspora && RAILS_ENV=production exec /usr/local/bin/ruby /usr/local/app/diaspora/script/websocket_server.rb' >> /service/websocket/run"
end
execute "executable" do
command "chmod -R 755 /service/websocket"
end
execute "redis run" do
command "mkdir -p /service/redis && echo '#!/bin/sh' > /service/redis/run && echo 'cd /usr/sbin/ && exec /usr/sbin/redis-server /usr/local/etc/redis.conf' >> /service/redis/run"
end
execute "executable" do
command "chmod -R 755 /service/redis"
end
execute "nginx run" do
command "mkdir -p /service/nginx && echo '#!/bin/sh' > /service/nginx/run && echo 'exec /usr/local/nginx/sbin/nginx' >> /service/nginx/run"
end
execute "executable" do
command "chmod -R 755 /service/nginx"
end
execute "resque worker run" do
command "mkdir -p /service/resque_worker && echo '#!/bin/sh' > /service/resque_worker/run && echo 'cd /usr/local/app/diaspora && RAILS_ENV=production QUEUES=socket_webfinger,receive,receive_salmon,mail,http HOME=/usr/local/app/diaspora exec /usr/local/bin/rake resque:work' >> /service/resque_worker/run"
end
execute "executable" do
command "chmod -R 755 /service/resque_worker"
end
execute "resque web run" do
command "mkdir -p /service/resque_web && echo '#!/bin/sh' > /service/resque_web/run && echo 'RAILS_ENV=production HOME=/usr/local/app/diaspora exec resque-web -F' >> /service/resque_web/run"
end
execute "executable" do
command "chmod -R 755 /service/resque_web"
end
include_recipe "diaspora::image_magick"
include_recipe "diaspora::mysql"
include_recipe "diaspora::iptables"
include_recipe "diaspora::daemontools"
include_recipe "diaspora::backup"
include_recipe "diaspora::nginx"
include_recipe "diaspora::redis"
include_recipe "diaspora::curl" if platform?("centos")
package "imagemagick" do
case node['platform']
when "debian"
package_name "imagemagick"
when "centos"
package_name "ImageMagick"
end
end
if platform?("debian")
package "libmagick9-dev"
end
if platform?("centos")
cookbook_file "/etc/sysconfig/iptables" do
source "iptables"
notifies :run, "execute[restart iptables]", :immediately
end
execute "restart iptables" do
command "/etc/init.d/iptables restart"
end
end
mysql_pkgs = value_for_platform(
"debian" => { "default" => %w[mysql-server libmysqlclient-dev libmysql-ruby] },
"centos" => { "default" => %w[mysql mysql-server mysql-devel] }
)
if platform?("centos")
execute "start mysql service to create the system tables" do
command "service mysqld start"
end
execute "stop service again" do
command "service mysqld stop"
end
end
execute "Get nginx from nginx web site" do
command "mkdir -p /tmp/install && curl http://sysoev.ru/nginx/nginx-0.8.53.tar.gz > /tmp/install/nginx-0.8.53.tar.gz"
end
execute "unzip nginx" do
command "cd /tmp/install && tar -xvf nginx-0.8.53.tar.gz"
end
execute "configure nginx" do
command "cd /tmp/install/nginx-0.8.53 && ./configure --with-http_ssl_module"
end
execute "compile nginx" do
command "cd /tmp/install/nginx-0.8.53 && make"
end
execute "install nginx" do
command "cd /tmp/install/nginx-0.8.53 && make install"
end
cookbook_file "/usr/local/nginx/html/crossdomain.xml" do
source "crossdomain.xml"
end
execute "change crossdomain.xml permissions" do
command "chmod 755 /usr/local/nginx/html/crossdomain.xml"
end
config = YAML.load_file("/usr/local/app/diaspora/chef/cookbooks/diaspora/files/default/thins.yml")
template "/usr/local/nginx/conf/nginx.conf" do
source "nginx.conf.erb"
variables :ports => config['thins'].map{|thin| "#{thin["port"]}"}, :url => config['url'], :cert_location => config['cert_location'], :key_location => config['key_location'],
:s3_bucket => config['s3_bucket'] , :s3_path => config['s3_path']
end
case node['platform']
when "debian"
remote_file "#{Chef::Config[:file_cache_path]}/redis-server_2.2.2-1_amd64.deb" do
source "wget http://ftp.us.debian.org/debian/pool/main/r/redis/redis-server_2.2.2-1_amd64.deb"
end
dpkg_package "redis-server" do
source "#{Chef::Config[:file_cache_path]}/redis-server_2.2.2-1_amd64.deb"
end
when "centos"
execute "refresh yum" do
command "yum update -y"
end
package "redis"
end
cookbook_file "/usr/local/etc/redis.conf" do
source "redis.conf"
mode 0755
end
directory "/usr/local/var/db/redis" do
recursive true
end
cookbook_file '/etc/pki/tls/certs/startcom-cert.crt' do
source 'startcom-bundle.crt'
end
execute 'back up cert bundle' do
command 'mv /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt.bak'
end
execute 'add startcom cert' do
command 'cat /etc/pki/tls/certs/ca-bundle.crt.bak /etc/pki/tls/certs/startcom-cert.crt > /etc/pki/tls/certs/ca-bundle.crt'
not_if "cat /etc/pki/tls/certs/ca-bundle.crt | grep '#{<<LINE_FROM_CERT
J/eUsTc9t8eR9+IB7P2UieHMbtM21goZea7XNIJl/3xCu7bdC6Y0r0tg/n9DSQaL
jEO4VvLZfyFDF+qnSJUBdXXqK6VDleoVhJ0IjSZuVZur3NI50jEdYOKszFZFJPUc
VKvuht2WMoX4TE/olXa2Bd02I2e8/xXiyjvmpuw77CYRNEiN9oArGiMC64ocOnYq
e1YWHHIqs6rjYKUAnwSb4m8eFFhbpWyLWDzDuk46XPfhlis+7we8pOVdzE2fDeHc
qrvhbhrsj+G2TE15cl0XNQsd18FH2pYk4NByqFpfZi0Q3C8qE64m/gocGczQPguc
LINE_FROM_CERT
}'"
end
# Copyright (c) 2010-2011, Diaspora Inc. This file is
# licensed under the Affero General Public License version 3 or later. See
# the COPYRIGHT file.
worker_processes 1;
daemon off;
events {
worker_connections 8192;
}
http {
include mime.types;
default_type application/octet-stream;
log_format splunky '$msec code=$status url=$uri bytes=$body_bytes_sent ms=$request_time';
access_log /usr/local/nginx/logs/access.log splunky;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
upstream thin_cluster {
<% @ports.each do |port| %>
server <%="localhost:#{port}"%>;
<% end %>
}
server {
listen 843;
location / {
rewrite ^(.*)$ /crossdomain.xml;
}
error_page 400 /crossdomain.xml;
location = /crossdomain.xml {
root html;
}
}
server {
listen 80;
server_name <%= @url %> www.<%= @url %>;
rewrite ^(.*) https://<%= @url %>$1 permanent;
}
server {
listen 443;
server_name <%= @url %> www.<%= @url %>;
root /usr/local/app/diaspora/public;
ssl on;
ssl_certificate <%= @cert_location %>;
ssl_certificate_key <%= @key_location %>;
location /assets {
expires 1d;
add_header Cache-Control public;
}
location /uploads/images {
expires 5d;
add_header Cache-Control public;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
client_max_body_size 4M;
client_body_buffer_size 128K;
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
if (!-f $request_filename) {
proxy_pass http://thin_cluster;
break;
}
<% unless @s3_bucket.blank? || @s3_path.blank? %>
<%= "rewrite ^/uploads/images/(.*)$ #{@s3_bucket}#{@s3_path}$1 permanent;" %>
<% end %>
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment