forked from onetimesecret/onetimesecret
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Rudyfile
242 lines (205 loc) · 5.52 KB
/
Rudyfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
# ---------------------------------------------------- COMMON ROUTINES --------
# The routines block describes the repeatable processes for each machine group.
# To run a routine, specify its name on the command-line: rudy startup
routines do
role :fe do
quick_deploy do
before :release
after :deploy
end
deploy do
before :promote
after :restart_thin
end
upgrade do
before :promote
after :bundle_install
end
promote do
local do
# TODO: can do a fetch without a release using:
# git describe --tags HEAD
$build = ruby './bin/ots', 'build'
$branch = git 'rev-parse', '--abbrev-ref', 'HEAD'
git 'co', 'production'
git 'merge', 'master'
git 'push', 'origin', 'production'
git 'co', $branch
end
remote do |argv|
rel = argv.first || $build
cd 'onetimesecret.com'
git 'fetch', '--tags', 'origin'
git 'checkout', "rel-#{rel}"
end
end
release do
local do |argv|
$branch = git 'rev-parse', '--abbrev-ref', 'HEAD'
raise "Cannot release from master" if $branch == 'master'
git 'fetch', '--tags', :origin
msg = argv.first
$build = ruby './bin/ots', 'register-build', msg
$build_tag = "rel-#{$build}"
msg_ci = "RUDY PRESENTS: #{$build}"
msg_ci << " (#{msg})" if msg
git 'commit', :m, msg_ci, 'BUILD.yml'
git 'co', 'master'
git 'merge', $branch
git 'tag', $build_tag
git 'push', :origin, '--tags'
git 'push', :origin
git 'co', $branch
end
end
end
end
# ----------------------------------------------------- SETUP ROUTINES --------
# The routines block describes the repeatable processes for each machine group.
# To run a routine, specify its name on the command-line: rudy startup
routines do
env :prod, :prod2 do
upload_certs do
remote :root do
env = $global.environment
base_path = "config/certs"
file_upload "#{base_path}/onetimesecret.com.key", "/root/"
file_upload "#{base_path}/onetimesecret.com.crt", "/root/"
end
end
end
env :dev do
upload_certs do
remote :root do
env = $global.environment
base_path = "config/certs"
file_upload "#{base_path}/onetimesecret.com.key", "/etc/pki/tls/private/"
file_upload "#{base_path}/onetimesecret.com.crt", "/etc/pki/tls/certs/"
end
end
end
env :proto do
upload_certs do
remote :root do
env = $global.environment
file_upload "config/environment/#{config_env}/bs-proto-server.crt", "/root/"
file_upload "config/environment/#{config_env}/bs-proto-server.key", "/root/"
end
end
end
upload_keys do
remote :stella do
base_path = "config/ssh"
file_upload "#{base_path}/id_rsa", '.ssh/'
file_upload "#{base_path}/id_rsa.pub", '.ssh/'
file_upload "config/ssh/known_hosts", '.ssh/'
wildly { chmod :R, 600, '.ssh/*' }
end
end
install_redis do
remote :root do
yum 'install', 'redis'
end
end
set_nginx_config do
remote :root do
if File.exists?('/etc/onetime/config')
$otsconfig = YAML.load_file('/etc/onetime/config')
else
$otsconfig = YAML.load_file('./etc/config')
end
$nginx_config = {}
$nginx_config[:ipaddress] = $otsconfig[:nginx][:ipaddress]
$nginx_config[:servername] = $otsconfig[:nginx][:servername]
puts File.expand_path(File.join('config', 'tmpl', 'nginx.conf.tmpl'))
template_upload File.expand_path(File.join('config', 'tmpl', 'nginx.conf.tmpl')), "/tmp/"
mv '/tmp/nginx.conf.tmpl', '/etc/nginx/nginx.conf'
chown 'root:', '/etc/nginx/nginx.conf'
chmod '644', '/etc/nginx/nginx.conf'
end
end
end
# ---------------------------------------------- MAINTENANCE ROUTINES --------
routines do
update_gems do
remote do
#gem_install :bundler
cd '/var/www/onetimesecret.com/'
bundle :install
end
end
start_redis do
remote :root do
redis 'start'
end
end
stop_redis do
remote :root do
redis 'stop'
end
end
restart_redis do
remote :root do
redis 'restart'
end
end
start_nginx do
remote :root do
nginx 'start'
end
end
stop_nginx do
remote :root do
nginx 'stop'
end
end
restart_nginx do
remote :root do
nginx 'restart'
end
end
reload_nginx do
remote :root do
nginx 'reload'
end
end
status do
remote do
procs = ps 'aux'
puts "Thin:", procs.grep(/thin/i)
puts "Redis:", procs.grep(/redis/i)
puts "Ruby:", procs.grep(/ruby/i)
puts "nginx:", procs.grep(/nginx/i)
end
end
sysinfo2 do
remote do
puts sysinfo(:v)
end
end
echo_foobar do
local do
puts 'foobar!'
end
end
start_thin do
remote do
cd '/var/www/onetimesecret.com'
# Note: here is an example for running thin on a port:
# thin :e, config_env, :R, 'config.ru', :p, '7143', 'start'
thin :e, config_env, :R, 'config.ru', :S, '/var/run/thin/thin.sock', :s, 2, 'start'
end
end
restart_thin do
remote do
cd '/var/www/onetimesecret.com'
thin :e, config_env, :R, 'config.ru', :S, '/var/run/thin/thin.sock', :s, 2, 'restart'
end
end
stop_thin do
remote do
cd '/var/www/onetimesecret.com'
thin :e, config_env, :R, 'config.ru', :S, '/var/run/thin/thin.sock', :s, 2, 'stop'
end
end
end