# HG changeset patch # User Chris Cannam # Date 1502967329 -3600 # Node ID d8949733849dfb3100379bb436242c6fea5963c6 # Parent d0d59d12db945676cf2cf363c251e853f30a62ae Another rearrangement, to share provisioning scripts diff -r d0d59d12db94 -r d8949733849d .hgignore --- a/.hgignore Wed Aug 16 16:58:22 2017 +0100 +++ b/.hgignore Thu Aug 17 11:55:29 2017 +0100 @@ -42,3 +42,6 @@ *.pyc *-console.log postgres-dumpall +deploy/config/code.conf +deploy/config/database.yml +deploy/docker/Dockerfile diff -r d0d59d12db94 -r d8949733849d deploy/config/code.conf.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/code.conf.in Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,94 @@ + +# A test Apache config. Lacks SSL, lacks a desirable extra layer of +# authentication for admin interface paths. Do not deploy this. + +PerlLoadModule Apache::Authn::SoundSoftware + + + ServerName code.soundsoftware.ac.uk + ServerAdmin chris.cannam@soundsoftware.ac.uk + + DocumentRoot /var/www/code/public + PassengerRestartDir restart_files + PassengerHighPerformance on + PassengerMaxRequests 50000 + PassengerStatThrottleRate 5 + PassengerStartTimeout 60 + PassengerFriendlyErrorPages on + RailsSpawnMethod smart + ExpiresDefault "access plus 1 minute" + + + Order allow,deny + Deny from all + Satisfy All + + + + Order allow,deny + Deny from all + Satisfy All + + + + Order allow,deny + Deny from all + Satisfy All + + + + Options -MultiViews + + + + # Avoid other sites embedding our fonts + RewriteEngine on + RewriteCond %{HTTP_REFERER} !^$ + RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC] + RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F] + + + ScriptAlias /hg "/var/hg/index.cgi" + + + AuthName "Mercurial" + AuthType Basic + Require valid-user + PerlAccessHandler Apache::Authn::SoundSoftware::access_handler + PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler + PerlSetVar HTTPS "on" + SoundSoftwareDSN "dbi:Pg:database=code;host=localhost" + SoundSoftwareDbUser "code" + SoundSoftwareDbPass "INSERT_POSTGRES_PASSWORD_HERE" + SoundSoftwareRepoPrefix "/var/hg/" + #!!! "on" in production please!: + SoundSoftwareSslRequired "off" + Options +ExecCGI + AddHandler cgi-script .cgi + ExpiresDefault now + + + Alias /git "/var/files/git-mirror" + + + Options -Indexes +FollowSymLinks + Order allow,deny + Allow from all + + + Order allow,deny + Deny from all + + + Order allow,deny + Deny from all + + + ErrorLog /var/log/apache2/code-error.log + CustomLog /var/log/apache2/code-access.log vhost_combined + + LogLevel warn + ServerSignature Off + + + diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.daily/00-backup-db --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/cron.daily/00-backup-db Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,6 @@ +#!/bin/sh +outfile="/var/files/backups/postgres-dumpall-`date +%Y%m%d%H%M`" +oldmask=`umask` +umask 0277 +su postgres -c /usr/bin/pg_dumpall > "$outfile" && bzip2 "$outfile" +umask "$oldmask" diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.daily/10-extract-docs --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/cron.daily/10-extract-docs Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,3 @@ +#!/bin/bash +cd /tmp +/var/www/code/docgen/extract-docs.sh diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.daily/15-get-statistics --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/cron.daily/15-get-statistics Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,2 @@ +#!/bin/bash +sudo -u code sh -c "cd /var/www/code ; ./script/rails runner -e production extra/soundsoftware/get-statistics.rb >> log/statistics.log" diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.daily/20-check-end-of-external-repo-log --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/cron.daily/20-check-end-of-external-repo-log Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,2 @@ +#!/bin/bash +tail -2 /var/log/external-repos.log diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.hourly/00-drupal-cron --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/cron.hourly/00-drupal-cron Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,3 @@ +#!/bin/bash +/usr/bin/wget -O - -q -t 1 http://www.soundsoftware.ac.uk/cron.php + diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.hourly/10-redmine-fetch-changesets --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/cron.hourly/10-redmine-fetch-changesets Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,3 @@ +#!/bin/bash +sudo -u code sh -c "cd /var/www/code ; ./script/rails runner \"Repository.fetch_changesets\" -e production 2>&1 | grep -v 'Not trusting' | grep -v 'svn:' | grep -v 'working copy' | grep -v 'deprecated' | grep -v 'version_requirements'" +exit 0 diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.hourly/20-convert-external-repos --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/cron.hourly/20-convert-external-repos Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,2 @@ +#!/bin/bash +sudo -H -u www-data /var/www/code/reposman/run-external.sh diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.hourly/30-expire-explore-cache --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/cron.hourly/30-expire-explore-cache Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,2 @@ +#!/bin/sh +rm -f /var/www/code/tmp/cache/*/*/views*explore* diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.hourly/40-export-git --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/cron.hourly/40-export-git Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,3 @@ +#!/bin/bash +logfile="/var/www/code/log/export-git.log" +sudo -u code sh -c "cd /tmp ; /var/www/code/extra/soundsoftware/export-git.sh production /var/hg /var/files/git-mirror >> $logfile 2>&1" diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.minutely/00-redmine-repositories --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/cron.minutely/00-redmine-repositories Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,3 @@ +#!/bin/bash +sudo -u www-data /var/www/code/reposman/run-reposman.sh + diff -r d0d59d12db94 -r d8949733849d deploy/config/cron.monthly/00-backup-files --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/cron.monthly/00-backup-files Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,10 @@ +#!/bin/sh +for location in var/www etc/apache2 etc/cron.*; do + target="/var/files/backups/`echo $location | sed 's,/,_,g'`-`date +%Y%m%d%H%M`" + oldmask=`umask` + umask 0277 + cd / + tar cjf "$target".tar.bz2 "$location" + umask "$oldmask" +done + diff -r d0d59d12db94 -r d8949733849d deploy/config/database.yml.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/database.yml.in Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,7 @@ +production: + adapter: postgresql + database: code + host: localhost + username: code + password: "INSERT_POSTGRES_PASSWORD_HERE" + diff -r d0d59d12db94 -r d8949733849d deploy/config/hgweb.config --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/hgweb.config Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,6 @@ +[paths] +/ = /var/hg/* + +[web] +allow_archive = gz, zip, bz2 +allow_push = * diff -r d0d59d12db94 -r d8949733849d deploy/config/index.cgi --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/index.cgi Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,67 @@ +#!/usr/bin/env python +# +# An example CGI script to export multiple hgweb repos, edit as necessary + +# adjust python path if not a system-wide install: +#import sys +#sys.path.insert(0, "/path/to/python/lib") + +# enable importing on demand to reduce startup time +from mercurial import demandimport; demandimport.enable() + +# Uncomment to send python tracebacks to the browser if an error occurs: +import cgitb +cgitb.enable() + +# If you'd like to serve pages with UTF-8 instead of your default +# locale charset, you can do so by uncommenting the following lines. +# Note that this will cause your .hgrc files to be interpreted in +# UTF-8 and all your repo files to be displayed using UTF-8. +# +import os +os.environ["HGENCODING"] = "UTF-8" + +from mercurial.hgweb.hgwebdir_mod import hgwebdir +import mercurial.hgweb.wsgicgi as wsgicgi + +# The config file looks like this. You can have paths to individual +# repos, collections of repos in a directory tree, or both. +# +# [paths] +# virtual/path1 = /real/path1 +# virtual/path2 = /real/path2 +# virtual/root = /real/root/* +# / = /real/root2/* +# virtual/root2 = /real/root2/** +# +# [collections] +# /prefix/to/strip/off = /root/of/tree/full/of/repos +# +# paths example: +# +# * First two lines mount one repository into one virtual path, like +# '/real/path1' into 'virtual/path1'. +# +# * The third entry mounts every mercurial repository found in '/real/root' +# in 'virtual/root'. This format is preferred over the [collections] one, +# since using absolute paths as configuration keys is not supported on every +# platform (especially on Windows). +# +# * The fourth entry is a special case mounting all repositories in +# /'real/root2' in the root of the virtual directory. +# +# * The fifth entry recursively finds all repositories under the real root, +# and mounts them using their relative path (to given real root) under the +# virtual root. +# +# collections example: say directory tree /foo contains repos /foo/bar, +# /foo/quux/baz. Give this config section: +# [collections] +# /foo = /foo +# Then repos will list as bar and quux/baz. +# +# Alternatively you can pass a list of ('virtual/path', '/real/path') tuples +# or use a dictionary with entries like 'virtual/path': '/real/path' + +application = hgwebdir('hgweb.config') +wsgicgi.launch(application) diff -r d0d59d12db94 -r d8949733849d deploy/config/logrotate.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/logrotate.conf Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,65 @@ +# see "man logrotate" for details +# rotate log files weekly +weekly + +# keep 4 weeks worth of backlogs +rotate 4 + +# create new (empty) log files after rotating old ones +create + +# uncomment this if you want your log files compressed +#compress + +# packages drop log rotation information into this directory +include /etc/logrotate.d + +# no packages own wtmp, or btmp -- we'll rotate them here +/var/log/wtmp { + missingok + monthly + create 0664 root utmp + rotate 1 +} + +/var/log/btmp { + missingok + monthly + create 0660 root utmp + rotate 1 +} + +# system-specific logs may be configured here +/var/www/code/log/*.log { + weekly + missingok + rotate 52 + compress + delaycompress + create 640 code code + sharedscripts + postrotate + touch /var/www/code/restart_files/restart.txt + endscript +} + +/var/log/reposman.log { + weekly + missingok + rotate 52 + compress + delaycompress + create 640 www-data code + sharedscripts +} + +/var/log/external-repos.log { + weekly + missingok + rotate 52 + compress + delaycompress + create 640 www-data code + sharedscripts +} + diff -r d0d59d12db94 -r d8949733849d deploy/config/passenger.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/passenger.conf Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,2 @@ +PassengerMaxPoolSize 60 + diff -r d0d59d12db94 -r d8949733849d deploy/config/passenger.load --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/passenger.load Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,3 @@ +LoadModule passenger_module /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so +PassengerRoot /var/lib/gems/2.3.0/gems/passenger-4.0.60 +PassengerDefaultRuby /usr/bin/ruby2.3 diff -r d0d59d12db94 -r d8949733849d deploy/config/perl.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/config/perl.conf Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,4 @@ +# Apache::DBI is supposed to be a transparent replacement for Perl DBI with +# better performance when multiple connections are made with common DSN, user +# and password +PerlModule Apache::DBI diff -r d0d59d12db94 -r d8949733849d deploy/docker/Dockerfile.in --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/docker/Dockerfile.in Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,20 @@ + +FROM ubuntu:16.04 +MAINTAINER Chris Cannam + +COPY . /var/www/code + +WORKDIR /var/www/code + +INSERT_PROVISIONING_HERE + +# Start Postgres and foregrounded Apache + +RUN echo "#!/bin/bash" > container-run.sh +RUN echo "/etc/init.d/postgresql start" >> container-run.sh +RUN echo "apache2ctl -D FOREGROUND" >> container-run.sh +RUN chmod +x container-run.sh + +EXPOSE 80 +CMD ./container-run.sh + diff -r d0d59d12db94 -r d8949733849d deploy/docker/Dockerfile.inline --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/docker/Dockerfile.inline Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,139 @@ + +# For documentation and experimental purposes only. As a +# reconstruction of the machine image that runs this application, +# there are lots of things missing here; but as a good Docker +# configuration, it fails by mixing together rather a lot of concerns. + +FROM ubuntu:16.04 +MAINTAINER Chris Cannam + +RUN apt-get update && \ + apt-get install -y \ + apache2 \ + apache2-dev \ + apt-utils \ + build-essential \ + cron \ + curl \ + doxygen \ + exim4 \ + git \ + graphviz \ + imagemagick \ + libapache-dbi-perl \ + libapache2-mod-perl2 \ + libapr1-dev \ + libaprutil1-dev \ + libauthen-simple-ldap-perl \ + libcurl4-openssl-dev \ + libdbd-pg-perl \ + libpq-dev \ + libmagickwand-dev \ + libio-socket-ssl-perl \ + logrotate \ + mercurial \ + postgresql \ + rsync \ + ruby \ + ruby-dev \ + sudo + +# Also used on the live site, for javadoc extraction, but this is +# would be by far the biggest package here: let's omit it while we're +# not making use of it +# openjdk-9-jdk-headless + +RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + + +# Passenger gets installed through gem, not apt + +RUN gem install passenger -v 4.0.60 --no-rdoc --no-ri +RUN passenger-install-apache2-module --languages=ruby + + +# Copy across webapp, set up ownership + +COPY . /var/www/code + +RUN groupadd code +RUN useradd -g code -G www-data code +RUN chown -R code.www-data /var/www/code +RUN find /var/www/code -type d -exec chmod g+s \{\} \; + + +# Initialise /var/hg (in reality this would be mounted from somewhere) + +RUN mkdir -p /var/hg +RUN chown code.www-data /var/hg +RUN chmod g+s /var/hg +COPY extra/soundsoftware/scripted-deploy/config/index.cgi /var/hg/ +COPY extra/soundsoftware/scripted-deploy/config/hgweb.config /var/hg/ +RUN chmod +x /var/hg/index.cgi + + +# We're based in the code webapp directory from here on + +WORKDIR /var/www/code + + +# Set up database config etc + +RUN cp extra/soundsoftware/scripted-deploy/config/database.yml.interpolated config/database.yml + + +# Install Rails and dependencies (database.yml must be populated before this) + +RUN gem install bundler +RUN bundle install + + +# Initialise Redmine token (bundler must be installed before this) + +RUN bundle exec rake generate_secret_token + + +# Import Postgres database from postgres-dumpall file + +RUN chown postgres postgres-dumpall +RUN /etc/init.d/postgresql start && sudo -u postgres psql -f postgres-dumpall postgres +RUN rm postgres-dumpall + + +# Install Perl auth module for Hg access + +RUN mkdir -p /usr/local/lib/site_perl/Apache/Authn/ +RUN cp extra/soundsoftware/SoundSoftware.pm /usr/local/lib/site_perl/Apache/Authn/ + + +# Set up Apache config (todo: insert variables) + +RUN rm -f /etc/apache2/sites-enabled/000-default.conf + +RUN cp extra/soundsoftware/scripted-deploy/config/passenger.conf /etc/apache2/mods-available/ +RUN cp extra/soundsoftware/scripted-deploy/config/passenger.load /etc/apache2/mods-available/ +RUN cp extra/soundsoftware/scripted-deploy/config/perl.conf /etc/apache2/mods-available/ + +RUN ln -s ../mods-available/passenger.conf /etc/apache2/mods-enabled/ +RUN ln -s ../mods-available/passenger.load /etc/apache2/mods-enabled/ +RUN ln -s ../mods-available/perl.conf /etc/apache2/mods-enabled/ +RUN ln -s ../mods-available/expires.load /etc/apache2/mods-enabled/ +RUN ln -s ../mods-available/rewrite.load /etc/apache2/mods-enabled/ +RUN ln -s ../mods-available/cgi.load /etc/apache2/mods-enabled/ + +RUN cp extra/soundsoftware/scripted-deploy/config/code.conf.interpolated /etc/apache2/sites-available/code.conf +RUN ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf + +RUN apache2ctl configtest + + +# Start Postgres and foregrounded Apache + +RUN echo "#!/bin/bash" > container-run.sh +RUN echo "/etc/init.d/postgresql start" >> container-run.sh +RUN echo "apache2ctl -D FOREGROUND" >> container-run.sh +RUN chmod +x container-run.sh + +EXPOSE 80 +CMD ./container-run.sh + diff -r d0d59d12db94 -r d8949733849d deploy/docker/start.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/docker/start.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,70 @@ +#!/bin/bash + +mydir=$(dirname "$0") + +dbpwd="$1" +if [ -z "$dbpwd" ]; then + echo "Usage: $0 " 1>&2 + exit 2 +fi + +set -eu -o pipefail + +rootdir="$mydir/../.." + +deploydir="$rootdir"/deploy +if [ ! -d "$deploydir" ]; then + echo "ERROR: Unexpected repository layout - expected directory at $deploydir" + exit 2 +fi + +managerdir="$deploydir/docker" +if [ ! -d "$managerdir" ]; then + echo "ERROR: Required directory $managerdir not found" + exit 2 +fi + +configdir="$deploydir/config" +if [ ! -d "$configdir" ]; then + echo "ERROR: Required directory $configdir not found" + exit 2 +fi + +if [ ! -f "$rootdir/postgres-dumpall" ]; then + echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall" + exit 2 +fi + +fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts +if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then + echo "ERROR: I expect to find necessary webfonts in $fontdir" + exit 2 +fi + +for f in database.yml code.conf ; do + cat "$configdir/$f.in" | + sed 's/INSERT_POSTGRES_PASSWORD_HERE/'"$dbpwd"'/g' > \ + "$configdir/$f" +done + +provisioning_commands=$( + for x in "$deploydir"/provision.d/[0-9]*; do + echo "RUN /bin/bash /var/www/code/deploy/provision.d/$(basename $x)" + done | sed 's/$/\\n/' | fmt -2000 | sed 's/ RUN/RUN/g' ) + +( echo + echo "### DO NOT EDIT THIS FILE - it is generated from Dockerfile.in" + echo +) > "$managerdir/Dockerfile" + +cat "$managerdir/Dockerfile.in" | + sed 's,INSERT_PROVISIONING_HERE,'"$provisioning_commands"',' >> \ + "$managerdir/Dockerfile" + +cd "$rootdir" + +dockertag="cannam/soundsoftware-site" + +sudo docker build -t "$dockertag" -f "deploy/docker/Dockerfile" . +sudo docker run -p 8080:80 -d "$dockertag" + diff -r d0d59d12db94 -r d8949733849d deploy/provision.d/000-system-packages.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/provision.d/000-system-packages.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,41 @@ +#!/bin/bash + +set -e + +apt-get update && \ + apt-get dist-upgrade -y && \ + apt-get install -y \ + ack-grep \ + apache2 \ + apache2-dev \ + apt-utils \ + build-essential \ + cron \ + curl \ + doxygen \ + exim4 \ + git \ + graphviz \ + imagemagick \ + libapache-dbi-perl \ + libapache2-mod-perl2 \ + libapr1-dev \ + libaprutil1-dev \ + libauthen-simple-ldap-perl \ + libcurl4-openssl-dev \ + libdbd-pg-perl \ + libpq-dev \ + libmagickwand-dev \ + libio-socket-ssl-perl \ + logrotate \ + mercurial \ + postgresql \ + rsync \ + ruby \ + ruby-dev \ + sudo + +apt-get clean && rm -rf /var/lib/apt/lists/* +locale-gen en_US.UTF-8 + + diff -r d0d59d12db94 -r d8949733849d deploy/provision.d/010-passenger.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/provision.d/010-passenger.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +# Passenger gets installed through gem, not apt + +if [ ! -f /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so ]; then + gem install passenger -v 4.0.60 --no-rdoc --no-ri + passenger-install-apache2-module --languages=ruby +fi + diff -r d0d59d12db94 -r d8949733849d deploy/provision.d/020-users.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/provision.d/020-users.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,9 @@ +#!/bin/bash + +set -e + +if ! grep -q '^code:' /etc/passwd ; then + groupadd code + useradd -g code -G www-data code +fi + diff -r d0d59d12db94 -r d8949733849d deploy/provision.d/030-webapp-dir.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/provision.d/030-webapp-dir.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,16 @@ +#!/bin/bash + +set -e + +if [ ! -d /var/www/code ]; then + if [ ! -d /code-to-deploy ]; then + echo "ERROR: Expected to find code tree at /code-to-deploy: is the deployment script being invoked correctly?" + exit 2 + fi + cp -a /code-to-deploy /var/www/code +fi + +chown -R code.www-data /var/www/code +find /var/www/code -type d -exec chmod g+s \{\} \; + + diff -r d0d59d12db94 -r d8949733849d deploy/provision.d/040-hg-dir.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/provision.d/040-hg-dir.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,20 @@ +#!/bin/bash + +set -e + +if [ ! -f /var/hg/index.cgi ]; then + mkdir -p /var/hg + chown code.www-data /var/hg + chmod g+s /var/hg + cp /var/www/code/deploy/config/index.cgi /var/hg/ + cp /var/www/code/deploy/config/hgweb.config /var/hg/ + chmod +x /var/hg/index.cgi +fi + +if [ ! -d /var/hg/vamp-plugin-sdk ]; then + # This project can be used for testing + echo "Cloning vamp-plugin-sdk repo for testing..." + cd /var/hg + hg clone https://code.soundsoftware.ac.uk/hg/vamp-plugin-sdk + chown -R code.www-data vamp-plugin-sdk +fi diff -r d0d59d12db94 -r d8949733849d deploy/provision.d/050-webapp-db.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/provision.d/050-webapp-db.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,15 @@ +#!/bin/bash + +set -e + +infile=/var/www/code/deploy/config/database.yml + +if [ ! -f "$infile" ]; then + echo "ERROR: Database config file $infile not found - has the database secret been interpolated from $infile.in correctly?" + exit 2 +fi + +if [ ! -f /var/www/code/config/database.yml ]; then + cp "$infile" /var/www/code/config/database.yml +fi + diff -r d0d59d12db94 -r d8949733849d deploy/provision.d/060-bundler.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/provision.d/060-bundler.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,8 @@ +#!/bin/bash + +set -e + +cd /var/www/code +gem install bundler +bundle install + diff -r d0d59d12db94 -r d8949733849d deploy/provision.d/070-secret-token.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/provision.d/070-secret-token.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,7 @@ +#!/bin/bash + +set -e + +cd /var/www/code +bundle exec rake generate_secret_token + diff -r d0d59d12db94 -r d8949733849d deploy/provision.d/080-database-load.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/provision.d/080-database-load.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,16 @@ +#!/bin/bash + +set -e + +/etc/init.d/postgresql start + +cd /var/www/code + +if [ -f postgres-dumpall ]; then + chmod ugo+r postgres-dumpall + sudo -u postgres psql -f postgres-dumpall postgres + rm postgres-dumpall # This was just a copy of the shared folder file anyway +fi + + + diff -r d0d59d12db94 -r d8949733849d deploy/provision.d/090-perl-auth-module.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/provision.d/090-perl-auth-module.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,9 @@ +#!/bin/bash + +set -e + +if [ ! -f /usr/local/lib/site_perl/Apache/Authn/SoundSoftware.pm ]; then + mkdir -p /usr/local/lib/site_perl/Apache/Authn/ + cp /var/www/code/extra/soundsoftware/SoundSoftware.pm /usr/local/lib/site_perl/Apache/Authn/ +fi + diff -r d0d59d12db94 -r d8949733849d deploy/provision.d/100-apache-config.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/provision.d/100-apache-config.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,35 @@ +#!/bin/bash + +set -e + +cd /var/www/code + +codeconffile=/var/www/code/deploy/config/code.conf + +if [ ! -f "$codeconffile" ]; then + echo "ERROR: Apache config file $codeconffile not found - has the database secret been interpolated from $codeconffile.in correctly?" + exit 2 +fi + +if [ ! -f /etc/apache2/sites-enabled/10-code.conf ]; then + + rm -f /etc/apache2/sites-enabled/000-default.conf + + cp deploy/config/passenger.conf /etc/apache2/mods-available/ + cp deploy/config/passenger.load /etc/apache2/mods-available/ + cp deploy/config/perl.conf /etc/apache2/mods-available/ + + ln -s ../mods-available/passenger.conf /etc/apache2/mods-enabled/ + ln -s ../mods-available/passenger.load /etc/apache2/mods-enabled/ + ln -s ../mods-available/perl.conf /etc/apache2/mods-enabled/ + ln -s ../mods-available/expires.load /etc/apache2/mods-enabled/ + ln -s ../mods-available/rewrite.load /etc/apache2/mods-enabled/ + ln -s ../mods-available/cgi.load /etc/apache2/mods-enabled/ + + cp "$codeconffile" /etc/apache2/sites-available/code.conf + ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf + + apache2ctl configtest + +fi + diff -r d0d59d12db94 -r d8949733849d deploy/provision.d/110-apache-start.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/provision.d/110-apache-start.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,6 @@ +#!/bin/bash + +set -e + +apache2ctl restart + diff -r d0d59d12db94 -r d8949733849d deploy/vagrant/Vagrantfile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/vagrant/Vagrantfile Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,9 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +Vagrant.configure("2") do |config| + config.vm.box = "ubuntu/xenial64" + config.vm.network "forwarded_port", guest: 80, host: 8080 + config.vm.synced_folder "../..", "/code-to-deploy" + config.vm.provision :shell, path: "vagrant-provision.sh" +end diff -r d0d59d12db94 -r d8949733849d deploy/vagrant/start.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/vagrant/start.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,53 @@ +#!/bin/bash + +mydir=$(dirname "$0") + +dbpwd="$1" +if [ -z "$dbpwd" ]; then + echo "Usage: $0 " 1>&2 + exit 2 +fi + +set -eu -o pipefail + +rootdir="$mydir/../.." + +deploydir="$rootdir"/deploy +if [ ! -d "$deploydir" ]; then + echo "ERROR: Unexpected repository layout - expected directory at $deploydir" + exit 2 +fi + +managerdir="$deploydir/vagrant" +if [ ! -d "$managerdir" ]; then + echo "ERROR: Required directory $managerdir not found" + exit 2 +fi + +configdir="$deploydir/config" +if [ ! -d "$configdir" ]; then + echo "ERROR: Required directory $configdir not found" + exit 2 +fi + +if [ ! -f "$rootdir/postgres-dumpall" ]; then + echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall" + exit 2 +fi + +fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts +if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then + echo "ERROR: I expect to find necessary webfonts in $fontdir" + exit 2 +fi + +for f in database.yml code.conf ; do + cat "$configdir/$f.in" | + sed 's/INSERT_POSTGRES_PASSWORD_HERE/'"$dbpwd"'/g' > \ + "$configdir/$f" +done + +cd "$managerdir" + +vagrant up + diff -r d0d59d12db94 -r d8949733849d deploy/vagrant/vagrant-provision.sh --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/vagrant/vagrant-provision.sh Thu Aug 17 11:55:29 2017 +0100 @@ -0,0 +1,20 @@ +#!/bin/bash + +#!!! still not covered: +# * cron jobs +# * https +# * web fonts +# * reposman scripts (and their API key setup, etc) +# * docgen script install +# * logrotate config (check against system one) + +set -e + +for f in /code-to-deploy/deploy/provision.d/[0-9]* ; do + case "$f" in + *~) ;; + *) echo "Running provision script: $f" + /bin/bash "$f";; + esac +done + diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/code.conf --- a/extra/soundsoftware/scripted-deploy/config/code.conf Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,94 +0,0 @@ - -# A test Apache config. Lacks SSL, lacks a desirable extra layer of -# authentication for admin interface paths. Do not deploy this. - -PerlLoadModule Apache::Authn::SoundSoftware - - - ServerName code.soundsoftware.ac.uk - ServerAdmin chris.cannam@soundsoftware.ac.uk - - DocumentRoot /var/www/code/public - PassengerRestartDir restart_files - PassengerHighPerformance on - PassengerMaxRequests 50000 - PassengerStatThrottleRate 5 - PassengerStartTimeout 60 - PassengerFriendlyErrorPages on - RailsSpawnMethod smart - ExpiresDefault "access plus 1 minute" - - - Order allow,deny - Deny from all - Satisfy All - - - - Order allow,deny - Deny from all - Satisfy All - - - - Order allow,deny - Deny from all - Satisfy All - - - - Options -MultiViews - - - - # Avoid other sites embedding our fonts - RewriteEngine on - RewriteCond %{HTTP_REFERER} !^$ - RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC] - RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F] - - - ScriptAlias /hg "/var/hg/index.cgi" - - - AuthName "Mercurial" - AuthType Basic - Require valid-user - PerlAccessHandler Apache::Authn::SoundSoftware::access_handler - PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler - PerlSetVar HTTPS "on" - SoundSoftwareDSN "dbi:Pg:database=code;host=localhost" - SoundSoftwareDbUser "code" - SoundSoftwareDbPass "INSERT_POSTGRES_PASSWORD_HERE" - SoundSoftwareRepoPrefix "/var/hg/" - #!!! "on" in production please!: - SoundSoftwareSslRequired "off" - Options +ExecCGI - AddHandler cgi-script .cgi - ExpiresDefault now - - - Alias /git "/var/files/git-mirror" - - - Options -Indexes +FollowSymLinks - Order allow,deny - Allow from all - - - Order allow,deny - Deny from all - - - Order allow,deny - Deny from all - - - ErrorLog /var/log/apache2/code-error.log - CustomLog /var/log/apache2/code-access.log vhost_combined - - LogLevel warn - ServerSignature Off - - - diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/cron.daily/00-backup-db --- a/extra/soundsoftware/scripted-deploy/config/cron.daily/00-backup-db Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,6 +0,0 @@ -#!/bin/sh -outfile="/var/files/backups/postgres-dumpall-`date +%Y%m%d%H%M`" -oldmask=`umask` -umask 0277 -su postgres -c /usr/bin/pg_dumpall > "$outfile" && bzip2 "$outfile" -umask "$oldmask" diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/cron.daily/10-extract-docs --- a/extra/soundsoftware/scripted-deploy/config/cron.daily/10-extract-docs Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ -#!/bin/bash -cd /tmp -/var/www/code/docgen/extract-docs.sh diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/cron.daily/15-get-statistics --- a/extra/soundsoftware/scripted-deploy/config/cron.daily/15-get-statistics Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,2 +0,0 @@ -#!/bin/bash -sudo -u code sh -c "cd /var/www/code ; ./script/rails runner -e production extra/soundsoftware/get-statistics.rb >> log/statistics.log" diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/cron.daily/20-check-end-of-external-repo-log --- a/extra/soundsoftware/scripted-deploy/config/cron.daily/20-check-end-of-external-repo-log Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,2 +0,0 @@ -#!/bin/bash -tail -2 /var/log/external-repos.log diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/cron.hourly/00-drupal-cron --- a/extra/soundsoftware/scripted-deploy/config/cron.hourly/00-drupal-cron Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ -#!/bin/bash -/usr/bin/wget -O - -q -t 1 http://www.soundsoftware.ac.uk/cron.php - diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/cron.hourly/10-redmine-fetch-changesets --- a/extra/soundsoftware/scripted-deploy/config/cron.hourly/10-redmine-fetch-changesets Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ -#!/bin/bash -sudo -u code sh -c "cd /var/www/code ; ./script/rails runner \"Repository.fetch_changesets\" -e production 2>&1 | grep -v 'Not trusting' | grep -v 'svn:' | grep -v 'working copy' | grep -v 'deprecated' | grep -v 'version_requirements'" -exit 0 diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/cron.hourly/20-convert-external-repos --- a/extra/soundsoftware/scripted-deploy/config/cron.hourly/20-convert-external-repos Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,2 +0,0 @@ -#!/bin/bash -sudo -H -u www-data /var/www/code/reposman/run-external.sh diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/cron.hourly/30-expire-explore-cache --- a/extra/soundsoftware/scripted-deploy/config/cron.hourly/30-expire-explore-cache Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,2 +0,0 @@ -#!/bin/sh -rm -f /var/www/code/tmp/cache/*/*/views*explore* diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/cron.hourly/40-export-git --- a/extra/soundsoftware/scripted-deploy/config/cron.hourly/40-export-git Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ -#!/bin/bash -logfile="/var/www/code/log/export-git.log" -sudo -u code sh -c "cd /tmp ; /var/www/code/extra/soundsoftware/export-git.sh production /var/hg /var/files/git-mirror >> $logfile 2>&1" diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/cron.minutely/00-redmine-repositories --- a/extra/soundsoftware/scripted-deploy/config/cron.minutely/00-redmine-repositories Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ -#!/bin/bash -sudo -u www-data /var/www/code/reposman/run-reposman.sh - diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/cron.monthly/00-backup-files --- a/extra/soundsoftware/scripted-deploy/config/cron.monthly/00-backup-files Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,10 +0,0 @@ -#!/bin/sh -for location in var/www etc/apache2 etc/cron.*; do - target="/var/files/backups/`echo $location | sed 's,/,_,g'`-`date +%Y%m%d%H%M`" - oldmask=`umask` - umask 0277 - cd / - tar cjf "$target".tar.bz2 "$location" - umask "$oldmask" -done - diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/database.yml --- a/extra/soundsoftware/scripted-deploy/config/database.yml Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,7 +0,0 @@ -production: - adapter: postgresql - database: code - host: localhost - username: code - password: "INSERT_POSTGRES_PASSWORD_HERE" - diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/hgweb.config --- a/extra/soundsoftware/scripted-deploy/config/hgweb.config Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,6 +0,0 @@ -[paths] -/ = /var/hg/* - -[web] -allow_archive = gz, zip, bz2 -allow_push = * diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/index.cgi --- a/extra/soundsoftware/scripted-deploy/config/index.cgi Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,67 +0,0 @@ -#!/usr/bin/env python -# -# An example CGI script to export multiple hgweb repos, edit as necessary - -# adjust python path if not a system-wide install: -#import sys -#sys.path.insert(0, "/path/to/python/lib") - -# enable importing on demand to reduce startup time -from mercurial import demandimport; demandimport.enable() - -# Uncomment to send python tracebacks to the browser if an error occurs: -import cgitb -cgitb.enable() - -# If you'd like to serve pages with UTF-8 instead of your default -# locale charset, you can do so by uncommenting the following lines. -# Note that this will cause your .hgrc files to be interpreted in -# UTF-8 and all your repo files to be displayed using UTF-8. -# -import os -os.environ["HGENCODING"] = "UTF-8" - -from mercurial.hgweb.hgwebdir_mod import hgwebdir -import mercurial.hgweb.wsgicgi as wsgicgi - -# The config file looks like this. You can have paths to individual -# repos, collections of repos in a directory tree, or both. -# -# [paths] -# virtual/path1 = /real/path1 -# virtual/path2 = /real/path2 -# virtual/root = /real/root/* -# / = /real/root2/* -# virtual/root2 = /real/root2/** -# -# [collections] -# /prefix/to/strip/off = /root/of/tree/full/of/repos -# -# paths example: -# -# * First two lines mount one repository into one virtual path, like -# '/real/path1' into 'virtual/path1'. -# -# * The third entry mounts every mercurial repository found in '/real/root' -# in 'virtual/root'. This format is preferred over the [collections] one, -# since using absolute paths as configuration keys is not supported on every -# platform (especially on Windows). -# -# * The fourth entry is a special case mounting all repositories in -# /'real/root2' in the root of the virtual directory. -# -# * The fifth entry recursively finds all repositories under the real root, -# and mounts them using their relative path (to given real root) under the -# virtual root. -# -# collections example: say directory tree /foo contains repos /foo/bar, -# /foo/quux/baz. Give this config section: -# [collections] -# /foo = /foo -# Then repos will list as bar and quux/baz. -# -# Alternatively you can pass a list of ('virtual/path', '/real/path') tuples -# or use a dictionary with entries like 'virtual/path': '/real/path' - -application = hgwebdir('hgweb.config') -wsgicgi.launch(application) diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/logrotate.conf --- a/extra/soundsoftware/scripted-deploy/config/logrotate.conf Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,65 +0,0 @@ -# see "man logrotate" for details -# rotate log files weekly -weekly - -# keep 4 weeks worth of backlogs -rotate 4 - -# create new (empty) log files after rotating old ones -create - -# uncomment this if you want your log files compressed -#compress - -# packages drop log rotation information into this directory -include /etc/logrotate.d - -# no packages own wtmp, or btmp -- we'll rotate them here -/var/log/wtmp { - missingok - monthly - create 0664 root utmp - rotate 1 -} - -/var/log/btmp { - missingok - monthly - create 0660 root utmp - rotate 1 -} - -# system-specific logs may be configured here -/var/www/code/log/*.log { - weekly - missingok - rotate 52 - compress - delaycompress - create 640 code code - sharedscripts - postrotate - touch /var/www/code/restart_files/restart.txt - endscript -} - -/var/log/reposman.log { - weekly - missingok - rotate 52 - compress - delaycompress - create 640 www-data code - sharedscripts -} - -/var/log/external-repos.log { - weekly - missingok - rotate 52 - compress - delaycompress - create 640 www-data code - sharedscripts -} - diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/passenger.conf --- a/extra/soundsoftware/scripted-deploy/config/passenger.conf Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,2 +0,0 @@ -PassengerMaxPoolSize 60 - diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/passenger.load --- a/extra/soundsoftware/scripted-deploy/config/passenger.load Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,3 +0,0 @@ -LoadModule passenger_module /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so -PassengerRoot /var/lib/gems/2.3.0/gems/passenger-4.0.60 -PassengerDefaultRuby /usr/bin/ruby2.3 diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/config/perl.conf --- a/extra/soundsoftware/scripted-deploy/config/perl.conf Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,4 +0,0 @@ -# Apache::DBI is supposed to be a transparent replacement for Perl DBI with -# better performance when multiple connections are made with common DSN, user -# and password -PerlModule Apache::DBI diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/docker/Dockerfile --- a/extra/soundsoftware/scripted-deploy/docker/Dockerfile Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,139 +0,0 @@ - -# For documentation and experimental purposes only. As a -# reconstruction of the machine image that runs this application, -# there are lots of things missing here; but as a good Docker -# configuration, it fails by mixing together rather a lot of concerns. - -FROM ubuntu:16.04 -MAINTAINER Chris Cannam - -RUN apt-get update && \ - apt-get install -y \ - apache2 \ - apache2-dev \ - apt-utils \ - build-essential \ - cron \ - curl \ - doxygen \ - exim4 \ - git \ - graphviz \ - imagemagick \ - libapache-dbi-perl \ - libapache2-mod-perl2 \ - libapr1-dev \ - libaprutil1-dev \ - libauthen-simple-ldap-perl \ - libcurl4-openssl-dev \ - libdbd-pg-perl \ - libpq-dev \ - libmagickwand-dev \ - libio-socket-ssl-perl \ - logrotate \ - mercurial \ - postgresql \ - rsync \ - ruby \ - ruby-dev \ - sudo - -# Also used on the live site, for javadoc extraction, but this is -# would be by far the biggest package here: let's omit it while we're -# not making use of it -# openjdk-9-jdk-headless - -RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - - -# Passenger gets installed through gem, not apt - -RUN gem install passenger -v 4.0.60 --no-rdoc --no-ri -RUN passenger-install-apache2-module --languages=ruby - - -# Copy across webapp, set up ownership - -COPY . /var/www/code - -RUN groupadd code -RUN useradd -g code -G www-data code -RUN chown -R code.www-data /var/www/code -RUN find /var/www/code -type d -exec chmod g+s \{\} \; - - -# Initialise /var/hg (in reality this would be mounted from somewhere) - -RUN mkdir -p /var/hg -RUN chown code.www-data /var/hg -RUN chmod g+s /var/hg -COPY extra/soundsoftware/scripted-deploy/config/index.cgi /var/hg/ -COPY extra/soundsoftware/scripted-deploy/config/hgweb.config /var/hg/ -RUN chmod +x /var/hg/index.cgi - - -# We're based in the code webapp directory from here on - -WORKDIR /var/www/code - - -# Set up database config etc - -RUN cp extra/soundsoftware/scripted-deploy/config/database.yml.interpolated config/database.yml - - -# Install Rails and dependencies (database.yml must be populated before this) - -RUN gem install bundler -RUN bundle install - - -# Initialise Redmine token (bundler must be installed before this) - -RUN bundle exec rake generate_secret_token - - -# Import Postgres database from postgres-dumpall file - -RUN chown postgres postgres-dumpall -RUN /etc/init.d/postgresql start && sudo -u postgres psql -f postgres-dumpall postgres -RUN rm postgres-dumpall - - -# Install Perl auth module for Hg access - -RUN mkdir -p /usr/local/lib/site_perl/Apache/Authn/ -RUN cp extra/soundsoftware/SoundSoftware.pm /usr/local/lib/site_perl/Apache/Authn/ - - -# Set up Apache config (todo: insert variables) - -RUN rm -f /etc/apache2/sites-enabled/000-default.conf - -RUN cp extra/soundsoftware/scripted-deploy/config/passenger.conf /etc/apache2/mods-available/ -RUN cp extra/soundsoftware/scripted-deploy/config/passenger.load /etc/apache2/mods-available/ -RUN cp extra/soundsoftware/scripted-deploy/config/perl.conf /etc/apache2/mods-available/ - -RUN ln -s ../mods-available/passenger.conf /etc/apache2/mods-enabled/ -RUN ln -s ../mods-available/passenger.load /etc/apache2/mods-enabled/ -RUN ln -s ../mods-available/perl.conf /etc/apache2/mods-enabled/ -RUN ln -s ../mods-available/expires.load /etc/apache2/mods-enabled/ -RUN ln -s ../mods-available/rewrite.load /etc/apache2/mods-enabled/ -RUN ln -s ../mods-available/cgi.load /etc/apache2/mods-enabled/ - -RUN cp extra/soundsoftware/scripted-deploy/config/code.conf.interpolated /etc/apache2/sites-available/code.conf -RUN ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf - -RUN apache2ctl configtest - - -# Start Postgres and foregrounded Apache - -RUN echo "#!/bin/bash" > container-run.sh -RUN echo "/etc/init.d/postgresql start" >> container-run.sh -RUN echo "apache2ctl -D FOREGROUND" >> container-run.sh -RUN chmod +x container-run.sh - -EXPOSE 80 -CMD ./container-run.sh - diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/docker/start.sh --- a/extra/soundsoftware/scripted-deploy/docker/start.sh Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,57 +0,0 @@ -#!/bin/bash - -mydir=$(dirname "$0") - -dbpwd="$1" -if [ -z "$dbpwd" ]; then - echo "Usage: $0 " 1>&2 - exit 2 -fi - -set -eu - -sswdir="$mydir/../.." -rootdir="$sswdir/../.." - -deploydir="$sswdir"/scripted-deploy -if [ ! -d "$deploydir" ]; then - echo "ERROR: Unexpected repository layout - expected directory at $deploydir" - exit 2 -fi - -managerdir="$deploydir/docker" -if [ ! -d "$managerdir" ]; then - echo "ERROR: Required directory $managerdir not found" - exit 2 -fi - -configdir="$deploydir/config" -if [ ! -d "$configdir" ]; then - echo "ERROR: Required directory $configdir not found" - exit 2 -fi - -if [ ! -f "$rootdir/postgres-dumpall" ]; then - echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall" - exit 2 -fi - -fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts -if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then - echo "ERROR: I expect to find necessary webfonts in $fontdir" - exit 2 -fi - -for f in database.yml code.conf ; do - cat "$configdir/$f" | - sed 's/INSERT_POSTGRES_PASSWORD_HERE/'"$dbpwd"'/g' > \ - "$configdir/$f.interpolated" -done - -cd "$rootdir" - -dockertag="cannam/soundsoftware-site" - -sudo docker build -t "$dockertag" -f "$managerdir/Dockerfile" . -sudo docker run -p 8080:80 -d "$dockertag" - diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/vagrant/Vagrantfile --- a/extra/soundsoftware/scripted-deploy/vagrant/Vagrantfile Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,9 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : - -Vagrant.configure("2") do |config| - config.vm.box = "ubuntu/xenial64" - config.vm.network "forwarded_port", guest: 80, host: 8080 - config.vm.synced_folder "../../../..", "/vagrant-code" - config.vm.provision :shell, path: "vagrant-provision.sh" -end diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/vagrant/provision.d/000-system-packages.sh --- a/extra/soundsoftware/scripted-deploy/vagrant/provision.d/000-system-packages.sh Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,81 +0,0 @@ -#!/bin/bash - -set -e - -if [ -x /usr/bin/yum ]; then - - # Assumption: CentOS 7 - - # This doesn't work -- I got hung up on the problem of making a - # sufficiently recent Ruby act as the system /usr/bin/ruby without - # massively overcomplicating things, and decided not to persist - # with it - - yum install -y epel-release centos-release-scl && \ - yum update -y && \ - yum install -y \ - httpd \ - httpd-devel \ - gcc \ - gcc-c++ \ - curl \ - doxygen \ - git \ - mercurial \ - mod_perl \ - postgresql \ - rh-ruby24 \ - rh-ruby24-ruby-devel \ - rh-ruby24-rubygems \ - rh-ruby24-rubygems-devel \ - logrotate - - if [ -f /usr/bin/ruby ]; then - yum remove -y ruby - fi - - cat > /etc/profile.d/enableruby24.sh <" 1>&2 - exit 2 -fi - -set -eu - -sswdir="$mydir/../.." -rootdir="$sswdir/../.." - -deploydir="$sswdir"/scripted-deploy -if [ ! -d "$deploydir" ]; then - echo "ERROR: Unexpected repository layout - expected directory at $deploydir" - exit 2 -fi - -managerdir="$deploydir/vagrant" -if [ ! -d "$managerdir" ]; then - echo "ERROR: Required directory $managerdir not found" - exit 2 -fi - -configdir="$deploydir/config" -if [ ! -d "$configdir" ]; then - echo "ERROR: Required directory $configdir not found" - exit 2 -fi - -if [ ! -f "$rootdir/postgres-dumpall" ]; then - echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall" - exit 2 -fi - -fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts -if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then - echo "ERROR: I expect to find necessary webfonts in $fontdir" - exit 2 -fi - -for f in database.yml code.conf ; do - cat "$configdir/$f" | - sed 's/INSERT_POSTGRES_PASSWORD_HERE/'"$dbpwd"'/g' > \ - "$configdir/$f.interpolated" -done - -cd "$managerdir" - -vagrant up - diff -r d0d59d12db94 -r d8949733849d extra/soundsoftware/scripted-deploy/vagrant/vagrant-provision.sh --- a/extra/soundsoftware/scripted-deploy/vagrant/vagrant-provision.sh Wed Aug 16 16:58:22 2017 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,20 +0,0 @@ -#!/bin/bash - -#!!! still not covered: -# * cron jobs -# * https -# * web fonts -# * reposman scripts (and their API key setup, etc) -# * docgen script install -# * logrotate config (check against system one) - -set -e - -for f in /vagrant-code/extra/soundsoftware/scripted-deploy/vagrant/provision.d/[0-9]* ; do - case "$f" in - *~) ;; - *) echo "Running provision script: $f" - /bin/bash "$f";; - esac -done -