/deploy - Annotate - SoundSoftware Code Site

To check out this repository please hg clone the following URL, or open the URL using EasyMercurial or your preferred Mercurial client.

Mercurial

Statistics Download as Zip

root / deploy @ 1601:07deb8466f65

-:98384d0defa0
+            Chris
 Deploying the SoundSoftware site
-:07deb8466f65
+================================
-:98384d0defa0
+            Chris
-:07deb8466f65
+These scripts can be used for test or staging deployments reproducing
 much of the configuration of the live site. Currently it's assumed
 that you are providing a database dump to load -- there is no
 provisioning step to initialise a new database.
 You will need
 -------------
 Required:
  * A database dump to load. This should be left in a file called
    postgres-dumpall in the soundsoftware-site root
  * The database password and /sys API key for the target site. (The
    API key can be changed in the admin UI - "grep API config/*.in" to
    see the files you'll need to update if you change it)
  * The (copyrighted) web font files used in our deployment. Leave
    these in /public/themes/soundsoftware/stylesheets/fonts/
 Optional (or required for proper deployments):
  * HTTPS key/cert files
 Three ways to deploy
 --------------------
 . Using Vagrant to set up a development VM: Run ./vagrant/start.sh
 . Using Docker to set up a development container: Run ./docker/start.sh
 . On a "real" VM or server:
     * Ensure the soundsoftware-site repo is checked out at /code-to-deploy
     * Run /code-to-deploy/deploy/any/run-provisioning.sh as root
     But be very careful with this! You could screw up a dev box -- or
     an existing live server! -- if you accidentally provision the site
     directly onto it when you should have used Vagrant or a container.
-:eeacb8332051
+            Chris
 After deployment
 ----------------
 There is a smoke test script at test/smoketest.sh which checks that
 the home page, a project page, a repo page etc can be retrieved. Some
 of the pages it tries to retrieve are dependent on their generating
 cron scripts having run at least once since the server was set up.
-:83412a0a2389
+#!/bin/bash
 # To be sourced into a container-specific start.sh file, not run
 # standalone
 usage() {
     echo "Usage: $0 <database-password> <api-key> <api-httpauth-password>" 1>&2
     exit 2
+}
 dbpass="$1"
 if [ -z "$dbpass" ]; then
     usage
 fi
 apikey="$2"
 if [ -z "$apikey" ]; then
     usage
 fi
 apipass="$3"
 if [ -z "$apipass" ]; then
     usage
 fi
 set -eu -o pipefail
 rootdir="$mydir/../.."
 deploydir="$rootdir"/deploy
 if [ ! -d "$deploydir" ]; then
     echo "ERROR: Unexpected repository layout - expected directory at $deploydir"
     exit 2
 fi
 managerdir="$deploydir/vagrant"
 if [ ! -d "$managerdir" ]; then
     echo "ERROR: Required directory $managerdir not found"
     exit 2
 fi
 configdir="$deploydir/config"
 if [ ! -d "$configdir" ]; then
     echo "ERROR: Required directory $configdir not found"
     exit 2
 fi
 if [ ! -f "$rootdir/postgres-dumpall" ]; then
     echo "ERROR: I expect to find a Postgres SQL multi-db dump file in $rootdir/postgres-dumpall"
     exit 2
 fi
 fontdir="$rootdir"/public/themes/soundsoftware/stylesheets/fonts
 if [ ! -f "$fontdir/24BC0E_0_0.woff" ]; then
     echo "ERROR: I expect to find necessary webfonts in $fontdir"
     exit 2
 fi
 apischeme=http
 apihost=localhost
 #apischeme=https
 #apihost=code.soundsoftware.ac.uk
 for f in "$configdir"/*.in "$rootdir"/extra/soundsoftware/extract-docs.sh ; do
     out="$configdir"/$(basename "$f" .in).gen
     cat "$f" | sed \
                    -e 's/INSERT_DATABASE_PASSWORD_HERE/'"$dbpass"'/g' \
                    -e 's/INSERT_API_KEY_HERE/'"$apikey"'/g' \
                    -e 's/INSERT_API_SCHEME_HERE/'"$apischeme"'/g' \
                    -e 's/INSERT_API_HOST_HERE/'"$apihost"'/g' \
                    -e 's/INSERT_API_USER_HERE/user/g' \
                    -e 's/INSERT_API_PASSWORD_HERE/'"$apipass"'/g' \
                    > "$out"
 done
-:07deb8466f65
+#!/bin/bash
 mydir=$(dirname "$0")
 if [ "$mydir" != "/code-to-deploy/deploy/any" ]; then
     echo "ERROR: Expected repository to be at /code-to-deploy prior to provisioning"
     exit 2
 fi
 . "$mydir"/../prepare.sh
 for f in "$mydir"/../provision.d/[0-9]*.sh ; do
     case "$f" in
         *~) ;;
         *) echo "Running provisioning script: $f"
            /bin/bash "$f";;
     esac
 done
 echo "All provisioning scripts complete"
 # Apache config with SSL and admin auth stubbed in. You must provide
 # the key/cert and auth files.
 # Note this has been updated for Apache 2.4, which introduced a number
 # of (welcome) changes to access control directives.
 PerlLoadModule Apache::Authn::SoundSoftware
 <VirtualHost *:80>
         ServerName code.soundsoftware.ac.uk
         ServerAdmin chris.cannam@soundsoftware.ac.uk
         DocumentRoot /var/www/code/public
         PassengerRestartDir restart_files
         PassengerHighPerformance on
         PassengerMaxRequests 50000
         PassengerStatThrottleRate 5
 	PassengerFriendlyErrorPages off
         RailsSpawnMethod smart
         ExpiresDefault "access plus 1 minute"
         # Redirect all activity to secure site
         Redirect seeother / "https://code.soundsoftware.ac.uk/"
         <DirectoryMatch "^/.*/\.svn/">
                 Require all denied
         </DirectoryMatch>
         <DirectoryMatch "^/.*/\.hg/">
                 Require all denied
         </DirectoryMatch>
         <DirectoryMatch "^/.*/\.git/">
                 Require all denied
         </DirectoryMatch>
         <Directory /var/www/code/public>
                 Options -MultiViews
 	</Directory>
 	ErrorLog /var/log/apache2/code-error.log
 	CustomLog /var/log/apache2/code-access.log vhost_combined
         LogLevel warn
         ServerSignature Off
 </VirtualHost>
 <VirtualHost *:80>
         ServerName code.soundsoftware.ac.uk
         ServerAdmin chris.cannam@soundsoftware.ac.uk
         DocumentRoot /var/www/code/public
         PassengerRestartDir restart_files
         PassengerHighPerformance on
         PassengerMaxRequests 50000
         PassengerStatThrottleRate 5
 	PassengerStartTimeout 60
 	PassengerFriendlyErrorPages off
         RailsSpawnMethod smart
         ExpiresDefault "access plus 1 minute"
         <Location /sys>
 		AuthType Basic
 		AuthUserFile "/etc/apache2/auth/user.htpasswd"
 		AuthName "code.soundsoftware.ac.uk"
 		Require user user
 	</Location>
 	<Location /admin>
 		AuthType Digest
 		AuthUserFile "/etc/apache2/auth/admin.htdigest"
 		AuthName "code.soundsoftware.ac.uk admin interface"
 		Require user admin
 	</Location>
         <DirectoryMatch "^/.*/\.svn/">
                 Require all denied
         </DirectoryMatch>
         <DirectoryMatch "^/.*/\.hg/">
                 Require all denied
         </DirectoryMatch>
         <DirectoryMatch "^/.*/\.git/">
                 Require all denied
         </DirectoryMatch>
         <Directory /var/www/code/public>
                 Options -MultiViews
 	</Directory>
         <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts>
 		# Avoid other sites embedding our fonts
 		RewriteEngine on
 		RewriteCond %{HTTP_REFERER} !^$
 		RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC]
 		RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F]
 	</Directory>
 	ScriptAlias /hg "/var/hg/index.cgi"
 	<Location /hg>
                	AuthName "Mercurial"
                 AuthType Basic
                 Require valid-user
 		PerlAccessHandler Apache::Authn::SoundSoftware::access_handler
       		PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler
 		PerlSetVar HTTPS "on"
 		SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"
     		SoundSoftwareDbUser "code"
      		SoundSoftwareDbPass "INSERT_DATABASE_PASSWORD_HERE"
 		SoundSoftwareRepoPrefix "/var/hg/"
                 SoundSoftwareSslRequired "on"
 		Options +ExecCGI
 		AddHandler cgi-script .cgi
 		ExpiresDefault now
         </Location>
 	Alias /git "/var/files/git-mirror"
 	<Directory "/var/files/git-mirror">
 		Options -Indexes +FollowSymLinks
                 Require all granted
 	</Directory>
 	<Directory ~ "/var/files/git-mirror/.*\.workdir">
                 Require all denied
 	</Directory>
 	<Directory ~ "/var/files/git-mirror/__.*">
                 Require all denied
 	</Directory>
 	ErrorLog /var/log/apache2/code-error.log
 	CustomLog /var/log/apache2/code-access.log vhost_combined
         LogLevel warn
         ServerSignature Off
 </VirtualHost>
-:ae2f71010562
+            Chris
 # A test Apache config. Lacks SSL, lacks a desirable extra layer of
 # authentication for admin interface paths. Do not deploy this.
-:83412a0a2389
+# Note this has been updated for Apache 2.4, which introduced a number
 # of (welcome) changes to access control directives.
-:ae2f71010562
+PerlLoadModule Apache::Authn::SoundSoftware
 <VirtualHost *:80>
         ServerName code.soundsoftware.ac.uk
         ServerAdmin chris.cannam@soundsoftware.ac.uk
         DocumentRoot /var/www/code/public
         PassengerRestartDir restart_files
         PassengerHighPerformance on
         PassengerMaxRequests 50000
         PassengerStatThrottleRate 5
 	PassengerStartTimeout 60
-:4c2b25b7e85f
+	PassengerFriendlyErrorPages on
-:ae2f71010562
+        RailsSpawnMethod smart
         ExpiresDefault "access plus 1 minute"
-:c18460da6620
+#        <Location /sys>
 #		AuthType Basic
 #		AuthUserFile "/etc/apache2/auth/user.htpasswd"
 #		AuthName "code.soundsoftware.ac.uk"
 #		Require user user
 #	</Location>
 #	<Location /admin>
 #		AuthType Digest
 #		AuthUserFile "/etc/apache2/auth/admin.htdigest"
 #		AuthName "code.soundsoftware.ac.uk admin interface"
 #		Require user admin
 #	</Location>
-:ae2f71010562
+        <DirectoryMatch "^/.*/\.svn/">
-:83412a0a2389
+                Require all denied
-:ae2f71010562
+        </DirectoryMatch>
         <DirectoryMatch "^/.*/\.hg/">
-:83412a0a2389
+                Require all denied
-:ae2f71010562
+        </DirectoryMatch>
         <DirectoryMatch "^/.*/\.git/">
-:83412a0a2389
+                Require all denied
-:ae2f71010562
+        </DirectoryMatch>
         <Directory /var/www/code/public>
                 Options -MultiViews
 	</Directory>
         <Directory /var/www/code/public/themes/soundsoftware/stylesheets/fonts>
 		# Avoid other sites embedding our fonts
 		RewriteEngine on
 		RewriteCond %{HTTP_REFERER} !^$
 		RewriteCond %{HTTP_REFERER} !^http(s)?://code.soundsoftware.ac.uk/.*$ [NC]
 		RewriteRule \.(ttf|woff|eot|otf|svg|zip|gz|html|txt)$ - [F]
 	</Directory>
 	ScriptAlias /hg "/var/hg/index.cgi"
 	<Location /hg>
                	AuthName "Mercurial"
                 AuthType Basic
                 Require valid-user
 		PerlAccessHandler Apache::Authn::SoundSoftware::access_handler
       		PerlAuthenHandler Apache::Authn::SoundSoftware::authen_handler
-:07deb8466f65
+		PerlSetVar HTTPS "off"
-:ae2f71010562
+		SoundSoftwareDSN "dbi:Pg:database=code;host=localhost"
     		SoundSoftwareDbUser "code"
-:83412a0a2389
+     		SoundSoftwareDbPass "INSERT_DATABASE_PASSWORD_HERE"
-:ae2f71010562
+		SoundSoftwareRepoPrefix "/var/hg/"
-:d1de6986e429
+                #!!! "on" in production please!:
                 SoundSoftwareSslRequired "off"
-:ae2f71010562
+		Options +ExecCGI
 		AddHandler cgi-script .cgi
 		ExpiresDefault now
         </Location>
 	Alias /git "/var/files/git-mirror"
 	<Directory "/var/files/git-mirror">
 		Options -Indexes +FollowSymLinks
-:83412a0a2389
+                Require all granted
-:ae2f71010562
+	</Directory>
 	<Directory ~ "/var/files/git-mirror/.*\.workdir">
-:83412a0a2389
+                Require all denied
-:ae2f71010562
+	</Directory>
 	<Directory ~ "/var/files/git-mirror/__.*">
-:83412a0a2389
+                Require all denied
-:ae2f71010562
+	</Directory>
 	ErrorLog /var/log/apache2/code-error.log
 	CustomLog /var/log/apache2/code-access.log vhost_combined
         LogLevel warn
         ServerSignature Off
 </VirtualHost>
-:d0d59d12db94
+#!/bin/sh
-:c18460da6620
+            Chris
-:d0d59d12db94
+outfile="/var/files/backups/postgres-dumpall-`date +%Y%m%d%H%M`"
-:c18460da6620
+            Chris
-:d0d59d12db94
+oldmask=`umask`
 umask 0277
-:c18460da6620
+            Chris
-:d0d59d12db94
+su postgres -c /usr/bin/pg_dumpall > "$outfile" && bzip2 "$outfile"
-:c18460da6620
+            Chris
-:d0d59d12db94
+umask "$oldmask"
 #!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+cd /tmp
-:c18460da6620
+            Chris
-:d0d59d12db94
+/var/www/code/docgen/extract-docs.sh
-:c18460da6620
+            Chris
-:d0d59d12db94
+#!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+sudo -u code sh -c "cd /var/www/code ; ./script/rails runner -e production extra/soundsoftware/get-statistics.rb >> log/statistics.log"
-:c18460da6620
+            Chris
-:d0d59d12db94
+#!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+tail -2 /var/log/external-repos.log
 #!/bin/bash
-:c18460da6620
+## No longer used - this site is now static
 # /usr/bin/wget -O - -q -t 1 http://www.soundsoftware.ac.uk/cron.php
-:d0d59d12db94
+#!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+sudo -u code sh -c "cd /var/www/code ; ./script/rails runner \"Repository.fetch_changesets\" -e production 2>&1 | grep -v 'Not trusting' | grep -v 'svn:' | grep -v 'working copy' | grep -v 'deprecated' | grep -v 'version_requirements'"
 exit 0
-:c18460da6620
+            Chris
-:d0d59d12db94
+#!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+sudo -H -u www-data /var/www/code/reposman/run-external.sh
-:c18460da6620
+            Chris
-:d0d59d12db94
+#!/bin/sh
-:c18460da6620
+            Chris
-:d0d59d12db94
+rm -f /var/www/code/tmp/cache/*/*/views*explore*
 #!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+logfile="/var/www/code/log/export-git.log"
-:c18460da6620
+            Chris
-:d0d59d12db94
+sudo -u code sh -c "cd /tmp ; /var/www/code/extra/soundsoftware/export-git.sh production /var/hg /var/files/git-mirror >> $logfile 2>&1"
-:c18460da6620
+            Chris
-:d0d59d12db94
+#!/bin/bash
-:c18460da6620
+            Chris
-:d0d59d12db94
+sudo -u www-data /var/www/code/reposman/run-reposman.sh
 #!/bin/sh
-:45b0571b684d
+cd /
-:d0d59d12db94
+for location in var/www etc/apache2 etc/cron.*; do
 	target="/var/files/backups/`echo $location | sed 's,/,_,g'`-`date +%Y%m%d%H%M`"
 	oldmask=`umask`
 	umask 0277
 	tar cjf "$target".tar.bz2 "$location"
 	umask "$oldmask"
 done
-:ae2f71010562
+production:
   adapter: postgresql
   database: code
   host: localhost
   username: code
-:83412a0a2389
+  password: "INSERT_DATABASE_PASSWORD_HERE"
-:ae2f71010562
+            Chris
-:d1de6986e429
+[paths]
 / = /var/hg/*
 [web]
 allow_archive = gz, zip, bz2
 allow_push = *
 #!/usr/bin/env python
+#
 # An example CGI script to export multiple hgweb repos, edit as necessary
 # adjust python path if not a system-wide install:
 #import sys
 #sys.path.insert(0, "/path/to/python/lib")
 # enable importing on demand to reduce startup time
 from mercurial import demandimport; demandimport.enable()
 # Uncomment to send python tracebacks to the browser if an error occurs:
 import cgitb
 cgitb.enable()
 # If you'd like to serve pages with UTF-8 instead of your default
 # locale charset, you can do so by uncommenting the following lines.
 # Note that this will cause your .hgrc files to be interpreted in
 # UTF-8 and all your repo files to be displayed using UTF-8.
+#
 import os
 os.environ["HGENCODING"] = "UTF-8"
 from mercurial.hgweb.hgwebdir_mod import hgwebdir
 import mercurial.hgweb.wsgicgi as wsgicgi
 # The config file looks like this.  You can have paths to individual
 # repos, collections of repos in a directory tree, or both.
+#
 # [paths]
 # virtual/path1 = /real/path1
 # virtual/path2 = /real/path2
 # virtual/root = /real/root/*
 # / = /real/root2/*
 # virtual/root2 = /real/root2/**
+#
 # [collections]
 # /prefix/to/strip/off = /root/of/tree/full/of/repos
+#
 # paths example:
+#
 # * First two lines mount one repository into one virtual path, like
 # '/real/path1' into 'virtual/path1'.
+#
 # * The third entry mounts every mercurial repository found in '/real/root'
 # in 'virtual/root'. This format is preferred over the [collections] one,
 # since using absolute paths as configuration keys is not supported on every
 # platform (especially on Windows).
+#
 # * The fourth entry is a special case mounting all repositories in
 # /'real/root2' in the root of the virtual directory.
+#
 # * The fifth entry recursively finds all repositories under the real root,
 # and mounts them using their relative path (to given real root) under the
 # virtual root.
+#
 # collections example: say directory tree /foo contains repos /foo/bar,
 # /foo/quux/baz.  Give this config section:
 #   [collections]
 #   /foo = /foo
 # Then repos will list as bar and quux/baz.
+#
 # Alternatively you can pass a list of ('virtual/path', '/real/path') tuples
 # or use a dictionary with entries like 'virtual/path': '/real/path'
 application = hgwebdir('hgweb.config')
 wsgicgi.launch(application)
-:d0d59d12db94
+# see "man logrotate" for details
 # rotate log files weekly
 weekly
-:c18460da6620
+# use the syslog group by default, since this is the owning group
 # of /var/log/syslog.
 su root syslog
-:d0d59d12db94
+# keep 4 weeks worth of backlogs
 rotate 4
 # create new (empty) log files after rotating old ones
 create
 # uncomment this if you want your log files compressed
 #compress
 # packages drop log rotation information into this directory
 include /etc/logrotate.d
 # no packages own wtmp, or btmp -- we'll rotate them here
 /var/log/wtmp {
     missingok
     monthly
     create 0664 root utmp
     rotate 1
+}
 /var/log/btmp {
     missingok
     monthly
     create 0660 root utmp
     rotate 1
+}
 # system-specific logs may be configured here
 /var/www/code/log/*.log {
 	weekly
 	missingok
 	rotate 52
 	compress
 	delaycompress
 	create 640 code code
 	sharedscripts
 	postrotate
 		touch /var/www/code/restart_files/restart.txt
 	endscript
+}
 /var/log/reposman.log {
         weekly
         missingok
         rotate 52
         compress
         delaycompress
         create 640 www-data code
         sharedscripts
+}
 /var/log/external-repos.log {
         weekly
         missingok
         rotate 52
         compress
         delaycompress
         create 640 www-data code
         sharedscripts
+}
-:4c2b25b7e85f
+PassengerMaxPoolSize 60
 LoadModule passenger_module /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so
 PassengerRoot /var/lib/gems/2.3.0/gems/passenger-4.0.60
 PassengerDefaultRuby /usr/bin/ruby2.3
 # Apache::DBI is supposed to be a transparent replacement for Perl DBI with
 # better performance when multiple connections are made with common DSN, user
 # and password
 PerlModule Apache::DBI
-:c18460da6620
+#!/bin/bash
 logfile=/var/log/external-repos.log
+(
 flock -s 200
 echo >> $logfile
 date >> $logfile
 /var/www/code/reposman/convert-external-repos.rb \
 	-s /var/hg \
-:83412a0a2389
+	-r INSERT_API_SCHEME_HERE://INSERT_API_HOST_HERE/ \
-:c18460da6620
+	-k INSERT_API_KEY_HERE \
 	-v \
-:83412a0a2389
+	--http-user=INSERT_API_USER_HERE \
 	--http-pass=INSERT_API_PASSWORD_HERE \
-:c18460da6620
+        -c "/var/www/code/reposman/update-external-repo.sh" \
 	>> $logfile 2>&1
 date >> $logfile
 echo Done >> $logfile
 )200>>$logfile
 #!/bin/bash
 logfile=/var/log/reposman.log
+(
 flock -s 200
 echo >> $logfile
 /var/www/code/reposman/reposman-soundsoftware.rb \
 	-s /var/hg \
-:83412a0a2389
+	-r INSERT_API_SCHEME_HERE://INSERT_API_HOST_HERE/ \
-:c18460da6620
+	-k INSERT_API_KEY_HERE \
-:83412a0a2389
+	--http-user=INSERT_API_USER_HERE \
 	--http-pass=INSERT_API_PASSWORD_HERE \
-:c18460da6620
+	-o www-data \
 	-g code \
 	-c "/var/www/code/reposman/run-hginit.sh" \
 	--scm=Mercurial \
 	>> $logfile 2>&1
 )200>>$logfile
-:d8949733849d
+            Chris
 FROM ubuntu:16.04
 MAINTAINER Chris Cannam <cannam@all-day-breakfast.com>
 COPY . /var/www/code
 WORKDIR /var/www/code
 INSERT_PROVISIONING_HERE
 # Start Postgres and foregrounded Apache
 RUN echo "#!/bin/bash"                      > container-run.sh
 RUN echo "/etc/init.d/postgresql start"    >> container-run.sh
 RUN echo "apache2ctl -D FOREGROUND"        >> container-run.sh
 RUN chmod +x container-run.sh
 EXPOSE 80
 CMD ./container-run.sh
 # For documentation and experimental purposes only. As a
 # reconstruction of the machine image that runs this application,
 # there are lots of things missing here; but as a good Docker
 # configuration, it fails by mixing together rather a lot of concerns.
 FROM ubuntu:16.04
 MAINTAINER Chris Cannam <cannam@all-day-breakfast.com>
 RUN apt-get update && \
     apt-get install -y \
     apache2 \
     apache2-dev \
     apt-utils \
     build-essential \
     cron \
     curl \
     doxygen \
     exim4 \
     git \
     graphviz \
     imagemagick \
     libapache-dbi-perl \
     libapache2-mod-perl2 \
     libapr1-dev \
     libaprutil1-dev \
     libauthen-simple-ldap-perl \
     libcurl4-openssl-dev \
     libdbd-pg-perl \
     libpq-dev \
     libmagickwand-dev \
     libio-socket-ssl-perl \
     logrotate \
     mercurial \
     postgresql \
     rsync \
     ruby \
     ruby-dev \
     sudo
 # Also used on the live site, for javadoc extraction, but this is
 # would be by far the biggest package here: let's omit it while we're
 # not making use of it
 #   openjdk-9-jdk-headless
 RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 # Passenger gets installed through gem, not apt
 RUN gem install passenger -v 4.0.60 --no-rdoc --no-ri
 RUN passenger-install-apache2-module --languages=ruby
 # Copy across webapp, set up ownership
 COPY . /var/www/code
 RUN groupadd code
 RUN useradd -g code -G www-data code
 RUN chown -R code.www-data /var/www/code
 RUN find /var/www/code -type d -exec chmod g+s \{\} \;
 # Initialise /var/hg (in reality this would be mounted from somewhere)
 RUN mkdir -p /var/hg
 RUN chown code.www-data /var/hg
 RUN chmod g+s /var/hg
 COPY extra/soundsoftware/scripted-deploy/config/index.cgi /var/hg/
 COPY extra/soundsoftware/scripted-deploy/config/hgweb.config /var/hg/
 RUN chmod +x /var/hg/index.cgi
 # We're based in the code webapp directory from here on
 WORKDIR /var/www/code
 # Set up database config etc
 RUN cp extra/soundsoftware/scripted-deploy/config/database.yml.interpolated config/database.yml
 # Install Rails and dependencies (database.yml must be populated before this)
 RUN gem install bundler
 RUN bundle install
 # Initialise Redmine token (bundler must be installed before this)
 RUN bundle exec rake generate_secret_token
 # Import Postgres database from postgres-dumpall file
 RUN chown postgres postgres-dumpall
 RUN /etc/init.d/postgresql start && sudo -u postgres psql -f postgres-dumpall postgres
 RUN rm postgres-dumpall
 # Install Perl auth module for Hg access
 RUN mkdir -p /usr/local/lib/site_perl/Apache/Authn/
 RUN cp extra/soundsoftware/SoundSoftware.pm /usr/local/lib/site_perl/Apache/Authn/
 # Set up Apache config (todo: insert variables)
 RUN rm -f /etc/apache2/sites-enabled/000-default.conf
 RUN cp extra/soundsoftware/scripted-deploy/config/passenger.conf /etc/apache2/mods-available/
 RUN cp extra/soundsoftware/scripted-deploy/config/passenger.load /etc/apache2/mods-available/
 RUN cp extra/soundsoftware/scripted-deploy/config/perl.conf      /etc/apache2/mods-available/
 RUN ln -s ../mods-available/passenger.conf  /etc/apache2/mods-enabled/
 RUN ln -s ../mods-available/passenger.load  /etc/apache2/mods-enabled/
 RUN ln -s ../mods-available/perl.conf       /etc/apache2/mods-enabled/
 RUN ln -s ../mods-available/expires.load    /etc/apache2/mods-enabled/
 RUN ln -s ../mods-available/rewrite.load    /etc/apache2/mods-enabled/
 RUN ln -s ../mods-available/cgi.load        /etc/apache2/mods-enabled/
 RUN cp extra/soundsoftware/scripted-deploy/config/code.conf.interpolated /etc/apache2/sites-available/code.conf
 RUN ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf
 RUN apache2ctl configtest
 # Start Postgres and foregrounded Apache
 RUN echo "#!/bin/bash"                      > container-run.sh
 RUN echo "/etc/init.d/postgresql start"    >> container-run.sh
 RUN echo "apache2ctl -D FOREGROUND"        >> container-run.sh
 RUN chmod +x container-run.sh
 EXPOSE 80
 CMD ./container-run.sh
-:26a4f99ec679
+#!/bin/bash
-:d0d59d12db94
+mydir=$(dirname "$0")
-:83412a0a2389
+. "$mydir"/../any/prepare.sh
-:7b23adecd963
+            Chris
-:d8949733849d
+provisioning_commands=$(
-:c18460da6620
+    for x in "$deploydir"/provision.d/[0-9]*.sh; do
-:d8949733849d
+        echo "RUN /bin/bash /var/www/code/deploy/provision.d/$(basename $x)"
     done | sed 's/$/\\n/' | fmt -2000 | sed 's/ RUN/RUN/g' )
 ( echo
   echo "### DO NOT EDIT THIS FILE - it is generated from Dockerfile.in"
   echo
 ) > "$managerdir/Dockerfile"
 cat "$managerdir/Dockerfile.in" |
     sed 's,INSERT_PROVISIONING_HERE,'"$provisioning_commands"',' >> \
-:83412a0a2389
+        "$managerdir/Dockerfile.gen"
-:d8949733849d
+            Chris
-:d0d59d12db94
+cd "$rootdir"
-:26a4f99ec679
+dockertag="cannam/soundsoftware-site"
-:83412a0a2389
+sudo docker build -t "$dockertag" -f "deploy/docker/Dockerfile.gen" .
-:4c2b25b7e85f
+sudo docker run -p 8080:80 -d "$dockertag"
-:26a4f99ec679
+            Chris
-:e38eee2e1d47
+#!/bin/bash
 set -e
-:94669513c53c
+# Install necessary system packages. This assumes we are deploying on
 # Ubuntu 16.04.
 # We aim to make all of these provisioning scripts non-destructive if
 # run more than once. In this case, running the script again will
 # install any outstanding updates.
-:d8949733849d
+apt-get update && \
     apt-get dist-upgrade -y && \
     apt-get install -y \
             ack-grep \
             apache2 \
             apache2-dev \
             apt-utils \
             build-essential \
             cron \
-:f26dc3004b3f
+            curl \
             doxygen \
-:d8949733849d
+            exim4 \
-:f26dc3004b3f
+            git \
-:d8949733849d
+            graphviz \
             imagemagick \
             libapache-dbi-perl \
             libapache2-mod-perl2 \
             libapr1-dev \
             libaprutil1-dev \
             libauthen-simple-ldap-perl \
             libcurl4-openssl-dev \
             libdbd-pg-perl \
             libpq-dev \
             libmagickwand-dev \
             libio-socket-ssl-perl \
             logrotate \
-:f26dc3004b3f
+            mercurial \
-:ed9c467ef922
+            mercurial-git \
-:94669513c53c
+            openjdk-9-jdk-headless \
-:f26dc3004b3f
+            postgresql \
-:d8949733849d
+            rsync \
             ruby \
             ruby-dev \
             sudo
-:f26dc3004b3f
+            Chris
-:d8949733849d
+locale-gen en_US.UTF-8
-:f26dc3004b3f
+            Chris
-:e38eee2e1d47
+#!/bin/bash
 set -e
-:94669513c53c
+# Phusion Passenger as application server.
 # This gets installed through gem, not apt, and we ask for a specific
 # version (the last in the 4.0.x line).
-:e38eee2e1d47
+            Chris
 if [ ! -f /var/lib/gems/2.3.0/gems/passenger-4.0.60/buildout/apache2/mod_passenger.so ]; then
     gem install passenger -v 4.0.60 --no-rdoc --no-ri
     passenger-install-apache2-module --languages=ruby
 fi
 #!/bin/bash
 set -e
-:c18460da6620
+# The webapp directory is owned and run by the code user, in group
 # www-data. The repos and other things served directly are the other
 # way around -- owned by the www-data user, in group code.
-:94669513c53c
+            Chris
-:c18460da6620
+for user in code docgen ; do
     if ! grep -q "^$user:" /etc/passwd ; then
         groupadd "$user"
         useradd -g "$user" -G www-data "$user"
     fi
 done
-:e38eee2e1d47
+            Chris
 #!/bin/bash
 set -e
-:94669513c53c
+# We might be running in one of two ways:
+#
 # 1. The code directory is already at /var/www/code, either because a
 # previous provisioning step has imported it there or because this
 # script has been run before -- in this situation all we do is
 # re-check the ownership and permissions. OR
+#
 # 2. The code directory has not yet been copied to /var/www/code, in
 # which case we expect to find it at /code-to-deploy, e.g. as a
 # Vagrant shared folder, and we copy it over from there. (We don't
 # deploy directly from shared folders as we might not be able to
 # manipulate ownership and permissions properly there.)
-:e38eee2e1d47
+if [ ! -d /var/www/code ]; then
-:d8949733849d
+    if [ ! -d /code-to-deploy ]; then
-:94669513c53c
+        echo "ERROR: Expected to find code tree at /var/www/code or /code-to-deploy: is the deployment script being invoked correctly?"
-:d8949733849d
+        exit 2
     fi
     cp -a /code-to-deploy /var/www/code
-:e38eee2e1d47
+fi
-:d8949733849d
+chown -R code.www-data /var/www/code
 find /var/www/code -type d -exec chmod g+s \{\} \;
-:e38eee2e1d47
+#!/bin/bash
 set -e
-:94669513c53c
+# In a real deployment, /var/hg is probably mounted from somewhere
 # else. But in an empty deployment we need to create it, and in both
 # cases we set up the config files with their current versions here.
-:e38eee2e1d47
+if [ ! -f /var/hg/index.cgi ]; then
     mkdir -p /var/hg
 fi
-:94669513c53c
+            Chris
 cp /var/www/code/deploy/config/index.cgi /var/hg/
 cp /var/www/code/deploy/config/hgweb.config /var/hg/
 chmod +x /var/hg/index.cgi
-:c18460da6620
+chown -R www-data.code /var/hg
-:94669513c53c
+find /var/hg -type d -exec chmod g+s \{\} \;
-:e38eee2e1d47
+#!/bin/bash
 set -e
-:94669513c53c
+# Copy across the database config file (the source file has presumably
 # been generated from a skeleton, earlier in provisioning)
-:83412a0a2389
+infile=/var/www/code/deploy/config/database.yml.gen
-:94669513c53c
+outfile=/var/www/code/config/database.yml
-:d8949733849d
+            Chris
-:94669513c53c
+if [ ! -f "$outfile" ]; then
     if [ ! -f "$infile" ]; then
         echo "ERROR: Database config file $infile not found - has the database secret been interpolated from $infile.in correctly?"
         exit 2
     fi
     cp "$infile" "$outfile"
-:e38eee2e1d47
+fi
 #!/bin/bash
 set -e
-:94669513c53c
+# Install Ruby gems for the web app.
 # We aim to make all of these provisioning scripts non-destructive if
 # run more than once. In this case, running the script again will
 # install any outstanding updates.
-:e38eee2e1d47
+cd /var/www/code
 gem install bundler
 bundle install
 #!/bin/bash
 set -e
-:94669513c53c
+# Create a session token if it hasn't already been created.
-:e38eee2e1d47
+cd /var/www/code
-:94669513c53c
+if [ ! -f config/initializers/secret_token.rb ]; then
     bundle exec rake generate_secret_token
 fi
-:e38eee2e1d47
+#!/bin/bash
 set -e
-:94669513c53c
+# Start the database and if a dump file is found, load it. The dump
 # file is then deleted so that the db won't be overwritten on
 # subsequent runs. (The original repo contains no dump file, so it
 # should exist only if you have provided some data to load.)
-:e38eee2e1d47
+/etc/init.d/postgresql start
 cd /var/www/code
 if [ -f postgres-dumpall ]; then
     chmod ugo+r postgres-dumpall
     sudo -u postgres psql -f postgres-dumpall postgres
-:94669513c53c
+    rm postgres-dumpall
-:e38eee2e1d47
+fi
 #!/bin/bash
 set -e
-:94669513c53c
+# Install the Apache mod_perl module used for hg repo access control
-:e38eee2e1d47
+if [ ! -f /usr/local/lib/site_perl/Apache/Authn/SoundSoftware.pm ]; then
     mkdir -p /usr/local/lib/site_perl/Apache/Authn/
-:94669513c53c
+    cp /var/www/code/extra/soundsoftware/SoundSoftware.pm \
        /usr/local/lib/site_perl/Apache/Authn/
-:e38eee2e1d47
+fi
 #!/bin/bash
 set -e
-:94669513c53c
+# Install Apache config files and module loaders
-:e38eee2e1d47
+cd /var/www/code
-:83412a0a2389
+codeconffile=/var/www/code/deploy/config/code.conf.gen
-:d8949733849d
+            Chris
 if [ ! -f "$codeconffile" ]; then
-:83412a0a2389
+    echo "ERROR: Apache config file $codeconffile not found - has the database secret been interpolated from its input file correctly?"
-:d8949733849d
+    exit 2
 fi
-:e38eee2e1d47
+if [ ! -f /etc/apache2/sites-enabled/10-code.conf ]; then
     rm -f /etc/apache2/sites-enabled/000-default.conf
-:d8949733849d
+    cp deploy/config/passenger.conf /etc/apache2/mods-available/
     cp deploy/config/passenger.load /etc/apache2/mods-available/
     cp deploy/config/perl.conf      /etc/apache2/mods-available/
-:e38eee2e1d47
+            Chris
     ln -s ../mods-available/passenger.conf  /etc/apache2/mods-enabled/
     ln -s ../mods-available/passenger.load  /etc/apache2/mods-enabled/
     ln -s ../mods-available/perl.conf       /etc/apache2/mods-enabled/
     ln -s ../mods-available/expires.load    /etc/apache2/mods-enabled/
     ln -s ../mods-available/rewrite.load    /etc/apache2/mods-enabled/
-:06ca2df3d7ca
+    ln -s ../mods-available/cgi.load        /etc/apache2/mods-enabled/
-:e38eee2e1d47
+            Chris
-:d8949733849d
+    cp "$codeconffile" /etc/apache2/sites-available/code.conf
-:e38eee2e1d47
+    ln -s ../sites-available/code.conf /etc/apache2/sites-enabled/10-code.conf
     apache2ctl configtest
 fi
-:9149f2098413
+#!/bin/bash
 set -e
-:94669513c53c
+# In case we are running without a properly mounted /var/hg directory,
 # check for the existence of one repo and, if absent, attempt to clone
 # it so that we have something we can serve for test purposes.
-:9149f2098413
+if [ ! -d /var/hg/vamp-plugin-sdk ]; then
     echo "Cloning vamp-plugin-sdk repo for testing..."
     cd /var/hg
     hg clone https://code.soundsoftware.ac.uk/hg/vamp-plugin-sdk
-:c18460da6620
+    chown -R www-data.code vamp-plugin-sdk
-:9149f2098413
+fi
-:073a75bf07fb
+#!/bin/bash
 set -e
 # Initialise directories used as targets for cron activity (if they
 # don't already exist)
 # Reminder: the webapp directory is owned and run by the code user, in
 # group www-data. The repos and other things served directly are
 # usually the other way around -- owned by the www-data user, in group
 # code. I don't recall whether there is a good reason for this.
 for dir in \
     /var/files/backups \
     /var/doc \
     /var/files/git-mirror ; do
     if [ ! -d "$dir" ]; then
         mkdir -p "$dir"
         chown -R code.www-data "$dir"
         chmod g+s "$dir"
     fi
 done
 for dir in \
     /var/mirror ; do
     if [ ! -d "$dir" ]; then
         mkdir -p "$dir"
         chown -R www-data.code "$dir"
         chmod g+s "$dir"
     fi
 done
-:c18460da6620
+#!/bin/bash
 set -e
-:45b0571b684d
+# Copy docgen scripts, including the generated scripts with
 # interpolated API key etc, to the directory they will be run from.
 # These are run from cron jobs to do the (currently daily) update of
 # extracted documentation from Doxygen, Javadoc, and MATLAB, and to
 # enable displaying them with the redmine_embedded plugin. (The API
 # key is needed to automatically switch on the embedded module for a
 # project the first time its docs are extracted.)
-:c18460da6620
+            Chris
 cd /var/www/code
 mkdir -p docgen
 for file in \
     doxysafe.pl \
     extract-doxygen.sh \
     extract-javadoc.sh \
     extract-matlabdocs.sh \
     matlab-docs.conf \
     matlab-docs-credit.html \
     matlab-docs.pl ; do
     if [ ! -f docgen/"$file" ]; then
         cp extra/soundsoftware/"$file" docgen/
     fi
 done
-:83412a0a2389
+for file in \
     extract-docs.sh ; do
     if [ ! -f docgen/"$file" ]; then
         cp deploy/config/"$file".gen docgen/"$file"
     fi
 done
-:c18460da6620
+chown code.www-data docgen/*
 chmod +x docgen/*.sh
 #!/bin/bash
 set -e
-:45b0571b684d
+# Copy reposman (repository manager) scripts, including the generated
 # scripts with interpolated API key etc, to the directory they will be
 # run from.
 # There are two sets of scripts here:
+#
 # 1. The reposman script that plods through all the projects that have
 # repositories defined, creates those repositories on disc, and
 # registers their locations with the projects. This happens often,
 # currently every minute.
+#
 # 2. The external repo management script that plods through all the
 # projects that have external repositories defined, clones or updates
 # those external repos to their local locations, and if necessary
 # registers them with the projects. This happens less often, currently
 # every hour.
-:c18460da6620
+            Chris
 cd /var/www/code
 mkdir -p reposman
 for file in \
     convert-external-repos.rb \
     reposman-soundsoftware.rb \
     run-hginit.sh \
     update-external-repo.sh ; do
     if [ ! -f reposman/"$file" ]; then
         cp extra/soundsoftware/"$file" reposman/
     fi
 done
 for file in \
     run-external.sh \
     run-reposman.sh ; do
     if [ ! -f reposman/"$file" ]; then
-:83412a0a2389
+        cp deploy/config/"$file".gen reposman/"$file"
-:c18460da6620
+    fi
 done
 chown code.www-data reposman/*
 chmod +x reposman/*.sh
 chmod +x reposman/*.rb
 touch /var/log/reposman.log
 touch /var/log/external-repos.log
 chown www-data.code /var/log/reposman.log
 chown www-data.code /var/log/external-repos.log
 #!/bin/bash
 set -e
 # Copy cron scripts to the appropriate destinations
 cd /var/www/code
 if [ ! -d /etc/cron.minutely ]; then
     mkdir -p /etc/cron.minutely
     echo '*  *    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.minutely )' >> /etc/crontab
 fi
 for t in minutely hourly daily monthly; do
     for s in deploy/config/cron.$t/[0-9]* ; do
         name=$(basename $s)
         dest="/etc/cron.$t/$name"
         if [ ! -f "$dest" ]; then
             cp "$s" "$dest"
             chmod +x "$dest"
         fi
     done
 done
 #!/bin/bash
 cd /var/www/code
 cp deploy/config/logrotate.conf /etc/logrotate.conf
-:07deb8466f65
+#!/bin/bash
 set -e
 # Print reminders of the things that we haven't covered in the deploy
 # scripts
 cat <<EOF
 *** APACHE SSL CONFIGURATION
     The provisioning scripts set up a simple HTTP site only. Refer to
     deploy/config/code-ssl.conf.in for an example HTTPS configuration
     (you will of course need to provide the key/cert files).
 *** EMAIL
     Outgoing email is required for notifications, but has not been
     configured as part of this provisioning setup.
 *** STATIC FRONT PAGE
     We have set up only the code/repository site -- if you want a
     separate front page, remember to configure that!
 EOF
-:ae8043b014c7
+#!/bin/bash
 set -e
-:07deb8466f65
+# Last action: check & start the webserver
 apache2ctl configtest
-:94669513c53c
+            Chris
-:ae8043b014c7
+apache2ctl restart
-:45b0571b684d
+#!/bin/bash
 # The big problem with this test script is that it needs the cron
 # scripts that generate some of this stuff to have been run at least
 # once
 usage() {
     echo 1>&2
     echo "Usage: $0 <uri-base>" 1>&2
     echo 1>&2
     echo "  e.g. $0 https://code.soundsoftware.ac.uk" 1>&2
     echo "    or $0 http://localhost:8080" 1>&2
     echo 1>&2
     exit 2
+}
 uribase="$1"
 if [ -z "$uribase" ]; then
     usage
 fi
 set -eu
-:eeacb8332051
+# A project known to exist, be public, and have a repository
 project_with_repo=vamp-plugin-sdk
 # A project known to exist, be public, and have embedded documentation
 project_with_docs=vamp-plugin-sdk
 # A project known to exist, be public, and have a bibliography
 project_with_biblio=sonic-visualiser
-:45b0571b684d
+            Chris
 tried=0
 succeeded=0
 mydir=$(dirname "$0")
 try() {
     mkdir -p "$mydir/output"
     origin=$(pwd)
     cd "$mydir/output"
     path="$1"
     description="$2"
     url="$uribase$path"
     echo
     echo "Trying \"$description\" [$url]..."
     echo
     if wget "$url" ; then
         echo "+++ Succeeded"
         succeeded=$(($succeeded + 1))
     else
         echo "--- FAILED"
     fi
-:eeacb8332051
+    tried=$(($tried + 1))
     cd "$origin"
-:45b0571b684d
+            Chris
 try "/" "Front page"
-:eeacb8332051
+try "/projects/$project_with_repo" "Project page"
 try "/projects/$project_with_biblio" "Project page with bibliography"
 try "/projects/$project_with_repo/repository" "Repository page"
 try "/hg/$project_with_repo" "Mercurial repo"
 try "/projects/$project_with_docs/embedded" "Project documentation page (from docgen cron script)"
 try "/git/$project_with_repo/info/refs" "Git repo mirror"
-:45b0571b684d
+            Chris
 echo
 echo "Passed $succeeded of $tried"
 echo
-:e38eee2e1d47
+# -*- mode: ruby -*-
 # vi: set ft=ruby :
 Vagrant.configure("2") do |config|
-:0dcd4f8c2b8a
+  config.vm.box = "ubuntu/xenial64"
-:e38eee2e1d47
+  config.vm.network "forwarded_port", guest: 80, host: 8080
-:d8949733849d
+  config.vm.synced_folder "../..", "/code-to-deploy"
-:e38eee2e1d47
+  config.vm.provision :shell, path: "vagrant-provision.sh"
 end
-:ae8043b014c7
+#!/bin/bash
-:d0d59d12db94
+mydir=$(dirname "$0")
-:83412a0a2389
+. "$mydir"/../any/prepare.sh
-:ae8043b014c7
+            Chris
 cd "$managerdir"
 vagrant up
-:e38eee2e1d47
+#!/bin/bash
 set -e
-:c18460da6620
+for f in /code-to-deploy/deploy/provision.d/[0-9]*.sh ; do
-:e38eee2e1d47
+    case "$f" in
         *~) ;;
-:83412a0a2389
+        *) echo "Running provisioning script: $f"
-:e38eee2e1d47
+           /bin/bash "$f";;
     esac
 done
-:83412a0a2389
+echo "All provisioning scripts complete"

SoundSoftware Project »

SoundSoftware Code Site

root / deploy @ 1601:07deb8466f65