This cookbook is designed to build a server with full configuration for Ruby on Rails applications deployed through Capistrano
The default recipe will install and configure:
- Configure the sshd with a custom port
- Install a swap area
- Nginx, with server configuration for many domains. HTTP requests will redirected on HTTPs
- Letsencrypt, providing a valid ssl certificate for each domain
- Postgresql, creating an user for each application and e database for each environment
- Rbenv, with a specific ruby version for each app environment
- Nodejs
- Configure machine users with custom files, sudo access (using cookbook Users)
- Capistrano directory structure with basic shared folders (log, config) and some secret
- Supervisord to ensure the puma server is running
- Ubuntu 16.04
- Chef 12.0 or later
Add this to your Cheffile in order to install correct versions of cookbooks
cookbook "postgresql", git: "https://github.com/hbda/chef-postgresql", ref: "rmoriz/pg9.5"
cookbook "capistrano-rails", git: "https://github.com/joeyates/chef-capistrano-rails"
cookbook "users", git: 'https://bitbucket.org/joeyates/users-cookbook.git'
cookbook "rails"
Key | Type | Description | Default |
---|---|---|---|
['rails']['machine_nane'] | String | Machine name in ssh banner during login | Rails machine |
['rails']['sshd']['port'] | Integer | Ssh port | 22 |
['rails']['swap']['size'] | Integer | 1024 | |
['rails']['swap']['filepath'] | String | The path of the swapfile | /mnt/swapfile |
['rails']['apps_root'] | String | The directory where applications root will be installed | /srv |
['rails']['apps_user'] | String | The application owner | "root" |
['rails']['extra_packages'] | Array | Additional packages to install into the machine | [] |
['rails']['apps'] | Hash | An hash with configuration for the machine (with this you can create all stuffs for many application just running default recipe) | true |
Before running the cookbook, if you want to generate an ssl valid certificate with letsencrypt, ensure that your machine is reachable. If you can't do this for now, set
"test_env": true
"test_env": true
into "apps" settings in order to use a self signed ssl certificate.
Then, you need to create an encrypted data bag with application properties.
bundle exec knife solo data bag create apps rails_app
to create the empty.
Paste the following content into the editor setting variables with your needs
{
"id": "rails_app",
"config": {
"dbpassword": "a_user_db_password",
"staging": {
"secret_key_base": "a_secret_value",
"other_secrets": {
"a_key": {
"a_subkey": "a value"
}
}
},
"production": {
"secret_key_base": "a_secret_value",
"other_secrets": {
"another_key": {
"another_subkey": "another value"
}
}
}
}
}
you will find "other_secrets" inside the file
config/secrets.yml
{
"name":"my_node",
"rails": {
"machine_name": "My fantastic server",
"ssh": {
"port": 1022
},
"global_ruby": "2.3.1",
"apps_user": "deploy",
"apps": {
"rails_app": {
"staging": {
"ruby_version": "2.3.1",
"domain": "staging.example.com",
"aliases": ["staging1.example.com", "staging2.example.com"],
"admin_email": "admin@example.com",
"test_env": true
},
"production": {
"ruby_version": "2.3.1",
"domain": "www.example.com",
"aliases": ["example.com"],
"admin_email": "admin@example.com"
}
}
},
"extra_packages": [
["unzip", nil],
["nodejs-legacy", nil]
]
},
"postgresql": {
"pg_hba_defaults": false,
"pg_hba": [
{ "type": "local", "db": "all", "user": "postgres", "addr": "", "method": "peer" },
{ "type": "local", "db": "all", "user": "all", "addr": "", "method": "md5" },
{ "type": "host", "db": "all", "user": "all", "addr": "127.0.0.1/32", "method": "md5" },
{ "type": "host", "db": "all", "user": "all", "addr": "::1/128", "method": "md5" }
]
},
"run_list": [
"recipe[rails]"
]
}
Generates configuration files for nginx
Action | Description | Default |
---|---|---|
:install | Install an nginx configuration for provided domain | true |
Attribute | Description | Default value | Required |
---|---|---|---|
domain | The domain to listen | nil | true |
user | User that own the nginx configuration files | nil | true |
name | The name of nginx configuration | nil | true |
path | The root path of the application (directory that contain public) | nil | false |
aliases | Additional domain names that redirect to the main domain with 301 | [] | false |
test_ssl | If true, used a self signed certifiate generated through amce-staging server | false | false |
admin_email | The email address to provide during letsencrypt user registration | false | |
key_path | File system path of the private key file you want to use | nil | true |
protocol_policy |
Specifies what configuration files need to be installed:
|
:only_http | false |
key_path | File system path of the private key file you want to use | nil | true |
This resource install all the stack (nginx/postgresql/rails directory) for a single environment of an application.
Action | Description | Default |
---|---|---|
:install | Install all configuration and directory for a rails application | true |
name | The name of nginx configuration | nil | true |
admin_email | The email address to provide during letsencrypt user registration | false | |
environment | The application environment (staging, production, ecc) | nil | production |
domain | The domain to listen | nil | true |
aliases | Additional domain names that redirect to the main domain with 301 | [] | false |
user | User that own the nginx configuration files | nil | true |
path | The root path of the application (directory that contain public) | nil | false |
test_ssl | If true, used a self signed certifiate generated through amce-staging server | false | false |
directory | Additional directories to create under capistrano shared in addition to log - public directories | [] | false |
protocol_policy |
Specifies what configuration files need to be installed:
|
:only_http | false |
- Support for backup data (database and directories)
- Multi domain name for a same application (for example a localized application through domain name)
- Possibility to pass parameters to extra_packages
- Use supervisord for boot daemon
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
Authors:
- David Librera
- Joe Yates