# This is the start of my deployment howto for deploying to a linode.
# I need to add some more basic setup parts to this
# Much of this I learned from Josh Martin (Skiz) and in the
# Smartic.us screencast http://smartic.us/2007/9/4/smarticast-4-rails-rumble-primer
# Other pointers (for git) are
# http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way
# http://jointheconversation.org/railsgit
# I never would have got this working without lots of help from folks online
# especially atmos, and Tv and many others whose channels are secret. :)
## Add a linode entry for /etc/hosts
Open /etc/hosts and add the ip and name. My name is linode
## Get the stuff you will need
apt-get update
# you might need openssl too...
apt-get install ruby1.8-dev rails ri rdoc irb libmysql-ruby mysql-server nginx build-essential libopenssl-ruby sudo
# For svn
apt-get install subversion
# For git
apt-get install libexpat-dev python-setuptools
## Get and install rubygems on your linode (as root)
wget http://rubyforge.org/frs/download.php/28174/rubygems-0.9.5.tgz
tar xvzf rubygems-0.9.5.tgz
cd rubygems-0.9.5
ruby setup.rb
## Get mongrel (you may need to do this twice, and as of 0.9.5 -y/--include-dependencies is the default ;)
gem install mongrel
gem install mongrel_cluster
## Setup users on your linode (as root)
/usr/sbin/adduser --system --group --disabled-password deploy
/usr/sbin/adduser --system --no-create-home --group --disabled-login mongrel
/usr/sbin/adduser --system --no-create-home --group --disabled-login www
export VISUAL=nano
visudo
## Add to the end of the visudo file (TODO check for a command to only allow chowning away)
deploy ALL=NOPASSWD:/bin/chown, /usr/bin/mongrel_rails, /etc/init.d/nginx, NOEXEC:/bin/chown, /usr/bin/mongrel_rails, /etc/init.d/nginx
as an option:
deploy ALL=(ALL) NOPASSWD:ALL
## For extra credit, change the defaults in the visudo file to insult people that try to enter passwords
Defaults env_reset, insults
## Back at home scp your public key up
scp .ssh/id_rsa.pub root@linode:/tmp
## Setup the linode end of the key on the server (as root, then as deploy)
mkdir /home/deploy/.ssh
chmod 700 /home/deploy/.ssh
cat /tmp/id_rsa.pub >> /home/deploy/.ssh/authorized_keys
chmod 600 /home/deploy/.ssh/authorized_keys
chown -R deploy:deploy /home/deploy/.ssh
## Compile git on the server as root (don't use this directly, instead find the latest version at http://git.or.cz)
wget http://kernel.org/pub/software/scm/git/git-1.5.3.7.tar.gz
tar xvf git-1.5.3.7.tar.gz
cd git-1.5.3.7
make prefix=/usr all
make prefix=/usr install
## Setup git/gitosis on the server as root (taken from http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way)
/usr/sbin/adduser --system --shell /bin/sh --gecos 'git version control' --group --disabled-password --home /home/git git
cd /home/git
mkdir src
cd src
git clone git://eagain.net/gitosis.git
cd gitosis
python setup.py install
## Back on the server as root
sudo -H -u git gitosis-init < /tmp/id_rsa.pub
sudo chmod 755 /home/git/repositories/gitosis-admin.git/hooks/post-update
rm /tmp/id_rsa.pub
## Back on local (I use /var/www for my web apps, you can use whatever)
cd /var/www
git clone git@linode:gitosis-admin.git
cd gitosis-admin
nano gitosis.conf
## change gitsosis.conf to look like (if you are not sure about the member name, check your ~/.ssh/id_rsa.pub file. At the end is your username)
[gitosis]
[group gitosis-admin]
writable = gitosis-admin
members = YOURUSER@YOURLOCALHOST.local
[group YOURAPP]
writable = YOURAPP
members = YOURUSER@YOURLOCALHOST.local
## Commit that change (within your gitosis-admin folder on local)
git commit -a -m "Allow YOURUSER write access to YOURAPP"
git push
## Add your app to the world of gitosis (on your local)
cd ..
cd YOURAPP
git init
git remote add origin git@YOUR_SERVER_HOSTNAME:YOURAPP.git
echo "config/database.yml
.DS_Store
.DS_config" > .gitignore
echo "[^.]*" > tmp/.gitignore
echo "[^.]*" > log/.gitignore
## .gitignore should include the following:
config/database.yml
## tmp/.gitignore and log/.gitignore should include the following (note, this is a really good trick to ignore all files except those starting with ".", such as .gitignore, and also keep a placeholder folder as git removes empty folders):
[^.]*
## Add and Commit
git add .
git commit -a -m "Initial add"
git push origin master:refs/heads/master
## Capistrano stuff (make sure you are updated to 2.1 or better)
sudo gem update capistrano
## Capify
capify .
## Make a script/spin that has only this line
mongrel_rails cluster::start
## Modify deploy.rb to look like
http://pastie.caboo.se/private/wqppu3lc3fnwcyj4ev3vma
## Add and commit those files in git, push to the server
...
## Adding the deploy user to your gitosis.conf
1) login to linode, su - deploy
2) ssh-keygen -t rsa
3) logout, return to your local
4) cd gitosis-admin/keydir
5) scp deploy@linode:.ssh/id_rsa.pub deploy@li23-456.pub
* note the second name is the filename for your pub file. The "li23-456" is the name of your server. basically it should match the string at the end of the public key file itself
6) Add this to your gitosis.conf
[group deploy]
readonly = YOURAPP
members = deploy@li23-456
7) Currently capistrano does not accept the RSA fingerprint by default. To get around this, I had to log back into the server and create a temp folder and git clone my app in a tmp folder:
git clone git@YOURDOMAIN:YOURAPP.git
Then I accepted the fingerprint and the world was better. I am sure you could add it to known_hosts or use 127.0.0.1 or something.
## nginx
Sample nginx.conf: http://pastie.caboo.se/129834
Mephisto Server declaration: http://pastie.caboo.se/129455
scp your nginx.conf up to the server and mv it to /etc/nginx/nginx.conf
## Log into the server as root (or as deploy and use sudo)
mkdir /var/www/YOURAPP
chown deploy:deploy /var/www/YOURAPP
## While on the server, create the database and user
create database YOURDBNAME;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,INDEX,SHOW VIEW,CREATE VIEW,LOCK TABLES on YOURDBNAME.* to 'YOURUSER' IDENTIFIED BY 'YOURPASS'
## if you need views... there is other stuff, cheat and do
GRANT ALL on YOURDBNAME.* to 'YOURUSER' IDENTIFIED BY 'YOURPASS'
## On your local, cross your fingers and deploy
cap deploy:setup
cap deploy
cap nginx:start