Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Feb 27th, 2012  |  syntax: None  |  size: 7.52 KB  |  views: 18  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. # Fiona
  2.  
  3. ## Nginx + Passenger (w/ REE) on Ubuntu 9.10
  4.  
  5.     ssh root@fiona
  6.  
  7. Get rid of that obnoxious motd.
  8.  
  9.     echo '' > /etc/motd
  10.  
  11. Set the hostname
  12.  
  13.     echo 'fiona' > /etc/hostname
  14.     /etc/init.d/hostname.sh start
  15.  
  16. Update and install some essentials.
  17.  
  18.     aptitude update
  19.     aptitude upgrade
  20.     aptitude install build-essential zlib1g-dev libssl-dev git-core curl
  21.  
  22. ## Ruby Enterprise Edition
  23.  
  24.     mkdir /usr/local/src && cd /usr/local/src
  25.  
  26.     curl -LO http://rubyforge.org/frs/download.php/64479/ruby-enterprise_1.8.7-20090928_i386.deb
  27.     dpkg -i ruby-enterprise_1.8.7-20090928_i386.deb
  28.  
  29. ## Nginx + Passenger
  30.  
  31.     curl http://sysoev.ru/nginx/nginx-0.7.62.tar.gz | tar xvz
  32.     gem install passenger
  33.  
  34.     passenger-install-nginx-module
  35.  
  36. Prompts:
  37.  
  38. >     "Automatically download and install Nginx?": 2
  39. >     "Where is your Nginx source code located?": /root/src/nginx-0.7.62
  40. >     "Where do you want to install Nginx to?": /usr/local/nginx
  41. >     "Extra Nginx configure options": --sbin-path=/usr/local/sbin --with-http_ssl_module
  42.  
  43.     curl http://gist.github.com/raw/213678/789a5a71bbddf065e68aabc4c7d13c80059994f2/nginx > /etc/init.d/nginx
  44.     chmod +x /etc/init.d/nginx
  45.     update-rc.d -f nginx defaults
  46.  
  47.     curl http://gist.github.com/raw/213678/19c4dc655ac196222652bebd6be6b017f29dcc6a/nginx.conf > /usr/local/nginx/conf/nginx.conf
  48.  
  49.     /etc/init.d/nginx start
  50.  
  51. ## Integrity
  52.  
  53.     adduser ci
  54.     adduser ci admin
  55.     exit
  56.  
  57.     ssh ci@fiona
  58.  
  59.     curl http://gist.github.com/raw/97747/2378011069e8655dd71187f1c94c32bdb3151569/gistfile1.txt > .gemrc
  60.  
  61.     echo 'set nocompatible' > .vimrc
  62.  
  63.     sudo vi /etc/nginx/integrity.conf
  64.  
  65. >     server {
  66. >         listen 80;
  67. >         server_name ci.grays.im;
  68. >         root /home/ci/integrity/public;
  69. >         passenger_enabled on;
  70. >     }  
  71.  
  72.     sudo aptitude install sqlite3 libsqlite3-dev
  73.     gem install integrity
  74.     sudo gem install do_sqlite3 --version=0.9.11
  75.     sudo gem uninstall data_objects --version=0.9.12
  76.     integrity install ~/integrity
  77.     cd integrity
  78.  
  79.     vi config.yml
  80.  
  81. >     :base_uri: http://ci.grays.im
  82. >     :database_uri: sqlite3:///home/ci/integrity/integrity.db
  83. >     :export_directory: /home/ci/integrity/builds
  84. >     :log: /home/ci/integrity/log/integrity.log
  85. >     :build_all_commits: true
  86. >     :use_basic_auth: true
  87. >     :admin_username: ''
  88. >     :admin_password: f7d225c0fd69b47618aa410226f8c22a091cbc78
  89. >     :hash_admin_password: true
  90.  
  91.     integrity migrate_db config.yml
  92.     mkdir public
  93.  
  94.     sudo /etc/init.d/nginx reload
  95.  
  96. ## Rip
  97.  
  98.     cd /usr/local/src
  99.     sudo git clone git://github.com/defunkt/rip.git
  100.     cd rip
  101.     sudo ruby setup.rb
  102.     sudo chown -R ci:ci ~/.rip
  103.  
  104. ## Git
  105.  
  106.     sudo -i
  107.     cd /usr/local/src
  108.     aptitude install tcl8.4 tk8.4
  109.     curl http://kernel.org/pub/software/scm/git/git-1.6.5.1.tar.gz | tar zxv
  110.     cd git-1.6.5.1/
  111.     ./configure
  112.     make
  113.     make install
  114.  
  115. ## Misc:
  116.  
  117. (for mysql gem)
  118.  
  119.     sudo aptitude install libmysqlclient-dev mysql-client mysql-server
  120.  
  121. (for image_science)
  122.  
  123.     sudo aptitude install libfreeimage-dev
  124.  
  125. (for nokogiri)
  126.  
  127.     sudo aptitude install libxml2-dev libxslt1-dev
  128.  
  129. ## Firewall
  130.  
  131.     sudo apt-get install ufw
  132.  
  133.     sudo ufw default deny
  134.     sudo ufw allow http/tcp
  135.     sudo ufw allow https/tcp
  136.     sudo ufw allow from 10.42.0.0/24
  137.  
  138.     sudo ufw enable
  139.     sudo ufw status verbose
  140.  
  141.  
  142. ## Aloha Auth
  143.  
  144. Unfortunately, this negates the client certificate authentication. So we're not going with it.
  145.  
  146.     cd /usr/local/sbin
  147.     sudo curl -O http://gist.github.com/raw/255249/52d2756f767006e52409d2bf4583c0ab9fb2adc7/auth-aloha.rb
  148.     sudo chmod +x auth-aloha.rb
  149.  
  150.     sudo vi /etc/openvpn/server.conf
  151.  
  152. Add:
  153.  
  154. >     auth-user-pass-verify /usr/local/sbin/auth-aloha.rb via-file
  155. >     client-cert-not-required
  156. >     tmp-dir /dev/shm
  157.  
  158.     sudo /etc/init.d/openvpn restart
  159.  
  160. # DNS
  161.  
  162. ## THIS NEVER WORKED... ##
  163.  
  164.     sudo apt-get install bind9 dnsutils
  165.     sudo vi /etc/bind/named.conf.local
  166.  
  167. >     zone "grays.local" {
  168. >       type master;
  169. >       file "/etc/bind/db.grays.local";
  170. >     };
  171. >
  172. >     zone "0.42.10.in-addr.arpa" {
  173. >       type master;
  174. >       file "/etc/bind/rev.0.42.10.in-addr.arpa";
  175. >     };
  176.  
  177.     sudo vi /etc/bind/db.grays.local
  178.  
  179. >     $TTL    604800
  180. >     @       IN      SOA     ns.grays.local. admin.grays.local. (
  181. >                                   1         ; Serial
  182. >                              604800         ; Refresh
  183. >                               86400         ; Retry
  184. >                             2419200         ; Expire
  185. >                              604800 )       ; Negative Cache TTL
  186. >     ;
  187. >     @       IN      NS      ns.grays.local.
  188. >     @       IN      A       10.42.0.1
  189. >     fiona   IN      A       10.42.0.1
  190.  
  191.     sudo vi /etc/bind/rev.0.42.10.in-addr.arpa
  192.  
  193. >     $TTL    604800
  194. >     @       IN      SOA     ns.grays.local. admin.grays.local. (
  195. >                                   1         ; Serial
  196. >                              604800         ; Refresh
  197. >                               86400         ; Retry
  198. >                             2419200         ; Expire
  199. >                              604800 )       ; Negative Cache TTL
  200. >     ;
  201. >     @       IN      NS      ns.
  202. >     1       IN      PTR     ns.grays.local.
  203.  
  204.     sudo /etc/init.d/bind9 restart
  205.  
  206.     vi /etc/resolv.conf
  207.  
  208. >     search grays.local members.linode.com
  209. >     nameserver 10.42.0.1
  210. >     nameserver 75.127.97.6
  211. >     nameserver 75.127.97.7
  212.  
  213. ### Push DNS from OpenVPN
  214.  
  215. We're not actually doing this. I couldn't get it work without jumping through
  216. hoops on the clients. Intead, just manually configure 10.42.0.1 as a nameserver on the clients
  217.  
  218.     sudo vi /etc/openvpn/server.conf
  219.  
  220. >     push "dhcp-option DNS 10.42.0.1"
  221. >     push "dhcp-option DNS 208.67.222.222"
  222. >     push "dhcp-option DNS 208.67.220.220"
  223.  
  224.     sudo /etc/init.d/openvpn restart
  225.  
  226. ### Webmin
  227.  
  228.     sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl
  229.  
  230.     cd /usr/local/src
  231.     sudo curl -OL http://www.webmin.com/download/deb/webmin-current.deb
  232.     sudo dpkg -i webmin-current.deb
  233.  
  234. ## syslog-ng
  235.  
  236. On fiona (server):
  237.  
  238.     sudo apt-get install syslog-ng
  239.     sudo vi /etc/syslog-ng/syslog-ng.conf
  240.    
  241. >     source s_remote { tcp(); };
  242. >     destination d_clients { file("/var/log/$HOST/$PROGRAM"); };
  243. >     log { source(s_remote); destination(d_clients); };
  244.  
  245.     sudo /etc/init.d/syslog-ng restart
  246.  
  247. On hettie (client):
  248.  
  249. >     source s_local {
  250. >       internal();
  251. >       unix-stream("/dev/log");
  252. >       file("/proc/kmsg" log_prefix("kernel: "));
  253. >     };
  254. >    
  255. >     destination d_log_host {
  256. >       tcp("10.42.0.1" port(514));
  257. >     };
  258. >    
  259. >     log {
  260. >       source(s_local);
  261. >       destination(d_log_host);
  262. >     };
  263.  
  264. ## Redis / Resque
  265.  
  266.     sudo -i
  267.  
  268.     cd /usr/local/src
  269.     curl http://redis.googlecode.com/files/redis-1.2.5.tar.gz | tar zxv
  270.     cd redis-1.2.5
  271.  
  272.     make
  273.     cp redis-server /usr/local/bin/
  274.     cp redis-cli /usr/local/bin/
  275.  
  276. Install `redis.conf` to `/etc/redis.conf`
  277.  
  278.     sudo cp utils/redis_init_script /etc/init.d/redis-server
  279.  
  280.     vi /etc/init.d/redis-server
  281.  
  282. Change the conf file path to `/etc/redis.conf`
  283.  
  284.  
  285.     chmod +x /etc/init.d/redis-server
  286.     update-rc.d -f redis-server defaults
  287.    
  288.     gem install redis redis-namespace yajl-ruby
  289.  
  290.     exit
  291.  
  292.     cd /home/ci
  293.  
  294.     git clone git://github.com/defunkt/resque.git
  295.  
  296.     mkdir resque/public
  297.     mkdir resque/tmp
  298.  
  299.     sudo vi /etc/nginx/resque.conf
  300.  
  301. >     server {
  302. >       listen 80;
  303. >       server_name resque.grays.im;
  304. >       root /home/ci/resque/public;
  305. >       passenger_enabled on;
  306. >       auth_basic "Restricted";
  307. >       auth_basic_user_file /etc/nginx/_htpasswd;
  308. >     }
  309.  
  310.     sudo /etc/init.d/nginx reload
  311.     sudo /etc/init.d/redis-server start