Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Fiona
- ## Nginx + Passenger (w/ REE) on Ubuntu 9.10
- ssh root@fiona
- Get rid of that obnoxious motd.
- echo '' > /etc/motd
- Set the hostname
- echo 'fiona' > /etc/hostname
- /etc/init.d/hostname.sh start
- Update and install some essentials.
- aptitude update
- aptitude upgrade
- aptitude install build-essential zlib1g-dev libssl-dev git-core curl
- ## Ruby Enterprise Edition
- mkdir /usr/local/src && cd /usr/local/src
- curl -LO http://rubyforge.org/frs/download.php/64479/ruby-enterprise_1.8.7-20090928_i386.deb
- dpkg -i ruby-enterprise_1.8.7-20090928_i386.deb
- ## Nginx + Passenger
- curl http://sysoev.ru/nginx/nginx-0.7.62.tar.gz | tar xvz
- gem install passenger
- passenger-install-nginx-module
- Prompts:
- > "Automatically download and install Nginx?": 2
- > "Where is your Nginx source code located?": /root/src/nginx-0.7.62
- > "Where do you want to install Nginx to?": /usr/local/nginx
- > "Extra Nginx configure options": --sbin-path=/usr/local/sbin --with-http_ssl_module
- curl http://gist.github.com/raw/213678/789a5a71bbddf065e68aabc4c7d13c80059994f2/nginx > /etc/init.d/nginx
- chmod +x /etc/init.d/nginx
- update-rc.d -f nginx defaults
- curl http://gist.github.com/raw/213678/19c4dc655ac196222652bebd6be6b017f29dcc6a/nginx.conf > /usr/local/nginx/conf/nginx.conf
- /etc/init.d/nginx start
- ## Integrity
- adduser ci
- adduser ci admin
- exit
- ssh ci@fiona
- curl http://gist.github.com/raw/97747/2378011069e8655dd71187f1c94c32bdb3151569/gistfile1.txt > .gemrc
- echo 'set nocompatible' > .vimrc
- sudo vi /etc/nginx/integrity.conf
- > server {
- > listen 80;
- > server_name ci.grays.im;
- > root /home/ci/integrity/public;
- > passenger_enabled on;
- > }
- sudo aptitude install sqlite3 libsqlite3-dev
- gem install integrity
- sudo gem install do_sqlite3 --version=0.9.11
- sudo gem uninstall data_objects --version=0.9.12
- integrity install ~/integrity
- cd integrity
- vi config.yml
- > :base_uri: http://ci.grays.im
- > :database_uri: sqlite3:///home/ci/integrity/integrity.db
- > :export_directory: /home/ci/integrity/builds
- > :log: /home/ci/integrity/log/integrity.log
- > :build_all_commits: true
- > :use_basic_auth: true
- > :admin_username: ''
- > :admin_password: f7d225c0fd69b47618aa410226f8c22a091cbc78
- > :hash_admin_password: true
- integrity migrate_db config.yml
- mkdir public
- sudo /etc/init.d/nginx reload
- ## Rip
- cd /usr/local/src
- sudo git clone git://github.com/defunkt/rip.git
- cd rip
- sudo ruby setup.rb
- sudo chown -R ci:ci ~/.rip
- ## Git
- sudo -i
- cd /usr/local/src
- aptitude install tcl8.4 tk8.4
- curl http://kernel.org/pub/software/scm/git/git-1.6.5.1.tar.gz | tar zxv
- cd git-1.6.5.1/
- ./configure
- make
- make install
- ## Misc:
- (for mysql gem)
- sudo aptitude install libmysqlclient-dev mysql-client mysql-server
- (for image_science)
- sudo aptitude install libfreeimage-dev
- (for nokogiri)
- sudo aptitude install libxml2-dev libxslt1-dev
- ## Firewall
- sudo apt-get install ufw
- sudo ufw default deny
- sudo ufw allow http/tcp
- sudo ufw allow https/tcp
- sudo ufw allow from 10.42.0.0/24
- sudo ufw enable
- sudo ufw status verbose
- ## Aloha Auth
- Unfortunately, this negates the client certificate authentication. So we're not going with it.
- cd /usr/local/sbin
- sudo curl -O http://gist.github.com/raw/255249/52d2756f767006e52409d2bf4583c0ab9fb2adc7/auth-aloha.rb
- sudo chmod +x auth-aloha.rb
- sudo vi /etc/openvpn/server.conf
- Add:
- > auth-user-pass-verify /usr/local/sbin/auth-aloha.rb via-file
- > client-cert-not-required
- > tmp-dir /dev/shm
- sudo /etc/init.d/openvpn restart
- # DNS
- ## THIS NEVER WORKED... ##
- sudo apt-get install bind9 dnsutils
- sudo vi /etc/bind/named.conf.local
- > zone "grays.local" {
- > type master;
- > file "/etc/bind/db.grays.local";
- > };
- >
- > zone "0.42.10.in-addr.arpa" {
- > type master;
- > file "/etc/bind/rev.0.42.10.in-addr.arpa";
- > };
- sudo vi /etc/bind/db.grays.local
- > $TTL 604800
- > @ IN SOA ns.grays.local. admin.grays.local. (
- > 1 ; Serial
- > 604800 ; Refresh
- > 86400 ; Retry
- > 2419200 ; Expire
- > 604800 ) ; Negative Cache TTL
- > ;
- > @ IN NS ns.grays.local.
- > @ IN A 10.42.0.1
- > fiona IN A 10.42.0.1
- sudo vi /etc/bind/rev.0.42.10.in-addr.arpa
- > $TTL 604800
- > @ IN SOA ns.grays.local. admin.grays.local. (
- > 1 ; Serial
- > 604800 ; Refresh
- > 86400 ; Retry
- > 2419200 ; Expire
- > 604800 ) ; Negative Cache TTL
- > ;
- > @ IN NS ns.
- > 1 IN PTR ns.grays.local.
- sudo /etc/init.d/bind9 restart
- vi /etc/resolv.conf
- > search grays.local members.linode.com
- > nameserver 10.42.0.1
- > nameserver 75.127.97.6
- > nameserver 75.127.97.7
- ### Push DNS from OpenVPN
- We're not actually doing this. I couldn't get it work without jumping through
- hoops on the clients. Intead, just manually configure 10.42.0.1 as a nameserver on the clients
- sudo vi /etc/openvpn/server.conf
- > push "dhcp-option DNS 10.42.0.1"
- > push "dhcp-option DNS 208.67.222.222"
- > push "dhcp-option DNS 208.67.220.220"
- sudo /etc/init.d/openvpn restart
- ### Webmin
- sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl
- cd /usr/local/src
- sudo curl -OL http://www.webmin.com/download/deb/webmin-current.deb
- sudo dpkg -i webmin-current.deb
- ## syslog-ng
- On fiona (server):
- sudo apt-get install syslog-ng
- sudo vi /etc/syslog-ng/syslog-ng.conf
- > source s_remote { tcp(); };
- > destination d_clients { file("/var/log/$HOST/$PROGRAM"); };
- > log { source(s_remote); destination(d_clients); };
- sudo /etc/init.d/syslog-ng restart
- On hettie (client):
- > source s_local {
- > internal();
- > unix-stream("/dev/log");
- > file("/proc/kmsg" log_prefix("kernel: "));
- > };
- >
- > destination d_log_host {
- > tcp("10.42.0.1" port(514));
- > };
- >
- > log {
- > source(s_local);
- > destination(d_log_host);
- > };
- ## Redis / Resque
- sudo -i
- cd /usr/local/src
- curl http://redis.googlecode.com/files/redis-1.2.5.tar.gz | tar zxv
- cd redis-1.2.5
- make
- cp redis-server /usr/local/bin/
- cp redis-cli /usr/local/bin/
- Install `redis.conf` to `/etc/redis.conf`
- sudo cp utils/redis_init_script /etc/init.d/redis-server
- vi /etc/init.d/redis-server
- Change the conf file path to `/etc/redis.conf`
- chmod +x /etc/init.d/redis-server
- update-rc.d -f redis-server defaults
- gem install redis redis-namespace yajl-ruby
- exit
- cd /home/ci
- git clone git://github.com/defunkt/resque.git
- mkdir resque/public
- mkdir resque/tmp
- sudo vi /etc/nginx/resque.conf
- > server {
- > listen 80;
- > server_name resque.grays.im;
- > root /home/ci/resque/public;
- > passenger_enabled on;
- > auth_basic "Restricted";
- > auth_basic_user_file /etc/nginx/_htpasswd;
- > }
- sudo /etc/init.d/nginx reload
- sudo /etc/init.d/redis-server start
Add Comment
Please, Sign In to add comment