adminos reinstall

Author: sawkas

Capfile

@@ -3,18 +3,23 @@ require 'capistrano/setup'
 
 # Include default deployment tasks
 require 'capistrano/deploy'
+require 'capistrano/scm/git'
+require 'capistrano/sidekiq'
 require 'capistrano/rvm'
 require 'capistrano/bundler'
 require 'capistrano/rails'
 require 'capistrano/puma'
 require 'capistrano-db-tasks'
-require 'capistrano/scm/git'
-require 'capistrano/sidekiq'
 require 'whenever/capistrano'
+require 'capistrano/systemd/multiservice'
 
-install_plugin Capistrano::Puma
 install_plugin Capistrano::SCM::Git
+install_plugin Capistrano::Puma
+install_plugin Capistrano::Puma::Nginx
+install_plugin Capistrano::Systemd::MultiService.new_service('puma')
+install_plugin Capistrano::Systemd::MultiService.new_service('sidekiq')
 
+lib_dir = File.join(__dir__, 'lib')
+$LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
 # Loads custom tasks from `lib/capistrano/tasks' if you have any defined.
 Dir.glob('lib/capistrano/tasks/*.cap').each { |r| import r }
-Dir.glob('lib/capistrano/**/*.rb').each { |r| import r }

Gemfile

@@ -53,6 +53,9 @@ group :development, :test do
   gem 'bundler-audit' # from adminos
   gem 'minitest' # from adminos
   gem 'rspec-rails' # from adminos
+  gem 'database_cleaner' # from adminos
+  gem 'factory_bot_rails' # from adminos
+  gem 'faker' # from adminos
 end
 
 group :development do
@@ -71,6 +74,7 @@ group :development do
   gem 'guard-livereload', '~> 2.5', require: false # from adminos
   gem 'capistrano3-puma'
   gem 'capistrano-sidekiq'
+  gem 'capistrano-systemd-multiservice', '~> 0.1.0.beta6', require: false # from adminos
 end
 
 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
@@ -82,9 +86,6 @@ gem 'role_model' # from adminos
 gem 'webpacker', '~> 3.5' # from adminos
 gem 'actiontext', github: 'rails/actiontext', require: 'action_text', ref: 'cfe4674d3637c746cdb3c2b5131e2de498775529' # from adminos
 gem 'image_processing', '~> 1.2' # for Active Storage variants # from adminos
-group :production, :staging do
-  gem 'unicorn' # from adminos
-end
 gem 'whenever', require: false # from adminos
 gem 'capistrano-db-tasks', require: false # from adminos
 gem 'sanitize' # from adminos

Gemfile.lock

@@ -114,6 +114,8 @@ GEM
     capistrano-sidekiq (1.0.2)
       capistrano (>= 3.9.0)
       sidekiq (>= 3.4)
+    capistrano-systemd-multiservice (0.1.0.beta7)
+      capistrano (>= 3.7.0, < 3.12.0)
     capistrano3-puma (3.1.1)
       capistrano (~> 3.7)
       capistrano-bundler
@@ -154,6 +156,8 @@ GEM
     factory_bot_rails (4.11.1)
       factory_bot (~> 4.11.1)
       railties (>= 3.0.0)
+    faker (1.9.1)
+      i18n (>= 0.7)
     faraday (0.15.4)
       multipart-post (>= 1.2, < 3)
     ffaker (2.10.0)
@@ -212,7 +216,6 @@ GEM
       activerecord
       kaminari-core (= 1.1.1)
     kaminari-core (1.1.1)
-    kgio (2.11.2)
     listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -322,17 +325,16 @@ GEM
       rake (>= 0.8.7)
       thor (>= 0.19.0, < 2.0)
     rainbow (3.0.0)
-    raindrops (0.19.0)
     rake (12.3.2)
     rb-fsevent (0.10.3)
     rb-inotify (0.10.0)
       ffi (~> 1.0)
     redis (4.1.0)
     request_store (1.4.1)
       rack (>= 1.4)
-    responders (2.4.0)
-      actionpack (>= 4.2.0, < 5.3)
-      railties (>= 4.2.0, < 5.3)
+    responders (2.4.1)
+      actionpack (>= 4.2.0, < 6.0)
+      railties (>= 4.2.0, < 6.0)
     rodf (1.0.0)
       activesupport (>= 3.0)
       builder (>= 3.0)
@@ -436,9 +438,6 @@ GEM
     uglifier (4.1.20)
       execjs (>= 0.3.0, < 3)
     unicode-display_width (1.4.1)
-    unicorn (5.4.1)
-      kgio (~> 2.6)
-      raindrops (~> 0.7)
     warden (1.2.8)
       rack (>= 2.0.6)
     web-console (3.7.0)
@@ -472,10 +471,12 @@ DEPENDENCIES
   capistrano-rails
   capistrano-rvm
   capistrano-sidekiq
+  capistrano-systemd-multiservice (~> 0.1.0.beta6)
   capistrano3-puma
   coffee-rails (~> 4.2)
   database_cleaner
   factory_bot_rails
+  faker
   ffaker
   globalize
   guard
@@ -508,7 +509,6 @@ DEPENDENCIES
   turbolinks (~> 5)
   tzinfo-data
   uglifier (>= 1.3.0)
-  unicorn
   web-console (>= 3.3.0)
   webpacker (~> 3.5)
   whenever
@@ -517,4 +517,4 @@ RUBY VERSION
    ruby 2.5.1p57
 
 BUNDLED WITH
-   1.16.5
+   1.17.1

README.md

@@ -22,3 +22,25 @@ rails db:create db:setup
 rails s
 ./bin/webpack-dev-server
 ```
+
+## Deployment
+
+For painless deployment, you should configure several sudo commands for specified deploy user
+to be executed without asking for password via `sudo visudo` command,
+as described in https://capistranorb.com/documentation/getting-started/authentication-and-authorisation/#authorisation
+
+Full list of sudo command could be obtained by running commands mentioned below with `--dry-run` option
+(e. g. `bin/cap --dry-run {stage_name} deploy:setup`
+
+1. Set up new deployment in `config/stages/{stage_name}.rb` file
+1. Set up new deployment (upload configurations):
+
+    `bin/cap {stage_name} deploy:setup`
+
+1. Deploy new version to `{stage_name}`:
+
+    `bin/cap {stage_name} deploy`
+
+2. On new deployment (or when systemd templates updated), update & enable systemd services for Puma & Sidekiq:
+
+    `bin/cap {stage_name} deploy:setup_systemd`

bin/puma

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'puma' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("puma", "puma")

bin/pumactl

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'pumactl' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("puma", "pumactl")

config/deploy.rb

@@ -1,12 +1,23 @@
 set :application, 'demo_adminos'
 set :repo_url, "[email protected]:abuhtoyarov/demo-adminos.git"
 
-# Default value for :linked_files is []
-set :linked_files, fetch(:linked_files, []).push('config/database.yml', '.env', 'config/master.key')
-# Default value for linked_dirs is []
-set :linked_dirs, fetch(:linked_dirs, []).push(
-  'log', 'tmp/pids', 'tmp/cache', 'tmp/sockets', 'vendor/bundle', 'storage'
-)
+set :config_files, %w[config/database.yml .env]
+append :linked_files, 'config/database.yml', '.env', 'config/master.key'
+append :linked_dirs,  'log', 'tmp/pids', 'tmp/cache', 'tmp/sockets',
+       'vendor/bundle', 'public/system', 'public/uploads'
 
 set :rvm_ruby_version, Pathname(__dir__).join('../.ruby-version').read.chomp
 append :rvm_map_bins, 'puma', 'pumactl', 'sidekiq', 'sidekiqctl'
+
+set :db_local_clean, true
+set :assets_dir, %w[public/system]
+
+set :nginx_server_name, -> { "#{fetch(:domain)} localhost #{fetch(:application)}.local" }
+set :nginx_upstream_name, -> { "#{fetch(:application)}_#{fetch(:stage)}" }
+set :nginx_config_name, -> { "#{fetch(:domain)}.conf" }
+set :nginx_use_ssl, true
+
+namespace :deploy do
+  # after :restart, 'systemd:sidekiq:reload-or-restart'
+  after :publishing, :restart
+end

config/deploy/production.rb

@@ -4,3 +4,6 @@
 set :branch, :master
 set :deploy_to, '/home/app/demo_adminos'
 set :whenever_path, ->{ release_path }
+
+set :nginx_sites_available_path, "#{fetch(:deploy_to)}/shared"
+set :nginx_sites_enabled_path, '/etc/nginx/conf.d'

config/deploy/staging.rb

@@ -0,0 +1,17 @@
+server "#{fetch(:application)}.staging.molinos.ru", user: 'app', roles: %w(web app db), primary: true
+
+set :domain, "#{fetch(:application)}.staging.molinos.ru"
+set :keep_releases, 5
+set :rails_env, 'staging'
+set :branch, :develop
+
+set :user, :app
+set :deploy_to, "/home/#{fetch(:user)}/#{fetch(:application)}"
+
+# CentOS
+set :nginx_sites_available_path, "#{fetch(:deploy_to)}/shared"
+set :nginx_sites_enabled_path, '/etc/nginx/conf.d'
+
+# Ubuntu
+# set :nginx_sites_available_path, "/etc/nginx/sites-available"
+# set :nginx_sites_enabled_path, "/etc/nginx/sites-enabled"

config/deploy/templates/database.yml.erb

@@ -0,0 +1,10 @@
+<%= fetch(:rails_env) %>:
+  adapter: postgresql
+  timeout: 5000
+  encoding: utf8
+  reconnect: false
+  database: <%= "#{fetch(:application)}_#{fetch(:rails_env)}" %>
+  pool: 5
+  username: <%= "dbu_#{fetch(:user)}" %>
+  password:
+  host:

config/deploy/templates/nginx_conf.erb

@@ -0,0 +1,96 @@
+upstream puma_<%= fetch(:nginx_upstream_name) %> { <%
+  @backends = [fetch(:puma_bind)].flatten.map do |m|
+    etype, address  = /(tcp|unix|ssl):\/{1,2}(.+)/.match(m).captures
+    if etype == 'unix'
+      "server #{etype}:#{address} #{fetch(:nginx_socket_flags)};"
+    else
+      "server #{address.gsub(/0\.0\.0\.0(.+)/, "127.0.0.1\\1")} #{fetch(:nginx_http_flags)};"
+    end
+end
+%><% @backends.each do |server| %>
+  <%= server %><% end %>
+}
+<% if fetch(:nginx_use_ssl) -%>
+server {
+  listen 80;
+  server_name <%= fetch(:nginx_server_name) %>;
+  return 301 https://$host$1$request_uri;
+}
+<% end -%>
+
+server {
+<% if fetch(:nginx_use_ssl) -%>
+  listen 443;
+  ssl on;
+<% if fetch(:nginx_ssl_certificate) -%>
+  ssl_certificate <%= fetch(:nginx_ssl_certificate) %>;
+<% else -%>
+  ssl_certificate /etc/letsencrypt/live/<%= fetch(:domain) %>/fullchain.pem;
+<% end -%>
+<% if fetch(:nginx_ssl_certificate_key) -%>
+  ssl_certificate_key <%= fetch(:nginx_ssl_certificate_key) %>;
+<% else -%>
+  ssl_certificate_key /etc/letsencrypt/live/<%= fetch(:domain) %>/privkey.pem;
+<% end -%>
+  include /etc/letsencrypt/options-ssl-nginx.conf;
+  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+<% else -%>
+  listen 80;
+<% end -%>
+  server_name <%= fetch(:nginx_server_name) %>;
+  root <%= current_path %>/public;
+  try_files $uri/index.html $uri @puma_<%= fetch(:nginx_upstream_name) %>;
+
+  client_max_body_size 4G;
+  keepalive_timeout 10;
+
+  error_page 500 502 504 /500.html;
+  error_page 503 @503;
+
+  location @puma_<%= fetch(:nginx_upstream_name) %> {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $host;
+    proxy_redirect off;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "Upgrade";
+<% if fetch(:nginx_use_ssl) -%>
+    proxy_set_header X-Forwarded-Proto https;
+<% else -%>
+    proxy_set_header X-Forwarded-Proto http;
+<% end -%>
+    proxy_pass http://puma_<%= fetch(:nginx_upstream_name) %>;
+    # limit_req zone=one;
+    access_log <%= shared_path %>/log/nginx.access.log;
+    error_log <%= shared_path %>/log/nginx.error.log;
+  }
+
+  location ^~ /assets/ {
+    gzip_static on;
+    expires max;
+    add_header Cache-Control public;
+  }
+
+  location = /50x.html {
+    root html;
+  }
+
+  location = /404.html {
+    root html;
+  }
+
+  location @503 {
+    error_page 405 = /system/maintenance.html;
+    if (-f $document_root/system/maintenance.html) {
+      rewrite ^(.*)$ /system/maintenance.html break;
+    }
+    rewrite ^(.*)$ /503.html break;
+  }
+
+  if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
+    return 405;
+  }
+
+  if (-f $document_root/system/maintenance.html) {
+    return 503;
+  }
+}