add options in base install

base/install_app_base.sh

@@ -1,76 +1,100 @@
 #!/bin/bash
 set -eu
 
+user=deployer
+mawidabp_path=/var/www/mawidabp.com
+dir=$(cd "$(dirname "$0")" && pwd)
+dir_conf=$dir/config_files
+dir_templates=$dir/templates
+dir_services=$dir/services
+dir_nginx=/etc/nginx
+
+while getopts u:p: option
+do
+  case "${option}" in
+    u) user=${OPTARG};;
+    p) mawidabp_path=${OPTARG};;
+    :) echo "INVALID";;
+    \?) echo "Argumento -${option} erroneo use:
+      [u] Nombre de usuario
+      [p] Directorio de instalacion
+      "
+      exit;;
+
+    esac
+  done
+  shift $((OPTIND -1))
+
+#Create config files
+eval "echo \"$(cat $dir_templates/nginx.conf)\" > $dir_conf/nging.conf"
+eval "echo \"$(cat $dir_templates/mawidabp.com)\" > $dir_conf/mawidabp.com"
+eval "echo \"$(cat $dir_templates/sudoers)\" > $dir_conf/sudoers"
+eval "echo \"$(cat $dir_templates/sidekiq.service)\" > $dir_services/sidekiq.service"
+eval "echo \"$(cat $dir_templates/unicorn.service)\" > $dir_services/unicorn.service"
+
 #URLS
 repo_nginx=http://nginx.org/packages/centos/7/x86_64/RPMS
 repo_redis_ib01=https://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/j
 repo_redis=https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/r
 repo_node=https://rpm.nodesource.com/pub_14.x/el/7/x86_64
 
-dir=$(cd "$(dirname "$0")" && pwd)
-dir_conf=$dir/config_files
-dir_services=$dir/services
-dir_nginx=/etc/nginx
-
-echo "Instalación Paquete NGINX"
+#echo "Instalación Paquete NGINX"
 rpm -ivh $repo_nginx/nginx-1.18.0-1.el7.ngx.x86_64.rpm
 
-echo creamos directorios sites
+#echo creamos directorios sites
 mkdir -p /etc/nginx/sites-available
 mkdir -p /etc/nginx/sites-enabled
 
-echo "Arrancamos y habilitamos nginx"
+#echo "Arrancamos y habilitamos nginx"
 systemctl start nginx
 systemctl enable nginx
 
-
-echo "Copiamos archivo de configuración Nginx"
+#echo "Copiamos archivo de configuración Nginx"
 /bin/cat $dir_conf/nginx.conf > $dir_nginx/nginx.conf
 cp $dir_conf/mawidabp.com $dir_nginx/sites-available/
 
-echo "Creamos enlace simbolico"
+#echo "Creamos enlace simbolico"
 ln -s $dir_nginx/sites-available/mawidabp.com $dir_nginx/sites-enabled/mawidabp.com
 
-echo "Recargamos nginx"
+#echo "Recargamos nginx"
 systemctl restart nginx
 
-echo "Instalamos Redis"
+#echo "Instalamos Redis"
 rpm -ivh $repo_redis_ib01/jemalloc-3.6.0-1.el7.x86_64.rpm
 rpm -ivh $repo_redis_ib01/jemalloc-devel-3.6.0-1.el7.x86_64.rpm
 rpm -ivh $repo_redis/redis-3.2.12-2.el7.x86_64.rpm
 
-systemctl start redis
+#systemctl start redis
 systemctl enable redis
 
-echo "Instalamos nodejs"
+#echo "Instalamos nodejs"
 rpm -ivh $repo_node/nodejs-14.15.1-1nodesource.x86_64.rpm
 
-echo "Instalamos ImageMagick"
+#echo "Instalamos ImageMagick"
 yum -y install ImageMagick
 
-echo "Instalamos libyaml"
+#echo "Instalamos libyaml"
 yum -y install libyaml
 
-echo "Crear usuario deployer"
-adduser deployer -G nginx
-passwd deployer
+#echo "Crear usuario deployer"
+#adduser deployer -G nginx
+#passwd deployer
 
-echo "Copiamos archivos de sudoers"
-cp $dir_conf/sudoers_deployer /etc/sudoers.d/deployer
+#echo "Copiamos archivos de sudoers"
+#cp $dir_conf/sudoers /etc/sudoers.d/deployer
 
-echo "Creamos directorios"
-mkdir -p /var/www/mawidabp.com/
-chown -R deployer: /var/www/
+#echo "Creamos directorios"
+mkdir -p $mawidabp_path
+chown -R $user: /var/www/
 
-echo "Exportamos RBENV"
+#echo "Exportamos RBENV"
 su deployer -c 'echo export PATH="$HOME/.rbenv/bin:$PATH" >> ~/.bashrc'
-#su deployer -c 'echo eval "$(rbenv init -)"'
-
+##su deployer -c 'echo eval "$(rbenv init -)"'
 
-echo "Copiamos servicios"
+#echo "Copiamos servicios"
 cp $dir_services/*.service /usr/lib/systemd/system/
 
-echo "Reemplazamos archivo de configuración selinux"
+#echo "Reemplazamos archivo de configuración selinux"
 /bin/cat $dir_services/selinux_config > /etc/selinux/config
 
 echo "Finalizado por favor reinicie S.O."

base/config_files/mawidabp.com → base/templates/mawidabp.com

@@ -1,11 +1,11 @@
 # begin _app_stream
 upstream app_stream {
-  server unix:/run/unicorn/unicorn.sock fail_timeout=0;
+  server 127.0.0.1:3000 fail_timeout=10s;
 }
 # end _app_stream
 
 # begin _map
-map $http_upgrade $connection_upgrade {
+map \$http_upgrade \$connection_upgrade {
   default upgrade;
   ''      close;
 }
@@ -16,17 +16,17 @@ server {
   listen      80 deferred;
   listen      [::]:80 deferred;
   server_name mawidabp.com *.mawidabp.com;
-  return      301 https://$host$request_uri;
+  return      301 https://\$host\$request_uri;
 
 }
 
 
 server {
- # listen 443 deferred ssl http2;
- # listen [::]:443 deferred ssl http2;
+  listen 443 deferred ssl http2;
+  listen [::]:443 deferred ssl http2;
 
   # begin _rackserver
- # server_name mawidabp.com *.mawidabp.com;
+  server_name mawidabp.com *.mawidabp.com;
 
   client_body_in_file_only clean;
   client_body_buffer_size 32K;
@@ -36,24 +36,24 @@ server {
 
   server_tokens off;
 
-  root /var/www/mawidabp.com/current/public;
+  root $mawidabp_path/current/public;
   # end _rackserver
 
   # begin _ssl
   # TL;DR: Go to https://wiki.mozilla.org/Security/Server_Side_TLS often =)
-  #ssl_certificate         /etc/ssl/certs/mawidabp.com.bundle-crt;
-  #ssl_certificate_key     /etc/ssl/private/mawidabp.com.key;
-  #ssl_trusted_certificate /etc/ssl/certs/mawidabp.com.bundle-crt;
-
-  #ssl_protocols TLSv1.2 TLSv1.3;
-  #ssl_prefer_server_ciphers on;
-  #ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
-  #ssl_session_timeout 1d;
-  #ssl_session_cache shared:SSL:50m;
-  #ssl_session_tickets off;
-  #ssl_stapling on;
-  #ssl_stapling_verify on;
-  #ssl_ecdh_curve prime256v1:secp384r1:secp521r1;
+  ssl_certificate         /etc/ssl/certs/mawidabp.com.bundle-crt;
+  ssl_certificate_key     /etc/ssl/private/mawidabp.com.key;
+  ssl_trusted_certificate /etc/ssl/certs/mawidabp.com.bundle-crt;
+
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_prefer_server_ciphers on;
+  ssl_ciphers \"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS\";
+  ssl_session_timeout 1d;
+  ssl_session_cache shared:SSL:50m;
+  ssl_session_tickets off;
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  ssl_ecdh_curve prime256v1:secp384r1:secp521r1;
   #ssl_dhparam /etc/nginx/dhparams.pem;
 
   resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s;
@@ -64,35 +64,35 @@ server {
   # end _ssl
 
   # begin _rackapp
-  try_files $uri/index.html $uri.html $uri @app;
+  try_files \$uri/index.html \$uri.html \$uri @app;
 
   location /private_files/ {
-    alias /var/www/mawidabp.com/current/private/;
+    alias $mawidabp_path/current/private/;
     internal;
   }
 
   location /cable {
     proxy_http_version 1.1;
 
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection $connection_upgrade;
+    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto \$scheme;
+    proxy_set_header Host \$http_host;
+    proxy_set_header X-Real-IP \$remote_addr;
+    proxy_set_header Upgrade \$http_upgrade;
+    proxy_set_header Connection \$connection_upgrade;
 
     proxy_pass http://app_stream/cable;
   }
 
   location @app {
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto \$scheme;
     #cambiar esta linea
-    proxy_set_header X-Accel-Mapping "/var/www/mawidabp.com/current/private/=/private_files/";
-    proxy_set_header Host $http_host;
+    proxy_set_header X-Accel-Mapping \"$mawidabp_path/current/private/=/private_files/\";
+    proxy_set_header Host \$http_host;
     proxy_redirect off;
     # Extra app directives
-    
+
 
     proxy_pass http://app_stream;
   }
@@ -109,8 +109,7 @@ server {
 
   error_page 500 502 503 504 /500.html;
   location = /500.html {
-    root /var/www/mawidabp.com/current/public;
+    root $mawidabp_path/current/public;
   }
   # end _rackapp
-
 }

base/config_files/nginx.conf → base/templates/nginx.conf

@@ -13,9 +13,9 @@ http {
   include /etc/nginx/mime.types;
   default_type application/octet-stream;
 
-  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
-                  '$status $body_bytes_sent "$http_referer" '
-                  '"$http_user_agent" "$http_x_forwarded_for"';
+  log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" '
+                  '\$status \$body_bytes_sent "\$http_referer" '
+                  '"\$http_user_agent" "\$http_x_forwarded_for"';
 
   access_log /var/log/nginx/access.log main;
 
@@ -39,7 +39,5 @@ http {
              application/javascript application/x-javascript
              application/atom+xml application/json;
 
-
-
   include /etc/nginx/sites-enabled/*;
 }

base/services/sidekiq.service → base/templates/sidekiq.service

@@ -5,15 +5,15 @@ After=redis.service syslog.target network.target
 
 [Service]
 Type=simple
-User=deployer
+User=$user
 Group=nginx
 UMask=0002
 EnvironmentFile=/etc/environment
-WorkingDirectory=/var/www/mawidabp.com/current
+WorkingDirectory=$mawidabp_path/current
 
-ExecStart=/home/deployer/.rbenv/shims/bundle exec \
-  "sidekiq -e production \
-  -C config/sidekiq.yml 2>&1 >> log/sidekiq.log"
+ExecStart=/home/$user/.rbenv/shims/bundle exec \
+  \"sidekiq -e production \
+  -C config/sidekiq.yml 2>&1 >> log/sidekiq.log\"
 
 RestartSec=1
 Restart=on-failure

base/templates/sudoers

@@ -0,0 +1,11 @@
+$user ALL= NOPASSWD: /bin/systemctl start unicorn
+$user ALL= NOPASSWD: /bin/systemctl stop unicorn
+$user ALL= NOPASSWD: /bin/systemctl restart unicorn
+$user ALL= NOPASSWD: /bin/systemctl reload unicorn
+$user ALL= NOPASSWD: /bin/systemctl reload-or-restart unicorn
+
+$user ALL= NOPASSWD: /bin/systemctl start sidekiq
+$user ALL= NOPASSWD: /bin/systemctl stop sidekiq
+$user ALL= NOPASSWD: /bin/systemctl restart sidekiq
+$user ALL= NOPASSWD: /bin/systemctl reload sidekiq
+$user ALL= NOPASSWD: /bin/systemctl reload-or-restart sidekiq

base/templates/unicorn.service

@@ -0,0 +1,33 @@
+[Unit]
+Description=unicorn
+Requires=
+Wants=postgresql-13.service
+After=postgresql-13.service
+
+[Service]
+Type=forking
+PermissionsStartOnly=true
+User=$user
+Group=nginx
+WorkingDirectory=$mawidabp_path/current
+Environment=RAILS_ENV=production
+Environment=BUNDLE_GEMFILE=$mawidabp_path/current/Gemfile
+SyslogIdentifier=unicorn
+KillSignal=SIGQUIT
+PIDFile=/tmp/unicorn.pid
+ExecStartPre=/bin/mkdir -p /run/unicorn
+ExecStartPre=/bin/chown -R $user:nginx /run/unicorn
+
+ExecStart=/home/$user/.rbenv/shims/bundle exec "\
+          $mawidabp_path/current/bin/unicorn -D -c \
+          $mawidabp_path/current/config/unicorn.rb -E \
+          production"
+
+ExecStop=/bin/kill -s QUIT \$MAINPID
+ExecReload=/bin/kill -s USR2 \$MAINPID
+
+RestartSec=1
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target