ssh needs to be first right after runit, otherwise hard to extend

[discourse_docker.git] / standalone.template.yml

# expose:
  # expose public port 80 to map to private docker port 80 (web)
  # - "80:80"
  # expose public port 2222 to map to private docker port 22 (ssh)
  # - "2222:22"

# ENV is baked in to the image, any changes here require ./launcher bootstrap to run
env:
  # Comma delimited list of emails, required if you want admin access for first account
  DEVELOPER_EMAILS: 'YOUR_EMAIL@EMAIL.COM1'
  # You can have redis on a different box
  # REDIS_PROVIDER_URL: 'redis://l.discourse:6379'
  RAILS_ENV: 'production'
  UNICORN_WORKERS: 3
  # slightly less aggressive than "recommendation" but works fine with oobgc
  RUBY_GC_MALLOC_LIMIT: 40000000

params:
  # SSH key is required for remote access into the container
  ssh_key: YOUR_SSH_KEY_HERE
  version: HEAD

  home: /var/www/discourse

  # You can connect to any DB you wish to
  database_yml:
    production:
      database: discourse
      username: discourse
      socket: /var/run/postgresql
      password:
      host:
      host_names:
        - YOUR_HOSTNAME_HERE

run:
  - file:
     path: /etc/service/cron/run
     chmod: "+x"
     contents: |
        #!/bin/bash
        exec 2>&1
        cd /
        exec cron

  - file:
     path: /var/lib/postgresql/take-database-backup
     chown: postgres:postgres
     chmod: "+x"
     contents: |
        #!/bin/bash
        ID=db-$(date +%F_%T)
        FILENAME=/shared/postgres_backup/$ID.tar.gz
        pg_basebackup --format=tar --pgdata=- --xlog --gzip --label=$ID > $FILENAME
        echo $FILENAME

  - file:
     path: /var/spool/cron/crontabs/postgres
     contents: |
        # m h  dom mon dow   command
        #MAILTO=?
        0 */4 * * * /var/lib/postgresql/take-database-backup

  - file:
     path: /etc/service/unicorn/run
     chmod: "+x"
     contents: |
        #!/bin/bash
        exec 2>&1
        $env
        sv start redis || exit 1
        sv start postgres || exit 1
        cd $home
        exec sudo -E -u discourse LD_PRELOAD=/usr/lib/libjemalloc.so.1 bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb

  - file:
     path: /etc/service/sidekiq/run
     chmod: "+x"
     contents: |
        #!/bin/bash
        exec 2>&1
        $env
        sv start redis || exit 1
        sv start postgres || exit 1
        cd $home
        exec sudo -E -u discourse LD_PRELOAD=/usr/lib/libjemalloc.so.1 bundle exec sidekiq

  - file:
     path: /etc/service/sshd/run
     chmod: "+x"
     contents: |
        #!/bin/sh
        exec 2>&1
        exec /usr/sbin/sshd -D -e

  - file:
     path: /etc/service/redis/run
     chmod: "+x"
     contents: |
        #!/bin/sh
        exec 2>&1
        exec sudo -u redis /usr/bin/redis-server /etc/redis/redis.conf

  - file:
     path: /etc/service/nginx/run
     chmod: "+x"
     contents: |
        #!/bin/sh
        exec 2>&1
        exec /usr/sbin/nginx

  - file:
     path: /etc/service/postgres/run
     chmod: "+x"
     contents: |
        #!/bin/sh
        exec 2>&1
        exec sudo -u postgres /usr/lib/postgresql/9.2/bin/postmaster -D /etc/postgresql/9.2/main

  - exec:
      cmd:
        - mkdir -p /var/run/sshd
        - mkdir -p /root/.ssh
        - echo $ssh_key >> /root/.ssh/authorized_keys

  - exec:
      cd: $home
      hook: code
      cmd:
        - git reset --hard
        - git clean -f
        - git pull
        - git checkout $head
        - cp config/database.yml.production-sample config/database.yml
        - cp config/redis.yml.sample config/redis.yml
        - cp config/environments/production.rb.sample config/environments/production.rb
        - mkdir -p tmp/pids
        - mkdir -p tmp/sockets
        - touch tmp/.gitkeep
        - mkdir -p /shared/log/rails
        - rm -r log
        - ln -s /shared/log/rails $home/log
        - mkdir -p /shared/uploads
        - ln -s /shared/uploads $home/public/uploads
        - chown -R discourse /shared/uploads
        - chown -R discourse /shared/log/rails
  - exec:
      cmd:
        - "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
        - "rm /etc/nginx/sites-enabled/default"

  - replace:
      filename: /etc/nginx/nginx.conf
      from: pid /run/nginx.pid;
      to: daemon off;

  - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /upstream[^\}]+\}/m
      to: "upstream discourse {
        server 127.0.0.1:3000;
      }"

  - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /server_name.+$/
      to: server_name _ ;

  - replace:
      filename: "/etc/redis/redis.conf"
      from: "daemonize yes"
      to: ""
  - replace:
      filename: "/etc/redis/redis.conf"
      from: /^pidfile.*$/
      to: ""

  - exec:
      cmd:
        - install -d -m 0755 -o redis -g redis /shared/redis_data

  - replace:
      filename: "/etc/redis/redis.conf"
      from: /^logfile.*$/
      to: "logfile stdout"

  - replace:
      filename: "/etc/redis/redis.conf"
      from: /^dir .*$/
      to: "dir /shared/redis_data"

  # we can not migrate without redis
  - exec:
      background: true
      cmd: "sudo -u redis /usr/bin/redis-server /etc/redis/redis.conf"

  - merge: $home/config/database.yml $database_yml

  - exec:
      cmd:
        - chown -R root /var/lib/postgresql/9.2/main
        - "[ ! -e /shared/postgres_data ] && cp -r /var/lib/postgresql/9.2/main /shared/postgres_data || exit 0"
        - chown -R postgres:postgres /shared/postgres_data

  - replace:
      filename: "/etc/postgresql/9.2/main/postgresql.conf"
      from: "data_directory = '/var/lib/postgresql/9.2/main'"
      to: "data_directory = '/shared/postgres_data'"

  # Necessary to enable backups
  - exec:
      cmd:
        - install -d -m 0755 -o postgres -g postgres /shared/postgres_backup

  - replace:
      filename: "/etc/postgresql/9.2/main/postgresql.conf"
      from: /#?max_wal_senders *=.*/
      to: "max_wal_senders = 4"

  - replace:
      filename: "/etc/postgresql/9.2/main/postgresql.conf"
      from: /#?wal_level *=.*/
      to: "wal_level = hot_standby"

  - replace:
      filename: "/etc/postgresql/9.2/main/pg_hba.conf"
      from: /^#local +replication +postgres +peer$/
      to: "local replication postgres  peer"

  - exec:
      background: true
      cmd: "sudo -u postgres /usr/lib/postgresql/9.2/bin/postmaster -D /etc/postgresql/9.2/main"

  # give db a few secs to start up
  - exec: "sleep 5"

  - exec: sudo -u postgres createdb discourse || exit 0
  - exec:
      stdin: |
        create user discourse;
      cmd: sudo -u postgres psql discourse
      raise_on_fail: false

  - exec:
      stdin: |
        grant all privileges on database discourse to discourse;
      cmd: sudo -u postgres psql discourse
      raise_on_fail: false

  - exec: /bin/bash -c 'sudo -u postgres psql discourse <<< "create extension if not exists hstore;"'
  - exec: /bin/bash -c 'sudo -u postgres psql discourse <<< "create extension if not exists pg_trgm;"'


  - exec:
      cd: $home
      cmd:
        - chown -R discourse $home
        - sudo -E -u discourse bundle install --deployment --without test --without development
        - sudo -E -u discourse bundle exec rake db:migrate
        - sudo -E -u discourse bundle exec rake assets:precompile