diff --git a/deployment/deploy.rb b/deployment/deploy.rb index bcf29e6..c414393 100644 --- a/deployment/deploy.rb +++ b/deployment/deploy.rb @@ -5,6 +5,8 @@ require "capistrano" require "capistrano/ext/multistage" require "colored" + require "pty" + require "expect" rescue LoadError puts "You need to run: $ gem install capistrano-ext colored" exit @@ -53,16 +55,20 @@ # Prevent creation of public/images,javascripts,assets set :normalize_asset_timestamps, false -# If user is not specified (i.e. `cap -S user=foo`), assume deploy + private key -if not exists?(:user) +# If user is not specified (i.e. `cap -S user=foo`), assume deploy +if exists?(:user) + set :override_user, true +else set :user, "deploy" - set :ssh_options, { - :forward_agent => true, - :auth_methods => ["publickey"], - :keys => ["./provisioning/files/ssh/id_rsa"] - } end +# default to private key auth +set :ssh_options, { + :forward_agent => true, + :auth_methods => ["publickey"], + :keys => ["./provisioning/files/ssh/id_rsa"] +} + # Auto-detect DB_* constants from wp-config.php File.read('./web/wp-config.php').scan(/DB_(\w+)(?:'|"),\s+(?:'|")([^\'\"]*)/).each do | match | set "db_#{match[0].downcase}", "#{match[1]}" diff --git a/deployment/lib/provision.rb b/deployment/lib/provision.rb index fe955b1..4c60435 100644 --- a/deployment/lib/provision.rb +++ b/deployment/lib/provision.rb @@ -2,6 +2,50 @@ namespace :provision do desc "Runs project provisioning script on server" task :default do + if exists?(:override_user) + logger.info "SSH workaround for https://github.com/genesis/wordpress/issues/131" + orig_ev=$expect_verbose + $expect_verbose=true + find_servers_for_task(current_task).each do |current_server| + logger.info "Transferring keys to #{current_server}" + puts "\n" + PTY.spawn("scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ./provisioning/files/ssh/id_rsa* #{user}@#{current_server}:~/") do |rd, wt| + rd.expect(/password/i, 1) { |r| wt.puts("#{password}") } + rd.expect("100%", 1) { |r| sleep(2) } + end + puts "\n\n" + logger.info "Setting up passwordless sudoable deploy on #{current_server}" + puts "\n" + PTY.spawn("ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null #{user}@#{current_server}") do |rd, wt| + # sudo make me a sandwich + rd.expect(/password/i, 1) { |r| wt.puts("#{password}") } + rd.expect(/[#$] /, 1) { |r| wt.puts("sudo -s") } + rd.expect(/password/i, 1) { |r| wt.puts("#{password}") } + # create deploy user & .ssh dir + rd.expect(/[#$] /, 1) { |r| wt.puts("id -u deploy || useradd -s /bin/bash -m deploy") } + rd.expect(/[#$] /, 1) { |r| wt.puts("mkdir -p /home/deploy/.ssh") } + rd.expect(/[#$] /, 1) { |r| wt.puts("chmod 755 /home/deploy/.ssh") } + # move scp'd keys into place + rd.expect(/[#$] /, 1) { |r| wt.puts("mv -f ~/id_rsa* /home/deploy/.ssh/") } + rd.expect(/[#$] /, 1) { |r| wt.puts("cp -f /home/deploy/.ssh/id_rsa.pub /home/deploy/.ssh/authorized_keys") } + # fix .ssh permissions + rd.expect(/[#$] /, 1) { |r| wt.puts("chown -R deploy:deploy /home/deploy/.ssh") } + rd.expect(/[#$] /, 1) { |r| wt.puts("chmod -R 600 /home/deploy/.ssh/*") } + # setup passwordless sudo + rd.expect(/[#$] /, 1) { |r| wt.puts("echo '%deploy ALL=(ALL) NOPASSWD:ALL' > /etc/sudoers.d/deploy") } + rd.expect(/[#$] /, 1) { |r| wt.puts("chmod 440 /etc/sudoers.d/deploy") } + # UP AND AWAAAAAAY + rd.expect(/[#$] /, 1) { |r| sleep(2) } + rd.expect(/[#$] /, 1) { |r| wt.puts("exit") } + end + end + $expect_verbose=orig_ev + puts "\n\n" + logger.info "Switching to passwordless deploy user" + set :user, "deploy" + unset :password + end + begin tmp = DateTime.now.strftime("/tmp/#{application}.%Y-%m-%d.%H%M%S")