I want to write a recipe with Capistrano 3 executing a task on the remote server with sudo.
With Capistrano 2 this could be done for example:
default_run_options[:pty] = true
task :hello do
run "#{sudo} cp ~/something /something"
end
With Capistrano 3 I found:
set :pty, true
But I could not get to execute a task running with sudo.
How can I run a task with sudo?
The Capistrano 3 guide recommends the use of passwordless sudo. This allows your less-priveleged user execute the sudo command without having to enter a password via the PTY.
You can use the task that Kentaro wrote above, and add something like the following to your /etc/sudoers file:
deploy ALL=NOPASSWD:/bin/cp ~/something /something
http://www.capistranorb.com/documentation/getting-started/authentication-and-authorisation/#toc_8
I usually write like this:
task :hello do
on roles(:all) do |host|
execute :sudo, :cp, '~/something', '/something'
end
end
Edit
Capistrano 3 does not support sudo with password.
However, I created a small gem, which enables you to use sudo with password in Capistrano 3 task.
Add sshkit-sudo to your application's Gemfile:
# Gemfile
gem 'sshkit-sudo'
And require 'sshkit/sudo' in you Capfile:
# Capfile
require 'sshkit/sudo'
Now, you can execute a command with sudo as follows:
task :hello do
on roles(:all) do
sudo :cp, '~/something', '/something'
end
end
To resolve this issue I needed to add set :pty, true to my deploy.rb file.
I can now run the following:
# config valid only for Capistrano 3.1
lock '3.1.0'
set :application, 'APP_NAME'
set :pty, true
set :ssh_options, {:forward_agent => true}
namespace :deploy do
desc 'Restart NGINX'
task :restart do
on roles(:app), in: :sequence, wait: 1 do
execute :sudo, "./restart.sh"
end
end
end
This task basically runs a shell script called restart.sh that has a command within sudo service nginx restart.
you want "as user do end", like
as "root" do
execute :something
end
If you really need to use sudo you can always map the command like SSHKit.config.command_map[:rm] = 'sudo rm' which will make execute :rm into the proper rm command invoked with sudo. If your deploy user is in the sudoers things will work as expected.
Related
I'm using Capistrano to deploy apps that I'm building in Sinatra and Rails. For a while now I've been writing all the stuff I need to get done during the deployment right into config/deploy.rb. It looks like I'm just writing Rake here. I was wondering if I could get some advice on if I'm putting these in the right place or if I could be more "Capistranorish" with my deployments.
Here are a few examples of things I'm doing here. I write pretty much everything that I need my deployments to do here.
# deploy.rb
task :initctl_reload_configuration do
on roles(:app), in: :sequence do
execute "sudo initctl reload-configuration"
end
end
task :rebuild_sitemap_no_ping do
on roles(:app), in: :sequence do
execute "cd /srv/app/#{environment}/current && RAILS_ENV=#{environment} bundle exec rake sitemap:refresh:no_ping"
end
end
task :rebuild_sitemap do
on roles(:app), in: :sequence do
execute "cd /srv/app/#{environment}/current && RAILS_ENV=#{environment} bundle exec rake sitemap:refresh"
end
end
task :restart_services do
on roles(:app), in: :sequence do
execute "sudo service tomcat6 restart"
execute "sudo service sunspot-solr restart"
execute "sudo service app-#{environment} restart"
execute "sudo service nginx restart"
end
end
If that's all you got, it might be just fine leaving it in deploy.rb.
If you really want to move those tasks somewhere, below contents of Capfile (you likely have it in the root of your project) should give you a hint:
# Load custom tasks from `lib/capistrano/tasks' if you have any defined
Dir.glob('lib/capistrano/tasks/*.rake').each { |r| import r }
So just create a file in lib/capistrano/tasks/ ending with .rake and that should do it!
When we deploy to our server, everything deploys fine, however we get the error "Gemfile not found" right after. At first I thought this was nginx not starting, but if I restart the box, the error goes away and the application works perfectly. We are trying to determine why this is occurring and how to fix it. As of right now, I am not sure where to begin and nothing I seem to research on the "google" has turned up answers.
The breakdown of the server setup and deployment:
rails 4
rbenv
ruby 2.1.0
capistrano v3
passenger
server build with chef
The Capfile:
require 'pry'
# Load DSL and Setup Up Stages
require 'capistrano/setup'
# Includes default deployment tasks
require 'capistrano/deploy'
# Includes tasks from other gems included in your Gemfile
#
# For documentation on these, see for example:
#
# https://github.com/capistrano/rvm
# https://github.com/capistrano/rbenv
# https://github.com/capistrano/chruby
# https://github.com/capistrano/bundler
# https://github.com/capistrano/rails/tree/master/assets
# https://github.com/capistrano/rails/tree/master/migrations
#
# require 'capistrano/rvm'
require 'capistrano/rbenv'
# require 'capistrano/chruby'
require 'capistrano/bundler'
# require 'capistrano/rails/assets'
require 'capistrano/rails/migrations'
# Loads custom tasks from `lib/capistrano/tasks' if you have any defined.
Dir.glob('lib/capistrano/tasks/*.cap').each { |r| import r }
The deploy.rb:
set :application, 'api'
set :scm, :git
set :repo_url, 'git#github.com:PlacewiseMedia/API.git'
set :branch, 'develop'
set :deploy_to, '/home/apps/api'
set :deploy_via, :remote_cache
set :keep_releases, 10
set :user, 'deploy'
set :use_sudo, false
set :rbenv_type, :system
set :rbenv_ruby, '2.1.0'
set :rbenv_path, '/opt/rbenv'
namespace :deploy do
desc 'Restart application'
task :restart_application do
on roles(:app), in: :sequence, wait: 5 do
spacer("Setting up restart file")
execute "mkdir -p #{release_path}/tmp ; touch #{release_path}/tmp/restart.txt"
spacer("Restarting the nginx service")
execute "sudo service nginx restart"
spacer()
end
end
desc 'Run Migrations'
task :update_database do
on roles(:app), in: :sequence, wait: 5 do
within(release_path) do
with rails_env: fetch(:rails_env) do
spacer("Updating the database")
execute :rake, "db:migrate", "--trace"
spacer()
end
end
end
end
desc 'Create application symlinks'
task :shared_links do
on roles(:app), in: :sequence, wait: 5 do
spacer("Creating application symlinks")
execute "rm #{release_path}/config/database.yml"
execute "ln -s #{shared_path}/config/database.yml #{release_path}/config/database.yml"
execute "ln -s #{shared_path}/config/secrets.yml #{release_path}/config/secrets.yml"
execute "ln -s #{shared_path}/bin/passenger #{release_path}/bin/passenger"
spacer()
end
end
after 'deploy:updated', 'deploy:shared_links'
after :finishing, 'deploy:update_database'
after :finishing, 'deploy:restart_application'
after :finishing, 'deploy:cleanup'
end
namespace :setup do
desc 'Copy the secrets.yml and database.yml files'
task config: ['config/secrets.yml', 'config/database.yml'] do |t|
on roles(:all) do
execute "mkdir -p #{shared_path}/config"
t.prerequisites.each do |file|
upload! file, "#{shared_path}/config"
end
end
end
end
def spacer(desc = nil)
puts "-----------------------------------------------------------------------------"
if desc
puts desc
puts "-----------------------------------------------------------------------------"
end
end
The error:
UPDATE 09/25 : 02:10pm PST
After working with https://hackhands.com/ we discovered that multiple instances of nginx are running as shown:
I can work to kill the services and restart it but it seems like something may not be configured correctly on the server via chef or our cap deployment. If I restart the box things work as stated, but we also tried killing the nginx services. We discovered that works as well. Our dev ops team is working on this, but we are still perplexed how this has occurred or how to repair it.
UPDATE 09/26 : 11:06am PST
I found where the config comes from on the passenger spinup, if you
look in /etc/service/ you will see the folders for the apps that are
on the server. Look at the run file in the folder you're interested
in and you'll see the passenger config. That fires off a ruby .bin/passenger start process, which then fires off the /tmp nginx
process which is hanging on app restart. I've tried restarting all in
different combos, the one that seems to work is killing the nginx
process, then running sudo killall ruby to respawn the new app...
not ideal
So the update our DevOps team did to address this issue revolves around the way passenger spawns nginx. The config that it was using was the older spawn-lv2 from previous versions, and I changed it to spawn for the current version 4. What this seems to do is to stop creating new directories in /tmp that were referenced by the runit script but would fail because the old version was still running. Now it looks like the updates are done in the current /tmp directory instead, so it doesn't matter if the process is still running.
This update was done to the rackbox default attribute in chef: default["rackbox"]["default_config"]["passenger_runit"]["spawn_method"] = "smart"
I have the following deploy.rb with my capistrano-enabled project:
# config valid only for Capistrano 3.1
lock '3.1.0'
# Default value for :pty is false
# forward password prompts
set :pty, true
set :use_sudo, false
namespace :setup do
desc 'installs required libraries'
task :libraries do
on roles(:app), in: :sequence do
execute :sudo, 'whoami'
execute :sudo, "apt-get install mplayer"
end
end
end
I might not really grasp the concept of :use_sudo and the execute :sudo, 'command' part but curiously the whoami returns root, even though :use_sudo is turned off.
The Documentation of v.2 states this too:
set :use_sudo, false. By default, Capistrano will try to use sudo to do certain operations (setting up your servers, restarting your application, etc.). If you are on a shared host, sudo might be unavailable to you, or maybe you just want to avoid using sudo.
So what is the :use_sudo flag for if sudo is executed anyways.
You're explicitly running a command in sudo: execute :sudo, 'whoami', why are you surprised that it uses sudo?
As explained in the documentation that you quoted, setting the :use_sudo option to false will tell Capistrano not to use sudo when doing certain operations. If you execute sudo whoami though it's not going to modify your command.
I need to understand why capistrano doesn't create the folder current. I'm using the following command : cap deploy:setup, cap deploy:check, cap deploy
But when i check in my app directory, i don't current folder.
This my deploy.rb
# Execute "bundle install" after deploy, but only when really needed
require 'bundler/capistrano'
# Automatically precompile assets
load "deploy/assets"
# RVM integration
require "rvm/capistrano"
# Application name
set :application, "app"
# Application environment
set :rails_env, :production
# Deploy username and sudo username
set :user, "ubuntu"
default_run_options[:pty] = true
ssh_options[:forward_agent] = true
#We don't want to use sudo (root) - for security reasons
set :use_sudo, false
#Target ruby version
set :rvm_ruby_string, '1.9.3-p374'
#System-wide RVM installation
set :rvm_type, :user
#We use sudo (root) for system-wide RVM installation
set :rvm_install_with_sudo, true
#git is our SCM
set :scm, :git
#Use github repository
set :repository, "git#github.com:.../CM.git"
#master is our default git branch
set :branch, "master"
#Deploy via github
set :deploy_to, "/var/www/app/#{application}"
set :deploy_via, :remote_cache
#We have all components of the app on the same server
server "125.156.125.125", :app, :web, :db, :primary => true
namespace :deploy do
task :restart, :roles => :app, :except => { :no_release => true } do
run "#{try_sudo} touch #{File.join(current_path,'tmp','restart.txt')}"
end
task :symlink_shared do
run "ln -nfs #{shared_path}/config/database.yml #{release_path}/config/database.yml"
run "ln -nfs #{shared_path}/assets #{release_path}/public/assets"
end
task :assets do
system "rsync -vr --exclude='.DS_Store' public/assets #{user}##{application}:# {shared_path}/"
end
end
after 'deploy:update_code', 'deploy:symlink_shared'
I don't understand where is the error, if someone can i help me ?
Thanks you
It could fail due to folder permissions also.
If the option
set :use_sudo, false
was not present when the first time cap was deployed, the current folder have sudo as the owner. When the user is changed, it might not have sufficient permissions to update the link.
I deleted the symbolic link and ran
cap deploy:create_symlink
This updated the symbolic link for me.
Capistrano creates a current symlink (not directory) as one of the last steps in it's deployment cycle, generally right before the application server gets sent a start/restart command. It cannot create that symlink before deploying as there is nothing to symlink to (no checkouts in /releases).
If it's still not creating the symlink, check your capistrano deploy logs for an error, it won't create the symlink if it has an error before making it to that point. And if there is an error, please post it in your question.
I successfully installed a Rails (3.2.10) app on an Ubuntu 12.04 server on Rackspace following Railscasts 335 deploying to a vps. Nginx, Unicorn, rbenv and Capistrano.
Then, when I try to install a second rails website I get the error "Could not find rake-10.0.3 in any of the sources" during cap:deploy. cap:setup and cap:check were successful. Additionally, there is no current directory under my application folder.
If I cd into the releases directory and run bundle install it is using rake-10.0.3. The only difference between the two apps is that the new app I am trying to install uses the assets pipeline.
Here is my deploy file which is identical for both apps, except for the set :application directive.
set :user, 'mark'
set :scm_passphrase, 'xxxx'
set :domain, '99.99.99.99'
set :application, "my_app"
set :repository, "#{user}##{domain}:git/#{application}.git"
ssh_options[:forward_agent] = true
set :deploy_to, "/var/www/#{application}"
role :app, domain
role :web, domain
role :db, domain, :primary => true
default_run_options[:pty] = true
set :deploy_via, :remote_cache
set :scm, 'git'
set :branch, 'master'
set :scm_verbose, true
set :use_sudo, false
after "deploy", "deploy:cleanup" # keep only the last 5 releases
namespace :deploy do
%w[start stop restart].each do |command|
desc "#{command} unicorn server"
task command, roles: :app, except: {no_release: true} do
run "/etc/init.d/unicorn_#{application} #{command}"
end
end
task :setup_config, roles: :app do
sudo "ln -nfs #{current_path}/config/nginx.conf /etc/nginx/sites-enabled/#{application}"
sudo "ln -nfs #{current_path}/config/unicorn_init.sh /etc/init.d/unicorn_#{application}"
run "mkdir -p #{shared_path}/config"
put File.read("config/database.yml"), "#{shared_path}/config/database.yml"
puts "Now edit the config files in #{shared_path}."
end
after "deploy:setup", "deploy:setup_config"
task :symlink_config, roles: :app do
run "ln -nfs #{shared_path}/config/database.yml #{release_path}/config/database.yml"
end
after "deploy:finalize_update", "deploy:symlink_config"
desc "Make sure local git is in sync with remote."
task :check_revision, roles: :web do
unless `git rev-parse HEAD` == `git rev-parse origin/master`
puts "WARNING: HEAD is not the same as origin/master"
puts "Run `git push` to sync changes."
exit
end
end
before "deploy", "deploy:check_revision"
end
Remove all the versions of Rake ==> gem uninstall rake
Remove Gemfile.lock ==> rm Gemfile.lock
Run bundle install ==> bundle install
gem install rake --version=10.0.2
if you still get the error then put this into your gemfile.
gem 'rake', '0.8.7'
bundle update rake
worked for me. I've had similar problem.
If your still looking for a fix... For me it was a matter of using sudo bundle install instead of just bundle install.
I had this same cryptic error message .... turns out I had created a 'cloned' release inside the release folder which causes sprockets to want to do things there .... I think cap uses the create date as it traverses the release tree so somehow this messed things up .... be sure there are no additional 'hand made' folders in your /releases/ folder and you should get past this bug
I had the same problem. The cause for my problem was that Rake was also found in /usr/bin/local/ in addition to being in the shims directory in rbenv. To check if this is the problem first uninstall rake gem uninstall rake then run which rake. If you get back a path that is different than /Users/username/.rbenv/shims/rake then just remove that binary using sudo rm /path/to/file.
Note that in my case at least, which gem was using a shimed executable that was managed by rbenv, while rake wasn't. So everything worked find until I tried to invoke rake command from the terminal.
Also see: After installing rbenv and changing Ruby version, Rake no longer runs
For rails version from 4.3, let try with bundle exec rails app:update. It worked for me.
Hope it's useful for you.