Get in touch
This website uses cookies to better the user experience of its visitors. Where applicable, this website uses a cookie control system, allowing users to allow or disallow the use of cookies on their computer/device on their first visit to the website. This complies with recent legislative requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer/device. To learn more click Cookie Policy.

Privacy preference center

Cookies are small files saved to a user’s computer/device hard drive that track, save, and store information about the user’s interactions and website use. They allow a website, through its server, to provide users with a tailored experience within the site. Users are advised to take necessary steps within their web browser security settings to block all cookies from this website and its external serving vendors if they wish to deny the use and saving of cookies from this website to their computer’s/device’s hard drive. To learn more click Cookie Policy.

Manage consent preferences

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Cookies list
Name _rg_session
Provider rubygarage.org
Retention period 2 days
Type First party
Category Necessary
Description The website session cookie is set by the server to maintain the user's session state across different pages of the website. This cookie is essential for functionalities such as login persistence, ensuring a seamless and consistent user experience. The session cookie does not store personal data and is typically deleted when the browser is closed, enhancing privacy and security.
Name m
Provider m.stripe.com
Retention period 1 year 1 month
Type Third party
Category Necessary
Description The m cookie is set by Stripe and is used to help assess the risk associated with attempted transactions on the website. This cookie plays a critical role in fraud detection by identifying and analyzing patterns of behavior to distinguish between legitimate users and potentially fraudulent activity. It enhances the security of online transactions, ensuring that only authorized payments are processed while minimizing the risk of fraud.
Name __cf_bm
Provider .pipedrive.com
Retention period 1 hour
Type Third party
Category Necessary
Description The __cf_bm cookie is set by Cloudflare to support Cloudflare Bot Management. This cookie helps to identify and filter requests from bots, enhancing the security and performance of the website. By distinguishing between legitimate users and automated traffic, it ensures that the site remains protected from malicious bots and potential attacks. This functionality is crucial for maintaining the integrity and reliability of the site's operations.
Name _GRECAPTCHA
Provider .recaptcha.net
Retention period 6 months
Type Third party
Category Necessary
Description The _GRECAPTCHA cookie is set by Google reCAPTCHA to ensure that interactions with the website are from legitimate human users and not automated bots. This cookie helps protect forms, login pages, and other interactive elements from spam and abuse by analyzing user behavior. It is essential for the proper functioning of reCAPTCHA, providing a critical layer of security to maintain the integrity and reliability of the site's interactive features.
Name __cf_bm
Provider .calendly.com
Retention period 30 minutes
Type Third party
Category Necessary
Description The __cf_bm cookie is set by Cloudflare to distinguish between humans and bots. This cookie is beneficial for the website as it helps in making valid reports on the use of the website. By identifying and managing automated traffic, it ensures that analytics and performance metrics accurately reflect human user interactions, thereby enhancing site security and performance.
Name __cfruid
Provider .calendly.com
Retention period During session
Type Third party
Category Necessary
Description The __cfruid cookie is associated with websites using Cloudflare services. This cookie is used to identify trusted web traffic and enhance security. It helps Cloudflare manage and filter legitimate traffic from potentially harmful requests, thereby protecting the website from malicious activities such as DDoS attacks and ensuring reliable performance for genuine users.
Name OptanonConsent
Provider .calendly.com
Retention period 1 year
Type Third party
Category Necessary
Description The OptanonConsent cookie determines whether the visitor has accepted the cookie consent box, ensuring that the consent box will not be presented again upon re-entry to the site. This cookie helps maintain the user's consent preferences and compliance with privacy regulations by storing information about the categories of cookies the user has consented to and preventing unnecessary repetition of consent requests.
Name OptanonAlertBoxClosed
Provider .calendly.com
Retention period 1 year
Type Third party
Category Necessary
Description The OptanonAlertBoxClosed cookie is set after visitors have seen a cookie information notice and, in some cases, only when they actively close the notice. It ensures that the cookie consent message is not shown again to the user, enhancing the user experience by preventing repetitive notifications. This cookie helps manage user preferences and ensures compliance with privacy regulations by recording when the notice has been acknowledged.
Name referrer_user_id
Provider .calendly.com
Retention period 14 days
Type Third party
Category Necessary
Description The referrer_user_id cookie is set by Calendly to support the booking functionality on the website. This cookie helps track the source of referrals to the booking page, enabling Calendly to attribute bookings accurately and enhance the user experience by streamlining the scheduling process. It assists in managing user sessions and preferences during the booking workflow, ensuring efficient and reliable operation.
Name _calendly_session
Provider .calendly.com
Retention period 21 days
Type Third party
Category Necessary
Description The _calendly_session cookie is set by Calendly, a meeting scheduling tool, to enable the meeting scheduler to function within the website. This cookie facilitates the scheduling process by maintaining session information, allowing visitors to book meetings and add events to their calendars seamlessly. It ensures that the scheduling workflow operates smoothly, providing a consistent and reliable user experience.
Name _gat_UA-*
Provider rubygarage.org
Retention period 1 minute
Type First party
Category Analytics
Description The _gat_UA-* cookie is a pattern type cookie set by Google Analytics, where the pattern element in the name contains the unique identity number of the Google Analytics account or website it relates to. This cookie is a variation of the _gat cookie and is used to throttle the request rate, limiting the amount of data collected by Google Analytics on high traffic websites. It helps manage the volume of data recorded, ensuring efficient performance and accurate analytics reporting.
Name _ga
Provider rubygarage.org
Retention period 1 year 1 month 4 days
Type First party
Category Analytics
Description The _ga cookie is set by Google Analytics to calculate visitor, session, and campaign data for the site's analytics reports. It helps track how users interact with the website, providing insights into site usage and performance.
Name _ga_*
Provider rubygarage.org
Retention period 1 year 1 month 4 days
Type First party
Category Analytics
Description The _ga_* cookie is set by Google Analytics to store and count page views on the website. This cookie helps track the number of visits and interactions with the website, providing valuable data for performance and user behavior analysis. It belongs to the analytics category and plays a crucial role in generating detailed usage reports for site optimization.
Name _gid
Provider rubygarage.org
Retention period 1 day
Type First party
Category Analytics
Description The _gid cookie is set by Google Analytics to store information about how visitors use a website and to create an analytics report on the website's performance. This cookie collects data on visitor behavior, including pages visited, duration of the visit, and interactions with the website, helping site owners understand and improve user experience. It is part of the analytics category and typically expires after 24 hours.
Name _dc_gtm_UA-*
Provider rubygarage.org
Retention period 1 minute
Type First party
Category Analytics
Description The _dc_gtm_UA-* cookie is set by Google Analytics to help load the Google Analytics script tag via Google Tag Manager. This cookie facilitates the efficient loading of analytics tools, ensuring that data on user behavior and website performance is accurately collected and reported. It is categorized under analytics and assists in the seamless integration and functioning of Google Analytics on the website.
Get in touch

The Ultimate Guide to Configuring a Rails App on Amazon EC2 with Chef: Part 3

  • 17955 views
  • 7 min
  • Jun 06, 2018
Yaroslav B.

Yaroslav B.

Ruby/JS Developer

Daryna P.

Daryna P.

Copywriter

Dmytro H.

Dmytro H.

Backend Development Lead

Tags:

Ruby Tutorials Tech Insights
Subscribe

Share

This article ends a series of posts we wrote about configuring Rails apps with the Chef automation platform and Amazon EC2. Gained knowledge in previous parts, we’ll finish writing cookbooks and secure our server. We’ll also go through the whole process of deployment of the Spree application on Ruby on Rails to EC2 instance we set up earlier.

Security setup

At this stage, you need to secure your app by installing and configuring OpenSSH.

OpenSSH

To enable authentication via SSH, install OpenSSH using the openssh cookbook.

Add the necessary dependencies in the Berksfile.

cookbook 'openssh', '~> 2.6.1'
view raw add-dependencies-in-Berksfile4 hosted with ❤ by GitHub

Create a cookbook.

mkdir site-cookbooks/app-openssh
view raw create-a-cookbook3 hosted with ❤ by GitHub

Set the metadata for the cookbook.

touch site-cookbooks/app-openssh/metadata.rb
view raw set-metadata-for-cookbook4 hosted with ❤ by GitHub
# site-cookbooks/app-openssh/metadata.rb
name 'app-openssh'
version '0.1.0'
depends 'openssh'
view raw set-metadata-for-cookbook2.rb hosted with ❤ by GitHub

Create default attributes for the cookbook.

mkdir site-cookbooks/app-openssh/attributes
touch site-cookbooks/app-openssh/attributes/default.rb
view raw create-default-attributes-cookbook3 hosted with ❤ by GitHub

Cancel authentication with the password_authentication password and disable print_motd, which determines whether the SSH daemon should print the contents of the /etc/motd file when the user logs on to the server.

# site-cookbooks/app-openssh/attributes/default.rb
default['openssh']['server']['password_authentication'] = 'no'
default['openssh']['server']['print_motd'] = 'no'
view raw cancel-authentification.rb hosted with ❤ by GitHub

Create a default recipe for the cookbook.

mkdir site-cookbooks/app-openssh/recipes
touch site-cookbooks/app-openssh/recipes/default.rb
view raw create-a-default-recipe3 hosted with ❤ by GitHub

Then you need to connect an external cookbook to install Redis.

# site-cookbooks/app-openssh/recipes/default.rb
include_recipe 'openssh'
view raw connect-external-cookbook-Redis2.rb hosted with ❤ by GitHub

Finally, add all these cookbooks to the security role.

touch roles/security.rb
view raw add-cookbooks-security-role hosted with ❤ by GitHub

In roles/security.rb

name 'security'
description 'Security setup'
run_list 'recipe[app-openssh]'
view raw roles-security.rb hosted with ❤ by GitHub

Also add the security role to the run list of the YOUR_IP_ADDRESS.json node.

...
"run_list": [
"role[setup]",
"role[database]",
"role[web]",
"role[security]"
],
...
view raw add-security-role-to-runlist.json hosted with ❤ by GitHub

Managing and monitoring system processes

At this stage, you need to monitor the state of the processes for the following installed software:

  • PostgreSQL
  • Redis
  • Nginx
  • Puma

To monitor the state of these processes, use Monit. To install and configure Monit, use chef-monit.

Add the necessary dependencies in the Berksfile.

cookbook 'monit', '~> 1.0.0'
view raw add-dependencies-in-Berksfile3 hosted with ❤ by GitHub

Create a cookbook.

mkdir site-cookbooks/app-monit
view raw create-a-cookbook4 hosted with ❤ by GitHub

Set the metadata for the cookbook.

touch site-cookbooks/app-monit/metadata.rb
view raw set-metadata-for-cookbook5 hosted with ❤ by GitHub
# site-cookbooks/app-monit/metadata.rb
name 'app-monit'
version '0.1.0'
depends 'app-attributes'
depends 'app-postgresql'
depends 'app-deploy'
depends 'monit'
view raw set-metadata-for-cookbook3.rb hosted with ❤ by GitHub

To make it more convenient to support app attributes in future, move the Monit username and password attributes to app-attributes:

# site-cookbooks/app-attributes/attributes/default.rb
# Monit -----------------------------------------------------------
override['monit']['username'] = 'USERNAME'
override['monit']['password'] = 'PASSWORD'
view raw move-the-monit-use-attributes.rb hosted with ❤ by GitHub

Replace USERNAME and PASSWORD with your own values. Later (in the part about application deployment), we’ll show you a way to store this kind of information more securely using encrypted_data_bags.

Now create default attributes for the cookbook.

mkdir site-cookbooks/app-monit/attributes
touch site-cookbooks/app-monit/attributes/default.rb
view raw create-default-attributes-cookbook4 hosted with ❤ by GitHub

Define the following attributes:

# site-cookbooks/app-monit/attributes/default.rb
default['monit']['poll_period'] = 5 # Interval in seconds to check all Monit services at
default['monit']['port'] = 2812 # Port to listen on for Monit's HTTPD interface
default['monit']['address'] = '0.0.0.0' # Local address to bind to for Monit's HTTPD interface
default['monit']['logfile'] = '/var/log/monit.log' # Path to log messages to
view raw default-attributes-Monit.rb hosted with ❤ by GitHub

Now you can write recipes and templates of the Monit configuration for the software listed above.

mkdir -p site-cookbooks/app-monit/{recipes,templates}
view raw recipes-templates-of-Monit-config hosted with ❤ by GitHub

PostgreSQL

Let’s create a recipe to connect Monit to PostgreSQL.

touch site-cookbooks/app-monit/recipes/postgresql.rb
view raw create-recipe-to-connect-monit-postgresql hosted with ❤ by GitHub

Сonnect an external cookbook and a PostgreSQL template with configurations.

include_recipe 'monit'
monit_config 'postgresql' do
source 'postgresql.conf.erb'
variables(
version: node['postgresql']['defaults']['server']['version']
)
end
view raw connect-external-cookbook-and-postgresl.rb hosted with ❤ by GitHub

Then create a template.

touch site-cookbooks/app-monit/templates/postgresql.conf.erb
view raw create-template hosted with ❤ by GitHub

Write the following:

# site-cookbooks/app-monit/templates/postgresql.conf.erb
check process postgresql with pidfile /var/run/postgresql/<%= @version %>-main.pid
group database
start program = "/etc/init.d/postgresql start"
stop program = "/etc/init.d/postgresql stop"
if failed unixsocket /var/run/postgresql/.s.PGSQL.5432 protocol pgsql then restart
if failed host 127.0.0.1 port 5432 protocol pgsql then restart
view raw PostresQL-monitoring-with-Monit.rb hosted with ❤ by GitHub

Next, update the run list for the database role.

# roles/database.rb
run_list 'recipe[app-postgresql]',
'recipe[app-monit::postgresql]'
view raw update-runlist-for-database-role.rb hosted with ❤ by GitHub

Redis

Create a recipe to connect Monit to Redis.

touch site-cookbooks/app-monit/recipes/redis.rb
view raw connect-monit-to-redis hosted with ❤ by GitHub

You need to connect an external cookbook and connect the Redis template to your configurations.

# site-cookbooks/app-monit/recipes/redis.rb
include_recipe 'monit'
monit_config 'redis' do
source 'redis.conf.erb'
end
view raw connect-cookbooks-and-redis-to-configs.rb hosted with ❤ by GitHub

Create a template.

touch site-cookbooks/app-monit/templates/redis.conf.erb
view raw create-template-1 hosted with ❤ by GitHub

Add the following to this template:

# site-cookbooks/app-monit/templates/redis.conf.erb
check process redis with pidfile /var/run/redis/redis-server.pid
start program = "/etc/init.d/redis-server start"
stop program = "/etc/init.d/redis-server stop"
view raw Redis-monitoring-with-Monit.rb hosted with ❤ by GitHub

Now, add this recipe to the web role.

# roles/web.rb
run_list 'recipe[app-redis]',
'recipe[app-ruby]',
'recipe[app-nodejs]',
'recipe[app-imagemagick]',
'recipe[app-nginx]',
'recipe[app-monit::redis]'
view raw add-recipe-to-web-role.rb hosted with ❤ by GitHub

Nginx

Let’s create a recipe to integrate Monit with Nginx.

touch site-cookbooks/app-monit/recipes/nginx.rb
view raw integrate-monit-with-nginx hosted with ❤ by GitHub

Сonnect an external cookbook and integrate the Nginx template with configurations.

# site-cookbooks/app-monit/recipes/nginx.rb
include_recipe 'monit'
monit_config 'nginx' do
source 'nginx.conf.erb'
end
view raw integrate-nginx-template-with-configs.rb hosted with ❤ by GitHub

Now create a template.

touch site-cookbooks/app-monit/templates/nginx.conf.erb
view raw create-template-2 hosted with ❤ by GitHub

In this template, write the following:

# site-cookbooks/app-monit/templates/nginx.conf.erb
check process nginx with pidfile /var/run/nginx.pid
start program = "/etc/init.d/nginx start"
stop program = "/etc/init.d/nginx stop"
view raw Nginx-monitoring-with-Monit.rb hosted with ❤ by GitHub

You also need to add this recipe, which has also been added to the web role.

# roles/web.rb
run_list 'recipe[app-redis]',
'recipe[app-ruby]',
'recipe[app-nodejs]',
'recipe[app-imagemagick]',
'recipe[app-nginx]',
'recipe[app-monit::redis]',
'recipe[app-monit::nginx]'
view raw add-recipe-that-was-added-to-web-role.rb hosted with ❤ by GitHub

Puma

Create a recipe to integrate Monit with Puma.

touch site-cookbooks/app-monit/recipes/puma.rb
view raw create-recipe-to-integreate-monit-with-puma hosted with ❤ by GitHub

You need to connect an external cookbook and integrate the Puma template with configurations.

# site-cookbooks/app-monit/recipes/puma.rb
include_recipe 'monit'
user = node['project']['user']
project_root = node['project']['root']
rvm = File.join('/', 'home', user, '.rvm', 'scripts', 'rvm')
monit_config 'puma' do
source 'puma.conf.erb'
variables(
user: user,
project_root: project_root,
rvm: rvm
)
end
view raw integraate-puma-templates-with-configs.rb hosted with ❤ by GitHub

Next, create a template.

touch site-cookbooks/app-monit/templates/puma.conf.erb
view raw create-template-3 hosted with ❤ by GitHub

Write the following in this template:

# site-cookbooks/app-monit/templates/puma.conf.erb
check process puma with pidfile <%= @project_root %>/shared/tmp/pids/puma.pid
start program = "/bin/su - <%= @user %> -s /bin/bash -c 'source <%= @rvm %> && cd <%= @project_root %>/current && bundle exec puma -C <%= @project_root %>/shared/puma.rb -e <%= node.environment %> --daemon'"
with timeout 30 seconds
stop program = "/bin/su - <%= @user %> -s /bin/bash -c 'source <%= @rvm %> && cd <%= @project_root %>/current && bundle exec pumactl -P <%= @project_root %>/shared/tmp/pids/puma.pid stop'"
with timeout 30 seconds
view raw Puma-monitoring-with-Monit hosted with ❤ by GitHub

Then add this recipe to the web role.

# roles/web.rb
run_list 'recipe[app-redis]',
'recipe[app-ruby]',
'recipe[app-nodejs]',
'recipe[app-imagemagick]',
'recipe[app-nginx]',
'recipe[app-monit::redis]',
'recipe[app-monit::nginx]',
'recipe[app-monit::puma]'
view raw add-recipe-to-web-role-1.rb hosted with ❤ by GitHub

Deployment

Setup

We’ll look at how you can deploy an app using Chef in this section of our tutorial.

The basics

Let’s start from creating the app-deploy cookbook where you’ll describe the recipe for app deployment.

First, add dependencies to the metadata.

# site-cookbooks/app-deploy/metadata.rb
name 'app-deploy'
version '0.1.0'
depends 'app-attributes'
depends 'app-users'
view raw add-dependencies-to-metadata.rb hosted with ❤ by GitHub

Use encrypted_data_bags to store confidential project information like the password from the database or keys from external services (AWS and others).

Why do we use encrypted_data_bags?

The main reason is security. With encrypted_data_bags, all data is stored in an encrypted form. So even if an attacker gets access to the repository with scripts, they won’t be able to use the confidential information.

To be able to use encrypted data bags, you need to create a file where the encryption and decryption keys will be stored. Use OpenSSL to generate the private key and put it in the file encrypted_data_bag_secret.

Warning!!! If you overwrite the existing encrypted_data_bag_secret file or delete it, you won’t be able to decrypt previously encrypted data.

In the terminal, run this command to create a key:

openssl rand -base64 512 | tr -d '\\r\\n' > encrypted_data_bag_secret
view raw create-secret-key hosted with ❤ by GitHub

Warning!!! You shouldn’t store the created file in the repository. You should, however, share this file with your team members. Therefore, you need to add it to .gitignore.

# .gitignore
encrypted_data_bag_secret
view raw add-to-gitignore hosted with ❤ by GitHub

Next, indicate the encrypted_data_bag_secret add-on for knife solo.

# .chef/knife.rb
...
encrypted_data_bag_secret 'encrypted_data_bag_secret'
view raw indicate-add-on-for-knife-solo.rb hosted with ❤ by GitHub

Using knife solo, create a configuration file for the dev environment with the private key.

knife solo data bag create configs dev --secret-file encrypted_data_bag_secret
view raw create-config-file-for-ded-environment hosted with ❤ by GitHub

In the text editor opened by terminal, enter the database credentials, secret application keys, and Monit credentials.

# data_bags/configs/dev.json
{
"id": "dev",
"database": {
"name": "NAME",
"user": "USER",
"password": "PASSWORD"
},
"application": {
"AWS_ACCESS_KEY_ID": "AWS_ACCESS_KEY_ID",
"AWS_SECRET_ACCESS_KEY": "AWS_SECRET_ACCESS_KEY",
"S3_BUCKET_NAME": "S3_BUCKET_NAME",
"S3_REGION": "S3_REGION",
"S3_HOST_NAME": "S3_HOST_NAME",
"DEVISE_SECRET_KEY": "DEVISE_SECRET_KEY",
"SECRET_KEY_BASE": "SECRET_KEY_BASE"
},
"monit": {
"username": "USER_NAME",
"password": "PASSWORD"
}
}
view raw enter-credentials.json hosted with ❤ by GitHub

Once you’ve saved your data to /data_bags/configs/dev.json, you’ll see that this data is now encrypted.

You can edit data from encrypted data bags using the following command:

knife solo data bag edit configs dev
view raw edit-encrypted-data hosted with ❤ by GitHub

And you can read this data with this command:

knife solo data bag show configs dev
view raw edit-data hosted with ❤ by GitHub

Since your keys and credentials are now stored in an encrypted_data_bag, you can remove the explicit definition of Monit credentials from app-attributes.

# site-cookbooks/app-attributes/attributes/default.rb
# Monit -----------------------------------------------------------
monit_configs = Chef::EncryptedDataBagItem.load('configs', node.environment)['monit']
override['monit']['username'] = monit_configs['username']
override['monit']['password'] = monit_configs['password']
view raw remove-explicit-definition.rb hosted with ❤ by GitHub

Set up SSH

The application is in the private repository. Therefore, to shrink the project, use an SSH wrapper. To do this, you’ll need to have SSH keys which you’ll put in your cookbook.

If you don’t have an SSH key, you can generate one using the command below. You must not set a password on the private key as this password will block the chef-client during the launch of deployment scripts. You’ll also need to specify your email address instead of example@gmail.com.

ssh-keygen -t rsa -b 4096 -C "example@gmail.com"
view raw generate-ssh-key hosted with ❤ by GitHub

Then, create a directory – site-cookbooks/app-deploy/files – where you’ll put the private and public keys.

mkdir site-cookbooks/app-deploy/files
mkdir site-cookbooks/app-deploy/files/default
touch site-cookbooks/app-deploy/files/default/key
touch site-cookbooks/app-deploy/files/default/key.pub
view raw create-directory-for-private-and-public-keys hosted with ❤ by GitHub

Afterward, put the keys in the created files.

cp ~/.ssh/id_rsa site-cookbooks/app-deploy/files/default/key
cp ~/.ssh/id_rsa.pub site-cookbooks/app-deploy/files/default/key.pub
view raw put-keys-in-created-files hosted with ❤ by GitHub

Warning!!! You should add the site-cookbooks/app-deploy/files/default directory to .gitignore since no one should know your private key.

# .gitignore
site-cookbooks/app-deploy/files/default
view raw add-directory-to-gitignore hosted with ❤ by GitHub

Next, create a default recipe where you’ll further describe the deployment process.

mkdir site-cookbooks/app-deploy/recipes
touch site-cookbooks/app-deploy/recipes/default.rb
view raw describe-deployment-process hosted with ❤ by GitHub

At the top of this file, define the variables you’ll be working with in the recipe:

# site-cookbooks/app-deploy/recipes/default.rb
encrypted_data = Chef::EncryptedDataBagItem.load('configs', node.environment)
config = node['project']
deployer = config['user']
deployer_group = config['group']
root_path = config['root']
home_path = File.join('/', 'home', deployer)
shared_path = File.join(root_path, 'shared')
bundle_path = File.join(shared_path, 'vendor', 'bundle')
config_path = File.join(shared_path, 'config')
ssh_path = File.join(shared_path, '.ssh')
puma_state_file = File.join(shared_path, 'tmp', 'pids', 'puma.state')
sidekiq_state_file = File.join(shared_path, 'tmp', 'pids', 'sidekiq.pid')
maintenance_file = File.join(shared_path, 'tmp', 'maintenance')
view raw define-variables-in-recipe.rb hosted with ❤ by GitHub

Now we’ll start to describe the recipe for deploying the application.

The recipe will consist of several stages:

  • Using SSH keys
  • Creating shared directories
  • Creating a database and Puma configuration

Using SSH keys

First, we’ll describe the usage of SSH keys:

# site-cookbooks/app-deploy/recipes/default.rb
# SSH -------------------------------------------------------------------------------------------------
ssh_key_file = File.join(ssh_path, deployer)
ssh_wrapper_file = File.join(ssh_path, 'wrap-ssh4git.sh')
directory ssh_path do
owner deployer
group deployer_group
recursive true
end
cookbook_file ssh_key_file do
source 'key'
owner deployer
group deployer_group
mode 0o600
end
file ssh_wrapper_file do
content "#!/bin/bash\n/usr/bin/env ssh -o \"StrictHostKeyChecking=no\" -i \"#{ssh_key_file}\" $1 $2"
owner deployer
group deployer_group
mode 0o755
end
view raw describe-usage-of-ssh-keys.rb hosted with ❤ by GitHub

Create shared directories

# site-cookbooks/app-deploy/recipes/default.rb
# DIRECTORIES ---------------------------------------------------------------------------------------------------------
%w[config log public/system public/uploads public/assets repo tmp/cache tmp/pids tmp/sockets].each do |dir|
directory File.join(shared_path, dir) do
owner deployer
group deployer_group
mode 0o755
recursive true
end
end
view raw create-shared-directories.rb hosted with ❤ by GitHub

Create database and PUMA configurations

1. Database configuration

Let’s describe the use of the template with the configuration for database access.

# site-cookbooks/app-deploy/recipes/default.rb
template File.join(config_path, 'database.yml') do
source File.join(node.environment, 'database.yml.erb')
variables(
environment: node.environment,
database: encrypted_data['database']['name'],
user: encrypted_data['database']['user'],
password: encrypted_data['database']['password']
)
sensitive true
owner deployer
group deployer_group
mode 0o644
end
view raw describe-use-of-template-with-config.rb hosted with ❤ by GitHub

Next we’ll create a template:

# site-cookbooks/app-deploy/templates/dev/database.yml.erb
---
<%= @environment %>:
adapter: postgresql
encoding: unicode
database: <%= @database %>
user: <%= @user %>
password: <%= @password %>
pool: 20
view raw create-a-template-2 hosted with ❤ by GitHub
mkdir site-cookbooks/app-deploy/templates
mkdir site-cookbooks/app-deploy/templates/dev
touch site-cookbooks/app-deploy/templates/dev/database.yml.erb
view raw create-a-template-1 hosted with ❤ by GitHub

2. Application configurations

Here you need to describe the generation of the application.yml file where you’ll be storing the project environment variables.

# site-cookbooks/app-deploy/recipes/default.rb
file File.join(config_path, 'application.yml') do
content Hash[node.environment, encrypted_data['application']].to_yaml
sensitive true
owner deployer
group deployer_group
mode 0o644
end
view raw generation-of-application.yml-file.rb hosted with ❤ by GitHub

3. Puma

Now you need to describe how to use the template with configurations:

# site-cookbooks/app-deploy/recipes/default.rb
template File.join(shared_path, 'puma.rb') do
source File.join(node.environment, 'puma.rb.erb')
variables(
environment: node.environment,
project_root: root_path
)
owner deployer
group deployer_group
mode 0o644
end
view raw use-the-template-with-configurations.rb hosted with ❤ by GitHub

You also need to create the template with the configuration:

touch site-cookbooks/app-deploy/templates/dev/puma.rb.erb
view raw create-template-with-configuration hosted with ❤ by GitHub
# site-cookbooks/app-deploy/templates/dev/puma.rb.erb
#!/usr/bin/env puma
directory '<%= @project_root %>/current'
rackup '<%= @project_root %>/current/config.ru'
environment '<%= @environment %>'
pidfile '<%= @project_root %>/shared/tmp/pids/puma.pid'
state_path '<%= @project_root %>/shared/tmp/pids/puma.state'
stdout_redirect '<%= @project_root %>/shared/log/puma.error.log', '<%= @project_root %>/shared/log/puma.access.log', true
threads 4, 16
bind 'unix://<%= @project_root %>/shared/tmp/sockets/puma.sock'
workers 0
preload_app!
on_restart do
puts 'Refreshing Gemfile'
ENV['BUNDLE_GEMFILE'] = '<%= @project_root %>/current/Gemfile'
end
on_worker_boot do
ActiveSupport.on_load(:active_record) do
ActiveRecord::Base.establish_connection
end
end
view raw create-template-with-configuration.rb hosted with ❤ by GitHub

4. Sidekiq configurations

First, describe how to use the template with the Sidekiq configuration:

# site-cookbooks/app-deploy/recipes/default.rb
template File.join(config_path, 'sidekiq.yml') do
source File.join(node.environment, 'sidekiq.yml.erb')
variables(
environment: node.environment
)
sensitive true
owner deployer
group deployer_group
mode 0o644
end
view raw Sidekiq-configuration.rb hosted with ❤ by GitHub

Next, create a template with the configuration.

touch site-cookbooks/app-deploy/templates/dev/sidekiq.yml.erb
view raw create-template-with-configuration1 hosted with ❤ by GitHub
---
<%= @environment %>:
:verbose: true
:logfile: log/sidekiq.log
:concurrency: 1
:strict: false
:pidfile: tmp/pids/sidekiq.pid
:queues:
- [default, 1]
view raw create-template-with-configuration hosted with ❤ by GitHub

Deployment

Now we want to introduce the application deployment. Generally, deployment happens in four stages:

  1. Checkout ‒ The chef-client uses the Source Code Management (SCM) resource to get the specified application revision and places a clone or checkout in the subdirectory of the deploy directory named cached-copy. Then a copy of the application is placed in this subdirectory.
  2. Migrate ‒ If the migration is to be run, the chef-client symbolically links the database configuration file into the checkout (config/database.yml by default) and runs the migration command. For a Ruby on Rails application, migration_command is usually set to rake db: migrate.
  3. Symlink ‒ Directories for shared and temporary files are removed from the checkout (log, tmp/pids, and public/system by default). After that, you need to create any necessary directories (tmp, public, and config by default) if they don’t exist. At the end of this step, you symlink shared directories into the current release, public/system, tmp/pids, and log directories, and then symlink the release directory to current.
  4. Restart ‒ Restart the app using the restart command set in the recipe.

Here are the tasks for application deployment one by one:

# site-cookbooks/app-deploy/recipes/default.rb
# DEPLOYMENT ----------------------------------------------------------------------------------------------------------
timestamped_deploy node['domain_name'] do
ssh_wrapper ssh_wrapper_file
repository config['repository']
branch config['branch']
repository_cache 'repo'
deploy_to config['root']
user deployer
group deployer_group
# Set global environments
environment(
'HOME' => home_path,
'RAILS_ENV' => node.environment
)
# Before you start to run the migration, create tmp and public directories.
create_dirs_before_symlink %w[tmp public]
# Map files in a shared directory to their paths in the current release directory.
symlinks(
'config/application.yml' => 'config/application.yml',
'config/database.yml' => 'config/database.yml',
'config/newrelic.yml' => 'config/newrelic.yml',
'config/sidekiq.yml' => 'config/sidekiq.yml',
'log' => 'log',
'public/system' => 'public/system',
'public/uploads' => 'public/uploads',
'public/assets' => 'public/assets',
'tmp/cache' => 'tmp/cache',
'tmp/pids' => 'tmp/pids',
'tmp/sockets' => 'tmp/sockets'
)
# Map files in a shared directory to the current release directory.
symlink_before_migrate(
'config/application.yml' => 'config/application.yml',
'config/database.yml' => 'config/database.yml'
)
# Run this code before the migration starts
before_migrate do
file maintenance_file do
owner deployer
group deployer_group
action :create
end
# Install bundler gem
execute 'install bundler' do
command "/bin/bash -lc 'source $HOME/.rvm/scripts/rvm && gem install bundler'"
cwd release_path
user deployer
group deployer_group
environment(
'HOME' => home_path
)
end
# Install other gems
execute 'bundle install' do
command "/bin/bash -lc 'source $HOME/.rvm/scripts/rvm && bundle install --without development test --deployment --path #{bundle_path}'"
cwd release_path
user deployer
group deployer_group
environment(
'HOME' => home_path
)
end
end
migration_command "/bin/bash -lc 'source $HOME/.rvm/scripts/rvm && bundle exec rails db:migrate --trace'"
migrate true
restart_command do
# If PUMA is running ‒ restart it
if File.exist? puma_state_file
execute 'pumactl restart' do
command "/bin/bash -lc 'source $HOME/.rvm/scripts/rvm && bundle exec pumactl -S #{puma_state_file} restart'"
cwd release_path
user deployer
group deployer_group
environment(
'HOME' => home_path
)
end
end
# If Sidekiq is running ‒ restart it
if File.exist? sidekiq_state_file
execute 'sidekiqctl stop' do
command "/bin/bash -lc 'source $HOME/.rvm/scripts/rvm && bundle exec sidekiqctl stop #{sidekiq_state_file}'"
cwd release_path
user deployer
group deployer_group
environment(
'HOME' => home_path
)
end
end
end
# Run the following tasks before app restart commands
before_restart do
execute 'db:seed' do
command "/bin/bash -lc 'source $HOME/.rvm/scripts/rvm && bundle exec rake db:seed'"
cwd release_path
user 'root'
group 'root'
environment(
'HOME' => home_path,
'RAILS_ENV' => node.environment
)
end
execute 'assets:precompile' do
command "/bin/bash -lc 'source $HOME/.rvm/scripts/rvm && bundle exec rake assets:precompile'"
cwd release_path
user 'root'
group 'root'
environment(
'HOME' => home_path,
'RAILS_ENV' => node.environment
)
end
end
# Once you've restarted the app, remove the maintenance file
after_restart do
file maintenance_file do
action :delete
end
end
action :deploy
end
view raw deploy-app.rb hosted with ❤ by GitHub

Applying Configurations

Now you need to add the app-deploy cookbook to the deploy role to use this cookbook further in the node.

touch roles/deploy.rb
view raw add-app-deploy-cookbook-to-deploy-rolw hosted with ❤ by GitHub

Describe basic information about the role and its run list.

# roles/deploy.rb
name 'deploy'
description 'Deployment'
run_list 'recipe[app-deploy]'
view raw describe-basic information-about-role.rb hosted with ❤ by GitHub

Next, add this role to the general run list of the nodes/YOUR_IP_ADDRESS.json node.

// nodes/YOUR_IP_ADDRESS.json
...
"run_list": [
"role[setup]",
"role[database]",
"role[web]",
"role[security]",
"role[deploy]"
],
...
view raw add-role-to-general-run-list.json hosted with ❤ by GitHub

Now you’re ready to apply the scripts you’ve written to launch the app on the server.

Install Chef and apply all configurations using the following command:

knife solo bootstrap ubuntu@YOUR_IP_ADDRESS -i spree_dev.pem
view raw install-Chef hosted with ❤ by GitHub

Once you’ve completed the deployment, the Spree application will be available through public DNS. In our example, the address is ec2-18-221-230-71.us-east-2.compute.amazonaws.com.

My Account Spree Demo Site

Now you can log on to the server via SSH as the deployer user:

ssh deployer@YOUR_IP_ADDRESS
view raw log-on-to-server-via-SSH hosted with ❤ by GitHub

In future, you can deploy the app to a remote machine with the following command:

knife solo cook deployer@YOUR_IP_ADDRESS -o "'recipe[app-deploy]'"
view raw deploy-app-to-remote machine hosted with ❤ by GitHub

On a global scale, Chef allows you to take advantage of dynamic infrastructure, easily start new servers, and safely dispose of servers when they’re replaced by newer configurations or when load decreases.

We hope this tutorial has been helpful for you. Share your experience using Chef in the comments below.

CONTENTS

Tags:

Ruby Tutorials Tech Insights

Authors:

Yaroslav B.

Yaroslav B.

Ruby/JS Developer

Daryna P.

Daryna P.

Copywriter

Dmytro H.

Dmytro H.

Backend Development Lead

Rate this article!

Nay
So-so
Not bad
Good
Wow
3 rating, average 5 out of 5

Share article with

Comments (0)

There are no comments yet

Leave a comment

Subscribe via email and know it all first!

Recommended Articles
The Ultimate Guide to Configuring a Rails App on Amazon EC2 wi...
The Ultimate Guide to Configuring a Rails App on Amazon EC2 with Chef: Part 2
Three Database Architectures for a Multi-Tenant Rails-Based Sa...
Three Database Architectures for a Multi-Tenant Rails-Based SaaS App
The Ultimate Guide to Configuring a Rails App on Amazon EC2 wi...
The Ultimate Guide to Configuring a Rails App on Amazon EC2 with Chef: Part 1