This website uses cookies to better the user experience of its visitors. Where applicable, this website uses a cookie control system, allowing users to allow or disallow the use of cookies on their computer/device on their first visit to the website. This complies with recent legislative requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer/device. To learn more click Cookie Policy.

Privacy preference center

Cookies are small files saved to a user’s computer/device hard drive that track, save, and store information about the user’s interactions and website use. They allow a website, through its server, to provide users with a tailored experience within the site. Users are advised to take necessary steps within their web browser security settings to block all cookies from this website and its external serving vendors if they wish to deny the use and saving of cookies from this website to their computer’s/device’s hard drive. To learn more click Cookie Policy.

Manage consent preferences

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Cookies list
Name _rg_session
Provider rubygarage.org
Retention period 2 days
Type First party
Category Necessary
Description The website session cookie is set by the server to maintain the user's session state across different pages of the website. This cookie is essential for functionalities such as login persistence, ensuring a seamless and consistent user experience. The session cookie does not store personal data and is typically deleted when the browser is closed, enhancing privacy and security.
Name m
Provider m.stripe.com
Retention period 1 year 1 month
Type Third party
Category Necessary
Description The m cookie is set by Stripe and is used to help assess the risk associated with attempted transactions on the website. This cookie plays a critical role in fraud detection by identifying and analyzing patterns of behavior to distinguish between legitimate users and potentially fraudulent activity. It enhances the security of online transactions, ensuring that only authorized payments are processed while minimizing the risk of fraud.
Name __cf_bm
Provider .pipedrive.com
Retention period 1 hour
Type Third party
Category Necessary
Description The __cf_bm cookie is set by Cloudflare to support Cloudflare Bot Management. This cookie helps to identify and filter requests from bots, enhancing the security and performance of the website. By distinguishing between legitimate users and automated traffic, it ensures that the site remains protected from malicious bots and potential attacks. This functionality is crucial for maintaining the integrity and reliability of the site's operations.
Name _GRECAPTCHA
Provider .recaptcha.net
Retention period 6 months
Type Third party
Category Necessary
Description The _GRECAPTCHA cookie is set by Google reCAPTCHA to ensure that interactions with the website are from legitimate human users and not automated bots. This cookie helps protect forms, login pages, and other interactive elements from spam and abuse by analyzing user behavior. It is essential for the proper functioning of reCAPTCHA, providing a critical layer of security to maintain the integrity and reliability of the site's interactive features.
Name __cf_bm
Provider .calendly.com
Retention period 30 minutes
Type Third party
Category Necessary
Description The __cf_bm cookie is set by Cloudflare to distinguish between humans and bots. This cookie is beneficial for the website as it helps in making valid reports on the use of the website. By identifying and managing automated traffic, it ensures that analytics and performance metrics accurately reflect human user interactions, thereby enhancing site security and performance.
Name __cfruid
Provider .calendly.com
Retention period During session
Type Third party
Category Necessary
Description The __cfruid cookie is associated with websites using Cloudflare services. This cookie is used to identify trusted web traffic and enhance security. It helps Cloudflare manage and filter legitimate traffic from potentially harmful requests, thereby protecting the website from malicious activities such as DDoS attacks and ensuring reliable performance for genuine users.
Name OptanonConsent
Provider .calendly.com
Retention period 1 year
Type Third party
Category Necessary
Description The OptanonConsent cookie determines whether the visitor has accepted the cookie consent box, ensuring that the consent box will not be presented again upon re-entry to the site. This cookie helps maintain the user's consent preferences and compliance with privacy regulations by storing information about the categories of cookies the user has consented to and preventing unnecessary repetition of consent requests.
Name OptanonAlertBoxClosed
Provider .calendly.com
Retention period 1 year
Type Third party
Category Necessary
Description The OptanonAlertBoxClosed cookie is set after visitors have seen a cookie information notice and, in some cases, only when they actively close the notice. It ensures that the cookie consent message is not shown again to the user, enhancing the user experience by preventing repetitive notifications. This cookie helps manage user preferences and ensures compliance with privacy regulations by recording when the notice has been acknowledged.
Name referrer_user_id
Provider .calendly.com
Retention period 14 days
Type Third party
Category Necessary
Description The referrer_user_id cookie is set by Calendly to support the booking functionality on the website. This cookie helps track the source of referrals to the booking page, enabling Calendly to attribute bookings accurately and enhance the user experience by streamlining the scheduling process. It assists in managing user sessions and preferences during the booking workflow, ensuring efficient and reliable operation.
Name _calendly_session
Provider .calendly.com
Retention period 21 days
Type Third party
Category Necessary
Description The _calendly_session cookie is set by Calendly, a meeting scheduling tool, to enable the meeting scheduler to function within the website. This cookie facilitates the scheduling process by maintaining session information, allowing visitors to book meetings and add events to their calendars seamlessly. It ensures that the scheduling workflow operates smoothly, providing a consistent and reliable user experience.
Name _gat_UA-*
Provider rubygarage.org
Retention period 1 minute
Type First party
Category Analytics
Description The _gat_UA-* cookie is a pattern type cookie set by Google Analytics, where the pattern element in the name contains the unique identity number of the Google Analytics account or website it relates to. This cookie is a variation of the _gat cookie and is used to throttle the request rate, limiting the amount of data collected by Google Analytics on high traffic websites. It helps manage the volume of data recorded, ensuring efficient performance and accurate analytics reporting.
Name _ga
Provider rubygarage.org
Retention period 1 year 1 month 4 days
Type First party
Category Analytics
Description The _ga cookie is set by Google Analytics to calculate visitor, session, and campaign data for the site's analytics reports. It helps track how users interact with the website, providing insights into site usage and performance.
Name _ga_*
Provider rubygarage.org
Retention period 1 year 1 month 4 days
Type First party
Category Analytics
Description The _ga_* cookie is set by Google Analytics to store and count page views on the website. This cookie helps track the number of visits and interactions with the website, providing valuable data for performance and user behavior analysis. It belongs to the analytics category and plays a crucial role in generating detailed usage reports for site optimization.
Name _gid
Provider rubygarage.org
Retention period 1 day
Type First party
Category Analytics
Description The _gid cookie is set by Google Analytics to store information about how visitors use a website and to create an analytics report on the website's performance. This cookie collects data on visitor behavior, including pages visited, duration of the visit, and interactions with the website, helping site owners understand and improve user experience. It is part of the analytics category and typically expires after 24 hours.
Name _dc_gtm_UA-*
Provider rubygarage.org
Retention period 1 minute
Type First party
Category Analytics
Description The _dc_gtm_UA-* cookie is set by Google Analytics to help load the Google Analytics script tag via Google Tag Manager. This cookie facilitates the efficient loading of analytics tools, ensuring that data on user behavior and website performance is accurately collected and reported. It is categorized under analytics and assists in the seamless integration and functioning of Google Analytics on the website.

The Ultimate Guide to Configuring a Rails App on Amazon EC2 with Chef: Part 3

  • 16904 views
  • 7 min
  • Jun 06, 2018
Yaroslav B.

Yaroslav B.

Ruby/JS Developer

Daryna P.

Daryna P.

Copywriter

Dmytro H.

Dmytro H.

Backend Development Lead

Share

This article ends a series of posts we wrote about configuring Rails apps with the Chef automation platform and Amazon EC2. Gained knowledge in previous parts, we’ll finish writing cookbooks and secure our server. We’ll also go through the whole process of deployment of the Spree application on Ruby on Rails to EC2 instance we set up earlier.

Security setup

At this stage, you need to secure your app by installing and configuring OpenSSH.

OpenSSH

To enable authentication via SSH, install OpenSSH using the openssh cookbook.

Add the necessary dependencies in the Berksfile.

Create a cookbook.

Set the metadata for the cookbook.

Create default attributes for the cookbook.

Cancel authentication with the password_authentication password and disable print_motd, which determines whether the SSH daemon should print the contents of the /etc/motd file when the user logs on to the server.

Create a default recipe for the cookbook.

Then you need to connect an external cookbook to install Redis.

Finally, add all these cookbooks to the security role.

In roles/security.rb

Also add the security role to the run list of the YOUR_IP_ADDRESS.json node.

Managing and monitoring system processes

At this stage, you need to monitor the state of the processes for the following installed software:

  • PostgreSQL
  • Redis
  • Nginx
  • Puma

To monitor the state of these processes, use Monit. To install and configure Monit, use chef-monit.

Add the necessary dependencies in the Berksfile.

Create a cookbook.

Set the metadata for the cookbook.

To make it more convenient to support app attributes in future, move the Monit username and password attributes to app-attributes:

Replace USERNAME and PASSWORD with your own values. Later (in the part about application deployment), we’ll show you a way to store this kind of information more securely using encrypted_data_bags.

Now create default attributes for the cookbook.

Define the following attributes:

Now you can write recipes and templates of the Monit configuration for the software listed above.

PostgreSQL

Let’s create a recipe to connect Monit to PostgreSQL.

Сonnect an external cookbook and a PostgreSQL template with configurations.

Then create a template.

Write the following:

Next, update the run list for the database role.

Redis

Create a recipe to connect Monit to Redis.

You need to connect an external cookbook and connect the Redis template to your configurations.

Create a template.

Add the following to this template:

Now, add this recipe to the web role.

Nginx

Let’s create a recipe to integrate Monit with Nginx.

Сonnect an external cookbook and integrate the Nginx template with configurations.

Now create a template.

In this template, write the following:

You also need to add this recipe, which has also been added to the web role.

Puma

Create a recipe to integrate Monit with Puma.

You need to connect an external cookbook and integrate the Puma template with configurations.

Next, create a template.

Write the following in this template:

Then add this recipe to the web role.

Deployment

Setup

We’ll look at how you can deploy an app using Chef in this section of our tutorial.

The basics

Let’s start from creating the app-deploy cookbook where you’ll describe the recipe for app deployment.

First, add dependencies to the metadata.

Use encrypted_data_bags to store confidential project information like the password from the database or keys from external services (AWS and others).

Why do we use encrypted_data_bags?

The main reason is security. With encrypted_data_bags, all data is stored in an encrypted form. So even if an attacker gets access to the repository with scripts, they won’t be able to use the confidential information.

To be able to use encrypted data bags, you need to create a file where the encryption and decryption keys will be stored. Use OpenSSL to generate the private key and put it in the file encrypted_data_bag_secret.

Warning!!! If you overwrite the existing encrypted_data_bag_secret file or delete it, you won’t be able to decrypt previously encrypted data.

In the terminal, run this command to create a key:

Warning!!! You shouldn’t store the created file in the repository. You should, however, share this file with your team members. Therefore, you need to add it to .gitignore.

Next, indicate the encrypted_data_bag_secret add-on for knife solo.

Using knife solo, create a configuration file for the dev environment with the private key.

In the text editor opened by terminal, enter the database credentials, secret application keys, and Monit credentials.

Once you’ve saved your data to /data_bags/configs/dev.json, you’ll see that this data is now encrypted.

You can edit data from encrypted data bags using the following command:

And you can read this data with this command:

Since your keys and credentials are now stored in an encrypted_data_bag, you can remove the explicit definition of Monit credentials from app-attributes.

Set up SSH

The application is in the private repository. Therefore, to shrink the project, use an SSH wrapper. To do this, you’ll need to have SSH keys which you’ll put in your cookbook.

If you don’t have an SSH key, you can generate one using the command below. You must not set a password on the private key as this password will block the chef-client during the launch of deployment scripts. You’ll also need to specify your email address instead of [email protected].

Then, create a directory – site-cookbooks/app-deploy/files – where you’ll put the private and public keys.

Afterward, put the keys in the created files.

Warning!!! You should add the site-cookbooks/app-deploy/files/default directory to .gitignore since no one should know your private key.

Next, create a default recipe where you’ll further describe the deployment process.

At the top of this file, define the variables you’ll be working with in the recipe:

Now we’ll start to describe the recipe for deploying the application.

The recipe will consist of several stages:

  • Using SSH keys
  • Creating shared directories
  • Creating a database and Puma configuration

Using SSH keys

First, we’ll describe the usage of SSH keys:

Create shared directories

Create database and PUMA configurations

1. Database configuration

Let’s describe the use of the template with the configuration for database access.

Next we’ll create a template:

2. Application configurations

Here you need to describe the generation of the application.yml file where you’ll be storing the project environment variables.

3. Puma

Now you need to describe how to use the template with configurations:

You also need to create the template with the configuration:

4. Sidekiq configurations

First, describe how to use the template with the Sidekiq configuration:

Next, create a template with the configuration.

Deployment

Now we want to introduce the application deployment. Generally, deployment happens in four stages:

  1. Checkout ‒ The chef-client uses the Source Code Management (SCM) resource to get the specified application revision and places a clone or checkout in the subdirectory of the deploy directory named cached-copy. Then a copy of the application is placed in this subdirectory.
  2. Migrate ‒ If the migration is to be run, the chef-client symbolically links the database configuration file into the checkout (config/database.yml by default) and runs the migration command. For a Ruby on Rails application, migration_command is usually set to rake db: migrate.
  3. Symlink ‒ Directories for shared and temporary files are removed from the checkout (log, tmp/pids, and public/system by default). After that, you need to create any necessary directories (tmp, public, and config by default) if they don’t exist. At the end of this step, you symlink shared directories into the current release, public/system, tmp/pids, and log directories, and then symlink the release directory to current.
  4. Restart ‒ Restart the app using the restart command set in the recipe.

Here are the tasks for application deployment one by one:

Applying Configurations

Now you need to add the app-deploy cookbook to the deploy role to use this cookbook further in the node.

Describe basic information about the role and its run list.

Next, add this role to the general run list of the nodes/YOUR_IP_ADDRESS.json node.

Now you’re ready to apply the scripts you’ve written to launch the app on the server.

Install Chef and apply all configurations using the following command:

Once you’ve completed the deployment, the Spree application will be available through public DNS. In our example, the address is ec2-18-221-230-71.us-east-2.compute.amazonaws.com.

My Account Spree Demo Site

Now you can log on to the server via SSH as the deployer user:

In future, you can deploy the app to a remote machine with the following command:

On a global scale, Chef allows you to take advantage of dynamic infrastructure, easily start new servers, and safely dispose of servers when they’re replaced by newer configurations or when load decreases.

We hope this tutorial has been helpful for you. Share your experience using Chef in the comments below.

CONTENTS

Authors:

Yaroslav B.

Yaroslav B.

Ruby/JS Developer

Daryna P.

Daryna P.

Copywriter

Dmytro H.

Dmytro H.

Backend Development Lead

Rate this article!

Nay
So-so
Not bad
Good
Wow
3 rating, average 5 out of 5

Share article with

Comments (0)

There are no comments yet

Leave a comment

Subscribe via email and know it all first!