Capistrano tips

If you use (and you definitely should) Capistrano to handle your Rails application deployement, you should have faced some troubles to handle passwords for svn + database, at least if you’re like me and don’t want to put those production passwords in your subversion repository.

My first concern was to have a different user/password to checkout code from subversion, ssh to the server and connect to the database.

So here’s some tricks which allows you to avoid puting passwords in subversion and use different passwords for each part of the process (ssh, svn, db), put those in your config/deploy.rb.

Use whatever SVN User/Password you want :

[UPDATE] A little update to this part to avoid remote svn user/password to be cached locally.

Old :

 set :svn_user, ENV['svn_user'] || "jonathan"
 set :svn_password, Proc.new { Capistrano::CLI.password_prompt('SVN Password: ') }
 set :repository,
  Proc.new { "--username #{svn_user} " +
             "--password #{svn_password} " +
             "http://your.domain.tld/path/to/svn/#{application}/trunk/" }

New :

 set :svn_user, ENV['svn_user'] || "jonathan"
 set :svn_password, Proc.new { Capistrano::CLI.password_prompt('SVN Password: ') }
 set :repository,
  Proc.new { "--username #{svn_user} " +
             "--password #{svn_password} " +
             "--no-auth-cache " +
             "http://your.domain.tld/path/to/svn/#{application}/trunk/" }

So you can now do things like :

  svn_user=your_name cap deploy

and the svn checkout will use ‘your_name’ as svn username, prompt you for the subversion password (remember, you’re using ssh, so no clear password transit) and then do the checkout normaly.

Generate config/database.yml on-the-fly

Just like passwords, it’s a good idea to avoid having your database configuration in subversion if you’re more than one developer to commit code. So why not generate it locally and put it through our lovely ssh connection, at deployement time ?

  desc "After updating code we need to populate a new database.yml"
task :after_update_code, :roles => :app do
  require "yaml"
  set :production_database_password, proc { Capistrano::CLI.password_prompt("Production database remote Password : ") }

  buffer = YAML::load_file('config/database.yml.template')
  # get ride of uneeded configurations
  buffer.delete('test')
  buffer.delete('development')
  
  # Populate production element
  buffer['production']['adapter'] = "postgresql"
  buffer['production']['database'] = "vms_production"
  buffer['production']['username'] = "you_db_username
  buffer['production']['password'] = production_database_password
  buffer['production']['host'] = "localhost"
  
  put YAML::dump(buffer), "#{release_path}/config/database.yml", :mode => 0664
end

This code uses the config/database.yml.template file (it’s up to you to have one, I don’t think this one is hard :D), to generate a simple database.yml containing only the production database configuration. Additionnaly it prompts you for the database connection password.

Isn’t this great ?

Sat, 15 Jul 2006 14:33 Posted in

Tags , , ,

  1. Avatar

    By Seth 11 days later:


    Good stuff! I was just trying to figure out how to use a different svn username/password. Thanks!

  2. Avatar

    By Aníbal Rojas about 1 month later:


    Off Topic: This is just a quick note to invite you to register at RubyCorner.com, a meeting place for people interested in the Ruby Programming Language or any of the related technologies. I would recommend using a filtered feed just including Ruby and Rails posts ;-)

  3. Avatar

    By Fin about 1 month later:


    Thanks, was very helpful.

  4. Avatar

    By Pierre R 6 months later:


    Thanks for the svn password tip ! It pefectly fits my needs ;)

  5. Avatar

    By Micah 7 months later:


    Thanks for the tips. This should fix the problem for us.

  6. Avatar

    By Chris Roos 10 months later:


    I’m a bit late to the Capistrano party but really appreciate this handy tip. Cheers.

  7. Avatar

    By Peter Kehl about 1 year later:


    Hi. I’ve tried set :svn_user, :svn_username, :scm_user, :scm_username with :svn_password, :scm_password. The password gets picked only when I use same username on apache/ruby box and in SVN – I use private/public SSH key when connecting to apache/ruby box, so that doesn’t ask for password, and then SVN uses the password from the deployment recipe.

    However, when different usernames on apache/ruby box and SVN doesn’t work – then it doesn’t use SVN password from recipe. That’s with Capistrano 1.4.0.

    I’ve tried Capistrano 2.0 but that complains about the recipe and goes bad sick.

    Any ideas, please?

  8. Avatar

    By Jonathan Tron about 1 year later:


    I’m not sure to understand what your problem is, but my recipes missed one update (made some time ago in capistrano 1.4.x), which led to a problem on the local machine.

    The problem is the svn use the deployement user/password after a deploy with capistrano, to prevent this you can do something like that :

    
set :repository, Proc.new { "--username #{svn_user} " +
                                            "--password #{svn_password} " +
                                            "--no-auth-cache " +
                    "http://your.domain.tld/path/to/svn/#{application}/trunk/" }

    The new part is : "—no-auth-cache " addition

  9. Avatar

    By Dibi Store over 1 year later:


    Thanks!

  10. Avatar

    By Sur over 1 year later:


    Quite useful. Thanks!

Comment Capistrano tips


RSS