Jobs.hasgeek.com

remote gig : Chef-solo provisioning Postgres + ssl/Rails

2014-02-04

CognateTech
Gurgaon

We have a fairly simple rails + postgres 9.3 webapp that we want to deploy in early production. We want someone who is fairly competent in Chef to help us set up the few parts of the infrastructure. We want to be able to contribute to the community as well, so we will host all these scripts as opensource.

Requirements:
rbenv + ruby 2.1.0 + Puma server
nginx
Debian 6/7
HaProxy
Monit
Postgresql 9.3

* you will be given 2-3 cloud instances running vanilla Debian 6/7. This may or may not be EC2, so you should not depend on using specific AMIs (think DigitalOcean or Rackspace). You will use this in your node.json for chef-solo.

* IMPORTANT - we will use this script to install this stack on our *local machines/laptops* as well. So all the deployment directories, etc. should not clobber any root home directories, etc. and be cleanly separated.

* chef-solo should take care BOTH of deployment (want to use Chef instead of Capistrano) as well server configuration management. This needs to incorporate Rails asset pipeline (precompilation/minification/asset-signing of js, gzipped content, etc.) and migrations.

* we have several rake tasks that need to run as cron jobs. chef-solo should deploy these.

* zero downtime deployment (if this is a problem with Puma, can consider Unicorn)

* Haproxy should incorporate request queuing

* nginx should have appropriate cache expiry and TTL headers for static content (based on rails structure - the "/public" directory).

* nginx should be configured to work on pure ssl (Strict-Transport-Security) and any http requests should redirect to https. Also turn on spdy for nginx. The best example of the configuration we want to use is at https://blog.hasgeek.com/2013/https-everywhere-at-hasgeek !!

* IMPORTANT - you should be able to setup Postgres replication, master election, WAL shipping and backup (both using https://github.com/wal-e/wal-e or some other alternative).

* Your scripts should incorporate best practices around security (for example Puma and nginx should not be open to the outside world. Firewalling,etc. Monit should be configured for simple monitoring of app + database.

chef code (including Cheffile and Cheffile.lock) needs to be delivered as a git repository. You are free to use any publicly available recipes through librarian.