convox_installer 3.0.0 → 3.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ea8a81c025b1a5046d3145beeee5cba92f8448cc8751182d911f3548b289c31a
-  data.tar.gz: 8eb61f167e06eb67bcd86eada0196d138995b3e61b237ce04f11891f6eb1426c
+  metadata.gz: c08b32666153594de1c3464ab4c8ea4f324952115facc72fc159d75de7d1a85e
+  data.tar.gz: 2f162d039ab30ebea6ecd8086bc88b30da9c50234c614594c43725036f75f2cb
 SHA512:
-  metadata.gz: db7f9e671230b4054a888397461056af9f8ee2d631e0d05fb4eda32a138ae947e7f7fdee8706ea3b9b695254d9fa8b5c2971222a68d8ba4ad8a1326917357f65
-  data.tar.gz: 8dd7d82786491eca18253d6dc405675fbe6c188c0276878ed352e3f9c17770aca9a4906b8819d061dd6940a203832e0808e9f1aa8427bddc9505d89974f39c69
+  metadata.gz: cdaf7159e5bebdde39ffed648fab4be85c5d2a556818b30ec8587ba52e920de44c09434edd654e894501ecb8a68c756c1c64e9de8939412d320dc753ab156163
+  data.tar.gz: 219b697d883f91bd173e214402af2d3f5ec988881a025e894f4e3aafef1970af61a1bb2905b886fac437788a18812f9dbbc1e6307aa2d80f1997fdc0d800f0be

data/README.md

@@ -8,7 +8,6 @@ This gem provides a DSL so that you can write a script that walks your users thr
 
 - MacOS
 - Convox v3 CLI
-- Runtime integration installed in your AWS account. See: https://docs.convox.com/getting-started/introduction/
 
 _Please let us know if you need to run this script on Linux. Linux support should not be too difficult to implement, but unfortunately we probably won't be able to support Windows._
 
@@ -27,10 +26,12 @@ We have successfully set up a number of test and production deployments using th
 - Idempotent. If this script crashes, you can restart it and it will pick up
   where it left off. Every step looks up the existing state, and only makes a change
   if things are not yet set up (or out of sync).
-- Ensures that the `convox` and `aws` CLI tools are installed
+- Ensures that the `convox` and `terraform` CLI tools are installed
 - Wraps the `convox` CLI and parses JSON output from API calls
-- Add n Docker Repository (e.g. ECR registry)
+- Add a Docker Repository (e.g. ECR registry)
 - Set up an S3 bucket with an optional CORS policy
+- Set up an RDS database (Postgres)
+- Set up an Elasticache cluster (Redis)
 
 ## Introduction
 
@@ -147,7 +148,7 @@ Shows a heading and optional details.
 
 #### `ensure_requirements!`
 
-Makes sure that the `convox` and `aws` CLI tools are installed on this system. If not, shows installation instructions and exits.
+Makes sure that the `convox` and `terraform` CLI tools are installed on this system. If not, shows installation instructions and exits.
 
 #### `prompt_for_config`
 
@@ -256,20 +257,17 @@ Adds an RDS database to your Terraform config.
   - `database_instance_class` _(default: 'db.t3.medium')_
   - `database_multi_az` _(default: true)_
 
-#### `add_add_elasticache_cluster`
+#### `add_elasticache_cluster`
 
 Adds an Elasticache cluster to your Terraform config.
 
 - **Optional Config:**
   - `engine` _(default: 'redis')_
-  - `engine_version` _(default: '6.2.5')_
-  - `node_type` _(default: 'cache.m3.medium')_
-  - `database_instance_class` _(default: 'db.t3.medium')_
+  - `engine_version` _(default: '6.x')_
+  - `node_type` _(default: 'cache.t3.medium')_
   - `num_cache_nodes` _(default: 1)_
   - `port` _(default: 6379)_
 
-_IMPORTANT: Make sure you specify a full version string (e.g. `6.2.5`), and not a partial version (e.g. `6.2`.) A partial version will cause Terraform to delete and recreate the cluster on every run._
-
 #### `apply_terraform_update!`
 
 Runs `terraform apply -auto-approve` to apply any changes to your Terraform configuration (add new resources, etc.)

data/examples/full_installation.rb

@@ -9,6 +9,7 @@
 #   gem "convox_installer"
 # end
 
+require 'English'
 $LOAD_PATH << File.expand_path('../lib', __dir__)
 require 'pry-byebug'
 
@@ -99,54 +100,138 @@ config = prompt_for_config
 
 backup_convox_host_and_rack
 install_convox
-
-validate_convox_auth_and_write_host!
+validate_convox_rack_and_write_current!
 validate_convox_rack_api!
 
 create_convox_app!
 set_default_app_for_directory!
 add_docker_registry!
-create_s3_bucket!
 
-puts '=> Generating secret keys for authentication sessions and encryption...'
-secret_key_base = SecureRandom.hex(64)
-data_encryption_key = SecureRandom.hex(32)
+add_s3_bucket
+add_rds_database
+add_elasticache_cluster
+
+apply_terraform_update!
+
+unless config[:sidekiq_cloudwatch_iam_credentials]
+  logger.info "Looking up IAM user for Sidekiq CloudWatch metrics (#{config.fetch(:sidekiq_cloudwatch_iam_username)})..."
+
+  aws_cli_credentials = "AWS_ACCESS_KEY_ID=#{config.fetch(:aws_access_key_id)} " \
+                        "AWS_SECRET_ACCESS_KEY=#{config.fetch(:aws_secret_access_key)}"
+  `#{aws_cli_credentials} aws iam get-user \
+    --user-name #{config.fetch(:sidekiq_cloudwatch_iam_username)} 2>/dev/null`
+  unless $CHILD_STATUS.success?
+    logger.info "Creating IAM user: #{config.fetch(:sidekiq_cloudwatch_iam_username)} with CloudWatchAgentServerPolicy..."
+    # IAM user needs the CloudWatchAgentServerPolicy policy
+    `#{aws_cli_credentials} aws iam create-user \
+      --user-name #{config.fetch(:sidekiq_cloudwatch_iam_username)}`
+    unless $CHILD_STATUS.success?
+      raise "Sorry, something went wrong while creating the #{config.fetch(:sidekiq_cloudwatch_iam_username)} IAM user!"
+    end
+
+    logger.info 'Attaching CloudWatchAgentServerPolicy...'
+    `#{aws_cli_credentials} aws iam attach-user-policy \
+      --user-name #{config.fetch(:sidekiq_cloudwatch_iam_username)} \
+      --policy-arn arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy`
+    unless $CHILD_STATUS.success?
+      raise 'Sorry, something went wrong while attaching the CloudWatchAgentServerPolicy policy!'
+    end
+  end
+  logger.info "Creating IAM access token for #{config.fetch(:sidekiq_cloudwatch_iam_username)}..."
+
+  create_access_key_output_json = `#{aws_cli_credentials} aws iam create-access-key \
+      --user-name #{config.fetch(:sidekiq_cloudwatch_iam_username)}`
+  unless $CHILD_STATUS.success?
+    raise "Sorry, something went wrong while creating the access token for #{config.fetch(:sidekiq_cloudwatch_iam_username)}!"
+  end
+
+  config[:sidekiq_cloudwatch_iam_credentials] =
+    JSON.parse(create_access_key_output_json)['AccessKey']
 
-puts "======> Default domain: #{default_service_domain_name}"
-puts '        You can use this as a CNAME record after configuring a domain in convox.yml'
-puts '        (Note: SSL will be configured automatically.)'
+  # Save credentials in the cached config file
+  File.open('./.installer_config.json', 'w') do |f|
+    f.puts(JSON.pretty_generate(config: config))
+  end
+end
 
-puts '=> Setting environment variables to configure the application...'
+logger.info "======> Default domain: #{default_service_domain_name}"
+logger.info '        You can use this as a CNAME record after configuring a domain in convox.yml'
+logger.info '        (Note: SSL will be configured automatically.)'
 
-env = {
-  'HEALTH_CHECK_PATH' => MINIMAL_HEALTH_CHECK_PATH,
-  'DOMAIN_NAME' => default_service_domain_name,
+logger.info 'Checking convox env...'
+convox_env_output = `convox env --rack #{config.fetch(:stack_name)}`
+raise 'Error running convox env' unless $CHILD_STATUS.success?
+
+convox_env = begin
+  convox_env_output.split("\n").map { |s| s.split('=', 2) }.to_h
+rescue StandardError
+  {}
+end
+
+# Add database and redis
+desired_env = {
+  'DATABASE_URL' => rds_details[:postgres_url],
+  'REDIS_URL' => elasticache_details[:redis_url],
   'AWS_ACCESS_KEY_ID' => s3_bucket_details.fetch(:access_key_id),
   'AWS_ACCESS_KEY_SECRET' => s3_bucket_details.fetch(:secret_access_key),
   'AWS_UPLOADS_S3_BUCKET' => s3_bucket_details.fetch(:name),
   'AWS_UPLOADS_S3_REGION' => config.fetch(:aws_region),
-  'SECRET_KEY_BASE' => secret_key_base,
-  'DATA_ENCRYPTION_KEY' => data_encryption_key,
+  'SECRET_KEY_BASE' => config.fetch(:secret_key_base),
+  'SUBMISSION_DATA_ENCRYPTION_KEY' => config.fetch(:data_encryption_key),
   'ADMIN_NAME' => 'Admin',
   'ADMIN_EMAIL' => config.fetch(:admin_email),
-  'ADMIN_PASSWORD' => config.fetch(:admin_password)
+  'ADMIN_PASSWORD' => config.fetch(:admin_password),
+  'DOCSPRING_LICENSE' => config.fetch(:docspring_license),
+  'DISABLE_EMAILS' => 'true'
 }
 
-env_command_params = env.map { |k, v| "#{k}=\"#{v}\"" }.join(' ')
-run_convox_command! "env set #{env_command_params}"
+# Only set health check path and domain if it's not already present.
+desired_env['HEALTH_CHECK_PATH'] = MINIMAL_HEALTH_CHECK_PATH if convox_env['HEALTH_CHECK_PATH'].nil?
+desired_env['DOMAIN_NAME'] = default_service_domain_name if convox_env['DOMAIN_NAME'].nil?
+
+updated_keys = []
+desired_env.each_key do |key|
+  updated_keys << key if convox_env[key] != desired_env[key]
+end
+
+if updated_keys.none?
+  logger.info '=> Convox env has already been configured.'
+  logger.info '   You can update this by running: convox env set ...'
+else
+  logger.info "=> Setting environment variables to configure DocSpring: #{updated_keys.join(', ')}"
+  env_command_params = desired_env.map { |k, v| "#{k}=\"#{v}\"" }.join(' ')
+  run_convox_command! "env set #{env_command_params}"
+end
+
+# If we are already using the complete health check path, then we can skip the rest.
+if convox_env['HEALTH_CHECK_PATH'] == COMPLETE_HEALTH_CHECK_PATH
+  logger.info 'DocSpring is already set up and running.'
+else
+  logger.info 'Checking convox processes...'
+  convox_processes = `convox ps --rack #{config.fetch(:stack_name)}`
+  if convox_processes.include?('web') && convox_processes.include?('worker')
+    logger.info '=> Initial deploy for DocSpring Enterprise is already done.'
+  else
+    logger.info '=> Initial deploy for DocSpring Enterprise...'
+    logger.info '-----> Documentation: https://docs.convox.com/deployment/deploying-changes/'
+    run_convox_command! 'deploy'
+  end
+
+  logger.info '=> Ensuring the DocSpring application container can boot successfully...'
+  run_convox_command! 'run command ./bin/smoke_test'
 
-puts '=> Initial deploy...'
-puts '-----> Documentation: https://docs.convox.com/deployment/deploying-changes/'
-run_convox_command! 'deploy --wait'
+  logger.info '=> Setting up the DocSpring database...'
+  run_convox_command! 'run command rake db:create db:migrate db:seed'
 
-puts '=> Setting up the database...'
-run_convox_command! 'run web rake db:create db:migrate db:seed'
+  logger.info '=> Checking Postgres, Redis, Rails cache, S3 uploads, Sidekiq job processing...'
+  run_convox_command! 'run command rake tests:health_check'
 
-puts '=> Updating the health check path to include database tests...'
-run_convox_command! "env set --promote --wait HEALTH_CHECK_PATH=#{COMPLETE_HEALTH_CHECK_PATH}"
+  logger.info '=> Updating the health check path to include database tests...'
+  run_convox_command! "env set --promote HEALTH_CHECK_PATH=#{COMPLETE_HEALTH_CHECK_PATH}"
+end
 
 puts
-puts 'All done!'
+logger.info 'All done!'
 puts
 puts "You can now visit #{default_service_domain_name} and sign in with:"
 puts
@@ -166,24 +251,26 @@ puts
 puts 'To learn more about the convox CLI, run: convox --help'
 puts
 puts '  * View the Convox documentation:  https://docs.convox.com/'
+puts '  * View the DocSpring documentation: https://docspring.com/docs/'
 puts
 puts
-puts 'To completely uninstall Convox from your AWS account,'
+puts 'To completely uninstall Convox and DocSpring from your AWS account,'
 puts 'run the following steps (in this order):'
 puts
 puts ' 1) Disable "Termination Protection" for any resource where it was enabled.'
 puts
-puts " 2) Delete all files from the #{config.fetch(:s3_bucket_name)} S3 bucket:"
+puts " 2) Delete all files from the #{s3_bucket_details.fetch(:name)} S3 bucket:"
 puts
 puts "    export AWS_ACCESS_KEY_ID=#{config.fetch(:aws_access_key_id)}"
 puts "    export AWS_SECRET_ACCESS_KEY=#{config.fetch(:aws_secret_access_key)}"
 puts "    aws s3 rm s3://#{s3_bucket_details.fetch(:name)} --recursive"
 puts
-puts " 3) Delete the #{config.fetch(:s3_bucket_name)} S3 bucket:"
+puts ' 3) Uninstall Convox (deletes all AWS resources via Terraform):'
 puts
-puts "    convox rack resources delete #{config.fetch(:s3_bucket_name)} --wait"
+puts "    convox rack uninstall #{config.fetch(:stack_name)}"
 puts
-puts ' 4) Uninstall Convox (deletes all CloudFormation stacks and AWS resources):'
 puts
-puts "    convox rack uninstall aws #{config.fetch(:stack_name)}"
+puts '------------------------------------------------------------------------------------'
+puts 'Thank you for using DocSpring! Please contact support@docspring.com if you need any help.'
+puts '------------------------------------------------------------------------------------'
 puts

data/lib/convox/client.rb

@@ -112,9 +112,11 @@ module Convox
         'AWS_ACCESS_KEY_ID' => config.fetch(:aws_access_key_id),
         'AWS_SECRET_ACCESS_KEY' => config.fetch(:aws_secret_access_key)
       }
+      # Set proxy_protocol=true by default to forward client IPs
       command = %(rack install aws \
 "#{config.fetch(:stack_name)}" \
 "node_type=#{config.fetch(:instance_type)}" \
+"proxy_protocol=true" \
 "region=#{config.fetch(:aws_region)}")
       # us-east constantly has problems with the us-east-1c AZ:
       # "Cannot create cluster 'ds-enterprise-cx3' because us-east-1c, the targeted

data/lib/convox_installer/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ConvoxInstaller
-  VERSION = '3.0.0'
+  VERSION = '3.0.1'
 end

data/spec/lib/convox/client_spec.rb

@@ -100,11 +100,11 @@ RSpec.describe Convox::Client do
     end
   end
 
-  describe '#validate_convox_auth_and_write_host!' do
+  describe '#validate_convox_rack_and_write_current!' do
     it 'requires the correct config vars' do
       client = described_class.new
       expect do
-        client.validate_convox_auth_and_write_host!
+        client.validate_convox_rack_and_write_current!
       end.to raise_error('aws_region is missing from the config!')
     end
 
@@ -120,7 +120,7 @@ RSpec.describe Convox::Client do
       ).and_return(false)
 
       expect do
-        client.validate_convox_auth_and_write_host!
+        client.validate_convox_rack_and_write_current!
       end.to raise_error(/Could not find auth file at /)
     end
 
@@ -141,7 +141,7 @@ RSpec.describe Convox::Client do
       expect(client).to receive(:write_current).with(
         'convox-test-697645520.us-west-2.elb.amazonaws.com'
       )
-      expect(client.validate_convox_auth_and_write_host!).to(
+      expect(client.validate_convox_rack_and_write_current!).to(
         eq('convox-test-697645520.us-west-2.elb.amazonaws.com')
       )
     end
@@ -161,7 +161,7 @@ RSpec.describe Convox::Client do
         }
       )
       expect do
-        client.validate_convox_auth_and_write_host!
+        client.validate_convox_rack_and_write_current!
       end.to raise_error('Could not find matching authentication for ' \
                          'region: us-east-1, stack: convox-test')
     end
@@ -182,7 +182,7 @@ RSpec.describe Convox::Client do
         }
       )
       expect do
-        client.validate_convox_auth_and_write_host!
+        client.validate_convox_rack_and_write_current!
       end.to raise_error('Found multiple matching hosts for ' \
                          'region: us-west-2, stack: convox-test')
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: convox_installer
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 3.0.1
 platform: ruby
 authors:
 - Form Applications Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-04 00:00:00.000000000 Z
+date: 2022-11-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -132,7 +132,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.11
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Build a Convox installation workflow