kamal 2.0.0.rc2 → 2.0.0.rc4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/kamal/cli/proxy.rb +40 -0
- data/lib/kamal/cli/templates/deploy.yml +42 -32
- data/lib/kamal/cli/templates/sample_hooks/pre-proxy-reboot.sample +1 -1
- data/lib/kamal/cli/templates/secrets +3 -2
- data/lib/kamal/commands/proxy.rb +17 -2
- data/lib/kamal/configuration/proxy.rb +1 -1
- data/lib/kamal/configuration.rb +15 -3
- data/lib/kamal/secrets/adapters/last_pass.rb +2 -2
- data/lib/kamal/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 84140bdc487da680b06d12d90b50f7f5e31e55fefb5be7c029ab0883d31086b6
|
4
|
+
data.tar.gz: c88fb136bef3f989a13efaba8628080b10bb4cc3f7e5606aa24e0627e9764d58
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a5a316c076f50f0052790589b7ecc43f62c671043dd806f57c0b7eac8d9c7f56fa6b5d2d1e651deb5c8ec1475aad453084637ffcf59aa8557267ca15e9798992
|
7
|
+
data.tar.gz: ca73bc0883121188cc94df733264ee41a8f3d778a443dfde6d472a7e609168725bbfbc6d613c891a095c1a81eb4f5e9368c07eaa5532ad8bf286464578ac03f0
|
data/lib/kamal/cli/proxy.rb
CHANGED
@@ -21,6 +21,36 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
|
|
21
21
|
end
|
22
22
|
end
|
23
23
|
|
24
|
+
desc "boot_config <set|get|clear>", "Mange kamal-proxy boot configuration"
|
25
|
+
option :publish, type: :boolean, default: true, desc: "Publish the proxy ports on the host"
|
26
|
+
option :http_port, type: :numeric, default: Kamal::Configuration::PROXY_HTTP_PORT, desc: "HTTP port to publish on the host"
|
27
|
+
option :https_port, type: :numeric, default: Kamal::Configuration::PROXY_HTTPS_PORT, desc: "HTTPS port to publish on the host"
|
28
|
+
option :docker_options, type: :array, default: [], desc: "Docker options to pass to the proxy container", banner: "option=value option2=value2"
|
29
|
+
def boot_config(subcommand)
|
30
|
+
case subcommand
|
31
|
+
when "set"
|
32
|
+
boot_options = [
|
33
|
+
*(KAMAL.config.proxy_publish_args(options[:http_port], options[:https_port]) if options[:publish]),
|
34
|
+
*options[:docker_options].map { |option| "--#{option}" }
|
35
|
+
]
|
36
|
+
|
37
|
+
on(KAMAL.proxy_hosts) do |host|
|
38
|
+
execute(*KAMAL.proxy.ensure_proxy_directory)
|
39
|
+
upload! StringIO.new(boot_options.join(" ")), KAMAL.config.proxy_options_file
|
40
|
+
end
|
41
|
+
when "get"
|
42
|
+
on(KAMAL.proxy_hosts) do |host|
|
43
|
+
puts "Host #{host}: #{capture_with_info(*KAMAL.proxy.get_boot_options)}"
|
44
|
+
end
|
45
|
+
when "reset"
|
46
|
+
on(KAMAL.proxy_hosts) do |host|
|
47
|
+
execute *KAMAL.proxy.reset_boot_options
|
48
|
+
end
|
49
|
+
else
|
50
|
+
raise ArgumentError, "Unknown boot_config subcommand #{subcommand}"
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
24
54
|
desc "reboot", "Reboot proxy on servers (stop container, remove container, start new container)"
|
25
55
|
option :rolling, type: :boolean, default: false, desc: "Reboot proxy on hosts in sequence, rather than in parallel"
|
26
56
|
option :confirmed, aliases: "-y", type: :boolean, default: false, desc: "Proceed without confirmation question"
|
@@ -169,6 +199,7 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
|
|
169
199
|
stop
|
170
200
|
remove_container
|
171
201
|
remove_image
|
202
|
+
remove_proxy_directory
|
172
203
|
end
|
173
204
|
end
|
174
205
|
end
|
@@ -193,6 +224,15 @@ class Kamal::Cli::Proxy < Kamal::Cli::Base
|
|
193
224
|
end
|
194
225
|
end
|
195
226
|
|
227
|
+
desc "remove_proxy_directory", "Remove the proxy directory from servers", hide: true
|
228
|
+
def remove_proxy_directory
|
229
|
+
with_lock do
|
230
|
+
on(KAMAL.proxy_hosts) do
|
231
|
+
execute *KAMAL.proxy.remove_proxy_directory, raise_on_non_zero_exit: false
|
232
|
+
end
|
233
|
+
end
|
234
|
+
end
|
235
|
+
|
196
236
|
private
|
197
237
|
def removal_allowed?(force)
|
198
238
|
on(KAMAL.proxy_hosts) do |host|
|
@@ -2,11 +2,22 @@
|
|
2
2
|
service: my-app
|
3
3
|
|
4
4
|
# Name of the container image.
|
5
|
-
image: user/my-app
|
5
|
+
image: my-user/my-app
|
6
6
|
|
7
7
|
# Deploy to these servers.
|
8
8
|
servers:
|
9
|
-
|
9
|
+
web:
|
10
|
+
- 192.168.0.1
|
11
|
+
# job:
|
12
|
+
# hosts:
|
13
|
+
# - 192.168.0.1
|
14
|
+
# cmd: bin/jobs
|
15
|
+
|
16
|
+
# Enable SSL auto certification via Let's Encrypt (and allow for multiple apps on one server).
|
17
|
+
# Set ssl: false if using something like Cloudflare to terminate SSL (but keep host!).
|
18
|
+
proxy:
|
19
|
+
ssl: true
|
20
|
+
host: app.example.com
|
10
21
|
|
11
22
|
# Credentials for your image host.
|
12
23
|
registry:
|
@@ -14,7 +25,7 @@ registry:
|
|
14
25
|
# server: registry.digitalocean.com / ghcr.io / ...
|
15
26
|
username: my-user
|
16
27
|
|
17
|
-
# Always use an access token rather than real password
|
28
|
+
# Always use an access token rather than real password (pulled from .kamal/secrets).
|
18
29
|
password:
|
19
30
|
- KAMAL_REGISTRY_PASSWORD
|
20
31
|
|
@@ -22,19 +33,44 @@ registry:
|
|
22
33
|
builder:
|
23
34
|
arch: amd64
|
24
35
|
|
25
|
-
# Inject ENV variables into containers (secrets come from .
|
26
|
-
#
|
36
|
+
# Inject ENV variables into containers (secrets come from .kamal/secrets).
|
37
|
+
#
|
27
38
|
# env:
|
28
39
|
# clear:
|
29
40
|
# DB_HOST: 192.168.0.2
|
30
41
|
# secret:
|
31
42
|
# - RAILS_MASTER_KEY
|
32
43
|
|
44
|
+
# Aliases are triggered with "bin/kamal <alias>". You can overwrite arguments on invocation:
|
45
|
+
# "bin/kamal logs -r job" will tail logs from the first server in the job section.
|
46
|
+
#
|
47
|
+
# aliases:
|
48
|
+
# shell: app exec --interactive --reuse "bash"
|
49
|
+
|
33
50
|
# Use a different ssh user than root
|
51
|
+
#
|
34
52
|
# ssh:
|
35
53
|
# user: app
|
36
54
|
|
37
|
-
# Use
|
55
|
+
# Use a persistent storage volume.
|
56
|
+
#
|
57
|
+
# volumes:
|
58
|
+
# - "app_storage:/app/storage"
|
59
|
+
|
60
|
+
# Bridge fingerprinted assets, like JS and CSS, between versions to avoid
|
61
|
+
# hitting 404 on in-flight requests. Combines all files from new and old
|
62
|
+
# version inside the asset_path.
|
63
|
+
#
|
64
|
+
# asset_path: /app/public/assets
|
65
|
+
|
66
|
+
# Configure rolling deploys by setting a wait time between batches of restarts.
|
67
|
+
#
|
68
|
+
# boot:
|
69
|
+
# limit: 10 # Can also specify as a percentage of total hosts, such as "25%"
|
70
|
+
# wait: 2
|
71
|
+
|
72
|
+
# Use accessory services (secrets come from .kamal/secrets).
|
73
|
+
#
|
38
74
|
# accessories:
|
39
75
|
# db:
|
40
76
|
# image: mysql:8.0
|
@@ -56,29 +92,3 @@ builder:
|
|
56
92
|
# port: 6379
|
57
93
|
# directories:
|
58
94
|
# - data:/data
|
59
|
-
|
60
|
-
# Bridge fingerprinted assets, like JS and CSS, between versions to avoid
|
61
|
-
# hitting 404 on in-flight requests. Combines all files from new and old
|
62
|
-
# version inside the asset_path.
|
63
|
-
#
|
64
|
-
# If your app is using the Sprockets gem, ensure it sets `config.assets.manifest`.
|
65
|
-
# See https://github.com/basecamp/kamal/issues/626 for details
|
66
|
-
#
|
67
|
-
# asset_path: /rails/public/assets
|
68
|
-
|
69
|
-
# Configure rolling deploys by setting a wait time between batches of restarts.
|
70
|
-
# boot:
|
71
|
-
# limit: 10 # Can also specify as a percentage of total hosts, such as "25%"
|
72
|
-
# wait: 2
|
73
|
-
|
74
|
-
# Configure the role used to determine the primary_host. This host takes
|
75
|
-
# deploy locks, runs health checks during the deploy, and follow logs, etc.
|
76
|
-
#
|
77
|
-
# Caution: there's no support for role renaming yet, so be careful to cleanup
|
78
|
-
# the previous role on the deployed hosts.
|
79
|
-
# primary_role: web
|
80
|
-
|
81
|
-
# Controls if we abort when see a role with no hosts. Disabling this may be
|
82
|
-
# useful for more complex deploy configurations.
|
83
|
-
#
|
84
|
-
# allow_empty_roles: false
|
@@ -1,5 +1,6 @@
|
|
1
|
-
#
|
2
|
-
#
|
1
|
+
# Secrets defined here are available for reference under registry/password, env/secret, builder/secrets,
|
2
|
+
# and accessories/*/env/secret in config/deploy.yml. All secrets should be pulled from either
|
3
|
+
# password manager, ENV, or a file. DO NOT ENTER RAW CREDENTIALS HERE! This file needs to be safe for git.
|
3
4
|
|
4
5
|
# Option 1: Read secrets from the environment
|
5
6
|
KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
|
data/lib/kamal/commands/proxy.rb
CHANGED
@@ -7,9 +7,8 @@ class Kamal::Commands::Proxy < Kamal::Commands::Base
|
|
7
7
|
"--network", "kamal",
|
8
8
|
"--detach",
|
9
9
|
"--restart", "unless-stopped",
|
10
|
-
*config.proxy_publish_args,
|
11
10
|
"--volume", "kamal-proxy-config:/home/kamal-proxy/.config/kamal-proxy",
|
12
|
-
|
11
|
+
"\$\(#{get_boot_options.join(" ")}\)",
|
13
12
|
config.proxy_image
|
14
13
|
end
|
15
14
|
|
@@ -65,6 +64,22 @@ class Kamal::Commands::Proxy < Kamal::Commands::Base
|
|
65
64
|
)
|
66
65
|
end
|
67
66
|
|
67
|
+
def ensure_proxy_directory
|
68
|
+
make_directory config.proxy_directory
|
69
|
+
end
|
70
|
+
|
71
|
+
def remove_proxy_directory
|
72
|
+
remove_directory config.proxy_directory
|
73
|
+
end
|
74
|
+
|
75
|
+
def get_boot_options
|
76
|
+
combine [ :cat, config.proxy_options_file ], [ :echo, "\"#{config.proxy_options_default.join(" ")}\"" ], by: "||"
|
77
|
+
end
|
78
|
+
|
79
|
+
def reset_boot_options
|
80
|
+
remove_file config.proxy_options_file
|
81
|
+
end
|
82
|
+
|
68
83
|
private
|
69
84
|
def container_name
|
70
85
|
config.proxy_container_name
|
@@ -29,7 +29,7 @@ class Kamal::Configuration::Proxy
|
|
29
29
|
def deploy_options
|
30
30
|
{
|
31
31
|
host: proxy_config["host"],
|
32
|
-
tls: proxy_config["ssl"],
|
32
|
+
tls: proxy_config["ssl"] ? true : nil,
|
33
33
|
"deploy-timeout": seconds_duration(config.deploy_timeout),
|
34
34
|
"drain-timeout": seconds_duration(config.drain_timeout),
|
35
35
|
"health-check-interval": seconds_duration(proxy_config.dig("healthcheck", "interval")),
|
data/lib/kamal/configuration.rb
CHANGED
@@ -14,7 +14,7 @@ class Kamal::Configuration
|
|
14
14
|
|
15
15
|
include Validation
|
16
16
|
|
17
|
-
PROXY_MINIMUM_VERSION = "v0.
|
17
|
+
PROXY_MINIMUM_VERSION = "v0.6.0"
|
18
18
|
PROXY_HTTP_PORT = 80
|
19
19
|
PROXY_HTTPS_PORT = 443
|
20
20
|
|
@@ -246,8 +246,12 @@ class Kamal::Configuration
|
|
246
246
|
env_tags.detect { |t| t.name == name.to_s }
|
247
247
|
end
|
248
248
|
|
249
|
-
def proxy_publish_args
|
250
|
-
argumentize "--publish", [ "#{
|
249
|
+
def proxy_publish_args(http_port, https_port)
|
250
|
+
argumentize "--publish", [ "#{http_port}:#{PROXY_HTTP_PORT}", "#{https_port}:#{PROXY_HTTPS_PORT}" ]
|
251
|
+
end
|
252
|
+
|
253
|
+
def proxy_options_default
|
254
|
+
proxy_publish_args PROXY_HTTP_PORT, PROXY_HTTPS_PORT
|
251
255
|
end
|
252
256
|
|
253
257
|
def proxy_image
|
@@ -258,6 +262,14 @@ class Kamal::Configuration
|
|
258
262
|
"kamal-proxy"
|
259
263
|
end
|
260
264
|
|
265
|
+
def proxy_directory
|
266
|
+
File.join run_directory, "proxy"
|
267
|
+
end
|
268
|
+
|
269
|
+
def proxy_options_file
|
270
|
+
File.join proxy_directory, "options"
|
271
|
+
end
|
272
|
+
|
261
273
|
|
262
274
|
def to_h
|
263
275
|
{
|
@@ -3,7 +3,7 @@ class Kamal::Secrets::Adapters::LastPass < Kamal::Secrets::Adapters::Base
|
|
3
3
|
def login(account)
|
4
4
|
unless loggedin?(account)
|
5
5
|
`lpass login #{account.shellescape}`
|
6
|
-
raise RuntimeError, "Failed to login to
|
6
|
+
raise RuntimeError, "Failed to login to LastPass" unless $?.success?
|
7
7
|
end
|
8
8
|
end
|
9
9
|
|
@@ -13,7 +13,7 @@ class Kamal::Secrets::Adapters::LastPass < Kamal::Secrets::Adapters::Base
|
|
13
13
|
|
14
14
|
def fetch_secrets(secrets, account:, session:)
|
15
15
|
items = `lpass show #{secrets.map(&:shellescape).join(" ")} --json`
|
16
|
-
raise RuntimeError, "Could not read #{secrets} from
|
16
|
+
raise RuntimeError, "Could not read #{secrets} from LastPass" unless $?.success?
|
17
17
|
|
18
18
|
items = JSON.parse(items)
|
19
19
|
|
data/lib/kamal/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: kamal
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.0.
|
4
|
+
version: 2.0.0.rc4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Heinemeier Hansson
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-09-
|
11
|
+
date: 2024-09-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -332,11 +332,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
332
332
|
version: '0'
|
333
333
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
334
334
|
requirements:
|
335
|
-
- - "
|
335
|
+
- - ">"
|
336
336
|
- !ruby/object:Gem::Version
|
337
|
-
version:
|
337
|
+
version: 1.3.1
|
338
338
|
requirements: []
|
339
|
-
rubygems_version: 3.
|
339
|
+
rubygems_version: 3.3.22
|
340
340
|
signing_key:
|
341
341
|
specification_version: 4
|
342
342
|
summary: Deploy web apps in containers to servers running Docker with zero downtime.
|