orats 0.3.2 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ed3528a226c156ebd2bb1155fc50f3a5074f78cb
-  data.tar.gz: 972dd00fe19344f92c8079837f841db6226b9425
+  metadata.gz: df0e6a8e4b16283b4ee0da8cd5cdb7c5004b8fa4
+  data.tar.gz: 9e484f41808728ea3cb9c23984f5fc0f0dc6bf6e
 SHA512:
-  metadata.gz: 1ca57f387e3d371752ae69c303c14044491e8abfd8fd8ac093b3c860ae5c307c85576638ffdf11e4f82b320c8d9e405c4324645ad8335a28829960fd96ba77c5
-  data.tar.gz: 20d28d78394998d2d0f4ead1969aa0f959c279753f1bffd836d783b3f79503b938092543393f32b56b4c5c12dbaa27cd0fab885b2ffc513c2bad54820397a753
+  metadata.gz: 6665735679ce17c0f7967357b27ce391b60d5d1abcb7eee4ceedf8a5253bd171a95bdd4c2d416b6e9e10d91b5eae7f50a9a309f8022a8b54756fb6254bd306c1
+  data.tar.gz: cace2be230a652af3d08cb595860649a8e4c0deb64d52b3703a468f008ea0179128630f90f24f72153b7da8f27302cefe54bfeb0b811288229ec798ebe5432d2

data/.gitignore

@@ -4,5 +4,5 @@
 .*.sw*
 *~
 .idea/
-.gem
+*.gem
 Gemfile.lock

data/README.md

@@ -1,14 +1,14 @@
 ## What is orats and what problem does it solve?
 
 It stands for opinionated rails application templates. The templates include solving tedious tasks that you would do for most
-projects. It handles creating a rails application with a bunch of opinions and optionally a chef cookbook so you can deploy
-your app quickly.
+projects. It handles creating a rails application with a bunch of opinions and optionally an ansible playbook so you can
+deploy your apps quickly.
 
 Everything is accessed through the [orats gem](#installation).
 
 ## What version of Rails and Ruby are you targeting?
 
-#### Rails 4.0.x and Ruby 2.1.x
+#### Rails 4.1.x and Ruby 2.1.x
 
 I will be updating them as new versions come out and when the gems used are proven to work. All important gems in the Gemfile
 are locked using the pessimistic operator `~>` so you can be sure that everything plays nice as long as rubygems.org is up!
@@ -19,7 +19,7 @@ are locked using the pessimistic operator `~>` so you can be sure that everythin
     - To download each rails template and automate running certain tasks.
 - Ruby 2.1.x
     - Yep, you really need Ruby to run Ruby modules.
-- Rails 4.0.x
+- Rails 4.1.x
     - You need Rails installed so that you can run the project generator.
 - Git
     - The weapon of choice for version control.
@@ -28,19 +28,12 @@ are locked using the pessimistic operator `~>` so you can be sure that everythin
 - Redis
     - Used as a sidekiq background worker and as the rails cache back end.
 
-### Additional system dependencies for creating cookbooks
+### Additional system dependencies for ansible
 
-`orats` is smart enough to skip trying to create a cookbook if it cannot find the necessary dependencies to successfully
-create the cookbook, but to successfully create a cookbook you must fulfil the requirements below:
+`orats` is smart enough to skip trying to create ansible related files if it cannot find the necessary dependencies to successfully
+use them. To successfully create ansible content you must fulfil the requirements below:
 
-- Chef is installed and setup in such a way that `knife` is on your system path.
-- Berkshelf has been gem installed and you can run `berks` from anywhere.
-
-Not sure what chef or berkshelf is? No problem, learn about chef from these resources:
-
-- [Learn chef course](https://learnchef.opscode.com/)
-- [Berkshelf readme](http://www.berkshelf.com/)
-- [Berkshelf tutorial series](http://misheska.com/blog/2013/06/16/getting-started-writing-chef-cookbooks-the-berkshelf-way/)
+- Ansible is installed and setup in such a way that `ansible` is on your system path.
 
 ## Contents
 
@@ -50,12 +43,10 @@ Not sure what chef or berkshelf is? No problem, learn about chef from these reso
 - Templates
     - [Base](#base)
     - [Authentication and authorization](#authentication-and-authorization)
-    - [Cookbook](#cookbook)
-        - [Overview](#the-cookbook-comes-with-the-following-features)
+    - [Playbook](#playbook)
+        - [Overview](#the-playbook-comes-with-the-following-features)
 - Sections
     - [Production tweaks](#production-tweaks)
-- Wikis
-    - [Chef walk through](https://github.com/nickjj/orats/wiki/Chef-walk-through)
 
 ## orats
 
@@ -73,15 +64,15 @@ running `orats <command name> help` from your terminal. You can also type `orats
     - Configuration:
         - Optionally takes: `--pg-location [localhost]`
         - Optionally takes: `--pg-username [postgres]`
+        - Optionally takes: `--redis-password []`
     - Template features:
         - Optionally takes: `--auth [false]`
     - Project features:
-        - Optionally takes: `--skip-cook [false]`
         - Optionally takes: `--skip-extras [false]`
         - Optionally takes: `--skip-foreman-start [false]`
 
-- Create a stand alone chef cookbook
-    - `orats cook <APP_PATH>`
+- Create an ansible playbook
+    - `orats play <PATH>`
 
 - Delete the directory and optionally all data associated to it
     - `orats nuke <APP_PATH>`
@@ -133,9 +124,7 @@ Everything has been added with proper git commits so you have a trail of changes
 
 ### Try it
 
-`orats new myapp --pg-password <development postgres db password> -C`
-
-*We are running the command with `-C` to ignore creating a cookbook so the installation is faster.*
+`orats new myapp --pg-password <development postgres db password>`
 
 #### What's with the services directory?
 
@@ -161,6 +150,12 @@ aware that the `.env` file is not loaded in production, in fact it is not even s
 You can use the `.env` file as a guide so you know which values you need to write out as true ENV variables on your server
 using whatever server provisioning tools you use.
 
+#### Project path
+
+Make sure you have the project path set properly on your server. It is used by both puma and sidekiq to determine where
+they should write out their pid, socket and log files. If this is not set correctly then you will not be able to start
+your application properly in non-development mode.
+
 #### Puma
 
 You should set your puma min/max threads to 0 and 16 and use at least 2 workers if you want to do phased restarts. From
@@ -211,89 +206,69 @@ I feel like this is the cleanest way to disable registrations while still allowi
 
 ### Try it
 
-`orats new myauthapp --pg-password <development postgres db password> --auth -C`
-
-*We are running the command with `-C` to ignore creating a cookbook so the installation is faster.*
+`orats new myauthapp --pg-password <development postgres db password> --auth`
 
-## Cookbook
+## Playbook
 
 Building your application is only one piece of the puzzle. If you want to ship your application you have to host it somewhere.
 You have a few options when it comes to managed hosts like Heroku but they tend to be very expensive if you fall out of
 their free tier.
 
-The cookbook template creates a chef cookbook that will provision a **ubuntu 12.04 LTS server**. It can be hosted anywhere
-as there are no hard requirements on any specific host. Chef is a server management framework. This template uses the
-application cookbook pattern and depends on Berkshelf. Berkshelf is very similar to bundler but for chef cookbooks.
+The playbook template creates an ansible playbook that will provision a **ubuntu 12.04 LTS server**. It can be hosted anywhere
+as there are no hard requirements on any specific host.
 
-### The cookbook comes with the following features
+### The playbook comes with the following features
 
 - Security
-    - A random username is generated each time you generate a new cookbook.
-    - A random ssh port is generated each time you generate a new cookbook.
     - Logging into the server is only possible with an SSH key.
     - fail2ban is setup.
-    - ufw (firewall) is setup to block any ports not exposed.
+    - ufw (firewall) is setup to block any ports not exposed by you.
     - All stack specific processes are running with less privileges than root.
 - Stack specific processes that are installed and configured
     - Nginx
     - Postgres
     - Redis
 - Runtimes
-    - Ruby 2.1.0 managed via rvm
+    - Ruby 2.1.x managed via rvm
     - Nodejs 0.10.x
-- Utils and features
-    - htop for emergency live monitoring
-    - logrotate with log rotation setup for anything that needs it.
-    - git
-    - A git repo in the deploy user's home directory which you can push to.
-
-### Cookbook structure
-
-It is broken up into 5 recipes:
+- Git
+    - Pull in app code from a remote repo of your choice.
 
-- Base
-- Database
-- Cache
-- Web
-- Default
+All of this is provided by a series of ansible roles. You may also use these roles without orats. If you want to
+check out each role then here's a link to their repos:
 
-With the application style cookbook pattern it is a good idea to only run one recipe on your node. The default recipe
-just composes the other 4 together. This makes it trivial to break out past one node in the future. If you wanted to
-put your web server on server A and the database/cache servers on server B all you would have to do is create a new recipe
-called something like `database_cache` (the name is arbitrary) and pull in both the database and cache recipes.
+- https://github.com/nickjj/ansible-user
+- https://github.com/nickjj/ansible-security
+- https://github.com/nickjj/ansible-nginx
+- https://github.com/nickjj/ansible-nodejs
+- https://github.com/nickjj/ansible-ruby
+- https://github.com/nickjj/ansible-rails
+- https://github.com/nickjj/ansible-postgres
+- https://github.com/DavidWittman/ansible-redis
 
-Then when you bootstrap the node you can tell it to use the new `database_cache` recipe. Awesome right? Yeah I know, chef rocks.
+You will need to install the roles onto your workstation before you can use them. You can do that by running this command:
+`ansible-galaxy install nickjj.user nickjj.security nickjj.postgres nickjj.ruby nickjj.nodejs nickjj.nginx nickjj.rails DavidWittman.redis --force`
 
 ### Try it
 
-`orats new mychefapp --pg-password <development postgres db password>`
-
-#### Why is the cookbooks directory plural?
-
-It is not uncommon for some projects to have multiple cookbooks. Of course that is completely out of scope for orats but
-at least it generates a directory structure capable of sustaining multiple cookbooks.
-
-### Tweakable attributes and meta data
-
-You can quickly tweak a bunch of values by investigating the `attributes/default.rb` file. The values here are used in each
-recipe. They are also namespaced to match the recipe file that uses them.
+`orats play myrailsapp`
 
-#### Are you experienced with chef?
+Ansible is very powerful and flexible when it comes to managing infrastructure. If most of your rails apps have a similar stack
+then you can use a single playbook to run all of your apps. You can customize the details for each one by adjusting the inventory
+that gets generated for each app.
 
-Nice, then you should know what to do from this point. Setup your encrypted data bag and bootstrap the node.
+### The `inventory` and `secrets` directories
 
-#### Do you need a full blown walk through?
+When you create a new orats app you'll get both of these directories added for you automatically unless you `--skip-extras`.
 
-If you have very little chef experience and want to go through the steps of creating a new orats project with a cookbook,
-pushing it to a free managed chef server solution and bootstrapping a node then check out the
-[chef walk through on the wiki](https://github.com/nickjj/orats/wiki/Chef-walk-through).
+**The inventory directory** contains the files to setup your host addresses as well as configure your application using
+the parameters exposed by the various ansible roles.
 
-### The server is up but how do I deploy my application?
+**The secrets directory** holds all of the passwords and sensitive information such as ssh keypairs or ssl certificates. They
+are not added to version control and these files will be copied to your server when you run the playbook.
 
-This is another area where there are many options. You could use capistrano but you could also have chef manage the application
-deployment too. I have a few old capistrano 2.x scripts that work fine and I really do not have any intentions of porting
-them over to capistrano 3 scripts so they can be included as an orats template because I do not want to use capistrano anymore.
+#### First things first
 
-I'm calling out to the community for help. Can a chef expert please leverage the `deploy` or `application` resources
-and provide us with a well documented solution to deploy a rails application with chef? Complete with runit scripts for
-ensuring puma and sidekiq are always running of course.
+Once you have an app generated make sure you check out the `inventory/group_vars/all.yml` file. You will want to make all
+of your configuration changes there. After that is up to you. If you want to learn more about ansible then check out the
+[getting started with ansible guide](http://docs.ansible.com/intro_getting_started.html).

data/lib/orats/cli.rb

@@ -6,13 +6,13 @@ module Orats
     option :pg_location, default: 'localhost'
     option :pg_username, default: 'postgres'
     option :pg_password, required: true
+    option :redis_password, default: ''
     option :auth, type: :boolean, default: false, aliases: '-a'
-    option :skip_cook, type: :boolean, default: false, aliases: '-C'
     option :skip_extras, type: :boolean, default: false, aliases: '-E'
     option :skip_foreman_start, type: :boolean, default: false, aliases: '-F'
     desc 'new APP_PATH [options]', ''
     long_desc <<-D
-      `orats new myapp --pg-password supersecret` will create a new orats project and it will also create a chef cookbook to go with it by default.
+      `orats new myapp --pg-password supersecret` will create a new rails project and it will also create an ansible inventory to go with it by default.
 
       You must supply at least this flag:
 
@@ -24,15 +24,15 @@ module Orats
 
       `--pg-username` to supply a custom postgres username [postgres]
 
+      `--redis-password` to supply your development redis password []
+
       Template features:
 
       `--auth` will include authentication and authorization [false]
 
       Project features:
 
-      `--skip-cook` skip creating the cookbook [false]
-
-      `--skip-extras` skip creating the services directory and cookbook [false]
+      `--skip-extras` skip creating the services directory and ansible inventory/secrets [false]
 
       `--skip-foreman-start` skip automatically running puma and sidekiq [false]
     D
@@ -40,12 +40,12 @@ module Orats
       Command.new(app_name, options).new
     end
 
-    desc 'cook APP_PATH', ''
+    desc 'play PATH', ''
     long_desc <<-D
-      `orats cook myapp` will create a stand alone cookbook.
+      `orats play path` will create an ansible playbook.
     D
-    def cook(app_name)
-      Command.new(app_name).cook
+    def play(app_name)
+      Command.new(app_name).play
     end
 
     option :skip_data, type: :boolean, default: false, aliases: '-D'
@@ -62,9 +62,9 @@ module Orats
     end
 
     desc 'version', ''
-    long_desc <<-LONGDESC
+    long_desc <<-D
       `orats version` will print the current version.
-    LONGDESC
+    D
     def version
       Command.new.version
     end

data/lib/orats/command.rb

@@ -32,10 +32,24 @@ module Orats
         gsub_postgres_info
         git_commit 'Change the postgres information'
 
+        unless @options[:redis_password].empty?
+          gsub_redis_info
+          git_commit 'Add the redis password'
+        end
+
+        gsub_project_path
+        git_commit 'Add the development project path'
+
         bundle_install
         git_commit 'Add gem lock file'
 
-        run_rake 'db:create:all db:migrate db:test:prepare'
+        bundle_binstubs
+        git_commit 'Add binstubs for the important gems'
+
+        spring_binstub
+        git_commit 'Springify all of the bins'
+
+        run_rake 'db:create:all db:migrate'
         git_commit 'Add the database schema file'
       end
 
@@ -45,16 +59,16 @@ module Orats
         end
       end
 
-      unless @options[:skip_cook] || @options[:skip_extras]
-        cook_app cookbooks_path(@app_name)
+      unless @options[:skip_extras]
+        ansible_init @app_name
       end
 
       @active_path = services_path(@app_name)
       foreman_init
     end
 
-    def cook
-      cook_app @app_name
+    def play
+      play_app @app_name
     end
 
     def nuke
@@ -79,15 +93,11 @@ module Orats
 
     private
       def active_project
-        project_from_path(@active_path)
+        File.basename @active_path
       end
 
       def services_path(app_name)
         @options[:skip_extras] ?  app_name : "#{app_name}/services/#{active_project}"
       end
-
-      def cookbooks_path(app_name)
-        "#{app_name}/cookbooks/#{active_project}"
-      end
   end
 end

data/lib/orats/shell.rb

@@ -1,3 +1,5 @@
+require 'securerandom'
+
 module Orats
   module Shell
     def run_from(path, command)
@@ -22,6 +24,19 @@ module Orats
       gsub_file "#{@active_path}/.env", ': supersecrets', ": #{@options[:pg_password]}"
     end
 
+    def gsub_redis_info
+      log_message 'root', 'Adding the redis password'
+
+      gsub_file "#{@active_path}/config/initializers/sidekiq.rb", '//', '//:#{ENV[\'TESTPROJ_CACHE_PASSWORD\']}@'
+      gsub_file "#{@active_path}/.env", ': greatsecurity', ": #{@options[:redis_password]}"
+    end
+
+    def gsub_project_path
+      log_message 'root', 'Changing the project path'
+
+      gsub_file "#{@active_path}/.env", ': /full/path/to/your/project', ": #{File.expand_path(@active_path)}"
+    end
+
     def run_rake(command)
       log_message 'shell', 'Running rake commands'
 
@@ -34,6 +49,18 @@ module Orats
       run_from @active_path, 'bundle install'
     end
 
+    def bundle_binstubs
+      log_message 'shell', 'Running bundle binstubs for a few gems'
+
+      run_from @active_path, 'bundle binstubs whenever puma sidekiq'
+    end
+
+    def spring_binstub
+      log_message 'shell', 'Running spring binstub'
+
+      run_from @active_path, 'bundle exec spring binstub --all'
+    end
+
     def nuke_warning
       puts
       say_status  'nuke', "\e[1mYou are about to permanently delete this directory:\e[0m", :red
@@ -52,7 +79,7 @@ module Orats
       rails_projects = []
 
       rails_directories.each do |rails_dir|
-        rails_projects << project_from_path(rails_dir)
+        rails_projects << File.basename(rails_dir)
       end
 
       project_names = rails_projects.join(', ')
@@ -70,25 +97,20 @@ module Orats
       rails_directories.each do |directory|
         log_message 'root', 'Removing postgres databases'
         run_from directory, 'bundle exec rake db:drop:all'
-        nuke_redis project_from_path(directory)
+        nuke_redis File.basename(directory)
       end
     end
 
-    def can_cook?
-      log_message 'shell', 'Checking for the cookbook system dependencies'
-
-       has_knife = run('which knife', capture: true)
-       has_berks = run('which berks', capture: true)
+    def can_play?
+      log_message 'shell', 'Checking for the ansible binary'
 
-       dependency_error 'Cannot access knife',
-                        'Are you sure you have chef setup correctly?',
-                        'http://www.getchef.com/chef/install/`' if has_knife.empty?
+       has_ansible = run('which ansible', capture: true)
 
-       dependency_error 'Cannot access berkshelf',
-                        'Are you sure you have berkshelf installed correctly?',
-                        'You can install it by running `gem install berkshelf`' if has_berks.empty?
+       dependency_error 'Cannot access ansible',
+                        'Are you sure you have ansible setup correctly?',
+                        'http://docs.ansible.com/intro_installation.html`' if has_ansible.empty?
 
-       !has_knife.empty? && !has_berks.empty?
+       !has_ansible.empty?
     end
 
     def rails_template(command, flags = '')
@@ -99,15 +121,66 @@ module Orats
       yield if block_given?
     end
 
-    def cook_app(app_path)
-      return unless can_cook?
+    def play_app(path)
+      return unless can_play?
 
-      @active_path = app_path
-      rails_template 'cook'
+      @active_path = path
+      rails_template 'play'
+    end
+
+    def ansible_init(path)
+      log_message 'shell', 'Creating ansible inventory'
+      run "mkdir #{path}/inventory"
+      run "mkdir #{path}/inventory/group_vars"
+      copy_from_includes 'inventory/hosts', path
+      copy_from_includes 'inventory/group_vars/all.yml', path
+
+      secrets_path = "#{path}/secrets"
+      log_message 'shell', 'Creating ansible secrets'
+      run "mkdir #{secrets_path}"
+
+      save_secret_string "#{secrets_path}/postgres_password"
+      save_secret_string "#{secrets_path}/redis_password"
+      save_secret_string "#{secrets_path}/mail_password"
+      save_secret_string "#{secrets_path}/rails_token"
+      save_secret_string "#{secrets_path}/devise_token"
+      save_secret_string "#{secrets_path}/devise_pepper_token"
+
+      log_message 'shell', 'Modifying secrets path in group_vars/all.yml'
+      update_secrets_path secrets_path
+
+      log_message 'shell', 'Creating ssh keypair'
+      run "echo '' | echo '' | echo #{secrets_path}/id_rsa | ssh-keygen -t rsa"
+
+      log_message 'shell', 'Creating self signed ssl certificates'
+      # these are very insecure as I'm not generating new keys for everyone, this should only be used to test
+      # SSL on your web app before switching to signed keys from a trusted vendor
+      copy_from_includes 'secrets/sslcert.crt', path
+      copy_from_includes 'secrets/sslkey.key', path
     end
 
     private
 
+      def save_secret_string(file)
+        File.open(file, 'w+') { |f| f.write(SecureRandom.hex(64)) }
+      end
+
+      def update_secrets_path(secrets_path)
+        all_yaml_path = "#{secrets_path}/../inventory/group_vars/all.yml"
+
+        IO.write(all_yaml_path, File.open(all_yaml_path) do |f|
+          f.read.gsub('~/tmp/testproj/secrets/', secrets_path)
+        end
+        )
+      end
+
+      def copy_from_includes(file, destination_root_path)
+        base_path = "#{File.expand_path File.dirname(__FILE__)}/templates/includes"
+
+        log_message 'shell', "Creating #{file}"
+        run "cp #{base_path}/#{file} #{destination_root_path}/#{file}"
+      end
+
       def nuke_redis(namespace)
         log_message 'root', 'Removing redis keys'
 
@@ -154,9 +227,5 @@ module Orats
           exit 1
         end
       end
-
-      def project_from_path(path)
-        path.split('/').last
-      end
   end
 end