orats 0.6.3 → 0.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +267 -216
- data/lib/orats/commands/common.rb +39 -0
- data/lib/orats/commands/new/ansible.rb +9 -9
- data/lib/orats/commands/new/exec.rb +3 -0
- data/lib/orats/commands/new/rails.rb +109 -39
- data/lib/orats/commands/nuke.rb +3 -3
- data/lib/orats/commands/outdated/compare.rb +4 -4
- data/lib/orats/commands/play.rb +2 -15
- data/lib/orats/commands/ui.rb +2 -2
- data/lib/orats/templates/auth.rb +350 -378
- data/lib/orats/templates/base.rb +371 -470
- data/lib/orats/templates/includes/Gemfile +6 -7
- data/lib/orats/templates/play.rb +82 -72
- data/lib/orats/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d4bc22e389f267cb7c91d4081a11145f69d59297
|
4
|
+
data.tar.gz: 0454520ee8678acdf340bdcbc634177341fef0e3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cb75ed8fe941ddda50d5ef7672c33e6a23057e5cb72deb5fe52214e6a6edb83630debd7890de2c53ee1a866d58b1f70611121519a9e9e8f049546ea034519fae
|
7
|
+
data.tar.gz: ac83b57976aef1165be7fefc093d6995b47fec97ac16db99987e3fe1675fda6f4720c542a3e96c1f1e51feb528acc6d78c5bb4ee491760e0c3de4b221db027e3
|
data/README.md
CHANGED
@@ -3,251 +3,320 @@
|
|
3
3
|
## What is orats and what problem does it solve?
|
4
4
|
|
5
5
|
It stands for opinionated rails application templates. The templates include solving tedious tasks that you would do for most
|
6
|
-
projects. It handles creating a rails application with a bunch of opinions and optionally an ansible playbook so you can
|
7
|
-
deploy your apps
|
8
|
-
|
9
|
-
You can also optionally include custom rails templates to append to any template you create with orats.
|
10
|
-
|
11
|
-
Everything is accessed through the [orats gem](#installation).
|
6
|
+
projects. It handles creating a rails application with a bunch of opinions and optionally an ansible inventory/playbook so you can
|
7
|
+
and provision your servers and deploy your apps effortlessly.
|
12
8
|
|
13
9
|
## What version of Rails and Ruby are you targeting?
|
14
10
|
|
15
11
|
#### Rails 4.1.x and Ruby 2.1.x
|
16
12
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
## System dependencies that must be on your dev box
|
21
|
-
|
22
|
-
- [The orats gem](#installation)
|
23
|
-
- To download each rails template and automate running certain tasks.
|
24
|
-
- Ruby 2.1.x
|
25
|
-
- Yep, you really need Ruby to run Ruby modules.
|
26
|
-
- Rails 4.1.x
|
27
|
-
- You need Rails installed so that you can run the project generator.
|
28
|
-
- Git
|
29
|
-
- The weapon of choice for version control.
|
30
|
-
- Postgres
|
31
|
-
- All of the templates use postgres as a primary persistent database.
|
32
|
-
- Redis
|
33
|
-
- Used as a sidekiq background worker and as the rails cache back end.
|
34
|
-
|
35
|
-
### Additional system dependencies for ansible
|
36
|
-
|
37
|
-
`orats` is smart enough to skip trying to create ansible related files if it cannot find the necessary dependencies to successfully
|
38
|
-
use them. To successfully create ansible content you must fulfill the requirements below:
|
39
|
-
|
40
|
-
- Ansible is installed and setup in such a way that `ansible` is on your system path.
|
13
|
+
Gems will also be updated once they are proven to work on the target rails/ruby versions. The gems are locked using the
|
14
|
+
pessimistic operator `~>` to ensure your installation works over time as long as rubygems.org's API is working.
|
41
15
|
|
42
16
|
## Contents
|
43
|
-
|
44
|
-
-
|
45
|
-
|
46
|
-
|
47
|
-
- Templates
|
17
|
+
- [System dependencies](#system-dependencies)
|
18
|
+
- [Installation](#installation)
|
19
|
+
- [Commands](#commands)
|
20
|
+
- [Templates](#templates)
|
48
21
|
- [Base](#base)
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
-
|
53
|
-
|
22
|
+
- [Try it](#try-the-base-template)
|
23
|
+
- [FAQ](#base-faq)
|
24
|
+
- [What's with the directory structure?](#whats-with-the-directory-structure)
|
25
|
+
- [Development configuration?](#base-what-do-i-need-to-configure-for-development)
|
26
|
+
- [Production configuration?](#base-what-do-i-need-to-configure-for-production)
|
27
|
+
- [Auth](#auth)
|
28
|
+
- [Try it](#try-the-auth-template)
|
29
|
+
- [FAQ](#auth-faq)
|
30
|
+
- [Development configuration?](#auth-what-do-i-need-to-configure-for-development)
|
31
|
+
- [Production configuration?](#auth-what-do-i-need-to-configure-for-production)
|
32
|
+
- [Play](#play)
|
33
|
+
- [Try it](#try-the-play-template)
|
34
|
+
- [Ansible roles](#ansible-roles-used)
|
35
|
+
- [Wiki](https://github.com/nickjj/orats/wiki)
|
36
|
+
- [What to look at after making a new project](https://github.com/nickjj/orats/wiki/What-to-look-at-after-making-a-new-project)
|
37
|
+
- [Create a project and provision a server](https://github.com/nickjj/orats/wiki/Create-a-project-and-provision-a-server)
|
38
|
+
|
39
|
+
## System dependencies
|
40
|
+
|
41
|
+
Before running orats...
|
42
|
+
|
43
|
+
#### You must install
|
44
|
+
|
45
|
+
- [Git](http://git-scm.com/book/en/Getting-Started-Installing-Git)
|
46
|
+
- [Postgres](https://wiki.postgresql.org/wiki/Detailed_installation_guides)
|
47
|
+
- [Redis](http://redis.io/topics/quickstart)
|
48
|
+
- Ruby 2.1.x - [chruby](https://github.com/postmodern/chruby) | [rbenv](https://github.com/sstephenson/rbenv) | [rvm](https://rvm.io/)
|
49
|
+
- Rails 4.1.x - `gem install rails -v '~> 4.1.1'`
|
50
|
+
|
51
|
+
#### You should install
|
52
|
+
|
53
|
+
- [Ansible](http://docs.ansible.com/intro_installation.html)
|
54
|
+
- If you plan to use the ansible features (optional)
|
55
|
+
- [Imagemagick](https://www.google.com/search?q=install+imagemagick)
|
56
|
+
- If you want favicons to be automatically created (optional)
|
57
|
+
|
58
|
+
#### You need these processes to be running
|
54
59
|
|
55
|
-
|
60
|
+
- Postgres
|
61
|
+
- Redis
|
56
62
|
|
57
|
-
|
63
|
+
## Installation
|
58
64
|
|
59
65
|
`gem install orats`
|
60
66
|
|
61
|
-
|
67
|
+
Or if you already have orats then run `gem update orats` to upgrade to the latest version.
|
62
68
|
|
63
|
-
|
64
|
-
running `orats <command name> help` from your terminal. You can also type `orats` on its own to see a list of all commands.
|
69
|
+
## Commands
|
65
70
|
|
66
|
-
|
67
|
-
|
71
|
+
Here is an overview of the available commands. You can find out more information about each command and flag by running
|
72
|
+
`orats help <command name>` from your terminal. You can also type `orats` on its own to see a list of all commands.
|
73
|
+
|
74
|
+
- **Create a new orats project**:
|
75
|
+
- `orats new <TARGET_PATH> --pg-password=foo`
|
68
76
|
- Configuration:
|
69
77
|
- Optionally takes: `--pg-location [localhost]`
|
70
78
|
- Optionally takes: `--pg-username [postgres]`
|
71
79
|
- Optionally takes: `--redis-location [localhost]`
|
72
80
|
- Optionally takes: `--redis-password []`
|
73
|
-
- Template
|
81
|
+
- Template:
|
74
82
|
- Optionally takes: `--auth [false]`
|
75
83
|
- Optionally takes: `--template []`
|
76
|
-
- Project
|
84
|
+
- Project:
|
77
85
|
- Optionally takes: `--skip-extras [false]`
|
78
86
|
- Optionally takes: `--skip-server-start [false]`
|
79
|
-
- Ansible
|
87
|
+
- Ansible:
|
80
88
|
- Optionally takes: `--sudo-password []`
|
81
89
|
- Optionally takes: `--skip-galaxy [false]`
|
82
90
|
|
83
|
-
- Create an ansible playbook
|
91
|
+
- **Create an ansible playbook**:
|
84
92
|
- `orats play <TARGET_PATH>`
|
85
|
-
- Template
|
93
|
+
- Template:
|
86
94
|
- Optionally takes: `--template []`
|
87
95
|
|
88
|
-
- Delete
|
96
|
+
- **Delete a directory and optionally all data associated to it**:
|
89
97
|
- `orats nuke <TARGET_PATH>`
|
90
98
|
- Optionally takes: `--skip-data [false]`
|
91
99
|
|
92
|
-
- Detect whether or not orats, the playbook or inventory is outdated
|
100
|
+
- **Detect whether or not orats, the playbook or inventory is outdated**:
|
93
101
|
- `orats outdated [options]`
|
94
102
|
- Optionally takes: `--playbook []`
|
95
103
|
- Optionally takes: `--inventory []`
|
96
104
|
|
97
|
-
|
98
|
-
|
99
|
-
In order to automate certain tasks such as running database migrations the script must be able to talk to your database.
|
100
|
-
It cannot talk to your database without knowing the location, username and password for postgres. In most cases the
|
101
|
-
location will be `localhost` and the username will be `postgres` so these values are provided by default.
|
102
|
-
|
103
|
-
Remember, this is only your development postgres password. It will **never** ask for your production passwords.
|
104
|
-
|
105
|
-
#### Is the outdated detection guaranteed to be accurate?
|
106
|
-
|
107
|
-
The version comparisons can be fully trusted but when comparing a specific playbook or inventory file it's not really
|
108
|
-
possible to guarantee a valid comparison.
|
109
|
-
|
110
|
-
When passing in `--playbook` or `--inventory` it will look for certain keywords in the file. If it finds the
|
111
|
-
keyword then it will assume that keyword is working and up to date. Since you can edit these files freely there may be
|
112
|
-
cases where it reports a false positive.
|
105
|
+
## Templates
|
113
106
|
|
114
|
-
|
115
|
-
playbook file or paste in a few new variables in your inventory that exist in a newer version of orats that you planned
|
116
|
-
to update.
|
117
|
-
|
118
|
-
It will detect missing, outdated and extra keywords between your version of orats, your user generated files and the
|
119
|
-
latest version on github. Execute `orats help outdated` if you get confused.
|
120
|
-
|
121
|
-
## Base
|
107
|
+
### Base
|
122
108
|
|
123
109
|
This is the starter template that every other template will append to. I feel like when I make a new project, 95% of the time
|
124
110
|
it includes these features and when I do not want a specific thing it is much quicker to remove it than add it.
|
125
111
|
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
-
|
132
|
-
-
|
133
|
-
- Use redis as the cache backend
|
134
|
-
- Use
|
135
|
-
- Use
|
136
|
-
-
|
137
|
-
-
|
138
|
-
-
|
139
|
-
-
|
140
|
-
-
|
141
|
-
-
|
142
|
-
-
|
143
|
-
-
|
144
|
-
-
|
145
|
-
-
|
146
|
-
-
|
147
|
-
- Add
|
148
|
-
-
|
149
|
-
-
|
150
|
-
-
|
151
|
-
-
|
152
|
-
-
|
153
|
-
-
|
154
|
-
-
|
155
|
-
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
112
|
+
#### Changes vs the standard rails project
|
113
|
+
|
114
|
+
All of the changes have git commits to go with them. After generating a project you can type `git reflog` to get a
|
115
|
+
list of changes.
|
116
|
+
|
117
|
+
- **Core changes**:
|
118
|
+
- Use `postgres` as the primary SQL database
|
119
|
+
- Use `redis` as the cache backend
|
120
|
+
- Use `puma` as the web server
|
121
|
+
- Use `sidekiq` as a background worker
|
122
|
+
- **Features**:
|
123
|
+
- Configure scheduled jobs and tasks using `whenever`
|
124
|
+
- Pagination and a route concern mapped to `/page` using `kaminari`
|
125
|
+
- Keep a sitemap up to date using `sitemap_generator`
|
126
|
+
- Add a `pages` controller with `home` action that has points of interest
|
127
|
+
- **Rake tasks**:
|
128
|
+
- Daily backups using `backup` and `whenever`
|
129
|
+
- Generate favicons for many devices based off a single source png
|
130
|
+
- **Config**:
|
131
|
+
- Extract a bunch of configuration to environment variables
|
132
|
+
- Rewrite the database.yml and secrets.yml files to be more dry
|
133
|
+
- Add a staging environment
|
134
|
+
- **Development mode only**:
|
135
|
+
- Use the `dotenv` gem to manage environment variables
|
136
|
+
- Use `foreman` to manage the app's processes
|
137
|
+
- Use `bullet`, `rack mini profiler` and `meta_request` for profiling/analysis
|
138
|
+
- **Production mode only**:
|
139
|
+
- Setup log rotation
|
140
|
+
- Add popular file types to the assets precompile list
|
141
|
+
- Change validation errors to output inline on each element instead of a big list
|
142
|
+
- **Helpers**:
|
143
|
+
- `title`, `meta_description`, `heading` to easily set those values per view
|
144
|
+
- `humanize_boolean` to convert true/false into Yes/No
|
145
|
+
- `css_for_boolean` to convert true/false into a css class success/danger
|
146
|
+
- **Views**:
|
147
|
+
- Use `sass` and `coffeescript`
|
148
|
+
- Use `bootstrap 3.x` and `font-awesome`
|
149
|
+
- Add a minimal and modern layout file
|
150
|
+
- Load `jquery` 1.10.x through a CDN
|
151
|
+
- Conditionally load `html5shiv`, `json3` and `respondjs` for IE < 9 support
|
152
|
+
- **Partials**:
|
153
|
+
- Add navigation and navigation links
|
154
|
+
- Add flash message
|
155
|
+
- Add footer
|
156
|
+
- Add google analytics
|
157
|
+
- Add disqus
|
158
|
+
- **Public**:
|
159
|
+
- Add 404, 422, 500 and 502 pages so they can be served directly from your reverse proxy
|
160
|
+
- Add all of the favicons output by the favicon generator
|
160
161
|
|
161
|
-
|
162
|
+
#### Try the base template
|
162
163
|
|
163
|
-
|
164
|
-
roles from the galaxy. It will only try to use sudo if it fails with a permission error first.
|
164
|
+
`orats new myapp --pg-password=foo --skip-galaxy`
|
165
165
|
|
166
|
-
|
166
|
+
##### What is `--pg-password`?
|
167
167
|
|
168
|
-
|
168
|
+
Orats will automatically start your server (you can turn this off with a flag) and also run database migrations or
|
169
|
+
generators depending on what you're doing.
|
169
170
|
|
170
|
-
|
171
|
-
|
172
|
-
|
171
|
+
In order to do this it must know your postgres location, username and password. By default it will use localhost for the
|
172
|
+
*location* and *postgres* as the username but if you need to supply those values because yours are different you can use
|
173
|
+
`--pg-location=foo` and `--pg-username=bar`.
|
174
|
+
|
175
|
+
##### What is `--skip-galaxy`?
|
176
|
+
|
177
|
+
By default the new command will generate ansible related files for you so that you can manage this app's "inventory". It
|
178
|
+
also automatically downloads the ansible roles from the [ansible galaxy](https://galaxy.ansible.com/).
|
179
|
+
|
180
|
+
This was done to ensure each app you create has the correct ansible role version to go with it. However, if you installed
|
181
|
+
ansible through apt or somewhere outside of your home directory then you will get permissions errors when it tries to
|
182
|
+
download the roles.
|
183
|
+
|
184
|
+
You can fix this by supplying `--sudo-password=foo` to the above command if you know ansible is installed outside of your
|
185
|
+
home directory or you can just wait while the command runs and it will prompt you for your sudo password when it gets
|
186
|
+
to that point because orats will attempt to use sudo only after it fails trying to install the roles without sudo.
|
187
|
+
|
188
|
+
If you don't care about the ansible at all you could add `--skip-extras` to not generate any ansible files.
|
189
|
+
|
190
|
+
##### Does your redis server use a password?
|
191
|
+
|
192
|
+
If your redis server is configured to use a password then you must also pass in `--redis-password=foo`.
|
193
|
+
|
194
|
+
#### Base FAQ
|
195
|
+
|
196
|
+
##### What's with the directory structure?
|
197
|
+
|
198
|
+
Let's say you were to generate a new project at *~/tmp/myapp*, then you would get the following paths:
|
199
|
+
|
200
|
+
```
|
201
|
+
~/tmp/myapp/inventory
|
202
|
+
~/tmp/myapp/secrets
|
203
|
+
~/tmp/myapp/services
|
204
|
+
```
|
205
|
+
|
206
|
+
The **inventory** path contains the ansible inventory files for this project. This would be where your host addresses go
|
207
|
+
along with configuration settings for this project.
|
208
|
+
|
209
|
+
The **secrets** path contains the passwords for various things as well as ssh keypairs and ssl certificates. This path
|
210
|
+
should be kept out of version control. You could also go 1 extra step and encrypt this directory locally.
|
211
|
+
|
212
|
+
The **services** path contains your rails application. I like to call it services because you might have multiple services
|
213
|
+
in 1 project.
|
214
|
+
|
215
|
+
If you run the command with `--skip-extras` you will not get the inventory, secrets or services directory. It will just
|
216
|
+
generate `myapp` at the path you specify.
|
217
|
+
|
218
|
+
<a name="base-what-do-i-need-to-configure-for-development"></a>
|
219
|
+
##### What do I need to configure for development?
|
220
|
+
|
221
|
+
Pretty much everything is contained within environment variables. They are stored in the `.env` file located in the root
|
222
|
+
directory of the rails application. It should be self explanatory. This file is also added to `.gitignore`.
|
223
|
+
|
224
|
+
<a name="base-what-do-i-need-to-configure-for-production"></a>
|
225
|
+
##### What do I need to configure for production?
|
173
226
|
|
174
|
-
|
175
|
-
|
227
|
+
If you are using ansible then you should open `inventory/group_vars/all.yml` and take a peek. Everything there has
|
228
|
+
comments. Assuming you have everything hosted on 1 server then at minimum you will only need to change
|
229
|
+
`rails_deploy_git_url` to get going.
|
176
230
|
|
177
|
-
|
231
|
+
The above variable is the repo where your code is contained. Ansible will clone that repo in an idempotent way.
|
178
232
|
|
179
|
-
|
233
|
+
You will also need to put the correct server IP(s) in `inventory/hosts`. At this point that's all you need to change to
|
234
|
+
successfully provision a server.
|
180
235
|
|
181
|
-
|
182
|
-
|
236
|
+
There are many other variables that you would likely change too such as adding your google analytics UA, S3 keys and
|
237
|
+
all of the mail settings.
|
183
238
|
|
184
|
-
|
239
|
+
You may also want to tinker with the following values for performance reasons based on your server(s).
|
185
240
|
|
186
|
-
|
187
|
-
|
241
|
+
```
|
242
|
+
DATABASE_POOL: 25
|
188
243
|
|
189
|
-
|
190
|
-
|
244
|
+
PUMA_THREADS_MIN: 0
|
245
|
+
PUMA_THREADS_MAX: 16
|
191
246
|
|
192
|
-
|
247
|
+
# ensure there are always at least 2 workers so puma can properly do phased restarts
|
248
|
+
PUMA_WORKERS: "{{ ansible_processor_cores if ansible_processor_cores > 1 else 2 }}"
|
193
249
|
|
194
|
-
|
195
|
-
|
196
|
-
your application properly in non-development mode.
|
250
|
+
SIDEKIQ_CONCURRENCY: 25
|
251
|
+
```
|
197
252
|
|
198
|
-
|
253
|
+
### Auth
|
199
254
|
|
200
|
-
|
201
|
-
|
255
|
+
This is the auth template which gets merged into the base template. It contains a basic authentication setup using
|
256
|
+
devise and pundit.
|
202
257
|
|
203
|
-
|
204
|
-
you do not do this then you must open `config/puma.rb` and check out the `RAILS_ENV` conditional because by default it will
|
205
|
-
not listen on a port in production. Instead it will use a unix socket.
|
258
|
+
#### Changes vs the base template
|
206
259
|
|
207
|
-
|
260
|
+
All of the changes have git commits to go with them. After generating a project you can type `git reflog` to get a
|
261
|
+
list of changes.
|
208
262
|
|
209
|
-
|
210
|
-
|
263
|
+
- **Core**:
|
264
|
+
- Handle authentication with `devise`
|
265
|
+
- Handle devise e-mails with `devise-async`
|
266
|
+
- Handle authorization with `pundit`
|
267
|
+
- Add `app/policies` with a basic pundit policy included
|
268
|
+
- **Config**:
|
269
|
+
- Add devise related environment variables
|
270
|
+
- Set the session timeout to 2 hours
|
271
|
+
- Expire the auth token on timeout
|
272
|
+
- Enable account locking based on failed attempts (7 tries)
|
273
|
+
- Allow unlocking by e-mail or after 2 hours
|
274
|
+
- Inform users of their last login attempt when failing to login
|
275
|
+
- Add en-locale strings for authorization messages
|
276
|
+
- Add devise queue to the sidekiq config
|
277
|
+
- Add pundit related code to the application controller
|
278
|
+
- **Routes**:
|
279
|
+
- Protect the `/sidekiq` end point so only logged in admins can see it
|
280
|
+
- Enable/Disable users from publicly registering by commenting out a few lines
|
281
|
+
- **Database**:
|
282
|
+
- Add a seed user that you should change the details of ASAP once you deploy
|
283
|
+
- **Models**:
|
284
|
+
- Add `Account` devise model with an extra `role` field
|
285
|
+
- Add `admin` and `guest` roles
|
286
|
+
- Add `.is?` method to compare roles
|
287
|
+
- Add `generate_password` method
|
288
|
+
- Add a way to cache the `current_account`
|
289
|
+
- **Controllers**:
|
290
|
+
- Alias `current_user` to `current_account`
|
291
|
+
- Allow you to override devise's default sign in URL by uncommenting a few lines
|
292
|
+
- **Views**:
|
293
|
+
- Use bootstrap for all of the devise views
|
294
|
+
- Add authentication links to the navbar
|
295
|
+
- **Tests**:
|
296
|
+
- Add `Account` fixtures
|
297
|
+
- Add model tests for `Account`
|
211
298
|
|
212
|
-
####
|
299
|
+
#### Try the auth template
|
213
300
|
|
214
|
-
|
215
|
-
have to be exact. Feel free to experiment.
|
301
|
+
`orats new myauthapp --auth --pg-password=foo --skip-galaxy`
|
216
302
|
|
217
|
-
|
303
|
+
##### What do those flags do?
|
218
304
|
|
219
|
-
|
220
|
-
models that have foreign keys back to a devise model while someone else might only want to add 1 field directly on the devise model.
|
221
|
-
The authentication template was designed just to give you enough to get the ball rolling on your upcoming project.
|
305
|
+
You should read the [try the base template](#try-the-base-template) section to get an idea of what they do.
|
222
306
|
|
223
|
-
|
307
|
+
#### Auth FAQ
|
224
308
|
|
225
|
-
-
|
226
|
-
|
227
|
-
- Pundit for authorization. It seems to be gaining popularity over CanCan since ryan is MIA?
|
228
|
-
- Sensible defaults for the devise initializer file by placing all of the secrets into the `.env` file.
|
229
|
-
- Enable session timeouts and unlock strategies in the devise initializer.
|
230
|
-
- Bootstrap flavored view templates.
|
231
|
-
- A devise model called `Account` which contains a standard devise model with a `role` field added.
|
232
|
-
- `admin` and `guest` roles have been added to the `Account` model and the guest role is the default at the database level.
|
233
|
-
- An `.is?` method to determine if an account's role is equal to the role you pass in.
|
234
|
-
- The `Account` model has been enhanced to cache the `current_account` in redis so you do not have to perform a db lookup on every request.
|
235
|
-
- A basic pundit application policy has been generated.
|
236
|
-
- Alias `current_account` to `current_user` so that pundit and other potential gems will work as intended.
|
237
|
-
- Create a seed account in `db/seeds.rb` which acts as an admin, you should change these details asap.
|
238
|
-
- Toggle whether or not users can publicly register on the site and/or delete their account very easily.
|
239
|
-
- Expose a `/sidekiq` end-point which requires an admin account to access so you can view the queue details.
|
309
|
+
<a name="auth-what-do-i-need-to-configure-for-development"></a>
|
310
|
+
##### What do I need to configure for development?
|
240
311
|
|
241
|
-
|
312
|
+
You may want to change `ACTION_MAILER_DEVISE_DEFAULT_FROM` in `.env`.
|
242
313
|
|
243
|
-
|
244
|
-
|
314
|
+
<a name="auth-what-do-i-need-to-configure-for-production"></a>
|
315
|
+
##### What do I need to configure for production?
|
245
316
|
|
246
|
-
|
317
|
+
You will want to change `ACTION_MAILER_DEVISE_DEFAULT_FROM` in `inventory/group_vars/all.yml`.
|
247
318
|
|
248
|
-
|
249
|
-
|
250
|
-
## Playbook
|
319
|
+
### Play
|
251
320
|
|
252
321
|
Building your application is only one piece of the puzzle. If you want to ship your application you have to host it somewhere.
|
253
322
|
You have a few options when it comes to managed hosts like Heroku but they tend to be very expensive if you fall out of
|
@@ -256,27 +325,33 @@ their free tier.
|
|
256
325
|
The playbook template creates an ansible playbook that will provision a **ubuntu 12.04 LTS server**. It can be hosted anywhere
|
257
326
|
as there are no hard requirements on any specific host.
|
258
327
|
|
259
|
-
|
328
|
+
#### Server breakdown
|
329
|
+
|
330
|
+
Everything is broken up into ansible roles so you can quickly scale out horizontally or by splitting up your server groups
|
331
|
+
such that your database is on a separate server than your application.
|
260
332
|
|
261
|
-
- Security
|
262
|
-
- Logging into the server is only possible with an
|
263
|
-
-
|
264
|
-
-
|
265
|
-
-
|
266
|
-
-
|
267
|
-
|
333
|
+
- **Security**:
|
334
|
+
- Logging into the server is only possible with an ssh key
|
335
|
+
- Root login is disable
|
336
|
+
- fail2ban is setup
|
337
|
+
- ufw (firewall) is setup to block any ports not exposed by you
|
338
|
+
- All stack specific processes are running with less privileges than root
|
339
|
+
- **User**:
|
340
|
+
- A single deploy user is created
|
341
|
+
- **Services and runtimes**:
|
268
342
|
- Postgres
|
269
343
|
- Redis
|
270
|
-
-
|
271
|
-
- Ruby
|
272
|
-
|
273
|
-
-
|
274
|
-
-
|
275
|
-
|
276
|
-
|
344
|
+
- NodeJS
|
345
|
+
- Ruby
|
346
|
+
- **Process management**:
|
347
|
+
- Your rails app and sidekiq have `init.d` scripts
|
348
|
+
- Your rails app and sidekiq are monitored using `monit`
|
349
|
+
|
350
|
+
#### Try the play template
|
351
|
+
|
352
|
+
`orats play myplaybook`
|
277
353
|
|
278
|
-
|
279
|
-
check out each role then here's a link to their repos:
|
354
|
+
#### Ansible roles used
|
280
355
|
|
281
356
|
- `nickjj.user` https://github.com/nickjj/ansible-user
|
282
357
|
- `nickjj.security` https://github.com/nickjj/ansible-security
|
@@ -291,28 +366,4 @@ check out each role then here's a link to their repos:
|
|
291
366
|
- `nickjj.nginx` https://github.com/nickjj/ansible-nginx
|
292
367
|
- `DavidWittman.redis` https://github.com/DavidWittman/ansible-redis
|
293
368
|
|
294
|
-
All of the above roles will get installed and updated whenever you generate a
|
295
|
-
|
296
|
-
### Try it
|
297
|
-
|
298
|
-
`orats play myrailsapp`
|
299
|
-
|
300
|
-
Ansible is very powerful and flexible when it comes to managing infrastructure. If most of your rails apps have a similar stack
|
301
|
-
then you can use a single playbook to run all of your apps. You can customize the details for each one by adjusting the inventory
|
302
|
-
that gets generated for each app.
|
303
|
-
|
304
|
-
### The `inventory` and `secrets` directories
|
305
|
-
|
306
|
-
When you create a new orats app you'll get both of these directories added for you automatically unless you `--skip-extras`.
|
307
|
-
|
308
|
-
**The inventory directory** contains the files to setup your host addresses as well as configure your application using
|
309
|
-
the parameters exposed by the various ansible roles.
|
310
|
-
|
311
|
-
**The secrets directory** holds all of the passwords and sensitive information such as ssh keypairs or ssl certificates. They
|
312
|
-
are not added to version control and these files will be copied to your server when you run the playbook.
|
313
|
-
|
314
|
-
#### First things first
|
315
|
-
|
316
|
-
Once you have an app generated make sure you check out the `inventory/group_vars/all.yml` file. You will want to make all
|
317
|
-
of your configuration changes there. After that is up to you. If you want to learn more about ansible then check out the
|
318
|
-
[getting started with ansible guide](http://docs.ansible.com/intro_getting_started.html).
|
369
|
+
All of the above roles will get installed and updated whenever you generate a new orats project.
|