subspace 2.1.2 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd87407fb11ec6c94c168ebd5b9352df4f5d548d58680d8d55f48d10b358ebf2
-  data.tar.gz: b2ee02cff26d17e5a7ec2f09e3dbbee0c9faf9884bf28d2800419729363cb319
+  metadata.gz: 5c1bb8ea735bdf17e01f7941b5ca6d19c33cdb7c6e28b9715001eaa4f6c357e6
+  data.tar.gz: bdd11bf25939821875624dfcc8124247f7f1f9eadeae1e271e5bdab7a26799a5
 SHA512:
-  metadata.gz: fbb758b5dbefb0df98314cb8001baa09eab07f7586e5377441c9f453a70cce025abf0ee3aa0a09d36fb99ec437abe3565372f3a578dc6e361278e12a315397af
-  data.tar.gz: 57bdb1094df5925b3594e198e91fe47b0f1971c7cacb0e05f2b474a2b72d81a0d5e5be216e9a998fcdf03ba62cc605d61005ce468780d227d4a805aef8decd83
+  metadata.gz: c1b5a144b9dfa225858940a1fde22d66790183f4fd10b26fcc9920b0a8e609555760985e0e476d201cebb88c466881f8d3397a95447409a2e4ed64b54fafa4b7
+  data.tar.gz: 5bdb929682b534293f6f91a7a6deab520ccbe8e7711bf2253c713e2bb7391fef271133aee3cf171317e8ecb8a106bdb0a7f58921b465883099ccadff75bb905e

data/.ruby-version

@@ -1 +1 @@
-2.4.4
+2.6.3

data/.travis.yml

@@ -1,4 +1,4 @@
-sudo: false
+become: false
 language: ruby
 rvm:
   - 2.3.1

data/CHANGELOG.md

@@ -10,10 +10,29 @@ This project attempts to follow [semantic versioning](https://semver.org/)
   * Not working on OSX - macs don't read from /etc/profile.d/
   * Stops showing color if you `sudo su`
 
+## 2.3.0
+  * Grab linux kernel to send as stats
+  * Grab psql version to send as stats
+
+## 2.2.3
+  * Add PATH to crontab for letsencrypt auto renewal
+  * log letsencrypt crontab to /var/log/cron.log
+  * fix setting hostname with systemd
+
+## 2.2.2
+  * Use state: "present" instead of "installed"
+
+## 2.2.1
+  * Update URL for letsencrypt tls raw file
+
+## 2.2.0
+  * Add maintenance_mode command
+  * Add ppa:ondrej/nginx repo in common role for TLS 1.3 and nginx support
+
 ## 2.1.2
   * bug fixes
     * PostgreSQL database server works for version > 10
-    * New LetsEncrypt/NGINX servers get the correct file from the certbot repo 
+    * New LetsEncrypt/NGINX servers get the correct file from the certbot repo
 
 ## 2.1.1
   * bug fixes

data/README.md

@@ -69,6 +69,18 @@ At the time of this writing, we pass through the `ansible-playbook` "limit" opti
 
 e.g. To run only on the host "prod-web1": `subspace maintain production --limit=prod-web1`
 
+### `subspace maintenance_mode <environment> --on`
+
+This sets up nginx to return all requests as 503 and serve only the
+static page at `/u/apps/{{project_name}}/current/public/maintenance.html`
+which must be checked into your project and deployed to the server.
+
+`--on` and `--off`, defaults to off.
+
+Only works for hosts using the `nginx` role, but you can pass in your entire environment. Running it on worker servers won't hurt anything.
+
+MUST be turned off manually by running `subspace maintenance_mode <environment> --off`, even a deploy will not disable maintenance mode.
+
 #### Tagged roles
 
 Role       | Tags                      | Comment

data/ansible/playbooks/maintenance_mode.yml

@@ -0,0 +1,5 @@
+---
+  - hosts: "{{ maintenance_hosts }}"
+    become: true
+    roles:
+      - nginx-maintenance

data/ansible/roles/common/tasks/main.yml

@@ -59,6 +59,7 @@
   - name: Set hostname for systemd
     hostname:
       name: "{{hostname}}"
+      use: systemd
     become: true
     tags:
       - maintenance
@@ -71,6 +72,10 @@
     tags:
       - maintenance
 
+  - name: Add ppa:ondrej/nginx apt repository for TLS 1.3
+    apt_repository:
+      repo: ppa:ondrej/nginx
+
   - name: apt-get update
     apt: update_cache=yes cache_valid_time=86400
     become: true
@@ -247,4 +252,30 @@
     tags:
       - maintenance
 
+  - name: Grab OS version
+    shell: uname --kernel-release
+    register: stats_os_version
+    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    tags:
+      - maintenance
+      - stats
+
+  - name: Send OS stats to URL
+    uri:
+      url: "{{stats_url}}"
+      method: POST
+      headers:
+        X-API-Version: 1
+        X-Client-Api-key: "{{stats_api_key}}"
+      body_format: json
+      body:
+        client_stat:
+          key: os_version
+          value: "{{stats_os_version.stdout}}"
+          hostname: "{{hostname}}"
+    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    tags:
+      - maintenance
+      - stats
+
   - import_tasks: swap.yml

data/ansible/roles/common/templates/motd

@@ -4,7 +4,7 @@ This server brought to you by:
 \___ \| | | | '_ \___ \| '_ \ / _` |/ __/ _ \
  ___) | |_| | |_) |__) | |_) | (_| | (_|  __/
 |____/ \__,_|_.__/____/| .__/ \__,_|\___\___|
-                       |_|             v2.0.4
+                       |_|             v2.3.0
 ~~~ https://github.com/tenforwardconsulting/subspace ~~~
 
 If you need to make configuration changes to the server, please modify the

data/ansible/roles/letsencrypt/tasks/main.yml

@@ -60,7 +60,7 @@
   - name: Update nginx default options
     when: "'nginx' in role_names"
     get_url:
-      url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf
+      url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
       dest: /etc/letsencrypt/options-ssl-nginx.conf
 
   - name: Update apache default options
@@ -74,14 +74,20 @@
     notify: start webserver
     changed_when: true
 
+  - name: Set path at top of crontab
+    cron:
+      name: PATH
+      env: yes
+      job: /usr/bin:/bin:/usr/sbin
+
   - name: Setup cron job to auto renew
     become: true
     when: "'apache' in role_names"
     cron:
       name: Auto-renew SSL
-      job: "{{certbot_dir}}/certbot-auto renew --quiet --no-self-upgrade --apache"
-      hour: 0
-      minute: 33
+      job: "{{certbot_dir}}/certbot-auto renew --no-self-upgrade --apache >> /var/log/cron.log 2>&1"
+      hour: "0"
+      minute: "33"
       state: present
 
   - name: Setup cron job to auto renew
@@ -89,7 +95,7 @@
     when: "'nginx' in role_names"
     cron:
       name: Auto-renew SSL
-      job: "{{certbot_dir}}/certbot-auto renew --quiet --no-self-upgrade --nginx"
-      hour: 0
-      minute: 33
+      job: "{{certbot_dir}}/certbot-auto renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
+      hour: "0"
+      minute: "33"
       state: present

data/ansible/roles/memcache/tasks/main.yml

@@ -3,4 +3,4 @@
   apt: update_cache=yes cache_valid_time=86400
 
 - name: Install Memcached.
-  apt: name=memcached state=installed
+  apt: name=memcached state=present

data/ansible/roles/mtpereira.passenger/defaults/main.yml

@@ -1,5 +1,5 @@
 ---
 passenger_webserver: "standalone"
-passenger_pkgs_state: "installed"
+passenger_pkgs_state: "present"
 passenger_pkgs_fix_shebang: no
 become: true

data/ansible/roles/mtpereira.passenger/handlers/main.yml

@@ -1,8 +1,8 @@
 ---
 - name: apache restart
   service: name=apache2 state=restarted
-  sudo: yes
+  become: yes
 
 - name: nginx restart
   service: name=nginx state=restarted
-  sudo: yes
+  become: yes

data/ansible/roles/mysql/meta/main.yml

@@ -2,5 +2,5 @@
   dependencies:
     - {
       role: ANXS.mysql,
-      sudo: true
+      become: true
     }

data/ansible/roles/mysql/tasks/main.yml

@@ -3,10 +3,10 @@
     template:
       src: mysql_database.yml
       dest: /u/apps/{{project_name}}/shared/config/database.yml
-    sudo: true
+    become: true
     sudo_user: "{{deploy_user}}"
 
   - name: Install mysql2 gem dependencies
     apt:
       name: libmysqlclient-dev
-    sudo: true
+    become: true

data/ansible/roles/mysql2_gem/meta/main.yml

@@ -3,6 +3,6 @@
 #   dependencies:
 #     - {
 #       role: ANXS.mysql,
-#       sudo: true
+#       become: true
 #     }
 

data/ansible/roles/mysql2_gem/tasks/main.yml

@@ -2,4 +2,4 @@
   - name: Install mysql2 gem dependencies
     apt:
       name: libmysqlclient-dev
-    sudo: true
+    become: true

data/ansible/roles/newrelic/tasks/main.yml

@@ -3,21 +3,21 @@
     apt_repository:
       repo: deb http://apt.newrelic.com/debian/ newrelic non-free
       state: present
-    sudo: true
+    become: true
 
   - name: Add New Relic apt key
     apt_key:
       url: https://download.newrelic.com/548C16BF.gpg
       state: present
-    sudo: true
+    become: true
 
   - name: Install New Relic server agent
     apt:
       pkg: newrelic-sysmond
       state: present
       update_cache: true
-    sudo: true
+    become: true
 
   - shell: "nrsysmond-config --set license_key={{newrelic_licence}}"
-    sudo: true
+    become: true
     notify: start newrelic agent

data/ansible/roles/nginx-maintenance/tasks/main.yml

@@ -0,0 +1,33 @@
+---
+  - name: Check that /opt/subspace/ exists
+    stat:
+      path: /opt/subspace/
+    register: subspace_dir
+    tags:
+      - maintenance_on
+      - maintenance_off
+
+  - name: Check that /u/apps/{{project_name}}/current/public/maintenance.html exists
+    stat:
+      path: /u/apps/{{project_name}}/current/public/maintenance.html
+    register: app_maintenance_html
+    tags:
+      - maintenance_on
+
+  - name: Move maintenance.html to /opt/subspace
+    command: cp /u/apps/{{project_name}}/current/public/maintenance.html /opt/subspace/maintenance.html
+    args:
+      creates: /opt/subspace/maintenance.html
+    when:
+      - app_maintenance_html.stat.exists == True
+      - subspace_dir.stat.exists == True
+    tags:
+      - maintenance_on
+
+  - name: Remove /opt/subspace/maintenance.html
+    file:
+      path: /opt/subspace/maintenance.html
+      state: absent
+    when: subspace_dir.stat.exists == True
+    tags:
+      - maintenance_off

data/ansible/roles/nginx-rails/templates/_rails.conf

@@ -2,6 +2,9 @@
   try_files $uri/index.html $uri @app;
 
   location @app {
+    if (-f /opt/subspace/maintenance.html) {
+      return 503;
+    }
     proxy_pass http://app;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $app_proto;
@@ -20,7 +23,11 @@
   }
   {% endif %}
 
-  error_page 500 502 503 504 /500.html;
+  error_page 500 502 504 /500.html;
+  error_page 503 /maintenance.html;
+  location /maintenance.html {
+    root /opt/subspace;
+  }
   client_max_body_size {{client_max_body_size}};
   keepalive_timeout 10;
 

data/ansible/roles/papertrail/tasks/main.yml

@@ -5,23 +5,23 @@
   - command: tar xzf /tmp/remote_syslog.tar.gz chdir=/tmp/ creates=/usr/bin/remote_syslog
 
   - command: mv /tmp/remote_syslog/remote_syslog /usr/bin/remote_syslog creates=/usr/bin/remote_syslog
-    sudo: true
+    become: true
 
   - file: path=/usr/bin/remote_syslog owner=root group=root mode=0755
-    sudo: true
+    become: true
 
   - command: wget -O /etc/init.d/remote_syslog https://raw.githubusercontent.com/papertrail/remote_syslog2/v0.13/examples/remote_syslog.init.d creates=/etc/init.d/remote_syslog
-    sudo: true
+    become: true
 
   - file: path=/etc/init.d/remote_syslog owner=root group=root mode=0755
-    sudo: true
+    become: true
 
   - file: path=/tmp/remote_syslog/ state=absent
 
   - file: path=/tmp/remote_syslog.tar.gz state=absent
 
   - service: name=remote_syslog state=restarted enabled=yes
-    sudo: true
+    become: true
 
   - template: src=log_files.yml dest=/etc/log_files.yml owner=root group=root mode=0644
-    sudo: true
+    become: true

data/ansible/roles/postgresql-client/tasks/main.yml

@@ -3,7 +3,7 @@
 # [repository]: http://www.postgresql.org/download/
 - name: Adding APT repository key
   when: ansible_os_family == 'Debian'
-  sudo: yes
+  become: yes
   apt_key:
     id: ACCC4CF8
     url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
@@ -14,7 +14,7 @@
 
 - name: Add PostgreSQL official APT repository
   when: ansible_os_family == 'Debian'
-  sudo: yes
+  become: yes
   apt_repository:
     repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
   tags:
@@ -24,7 +24,7 @@
 
 - name: Install PostgreSQL
   when: ansible_os_family == 'Debian'
-  sudo: yes
+  become: yes
   apt:
     name: "postgresql-client-{{postgresql_version}}"
     state: present
@@ -37,7 +37,7 @@
 
 - name: Install dependencies for the Ansible module
   when: ansible_os_family == 'Debian'
-  sudo: yes
+  become: yes
   apt:
     name: "{{item}}"
     state: latest
@@ -47,3 +47,29 @@
     - postgresql
     - db
     - deps
+
+- name: Grab Psql version
+  shell: psql --version
+  register: stats_psql_version
+  when: send_stats == true and stats_url is defined and stats_api_key is defined
+  tags:
+    - maintenance
+    - stats
+
+- name: Send Psql stats to URL
+  uri:
+    url: "{{stats_url}}"
+    method: POST
+    headers:
+      X-API-Version: 1
+      X-Client-Api-key: "{{stats_api_key}}"
+    body_format: json
+    body:
+      client_stat:
+        key: psql_version
+        value: "{{stats_psql_version.stdout}}"
+        hostname: "{{hostname}}"
+  when: send_stats == true and stats_url is defined and stats_api_key is defined
+  tags:
+    - maintenance
+    - stats

data/ansible/roles/postgresql/handlers/main.yml

@@ -1,4 +1,4 @@
 ---
 - name: postgresql restart
   service: name=postgresql state=restarted
-  sudo: yes
+  become: yes

data/ansible/roles/postgresql/tasks/main.yml

@@ -38,3 +38,29 @@
 
   - include: backups.yml
     become: true
+
+  - name: Grab Psql version
+    shell: psql --version
+    register: stats_psql_version
+    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    tags:
+      - maintenance
+      - stats
+
+  - name: Send Psql stats to URL
+    uri:
+      url: "{{stats_url}}"
+      method: POST
+      headers:
+        X-API-Version: 1
+        X-Client-Api-key: "{{stats_api_key}}"
+      body_format: json
+      body:
+        client_stat:
+          key: psql_version
+          value: "{{stats_psql_version.stdout}}"
+          hostname: "{{hostname}}"
+    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    tags:
+      - maintenance
+      - stats

data/ansible/roles/rails/tasks/main.yml

@@ -1,16 +1,7 @@
 ---
   - name: Install rails apt dependencies
     apt:
-      name: "{{item}}"
-    with_items:
-      - git
-      - libffi-dev
-      - libgmp3-dev
-      - libpq-dev
-      - libxslt-dev
-      - nodejs
-      - zlib1g-dev
-      - ffmpeg
+      name: ['git', 'libffi-dev', 'libgmp3-dev', 'libpq-dev',  'libxslt-dev', 'nodejs', 'zlib1g-dev' ,'ffmpeg']
     become: true
     when: ('Ubuntu' in ansible_distribution)
     tags:

data/ansible/roles/zenoamaro.postgresql/handlers/main.yml

@@ -1,8 +1,8 @@
 ---
 - name: restart postgresql
-  sudo: yes
+  become: yes
   service: name=postgresql state=restarted
 
 - name: reload postgresql
-  sudo: yes
-  service: name=postgresql state=reloaded
+  become: yes
+  service: name=postgresql state=reloaded

data/ansible/roles/zenoamaro.postgresql/tasks/configure.yml

@@ -1,7 +1,7 @@
 ---
 
 - name: Create the necessary directories
-  sudo: yes
+  become: yes
   file:
     dest: "{{item}}"
     state: directory
@@ -18,7 +18,7 @@
     - conf
 
 - name: Configure PostgreSQL
-  sudo: yes
+  become: yes
   template:
     src: "{{item}}"
     dest: "{{postgresql_conf_directory}}/{{item}}"
@@ -33,7 +33,7 @@
     - conf
 
 - name: Configure PostgreSQL (authentication)
-  sudo: yes
+  become: yes
   template:
     src: pg_hba.conf
     dest: "{{postgresql_hba_file}}"
@@ -44,7 +44,7 @@
     - conf
 
 - name: Configure PostgreSQL (ident)
-  sudo: yes
+  become: yes
   template:
     src: pg_ident.conf
     dest: "{{postgresql_ident_file}}"

data/ansible/roles/zenoamaro.postgresql/tasks/extensions.yml

@@ -6,7 +6,7 @@
 
 - name: Install development headers
   when: postgresql_dev_headers == True
-  sudo: yes
+  become: yes
   apt:
     name: libpq-dev
   tags:
@@ -21,7 +21,7 @@
 
 - name: Install PostgreSQL contribs
   when: postgresql_contrib
-  sudo: yes
+  become: yes
   apt:
     name: "postgresql-contrib-{{postgresql_version}}"
   notify: restart postgresql
@@ -36,7 +36,7 @@
 
 - name: Add postgis extensions
   when: postgresql_postgis
-  sudo: yes
+  become: yes
   apt:
     name: "{{item}}"
   with_items:

data/ansible/roles/zenoamaro.postgresql/tasks/install.yml

@@ -5,7 +5,7 @@
 
 - name: Adding APT repository key
   when: ansible_os_family == 'Debian'
-  sudo: yes
+  become: yes
   apt_key:
     id: ACCC4CF8
     url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
@@ -16,7 +16,7 @@
 
 - name: Add PostgreSQL official APT repository
   when: ansible_os_family == 'Debian'
-  sudo: yes
+  become: yes
   apt_repository:
     repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
   tags:
@@ -26,7 +26,7 @@
 
 - name: Install PostgreSQL
   when: ansible_os_family == 'Debian'
-  sudo: yes
+  become: yes
   apt:
     name: "postgresql-{{postgresql_version}}"
     state: present
@@ -39,7 +39,7 @@
 
 - name: Install dependencies for the Ansible module
   when: ansible_os_family == 'Debian'
-  sudo: yes
+  become: yes
   apt:
     name: "{{item}}"
     state: latest

data/lib/subspace/cli.rb

@@ -13,6 +13,7 @@ require 'subspace/commands/provision'
 require 'subspace/commands/ssh'
 require 'subspace/commands/vars'
 require 'subspace/commands/maintain'
+require 'subspace/commands/maintenance_mode.rb'
 
 class Subspace::Cli
   include Commander::Methods
@@ -105,6 +106,19 @@ class Subspace::Cli
       c.when_called Subspace::Commands::Maintain
     end
 
+    command :maintenance_mode do |c, args|
+      c.syntax = 'subspace maintenance_mode [options]'
+      c.summary = 'Turns on or off maintenance mode'
+      c.description = ''
+      c.option "-i", "--private-key PRIVATE-KEY", "Alias for private-key"
+      c.option "--on", "Turns on maintenance mode"
+      c.option "--off", "Turns off maintenance mode"
+      Subspace::Commands::MaintenanceMode::PASS_THROUGH_PARAMS.each do |param_name|
+        c.option "--#{param_name} #{param_name.upcase}", "Passed directly through to ansible-playbook command"
+      end
+      c.when_called Subspace::Commands::MaintenanceMode
+    end
+
     run!
   end
 end

data/lib/subspace/commands/base.rb

@@ -53,6 +53,23 @@ module Subspace
         return answer.downcase.start_with? "y"
       end
 
+      def pass_through_params
+        ansible_options = []
+        self.class::PASS_THROUGH_PARAMS.each do |param_name|
+          x = param_name.split('-')[1..-1].map(&:upcase).join('_')
+          hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
+          value = @options.__hash__[hash_key]
+          if value
+            if param_name.length > 1
+              ansible_options += ["--#{param_name}", value]
+            else
+              ansible_options += ["-#{param_name}", value]
+            end
+          end
+        end
+
+        ansible_options
+      end
     end
   end
 end

data/lib/subspace/commands/bootstrap.rb

@@ -26,7 +26,7 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
       "path=/home/{{ansible_ssh_user}}/.ssh state=directory mode=0700",
       "-vvvv"
     ]
-    cmd = add_pass_through_params cmd
+    cmd = cmd | pass_through_params
     bootstrap_command cmd
   end
 
@@ -41,7 +41,7 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
       "--become",
       "-vvvv"
     ]
-    cmd = add_pass_through_params cmd
+    cmd = cmd | pass_through_params
     bootstrap_command cmd
   end
 
@@ -51,16 +51,4 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
     end
     ansible_command *cmd
   end
-
-  def add_pass_through_params(cmd)
-    PASS_THROUGH_PARAMS.each do |param_name|
-      x = param_name.split('-')[1..-1].map(&:upcase).join('_')
-      hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
-      value = @options.__hash__[hash_key]
-      if value
-        cmd += ["--#{param_name}", value]
-      end
-    end
-    cmd
-  end
 end

data/lib/subspace/commands/maintain.rb

@@ -9,14 +9,7 @@ class Subspace::Commands::Maintain < Subspace::Commands::Base
 
   def run
     ansible_options = ["--diff", "--tags=maintenance"]
-    PASS_THROUGH_PARAMS.each do |param_name|
-      x = param_name.split('-')[1..-1].map(&:upcase).join('_')
-      hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
-      value = @options.__hash__[hash_key]
-      if value
-        ansible_options += ["--#{param_name}", value]
-      end
-    end
+    ansible_options = ansible_options | pass_through_params
     ansible_command "ansible-playbook", "#{@environment}.yml", *ansible_options
   end
 end

data/lib/subspace/commands/maintenance_mode.rb

@@ -0,0 +1,16 @@
+class Subspace::Commands::MaintenanceMode < Subspace::Commands::Base
+  PASS_THROUGH_PARAMS = ["private-key", "limit"]
+
+  def initialize(args, options)
+    @hosts = args.first
+    @options = options
+    run
+  end
+
+  def run
+    on_off = @options.__hash__[:on] ? "on" : "off"
+    ansible_options = ["--diff", "-e maintenance_hosts=#{@hosts}", "--tags=maintenance_#{on_off}"]
+    ansible_options = ansible_options | pass_through_params
+    ansible_command "ansible-playbook",  File.join(File.dirname(__FILE__), "../../../ansible/playbooks/maintenance_mode.yml"), *ansible_options
+  end
+end

data/lib/subspace/commands/provision.rb

@@ -9,14 +9,7 @@ class Subspace::Commands::Provision < Subspace::Commands::Base
 
   def run
     ansible_options = ["--diff"]
-    PASS_THROUGH_PARAMS.each do |param_name|
-      x = param_name.split('-')[1..-1].map(&:upcase).join('_')
-      hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
-      value = @options.__hash__[hash_key]
-      if value
-        ansible_options += ["--#{param_name}", value]
-      end
-    end
+    ansible_options = ansible_options | pass_through_params
     ansible_command "ansible-playbook", "#{@environment}.yml", *ansible_options
   end
 end

data/lib/subspace/commands/ssh.rb

@@ -20,16 +20,7 @@ class Subspace::Commands::Ssh < Subspace::Commands::Base
     user = @user || host_vars["ansible_ssh_user"] || host_vars["ansible_user"]
     host = host_vars["ansible_ssh_host"] || host_vars["ansible_host"]
     port = host_vars["ansible_ssh_port"] || host_vars["ansible_port"] || 22
-    ssh_options = []
-    PASS_THROUGH_PARAMS.each do |param_name|
-      x = param_name.split('-')[1..-1].map(&:upcase).join('_')
-      hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
-      value = @options.__hash__[hash_key]
-      if value
-        ssh_options += ["-#{param_name}", value]
-      end
-    end
-    cmd = "ssh #{user}@#{host} -p #{port} #{ssh_options.join(" ")}"
+    cmd = "ssh #{user}@#{host} -p #{port} #{pass_through_params.join(" ")}"
     say cmd
     exec cmd
   end

data/lib/subspace/version.rb

@@ -1,3 +1,3 @@
 module Subspace
-  VERSION = "2.1.2"
+  VERSION = "2.3.0"
 end

data/subspace.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_development_dependency "bundler", "~> 1.12"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake", "~> 12.3.3"
   spec.add_development_dependency "rspec", "~> 3.0"
 
   spec.add_runtime_dependency "commander", "~>4.2"

data/template/provision.rb.erb

@@ -27,7 +27,7 @@ Subspace.configure do |config|
   config.host :dev, {
     ssh_host: "1.2.3.4",          # Ansible connects to this to provision
     ssh_user: "deploy",           # ssh user
-    sudo: true,                   # probably should be true if user isn't root
+    become: true,                   # probably should be true if user isn't root
     hostname: "dev.example.com"   # This will get set in /etc/hostname
   }
 

data/template/provision/group_vars/all.erb

@@ -5,10 +5,13 @@ use_sudo: true
 
 # ruby-common
 # pull the checksum/url from https://www.ruby-lang.org/en/downloads/
-ruby_version: ruby-2.2.5
-ruby_checksum: 30c4b31697a4ca4ea0c8db8ad30cf45e6690a0f09687e5d483c933c03ca335e3
-ruby_download_location: 'http://cache.ruby-lang.org/pub/ruby/ruby-2.2.5.tar.gz'
+ruby_version: ruby-2.7.1
+ruby_checksum: d418483bdd0000576c1370571121a6eb24582116db0b7bb2005e90e250eae418
+ruby_download_location: https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.1.tar.gz
+bundler_version: 2.1.4
 
-# passenger
-passenger_webserver: apache
-passenger_pkgs_state: installed
+# Other stuff
+letsencrypt_email: 
+nodejs_version: 13.x
+ssl_enabled: true
+postgresql_version: 11.7

data/template/provision/templates/application.yml.template

@@ -4,24 +4,24 @@
 # These environment variables are available to all environments, and can be secret or not:
 
 # These are secret and can be changed per environment easily by using subspace vars <env> --edit
-SECRET_KEY_BASE: {{SECRET_KEY_BASE}}
-AWS_SECRET_KEY: {{AWS_SECRET_KEY}}
+# SECRET_KEY_BASE: {{SECRET_KEY_BASE}}
+# AWS_SECRET_KEY: {{AWS_SECRET_KEY}}
 
 # These are not secret, and have the same value for all environments
-ENABLE_SOME_FEATURE: false
-MAX_USER_INVITES: 20
-DEFAULT_EMAIL_ADDRESS: test@example.com
+# ENABLE_SOME_FEATURE: false
+# MAX_USER_INVITES: 20
+# DEFAULT_EMAIL_ADDRESS: test@example.com
 
 
 # These variable are not secret, but have different, static values for all environments
 development:
-  INSECURE_VARIABLE: "this isn't secret"
-  AWS_BUCKET: my-app-development
+  # INSECURE_VARIABLE: "this isn't secret"
+  # AWS_BUCKET: my-app-development
 
 dev:
-  INSECURE_VARIABLE: "but it changes"
-  AWS_BUCKET: my-app-dev
+  # INSECURE_VARIABLE: "but it changes"
+  # AWS_BUCKET: my-app-dev
 
 production:
-  INSECURE_VARIABLE: "on different servers"
-  AWS_BUCKET: my-app-production
+  # INSECURE_VARIABLE: "on different servers"
+  # AWS_BUCKET: my-app-production

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: subspace
 version: !ruby/object:Gem::Version
-  version: 2.1.2
+  version: 2.3.0
 platform: ruby
 authors:
 - Brian Samson
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-10-01 00:00:00.000000000 Z
+date: 2020-08-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -101,6 +101,7 @@ files:
 - Rakefile
 - TODO
 - ansible/playbooks/local_template.yml
+- ansible/playbooks/maintenance_mode.yml
 - ansible/roles/alienvault/tasks/main.yml
 - ansible/roles/apache-rails/tasks/main.yml
 - ansible/roles/apache-rails/templates/_canonical_domain.conf
@@ -172,6 +173,7 @@ files:
 - ansible/roles/mysql2_gem/tasks/main.yml
 - ansible/roles/newrelic/handlers/main.yml
 - ansible/roles/newrelic/tasks/main.yml
+- ansible/roles/nginx-maintenance/tasks/main.yml
 - ansible/roles/nginx-rails/defaults/main.yml
 - ansible/roles/nginx-rails/tasks/main.yml
 - ansible/roles/nginx-rails/templates/_asset_cors.conf
@@ -263,6 +265,7 @@ files:
 - lib/subspace/commands/configure.rb
 - lib/subspace/commands/init.rb
 - lib/subspace/commands/maintain.rb
+- lib/subspace/commands/maintenance_mode.rb
 - lib/subspace/commands/override.rb
 - lib/subspace/commands/provision.rb
 - lib/subspace/commands/ssh.rb
@@ -285,7 +288,7 @@ licenses:
 - MIT
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -300,9 +303,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.8
-signing_key: 
+rubygems_version: 3.0.3
+signing_key:
 specification_version: 4
 summary: Ansible-based server provisioning for rails projects
 test_files: []