subspace 2.1.2 → 2.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/.travis.yml +1 -1
- data/CHANGELOG.md +20 -1
- data/README.md +12 -0
- data/ansible/playbooks/maintenance_mode.yml +5 -0
- data/ansible/roles/common/tasks/main.yml +31 -0
- data/ansible/roles/common/templates/motd +1 -1
- data/ansible/roles/letsencrypt/tasks/main.yml +13 -7
- data/ansible/roles/memcache/tasks/main.yml +1 -1
- data/ansible/roles/mtpereira.passenger/defaults/main.yml +1 -1
- data/ansible/roles/mtpereira.passenger/handlers/main.yml +2 -2
- data/ansible/roles/mysql/meta/main.yml +1 -1
- data/ansible/roles/mysql/tasks/main.yml +2 -2
- data/ansible/roles/mysql2_gem/meta/main.yml +1 -1
- data/ansible/roles/mysql2_gem/tasks/main.yml +1 -1
- data/ansible/roles/newrelic/tasks/main.yml +4 -4
- data/ansible/roles/nginx-maintenance/tasks/main.yml +33 -0
- data/ansible/roles/nginx-rails/templates/_rails.conf +8 -1
- data/ansible/roles/papertrail/tasks/main.yml +6 -6
- data/ansible/roles/postgresql-client/tasks/main.yml +30 -4
- data/ansible/roles/postgresql/handlers/main.yml +1 -1
- data/ansible/roles/postgresql/tasks/main.yml +26 -0
- data/ansible/roles/rails/tasks/main.yml +1 -10
- data/ansible/roles/zenoamaro.postgresql/handlers/main.yml +3 -3
- data/ansible/roles/zenoamaro.postgresql/tasks/configure.yml +4 -4
- data/ansible/roles/zenoamaro.postgresql/tasks/extensions.yml +3 -3
- data/ansible/roles/zenoamaro.postgresql/tasks/install.yml +4 -4
- data/lib/subspace/cli.rb +14 -0
- data/lib/subspace/commands/base.rb +17 -0
- data/lib/subspace/commands/bootstrap.rb +2 -14
- data/lib/subspace/commands/maintain.rb +1 -8
- data/lib/subspace/commands/maintenance_mode.rb +16 -0
- data/lib/subspace/commands/provision.rb +1 -8
- data/lib/subspace/commands/ssh.rb +1 -10
- data/lib/subspace/version.rb +1 -1
- data/subspace.gemspec +1 -1
- data/template/provision.rb.erb +1 -1
- data/template/provision/group_vars/all.erb +9 -6
- data/template/provision/templates/application.yml.template +11 -11
- metadata +11 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5c1bb8ea735bdf17e01f7941b5ca6d19c33cdb7c6e28b9715001eaa4f6c357e6
|
4
|
+
data.tar.gz: bdd11bf25939821875624dfcc8124247f7f1f9eadeae1e271e5bdab7a26799a5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c1b5a144b9dfa225858940a1fde22d66790183f4fd10b26fcc9920b0a8e609555760985e0e476d201cebb88c466881f8d3397a95447409a2e4ed64b54fafa4b7
|
7
|
+
data.tar.gz: 5bdb929682b534293f6f91a7a6deab520ccbe8e7711bf2253c713e2bb7391fef271133aee3cf171317e8ecb8a106bdb0a7f58921b465883099ccadff75bb905e
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.6.3
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
@@ -10,10 +10,29 @@ This project attempts to follow [semantic versioning](https://semver.org/)
|
|
10
10
|
* Not working on OSX - macs don't read from /etc/profile.d/
|
11
11
|
* Stops showing color if you `sudo su`
|
12
12
|
|
13
|
+
## 2.3.0
|
14
|
+
* Grab linux kernel to send as stats
|
15
|
+
* Grab psql version to send as stats
|
16
|
+
|
17
|
+
## 2.2.3
|
18
|
+
* Add PATH to crontab for letsencrypt auto renewal
|
19
|
+
* log letsencrypt crontab to /var/log/cron.log
|
20
|
+
* fix setting hostname with systemd
|
21
|
+
|
22
|
+
## 2.2.2
|
23
|
+
* Use state: "present" instead of "installed"
|
24
|
+
|
25
|
+
## 2.2.1
|
26
|
+
* Update URL for letsencrypt tls raw file
|
27
|
+
|
28
|
+
## 2.2.0
|
29
|
+
* Add maintenance_mode command
|
30
|
+
* Add ppa:ondrej/nginx repo in common role for TLS 1.3 and nginx support
|
31
|
+
|
13
32
|
## 2.1.2
|
14
33
|
* bug fixes
|
15
34
|
* PostgreSQL database server works for version > 10
|
16
|
-
* New LetsEncrypt/NGINX servers get the correct file from the certbot repo
|
35
|
+
* New LetsEncrypt/NGINX servers get the correct file from the certbot repo
|
17
36
|
|
18
37
|
## 2.1.1
|
19
38
|
* bug fixes
|
data/README.md
CHANGED
@@ -69,6 +69,18 @@ At the time of this writing, we pass through the `ansible-playbook` "limit" opti
|
|
69
69
|
|
70
70
|
e.g. To run only on the host "prod-web1": `subspace maintain production --limit=prod-web1`
|
71
71
|
|
72
|
+
### `subspace maintenance_mode <environment> --on`
|
73
|
+
|
74
|
+
This sets up nginx to return all requests as 503 and serve only the
|
75
|
+
static page at `/u/apps/{{project_name}}/current/public/maintenance.html`
|
76
|
+
which must be checked into your project and deployed to the server.
|
77
|
+
|
78
|
+
`--on` and `--off`, defaults to off.
|
79
|
+
|
80
|
+
Only works for hosts using the `nginx` role, but you can pass in your entire environment. Running it on worker servers won't hurt anything.
|
81
|
+
|
82
|
+
MUST be turned off manually by running `subspace maintenance_mode <environment> --off`, even a deploy will not disable maintenance mode.
|
83
|
+
|
72
84
|
#### Tagged roles
|
73
85
|
|
74
86
|
Role | Tags | Comment
|
@@ -59,6 +59,7 @@
|
|
59
59
|
- name: Set hostname for systemd
|
60
60
|
hostname:
|
61
61
|
name: "{{hostname}}"
|
62
|
+
use: systemd
|
62
63
|
become: true
|
63
64
|
tags:
|
64
65
|
- maintenance
|
@@ -71,6 +72,10 @@
|
|
71
72
|
tags:
|
72
73
|
- maintenance
|
73
74
|
|
75
|
+
- name: Add ppa:ondrej/nginx apt repository for TLS 1.3
|
76
|
+
apt_repository:
|
77
|
+
repo: ppa:ondrej/nginx
|
78
|
+
|
74
79
|
- name: apt-get update
|
75
80
|
apt: update_cache=yes cache_valid_time=86400
|
76
81
|
become: true
|
@@ -247,4 +252,30 @@
|
|
247
252
|
tags:
|
248
253
|
- maintenance
|
249
254
|
|
255
|
+
- name: Grab OS version
|
256
|
+
shell: uname --kernel-release
|
257
|
+
register: stats_os_version
|
258
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
259
|
+
tags:
|
260
|
+
- maintenance
|
261
|
+
- stats
|
262
|
+
|
263
|
+
- name: Send OS stats to URL
|
264
|
+
uri:
|
265
|
+
url: "{{stats_url}}"
|
266
|
+
method: POST
|
267
|
+
headers:
|
268
|
+
X-API-Version: 1
|
269
|
+
X-Client-Api-key: "{{stats_api_key}}"
|
270
|
+
body_format: json
|
271
|
+
body:
|
272
|
+
client_stat:
|
273
|
+
key: os_version
|
274
|
+
value: "{{stats_os_version.stdout}}"
|
275
|
+
hostname: "{{hostname}}"
|
276
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
277
|
+
tags:
|
278
|
+
- maintenance
|
279
|
+
- stats
|
280
|
+
|
250
281
|
- import_tasks: swap.yml
|
@@ -4,7 +4,7 @@ This server brought to you by:
|
|
4
4
|
\___ \| | | | '_ \___ \| '_ \ / _` |/ __/ _ \
|
5
5
|
___) | |_| | |_) |__) | |_) | (_| | (_| __/
|
6
6
|
|____/ \__,_|_.__/____/| .__/ \__,_|\___\___|
|
7
|
-
|_| v2.0
|
7
|
+
|_| v2.3.0
|
8
8
|
~~~ https://github.com/tenforwardconsulting/subspace ~~~
|
9
9
|
|
10
10
|
If you need to make configuration changes to the server, please modify the
|
@@ -60,7 +60,7 @@
|
|
60
60
|
- name: Update nginx default options
|
61
61
|
when: "'nginx' in role_names"
|
62
62
|
get_url:
|
63
|
-
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf
|
63
|
+
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
|
64
64
|
dest: /etc/letsencrypt/options-ssl-nginx.conf
|
65
65
|
|
66
66
|
- name: Update apache default options
|
@@ -74,14 +74,20 @@
|
|
74
74
|
notify: start webserver
|
75
75
|
changed_when: true
|
76
76
|
|
77
|
+
- name: Set path at top of crontab
|
78
|
+
cron:
|
79
|
+
name: PATH
|
80
|
+
env: yes
|
81
|
+
job: /usr/bin:/bin:/usr/sbin
|
82
|
+
|
77
83
|
- name: Setup cron job to auto renew
|
78
84
|
become: true
|
79
85
|
when: "'apache' in role_names"
|
80
86
|
cron:
|
81
87
|
name: Auto-renew SSL
|
82
|
-
job: "{{certbot_dir}}/certbot-auto renew --
|
83
|
-
hour: 0
|
84
|
-
minute: 33
|
88
|
+
job: "{{certbot_dir}}/certbot-auto renew --no-self-upgrade --apache >> /var/log/cron.log 2>&1"
|
89
|
+
hour: "0"
|
90
|
+
minute: "33"
|
85
91
|
state: present
|
86
92
|
|
87
93
|
- name: Setup cron job to auto renew
|
@@ -89,7 +95,7 @@
|
|
89
95
|
when: "'nginx' in role_names"
|
90
96
|
cron:
|
91
97
|
name: Auto-renew SSL
|
92
|
-
job: "{{certbot_dir}}/certbot-auto renew --
|
93
|
-
hour: 0
|
94
|
-
minute: 33
|
98
|
+
job: "{{certbot_dir}}/certbot-auto renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
|
99
|
+
hour: "0"
|
100
|
+
minute: "33"
|
95
101
|
state: present
|
@@ -3,10 +3,10 @@
|
|
3
3
|
template:
|
4
4
|
src: mysql_database.yml
|
5
5
|
dest: /u/apps/{{project_name}}/shared/config/database.yml
|
6
|
-
|
6
|
+
become: true
|
7
7
|
sudo_user: "{{deploy_user}}"
|
8
8
|
|
9
9
|
- name: Install mysql2 gem dependencies
|
10
10
|
apt:
|
11
11
|
name: libmysqlclient-dev
|
12
|
-
|
12
|
+
become: true
|
@@ -3,21 +3,21 @@
|
|
3
3
|
apt_repository:
|
4
4
|
repo: deb http://apt.newrelic.com/debian/ newrelic non-free
|
5
5
|
state: present
|
6
|
-
|
6
|
+
become: true
|
7
7
|
|
8
8
|
- name: Add New Relic apt key
|
9
9
|
apt_key:
|
10
10
|
url: https://download.newrelic.com/548C16BF.gpg
|
11
11
|
state: present
|
12
|
-
|
12
|
+
become: true
|
13
13
|
|
14
14
|
- name: Install New Relic server agent
|
15
15
|
apt:
|
16
16
|
pkg: newrelic-sysmond
|
17
17
|
state: present
|
18
18
|
update_cache: true
|
19
|
-
|
19
|
+
become: true
|
20
20
|
|
21
21
|
- shell: "nrsysmond-config --set license_key={{newrelic_licence}}"
|
22
|
-
|
22
|
+
become: true
|
23
23
|
notify: start newrelic agent
|
@@ -0,0 +1,33 @@
|
|
1
|
+
---
|
2
|
+
- name: Check that /opt/subspace/ exists
|
3
|
+
stat:
|
4
|
+
path: /opt/subspace/
|
5
|
+
register: subspace_dir
|
6
|
+
tags:
|
7
|
+
- maintenance_on
|
8
|
+
- maintenance_off
|
9
|
+
|
10
|
+
- name: Check that /u/apps/{{project_name}}/current/public/maintenance.html exists
|
11
|
+
stat:
|
12
|
+
path: /u/apps/{{project_name}}/current/public/maintenance.html
|
13
|
+
register: app_maintenance_html
|
14
|
+
tags:
|
15
|
+
- maintenance_on
|
16
|
+
|
17
|
+
- name: Move maintenance.html to /opt/subspace
|
18
|
+
command: cp /u/apps/{{project_name}}/current/public/maintenance.html /opt/subspace/maintenance.html
|
19
|
+
args:
|
20
|
+
creates: /opt/subspace/maintenance.html
|
21
|
+
when:
|
22
|
+
- app_maintenance_html.stat.exists == True
|
23
|
+
- subspace_dir.stat.exists == True
|
24
|
+
tags:
|
25
|
+
- maintenance_on
|
26
|
+
|
27
|
+
- name: Remove /opt/subspace/maintenance.html
|
28
|
+
file:
|
29
|
+
path: /opt/subspace/maintenance.html
|
30
|
+
state: absent
|
31
|
+
when: subspace_dir.stat.exists == True
|
32
|
+
tags:
|
33
|
+
- maintenance_off
|
@@ -2,6 +2,9 @@
|
|
2
2
|
try_files $uri/index.html $uri @app;
|
3
3
|
|
4
4
|
location @app {
|
5
|
+
if (-f /opt/subspace/maintenance.html) {
|
6
|
+
return 503;
|
7
|
+
}
|
5
8
|
proxy_pass http://app;
|
6
9
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
7
10
|
proxy_set_header X-Forwarded-Proto $app_proto;
|
@@ -20,7 +23,11 @@
|
|
20
23
|
}
|
21
24
|
{% endif %}
|
22
25
|
|
23
|
-
error_page 500 502
|
26
|
+
error_page 500 502 504 /500.html;
|
27
|
+
error_page 503 /maintenance.html;
|
28
|
+
location /maintenance.html {
|
29
|
+
root /opt/subspace;
|
30
|
+
}
|
24
31
|
client_max_body_size {{client_max_body_size}};
|
25
32
|
keepalive_timeout 10;
|
26
33
|
|
@@ -5,23 +5,23 @@
|
|
5
5
|
- command: tar xzf /tmp/remote_syslog.tar.gz chdir=/tmp/ creates=/usr/bin/remote_syslog
|
6
6
|
|
7
7
|
- command: mv /tmp/remote_syslog/remote_syslog /usr/bin/remote_syslog creates=/usr/bin/remote_syslog
|
8
|
-
|
8
|
+
become: true
|
9
9
|
|
10
10
|
- file: path=/usr/bin/remote_syslog owner=root group=root mode=0755
|
11
|
-
|
11
|
+
become: true
|
12
12
|
|
13
13
|
- command: wget -O /etc/init.d/remote_syslog https://raw.githubusercontent.com/papertrail/remote_syslog2/v0.13/examples/remote_syslog.init.d creates=/etc/init.d/remote_syslog
|
14
|
-
|
14
|
+
become: true
|
15
15
|
|
16
16
|
- file: path=/etc/init.d/remote_syslog owner=root group=root mode=0755
|
17
|
-
|
17
|
+
become: true
|
18
18
|
|
19
19
|
- file: path=/tmp/remote_syslog/ state=absent
|
20
20
|
|
21
21
|
- file: path=/tmp/remote_syslog.tar.gz state=absent
|
22
22
|
|
23
23
|
- service: name=remote_syslog state=restarted enabled=yes
|
24
|
-
|
24
|
+
become: true
|
25
25
|
|
26
26
|
- template: src=log_files.yml dest=/etc/log_files.yml owner=root group=root mode=0644
|
27
|
-
|
27
|
+
become: true
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# [repository]: http://www.postgresql.org/download/
|
4
4
|
- name: Adding APT repository key
|
5
5
|
when: ansible_os_family == 'Debian'
|
6
|
-
|
6
|
+
become: yes
|
7
7
|
apt_key:
|
8
8
|
id: ACCC4CF8
|
9
9
|
url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
|
@@ -14,7 +14,7 @@
|
|
14
14
|
|
15
15
|
- name: Add PostgreSQL official APT repository
|
16
16
|
when: ansible_os_family == 'Debian'
|
17
|
-
|
17
|
+
become: yes
|
18
18
|
apt_repository:
|
19
19
|
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
|
20
20
|
tags:
|
@@ -24,7 +24,7 @@
|
|
24
24
|
|
25
25
|
- name: Install PostgreSQL
|
26
26
|
when: ansible_os_family == 'Debian'
|
27
|
-
|
27
|
+
become: yes
|
28
28
|
apt:
|
29
29
|
name: "postgresql-client-{{postgresql_version}}"
|
30
30
|
state: present
|
@@ -37,7 +37,7 @@
|
|
37
37
|
|
38
38
|
- name: Install dependencies for the Ansible module
|
39
39
|
when: ansible_os_family == 'Debian'
|
40
|
-
|
40
|
+
become: yes
|
41
41
|
apt:
|
42
42
|
name: "{{item}}"
|
43
43
|
state: latest
|
@@ -47,3 +47,29 @@
|
|
47
47
|
- postgresql
|
48
48
|
- db
|
49
49
|
- deps
|
50
|
+
|
51
|
+
- name: Grab Psql version
|
52
|
+
shell: psql --version
|
53
|
+
register: stats_psql_version
|
54
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
55
|
+
tags:
|
56
|
+
- maintenance
|
57
|
+
- stats
|
58
|
+
|
59
|
+
- name: Send Psql stats to URL
|
60
|
+
uri:
|
61
|
+
url: "{{stats_url}}"
|
62
|
+
method: POST
|
63
|
+
headers:
|
64
|
+
X-API-Version: 1
|
65
|
+
X-Client-Api-key: "{{stats_api_key}}"
|
66
|
+
body_format: json
|
67
|
+
body:
|
68
|
+
client_stat:
|
69
|
+
key: psql_version
|
70
|
+
value: "{{stats_psql_version.stdout}}"
|
71
|
+
hostname: "{{hostname}}"
|
72
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
73
|
+
tags:
|
74
|
+
- maintenance
|
75
|
+
- stats
|
@@ -38,3 +38,29 @@
|
|
38
38
|
|
39
39
|
- include: backups.yml
|
40
40
|
become: true
|
41
|
+
|
42
|
+
- name: Grab Psql version
|
43
|
+
shell: psql --version
|
44
|
+
register: stats_psql_version
|
45
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
46
|
+
tags:
|
47
|
+
- maintenance
|
48
|
+
- stats
|
49
|
+
|
50
|
+
- name: Send Psql stats to URL
|
51
|
+
uri:
|
52
|
+
url: "{{stats_url}}"
|
53
|
+
method: POST
|
54
|
+
headers:
|
55
|
+
X-API-Version: 1
|
56
|
+
X-Client-Api-key: "{{stats_api_key}}"
|
57
|
+
body_format: json
|
58
|
+
body:
|
59
|
+
client_stat:
|
60
|
+
key: psql_version
|
61
|
+
value: "{{stats_psql_version.stdout}}"
|
62
|
+
hostname: "{{hostname}}"
|
63
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
64
|
+
tags:
|
65
|
+
- maintenance
|
66
|
+
- stats
|
@@ -1,16 +1,7 @@
|
|
1
1
|
---
|
2
2
|
- name: Install rails apt dependencies
|
3
3
|
apt:
|
4
|
-
name:
|
5
|
-
with_items:
|
6
|
-
- git
|
7
|
-
- libffi-dev
|
8
|
-
- libgmp3-dev
|
9
|
-
- libpq-dev
|
10
|
-
- libxslt-dev
|
11
|
-
- nodejs
|
12
|
-
- zlib1g-dev
|
13
|
-
- ffmpeg
|
4
|
+
name: ['git', 'libffi-dev', 'libgmp3-dev', 'libpq-dev', 'libxslt-dev', 'nodejs', 'zlib1g-dev' ,'ffmpeg']
|
14
5
|
become: true
|
15
6
|
when: ('Ubuntu' in ansible_distribution)
|
16
7
|
tags:
|
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
|
3
3
|
- name: Create the necessary directories
|
4
|
-
|
4
|
+
become: yes
|
5
5
|
file:
|
6
6
|
dest: "{{item}}"
|
7
7
|
state: directory
|
@@ -18,7 +18,7 @@
|
|
18
18
|
- conf
|
19
19
|
|
20
20
|
- name: Configure PostgreSQL
|
21
|
-
|
21
|
+
become: yes
|
22
22
|
template:
|
23
23
|
src: "{{item}}"
|
24
24
|
dest: "{{postgresql_conf_directory}}/{{item}}"
|
@@ -33,7 +33,7 @@
|
|
33
33
|
- conf
|
34
34
|
|
35
35
|
- name: Configure PostgreSQL (authentication)
|
36
|
-
|
36
|
+
become: yes
|
37
37
|
template:
|
38
38
|
src: pg_hba.conf
|
39
39
|
dest: "{{postgresql_hba_file}}"
|
@@ -44,7 +44,7 @@
|
|
44
44
|
- conf
|
45
45
|
|
46
46
|
- name: Configure PostgreSQL (ident)
|
47
|
-
|
47
|
+
become: yes
|
48
48
|
template:
|
49
49
|
src: pg_ident.conf
|
50
50
|
dest: "{{postgresql_ident_file}}"
|
@@ -6,7 +6,7 @@
|
|
6
6
|
|
7
7
|
- name: Install development headers
|
8
8
|
when: postgresql_dev_headers == True
|
9
|
-
|
9
|
+
become: yes
|
10
10
|
apt:
|
11
11
|
name: libpq-dev
|
12
12
|
tags:
|
@@ -21,7 +21,7 @@
|
|
21
21
|
|
22
22
|
- name: Install PostgreSQL contribs
|
23
23
|
when: postgresql_contrib
|
24
|
-
|
24
|
+
become: yes
|
25
25
|
apt:
|
26
26
|
name: "postgresql-contrib-{{postgresql_version}}"
|
27
27
|
notify: restart postgresql
|
@@ -36,7 +36,7 @@
|
|
36
36
|
|
37
37
|
- name: Add postgis extensions
|
38
38
|
when: postgresql_postgis
|
39
|
-
|
39
|
+
become: yes
|
40
40
|
apt:
|
41
41
|
name: "{{item}}"
|
42
42
|
with_items:
|
@@ -5,7 +5,7 @@
|
|
5
5
|
|
6
6
|
- name: Adding APT repository key
|
7
7
|
when: ansible_os_family == 'Debian'
|
8
|
-
|
8
|
+
become: yes
|
9
9
|
apt_key:
|
10
10
|
id: ACCC4CF8
|
11
11
|
url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
|
@@ -16,7 +16,7 @@
|
|
16
16
|
|
17
17
|
- name: Add PostgreSQL official APT repository
|
18
18
|
when: ansible_os_family == 'Debian'
|
19
|
-
|
19
|
+
become: yes
|
20
20
|
apt_repository:
|
21
21
|
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
|
22
22
|
tags:
|
@@ -26,7 +26,7 @@
|
|
26
26
|
|
27
27
|
- name: Install PostgreSQL
|
28
28
|
when: ansible_os_family == 'Debian'
|
29
|
-
|
29
|
+
become: yes
|
30
30
|
apt:
|
31
31
|
name: "postgresql-{{postgresql_version}}"
|
32
32
|
state: present
|
@@ -39,7 +39,7 @@
|
|
39
39
|
|
40
40
|
- name: Install dependencies for the Ansible module
|
41
41
|
when: ansible_os_family == 'Debian'
|
42
|
-
|
42
|
+
become: yes
|
43
43
|
apt:
|
44
44
|
name: "{{item}}"
|
45
45
|
state: latest
|
data/lib/subspace/cli.rb
CHANGED
@@ -13,6 +13,7 @@ require 'subspace/commands/provision'
|
|
13
13
|
require 'subspace/commands/ssh'
|
14
14
|
require 'subspace/commands/vars'
|
15
15
|
require 'subspace/commands/maintain'
|
16
|
+
require 'subspace/commands/maintenance_mode.rb'
|
16
17
|
|
17
18
|
class Subspace::Cli
|
18
19
|
include Commander::Methods
|
@@ -105,6 +106,19 @@ class Subspace::Cli
|
|
105
106
|
c.when_called Subspace::Commands::Maintain
|
106
107
|
end
|
107
108
|
|
109
|
+
command :maintenance_mode do |c, args|
|
110
|
+
c.syntax = 'subspace maintenance_mode [options]'
|
111
|
+
c.summary = 'Turns on or off maintenance mode'
|
112
|
+
c.description = ''
|
113
|
+
c.option "-i", "--private-key PRIVATE-KEY", "Alias for private-key"
|
114
|
+
c.option "--on", "Turns on maintenance mode"
|
115
|
+
c.option "--off", "Turns off maintenance mode"
|
116
|
+
Subspace::Commands::MaintenanceMode::PASS_THROUGH_PARAMS.each do |param_name|
|
117
|
+
c.option "--#{param_name} #{param_name.upcase}", "Passed directly through to ansible-playbook command"
|
118
|
+
end
|
119
|
+
c.when_called Subspace::Commands::MaintenanceMode
|
120
|
+
end
|
121
|
+
|
108
122
|
run!
|
109
123
|
end
|
110
124
|
end
|
@@ -53,6 +53,23 @@ module Subspace
|
|
53
53
|
return answer.downcase.start_with? "y"
|
54
54
|
end
|
55
55
|
|
56
|
+
def pass_through_params
|
57
|
+
ansible_options = []
|
58
|
+
self.class::PASS_THROUGH_PARAMS.each do |param_name|
|
59
|
+
x = param_name.split('-')[1..-1].map(&:upcase).join('_')
|
60
|
+
hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
|
61
|
+
value = @options.__hash__[hash_key]
|
62
|
+
if value
|
63
|
+
if param_name.length > 1
|
64
|
+
ansible_options += ["--#{param_name}", value]
|
65
|
+
else
|
66
|
+
ansible_options += ["-#{param_name}", value]
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
ansible_options
|
72
|
+
end
|
56
73
|
end
|
57
74
|
end
|
58
75
|
end
|
@@ -26,7 +26,7 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
|
|
26
26
|
"path=/home/{{ansible_ssh_user}}/.ssh state=directory mode=0700",
|
27
27
|
"-vvvv"
|
28
28
|
]
|
29
|
-
cmd =
|
29
|
+
cmd = cmd | pass_through_params
|
30
30
|
bootstrap_command cmd
|
31
31
|
end
|
32
32
|
|
@@ -41,7 +41,7 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
|
|
41
41
|
"--become",
|
42
42
|
"-vvvv"
|
43
43
|
]
|
44
|
-
cmd =
|
44
|
+
cmd = cmd | pass_through_params
|
45
45
|
bootstrap_command cmd
|
46
46
|
end
|
47
47
|
|
@@ -51,16 +51,4 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
|
|
51
51
|
end
|
52
52
|
ansible_command *cmd
|
53
53
|
end
|
54
|
-
|
55
|
-
def add_pass_through_params(cmd)
|
56
|
-
PASS_THROUGH_PARAMS.each do |param_name|
|
57
|
-
x = param_name.split('-')[1..-1].map(&:upcase).join('_')
|
58
|
-
hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
|
59
|
-
value = @options.__hash__[hash_key]
|
60
|
-
if value
|
61
|
-
cmd += ["--#{param_name}", value]
|
62
|
-
end
|
63
|
-
end
|
64
|
-
cmd
|
65
|
-
end
|
66
54
|
end
|
@@ -9,14 +9,7 @@ class Subspace::Commands::Maintain < Subspace::Commands::Base
|
|
9
9
|
|
10
10
|
def run
|
11
11
|
ansible_options = ["--diff", "--tags=maintenance"]
|
12
|
-
|
13
|
-
x = param_name.split('-')[1..-1].map(&:upcase).join('_')
|
14
|
-
hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
|
15
|
-
value = @options.__hash__[hash_key]
|
16
|
-
if value
|
17
|
-
ansible_options += ["--#{param_name}", value]
|
18
|
-
end
|
19
|
-
end
|
12
|
+
ansible_options = ansible_options | pass_through_params
|
20
13
|
ansible_command "ansible-playbook", "#{@environment}.yml", *ansible_options
|
21
14
|
end
|
22
15
|
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
class Subspace::Commands::MaintenanceMode < Subspace::Commands::Base
|
2
|
+
PASS_THROUGH_PARAMS = ["private-key", "limit"]
|
3
|
+
|
4
|
+
def initialize(args, options)
|
5
|
+
@hosts = args.first
|
6
|
+
@options = options
|
7
|
+
run
|
8
|
+
end
|
9
|
+
|
10
|
+
def run
|
11
|
+
on_off = @options.__hash__[:on] ? "on" : "off"
|
12
|
+
ansible_options = ["--diff", "-e maintenance_hosts=#{@hosts}", "--tags=maintenance_#{on_off}"]
|
13
|
+
ansible_options = ansible_options | pass_through_params
|
14
|
+
ansible_command "ansible-playbook", File.join(File.dirname(__FILE__), "../../../ansible/playbooks/maintenance_mode.yml"), *ansible_options
|
15
|
+
end
|
16
|
+
end
|
@@ -9,14 +9,7 @@ class Subspace::Commands::Provision < Subspace::Commands::Base
|
|
9
9
|
|
10
10
|
def run
|
11
11
|
ansible_options = ["--diff"]
|
12
|
-
|
13
|
-
x = param_name.split('-')[1..-1].map(&:upcase).join('_')
|
14
|
-
hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
|
15
|
-
value = @options.__hash__[hash_key]
|
16
|
-
if value
|
17
|
-
ansible_options += ["--#{param_name}", value]
|
18
|
-
end
|
19
|
-
end
|
12
|
+
ansible_options = ansible_options | pass_through_params
|
20
13
|
ansible_command "ansible-playbook", "#{@environment}.yml", *ansible_options
|
21
14
|
end
|
22
15
|
end
|
@@ -20,16 +20,7 @@ class Subspace::Commands::Ssh < Subspace::Commands::Base
|
|
20
20
|
user = @user || host_vars["ansible_ssh_user"] || host_vars["ansible_user"]
|
21
21
|
host = host_vars["ansible_ssh_host"] || host_vars["ansible_host"]
|
22
22
|
port = host_vars["ansible_ssh_port"] || host_vars["ansible_port"] || 22
|
23
|
-
|
24
|
-
PASS_THROUGH_PARAMS.each do |param_name|
|
25
|
-
x = param_name.split('-')[1..-1].map(&:upcase).join('_')
|
26
|
-
hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
|
27
|
-
value = @options.__hash__[hash_key]
|
28
|
-
if value
|
29
|
-
ssh_options += ["-#{param_name}", value]
|
30
|
-
end
|
31
|
-
end
|
32
|
-
cmd = "ssh #{user}@#{host} -p #{port} #{ssh_options.join(" ")}"
|
23
|
+
cmd = "ssh #{user}@#{host} -p #{port} #{pass_through_params.join(" ")}"
|
33
24
|
say cmd
|
34
25
|
exec cmd
|
35
26
|
end
|
data/lib/subspace/version.rb
CHANGED
data/subspace.gemspec
CHANGED
@@ -28,7 +28,7 @@ Gem::Specification.new do |spec|
|
|
28
28
|
spec.require_paths = ["lib"]
|
29
29
|
|
30
30
|
spec.add_development_dependency "bundler", "~> 1.12"
|
31
|
-
spec.add_development_dependency "rake", "~>
|
31
|
+
spec.add_development_dependency "rake", "~> 12.3.3"
|
32
32
|
spec.add_development_dependency "rspec", "~> 3.0"
|
33
33
|
|
34
34
|
spec.add_runtime_dependency "commander", "~>4.2"
|
data/template/provision.rb.erb
CHANGED
@@ -27,7 +27,7 @@ Subspace.configure do |config|
|
|
27
27
|
config.host :dev, {
|
28
28
|
ssh_host: "1.2.3.4", # Ansible connects to this to provision
|
29
29
|
ssh_user: "deploy", # ssh user
|
30
|
-
|
30
|
+
become: true, # probably should be true if user isn't root
|
31
31
|
hostname: "dev.example.com" # This will get set in /etc/hostname
|
32
32
|
}
|
33
33
|
|
@@ -5,10 +5,13 @@ use_sudo: true
|
|
5
5
|
|
6
6
|
# ruby-common
|
7
7
|
# pull the checksum/url from https://www.ruby-lang.org/en/downloads/
|
8
|
-
ruby_version: ruby-2.
|
9
|
-
ruby_checksum:
|
10
|
-
ruby_download_location:
|
8
|
+
ruby_version: ruby-2.7.1
|
9
|
+
ruby_checksum: d418483bdd0000576c1370571121a6eb24582116db0b7bb2005e90e250eae418
|
10
|
+
ruby_download_location: https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.1.tar.gz
|
11
|
+
bundler_version: 2.1.4
|
11
12
|
|
12
|
-
#
|
13
|
-
|
14
|
-
|
13
|
+
# Other stuff
|
14
|
+
letsencrypt_email:
|
15
|
+
nodejs_version: 13.x
|
16
|
+
ssl_enabled: true
|
17
|
+
postgresql_version: 11.7
|
@@ -4,24 +4,24 @@
|
|
4
4
|
# These environment variables are available to all environments, and can be secret or not:
|
5
5
|
|
6
6
|
# These are secret and can be changed per environment easily by using subspace vars <env> --edit
|
7
|
-
SECRET_KEY_BASE: {{SECRET_KEY_BASE}}
|
8
|
-
AWS_SECRET_KEY: {{AWS_SECRET_KEY}}
|
7
|
+
# SECRET_KEY_BASE: {{SECRET_KEY_BASE}}
|
8
|
+
# AWS_SECRET_KEY: {{AWS_SECRET_KEY}}
|
9
9
|
|
10
10
|
# These are not secret, and have the same value for all environments
|
11
|
-
ENABLE_SOME_FEATURE: false
|
12
|
-
MAX_USER_INVITES: 20
|
13
|
-
DEFAULT_EMAIL_ADDRESS: test@example.com
|
11
|
+
# ENABLE_SOME_FEATURE: false
|
12
|
+
# MAX_USER_INVITES: 20
|
13
|
+
# DEFAULT_EMAIL_ADDRESS: test@example.com
|
14
14
|
|
15
15
|
|
16
16
|
# These variable are not secret, but have different, static values for all environments
|
17
17
|
development:
|
18
|
-
INSECURE_VARIABLE: "this isn't secret"
|
19
|
-
AWS_BUCKET: my-app-development
|
18
|
+
# INSECURE_VARIABLE: "this isn't secret"
|
19
|
+
# AWS_BUCKET: my-app-development
|
20
20
|
|
21
21
|
dev:
|
22
|
-
INSECURE_VARIABLE: "but it changes"
|
23
|
-
AWS_BUCKET: my-app-dev
|
22
|
+
# INSECURE_VARIABLE: "but it changes"
|
23
|
+
# AWS_BUCKET: my-app-dev
|
24
24
|
|
25
25
|
production:
|
26
|
-
INSECURE_VARIABLE: "on different servers"
|
27
|
-
AWS_BUCKET: my-app-production
|
26
|
+
# INSECURE_VARIABLE: "on different servers"
|
27
|
+
# AWS_BUCKET: my-app-production
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-08-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version:
|
33
|
+
version: 12.3.3
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version:
|
40
|
+
version: 12.3.3
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rspec
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -101,6 +101,7 @@ files:
|
|
101
101
|
- Rakefile
|
102
102
|
- TODO
|
103
103
|
- ansible/playbooks/local_template.yml
|
104
|
+
- ansible/playbooks/maintenance_mode.yml
|
104
105
|
- ansible/roles/alienvault/tasks/main.yml
|
105
106
|
- ansible/roles/apache-rails/tasks/main.yml
|
106
107
|
- ansible/roles/apache-rails/templates/_canonical_domain.conf
|
@@ -172,6 +173,7 @@ files:
|
|
172
173
|
- ansible/roles/mysql2_gem/tasks/main.yml
|
173
174
|
- ansible/roles/newrelic/handlers/main.yml
|
174
175
|
- ansible/roles/newrelic/tasks/main.yml
|
176
|
+
- ansible/roles/nginx-maintenance/tasks/main.yml
|
175
177
|
- ansible/roles/nginx-rails/defaults/main.yml
|
176
178
|
- ansible/roles/nginx-rails/tasks/main.yml
|
177
179
|
- ansible/roles/nginx-rails/templates/_asset_cors.conf
|
@@ -263,6 +265,7 @@ files:
|
|
263
265
|
- lib/subspace/commands/configure.rb
|
264
266
|
- lib/subspace/commands/init.rb
|
265
267
|
- lib/subspace/commands/maintain.rb
|
268
|
+
- lib/subspace/commands/maintenance_mode.rb
|
266
269
|
- lib/subspace/commands/override.rb
|
267
270
|
- lib/subspace/commands/provision.rb
|
268
271
|
- lib/subspace/commands/ssh.rb
|
@@ -285,7 +288,7 @@ licenses:
|
|
285
288
|
- MIT
|
286
289
|
metadata:
|
287
290
|
allowed_push_host: https://rubygems.org
|
288
|
-
post_install_message:
|
291
|
+
post_install_message:
|
289
292
|
rdoc_options: []
|
290
293
|
require_paths:
|
291
294
|
- lib
|
@@ -300,9 +303,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
300
303
|
- !ruby/object:Gem::Version
|
301
304
|
version: '0'
|
302
305
|
requirements: []
|
303
|
-
|
304
|
-
|
305
|
-
signing_key:
|
306
|
+
rubygems_version: 3.0.3
|
307
|
+
signing_key:
|
306
308
|
specification_version: 4
|
307
309
|
summary: Ansible-based server provisioning for rails projects
|
308
310
|
test_files: []
|