subspace 2.3.0 → 2.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5c1bb8ea735bdf17e01f7941b5ca6d19c33cdb7c6e28b9715001eaa4f6c357e6
4
- data.tar.gz: bdd11bf25939821875624dfcc8124247f7f1f9eadeae1e271e5bdab7a26799a5
3
+ metadata.gz: 453532a828c7f913ca85866e4e117daef85e0b21dd86092e734abb99ddcaad3a
4
+ data.tar.gz: e375411d365d7c7decaec797d648766187d2e54512d4226929ebd279686464ba
5
5
  SHA512:
6
- metadata.gz: c1b5a144b9dfa225858940a1fde22d66790183f4fd10b26fcc9920b0a8e609555760985e0e476d201cebb88c466881f8d3397a95447409a2e4ed64b54fafa4b7
7
- data.tar.gz: 5bdb929682b534293f6f91a7a6deab520ccbe8e7711bf2253c713e2bb7391fef271133aee3cf171317e8ecb8a106bdb0a7f58921b465883099ccadff75bb905e
6
+ metadata.gz: 74b2ba76f056e920cb53e88ebb1b5a8eb3c2e3830158bca9cda71661417b3506a99c27ff4d7d52ebf770f9a22102b86ed712cf1065753fb9d10d855a4c209882
7
+ data.tar.gz: a11f6ecb4634140f1175415ea3c78160bad5a2e21691b7e889359d23b8099fe49643bbda0901af6a92f7dff182590562c5a7a9b64dfa9accddeef375db068d87
@@ -10,6 +10,34 @@ This project attempts to follow [semantic versioning](https://semver.org/)
10
10
  * Not working on OSX - macs don't read from /etc/profile.d/
11
11
  * Stops showing color if you `sudo su`
12
12
 
13
+ ## 2.4.1
14
+ * Allow extra nginx options via extra_nginx_config eg:
15
+ ```
16
+ extra_nginx_config: |
17
+ proxy_http_version 1.1;
18
+ chunked_transfer_encoding off;
19
+ proxy_buffering off;
20
+ proxy_cache off;
21
+ ```
22
+ * Add keepalive_timeout for nginx
23
+
24
+ ## 2.4
25
+ Lots of modifications for ubuntu 20.04, which has python3 as a default
26
+
27
+ * Change letsencrypt to pull from apt instead of build from source (backwards compatible)
28
+ * Change postgres to a cleaner install and deprecate the old zenoamaro role
29
+ * postgresql_version is now a required variable and no longer defaults to 9.4
30
+ * Better detection of web servers
31
+
32
+ ## 2.3.3
33
+ * Tweak the way that different roles are detected to be more reliable
34
+
35
+ ## 2.3.2
36
+ * Update papertrail to latest version of remote_syslog2 and add support for nginx logs
37
+
38
+ ## 2.3.1
39
+ * Sidekiq concurrency actually works
40
+
13
41
  ## 2.3.0
14
42
  * Grab linux kernel to send as stats
15
43
  * Grab psql version to send as stats
data/README.md CHANGED
@@ -291,6 +291,10 @@ Configures nginx to look at localhost:9292 for the socket/backend connection. I
291
291
  defaults are here, we'll probably add more:
292
292
 
293
293
  client_max_body_size: 4G
294
+ ssl_force_redirect: true
295
+ default_server: true
296
+ keepalive_timeout: 10
297
+ extra_nginx_config: ""
294
298
 
295
299
  Optional variables:
296
300
 
@@ -300,6 +304,12 @@ Optional variables:
300
304
  nginx_proxy_read_timeout: Set [proxy_read_timeout](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_read_timeout). This is in seconds. You probably only want to change this if using rack-timeout (although I may be wrong). If using rack-timeout, it should be slightly higher than the rack-timeout timeout. I'm doing 5 seconds higher, but that was arbitrarily chosen.
301
305
 
302
306
  ssl_force_redirect: redirect all HTTP traffic to HTTPS on the same host. Defaults to true and only applies if ssl_enabled is also true.
307
+ extra_nginx_config: anything else you want to configure in the main nginx config block, formatted like:
308
+ extra_nginx_config: |
309
+ proxy_http_version 1.1;
310
+ chunked_transfer_encoding off;
311
+ proxy_buffering off;
312
+ proxy_cache off;
303
313
 
304
314
  ## nodejs
305
315
 
@@ -52,3 +52,7 @@
52
52
  state: link
53
53
  become: true
54
54
  notify: apache restart
55
+
56
+ - name: Apache is installed
57
+ set_fact:
58
+ apache_installed: true
@@ -47,7 +47,7 @@
47
47
  dest: /etc/collectd/collectd.conf.d/apache2.conf
48
48
  become: true
49
49
  notify: restart collectd
50
- when: "'apache' in role_names"
50
+ when: apache_installed is defined
51
51
 
52
52
  - name: create puma config
53
53
  template:
@@ -70,7 +70,7 @@
70
70
  dest: /etc/collectd/collectd.conf.d/nginx.conf
71
71
  become: true
72
72
  notify: restart collectd
73
- when: "'nginx' in role_names"
73
+ when: nginx_installed is defined
74
74
 
75
75
  - name: create rails_lograge config
76
76
  template:
@@ -4,7 +4,7 @@ This server brought to you by:
4
4
  \___ \| | | | '_ \___ \| '_ \ / _` |/ __/ _ \
5
5
  ___) | |_| | |_) |__) | |_) | (_| | (_| __/
6
6
  |____/ \__,_|_.__/____/| .__/ \__,_|\___\___|
7
- |_| v2.3.0
7
+ |_| v2.4.1
8
8
  ~~~ https://github.com/tenforwardconsulting/subspace ~~~
9
9
 
10
10
  If you need to make configuration changes to the server, please modify the
@@ -0,0 +1,44 @@
1
+ ---
2
+ - name: Install certbot dependencies
3
+ become: true
4
+ apt:
5
+ pkg: "{{item}}"
6
+ state: present
7
+ with_items:
8
+ - augeas-lenses
9
+ - ca-certificates
10
+ - dialog
11
+ - gcc
12
+ - libaugeas0
13
+ - libffi-dev
14
+ - libpython-dev
15
+ - libpython2.7-dev
16
+ - libssl-dev
17
+ - python
18
+ - python-dev
19
+ - python-setuptools
20
+ - python-virtualenv
21
+ - python2.7
22
+ - python2.7-dev
23
+
24
+ - name: "Create certbot dir"
25
+ become: true
26
+ file:
27
+ path: "{{certbot_dir}}"
28
+ state: directory
29
+ mode: 0755
30
+
31
+ - name: "Set certbot binary"
32
+ set_fact:
33
+ certbot_bin: "{{certbot_dir}}/certbot_auto"
34
+
35
+ - name: Get certbot
36
+ become: true
37
+ get_url:
38
+ url: "https://dl.eff.org/certbot-auto"
39
+ dest: "{{certbot_bin}}"
40
+ mode: a+x
41
+
42
+
43
+
44
+
@@ -1,38 +1,32 @@
1
1
  ---
2
- - name: Install certbot dependencies
2
+ - name: Ensure nginx is installed (first time)
3
3
  become: true
4
4
  apt:
5
- pkg: "{{item}}"
5
+ pkg: nginx
6
6
  state: present
7
- with_items:
8
- - augeas-lenses
9
- - ca-certificates
10
- - dialog
11
- - gcc
12
- - libaugeas0
13
- - libffi-dev
14
- - libpython-dev
15
- - libpython2.7-dev
16
- - libssl-dev
17
- - python
18
- - python-dev
19
- - python-setuptools
20
- - python-virtualenv
21
- - python2.7-dev
22
-
23
- - name: "Create certbot dir"
24
- become: true
25
- file:
26
- path: "{{certbot_dir}}"
27
- state: directory
28
- mode: 0755
7
+ when: "'nginx' in role_names"
29
8
 
30
- - name: Get certbot
9
+ - name: Attempt to install certbot from APT
31
10
  become: true
32
- get_url:
33
- url: "https://dl.eff.org/certbot-auto"
34
- dest: "{{certbot_dir}}/certbot-auto"
35
- mode: a+x
11
+ ignore_errors: true
12
+ apt:
13
+ pkg: certbox
14
+ state: present
15
+
16
+ - name: "Detect if certbot was installed via APT"
17
+ shell: dpkg-query -W 'certbot'
18
+ ignore_errors: true
19
+ register: apt_certbot
20
+
21
+ - name: "Modern Letsencrypt Installation (py3, apt version)"
22
+ include_tasks: modern.yml
23
+ when: apt_certbot is succeeded
24
+
25
+ - name: "Legacy Letsencrypt Installation (py2, from source)"
26
+ include_tasks: legacy.yml
27
+ when: apt_certbot is failed
28
+
29
+ # Post install configuration
36
30
 
37
31
  - name: shutdown webserver for standalone mode
38
32
  debug: msg="Shutdown webserver"
@@ -50,21 +44,21 @@
50
44
  - name: Run default
51
45
  when: le_ssl_certs is not defined
52
46
  become: true
53
- command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --standalone --agree-tos --expand --non-interactive"
47
+ command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --standalone --agree-tos --expand --non-interactive"
54
48
 
55
49
  - name: Generate SSL Certificates
56
50
  become: true
57
51
  with_items: "{{le_ssl_certs|default([])}}"
58
- command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
52
+ command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
59
53
 
60
54
  - name: Update nginx default options
61
- when: "'nginx' in role_names"
55
+ when: nginx_installed is defined
62
56
  get_url:
63
57
  url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
64
58
  dest: /etc/letsencrypt/options-ssl-nginx.conf
65
59
 
66
60
  - name: Update apache default options
67
- when: "'apache' in role_names"
61
+ when: apache_installed is defined
68
62
  get_url:
69
63
  url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
70
64
  dest: /etc/letsencrypt/options-ssl-apache.conf
@@ -82,20 +76,20 @@
82
76
 
83
77
  - name: Setup cron job to auto renew
84
78
  become: true
85
- when: "'apache' in role_names"
79
+ when: apache_installed is defined
86
80
  cron:
87
81
  name: Auto-renew SSL
88
- job: "{{certbot_dir}}/certbot-auto renew --no-self-upgrade --apache >> /var/log/cron.log 2>&1"
82
+ job: "{{certbot_bin}} renew --no-self-upgrade --apache >> /var/log/cron.log 2>&1"
89
83
  hour: "0"
90
84
  minute: "33"
91
85
  state: present
92
86
 
93
87
  - name: Setup cron job to auto renew
94
88
  become: true
95
- when: "'nginx' in role_names"
89
+ when: nginx_installed is defined
96
90
  cron:
97
91
  name: Auto-renew SSL
98
- job: "{{certbot_dir}}/certbot-auto renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
92
+ job: "{{certbot_bin}} renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
99
93
  hour: "0"
100
94
  minute: "33"
101
- state: present
95
+ state: present
@@ -0,0 +1,13 @@
1
+ ---
2
+ - name: Install ca-certificates
3
+ become: true
4
+ apt:
5
+ pkg: "{{item}}"
6
+ state: present
7
+ with_items:
8
+ - ca-certificates
9
+
10
+ - name: "Set certbot binary"
11
+ set_fact:
12
+ certbot_bin: "certbot"
13
+
@@ -2,3 +2,5 @@
2
2
  client_max_body_size: 4G
3
3
  ssl_force_redirect: true
4
4
  default_server: true
5
+ keepalive_timeout: 10
6
+ extra_nginx_config: ""
@@ -25,3 +25,14 @@
25
25
  dest: /etc/nginx/sites-enabled/{{project_name}}-ssl
26
26
  state: "{{ (ssl_enabled and nginx_ssl_config is defined) | ternary('link', 'absent') }}"
27
27
  become: true
28
+
29
+ - name: Enable a default server if one is not defined in the app
30
+ template:
31
+ src: 'default_server'
32
+ dest: /etc/nginx/sites-enabled/default_server
33
+ mode: 0644
34
+ group: root
35
+ owner: root
36
+ become: true
37
+ when: not default_server
38
+
@@ -15,6 +15,7 @@
15
15
  {% if nginx_proxy_read_timeout is defined %}
16
16
  proxy_read_timeout {{nginx_proxy_read_timeout}};
17
17
  {% endif %}
18
+ {{ extra_nginx_config | indent( width=4 ) }}
18
19
  }
19
20
 
20
21
  {% if asset_cors_allow_origin is defined %}
@@ -29,5 +30,5 @@
29
30
  root /opt/subspace;
30
31
  }
31
32
  client_max_body_size {{client_max_body_size}};
32
- keepalive_timeout 10;
33
+ keepalive_timeout {{keepalive_timeout}};
33
34
 
@@ -0,0 +1,5 @@
1
+ server {
2
+ listen 80 default_server;
3
+ server_name _;
4
+ return 444;
5
+ }
@@ -28,3 +28,7 @@
28
28
  - name: Restart nginx
29
29
  action: service name=nginx state=restarted
30
30
  become: true
31
+
32
+ - name: Nginx is installed
33
+ set_fact:
34
+ nginx_installed: true
@@ -1,6 +1,6 @@
1
1
  ---
2
2
  - name: Install remote_syslog from papertrail
3
- command: wget -O /tmp/remote_syslog.tar.gz https://github.com/papertrail/remote_syslog2/releases/download/v0.13/remote_syslog_linux_amd64.tar.gz creates=/usr/bin/remote_syslog
3
+ command: wget -O /tmp/remote_syslog.tar.gz https://github.com/papertrail/remote_syslog2/releases/download/v0.20/remote_syslog_linux_amd64.tar.gz creates=/usr/bin/remote_syslog
4
4
 
5
5
  - command: tar xzf /tmp/remote_syslog.tar.gz chdir=/tmp/ creates=/usr/bin/remote_syslog
6
6
 
@@ -10,7 +10,7 @@
10
10
  - file: path=/usr/bin/remote_syslog owner=root group=root mode=0755
11
11
  become: true
12
12
 
13
- - command: wget -O /etc/init.d/remote_syslog https://raw.githubusercontent.com/papertrail/remote_syslog2/v0.13/examples/remote_syslog.init.d creates=/etc/init.d/remote_syslog
13
+ - command: wget -O /etc/init.d/remote_syslog https://raw.githubusercontent.com/papertrail/remote_syslog2/v0.20/examples/remote_syslog.init.d creates=/etc/init.d/remote_syslog
14
14
  become: true
15
15
 
16
16
  - file: path=/etc/init.d/remote_syslog owner=root group=root mode=0755
@@ -20,8 +20,12 @@
20
20
 
21
21
  - file: path=/tmp/remote_syslog.tar.gz state=absent
22
22
 
23
- - service: name=remote_syslog state=restarted enabled=yes
23
+ - name: Create /etc/log_files
24
+ template: src=log_files.yml dest=/etc/log_files.yml owner=root group=root mode=0644
24
25
  become: true
25
26
 
26
- - template: src=log_files.yml dest=/etc/log_files.yml owner=root group=root mode=0644
27
+ - name: Restart rsyslog
28
+ service: name=remote_syslog state=restarted enabled=yes
27
29
  become: true
30
+
31
+
@@ -1,7 +1,14 @@
1
1
  # Variables: papertrail_host, papertrail_port
2
2
  files:
3
- - /var/log/apache2/error.log
4
3
  - /u/apps/{{project_name}}/shared/log/{{rails_env}}.log
4
+ {% if nginx_installed is defined %}
5
+ - /var/log/nginx/error.log
6
+ {% endif %}
7
+ {% if apache_installed is defined %}
8
+ - /var/log/apache2/error.log
9
+ {% endif %}
10
+
5
11
  destination:
6
12
  host: {{papertrail_host}}
7
13
  port: {{papertrail_port}}
14
+ protocol: tls
@@ -1,7 +1,2 @@
1
1
  ---
2
- dependencies:
3
- - {
4
- role: zenoamaro.postgresql,
5
- become: true,
6
- notify: postgresql restart
7
- }
2
+ dependencies:
@@ -1,6 +1,64 @@
1
1
  ---
2
2
  - set_fact: postgresql_installed="true"
3
3
 
4
+ - name: Adding APT repository key
5
+ become: yes
6
+ apt_key:
7
+ id: ACCC4CF8
8
+ url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
9
+ tags:
10
+ - postgresql
11
+ - db
12
+ - repo
13
+
14
+ - name: Add PostgreSQL official APT repository
15
+ become: yes
16
+ apt_repository:
17
+ repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
18
+ tags:
19
+ - postgresql
20
+ - db
21
+ - repo
22
+
23
+ - name: Install PostgreSQL
24
+ become: yes
25
+ apt:
26
+ name: "{{item}}"
27
+ state: present
28
+ update_cache: yes
29
+ cache_valid_time: 3600
30
+ with_items:
31
+ - "postgresql-{{postgresql_version}}"
32
+ - "postgresql-client-{{postgresql_version}}"
33
+ - "libpq-dev"
34
+ tags:
35
+ - postgresql
36
+ - db
37
+ - deps
38
+
39
+ - name: "Detect python3"
40
+ shell: "which python3"
41
+ register: is_python3
42
+
43
+ - name: Ensure pip is installed (python3)
44
+ when: is_python3 is succeeded
45
+ apt:
46
+ name: python3-pip
47
+ state: present
48
+ update_cache: yes
49
+
50
+ - name: Install psycopg2 (python3)
51
+ when: is_python3 is succeeded
52
+ become: yes
53
+ command: "pip3 install psycopg2"
54
+
55
+ - name: Install psycopg2 (python2)
56
+ when: is_python3 is failed
57
+ become: yes
58
+ apt:
59
+ name: python-psycopg2
60
+ state: latest
61
+
4
62
  - name: Create postgresql user
5
63
  postgresql_user:
6
64
  name: "{{database_user}}"
@@ -1,2 +1,2 @@
1
1
  ---
2
- sidekiq_concurrency: 5
2
+ sidekiq_concurrency: 10
@@ -1,4 +1,4 @@
1
1
  check process sidekiq
2
2
  with pidfile /u/apps/{{project_name}}/shared/tmp/pids/sidekiq.pid
3
- start program = "/bin/su - deploy -c 'cd /u/apps/{{project_name}}/current && bundle exec sidekiq --queue {{hostname}} {{ job_queues | map('regex_replace', '^(.*)$', '--queue \\1') | join(' ') }} --pidfile /u/apps/{{project_name}}/shared/tmp/pids/sidekiq.pid --environment {{rails_env}} --logfile /u/apps/{{project_name}}/shared/log/sidekiq.log --daemon'" with timeout 30 seconds
3
+ start program = "/bin/su - deploy -c 'cd /u/apps/{{project_name}}/current && bundle exec sidekiq --queue {{hostname}} {{ job_queues | map('regex_replace', '^(.*)$', '--queue \\1') | join(' ') }} -c {{sidekiq_concurrency}} --pidfile /u/apps/{{project_name}}/shared/tmp/pids/sidekiq.pid --environment {{rails_env}} --logfile /u/apps/{{project_name}}/shared/log/sidekiq.log --daemon'" with timeout 30 seconds
4
4
  stop program = "/bin/su - deploy -c 'kill -s TERM `cat /u/apps/{{project_name}}/shared/tmp/pids/sidekiq.pid`'" with timeout 30 seconds
@@ -1,6 +1,7 @@
1
1
  ---
2
2
 
3
- postgresql_version: 9.4
3
+ # BS -- Commenting this out to force people to
4
+ # postgresql_version: 9.4
4
5
 
5
6
  # This will be the main admin user, which is only allowed to connect
6
7
  # from localhost, mainly for provisioning, maintenance and scripts.
@@ -1,3 +1,3 @@
1
1
  module Subspace
2
- VERSION = "2.3.0"
2
+ VERSION = "2.4.1"
3
3
  end
@@ -27,7 +27,7 @@ Gem::Specification.new do |spec|
27
27
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
28
28
  spec.require_paths = ["lib"]
29
29
 
30
- spec.add_development_dependency "bundler", "~> 1.12"
30
+ spec.add_development_dependency "bundler", "~> 2.1"
31
31
  spec.add_development_dependency "rake", "~> 12.3.3"
32
32
  spec.add_development_dependency "rspec", "~> 3.0"
33
33
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: subspace
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.0
4
+ version: 2.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brian Samson
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-08-28 00:00:00.000000000 Z
11
+ date: 2020-11-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: '1.12'
19
+ version: '2.1'
20
20
  type: :development
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.12'
26
+ version: '2.1'
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rake
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -140,7 +140,9 @@ files:
140
140
  - ansible/roles/delayed_job/tasks/main.yml
141
141
  - ansible/roles/delayed_job/templates/delayed-job-monit-rc
142
142
  - ansible/roles/letsencrypt/defaults/main.yml
143
+ - ansible/roles/letsencrypt/tasks/legacy.yml
143
144
  - ansible/roles/letsencrypt/tasks/main.yml
145
+ - ansible/roles/letsencrypt/tasks/modern.yml
144
146
  - ansible/roles/letsencrypt_dns/defaults/main.yml
145
147
  - ansible/roles/letsencrypt_dns/tasks/main.yml
146
148
  - ansible/roles/logrotate/LICENSE
@@ -179,6 +181,7 @@ files:
179
181
  - ansible/roles/nginx-rails/templates/_asset_cors.conf
180
182
  - ansible/roles/nginx-rails/templates/_rails.conf
181
183
  - ansible/roles/nginx-rails/templates/_upstream.conf
184
+ - ansible/roles/nginx-rails/templates/default_server
182
185
  - ansible/roles/nginx-rails/templates/nginx-project
183
186
  - ansible/roles/nginx-rails/templates/nginx-project-ssl
184
187
  - ansible/roles/nginx/defaults/main.yml