subspace 2.4.2 → 2.5.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e15b70fcbd3ba32134d6b7a39e1eb1aa005a4f2cac2a25386cfc1362ad701c1e
-  data.tar.gz: a77ca10a7cd9d1036b9f6f6277c6d392c53a64c6c0dcb870ff7d6a6826ab2b73
+  metadata.gz: 80d8c1f6e9cebb238b6afa922f2175d9d7c38e64ff64020b83b247b297d0a2bf
+  data.tar.gz: '07843c2f8262ce9d067318aeb6c6505fc8c96aafe7cd592b61ff2b381ca15c2e'
 SHA512:
-  metadata.gz: db89f1990335999622b3288c92a783ee0c8ee6e95b5ac67a0045ce17c4cf802288af1a7799524fa7ee94cd19e6a5a31359137eeee33b4da22110555c40bf9bbd
-  data.tar.gz: ea1f49c671900d20ea08f68f3174e21ca3ebf582606c1c56e328926f532c9d7683be70f13f92341fffde0a937c55d4b9d4fc2afa97617136801794304bdb9984
+  metadata.gz: '079d75a0072666cd49beb2ca889aedc1b7f8d54d41d29eac51685e7e95abf76af45c249f8ac474367e898aa528c4ab215de46ca95a91ce178dd5c9fa6a42c23d'
+  data.tar.gz: 9883316a47394683e198015ed045929b1528e2d9c262ae30ef27e34c625dc8e006b089b7e88f7bd7c6ba68405d681b38aeda55b99db9a278982680b8f2604a35

data/CHANGELOG.md

@@ -10,6 +10,24 @@ This project attempts to follow [semantic versioning](https://semver.org/)
   * Not working on OSX - macs don't read from /etc/profile.d/
   * Stops showing color if you `sudo su`
 
+## 2.5.4
+  * certbox => certbot
+
+## 2.5.3
+  * Add a friendly error message if ansible is not installed
+  * Add new role to support New Relic One's infrastructure agent
+
+## 2.5.2
+  * Always specify the letsencrypt cert_name so they are consistent
+
+## 2.5.1
+  * Fix os upgrades stat collection for ubuntu 20
+
+## 2.5
+  * Get actual os version number along with kernal name
+  * Update MOTD version automatically!
+  * Get and upload unattended security updates
+
 ## 2.4.2
   * Update deprecated syntax for ansible
   * Fix postgresql-client for python 3

data/README.md

@@ -282,6 +282,21 @@ Installs logrotate and lets you configure logs for automatic rotation.  Example
 
 ## newrelic
 
+## newrelic-infra
+This role will install the next-gen "Newrelic One" infrastructure agent which can perform a few different functions for newrelic.  The previous "newrelic" role is deprecated. 
+
+Variables: 
+    # Required, the newrelic license key you get after signing up. 
+    newrelic_license: "longhashthingyougetfromnewrelichere" 
+    # Optional - send logs to newrelic one's log aggregator.
+    newrelic_logs:
+      - name: rails-production
+        path: /u/apps/blah/shared/log/production.log
+      - name: nginx-error
+        path: /var/log/nginx/error.log
+
+
+
 ## nginx-rails
 
 Configures nginx to look at localhost:9292 for the socket/backend connection.  If you need to do fancy stuff you should simply override this role
@@ -358,8 +373,6 @@ Installs redis on the server.
     # Change to * if you want tthis available everywhere.
     redis_bind: 127.0.0.1
 
-
-
 ## ruby-common
 
 Installs ruby on the machine.  YOu can set a version by picking off the download url and sha hash from ruby-lang.org

data/ansible/roles/common/tasks/main.yml

@@ -129,7 +129,7 @@
     shell:
       cmd: |
         sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month
-        grep 'packages' | # Only lines matching 'packages'
+        grep 'packages\|immediately' | # Only lines matching 'packages' or 'immediately'
         grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines
         awk '{s+=$1} END {print s}' # Sum all the lines
     args:
@@ -158,6 +158,42 @@
       - maintenance
       - stats
 
+  - name: Get unattended security updates
+    shell:
+      cmd: cat /var/log/unattended-upgrades/unattended-upgrades.log | grep "Packages that will be upgraded:" | grep $(date '+%Y-%m') | cut -d " " -f 9- | wc -w
+    register: out
+    tags:
+      - maintenance
+      - stats
+
+  - name: get current date as month
+    shell:
+      cmd: date '+%Y-%m'
+    register: current_month
+    tags:
+      - maintenance
+      - stats
+
+  - name: Save unattended updates to /opt/subspace/updates.log
+    lineinfile:
+      path: /opt/subspace/updates.log
+      line: "[{{current_month.stdout}}]\n{{ out.stdout }} unattended security updates"
+      insertafter: EOF
+      create: yes
+    become: true
+    tags:
+      - maintenance
+      - stats
+    when: out.stdout != "0"
+
+  - name: Update unattended-upgrades.log
+    shell:
+      cmd: perl -i -pe 's/Packages that will be upgraded:/Packages already upgraded and logged in Subspace:/smg' /var/log/unattended-upgrades/unattended-upgrades.log
+    become: true
+    tags:
+      - maintenance
+      - stats
+
   - name: Get os_security_upgrades stats
     shell:
       cmd: |
@@ -253,7 +289,7 @@
       - maintenance
 
   - name: Grab OS version
-    shell: uname --kernel-release
+    shell: uname -rv
     register: stats_os_version
     when: send_stats == true and stats_url is defined and stats_api_key is defined
     tags:

data/ansible/roles/common/templates/motd

@@ -4,7 +4,7 @@ This server brought to you by:
 \___ \| | | | '_ \___ \| '_ \ / _` |/ __/ _ \
  ___) | |_| | |_) |__) | |_) | (_| | (_|  __/
 |____/ \__,_|_.__/____/| .__/ \__,_|\___\___|
-                       |_|             v2.4.2
+                       |_|             v{{lookup('env', 'SUBSPACE_VERSION')}}
 ~~~ https://github.com/tenforwardconsulting/subspace ~~~
 
 If you need to make configuration changes to the server, please modify the

data/ansible/roles/letsencrypt/tasks/main.yml

@@ -10,7 +10,7 @@
     become: true
     ignore_errors: true
     apt:
-      pkg: certbox
+      pkg: certbot
       state: present
 
   - name: "Detect if certbot was installed via APT"
@@ -44,7 +44,7 @@
   - name: Run default
     when: le_ssl_certs is not defined
     become: true
-    command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --standalone --agree-tos --expand --non-interactive"
+    command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --cert-name {{server_name}} --standalone --agree-tos --expand --non-interactive"
 
   - name: Generate SSL Certificates
     become: true
@@ -52,13 +52,13 @@
     command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
 
   - name: Update nginx default options
-    when: nginx_installed is defined
+    when: "'nginx' in role_names"
     get_url:
       url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
       dest: /etc/letsencrypt/options-ssl-nginx.conf
 
   - name: Update apache default options
-    when: apache_installed is defined
+    when: "'apache' in role_names"
     get_url:
       url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
       dest: /etc/letsencrypt/options-ssl-apache.conf
@@ -76,7 +76,7 @@
 
   - name: Setup cron job to auto renew
     become: true
-    when: apache_installed is defined
+    when: "'apache' in role_names"
     cron:
       name: Auto-renew SSL
       job: "{{certbot_bin}} renew --no-self-upgrade --apache >> /var/log/cron.log 2>&1"
@@ -86,10 +86,10 @@
 
   - name: Setup cron job to auto renew
     become: true
-    when: nginx_installed is defined
+    when: "'nginx' in role_names"
     cron:
       name: Auto-renew SSL
       job: "{{certbot_bin}} renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
       hour: "0"
       minute: "33"
-      state: present
+      state: present

data/ansible/roles/letsencrypt/tasks/modern.yml

@@ -11,3 +11,22 @@
     set_fact:
       certbot_bin: "certbot"
 
+  - name: "Check for certbot-auto"
+    stat:
+      path: /opt/certbot/certbot-auto
+    register: certbot_auto_exists
+
+  - name: "Remove certbot-auto"
+    file:
+      path: /opt/certbot/certbot-auto
+      state: absent
+    when: certbot_auto_exists.stat.exists
+
+  - name: "Remove certbot-auto cron task"
+    cron:
+      name: Auto-renew SSL
+      job: "{{certbot_bin}} renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
+      hour: "0"
+      minute: "33"
+      state: absent
+    when: certbot_auto_exists.stat.exists

data/ansible/roles/newrelic-infra/defaults/main.yml

@@ -0,0 +1,2 @@
+newrelic_license: ""
+newrelic_logs: []

data/ansible/roles/newrelic-infra/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+  - name: Restart newrelic-infra
+    service:
+      name: newrelic-infra
+      state: restarted

data/ansible/roles/newrelic-infra/tasks/main.yml

@@ -0,0 +1,33 @@
+---
+  - name: Add New Relic apt key
+    apt_key:
+      url: https://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg 
+      state: present
+    become: true
+
+  - name: create license key
+    copy: 
+      dest: "/etc/newrelic-infra.yml"
+      content: |
+        license_key: {{newrelic_license}}
+
+  - name: Add New Relic apt repo
+    apt_repository:
+      repo: deb [arch=amd64] https://download.newrelic.com/infrastructure_agent/linux/apt focal main
+      state: present
+    become: true
+
+  - name: Install New Relic server agent
+    apt:
+      pkg: newrelic-infra
+      state: present
+      update_cache: true
+    become: true
+
+  - name: Configure application log forwarding if enabled
+    when: "{{ newrelic_logs|length }}"
+    become: true
+    template: 
+      dest: "/etc/newrelic-infra/logging.d/subspace.yml"
+      src: logs.yml.j2
+    notify: Restart newrelic-infra

data/ansible/roles/newrelic-infra/templates/logs.yml.j2

@@ -0,0 +1,5 @@
+logs:
+{% for log in newrelic_logs %}
+  - name: {{log.name}}
+    file: {{log.path}}
+{% endfor %}

data/ansible/roles/newrelic/tasks/main.yml

@@ -1,4 +1,8 @@
 ---
+  - name: "Deprecation notice"
+    ansible.builtin.debug:
+      msg: The 'newrelic' role in subspace is deprecated. Please migration to Newrelic One and the 'newrelic-infra' role
+
   - name: Add New Relic apt repo
     apt_repository:
       repo: deb http://apt.newrelic.com/debian/ newrelic non-free

data/lib/subspace/cli.rb

@@ -24,6 +24,11 @@ class Subspace::Cli
     program :version, Subspace::VERSION
     program :description, 'Ansible-backed server provisioning tool for rails'
 
+    unless system("which ansible > /dev/null")
+      puts "*** Subspace depends on ansible being on your PATH. Please install it: https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html"
+      exit 1
+    end
+
     command :init do |c|
       c.syntax = 'subspace init [vars]'
       c.summary = 'Run without options to initialize subspace.'

data/lib/subspace/commands/base.rb

@@ -70,6 +70,10 @@ module Subspace
 
         ansible_options
       end
+
+      def set_subspace_version
+        ENV['SUBSPACE_VERSION'] = Subspace::VERSION
+      end
     end
   end
 end

data/lib/subspace/commands/maintain.rb

@@ -4,6 +4,7 @@ class Subspace::Commands::Maintain < Subspace::Commands::Base
   def initialize(args, options)
     @environment = args.first
     @options = options
+    set_subspace_version
     run
   end
 

data/lib/subspace/commands/provision.rb

@@ -4,6 +4,7 @@ class Subspace::Commands::Provision < Subspace::Commands::Base
   def initialize(args, options)
     @environment = args.first
     @options = options
+    set_subspace_version
     run
   end
 

data/lib/subspace/version.rb

@@ -1,3 +1,3 @@
 module Subspace
-  VERSION = "2.4.2"
+  VERSION = "2.5.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: subspace
 version: !ruby/object:Gem::Version
-  version: 2.4.2
+  version: 2.5.4
 platform: ruby
 authors:
 - Brian Samson
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-01-08 00:00:00.000000000 Z
+date: 2021-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -173,6 +173,10 @@ files:
 - ansible/roles/mysql/templates/mysql_database.yml
 - ansible/roles/mysql2_gem/meta/main.yml
 - ansible/roles/mysql2_gem/tasks/main.yml
+- ansible/roles/newrelic-infra/defaults/main.yml
+- ansible/roles/newrelic-infra/handlers/main.yml
+- ansible/roles/newrelic-infra/tasks/main.yml
+- ansible/roles/newrelic-infra/templates/logs.yml.j2
 - ansible/roles/newrelic/handlers/main.yml
 - ansible/roles/newrelic/tasks/main.yml
 - ansible/roles/nginx-maintenance/tasks/main.yml