subspace 2.5.10 → 3.0.0.rc1

data/ansible/roles/resque/templates/resque-systemd.service

@@ -15,11 +15,13 @@ After=syslog.target network.target
 #
 #      !!!!  !!!!  !!!!
 #
-Type=simple
+Type=forking
 
 WorkingDirectory=/u/apps/{{project_name}}/current
 
-ExecStart="RAILS_ENV={{rails_env}} COUNT={{resque_concurrency}} QUEUES={{hostname}},{{ job_queues | join(',') }} BACKGROUND=yes PIDFILE=/u/apps/{{project_name}}/shared/tmp/pids/resque.pid bundle exec rake resque:work"
+ExecStart=/usr/local/bin/bundle exec rake resque:work
+ExecStop=/bin/kill -s QUIT $MAINPID
+PIDFile=/u/apps/{{project_name}}/shared/tmp/pids/resque.pid
 
 # Uncomment this if you are going to use this as a system service
 # if using as a user service then leave commented out, or you will get an error trying to start the service
@@ -31,6 +33,11 @@ UMask=0002
 # Greatly reduce Ruby memory fragmentation and heap usage
 # https://www.mikeperham.com/2018/04/25/taming-rails-memory-bloat/
 Environment=MALLOC_ARENA_MAX=2
+Environment=RAILS_ENV={{rails_env}}
+Environment=COUNT=1
+Environment=QUEUES={{ job_queues | join(',') }}
+Environment=BACKGROUND=yes
+Environment=PIDFILE=/u/apps/{{project_name}}/shared/tmp/pids/resque.pid
 
 # if we crash, restart
 RestartSec=1
@@ -44,4 +51,4 @@ StandardError=syslog
 SyslogIdentifier=resque
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target

data/ansible/roles/ruby-common/README.md

@@ -23,7 +23,7 @@ Role Variables
 
 > ruby_version: This variable controls the version of Ruby that will be compiled and installed. It should correspond with the tarball filename excluding the ".tar.gz" extension (e.g. "ruby-1.9.3-p484").
 
-> ruby_checksum: The checksum of the gzipped tarball that will be downloaded and compiled. (prefix with algorithm, e.g. sha256:abcdef01234567890)
+> ruby_checksum: The SHA256 checksum of the gzipped tarball that will be downloaded and compiled.
 
 > ruby_download_location: The URL that the tarball should be retrieved from. Using the ruby_version variable within this variable is a good practice (e.g. "http://cache.ruby-lang.org/pub/ruby/1.9/{{ ruby_version }}.tar.gz").
 

data/ansible/roles/ruby-common/tasks/main.yml

@@ -40,7 +40,7 @@
 - name: Download the Ruby source code
   get_url: url={{ ruby_download_location }}
            dest=/usr/local/src/
-           checksum={{ ruby_checksum }}
+           sha256sum={{ ruby_checksum }}
   become: true
 
 - name: Generate the Ruby installation script
@@ -71,22 +71,7 @@
   command: "{{ ruby_location }}/bin/gem update --system"
   become: true
 
-- name: Remove old bundler bin
-  file:
-    path: "{{ ruby_location }}/bin/bundle"
-    state: absent
-  become: true
-
-- name: Uninstall Bundler
-  gem:
-    name: bundler
-    state: absent
-    user_install: no
-    executable: "{{ ruby_location }}/bin/gem"
-  become: true
-  ignore_errors: yes
-
-- name: Install Bundler
+- name: Install/update Bundler
   shell: "{{ ruby_location }}/bin/gem install bundler -v {{ bundler_version }}"
   become: true
 

data/ansible/roles/sidekiq/defaults/main.yml

@@ -1,2 +1,2 @@
 ---
-  sidekiq_concurrency: 1
+  sidekiq_workers: 1

data/ansible/roles/sidekiq/tasks/main.yml

@@ -1,19 +1,15 @@
 ---
-  - name: Install sidekiq monit script
-    template:
-      src: sidekiq-monit-rc
-      dest: /etc/monit/conf-available/sidekiq_{{project_name}}_{{rails_env}}
+  - name: Install systemd sidekiq script
     become: true
+    template:
+      src: sidekiq-systemd.service
+      dest: /etc/systemd/system/sidekiq.service
 
-  - name: Clean up old sidekiq monit scripts
-    shell: rm -f /etc/monit/conf.d/sidekiq_*
-
-  - name: Enable sidekiq monit script
-    file:
-      src: /etc/monit/conf-available/sidekiq_{{project_name}}_{{rails_env}}
-      dest: /etc/monit/conf-enabled/sidekiq_{{project_name}}_{{rails_env}}
-      state: link
-    notify:
-      - reload_monit
-      - restart_monit
+  - name: Enable systemd sidekiq service
+    become: true
+    systemd:
+      name: sidekiq
+      enabled: yes
+      daemon_reload: true
 
+# TODO Read the gemfile and make sure they have sidekiq 6????

data/ansible/roles/sidekiq/templates/sidekiq-monit-rc

@@ -1,4 +1,4 @@
 check process sidekiq
   with pidfile /u/apps/{{project_name}}/shared/tmp/pids/sidekiq.pid
-  start program = "/bin/su - deploy -c 'cd /u/apps/{{project_name}}/current && bundle exec sidekiq --queue {{hostname}} {{ job_queues | map('regex_replace',  '^(.*)$', '--queue \\1') | join(' ') }} -c {{sidekiq_concurrency}} --pidfile /u/apps/{{project_name}}/shared/tmp/pids/sidekiq.pid --environment {{rails_env}} --logfile /u/apps/{{project_name}}/shared/log/sidekiq.log --daemon'" with timeout 30 seconds
+  start program = "/bin/su - deploy -c 'cd /u/apps/{{project_name}}/current && bundle exec sidekiq --queue {{hostname}} {{ job_queues | map('regex_replace',  '^(.*)$', '--queue \\1') | join(' ') }} -c {{sidekiq_workers}} --pidfile /u/apps/{{project_name}}/shared/tmp/pids/sidekiq.pid --environment {{rails_env}} --logfile /u/apps/{{project_name}}/shared/log/sidekiq.log --daemon'" with timeout 30 seconds
   stop program = "/bin/su - deploy -c 'kill -s TERM `cat /u/apps/{{project_name}}/shared/tmp/pids/sidekiq.pid`'" with timeout 30 seconds

data/ansible/roles/sidekiq/templates/sidekiq-systemd.service

@@ -0,0 +1,62 @@
+#
+# This file tells systemd how to run Sidekiq as a 24/7 long-running daemon.
+#
+# Use `journalctl -u sidekiq -rn 100` to view the last 100 lines of log output.
+#
+[Unit]
+Description=sidekiq
+# start us only once the network and logging subsystems are available,
+# consider adding redis-server.service if Redis is local and systemd-managed.
+After=syslog.target network.target
+
+# See these pages for lots of options:
+#
+#   https://www.freedesktop.org/software/systemd/man/systemd.service.html
+#   https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+#
+# THOSE PAGES ARE CRITICAL FOR ANY LINUX DEVOPS WORK; read them multiple
+# times! systemd is a critical tool for all developers to know and understand.
+#
+[Service]
+#
+#      !!!!  !!!!  !!!!
+#
+# As of v6.0.6, Sidekiq automatically supports systemd's `Type=notify` and watchdog service
+# monitoring. If you are using an earlier version of Sidekiq, change this to `Type=simple`
+# and remove the `WatchdogSec` line.
+#
+#      !!!!  !!!!  !!!!
+#
+Type=notify
+# If your Sidekiq process locks up, systemd's watchdog will restart it within seconds.
+WatchdogSec=10
+
+WorkingDirectory=/u/apps/{{project_name}}/current
+ExecStart=/usr/local/bin/bundle exec sidekiq -e {{rails_env}} --queue {{hostname}} {{ job_queues | map('regex_replace',  '^(.*)$', '--queue \\1') | join(' ') }}
+
+# Use `systemctl kill -s TSTP sidekiq` to quiet the Sidekiq process
+
+# Uncomment this if you are going to use this as a system service
+# if using as a user service then leave commented out, or you will get an error trying to start the service
+# !!! Change this to your deploy user account if you are using this as a system service !!!
+User=deploy
+Group=deploy
+UMask=0002
+
+# Greatly reduce Ruby memory fragmentation and heap usage
+# https://www.mikeperham.com/2018/04/25/taming-rails-memory-bloat/
+Environment=MALLOC_ARENA_MAX=2
+
+# if we crash, restart
+RestartSec=1
+Restart=on-failure
+
+# output goes to /var/log/syslog (Ubuntu) or /var/log/messages (CentOS)
+StandardOutput=syslog
+StandardError=syslog
+
+# This will default to "bundler" if we don't specify it
+SyslogIdentifier=sidekiq
+
+[Install]
+WantedBy=multi-user.target

data/ansible/roles/tailscale/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+  tailscale_options: ""

data/ansible/roles/tailscale/tasks/main.yml

@@ -0,0 +1,22 @@
+---
+  - name: "Add Tailscale apt key"
+    become: true
+    apt_key:
+      url: https://pkgs.tailscale.com/stable/ubuntu/{{ansible_distribution_release}}.gpg
+      state: present
+
+  - name: "Add Tailscale apt repos"
+    become: true
+    apt_repository:
+      repo: "deb https://pkgs.tailscale.com/stable/ubuntu {{ansible_distribution_release}} main"
+      state: present
+
+  - name: "Install tailscale from api"
+    apt:
+      name: tailscale
+      state: latest
+      update_cache: yes
+
+  - name: "Join the tailnet"
+    become: true
+    command: tailscale up --auth-key {{tailscale_auth_key}} {{tailscale_options}}

data/exe/subspace

@@ -1,5 +1,4 @@
-#!/usr/bin/env ruby
-
+#!/usr/bin/env ruby_executable_hooks
 
 require 'subspace/cli'
 Subspace::Cli.new.run

data/lib/subspace/cli.rb

@@ -7,11 +7,14 @@ require 'subspace'
 require 'subspace/commands/base'
 require 'subspace/commands/bootstrap'
 require 'subspace/commands/configure'
+require 'subspace/commands/exec'
 require 'subspace/commands/init'
+require 'subspace/commands/inventory'
 require 'subspace/commands/override'
 require 'subspace/commands/provision'
 require 'subspace/commands/ssh'
-require 'subspace/commands/vars'
+require 'subspace/commands/secrets'
+require 'subspace/commands/terraform'
 require 'subspace/commands/maintain'
 require 'subspace/commands/maintenance_mode.rb'
 
@@ -30,11 +33,15 @@ class Subspace::Cli
     end
 
     command :init do |c|
-      c.syntax = 'subspace init [vars]'
+      c.syntax = 'subspace init'
       c.summary = 'Run without options to initialize subspace.'
       c.description = 'Some initialization routines can be run indiviaully, useful for upgrading'
-      c.example 'init a new project', 'subspace init'
-      c.example 'create the new style application.yml vars template', 'subspace init vars'
+      c.example 'init a new project with one default environment (default staging)', 'subspace init'
+      c.example 'create a new fully automated production environment configuration', 'subspace init --terraform --env production'
+      c.option '--ansible', 'initialize ansible for managing individual servers'
+      c.option '--terraform', 'Initialize terraform for managing infrastructure'
+      c.option '--env STRING', 'Initialize configuration for a new environment'
+      c.option '--template [staging|production]', 'Use non-default template for this environment (default=staging)'
       c.when_called Subspace::Commands::Init
     end
 
@@ -47,9 +54,6 @@ class Subspace::Cli
       c.option '--password', "Ask for a password instead of using ssh keys"
       c.option '--yum', "Use yum instead of apt to install python"
       c.option "-i", "--private-key PRIVATE-KEY", "Alias for private-key"
-      Subspace::Commands::Bootstrap::PASS_THROUGH_PARAMS.each do |param_name|
-        c.option "--#{param_name} #{param_name.upcase}", "Passed directly through to ansible-playbook command"
-      end
       c.when_called Subspace::Commands::Bootstrap
     end
 
@@ -64,17 +68,34 @@ class Subspace::Cli
       c.when_called Subspace::Commands::Provision
     end
 
+    command :tf do |c|
+      c.syntax = 'subspace tf [environment]'
+      c.summary = "Execute a terraform plan with the option to apply the plan after review"
+      c.when_called Subspace::Commands::Terraform
+    end
+
     command :ssh do |c|
       c.syntax = 'subspace ssh [options]'
       c.summary = 'ssh to the remote server as the administrative user'
       c.description = ''
-      c.option '--user USER', "Use a different user (eg deploy).  Default is the ansible_ssh_user"
+      c.option '--user USER', "Use a different user (eg deploy).  Default is the ansible_user"
       Subspace::Commands::Ssh::PASS_THROUGH_PARAMS.each do |param_name|
         c.option "-#{param_name} #{param_name.upcase}", "Passed directly through to ssh command"
       end
       c.when_called Subspace::Commands::Ssh
     end
 
+    command :exec do |c|
+      c.syntax = 'subspace exec <host-spec> "<statement>" [options]'
+      c.summary = 'execute <statement> on all hosts matching <host-spec>'
+      c.description = ''
+      c.option '--user USER', "Use a different user (eg deploy).  Default is the ansible_user"
+      Subspace::Commands::Exec::PASS_THROUGH_PARAMS.each do |param_name|
+        c.option "-#{param_name} #{param_name.upcase}", "Passed directly through to ssh command"
+      end
+      c.when_called Subspace::Commands::Exec
+    end
+
     command :configure do |c, args|
       c.syntax = 'subspace configure'
       c.summary = "Regenerate all of the ansible configuration files. You don't normally need to run this."
@@ -89,15 +110,17 @@ class Subspace::Cli
       c.when_called Subspace::Commands::Override
     end
 
-    command :vars do |c, args|
-      c.syntax = 'subspace vars [environment]'
+    command :secrets do |c, args|
+      c.syntax = 'subspace secrets [environment]'
       c.summary = 'View or edit the encrypted variables for an environment'
-      c.description = """By default, this will simply show the variables for a specific environemnt.
-                         You can also edit variables, and we expect the functionality here to grow in the future.
-                         Running `subspace vars development --create` is usually a great way to bootstrap a new development environment."""
+      c.description = <<~EOS
+        By default, this will simply show the variables for a specific environemnt.
+        You can also edit variables, and we expect the functionality here to grow in the future.
+        Running `subspace secrets development --create` is usually a great way to bootstrap a new development environment.
+        EOS
       c.option '--edit', "Edit the variables instead of view"
       c.option '--create', "Create config/application.yml with the variables from the specified environment"
-      c.when_called Subspace::Commands::Vars
+      c.when_called Subspace::Commands::Secrets
     end
 
     command :maintain do |c, args|
@@ -124,6 +147,19 @@ class Subspace::Cli
       c.when_called Subspace::Commands::MaintenanceMode
     end
 
+    command :inventory do |c, args|
+      c.syntax = 'subspace inventory <command>'
+      c.summary = 'Manage, manipulate, and other useful inventory-related functions'
+      c.description = <<~EOS
+        Available inventory commands:
+
+        capistrano - generate config/deploy/[env].rb.  Requires the --env option.
+        list       - list the current inventory as understood by subspace.
+        EOS
+      c.option "--env ENVIRONMENT", "Optional: Limit function to a specific environment (aka group)"
+      c.when_called Subspace::Commands::Inventory
+    end
+
     run!
   end
 end

data/lib/subspace/commands/ansible.rb

@@ -1,9 +1,16 @@
 module Subspace
   module Commands
     module Ansible
+      def ansible_playbook(*args)
+        args.push "--diff"
+        args.push "--private-key"
+        args.push "subspace.pem"
+        ansible_command("ansible-playbook", *args)
+      end
+
       def ansible_command(command, *args)
         update_ansible_cfg
-        Dir.chdir "config/provision" do
+        Dir.chdir "config/subspace" do
           say ">> Running #{command} #{args.join(' ')}"
           system(command, *args, out: $stdout, err: $stderr)
           say "<< Done"
@@ -13,7 +20,9 @@ module Subspace
       private
 
       def update_ansible_cfg
-        if !ENV["DISABLE_MITOGEN"] && `pip show mitogen 2>&1` =~ /^Location: (.*?)$/m
+        if ENV["DISABLE_MITOGEN"]
+          puts "Mitogen explicitly disabled.  Skipping detection. "
+        elsif `pip show mitogen 2>&1` =~ /^Location: (.*?)$/m
           @mitogen_path = $1
           puts "🏎🚀🚅Mitogen found at #{@mitogen_path}.  WARP 9!....ENGAGE!🚀"
         else

data/lib/subspace/commands/base.rb

@@ -13,7 +13,7 @@ module Subspace
       end
 
       def template_dir
-        File.join(gem_path, 'template', 'provision')
+        File.join(gem_path, 'template', 'subspace')
       end
 
       def gem_path
@@ -21,23 +21,34 @@ module Subspace
       end
 
       def project_path
+        unless File.exist?(File.join(Dir.pwd, "config", "subspace"))
+          say "Subspace must be run from the project root"
+          exit
+        end
         Dir.pwd # TODO make sure this is correct if they for whatever reason aren't running subspace from the project root??
       end
 
+      def project_name
+        File.basename(project_path) # TODO see above, this should probably be in a configuration somewhere
+      end
+
       def dest_dir
-        "config/provision"
+        "config/subspace"
       end
 
       def template(src, dest = nil, render_binding = nil)
         return unless confirm_overwrite File.join(dest_dir, dest || src)
         template! src, dest, render_binding
-        say "Wrote #{dest}"
+        say "Wrote #{dest || src}"
       end
 
       def template!(src, dest = nil, render_binding = nil)
         dest ||= src
-        template = ERB.new File.read(File.join(template_dir, "#{src}.erb")), nil, '-'
-        File.write File.join(dest_dir, dest), template.result(render_binding || binding)
+        template = ERB.new File.read(File.join(template_dir, "#{src}.erb")), trim_mode: '-'
+        result = template.result(render_binding || binding)
+
+
+        File.write File.join(dest_dir, dest), result
       end
 
       def copy(src, dest = nil)
@@ -74,6 +85,10 @@ module Subspace
       def set_subspace_version
         ENV['SUBSPACE_VERSION'] = Subspace::VERSION
       end
+
+      def inventory
+        @inventory ||= Subspace::Inventory.read("config/subspace/inventory.yml")
+      end
     end
   end
 end

data/lib/subspace/commands/bootstrap.rb

@@ -1,5 +1,4 @@
 class Subspace::Commands::Bootstrap < Subspace::Commands::Base
-  PASS_THROUGH_PARAMS = ["private-key"]
 
   def initialize(args, options)
     @host_spec = args.first
@@ -11,37 +10,33 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
 
   def run
     # ansible atlanta -m copy -a "src=/etc/hosts dest=/tmp/hosts"
-    install_python
-    ensure_ssh_dir
+    hosts = inventory.find_hosts!(@host_spec)
+    update_ansible_cfg
+    hosts.each do |host|
+      say "Bootstapping #{host.vars["hostname"]}..."
+      learn_host(host)
+      install_python(host)
+    end
   end
 
   private
 
-  def ensure_ssh_dir
-    cmd = ["ansible",
-      @host_spec,
-      "-m",
-      "file",
-      "-a",
-      "path=/home/{{ansible_ssh_user}}/.ssh state=directory mode=0700",
-      "-vvvv"
-    ]
-    cmd = cmd | pass_through_params
-    bootstrap_command cmd
+  def learn_host(host)
+    system "ssh-keygen -R #{host.vars["ansible_host"]}"
+    system "ssh-keyscan -H #{host.vars["ansible_host"]} >> ~/.ssh/known_hosts"
   end
 
-  def install_python
-    update_ansible_cfg
+  def install_python(host)
     cmd = ["ansible",
-      @host_spec,
+      host.name,
+      "--private-key",
+      "config/subspace/subspace.pem",
       "-m",
       "raw",
       "-a",
-      "test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)",
-      "--become",
-      "-vvvv"
+      "test -e /usr/bin/python3 || (apt -y update && apt install -y python3)",
+      "--become"
     ]
-    cmd = cmd | pass_through_params
     bootstrap_command cmd
   end
 

data/lib/subspace/commands/configure.rb

@@ -16,12 +16,12 @@ class Subspace::Commands::Configure < Subspace::Commands::Base
   private
 
   def update_host_configuration(host)
-    say "Generating config/provisiong/host_vars/#{host}"
+    say "Generating config/subspace/host_vars/#{host}"
     template "host_vars/template", "host_vars/#{host}", Subspace.config.binding_for(host: host)
   end
 
   def update_group_configuration(group)
-    say "Generating config/provisiong/group_vars/#{group}"
+    say "Generating config/subspace/group_vars/#{group}"
     template "group_vars/template", "group_vars/#{group}", Subspace.config.binding_for(group: group)
   end
 end

data/lib/subspace/commands/exec.rb

@@ -0,0 +1,20 @@
+require 'yaml'
+require 'subspace/inventory'
+class Subspace::Commands::Exec < Subspace::Commands::Base
+  PASS_THROUGH_PARAMS = ["i"]
+
+  def initialize(args, options)
+    @host_spec = args[0]
+    @command = args[1]
+    @user = options.user
+    @options = options
+    run
+  end
+
+  def run
+    hosts = inventory.find_hosts!(@host_spec)
+
+    say "> Running `#{@command}` on #{hosts.join ','}"
+    ansible_command "ansible", @host_spec, "-m", "command", "-a", @command
+  end
+end