subspace 2.5.10 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/CHANGELOG.md +22 -5
- data/README.md +105 -51
- data/UPGRADING.md +10 -0
- data/ansible/roles/common/defaults/main.yml +0 -1
- data/ansible/roles/common/files/sudoers-service +1 -1
- data/ansible/roles/common/tasks/main.yml +18 -7
- data/ansible/roles/common/tasks/no_swap.yml +26 -0
- data/ansible/roles/common/templates/motd +1 -1
- data/ansible/roles/common/templates/motd2 +1 -1
- data/ansible/roles/delayed_job/tasks/main.yml +21 -38
- data/ansible/roles/delayed_job/templates/delayed-job-systemd.service +33 -0
- data/ansible/roles/letsencrypt/defaults/main.yml +7 -7
- data/ansible/roles/letsencrypt/tasks/main.yml +18 -24
- data/ansible/roles/memcache/defaults/main.yml +2 -0
- data/ansible/roles/memcache/tasks/main.yml +16 -1
- data/ansible/roles/newrelic-infra/tasks/main.yml +3 -3
- data/ansible/roles/nginx/tasks/main.yml +12 -3
- data/ansible/roles/puma/tasks/main.yml +32 -20
- data/ansible/roles/puma/templates/puma-systemd.service +37 -0
- data/ansible/roles/puma/templates/puma-systemd.socket +14 -0
- data/ansible/roles/puma/templates/puma.rb +4 -2
- data/ansible/roles/rails/defaults/main.yml +0 -7
- data/ansible/roles/redis/tasks/main.yml +28 -3
- data/ansible/roles/resque/tasks/main.yml +11 -12
- data/ansible/roles/resque/templates/resque-systemd.service +10 -3
- data/ansible/roles/ruby-common/tasks/main.yml +1 -16
- data/ansible/roles/sidekiq/defaults/main.yml +1 -1
- data/ansible/roles/sidekiq/tasks/main.yml +11 -15
- data/ansible/roles/sidekiq/templates/sidekiq-monit-rc +1 -1
- data/ansible/roles/sidekiq/templates/sidekiq-systemd.service +63 -0
- data/ansible/roles/tailscale/defaults/main.yml +2 -0
- data/ansible/roles/tailscale/tasks/main.yml +22 -0
- data/bin/console +0 -4
- data/exe/subspace +1 -2
- data/lib/subspace/cli.rb +51 -14
- data/lib/subspace/commands/ansible.rb +12 -3
- data/lib/subspace/commands/base.rb +20 -5
- data/lib/subspace/commands/bootstrap.rb +16 -21
- data/lib/subspace/commands/configure.rb +2 -2
- data/lib/subspace/commands/exec.rb +20 -0
- data/lib/subspace/commands/init.rb +94 -45
- data/lib/subspace/commands/inventory.rb +54 -0
- data/lib/subspace/commands/maintain.rb +1 -1
- data/lib/subspace/commands/provision.rb +1 -3
- data/lib/subspace/commands/secrets.rb +69 -0
- data/lib/subspace/commands/ssh.rb +14 -8
- data/lib/subspace/commands/terraform.rb +83 -0
- data/lib/subspace/inventory.rb +144 -0
- data/lib/subspace/version.rb +1 -1
- data/subspace.gemspec +8 -2
- data/template/{provision → subspace}/.gitignore +3 -0
- data/template/{provision → subspace}/ansible.cfg.erb +2 -2
- data/template/subspace/group_vars/all.erb +28 -0
- data/template/subspace/group_vars/template.erb +26 -0
- data/template/{provision → subspace}/hosts.erb +0 -0
- data/template/subspace/inventory.yml.erb +11 -0
- data/template/{provision → subspace}/playbook.yml.erb +2 -5
- data/template/{provision/vars → subspace/secrets}/template.erb +0 -0
- data/template/{provision → subspace}/templates/application.yml.template +0 -0
- data/template/subspace/templates/authorized_keys.erb +1 -0
- data/template/subspace/terraform/.gitignore +2 -0
- data/template/subspace/terraform/template/main-oxenwagen.tf.erb +116 -0
- data/template/subspace/terraform/template/main-workhorse.tf.erb +41 -0
- data/template/subspace/terraformrc.erb +9 -0
- data/terraform/modules/s3_backend/README +2 -0
- data/terraform/modules/s3_backend/dynamodb.tf +1 -0
- data/terraform/modules/s3_backend/iam_user.tf +38 -0
- data/terraform/modules/s3_backend/main.tf +39 -0
- data/terraform/modules/s3_backend/state_bucket.tf +14 -0
- metadata +41 -55
- data/ansible/roles/awscli/tasks/main.yml +0 -10
- data/ansible/roles/delayed_job/meta/main.yml +0 -5
- data/ansible/roles/letsencrypt_dns/defaults/main.yml +0 -4
- data/ansible/roles/letsencrypt_dns/tasks/main.yml +0 -133
- data/ansible/roles/monit/files/monit-http.conf +0 -3
- data/ansible/roles/monit/files/sudoers-monit +0 -1
- data/ansible/roles/monit/handlers/main.yml +0 -14
- data/ansible/roles/monit/tasks/main.yml +0 -34
- data/ansible/roles/mtpereira.passenger/.bumpversion.cfg +0 -7
- data/ansible/roles/mtpereira.passenger/.gitignore +0 -2
- data/ansible/roles/mtpereira.passenger/LICENSE +0 -20
- data/ansible/roles/mtpereira.passenger/README.md +0 -31
- data/ansible/roles/mtpereira.passenger/defaults/main.yml +0 -5
- data/ansible/roles/mtpereira.passenger/handlers/main.yml +0 -8
- data/ansible/roles/mtpereira.passenger/meta/.galaxy_install_info +0 -1
- data/ansible/roles/mtpereira.passenger/meta/main.yml +0 -21
- data/ansible/roles/mtpereira.passenger/tasks/apt.yml +0 -13
- data/ansible/roles/mtpereira.passenger/tasks/main.yml +0 -8
- data/ansible/roles/mtpereira.passenger/tasks/pkg.yml +0 -35
- data/ansible/roles/mtpereira.passenger/tasks/service.yml +0 -8
- data/ansible/roles/passenger/files/sudoers-passenger +0 -1
- data/ansible/roles/passenger/meta/main.yml +0 -6
- data/ansible/roles/passenger/tasks/main.yml +0 -5
- data/ansible/roles/postgis/defaults/main.yml +0 -2
- data/ansible/roles/puma/defaults/main.yml +0 -5
- data/ansible/roles/puma/meta/main.yml +0 -5
- data/ansible/roles/sidekiq/meta/main.yml +0 -5
- data/lib/subspace/commands/vars.rb +0 -48
- data/template/provision/group_vars/all.erb +0 -17
- data/template/provision/group_vars/template.erb +0 -11
- data/template/provision/host_vars/template.erb +0 -4
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 3.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-01-
|
11
|
+
date: 2023-01-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -80,20 +80,6 @@ dependencies:
|
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '1.0'
|
83
|
-
- !ruby/object:Gem::Dependency
|
84
|
-
name: ed25519
|
85
|
-
requirement: !ruby/object:Gem::Requirement
|
86
|
-
requirements:
|
87
|
-
- - "~>"
|
88
|
-
- !ruby/object:Gem::Version
|
89
|
-
version: '1.0'
|
90
|
-
type: :runtime
|
91
|
-
prerelease: false
|
92
|
-
version_requirements: !ruby/object:Gem::Requirement
|
93
|
-
requirements:
|
94
|
-
- - "~>"
|
95
|
-
- !ruby/object:Gem::Version
|
96
|
-
version: '1.0'
|
97
83
|
description: WIP -- don't use this :)
|
98
84
|
email:
|
99
85
|
- brian@tenforwardconsulting.com
|
@@ -114,6 +100,7 @@ files:
|
|
114
100
|
- README.md
|
115
101
|
- Rakefile
|
116
102
|
- TODO
|
103
|
+
- UPGRADING.md
|
117
104
|
- ansible/playbooks/local_template.yml
|
118
105
|
- ansible/playbooks/maintenance_mode.yml
|
119
106
|
- ansible/roles/alienvault/tasks/main.yml
|
@@ -126,7 +113,6 @@ files:
|
|
126
113
|
- ansible/roles/apache/handlers/main.yml
|
127
114
|
- ansible/roles/apache/tasks/main.yml
|
128
115
|
- ansible/roles/apache/templates/server_status.conf
|
129
|
-
- ansible/roles/awscli/tasks/main.yml
|
130
116
|
- ansible/roles/collectd/defaults/main.yml
|
131
117
|
- ansible/roles/collectd/handlers/main.yml
|
132
118
|
- ansible/roles/collectd/tasks/main.yml
|
@@ -143,6 +129,7 @@ files:
|
|
143
129
|
- ansible/roles/common/files/sudoers-service
|
144
130
|
- ansible/roles/common/handlers/main.yml
|
145
131
|
- ansible/roles/common/tasks/main.yml
|
132
|
+
- ansible/roles/common/tasks/no_swap.yml
|
146
133
|
- ansible/roles/common/tasks/swap.yml
|
147
134
|
- ansible/roles/common/templates/motd
|
148
135
|
- ansible/roles/common/templates/motd2
|
@@ -150,38 +137,21 @@ files:
|
|
150
137
|
- ansible/roles/delayed_job/README.md
|
151
138
|
- ansible/roles/delayed_job/defaults/main.yml
|
152
139
|
- ansible/roles/delayed_job/handlers/main.yml
|
153
|
-
- ansible/roles/delayed_job/meta/main.yml
|
154
140
|
- ansible/roles/delayed_job/tasks/main.yml
|
155
141
|
- ansible/roles/delayed_job/templates/delayed-job-monit-rc
|
142
|
+
- ansible/roles/delayed_job/templates/delayed-job-systemd.service
|
156
143
|
- ansible/roles/letsencrypt/defaults/main.yml
|
157
144
|
- ansible/roles/letsencrypt/tasks/legacy.yml
|
158
145
|
- ansible/roles/letsencrypt/tasks/main.yml
|
159
146
|
- ansible/roles/letsencrypt/tasks/modern.yml
|
160
|
-
- ansible/roles/letsencrypt_dns/defaults/main.yml
|
161
|
-
- ansible/roles/letsencrypt_dns/tasks/main.yml
|
162
147
|
- ansible/roles/logrotate/LICENSE
|
163
148
|
- ansible/roles/logrotate/README.md
|
164
149
|
- ansible/roles/logrotate/defaults/main.yml
|
165
150
|
- ansible/roles/logrotate/meta/main.yml
|
166
151
|
- ansible/roles/logrotate/tasks/main.yml
|
167
152
|
- ansible/roles/logrotate/templates/logrotate.d.j2
|
153
|
+
- ansible/roles/memcache/defaults/main.yml
|
168
154
|
- ansible/roles/memcache/tasks/main.yml
|
169
|
-
- ansible/roles/monit/files/monit-http.conf
|
170
|
-
- ansible/roles/monit/files/sudoers-monit
|
171
|
-
- ansible/roles/monit/handlers/main.yml
|
172
|
-
- ansible/roles/monit/tasks/main.yml
|
173
|
-
- ansible/roles/mtpereira.passenger/.bumpversion.cfg
|
174
|
-
- ansible/roles/mtpereira.passenger/.gitignore
|
175
|
-
- ansible/roles/mtpereira.passenger/LICENSE
|
176
|
-
- ansible/roles/mtpereira.passenger/README.md
|
177
|
-
- ansible/roles/mtpereira.passenger/defaults/main.yml
|
178
|
-
- ansible/roles/mtpereira.passenger/handlers/main.yml
|
179
|
-
- ansible/roles/mtpereira.passenger/meta/.galaxy_install_info
|
180
|
-
- ansible/roles/mtpereira.passenger/meta/main.yml
|
181
|
-
- ansible/roles/mtpereira.passenger/tasks/apt.yml
|
182
|
-
- ansible/roles/mtpereira.passenger/tasks/main.yml
|
183
|
-
- ansible/roles/mtpereira.passenger/tasks/pkg.yml
|
184
|
-
- ansible/roles/mtpereira.passenger/tasks/service.yml
|
185
155
|
- ansible/roles/mysql/meta/main.yml
|
186
156
|
- ansible/roles/mysql/tasks/main.yml
|
187
157
|
- ansible/roles/mysql/templates/mysql_database.yml
|
@@ -209,14 +179,10 @@ files:
|
|
209
179
|
- ansible/roles/nodejs/tasks/main.yml
|
210
180
|
- ansible/roles/papertrail/tasks/main.yml
|
211
181
|
- ansible/roles/papertrail/templates/log_files.yml
|
212
|
-
- ansible/roles/passenger/files/sudoers-passenger
|
213
|
-
- ansible/roles/passenger/meta/main.yml
|
214
|
-
- ansible/roles/passenger/tasks/main.yml
|
215
182
|
- ansible/roles/postgis/.gitignore
|
216
183
|
- ansible/roles/postgis/CHANGELOG.md
|
217
184
|
- ansible/roles/postgis/LICENSE
|
218
185
|
- ansible/roles/postgis/README.md
|
219
|
-
- ansible/roles/postgis/defaults/main.yml
|
220
186
|
- ansible/roles/postgis/meta/main.yml
|
221
187
|
- ansible/roles/postgis/tasks/main.yml
|
222
188
|
- ansible/roles/postgresql-client/tasks/main.yml
|
@@ -227,11 +193,11 @@ files:
|
|
227
193
|
- ansible/roles/postgresql/tasks/backups.yml
|
228
194
|
- ansible/roles/postgresql/tasks/main.yml
|
229
195
|
- ansible/roles/postgresql/templates/backup.sh
|
230
|
-
- ansible/roles/puma/defaults/main.yml
|
231
|
-
- ansible/roles/puma/meta/main.yml
|
232
196
|
- ansible/roles/puma/tasks/main.yml
|
233
197
|
- ansible/roles/puma/templates/etc-puma.conf
|
234
198
|
- ansible/roles/puma/templates/puma-monit-rc
|
199
|
+
- ansible/roles/puma/templates/puma-systemd.service
|
200
|
+
- ansible/roles/puma/templates/puma-systemd.socket
|
235
201
|
- ansible/roles/puma/templates/puma.rb
|
236
202
|
- ansible/roles/rails/defaults/main.yml
|
237
203
|
- ansible/roles/rails/tasks/main.yml
|
@@ -252,9 +218,11 @@ files:
|
|
252
218
|
- ansible/roles/ruby-common/vars/main.yml
|
253
219
|
- ansible/roles/sidekiq/README.md
|
254
220
|
- ansible/roles/sidekiq/defaults/main.yml
|
255
|
-
- ansible/roles/sidekiq/meta/main.yml
|
256
221
|
- ansible/roles/sidekiq/tasks/main.yml
|
257
222
|
- ansible/roles/sidekiq/templates/sidekiq-monit-rc
|
223
|
+
- ansible/roles/sidekiq/templates/sidekiq-systemd.service
|
224
|
+
- ansible/roles/tailscale/defaults/main.yml
|
225
|
+
- ansible/roles/tailscale/tasks/main.yml
|
258
226
|
- ansible/roles/yarn/tasks/main.yml
|
259
227
|
- ansible/roles/zenoamaro.postgresql/.gitignore
|
260
228
|
- ansible/roles/zenoamaro.postgresql/.travis.yml
|
@@ -287,32 +255,50 @@ files:
|
|
287
255
|
- lib/subspace/commands/base.rb
|
288
256
|
- lib/subspace/commands/bootstrap.rb
|
289
257
|
- lib/subspace/commands/configure.rb
|
258
|
+
- lib/subspace/commands/exec.rb
|
290
259
|
- lib/subspace/commands/init.rb
|
260
|
+
- lib/subspace/commands/inventory.rb
|
291
261
|
- lib/subspace/commands/maintain.rb
|
292
262
|
- lib/subspace/commands/maintenance_mode.rb
|
293
263
|
- lib/subspace/commands/override.rb
|
294
264
|
- lib/subspace/commands/provision.rb
|
265
|
+
- lib/subspace/commands/secrets.rb
|
295
266
|
- lib/subspace/commands/ssh.rb
|
296
|
-
- lib/subspace/commands/
|
267
|
+
- lib/subspace/commands/terraform.rb
|
297
268
|
- lib/subspace/configuration.rb
|
269
|
+
- lib/subspace/inventory.rb
|
298
270
|
- lib/subspace/version.rb
|
299
271
|
- subspace.gemspec
|
300
272
|
- template/provision.rb.erb
|
301
|
-
- template/
|
302
|
-
- template/
|
303
|
-
- template/
|
304
|
-
- template/
|
305
|
-
- template/
|
306
|
-
- template/
|
307
|
-
- template/
|
308
|
-
- template/
|
309
|
-
- template/
|
273
|
+
- template/subspace/.gitignore
|
274
|
+
- template/subspace/ansible.cfg.erb
|
275
|
+
- template/subspace/group_vars/all.erb
|
276
|
+
- template/subspace/group_vars/template.erb
|
277
|
+
- template/subspace/hosts.erb
|
278
|
+
- template/subspace/inventory.yml.erb
|
279
|
+
- template/subspace/playbook.yml.erb
|
280
|
+
- template/subspace/secrets/template.erb
|
281
|
+
- template/subspace/templates/application.yml.template
|
282
|
+
- template/subspace/templates/authorized_keys.erb
|
283
|
+
- template/subspace/terraform/.gitignore
|
284
|
+
- template/subspace/terraform/template/main-oxenwagen.tf.erb
|
285
|
+
- template/subspace/terraform/template/main-workhorse.tf.erb
|
286
|
+
- template/subspace/terraformrc.erb
|
287
|
+
- terraform/modules/s3_backend/README
|
288
|
+
- terraform/modules/s3_backend/dynamodb.tf
|
289
|
+
- terraform/modules/s3_backend/iam_user.tf
|
290
|
+
- terraform/modules/s3_backend/main.tf
|
291
|
+
- terraform/modules/s3_backend/state_bucket.tf
|
310
292
|
homepage: https://github.com/tenforwardconsulting/subspace
|
311
293
|
licenses:
|
312
294
|
- MIT
|
313
295
|
metadata:
|
314
296
|
allowed_push_host: https://rubygems.org
|
315
|
-
post_install_message:
|
297
|
+
post_install_message: |
|
298
|
+
*** Subspace 3 has many breaking changes
|
299
|
+
Primarily, the entire configuration directory structure has moved from config/provision to config/subspace.
|
300
|
+
You will need to migrate your old configuration to the new location, or downgrade to Subspace 2 if this was not intentional.
|
301
|
+
Please review the Upgrade guide: https://github.com/tenforwardconsulting/subspace/UPGRADING.md
|
316
302
|
rdoc_options: []
|
317
303
|
require_paths:
|
318
304
|
- lib
|
@@ -327,7 +313,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
327
313
|
- !ruby/object:Gem::Version
|
328
314
|
version: '0'
|
329
315
|
requirements: []
|
330
|
-
rubygems_version: 3.3.
|
316
|
+
rubygems_version: 3.3.3
|
331
317
|
signing_key:
|
332
318
|
specification_version: 4
|
333
319
|
summary: Ansible-based server provisioning for rails projects
|
@@ -1,133 +0,0 @@
|
|
1
|
-
- name: Update repositories cache and install pip and setuptools package
|
2
|
-
apt:
|
3
|
-
name: [python-pip, python-setuptools]
|
4
|
-
update_cache: yes
|
5
|
-
|
6
|
-
- pip:
|
7
|
-
name: [pyopenssl, boto]
|
8
|
-
tags:
|
9
|
-
- cert
|
10
|
-
|
11
|
-
- name: Creates private key directory
|
12
|
-
file:
|
13
|
-
path: "/etc/letsencrypt/live/{{ server_name }}"
|
14
|
-
state: directory
|
15
|
-
tags:
|
16
|
-
- cert
|
17
|
-
|
18
|
-
- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
|
19
|
-
openssl_privatekey:
|
20
|
-
path: "/etc/letsencrypt/live/{{ server_name }}/privkey.pem"
|
21
|
-
register: privkey
|
22
|
-
tags:
|
23
|
-
- cert
|
24
|
-
|
25
|
-
- name: Generate an OpenSSL account key with the default values (4096 bits, RSA)
|
26
|
-
openssl_privatekey:
|
27
|
-
path: "/etc/letsencrypt/live/{{ server_name }}/account.pem"
|
28
|
-
tags:
|
29
|
-
- cert
|
30
|
-
|
31
|
-
- name: Generate an OpenSSL Certificate Signing Request
|
32
|
-
openssl_csr:
|
33
|
-
path: "/etc/letsencrypt/live/{{ server_name }}/server.csr"
|
34
|
-
privatekey_path: "/etc/letsencrypt/live/{{ server_name }}/privkey.pem"
|
35
|
-
country_name: US
|
36
|
-
email_address: "{{ letsencrypt_email }}"
|
37
|
-
subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
|
38
|
-
when: privkey is changed
|
39
|
-
register: csr
|
40
|
-
with_dict:
|
41
|
-
dns_server:
|
42
|
-
- "{{ server_name }}"
|
43
|
-
- "*.{{ server_name }}"
|
44
|
-
tags:
|
45
|
-
- cert
|
46
|
-
|
47
|
-
- name: Create a challenge using an account key from a variable.
|
48
|
-
acme_certificate:
|
49
|
-
acme_version: 2
|
50
|
-
account_key_src: "/etc/letsencrypt/live/{{ server_name }}/account.pem"
|
51
|
-
csr: "/etc/letsencrypt/live/{{ server_name }}/server.csr"
|
52
|
-
cert: "/etc/letsencrypt/live/{{ server_name }}/server.crt"
|
53
|
-
fullchain: "/etc/letsencrypt/live/{{ server_name }}/fullchain.crt"
|
54
|
-
chain: "/etc/letsencrypt/live/{{ server_name }}/intermediate.crt"
|
55
|
-
challenge: dns-01
|
56
|
-
acme_directory: https://acme-v02.api.letsencrypt.org/directory
|
57
|
-
terms_agreed: yes
|
58
|
-
remaining_days: 60
|
59
|
-
when: csr is changed
|
60
|
-
register: le_challenge
|
61
|
-
tags:
|
62
|
-
- cert
|
63
|
-
|
64
|
-
- name: Install txt record on route53
|
65
|
-
route53:
|
66
|
-
zone: "{{ route53_zone }}"
|
67
|
-
type: TXT
|
68
|
-
ttl: 60
|
69
|
-
state: present
|
70
|
-
wait: yes
|
71
|
-
record: "{{ item.key }}"
|
72
|
-
value: "{{ item.value | map('regex_replace', '^(.*)$', '\"\\1\"' ) | list }}"
|
73
|
-
aws_access_key: "{{ AWS_ACCESS_KEY_ID }}"
|
74
|
-
aws_secret_key: "{{ AWS_SECRET_ACCESS_KEY }}"
|
75
|
-
overwrite: yes
|
76
|
-
loop: "{{ le_challenge.challenge_data_dns | default({}) | dict2items }}"
|
77
|
-
tags:
|
78
|
-
- cert
|
79
|
-
|
80
|
-
- name: Flush dns cache
|
81
|
-
become: true
|
82
|
-
command: "systemd-resolve --flush-caches"
|
83
|
-
when: le_challenge is changed
|
84
|
-
tags:
|
85
|
-
- cert
|
86
|
-
|
87
|
-
- name: "Wait for DNS"
|
88
|
-
when: le_challenge is changed
|
89
|
-
pause:
|
90
|
-
minutes: 2
|
91
|
-
tags:
|
92
|
-
- cert
|
93
|
-
|
94
|
-
- name: Let the challenge be validated and retrieve the cert and intermediate certificate
|
95
|
-
acme_certificate:
|
96
|
-
acme_version: 2
|
97
|
-
account_key_src: "/etc/letsencrypt/live/{{ server_name }}/account.pem"
|
98
|
-
csr: "/etc/letsencrypt/live/{{ server_name }}/server.csr"
|
99
|
-
cert: "/etc/letsencrypt/live/{{ server_name }}/server.crt"
|
100
|
-
fullchain: "/etc/letsencrypt/live/{{ server_name }}/fullchain.crt"
|
101
|
-
chain: "/etc/letsencrypt/live/{{ server_name }}/intermediate.crt"
|
102
|
-
challenge: dns-01
|
103
|
-
acme_directory: https://acme-v02.api.letsencrypt.org/directory
|
104
|
-
remaining_days: 60
|
105
|
-
terms_agreed: yes
|
106
|
-
data: "{{ le_challenge }}"
|
107
|
-
when: le_challenge is changed
|
108
|
-
tags:
|
109
|
-
- cert
|
110
|
-
|
111
|
-
- name: Delete txt record on route53
|
112
|
-
route53:
|
113
|
-
zone: "{{ route53_zone }}"
|
114
|
-
type: TXT
|
115
|
-
ttl: 60
|
116
|
-
state: absent
|
117
|
-
wait: yes
|
118
|
-
record: "{{ item.key }}"
|
119
|
-
value: "{{ item.value | map('regex_replace', '^(.*)$', '\"\\1\"' ) | list }}"
|
120
|
-
aws_access_key: "{{ AWS_ACCESS_KEY_ID }}"
|
121
|
-
aws_secret_key: "{{ AWS_SECRET_ACCESS_KEY }}"
|
122
|
-
overwrite: yes
|
123
|
-
loop: "{{ le_challenge.challenge_data_dns | default({}) | dict2items }}"
|
124
|
-
tags:
|
125
|
-
- cert
|
126
|
-
|
127
|
-
- name: restart webserver
|
128
|
-
debug: msg="restart webserver"
|
129
|
-
notify: restart webserver
|
130
|
-
changed_when: true
|
131
|
-
when: le_challenge is changed
|
132
|
-
tags:
|
133
|
-
- cert
|
@@ -1 +0,0 @@
|
|
1
|
-
deploy ALL=(root) NOPASSWD: /usr/bin/monit
|
@@ -1,34 +0,0 @@
|
|
1
|
-
---
|
2
|
-
- name: Configure monit to install instead of pin
|
3
|
-
dpkg_selections:
|
4
|
-
name: monit
|
5
|
-
selection: install
|
6
|
-
become: true
|
7
|
-
tags:
|
8
|
-
- monit
|
9
|
-
|
10
|
-
- name: install monit
|
11
|
-
apt:
|
12
|
-
name: monit
|
13
|
-
state: present
|
14
|
-
become: true
|
15
|
-
tags:
|
16
|
-
- monit
|
17
|
-
|
18
|
-
- name: Copy sudoers file so that deploy can use monit without entering password.
|
19
|
-
copy:
|
20
|
-
src: sudoers-monit
|
21
|
-
dest: /etc/sudoers.d/monit
|
22
|
-
become: true
|
23
|
-
tags:
|
24
|
-
- monit
|
25
|
-
|
26
|
-
- name: Copy monit config to enable http from localhost
|
27
|
-
copy:
|
28
|
-
src: monit-http.conf
|
29
|
-
dest: /etc/monit/conf.d/monit-http.conf
|
30
|
-
become: true
|
31
|
-
notify:
|
32
|
-
- restart_monit
|
33
|
-
tags:
|
34
|
-
- monit
|
@@ -1,20 +0,0 @@
|
|
1
|
-
The MIT License (MIT)
|
2
|
-
|
3
|
-
Copyright (c) 2014 Manuel Tiago Pereira
|
4
|
-
|
5
|
-
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
6
|
-
this software and associated documentation files (the "Software"), to deal in
|
7
|
-
the Software without restriction, including without limitation the rights to
|
8
|
-
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
9
|
-
the Software, and to permit persons to whom the Software is furnished to do so,
|
10
|
-
subject to the following conditions:
|
11
|
-
|
12
|
-
The above copyright notice and this permission notice shall be included in all
|
13
|
-
copies or substantial portions of the Software.
|
14
|
-
|
15
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
-
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
17
|
-
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
18
|
-
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
19
|
-
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
20
|
-
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
@@ -1,31 +0,0 @@
|
|
1
|
-
Passenger
|
2
|
-
========
|
3
|
-
|
4
|
-
Installs or updates Pushion Passenger.
|
5
|
-
|
6
|
-
It will install apache, nginx or standalone modes, depending on **passenger_webserver** variable value (defaults to standalone).
|
7
|
-
|
8
|
-
In the `tests` folder, there are a set of tests for this role, that will provision a VM using Vagrant and setup a simple hello world app. To use them, `cd` into the `tests/{passenger_webserver}/` and execute `vagrant up`. At the moment, only `apache` tests are done.
|
9
|
-
|
10
|
-
Requirements
|
11
|
-
------------
|
12
|
-
|
13
|
-
Assumes that the host is ansible-ready (check **mtpereira.common** role).
|
14
|
-
|
15
|
-
Role Variables
|
16
|
-
--------------
|
17
|
-
|
18
|
-
* `passenger_webserver`: Specifies the webserver to be used by passenger. Possible values: `apache`, `nginx` and `standalone`. Defaults to `standalone`.
|
19
|
-
* `passenger_pkgs_state`: Specifies if this role will garantee that the packages are installed or installed and updated. Possible values: `installed` and `latest`. Defaults to `installed`.
|
20
|
-
|
21
|
-
License
|
22
|
-
-------
|
23
|
-
|
24
|
-
MIT
|
25
|
-
|
26
|
-
Author Information
|
27
|
-
------------------
|
28
|
-
|
29
|
-
[GitHub project page](https://github.com/mtpereira/ansible-passenger)
|
30
|
-
|
31
|
-
[Manuel Tiago Pereira](http://mtpereira.github.io)
|
@@ -1 +0,0 @@
|
|
1
|
-
{install_date: 'Mon Jan 2 18:15:18 2017', version: 1.0.2}
|
@@ -1,21 +0,0 @@
|
|
1
|
-
---
|
2
|
-
galaxy_info:
|
3
|
-
author: Manuel Tiago Pereira
|
4
|
-
description: Installs Phusion Passenger.
|
5
|
-
license: MIT
|
6
|
-
min_ansible_version: 1.4
|
7
|
-
platforms:
|
8
|
-
- name: Debian
|
9
|
-
versions:
|
10
|
-
- wheezy
|
11
|
-
- jessie
|
12
|
-
- name: Ubuntu
|
13
|
-
versions:
|
14
|
-
- lucid
|
15
|
-
- precise
|
16
|
-
- saucy
|
17
|
-
- trusty
|
18
|
-
categories:
|
19
|
-
- web
|
20
|
-
dependencies: []
|
21
|
-
|
@@ -1,13 +0,0 @@
|
|
1
|
-
---
|
2
|
-
- name: apt - add key for passenger repos
|
3
|
-
apt_key: url=http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x561F9B9CAC40B2F7 id=AC40B2F7 state=present
|
4
|
-
|
5
|
-
- name: apt - add support for https
|
6
|
-
apt: pkg={{ item }} state={{ passenger_pkgs_state }} update_cache=yes cache_valid_time=3600
|
7
|
-
with_items:
|
8
|
-
- apt-transport-https
|
9
|
-
- ca-certificates
|
10
|
-
|
11
|
-
- name: apt - add passenger repo
|
12
|
-
apt_repository: repo='deb https://oss-binaries.phusionpassenger.com/apt/passenger {{ ansible_lsb.codename }} main' state=present update_cache=yes
|
13
|
-
|
@@ -1,35 +0,0 @@
|
|
1
|
-
---
|
2
|
-
- name: pkg - install apache passenger packages
|
3
|
-
apt: pkg={{ item }} state={{ passenger_pkgs_state }}
|
4
|
-
with_items:
|
5
|
-
- libapache2-mod-passenger
|
6
|
-
- apache2
|
7
|
-
notify: apache restart
|
8
|
-
when: passenger_webserver == "apache"
|
9
|
-
|
10
|
-
- name: pkg - install nginx passenger packages
|
11
|
-
apt: pkg={{ item }} state={{ passenger_pkgs_state }}
|
12
|
-
with_items:
|
13
|
-
- nginx-extras
|
14
|
-
- passenger
|
15
|
-
notify: nginx restart
|
16
|
-
when: passenger_webserver == "nginx"
|
17
|
-
|
18
|
-
- name: pkg - install standalone passenger packages
|
19
|
-
apt: pkg={{ item }} state={{ passenger_pkgs_state }}
|
20
|
-
with_items:
|
21
|
-
- passenger
|
22
|
-
when: passenger_webserver == "standalone"
|
23
|
-
|
24
|
-
- name: pkg - fix passenger utils shebang
|
25
|
-
lineinfile:
|
26
|
-
dest: "{{ item }}"
|
27
|
-
regexp: '^#\!/usr/bin/ruby\s*'
|
28
|
-
line: "#!/usr/bin/env ruby"
|
29
|
-
backrefs: yes
|
30
|
-
state: present
|
31
|
-
with_items:
|
32
|
-
- /usr/sbin/passenger-memory-stats
|
33
|
-
- /usr/sbin/passenger-status
|
34
|
-
when: passenger_pkgs_fix_shebang
|
35
|
-
|
@@ -1,8 +0,0 @@
|
|
1
|
-
---
|
2
|
-
- name: service - ensure apache is running
|
3
|
-
service: name=apache2 state=started enabled=yes
|
4
|
-
when: passenger_webserver == "apache"
|
5
|
-
|
6
|
-
- name: service - ensure nginx is running
|
7
|
-
service: name=nginx state=started enabled=yes
|
8
|
-
when: passenger_webserver == "nginx"
|
@@ -1 +0,0 @@
|
|
1
|
-
deploy ALL=(root) NOPASSWD: /usr/sbin/passenger-status
|