subspace 2.5.10 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/CHANGELOG.md +22 -5
- data/README.md +105 -51
- data/UPGRADING.md +10 -0
- data/ansible/roles/common/defaults/main.yml +0 -1
- data/ansible/roles/common/files/sudoers-service +1 -1
- data/ansible/roles/common/tasks/main.yml +18 -7
- data/ansible/roles/common/tasks/no_swap.yml +26 -0
- data/ansible/roles/common/templates/motd +1 -1
- data/ansible/roles/common/templates/motd2 +1 -1
- data/ansible/roles/delayed_job/tasks/main.yml +21 -38
- data/ansible/roles/delayed_job/templates/delayed-job-systemd.service +33 -0
- data/ansible/roles/letsencrypt/defaults/main.yml +7 -7
- data/ansible/roles/letsencrypt/tasks/main.yml +18 -24
- data/ansible/roles/memcache/defaults/main.yml +2 -0
- data/ansible/roles/memcache/tasks/main.yml +16 -1
- data/ansible/roles/newrelic-infra/tasks/main.yml +3 -3
- data/ansible/roles/nginx/tasks/main.yml +12 -3
- data/ansible/roles/puma/tasks/main.yml +32 -20
- data/ansible/roles/puma/templates/puma-systemd.service +37 -0
- data/ansible/roles/puma/templates/puma-systemd.socket +14 -0
- data/ansible/roles/puma/templates/puma.rb +4 -2
- data/ansible/roles/rails/defaults/main.yml +0 -7
- data/ansible/roles/redis/tasks/main.yml +28 -3
- data/ansible/roles/resque/tasks/main.yml +11 -12
- data/ansible/roles/resque/templates/resque-systemd.service +10 -3
- data/ansible/roles/ruby-common/tasks/main.yml +1 -16
- data/ansible/roles/sidekiq/defaults/main.yml +1 -1
- data/ansible/roles/sidekiq/tasks/main.yml +11 -15
- data/ansible/roles/sidekiq/templates/sidekiq-monit-rc +1 -1
- data/ansible/roles/sidekiq/templates/sidekiq-systemd.service +63 -0
- data/ansible/roles/tailscale/defaults/main.yml +2 -0
- data/ansible/roles/tailscale/tasks/main.yml +22 -0
- data/bin/console +0 -4
- data/exe/subspace +1 -2
- data/lib/subspace/cli.rb +51 -14
- data/lib/subspace/commands/ansible.rb +12 -3
- data/lib/subspace/commands/base.rb +20 -5
- data/lib/subspace/commands/bootstrap.rb +16 -21
- data/lib/subspace/commands/configure.rb +2 -2
- data/lib/subspace/commands/exec.rb +20 -0
- data/lib/subspace/commands/init.rb +94 -45
- data/lib/subspace/commands/inventory.rb +54 -0
- data/lib/subspace/commands/maintain.rb +1 -1
- data/lib/subspace/commands/provision.rb +1 -3
- data/lib/subspace/commands/secrets.rb +69 -0
- data/lib/subspace/commands/ssh.rb +14 -8
- data/lib/subspace/commands/terraform.rb +83 -0
- data/lib/subspace/inventory.rb +144 -0
- data/lib/subspace/version.rb +1 -1
- data/subspace.gemspec +8 -2
- data/template/{provision → subspace}/.gitignore +3 -0
- data/template/{provision → subspace}/ansible.cfg.erb +2 -2
- data/template/subspace/group_vars/all.erb +28 -0
- data/template/subspace/group_vars/template.erb +26 -0
- data/template/{provision → subspace}/hosts.erb +0 -0
- data/template/subspace/inventory.yml.erb +11 -0
- data/template/{provision → subspace}/playbook.yml.erb +2 -5
- data/template/{provision/vars → subspace/secrets}/template.erb +0 -0
- data/template/{provision → subspace}/templates/application.yml.template +0 -0
- data/template/subspace/templates/authorized_keys.erb +1 -0
- data/template/subspace/terraform/.gitignore +2 -0
- data/template/subspace/terraform/template/main-oxenwagen.tf.erb +116 -0
- data/template/subspace/terraform/template/main-workhorse.tf.erb +41 -0
- data/template/subspace/terraformrc.erb +9 -0
- data/terraform/modules/s3_backend/README +2 -0
- data/terraform/modules/s3_backend/dynamodb.tf +1 -0
- data/terraform/modules/s3_backend/iam_user.tf +38 -0
- data/terraform/modules/s3_backend/main.tf +39 -0
- data/terraform/modules/s3_backend/state_bucket.tf +14 -0
- metadata +41 -55
- data/ansible/roles/awscli/tasks/main.yml +0 -10
- data/ansible/roles/delayed_job/meta/main.yml +0 -5
- data/ansible/roles/letsencrypt_dns/defaults/main.yml +0 -4
- data/ansible/roles/letsencrypt_dns/tasks/main.yml +0 -133
- data/ansible/roles/monit/files/monit-http.conf +0 -3
- data/ansible/roles/monit/files/sudoers-monit +0 -1
- data/ansible/roles/monit/handlers/main.yml +0 -14
- data/ansible/roles/monit/tasks/main.yml +0 -34
- data/ansible/roles/mtpereira.passenger/.bumpversion.cfg +0 -7
- data/ansible/roles/mtpereira.passenger/.gitignore +0 -2
- data/ansible/roles/mtpereira.passenger/LICENSE +0 -20
- data/ansible/roles/mtpereira.passenger/README.md +0 -31
- data/ansible/roles/mtpereira.passenger/defaults/main.yml +0 -5
- data/ansible/roles/mtpereira.passenger/handlers/main.yml +0 -8
- data/ansible/roles/mtpereira.passenger/meta/.galaxy_install_info +0 -1
- data/ansible/roles/mtpereira.passenger/meta/main.yml +0 -21
- data/ansible/roles/mtpereira.passenger/tasks/apt.yml +0 -13
- data/ansible/roles/mtpereira.passenger/tasks/main.yml +0 -8
- data/ansible/roles/mtpereira.passenger/tasks/pkg.yml +0 -35
- data/ansible/roles/mtpereira.passenger/tasks/service.yml +0 -8
- data/ansible/roles/passenger/files/sudoers-passenger +0 -1
- data/ansible/roles/passenger/meta/main.yml +0 -6
- data/ansible/roles/passenger/tasks/main.yml +0 -5
- data/ansible/roles/postgis/defaults/main.yml +0 -2
- data/ansible/roles/puma/defaults/main.yml +0 -5
- data/ansible/roles/puma/meta/main.yml +0 -5
- data/ansible/roles/sidekiq/meta/main.yml +0 -5
- data/lib/subspace/commands/vars.rb +0 -48
- data/template/provision/group_vars/all.erb +0 -17
- data/template/provision/group_vars/template.erb +0 -11
- data/template/provision/host_vars/template.erb +0 -4
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: subspace
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 3.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brian Samson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-01-
|
|
11
|
+
date: 2023-01-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -80,20 +80,6 @@ dependencies:
|
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: '1.0'
|
|
83
|
-
- !ruby/object:Gem::Dependency
|
|
84
|
-
name: ed25519
|
|
85
|
-
requirement: !ruby/object:Gem::Requirement
|
|
86
|
-
requirements:
|
|
87
|
-
- - "~>"
|
|
88
|
-
- !ruby/object:Gem::Version
|
|
89
|
-
version: '1.0'
|
|
90
|
-
type: :runtime
|
|
91
|
-
prerelease: false
|
|
92
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
93
|
-
requirements:
|
|
94
|
-
- - "~>"
|
|
95
|
-
- !ruby/object:Gem::Version
|
|
96
|
-
version: '1.0'
|
|
97
83
|
description: WIP -- don't use this :)
|
|
98
84
|
email:
|
|
99
85
|
- brian@tenforwardconsulting.com
|
|
@@ -114,6 +100,7 @@ files:
|
|
|
114
100
|
- README.md
|
|
115
101
|
- Rakefile
|
|
116
102
|
- TODO
|
|
103
|
+
- UPGRADING.md
|
|
117
104
|
- ansible/playbooks/local_template.yml
|
|
118
105
|
- ansible/playbooks/maintenance_mode.yml
|
|
119
106
|
- ansible/roles/alienvault/tasks/main.yml
|
|
@@ -126,7 +113,6 @@ files:
|
|
|
126
113
|
- ansible/roles/apache/handlers/main.yml
|
|
127
114
|
- ansible/roles/apache/tasks/main.yml
|
|
128
115
|
- ansible/roles/apache/templates/server_status.conf
|
|
129
|
-
- ansible/roles/awscli/tasks/main.yml
|
|
130
116
|
- ansible/roles/collectd/defaults/main.yml
|
|
131
117
|
- ansible/roles/collectd/handlers/main.yml
|
|
132
118
|
- ansible/roles/collectd/tasks/main.yml
|
|
@@ -143,6 +129,7 @@ files:
|
|
|
143
129
|
- ansible/roles/common/files/sudoers-service
|
|
144
130
|
- ansible/roles/common/handlers/main.yml
|
|
145
131
|
- ansible/roles/common/tasks/main.yml
|
|
132
|
+
- ansible/roles/common/tasks/no_swap.yml
|
|
146
133
|
- ansible/roles/common/tasks/swap.yml
|
|
147
134
|
- ansible/roles/common/templates/motd
|
|
148
135
|
- ansible/roles/common/templates/motd2
|
|
@@ -150,38 +137,21 @@ files:
|
|
|
150
137
|
- ansible/roles/delayed_job/README.md
|
|
151
138
|
- ansible/roles/delayed_job/defaults/main.yml
|
|
152
139
|
- ansible/roles/delayed_job/handlers/main.yml
|
|
153
|
-
- ansible/roles/delayed_job/meta/main.yml
|
|
154
140
|
- ansible/roles/delayed_job/tasks/main.yml
|
|
155
141
|
- ansible/roles/delayed_job/templates/delayed-job-monit-rc
|
|
142
|
+
- ansible/roles/delayed_job/templates/delayed-job-systemd.service
|
|
156
143
|
- ansible/roles/letsencrypt/defaults/main.yml
|
|
157
144
|
- ansible/roles/letsencrypt/tasks/legacy.yml
|
|
158
145
|
- ansible/roles/letsencrypt/tasks/main.yml
|
|
159
146
|
- ansible/roles/letsencrypt/tasks/modern.yml
|
|
160
|
-
- ansible/roles/letsencrypt_dns/defaults/main.yml
|
|
161
|
-
- ansible/roles/letsencrypt_dns/tasks/main.yml
|
|
162
147
|
- ansible/roles/logrotate/LICENSE
|
|
163
148
|
- ansible/roles/logrotate/README.md
|
|
164
149
|
- ansible/roles/logrotate/defaults/main.yml
|
|
165
150
|
- ansible/roles/logrotate/meta/main.yml
|
|
166
151
|
- ansible/roles/logrotate/tasks/main.yml
|
|
167
152
|
- ansible/roles/logrotate/templates/logrotate.d.j2
|
|
153
|
+
- ansible/roles/memcache/defaults/main.yml
|
|
168
154
|
- ansible/roles/memcache/tasks/main.yml
|
|
169
|
-
- ansible/roles/monit/files/monit-http.conf
|
|
170
|
-
- ansible/roles/monit/files/sudoers-monit
|
|
171
|
-
- ansible/roles/monit/handlers/main.yml
|
|
172
|
-
- ansible/roles/monit/tasks/main.yml
|
|
173
|
-
- ansible/roles/mtpereira.passenger/.bumpversion.cfg
|
|
174
|
-
- ansible/roles/mtpereira.passenger/.gitignore
|
|
175
|
-
- ansible/roles/mtpereira.passenger/LICENSE
|
|
176
|
-
- ansible/roles/mtpereira.passenger/README.md
|
|
177
|
-
- ansible/roles/mtpereira.passenger/defaults/main.yml
|
|
178
|
-
- ansible/roles/mtpereira.passenger/handlers/main.yml
|
|
179
|
-
- ansible/roles/mtpereira.passenger/meta/.galaxy_install_info
|
|
180
|
-
- ansible/roles/mtpereira.passenger/meta/main.yml
|
|
181
|
-
- ansible/roles/mtpereira.passenger/tasks/apt.yml
|
|
182
|
-
- ansible/roles/mtpereira.passenger/tasks/main.yml
|
|
183
|
-
- ansible/roles/mtpereira.passenger/tasks/pkg.yml
|
|
184
|
-
- ansible/roles/mtpereira.passenger/tasks/service.yml
|
|
185
155
|
- ansible/roles/mysql/meta/main.yml
|
|
186
156
|
- ansible/roles/mysql/tasks/main.yml
|
|
187
157
|
- ansible/roles/mysql/templates/mysql_database.yml
|
|
@@ -209,14 +179,10 @@ files:
|
|
|
209
179
|
- ansible/roles/nodejs/tasks/main.yml
|
|
210
180
|
- ansible/roles/papertrail/tasks/main.yml
|
|
211
181
|
- ansible/roles/papertrail/templates/log_files.yml
|
|
212
|
-
- ansible/roles/passenger/files/sudoers-passenger
|
|
213
|
-
- ansible/roles/passenger/meta/main.yml
|
|
214
|
-
- ansible/roles/passenger/tasks/main.yml
|
|
215
182
|
- ansible/roles/postgis/.gitignore
|
|
216
183
|
- ansible/roles/postgis/CHANGELOG.md
|
|
217
184
|
- ansible/roles/postgis/LICENSE
|
|
218
185
|
- ansible/roles/postgis/README.md
|
|
219
|
-
- ansible/roles/postgis/defaults/main.yml
|
|
220
186
|
- ansible/roles/postgis/meta/main.yml
|
|
221
187
|
- ansible/roles/postgis/tasks/main.yml
|
|
222
188
|
- ansible/roles/postgresql-client/tasks/main.yml
|
|
@@ -227,11 +193,11 @@ files:
|
|
|
227
193
|
- ansible/roles/postgresql/tasks/backups.yml
|
|
228
194
|
- ansible/roles/postgresql/tasks/main.yml
|
|
229
195
|
- ansible/roles/postgresql/templates/backup.sh
|
|
230
|
-
- ansible/roles/puma/defaults/main.yml
|
|
231
|
-
- ansible/roles/puma/meta/main.yml
|
|
232
196
|
- ansible/roles/puma/tasks/main.yml
|
|
233
197
|
- ansible/roles/puma/templates/etc-puma.conf
|
|
234
198
|
- ansible/roles/puma/templates/puma-monit-rc
|
|
199
|
+
- ansible/roles/puma/templates/puma-systemd.service
|
|
200
|
+
- ansible/roles/puma/templates/puma-systemd.socket
|
|
235
201
|
- ansible/roles/puma/templates/puma.rb
|
|
236
202
|
- ansible/roles/rails/defaults/main.yml
|
|
237
203
|
- ansible/roles/rails/tasks/main.yml
|
|
@@ -252,9 +218,11 @@ files:
|
|
|
252
218
|
- ansible/roles/ruby-common/vars/main.yml
|
|
253
219
|
- ansible/roles/sidekiq/README.md
|
|
254
220
|
- ansible/roles/sidekiq/defaults/main.yml
|
|
255
|
-
- ansible/roles/sidekiq/meta/main.yml
|
|
256
221
|
- ansible/roles/sidekiq/tasks/main.yml
|
|
257
222
|
- ansible/roles/sidekiq/templates/sidekiq-monit-rc
|
|
223
|
+
- ansible/roles/sidekiq/templates/sidekiq-systemd.service
|
|
224
|
+
- ansible/roles/tailscale/defaults/main.yml
|
|
225
|
+
- ansible/roles/tailscale/tasks/main.yml
|
|
258
226
|
- ansible/roles/yarn/tasks/main.yml
|
|
259
227
|
- ansible/roles/zenoamaro.postgresql/.gitignore
|
|
260
228
|
- ansible/roles/zenoamaro.postgresql/.travis.yml
|
|
@@ -287,32 +255,50 @@ files:
|
|
|
287
255
|
- lib/subspace/commands/base.rb
|
|
288
256
|
- lib/subspace/commands/bootstrap.rb
|
|
289
257
|
- lib/subspace/commands/configure.rb
|
|
258
|
+
- lib/subspace/commands/exec.rb
|
|
290
259
|
- lib/subspace/commands/init.rb
|
|
260
|
+
- lib/subspace/commands/inventory.rb
|
|
291
261
|
- lib/subspace/commands/maintain.rb
|
|
292
262
|
- lib/subspace/commands/maintenance_mode.rb
|
|
293
263
|
- lib/subspace/commands/override.rb
|
|
294
264
|
- lib/subspace/commands/provision.rb
|
|
265
|
+
- lib/subspace/commands/secrets.rb
|
|
295
266
|
- lib/subspace/commands/ssh.rb
|
|
296
|
-
- lib/subspace/commands/
|
|
267
|
+
- lib/subspace/commands/terraform.rb
|
|
297
268
|
- lib/subspace/configuration.rb
|
|
269
|
+
- lib/subspace/inventory.rb
|
|
298
270
|
- lib/subspace/version.rb
|
|
299
271
|
- subspace.gemspec
|
|
300
272
|
- template/provision.rb.erb
|
|
301
|
-
- template/
|
|
302
|
-
- template/
|
|
303
|
-
- template/
|
|
304
|
-
- template/
|
|
305
|
-
- template/
|
|
306
|
-
- template/
|
|
307
|
-
- template/
|
|
308
|
-
- template/
|
|
309
|
-
- template/
|
|
273
|
+
- template/subspace/.gitignore
|
|
274
|
+
- template/subspace/ansible.cfg.erb
|
|
275
|
+
- template/subspace/group_vars/all.erb
|
|
276
|
+
- template/subspace/group_vars/template.erb
|
|
277
|
+
- template/subspace/hosts.erb
|
|
278
|
+
- template/subspace/inventory.yml.erb
|
|
279
|
+
- template/subspace/playbook.yml.erb
|
|
280
|
+
- template/subspace/secrets/template.erb
|
|
281
|
+
- template/subspace/templates/application.yml.template
|
|
282
|
+
- template/subspace/templates/authorized_keys.erb
|
|
283
|
+
- template/subspace/terraform/.gitignore
|
|
284
|
+
- template/subspace/terraform/template/main-oxenwagen.tf.erb
|
|
285
|
+
- template/subspace/terraform/template/main-workhorse.tf.erb
|
|
286
|
+
- template/subspace/terraformrc.erb
|
|
287
|
+
- terraform/modules/s3_backend/README
|
|
288
|
+
- terraform/modules/s3_backend/dynamodb.tf
|
|
289
|
+
- terraform/modules/s3_backend/iam_user.tf
|
|
290
|
+
- terraform/modules/s3_backend/main.tf
|
|
291
|
+
- terraform/modules/s3_backend/state_bucket.tf
|
|
310
292
|
homepage: https://github.com/tenforwardconsulting/subspace
|
|
311
293
|
licenses:
|
|
312
294
|
- MIT
|
|
313
295
|
metadata:
|
|
314
296
|
allowed_push_host: https://rubygems.org
|
|
315
|
-
post_install_message:
|
|
297
|
+
post_install_message: |
|
|
298
|
+
*** Subspace 3 has many breaking changes
|
|
299
|
+
Primarily, the entire configuration directory structure has moved from config/provision to config/subspace.
|
|
300
|
+
You will need to migrate your old configuration to the new location, or downgrade to Subspace 2 if this was not intentional.
|
|
301
|
+
Please review the Upgrade guide: https://github.com/tenforwardconsulting/subspace/UPGRADING.md
|
|
316
302
|
rdoc_options: []
|
|
317
303
|
require_paths:
|
|
318
304
|
- lib
|
|
@@ -327,7 +313,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
327
313
|
- !ruby/object:Gem::Version
|
|
328
314
|
version: '0'
|
|
329
315
|
requirements: []
|
|
330
|
-
rubygems_version: 3.3.
|
|
316
|
+
rubygems_version: 3.3.3
|
|
331
317
|
signing_key:
|
|
332
318
|
specification_version: 4
|
|
333
319
|
summary: Ansible-based server provisioning for rails projects
|
|
@@ -1,133 +0,0 @@
|
|
|
1
|
-
- name: Update repositories cache and install pip and setuptools package
|
|
2
|
-
apt:
|
|
3
|
-
name: [python-pip, python-setuptools]
|
|
4
|
-
update_cache: yes
|
|
5
|
-
|
|
6
|
-
- pip:
|
|
7
|
-
name: [pyopenssl, boto]
|
|
8
|
-
tags:
|
|
9
|
-
- cert
|
|
10
|
-
|
|
11
|
-
- name: Creates private key directory
|
|
12
|
-
file:
|
|
13
|
-
path: "/etc/letsencrypt/live/{{ server_name }}"
|
|
14
|
-
state: directory
|
|
15
|
-
tags:
|
|
16
|
-
- cert
|
|
17
|
-
|
|
18
|
-
- name: Generate an OpenSSL private key with the default values (4096 bits, RSA)
|
|
19
|
-
openssl_privatekey:
|
|
20
|
-
path: "/etc/letsencrypt/live/{{ server_name }}/privkey.pem"
|
|
21
|
-
register: privkey
|
|
22
|
-
tags:
|
|
23
|
-
- cert
|
|
24
|
-
|
|
25
|
-
- name: Generate an OpenSSL account key with the default values (4096 bits, RSA)
|
|
26
|
-
openssl_privatekey:
|
|
27
|
-
path: "/etc/letsencrypt/live/{{ server_name }}/account.pem"
|
|
28
|
-
tags:
|
|
29
|
-
- cert
|
|
30
|
-
|
|
31
|
-
- name: Generate an OpenSSL Certificate Signing Request
|
|
32
|
-
openssl_csr:
|
|
33
|
-
path: "/etc/letsencrypt/live/{{ server_name }}/server.csr"
|
|
34
|
-
privatekey_path: "/etc/letsencrypt/live/{{ server_name }}/privkey.pem"
|
|
35
|
-
country_name: US
|
|
36
|
-
email_address: "{{ letsencrypt_email }}"
|
|
37
|
-
subject_alt_name: "{{ item.value | map('regex_replace', '^', 'DNS:') | list }}"
|
|
38
|
-
when: privkey is changed
|
|
39
|
-
register: csr
|
|
40
|
-
with_dict:
|
|
41
|
-
dns_server:
|
|
42
|
-
- "{{ server_name }}"
|
|
43
|
-
- "*.{{ server_name }}"
|
|
44
|
-
tags:
|
|
45
|
-
- cert
|
|
46
|
-
|
|
47
|
-
- name: Create a challenge using an account key from a variable.
|
|
48
|
-
acme_certificate:
|
|
49
|
-
acme_version: 2
|
|
50
|
-
account_key_src: "/etc/letsencrypt/live/{{ server_name }}/account.pem"
|
|
51
|
-
csr: "/etc/letsencrypt/live/{{ server_name }}/server.csr"
|
|
52
|
-
cert: "/etc/letsencrypt/live/{{ server_name }}/server.crt"
|
|
53
|
-
fullchain: "/etc/letsencrypt/live/{{ server_name }}/fullchain.crt"
|
|
54
|
-
chain: "/etc/letsencrypt/live/{{ server_name }}/intermediate.crt"
|
|
55
|
-
challenge: dns-01
|
|
56
|
-
acme_directory: https://acme-v02.api.letsencrypt.org/directory
|
|
57
|
-
terms_agreed: yes
|
|
58
|
-
remaining_days: 60
|
|
59
|
-
when: csr is changed
|
|
60
|
-
register: le_challenge
|
|
61
|
-
tags:
|
|
62
|
-
- cert
|
|
63
|
-
|
|
64
|
-
- name: Install txt record on route53
|
|
65
|
-
route53:
|
|
66
|
-
zone: "{{ route53_zone }}"
|
|
67
|
-
type: TXT
|
|
68
|
-
ttl: 60
|
|
69
|
-
state: present
|
|
70
|
-
wait: yes
|
|
71
|
-
record: "{{ item.key }}"
|
|
72
|
-
value: "{{ item.value | map('regex_replace', '^(.*)$', '\"\\1\"' ) | list }}"
|
|
73
|
-
aws_access_key: "{{ AWS_ACCESS_KEY_ID }}"
|
|
74
|
-
aws_secret_key: "{{ AWS_SECRET_ACCESS_KEY }}"
|
|
75
|
-
overwrite: yes
|
|
76
|
-
loop: "{{ le_challenge.challenge_data_dns | default({}) | dict2items }}"
|
|
77
|
-
tags:
|
|
78
|
-
- cert
|
|
79
|
-
|
|
80
|
-
- name: Flush dns cache
|
|
81
|
-
become: true
|
|
82
|
-
command: "systemd-resolve --flush-caches"
|
|
83
|
-
when: le_challenge is changed
|
|
84
|
-
tags:
|
|
85
|
-
- cert
|
|
86
|
-
|
|
87
|
-
- name: "Wait for DNS"
|
|
88
|
-
when: le_challenge is changed
|
|
89
|
-
pause:
|
|
90
|
-
minutes: 2
|
|
91
|
-
tags:
|
|
92
|
-
- cert
|
|
93
|
-
|
|
94
|
-
- name: Let the challenge be validated and retrieve the cert and intermediate certificate
|
|
95
|
-
acme_certificate:
|
|
96
|
-
acme_version: 2
|
|
97
|
-
account_key_src: "/etc/letsencrypt/live/{{ server_name }}/account.pem"
|
|
98
|
-
csr: "/etc/letsencrypt/live/{{ server_name }}/server.csr"
|
|
99
|
-
cert: "/etc/letsencrypt/live/{{ server_name }}/server.crt"
|
|
100
|
-
fullchain: "/etc/letsencrypt/live/{{ server_name }}/fullchain.crt"
|
|
101
|
-
chain: "/etc/letsencrypt/live/{{ server_name }}/intermediate.crt"
|
|
102
|
-
challenge: dns-01
|
|
103
|
-
acme_directory: https://acme-v02.api.letsencrypt.org/directory
|
|
104
|
-
remaining_days: 60
|
|
105
|
-
terms_agreed: yes
|
|
106
|
-
data: "{{ le_challenge }}"
|
|
107
|
-
when: le_challenge is changed
|
|
108
|
-
tags:
|
|
109
|
-
- cert
|
|
110
|
-
|
|
111
|
-
- name: Delete txt record on route53
|
|
112
|
-
route53:
|
|
113
|
-
zone: "{{ route53_zone }}"
|
|
114
|
-
type: TXT
|
|
115
|
-
ttl: 60
|
|
116
|
-
state: absent
|
|
117
|
-
wait: yes
|
|
118
|
-
record: "{{ item.key }}"
|
|
119
|
-
value: "{{ item.value | map('regex_replace', '^(.*)$', '\"\\1\"' ) | list }}"
|
|
120
|
-
aws_access_key: "{{ AWS_ACCESS_KEY_ID }}"
|
|
121
|
-
aws_secret_key: "{{ AWS_SECRET_ACCESS_KEY }}"
|
|
122
|
-
overwrite: yes
|
|
123
|
-
loop: "{{ le_challenge.challenge_data_dns | default({}) | dict2items }}"
|
|
124
|
-
tags:
|
|
125
|
-
- cert
|
|
126
|
-
|
|
127
|
-
- name: restart webserver
|
|
128
|
-
debug: msg="restart webserver"
|
|
129
|
-
notify: restart webserver
|
|
130
|
-
changed_when: true
|
|
131
|
-
when: le_challenge is changed
|
|
132
|
-
tags:
|
|
133
|
-
- cert
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
deploy ALL=(root) NOPASSWD: /usr/bin/monit
|
|
@@ -1,34 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
- name: Configure monit to install instead of pin
|
|
3
|
-
dpkg_selections:
|
|
4
|
-
name: monit
|
|
5
|
-
selection: install
|
|
6
|
-
become: true
|
|
7
|
-
tags:
|
|
8
|
-
- monit
|
|
9
|
-
|
|
10
|
-
- name: install monit
|
|
11
|
-
apt:
|
|
12
|
-
name: monit
|
|
13
|
-
state: present
|
|
14
|
-
become: true
|
|
15
|
-
tags:
|
|
16
|
-
- monit
|
|
17
|
-
|
|
18
|
-
- name: Copy sudoers file so that deploy can use monit without entering password.
|
|
19
|
-
copy:
|
|
20
|
-
src: sudoers-monit
|
|
21
|
-
dest: /etc/sudoers.d/monit
|
|
22
|
-
become: true
|
|
23
|
-
tags:
|
|
24
|
-
- monit
|
|
25
|
-
|
|
26
|
-
- name: Copy monit config to enable http from localhost
|
|
27
|
-
copy:
|
|
28
|
-
src: monit-http.conf
|
|
29
|
-
dest: /etc/monit/conf.d/monit-http.conf
|
|
30
|
-
become: true
|
|
31
|
-
notify:
|
|
32
|
-
- restart_monit
|
|
33
|
-
tags:
|
|
34
|
-
- monit
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
The MIT License (MIT)
|
|
2
|
-
|
|
3
|
-
Copyright (c) 2014 Manuel Tiago Pereira
|
|
4
|
-
|
|
5
|
-
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
|
6
|
-
this software and associated documentation files (the "Software"), to deal in
|
|
7
|
-
the Software without restriction, including without limitation the rights to
|
|
8
|
-
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
|
9
|
-
the Software, and to permit persons to whom the Software is furnished to do so,
|
|
10
|
-
subject to the following conditions:
|
|
11
|
-
|
|
12
|
-
The above copyright notice and this permission notice shall be included in all
|
|
13
|
-
copies or substantial portions of the Software.
|
|
14
|
-
|
|
15
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
-
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
|
17
|
-
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
|
18
|
-
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
|
19
|
-
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
20
|
-
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
Passenger
|
|
2
|
-
========
|
|
3
|
-
|
|
4
|
-
Installs or updates Pushion Passenger.
|
|
5
|
-
|
|
6
|
-
It will install apache, nginx or standalone modes, depending on **passenger_webserver** variable value (defaults to standalone).
|
|
7
|
-
|
|
8
|
-
In the `tests` folder, there are a set of tests for this role, that will provision a VM using Vagrant and setup a simple hello world app. To use them, `cd` into the `tests/{passenger_webserver}/` and execute `vagrant up`. At the moment, only `apache` tests are done.
|
|
9
|
-
|
|
10
|
-
Requirements
|
|
11
|
-
------------
|
|
12
|
-
|
|
13
|
-
Assumes that the host is ansible-ready (check **mtpereira.common** role).
|
|
14
|
-
|
|
15
|
-
Role Variables
|
|
16
|
-
--------------
|
|
17
|
-
|
|
18
|
-
* `passenger_webserver`: Specifies the webserver to be used by passenger. Possible values: `apache`, `nginx` and `standalone`. Defaults to `standalone`.
|
|
19
|
-
* `passenger_pkgs_state`: Specifies if this role will garantee that the packages are installed or installed and updated. Possible values: `installed` and `latest`. Defaults to `installed`.
|
|
20
|
-
|
|
21
|
-
License
|
|
22
|
-
-------
|
|
23
|
-
|
|
24
|
-
MIT
|
|
25
|
-
|
|
26
|
-
Author Information
|
|
27
|
-
------------------
|
|
28
|
-
|
|
29
|
-
[GitHub project page](https://github.com/mtpereira/ansible-passenger)
|
|
30
|
-
|
|
31
|
-
[Manuel Tiago Pereira](http://mtpereira.github.io)
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{install_date: 'Mon Jan 2 18:15:18 2017', version: 1.0.2}
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
galaxy_info:
|
|
3
|
-
author: Manuel Tiago Pereira
|
|
4
|
-
description: Installs Phusion Passenger.
|
|
5
|
-
license: MIT
|
|
6
|
-
min_ansible_version: 1.4
|
|
7
|
-
platforms:
|
|
8
|
-
- name: Debian
|
|
9
|
-
versions:
|
|
10
|
-
- wheezy
|
|
11
|
-
- jessie
|
|
12
|
-
- name: Ubuntu
|
|
13
|
-
versions:
|
|
14
|
-
- lucid
|
|
15
|
-
- precise
|
|
16
|
-
- saucy
|
|
17
|
-
- trusty
|
|
18
|
-
categories:
|
|
19
|
-
- web
|
|
20
|
-
dependencies: []
|
|
21
|
-
|
|
@@ -1,13 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
- name: apt - add key for passenger repos
|
|
3
|
-
apt_key: url=http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x561F9B9CAC40B2F7 id=AC40B2F7 state=present
|
|
4
|
-
|
|
5
|
-
- name: apt - add support for https
|
|
6
|
-
apt: pkg={{ item }} state={{ passenger_pkgs_state }} update_cache=yes cache_valid_time=3600
|
|
7
|
-
with_items:
|
|
8
|
-
- apt-transport-https
|
|
9
|
-
- ca-certificates
|
|
10
|
-
|
|
11
|
-
- name: apt - add passenger repo
|
|
12
|
-
apt_repository: repo='deb https://oss-binaries.phusionpassenger.com/apt/passenger {{ ansible_lsb.codename }} main' state=present update_cache=yes
|
|
13
|
-
|
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
- name: pkg - install apache passenger packages
|
|
3
|
-
apt: pkg={{ item }} state={{ passenger_pkgs_state }}
|
|
4
|
-
with_items:
|
|
5
|
-
- libapache2-mod-passenger
|
|
6
|
-
- apache2
|
|
7
|
-
notify: apache restart
|
|
8
|
-
when: passenger_webserver == "apache"
|
|
9
|
-
|
|
10
|
-
- name: pkg - install nginx passenger packages
|
|
11
|
-
apt: pkg={{ item }} state={{ passenger_pkgs_state }}
|
|
12
|
-
with_items:
|
|
13
|
-
- nginx-extras
|
|
14
|
-
- passenger
|
|
15
|
-
notify: nginx restart
|
|
16
|
-
when: passenger_webserver == "nginx"
|
|
17
|
-
|
|
18
|
-
- name: pkg - install standalone passenger packages
|
|
19
|
-
apt: pkg={{ item }} state={{ passenger_pkgs_state }}
|
|
20
|
-
with_items:
|
|
21
|
-
- passenger
|
|
22
|
-
when: passenger_webserver == "standalone"
|
|
23
|
-
|
|
24
|
-
- name: pkg - fix passenger utils shebang
|
|
25
|
-
lineinfile:
|
|
26
|
-
dest: "{{ item }}"
|
|
27
|
-
regexp: '^#\!/usr/bin/ruby\s*'
|
|
28
|
-
line: "#!/usr/bin/env ruby"
|
|
29
|
-
backrefs: yes
|
|
30
|
-
state: present
|
|
31
|
-
with_items:
|
|
32
|
-
- /usr/sbin/passenger-memory-stats
|
|
33
|
-
- /usr/sbin/passenger-status
|
|
34
|
-
when: passenger_pkgs_fix_shebang
|
|
35
|
-
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
- name: service - ensure apache is running
|
|
3
|
-
service: name=apache2 state=started enabled=yes
|
|
4
|
-
when: passenger_webserver == "apache"
|
|
5
|
-
|
|
6
|
-
- name: service - ensure nginx is running
|
|
7
|
-
service: name=nginx state=started enabled=yes
|
|
8
|
-
when: passenger_webserver == "nginx"
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
deploy ALL=(root) NOPASSWD: /usr/sbin/passenger-status
|