subspace 2.5.3 → 2.5.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2900b56b3f754ef7860f84bed2a542f1613d670d42de47deeb469ccae80f48ad
-  data.tar.gz: 13f7d5fc40033f6da6b639f4198072632adbcffb4f0c6a0646ea992641a6cbde
+  metadata.gz: 21a2457116acadc9fd01649174e0a669ae46e15c8e7b6d6945ecfd3f5b77af75
+  data.tar.gz: b4be4e599753ec7a0a40f82b0bd1e89d027c31b15a4a4b9c38cdbba5011278a4
 SHA512:
-  metadata.gz: e138515cdf107fa30c7668711ea40d26cc316b1ca23366eb63497d92ce96a178d543070c81d8d0617045699bed4250415b429ff709b8e1c2a5caf554f9b95152
-  data.tar.gz: e4420f8d057f1c8ee0376ba9a693a5170e81ab081651657eb9ac45b9bca6662430540d3701ff8ad83bdb6132126c0f3f1f611e276fa17eb5fe24c747ce22d6a2
+  metadata.gz: 4188742f819c864d96ccc410bd24c36a8349e4adcb3ffc334c0dba769a49e514ed46f5fc615ea6d6e6de5bdeb2d2ca81c58affe2733d21c9912af081960535e6
+  data.tar.gz: 6d8254829a880a835e8823ebfb637300a3c20e4b6f4e3be2816062cb6ab2bacb66d154a8d139178243312ee2dd5a3ab66af0065a8a680860f663bdfe13cbfb9e

data/.ruby-version

@@ -1 +1 @@
-2.6.3
+2.7.4

data/CHANGELOG.md

@@ -2,7 +2,7 @@
 
 This is a [changelog](https://keepachangelog.com/en/0.3.0/).
 
-This project attempts to follow [semantic versioning](https://semver.org/)
+This project attempts to follow [semantic versioning](https://semver.org/).
 
 ## Known Bugs
 
@@ -10,6 +10,24 @@ This project attempts to follow [semantic versioning](https://semver.org/)
   * Not working on OSX - macs don't read from /etc/profile.d/
   * Stops showing color if you `sudo su`
 
+## Unreleased
+
+## 2.5.7
+  * Add ability to set the timezone for servers instead of forcing to Central Time
+  * Update puma configuration to support puma 5 with puma-daemon
+  * Update letsencrypt to add certbot-nginx support for newer ubuntu
+
+## 2.5.6
+  * Fix sending security stats
+  * Make sure apt package acl is installed in common role so ansible can become a non-privileged user
+
+## 2.5.5
+  * Remove duplicate nginx role from playbook templates
+  * Don't send stats if there have been no upgrades
+
+## 2.5.4
+  * certbox => certbot
+
 ## 2.5.3
   * Add a friendly error message if ansible is not installed
   * Add new role to support New Relic One's infrastructure agent

data/README.md

@@ -428,8 +428,8 @@ After checking out the repo, run `bin/setup` to install dependencies. Then, run
 To install this gem onto your local machine, run `bundle exec rake install`. To release a new version:
 
   1. update the version number in `version.rb`
-  2. update the version number in motds
-  3. run `bundle exec rake release`
+  2. `gem build subspace.gemspec`
+  3. `gem push subspace-x.y.z.gem`
 
 This will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
 

data/ansible/roles/common/defaults/main.yml

@@ -2,3 +2,4 @@
   swap_space: 512M
   deploy_user: deploy
   send_stats: false
+  timezone: America/Chicago

data/ansible/roles/common/tasks/main.yml

@@ -125,6 +125,12 @@
       - maintenance
       - upgrade
 
+  - name: Install acl so ansible can become a non-privileged user
+    apt:
+      pkg: acl
+      state: present
+    become: true
+
   - name: Get os_upgrades stats
     shell:
       cmd: |
@@ -153,7 +159,7 @@
           key: os_upgrades
           value: "{{stats_os_upgrades.stdout}}"
           hostname: "{{hostname}}"
-    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    when: (send_stats == true) and (stats_url is defined) and (stats_api_key is defined) and (stats_os_upgrades.stdout | length > 0)
     tags:
       - maintenance
       - stats
@@ -197,9 +203,8 @@
   - name: Get os_security_upgrades stats
     shell:
       cmd: |
-        sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month
+        grep -A 1 $(date +%Y-%m) updates.log | # Groups of lines from the current month
         grep 'security' | # Only lines matching 'security'
-        grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines
         awk '{s+=$1} END {print s}' # Sum all the lines
     args:
       chdir: /opt/subspace
@@ -222,7 +227,7 @@
           key: os_security_upgrades
           value: "{{stats_os_security_upgrades.stdout}}"
           hostname: "{{hostname}}"
-    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    when: (send_stats == true) and (stats_url is defined) and (stats_api_key is defined) and (stats_os_security_upgrades.stdout | length > 0)
     tags:
       - maintenance
       - stats
@@ -236,9 +241,9 @@
       - maintenance
       - stats
 
-  - name: set timezone to America/Chicago
+  - name: set timezone
     timezone:
-      name: America/Chicago
+      name: "{{timezone}}"
     tags:
       - maintenance
 

data/ansible/roles/letsencrypt/tasks/main.yml

@@ -10,7 +10,7 @@
     become: true
     ignore_errors: true
     apt:
-      pkg: certbox
+      pkg: certbot
       state: present
 
   - name: "Detect if certbot was installed via APT"
@@ -52,13 +52,13 @@
     command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
 
   - name: Update nginx default options
-    when: nginx_installed is defined
+    when: "'nginx' in role_names"
     get_url:
       url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
       dest: /etc/letsencrypt/options-ssl-nginx.conf
 
   - name: Update apache default options
-    when: apache_installed is defined
+    when: "'apache' in role_names"
     get_url:
       url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
       dest: /etc/letsencrypt/options-ssl-apache.conf
@@ -76,7 +76,7 @@
 
   - name: Setup cron job to auto renew
     become: true
-    when: apache_installed is defined
+    when: "'apache' in role_names"
     cron:
       name: Auto-renew SSL
       job: "{{certbot_bin}} renew --no-self-upgrade --apache >> /var/log/cron.log 2>&1"
@@ -86,10 +86,10 @@
 
   - name: Setup cron job to auto renew
     become: true
-    when: nginx_installed is defined
+    when: "'nginx' in role_names"
     cron:
       name: Auto-renew SSL
       job: "{{certbot_bin}} renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
       hour: "0"
       minute: "33"
-      state: present
+      state: present

data/ansible/roles/letsencrypt/tasks/modern.yml

@@ -6,8 +6,34 @@
       state: present
     with_items:
       - ca-certificates
+    
+  - name: Install certbot-nginx
+    become: true
+    when: "'nginx' in role_names"
+    apt:
+      pkg: python3-certbot-nginx
+      state: present
 
   - name: "Set certbot binary"
     set_fact:
       certbot_bin: "certbot"
 
+  - name: "Check for certbot-auto"
+    stat:
+      path: /opt/certbot/certbot-auto
+    register: certbot_auto_exists
+
+  - name: "Remove certbot-auto"
+    file:
+      path: /opt/certbot/certbot-auto
+      state: absent
+    when: certbot_auto_exists.stat.exists
+
+  - name: "Remove certbot-auto cron task"
+    cron:
+      name: Auto-renew SSL
+      job: "{{certbot_bin}} renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
+      hour: "0"
+      minute: "33"
+      state: absent
+    when: certbot_auto_exists.stat.exists

data/ansible/roles/puma/templates/puma.rb

@@ -1,3 +1,11 @@
+begin
+  # Needed for Puma 5 + puma-damon, but built in to Puma 4
+  # https://github.com/kigster/puma-daemon
+  require 'puma/daemon'
+rescue => LoadError
+  # Puma 4 has `daemonize` built in
+end
+
 # Change to match your CPU core count
 workers {{puma_workers}}
 # Min and Max threads per worker

data/lib/subspace/version.rb

@@ -1,3 +1,3 @@
 module Subspace
-  VERSION = "2.5.3"
+  VERSION = "2.5.7"
 end

data/template/provision/playbook.yml.erb

@@ -12,9 +12,8 @@
       - ruby-common
       - rails
       - puma
-      - nginx
       - letsencrypt
-      - nginx # This is included twice intentionally. I think there is a bug that is fixed by running it both before and after the letsencrypt role.
+      - nginx
       - postgresql
       - monit
       - logrotate

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: subspace
 version: !ruby/object:Gem::Version
-  version: 2.5.3
+  version: 2.5.7
 platform: ruby
 authors:
 - Brian Samson
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-02-18 00:00:00.000000000 Z
+date: 2021-11-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -295,7 +295,7 @@ licenses:
 - MIT
 metadata:
   allowed_push_host: https://rubygems.org
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -310,8 +310,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
-signing_key: 
+rubygems_version: 3.1.6
+signing_key:
 specification_version: 4
 summary: Ansible-based server provisioning for rails projects
 test_files: []