subspace 2.5.6 β†’ 2.5.9

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 24d9413d60da10fc4e89a7a07acdee04a663d0ce45a1bf3c666d27b0b4b867ba
4
- data.tar.gz: 5c6acea9ad2dd19abd20355764a3e6b5febc9281875ce0e4c5026cb86de5f3bf
3
+ metadata.gz: 2643e10f07e36c3231852855a37ae9c0478d2013541927e77056f78dd9589835
4
+ data.tar.gz: 255a1bfd97ce8d5234417696185e9435310d0bb75b665579df4614e747622e8a
5
5
  SHA512:
6
- metadata.gz: 57e1b9ea34bb641ac71f2f38297b7f1b80c2a97b7aa7c734d44826f5d252b4ead6e9cf0aa74359dd728802527848f36953c871ac37e05ebac770e506f5db8cc7
7
- data.tar.gz: f7632eb404a54a3f034ee5dab75854d3109f97d34e9850f1886097bfe70c1e5e3d0621ef1d15cf25e8052fb0d8fe7f24317f5bedd947070039bed17094c11f3e
6
+ metadata.gz: 73f3655eaa5ec00304002ebd9f0cfeba83c2766347253a11341424fe65359d5a62078899630a35c35a93580f94c44f7e1f32616d0b328c0f0e1cc14448b4b2a1
7
+ data.tar.gz: a7ae0433d6f04c27b6f74ac1a4879b50365d721ad8f6c65b52c030725fa114d57d458cc80fc0ab8d67fd9635f59c2f9a6ccd34c93101635273e4196d7f76913a
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 2.6.3
1
+ 2.7.4
data/CHANGELOG.md CHANGED
@@ -12,6 +12,18 @@ This project attempts to follow [semantic versioning](https://semver.org/).
12
12
 
13
13
  ## Unreleased
14
14
 
15
+ ## 2.5.9
16
+ * backport disabling mitogen
17
+
18
+ ## 2.5.8
19
+ * Add a new role for configuring a monit-based resque server
20
+ * Auto-detect mitogen for speed
21
+
22
+ ## 2.5.7
23
+ * Add ability to set the timezone for servers instead of forcing to Central Time
24
+ * Update puma configuration to support puma 5 with puma-daemon
25
+ * Update letsencrypt to add certbot-nginx support for newer ubuntu
26
+
15
27
  ## 2.5.6
16
28
  * Fix sending security stats
17
29
  * Make sure apt package acl is installed in common role so ansible can become a non-privileged user
data/README.md CHANGED
@@ -283,11 +283,11 @@ Installs logrotate and lets you configure logs for automatic rotation. Example
283
283
  ## newrelic
284
284
 
285
285
  ## newrelic-infra
286
- This role will install the next-gen "Newrelic One" infrastructure agent which can perform a few different functions for newrelic. The previous "newrelic" role is deprecated.
286
+ This role will install the next-gen "Newrelic One" infrastructure agent which can perform a few different functions for newrelic. The previous "newrelic" role is deprecated.
287
287
 
288
- Variables:
289
- # Required, the newrelic license key you get after signing up.
290
- newrelic_license: "longhashthingyougetfromnewrelichere"
288
+ Variables:
289
+ # Required, the newrelic license key you get after signing up.
290
+ newrelic_license: "longhashthingyougetfromnewrelichere"
291
291
  # Optional - send logs to newrelic one's log aggregator.
292
292
  newrelic_logs:
293
293
  - name: rails-production
@@ -373,6 +373,14 @@ Installs redis on the server.
373
373
  # Change to * if you want tthis available everywhere.
374
374
  redis_bind: 127.0.0.1
375
375
 
376
+ ## resque
377
+
378
+ Install monitoring and automatic startup for resque workers via monit. You MUST set the `job_queues` variable as follows:
379
+
380
+ job_queues:
381
+ - default
382
+ - mailers
383
+ - exports
376
384
  ## ruby-common
377
385
 
378
386
  Installs ruby on the machine. YOu can set a version by picking off the download url and sha hash from ruby-lang.org
@@ -387,10 +395,14 @@ Installs ruby on the machine. YOu can set a version by picking off the download
387
395
 
388
396
  This will install a monit script that keeps sidekiq running. We spawn one sidekiq instance that manages as many queues as you need. Varaibles of note:
389
397
 
398
+ # Process these background job queues
390
399
  job_queues:
391
400
  - default
392
401
  - mailers
393
402
 
403
+ # Number of sidekiq *processes* to run
404
+ sidekiq_concurrency: 1
405
+
394
406
  * Note that as of v0.4.13, we now also add a unique job queue for each host with its hostname. This is handy if you need to assign a job to a specific host. In general you should use named queues, but occasionally this is useful and there's no harm in having it there unused.
395
407
 
396
408
  Sidekiq uses redis by default, and rails connects to a redis running on localhost by default. However, this role does not depend on redis since in production it's likely redis will be running elsewhere. If you're provisioning a standalone server, make sure to include the redis role.
@@ -407,7 +419,18 @@ Thanks to the following repositories for making their roles available:
407
419
  * https://github.com/mtpereira/ansible-passenger
408
420
 
409
421
 
410
- # Development
422
+ # Mitogen
423
+
424
+ In order to dramatically speed up ansible, you can install Mitogen: https://github.com/mitogen-hq/mitogen/blob/master/docs/ansible_detailed.rst
425
+
426
+ pip install -g mitogen
427
+
428
+ Subspace will automatically detect this and update your ansible.cfg file so it is blazing fast. Sometimes this can cause issues with older servers that have weird pythons, so if you have mitogen installed locally but dont wan't to use it, you can set an environment variable:
429
+
430
+ DISABLE_MITOGEN=1 subspace provision staging
431
+
432
+
433
+
411
434
 
412
435
  ## Directory Structure
413
436
 
@@ -2,3 +2,4 @@
2
2
  swap_space: 512M
3
3
  deploy_user: deploy
4
4
  send_stats: false
5
+ timezone: America/Chicago
@@ -1 +1 @@
1
- deploy ALL=(root) NOPASSWD: /usr/sbin/service
1
+ deploy ALL=(root) NOPASSWD: /usr/bin/systemctl, /usr/sbin/service
@@ -241,9 +241,9 @@
241
241
  - maintenance
242
242
  - stats
243
243
 
244
- - name: set timezone to America/Chicago
244
+ - name: set timezone
245
245
  timezone:
246
- name: America/Chicago
246
+ name: "{{timezone}}"
247
247
  tags:
248
248
  - maintenance
249
249
 
@@ -6,6 +6,13 @@
6
6
  state: present
7
7
  with_items:
8
8
  - ca-certificates
9
+
10
+ - name: Install certbot-nginx
11
+ become: true
12
+ when: "'nginx' in role_names"
13
+ apt:
14
+ pkg: python3-certbot-nginx
15
+ state: present
9
16
 
10
17
  - name: "Set certbot binary"
11
18
  set_fact:
@@ -1,3 +1,11 @@
1
+ begin
2
+ # Needed for Puma 5 + puma-damon, but built in to Puma 4
3
+ # https://github.com/kigster/puma-daemon
4
+ require 'puma/daemon'
5
+ rescue LoadError => e
6
+ # Puma 4 has `daemonize` built in
7
+ end
8
+
1
9
  # Change to match your CPU core count
2
10
  workers {{puma_workers}}
3
11
  # Min and Max threads per worker
@@ -0,0 +1,15 @@
1
+ ---
2
+ - name: Install resque monit script
3
+ template:
4
+ src: resque-monit-rc
5
+ dest: /etc/monit/conf-available/resque_{{project_name}}_{{rails_env}}
6
+ become: true
7
+
8
+ - name: Enable resque monit script
9
+ file:
10
+ src: /etc/monit/conf-available/resque_{{project_name}}_{{rails_env}}
11
+ dest: /etc/monit/conf-enabled/resque_{{project_name}}_{{rails_env}}
12
+ state: link
13
+ notify:
14
+ - reload_monit
15
+ - restart_monit
@@ -0,0 +1,4 @@
1
+ check process resque
2
+ with pidfile /u/apps/{{project_name}}/shared/tmp/pids/resque.pid
3
+ start program = "/bin/su - deploy -c 'cd /u/apps/{{project_name}}/current && RAILS_ENV={{rails_env}} QUEUES={{hostname}},{{ job_queues | join(',') }} BACKGROUND=yes PIDFILE=/u/apps/{{project_name}}/shared/tmp/pids/resque.pid bundle exec rake resque:work'" with timeout 30 seconds
4
+ stop program = "/bin/su - deploy -c 'kill -s TERM `cat /u/apps/{{project_name}}/shared/tmp/pids/resque.pid`'" with timeout 30 seconds
@@ -0,0 +1,47 @@
1
+ [Unit]
2
+ Description=resque
3
+ # consider adding redis-server.service if Redis is local and systemd-managed.
4
+ After=syslog.target network.target
5
+
6
+ # See these pages for lots of options:
7
+ #
8
+ # https://www.freedesktop.org/software/systemd/man/systemd.service.html
9
+ # https://www.freedesktop.org/software/systemd/man/systemd.exec.html
10
+ #
11
+ # THOSE PAGES ARE CRITICAL FOR ANY LINUX DEVOPS WORK; read them multiple
12
+ # times! systemd is a critical tool for all developers to know and understand.
13
+ #
14
+ [Service]
15
+ #
16
+ # !!!! !!!! !!!!
17
+ #
18
+ Type=simple
19
+
20
+ WorkingDirectory=/u/apps/{{project_name}}/current
21
+
22
+ ExecStart="RAILS_ENV={{rails_env}} COUNT={{resque_concurrency}} QUEUES={{hostname}},{{ job_queues | join(',') }} BACKGROUND=yes PIDFILE=/u/apps/{{project_name}}/shared/tmp/pids/resque.pid bundle exec rake resque:work"
23
+
24
+ # Uncomment this if you are going to use this as a system service
25
+ # if using as a user service then leave commented out, or you will get an error trying to start the service
26
+ # !!! Change this to your deploy user account if you are using this as a system service !!!
27
+ User=deploy
28
+ Group=deploy
29
+ UMask=0002
30
+
31
+ # Greatly reduce Ruby memory fragmentation and heap usage
32
+ # https://www.mikeperham.com/2018/04/25/taming-rails-memory-bloat/
33
+ Environment=MALLOC_ARENA_MAX=2
34
+
35
+ # if we crash, restart
36
+ RestartSec=1
37
+ Restart=on-failure
38
+
39
+ # output goes to /var/log/syslog (Ubuntu) or /var/log/messages (CentOS)
40
+ StandardOutput=syslog
41
+ StandardError=syslog
42
+
43
+ # This will default to "bundler" if we don't specify it
44
+ SyslogIdentifier=resque
45
+
46
+ [Install]
47
+ WantedBy=multi-user.target
@@ -1,2 +1,2 @@
1
1
  ---
2
- sidekiq_concurrency: 10
2
+ sidekiq_concurrency: 1
@@ -13,6 +13,12 @@ module Subspace
13
13
  private
14
14
 
15
15
  def update_ansible_cfg
16
+ if !ENV["DISABLE_MITOGEN"] && `pip show mitogen 2>&1` =~ /^Location: (.*?)$/m
17
+ @mitogen_path = $1
18
+ puts "πŸŽπŸš€πŸš…Mitogen found at #{@mitogen_path}. WARP 9!....ENGAGE!πŸš€"
19
+ else
20
+ puts "Mitogen not detected. Ansible will be slow. Run `pip install mitogen` to fix."
21
+ end
16
22
  template! "ansible.cfg"
17
23
  end
18
24
  end
@@ -1,3 +1,3 @@
1
1
  module Subspace
2
- VERSION = "2.5.6"
2
+ VERSION = "2.5.9"
3
3
  end
data/subspace.gemspec CHANGED
@@ -33,4 +33,5 @@ Gem::Specification.new do |spec|
33
33
 
34
34
  spec.add_runtime_dependency "commander", "~>4.2"
35
35
  spec.add_runtime_dependency "figaro", "~>1.0"
36
+ spec.add_runtime_dependency "ed25519", "~>1.0"
36
37
  end
@@ -3,7 +3,14 @@ inventory = hosts
3
3
  forks = 10
4
4
  roles_path = ./roles:<%= File.join(gem_path, 'ansible', 'roles') %>:/etc/ansible/roles
5
5
  vault_password_file = .vault_pass
6
+ # Uncomment to add timestamps to tasks to find slow ones.
7
+ # callback_whitelist = profile_tasks
8
+
9
+ <% if @mitogen_path %>
10
+ strategy_plugins = <%= @mitogen_path %>/ansible_mitogen/plugins/strategy
11
+ strategy = mitogen_linear
12
+ <% end %>
6
13
 
7
14
  [ssh_connection]
8
- pipelining=True
9
- control_path = %(directory)s/%%h-%%p-%%r
15
+ pipelining = True
16
+ control_path = /tmp/subspace-control-%%h-%%p-%%r
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: subspace
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.5.6
4
+ version: 2.5.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brian Samson
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-07-30 00:00:00.000000000 Z
11
+ date: 2022-06-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -80,6 +80,20 @@ dependencies:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
82
  version: '1.0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: ed25519
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '1.0'
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '1.0'
83
97
  description: WIP -- don't use this :)
84
98
  email:
85
99
  - brian@tenforwardconsulting.com
@@ -225,6 +239,9 @@ files:
225
239
  - ansible/roles/rails/templates/database.yml
226
240
  - ansible/roles/redis/defaults/main.yml
227
241
  - ansible/roles/redis/tasks/main.yml
242
+ - ansible/roles/resque/tasks/main.yml
243
+ - ansible/roles/resque/templates/resque-monit-rc
244
+ - ansible/roles/resque/templates/resque-systemd.service
228
245
  - ansible/roles/ruby-common/README.md
229
246
  - ansible/roles/ruby-common/defaults/main.yml
230
247
  - ansible/roles/ruby-common/meta/main.yml
@@ -310,7 +327,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
310
327
  - !ruby/object:Gem::Version
311
328
  version: '0'
312
329
  requirements: []
313
- rubygems_version: 3.0.3
330
+ rubygems_version: 3.3.16
314
331
  signing_key:
315
332
  specification_version: 4
316
333
  summary: Ansible-based server provisioning for rails projects