subspace 2.5.6 β 2.5.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.ruby-version +1 -1
- data/CHANGELOG.md +12 -0
- data/README.md +28 -5
- data/ansible/roles/common/defaults/main.yml +1 -0
- data/ansible/roles/common/files/sudoers-service +1 -1
- data/ansible/roles/common/tasks/main.yml +2 -2
- data/ansible/roles/letsencrypt/tasks/modern.yml +7 -0
- data/ansible/roles/puma/templates/puma.rb +8 -0
- data/ansible/roles/resque/tasks/main.yml +15 -0
- data/ansible/roles/resque/templates/resque-monit-rc +4 -0
- data/ansible/roles/resque/templates/resque-systemd.service +47 -0
- data/ansible/roles/sidekiq/defaults/main.yml +1 -1
- data/lib/subspace/commands/ansible.rb +6 -0
- data/lib/subspace/version.rb +1 -1
- data/subspace.gemspec +1 -0
- data/template/provision/ansible.cfg.erb +9 -2
- metadata +20 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2643e10f07e36c3231852855a37ae9c0478d2013541927e77056f78dd9589835
|
4
|
+
data.tar.gz: 255a1bfd97ce8d5234417696185e9435310d0bb75b665579df4614e747622e8a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 73f3655eaa5ec00304002ebd9f0cfeba83c2766347253a11341424fe65359d5a62078899630a35c35a93580f94c44f7e1f32616d0b328c0f0e1cc14448b4b2a1
|
7
|
+
data.tar.gz: a7ae0433d6f04c27b6f74ac1a4879b50365d721ad8f6c65b52c030725fa114d57d458cc80fc0ab8d67fd9635f59c2f9a6ccd34c93101635273e4196d7f76913a
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.7.4
|
data/CHANGELOG.md
CHANGED
@@ -12,6 +12,18 @@ This project attempts to follow [semantic versioning](https://semver.org/).
|
|
12
12
|
|
13
13
|
## Unreleased
|
14
14
|
|
15
|
+
## 2.5.9
|
16
|
+
* backport disabling mitogen
|
17
|
+
|
18
|
+
## 2.5.8
|
19
|
+
* Add a new role for configuring a monit-based resque server
|
20
|
+
* Auto-detect mitogen for speed
|
21
|
+
|
22
|
+
## 2.5.7
|
23
|
+
* Add ability to set the timezone for servers instead of forcing to Central Time
|
24
|
+
* Update puma configuration to support puma 5 with puma-daemon
|
25
|
+
* Update letsencrypt to add certbot-nginx support for newer ubuntu
|
26
|
+
|
15
27
|
## 2.5.6
|
16
28
|
* Fix sending security stats
|
17
29
|
* Make sure apt package acl is installed in common role so ansible can become a non-privileged user
|
data/README.md
CHANGED
@@ -283,11 +283,11 @@ Installs logrotate and lets you configure logs for automatic rotation. Example
|
|
283
283
|
## newrelic
|
284
284
|
|
285
285
|
## newrelic-infra
|
286
|
-
This role will install the next-gen "Newrelic One" infrastructure agent which can perform a few different functions for newrelic. The previous "newrelic" role is deprecated.
|
286
|
+
This role will install the next-gen "Newrelic One" infrastructure agent which can perform a few different functions for newrelic. The previous "newrelic" role is deprecated.
|
287
287
|
|
288
|
-
Variables:
|
289
|
-
# Required, the newrelic license key you get after signing up.
|
290
|
-
newrelic_license: "longhashthingyougetfromnewrelichere"
|
288
|
+
Variables:
|
289
|
+
# Required, the newrelic license key you get after signing up.
|
290
|
+
newrelic_license: "longhashthingyougetfromnewrelichere"
|
291
291
|
# Optional - send logs to newrelic one's log aggregator.
|
292
292
|
newrelic_logs:
|
293
293
|
- name: rails-production
|
@@ -373,6 +373,14 @@ Installs redis on the server.
|
|
373
373
|
# Change to * if you want tthis available everywhere.
|
374
374
|
redis_bind: 127.0.0.1
|
375
375
|
|
376
|
+
## resque
|
377
|
+
|
378
|
+
Install monitoring and automatic startup for resque workers via monit. You MUST set the `job_queues` variable as follows:
|
379
|
+
|
380
|
+
job_queues:
|
381
|
+
- default
|
382
|
+
- mailers
|
383
|
+
- exports
|
376
384
|
## ruby-common
|
377
385
|
|
378
386
|
Installs ruby on the machine. YOu can set a version by picking off the download url and sha hash from ruby-lang.org
|
@@ -387,10 +395,14 @@ Installs ruby on the machine. YOu can set a version by picking off the download
|
|
387
395
|
|
388
396
|
This will install a monit script that keeps sidekiq running. We spawn one sidekiq instance that manages as many queues as you need. Varaibles of note:
|
389
397
|
|
398
|
+
# Process these background job queues
|
390
399
|
job_queues:
|
391
400
|
- default
|
392
401
|
- mailers
|
393
402
|
|
403
|
+
# Number of sidekiq *processes* to run
|
404
|
+
sidekiq_concurrency: 1
|
405
|
+
|
394
406
|
* Note that as of v0.4.13, we now also add a unique job queue for each host with its hostname. This is handy if you need to assign a job to a specific host. In general you should use named queues, but occasionally this is useful and there's no harm in having it there unused.
|
395
407
|
|
396
408
|
Sidekiq uses redis by default, and rails connects to a redis running on localhost by default. However, this role does not depend on redis since in production it's likely redis will be running elsewhere. If you're provisioning a standalone server, make sure to include the redis role.
|
@@ -407,7 +419,18 @@ Thanks to the following repositories for making their roles available:
|
|
407
419
|
* https://github.com/mtpereira/ansible-passenger
|
408
420
|
|
409
421
|
|
410
|
-
#
|
422
|
+
# Mitogen
|
423
|
+
|
424
|
+
In order to dramatically speed up ansible, you can install Mitogen: https://github.com/mitogen-hq/mitogen/blob/master/docs/ansible_detailed.rst
|
425
|
+
|
426
|
+
pip install -g mitogen
|
427
|
+
|
428
|
+
Subspace will automatically detect this and update your ansible.cfg file so it is blazing fast. Sometimes this can cause issues with older servers that have weird pythons, so if you have mitogen installed locally but dont wan't to use it, you can set an environment variable:
|
429
|
+
|
430
|
+
DISABLE_MITOGEN=1 subspace provision staging
|
431
|
+
|
432
|
+
|
433
|
+
|
411
434
|
|
412
435
|
## Directory Structure
|
413
436
|
|
@@ -1 +1 @@
|
|
1
|
-
deploy ALL=(root) NOPASSWD: /usr/sbin/service
|
1
|
+
deploy ALL=(root) NOPASSWD: /usr/bin/systemctl, /usr/sbin/service
|
@@ -1,3 +1,11 @@
|
|
1
|
+
begin
|
2
|
+
# Needed for Puma 5 + puma-damon, but built in to Puma 4
|
3
|
+
# https://github.com/kigster/puma-daemon
|
4
|
+
require 'puma/daemon'
|
5
|
+
rescue LoadError => e
|
6
|
+
# Puma 4 has `daemonize` built in
|
7
|
+
end
|
8
|
+
|
1
9
|
# Change to match your CPU core count
|
2
10
|
workers {{puma_workers}}
|
3
11
|
# Min and Max threads per worker
|
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
- name: Install resque monit script
|
3
|
+
template:
|
4
|
+
src: resque-monit-rc
|
5
|
+
dest: /etc/monit/conf-available/resque_{{project_name}}_{{rails_env}}
|
6
|
+
become: true
|
7
|
+
|
8
|
+
- name: Enable resque monit script
|
9
|
+
file:
|
10
|
+
src: /etc/monit/conf-available/resque_{{project_name}}_{{rails_env}}
|
11
|
+
dest: /etc/monit/conf-enabled/resque_{{project_name}}_{{rails_env}}
|
12
|
+
state: link
|
13
|
+
notify:
|
14
|
+
- reload_monit
|
15
|
+
- restart_monit
|
@@ -0,0 +1,4 @@
|
|
1
|
+
check process resque
|
2
|
+
with pidfile /u/apps/{{project_name}}/shared/tmp/pids/resque.pid
|
3
|
+
start program = "/bin/su - deploy -c 'cd /u/apps/{{project_name}}/current && RAILS_ENV={{rails_env}} QUEUES={{hostname}},{{ job_queues | join(',') }} BACKGROUND=yes PIDFILE=/u/apps/{{project_name}}/shared/tmp/pids/resque.pid bundle exec rake resque:work'" with timeout 30 seconds
|
4
|
+
stop program = "/bin/su - deploy -c 'kill -s TERM `cat /u/apps/{{project_name}}/shared/tmp/pids/resque.pid`'" with timeout 30 seconds
|
@@ -0,0 +1,47 @@
|
|
1
|
+
[Unit]
|
2
|
+
Description=resque
|
3
|
+
# consider adding redis-server.service if Redis is local and systemd-managed.
|
4
|
+
After=syslog.target network.target
|
5
|
+
|
6
|
+
# See these pages for lots of options:
|
7
|
+
#
|
8
|
+
# https://www.freedesktop.org/software/systemd/man/systemd.service.html
|
9
|
+
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
10
|
+
#
|
11
|
+
# THOSE PAGES ARE CRITICAL FOR ANY LINUX DEVOPS WORK; read them multiple
|
12
|
+
# times! systemd is a critical tool for all developers to know and understand.
|
13
|
+
#
|
14
|
+
[Service]
|
15
|
+
#
|
16
|
+
# !!!! !!!! !!!!
|
17
|
+
#
|
18
|
+
Type=simple
|
19
|
+
|
20
|
+
WorkingDirectory=/u/apps/{{project_name}}/current
|
21
|
+
|
22
|
+
ExecStart="RAILS_ENV={{rails_env}} COUNT={{resque_concurrency}} QUEUES={{hostname}},{{ job_queues | join(',') }} BACKGROUND=yes PIDFILE=/u/apps/{{project_name}}/shared/tmp/pids/resque.pid bundle exec rake resque:work"
|
23
|
+
|
24
|
+
# Uncomment this if you are going to use this as a system service
|
25
|
+
# if using as a user service then leave commented out, or you will get an error trying to start the service
|
26
|
+
# !!! Change this to your deploy user account if you are using this as a system service !!!
|
27
|
+
User=deploy
|
28
|
+
Group=deploy
|
29
|
+
UMask=0002
|
30
|
+
|
31
|
+
# Greatly reduce Ruby memory fragmentation and heap usage
|
32
|
+
# https://www.mikeperham.com/2018/04/25/taming-rails-memory-bloat/
|
33
|
+
Environment=MALLOC_ARENA_MAX=2
|
34
|
+
|
35
|
+
# if we crash, restart
|
36
|
+
RestartSec=1
|
37
|
+
Restart=on-failure
|
38
|
+
|
39
|
+
# output goes to /var/log/syslog (Ubuntu) or /var/log/messages (CentOS)
|
40
|
+
StandardOutput=syslog
|
41
|
+
StandardError=syslog
|
42
|
+
|
43
|
+
# This will default to "bundler" if we don't specify it
|
44
|
+
SyslogIdentifier=resque
|
45
|
+
|
46
|
+
[Install]
|
47
|
+
WantedBy=multi-user.target
|
@@ -1,2 +1,2 @@
|
|
1
1
|
---
|
2
|
-
sidekiq_concurrency:
|
2
|
+
sidekiq_concurrency: 1
|
@@ -13,6 +13,12 @@ module Subspace
|
|
13
13
|
private
|
14
14
|
|
15
15
|
def update_ansible_cfg
|
16
|
+
if !ENV["DISABLE_MITOGEN"] && `pip show mitogen 2>&1` =~ /^Location: (.*?)$/m
|
17
|
+
@mitogen_path = $1
|
18
|
+
puts "πππ
Mitogen found at #{@mitogen_path}. WARP 9!....ENGAGE!π"
|
19
|
+
else
|
20
|
+
puts "Mitogen not detected. Ansible will be slow. Run `pip install mitogen` to fix."
|
21
|
+
end
|
16
22
|
template! "ansible.cfg"
|
17
23
|
end
|
18
24
|
end
|
data/lib/subspace/version.rb
CHANGED
data/subspace.gemspec
CHANGED
@@ -3,7 +3,14 @@ inventory = hosts
|
|
3
3
|
forks = 10
|
4
4
|
roles_path = ./roles:<%= File.join(gem_path, 'ansible', 'roles') %>:/etc/ansible/roles
|
5
5
|
vault_password_file = .vault_pass
|
6
|
+
# Uncomment to add timestamps to tasks to find slow ones.
|
7
|
+
# callback_whitelist = profile_tasks
|
8
|
+
|
9
|
+
<% if @mitogen_path %>
|
10
|
+
strategy_plugins = <%= @mitogen_path %>/ansible_mitogen/plugins/strategy
|
11
|
+
strategy = mitogen_linear
|
12
|
+
<% end %>
|
6
13
|
|
7
14
|
[ssh_connection]
|
8
|
-
pipelining=True
|
9
|
-
control_path =
|
15
|
+
pipelining = True
|
16
|
+
control_path = /tmp/subspace-control-%%h-%%p-%%r
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.5.
|
4
|
+
version: 2.5.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-06-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -80,6 +80,20 @@ dependencies:
|
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '1.0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: ed25519
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '1.0'
|
90
|
+
type: :runtime
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '1.0'
|
83
97
|
description: WIP -- don't use this :)
|
84
98
|
email:
|
85
99
|
- brian@tenforwardconsulting.com
|
@@ -225,6 +239,9 @@ files:
|
|
225
239
|
- ansible/roles/rails/templates/database.yml
|
226
240
|
- ansible/roles/redis/defaults/main.yml
|
227
241
|
- ansible/roles/redis/tasks/main.yml
|
242
|
+
- ansible/roles/resque/tasks/main.yml
|
243
|
+
- ansible/roles/resque/templates/resque-monit-rc
|
244
|
+
- ansible/roles/resque/templates/resque-systemd.service
|
228
245
|
- ansible/roles/ruby-common/README.md
|
229
246
|
- ansible/roles/ruby-common/defaults/main.yml
|
230
247
|
- ansible/roles/ruby-common/meta/main.yml
|
@@ -310,7 +327,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
310
327
|
- !ruby/object:Gem::Version
|
311
328
|
version: '0'
|
312
329
|
requirements: []
|
313
|
-
rubygems_version: 3.
|
330
|
+
rubygems_version: 3.3.16
|
314
331
|
signing_key:
|
315
332
|
specification_version: 4
|
316
333
|
summary: Ansible-based server provisioning for rails projects
|