subspace 2.5.6 → 2.5.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 24d9413d60da10fc4e89a7a07acdee04a663d0ce45a1bf3c666d27b0b4b867ba
-  data.tar.gz: 5c6acea9ad2dd19abd20355764a3e6b5febc9281875ce0e4c5026cb86de5f3bf
+  metadata.gz: 2643e10f07e36c3231852855a37ae9c0478d2013541927e77056f78dd9589835
+  data.tar.gz: 255a1bfd97ce8d5234417696185e9435310d0bb75b665579df4614e747622e8a
 SHA512:
-  metadata.gz: 57e1b9ea34bb641ac71f2f38297b7f1b80c2a97b7aa7c734d44826f5d252b4ead6e9cf0aa74359dd728802527848f36953c871ac37e05ebac770e506f5db8cc7
-  data.tar.gz: f7632eb404a54a3f034ee5dab75854d3109f97d34e9850f1886097bfe70c1e5e3d0621ef1d15cf25e8052fb0d8fe7f24317f5bedd947070039bed17094c11f3e
+  metadata.gz: 73f3655eaa5ec00304002ebd9f0cfeba83c2766347253a11341424fe65359d5a62078899630a35c35a93580f94c44f7e1f32616d0b328c0f0e1cc14448b4b2a1
+  data.tar.gz: a7ae0433d6f04c27b6f74ac1a4879b50365d721ad8f6c65b52c030725fa114d57d458cc80fc0ab8d67fd9635f59c2f9a6ccd34c93101635273e4196d7f76913a

data/.ruby-version

@@ -1 +1 @@
-2.6.3
+2.7.4

data/CHANGELOG.md

@@ -12,6 +12,18 @@ This project attempts to follow [semantic versioning](https://semver.org/).
 
 ## Unreleased
 
+## 2.5.9
+  * backport disabling mitogen
+
+## 2.5.8
+  * Add a new role for configuring a monit-based resque server
+  * Auto-detect mitogen for speed
+
+## 2.5.7
+  * Add ability to set the timezone for servers instead of forcing to Central Time
+  * Update puma configuration to support puma 5 with puma-daemon
+  * Update letsencrypt to add certbot-nginx support for newer ubuntu
+
 ## 2.5.6
   * Fix sending security stats
   * Make sure apt package acl is installed in common role so ansible can become a non-privileged user

data/README.md

@@ -283,11 +283,11 @@ Installs logrotate and lets you configure logs for automatic rotation.  Example
 ## newrelic
 
 ## newrelic-infra
-This role will install the next-gen "Newrelic One" infrastructure agent which can perform a few different functions for newrelic.  The previous "newrelic" role is deprecated. 
+This role will install the next-gen "Newrelic One" infrastructure agent which can perform a few different functions for newrelic.  The previous "newrelic" role is deprecated.
 
-Variables: 
-    # Required, the newrelic license key you get after signing up. 
-    newrelic_license: "longhashthingyougetfromnewrelichere" 
+Variables:
+    # Required, the newrelic license key you get after signing up.
+    newrelic_license: "longhashthingyougetfromnewrelichere"
     # Optional - send logs to newrelic one's log aggregator.
     newrelic_logs:
       - name: rails-production
@@ -373,6 +373,14 @@ Installs redis on the server.
     # Change to * if you want tthis available everywhere.
     redis_bind: 127.0.0.1
 
+## resque
+
+Install monitoring and automatic startup for resque workers via monit. You MUST set the `job_queues` variable as follows:
+
+    job_queues:
+      - default
+      - mailers
+      - exports
 ## ruby-common
 
 Installs ruby on the machine.  YOu can set a version by picking off the download url and sha hash from ruby-lang.org
@@ -387,10 +395,14 @@ Installs ruby on the machine.  YOu can set a version by picking off the download
 
 This will install a monit script that keeps sidekiq running.  We spawn one sidekiq instance that manages as many queues as you need.  Varaibles of note:
 
+    # Process these background job queues
     job_queues:
       - default
       - mailers
 
+    # Number of sidekiq *processes* to run
+    sidekiq_concurrency: 1
+
 * Note that as of v0.4.13, we now also add a unique job queue for each host with its hostname.  This is handy if you need to assign a job to a specific host.  In general you should use named queues, but occasionally this is useful and there's no harm in having it there unused.
 
 Sidekiq uses redis by default, and rails connects to a redis running on localhost by default.  However, this role does not depend on redis since in production it's likely redis will be running elsewhere.  If you're provisioning a standalone server, make sure to include the redis role.
@@ -407,7 +419,18 @@ Thanks to the following repositories for making their roles available:
 * https://github.com/mtpereira/ansible-passenger
 
 
-# Development
+# Mitogen
+
+In order to dramatically speed up ansible, you can install Mitogen: https://github.com/mitogen-hq/mitogen/blob/master/docs/ansible_detailed.rst
+
+    pip install -g mitogen
+
+Subspace will automatically detect this and update your ansible.cfg file so it is blazing fast.  Sometimes this can cause issues with older servers that have weird pythons, so if you have mitogen installed locally but dont wan't to use it, you can set an environment variable:
+
+    DISABLE_MITOGEN=1 subspace provision staging
+
+
+
 
 ## Directory Structure
 

data/ansible/roles/common/defaults/main.yml

@@ -2,3 +2,4 @@
   swap_space: 512M
   deploy_user: deploy
   send_stats: false
+  timezone: America/Chicago

data/ansible/roles/common/files/sudoers-service

@@ -1 +1 @@
-deploy ALL=(root) NOPASSWD: /usr/sbin/service
+deploy ALL=(root) NOPASSWD: /usr/bin/systemctl, /usr/sbin/service

data/ansible/roles/common/tasks/main.yml

@@ -241,9 +241,9 @@
       - maintenance
       - stats
 
-  - name: set timezone to America/Chicago
+  - name: set timezone
     timezone:
-      name: America/Chicago
+      name: "{{timezone}}"
     tags:
       - maintenance
 

data/ansible/roles/letsencrypt/tasks/modern.yml

@@ -6,6 +6,13 @@
       state: present
     with_items:
       - ca-certificates
+    
+  - name: Install certbot-nginx
+    become: true
+    when: "'nginx' in role_names"
+    apt:
+      pkg: python3-certbot-nginx
+      state: present
 
   - name: "Set certbot binary"
     set_fact:

data/ansible/roles/puma/templates/puma.rb

@@ -1,3 +1,11 @@
+begin
+  # Needed for Puma 5 + puma-damon, but built in to Puma 4
+  # https://github.com/kigster/puma-daemon
+  require 'puma/daemon'
+rescue LoadError => e
+  # Puma 4 has `daemonize` built in
+end
+
 # Change to match your CPU core count
 workers {{puma_workers}}
 # Min and Max threads per worker

data/ansible/roles/resque/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+  - name: Install resque monit script
+    template:
+      src: resque-monit-rc
+      dest: /etc/monit/conf-available/resque_{{project_name}}_{{rails_env}}
+    become: true
+
+  - name: Enable resque monit script
+    file:
+      src: /etc/monit/conf-available/resque_{{project_name}}_{{rails_env}}
+      dest: /etc/monit/conf-enabled/resque_{{project_name}}_{{rails_env}}
+      state: link
+    notify:
+      - reload_monit
+      - restart_monit

data/ansible/roles/resque/templates/resque-monit-rc

@@ -0,0 +1,4 @@
+check process resque
+  with pidfile /u/apps/{{project_name}}/shared/tmp/pids/resque.pid
+  start program = "/bin/su - deploy -c 'cd /u/apps/{{project_name}}/current && RAILS_ENV={{rails_env}} QUEUES={{hostname}},{{ job_queues | join(',') }} BACKGROUND=yes PIDFILE=/u/apps/{{project_name}}/shared/tmp/pids/resque.pid bundle exec rake resque:work'" with timeout 30 seconds
+  stop program = "/bin/su - deploy -c 'kill -s TERM `cat /u/apps/{{project_name}}/shared/tmp/pids/resque.pid`'" with timeout 30 seconds

data/ansible/roles/resque/templates/resque-systemd.service

@@ -0,0 +1,47 @@
+[Unit]
+Description=resque
+# consider adding redis-server.service if Redis is local and systemd-managed.
+After=syslog.target network.target
+
+# See these pages for lots of options:
+#
+#   https://www.freedesktop.org/software/systemd/man/systemd.service.html
+#   https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+#
+# THOSE PAGES ARE CRITICAL FOR ANY LINUX DEVOPS WORK; read them multiple
+# times! systemd is a critical tool for all developers to know and understand.
+#
+[Service]
+#
+#      !!!!  !!!!  !!!!
+#
+Type=simple
+
+WorkingDirectory=/u/apps/{{project_name}}/current
+
+ExecStart="RAILS_ENV={{rails_env}} COUNT={{resque_concurrency}} QUEUES={{hostname}},{{ job_queues | join(',') }} BACKGROUND=yes PIDFILE=/u/apps/{{project_name}}/shared/tmp/pids/resque.pid bundle exec rake resque:work"
+
+# Uncomment this if you are going to use this as a system service
+# if using as a user service then leave commented out, or you will get an error trying to start the service
+# !!! Change this to your deploy user account if you are using this as a system service !!!
+User=deploy
+Group=deploy
+UMask=0002
+
+# Greatly reduce Ruby memory fragmentation and heap usage
+# https://www.mikeperham.com/2018/04/25/taming-rails-memory-bloat/
+Environment=MALLOC_ARENA_MAX=2
+
+# if we crash, restart
+RestartSec=1
+Restart=on-failure
+
+# output goes to /var/log/syslog (Ubuntu) or /var/log/messages (CentOS)
+StandardOutput=syslog
+StandardError=syslog
+
+# This will default to "bundler" if we don't specify it
+SyslogIdentifier=resque
+
+[Install]
+WantedBy=multi-user.target

data/ansible/roles/sidekiq/defaults/main.yml

@@ -1,2 +1,2 @@
 ---
-  sidekiq_concurrency: 10
+  sidekiq_concurrency: 1

data/lib/subspace/commands/ansible.rb

@@ -13,6 +13,12 @@ module Subspace
       private
 
       def update_ansible_cfg
+        if !ENV["DISABLE_MITOGEN"] && `pip show mitogen 2>&1` =~ /^Location: (.*?)$/m
+          @mitogen_path = $1
+          puts "🏎🚀🚅Mitogen found at #{@mitogen_path}.  WARP 9!....ENGAGE!🚀"
+        else
+          puts "Mitogen not detected.  Ansible will be slow.  Run `pip install mitogen` to fix."
+        end
         template! "ansible.cfg"
       end
     end

data/lib/subspace/version.rb

@@ -1,3 +1,3 @@
 module Subspace
-  VERSION = "2.5.6"
+  VERSION = "2.5.9"
 end

data/subspace.gemspec

@@ -33,4 +33,5 @@ Gem::Specification.new do |spec|
 
   spec.add_runtime_dependency "commander", "~>4.2"
   spec.add_runtime_dependency "figaro", "~>1.0"
+  spec.add_runtime_dependency "ed25519", "~>1.0"
 end

data/template/provision/ansible.cfg.erb

@@ -3,7 +3,14 @@ inventory = hosts
 forks     = 10
 roles_path = ./roles:<%= File.join(gem_path, 'ansible', 'roles') %>:/etc/ansible/roles
 vault_password_file = .vault_pass
+# Uncomment to add timestamps to tasks to find slow ones.
+# callback_whitelist = profile_tasks
+
+<% if @mitogen_path %>
+strategy_plugins = <%= @mitogen_path %>/ansible_mitogen/plugins/strategy
+strategy = mitogen_linear
+<% end %>
 
 [ssh_connection]
-pipelining=True
-control_path = %(directory)s/%%h-%%p-%%r
+pipelining = True
+control_path = /tmp/subspace-control-%%h-%%p-%%r

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: subspace
 version: !ruby/object:Gem::Version
-  version: 2.5.6
+  version: 2.5.9
 platform: ruby
 authors:
 - Brian Samson
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-07-30 00:00:00.000000000 Z
+date: 2022-06-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -80,6 +80,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: ed25519
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: WIP -- don't use this :)
 email:
 - brian@tenforwardconsulting.com
@@ -225,6 +239,9 @@ files:
 - ansible/roles/rails/templates/database.yml
 - ansible/roles/redis/defaults/main.yml
 - ansible/roles/redis/tasks/main.yml
+- ansible/roles/resque/tasks/main.yml
+- ansible/roles/resque/templates/resque-monit-rc
+- ansible/roles/resque/templates/resque-systemd.service
 - ansible/roles/ruby-common/README.md
 - ansible/roles/ruby-common/defaults/main.yml
 - ansible/roles/ruby-common/meta/main.yml
@@ -310,7 +327,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.3.16
 signing_key:
 specification_version: 4
 summary: Ansible-based server provisioning for rails projects