subspace 2.5 → 2.5.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 93091e9b151184634d780b924930692e79ba48fcf0ba21c565a4ab8583bf04e8
-  data.tar.gz: 43a0cc1057b2cc8805c52a646de12c841b79f4388966c0fe2a6bf25d34e0d7fe
+  metadata.gz: ffa8bc859573f1bd22a6223e3063e63146ff7f3e30f390f0673ae81e47b6f299
+  data.tar.gz: 792ed07fbfd88ce81d0915e7cdff6b6fb03815d210778959e21d5e29ca93574c
 SHA512:
-  metadata.gz: e8a80cd668afcbc735bdde1e1067f2428f936a1ea4cb3c5f09d921e14630f61e01e5fd2d09ecf651a2338e94b9c9dc7c1d504f0d87773a4385ac4e5c62d589cd
-  data.tar.gz: 39a99a8d46d0e7b3b794ddffc5eda3873c445cd3df8083d95a3fc888ba1b29ce3808bbad2bbeba0a9619637b9c2e78baafd9ae581b8a7355417df80cb21afc1b
+  metadata.gz: 44103861cd1471f3cff70769d55525d0363af40727208462ddd98d531120e9eb53504d0e52ed82b0ae26fcad391237e5e6a506db1442cccbf76607d88d4edc75
+  data.tar.gz: 474014c40915e493b5111a548c28f7cb5a0a3e482a5ace75e512f5cfc83e2f469228374419df2e479beef8e223005de73db14b3d3e6905dc73d850e01825a53c

data/CHANGELOG.md

@@ -2,7 +2,7 @@
 
 This is a [changelog](https://keepachangelog.com/en/0.3.0/).
 
-This project attempts to follow [semantic versioning](https://semver.org/)
+This project attempts to follow [semantic versioning](https://semver.org/).
 
 ## Known Bugs
 
@@ -10,6 +10,25 @@ This project attempts to follow [semantic versioning](https://semver.org/)
   * Not working on OSX - macs don't read from /etc/profile.d/
   * Stops showing color if you `sudo su`
 
+## Unreleased
+
+## 2.5.5
+  * Remove duplicate nginx role from playbook templates
+  * Don't send stats if there have been no upgrades
+
+## 2.5.4
+  * certbox => certbot
+
+## 2.5.3
+  * Add a friendly error message if ansible is not installed
+  * Add new role to support New Relic One's infrastructure agent
+
+## 2.5.2
+  * Always specify the letsencrypt cert_name so they are consistent
+
+## 2.5.1
+  * Fix os upgrades stat collection for ubuntu 20
+
 ## 2.5
   * Get actual os version number along with kernal name
   * Update MOTD version automatically!

data/README.md

@@ -282,6 +282,21 @@ Installs logrotate and lets you configure logs for automatic rotation.  Example
 
 ## newrelic
 
+## newrelic-infra
+This role will install the next-gen "Newrelic One" infrastructure agent which can perform a few different functions for newrelic.  The previous "newrelic" role is deprecated. 
+
+Variables: 
+    # Required, the newrelic license key you get after signing up. 
+    newrelic_license: "longhashthingyougetfromnewrelichere" 
+    # Optional - send logs to newrelic one's log aggregator.
+    newrelic_logs:
+      - name: rails-production
+        path: /u/apps/blah/shared/log/production.log
+      - name: nginx-error
+        path: /var/log/nginx/error.log
+
+
+
 ## nginx-rails
 
 Configures nginx to look at localhost:9292 for the socket/backend connection.  If you need to do fancy stuff you should simply override this role
@@ -358,8 +373,6 @@ Installs redis on the server.
     # Change to * if you want tthis available everywhere.
     redis_bind: 127.0.0.1
 
-
-
 ## ruby-common
 
 Installs ruby on the machine.  YOu can set a version by picking off the download url and sha hash from ruby-lang.org

data/ansible/roles/common/tasks/main.yml

@@ -129,7 +129,7 @@
     shell:
       cmd: |
         sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month
-        grep 'packages' | # Only lines matching 'packages'
+        grep 'packages\|immediately' | # Only lines matching 'packages' or 'immediately'
         grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines
         awk '{s+=$1} END {print s}' # Sum all the lines
     args:
@@ -153,7 +153,7 @@
           key: os_upgrades
           value: "{{stats_os_upgrades.stdout}}"
           hostname: "{{hostname}}"
-    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    when: (send_stats == true) and (stats_url is defined) and (stats_api_key is defined) and (stats_os_upgrades.stdout | length > 0)
     tags:
       - maintenance
       - stats
@@ -222,7 +222,7 @@
           key: os_security_upgrades
           value: "{{stats_os_security_upgrades.stdout}}"
           hostname: "{{hostname}}"
-    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    when: (send_stats == true) and (stats_url is defined) and (stats_api_key is defined) and (stats_os_security_upgrades.stdout | length > 0)
     tags:
       - maintenance
       - stats

data/ansible/roles/letsencrypt/tasks/main.yml

@@ -10,7 +10,7 @@
     become: true
     ignore_errors: true
     apt:
-      pkg: certbox
+      pkg: certbot
       state: present
 
   - name: "Detect if certbot was installed via APT"
@@ -44,7 +44,7 @@
   - name: Run default
     when: le_ssl_certs is not defined
     become: true
-    command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --standalone --agree-tos --expand --non-interactive"
+    command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --cert-name {{server_name}} --standalone --agree-tos --expand --non-interactive"
 
   - name: Generate SSL Certificates
     become: true
@@ -52,13 +52,13 @@
     command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
 
   - name: Update nginx default options
-    when: nginx_installed is defined
+    when: "'nginx' in role_names"
     get_url:
       url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
       dest: /etc/letsencrypt/options-ssl-nginx.conf
 
   - name: Update apache default options
-    when: apache_installed is defined
+    when: "'apache' in role_names"
     get_url:
       url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
       dest: /etc/letsencrypt/options-ssl-apache.conf
@@ -76,7 +76,7 @@
 
   - name: Setup cron job to auto renew
     become: true
-    when: apache_installed is defined
+    when: "'apache' in role_names"
     cron:
       name: Auto-renew SSL
       job: "{{certbot_bin}} renew --no-self-upgrade --apache >> /var/log/cron.log 2>&1"
@@ -86,10 +86,10 @@
 
   - name: Setup cron job to auto renew
     become: true
-    when: nginx_installed is defined
+    when: "'nginx' in role_names"
     cron:
       name: Auto-renew SSL
       job: "{{certbot_bin}} renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
       hour: "0"
       minute: "33"
-      state: present
+      state: present

data/ansible/roles/letsencrypt/tasks/modern.yml

@@ -11,3 +11,22 @@
     set_fact:
       certbot_bin: "certbot"
 
+  - name: "Check for certbot-auto"
+    stat:
+      path: /opt/certbot/certbot-auto
+    register: certbot_auto_exists
+
+  - name: "Remove certbot-auto"
+    file:
+      path: /opt/certbot/certbot-auto
+      state: absent
+    when: certbot_auto_exists.stat.exists
+
+  - name: "Remove certbot-auto cron task"
+    cron:
+      name: Auto-renew SSL
+      job: "{{certbot_bin}} renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
+      hour: "0"
+      minute: "33"
+      state: absent
+    when: certbot_auto_exists.stat.exists

data/ansible/roles/newrelic-infra/defaults/main.yml

@@ -0,0 +1,2 @@
+newrelic_license: ""
+newrelic_logs: []

data/ansible/roles/newrelic-infra/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+  - name: Restart newrelic-infra
+    service:
+      name: newrelic-infra
+      state: restarted

data/ansible/roles/newrelic-infra/tasks/main.yml

@@ -0,0 +1,33 @@
+---
+  - name: Add New Relic apt key
+    apt_key:
+      url: https://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg 
+      state: present
+    become: true
+
+  - name: create license key
+    copy: 
+      dest: "/etc/newrelic-infra.yml"
+      content: |
+        license_key: {{newrelic_license}}
+
+  - name: Add New Relic apt repo
+    apt_repository:
+      repo: deb [arch=amd64] https://download.newrelic.com/infrastructure_agent/linux/apt focal main
+      state: present
+    become: true
+
+  - name: Install New Relic server agent
+    apt:
+      pkg: newrelic-infra
+      state: present
+      update_cache: true
+    become: true
+
+  - name: Configure application log forwarding if enabled
+    when: "{{ newrelic_logs|length }}"
+    become: true
+    template: 
+      dest: "/etc/newrelic-infra/logging.d/subspace.yml"
+      src: logs.yml.j2
+    notify: Restart newrelic-infra

data/ansible/roles/newrelic-infra/templates/logs.yml.j2

@@ -0,0 +1,5 @@
+logs:
+{% for log in newrelic_logs %}
+  - name: {{log.name}}
+    file: {{log.path}}
+{% endfor %}

data/ansible/roles/newrelic/tasks/main.yml

@@ -1,4 +1,8 @@
 ---
+  - name: "Deprecation notice"
+    ansible.builtin.debug:
+      msg: The 'newrelic' role in subspace is deprecated. Please migration to Newrelic One and the 'newrelic-infra' role
+
   - name: Add New Relic apt repo
     apt_repository:
       repo: deb http://apt.newrelic.com/debian/ newrelic non-free

data/lib/subspace/cli.rb

@@ -24,6 +24,11 @@ class Subspace::Cli
     program :version, Subspace::VERSION
     program :description, 'Ansible-backed server provisioning tool for rails'
 
+    unless system("which ansible > /dev/null")
+      puts "*** Subspace depends on ansible being on your PATH. Please install it: https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html"
+      exit 1
+    end
+
     command :init do |c|
       c.syntax = 'subspace init [vars]'
       c.summary = 'Run without options to initialize subspace.'

data/lib/subspace/version.rb

@@ -1,3 +1,3 @@
 module Subspace
-  VERSION = "2.5"
+  VERSION = "2.5.5"
 end

data/template/provision/playbook.yml.erb

@@ -12,9 +12,8 @@
       - ruby-common
       - rails
       - puma
-      - nginx
       - letsencrypt
-      - nginx # This is included twice intentionally. I think there is a bug that is fixed by running it both before and after the letsencrypt role.
+      - nginx
       - postgresql
       - monit
       - logrotate

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: subspace
 version: !ruby/object:Gem::Version
-  version: '2.5'
+  version: 2.5.5
 platform: ruby
 authors:
 - Brian Samson
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-01-29 00:00:00.000000000 Z
+date: 2021-05-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -173,6 +173,10 @@ files:
 - ansible/roles/mysql/templates/mysql_database.yml
 - ansible/roles/mysql2_gem/meta/main.yml
 - ansible/roles/mysql2_gem/tasks/main.yml
+- ansible/roles/newrelic-infra/defaults/main.yml
+- ansible/roles/newrelic-infra/handlers/main.yml
+- ansible/roles/newrelic-infra/tasks/main.yml
+- ansible/roles/newrelic-infra/templates/logs.yml.j2
 - ansible/roles/newrelic/handlers/main.yml
 - ansible/roles/newrelic/tasks/main.yml
 - ansible/roles/nginx-maintenance/tasks/main.yml