subspace 2.5 → 2.5.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -1
- data/README.md +15 -2
- data/ansible/roles/common/tasks/main.yml +3 -3
- data/ansible/roles/letsencrypt/tasks/main.yml +7 -7
- data/ansible/roles/letsencrypt/tasks/modern.yml +19 -0
- data/ansible/roles/newrelic-infra/defaults/main.yml +2 -0
- data/ansible/roles/newrelic-infra/handlers/main.yml +5 -0
- data/ansible/roles/newrelic-infra/tasks/main.yml +33 -0
- data/ansible/roles/newrelic-infra/templates/logs.yml.j2 +5 -0
- data/ansible/roles/newrelic/tasks/main.yml +4 -0
- data/lib/subspace/cli.rb +5 -0
- data/lib/subspace/version.rb +1 -1
- data/template/provision/playbook.yml.erb +1 -2
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ffa8bc859573f1bd22a6223e3063e63146ff7f3e30f390f0673ae81e47b6f299
|
4
|
+
data.tar.gz: 792ed07fbfd88ce81d0915e7cdff6b6fb03815d210778959e21d5e29ca93574c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 44103861cd1471f3cff70769d55525d0363af40727208462ddd98d531120e9eb53504d0e52ed82b0ae26fcad391237e5e6a506db1442cccbf76607d88d4edc75
|
7
|
+
data.tar.gz: 474014c40915e493b5111a548c28f7cb5a0a3e482a5ace75e512f5cfc83e2f469228374419df2e479beef8e223005de73db14b3d3e6905dc73d850e01825a53c
|
data/CHANGELOG.md
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
This is a [changelog](https://keepachangelog.com/en/0.3.0/).
|
4
4
|
|
5
|
-
This project attempts to follow [semantic versioning](https://semver.org/)
|
5
|
+
This project attempts to follow [semantic versioning](https://semver.org/).
|
6
6
|
|
7
7
|
## Known Bugs
|
8
8
|
|
@@ -10,6 +10,25 @@ This project attempts to follow [semantic versioning](https://semver.org/)
|
|
10
10
|
* Not working on OSX - macs don't read from /etc/profile.d/
|
11
11
|
* Stops showing color if you `sudo su`
|
12
12
|
|
13
|
+
## Unreleased
|
14
|
+
|
15
|
+
## 2.5.5
|
16
|
+
* Remove duplicate nginx role from playbook templates
|
17
|
+
* Don't send stats if there have been no upgrades
|
18
|
+
|
19
|
+
## 2.5.4
|
20
|
+
* certbox => certbot
|
21
|
+
|
22
|
+
## 2.5.3
|
23
|
+
* Add a friendly error message if ansible is not installed
|
24
|
+
* Add new role to support New Relic One's infrastructure agent
|
25
|
+
|
26
|
+
## 2.5.2
|
27
|
+
* Always specify the letsencrypt cert_name so they are consistent
|
28
|
+
|
29
|
+
## 2.5.1
|
30
|
+
* Fix os upgrades stat collection for ubuntu 20
|
31
|
+
|
13
32
|
## 2.5
|
14
33
|
* Get actual os version number along with kernal name
|
15
34
|
* Update MOTD version automatically!
|
data/README.md
CHANGED
@@ -282,6 +282,21 @@ Installs logrotate and lets you configure logs for automatic rotation. Example
|
|
282
282
|
|
283
283
|
## newrelic
|
284
284
|
|
285
|
+
## newrelic-infra
|
286
|
+
This role will install the next-gen "Newrelic One" infrastructure agent which can perform a few different functions for newrelic. The previous "newrelic" role is deprecated.
|
287
|
+
|
288
|
+
Variables:
|
289
|
+
# Required, the newrelic license key you get after signing up.
|
290
|
+
newrelic_license: "longhashthingyougetfromnewrelichere"
|
291
|
+
# Optional - send logs to newrelic one's log aggregator.
|
292
|
+
newrelic_logs:
|
293
|
+
- name: rails-production
|
294
|
+
path: /u/apps/blah/shared/log/production.log
|
295
|
+
- name: nginx-error
|
296
|
+
path: /var/log/nginx/error.log
|
297
|
+
|
298
|
+
|
299
|
+
|
285
300
|
## nginx-rails
|
286
301
|
|
287
302
|
Configures nginx to look at localhost:9292 for the socket/backend connection. If you need to do fancy stuff you should simply override this role
|
@@ -358,8 +373,6 @@ Installs redis on the server.
|
|
358
373
|
# Change to * if you want tthis available everywhere.
|
359
374
|
redis_bind: 127.0.0.1
|
360
375
|
|
361
|
-
|
362
|
-
|
363
376
|
## ruby-common
|
364
377
|
|
365
378
|
Installs ruby on the machine. YOu can set a version by picking off the download url and sha hash from ruby-lang.org
|
@@ -129,7 +129,7 @@
|
|
129
129
|
shell:
|
130
130
|
cmd: |
|
131
131
|
sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month
|
132
|
-
grep 'packages' | # Only lines matching 'packages'
|
132
|
+
grep 'packages\|immediately' | # Only lines matching 'packages' or 'immediately'
|
133
133
|
grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines
|
134
134
|
awk '{s+=$1} END {print s}' # Sum all the lines
|
135
135
|
args:
|
@@ -153,7 +153,7 @@
|
|
153
153
|
key: os_upgrades
|
154
154
|
value: "{{stats_os_upgrades.stdout}}"
|
155
155
|
hostname: "{{hostname}}"
|
156
|
-
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
156
|
+
when: (send_stats == true) and (stats_url is defined) and (stats_api_key is defined) and (stats_os_upgrades.stdout | length > 0)
|
157
157
|
tags:
|
158
158
|
- maintenance
|
159
159
|
- stats
|
@@ -222,7 +222,7 @@
|
|
222
222
|
key: os_security_upgrades
|
223
223
|
value: "{{stats_os_security_upgrades.stdout}}"
|
224
224
|
hostname: "{{hostname}}"
|
225
|
-
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
225
|
+
when: (send_stats == true) and (stats_url is defined) and (stats_api_key is defined) and (stats_os_security_upgrades.stdout | length > 0)
|
226
226
|
tags:
|
227
227
|
- maintenance
|
228
228
|
- stats
|
@@ -10,7 +10,7 @@
|
|
10
10
|
become: true
|
11
11
|
ignore_errors: true
|
12
12
|
apt:
|
13
|
-
pkg:
|
13
|
+
pkg: certbot
|
14
14
|
state: present
|
15
15
|
|
16
16
|
- name: "Detect if certbot was installed via APT"
|
@@ -44,7 +44,7 @@
|
|
44
44
|
- name: Run default
|
45
45
|
when: le_ssl_certs is not defined
|
46
46
|
become: true
|
47
|
-
command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --standalone --agree-tos --expand --non-interactive"
|
47
|
+
command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --cert-name {{server_name}} --standalone --agree-tos --expand --non-interactive"
|
48
48
|
|
49
49
|
- name: Generate SSL Certificates
|
50
50
|
become: true
|
@@ -52,13 +52,13 @@
|
|
52
52
|
command: "{{certbot_bin}} certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
|
53
53
|
|
54
54
|
- name: Update nginx default options
|
55
|
-
when:
|
55
|
+
when: "'nginx' in role_names"
|
56
56
|
get_url:
|
57
57
|
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
|
58
58
|
dest: /etc/letsencrypt/options-ssl-nginx.conf
|
59
59
|
|
60
60
|
- name: Update apache default options
|
61
|
-
when:
|
61
|
+
when: "'apache' in role_names"
|
62
62
|
get_url:
|
63
63
|
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
|
64
64
|
dest: /etc/letsencrypt/options-ssl-apache.conf
|
@@ -76,7 +76,7 @@
|
|
76
76
|
|
77
77
|
- name: Setup cron job to auto renew
|
78
78
|
become: true
|
79
|
-
when:
|
79
|
+
when: "'apache' in role_names"
|
80
80
|
cron:
|
81
81
|
name: Auto-renew SSL
|
82
82
|
job: "{{certbot_bin}} renew --no-self-upgrade --apache >> /var/log/cron.log 2>&1"
|
@@ -86,10 +86,10 @@
|
|
86
86
|
|
87
87
|
- name: Setup cron job to auto renew
|
88
88
|
become: true
|
89
|
-
when:
|
89
|
+
when: "'nginx' in role_names"
|
90
90
|
cron:
|
91
91
|
name: Auto-renew SSL
|
92
92
|
job: "{{certbot_bin}} renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
|
93
93
|
hour: "0"
|
94
94
|
minute: "33"
|
95
|
-
state: present
|
95
|
+
state: present
|
@@ -11,3 +11,22 @@
|
|
11
11
|
set_fact:
|
12
12
|
certbot_bin: "certbot"
|
13
13
|
|
14
|
+
- name: "Check for certbot-auto"
|
15
|
+
stat:
|
16
|
+
path: /opt/certbot/certbot-auto
|
17
|
+
register: certbot_auto_exists
|
18
|
+
|
19
|
+
- name: "Remove certbot-auto"
|
20
|
+
file:
|
21
|
+
path: /opt/certbot/certbot-auto
|
22
|
+
state: absent
|
23
|
+
when: certbot_auto_exists.stat.exists
|
24
|
+
|
25
|
+
- name: "Remove certbot-auto cron task"
|
26
|
+
cron:
|
27
|
+
name: Auto-renew SSL
|
28
|
+
job: "{{certbot_bin}} renew --no-self-upgrade --nginx >> /var/log/cron.log 2>&1"
|
29
|
+
hour: "0"
|
30
|
+
minute: "33"
|
31
|
+
state: absent
|
32
|
+
when: certbot_auto_exists.stat.exists
|
@@ -0,0 +1,33 @@
|
|
1
|
+
---
|
2
|
+
- name: Add New Relic apt key
|
3
|
+
apt_key:
|
4
|
+
url: https://download.newrelic.com/infrastructure_agent/gpg/newrelic-infra.gpg
|
5
|
+
state: present
|
6
|
+
become: true
|
7
|
+
|
8
|
+
- name: create license key
|
9
|
+
copy:
|
10
|
+
dest: "/etc/newrelic-infra.yml"
|
11
|
+
content: |
|
12
|
+
license_key: {{newrelic_license}}
|
13
|
+
|
14
|
+
- name: Add New Relic apt repo
|
15
|
+
apt_repository:
|
16
|
+
repo: deb [arch=amd64] https://download.newrelic.com/infrastructure_agent/linux/apt focal main
|
17
|
+
state: present
|
18
|
+
become: true
|
19
|
+
|
20
|
+
- name: Install New Relic server agent
|
21
|
+
apt:
|
22
|
+
pkg: newrelic-infra
|
23
|
+
state: present
|
24
|
+
update_cache: true
|
25
|
+
become: true
|
26
|
+
|
27
|
+
- name: Configure application log forwarding if enabled
|
28
|
+
when: "{{ newrelic_logs|length }}"
|
29
|
+
become: true
|
30
|
+
template:
|
31
|
+
dest: "/etc/newrelic-infra/logging.d/subspace.yml"
|
32
|
+
src: logs.yml.j2
|
33
|
+
notify: Restart newrelic-infra
|
@@ -1,4 +1,8 @@
|
|
1
1
|
---
|
2
|
+
- name: "Deprecation notice"
|
3
|
+
ansible.builtin.debug:
|
4
|
+
msg: The 'newrelic' role in subspace is deprecated. Please migration to Newrelic One and the 'newrelic-infra' role
|
5
|
+
|
2
6
|
- name: Add New Relic apt repo
|
3
7
|
apt_repository:
|
4
8
|
repo: deb http://apt.newrelic.com/debian/ newrelic non-free
|
data/lib/subspace/cli.rb
CHANGED
@@ -24,6 +24,11 @@ class Subspace::Cli
|
|
24
24
|
program :version, Subspace::VERSION
|
25
25
|
program :description, 'Ansible-backed server provisioning tool for rails'
|
26
26
|
|
27
|
+
unless system("which ansible > /dev/null")
|
28
|
+
puts "*** Subspace depends on ansible being on your PATH. Please install it: https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html"
|
29
|
+
exit 1
|
30
|
+
end
|
31
|
+
|
27
32
|
command :init do |c|
|
28
33
|
c.syntax = 'subspace init [vars]'
|
29
34
|
c.summary = 'Run without options to initialize subspace.'
|
data/lib/subspace/version.rb
CHANGED
@@ -12,9 +12,8 @@
|
|
12
12
|
- ruby-common
|
13
13
|
- rails
|
14
14
|
- puma
|
15
|
-
- nginx
|
16
15
|
- letsencrypt
|
17
|
-
- nginx
|
16
|
+
- nginx
|
18
17
|
- postgresql
|
19
18
|
- monit
|
20
19
|
- logrotate
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.5.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-05-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -173,6 +173,10 @@ files:
|
|
173
173
|
- ansible/roles/mysql/templates/mysql_database.yml
|
174
174
|
- ansible/roles/mysql2_gem/meta/main.yml
|
175
175
|
- ansible/roles/mysql2_gem/tasks/main.yml
|
176
|
+
- ansible/roles/newrelic-infra/defaults/main.yml
|
177
|
+
- ansible/roles/newrelic-infra/handlers/main.yml
|
178
|
+
- ansible/roles/newrelic-infra/tasks/main.yml
|
179
|
+
- ansible/roles/newrelic-infra/templates/logs.yml.j2
|
176
180
|
- ansible/roles/newrelic/handlers/main.yml
|
177
181
|
- ansible/roles/newrelic/tasks/main.yml
|
178
182
|
- ansible/roles/nginx-maintenance/tasks/main.yml
|