subspace 3.0.12 → 3.0.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/README.md +17 -0
- data/ansible/roles/common/tasks/main.yml +3 -3
- data/ansible/roles/postgresql/tasks/main.yml +1 -1
- data/ansible/roles/postgresql-client/tasks/main.yml +1 -1
- data/ansible/roles/rails/tasks/main.yml +1 -1
- data/ansible/roles/ruby-common/tasks/main.yml +1 -1
- data/ansible/roles/tailscale/tasks/main.yml +2 -9
- data/lib/subspace/cli.rb +1 -1
- data/lib/subspace/commands/init.rb +1 -1
- data/lib/subspace/version.rb +1 -1
- data/template/subspace/terraform/template/main-oxenwagen.tf.erb +1 -1
- metadata +3 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5b8e42060884330c35aba2c6696c7e2d517d1077b5123850ac2a5e65e234ec33
|
|
4
|
+
data.tar.gz: f0a73c27e6b04d65e613efab30c537f0956a61bacfa57062be856e095eaf2217
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f7c98b1bda739a664137fec217e6b74fa71cb2a3b4a01c41fb925b6d09f51cbd76494526c5803de0d38ba03e6dbd82ac49ac4716969f9daa32de04c0bc8648aa
|
|
7
|
+
data.tar.gz: f69db016de6cbf90cc19f3d64cbec5068c79df228a6ee26b11e9c4cf14febd13ae970123d10f20b3ce120ac832bc4adf3f3ce33468e4b0b8f633990e79890b4b
|
data/CHANGELOG.md
CHANGED
|
@@ -12,6 +12,13 @@ This project attempts to follow [semantic versioning](https://semver.org/).
|
|
|
12
12
|
|
|
13
13
|
## Unreleased
|
|
14
14
|
|
|
15
|
+
## 3.0.14
|
|
16
|
+
* Update oxenwagen template: remove profile, add final_snapshot_identifier
|
|
17
|
+
* Change key to stat_type for client stats
|
|
18
|
+
|
|
19
|
+
## 3.0.13
|
|
20
|
+
* Allow tailscale to update itself again; bug that required known good version pinning in 3.0.10 has been resolved.
|
|
21
|
+
|
|
15
22
|
## 3.0.12
|
|
16
23
|
* Bugfix: use `exist?`
|
|
17
24
|
|
data/README.md
CHANGED
|
@@ -480,6 +480,23 @@ This will install a monit script that keeps sidekiq running. We spawn one sidek
|
|
|
480
480
|
|
|
481
481
|
Sidekiq uses redis by default, and rails connects to a redis running on localhost by default. However, this role does not depend on redis since in production it's likely redis will be running elsewhere. If you're provisioning a standalone server, make sure to include the redis role.
|
|
482
482
|
|
|
483
|
+
## tailscale
|
|
484
|
+
|
|
485
|
+
This installs/updates the Tailscale package, and adds/authenticates servers to the 10FW Tailnet.
|
|
486
|
+
|
|
487
|
+
**Prerequesites:**
|
|
488
|
+
- Create an auth key within tailscale, appropriately tagged & granted ACL access for the given project.
|
|
489
|
+
- Add `tailscale_auth_key` to the secrets vault for the environment you wish to provision.
|
|
490
|
+
|
|
491
|
+
**Recommendations:**
|
|
492
|
+
|
|
493
|
+
At the top of `config/subspace/{env}.yml`, add a separate block to allow the tailscale role to execute before all other roles. When the tailscale package is updated, the ssh connection will be broken, and it's best to get this out of the way first thing during a maintain or provision.
|
|
494
|
+
|
|
495
|
+
**Force Reauthentication:**
|
|
496
|
+
|
|
497
|
+
To force authentication with the tailnet, use the following tag when provisioning:
|
|
498
|
+
|
|
499
|
+
subspace provision {env} --tags=tailscale_reauth`
|
|
483
500
|
|
|
484
501
|
## Other Internal Roles
|
|
485
502
|
|
|
@@ -168,7 +168,7 @@
|
|
|
168
168
|
body_format: json
|
|
169
169
|
body:
|
|
170
170
|
client_stat:
|
|
171
|
-
|
|
171
|
+
stat_type: os_upgrades
|
|
172
172
|
value: "{{stats_os_upgrades.stdout}}"
|
|
173
173
|
hostname: "{{hostname}}"
|
|
174
174
|
when: (send_stats == true) and (stats_url is defined) and (stats_api_key is defined) and (stats_os_upgrades.stdout | length > 0)
|
|
@@ -236,7 +236,7 @@
|
|
|
236
236
|
body_format: json
|
|
237
237
|
body:
|
|
238
238
|
client_stat:
|
|
239
|
-
|
|
239
|
+
stat_type: os_security_upgrades
|
|
240
240
|
value: "{{stats_os_security_upgrades.stdout}}"
|
|
241
241
|
hostname: "{{hostname}}"
|
|
242
242
|
when: (send_stats == true) and (stats_url is defined) and (stats_api_key is defined) and (stats_os_security_upgrades.stdout | length > 0)
|
|
@@ -323,7 +323,7 @@
|
|
|
323
323
|
body_format: json
|
|
324
324
|
body:
|
|
325
325
|
client_stat:
|
|
326
|
-
|
|
326
|
+
stat_type: os_version
|
|
327
327
|
value: "{{stats_os_version.stdout}}"
|
|
328
328
|
hostname: "{{hostname}}"
|
|
329
329
|
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
|
@@ -117,7 +117,7 @@
|
|
|
117
117
|
body_format: json
|
|
118
118
|
body:
|
|
119
119
|
client_stat:
|
|
120
|
-
|
|
120
|
+
stat_type: psql_version
|
|
121
121
|
value: "{{stats_psql_version.stdout}}"
|
|
122
122
|
hostname: "{{hostname}}"
|
|
123
123
|
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
|
@@ -103,7 +103,7 @@
|
|
|
103
103
|
body_format: json
|
|
104
104
|
body:
|
|
105
105
|
client_stat:
|
|
106
|
-
|
|
106
|
+
stat_type: psql_version
|
|
107
107
|
value: "{{stats_psql_version.stdout}}"
|
|
108
108
|
hostname: "{{hostname}}"
|
|
109
109
|
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
|
@@ -100,7 +100,7 @@
|
|
|
100
100
|
body_format: json
|
|
101
101
|
body:
|
|
102
102
|
client_stat:
|
|
103
|
-
|
|
103
|
+
stat_type: ruby_version
|
|
104
104
|
value: "{{stats_ruby_version.stdout}}"
|
|
105
105
|
hostname: "{{hostname}}"
|
|
106
106
|
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
|
@@ -18,6 +18,7 @@
|
|
|
18
18
|
- tailscale_reauth
|
|
19
19
|
|
|
20
20
|
- name: "Allow tailscale to be installed"
|
|
21
|
+
ignore_errors: yes
|
|
21
22
|
dpkg_selections:
|
|
22
23
|
name: tailscale
|
|
23
24
|
selection: install
|
|
@@ -27,7 +28,7 @@
|
|
|
27
28
|
|
|
28
29
|
- name: "Install tailscale from apt"
|
|
29
30
|
apt:
|
|
30
|
-
name: tailscale
|
|
31
|
+
name: tailscale
|
|
31
32
|
state: present
|
|
32
33
|
allow_downgrade: true
|
|
33
34
|
update_cache: yes
|
|
@@ -35,14 +36,6 @@
|
|
|
35
36
|
- maintenance
|
|
36
37
|
- tailscale_reauth
|
|
37
38
|
|
|
38
|
-
- name: "Prevent tailscale from being upgraded"
|
|
39
|
-
dpkg_selections:
|
|
40
|
-
name: tailscale
|
|
41
|
-
selection: hold
|
|
42
|
-
tags:
|
|
43
|
-
- maintenance
|
|
44
|
-
- tailscale_reauth
|
|
45
|
-
|
|
46
39
|
- name: "Join the tailnet and force reauth"
|
|
47
40
|
become: true
|
|
48
41
|
command: tailscale up --ssh --auth-key={{tailscale_auth_key}} --hostname={{project_name | regex_replace('_', '')}}-{{hostname}} --accept-risk=lose-ssh {{tailscale_options}} --force-reauth
|
data/lib/subspace/cli.rb
CHANGED
|
@@ -46,7 +46,7 @@ class Subspace::Cli
|
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
command :bootstrap do |c|
|
|
49
|
-
c.syntax = 'subspace
|
|
49
|
+
c.syntax = 'subspace bootstrap [host]'
|
|
50
50
|
c.summary = 'Install ansible requirements (python) and authorized_keys file'
|
|
51
51
|
c.description = 'Ansible has very few dependencies, but python is one that is not installed by
|
|
52
52
|
default on many linux images. The bootstrap command will install python on a host as well as
|
data/lib/subspace/version.rb
CHANGED
|
@@ -21,7 +21,6 @@ terraform {
|
|
|
21
21
|
|
|
22
22
|
provider aws {
|
|
23
23
|
region = "us-west-2"
|
|
24
|
-
profile = "subspace-<%= project_name %>"
|
|
25
24
|
default_tags {
|
|
26
25
|
tags = {
|
|
27
26
|
Environment = "<%= @env %>"
|
|
@@ -58,6 +57,7 @@ module oxenwagen {
|
|
|
58
57
|
database_allocated_storage = 100
|
|
59
58
|
database_max_allocated_storage = 1000
|
|
60
59
|
database_iops = 1000
|
|
60
|
+
final_snapshot_identifier = "<%= "#{project_name}-#{@env}-1" %>"
|
|
61
61
|
|
|
62
62
|
# lb_domain_name = "www.<%= project_name %>.com"
|
|
63
63
|
# lb_alternate_names = []
|
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: subspace
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.14
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brian Samson
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: exe
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 2025-03-28 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: bundler
|
|
@@ -313,8 +312,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
313
312
|
- !ruby/object:Gem::Version
|
|
314
313
|
version: '0'
|
|
315
314
|
requirements: []
|
|
316
|
-
rubygems_version: 3.
|
|
317
|
-
signing_key:
|
|
315
|
+
rubygems_version: 3.6.6
|
|
318
316
|
specification_version: 4
|
|
319
317
|
summary: Ansible-based server provisioning for rails projects
|
|
320
318
|
test_files: []
|