subspace 3.0.4 → 3.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b413efacd070d9a5bf211d8180a0847864acc3a734dea4873119c7191db4861d
-  data.tar.gz: b2bbf48d4a365f7ac97ca87955896c0b0a1b0df9f08c3a767c0b665eced366e5
+  metadata.gz: 0570afc2b32d634f8839a952875042e5fa2423f83d74c2f1c3caf917d5bf890a
+  data.tar.gz: d55a60c1bb5b95f14384782e9393e0675d8ab2fd2d40d2c2584595d653537f1e
 SHA512:
-  metadata.gz: 63e7177b1120c7cd818988dcf2bacd26254412ab878de320f100290dccb6c233b83593f8b3addbf9b8388f3c83c292301647234236724c01d1ca23e813e661fc
-  data.tar.gz: 828a148ffc71d7446116bb8f93629df0337a82718e530b4937c159e4462b6d65341d31c04d5e431e24495ed4f631202df7d57f924bec710f62083f425c6a74b3
+  metadata.gz: 34685a01a42bf73f3461e0df0fba7c0f56853ed62f2247a933eba8f12ba2bb9413adfbba284b1410e023d41abe2791db1b919c240990c7187232f5db51adf1d5
+  data.tar.gz: 39919a243c97a482fb8a21dd5f76bf5105c42bbfb609a24dc446ef8ea5c050bd638fd1243bd25ab277a0dd358d3f9e51b9b7d696a28536ec54a34bbe9d9575b9

data/CHANGELOG.md

@@ -12,6 +12,13 @@ This project attempts to follow [semantic versioning](https://semver.org/).
 
 ## Unreleased
 
+## 3.0.5
+  * update rake task for secerts
+  * update readme
+  * remove unneeded deps for rails
+  * fix include deprecation
+  * Remove punctuation from tailscale host name
+
 ## 3.0.4
   * log ansible update output to var
 

data/README.md

@@ -13,14 +13,8 @@ you to [configure variables](https://docs.ansible.com/ansible/latest/user_guide/
 
 First, install ansible (>2.0)
 
-OSX:
-
-  brew install ansible
-
-Linux:
-
-  apt-get install ansible
-
+- OSX: `brew install ansible`
+- Linux: `apt-get install ansible`
 
 Add this line to your application's Gemfile:
 
@@ -28,11 +22,13 @@ Add this line to your application's Gemfile:
 gem 'subspace'
 ```
 
-Or install it yourself as:
-
-    $ gem install subspace
+Or install it yourself from the command line: `$ gem install subspace`
 
 ### Mitogen
+
+[!CAUTION]
+***Mitogen is currently broken! It doesn't support the latest ansible version.***
+
 Optionally, you can install a python/pip packaged called "Mitogen" which dramatically speeds up running ansible over ssh.  See [Here](https://github.com/mitogen-hq/mitogen/blob/master/docs/ansible_detailed.rst) for details.
 
     pip install mitogen
@@ -40,15 +36,34 @@ Optionally, you can install a python/pip packaged called "Mitogen" which dramati
 Subspace will try and detect if mitogen is present and use it can.  If mitogen causes problems (sometimes it can cause problems depending on the system versions, and particaularly when brand new versions of anible come up and it hasn't updated), you can disable it:
 
     DISABLE_MITOGEN=1 subspace provision env
+
 ## Usage
 
 ### `subspace init`
 
-Initialize the project for subspace. Creates `config/subspace` with all
-necessary files.
+Initialize the project for subspace. Creates `config/subspace` with all necessary files.
 
 Subspace 3 supports terraform.  You will need to create an IAM user manually with administrative access to the target AWS environment for terraform.
 
+#### Other Requirements
+
+- [JQ](https://formulae.brew.sh/formula/jq)
+- [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli)
+- [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html#getting-started-install-instructions)
+
+#### Setup AWS Profile
+
+`aws configure --profile profile_name`
+
+Subspace expects the `profile_name` to be `subspace-{project name}`.
+
+#### `init` Options
+
+Check [`cli.rb init`](/lib/subspace/cli.rb#L35) for all available options when initializing a new subspace project.
+
+##### `--env`
+The environment will default to `dev` unless you pass in `--env [env name]`
+
 ### `subspace bootstrap <environment>`
 
 Ensures the $HOME/.ssh directory is present and ensures python is installed.
@@ -93,13 +108,13 @@ MUST be turned off manually by running `subspace maintenance_mode <environment>
 
 #### Tagged roles
 
-Role       | Tags                      | Comment
----------- | ----                      | -------
-alienvault | alienvault                | All tasks in the alienvault role have been tagged 'alienvault'
-common     | upgrade                   | runs apt-get update and apt-get upgrade
-common     | authorized\_keys          | updates the authorized\_keys file for the deploy user
-rails      | appyml                    |
-monit      | monit                     | All tasks in the monit role have been tagged 'monit'
+| Role       | Tags             | Comment                                                        |
+| ---------- | ---------------- | -------------------------------------------------------------- |
+| alienvault | alienvault       | All tasks in the alienvault role have been tagged 'alienvault' |
+| common     | upgrade          | runs apt-get update and apt-get upgrade                        |
+| common     | authorized\_keys | updates the authorized\_keys file for the deploy user          |
+| rails      | appyml           |
+| monit      | monit            | All tasks in the monit role have been tagged 'monit'           |
 
 ### `subspace secrets <environment> [--edit] [--create]`
 

data/ansible/roles/common/tasks/main.yml

@@ -29,8 +29,6 @@
       src: motd
       dest: /etc/motd
     become: true
-    tags:
-      - maintenance
 
   - name: Set hostname
     command: hostname {{hostname}}

data/ansible/roles/postgresql/tasks/main.yml

@@ -94,7 +94,7 @@
       name: hstore
       state: present
 
-  - include: backups.yml
+  - import_tasks: backups.yml
     become: true
 
   - name: Grab Psql version

data/ansible/roles/rails/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
   - name: Install rails apt dependencies
     apt:
-      name: ['git', 'libffi-dev', 'libgmp3-dev', 'libpq-dev',  'libxslt-dev', 'nodejs', 'zlib1g-dev' ,'ffmpeg']
+      name: ['git', 'libffi-dev', 'libgmp3-dev', 'libpq-dev',  'libxslt-dev', 'zlib1g-dev']
     become: true
     when: ('Ubuntu' in ansible_distribution)
     tags:

data/ansible/roles/redis/tasks/main.yml

@@ -39,8 +39,14 @@
       regexp: '^protected-mode yes'
       line: 'protected-mode no'
 
-  - name: restart redis
+  - name: enable redis
     become: true
     systemd:
       name: redis
+      enabled: yes
+
+  - name: restart redis
+    become: true
+    systemd:
+      name: redis-server
       state: restarted

data/ansible/roles/tailscale/tasks/main.yml

@@ -25,5 +25,5 @@
 
   - name: "Join the tailnet and force reauth"
     become: true
-    command: tailscale up --ssh --auth-key={{tailscale_auth_key}} --hostname={{project_name}}-{{hostname}} --accept-risk=lose-ssh {{tailscale_options}} --force-reauth
+    command: tailscale up --ssh --auth-key={{tailscale_auth_key}} --hostname={{project_name | regex_replace('_', '')}}-{{hostname}} --accept-risk=lose-ssh {{tailscale_options}} --force-reauth
     tags: [ 'never', 'tailscale_reauth' ]

data/lib/subspace/commands/init.rb

@@ -57,11 +57,12 @@ class Subspace::Commands::Init < Subspace::Commands::Base
       - ensure the correct roles are present in #{@env}.yml
       - Check ansible configuration variables in group_vars/#{@env}
 
-    4. Provision the new servers with ansible:
+    5. Provision the new servers with ansible:
 
       subspace provision #{@env}
 
-    !!MAKE SURE YOU PUT config/subspace/subspace.pem SOMEWHERE!!
+    !!MAKE SURE YOU PUT config/subspace/subspace.pem in 1Password!!
+    !!If you added an SSH Key Passphrase during that step, also save it in 1Password!!
 
   """
 
@@ -137,7 +138,7 @@ class Subspace::Commands::Init < Subspace::Commands::Base
 
   def set_latest_ami
     @latest_ami = `aws --profile subspace-#{project_name} ec2 describe-images \
-    --filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64*' \
+    --filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64*' \
     --query 'Images[*].[ImageId,CreationDate]' --output text \
     | sort -k2 -r \
     | head -n1 | cut -f1`.chomp

data/lib/subspace/version.rb

@@ -1,3 +1,3 @@
 module Subspace
-  VERSION = "3.0.4"
+  VERSION = "3.0.5"
 end

data/template/subspace/inventory.yml.erb

@@ -8,4 +8,5 @@ all:
       hostname: web1
   children:
     <%= @env %>:
-      <%= @env %>1:
+      hosts:
+        <%= @env %>1:

data/template/subspace/secrets/template.erb

@@ -1,5 +1,5 @@
 database_password: <%= SecureRandom.base64 %>
 
 
-SECRET_KEY_BASE: <%= `rake secret` %>
+SECRET_KEY_BASE: <%= `rails secret` %>
 ENABLE_SOME_FEATURE: true

data/template/subspace/terraform/template/main-oxenwagen.tf.erb

@@ -33,14 +33,14 @@ provider aws {
 variable database_password { type = string }
 
 module oxenwagen {
-  source = "github.com/tenforwardconsulting/terraform-subspace-oxenwagen?ref=v2.1.0"
+  source = "github.com/tenforwardconsulting/terraform-subspace-oxenwagen?ref=v2.4.1"
   project_name = "<%= project_name %>"
   project_environment =  "<%= @env %>"
   aws_region = ## "us-west-2"
   lb_health_check_path = "/"
   subspace_public_key = file("../../subspace.pem.pub")
 
-  # Ubuntu Server 20.04 LTS (HVM), SSD Volume Type
+  # Ubuntu Server 22.04 LTS (HVM), SSD Volume Type
   instance_ami = "<%= @latest_ami %>"
   web_instance_type = "t3.small"
   web_instance_count = 2

data/template/subspace/terraform/template/main-workhorse.tf.erb

@@ -28,7 +28,7 @@ module workhorse {
   # zone_id = "ZOJ6811VRVYBT" # 10fw.net
   # subdomain = "<%= project_name.gsub("_", "-") %>"
 
-  # Ubuntu Server 20.04 LTS (HVM), SSD Volume Type
+  # Ubuntu Server 22.04 LTS (HVM), SSD Volume Type
   instance_ami = "ami-0f81e6e71078b75b6"
   instance_user = "ubuntu"
   instance_type = "t3.medium"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: subspace
 version: !ruby/object:Gem::Version
-  version: 3.0.4
+  version: 3.0.5
 platform: ruby
 authors:
 - Brian Samson
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-01-26 00:00:00.000000000 Z
+date: 2024-05-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -313,7 +313,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.5
+rubygems_version: 3.5.9
 signing_key:
 specification_version: 4
 summary: Ansible-based server provisioning for rails projects