subspace 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +9 -0
- data/.rspec +2 -0
- data/.ruby-gemset +1 -0
- data/.ruby-version +1 -0
- data/.travis.yml +5 -0
- data/CODE_OF_CONDUCT.md +49 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +54 -0
- data/Rakefile +6 -0
- data/ansible/roles/apache/defaults/main.yml +7 -0
- data/ansible/roles/apache/handlers/main.yml +4 -0
- data/ansible/roles/apache/tasks/main.yml +30 -0
- data/ansible/roles/apache/templates/project.conf +25 -0
- data/ansible/roles/aws/tasks/main.yml +46 -0
- data/ansible/roles/common/defaults/main.yml +3 -0
- data/ansible/roles/common/handlers/main.yml +3 -0
- data/ansible/roles/common/tasks/main.yml +58 -0
- data/ansible/roles/common/tasks/swap.yml +41 -0
- data/ansible/roles/delayed_job/README.md +9 -0
- data/ansible/roles/delayed_job/defaults/main.yml +4 -0
- data/ansible/roles/delayed_job/files/deploy-service +2 -0
- data/ansible/roles/delayed_job/files/monit-http.conf +3 -0
- data/ansible/roles/delayed_job/handlers/main.yml +4 -0
- data/ansible/roles/delayed_job/tasks/main.yml +34 -0
- data/ansible/roles/delayed_job/templates/delayed-job-monit-rc +16 -0
- data/ansible/roles/letsencrypt/defaults/main.yml +2 -0
- data/ansible/roles/letsencrypt/tasks/main.yml +93 -0
- data/ansible/roles/letsencrypt/templates/project-le-ssl.conf +31 -0
- data/ansible/roles/memcache/tasks/main.yml +6 -0
- data/ansible/roles/mysql/meta/main.yml +6 -0
- data/ansible/roles/mysql/tasks/main.yml +12 -0
- data/ansible/roles/mysql/templates/mysql_database.yml +7 -0
- data/ansible/roles/mysql2_gem/meta/main.yml +8 -0
- data/ansible/roles/mysql2_gem/tasks/main.yml +5 -0
- data/ansible/roles/newrelic/handlers/main.yml +5 -0
- data/ansible/roles/newrelic/tasks/main.yml +20 -0
- data/ansible/roles/nginx/tasks/main.yml +20 -0
- data/ansible/roles/nginx/templates/nginx-project +27 -0
- data/ansible/roles/papertrail/tasks/main.yml +12 -0
- data/ansible/roles/papertrail/templates/log_files.yml +7 -0
- data/ansible/roles/postgresql/defaults/main.yml +2 -0
- data/ansible/roles/postgresql/handlers/main.yml +4 -0
- data/ansible/roles/postgresql/meta/main.yml +7 -0
- data/ansible/roles/postgresql/tasks/backups.yml +33 -0
- data/ansible/roles/postgresql/tasks/main.yml +37 -0
- data/ansible/roles/postgresql/templates/backup.sh +50 -0
- data/ansible/roles/puma/tasks/main.yml +29 -0
- data/ansible/roles/puma/templates/etc-init-puma-manager.conf +31 -0
- data/ansible/roles/puma/templates/etc-init-puma.conf +69 -0
- data/ansible/roles/puma/templates/etc-puma.conf +1 -0
- data/ansible/roles/puma/templates/puma.rb +29 -0
- data/ansible/roles/rails/defaults/main.yml +4 -0
- data/ansible/roles/rails/tasks/main.yml +36 -0
- data/ansible/roles/rails/templates/application.yml +3 -0
- data/ansible/roles/rails/templates/database.yml +19 -0
- data/ansible/roles/redis/tasks/main.yml +6 -0
- data/ansible/roles/ruby-common/README.md +74 -0
- data/ansible/roles/ruby-common/defaults/main.yml +6 -0
- data/ansible/roles/ruby-common/meta/main.yml +22 -0
- data/ansible/roles/ruby-common/tasks/main.yml +69 -0
- data/ansible/roles/ruby-common/templates/install-ruby.j2 +8 -0
- data/ansible/roles/ruby-common/templates/rake-env.j2 +3 -0
- data/ansible/roles/ruby-common/templates/ruby-gc-wrapper.j2 +5 -0
- data/ansible/roles/ruby-common/vars/main.yml +26 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/exe/subspace +85 -0
- data/lib/subspace/railtie.rb +9 -0
- data/lib/subspace/version.rb +3 -0
- data/lib/subspace.rb +5 -0
- data/lib/tasks/provision.rake +12 -0
- data/subspace.gemspec +33 -0
- data/template/provision/.gitignore +1 -0
- data/template/provision/ansible.cfg.erb +5 -0
- data/template/provision/group_vars/all.erb +12 -0
- data/template/provision/group_vars/template.erb +14 -0
- data/template/provision/host_vars/template.erb +4 -0
- data/template/provision/hosts.erb +11 -0
- data/template/provision/playbook.yml.erb +26 -0
- data/template/provision/vars/template.erb +4 -0
- metadata +169 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: c1cc519f482126c6f6e35f07756a8da51eda2c62
|
4
|
+
data.tar.gz: f8144c7ab7a9abc53f6cb1a597014a0ad7068c54
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: a4889159adf46a928295bcb7ba91cf662c4822ce9d6e23dd32eb5903138466afd159ab178867b419c84d691110f5a13f3935f20ba49e83073457425d03370fb7
|
7
|
+
data.tar.gz: 0e194bd9c32e60e6e2bcdb16226143fef4bcf690559fe1ee2a5303794217afedd997886515dc4088d2053feea2294583b8074d7435e0b15dc61f1c6f6496279c
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.ruby-gemset
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
subspace
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.2.5
|
data/.travis.yml
ADDED
data/CODE_OF_CONDUCT.md
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
# Contributor Code of Conduct
|
2
|
+
|
3
|
+
As contributors and maintainers of this project, and in the interest of
|
4
|
+
fostering an open and welcoming community, we pledge to respect all people who
|
5
|
+
contribute through reporting issues, posting feature requests, updating
|
6
|
+
documentation, submitting pull requests or patches, and other activities.
|
7
|
+
|
8
|
+
We are committed to making participation in this project a harassment-free
|
9
|
+
experience for everyone, regardless of level of experience, gender, gender
|
10
|
+
identity and expression, sexual orientation, disability, personal appearance,
|
11
|
+
body size, race, ethnicity, age, religion, or nationality.
|
12
|
+
|
13
|
+
Examples of unacceptable behavior by participants include:
|
14
|
+
|
15
|
+
* The use of sexualized language or imagery
|
16
|
+
* Personal attacks
|
17
|
+
* Trolling or insulting/derogatory comments
|
18
|
+
* Public or private harassment
|
19
|
+
* Publishing other's private information, such as physical or electronic
|
20
|
+
addresses, without explicit permission
|
21
|
+
* Other unethical or unprofessional conduct
|
22
|
+
|
23
|
+
Project maintainers have the right and responsibility to remove, edit, or
|
24
|
+
reject comments, commits, code, wiki edits, issues, and other contributions
|
25
|
+
that are not aligned to this Code of Conduct, or to ban temporarily or
|
26
|
+
permanently any contributor for other behaviors that they deem inappropriate,
|
27
|
+
threatening, offensive, or harmful.
|
28
|
+
|
29
|
+
By adopting this Code of Conduct, project maintainers commit themselves to
|
30
|
+
fairly and consistently applying these principles to every aspect of managing
|
31
|
+
this project. Project maintainers who do not follow or enforce the Code of
|
32
|
+
Conduct may be permanently removed from the project team.
|
33
|
+
|
34
|
+
This code of conduct applies both within project spaces and in public spaces
|
35
|
+
when an individual is representing the project or its community.
|
36
|
+
|
37
|
+
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
38
|
+
reported by contacting a project maintainer at brian@briansamson.com. All
|
39
|
+
complaints will be reviewed and investigated and will result in a response that
|
40
|
+
is deemed necessary and appropriate to the circumstances. Maintainers are
|
41
|
+
obligated to maintain confidentiality with regard to the reporter of an
|
42
|
+
incident.
|
43
|
+
|
44
|
+
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
45
|
+
version 1.3.0, available at
|
46
|
+
[http://contributor-covenant.org/version/1/3/0/][version]
|
47
|
+
|
48
|
+
[homepage]: http://contributor-covenant.org
|
49
|
+
[version]: http://contributor-covenant.org/version/1/3/0/
|
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2016 Brian Samson
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,54 @@
|
|
1
|
+
# Subspace
|
2
|
+
|
3
|
+
Subspace is a rubygem meant to make provisioning as easy as Capistrano makes deploying.
|
4
|
+
|
5
|
+
http://tvtropes.org/pmwiki/pmwiki.php/Main/SubspaceAnsible
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
gem 'subspace'
|
13
|
+
```
|
14
|
+
|
15
|
+
And then execute:
|
16
|
+
|
17
|
+
$ bundle
|
18
|
+
|
19
|
+
Or install it yourself as:
|
20
|
+
|
21
|
+
$ gem install subspace
|
22
|
+
|
23
|
+
## Usage
|
24
|
+
|
25
|
+
subspace init
|
26
|
+
cp path/to/.vault_pass config/provision/ # Or get it from another person
|
27
|
+
cd config/provision && ansible-vault create vars/production.yml
|
28
|
+
cd config/provision && ansible-vault create vars/dev.yml
|
29
|
+
|
30
|
+
## Directory Structure
|
31
|
+
|
32
|
+
`ansible/roles`
|
33
|
+
|
34
|
+
Contains all of our custom roles. When the gem is installed and `subspace init`
|
35
|
+
is ran, the newly created `ansible.cfg` will be configured to look for these
|
36
|
+
roles.
|
37
|
+
|
38
|
+
`template`
|
39
|
+
|
40
|
+
Contains the template files that get copied over when `subspace init` is ran.
|
41
|
+
|
42
|
+
## Development
|
43
|
+
|
44
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
45
|
+
|
46
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
47
|
+
|
48
|
+
## Contributing
|
49
|
+
|
50
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/tenforwardconsulting/subspace. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
51
|
+
|
52
|
+
## License
|
53
|
+
|
54
|
+
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
data/Rakefile
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
---
|
2
|
+
- name: Install apache2
|
3
|
+
apt:
|
4
|
+
pkg: apache2
|
5
|
+
state: present
|
6
|
+
|
7
|
+
- name: a2enmod headers
|
8
|
+
apache2_module:
|
9
|
+
name: headers
|
10
|
+
state: present
|
11
|
+
|
12
|
+
- name: a2enmod expires
|
13
|
+
apache2_module:
|
14
|
+
name: expires
|
15
|
+
state: present
|
16
|
+
|
17
|
+
- name: Create Apache config
|
18
|
+
template:
|
19
|
+
src: "{{template_src_path}}"
|
20
|
+
dest: /etc/apache2/sites-available/{{project_name}}.conf
|
21
|
+
sudo: true
|
22
|
+
notify: apache restart
|
23
|
+
|
24
|
+
- name: Symlink {{project_name}}.conf to sites-enabled
|
25
|
+
file:
|
26
|
+
src: /etc/apache2/sites-available/{{project_name}}.conf
|
27
|
+
dest: /etc/apache2/sites-enabled/{{project_name}}.conf
|
28
|
+
state: link
|
29
|
+
sudo: true
|
30
|
+
notify: apache restart
|
@@ -0,0 +1,25 @@
|
|
1
|
+
<VirtualHost *:80>
|
2
|
+
ServerName {{server_name}}
|
3
|
+
{% for alias in server_aliases %}
|
4
|
+
ServerAlias {{alias}}
|
5
|
+
{% endfor %}
|
6
|
+
RailsEnv {{rails_env}}
|
7
|
+
# !!! Be sure to point DocumentRoot to 'public'!
|
8
|
+
DocumentRoot /u/apps/{{project_name}}/current/public
|
9
|
+
<Directory /u/apps/{{project_name}}/current/public>
|
10
|
+
# This relaxes Apache security settings.
|
11
|
+
AllowOverride all
|
12
|
+
# MultiViews must be turned off.
|
13
|
+
Options -MultiViews
|
14
|
+
# Uncomment this if you're on Apache >= 2.4:
|
15
|
+
Require all granted
|
16
|
+
</Directory>
|
17
|
+
<Location /assets/>
|
18
|
+
# Use of ETag is discouraged when Last-Modified is present
|
19
|
+
Header unset ETag
|
20
|
+
FileETag None
|
21
|
+
# RFC says only cache for 1 year
|
22
|
+
ExpiresActive On
|
23
|
+
ExpiresDefault "access plus 1 year"
|
24
|
+
</Location>
|
25
|
+
</VirtualHost>
|
@@ -0,0 +1,46 @@
|
|
1
|
+
---
|
2
|
+
- name: Create security group
|
3
|
+
ec2_group:
|
4
|
+
name: "{{hostname}}"
|
5
|
+
aws_access_key: "{{ec2_access_key}}"
|
6
|
+
aws_secret_key: "{{ec2_secret_key}}"
|
7
|
+
description: "A Security group"
|
8
|
+
region: us-west-2
|
9
|
+
rules:
|
10
|
+
- proto: tcp
|
11
|
+
from_port: 22
|
12
|
+
to_port: 22
|
13
|
+
cidr_ip: 0.0.0.0/0
|
14
|
+
- proto: tcp
|
15
|
+
from_port: 80
|
16
|
+
to_port: 80
|
17
|
+
cidr_ip: 0.0.0.0/0
|
18
|
+
- proto: tcp
|
19
|
+
from_port: 443
|
20
|
+
to_port: 443
|
21
|
+
cidr_ip: 0.0.0.0/0
|
22
|
+
rules_egress:
|
23
|
+
- proto: all
|
24
|
+
cidr_ip: 0.0.0.0/0
|
25
|
+
register: basic_firewall
|
26
|
+
|
27
|
+
- name: Provision a set of instances
|
28
|
+
ec2:
|
29
|
+
key_name: ansible
|
30
|
+
region: us-west-2
|
31
|
+
group_id: "{{basic_firewall.group_id}}"
|
32
|
+
instance_type: t2.small
|
33
|
+
image: "ami-9abea4fb"
|
34
|
+
aws_access_key: "{{ec2_access_key}}"
|
35
|
+
aws_secret_key: "{{ec2_secret_key}}"
|
36
|
+
wait: true
|
37
|
+
exact_count: 1
|
38
|
+
count_tag:
|
39
|
+
Name: "{{hostname}}"
|
40
|
+
instance_tags:
|
41
|
+
Name: "{{hostname}}"
|
42
|
+
register: ec2
|
43
|
+
|
44
|
+
- name: Add all instance public IPs to host group
|
45
|
+
add_host: hostname={{ item.public_ip }} groups=ec2hosts
|
46
|
+
with_items: ec2.instances
|
@@ -0,0 +1,58 @@
|
|
1
|
+
---
|
2
|
+
- name: Test connection
|
3
|
+
ping:
|
4
|
+
|
5
|
+
- name: Set hostname
|
6
|
+
command: hostname {{hostname}}
|
7
|
+
sudo: true
|
8
|
+
|
9
|
+
- name: update /etc/hostname
|
10
|
+
copy:
|
11
|
+
content: "{{hostname}}"
|
12
|
+
dest: /etc/hostname
|
13
|
+
|
14
|
+
- name: Set hostname for systemd
|
15
|
+
hostname:
|
16
|
+
name: "{{hostname}}"
|
17
|
+
|
18
|
+
- name: apt-get update
|
19
|
+
apt: update_cache=yes cache_valid_time=86400
|
20
|
+
sudo: true
|
21
|
+
|
22
|
+
- name: apt-get upgrade
|
23
|
+
apt: upgrade=full
|
24
|
+
sudo: true
|
25
|
+
|
26
|
+
- name: Set timezone variables
|
27
|
+
copy: content='America/Chicago'
|
28
|
+
dest=/etc/timezone
|
29
|
+
owner=root
|
30
|
+
group=root
|
31
|
+
mode=0644
|
32
|
+
backup=yes
|
33
|
+
notify:
|
34
|
+
- update timezone
|
35
|
+
|
36
|
+
- name: Add deploy user
|
37
|
+
user:
|
38
|
+
name: "{{deploy_user}}"
|
39
|
+
state: present
|
40
|
+
generate_ssh_key: yes
|
41
|
+
shell: /bin/bash
|
42
|
+
sudo: true
|
43
|
+
|
44
|
+
- name: Update authorized_keys for deploy user
|
45
|
+
copy:
|
46
|
+
src: authorized_keys
|
47
|
+
dest: "/home/{{deploy_user}}/.ssh/authorized_keys"
|
48
|
+
owner: "{{deploy_user}}"
|
49
|
+
sudo: true
|
50
|
+
|
51
|
+
- name: Create directory to which to deploy
|
52
|
+
file:
|
53
|
+
path: /u/apps/{{project_name}}
|
54
|
+
owner: "{{deploy_user}}"
|
55
|
+
state: directory
|
56
|
+
sudo: true
|
57
|
+
|
58
|
+
- include: swap.yml
|
@@ -0,0 +1,41 @@
|
|
1
|
+
- name: set swap_file variable
|
2
|
+
set_fact:
|
3
|
+
swap_file: /swapfile
|
4
|
+
|
5
|
+
- name: check if swap file exists
|
6
|
+
stat:
|
7
|
+
path: /swapfile
|
8
|
+
register: swap_file_check
|
9
|
+
|
10
|
+
- name: create swap file
|
11
|
+
sudo: yes
|
12
|
+
command: fallocate -l {{ swap_space }} /swapfile
|
13
|
+
when: not swap_file_check.stat.exists
|
14
|
+
|
15
|
+
- name: set permissions on swap file
|
16
|
+
sudo: yes
|
17
|
+
file:
|
18
|
+
path: /swapfile
|
19
|
+
mode: 0600
|
20
|
+
|
21
|
+
- name: format swap file
|
22
|
+
sudo: yes
|
23
|
+
command: mkswap /swapfile
|
24
|
+
when: not swap_file_check.stat.exists
|
25
|
+
|
26
|
+
- name: add to fstab
|
27
|
+
sudo: yes
|
28
|
+
lineinfile:
|
29
|
+
dest: /etc/fstab
|
30
|
+
regexp: /swapfile
|
31
|
+
line: "/swapfile none swap sw 0 0"
|
32
|
+
|
33
|
+
- name: turn on swap
|
34
|
+
sudo: yes
|
35
|
+
command: swapon -a
|
36
|
+
|
37
|
+
- name: set swapiness
|
38
|
+
sudo: yes
|
39
|
+
sysctl:
|
40
|
+
name: vm.swappiness
|
41
|
+
value: "1"
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# delayed_job Role
|
2
|
+
|
3
|
+
## Variables
|
4
|
+
|
5
|
+
### Optional
|
6
|
+
|
7
|
+
* `delayed_job_queues`
|
8
|
+
The delayed job queues so the upstart script can start each one.
|
9
|
+
If this is not set, then the upstart script will start delayed\_job without specifying any queue and it will run all of your jobs.
|
@@ -0,0 +1,34 @@
|
|
1
|
+
---
|
2
|
+
- name: Install monit
|
3
|
+
apt:
|
4
|
+
name: monit
|
5
|
+
state: present
|
6
|
+
|
7
|
+
- name: Install delayed_job monit script
|
8
|
+
template:
|
9
|
+
src: delayed-job-monit-rc
|
10
|
+
dest: /etc/monit/conf.d/delayed_job_{{project_name}}_{{rails_env}}
|
11
|
+
notify: monit reload
|
12
|
+
|
13
|
+
- name: Copy sudoers file so that deploy can restart services without entering password.
|
14
|
+
copy:
|
15
|
+
src: deploy-service
|
16
|
+
dest: /etc/sudoers.d/deploy-service
|
17
|
+
sudo: true
|
18
|
+
|
19
|
+
- name: Copy monit config to enable http from localhost
|
20
|
+
copy:
|
21
|
+
src: monit-http.conf
|
22
|
+
dest: /etc/monit/conf.d/monit-http.conf
|
23
|
+
sudo: true
|
24
|
+
notify: monit reload
|
25
|
+
|
26
|
+
- name: Remove old upstart files
|
27
|
+
file:
|
28
|
+
path: /etc/init/delayed-job.conf
|
29
|
+
state: absent
|
30
|
+
|
31
|
+
- name: Remove old monit files
|
32
|
+
file:
|
33
|
+
path: /etc/monit/conf.d/delayed_job
|
34
|
+
state: absent
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# an example Monit configuration file for delayed_job
|
2
|
+
# See: http://stackoverflow.com/questions/1226302/how-to-monitor-delayedjob-with-monit/1285611
|
3
|
+
#
|
4
|
+
# To use:
|
5
|
+
# 1. copy to /var/www/apps/{app_name}/shared/delayed_job.monitrc
|
6
|
+
# 2. replace {app_name} as appropriate
|
7
|
+
# 3. add this to your /etc/monit/monitrc
|
8
|
+
#
|
9
|
+
# include /var/www/apps/{app_name}/shared/delayed_job.monitrc
|
10
|
+
|
11
|
+
{% for queue in delayed_job_queues %}
|
12
|
+
check process delayed_job_{{queue}}
|
13
|
+
with pidfile /u/apps/{{project_name}}/shared/tmp/pids/delayed_job.{{queue}}.pid
|
14
|
+
start program = "/bin/su - deploy -c 'cd /u/apps/{{project_name}}/current; RAILS_ENV={{rails_env}} bundle exec {{delayed_job_command}} --identifier={{queue}} --queue={{queue}} start'"
|
15
|
+
stop program = "/bin/su - deploy -c 'cd /u/apps/{{project_name}}/current; RAILS_ENV={{rails_env}} bundle exec {{delayed_job_command}} --identifier={{queue}} --queue={{queue}} stop'"
|
16
|
+
{% endfor %}
|
@@ -0,0 +1,93 @@
|
|
1
|
+
---
|
2
|
+
- name: Install certbot dependencies
|
3
|
+
apt:
|
4
|
+
pkg: "{{item}}"
|
5
|
+
state: present
|
6
|
+
with_items:
|
7
|
+
- augeas-lenses
|
8
|
+
- ca-certificates
|
9
|
+
- dialog
|
10
|
+
- gcc
|
11
|
+
- libaugeas0
|
12
|
+
- libffi-dev
|
13
|
+
- libpython-dev
|
14
|
+
- libpython2.7-dev
|
15
|
+
- libssl-dev
|
16
|
+
- python
|
17
|
+
- python-dev
|
18
|
+
- python-setuptools
|
19
|
+
- python-virtualenv
|
20
|
+
- python2.7-dev
|
21
|
+
|
22
|
+
- name: Get certbot
|
23
|
+
get_url:
|
24
|
+
url: "https://dl.eff.org/certbot-auto"
|
25
|
+
dest: "{{certbot_dir}}"
|
26
|
+
mode: a+x
|
27
|
+
|
28
|
+
- name: Run certbot
|
29
|
+
command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --apache --agree-tos"
|
30
|
+
args:
|
31
|
+
creates: /etc/letsencrypt/live/{{server_name}}/cert.pem
|
32
|
+
|
33
|
+
- name: Enable mod_rewrite
|
34
|
+
apache2_module:
|
35
|
+
name: rewrite
|
36
|
+
state: present
|
37
|
+
sudo: true
|
38
|
+
|
39
|
+
- name: Enable mod_ssl
|
40
|
+
apache2_module:
|
41
|
+
name: ssl
|
42
|
+
state: present
|
43
|
+
sudo: true
|
44
|
+
|
45
|
+
- name: Create SSL Apache config
|
46
|
+
template:
|
47
|
+
src: project-le-ssl.conf
|
48
|
+
dest: /etc/apache2/sites-available/{{project_name}}-le-ssl.conf
|
49
|
+
sudo: true
|
50
|
+
notify: apache restart
|
51
|
+
|
52
|
+
- name: Symlink {{project_name}}-le-ssl.conf to sites-enabled
|
53
|
+
file:
|
54
|
+
src: /etc/apache2/sites-available/{{project_name}}-le-ssl.conf
|
55
|
+
dest: /etc/apache2/sites-enabled/{{project_name}}-le-ssl.conf
|
56
|
+
state: link
|
57
|
+
sudo: true
|
58
|
+
notify: apache restart
|
59
|
+
|
60
|
+
- name: Force redirect to https (1/3)
|
61
|
+
lineinfile:
|
62
|
+
dest: /etc/apache2/sites-available/{{project_name}}.conf
|
63
|
+
line: "RewriteEngine on"
|
64
|
+
state: present
|
65
|
+
insertbefore: "</VirtualHost>"
|
66
|
+
sudo: true
|
67
|
+
notify: apache restart
|
68
|
+
|
69
|
+
- name: Force redirect to https (2/3)
|
70
|
+
lineinfile:
|
71
|
+
dest: /etc/apache2/sites-available/{{project_name}}.conf
|
72
|
+
line: "RewriteCond %{SERVER_NAME} ={{server_name}}"
|
73
|
+
state: present
|
74
|
+
insertbefore: "</VirtualHost>"
|
75
|
+
sudo: true
|
76
|
+
notify: apache restart
|
77
|
+
|
78
|
+
- name: Force redirect to https (3/3)
|
79
|
+
lineinfile:
|
80
|
+
dest: /etc/apache2/sites-available/{{project_name}}.conf
|
81
|
+
line: "RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]"
|
82
|
+
state: present
|
83
|
+
insertbefore: "</VirtualHost>"
|
84
|
+
sudo: true
|
85
|
+
notify: apache restart
|
86
|
+
|
87
|
+
- name: Setup cron job to auto renew
|
88
|
+
cron:
|
89
|
+
name: Auto-renew SSL
|
90
|
+
job: "{{certbot_dir}}/certbot-auto renew --quiet --no-self-upgrade"
|
91
|
+
minute: 30
|
92
|
+
hour: "0,12"
|
93
|
+
state: present
|
@@ -0,0 +1,31 @@
|
|
1
|
+
<IfModule mod_ssl.c>
|
2
|
+
<VirtualHost *:443>
|
3
|
+
ServerName {{server_name}}
|
4
|
+
{% for alias in server_aliases %}
|
5
|
+
ServerAlias {{alias}}
|
6
|
+
{% endfor %}
|
7
|
+
RailsEnv {{rails_env}}
|
8
|
+
# !!! Be sure to point DocumentRoot to 'public'!
|
9
|
+
DocumentRoot /u/apps/{{project_name}}/current/public
|
10
|
+
<Directory /u/apps/{{project_name}}/current/public>
|
11
|
+
# This relaxes Apache security settings.
|
12
|
+
AllowOverride all
|
13
|
+
# MultiViews must be turned off.
|
14
|
+
Options -MultiViews
|
15
|
+
# Uncomment this if you're on Apache >= 2.4:
|
16
|
+
Require all granted
|
17
|
+
</Directory>
|
18
|
+
<Location /assets/>
|
19
|
+
# Use of ETag is discouraged when Last-Modified is present
|
20
|
+
Header unset ETag
|
21
|
+
FileETag None
|
22
|
+
# RFC says only cache for 1 year
|
23
|
+
ExpiresActive On
|
24
|
+
ExpiresDefault "access plus 1 year"
|
25
|
+
</Location>
|
26
|
+
SSLCertificateFile /etc/letsencrypt/live/{{server_name}}/cert.pem
|
27
|
+
SSLCertificateKeyFile /etc/letsencrypt/live/{{server_name}}/privkey.pem
|
28
|
+
Include /etc/letsencrypt/options-ssl-apache.conf
|
29
|
+
SSLCertificateChainFile /etc/letsencrypt/live/{{server_name}}/chain.pem
|
30
|
+
</VirtualHost>
|
31
|
+
</IfModule>
|
@@ -0,0 +1,12 @@
|
|
1
|
+
---
|
2
|
+
- name: Create database.yml
|
3
|
+
template:
|
4
|
+
src: mysql_database.yml
|
5
|
+
dest: /u/apps/{{project_name}}/shared/config/database.yml
|
6
|
+
sudo: true
|
7
|
+
sudo_user: "{{deploy_user}}"
|
8
|
+
|
9
|
+
- name: Install mysql2 gem dependencies
|
10
|
+
apt:
|
11
|
+
name: libmysqlclient-dev
|
12
|
+
sudo: true
|