subspace 0.1.3 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +152 -1
- data/TODO +34 -0
- data/ansible/roles/apache/tasks/main.yml +5 -2
- data/ansible/roles/collectd/defaults/main.yml +3 -0
- data/ansible/roles/collectd/handlers/main.yml +3 -0
- data/ansible/roles/collectd/tasks/main.yml +43 -0
- data/ansible/roles/collectd/templates/delayed_job_postgres.conf +20 -0
- data/ansible/roles/collectd/templates/df.conf +16 -0
- data/ansible/roles/collectd/templates/graphite.conf +14 -0
- data/ansible/roles/collectd/templates/hostname.conf +2 -0
- data/ansible/roles/{delayed_job/files/deploy-service → common/files/sudoers-service} +0 -1
- data/ansible/roles/common/tasks/main.yml +37 -7
- data/ansible/roles/common/tasks/swap.yml +8 -6
- data/ansible/roles/common/templates/motd +10 -7
- data/ansible/roles/common/templates/motd2 +24 -0
- data/ansible/roles/delayed_job/README.md +2 -4
- data/ansible/roles/delayed_job/defaults/main.yml +0 -2
- data/ansible/roles/delayed_job/meta/main.yml +5 -0
- data/ansible/roles/delayed_job/tasks/main.yml +3 -18
- data/ansible/roles/delayed_job/templates/delayed-job-monit-rc +1 -1
- data/ansible/roles/letsencrypt/defaults/main.yml +1 -1
- data/ansible/roles/letsencrypt/tasks/main.yml +27 -23
- data/ansible/roles/logrotate/LICENSE +27 -0
- data/ansible/roles/logrotate/README.md +70 -0
- data/ansible/roles/logrotate/defaults/main.yml +2 -0
- data/ansible/roles/logrotate/meta/main.yml +18 -0
- data/ansible/roles/logrotate/tasks/main.yml +15 -0
- data/ansible/roles/logrotate/templates/logrotate.d.j2 +16 -0
- data/ansible/roles/{delayed_job → monit}/files/monit-http.conf +0 -0
- data/ansible/roles/monit/files/sudoers-monit +1 -0
- data/ansible/roles/monit/handlers/main.yml +3 -0
- data/ansible/roles/monit/tasks/main.yml +19 -0
- data/ansible/roles/mtpereira.passenger/.bumpversion.cfg +7 -0
- data/ansible/roles/mtpereira.passenger/.gitignore +2 -0
- data/ansible/roles/mtpereira.passenger/LICENSE +20 -0
- data/ansible/roles/mtpereira.passenger/README.md +31 -0
- data/ansible/roles/mtpereira.passenger/defaults/main.yml +5 -0
- data/ansible/roles/mtpereira.passenger/handlers/main.yml +8 -0
- data/ansible/roles/mtpereira.passenger/meta/.galaxy_install_info +1 -0
- data/ansible/roles/mtpereira.passenger/meta/main.yml +21 -0
- data/ansible/roles/mtpereira.passenger/tasks/apt.yml +13 -0
- data/ansible/roles/mtpereira.passenger/tasks/main.yml +8 -0
- data/ansible/roles/mtpereira.passenger/tasks/pkg.yml +35 -0
- data/ansible/roles/mtpereira.passenger/tasks/service.yml +8 -0
- data/ansible/roles/newrelic/tasks/main.yml +4 -1
- data/ansible/roles/nginx/tasks/main.yml +8 -1
- data/ansible/roles/papertrail/tasks/main.yml +16 -1
- data/ansible/roles/passenger/meta/main.yml +6 -0
- data/ansible/roles/postgresql/README.md +15 -0
- data/ansible/roles/postgresql/defaults/main.yml +3 -0
- data/ansible/roles/postgresql/meta/main.yml +1 -1
- data/ansible/roles/postgresql/tasks/main.yml +9 -8
- data/ansible/roles/postgresql/templates/backup.sh +17 -2
- data/ansible/roles/rails/defaults/main.yml +3 -0
- data/ansible/roles/rails/tasks/main.yml +7 -7
- data/ansible/roles/redis/tasks/main.yml +1 -0
- data/ansible/roles/ruby-common/tasks/main.yml +14 -3
- data/ansible/roles/sidekiq/README.md +1 -0
- data/ansible/roles/sidekiq/meta/main.yml +8 -0
- data/ansible/roles/sidekiq/tasks/main.yml +7 -0
- data/ansible/roles/sidekiq/templates/sidekiq-monit-rc +6 -0
- data/ansible/roles/zenoamaro.postgresql/.gitignore +1 -0
- data/ansible/roles/zenoamaro.postgresql/.travis.yml +28 -0
- data/ansible/roles/zenoamaro.postgresql/LICENSE.md +21 -0
- data/ansible/roles/zenoamaro.postgresql/README.md +117 -0
- data/ansible/roles/zenoamaro.postgresql/Vagrantfile +62 -0
- data/ansible/roles/zenoamaro.postgresql/boxed.yml +26 -0
- data/ansible/roles/zenoamaro.postgresql/defaults/main.yml +606 -0
- data/ansible/roles/zenoamaro.postgresql/handlers/main.yml +8 -0
- data/ansible/roles/zenoamaro.postgresql/inventory +19 -0
- data/ansible/roles/zenoamaro.postgresql/main.yml +19 -0
- data/ansible/roles/zenoamaro.postgresql/meta/.galaxy_install_info +1 -0
- data/ansible/roles/zenoamaro.postgresql/meta/main.yml +21 -0
- data/ansible/roles/zenoamaro.postgresql/tasks/configure.yml +55 -0
- data/ansible/roles/zenoamaro.postgresql/tasks/extensions.yml +49 -0
- data/ansible/roles/zenoamaro.postgresql/tasks/install.yml +51 -0
- data/ansible/roles/zenoamaro.postgresql/tasks/main.yml +5 -0
- data/ansible/roles/zenoamaro.postgresql/templates/environment +11 -0
- data/ansible/roles/zenoamaro.postgresql/templates/pg_ctl.conf +5 -0
- data/ansible/roles/zenoamaro.postgresql/templates/pg_hba.conf +112 -0
- data/ansible/roles/zenoamaro.postgresql/templates/pg_ident.conf +46 -0
- data/ansible/roles/zenoamaro.postgresql/templates/postgresql.conf +530 -0
- data/ansible/roles/zenoamaro.postgresql/test.yml +24 -0
- data/exe/subspace +2 -82
- data/lib/subspace/cli.rb +85 -0
- data/lib/subspace/commands/ansible.rb +20 -0
- data/lib/subspace/commands/base.rb +36 -0
- data/lib/subspace/commands/bootstrap.rb +47 -0
- data/lib/subspace/commands/configure.rb +27 -0
- data/lib/subspace/commands/init.rb +79 -0
- data/lib/subspace/commands/override.rb +21 -0
- data/lib/subspace/commands/provision.rb +10 -0
- data/lib/subspace/commands/ssh.rb +14 -0
- data/lib/subspace/commands/vars.rb +11 -0
- data/lib/subspace/configuration.rb +71 -0
- data/lib/subspace/version.rb +1 -1
- data/lib/subspace.rb +8 -1
- data/subspace.gemspec +2 -0
- data/template/provision/ansible.cfg.erb +4 -1
- data/template/provision/group_vars/all.erb +2 -0
- data/template/provision/group_vars/template.erb +0 -3
- data/template/provision/host_vars/template.erb +1 -1
- data/template/provision/playbook.yml.erb +0 -10
- data/template/provision.rb.erb +94 -0
- metadata +90 -8
- data/ansible/roles/aws/tasks/main.yml +0 -46
- data/lib/subspace/railtie.rb +0 -9
- data/lib/tasks/provision.rake +0 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6a866534c27d65465d53cc06c495c719197ad402
|
4
|
+
data.tar.gz: f88c9c97b3a26e0876ad83fa99973e586eea8441
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 20c7da85e53b22d8e92e02c685b0e03d60ec59cab75370198303083c67d28257e5d51c2a4de47e89961b5d1ac9ba692e0ecf39ad792484de8d30c538f68fa02d
|
7
|
+
data.tar.gz: 6252943b439a6c5f43e9296b1e4035972707f20f54c53ee35818fbf07b9b28053d0495e86cc8b2907e5761b09c86ca16d3f59f0dff86658a9e616b866385b6c6
|
data/README.md
CHANGED
@@ -6,6 +6,15 @@ http://tvtropes.org/pmwiki/pmwiki.php/Main/SubspaceAnsible
|
|
6
6
|
|
7
7
|
## Installation
|
8
8
|
|
9
|
+
First, install ansible (>2.0)
|
10
|
+
|
11
|
+
OSX:
|
12
|
+
brew install ansible
|
13
|
+
|
14
|
+
linux:
|
15
|
+
apt-get install ansible
|
16
|
+
|
17
|
+
|
9
18
|
Add this line to your application's Gemfile:
|
10
19
|
|
11
20
|
```ruby
|
@@ -31,10 +40,152 @@ Then run
|
|
31
40
|
Initialize the project for subspace. Creates `config/provision` with all
|
32
41
|
necessary files.
|
33
42
|
|
34
|
-
* `
|
43
|
+
* `subspace provision <environment>`
|
35
44
|
|
36
45
|
Runs the playbook at `config/provision/<environment.yml>`.
|
37
46
|
|
47
|
+
* `subspace vars <environment> [--edit] [--create]`
|
48
|
+
|
49
|
+
Manage environment variables on different platforms. The default action is simply to show the vars defined for an environemnt. Pass --edit to edit them in the system editor.
|
50
|
+
|
51
|
+
The new system uses a file in `config/provision/templates/application.yml.template` that contains environment variables for all environments. The configuration that is not secret is visible and version controlled, while the secrets are stored in the vault files for their environments. The default file created by `subspace init` looks like this:
|
52
|
+
|
53
|
+
```
|
54
|
+
# These environment variables are applied to all environments, and can be secret or not
|
55
|
+
|
56
|
+
# This is secret and can be changed on all three environment easily by using subspace vars <env> --edit
|
57
|
+
SECRET_KEY_BASE: {{secret_key_base}}
|
58
|
+
|
59
|
+
#This is not secret, and is the same value for all environments
|
60
|
+
ENABLE_SOME_FEATURE: false
|
61
|
+
|
62
|
+
development:
|
63
|
+
INSECURE_VARIABLE: "this isn't secret"
|
64
|
+
|
65
|
+
dev:
|
66
|
+
INSECURE_VARIABLE: "but it changes"
|
67
|
+
|
68
|
+
production:
|
69
|
+
INSECURE_VARIABLE: "on different servers"
|
70
|
+
|
71
|
+
```
|
72
|
+
|
73
|
+
Further, you can use the extremely command to create a local copy of `config/application.yml`
|
74
|
+
|
75
|
+
# Create a local copy of config/application.yml with the secrets encrypted in vars/development.yml
|
76
|
+
$ subspace vars development --create
|
77
|
+
|
78
|
+
This can get you up and running in development securely, the only thing you need to distribute to new team members is the vault password.
|
79
|
+
|
80
|
+
NOTE: application.yml should be in the `.gitignore`, since subspace creates a new version on the server and symlinks it on top of whatever is checked in.
|
81
|
+
|
82
|
+
# Host configuration
|
83
|
+
|
84
|
+
We need to know some info about hosts, but not much. See the files for details, it's mostly the hostname and the user that can administer the system, eg `ubuntu` on AWS/ubuntu, `ec2-user`, or even `root` (not recommended)
|
85
|
+
|
86
|
+
# Role Configuration
|
87
|
+
|
88
|
+
This is a description of all the roles that are included by installing subspace, along with their configuration.
|
89
|
+
|
90
|
+
## common
|
91
|
+
|
92
|
+
This role should almost always be there. It ties a bunch of stuff together, runs apt-get update or yum upgrade, sets hostnames, and generally makes the server sane.
|
93
|
+
|
94
|
+
project_name: my_project
|
95
|
+
swap_space: 536870912
|
96
|
+
deploy_user: deploy
|
97
|
+
|
98
|
+
Note: we grant the deploy user limited sudo access to run `service xyz restart` and also add it to the `adm` group so it can view logs in `/var/log`.
|
99
|
+
|
100
|
+
## apache
|
101
|
+
|
102
|
+
## collectd
|
103
|
+
|
104
|
+
|
105
|
+
|
106
|
+
## delayed_job
|
107
|
+
|
108
|
+
## letsencrypt
|
109
|
+
|
110
|
+
## logrotate
|
111
|
+
|
112
|
+
Installs logrotate and lets you configure logs for automatic rotation. Example config for rails:
|
113
|
+
|
114
|
+
logrotate_scripts:
|
115
|
+
- name: rails
|
116
|
+
path: "/u/apps/{{project_name}}/shared/log/{{rails_env}}.log"
|
117
|
+
options:
|
118
|
+
- weekly
|
119
|
+
- size 100M
|
120
|
+
- missingok
|
121
|
+
- compress
|
122
|
+
- delaycompress
|
123
|
+
- copytruncate
|
124
|
+
|
125
|
+
## memcache
|
126
|
+
|
127
|
+
## monit
|
128
|
+
|
129
|
+
## mysql
|
130
|
+
|
131
|
+
## mysql2_gem
|
132
|
+
|
133
|
+
## newrelic
|
134
|
+
|
135
|
+
## nginx
|
136
|
+
|
137
|
+
## papertrail
|
138
|
+
|
139
|
+
## passenger
|
140
|
+
|
141
|
+
## postgresql
|
142
|
+
|
143
|
+
## puma
|
144
|
+
|
145
|
+
## rails
|
146
|
+
|
147
|
+
Provisions for a rails app. This one is probably pretty important.
|
148
|
+
|
149
|
+
Default values (these are usually fine)
|
150
|
+
|
151
|
+
database_pool: 5
|
152
|
+
database_name: "{{project_name}}_{{rails_env}}"
|
153
|
+
database_user: "{{project_name}}"
|
154
|
+
job_queues:
|
155
|
+
- default
|
156
|
+
- mailers
|
157
|
+
|
158
|
+
Customize:
|
159
|
+
|
160
|
+
rails_env: [whatever]
|
161
|
+
|
162
|
+
## redis
|
163
|
+
|
164
|
+
## ruby-common
|
165
|
+
|
166
|
+
Installs ruby on the machine. YOu can set a version by picking off the download url and sha hash from ruby-lang.org
|
167
|
+
|
168
|
+
ruby_version: ruby-2.4.1
|
169
|
+
ruby_checksum: a330e10d5cb5e53b3a0078326c5731888bb55e32c4abfeb27d9e7f8e5d000250
|
170
|
+
ruby_download_location: 'https://cache.ruby-lang.org/pub/ruby/2.4/ruby-2.4.1.tar.gz'
|
171
|
+
|
172
|
+
|
173
|
+
## sidekiq
|
174
|
+
|
175
|
+
|
176
|
+
## Other Internal Roles
|
177
|
+
|
178
|
+
Since ansible doesn't support versioning of roles, we cloned the role here so that it doesn't change unexpectedly. We expect to update from upstream occasionally, please let us know if we're missing something we should have.
|
179
|
+
|
180
|
+
You should not include these roles directly in your subspace config files. For example, instead of including `zenoamaro.postgresql`, simply include our `postgresql` role which depens on zenoamaro's role.
|
181
|
+
|
182
|
+
Thanks to the following repositories for making their roles available:
|
183
|
+
* https://github.com/zenoamaro/ansible-postgresql
|
184
|
+
* https://github.com/mtpereira/ansible-passenger
|
185
|
+
|
186
|
+
|
187
|
+
# Development
|
188
|
+
|
38
189
|
## Directory Structure
|
39
190
|
|
40
191
|
`ansible/roles`
|
data/TODO
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
TODO:
|
2
|
+
|
3
|
+
subspace init
|
4
|
+
- create ansible.cfg
|
5
|
+
- Add stuff from zach
|
6
|
+
- generate a password and create a file (add to gitignore)
|
7
|
+
- create config/provision
|
8
|
+
+ entire directory tree
|
9
|
+
- generate example production.yml, dev.yml
|
10
|
+
|
11
|
+
|
12
|
+
- create the ansible-vault vars files somehow
|
13
|
+
|
14
|
+
|
15
|
+
-- 8/21
|
16
|
+
|
17
|
+
1. remove 10fw.net as the default hostname
|
18
|
+
2. autocreate authorized_keys with ~/.ssh/id_rsa.pub
|
19
|
+
3. add readme or something better than this
|
20
|
+
4. combine dev and prod.yml into the same shared tasks and update the provision task to just pass in the hosts on the command line, i think that's a better more canonical "ansible" thing to do than have different playbooks for dev and prod.
|
21
|
+
5. whats up with the "mtpereira.passenger" role? if our role wants to depend on that one (see postgres) than file, but its confusing in the role list in dev.yml
|
22
|
+
6. create a menu where we ask people what setup they want and they choose each step (apache+passenger) or (nginx+puma) or whatever (or have these in a giant provision.yml and just commented out). similarly they should pick their DB. Heroku calls these things "buildpacks" and we should do a similar thing.
|
23
|
+
7. dont use rake use subspace, eg `subspace provision dev`
|
24
|
+
8. not sure why the rake task generates QA and Staging even when the configs dont exist.
|
25
|
+
9. AWS stuff shouldn't be in there by default, its way too specific to our use case i think
|
26
|
+
10. I can't edit the vault files after doing subspace init. OK I see I have to be in the provision dir. We should do that via subspace commands
|
27
|
+
11. Needs to prompt for ruby version too or pull it from .ruby-version (does it do this or did festbuddy get lucky?)
|
28
|
+
12. Need something like `subspace override <rolename>` that will just make a copy of the role in the provision dir so you can fux0r with it -- also need to think about what happens if we udpate subspace, does it automatically update roles for everyone? Maybe it should always copy them locally and make you run `subspace update roles` to avoid `bundle update` wrecking people's production servers
|
29
|
+
13. `One or more undefined variables: 'letsencrypt_email' is undefined`
|
30
|
+
14. We need to figure out app.yml and the secrets file beacause it sucks, also not everyone uses figaro
|
31
|
+
15. more options for SSL, like should it auto redirect, what hostnames are allowed, etc
|
32
|
+
16. needs an option to set the project name instead of just using the directory
|
33
|
+
- ok this is the there, but the readme should force you to edit this file, and there needs to be a ton more options there (unless we go with provision.rb for configuration, which we could do)
|
34
|
+
|
@@ -3,28 +3,31 @@
|
|
3
3
|
apt:
|
4
4
|
pkg: apache2
|
5
5
|
state: present
|
6
|
+
become: true
|
6
7
|
|
7
8
|
- name: a2enmod headers
|
8
9
|
apache2_module:
|
9
10
|
name: headers
|
10
11
|
state: present
|
12
|
+
become: true
|
11
13
|
|
12
14
|
- name: a2enmod expires
|
13
15
|
apache2_module:
|
14
16
|
name: expires
|
15
17
|
state: present
|
18
|
+
become: true
|
16
19
|
|
17
20
|
- name: Create Apache config
|
18
21
|
template:
|
19
22
|
src: "{{template_src_path}}"
|
20
23
|
dest: /etc/apache2/sites-available/{{project_name}}.conf
|
21
|
-
sudo: true
|
22
24
|
notify: apache restart
|
25
|
+
become: true
|
23
26
|
|
24
27
|
- name: Symlink {{project_name}}.conf to sites-enabled
|
25
28
|
file:
|
26
29
|
src: /etc/apache2/sites-available/{{project_name}}.conf
|
27
30
|
dest: /etc/apache2/sites-enabled/{{project_name}}.conf
|
28
31
|
state: link
|
29
|
-
sudo: true
|
30
32
|
notify: apache restart
|
33
|
+
become: true
|
@@ -0,0 +1,43 @@
|
|
1
|
+
---
|
2
|
+
- name: Create collectd configuration dir
|
3
|
+
become: true
|
4
|
+
file:
|
5
|
+
path: /etc/collectd/collectd.conf.d
|
6
|
+
state: directory
|
7
|
+
mode: 0755
|
8
|
+
|
9
|
+
#required first so that collectd will start even if the FQDN of the host doesnt' resovle
|
10
|
+
- name: Create hostname config
|
11
|
+
template:
|
12
|
+
src: hostname.conf
|
13
|
+
dest: /etc/collectd/collectd.conf.d/hostname.conf
|
14
|
+
become: true
|
15
|
+
|
16
|
+
- name: Install collectd
|
17
|
+
apt:
|
18
|
+
pkg: collectd
|
19
|
+
state: present
|
20
|
+
become: true
|
21
|
+
|
22
|
+
- name: Create graphite config
|
23
|
+
template:
|
24
|
+
src: graphite.conf
|
25
|
+
dest: /etc/collectd/collectd.conf.d/graphite.conf
|
26
|
+
become: true
|
27
|
+
notify: restart collectd
|
28
|
+
|
29
|
+
- name: Create df config
|
30
|
+
template:
|
31
|
+
src: df.conf
|
32
|
+
dest: /etc/collectd/collectd.conf.d/df.conf
|
33
|
+
become: true
|
34
|
+
notify: restart collectd
|
35
|
+
|
36
|
+
- name: create delayed_job_postgres config
|
37
|
+
template:
|
38
|
+
src: delayed_job_postgres.conf
|
39
|
+
dest: /etc/collectd/collectd.conf.d/delayed_job_postgres.conf
|
40
|
+
become: true
|
41
|
+
notify: restart collectd
|
42
|
+
when: collectd_enable_djpg is defined
|
43
|
+
|
@@ -0,0 +1,20 @@
|
|
1
|
+
LoadPlugin postgresql
|
2
|
+
<Plugin postgresql>
|
3
|
+
<Query dj_count>
|
4
|
+
Statement "SELECT count(*) as count FROM delayed_jobs"
|
5
|
+
<Result>
|
6
|
+
Type gauge
|
7
|
+
InstancePrefix "dj_count"
|
8
|
+
ValuesFrom count
|
9
|
+
</Result>
|
10
|
+
</Query>
|
11
|
+
|
12
|
+
<Database {{database_name}}>
|
13
|
+
Host "{{database_host}}"
|
14
|
+
Port "5432"
|
15
|
+
User "{{database_user}}"
|
16
|
+
Password "{{database_password}}"
|
17
|
+
Query dj_count
|
18
|
+
Instance "djpg"
|
19
|
+
</Database>
|
20
|
+
</Plugin>
|
@@ -0,0 +1,16 @@
|
|
1
|
+
<Plugin df>
|
2
|
+
FSType rootfs
|
3
|
+
# ignore the usual virtual / temporary file-systems
|
4
|
+
FSType sysfs
|
5
|
+
FSType proc
|
6
|
+
FSType devtmpfs
|
7
|
+
FSType devpts
|
8
|
+
FSType tmpfs
|
9
|
+
FSType fusectl
|
10
|
+
FSType cgroup
|
11
|
+
IgnoreSelected true
|
12
|
+
# ReportByDevice false
|
13
|
+
# ReportInodes false
|
14
|
+
# ValuesAbsolute true
|
15
|
+
ValuesPercentage true
|
16
|
+
</Plugin>
|
@@ -0,0 +1,14 @@
|
|
1
|
+
LoadPlugin write_graphite
|
2
|
+
<Plugin write_graphite>
|
3
|
+
<Node "example">
|
4
|
+
Host "{{graphite_host}}"
|
5
|
+
Port "{{graphite_port}}"
|
6
|
+
Protocol "tcp"
|
7
|
+
#LogSendErrors true
|
8
|
+
Prefix "collectd."
|
9
|
+
#Postfix "collectd"
|
10
|
+
StoreRates true
|
11
|
+
AlwaysAppendDS false
|
12
|
+
EscapeCharacter "_"
|
13
|
+
</Node>
|
14
|
+
</Plugin>
|
@@ -6,28 +6,44 @@
|
|
6
6
|
template:
|
7
7
|
src: motd
|
8
8
|
dest: /etc/motd
|
9
|
-
|
9
|
+
become: true
|
10
10
|
|
11
11
|
- name: Set hostname
|
12
12
|
command: hostname {{hostname}}
|
13
|
-
|
13
|
+
become: true
|
14
|
+
|
15
|
+
- name: Set hostname in /etc/hosts
|
16
|
+
lineinfile:
|
17
|
+
dest: "/etc/hosts"
|
18
|
+
line: "127.0.0.1 {{hostname}}"
|
19
|
+
state: present
|
20
|
+
insertafter: "127.0.0.1 localhost"
|
21
|
+
become: true
|
14
22
|
|
15
23
|
- name: update /etc/hostname
|
16
24
|
copy:
|
17
25
|
content: "{{hostname}}"
|
18
26
|
dest: /etc/hostname
|
27
|
+
become: true
|
19
28
|
|
20
29
|
- name: Set hostname for systemd
|
21
30
|
hostname:
|
22
31
|
name: "{{hostname}}"
|
32
|
+
become: true
|
33
|
+
|
34
|
+
- name: install aptitude
|
35
|
+
apt:
|
36
|
+
pkg: aptitude
|
37
|
+
state: present
|
38
|
+
become: true
|
23
39
|
|
24
40
|
- name: apt-get update
|
25
41
|
apt: update_cache=yes cache_valid_time=86400
|
26
|
-
|
42
|
+
become: true
|
27
43
|
|
28
44
|
- name: apt-get upgrade
|
29
45
|
apt: upgrade=full
|
30
|
-
|
46
|
+
become: true
|
31
47
|
|
32
48
|
- name: Set timezone variables
|
33
49
|
copy: content='America/Chicago'
|
@@ -36,6 +52,7 @@
|
|
36
52
|
group=root
|
37
53
|
mode=0644
|
38
54
|
backup=yes
|
55
|
+
become: true
|
39
56
|
notify:
|
40
57
|
- update timezone
|
41
58
|
|
@@ -45,20 +62,33 @@
|
|
45
62
|
state: present
|
46
63
|
generate_ssh_key: yes
|
47
64
|
shell: /bin/bash
|
48
|
-
|
65
|
+
become: true
|
66
|
+
|
67
|
+
- name: Add deploy user to adm group so it can view logs in /var/log
|
68
|
+
user:
|
69
|
+
name: "{{deploy_user}}"
|
70
|
+
append: yes
|
71
|
+
groups: "adm"
|
72
|
+
become: true
|
73
|
+
|
74
|
+
- name: Add sudoers.d file so that deploy can restart services without entering password.
|
75
|
+
copy:
|
76
|
+
src: sudoers-service
|
77
|
+
dest: /etc/sudoers.d/service
|
78
|
+
become: true
|
49
79
|
|
50
80
|
- name: Update authorized_keys for deploy user
|
51
81
|
copy:
|
52
82
|
src: authorized_keys
|
53
83
|
dest: "/home/{{deploy_user}}/.ssh/authorized_keys"
|
54
84
|
owner: "{{deploy_user}}"
|
55
|
-
|
85
|
+
become: true
|
56
86
|
|
57
87
|
- name: Create directory to which to deploy
|
58
88
|
file:
|
59
89
|
path: /u/apps/{{project_name}}
|
60
90
|
owner: "{{deploy_user}}"
|
61
91
|
state: directory
|
62
|
-
|
92
|
+
become: true
|
63
93
|
|
64
94
|
- include: swap.yml
|
@@ -1,41 +1,43 @@
|
|
1
1
|
- name: set swap_file variable
|
2
|
+
become: true
|
2
3
|
set_fact:
|
3
4
|
swap_file: /swapfile
|
4
5
|
|
5
6
|
- name: check if swap file exists
|
7
|
+
become: true
|
6
8
|
stat:
|
7
9
|
path: /swapfile
|
8
10
|
register: swap_file_check
|
9
11
|
|
10
12
|
- name: create swap file
|
11
|
-
|
13
|
+
become: true
|
12
14
|
command: fallocate -l {{ swap_space }} /swapfile
|
13
15
|
when: not swap_file_check.stat.exists
|
14
16
|
|
15
17
|
- name: set permissions on swap file
|
16
|
-
|
18
|
+
become: true
|
17
19
|
file:
|
18
20
|
path: /swapfile
|
19
21
|
mode: 0600
|
20
22
|
|
21
23
|
- name: format swap file
|
22
|
-
|
24
|
+
become: true
|
23
25
|
command: mkswap /swapfile
|
24
26
|
when: not swap_file_check.stat.exists
|
25
27
|
|
26
28
|
- name: add to fstab
|
27
|
-
|
29
|
+
become: true
|
28
30
|
lineinfile:
|
29
31
|
dest: /etc/fstab
|
30
32
|
regexp: /swapfile
|
31
33
|
line: "/swapfile none swap sw 0 0"
|
32
34
|
|
33
35
|
- name: turn on swap
|
34
|
-
|
36
|
+
become: true
|
35
37
|
command: swapon -a
|
36
38
|
|
37
39
|
- name: set swapiness
|
38
|
-
|
40
|
+
become: true
|
39
41
|
sysctl:
|
40
42
|
name: vm.swappiness
|
41
43
|
value: "1"
|
@@ -1,9 +1,12 @@
|
|
1
|
-
|
2
|
-
|
1
|
+
This server brought to you by:
|
2
|
+
____ _ ____
|
3
|
+
/ ___| _ _| |__/ ___| _ __ __ _ ___ ___
|
4
|
+
\___ \| | | | '_ \___ \| '_ \ / _` |/ __/ _ \
|
5
|
+
___) | |_| | |_) |__) | |_) | (_| | (_| __/
|
6
|
+
|____/ \__,_|_.__/____/| .__/ \__,_|\___\___|
|
7
|
+
|_|
|
3
8
|
|
4
|
-
|
5
|
-
updates, /etc/* configuration, user access, etc, please consult the
|
6
|
-
config/provision directory in the app.
|
9
|
+
~~~ https://github.com/tenforwardconsulting/subspace ~~~
|
7
10
|
|
8
|
-
|
9
|
-
|
11
|
+
If you need to make configuration changes to the server, please modify the
|
12
|
+
config/provision directory in the app or risk the changes dissapearing.
|
@@ -0,0 +1,24 @@
|
|
1
|
+
|
2
|
+
.------, YOU ARE
|
3
|
+
.\/. |______| A SPECIAL
|
4
|
+
_\_}{_/_ _|_Ll___|_ SNOWFLAKE
|
5
|
+
/ }{ \ [__________] .\/.
|
6
|
+
'/\' / \ _\_\/_/_
|
7
|
+
() o o () / /\ \
|
8
|
+
\ ~~~ . / '/\'
|
9
|
+
_\/ \ '...' / \/_
|
10
|
+
\\ {`------'} //
|
11
|
+
\\ /`---/',`\\ //
|
12
|
+
\/' o | |\ \`//
|
13
|
+
/' | | \/ /\
|
14
|
+
__,. -- ~~ ~| o `\| |~ ~~ -- . __
|
15
|
+
| |
|
16
|
+
jgs \ o / THIS SERVER
|
17
|
+
`._ _.' IS NOT
|
18
|
+
^~- . - ~^
|
19
|
+
|
20
|
+
This server is managed by SubSpace:
|
21
|
+
https://github.com/tenforwardconsulting/subspace
|
22
|
+
|
23
|
+
If you need to make configuration changes to the server, please modify the
|
24
|
+
config/provision directory in the app or risk the changes dissapearing.
|
@@ -2,8 +2,6 @@
|
|
2
2
|
|
3
3
|
## Variables
|
4
4
|
|
5
|
-
###
|
5
|
+
### Required
|
6
6
|
|
7
|
-
|
8
|
-
The delayed job queues so the upstart script can start each one.
|
9
|
-
If this is not set, then the upstart script will start delayed\_job without specifying any queue and it will run all of your jobs.
|
7
|
+
`delayed_job_command`
|
@@ -1,34 +1,19 @@
|
|
1
1
|
---
|
2
|
-
- name: Install monit
|
3
|
-
apt:
|
4
|
-
name: monit
|
5
|
-
state: present
|
6
|
-
|
7
2
|
- name: Install delayed_job monit script
|
8
3
|
template:
|
9
4
|
src: delayed-job-monit-rc
|
10
5
|
dest: /etc/monit/conf.d/delayed_job_{{project_name}}_{{rails_env}}
|
11
|
-
notify: monit reload
|
12
|
-
|
13
|
-
- name: Copy sudoers file so that deploy can restart services without entering password.
|
14
|
-
copy:
|
15
|
-
src: deploy-service
|
16
|
-
dest: /etc/sudoers.d/deploy-service
|
17
|
-
sudo: true
|
18
|
-
|
19
|
-
- name: Copy monit config to enable http from localhost
|
20
|
-
copy:
|
21
|
-
src: monit-http.conf
|
22
|
-
dest: /etc/monit/conf.d/monit-http.conf
|
23
6
|
sudo: true
|
24
|
-
notify: monit
|
7
|
+
notify: monit
|
25
8
|
|
26
9
|
- name: Remove old upstart files
|
27
10
|
file:
|
28
11
|
path: /etc/init/delayed-job.conf
|
29
12
|
state: absent
|
13
|
+
sudo: true
|
30
14
|
|
31
15
|
- name: Remove old monit files
|
32
16
|
file:
|
33
17
|
path: /etc/monit/conf.d/delayed_job
|
34
18
|
state: absent
|
19
|
+
sudo: true
|
@@ -8,7 +8,7 @@
|
|
8
8
|
#
|
9
9
|
# include /var/www/apps/{app_name}/shared/delayed_job.monitrc
|
10
10
|
|
11
|
-
{% for queue in
|
11
|
+
{% for queue in job_queues %}
|
12
12
|
check process delayed_job_{{queue}}
|
13
13
|
with pidfile /u/apps/{{project_name}}/shared/tmp/pids/delayed_job.{{queue}}.pid
|
14
14
|
start program = "/bin/su - deploy -c 'cd /u/apps/{{project_name}}/current; RAILS_ENV={{rails_env}} bundle exec {{delayed_job_command}} --identifier={{queue}} --queue={{queue}} start'"
|
@@ -1,2 +1,2 @@
|
|
1
1
|
---
|
2
|
-
certbot_dir: "/
|
2
|
+
certbot_dir: "/opt/certbot"
|