subspace 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +31 -1
- data/ansible/roles/apache-rails/tasks/main.yml +26 -0
- data/ansible/roles/apache-rails/templates/_rails.conf +23 -0
- data/ansible/roles/apache-rails/templates/project-ssl.conf +16 -0
- data/ansible/roles/apache-rails/templates/project.conf +3 -0
- data/ansible/roles/apache/defaults/main.yml +5 -5
- data/ansible/roles/apache/handlers/main.yml +9 -1
- data/ansible/roles/apache/tasks/main.yml +33 -9
- data/ansible/roles/apache/templates/server_status.conf +6 -0
- data/ansible/roles/collectd/tasks/main.yml +9 -1
- data/ansible/roles/collectd/templates/apache2.conf +6 -0
- data/ansible/roles/common/defaults/main.yml +1 -1
- data/ansible/roles/delayed_job/tasks/main.yml +2 -0
- data/ansible/roles/letsencrypt/defaults/main.yml +10 -0
- data/ansible/roles/letsencrypt/tasks/main.yml +29 -41
- data/ansible/roles/monit/handlers/main.yml +7 -1
- data/ansible/roles/monit/tasks/main.yml +6 -4
- data/ansible/roles/nginx-rails/tasks/main.yml +30 -0
- data/ansible/roles/nginx-rails/templates/_rails.conf +23 -0
- data/ansible/roles/nginx-rails/templates/_upstream.conf +4 -0
- data/ansible/roles/nginx-rails/templates/nginx-project +9 -0
- data/ansible/roles/nginx-rails/templates/nginx-project-ssl +18 -0
- data/ansible/roles/nginx/defaults/main.yml +4 -0
- data/ansible/roles/nginx/handlers/main.yml +8 -0
- data/ansible/roles/nginx/tasks/main.yml +6 -15
- data/ansible/roles/postgresql/tasks/backups.yml +8 -6
- data/ansible/roles/postgresql/tasks/main.yml +2 -0
- data/ansible/roles/puma/meta/main.yml +5 -0
- data/ansible/roles/puma/tasks/main.yml +10 -20
- data/ansible/roles/puma/templates/puma-monit-rc +5 -0
- data/ansible/roles/puma/templates/puma.rb +12 -8
- data/ansible/roles/sidekiq/tasks/main.yml +1 -1
- data/lib/subspace/commands/bootstrap.rb +24 -7
- data/lib/subspace/version.rb +1 -1
- metadata +17 -6
- data/ansible/roles/apache/templates/project.conf +0 -25
- data/ansible/roles/nginx/templates/nginx-project +0 -27
- data/ansible/roles/puma/templates/etc-init-puma-manager.conf +0 -31
- data/ansible/roles/puma/templates/etc-init-puma.conf +0 -69
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 034d9c344dce74224c40707ccc449f2b5c8ead6c
|
4
|
+
data.tar.gz: 3b98db5e3dcc6eb6d68ce023247e09c71b6ed43d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: aecec2d3c3ee233a08989db4ab8d803257580e25fbffeee3d661f1ad662e3a3795d8e322e3f4375f9f485357ddcc6769f817651fc93b2fc84b66bd6fcd6f2a3e
|
7
|
+
data.tar.gz: 49b8a85e81fcba46c5876ede4d86c036e14ed5c8734110706ebe2a01cdd3cbc98ed963aa7b7e20ec02fbf3ee62b738ca93eba67b91c734e4fe61bc3e96caada5
|
data/README.md
CHANGED
@@ -84,7 +84,7 @@ This is a description of all the roles that are included by installing subspace,
|
|
84
84
|
This role should almost always be there. It ties a bunch of stuff together, runs apt-get update or yum upgrade, sets hostnames, and generally makes the server sane.
|
85
85
|
|
86
86
|
project_name: my_project
|
87
|
-
swap_space:
|
87
|
+
swap_space: 512M
|
88
88
|
deploy_user: deploy
|
89
89
|
|
90
90
|
Note: we grant the deploy user limited sudo access to run `service xyz restart` and also add it to the `adm` group so it can view logs in `/var/log`.
|
@@ -95,6 +95,12 @@ This is a description of all the roles that are included by installing subspace,
|
|
95
95
|
|
96
96
|
## apache
|
97
97
|
|
98
|
+
The most important file for an apache install is the "project.conf" file that gets created in `sites-available` and symlinked to `sites-enabled`. This is generated in a sensible way, but if you want to customize it you can do so by setting this variable to anything other than "project.conf":
|
99
|
+
|
100
|
+
apache_project_conf: my_custom_configuration.conf
|
101
|
+
|
102
|
+
Then place my_custom_configuration.conf in config/provision/templates/my_custom_configuration.conf. This will still get copied to the server as `sites-available/{project_name}.conf`
|
103
|
+
|
98
104
|
## collectd
|
99
105
|
|
100
106
|
## common
|
@@ -103,6 +109,20 @@ This is a description of all the roles that are included by installing subspace,
|
|
103
109
|
|
104
110
|
## letsencrypt
|
105
111
|
|
112
|
+
By default, this creates a single certificate for every server alias/server name in the configuration file.
|
113
|
+
If you'd like more control over the certs created, you can define the variables `le_ssl_certs` as follows:
|
114
|
+
|
115
|
+
le_ssl_certs:
|
116
|
+
- cert_name: mycert
|
117
|
+
domains:
|
118
|
+
- mydomain.example.com
|
119
|
+
- otherdomain.example.com
|
120
|
+
- cert_name: othersite
|
121
|
+
domains:
|
122
|
+
- othersite.example.com
|
123
|
+
|
124
|
+
Note that this role needs to be defined /before/ the apache role
|
125
|
+
|
106
126
|
## logrotate
|
107
127
|
|
108
128
|
Installs logrotate and lets you configure logs for automatic rotation. Example config for rails:
|
@@ -136,6 +156,13 @@ Installs logrotate and lets you configure logs for automatic rotation. Example
|
|
136
156
|
|
137
157
|
## postgresql
|
138
158
|
|
159
|
+
Sets up a postgres *server* - only use this on the database machine.
|
160
|
+
|
161
|
+
backups_enabled: true
|
162
|
+
s3_db_backup_bucket: disabled
|
163
|
+
s3_db_backup_prefix: "{{project_name}}/{{rails_env}}"
|
164
|
+
database_user: "{{project_name}}"
|
165
|
+
|
139
166
|
## puma
|
140
167
|
|
141
168
|
## rails
|
@@ -207,3 +234,6 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/tenfor
|
|
207
234
|
## License
|
208
235
|
|
209
236
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
237
|
+
|
238
|
+
# Roles and Variables
|
239
|
+
|
@@ -0,0 +1,26 @@
|
|
1
|
+
---
|
2
|
+
- name: Create Apache config
|
3
|
+
template:
|
4
|
+
src: "{{apache_project_conf}}"
|
5
|
+
dest: /etc/apache2/sites-available/{{project_name}}.conf
|
6
|
+
become: true
|
7
|
+
|
8
|
+
- name: Symlink {{project_name}}.conf to sites-enabled
|
9
|
+
file:
|
10
|
+
src: /etc/apache2/sites-available/{{project_name}}.conf
|
11
|
+
dest: /etc/apache2/sites-enabled/{{project_name}}.conf
|
12
|
+
state: "{{ ssl_enabled | ternary('absent', 'link')}}"
|
13
|
+
become: true
|
14
|
+
|
15
|
+
- name: Create Apache SSL config
|
16
|
+
template:
|
17
|
+
src: project-ssl.conf
|
18
|
+
dest: /etc/apache2/sites-available/{{project_name}}-ssl.conf
|
19
|
+
become: true
|
20
|
+
|
21
|
+
- name: Symlink {{project_name}}-ssl.conf to sites-enabled
|
22
|
+
file:
|
23
|
+
src: /etc/apache2/sites-available/{{project_name}}-ssl.conf
|
24
|
+
dest: /etc/apache2/sites-enabled/{{project_name}}-ssl.conf
|
25
|
+
state: "{{ ssl_enabled | ternary('link', 'absent')}}"
|
26
|
+
become: true
|
@@ -0,0 +1,23 @@
|
|
1
|
+
ServerName {{server_name}}
|
2
|
+
{% for alias in server_aliases %}
|
3
|
+
ServerAlias {{alias}}
|
4
|
+
{% endfor %}
|
5
|
+
RailsEnv {{rails_env}}
|
6
|
+
DocumentRoot /u/apps/{{project_name}}/current/public
|
7
|
+
# This is a test
|
8
|
+
<Directory /u/apps/{{project_name}}/current/public>
|
9
|
+
# This relaxes Apache security settings.
|
10
|
+
AllowOverride all
|
11
|
+
# MultiViews must be turned off.
|
12
|
+
Options -MultiViews
|
13
|
+
# Uncomment this if you're on Apache >= 2.4:
|
14
|
+
Require all granted
|
15
|
+
</Directory>
|
16
|
+
<Location /assets/>
|
17
|
+
# Use of ETag is discouraged when Last-Modified is present
|
18
|
+
Header unset ETag
|
19
|
+
FileETag None
|
20
|
+
# RFC says only cache for 1 year
|
21
|
+
ExpiresActive On
|
22
|
+
ExpiresDefault "access plus 1 year"
|
23
|
+
</Location>
|
@@ -0,0 +1,16 @@
|
|
1
|
+
<VirtualHost *:80>
|
2
|
+
ServerName {{server_name}}
|
3
|
+
{% for alias in server_aliases %}
|
4
|
+
ServerAlias {{alias}}
|
5
|
+
{% endfor %}
|
6
|
+
RewriteEngine On
|
7
|
+
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=302,L]
|
8
|
+
</VirtualHost>
|
9
|
+
|
10
|
+
<IfModule mod_ssl.c>
|
11
|
+
<VirtualHost *:443>
|
12
|
+
{% include "_rails.conf" %}
|
13
|
+
|
14
|
+
{{apache_ssl_config}}
|
15
|
+
</VirtualHost>
|
16
|
+
</IfModule>
|
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
server_aliases: []
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
#
|
7
|
-
#
|
3
|
+
apache_project_conf: project.conf
|
4
|
+
ssl_enabled: false
|
5
|
+
apache_ssl_config: ""
|
6
|
+
#ssl_cert_path: /etc/letsencrypt/site/server.crt
|
7
|
+
#ssl_key_path: /etc/letsencrypt/site/server.key
|
@@ -1,4 +1,12 @@
|
|
1
1
|
---
|
2
2
|
- name: apache restart
|
3
3
|
service: name=apache2 state=restarted
|
4
|
-
|
4
|
+
become: true
|
5
|
+
|
6
|
+
- name: stop webserver
|
7
|
+
service: name=apache2 state=stopped
|
8
|
+
become: true
|
9
|
+
|
10
|
+
- name: start webserver
|
11
|
+
service: name=apache2 state=started
|
12
|
+
become: true
|
@@ -1,4 +1,7 @@
|
|
1
1
|
---
|
2
|
+
- set_fact:
|
3
|
+
apache2_installed: true
|
4
|
+
|
2
5
|
- name: Install apache2
|
3
6
|
apt:
|
4
7
|
pkg: apache2
|
@@ -17,17 +20,38 @@
|
|
17
20
|
state: present
|
18
21
|
become: true
|
19
22
|
|
20
|
-
- name:
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
23
|
+
- name: a2enmod rewrite
|
24
|
+
when: ssl_enabled
|
25
|
+
apache2_module:
|
26
|
+
name: rewrite
|
27
|
+
state: present
|
25
28
|
become: true
|
26
29
|
|
27
|
-
- name:
|
30
|
+
- name: Enable mod_ssl
|
31
|
+
when: ssl_enabled
|
32
|
+
apache2_module:
|
33
|
+
name: ssl
|
34
|
+
state: present
|
35
|
+
become: true
|
36
|
+
|
37
|
+
- name: "Configure rails_projects"
|
38
|
+
include_role:
|
39
|
+
name: apache-rails
|
40
|
+
|
41
|
+
- debug: msg="trigger apache restart"
|
42
|
+
notify: apache restart
|
43
|
+
changed_when: true
|
44
|
+
|
45
|
+
- name: create server-status conf
|
46
|
+
template:
|
47
|
+
src: server_status.conf
|
48
|
+
dest: /etc/apache2/conf-available/server_status.conf
|
49
|
+
sudo: true
|
50
|
+
|
51
|
+
- name: enable server-status conf
|
28
52
|
file:
|
29
|
-
src: /etc/apache2/
|
30
|
-
dest: /etc/apache2/
|
53
|
+
src: /etc/apache2/conf-available/server_status.conf
|
54
|
+
dest: /etc/apache2/conf-enabled/server_status.conf
|
31
55
|
state: link
|
56
|
+
sudo: true
|
32
57
|
notify: apache restart
|
33
|
-
become: true
|
@@ -39,5 +39,13 @@
|
|
39
39
|
dest: /etc/collectd/collectd.conf.d/delayed_job_postgres.conf
|
40
40
|
become: true
|
41
41
|
notify: restart collectd
|
42
|
-
when:
|
42
|
+
when: postgresql_installed is defined and delayed_job_installed is defined
|
43
|
+
|
44
|
+
- name: create apache2 config
|
45
|
+
template:
|
46
|
+
src: apache2.conf
|
47
|
+
dest: /etc/collectd/collectd.conf.d/apache2.conf
|
48
|
+
sudo: true
|
49
|
+
notify: restart collectd
|
50
|
+
when: apache2_installed is defined
|
43
51
|
|
@@ -1,2 +1,12 @@
|
|
1
1
|
---
|
2
2
|
certbot_dir: "/opt/certbot"
|
3
|
+
apache_ssl_config: |
|
4
|
+
SSLCertificateFile /etc/letsencrypt/live/{{server_name}}/cert.pem
|
5
|
+
SSLCertificateKeyFile /etc/letsencrypt/live/{{server_name}}/privkey.pem
|
6
|
+
Include /etc/letsencrypt/options-ssl-apache.conf
|
7
|
+
SSLCertificateChainFile /etc/letsencrypt/live/{{server_name}}/chain.pem
|
8
|
+
|
9
|
+
nginx_ssl_config: |
|
10
|
+
ssl_certificate /etc/letsencrypt/live/{{server_name}}/fullchain.pem;
|
11
|
+
ssl_certificate_key /etc/letsencrypt/live/{{server_name}}/privkey.pem;
|
12
|
+
include /etc/letsencrypt/options-ssl-nginx.conf;
|
@@ -34,56 +34,44 @@
|
|
34
34
|
dest: "{{certbot_dir}}/certbot-auto"
|
35
35
|
mode: a+x
|
36
36
|
|
37
|
-
- name:
|
38
|
-
|
39
|
-
|
37
|
+
- name: shutdown webserver for standalone mode
|
38
|
+
debug: msg="Shutdown webserver"
|
39
|
+
notify: stop webserver
|
40
|
+
changed_when: true
|
40
41
|
|
41
|
-
-
|
42
|
-
become: true
|
43
|
-
apache2_module:
|
44
|
-
name: rewrite
|
45
|
-
state: present
|
42
|
+
- meta: flush_handlers
|
46
43
|
|
44
|
+
- name: "wait for webserver to stop"
|
45
|
+
wait_for:
|
46
|
+
port: 80
|
47
|
+
delay: 1
|
48
|
+
state: stopped
|
47
49
|
|
48
|
-
- name:
|
50
|
+
- name: Run default
|
51
|
+
when: le_ssl_certs is not defined
|
49
52
|
become: true
|
50
|
-
|
51
|
-
name: ssl
|
52
|
-
state: present
|
53
|
+
command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --standalone --agree-tos --expand --non-interactive"
|
53
54
|
|
54
|
-
- name:
|
55
|
+
- name: Generate SSL Certificates
|
56
|
+
when: le_ssl_certs is defined
|
55
57
|
become: true
|
56
|
-
|
57
|
-
|
58
|
-
dest: /etc/apache2/sites-available/{{project_name}}-le-ssl.conf
|
59
|
-
notify: apache restart
|
58
|
+
with_items: "{{le_ssl_certs}}"
|
59
|
+
command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
|
60
60
|
|
61
|
-
- name:
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
dest: /etc/apache2/sites-enabled/{{project_name}}-le-ssl.conf
|
66
|
-
state: link
|
67
|
-
notify: apache restart
|
61
|
+
- name: "Re-run apache rails_project to get SSL configuration"
|
62
|
+
when: apache2_installed is defined
|
63
|
+
include_role:
|
64
|
+
name: apache-rails
|
68
65
|
|
69
|
-
- name:
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
line: "RewriteEngine on"
|
74
|
-
state: present
|
75
|
-
insertbefore: "</VirtualHost>"
|
76
|
-
notify: apache restart
|
66
|
+
- name: "Re-run nginx rails_project to get SSL configuration"
|
67
|
+
when: nginx_installed is defined
|
68
|
+
include_role:
|
69
|
+
name: nginx-rails
|
77
70
|
|
78
|
-
- name:
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
line: "RewriteCond %{SERVER_NAME} ={{item}}\nRewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,NE,R=permanent]"
|
83
|
-
state: present
|
84
|
-
insertbefore: "</VirtualHost>"
|
85
|
-
with_items: "{{ ([server_name] + server_aliases) }}"
|
86
|
-
notify: apache restart
|
71
|
+
- name: start webserver after standalone mode
|
72
|
+
debug: msg="Startup webserver"
|
73
|
+
notify: start webserver
|
74
|
+
changed_when: true
|
87
75
|
|
88
76
|
- name: Setup cron job to auto renew
|
89
77
|
become: true
|
@@ -3,17 +3,19 @@
|
|
3
3
|
apt:
|
4
4
|
name: monit
|
5
5
|
state: present
|
6
|
-
|
6
|
+
become: true
|
7
7
|
|
8
8
|
- name: Copy sudoers file so that deploy can use monit without entering password.
|
9
9
|
copy:
|
10
10
|
src: sudoers-monit
|
11
11
|
dest: /etc/sudoers.d/monit
|
12
|
-
|
12
|
+
become: true
|
13
13
|
|
14
14
|
- name: Copy monit config to enable http from localhost
|
15
15
|
copy:
|
16
16
|
src: monit-http.conf
|
17
17
|
dest: /etc/monit/conf.d/monit-http.conf
|
18
|
-
|
19
|
-
notify:
|
18
|
+
become: true
|
19
|
+
notify:
|
20
|
+
- reload_monit
|
21
|
+
- validate_monit
|
@@ -0,0 +1,30 @@
|
|
1
|
+
---
|
2
|
+
- name: Remove the app's symlink, if exists
|
3
|
+
command: rm -rf /etc/nginx/sites-enabled/{{project_name}}
|
4
|
+
become: true
|
5
|
+
|
6
|
+
- name: create nginx config for rails app
|
7
|
+
template:
|
8
|
+
src: nginx-project
|
9
|
+
dest: /etc/nginx/sites-available/{{project_name}}
|
10
|
+
become: true
|
11
|
+
|
12
|
+
- name: Enable the app
|
13
|
+
file:
|
14
|
+
src: /etc/nginx/sites-available/{{project_name}}
|
15
|
+
dest: /etc/nginx/sites-enabled/{{project_name}}
|
16
|
+
state: "{{ ssl_enabled | ternary('absent', 'link')}}"
|
17
|
+
become: true
|
18
|
+
|
19
|
+
- name: create nginx config for rails app
|
20
|
+
template:
|
21
|
+
src: nginx-project-ssl
|
22
|
+
dest: /etc/nginx/sites-available/{{project_name}}-ssl
|
23
|
+
become: true
|
24
|
+
|
25
|
+
- name: Enable SSL configured app
|
26
|
+
file:
|
27
|
+
src: /etc/nginx/sites-available/{{project_name}}-ssl
|
28
|
+
dest: /etc/nginx/sites-enabled/{{project_name}}-ssl
|
29
|
+
state: "{{ ssl_enabled | ternary('link', 'absent')}}"
|
30
|
+
become: true
|
@@ -0,0 +1,23 @@
|
|
1
|
+
root /u/apps/{{project_name}}/current/public;
|
2
|
+
try_files $uri/index.html $uri @app;
|
3
|
+
|
4
|
+
location @app {
|
5
|
+
proxy_pass http://app;
|
6
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
7
|
+
proxy_set_header Host $http_host;
|
8
|
+
# pass the upgrade headers so websockets work
|
9
|
+
proxy_set_header Upgrade $http_upgrade;
|
10
|
+
proxy_set_header Connection "upgrade";
|
11
|
+
proxy_redirect off;
|
12
|
+
}
|
13
|
+
|
14
|
+
location /cable {
|
15
|
+
proxy_pass http://app;
|
16
|
+
proxy_http_version 1.1;
|
17
|
+
proxy_set_header Upgrade $http_upgrade;
|
18
|
+
proxy_set_header Connection "upgrade";
|
19
|
+
}
|
20
|
+
|
21
|
+
error_page 500 502 503 504 /500.html;
|
22
|
+
client_max_body_size 4G;
|
23
|
+
keepalive_timeout 10;
|
@@ -0,0 +1,18 @@
|
|
1
|
+
{% include "_upstream.conf" %}
|
2
|
+
|
3
|
+
server {
|
4
|
+
listen 80 default_server;
|
5
|
+
listen [::]:80 default_server;
|
6
|
+
server_name {{server_name}} {{server_aliases | join(" ")}};
|
7
|
+
return 301 https://$host$request_uri;
|
8
|
+
}
|
9
|
+
|
10
|
+
server {
|
11
|
+
listen 443 ssl;
|
12
|
+
server_name {{server_name}} {{server_aliases | join(" ")}};
|
13
|
+
|
14
|
+
{% include "_rails.conf" %}
|
15
|
+
{{nginx_ssl_config}}
|
16
|
+
}
|
17
|
+
|
18
|
+
|
@@ -1,3 +1,6 @@
|
|
1
|
+
- set_fact:
|
2
|
+
nginx_installed: true
|
3
|
+
|
1
4
|
- name: Install nginx
|
2
5
|
apt: pkg=nginx state=latest
|
3
6
|
become: true
|
@@ -6,21 +9,9 @@
|
|
6
9
|
command: rm -rf /etc/nginx/sites-enabled/default
|
7
10
|
become: true
|
8
11
|
|
9
|
-
- name:
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
- name: Remove the app's symlink, if exists
|
14
|
-
command: rm -rf /etc/nginx/sites-enabled/{{project_name}}
|
15
|
-
become: true
|
16
|
-
|
17
|
-
- name: Configure nginx for the app
|
18
|
-
template: src=nginx-project dest=/etc/nginx/sites-available/{{project_name}} group=www-data owner=www-data force=yes
|
19
|
-
become: true
|
20
|
-
|
21
|
-
- name: Enable the app
|
22
|
-
command: ln -s /etc/nginx/sites-available/{{project_name}} /etc/nginx/sites-enabled/{{project_name}}
|
23
|
-
become: true
|
12
|
+
- name: "Configure rails projects"
|
13
|
+
include_role:
|
14
|
+
name: nginx-rails
|
24
15
|
|
25
16
|
- name: Restart nginx
|
26
17
|
action: service name=nginx state=restarted
|
@@ -18,12 +18,6 @@
|
|
18
18
|
dest: "/u/apps/{{project_name}}/shared/db/backup.sh"
|
19
19
|
mode: 0755
|
20
20
|
|
21
|
-
- name: Remove old backup cron job because it had the wrong name
|
22
|
-
cron:
|
23
|
-
user: "{{deploy_user}}"
|
24
|
-
name: "check dirs"
|
25
|
-
state: "absent"
|
26
|
-
|
27
21
|
- name: Install backup cron job
|
28
22
|
when: backups_enabled
|
29
23
|
cron:
|
@@ -31,3 +25,11 @@
|
|
31
25
|
name: "Hourly backups"
|
32
26
|
minute: "0"
|
33
27
|
job: "/u/apps/{{project_name}}/shared/db/backup.sh"
|
28
|
+
state: "present"
|
29
|
+
|
30
|
+
- name: disable backup cron job
|
31
|
+
when: not backups_enabled
|
32
|
+
cron:
|
33
|
+
user: "{{deploy_user}}"
|
34
|
+
name: "Hourly backups"
|
35
|
+
state: "absent"
|
@@ -1,29 +1,19 @@
|
|
1
|
-
- name:
|
2
|
-
|
1
|
+
- name: Create shared/config/puma
|
2
|
+
file: path=/u/apps/{{project_name}}/shared/config/puma group=deploy owner=deploy state=directory
|
3
3
|
tags: puma
|
4
4
|
|
5
|
-
- name: Add puma config
|
6
|
-
template: src=
|
5
|
+
- name: Add puma shared/config
|
6
|
+
template: src=puma.rb dest=/u/apps/{{project_name}}/shared/config/puma/{{rails_env}}.rb force=yes mode=755
|
7
7
|
tags: puma
|
8
8
|
|
9
|
-
- name: Add puma init script
|
10
|
-
template: src=etc-init-puma.conf dest=/etc/init/puma.conf force=yes mode=755
|
11
|
-
tags: puma
|
12
|
-
|
13
|
-
# - name: Add puma shared/config
|
14
|
-
# template: src=puma_production.j2 dest=/u/apps/{{project_name}}/shared/config/puma/production.rb force=yes mode=755
|
15
|
-
# tags: puma
|
16
|
-
|
17
9
|
- name: Make shared/tmp/sockets
|
18
10
|
file: path=/u/apps/{{project_name}}/shared/tmp/sockets group=deploy owner=deploy state=directory
|
19
11
|
tags: tmp
|
20
12
|
|
21
|
-
- name:
|
22
|
-
|
13
|
+
- name: Install puma monit script
|
14
|
+
template:
|
15
|
+
src: puma-monit-rc
|
16
|
+
dest: /etc/monit/conf.d/puma_{{project_name}}_{{rails_env}}
|
17
|
+
sudo: true
|
18
|
+
notify: validate_monit
|
23
19
|
|
24
|
-
- name: Add Deploy user to sudoers
|
25
|
-
lineinfile:
|
26
|
-
dest: /etc/sudoers
|
27
|
-
state: present
|
28
|
-
regexp: "^{{deploy_user}}"
|
29
|
-
line: "{{deploy_user}} ALL=NOPASSWD: /usr/sbin/service puma-manager *"
|
@@ -0,0 +1,5 @@
|
|
1
|
+
check process puma
|
2
|
+
with pidfile /u/apps/{{project_name}}/current/tmp/pids/puma.pid
|
3
|
+
start program = "/bin/su - {{deploy_user}} -c 'cd /u/apps/{{project_name}}/current && bundle exec pumactl -F config/puma/{{rails_env}}.rb start'"
|
4
|
+
stop program = "/bin/su - {{deploy_user}} -c 'cd /u/apps/{{project_name}}/current && bundle exec pumactl -F config/puma/{{rails_env}}.rb stop'"
|
5
|
+
group puma
|
@@ -3,27 +3,31 @@ workers Integer(ENV['WEB_CONCURRENCY'] || 4)
|
|
3
3
|
|
4
4
|
threads_count = Integer(ENV['MAX_THREADS'] || 5)
|
5
5
|
# Min and Max threads per worker
|
6
|
-
threads
|
6
|
+
threads 0, threads_count
|
7
7
|
|
8
|
-
app_dir =
|
8
|
+
app_dir = "/u/apps/{{project_name}}/current"
|
9
|
+
directory app_dir
|
9
10
|
|
10
|
-
|
11
|
-
rails_env = ENV['RAILS_ENV'] || "production"
|
11
|
+
rails_env = "{{rails_env}}"
|
12
12
|
environment rails_env
|
13
13
|
|
14
14
|
# Set up socket location
|
15
|
-
bind "
|
15
|
+
bind "tcp://127.0.0.1:9292"
|
16
16
|
|
17
17
|
# Logging
|
18
18
|
stdout_redirect "#{app_dir}/log/puma.stdout.log", "#{app_dir}/log/puma.stderr.log", true
|
19
19
|
|
20
20
|
# Set master PID and state locations
|
21
|
-
|
22
|
-
|
21
|
+
daemonize
|
22
|
+
pidfile "/u/apps/{{project_name}}/shared/tmp/pids/puma.pid"
|
23
|
+
state_path "/u/apps/{{project_name}}/shared/tmp/pids/puma.state"
|
23
24
|
activate_control_app
|
24
25
|
|
25
26
|
on_worker_boot do
|
26
27
|
require "active_record"
|
27
28
|
ActiveRecord::Base.connection.disconnect! rescue ActiveRecord::ConnectionNotEstablished
|
28
29
|
ActiveRecord::Base.establish_connection(YAML.load_file("#{app_dir}/config/database.yml")[rails_env])
|
29
|
-
end
|
30
|
+
end
|
31
|
+
|
32
|
+
# Allow puma to be restarted by `rails restart` command.
|
33
|
+
plugin :tmp_restart
|
@@ -8,12 +8,25 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
|
|
8
8
|
|
9
9
|
def run
|
10
10
|
# ansible atlanta -m copy -a "src=/etc/hosts dest=/tmp/hosts"
|
11
|
-
copy_authorized_keys
|
12
11
|
install_python
|
12
|
+
ensure_ssh_dir
|
13
|
+
copy_authorized_keys
|
13
14
|
end
|
14
15
|
|
15
16
|
private
|
16
17
|
|
18
|
+
def ensure_ssh_dir
|
19
|
+
cmd = ["ansible",
|
20
|
+
@host_spec,
|
21
|
+
"-m",
|
22
|
+
"file",
|
23
|
+
"-a",
|
24
|
+
"path=/home/{{ansible_ssh_user}}/.ssh state=directory mode=0700",
|
25
|
+
"-vvvv"
|
26
|
+
]
|
27
|
+
bootstrap_command cmd
|
28
|
+
end
|
29
|
+
|
17
30
|
def copy_authorized_keys
|
18
31
|
# -m file -a "dest=/srv/foo/a.txt mode=600"
|
19
32
|
cmd = ["ansible",
|
@@ -24,10 +37,7 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
|
|
24
37
|
"src=authorized_keys dest=/home/{{ansible_ssh_user}}/.ssh/authorized_keys mode=600",
|
25
38
|
"-vvvv"
|
26
39
|
]
|
27
|
-
|
28
|
-
cmd.push("--ask-pass")
|
29
|
-
end
|
30
|
-
ansible_command *cmd
|
40
|
+
bootstrap_command cmd
|
31
41
|
end
|
32
42
|
|
33
43
|
def install_python
|
@@ -35,12 +45,19 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
|
|
35
45
|
cmd = ["ansible",
|
36
46
|
@host_spec,
|
37
47
|
"-m",
|
38
|
-
|
48
|
+
"raw",
|
39
49
|
"-a",
|
40
|
-
"
|
50
|
+
"test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)",
|
41
51
|
"--become",
|
42
52
|
"-vvvv"
|
43
53
|
]
|
54
|
+
bootstrap_command cmd
|
55
|
+
end
|
56
|
+
|
57
|
+
def bootstrap_command(cmd)
|
58
|
+
if @ask_pass
|
59
|
+
cmd.push("--ask-pass")
|
60
|
+
end
|
44
61
|
ansible_command *cmd
|
45
62
|
end
|
46
63
|
|
data/lib/subspace/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-06-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -100,13 +100,18 @@ files:
|
|
100
100
|
- Rakefile
|
101
101
|
- TODO
|
102
102
|
- ansible/playbooks/local_template.yml
|
103
|
+
- ansible/roles/apache-rails/tasks/main.yml
|
104
|
+
- ansible/roles/apache-rails/templates/_rails.conf
|
105
|
+
- ansible/roles/apache-rails/templates/project-ssl.conf
|
106
|
+
- ansible/roles/apache-rails/templates/project.conf
|
103
107
|
- ansible/roles/apache/defaults/main.yml
|
104
108
|
- ansible/roles/apache/handlers/main.yml
|
105
109
|
- ansible/roles/apache/tasks/main.yml
|
106
|
-
- ansible/roles/apache/templates/
|
110
|
+
- ansible/roles/apache/templates/server_status.conf
|
107
111
|
- ansible/roles/collectd/defaults/main.yml
|
108
112
|
- ansible/roles/collectd/handlers/main.yml
|
109
113
|
- ansible/roles/collectd/tasks/main.yml
|
114
|
+
- ansible/roles/collectd/templates/apache2.conf
|
110
115
|
- ansible/roles/collectd/templates/delayed_job_postgres.conf
|
111
116
|
- ansible/roles/collectd/templates/df.conf
|
112
117
|
- ansible/roles/collectd/templates/graphite.conf
|
@@ -157,8 +162,14 @@ files:
|
|
157
162
|
- ansible/roles/mysql2_gem/tasks/main.yml
|
158
163
|
- ansible/roles/newrelic/handlers/main.yml
|
159
164
|
- ansible/roles/newrelic/tasks/main.yml
|
165
|
+
- ansible/roles/nginx-rails/tasks/main.yml
|
166
|
+
- ansible/roles/nginx-rails/templates/_rails.conf
|
167
|
+
- ansible/roles/nginx-rails/templates/_upstream.conf
|
168
|
+
- ansible/roles/nginx-rails/templates/nginx-project
|
169
|
+
- ansible/roles/nginx-rails/templates/nginx-project-ssl
|
170
|
+
- ansible/roles/nginx/defaults/main.yml
|
171
|
+
- ansible/roles/nginx/handlers/main.yml
|
160
172
|
- ansible/roles/nginx/tasks/main.yml
|
161
|
-
- ansible/roles/nginx/templates/nginx-project
|
162
173
|
- ansible/roles/papertrail/tasks/main.yml
|
163
174
|
- ansible/roles/papertrail/templates/log_files.yml
|
164
175
|
- ansible/roles/passenger/meta/main.yml
|
@@ -169,10 +180,10 @@ files:
|
|
169
180
|
- ansible/roles/postgresql/tasks/backups.yml
|
170
181
|
- ansible/roles/postgresql/tasks/main.yml
|
171
182
|
- ansible/roles/postgresql/templates/backup.sh
|
183
|
+
- ansible/roles/puma/meta/main.yml
|
172
184
|
- ansible/roles/puma/tasks/main.yml
|
173
|
-
- ansible/roles/puma/templates/etc-init-puma-manager.conf
|
174
|
-
- ansible/roles/puma/templates/etc-init-puma.conf
|
175
185
|
- ansible/roles/puma/templates/etc-puma.conf
|
186
|
+
- ansible/roles/puma/templates/puma-monit-rc
|
176
187
|
- ansible/roles/puma/templates/puma.rb
|
177
188
|
- ansible/roles/rails/defaults/main.yml
|
178
189
|
- ansible/roles/rails/tasks/main.yml
|
@@ -1,25 +0,0 @@
|
|
1
|
-
<VirtualHost *:80>
|
2
|
-
ServerName {{server_name}}
|
3
|
-
{% for alias in server_aliases %}
|
4
|
-
ServerAlias {{alias}}
|
5
|
-
{% endfor %}
|
6
|
-
RailsEnv {{rails_env}}
|
7
|
-
# !!! Be sure to point DocumentRoot to 'public'!
|
8
|
-
DocumentRoot /u/apps/{{project_name}}/current/public
|
9
|
-
<Directory /u/apps/{{project_name}}/current/public>
|
10
|
-
# This relaxes Apache security settings.
|
11
|
-
AllowOverride all
|
12
|
-
# MultiViews must be turned off.
|
13
|
-
Options -MultiViews
|
14
|
-
# Uncomment this if you're on Apache >= 2.4:
|
15
|
-
Require all granted
|
16
|
-
</Directory>
|
17
|
-
<Location /assets/>
|
18
|
-
# Use of ETag is discouraged when Last-Modified is present
|
19
|
-
Header unset ETag
|
20
|
-
FileETag None
|
21
|
-
# RFC says only cache for 1 year
|
22
|
-
ExpiresActive On
|
23
|
-
ExpiresDefault "access plus 1 year"
|
24
|
-
</Location>
|
25
|
-
</VirtualHost>
|
@@ -1,27 +0,0 @@
|
|
1
|
-
upstream app {
|
2
|
-
# Path to Puma SOCK file, as defined previously
|
3
|
-
server unix:/u/apps/{{project_name}}/shared/tmp/sockets/puma.sock fail_timeout=0;
|
4
|
-
}
|
5
|
-
|
6
|
-
server {
|
7
|
-
listen 80;
|
8
|
-
server_name localhost;
|
9
|
-
|
10
|
-
root /u/apps/{{project_name}}/current/public;
|
11
|
-
|
12
|
-
try_files $uri/index.html $uri @app;
|
13
|
-
|
14
|
-
location @app {
|
15
|
-
proxy_pass http://app;
|
16
|
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
17
|
-
proxy_set_header Host $http_host;
|
18
|
-
# pass the upgrade headers so websockets work
|
19
|
-
proxy_set_header Upgrade $http_upgrade;
|
20
|
-
proxy_set_header Connection "upgrade";
|
21
|
-
proxy_redirect off;
|
22
|
-
}
|
23
|
-
|
24
|
-
error_page 500 502 503 504 /500.html;
|
25
|
-
client_max_body_size 4G;
|
26
|
-
keepalive_timeout 10;
|
27
|
-
}
|
@@ -1,31 +0,0 @@
|
|
1
|
-
# /etc/init/puma-manager.conf - manage a set of Pumas
|
2
|
-
|
3
|
-
# This example config should work with Ubuntu 12.04+. It
|
4
|
-
# allows you to manage multiple Puma instances with
|
5
|
-
# Upstart, Ubuntu's native service management tool.
|
6
|
-
#
|
7
|
-
# See puma.conf for how to manage a single Puma instance.
|
8
|
-
#
|
9
|
-
# Use "stop puma-manager" to stop all Puma instances.
|
10
|
-
# Use "start puma-manager" to start all instances.
|
11
|
-
# Use "restart puma-manager" to restart all instances.
|
12
|
-
# Crazy, right?
|
13
|
-
#
|
14
|
-
|
15
|
-
description "Manages the set of puma processes"
|
16
|
-
|
17
|
-
# This starts upon bootup and stops on shutdown
|
18
|
-
start on runlevel [2345]
|
19
|
-
stop on runlevel [06]
|
20
|
-
|
21
|
-
# Set this to the number of Puma processes you want
|
22
|
-
# to run on this machine
|
23
|
-
env PUMA_CONF="/etc/puma.conf"
|
24
|
-
|
25
|
-
pre-start script
|
26
|
-
for i in `cat $PUMA_CONF`; do
|
27
|
-
app=`echo $i | cut -d , -f 1`
|
28
|
-
logger -t "puma-manager" "Starting $app"
|
29
|
-
start puma app=$app
|
30
|
-
done
|
31
|
-
end script
|
@@ -1,69 +0,0 @@
|
|
1
|
-
# /etc/init/puma.conf - Puma config
|
2
|
-
|
3
|
-
# This example config should work with Ubuntu 12.04+. It
|
4
|
-
# allows you to manage multiple Puma instances with
|
5
|
-
# Upstart, Ubuntu's native service management tool.
|
6
|
-
#
|
7
|
-
# See workers.conf for how to manage all Puma instances at once.
|
8
|
-
#
|
9
|
-
# Save this config as /etc/init/puma.conf then manage puma with:
|
10
|
-
# sudo start puma app=PATH_TO_APP
|
11
|
-
# sudo stop puma app=PATH_TO_APP
|
12
|
-
# sudo status puma app=PATH_TO_APP
|
13
|
-
#
|
14
|
-
# or use the service command:
|
15
|
-
# sudo service puma {start,stop,restart,status}
|
16
|
-
#
|
17
|
-
|
18
|
-
description "Puma Background Worker"
|
19
|
-
|
20
|
-
# no "start on", we don't want to automatically start
|
21
|
-
stop on (stopping puma-manager or runlevel [06])
|
22
|
-
|
23
|
-
# change apps to match your deployment user if you want to use this as a less privileged user (recommended!)
|
24
|
-
setuid {{deploy_user}}
|
25
|
-
setgid {{deploy_user}}
|
26
|
-
|
27
|
-
respawn
|
28
|
-
respawn limit 3 30
|
29
|
-
|
30
|
-
instance ${app}
|
31
|
-
|
32
|
-
script
|
33
|
-
# this script runs in /bin/sh by default
|
34
|
-
# respawn as bash so we can source in rbenv/rvm
|
35
|
-
# quoted heredoc to tell /bin/sh not to interpret
|
36
|
-
# variables
|
37
|
-
|
38
|
-
# source ENV variables manually as Upstart doesn't, eg:
|
39
|
-
#. /etc/environment
|
40
|
-
|
41
|
-
exec /bin/bash <<'EOT'
|
42
|
-
# set HOME to the setuid user's home, there doesn't seem to be a better, portable way
|
43
|
-
export HOME="$(eval echo ~$(id -un))"
|
44
|
-
|
45
|
-
if [ -d "/usr/local/rbenv/bin" ]; then
|
46
|
-
export PATH="/usr/local/rbenv/bin:/usr/local/rbenv/shims:$PATH"
|
47
|
-
elif [ -d "$HOME/.rbenv/bin" ]; then
|
48
|
-
export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/shims:$PATH"
|
49
|
-
elif [ -f /etc/profile.d/rvm.sh ]; then
|
50
|
-
source /etc/profile.d/rvm.sh
|
51
|
-
elif [ -f /usr/local/rvm/scripts/rvm ]; then
|
52
|
-
source /etc/profile.d/rvm.sh
|
53
|
-
elif [ -f "$HOME/.rvm/scripts/rvm" ]; then
|
54
|
-
source "$HOME/.rvm/scripts/rvm"
|
55
|
-
elif [ -f /usr/local/share/chruby/chruby.sh ]; then
|
56
|
-
source /usr/local/share/chruby/chruby.sh
|
57
|
-
if [ -f /usr/local/share/chruby/auto.sh ]; then
|
58
|
-
source /usr/local/share/chruby/auto.sh
|
59
|
-
fi
|
60
|
-
# if you aren't using auto, set your version here
|
61
|
-
# chruby 2.0.0
|
62
|
-
fi
|
63
|
-
|
64
|
-
cd $app
|
65
|
-
logger -t puma "Starting server: $app"
|
66
|
-
|
67
|
-
exec bundle exec puma -C config/puma.rb
|
68
|
-
EOT
|
69
|
-
end script
|