subspace 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +31 -1
  3. data/ansible/roles/apache-rails/tasks/main.yml +26 -0
  4. data/ansible/roles/apache-rails/templates/_rails.conf +23 -0
  5. data/ansible/roles/apache-rails/templates/project-ssl.conf +16 -0
  6. data/ansible/roles/apache-rails/templates/project.conf +3 -0
  7. data/ansible/roles/apache/defaults/main.yml +5 -5
  8. data/ansible/roles/apache/handlers/main.yml +9 -1
  9. data/ansible/roles/apache/tasks/main.yml +33 -9
  10. data/ansible/roles/apache/templates/server_status.conf +6 -0
  11. data/ansible/roles/collectd/tasks/main.yml +9 -1
  12. data/ansible/roles/collectd/templates/apache2.conf +6 -0
  13. data/ansible/roles/common/defaults/main.yml +1 -1
  14. data/ansible/roles/delayed_job/tasks/main.yml +2 -0
  15. data/ansible/roles/letsencrypt/defaults/main.yml +10 -0
  16. data/ansible/roles/letsencrypt/tasks/main.yml +29 -41
  17. data/ansible/roles/monit/handlers/main.yml +7 -1
  18. data/ansible/roles/monit/tasks/main.yml +6 -4
  19. data/ansible/roles/nginx-rails/tasks/main.yml +30 -0
  20. data/ansible/roles/nginx-rails/templates/_rails.conf +23 -0
  21. data/ansible/roles/nginx-rails/templates/_upstream.conf +4 -0
  22. data/ansible/roles/nginx-rails/templates/nginx-project +9 -0
  23. data/ansible/roles/nginx-rails/templates/nginx-project-ssl +18 -0
  24. data/ansible/roles/nginx/defaults/main.yml +4 -0
  25. data/ansible/roles/nginx/handlers/main.yml +8 -0
  26. data/ansible/roles/nginx/tasks/main.yml +6 -15
  27. data/ansible/roles/postgresql/tasks/backups.yml +8 -6
  28. data/ansible/roles/postgresql/tasks/main.yml +2 -0
  29. data/ansible/roles/puma/meta/main.yml +5 -0
  30. data/ansible/roles/puma/tasks/main.yml +10 -20
  31. data/ansible/roles/puma/templates/puma-monit-rc +5 -0
  32. data/ansible/roles/puma/templates/puma.rb +12 -8
  33. data/ansible/roles/sidekiq/tasks/main.yml +1 -1
  34. data/lib/subspace/commands/bootstrap.rb +24 -7
  35. data/lib/subspace/version.rb +1 -1
  36. metadata +17 -6
  37. data/ansible/roles/apache/templates/project.conf +0 -25
  38. data/ansible/roles/nginx/templates/nginx-project +0 -27
  39. data/ansible/roles/puma/templates/etc-init-puma-manager.conf +0 -31
  40. data/ansible/roles/puma/templates/etc-init-puma.conf +0 -69
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 57b55c6f99d2144073f2601463e9945b60842550
4
- data.tar.gz: 93c40a9e919c5c8a49745310ad042de16f54bf1f
3
+ metadata.gz: 034d9c344dce74224c40707ccc449f2b5c8ead6c
4
+ data.tar.gz: 3b98db5e3dcc6eb6d68ce023247e09c71b6ed43d
5
5
  SHA512:
6
- metadata.gz: b67b94db7a8c7d5e70352f927bd944099f0abfe2a71bd51b6670af6b693976253d902f5054a56feea5ff8e200b17234ef5300f5a3500584c5d5add70d1a9a72c
7
- data.tar.gz: 5a98c46e5f8547dd596fb55260ea9ab17156847854375585f7c0fd1834a16643213199d2b529a33ee1f7682c30c6732a3b16bbebfdd86e4e1ad835db18086e90
6
+ metadata.gz: aecec2d3c3ee233a08989db4ab8d803257580e25fbffeee3d661f1ad662e3a3795d8e322e3f4375f9f485357ddcc6769f817651fc93b2fc84b66bd6fcd6f2a3e
7
+ data.tar.gz: 49b8a85e81fcba46c5876ede4d86c036e14ed5c8734110706ebe2a01cdd3cbc98ed963aa7b7e20ec02fbf3ee62b738ca93eba67b91c734e4fe61bc3e96caada5
data/README.md CHANGED
@@ -84,7 +84,7 @@ This is a description of all the roles that are included by installing subspace,
84
84
  This role should almost always be there. It ties a bunch of stuff together, runs apt-get update or yum upgrade, sets hostnames, and generally makes the server sane.
85
85
 
86
86
  project_name: my_project
87
- swap_space: 536870912
87
+ swap_space: 512M
88
88
  deploy_user: deploy
89
89
 
90
90
  Note: we grant the deploy user limited sudo access to run `service xyz restart` and also add it to the `adm` group so it can view logs in `/var/log`.
@@ -95,6 +95,12 @@ This is a description of all the roles that are included by installing subspace,
95
95
 
96
96
  ## apache
97
97
 
98
+ The most important file for an apache install is the "project.conf" file that gets created in `sites-available` and symlinked to `sites-enabled`. This is generated in a sensible way, but if you want to customize it you can do so by setting this variable to anything other than "project.conf":
99
+
100
+ apache_project_conf: my_custom_configuration.conf
101
+
102
+ Then place my_custom_configuration.conf in config/provision/templates/my_custom_configuration.conf. This will still get copied to the server as `sites-available/{project_name}.conf`
103
+
98
104
  ## collectd
99
105
 
100
106
  ## common
@@ -103,6 +109,20 @@ This is a description of all the roles that are included by installing subspace,
103
109
 
104
110
  ## letsencrypt
105
111
 
112
+ By default, this creates a single certificate for every server alias/server name in the configuration file.
113
+ If you'd like more control over the certs created, you can define the variables `le_ssl_certs` as follows:
114
+
115
+ le_ssl_certs:
116
+ - cert_name: mycert
117
+ domains:
118
+ - mydomain.example.com
119
+ - otherdomain.example.com
120
+ - cert_name: othersite
121
+ domains:
122
+ - othersite.example.com
123
+
124
+ Note that this role needs to be defined /before/ the apache role
125
+
106
126
  ## logrotate
107
127
 
108
128
  Installs logrotate and lets you configure logs for automatic rotation. Example config for rails:
@@ -136,6 +156,13 @@ Installs logrotate and lets you configure logs for automatic rotation. Example
136
156
 
137
157
  ## postgresql
138
158
 
159
+ Sets up a postgres *server* - only use this on the database machine.
160
+
161
+ backups_enabled: true
162
+ s3_db_backup_bucket: disabled
163
+ s3_db_backup_prefix: "{{project_name}}/{{rails_env}}"
164
+ database_user: "{{project_name}}"
165
+
139
166
  ## puma
140
167
 
141
168
  ## rails
@@ -207,3 +234,6 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/tenfor
207
234
  ## License
208
235
 
209
236
  The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
237
+
238
+ # Roles and Variables
239
+
@@ -0,0 +1,26 @@
1
+ ---
2
+ - name: Create Apache config
3
+ template:
4
+ src: "{{apache_project_conf}}"
5
+ dest: /etc/apache2/sites-available/{{project_name}}.conf
6
+ become: true
7
+
8
+ - name: Symlink {{project_name}}.conf to sites-enabled
9
+ file:
10
+ src: /etc/apache2/sites-available/{{project_name}}.conf
11
+ dest: /etc/apache2/sites-enabled/{{project_name}}.conf
12
+ state: "{{ ssl_enabled | ternary('absent', 'link')}}"
13
+ become: true
14
+
15
+ - name: Create Apache SSL config
16
+ template:
17
+ src: project-ssl.conf
18
+ dest: /etc/apache2/sites-available/{{project_name}}-ssl.conf
19
+ become: true
20
+
21
+ - name: Symlink {{project_name}}-ssl.conf to sites-enabled
22
+ file:
23
+ src: /etc/apache2/sites-available/{{project_name}}-ssl.conf
24
+ dest: /etc/apache2/sites-enabled/{{project_name}}-ssl.conf
25
+ state: "{{ ssl_enabled | ternary('link', 'absent')}}"
26
+ become: true
@@ -0,0 +1,23 @@
1
+ ServerName {{server_name}}
2
+ {% for alias in server_aliases %}
3
+ ServerAlias {{alias}}
4
+ {% endfor %}
5
+ RailsEnv {{rails_env}}
6
+ DocumentRoot /u/apps/{{project_name}}/current/public
7
+ # This is a test
8
+ <Directory /u/apps/{{project_name}}/current/public>
9
+ # This relaxes Apache security settings.
10
+ AllowOverride all
11
+ # MultiViews must be turned off.
12
+ Options -MultiViews
13
+ # Uncomment this if you're on Apache >= 2.4:
14
+ Require all granted
15
+ </Directory>
16
+ <Location /assets/>
17
+ # Use of ETag is discouraged when Last-Modified is present
18
+ Header unset ETag
19
+ FileETag None
20
+ # RFC says only cache for 1 year
21
+ ExpiresActive On
22
+ ExpiresDefault "access plus 1 year"
23
+ </Location>
@@ -0,0 +1,16 @@
1
+ <VirtualHost *:80>
2
+ ServerName {{server_name}}
3
+ {% for alias in server_aliases %}
4
+ ServerAlias {{alias}}
5
+ {% endfor %}
6
+ RewriteEngine On
7
+ RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=302,L]
8
+ </VirtualHost>
9
+
10
+ <IfModule mod_ssl.c>
11
+ <VirtualHost *:443>
12
+ {% include "_rails.conf" %}
13
+
14
+ {{apache_ssl_config}}
15
+ </VirtualHost>
16
+ </IfModule>
@@ -0,0 +1,3 @@
1
+ <VirtualHost *:80>
2
+ {% include "_rails.conf" %}
3
+ </VirtualHost>
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  server_aliases: []
3
- template_src_path: project.conf
4
- # TODO Replace with LetsEncrypt.
5
- #ssl_enabled: false
6
- #ssl_server_crt: ./files/{{project_name}}/server.crt
7
- #ssl_intermediate_crt: ./files/{{project_name}}/intermediate.crt
3
+ apache_project_conf: project.conf
4
+ ssl_enabled: false
5
+ apache_ssl_config: ""
6
+ #ssl_cert_path: /etc/letsencrypt/site/server.crt
7
+ #ssl_key_path: /etc/letsencrypt/site/server.key
@@ -1,4 +1,12 @@
1
1
  ---
2
2
  - name: apache restart
3
3
  service: name=apache2 state=restarted
4
- sudo: yes
4
+ become: true
5
+
6
+ - name: stop webserver
7
+ service: name=apache2 state=stopped
8
+ become: true
9
+
10
+ - name: start webserver
11
+ service: name=apache2 state=started
12
+ become: true
@@ -1,4 +1,7 @@
1
1
  ---
2
+ - set_fact:
3
+ apache2_installed: true
4
+
2
5
  - name: Install apache2
3
6
  apt:
4
7
  pkg: apache2
@@ -17,17 +20,38 @@
17
20
  state: present
18
21
  become: true
19
22
 
20
- - name: Create Apache config
21
- template:
22
- src: "{{template_src_path}}"
23
- dest: /etc/apache2/sites-available/{{project_name}}.conf
24
- notify: apache restart
23
+ - name: a2enmod rewrite
24
+ when: ssl_enabled
25
+ apache2_module:
26
+ name: rewrite
27
+ state: present
25
28
  become: true
26
29
 
27
- - name: Symlink {{project_name}}.conf to sites-enabled
30
+ - name: Enable mod_ssl
31
+ when: ssl_enabled
32
+ apache2_module:
33
+ name: ssl
34
+ state: present
35
+ become: true
36
+
37
+ - name: "Configure rails_projects"
38
+ include_role:
39
+ name: apache-rails
40
+
41
+ - debug: msg="trigger apache restart"
42
+ notify: apache restart
43
+ changed_when: true
44
+
45
+ - name: create server-status conf
46
+ template:
47
+ src: server_status.conf
48
+ dest: /etc/apache2/conf-available/server_status.conf
49
+ sudo: true
50
+
51
+ - name: enable server-status conf
28
52
  file:
29
- src: /etc/apache2/sites-available/{{project_name}}.conf
30
- dest: /etc/apache2/sites-enabled/{{project_name}}.conf
53
+ src: /etc/apache2/conf-available/server_status.conf
54
+ dest: /etc/apache2/conf-enabled/server_status.conf
31
55
  state: link
56
+ sudo: true
32
57
  notify: apache restart
33
- become: true
@@ -0,0 +1,6 @@
1
+ <Location /server-status>
2
+ SetHandler server-status
3
+ Order deny,allow
4
+ Deny from all
5
+ Allow from localhost
6
+ </Location>
@@ -39,5 +39,13 @@
39
39
  dest: /etc/collectd/collectd.conf.d/delayed_job_postgres.conf
40
40
  become: true
41
41
  notify: restart collectd
42
- when: collectd_enable_djpg is defined
42
+ when: postgresql_installed is defined and delayed_job_installed is defined
43
+
44
+ - name: create apache2 config
45
+ template:
46
+ src: apache2.conf
47
+ dest: /etc/collectd/collectd.conf.d/apache2.conf
48
+ sudo: true
49
+ notify: restart collectd
50
+ when: apache2_installed is defined
43
51
 
@@ -0,0 +1,6 @@
1
+ LoadPlugin "apache"
2
+ <Plugin "apache">
3
+ <Instance "server-status">
4
+ URL "http://localhost/server-status?auto"
5
+ </Instance>
6
+ </Plugin>
@@ -1,3 +1,3 @@
1
1
  ---
2
- swap_space: 536870912
2
+ swap_space: 512M
3
3
  deploy_user: deploy
@@ -1,4 +1,6 @@
1
1
  ---
2
+ - set_fact: delayed_job_installed="true"
3
+
2
4
  - name: Install delayed_job monit script
3
5
  template:
4
6
  src: delayed-job-monit-rc
@@ -1,2 +1,12 @@
1
1
  ---
2
2
  certbot_dir: "/opt/certbot"
3
+ apache_ssl_config: |
4
+ SSLCertificateFile /etc/letsencrypt/live/{{server_name}}/cert.pem
5
+ SSLCertificateKeyFile /etc/letsencrypt/live/{{server_name}}/privkey.pem
6
+ Include /etc/letsencrypt/options-ssl-apache.conf
7
+ SSLCertificateChainFile /etc/letsencrypt/live/{{server_name}}/chain.pem
8
+
9
+ nginx_ssl_config: |
10
+ ssl_certificate /etc/letsencrypt/live/{{server_name}}/fullchain.pem;
11
+ ssl_certificate_key /etc/letsencrypt/live/{{server_name}}/privkey.pem;
12
+ include /etc/letsencrypt/options-ssl-nginx.conf;
@@ -34,56 +34,44 @@
34
34
  dest: "{{certbot_dir}}/certbot-auto"
35
35
  mode: a+x
36
36
 
37
- - name: Run default
38
- become: true
39
- command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --apache --agree-tos --expand --non-interactive"
37
+ - name: shutdown webserver for standalone mode
38
+ debug: msg="Shutdown webserver"
39
+ notify: stop webserver
40
+ changed_when: true
40
41
 
41
- - name: Enable mod_rewrite
42
- become: true
43
- apache2_module:
44
- name: rewrite
45
- state: present
42
+ - meta: flush_handlers
46
43
 
44
+ - name: "wait for webserver to stop"
45
+ wait_for:
46
+ port: 80
47
+ delay: 1
48
+ state: stopped
47
49
 
48
- - name: Enable mod_ssl
50
+ - name: Run default
51
+ when: le_ssl_certs is not defined
49
52
  become: true
50
- apache2_module:
51
- name: ssl
52
- state: present
53
+ command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --standalone --agree-tos --expand --non-interactive"
53
54
 
54
- - name: Create SSL Apache config
55
+ - name: Generate SSL Certificates
56
+ when: le_ssl_certs is defined
55
57
  become: true
56
- template:
57
- src: project-le-ssl.conf
58
- dest: /etc/apache2/sites-available/{{project_name}}-le-ssl.conf
59
- notify: apache restart
58
+ with_items: "{{le_ssl_certs}}"
59
+ command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
60
60
 
61
- - name: Symlink {{project_name}}-le-ssl.conf to sites-enabled
62
- become: true
63
- file:
64
- src: /etc/apache2/sites-available/{{project_name}}-le-ssl.conf
65
- dest: /etc/apache2/sites-enabled/{{project_name}}-le-ssl.conf
66
- state: link
67
- notify: apache restart
61
+ - name: "Re-run apache rails_project to get SSL configuration"
62
+ when: apache2_installed is defined
63
+ include_role:
64
+ name: apache-rails
68
65
 
69
- - name: Force redirect to https (1/2)
70
- become: true
71
- lineinfile:
72
- dest: /etc/apache2/sites-available/{{project_name}}.conf
73
- line: "RewriteEngine on"
74
- state: present
75
- insertbefore: "</VirtualHost>"
76
- notify: apache restart
66
+ - name: "Re-run nginx rails_project to get SSL configuration"
67
+ when: nginx_installed is defined
68
+ include_role:
69
+ name: nginx-rails
77
70
 
78
- - name: Force redirect to https (2/2)
79
- become: true
80
- lineinfile:
81
- dest: /etc/apache2/sites-available/{{project_name}}.conf
82
- line: "RewriteCond %{SERVER_NAME} ={{item}}\nRewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,NE,R=permanent]"
83
- state: present
84
- insertbefore: "</VirtualHost>"
85
- with_items: "{{ ([server_name] + server_aliases) }}"
86
- notify: apache restart
71
+ - name: start webserver after standalone mode
72
+ debug: msg="Startup webserver"
73
+ notify: start webserver
74
+ changed_when: true
87
75
 
88
76
  - name: Setup cron job to auto renew
89
77
  become: true
@@ -1,3 +1,9 @@
1
1
  ---
2
- - name: monit
2
+ - name: reload_monit
3
3
  shell: monit stop all && monit reload && monit start all
4
+ become: true
5
+
6
+ - name: validate_monit
7
+ shell: monit validate
8
+ become: true
9
+
@@ -3,17 +3,19 @@
3
3
  apt:
4
4
  name: monit
5
5
  state: present
6
- sudo: true
6
+ become: true
7
7
 
8
8
  - name: Copy sudoers file so that deploy can use monit without entering password.
9
9
  copy:
10
10
  src: sudoers-monit
11
11
  dest: /etc/sudoers.d/monit
12
- sudo: true
12
+ become: true
13
13
 
14
14
  - name: Copy monit config to enable http from localhost
15
15
  copy:
16
16
  src: monit-http.conf
17
17
  dest: /etc/monit/conf.d/monit-http.conf
18
- sudo: true
19
- notify: monit
18
+ become: true
19
+ notify:
20
+ - reload_monit
21
+ - validate_monit
@@ -0,0 +1,30 @@
1
+ ---
2
+ - name: Remove the app's symlink, if exists
3
+ command: rm -rf /etc/nginx/sites-enabled/{{project_name}}
4
+ become: true
5
+
6
+ - name: create nginx config for rails app
7
+ template:
8
+ src: nginx-project
9
+ dest: /etc/nginx/sites-available/{{project_name}}
10
+ become: true
11
+
12
+ - name: Enable the app
13
+ file:
14
+ src: /etc/nginx/sites-available/{{project_name}}
15
+ dest: /etc/nginx/sites-enabled/{{project_name}}
16
+ state: "{{ ssl_enabled | ternary('absent', 'link')}}"
17
+ become: true
18
+
19
+ - name: create nginx config for rails app
20
+ template:
21
+ src: nginx-project-ssl
22
+ dest: /etc/nginx/sites-available/{{project_name}}-ssl
23
+ become: true
24
+
25
+ - name: Enable SSL configured app
26
+ file:
27
+ src: /etc/nginx/sites-available/{{project_name}}-ssl
28
+ dest: /etc/nginx/sites-enabled/{{project_name}}-ssl
29
+ state: "{{ ssl_enabled | ternary('link', 'absent')}}"
30
+ become: true
@@ -0,0 +1,23 @@
1
+ root /u/apps/{{project_name}}/current/public;
2
+ try_files $uri/index.html $uri @app;
3
+
4
+ location @app {
5
+ proxy_pass http://app;
6
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
7
+ proxy_set_header Host $http_host;
8
+ # pass the upgrade headers so websockets work
9
+ proxy_set_header Upgrade $http_upgrade;
10
+ proxy_set_header Connection "upgrade";
11
+ proxy_redirect off;
12
+ }
13
+
14
+ location /cable {
15
+ proxy_pass http://app;
16
+ proxy_http_version 1.1;
17
+ proxy_set_header Upgrade $http_upgrade;
18
+ proxy_set_header Connection "upgrade";
19
+ }
20
+
21
+ error_page 500 502 503 504 /500.html;
22
+ client_max_body_size 4G;
23
+ keepalive_timeout 10;
@@ -0,0 +1,4 @@
1
+ upstream app {
2
+ # Path to Puma socket
3
+ server localhost:9292;
4
+ }
@@ -0,0 +1,9 @@
1
+ {% include "_upstream.conf" %}
2
+
3
+ server {
4
+ listen 80;
5
+ server_name {{server_name}} {{server_aliases | join(" ")}};
6
+
7
+ {% include "_rails.conf" %}
8
+ }
9
+
@@ -0,0 +1,18 @@
1
+ {% include "_upstream.conf" %}
2
+
3
+ server {
4
+ listen 80 default_server;
5
+ listen [::]:80 default_server;
6
+ server_name {{server_name}} {{server_aliases | join(" ")}};
7
+ return 301 https://$host$request_uri;
8
+ }
9
+
10
+ server {
11
+ listen 443 ssl;
12
+ server_name {{server_name}} {{server_aliases | join(" ")}};
13
+
14
+ {% include "_rails.conf" %}
15
+ {{nginx_ssl_config}}
16
+ }
17
+
18
+
@@ -0,0 +1,4 @@
1
+ ---
2
+ server_aliases: []
3
+ ssl_enabled: false
4
+ nginx_ssl_config: ""
@@ -0,0 +1,8 @@
1
+ ---
2
+ - name: stop webserver
3
+ service: name=nginx state=stopped
4
+ become: true
5
+
6
+ - name: start webserver
7
+ service: name=nginx state=started
8
+ become: true
@@ -1,3 +1,6 @@
1
+ - set_fact:
2
+ nginx_installed: true
3
+
1
4
  - name: Install nginx
2
5
  apt: pkg=nginx state=latest
3
6
  become: true
@@ -6,21 +9,9 @@
6
9
  command: rm -rf /etc/nginx/sites-enabled/default
7
10
  become: true
8
11
 
9
- - name: Remove the app's config, if exists
10
- command: rm -rf /etc/nginx/sites-enabled/default
11
- become: true
12
-
13
- - name: Remove the app's symlink, if exists
14
- command: rm -rf /etc/nginx/sites-enabled/{{project_name}}
15
- become: true
16
-
17
- - name: Configure nginx for the app
18
- template: src=nginx-project dest=/etc/nginx/sites-available/{{project_name}} group=www-data owner=www-data force=yes
19
- become: true
20
-
21
- - name: Enable the app
22
- command: ln -s /etc/nginx/sites-available/{{project_name}} /etc/nginx/sites-enabled/{{project_name}}
23
- become: true
12
+ - name: "Configure rails projects"
13
+ include_role:
14
+ name: nginx-rails
24
15
 
25
16
  - name: Restart nginx
26
17
  action: service name=nginx state=restarted
@@ -18,12 +18,6 @@
18
18
  dest: "/u/apps/{{project_name}}/shared/db/backup.sh"
19
19
  mode: 0755
20
20
 
21
- - name: Remove old backup cron job because it had the wrong name
22
- cron:
23
- user: "{{deploy_user}}"
24
- name: "check dirs"
25
- state: "absent"
26
-
27
21
  - name: Install backup cron job
28
22
  when: backups_enabled
29
23
  cron:
@@ -31,3 +25,11 @@
31
25
  name: "Hourly backups"
32
26
  minute: "0"
33
27
  job: "/u/apps/{{project_name}}/shared/db/backup.sh"
28
+ state: "present"
29
+
30
+ - name: disable backup cron job
31
+ when: not backups_enabled
32
+ cron:
33
+ user: "{{deploy_user}}"
34
+ name: "Hourly backups"
35
+ state: "absent"
@@ -1,4 +1,6 @@
1
1
  ---
2
+ - set_fact: postgresql_installed="true"
3
+
2
4
  - name: Create postgresql user
3
5
  postgresql_user:
4
6
  name: "{{database_user}}"
@@ -0,0 +1,5 @@
1
+ ---
2
+ dependencies:
3
+ - {
4
+ role: monit
5
+ }
@@ -1,29 +1,19 @@
1
- - name: Add puma-manager
2
- template: src=etc-init-puma-manager.conf dest=/etc/init/puma-manager.conf force=yes mode=755
1
+ - name: Create shared/config/puma
2
+ file: path=/u/apps/{{project_name}}/shared/config/puma group=deploy owner=deploy state=directory
3
3
  tags: puma
4
4
 
5
- - name: Add puma config
6
- template: src=etc-puma.conf dest=/etc/puma.conf force=yes mode=755
5
+ - name: Add puma shared/config
6
+ template: src=puma.rb dest=/u/apps/{{project_name}}/shared/config/puma/{{rails_env}}.rb force=yes mode=755
7
7
  tags: puma
8
8
 
9
- - name: Add puma init script
10
- template: src=etc-init-puma.conf dest=/etc/init/puma.conf force=yes mode=755
11
- tags: puma
12
-
13
- # - name: Add puma shared/config
14
- # template: src=puma_production.j2 dest=/u/apps/{{project_name}}/shared/config/puma/production.rb force=yes mode=755
15
- # tags: puma
16
-
17
9
  - name: Make shared/tmp/sockets
18
10
  file: path=/u/apps/{{project_name}}/shared/tmp/sockets group=deploy owner=deploy state=directory
19
11
  tags: tmp
20
12
 
21
- - name: Restart puma-manager
22
- action: service name=puma-manager state=restarted
13
+ - name: Install puma monit script
14
+ template:
15
+ src: puma-monit-rc
16
+ dest: /etc/monit/conf.d/puma_{{project_name}}_{{rails_env}}
17
+ sudo: true
18
+ notify: validate_monit
23
19
 
24
- - name: Add Deploy user to sudoers
25
- lineinfile:
26
- dest: /etc/sudoers
27
- state: present
28
- regexp: "^{{deploy_user}}"
29
- line: "{{deploy_user}} ALL=NOPASSWD: /usr/sbin/service puma-manager *"
@@ -0,0 +1,5 @@
1
+ check process puma
2
+ with pidfile /u/apps/{{project_name}}/current/tmp/pids/puma.pid
3
+ start program = "/bin/su - {{deploy_user}} -c 'cd /u/apps/{{project_name}}/current && bundle exec pumactl -F config/puma/{{rails_env}}.rb start'"
4
+ stop program = "/bin/su - {{deploy_user}} -c 'cd /u/apps/{{project_name}}/current && bundle exec pumactl -F config/puma/{{rails_env}}.rb stop'"
5
+ group puma
@@ -3,27 +3,31 @@ workers Integer(ENV['WEB_CONCURRENCY'] || 4)
3
3
 
4
4
  threads_count = Integer(ENV['MAX_THREADS'] || 5)
5
5
  # Min and Max threads per worker
6
- threads threads_count, threads_count
6
+ threads 0, threads_count
7
7
 
8
- app_dir = File.expand_path("../..", __FILE__)
8
+ app_dir = "/u/apps/{{project_name}}/current"
9
+ directory app_dir
9
10
 
10
- # Default to production
11
- rails_env = ENV['RAILS_ENV'] || "production"
11
+ rails_env = "{{rails_env}}"
12
12
  environment rails_env
13
13
 
14
14
  # Set up socket location
15
- bind "unix://#{app_dir}/tmp/sockets/puma.sock"
15
+ bind "tcp://127.0.0.1:9292"
16
16
 
17
17
  # Logging
18
18
  stdout_redirect "#{app_dir}/log/puma.stdout.log", "#{app_dir}/log/puma.stderr.log", true
19
19
 
20
20
  # Set master PID and state locations
21
- pidfile "#{app_dir}/tmp/pids/puma.pid"
22
- state_path "#{app_dir}/tmp/pids/puma.state"
21
+ daemonize
22
+ pidfile "/u/apps/{{project_name}}/shared/tmp/pids/puma.pid"
23
+ state_path "/u/apps/{{project_name}}/shared/tmp/pids/puma.state"
23
24
  activate_control_app
24
25
 
25
26
  on_worker_boot do
26
27
  require "active_record"
27
28
  ActiveRecord::Base.connection.disconnect! rescue ActiveRecord::ConnectionNotEstablished
28
29
  ActiveRecord::Base.establish_connection(YAML.load_file("#{app_dir}/config/database.yml")[rails_env])
29
- end
30
+ end
31
+
32
+ # Allow puma to be restarted by `rails restart` command.
33
+ plugin :tmp_restart
@@ -4,4 +4,4 @@
4
4
  src: sidekiq-monit-rc
5
5
  dest: /etc/monit/conf.d/sidekiq_{{project_name}}_{{rails_env}}
6
6
  sudo: true
7
- notify: monit
7
+ notify: validate_monit
@@ -8,12 +8,25 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
8
8
 
9
9
  def run
10
10
  # ansible atlanta -m copy -a "src=/etc/hosts dest=/tmp/hosts"
11
- copy_authorized_keys
12
11
  install_python
12
+ ensure_ssh_dir
13
+ copy_authorized_keys
13
14
  end
14
15
 
15
16
  private
16
17
 
18
+ def ensure_ssh_dir
19
+ cmd = ["ansible",
20
+ @host_spec,
21
+ "-m",
22
+ "file",
23
+ "-a",
24
+ "path=/home/{{ansible_ssh_user}}/.ssh state=directory mode=0700",
25
+ "-vvvv"
26
+ ]
27
+ bootstrap_command cmd
28
+ end
29
+
17
30
  def copy_authorized_keys
18
31
  # -m file -a "dest=/srv/foo/a.txt mode=600"
19
32
  cmd = ["ansible",
@@ -24,10 +37,7 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
24
37
  "src=authorized_keys dest=/home/{{ansible_ssh_user}}/.ssh/authorized_keys mode=600",
25
38
  "-vvvv"
26
39
  ]
27
- if @ask_pass
28
- cmd.push("--ask-pass")
29
- end
30
- ansible_command *cmd
40
+ bootstrap_command cmd
31
41
  end
32
42
 
33
43
  def install_python
@@ -35,12 +45,19 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
35
45
  cmd = ["ansible",
36
46
  @host_spec,
37
47
  "-m",
38
- @yum ? "yum" : "apt",
48
+ "raw",
39
49
  "-a",
40
- "name=python state=present",
50
+ "test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)",
41
51
  "--become",
42
52
  "-vvvv"
43
53
  ]
54
+ bootstrap_command cmd
55
+ end
56
+
57
+ def bootstrap_command(cmd)
58
+ if @ask_pass
59
+ cmd.push("--ask-pass")
60
+ end
44
61
  ansible_command *cmd
45
62
  end
46
63
 
@@ -1,3 +1,3 @@
1
1
  module Subspace
2
- VERSION = "0.3.0"
2
+ VERSION = "0.4.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: subspace
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brian Samson
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2017-05-29 00:00:00.000000000 Z
11
+ date: 2017-06-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -100,13 +100,18 @@ files:
100
100
  - Rakefile
101
101
  - TODO
102
102
  - ansible/playbooks/local_template.yml
103
+ - ansible/roles/apache-rails/tasks/main.yml
104
+ - ansible/roles/apache-rails/templates/_rails.conf
105
+ - ansible/roles/apache-rails/templates/project-ssl.conf
106
+ - ansible/roles/apache-rails/templates/project.conf
103
107
  - ansible/roles/apache/defaults/main.yml
104
108
  - ansible/roles/apache/handlers/main.yml
105
109
  - ansible/roles/apache/tasks/main.yml
106
- - ansible/roles/apache/templates/project.conf
110
+ - ansible/roles/apache/templates/server_status.conf
107
111
  - ansible/roles/collectd/defaults/main.yml
108
112
  - ansible/roles/collectd/handlers/main.yml
109
113
  - ansible/roles/collectd/tasks/main.yml
114
+ - ansible/roles/collectd/templates/apache2.conf
110
115
  - ansible/roles/collectd/templates/delayed_job_postgres.conf
111
116
  - ansible/roles/collectd/templates/df.conf
112
117
  - ansible/roles/collectd/templates/graphite.conf
@@ -157,8 +162,14 @@ files:
157
162
  - ansible/roles/mysql2_gem/tasks/main.yml
158
163
  - ansible/roles/newrelic/handlers/main.yml
159
164
  - ansible/roles/newrelic/tasks/main.yml
165
+ - ansible/roles/nginx-rails/tasks/main.yml
166
+ - ansible/roles/nginx-rails/templates/_rails.conf
167
+ - ansible/roles/nginx-rails/templates/_upstream.conf
168
+ - ansible/roles/nginx-rails/templates/nginx-project
169
+ - ansible/roles/nginx-rails/templates/nginx-project-ssl
170
+ - ansible/roles/nginx/defaults/main.yml
171
+ - ansible/roles/nginx/handlers/main.yml
160
172
  - ansible/roles/nginx/tasks/main.yml
161
- - ansible/roles/nginx/templates/nginx-project
162
173
  - ansible/roles/papertrail/tasks/main.yml
163
174
  - ansible/roles/papertrail/templates/log_files.yml
164
175
  - ansible/roles/passenger/meta/main.yml
@@ -169,10 +180,10 @@ files:
169
180
  - ansible/roles/postgresql/tasks/backups.yml
170
181
  - ansible/roles/postgresql/tasks/main.yml
171
182
  - ansible/roles/postgresql/templates/backup.sh
183
+ - ansible/roles/puma/meta/main.yml
172
184
  - ansible/roles/puma/tasks/main.yml
173
- - ansible/roles/puma/templates/etc-init-puma-manager.conf
174
- - ansible/roles/puma/templates/etc-init-puma.conf
175
185
  - ansible/roles/puma/templates/etc-puma.conf
186
+ - ansible/roles/puma/templates/puma-monit-rc
176
187
  - ansible/roles/puma/templates/puma.rb
177
188
  - ansible/roles/rails/defaults/main.yml
178
189
  - ansible/roles/rails/tasks/main.yml
@@ -1,25 +0,0 @@
1
- <VirtualHost *:80>
2
- ServerName {{server_name}}
3
- {% for alias in server_aliases %}
4
- ServerAlias {{alias}}
5
- {% endfor %}
6
- RailsEnv {{rails_env}}
7
- # !!! Be sure to point DocumentRoot to 'public'!
8
- DocumentRoot /u/apps/{{project_name}}/current/public
9
- <Directory /u/apps/{{project_name}}/current/public>
10
- # This relaxes Apache security settings.
11
- AllowOverride all
12
- # MultiViews must be turned off.
13
- Options -MultiViews
14
- # Uncomment this if you're on Apache >= 2.4:
15
- Require all granted
16
- </Directory>
17
- <Location /assets/>
18
- # Use of ETag is discouraged when Last-Modified is present
19
- Header unset ETag
20
- FileETag None
21
- # RFC says only cache for 1 year
22
- ExpiresActive On
23
- ExpiresDefault "access plus 1 year"
24
- </Location>
25
- </VirtualHost>
@@ -1,27 +0,0 @@
1
- upstream app {
2
- # Path to Puma SOCK file, as defined previously
3
- server unix:/u/apps/{{project_name}}/shared/tmp/sockets/puma.sock fail_timeout=0;
4
- }
5
-
6
- server {
7
- listen 80;
8
- server_name localhost;
9
-
10
- root /u/apps/{{project_name}}/current/public;
11
-
12
- try_files $uri/index.html $uri @app;
13
-
14
- location @app {
15
- proxy_pass http://app;
16
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
17
- proxy_set_header Host $http_host;
18
- # pass the upgrade headers so websockets work
19
- proxy_set_header Upgrade $http_upgrade;
20
- proxy_set_header Connection "upgrade";
21
- proxy_redirect off;
22
- }
23
-
24
- error_page 500 502 503 504 /500.html;
25
- client_max_body_size 4G;
26
- keepalive_timeout 10;
27
- }
@@ -1,31 +0,0 @@
1
- # /etc/init/puma-manager.conf - manage a set of Pumas
2
-
3
- # This example config should work with Ubuntu 12.04+. It
4
- # allows you to manage multiple Puma instances with
5
- # Upstart, Ubuntu's native service management tool.
6
- #
7
- # See puma.conf for how to manage a single Puma instance.
8
- #
9
- # Use "stop puma-manager" to stop all Puma instances.
10
- # Use "start puma-manager" to start all instances.
11
- # Use "restart puma-manager" to restart all instances.
12
- # Crazy, right?
13
- #
14
-
15
- description "Manages the set of puma processes"
16
-
17
- # This starts upon bootup and stops on shutdown
18
- start on runlevel [2345]
19
- stop on runlevel [06]
20
-
21
- # Set this to the number of Puma processes you want
22
- # to run on this machine
23
- env PUMA_CONF="/etc/puma.conf"
24
-
25
- pre-start script
26
- for i in `cat $PUMA_CONF`; do
27
- app=`echo $i | cut -d , -f 1`
28
- logger -t "puma-manager" "Starting $app"
29
- start puma app=$app
30
- done
31
- end script
@@ -1,69 +0,0 @@
1
- # /etc/init/puma.conf - Puma config
2
-
3
- # This example config should work with Ubuntu 12.04+. It
4
- # allows you to manage multiple Puma instances with
5
- # Upstart, Ubuntu's native service management tool.
6
- #
7
- # See workers.conf for how to manage all Puma instances at once.
8
- #
9
- # Save this config as /etc/init/puma.conf then manage puma with:
10
- # sudo start puma app=PATH_TO_APP
11
- # sudo stop puma app=PATH_TO_APP
12
- # sudo status puma app=PATH_TO_APP
13
- #
14
- # or use the service command:
15
- # sudo service puma {start,stop,restart,status}
16
- #
17
-
18
- description "Puma Background Worker"
19
-
20
- # no "start on", we don't want to automatically start
21
- stop on (stopping puma-manager or runlevel [06])
22
-
23
- # change apps to match your deployment user if you want to use this as a less privileged user (recommended!)
24
- setuid {{deploy_user}}
25
- setgid {{deploy_user}}
26
-
27
- respawn
28
- respawn limit 3 30
29
-
30
- instance ${app}
31
-
32
- script
33
- # this script runs in /bin/sh by default
34
- # respawn as bash so we can source in rbenv/rvm
35
- # quoted heredoc to tell /bin/sh not to interpret
36
- # variables
37
-
38
- # source ENV variables manually as Upstart doesn't, eg:
39
- #. /etc/environment
40
-
41
- exec /bin/bash <<'EOT'
42
- # set HOME to the setuid user's home, there doesn't seem to be a better, portable way
43
- export HOME="$(eval echo ~$(id -un))"
44
-
45
- if [ -d "/usr/local/rbenv/bin" ]; then
46
- export PATH="/usr/local/rbenv/bin:/usr/local/rbenv/shims:$PATH"
47
- elif [ -d "$HOME/.rbenv/bin" ]; then
48
- export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/shims:$PATH"
49
- elif [ -f /etc/profile.d/rvm.sh ]; then
50
- source /etc/profile.d/rvm.sh
51
- elif [ -f /usr/local/rvm/scripts/rvm ]; then
52
- source /etc/profile.d/rvm.sh
53
- elif [ -f "$HOME/.rvm/scripts/rvm" ]; then
54
- source "$HOME/.rvm/scripts/rvm"
55
- elif [ -f /usr/local/share/chruby/chruby.sh ]; then
56
- source /usr/local/share/chruby/chruby.sh
57
- if [ -f /usr/local/share/chruby/auto.sh ]; then
58
- source /usr/local/share/chruby/auto.sh
59
- fi
60
- # if you aren't using auto, set your version here
61
- # chruby 2.0.0
62
- fi
63
-
64
- cd $app
65
- logger -t puma "Starting server: $app"
66
-
67
- exec bundle exec puma -C config/puma.rb
68
- EOT
69
- end script