subspace 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +31 -1
- data/ansible/roles/apache-rails/tasks/main.yml +26 -0
- data/ansible/roles/apache-rails/templates/_rails.conf +23 -0
- data/ansible/roles/apache-rails/templates/project-ssl.conf +16 -0
- data/ansible/roles/apache-rails/templates/project.conf +3 -0
- data/ansible/roles/apache/defaults/main.yml +5 -5
- data/ansible/roles/apache/handlers/main.yml +9 -1
- data/ansible/roles/apache/tasks/main.yml +33 -9
- data/ansible/roles/apache/templates/server_status.conf +6 -0
- data/ansible/roles/collectd/tasks/main.yml +9 -1
- data/ansible/roles/collectd/templates/apache2.conf +6 -0
- data/ansible/roles/common/defaults/main.yml +1 -1
- data/ansible/roles/delayed_job/tasks/main.yml +2 -0
- data/ansible/roles/letsencrypt/defaults/main.yml +10 -0
- data/ansible/roles/letsencrypt/tasks/main.yml +29 -41
- data/ansible/roles/monit/handlers/main.yml +7 -1
- data/ansible/roles/monit/tasks/main.yml +6 -4
- data/ansible/roles/nginx-rails/tasks/main.yml +30 -0
- data/ansible/roles/nginx-rails/templates/_rails.conf +23 -0
- data/ansible/roles/nginx-rails/templates/_upstream.conf +4 -0
- data/ansible/roles/nginx-rails/templates/nginx-project +9 -0
- data/ansible/roles/nginx-rails/templates/nginx-project-ssl +18 -0
- data/ansible/roles/nginx/defaults/main.yml +4 -0
- data/ansible/roles/nginx/handlers/main.yml +8 -0
- data/ansible/roles/nginx/tasks/main.yml +6 -15
- data/ansible/roles/postgresql/tasks/backups.yml +8 -6
- data/ansible/roles/postgresql/tasks/main.yml +2 -0
- data/ansible/roles/puma/meta/main.yml +5 -0
- data/ansible/roles/puma/tasks/main.yml +10 -20
- data/ansible/roles/puma/templates/puma-monit-rc +5 -0
- data/ansible/roles/puma/templates/puma.rb +12 -8
- data/ansible/roles/sidekiq/tasks/main.yml +1 -1
- data/lib/subspace/commands/bootstrap.rb +24 -7
- data/lib/subspace/version.rb +1 -1
- metadata +17 -6
- data/ansible/roles/apache/templates/project.conf +0 -25
- data/ansible/roles/nginx/templates/nginx-project +0 -27
- data/ansible/roles/puma/templates/etc-init-puma-manager.conf +0 -31
- data/ansible/roles/puma/templates/etc-init-puma.conf +0 -69
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 034d9c344dce74224c40707ccc449f2b5c8ead6c
|
4
|
+
data.tar.gz: 3b98db5e3dcc6eb6d68ce023247e09c71b6ed43d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: aecec2d3c3ee233a08989db4ab8d803257580e25fbffeee3d661f1ad662e3a3795d8e322e3f4375f9f485357ddcc6769f817651fc93b2fc84b66bd6fcd6f2a3e
|
7
|
+
data.tar.gz: 49b8a85e81fcba46c5876ede4d86c036e14ed5c8734110706ebe2a01cdd3cbc98ed963aa7b7e20ec02fbf3ee62b738ca93eba67b91c734e4fe61bc3e96caada5
|
data/README.md
CHANGED
@@ -84,7 +84,7 @@ This is a description of all the roles that are included by installing subspace,
|
|
84
84
|
This role should almost always be there. It ties a bunch of stuff together, runs apt-get update or yum upgrade, sets hostnames, and generally makes the server sane.
|
85
85
|
|
86
86
|
project_name: my_project
|
87
|
-
swap_space:
|
87
|
+
swap_space: 512M
|
88
88
|
deploy_user: deploy
|
89
89
|
|
90
90
|
Note: we grant the deploy user limited sudo access to run `service xyz restart` and also add it to the `adm` group so it can view logs in `/var/log`.
|
@@ -95,6 +95,12 @@ This is a description of all the roles that are included by installing subspace,
|
|
95
95
|
|
96
96
|
## apache
|
97
97
|
|
98
|
+
The most important file for an apache install is the "project.conf" file that gets created in `sites-available` and symlinked to `sites-enabled`. This is generated in a sensible way, but if you want to customize it you can do so by setting this variable to anything other than "project.conf":
|
99
|
+
|
100
|
+
apache_project_conf: my_custom_configuration.conf
|
101
|
+
|
102
|
+
Then place my_custom_configuration.conf in config/provision/templates/my_custom_configuration.conf. This will still get copied to the server as `sites-available/{project_name}.conf`
|
103
|
+
|
98
104
|
## collectd
|
99
105
|
|
100
106
|
## common
|
@@ -103,6 +109,20 @@ This is a description of all the roles that are included by installing subspace,
|
|
103
109
|
|
104
110
|
## letsencrypt
|
105
111
|
|
112
|
+
By default, this creates a single certificate for every server alias/server name in the configuration file.
|
113
|
+
If you'd like more control over the certs created, you can define the variables `le_ssl_certs` as follows:
|
114
|
+
|
115
|
+
le_ssl_certs:
|
116
|
+
- cert_name: mycert
|
117
|
+
domains:
|
118
|
+
- mydomain.example.com
|
119
|
+
- otherdomain.example.com
|
120
|
+
- cert_name: othersite
|
121
|
+
domains:
|
122
|
+
- othersite.example.com
|
123
|
+
|
124
|
+
Note that this role needs to be defined /before/ the apache role
|
125
|
+
|
106
126
|
## logrotate
|
107
127
|
|
108
128
|
Installs logrotate and lets you configure logs for automatic rotation. Example config for rails:
|
@@ -136,6 +156,13 @@ Installs logrotate and lets you configure logs for automatic rotation. Example
|
|
136
156
|
|
137
157
|
## postgresql
|
138
158
|
|
159
|
+
Sets up a postgres *server* - only use this on the database machine.
|
160
|
+
|
161
|
+
backups_enabled: true
|
162
|
+
s3_db_backup_bucket: disabled
|
163
|
+
s3_db_backup_prefix: "{{project_name}}/{{rails_env}}"
|
164
|
+
database_user: "{{project_name}}"
|
165
|
+
|
139
166
|
## puma
|
140
167
|
|
141
168
|
## rails
|
@@ -207,3 +234,6 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/tenfor
|
|
207
234
|
## License
|
208
235
|
|
209
236
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
237
|
+
|
238
|
+
# Roles and Variables
|
239
|
+
|
@@ -0,0 +1,26 @@
|
|
1
|
+
---
|
2
|
+
- name: Create Apache config
|
3
|
+
template:
|
4
|
+
src: "{{apache_project_conf}}"
|
5
|
+
dest: /etc/apache2/sites-available/{{project_name}}.conf
|
6
|
+
become: true
|
7
|
+
|
8
|
+
- name: Symlink {{project_name}}.conf to sites-enabled
|
9
|
+
file:
|
10
|
+
src: /etc/apache2/sites-available/{{project_name}}.conf
|
11
|
+
dest: /etc/apache2/sites-enabled/{{project_name}}.conf
|
12
|
+
state: "{{ ssl_enabled | ternary('absent', 'link')}}"
|
13
|
+
become: true
|
14
|
+
|
15
|
+
- name: Create Apache SSL config
|
16
|
+
template:
|
17
|
+
src: project-ssl.conf
|
18
|
+
dest: /etc/apache2/sites-available/{{project_name}}-ssl.conf
|
19
|
+
become: true
|
20
|
+
|
21
|
+
- name: Symlink {{project_name}}-ssl.conf to sites-enabled
|
22
|
+
file:
|
23
|
+
src: /etc/apache2/sites-available/{{project_name}}-ssl.conf
|
24
|
+
dest: /etc/apache2/sites-enabled/{{project_name}}-ssl.conf
|
25
|
+
state: "{{ ssl_enabled | ternary('link', 'absent')}}"
|
26
|
+
become: true
|
@@ -0,0 +1,23 @@
|
|
1
|
+
ServerName {{server_name}}
|
2
|
+
{% for alias in server_aliases %}
|
3
|
+
ServerAlias {{alias}}
|
4
|
+
{% endfor %}
|
5
|
+
RailsEnv {{rails_env}}
|
6
|
+
DocumentRoot /u/apps/{{project_name}}/current/public
|
7
|
+
# This is a test
|
8
|
+
<Directory /u/apps/{{project_name}}/current/public>
|
9
|
+
# This relaxes Apache security settings.
|
10
|
+
AllowOverride all
|
11
|
+
# MultiViews must be turned off.
|
12
|
+
Options -MultiViews
|
13
|
+
# Uncomment this if you're on Apache >= 2.4:
|
14
|
+
Require all granted
|
15
|
+
</Directory>
|
16
|
+
<Location /assets/>
|
17
|
+
# Use of ETag is discouraged when Last-Modified is present
|
18
|
+
Header unset ETag
|
19
|
+
FileETag None
|
20
|
+
# RFC says only cache for 1 year
|
21
|
+
ExpiresActive On
|
22
|
+
ExpiresDefault "access plus 1 year"
|
23
|
+
</Location>
|
@@ -0,0 +1,16 @@
|
|
1
|
+
<VirtualHost *:80>
|
2
|
+
ServerName {{server_name}}
|
3
|
+
{% for alias in server_aliases %}
|
4
|
+
ServerAlias {{alias}}
|
5
|
+
{% endfor %}
|
6
|
+
RewriteEngine On
|
7
|
+
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=302,L]
|
8
|
+
</VirtualHost>
|
9
|
+
|
10
|
+
<IfModule mod_ssl.c>
|
11
|
+
<VirtualHost *:443>
|
12
|
+
{% include "_rails.conf" %}
|
13
|
+
|
14
|
+
{{apache_ssl_config}}
|
15
|
+
</VirtualHost>
|
16
|
+
</IfModule>
|
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
server_aliases: []
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
#
|
7
|
-
#
|
3
|
+
apache_project_conf: project.conf
|
4
|
+
ssl_enabled: false
|
5
|
+
apache_ssl_config: ""
|
6
|
+
#ssl_cert_path: /etc/letsencrypt/site/server.crt
|
7
|
+
#ssl_key_path: /etc/letsencrypt/site/server.key
|
@@ -1,4 +1,12 @@
|
|
1
1
|
---
|
2
2
|
- name: apache restart
|
3
3
|
service: name=apache2 state=restarted
|
4
|
-
|
4
|
+
become: true
|
5
|
+
|
6
|
+
- name: stop webserver
|
7
|
+
service: name=apache2 state=stopped
|
8
|
+
become: true
|
9
|
+
|
10
|
+
- name: start webserver
|
11
|
+
service: name=apache2 state=started
|
12
|
+
become: true
|
@@ -1,4 +1,7 @@
|
|
1
1
|
---
|
2
|
+
- set_fact:
|
3
|
+
apache2_installed: true
|
4
|
+
|
2
5
|
- name: Install apache2
|
3
6
|
apt:
|
4
7
|
pkg: apache2
|
@@ -17,17 +20,38 @@
|
|
17
20
|
state: present
|
18
21
|
become: true
|
19
22
|
|
20
|
-
- name:
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
23
|
+
- name: a2enmod rewrite
|
24
|
+
when: ssl_enabled
|
25
|
+
apache2_module:
|
26
|
+
name: rewrite
|
27
|
+
state: present
|
25
28
|
become: true
|
26
29
|
|
27
|
-
- name:
|
30
|
+
- name: Enable mod_ssl
|
31
|
+
when: ssl_enabled
|
32
|
+
apache2_module:
|
33
|
+
name: ssl
|
34
|
+
state: present
|
35
|
+
become: true
|
36
|
+
|
37
|
+
- name: "Configure rails_projects"
|
38
|
+
include_role:
|
39
|
+
name: apache-rails
|
40
|
+
|
41
|
+
- debug: msg="trigger apache restart"
|
42
|
+
notify: apache restart
|
43
|
+
changed_when: true
|
44
|
+
|
45
|
+
- name: create server-status conf
|
46
|
+
template:
|
47
|
+
src: server_status.conf
|
48
|
+
dest: /etc/apache2/conf-available/server_status.conf
|
49
|
+
sudo: true
|
50
|
+
|
51
|
+
- name: enable server-status conf
|
28
52
|
file:
|
29
|
-
src: /etc/apache2/
|
30
|
-
dest: /etc/apache2/
|
53
|
+
src: /etc/apache2/conf-available/server_status.conf
|
54
|
+
dest: /etc/apache2/conf-enabled/server_status.conf
|
31
55
|
state: link
|
56
|
+
sudo: true
|
32
57
|
notify: apache restart
|
33
|
-
become: true
|
@@ -39,5 +39,13 @@
|
|
39
39
|
dest: /etc/collectd/collectd.conf.d/delayed_job_postgres.conf
|
40
40
|
become: true
|
41
41
|
notify: restart collectd
|
42
|
-
when:
|
42
|
+
when: postgresql_installed is defined and delayed_job_installed is defined
|
43
|
+
|
44
|
+
- name: create apache2 config
|
45
|
+
template:
|
46
|
+
src: apache2.conf
|
47
|
+
dest: /etc/collectd/collectd.conf.d/apache2.conf
|
48
|
+
sudo: true
|
49
|
+
notify: restart collectd
|
50
|
+
when: apache2_installed is defined
|
43
51
|
|
@@ -1,2 +1,12 @@
|
|
1
1
|
---
|
2
2
|
certbot_dir: "/opt/certbot"
|
3
|
+
apache_ssl_config: |
|
4
|
+
SSLCertificateFile /etc/letsencrypt/live/{{server_name}}/cert.pem
|
5
|
+
SSLCertificateKeyFile /etc/letsencrypt/live/{{server_name}}/privkey.pem
|
6
|
+
Include /etc/letsencrypt/options-ssl-apache.conf
|
7
|
+
SSLCertificateChainFile /etc/letsencrypt/live/{{server_name}}/chain.pem
|
8
|
+
|
9
|
+
nginx_ssl_config: |
|
10
|
+
ssl_certificate /etc/letsencrypt/live/{{server_name}}/fullchain.pem;
|
11
|
+
ssl_certificate_key /etc/letsencrypt/live/{{server_name}}/privkey.pem;
|
12
|
+
include /etc/letsencrypt/options-ssl-nginx.conf;
|
@@ -34,56 +34,44 @@
|
|
34
34
|
dest: "{{certbot_dir}}/certbot-auto"
|
35
35
|
mode: a+x
|
36
36
|
|
37
|
-
- name:
|
38
|
-
|
39
|
-
|
37
|
+
- name: shutdown webserver for standalone mode
|
38
|
+
debug: msg="Shutdown webserver"
|
39
|
+
notify: stop webserver
|
40
|
+
changed_when: true
|
40
41
|
|
41
|
-
-
|
42
|
-
become: true
|
43
|
-
apache2_module:
|
44
|
-
name: rewrite
|
45
|
-
state: present
|
42
|
+
- meta: flush_handlers
|
46
43
|
|
44
|
+
- name: "wait for webserver to stop"
|
45
|
+
wait_for:
|
46
|
+
port: 80
|
47
|
+
delay: 1
|
48
|
+
state: stopped
|
47
49
|
|
48
|
-
- name:
|
50
|
+
- name: Run default
|
51
|
+
when: le_ssl_certs is not defined
|
49
52
|
become: true
|
50
|
-
|
51
|
-
name: ssl
|
52
|
-
state: present
|
53
|
+
command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{([server_name] + server_aliases) | join(',')}} --standalone --agree-tos --expand --non-interactive"
|
53
54
|
|
54
|
-
- name:
|
55
|
+
- name: Generate SSL Certificates
|
56
|
+
when: le_ssl_certs is defined
|
55
57
|
become: true
|
56
|
-
|
57
|
-
|
58
|
-
dest: /etc/apache2/sites-available/{{project_name}}-le-ssl.conf
|
59
|
-
notify: apache restart
|
58
|
+
with_items: "{{le_ssl_certs}}"
|
59
|
+
command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
|
60
60
|
|
61
|
-
- name:
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
dest: /etc/apache2/sites-enabled/{{project_name}}-le-ssl.conf
|
66
|
-
state: link
|
67
|
-
notify: apache restart
|
61
|
+
- name: "Re-run apache rails_project to get SSL configuration"
|
62
|
+
when: apache2_installed is defined
|
63
|
+
include_role:
|
64
|
+
name: apache-rails
|
68
65
|
|
69
|
-
- name:
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
line: "RewriteEngine on"
|
74
|
-
state: present
|
75
|
-
insertbefore: "</VirtualHost>"
|
76
|
-
notify: apache restart
|
66
|
+
- name: "Re-run nginx rails_project to get SSL configuration"
|
67
|
+
when: nginx_installed is defined
|
68
|
+
include_role:
|
69
|
+
name: nginx-rails
|
77
70
|
|
78
|
-
- name:
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
line: "RewriteCond %{SERVER_NAME} ={{item}}\nRewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,NE,R=permanent]"
|
83
|
-
state: present
|
84
|
-
insertbefore: "</VirtualHost>"
|
85
|
-
with_items: "{{ ([server_name] + server_aliases) }}"
|
86
|
-
notify: apache restart
|
71
|
+
- name: start webserver after standalone mode
|
72
|
+
debug: msg="Startup webserver"
|
73
|
+
notify: start webserver
|
74
|
+
changed_when: true
|
87
75
|
|
88
76
|
- name: Setup cron job to auto renew
|
89
77
|
become: true
|
@@ -3,17 +3,19 @@
|
|
3
3
|
apt:
|
4
4
|
name: monit
|
5
5
|
state: present
|
6
|
-
|
6
|
+
become: true
|
7
7
|
|
8
8
|
- name: Copy sudoers file so that deploy can use monit without entering password.
|
9
9
|
copy:
|
10
10
|
src: sudoers-monit
|
11
11
|
dest: /etc/sudoers.d/monit
|
12
|
-
|
12
|
+
become: true
|
13
13
|
|
14
14
|
- name: Copy monit config to enable http from localhost
|
15
15
|
copy:
|
16
16
|
src: monit-http.conf
|
17
17
|
dest: /etc/monit/conf.d/monit-http.conf
|
18
|
-
|
19
|
-
notify:
|
18
|
+
become: true
|
19
|
+
notify:
|
20
|
+
- reload_monit
|
21
|
+
- validate_monit
|
@@ -0,0 +1,30 @@
|
|
1
|
+
---
|
2
|
+
- name: Remove the app's symlink, if exists
|
3
|
+
command: rm -rf /etc/nginx/sites-enabled/{{project_name}}
|
4
|
+
become: true
|
5
|
+
|
6
|
+
- name: create nginx config for rails app
|
7
|
+
template:
|
8
|
+
src: nginx-project
|
9
|
+
dest: /etc/nginx/sites-available/{{project_name}}
|
10
|
+
become: true
|
11
|
+
|
12
|
+
- name: Enable the app
|
13
|
+
file:
|
14
|
+
src: /etc/nginx/sites-available/{{project_name}}
|
15
|
+
dest: /etc/nginx/sites-enabled/{{project_name}}
|
16
|
+
state: "{{ ssl_enabled | ternary('absent', 'link')}}"
|
17
|
+
become: true
|
18
|
+
|
19
|
+
- name: create nginx config for rails app
|
20
|
+
template:
|
21
|
+
src: nginx-project-ssl
|
22
|
+
dest: /etc/nginx/sites-available/{{project_name}}-ssl
|
23
|
+
become: true
|
24
|
+
|
25
|
+
- name: Enable SSL configured app
|
26
|
+
file:
|
27
|
+
src: /etc/nginx/sites-available/{{project_name}}-ssl
|
28
|
+
dest: /etc/nginx/sites-enabled/{{project_name}}-ssl
|
29
|
+
state: "{{ ssl_enabled | ternary('link', 'absent')}}"
|
30
|
+
become: true
|
@@ -0,0 +1,23 @@
|
|
1
|
+
root /u/apps/{{project_name}}/current/public;
|
2
|
+
try_files $uri/index.html $uri @app;
|
3
|
+
|
4
|
+
location @app {
|
5
|
+
proxy_pass http://app;
|
6
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
7
|
+
proxy_set_header Host $http_host;
|
8
|
+
# pass the upgrade headers so websockets work
|
9
|
+
proxy_set_header Upgrade $http_upgrade;
|
10
|
+
proxy_set_header Connection "upgrade";
|
11
|
+
proxy_redirect off;
|
12
|
+
}
|
13
|
+
|
14
|
+
location /cable {
|
15
|
+
proxy_pass http://app;
|
16
|
+
proxy_http_version 1.1;
|
17
|
+
proxy_set_header Upgrade $http_upgrade;
|
18
|
+
proxy_set_header Connection "upgrade";
|
19
|
+
}
|
20
|
+
|
21
|
+
error_page 500 502 503 504 /500.html;
|
22
|
+
client_max_body_size 4G;
|
23
|
+
keepalive_timeout 10;
|
@@ -0,0 +1,18 @@
|
|
1
|
+
{% include "_upstream.conf" %}
|
2
|
+
|
3
|
+
server {
|
4
|
+
listen 80 default_server;
|
5
|
+
listen [::]:80 default_server;
|
6
|
+
server_name {{server_name}} {{server_aliases | join(" ")}};
|
7
|
+
return 301 https://$host$request_uri;
|
8
|
+
}
|
9
|
+
|
10
|
+
server {
|
11
|
+
listen 443 ssl;
|
12
|
+
server_name {{server_name}} {{server_aliases | join(" ")}};
|
13
|
+
|
14
|
+
{% include "_rails.conf" %}
|
15
|
+
{{nginx_ssl_config}}
|
16
|
+
}
|
17
|
+
|
18
|
+
|
@@ -1,3 +1,6 @@
|
|
1
|
+
- set_fact:
|
2
|
+
nginx_installed: true
|
3
|
+
|
1
4
|
- name: Install nginx
|
2
5
|
apt: pkg=nginx state=latest
|
3
6
|
become: true
|
@@ -6,21 +9,9 @@
|
|
6
9
|
command: rm -rf /etc/nginx/sites-enabled/default
|
7
10
|
become: true
|
8
11
|
|
9
|
-
- name:
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
- name: Remove the app's symlink, if exists
|
14
|
-
command: rm -rf /etc/nginx/sites-enabled/{{project_name}}
|
15
|
-
become: true
|
16
|
-
|
17
|
-
- name: Configure nginx for the app
|
18
|
-
template: src=nginx-project dest=/etc/nginx/sites-available/{{project_name}} group=www-data owner=www-data force=yes
|
19
|
-
become: true
|
20
|
-
|
21
|
-
- name: Enable the app
|
22
|
-
command: ln -s /etc/nginx/sites-available/{{project_name}} /etc/nginx/sites-enabled/{{project_name}}
|
23
|
-
become: true
|
12
|
+
- name: "Configure rails projects"
|
13
|
+
include_role:
|
14
|
+
name: nginx-rails
|
24
15
|
|
25
16
|
- name: Restart nginx
|
26
17
|
action: service name=nginx state=restarted
|
@@ -18,12 +18,6 @@
|
|
18
18
|
dest: "/u/apps/{{project_name}}/shared/db/backup.sh"
|
19
19
|
mode: 0755
|
20
20
|
|
21
|
-
- name: Remove old backup cron job because it had the wrong name
|
22
|
-
cron:
|
23
|
-
user: "{{deploy_user}}"
|
24
|
-
name: "check dirs"
|
25
|
-
state: "absent"
|
26
|
-
|
27
21
|
- name: Install backup cron job
|
28
22
|
when: backups_enabled
|
29
23
|
cron:
|
@@ -31,3 +25,11 @@
|
|
31
25
|
name: "Hourly backups"
|
32
26
|
minute: "0"
|
33
27
|
job: "/u/apps/{{project_name}}/shared/db/backup.sh"
|
28
|
+
state: "present"
|
29
|
+
|
30
|
+
- name: disable backup cron job
|
31
|
+
when: not backups_enabled
|
32
|
+
cron:
|
33
|
+
user: "{{deploy_user}}"
|
34
|
+
name: "Hourly backups"
|
35
|
+
state: "absent"
|
@@ -1,29 +1,19 @@
|
|
1
|
-
- name:
|
2
|
-
|
1
|
+
- name: Create shared/config/puma
|
2
|
+
file: path=/u/apps/{{project_name}}/shared/config/puma group=deploy owner=deploy state=directory
|
3
3
|
tags: puma
|
4
4
|
|
5
|
-
- name: Add puma config
|
6
|
-
template: src=
|
5
|
+
- name: Add puma shared/config
|
6
|
+
template: src=puma.rb dest=/u/apps/{{project_name}}/shared/config/puma/{{rails_env}}.rb force=yes mode=755
|
7
7
|
tags: puma
|
8
8
|
|
9
|
-
- name: Add puma init script
|
10
|
-
template: src=etc-init-puma.conf dest=/etc/init/puma.conf force=yes mode=755
|
11
|
-
tags: puma
|
12
|
-
|
13
|
-
# - name: Add puma shared/config
|
14
|
-
# template: src=puma_production.j2 dest=/u/apps/{{project_name}}/shared/config/puma/production.rb force=yes mode=755
|
15
|
-
# tags: puma
|
16
|
-
|
17
9
|
- name: Make shared/tmp/sockets
|
18
10
|
file: path=/u/apps/{{project_name}}/shared/tmp/sockets group=deploy owner=deploy state=directory
|
19
11
|
tags: tmp
|
20
12
|
|
21
|
-
- name:
|
22
|
-
|
13
|
+
- name: Install puma monit script
|
14
|
+
template:
|
15
|
+
src: puma-monit-rc
|
16
|
+
dest: /etc/monit/conf.d/puma_{{project_name}}_{{rails_env}}
|
17
|
+
sudo: true
|
18
|
+
notify: validate_monit
|
23
19
|
|
24
|
-
- name: Add Deploy user to sudoers
|
25
|
-
lineinfile:
|
26
|
-
dest: /etc/sudoers
|
27
|
-
state: present
|
28
|
-
regexp: "^{{deploy_user}}"
|
29
|
-
line: "{{deploy_user}} ALL=NOPASSWD: /usr/sbin/service puma-manager *"
|
@@ -0,0 +1,5 @@
|
|
1
|
+
check process puma
|
2
|
+
with pidfile /u/apps/{{project_name}}/current/tmp/pids/puma.pid
|
3
|
+
start program = "/bin/su - {{deploy_user}} -c 'cd /u/apps/{{project_name}}/current && bundle exec pumactl -F config/puma/{{rails_env}}.rb start'"
|
4
|
+
stop program = "/bin/su - {{deploy_user}} -c 'cd /u/apps/{{project_name}}/current && bundle exec pumactl -F config/puma/{{rails_env}}.rb stop'"
|
5
|
+
group puma
|
@@ -3,27 +3,31 @@ workers Integer(ENV['WEB_CONCURRENCY'] || 4)
|
|
3
3
|
|
4
4
|
threads_count = Integer(ENV['MAX_THREADS'] || 5)
|
5
5
|
# Min and Max threads per worker
|
6
|
-
threads
|
6
|
+
threads 0, threads_count
|
7
7
|
|
8
|
-
app_dir =
|
8
|
+
app_dir = "/u/apps/{{project_name}}/current"
|
9
|
+
directory app_dir
|
9
10
|
|
10
|
-
|
11
|
-
rails_env = ENV['RAILS_ENV'] || "production"
|
11
|
+
rails_env = "{{rails_env}}"
|
12
12
|
environment rails_env
|
13
13
|
|
14
14
|
# Set up socket location
|
15
|
-
bind "
|
15
|
+
bind "tcp://127.0.0.1:9292"
|
16
16
|
|
17
17
|
# Logging
|
18
18
|
stdout_redirect "#{app_dir}/log/puma.stdout.log", "#{app_dir}/log/puma.stderr.log", true
|
19
19
|
|
20
20
|
# Set master PID and state locations
|
21
|
-
|
22
|
-
|
21
|
+
daemonize
|
22
|
+
pidfile "/u/apps/{{project_name}}/shared/tmp/pids/puma.pid"
|
23
|
+
state_path "/u/apps/{{project_name}}/shared/tmp/pids/puma.state"
|
23
24
|
activate_control_app
|
24
25
|
|
25
26
|
on_worker_boot do
|
26
27
|
require "active_record"
|
27
28
|
ActiveRecord::Base.connection.disconnect! rescue ActiveRecord::ConnectionNotEstablished
|
28
29
|
ActiveRecord::Base.establish_connection(YAML.load_file("#{app_dir}/config/database.yml")[rails_env])
|
29
|
-
end
|
30
|
+
end
|
31
|
+
|
32
|
+
# Allow puma to be restarted by `rails restart` command.
|
33
|
+
plugin :tmp_restart
|
@@ -8,12 +8,25 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
|
|
8
8
|
|
9
9
|
def run
|
10
10
|
# ansible atlanta -m copy -a "src=/etc/hosts dest=/tmp/hosts"
|
11
|
-
copy_authorized_keys
|
12
11
|
install_python
|
12
|
+
ensure_ssh_dir
|
13
|
+
copy_authorized_keys
|
13
14
|
end
|
14
15
|
|
15
16
|
private
|
16
17
|
|
18
|
+
def ensure_ssh_dir
|
19
|
+
cmd = ["ansible",
|
20
|
+
@host_spec,
|
21
|
+
"-m",
|
22
|
+
"file",
|
23
|
+
"-a",
|
24
|
+
"path=/home/{{ansible_ssh_user}}/.ssh state=directory mode=0700",
|
25
|
+
"-vvvv"
|
26
|
+
]
|
27
|
+
bootstrap_command cmd
|
28
|
+
end
|
29
|
+
|
17
30
|
def copy_authorized_keys
|
18
31
|
# -m file -a "dest=/srv/foo/a.txt mode=600"
|
19
32
|
cmd = ["ansible",
|
@@ -24,10 +37,7 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
|
|
24
37
|
"src=authorized_keys dest=/home/{{ansible_ssh_user}}/.ssh/authorized_keys mode=600",
|
25
38
|
"-vvvv"
|
26
39
|
]
|
27
|
-
|
28
|
-
cmd.push("--ask-pass")
|
29
|
-
end
|
30
|
-
ansible_command *cmd
|
40
|
+
bootstrap_command cmd
|
31
41
|
end
|
32
42
|
|
33
43
|
def install_python
|
@@ -35,12 +45,19 @@ class Subspace::Commands::Bootstrap < Subspace::Commands::Base
|
|
35
45
|
cmd = ["ansible",
|
36
46
|
@host_spec,
|
37
47
|
"-m",
|
38
|
-
|
48
|
+
"raw",
|
39
49
|
"-a",
|
40
|
-
"
|
50
|
+
"test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)",
|
41
51
|
"--become",
|
42
52
|
"-vvvv"
|
43
53
|
]
|
54
|
+
bootstrap_command cmd
|
55
|
+
end
|
56
|
+
|
57
|
+
def bootstrap_command(cmd)
|
58
|
+
if @ask_pass
|
59
|
+
cmd.push("--ask-pass")
|
60
|
+
end
|
44
61
|
ansible_command *cmd
|
45
62
|
end
|
46
63
|
|
data/lib/subspace/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-06-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -100,13 +100,18 @@ files:
|
|
100
100
|
- Rakefile
|
101
101
|
- TODO
|
102
102
|
- ansible/playbooks/local_template.yml
|
103
|
+
- ansible/roles/apache-rails/tasks/main.yml
|
104
|
+
- ansible/roles/apache-rails/templates/_rails.conf
|
105
|
+
- ansible/roles/apache-rails/templates/project-ssl.conf
|
106
|
+
- ansible/roles/apache-rails/templates/project.conf
|
103
107
|
- ansible/roles/apache/defaults/main.yml
|
104
108
|
- ansible/roles/apache/handlers/main.yml
|
105
109
|
- ansible/roles/apache/tasks/main.yml
|
106
|
-
- ansible/roles/apache/templates/
|
110
|
+
- ansible/roles/apache/templates/server_status.conf
|
107
111
|
- ansible/roles/collectd/defaults/main.yml
|
108
112
|
- ansible/roles/collectd/handlers/main.yml
|
109
113
|
- ansible/roles/collectd/tasks/main.yml
|
114
|
+
- ansible/roles/collectd/templates/apache2.conf
|
110
115
|
- ansible/roles/collectd/templates/delayed_job_postgres.conf
|
111
116
|
- ansible/roles/collectd/templates/df.conf
|
112
117
|
- ansible/roles/collectd/templates/graphite.conf
|
@@ -157,8 +162,14 @@ files:
|
|
157
162
|
- ansible/roles/mysql2_gem/tasks/main.yml
|
158
163
|
- ansible/roles/newrelic/handlers/main.yml
|
159
164
|
- ansible/roles/newrelic/tasks/main.yml
|
165
|
+
- ansible/roles/nginx-rails/tasks/main.yml
|
166
|
+
- ansible/roles/nginx-rails/templates/_rails.conf
|
167
|
+
- ansible/roles/nginx-rails/templates/_upstream.conf
|
168
|
+
- ansible/roles/nginx-rails/templates/nginx-project
|
169
|
+
- ansible/roles/nginx-rails/templates/nginx-project-ssl
|
170
|
+
- ansible/roles/nginx/defaults/main.yml
|
171
|
+
- ansible/roles/nginx/handlers/main.yml
|
160
172
|
- ansible/roles/nginx/tasks/main.yml
|
161
|
-
- ansible/roles/nginx/templates/nginx-project
|
162
173
|
- ansible/roles/papertrail/tasks/main.yml
|
163
174
|
- ansible/roles/papertrail/templates/log_files.yml
|
164
175
|
- ansible/roles/passenger/meta/main.yml
|
@@ -169,10 +180,10 @@ files:
|
|
169
180
|
- ansible/roles/postgresql/tasks/backups.yml
|
170
181
|
- ansible/roles/postgresql/tasks/main.yml
|
171
182
|
- ansible/roles/postgresql/templates/backup.sh
|
183
|
+
- ansible/roles/puma/meta/main.yml
|
172
184
|
- ansible/roles/puma/tasks/main.yml
|
173
|
-
- ansible/roles/puma/templates/etc-init-puma-manager.conf
|
174
|
-
- ansible/roles/puma/templates/etc-init-puma.conf
|
175
185
|
- ansible/roles/puma/templates/etc-puma.conf
|
186
|
+
- ansible/roles/puma/templates/puma-monit-rc
|
176
187
|
- ansible/roles/puma/templates/puma.rb
|
177
188
|
- ansible/roles/rails/defaults/main.yml
|
178
189
|
- ansible/roles/rails/tasks/main.yml
|
@@ -1,25 +0,0 @@
|
|
1
|
-
<VirtualHost *:80>
|
2
|
-
ServerName {{server_name}}
|
3
|
-
{% for alias in server_aliases %}
|
4
|
-
ServerAlias {{alias}}
|
5
|
-
{% endfor %}
|
6
|
-
RailsEnv {{rails_env}}
|
7
|
-
# !!! Be sure to point DocumentRoot to 'public'!
|
8
|
-
DocumentRoot /u/apps/{{project_name}}/current/public
|
9
|
-
<Directory /u/apps/{{project_name}}/current/public>
|
10
|
-
# This relaxes Apache security settings.
|
11
|
-
AllowOverride all
|
12
|
-
# MultiViews must be turned off.
|
13
|
-
Options -MultiViews
|
14
|
-
# Uncomment this if you're on Apache >= 2.4:
|
15
|
-
Require all granted
|
16
|
-
</Directory>
|
17
|
-
<Location /assets/>
|
18
|
-
# Use of ETag is discouraged when Last-Modified is present
|
19
|
-
Header unset ETag
|
20
|
-
FileETag None
|
21
|
-
# RFC says only cache for 1 year
|
22
|
-
ExpiresActive On
|
23
|
-
ExpiresDefault "access plus 1 year"
|
24
|
-
</Location>
|
25
|
-
</VirtualHost>
|
@@ -1,27 +0,0 @@
|
|
1
|
-
upstream app {
|
2
|
-
# Path to Puma SOCK file, as defined previously
|
3
|
-
server unix:/u/apps/{{project_name}}/shared/tmp/sockets/puma.sock fail_timeout=0;
|
4
|
-
}
|
5
|
-
|
6
|
-
server {
|
7
|
-
listen 80;
|
8
|
-
server_name localhost;
|
9
|
-
|
10
|
-
root /u/apps/{{project_name}}/current/public;
|
11
|
-
|
12
|
-
try_files $uri/index.html $uri @app;
|
13
|
-
|
14
|
-
location @app {
|
15
|
-
proxy_pass http://app;
|
16
|
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
17
|
-
proxy_set_header Host $http_host;
|
18
|
-
# pass the upgrade headers so websockets work
|
19
|
-
proxy_set_header Upgrade $http_upgrade;
|
20
|
-
proxy_set_header Connection "upgrade";
|
21
|
-
proxy_redirect off;
|
22
|
-
}
|
23
|
-
|
24
|
-
error_page 500 502 503 504 /500.html;
|
25
|
-
client_max_body_size 4G;
|
26
|
-
keepalive_timeout 10;
|
27
|
-
}
|
@@ -1,31 +0,0 @@
|
|
1
|
-
# /etc/init/puma-manager.conf - manage a set of Pumas
|
2
|
-
|
3
|
-
# This example config should work with Ubuntu 12.04+. It
|
4
|
-
# allows you to manage multiple Puma instances with
|
5
|
-
# Upstart, Ubuntu's native service management tool.
|
6
|
-
#
|
7
|
-
# See puma.conf for how to manage a single Puma instance.
|
8
|
-
#
|
9
|
-
# Use "stop puma-manager" to stop all Puma instances.
|
10
|
-
# Use "start puma-manager" to start all instances.
|
11
|
-
# Use "restart puma-manager" to restart all instances.
|
12
|
-
# Crazy, right?
|
13
|
-
#
|
14
|
-
|
15
|
-
description "Manages the set of puma processes"
|
16
|
-
|
17
|
-
# This starts upon bootup and stops on shutdown
|
18
|
-
start on runlevel [2345]
|
19
|
-
stop on runlevel [06]
|
20
|
-
|
21
|
-
# Set this to the number of Puma processes you want
|
22
|
-
# to run on this machine
|
23
|
-
env PUMA_CONF="/etc/puma.conf"
|
24
|
-
|
25
|
-
pre-start script
|
26
|
-
for i in `cat $PUMA_CONF`; do
|
27
|
-
app=`echo $i | cut -d , -f 1`
|
28
|
-
logger -t "puma-manager" "Starting $app"
|
29
|
-
start puma app=$app
|
30
|
-
done
|
31
|
-
end script
|
@@ -1,69 +0,0 @@
|
|
1
|
-
# /etc/init/puma.conf - Puma config
|
2
|
-
|
3
|
-
# This example config should work with Ubuntu 12.04+. It
|
4
|
-
# allows you to manage multiple Puma instances with
|
5
|
-
# Upstart, Ubuntu's native service management tool.
|
6
|
-
#
|
7
|
-
# See workers.conf for how to manage all Puma instances at once.
|
8
|
-
#
|
9
|
-
# Save this config as /etc/init/puma.conf then manage puma with:
|
10
|
-
# sudo start puma app=PATH_TO_APP
|
11
|
-
# sudo stop puma app=PATH_TO_APP
|
12
|
-
# sudo status puma app=PATH_TO_APP
|
13
|
-
#
|
14
|
-
# or use the service command:
|
15
|
-
# sudo service puma {start,stop,restart,status}
|
16
|
-
#
|
17
|
-
|
18
|
-
description "Puma Background Worker"
|
19
|
-
|
20
|
-
# no "start on", we don't want to automatically start
|
21
|
-
stop on (stopping puma-manager or runlevel [06])
|
22
|
-
|
23
|
-
# change apps to match your deployment user if you want to use this as a less privileged user (recommended!)
|
24
|
-
setuid {{deploy_user}}
|
25
|
-
setgid {{deploy_user}}
|
26
|
-
|
27
|
-
respawn
|
28
|
-
respawn limit 3 30
|
29
|
-
|
30
|
-
instance ${app}
|
31
|
-
|
32
|
-
script
|
33
|
-
# this script runs in /bin/sh by default
|
34
|
-
# respawn as bash so we can source in rbenv/rvm
|
35
|
-
# quoted heredoc to tell /bin/sh not to interpret
|
36
|
-
# variables
|
37
|
-
|
38
|
-
# source ENV variables manually as Upstart doesn't, eg:
|
39
|
-
#. /etc/environment
|
40
|
-
|
41
|
-
exec /bin/bash <<'EOT'
|
42
|
-
# set HOME to the setuid user's home, there doesn't seem to be a better, portable way
|
43
|
-
export HOME="$(eval echo ~$(id -un))"
|
44
|
-
|
45
|
-
if [ -d "/usr/local/rbenv/bin" ]; then
|
46
|
-
export PATH="/usr/local/rbenv/bin:/usr/local/rbenv/shims:$PATH"
|
47
|
-
elif [ -d "$HOME/.rbenv/bin" ]; then
|
48
|
-
export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/shims:$PATH"
|
49
|
-
elif [ -f /etc/profile.d/rvm.sh ]; then
|
50
|
-
source /etc/profile.d/rvm.sh
|
51
|
-
elif [ -f /usr/local/rvm/scripts/rvm ]; then
|
52
|
-
source /etc/profile.d/rvm.sh
|
53
|
-
elif [ -f "$HOME/.rvm/scripts/rvm" ]; then
|
54
|
-
source "$HOME/.rvm/scripts/rvm"
|
55
|
-
elif [ -f /usr/local/share/chruby/chruby.sh ]; then
|
56
|
-
source /usr/local/share/chruby/chruby.sh
|
57
|
-
if [ -f /usr/local/share/chruby/auto.sh ]; then
|
58
|
-
source /usr/local/share/chruby/auto.sh
|
59
|
-
fi
|
60
|
-
# if you aren't using auto, set your version here
|
61
|
-
# chruby 2.0.0
|
62
|
-
fi
|
63
|
-
|
64
|
-
cd $app
|
65
|
-
logger -t puma "Starting server: $app"
|
66
|
-
|
67
|
-
exec bundle exec puma -C config/puma.rb
|
68
|
-
EOT
|
69
|
-
end script
|