subspace 0.4.1 → 0.4.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6b6d16237fc3147af520ccc74eccd984f22b1f54
-  data.tar.gz: 2e2f3114a1d00a93ba873a45791bf02998be14f2
+  metadata.gz: 90b6493c3b49faa6b3e825ba91b38ace22640fd8
+  data.tar.gz: 37109dca55e73f582340a0d8136eb7e65ed97a22
 SHA512:
-  metadata.gz: 3a4310423d8df3e2ff20aed4e94908e11b62e146493d06443726d98b4be60930f50ad53fb779b16b96b9aa4f665dbe1d3f05d52453af7d10133cb5a0000ec9db
-  data.tar.gz: eec65da518d4a21a4557e77a6ca7af03260fd6425189d5ef7e360f99c7fc1ef750a62c7763acc8abe5a52c64ac1f2a327c3b483786aa30fc6b733f7ce7cb8b42
+  metadata.gz: 76fe3df3726d34278aea605e2932a35379f38eb78f9d91ba0121ad64dd4ba4ccceaa81cedce03f58d52ea9f0e1ba22b42504a48b28fa32051c222db6d33a4011
+  data.tar.gz: 5295d6be99a5323d9d11bf98def621fcd583cb1be33b884b6082049b7a22f56b9527672328d77f793e3b9953b4071e8a137df9fdde3f677e2d7643a10a0b5b6d

data/README.md

@@ -1,5 +1,7 @@
 # Subspace
 
+[![Gem](https://img.shields.io/gem/v/subspace.svg)](https://rubygems.org/gems/subspace)
+
 Subspace is a rubygem meant to make provisioning as easy as Capistrano makes deploying.
 
 http://tvtropes.org/pmwiki/pmwiki.php/Main/SubspaceAnsible
@@ -101,12 +103,34 @@ The most important file for an apache install is the "project.conf" file that ge
 
 Then place my_custom_configuration.conf in config/provision/templates/my_custom_configuration.conf.  This will still get copied to the server as `sites-available/{project_name}.conf`
 
+Apache also support canonicalizing the domain now, so if you alwyas want to redirect to WWW for example, simply add a variable:
+
+    canonical_domain: "www.example.com"
+
 ## collectd
 
 ## common
 
 ## delayed_job
 
+Install monitoring and automatic startup for delayed job workers via monit. You MUST set the job queues as follows:
+
+    job_queues:
+      - default
+      - mailers
+      - exports
+
+Please note that by default, delayed job does not set a queue (eg it uses the "null" queue). You MUST also add an initializer to your rails app where you set the default queue name to "default" (or some other queue).  Otherwise, the named queue workers managed by this role will not process the "null" queue.
+
+    # config/initializers/delayed_job.rb
+    Delayed::Worker.default_queue_name = 'default'
+
+Defaults:
+
+    delayed_job_command: bin/delayed_job
+
+
+
 ## letsencrypt
 
 By default, this creates a single certificate for every server alias/server name in the configuration file.

data/ansible/roles/apache-rails/tasks/main.yml

@@ -9,7 +9,7 @@
     file:
       src: /etc/apache2/sites-available/{{project_name}}.conf
       dest: /etc/apache2/sites-enabled/{{project_name}}.conf
-      state: "{{ ssl_enabled | ternary('absent', 'link')}}"
+      state: "{{ ssl_enabled and apache_ssl_config is defined | ternary('absent', 'link')}}"
     become: true
 
   - name: Create Apache SSL config
@@ -22,5 +22,5 @@
     file:
       src: /etc/apache2/sites-available/{{project_name}}-ssl.conf
       dest: /etc/apache2/sites-enabled/{{project_name}}-ssl.conf
-      state: "{{ ssl_enabled | ternary('link', 'absent')}}"
+      state: "{{ ssl_enabled and apache_ssl_config is defined | ternary('link', 'absent')}}"
     become: true

data/ansible/roles/apache-rails/templates/_canonical_domain.conf

@@ -0,0 +1,10 @@
+{% if canonical_domain is defined %}
+  # _canonical_domain.conf
+  <If "%{HTTP_HOST} != '{{canonical_domain}}'">
+    {% if ssl_enabled %}
+    Redirect / "https://{{canonical_domain}}/"
+    {% else %}
+    Redirect / "http://{{canonical_domain}}/"
+    {% endif %}
+  </If>
+{% endif %}

data/ansible/roles/apache-rails/templates/project-ssl.conf

@@ -3,14 +3,19 @@
     {% for alias in server_aliases %}
     ServerAlias {{alias}}
     {% endfor %}
-    RewriteEngine On
-    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=302,L]
+
+    {% if canonical_domain is defined %}
+    Redirect / "https://{{canonical_domain}}/"
+    {% else %}
+    Redirect / "https://%{HTTP_HOST}/"
+    {% endif %}
 </VirtualHost>
 
 <IfModule mod_ssl.c>
     <VirtualHost *:443>
         {% include "_rails.conf" %}
 
-        {{apache_ssl_config}}
+        {{apache_ssl_config | indent(8, true)}}
+        {% include "_canonical_domain.conf" %}
     </VirtualHost>
 </IfModule>

data/ansible/roles/apache-rails/templates/project.conf

@@ -1,4 +1,4 @@
 <VirtualHost *:80>
     {% include "_rails.conf" %}
-
+    {% include "_canonical_domain.conf" %}
 </VirtualHost>

data/ansible/roles/apache/defaults/main.yml

@@ -2,6 +2,6 @@
   server_aliases: []
   apache_project_conf: project.conf
   ssl_enabled: false
-  apache_ssl_config: ""
+  #apache_ssl_config: ""
   #ssl_cert_path: /etc/letsencrypt/site/server.crt
   #ssl_key_path: /etc/letsencrypt/site/server.key

data/ansible/roles/letsencrypt/tasks/main.yml

@@ -58,6 +58,18 @@
     with_items: "{{le_ssl_certs}}"
     command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
 
+  - name: Update nginx default options
+    when: nginx_installed is defined
+    get_url:
+      url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf
+      dest: /etc/letsencrypt/options-ssl-nginx.conf
+
+  - name: Update apache default options
+    when: apache2_installed is defined
+    get_url:
+      url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
+      dest: /etc/letsencrypt/options-ssl-apache.conf
+
   - name: "Re-run apache rails_project to get SSL configuration"
     when: apache2_installed is defined
     include_role:

data/ansible/roles/monit/handlers/main.yml

@@ -1,6 +1,12 @@
 ---
+  - name: restart_monit
+    service:
+      name: monit
+      state: restarted
+    become: true
+
   - name: reload_monit
-    shell: monit stop all && monit reload && monit start all
+    shell: monit reload
     become: true
 
   - name: validate_monit

data/ansible/roles/monit/tasks/main.yml

@@ -17,5 +17,4 @@
       dest: /etc/monit/conf.d/monit-http.conf
     become: true
     notify:
-      - reload_monit
-      - validate_monit
+      - restart_monit

data/ansible/roles/postgresql-client/tasks/main.yml

@@ -0,0 +1,49 @@
+---
+# Official PostgreSQL [repository] for debian-based distributions
+# [repository]: http://www.postgresql.org/download/
+- name: Adding APT repository key
+  when: ansible_os_family == 'Debian'
+  sudo: yes
+  apt_key:
+    id: ACCC4CF8
+    url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
+  tags:
+    - postgresql
+    - db
+    - repo
+
+- name: Add PostgreSQL official APT repository
+  when: ansible_os_family == 'Debian'
+  sudo: yes
+  apt_repository:
+    repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
+  tags:
+    - postgresql
+    - db
+    - repo
+
+- name: Install PostgreSQL
+  when: ansible_os_family == 'Debian'
+  sudo: yes
+  apt:
+    name: "postgresql-client-{{postgresql_version}}"
+    state: present
+    update_cache: yes
+    cache_valid_time: 3600
+  tags:
+    - postgresql
+    - db
+    - deps
+
+- name: Install dependencies for the Ansible module
+  when: ansible_os_family == 'Debian'
+  sudo: yes
+  apt:
+    name: "{{item}}"
+    state: latest
+  with_items:
+    - python-psycopg2
+  tags:
+    - postgresql
+    - db
+    - deps

data/ansible/roles/rails/tasks/main.yml

@@ -25,16 +25,16 @@
     template:
       src: database.yml
       dest: /u/apps/{{project_name}}/shared/config/database.yml
+      owner: "{{deploy_user}}"
     become: true
-    become_user: "{{deploy_user}}"
 
   - name: Create application.yml (legacy)
     when: appyml is defined
     template:
       src: application.yml
       dest: /u/apps/{{project_name}}/shared/config/application.yml
+      owner: "{{deploy_user}}"
     become: true
-    become_user: "{{deploy_user}}"
 
   - debug:
       msg: "Warning: Using legacy appyml for variable configuration.  Consider switching to application.yml.template"

data/lib/subspace/commands/init.rb

@@ -37,6 +37,7 @@ class Subspace::Commands::Init < Subspace::Commands::Base
       template "playbook.yml", "#{env}.yml"
     end
     create_vars_file_for_env "development"
+    init_vars
 
     puts """
     1. Create a server.

data/lib/subspace/version.rb

@@ -1,3 +1,3 @@
 module Subspace
-  VERSION = "0.4.1"
+  VERSION = "0.4.2"
 end

data/template/provision/ansible.cfg.erb

@@ -6,3 +6,4 @@ vault_password_file = .vault_pass
 
 [ssh_connection]
 pipelining=True
+control_path = %(directory)s/%%h-%%p-%%r

data/template/provision/playbook.yml.erb

@@ -10,7 +10,7 @@
       - ruby-common
       - rails
       - apache
-      - mtpereira.passenger
+      - passenger
       - letsencrypt
       - postgresql
       - delayed_job

data/template/provision/templates/application.yml.template

@@ -4,8 +4,8 @@
 # These environment variables are available to all environments, and can be secret or not:
 
 # These are secret and can be changed per environment easily by using subspace vars <env> --edit
-SECRET_KEY_BASE: {{secret_key_base}}
-AWS_SECRET_KEY: {{aws_secret_key}}
+SECRET_KEY_BASE: {{SECRET_KEY_BASE}}
+AWS_SECRET_KEY: {{AWS_SECRET_KEY}}
 
 # These are not secret, and have the same value for all environments
 ENABLE_SOME_FEATURE: false

data/template/provision/vars/template.erb

@@ -1,4 +1,5 @@
 database_password: <%= SecureRandom.base64 %>
 
-appyml:
-  SECRET_KEY_BASE: <%= `rake secret` %>
+
+SECRET_KEY_BASE: <%= `rake secret` %>
+ENABLE_SOME_FEATURE: true

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: subspace
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.4.2
 platform: ruby
 authors:
 - Brian Samson
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-06-20 00:00:00.000000000 Z
+date: 2017-07-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -101,6 +101,7 @@ files:
 - TODO
 - ansible/playbooks/local_template.yml
 - ansible/roles/apache-rails/tasks/main.yml
+- ansible/roles/apache-rails/templates/_canonical_domain.conf
 - ansible/roles/apache-rails/templates/_rails.conf
 - ansible/roles/apache-rails/templates/project-ssl.conf
 - ansible/roles/apache-rails/templates/project.conf
@@ -180,6 +181,7 @@ files:
 - ansible/roles/postgis/defaults/main.yml
 - ansible/roles/postgis/meta/main.yml
 - ansible/roles/postgis/tasks/main.yml
+- ansible/roles/postgresql-client/tasks/main.yml
 - ansible/roles/postgresql/README.md
 - ansible/roles/postgresql/defaults/main.yml
 - ansible/roles/postgresql/handlers/main.yml
@@ -279,7 +281,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.4.5.1
 signing_key: 
 specification_version: 4
 summary: Ansible-based server provisioning for rails projects