subspace 0.4.1 → 0.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +24 -0
- data/ansible/roles/apache-rails/tasks/main.yml +2 -2
- data/ansible/roles/apache-rails/templates/_canonical_domain.conf +10 -0
- data/ansible/roles/apache-rails/templates/project-ssl.conf +8 -3
- data/ansible/roles/apache-rails/templates/project.conf +1 -1
- data/ansible/roles/apache/defaults/main.yml +1 -1
- data/ansible/roles/letsencrypt/tasks/main.yml +12 -0
- data/ansible/roles/monit/handlers/main.yml +7 -1
- data/ansible/roles/monit/tasks/main.yml +1 -2
- data/ansible/roles/postgresql-client/tasks/main.yml +49 -0
- data/ansible/roles/rails/tasks/main.yml +2 -2
- data/lib/subspace/commands/init.rb +1 -0
- data/lib/subspace/version.rb +1 -1
- data/template/provision/ansible.cfg.erb +1 -0
- data/template/provision/playbook.yml.erb +1 -1
- data/template/provision/templates/application.yml.template +2 -2
- data/template/provision/vars/template.erb +3 -2
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 90b6493c3b49faa6b3e825ba91b38ace22640fd8
|
4
|
+
data.tar.gz: 37109dca55e73f582340a0d8136eb7e65ed97a22
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 76fe3df3726d34278aea605e2932a35379f38eb78f9d91ba0121ad64dd4ba4ccceaa81cedce03f58d52ea9f0e1ba22b42504a48b28fa32051c222db6d33a4011
|
7
|
+
data.tar.gz: 5295d6be99a5323d9d11bf98def621fcd583cb1be33b884b6082049b7a22f56b9527672328d77f793e3b9953b4071e8a137df9fdde3f677e2d7643a10a0b5b6d
|
data/README.md
CHANGED
@@ -1,5 +1,7 @@
|
|
1
1
|
# Subspace
|
2
2
|
|
3
|
+
[![Gem](https://img.shields.io/gem/v/subspace.svg)](https://rubygems.org/gems/subspace)
|
4
|
+
|
3
5
|
Subspace is a rubygem meant to make provisioning as easy as Capistrano makes deploying.
|
4
6
|
|
5
7
|
http://tvtropes.org/pmwiki/pmwiki.php/Main/SubspaceAnsible
|
@@ -101,12 +103,34 @@ The most important file for an apache install is the "project.conf" file that ge
|
|
101
103
|
|
102
104
|
Then place my_custom_configuration.conf in config/provision/templates/my_custom_configuration.conf. This will still get copied to the server as `sites-available/{project_name}.conf`
|
103
105
|
|
106
|
+
Apache also support canonicalizing the domain now, so if you alwyas want to redirect to WWW for example, simply add a variable:
|
107
|
+
|
108
|
+
canonical_domain: "www.example.com"
|
109
|
+
|
104
110
|
## collectd
|
105
111
|
|
106
112
|
## common
|
107
113
|
|
108
114
|
## delayed_job
|
109
115
|
|
116
|
+
Install monitoring and automatic startup for delayed job workers via monit. You MUST set the job queues as follows:
|
117
|
+
|
118
|
+
job_queues:
|
119
|
+
- default
|
120
|
+
- mailers
|
121
|
+
- exports
|
122
|
+
|
123
|
+
Please note that by default, delayed job does not set a queue (eg it uses the "null" queue). You MUST also add an initializer to your rails app where you set the default queue name to "default" (or some other queue). Otherwise, the named queue workers managed by this role will not process the "null" queue.
|
124
|
+
|
125
|
+
# config/initializers/delayed_job.rb
|
126
|
+
Delayed::Worker.default_queue_name = 'default'
|
127
|
+
|
128
|
+
Defaults:
|
129
|
+
|
130
|
+
delayed_job_command: bin/delayed_job
|
131
|
+
|
132
|
+
|
133
|
+
|
110
134
|
## letsencrypt
|
111
135
|
|
112
136
|
By default, this creates a single certificate for every server alias/server name in the configuration file.
|
@@ -9,7 +9,7 @@
|
|
9
9
|
file:
|
10
10
|
src: /etc/apache2/sites-available/{{project_name}}.conf
|
11
11
|
dest: /etc/apache2/sites-enabled/{{project_name}}.conf
|
12
|
-
state: "{{ ssl_enabled | ternary('absent', 'link')}}"
|
12
|
+
state: "{{ ssl_enabled and apache_ssl_config is defined | ternary('absent', 'link')}}"
|
13
13
|
become: true
|
14
14
|
|
15
15
|
- name: Create Apache SSL config
|
@@ -22,5 +22,5 @@
|
|
22
22
|
file:
|
23
23
|
src: /etc/apache2/sites-available/{{project_name}}-ssl.conf
|
24
24
|
dest: /etc/apache2/sites-enabled/{{project_name}}-ssl.conf
|
25
|
-
state: "{{ ssl_enabled | ternary('link', 'absent')}}"
|
25
|
+
state: "{{ ssl_enabled and apache_ssl_config is defined | ternary('link', 'absent')}}"
|
26
26
|
become: true
|
@@ -0,0 +1,10 @@
|
|
1
|
+
{% if canonical_domain is defined %}
|
2
|
+
# _canonical_domain.conf
|
3
|
+
<If "%{HTTP_HOST} != '{{canonical_domain}}'">
|
4
|
+
{% if ssl_enabled %}
|
5
|
+
Redirect / "https://{{canonical_domain}}/"
|
6
|
+
{% else %}
|
7
|
+
Redirect / "http://{{canonical_domain}}/"
|
8
|
+
{% endif %}
|
9
|
+
</If>
|
10
|
+
{% endif %}
|
@@ -3,14 +3,19 @@
|
|
3
3
|
{% for alias in server_aliases %}
|
4
4
|
ServerAlias {{alias}}
|
5
5
|
{% endfor %}
|
6
|
-
|
7
|
-
|
6
|
+
|
7
|
+
{% if canonical_domain is defined %}
|
8
|
+
Redirect / "https://{{canonical_domain}}/"
|
9
|
+
{% else %}
|
10
|
+
Redirect / "https://%{HTTP_HOST}/"
|
11
|
+
{% endif %}
|
8
12
|
</VirtualHost>
|
9
13
|
|
10
14
|
<IfModule mod_ssl.c>
|
11
15
|
<VirtualHost *:443>
|
12
16
|
{% include "_rails.conf" %}
|
13
17
|
|
14
|
-
{{apache_ssl_config}}
|
18
|
+
{{apache_ssl_config | indent(8, true)}}
|
19
|
+
{% include "_canonical_domain.conf" %}
|
15
20
|
</VirtualHost>
|
16
21
|
</IfModule>
|
@@ -58,6 +58,18 @@
|
|
58
58
|
with_items: "{{le_ssl_certs}}"
|
59
59
|
command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
|
60
60
|
|
61
|
+
- name: Update nginx default options
|
62
|
+
when: nginx_installed is defined
|
63
|
+
get_url:
|
64
|
+
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf
|
65
|
+
dest: /etc/letsencrypt/options-ssl-nginx.conf
|
66
|
+
|
67
|
+
- name: Update apache default options
|
68
|
+
when: apache2_installed is defined
|
69
|
+
get_url:
|
70
|
+
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
|
71
|
+
dest: /etc/letsencrypt/options-ssl-apache.conf
|
72
|
+
|
61
73
|
- name: "Re-run apache rails_project to get SSL configuration"
|
62
74
|
when: apache2_installed is defined
|
63
75
|
include_role:
|
@@ -0,0 +1,49 @@
|
|
1
|
+
---
|
2
|
+
# Official PostgreSQL [repository] for debian-based distributions
|
3
|
+
# [repository]: http://www.postgresql.org/download/
|
4
|
+
- name: Adding APT repository key
|
5
|
+
when: ansible_os_family == 'Debian'
|
6
|
+
sudo: yes
|
7
|
+
apt_key:
|
8
|
+
id: ACCC4CF8
|
9
|
+
url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
|
10
|
+
tags:
|
11
|
+
- postgresql
|
12
|
+
- db
|
13
|
+
- repo
|
14
|
+
|
15
|
+
- name: Add PostgreSQL official APT repository
|
16
|
+
when: ansible_os_family == 'Debian'
|
17
|
+
sudo: yes
|
18
|
+
apt_repository:
|
19
|
+
repo: "deb http://apt.postgresql.org/pub/repos/apt/ {{ansible_distribution_release}}-pgdg main"
|
20
|
+
tags:
|
21
|
+
- postgresql
|
22
|
+
- db
|
23
|
+
- repo
|
24
|
+
|
25
|
+
- name: Install PostgreSQL
|
26
|
+
when: ansible_os_family == 'Debian'
|
27
|
+
sudo: yes
|
28
|
+
apt:
|
29
|
+
name: "postgresql-client-{{postgresql_version}}"
|
30
|
+
state: present
|
31
|
+
update_cache: yes
|
32
|
+
cache_valid_time: 3600
|
33
|
+
tags:
|
34
|
+
- postgresql
|
35
|
+
- db
|
36
|
+
- deps
|
37
|
+
|
38
|
+
- name: Install dependencies for the Ansible module
|
39
|
+
when: ansible_os_family == 'Debian'
|
40
|
+
sudo: yes
|
41
|
+
apt:
|
42
|
+
name: "{{item}}"
|
43
|
+
state: latest
|
44
|
+
with_items:
|
45
|
+
- python-psycopg2
|
46
|
+
tags:
|
47
|
+
- postgresql
|
48
|
+
- db
|
49
|
+
- deps
|
@@ -25,16 +25,16 @@
|
|
25
25
|
template:
|
26
26
|
src: database.yml
|
27
27
|
dest: /u/apps/{{project_name}}/shared/config/database.yml
|
28
|
+
owner: "{{deploy_user}}"
|
28
29
|
become: true
|
29
|
-
become_user: "{{deploy_user}}"
|
30
30
|
|
31
31
|
- name: Create application.yml (legacy)
|
32
32
|
when: appyml is defined
|
33
33
|
template:
|
34
34
|
src: application.yml
|
35
35
|
dest: /u/apps/{{project_name}}/shared/config/application.yml
|
36
|
+
owner: "{{deploy_user}}"
|
36
37
|
become: true
|
37
|
-
become_user: "{{deploy_user}}"
|
38
38
|
|
39
39
|
- debug:
|
40
40
|
msg: "Warning: Using legacy appyml for variable configuration. Consider switching to application.yml.template"
|
data/lib/subspace/version.rb
CHANGED
@@ -4,8 +4,8 @@
|
|
4
4
|
# These environment variables are available to all environments, and can be secret or not:
|
5
5
|
|
6
6
|
# These are secret and can be changed per environment easily by using subspace vars <env> --edit
|
7
|
-
SECRET_KEY_BASE: {{
|
8
|
-
AWS_SECRET_KEY: {{
|
7
|
+
SECRET_KEY_BASE: {{SECRET_KEY_BASE}}
|
8
|
+
AWS_SECRET_KEY: {{AWS_SECRET_KEY}}
|
9
9
|
|
10
10
|
# These are not secret, and have the same value for all environments
|
11
11
|
ENABLE_SOME_FEATURE: false
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-06
|
11
|
+
date: 2017-07-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -101,6 +101,7 @@ files:
|
|
101
101
|
- TODO
|
102
102
|
- ansible/playbooks/local_template.yml
|
103
103
|
- ansible/roles/apache-rails/tasks/main.yml
|
104
|
+
- ansible/roles/apache-rails/templates/_canonical_domain.conf
|
104
105
|
- ansible/roles/apache-rails/templates/_rails.conf
|
105
106
|
- ansible/roles/apache-rails/templates/project-ssl.conf
|
106
107
|
- ansible/roles/apache-rails/templates/project.conf
|
@@ -180,6 +181,7 @@ files:
|
|
180
181
|
- ansible/roles/postgis/defaults/main.yml
|
181
182
|
- ansible/roles/postgis/meta/main.yml
|
182
183
|
- ansible/roles/postgis/tasks/main.yml
|
184
|
+
- ansible/roles/postgresql-client/tasks/main.yml
|
183
185
|
- ansible/roles/postgresql/README.md
|
184
186
|
- ansible/roles/postgresql/defaults/main.yml
|
185
187
|
- ansible/roles/postgresql/handlers/main.yml
|
@@ -279,7 +281,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
279
281
|
version: '0'
|
280
282
|
requirements: []
|
281
283
|
rubyforge_project:
|
282
|
-
rubygems_version: 2.4.
|
284
|
+
rubygems_version: 2.4.5.1
|
283
285
|
signing_key:
|
284
286
|
specification_version: 4
|
285
287
|
summary: Ansible-based server provisioning for rails projects
|