subspace 0.6.17 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -0
- data/README.md +34 -4
- data/ansible/roles/alienvault/tasks/main.yml +5 -0
- data/ansible/roles/common/tasks/main.yml +6 -0
- data/ansible/roles/common/templates/motd +1 -1
- data/ansible/roles/monit/tasks/main.yml +6 -0
- data/ansible/roles/rails/tasks/main.yml +6 -1
- data/lib/subspace/cli.rb +3 -1
- data/lib/subspace/commands/provision.rb +13 -1
- data/lib/subspace/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 94cc2121bb0fd23080ec1199d94962700215666d
|
|
4
|
+
data.tar.gz: ffbfc888a7d9b47a01fd477b9cbce7aadfa0bb2c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fc3d2dfb01e59f0d0971180c5040962eec5ed21405ddbcb8830aa85076151feffb69fb16ad96084391cdeb90fb44538f797d243f0e538f1ad3678735d304006b
|
|
7
|
+
data.tar.gz: 3a28fd453456243ec744d7ae2d0b23150ad3916c517e3881320487e139c17d77d39aad24629cf90e6bcd32e84a09665687c74a6fdb041f3ffa60a163c44526a9
|
data/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,23 @@ This project attempts to follow [semantic versioning](https://semver.org/)
|
|
|
8
8
|
|
|
9
9
|
* _nada_
|
|
10
10
|
|
|
11
|
+
## 1.0.0 - 2018-08-15
|
|
12
|
+
|
|
13
|
+
No breaking changes from 0.6.17 to 1.0.0, but decided it's time for version
|
|
14
|
+
1.0.0 to be out.
|
|
15
|
+
|
|
16
|
+
* enhancements
|
|
17
|
+
* Tag tasks in the alienvault and monit roles such that all tasks are tagged
|
|
18
|
+
with the role name.
|
|
19
|
+
* Make tags 'upgrade' for doing apt-get update and upgrade and
|
|
20
|
+
'authorized\_keys' for setting deploy user's authorized\_keys in the common
|
|
21
|
+
role.
|
|
22
|
+
* Make tag 'appyml' for the task to upload application.yml in the rails role.
|
|
23
|
+
|
|
24
|
+
* features
|
|
25
|
+
* Add ability to pass certain options through `subspace provision` to
|
|
26
|
+
`ansible-playbook`. These are: tags, start-at-task
|
|
27
|
+
|
|
11
28
|
## 0.6.17 - 2018-08-14
|
|
12
29
|
|
|
13
30
|
* bug fixes
|
data/README.md
CHANGED
|
@@ -34,18 +34,36 @@ Or install it yourself as:
|
|
|
34
34
|
|
|
35
35
|
## Usage
|
|
36
36
|
|
|
37
|
-
|
|
37
|
+
### `subspace init`
|
|
38
38
|
|
|
39
39
|
Initialize the project for subspace. Creates `config/provision` with all
|
|
40
40
|
necessary files.
|
|
41
41
|
|
|
42
|
-
|
|
42
|
+
### `subspace provision <environment>`
|
|
43
43
|
|
|
44
44
|
Runs the playbook at `config/provision/<environment.yml>`.
|
|
45
45
|
|
|
46
|
-
|
|
46
|
+
You can pass certain options through to the `ansible-playbook` command. See [the
|
|
47
|
+
provision command](lib/subspace/commands/provision.rb) for the current list.
|
|
47
48
|
|
|
48
|
-
|
|
49
|
+
At the time of this writing, we pass through the `ansible-playbook` "tags" and
|
|
50
|
+
"start-at-task" options. The tags option is probably the most useful.
|
|
51
|
+
|
|
52
|
+
e.g. To run only the alienvault tasks (all of which have been tagged with the
|
|
53
|
+
'alienvault' tag): `subspace provision dev --tags=alienvault`
|
|
54
|
+
|
|
55
|
+
#### Tagged roles
|
|
56
|
+
|
|
57
|
+
Role | Tags | Comment
|
|
58
|
+
---------- | ---- | -------
|
|
59
|
+
alienvault | alienvault | All tasks in the alienvault role have been tagged 'alienvault'
|
|
60
|
+
common | upgrade, authorized\_keys | upgrade runs apt-get update and apt-get upgrade; authorized\_keys updates the authorized\_keys file for the deploy user
|
|
61
|
+
rails | appyml |
|
|
62
|
+
monit | monit | All tasks in the monit role have been tagged 'monit'
|
|
63
|
+
|
|
64
|
+
### `subspace vars <environment> [--edit] [--create]`
|
|
65
|
+
|
|
66
|
+
Manage environment variables on different platforms. The default action is simply to show the vars defined for an environment. Pass --edit to edit them in the system editor.
|
|
49
67
|
|
|
50
68
|
The new system uses a file in `config/provision/templates/application.yml.template` that contains environment variables for all environments. The configuration that is not secret is visible and version controlled, while the secrets are stored in the vault files for their environments. The default file created by `subspace init` looks like this:
|
|
51
69
|
|
|
@@ -78,6 +96,18 @@ This can get you up and running in development securely, the only thing you need
|
|
|
78
96
|
|
|
79
97
|
NOTE: application.yml should be in the `.gitignore`, since subspace creates a new version on the server and symlinks it on top of whatever is checked in.
|
|
80
98
|
|
|
99
|
+
## Procedure for updating on projects
|
|
100
|
+
|
|
101
|
+
When subspace is updated, you should also update it for projects that use it. If subspace is locked to a specific version in the a project's gemfile, you'll need to update that to the new release number, first. Make sure this won't introduce any breaking changes by [looking at the changelog](https://github.com/tenforwardconsulting/subspace/blob/master/CHANGELOG.md).
|
|
102
|
+
|
|
103
|
+
* `bundle update subspace`
|
|
104
|
+
|
|
105
|
+
Then,
|
|
106
|
+
|
|
107
|
+
* `subspace provision production`
|
|
108
|
+
|
|
109
|
+
If you get an error saying you need a vault password file, you should be able to find it in 1Password. You might also need to update `ansible`.
|
|
110
|
+
|
|
81
111
|
# Host configuration
|
|
82
112
|
|
|
83
113
|
We need to know some info about hosts, but not much. See the files for details, it's mostly the hostname and the user that can administer the system, eg `ubuntu` on AWS/ubuntu, `ec2-user`, or even `root` (not recommended)
|
|
@@ -40,10 +40,14 @@
|
|
|
40
40
|
- name: apt-get update
|
|
41
41
|
apt: update_cache=yes cache_valid_time=86400
|
|
42
42
|
become: true
|
|
43
|
+
tags:
|
|
44
|
+
- upgrade
|
|
43
45
|
|
|
44
46
|
- name: apt-get upgrade
|
|
45
47
|
apt: upgrade=full
|
|
46
48
|
become: true
|
|
49
|
+
tags:
|
|
50
|
+
- upgrade
|
|
47
51
|
|
|
48
52
|
- name: Set timezone variables
|
|
49
53
|
copy: content='America/Chicago'
|
|
@@ -83,6 +87,8 @@
|
|
|
83
87
|
dest: "/home/{{deploy_user}}/.ssh/authorized_keys"
|
|
84
88
|
owner: "{{deploy_user}}"
|
|
85
89
|
become: true
|
|
90
|
+
tags:
|
|
91
|
+
- authorized_keys
|
|
86
92
|
|
|
87
93
|
- name: Create directory to which to deploy
|
|
88
94
|
file:
|
|
@@ -4,7 +4,7 @@ This server brought to you by:
|
|
|
4
4
|
\___ \| | | | '_ \___ \| '_ \ / _` |/ __/ _ \
|
|
5
5
|
___) | |_| | |_) |__) | |_) | (_| | (_| __/
|
|
6
6
|
|____/ \__,_|_.__/____/| .__/ \__,_|\___\___|
|
|
7
|
-
|_|
|
|
7
|
+
|_| v1.0.0
|
|
8
8
|
~~~ https://github.com/tenforwardconsulting/subspace ~~~
|
|
9
9
|
|
|
10
10
|
If you need to make configuration changes to the server, please modify the
|
|
@@ -5,12 +5,16 @@
|
|
|
5
5
|
state: present
|
|
6
6
|
force: true
|
|
7
7
|
become: true
|
|
8
|
+
tags:
|
|
9
|
+
- monit
|
|
8
10
|
|
|
9
11
|
- name: Copy sudoers file so that deploy can use monit without entering password.
|
|
10
12
|
copy:
|
|
11
13
|
src: sudoers-monit
|
|
12
14
|
dest: /etc/sudoers.d/monit
|
|
13
15
|
become: true
|
|
16
|
+
tags:
|
|
17
|
+
- monit
|
|
14
18
|
|
|
15
19
|
- name: Copy monit config to enable http from localhost
|
|
16
20
|
copy:
|
|
@@ -19,3 +23,5 @@
|
|
|
19
23
|
become: true
|
|
20
24
|
notify:
|
|
21
25
|
- restart_monit
|
|
26
|
+
tags:
|
|
27
|
+
- monit
|
|
@@ -35,11 +35,15 @@
|
|
|
35
35
|
dest: /u/apps/{{project_name}}/shared/config/application.yml
|
|
36
36
|
owner: "{{deploy_user}}"
|
|
37
37
|
become: true
|
|
38
|
+
tags:
|
|
39
|
+
- appyml
|
|
38
40
|
|
|
39
41
|
- debug:
|
|
40
42
|
msg: "Warning: Using legacy appyml for variable configuration. Consider switching to application.yml.template"
|
|
41
43
|
verbosity: 0
|
|
42
44
|
when: appyml is defined
|
|
45
|
+
tags:
|
|
46
|
+
- appyml
|
|
43
47
|
|
|
44
48
|
- name: Create application.yml
|
|
45
49
|
when: appyml is not defined
|
|
@@ -47,4 +51,5 @@
|
|
|
47
51
|
src: application.yml.template
|
|
48
52
|
dest: /u/apps/{{project_name}}/shared/config/application.yml
|
|
49
53
|
owner: "{{deploy_user}}"
|
|
50
|
-
|
|
54
|
+
tags:
|
|
55
|
+
- appyml
|
data/lib/subspace/cli.rb
CHANGED
|
@@ -46,7 +46,9 @@ class Subspace::Cli
|
|
|
46
46
|
c.syntax = 'subspace provision [options]'
|
|
47
47
|
c.summary = ''
|
|
48
48
|
c.description = ''
|
|
49
|
-
|
|
49
|
+
Subspace::Commands::Provision::PASS_THROUGH_PARAMS.each do |param_name|
|
|
50
|
+
c.option "--#{param_name} #{param_name.upcase}", "Passed directly through to ansible-playbook command"
|
|
51
|
+
end
|
|
50
52
|
c.when_called Subspace::Commands::Provision
|
|
51
53
|
end
|
|
52
54
|
|
|
@@ -1,10 +1,22 @@
|
|
|
1
1
|
class Subspace::Commands::Provision < Subspace::Commands::Base
|
|
2
|
+
PASS_THROUGH_PARAMS = ["tags", "start-at-task"]
|
|
3
|
+
|
|
2
4
|
def initialize(args, options)
|
|
3
5
|
@environment = args.first
|
|
6
|
+
@options = options
|
|
4
7
|
run
|
|
5
8
|
end
|
|
6
9
|
|
|
7
10
|
def run
|
|
8
|
-
|
|
11
|
+
ansible_options = ["--diff"]
|
|
12
|
+
PASS_THROUGH_PARAMS.each do |param_name|
|
|
13
|
+
x = param_name.split('-')[1..-1].map(&:upcase).join('_')
|
|
14
|
+
hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
|
|
15
|
+
value = @options.__hash__[hash_key]
|
|
16
|
+
if value
|
|
17
|
+
ansible_options += ["--#{param_name}", value]
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
ansible_command "ansible-playbook", "#{@environment}.yml", *ansible_options
|
|
9
21
|
end
|
|
10
22
|
end
|
data/lib/subspace/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: subspace
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brian Samson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-08-
|
|
11
|
+
date: 2018-08-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|