subspace 1.0.6 → 1.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -2
- data/README.md +16 -0
- data/ansible/roles/common/tasks/main.yml +23 -0
- data/ansible/roles/common/templates/motd +1 -1
- data/ansible/roles/common/templates/terminalcolor +25 -0
- data/ansible/roles/delayed_job/tasks/main.yml +11 -1
- data/ansible/roles/monit/handlers/main.yml +4 -5
- data/ansible/roles/sidekiq/tasks/main.yml +1 -0
- data/lib/subspace/cli.rb +2 -0
- data/lib/subspace/version.rb +1 -1
- data/template/provision/playbook.yml.erb +9 -3
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 16254186781d02c9bcbae985b9251472b9daab254ba2db81dd03de7d7e464ce4
|
4
|
+
data.tar.gz: 7e924dd5ff57579a5db778c7a5b109c9ce99f42df8855d4bda4ef82f42aa9d8d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 30673a2bbab4e6c6a8303eb3cf8ecbf1c15bd434a8adb757f3f9f6bbdd86867beb2066708bda03e1509a201cea5a9e253842ee257e58913e132e0a91beb98ff4
|
7
|
+
data.tar.gz: b5dcbc7ecdafbef131c00911aa2f271b0586a9ad534f2ceb56936a5811d6d57f54c1440bab5acc81569c46bd5fe45083cee6a9c2b1d7ff9aa2ea9fc620e34d93
|
data/CHANGELOG.md
CHANGED
@@ -4,9 +4,13 @@ This is a [changelog](https://keepachangelog.com/en/0.3.0/).
|
|
4
4
|
|
5
5
|
This project attempts to follow [semantic versioning](https://semver.org/)
|
6
6
|
|
7
|
-
##
|
7
|
+
## 1.0.7
|
8
8
|
|
9
|
-
*
|
9
|
+
* enhancements
|
10
|
+
* Add a terminal environment prompt background color to the `common` role, so you know what environment you're `ssh`'d into.
|
11
|
+
|
12
|
+
* bug fixes
|
13
|
+
* Stop all monit jobs before changing the monit config.
|
10
14
|
|
11
15
|
## 1.0.6 - 2018-11-12
|
12
16
|
|
data/README.md
CHANGED
@@ -39,6 +39,12 @@ Or install it yourself as:
|
|
39
39
|
Initialize the project for subspace. Creates `config/provision` with all
|
40
40
|
necessary files.
|
41
41
|
|
42
|
+
### `subspace bootstrap <environment>`
|
43
|
+
|
44
|
+
Ensures the $HOME/.ssh directory is present and ensures python is installed.
|
45
|
+
Python is required to be installed on the remote server for the `provision`
|
46
|
+
command to work.
|
47
|
+
|
42
48
|
### `subspace provision <environment>`
|
43
49
|
|
44
50
|
Runs the playbook at `config/provision/<environment.yml>`.
|
@@ -132,6 +138,16 @@ Note: we grant the deploy user limited sudo access to run `service xyz restart`
|
|
132
138
|
|
133
139
|
This is a description of all the roles that are included by installing subspace, along with their configuration.
|
134
140
|
|
141
|
+
## alienvault
|
142
|
+
|
143
|
+
Fixes CVEs on remote servers by installing updated versions of packages
|
144
|
+
depending on the operating system version.
|
145
|
+
|
146
|
+
Each CVE fix is tagged by the CVE name so updates can be targeted to a specific
|
147
|
+
vulnerability.
|
148
|
+
|
149
|
+
Variables: None
|
150
|
+
|
135
151
|
## apache
|
136
152
|
|
137
153
|
The most important file for an apache install is the "project.conf" file that gets created in `sites-available` and symlinked to `sites-enabled`. This is generated in a sensible way, but if you want to customize it you can do so by setting this variable to anything other than "project.conf":
|
@@ -2,6 +2,21 @@
|
|
2
2
|
- name: Test connection
|
3
3
|
ping:
|
4
4
|
|
5
|
+
- name: Create terminal color file and make it executable
|
6
|
+
file:
|
7
|
+
path: "/etc/profile.d/termcolor.sh"
|
8
|
+
state: touch
|
9
|
+
mode: a+x
|
10
|
+
become: true
|
11
|
+
|
12
|
+
- name: Set terminal color
|
13
|
+
vars:
|
14
|
+
terminal_env_playbook: "{{terminal_env | default('not provided', true) }}"
|
15
|
+
template:
|
16
|
+
src: terminalcolor
|
17
|
+
dest: "/etc/profile.d/termcolor.sh"
|
18
|
+
become: true
|
19
|
+
|
5
20
|
- name: Set MOTD
|
6
21
|
template:
|
7
22
|
src: motd
|
@@ -43,6 +58,14 @@
|
|
43
58
|
tags:
|
44
59
|
- upgrade
|
45
60
|
|
61
|
+
- name: /usr/lib/update-notifier/apt-check --human-readable
|
62
|
+
command: /usr/lib/update-notifier/apt-check --human-readable
|
63
|
+
tags:
|
64
|
+
- upgrade
|
65
|
+
register: out
|
66
|
+
|
67
|
+
- debug: var=out
|
68
|
+
|
46
69
|
- name: apt-get upgrade
|
47
70
|
apt: upgrade=full
|
48
71
|
become: true
|
@@ -8,6 +8,6 @@ This server brought to you by:
|
|
8
8
|
~~~ https://github.com/tenforwardconsulting/subspace ~~~
|
9
9
|
|
10
10
|
If you need to make configuration changes to the server, please modify the
|
11
|
-
config/provision directory in the app or risk the changes
|
11
|
+
config/provision directory in the app or risk the changes disappearing.
|
12
12
|
|
13
13
|
Last subspace run: {{ansible_date_time.iso8601}}
|
@@ -0,0 +1,25 @@
|
|
1
|
+
{% if terminal_env_playbook == 'production' %}
|
2
|
+
export PROMPT_COMMAND='export PS1="\[\e[0;37m\]\[\e[1;41m\][\u@\h \W]\$ \[\e[0m\]"'
|
3
|
+
|
4
|
+
#Write a big red rectangle to warn when you're logged into production
|
5
|
+
echo -e '\e[0;41m\e[37m' #Set terminal colors
|
6
|
+
for run in {1..4}
|
7
|
+
do
|
8
|
+
echo " !!! PRODUCTION !!!"
|
9
|
+
done
|
10
|
+
echo -e '\e[0m' #Reset terminal color to default
|
11
|
+
echo ''
|
12
|
+
|
13
|
+
{% elif terminal_env_playbook == 'development' or terminal_env_playbook == 'dev' %}
|
14
|
+
export PROMPT_COMMAND='export PS1="\[\e[0;37m\]\[\e[1;44m\][\u@\h \W]\$ \[\e[0m\]"'
|
15
|
+
{% elif terminal_env_playbook == 'qa' %}
|
16
|
+
export PROMPT_COMMAND='export PS1="\[\e[0;37m\]\[\e[1;43m\][\u@\h \W]\$ \[\e[0m\]"'
|
17
|
+
{% else %}
|
18
|
+
echo ''
|
19
|
+
echo -e $'
|
20
|
+
No terminal environment color defined.
|
21
|
+
Define variable \e[0;43m\e[37m terminal_env \e[0m in your vars.
|
22
|
+
Acceptable values are \'development\', \'dev\', \'qa\', or \'production\'.
|
23
|
+
'
|
24
|
+
echo ''
|
25
|
+
{% endif %}
|
@@ -1,12 +1,18 @@
|
|
1
1
|
---
|
2
2
|
- set_fact: delayed_job_installed="true"
|
3
3
|
|
4
|
+
- name: Monit Stop All
|
5
|
+
shell: monit stop all
|
6
|
+
become: true
|
7
|
+
|
4
8
|
- name: Install delayed_job monit script
|
5
9
|
template:
|
6
10
|
src: delayed-job-monit-rc
|
7
11
|
dest: /etc/monit/conf.d/delayed_job_{{project_name}}_{{rails_env}}
|
8
12
|
become: true
|
9
|
-
notify:
|
13
|
+
notify:
|
14
|
+
- reload_monit
|
15
|
+
- restart_monit
|
10
16
|
|
11
17
|
- name: Remove old upstart files
|
12
18
|
file:
|
@@ -19,3 +25,7 @@
|
|
19
25
|
path: /etc/monit/conf.d/delayed_job
|
20
26
|
state: absent
|
21
27
|
become: true
|
28
|
+
|
29
|
+
- name: Monit Start All
|
30
|
+
shell: monit start all
|
31
|
+
become: true
|
@@ -1,15 +1,14 @@
|
|
1
1
|
---
|
2
|
+
- name: reload_monit
|
3
|
+
shell: monit reload
|
4
|
+
become: true
|
5
|
+
|
2
6
|
- name: restart_monit
|
3
7
|
service:
|
4
8
|
name: monit
|
5
9
|
state: restarted
|
6
10
|
become: true
|
7
11
|
|
8
|
-
- name: reload_monit
|
9
|
-
shell: monit reload
|
10
|
-
become: true
|
11
|
-
|
12
12
|
- name: validate_monit
|
13
13
|
shell: monit validate
|
14
14
|
become: true
|
15
|
-
|
data/lib/subspace/cli.rb
CHANGED
@@ -39,6 +39,7 @@ class Subspace::Cli
|
|
39
39
|
copy the authorized_keys file. You will possibly need to type a password here.'
|
40
40
|
c.option '--password', "Ask for a password instead of using ssh keys"
|
41
41
|
c.option '--yum', "Use yum instead of apt to install python"
|
42
|
+
c.option "-i", "--private-key PRIVATE-KEY", "Alias for private-key"
|
42
43
|
Subspace::Commands::Bootstrap::PASS_THROUGH_PARAMS.each do |param_name|
|
43
44
|
c.option "--#{param_name} #{param_name.upcase}", "Passed directly through to ansible-playbook command"
|
44
45
|
end
|
@@ -49,6 +50,7 @@ class Subspace::Cli
|
|
49
50
|
c.syntax = 'subspace provision [options]'
|
50
51
|
c.summary = ''
|
51
52
|
c.description = ''
|
53
|
+
c.option "-i", "--private-key PRIVATE-KEY", "Alias for private-key"
|
52
54
|
Subspace::Commands::Provision::PASS_THROUGH_PARAMS.each do |param_name|
|
53
55
|
c.option "--#{param_name} #{param_name.upcase}", "Passed directly through to ansible-playbook command"
|
54
56
|
end
|
data/lib/subspace/version.rb
CHANGED
@@ -1,16 +1,22 @@
|
|
1
1
|
---
|
2
2
|
- hosts: <%= @env %>
|
3
|
-
|
3
|
+
become: yes
|
4
4
|
|
5
5
|
vars_files:
|
6
6
|
- ./vars/<%= @env %>.yml
|
7
7
|
|
8
8
|
roles:
|
9
9
|
- common
|
10
|
+
- yarn
|
11
|
+
- nodejs
|
10
12
|
- ruby-common
|
11
13
|
- rails
|
12
|
-
-
|
13
|
-
-
|
14
|
+
- puma
|
15
|
+
- nginx
|
14
16
|
- letsencrypt
|
17
|
+
- nginx # This is included twice intentionally. I think there is a bug that is fixed by running it both before and after the letsencrypt role.
|
15
18
|
- postgresql
|
19
|
+
- monit
|
20
|
+
- logrotate
|
21
|
+
- collectd
|
16
22
|
- delayed_job
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2019-02-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -131,6 +131,7 @@ files:
|
|
131
131
|
- ansible/roles/common/tasks/swap.yml
|
132
132
|
- ansible/roles/common/templates/motd
|
133
133
|
- ansible/roles/common/templates/motd2
|
134
|
+
- ansible/roles/common/templates/terminalcolor
|
134
135
|
- ansible/roles/delayed_job/README.md
|
135
136
|
- ansible/roles/delayed_job/defaults/main.yml
|
136
137
|
- ansible/roles/delayed_job/handlers/main.yml
|
@@ -297,7 +298,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
297
298
|
version: '0'
|
298
299
|
requirements: []
|
299
300
|
rubyforge_project:
|
300
|
-
rubygems_version: 2.7.
|
301
|
+
rubygems_version: 2.7.8
|
301
302
|
signing_key:
|
302
303
|
specification_version: 4
|
303
304
|
summary: Ansible-based server provisioning for rails projects
|