subspace 2.0.4 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1c1d8c7fb4a41ced1e5d8729d42307789cbb0a0fdb32301808b47a133c6cca09
-  data.tar.gz: f71bcae77eea9476a364df26eacd5c5c315caf709b8bcf3aa61210eea922ccdc
+  metadata.gz: 40ab9410a548643858f5ca0ed7ef35166ed3236f2d806250c0ad414633e66d88
+  data.tar.gz: f9ea3644bca2c88f706b5166b79c517872c62da74261e5fefddc7675154be3be
 SHA512:
-  metadata.gz: bd653d0e611be208f4daec8edff6385181dfbc1034d8bf4bb4fc60febc5ead184c0579e3e67578c4888eaf6604b8309aa44ba9be82b82cd7254289b8435077cc
-  data.tar.gz: 5f37a070a6c43fa32ade2fa2a4a4bb6c4c18d30ef70677a83009dec8d71300542eb740b1d12010623877671c7a64764f68afe5c269de69dd83bdb17363b90713
+  metadata.gz: bb60e24096a90bff7d075ab09d71029c3609eeac26b0df109833ad5ab006de024b4d898960d45ac309e5e4e55a1766790489237f7fdfc23b99f1fc95cafe1cde
+  data.tar.gz: 07cafa0e292f766424442f9fd9374dba67ca355f2ee287f08b2695eb79d29bfa7e1e1cb99e5bc49f7290f7fc70a7452a366c1efaf03ef1f8c186b7f73cbc1ec4

data/CHANGELOG.md

@@ -10,6 +10,12 @@ This project attempts to follow [semantic versioning](https://semver.org/)
   * Not working on OSX - macs don't read from /etc/profile.d/
   * Stops showing color if you `sudo su`
 
+## 2.1.0
+  * Add config option for default_server directive in nginx.
+  * Fixed bug in SSL redirect from 2.0.1
+  * Adds ability to gather Ruby, Rails, and apt details from servers and send to a stats collector
+  * Add maintain command
+
 ## 2.0.4
   * Add letsencrypt_dns role for doing DNS validation vs HTTP validation
 

data/README.md

@@ -58,6 +58,17 @@ At the time of this writing, we pass through the `ansible-playbook` "tags" and
 e.g. To run only the alienvault tasks (all of which have been tagged with the
 'alienvault' tag): `subspace provision dev --tags=alienvault`
 
+### `subspace maintain <environment>`
+
+Runs the playbook at `config/provision/<environment.yml>` but only the tasks tagged with "maintenance".
+
+You can pass certain options through to the `ansible-playbook` command. See [the
+maintain command](lib/subspace/commands/maintain.rb) for the current list.
+
+At the time of this writing, we pass through the `ansible-playbook` "limit" option.
+
+e.g. To run only on the host "prod-web1": `subspace maintain production --limit=prod-web1`
+
 #### Tagged roles
 
 Role       | Tags                      | Comment

data/ansible/roles/common/tasks/main.yml

@@ -1,6 +1,8 @@
 ---
   - name: Test connection
     ping:
+    tags:
+      - maintenance
 
   - name: Ensure /etc/profile.d/ exists
     file:
@@ -8,6 +10,8 @@
       owner: root
       state: directory
     become: yes
+    tags:
+      - maintenance
 
   - name: Set terminal color
     vars:
@@ -17,16 +21,22 @@
       dest: "/etc/profile.d/termcolor.sh"
       mode: a+x
     become: true
+    tags:
+      - maintenance
 
   - name: Set MOTD
     template:
       src: motd
       dest: /etc/motd
     become: true
+    tags:
+      - maintenance
 
   - name: Set hostname
     command: hostname {{hostname}}
     become: true
+    tags:
+      - maintenance
 
   - name: Set hostname in /etc/hosts
     lineinfile:
@@ -35,34 +45,44 @@
       state: present
       insertafter: "127.0.0.1 localhost"
     become: true
+    tags:
+      - maintenance
 
   - name: update /etc/hostname
     copy:
       content: "{{hostname}}"
       dest: /etc/hostname
     become: true
+    tags:
+      - maintenance
 
   - name: Set hostname for systemd
     hostname:
       name: "{{hostname}}"
     become: true
+    tags:
+      - maintenance
 
   - name: install aptitude
     apt:
       pkg: aptitude
       state: present
     become: true
+    tags:
+      - maintenance
 
   - name: apt-get update
     apt: update_cache=yes cache_valid_time=86400
     become: true
     tags:
       - upgrade
+      - maintenance
 
   - name: /usr/lib/update-notifier/apt-check --human-readable
     command: /usr/lib/update-notifier/apt-check --human-readable
     tags:
       - upgrade
+      - maintenance
     register: out
 
   - name: Creates /opt/subspace
@@ -70,6 +90,9 @@
       path: /opt/subspace
       state: directory
     become: true
+    tags:
+      - maintenance
+      - upgrade
 
   - name: Save updates to /opt/subspace/updates.log
     lineinfile:
@@ -78,11 +101,15 @@
       insertafter: EOF
       create: yes
     become: true
+    tags:
+      - maintenance
+      - upgrade
 
   - name: apt-get upgrade
     apt: upgrade=full
     become: true
     tags:
+      - maintenance
       - upgrade
 
   - name: apt-get autoremove
@@ -90,11 +117,89 @@
       autoremove: true
     become: true
     tags:
+      - maintenance
       - upgrade
 
+  - name: Get os_upgrades stats
+    shell:
+      cmd: |
+        sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month
+        grep 'packages' | # Only lines matching 'packages'
+        grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines
+        awk '{s+=$1} END {print s}' # Sum all the lines
+    args:
+      chdir: /opt/subspace
+    register: stats_os_upgrades
+    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    tags:
+      - maintenance
+      - stats
+
+  - name: Send os_upgrades stats to URL
+    uri:
+      url: "{{stats_url}}"
+      method: POST
+      headers:
+        X-API-Version: 1
+        X-Client-Api-key: "{{stats_api_key}}"
+      body_format: json
+      body:
+        client_stat:
+          key: os_upgrades
+          value: "{{stats_os_upgrades.stdout}}"
+          hostname: "{{hostname}}"
+    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    tags:
+      - maintenance
+      - stats
+
+  - name: Get os_security_upgrades stats
+    shell:
+      cmd: |
+        sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month
+        grep 'security' | # Only lines matching 'security'
+        grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines
+        awk '{s+=$1} END {print s}' # Sum all the lines
+    args:
+      chdir: /opt/subspace
+    register: stats_os_security_upgrades
+    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    tags:
+      - maintenance
+      - stats
+
+  - name: Send os_security_upgrades stats to URL
+    uri:
+      url: "{{stats_url}}"
+      method: POST
+      headers:
+        X-API-Version: 1
+        X-Client-Api-key: "{{stats_api_key}}"
+      body_format: json
+      body:
+        client_stat:
+          key: os_security_upgrades
+          value: "{{stats_os_security_upgrades.stdout}}"
+          hostname: "{{hostname}}"
+    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    tags:
+      - maintenance
+      - stats
+
+  - name: Clear updates.log
+    file:
+      path: /opt/subspace/updates.log
+      state: absent
+    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    tags:
+      - maintenance
+      - stats
+
   - name: set timezone to America/Chicago
     timezone:
       name: America/Chicago
+    tags:
+      - maintenance
 
   - name: Add deploy user
     user:
@@ -103,6 +208,8 @@
       generate_ssh_key: yes
       shell: /bin/bash
     become: true
+    tags:
+      - maintenance
 
   - name: Add deploy user to adm group so it can view logs in /var/log
     user:
@@ -110,12 +217,16 @@
       append: yes
       groups: "adm"
     become: true
+    tags:
+      - maintenance
 
   - name: Add sudoers.d file so that deploy can restart services without entering password.
     copy:
       src: sudoers-service
       dest: /etc/sudoers.d/service
     become: true
+    tags:
+      - maintenance
 
   - name: Update authorized_keys for deploy user
     copy:
@@ -125,6 +236,7 @@
     become: true
     tags:
       - authorized_keys
+      - maintenance
 
   - name: Create directory to which to deploy
     file:
@@ -132,5 +244,7 @@
       owner: "{{deploy_user}}"
       state: directory
     become: true
+    tags:
+      - maintenance
 
   - import_tasks: swap.yml

data/ansible/roles/nginx-rails/defaults/main.yml

@@ -1,3 +1,4 @@
 ---
   client_max_body_size: 4G
   ssl_force_redirect: true
+  default_server: true

data/ansible/roles/nginx-rails/templates/nginx-project

@@ -2,7 +2,7 @@
 {% include "_upstream.conf" %}
 
 server {
-  listen 80;
+  listen 80 {{ 'default_server' if default_server == True else ''}};
   server_name {{server_name}} {{server_aliases | join(" ")}};
 
   {% include "_rails.conf" %}

data/ansible/roles/nginx-rails/templates/nginx-project-ssl

@@ -2,11 +2,11 @@
 {% include "_upstream.conf" %}
 
 server {
-  listen 80 default_server;
-  listen [::]:80 default_server;
+  listen 80 {{ 'default_server' if default_server == True else ''}};
+  listen [::]:80 {{ 'default_server' if default_server == True else ''}};
   server_name {{server_name}} {{server_aliases | join(" ")}};
 
-  {% if ssl_force_redirect == "true" %}
+  {% if (ssl_force_redirect == True) or (ssl_force_redirect == "true") %}
   return 301 https://$host$request_uri;
   {% else %}
   {% include "_rails.conf" %}

data/ansible/roles/rails/tasks/main.yml

@@ -13,12 +13,15 @@
       - ffmpeg
     become: true
     when: ('Ubuntu' in ansible_distribution)
+    tags:
+      - maintenance
 
   - name: Install imagemagick
     apt:
       name: ['imagemagick', 'libmagickwand-dev']
     become: true
     tags:
+      - maintenance
       - imagemagick
     when: ('Ubuntu' in ansible_distribution)
 
@@ -30,6 +33,7 @@
       backrefs: yes
     become: true
     tags:
+      - maintenance
       - imagemagick
     when: ('Ubuntu' in ansible_distribution)
 
@@ -39,6 +43,8 @@
       state: directory
     become: true
     become_user: "{{deploy_user}}"
+    tags:
+      - maintenance
 
   - name: Create database.yml
     template:
@@ -72,3 +78,32 @@
       owner: "{{deploy_user}}"
     tags:
       - appyml
+
+  - name: Grab Rails version
+    shell: bundle exec rails --version
+    args:
+      chdir: /u/apps/{{project_name}}/current
+    register: stats_rails_version
+    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    tags:
+      - maintenance
+      - stats
+
+  - name: Send Rails stats to URL
+    uri:
+      url: "{{stats_url}}"
+      method: POST
+      headers:
+        X-API-Version: 1
+        X-Client-Api-key: "{{stats_api_key}}"
+      body_format: json
+      body:
+        client_stat:
+          key: rails_version
+          value: "{{stats_rails_version.stdout}}"
+          hostname: "{{hostname}}"
+    when: send_stats == true and stats_url is defined and stats_api_key is defined
+    tags:
+      - maintenance
+      - stats
+

data/ansible/roles/ruby-common/tasks/main.yml

@@ -100,3 +100,29 @@
         state=link
   become: true
   with_items: "{{ ruby_symlinks }}"
+
+- name: Grab Ruby version
+  shell: ruby --version
+  register: stats_ruby_version
+  when: send_stats == true and stats_url is defined and stats_api_key is defined
+  tags:
+    - maintenance
+    - stats
+
+- name: Send Ruby stats to URL
+  uri:
+    url: "{{stats_url}}"
+    method: POST
+    headers:
+      X-API-Version: 1
+      X-Client-Api-key: "{{stats_api_key}}"
+    body_format: json
+    body:
+      client_stat:
+        key: ruby_version
+        value: "{{stats_ruby_version.stdout}}"
+        hostname: "{{hostname}}"
+  when: send_stats == true and stats_url is defined and stats_api_key is defined
+  tags:
+    - maintenance
+    - stats

data/lib/subspace/cli.rb

@@ -12,6 +12,7 @@ require 'subspace/commands/override'
 require 'subspace/commands/provision'
 require 'subspace/commands/ssh'
 require 'subspace/commands/vars'
+require 'subspace/commands/maintain'
 
 class Subspace::Cli
   include Commander::Methods
@@ -93,6 +94,17 @@ class Subspace::Cli
       c.when_called Subspace::Commands::Vars
     end
 
+    command :maintain do |c, args|
+      c.syntax = 'subspace maintain [options]'
+      c.summary = 'Runs provision with --tags=maintenance'
+      c.description = ''
+      c.option "-i", "--private-key PRIVATE-KEY", "Alias for private-key"
+      Subspace::Commands::Maintain::PASS_THROUGH_PARAMS.each do |param_name|
+        c.option "--#{param_name} #{param_name.upcase}", "Passed directly through to ansible-playbook command"
+      end
+      c.when_called Subspace::Commands::Maintain
+    end
+
     run!
   end
 end

data/lib/subspace/commands/maintain.rb

@@ -0,0 +1,22 @@
+class Subspace::Commands::Maintain < Subspace::Commands::Base
+  PASS_THROUGH_PARAMS = ["private-key", "limit"]
+
+  def initialize(args, options)
+    @environment = args.first
+    @options = options
+    run
+  end
+
+  def run
+    ansible_options = ["--diff", "--tags=maintenance"]
+    PASS_THROUGH_PARAMS.each do |param_name|
+      x = param_name.split('-')[1..-1].map(&:upcase).join('_')
+      hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
+      value = @options.__hash__[hash_key]
+      if value
+        ansible_options += ["--#{param_name}", value]
+      end
+    end
+    ansible_command "ansible-playbook", "#{@environment}.yml", *ansible_options
+  end
+end

data/lib/subspace/version.rb

@@ -1,3 +1,3 @@
 module Subspace
-  VERSION = "2.0.4"
+  VERSION = "2.1.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: subspace
 version: !ruby/object:Gem::Version
-  version: 2.0.4
+  version: 2.1.0
 platform: ruby
 authors:
 - Brian Samson
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-06-17 00:00:00.000000000 Z
+date: 2019-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -262,6 +262,7 @@ files:
 - lib/subspace/commands/bootstrap.rb
 - lib/subspace/commands/configure.rb
 - lib/subspace/commands/init.rb
+- lib/subspace/commands/maintain.rb
 - lib/subspace/commands/override.rb
 - lib/subspace/commands/provision.rb
 - lib/subspace/commands/ssh.rb
@@ -299,8 +300,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Ansible-based server provisioning for rails projects