subspace 2.0.4 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +11 -0
- data/ansible/roles/common/tasks/main.yml +114 -0
- data/ansible/roles/nginx-rails/defaults/main.yml +1 -0
- data/ansible/roles/nginx-rails/templates/nginx-project +1 -1
- data/ansible/roles/nginx-rails/templates/nginx-project-ssl +3 -3
- data/ansible/roles/rails/tasks/main.yml +35 -0
- data/ansible/roles/ruby-common/tasks/main.yml +26 -0
- data/lib/subspace/cli.rb +12 -0
- data/lib/subspace/commands/maintain.rb +22 -0
- data/lib/subspace/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 40ab9410a548643858f5ca0ed7ef35166ed3236f2d806250c0ad414633e66d88
|
4
|
+
data.tar.gz: f9ea3644bca2c88f706b5166b79c517872c62da74261e5fefddc7675154be3be
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bb60e24096a90bff7d075ab09d71029c3609eeac26b0df109833ad5ab006de024b4d898960d45ac309e5e4e55a1766790489237f7fdfc23b99f1fc95cafe1cde
|
7
|
+
data.tar.gz: 07cafa0e292f766424442f9fd9374dba67ca355f2ee287f08b2695eb79d29bfa7e1e1cb99e5bc49f7290f7fc70a7452a366c1efaf03ef1f8c186b7f73cbc1ec4
|
data/CHANGELOG.md
CHANGED
@@ -10,6 +10,12 @@ This project attempts to follow [semantic versioning](https://semver.org/)
|
|
10
10
|
* Not working on OSX - macs don't read from /etc/profile.d/
|
11
11
|
* Stops showing color if you `sudo su`
|
12
12
|
|
13
|
+
## 2.1.0
|
14
|
+
* Add config option for default_server directive in nginx.
|
15
|
+
* Fixed bug in SSL redirect from 2.0.1
|
16
|
+
* Adds ability to gather Ruby, Rails, and apt details from servers and send to a stats collector
|
17
|
+
* Add maintain command
|
18
|
+
|
13
19
|
## 2.0.4
|
14
20
|
* Add letsencrypt_dns role for doing DNS validation vs HTTP validation
|
15
21
|
|
data/README.md
CHANGED
@@ -58,6 +58,17 @@ At the time of this writing, we pass through the `ansible-playbook` "tags" and
|
|
58
58
|
e.g. To run only the alienvault tasks (all of which have been tagged with the
|
59
59
|
'alienvault' tag): `subspace provision dev --tags=alienvault`
|
60
60
|
|
61
|
+
### `subspace maintain <environment>`
|
62
|
+
|
63
|
+
Runs the playbook at `config/provision/<environment.yml>` but only the tasks tagged with "maintenance".
|
64
|
+
|
65
|
+
You can pass certain options through to the `ansible-playbook` command. See [the
|
66
|
+
maintain command](lib/subspace/commands/maintain.rb) for the current list.
|
67
|
+
|
68
|
+
At the time of this writing, we pass through the `ansible-playbook` "limit" option.
|
69
|
+
|
70
|
+
e.g. To run only on the host "prod-web1": `subspace maintain production --limit=prod-web1`
|
71
|
+
|
61
72
|
#### Tagged roles
|
62
73
|
|
63
74
|
Role | Tags | Comment
|
@@ -1,6 +1,8 @@
|
|
1
1
|
---
|
2
2
|
- name: Test connection
|
3
3
|
ping:
|
4
|
+
tags:
|
5
|
+
- maintenance
|
4
6
|
|
5
7
|
- name: Ensure /etc/profile.d/ exists
|
6
8
|
file:
|
@@ -8,6 +10,8 @@
|
|
8
10
|
owner: root
|
9
11
|
state: directory
|
10
12
|
become: yes
|
13
|
+
tags:
|
14
|
+
- maintenance
|
11
15
|
|
12
16
|
- name: Set terminal color
|
13
17
|
vars:
|
@@ -17,16 +21,22 @@
|
|
17
21
|
dest: "/etc/profile.d/termcolor.sh"
|
18
22
|
mode: a+x
|
19
23
|
become: true
|
24
|
+
tags:
|
25
|
+
- maintenance
|
20
26
|
|
21
27
|
- name: Set MOTD
|
22
28
|
template:
|
23
29
|
src: motd
|
24
30
|
dest: /etc/motd
|
25
31
|
become: true
|
32
|
+
tags:
|
33
|
+
- maintenance
|
26
34
|
|
27
35
|
- name: Set hostname
|
28
36
|
command: hostname {{hostname}}
|
29
37
|
become: true
|
38
|
+
tags:
|
39
|
+
- maintenance
|
30
40
|
|
31
41
|
- name: Set hostname in /etc/hosts
|
32
42
|
lineinfile:
|
@@ -35,34 +45,44 @@
|
|
35
45
|
state: present
|
36
46
|
insertafter: "127.0.0.1 localhost"
|
37
47
|
become: true
|
48
|
+
tags:
|
49
|
+
- maintenance
|
38
50
|
|
39
51
|
- name: update /etc/hostname
|
40
52
|
copy:
|
41
53
|
content: "{{hostname}}"
|
42
54
|
dest: /etc/hostname
|
43
55
|
become: true
|
56
|
+
tags:
|
57
|
+
- maintenance
|
44
58
|
|
45
59
|
- name: Set hostname for systemd
|
46
60
|
hostname:
|
47
61
|
name: "{{hostname}}"
|
48
62
|
become: true
|
63
|
+
tags:
|
64
|
+
- maintenance
|
49
65
|
|
50
66
|
- name: install aptitude
|
51
67
|
apt:
|
52
68
|
pkg: aptitude
|
53
69
|
state: present
|
54
70
|
become: true
|
71
|
+
tags:
|
72
|
+
- maintenance
|
55
73
|
|
56
74
|
- name: apt-get update
|
57
75
|
apt: update_cache=yes cache_valid_time=86400
|
58
76
|
become: true
|
59
77
|
tags:
|
60
78
|
- upgrade
|
79
|
+
- maintenance
|
61
80
|
|
62
81
|
- name: /usr/lib/update-notifier/apt-check --human-readable
|
63
82
|
command: /usr/lib/update-notifier/apt-check --human-readable
|
64
83
|
tags:
|
65
84
|
- upgrade
|
85
|
+
- maintenance
|
66
86
|
register: out
|
67
87
|
|
68
88
|
- name: Creates /opt/subspace
|
@@ -70,6 +90,9 @@
|
|
70
90
|
path: /opt/subspace
|
71
91
|
state: directory
|
72
92
|
become: true
|
93
|
+
tags:
|
94
|
+
- maintenance
|
95
|
+
- upgrade
|
73
96
|
|
74
97
|
- name: Save updates to /opt/subspace/updates.log
|
75
98
|
lineinfile:
|
@@ -78,11 +101,15 @@
|
|
78
101
|
insertafter: EOF
|
79
102
|
create: yes
|
80
103
|
become: true
|
104
|
+
tags:
|
105
|
+
- maintenance
|
106
|
+
- upgrade
|
81
107
|
|
82
108
|
- name: apt-get upgrade
|
83
109
|
apt: upgrade=full
|
84
110
|
become: true
|
85
111
|
tags:
|
112
|
+
- maintenance
|
86
113
|
- upgrade
|
87
114
|
|
88
115
|
- name: apt-get autoremove
|
@@ -90,11 +117,89 @@
|
|
90
117
|
autoremove: true
|
91
118
|
become: true
|
92
119
|
tags:
|
120
|
+
- maintenance
|
93
121
|
- upgrade
|
94
122
|
|
123
|
+
- name: Get os_upgrades stats
|
124
|
+
shell:
|
125
|
+
cmd: |
|
126
|
+
sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month
|
127
|
+
grep 'packages' | # Only lines matching 'packages'
|
128
|
+
grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines
|
129
|
+
awk '{s+=$1} END {print s}' # Sum all the lines
|
130
|
+
args:
|
131
|
+
chdir: /opt/subspace
|
132
|
+
register: stats_os_upgrades
|
133
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
134
|
+
tags:
|
135
|
+
- maintenance
|
136
|
+
- stats
|
137
|
+
|
138
|
+
- name: Send os_upgrades stats to URL
|
139
|
+
uri:
|
140
|
+
url: "{{stats_url}}"
|
141
|
+
method: POST
|
142
|
+
headers:
|
143
|
+
X-API-Version: 1
|
144
|
+
X-Client-Api-key: "{{stats_api_key}}"
|
145
|
+
body_format: json
|
146
|
+
body:
|
147
|
+
client_stat:
|
148
|
+
key: os_upgrades
|
149
|
+
value: "{{stats_os_upgrades.stdout}}"
|
150
|
+
hostname: "{{hostname}}"
|
151
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
152
|
+
tags:
|
153
|
+
- maintenance
|
154
|
+
- stats
|
155
|
+
|
156
|
+
- name: Get os_security_upgrades stats
|
157
|
+
shell:
|
158
|
+
cmd: |
|
159
|
+
sed -n "/$(date '+%Y-%m')/,+2p" updates.log | # Groups of lines from the current month
|
160
|
+
grep 'security' | # Only lines matching 'security'
|
161
|
+
grep -P -o '(^\d+)' | #Extract the numbers at the beginning of the lines
|
162
|
+
awk '{s+=$1} END {print s}' # Sum all the lines
|
163
|
+
args:
|
164
|
+
chdir: /opt/subspace
|
165
|
+
register: stats_os_security_upgrades
|
166
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
167
|
+
tags:
|
168
|
+
- maintenance
|
169
|
+
- stats
|
170
|
+
|
171
|
+
- name: Send os_security_upgrades stats to URL
|
172
|
+
uri:
|
173
|
+
url: "{{stats_url}}"
|
174
|
+
method: POST
|
175
|
+
headers:
|
176
|
+
X-API-Version: 1
|
177
|
+
X-Client-Api-key: "{{stats_api_key}}"
|
178
|
+
body_format: json
|
179
|
+
body:
|
180
|
+
client_stat:
|
181
|
+
key: os_security_upgrades
|
182
|
+
value: "{{stats_os_security_upgrades.stdout}}"
|
183
|
+
hostname: "{{hostname}}"
|
184
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
185
|
+
tags:
|
186
|
+
- maintenance
|
187
|
+
- stats
|
188
|
+
|
189
|
+
- name: Clear updates.log
|
190
|
+
file:
|
191
|
+
path: /opt/subspace/updates.log
|
192
|
+
state: absent
|
193
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
194
|
+
tags:
|
195
|
+
- maintenance
|
196
|
+
- stats
|
197
|
+
|
95
198
|
- name: set timezone to America/Chicago
|
96
199
|
timezone:
|
97
200
|
name: America/Chicago
|
201
|
+
tags:
|
202
|
+
- maintenance
|
98
203
|
|
99
204
|
- name: Add deploy user
|
100
205
|
user:
|
@@ -103,6 +208,8 @@
|
|
103
208
|
generate_ssh_key: yes
|
104
209
|
shell: /bin/bash
|
105
210
|
become: true
|
211
|
+
tags:
|
212
|
+
- maintenance
|
106
213
|
|
107
214
|
- name: Add deploy user to adm group so it can view logs in /var/log
|
108
215
|
user:
|
@@ -110,12 +217,16 @@
|
|
110
217
|
append: yes
|
111
218
|
groups: "adm"
|
112
219
|
become: true
|
220
|
+
tags:
|
221
|
+
- maintenance
|
113
222
|
|
114
223
|
- name: Add sudoers.d file so that deploy can restart services without entering password.
|
115
224
|
copy:
|
116
225
|
src: sudoers-service
|
117
226
|
dest: /etc/sudoers.d/service
|
118
227
|
become: true
|
228
|
+
tags:
|
229
|
+
- maintenance
|
119
230
|
|
120
231
|
- name: Update authorized_keys for deploy user
|
121
232
|
copy:
|
@@ -125,6 +236,7 @@
|
|
125
236
|
become: true
|
126
237
|
tags:
|
127
238
|
- authorized_keys
|
239
|
+
- maintenance
|
128
240
|
|
129
241
|
- name: Create directory to which to deploy
|
130
242
|
file:
|
@@ -132,5 +244,7 @@
|
|
132
244
|
owner: "{{deploy_user}}"
|
133
245
|
state: directory
|
134
246
|
become: true
|
247
|
+
tags:
|
248
|
+
- maintenance
|
135
249
|
|
136
250
|
- import_tasks: swap.yml
|
@@ -2,11 +2,11 @@
|
|
2
2
|
{% include "_upstream.conf" %}
|
3
3
|
|
4
4
|
server {
|
5
|
-
listen 80 default_server;
|
6
|
-
listen [::]:80 default_server;
|
5
|
+
listen 80 {{ 'default_server' if default_server == True else ''}};
|
6
|
+
listen [::]:80 {{ 'default_server' if default_server == True else ''}};
|
7
7
|
server_name {{server_name}} {{server_aliases | join(" ")}};
|
8
8
|
|
9
|
-
{% if ssl_force_redirect == "true" %}
|
9
|
+
{% if (ssl_force_redirect == True) or (ssl_force_redirect == "true") %}
|
10
10
|
return 301 https://$host$request_uri;
|
11
11
|
{% else %}
|
12
12
|
{% include "_rails.conf" %}
|
@@ -13,12 +13,15 @@
|
|
13
13
|
- ffmpeg
|
14
14
|
become: true
|
15
15
|
when: ('Ubuntu' in ansible_distribution)
|
16
|
+
tags:
|
17
|
+
- maintenance
|
16
18
|
|
17
19
|
- name: Install imagemagick
|
18
20
|
apt:
|
19
21
|
name: ['imagemagick', 'libmagickwand-dev']
|
20
22
|
become: true
|
21
23
|
tags:
|
24
|
+
- maintenance
|
22
25
|
- imagemagick
|
23
26
|
when: ('Ubuntu' in ansible_distribution)
|
24
27
|
|
@@ -30,6 +33,7 @@
|
|
30
33
|
backrefs: yes
|
31
34
|
become: true
|
32
35
|
tags:
|
36
|
+
- maintenance
|
33
37
|
- imagemagick
|
34
38
|
when: ('Ubuntu' in ansible_distribution)
|
35
39
|
|
@@ -39,6 +43,8 @@
|
|
39
43
|
state: directory
|
40
44
|
become: true
|
41
45
|
become_user: "{{deploy_user}}"
|
46
|
+
tags:
|
47
|
+
- maintenance
|
42
48
|
|
43
49
|
- name: Create database.yml
|
44
50
|
template:
|
@@ -72,3 +78,32 @@
|
|
72
78
|
owner: "{{deploy_user}}"
|
73
79
|
tags:
|
74
80
|
- appyml
|
81
|
+
|
82
|
+
- name: Grab Rails version
|
83
|
+
shell: bundle exec rails --version
|
84
|
+
args:
|
85
|
+
chdir: /u/apps/{{project_name}}/current
|
86
|
+
register: stats_rails_version
|
87
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
88
|
+
tags:
|
89
|
+
- maintenance
|
90
|
+
- stats
|
91
|
+
|
92
|
+
- name: Send Rails stats to URL
|
93
|
+
uri:
|
94
|
+
url: "{{stats_url}}"
|
95
|
+
method: POST
|
96
|
+
headers:
|
97
|
+
X-API-Version: 1
|
98
|
+
X-Client-Api-key: "{{stats_api_key}}"
|
99
|
+
body_format: json
|
100
|
+
body:
|
101
|
+
client_stat:
|
102
|
+
key: rails_version
|
103
|
+
value: "{{stats_rails_version.stdout}}"
|
104
|
+
hostname: "{{hostname}}"
|
105
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
106
|
+
tags:
|
107
|
+
- maintenance
|
108
|
+
- stats
|
109
|
+
|
@@ -100,3 +100,29 @@
|
|
100
100
|
state=link
|
101
101
|
become: true
|
102
102
|
with_items: "{{ ruby_symlinks }}"
|
103
|
+
|
104
|
+
- name: Grab Ruby version
|
105
|
+
shell: ruby --version
|
106
|
+
register: stats_ruby_version
|
107
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
108
|
+
tags:
|
109
|
+
- maintenance
|
110
|
+
- stats
|
111
|
+
|
112
|
+
- name: Send Ruby stats to URL
|
113
|
+
uri:
|
114
|
+
url: "{{stats_url}}"
|
115
|
+
method: POST
|
116
|
+
headers:
|
117
|
+
X-API-Version: 1
|
118
|
+
X-Client-Api-key: "{{stats_api_key}}"
|
119
|
+
body_format: json
|
120
|
+
body:
|
121
|
+
client_stat:
|
122
|
+
key: ruby_version
|
123
|
+
value: "{{stats_ruby_version.stdout}}"
|
124
|
+
hostname: "{{hostname}}"
|
125
|
+
when: send_stats == true and stats_url is defined and stats_api_key is defined
|
126
|
+
tags:
|
127
|
+
- maintenance
|
128
|
+
- stats
|
data/lib/subspace/cli.rb
CHANGED
@@ -12,6 +12,7 @@ require 'subspace/commands/override'
|
|
12
12
|
require 'subspace/commands/provision'
|
13
13
|
require 'subspace/commands/ssh'
|
14
14
|
require 'subspace/commands/vars'
|
15
|
+
require 'subspace/commands/maintain'
|
15
16
|
|
16
17
|
class Subspace::Cli
|
17
18
|
include Commander::Methods
|
@@ -93,6 +94,17 @@ class Subspace::Cli
|
|
93
94
|
c.when_called Subspace::Commands::Vars
|
94
95
|
end
|
95
96
|
|
97
|
+
command :maintain do |c, args|
|
98
|
+
c.syntax = 'subspace maintain [options]'
|
99
|
+
c.summary = 'Runs provision with --tags=maintenance'
|
100
|
+
c.description = ''
|
101
|
+
c.option "-i", "--private-key PRIVATE-KEY", "Alias for private-key"
|
102
|
+
Subspace::Commands::Maintain::PASS_THROUGH_PARAMS.each do |param_name|
|
103
|
+
c.option "--#{param_name} #{param_name.upcase}", "Passed directly through to ansible-playbook command"
|
104
|
+
end
|
105
|
+
c.when_called Subspace::Commands::Maintain
|
106
|
+
end
|
107
|
+
|
96
108
|
run!
|
97
109
|
end
|
98
110
|
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
class Subspace::Commands::Maintain < Subspace::Commands::Base
|
2
|
+
PASS_THROUGH_PARAMS = ["private-key", "limit"]
|
3
|
+
|
4
|
+
def initialize(args, options)
|
5
|
+
@environment = args.first
|
6
|
+
@options = options
|
7
|
+
run
|
8
|
+
end
|
9
|
+
|
10
|
+
def run
|
11
|
+
ansible_options = ["--diff", "--tags=maintenance"]
|
12
|
+
PASS_THROUGH_PARAMS.each do |param_name|
|
13
|
+
x = param_name.split('-')[1..-1].map(&:upcase).join('_')
|
14
|
+
hash_key = (param_name.gsub('-', '_') + (x == '' ? '' : "_#{x}")).to_sym
|
15
|
+
value = @options.__hash__[hash_key]
|
16
|
+
if value
|
17
|
+
ansible_options += ["--#{param_name}", value]
|
18
|
+
end
|
19
|
+
end
|
20
|
+
ansible_command "ansible-playbook", "#{@environment}.yml", *ansible_options
|
21
|
+
end
|
22
|
+
end
|
data/lib/subspace/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0
|
4
|
+
version: 2.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-08-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -262,6 +262,7 @@ files:
|
|
262
262
|
- lib/subspace/commands/bootstrap.rb
|
263
263
|
- lib/subspace/commands/configure.rb
|
264
264
|
- lib/subspace/commands/init.rb
|
265
|
+
- lib/subspace/commands/maintain.rb
|
265
266
|
- lib/subspace/commands/override.rb
|
266
267
|
- lib/subspace/commands/provision.rb
|
267
268
|
- lib/subspace/commands/ssh.rb
|
@@ -299,8 +300,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
299
300
|
- !ruby/object:Gem::Version
|
300
301
|
version: '0'
|
301
302
|
requirements: []
|
302
|
-
|
303
|
-
rubygems_version: 2.7.7
|
303
|
+
rubygems_version: 3.0.3
|
304
304
|
signing_key:
|
305
305
|
specification_version: 4
|
306
306
|
summary: Ansible-based server provisioning for rails projects
|