subspace 3.0.4 → 3.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/README.md +35 -20
- data/ansible/roles/common/tasks/main.yml +0 -2
- data/ansible/roles/postgresql/tasks/main.yml +1 -1
- data/ansible/roles/rails/tasks/main.yml +1 -1
- data/ansible/roles/redis/tasks/main.yml +7 -1
- data/ansible/roles/tailscale/tasks/main.yml +1 -1
- data/lib/subspace/commands/init.rb +4 -3
- data/lib/subspace/version.rb +1 -1
- data/template/subspace/inventory.yml.erb +2 -1
- data/template/subspace/secrets/template.erb +1 -1
- data/template/subspace/terraform/template/main-oxenwagen.tf.erb +2 -2
- data/template/subspace/terraform/template/main-workhorse.tf.erb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0570afc2b32d634f8839a952875042e5fa2423f83d74c2f1c3caf917d5bf890a
|
4
|
+
data.tar.gz: d55a60c1bb5b95f14384782e9393e0675d8ab2fd2d40d2c2584595d653537f1e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 34685a01a42bf73f3461e0df0fba7c0f56853ed62f2247a933eba8f12ba2bb9413adfbba284b1410e023d41abe2791db1b919c240990c7187232f5db51adf1d5
|
7
|
+
data.tar.gz: 39919a243c97a482fb8a21dd5f76bf5105c42bbfb609a24dc446ef8ea5c050bd638fd1243bd25ab277a0dd358d3f9e51b9b7d696a28536ec54a34bbe9d9575b9
|
data/CHANGELOG.md
CHANGED
@@ -12,6 +12,13 @@ This project attempts to follow [semantic versioning](https://semver.org/).
|
|
12
12
|
|
13
13
|
## Unreleased
|
14
14
|
|
15
|
+
## 3.0.5
|
16
|
+
* update rake task for secerts
|
17
|
+
* update readme
|
18
|
+
* remove unneeded deps for rails
|
19
|
+
* fix include deprecation
|
20
|
+
* Remove punctuation from tailscale host name
|
21
|
+
|
15
22
|
## 3.0.4
|
16
23
|
* log ansible update output to var
|
17
24
|
|
data/README.md
CHANGED
@@ -13,14 +13,8 @@ you to [configure variables](https://docs.ansible.com/ansible/latest/user_guide/
|
|
13
13
|
|
14
14
|
First, install ansible (>2.0)
|
15
15
|
|
16
|
-
OSX:
|
17
|
-
|
18
|
-
brew install ansible
|
19
|
-
|
20
|
-
Linux:
|
21
|
-
|
22
|
-
apt-get install ansible
|
23
|
-
|
16
|
+
- OSX: `brew install ansible`
|
17
|
+
- Linux: `apt-get install ansible`
|
24
18
|
|
25
19
|
Add this line to your application's Gemfile:
|
26
20
|
|
@@ -28,11 +22,13 @@ Add this line to your application's Gemfile:
|
|
28
22
|
gem 'subspace'
|
29
23
|
```
|
30
24
|
|
31
|
-
Or install it yourself
|
32
|
-
|
33
|
-
$ gem install subspace
|
25
|
+
Or install it yourself from the command line: `$ gem install subspace`
|
34
26
|
|
35
27
|
### Mitogen
|
28
|
+
|
29
|
+
[!CAUTION]
|
30
|
+
***Mitogen is currently broken! It doesn't support the latest ansible version.***
|
31
|
+
|
36
32
|
Optionally, you can install a python/pip packaged called "Mitogen" which dramatically speeds up running ansible over ssh. See [Here](https://github.com/mitogen-hq/mitogen/blob/master/docs/ansible_detailed.rst) for details.
|
37
33
|
|
38
34
|
pip install mitogen
|
@@ -40,15 +36,34 @@ Optionally, you can install a python/pip packaged called "Mitogen" which dramati
|
|
40
36
|
Subspace will try and detect if mitogen is present and use it can. If mitogen causes problems (sometimes it can cause problems depending on the system versions, and particaularly when brand new versions of anible come up and it hasn't updated), you can disable it:
|
41
37
|
|
42
38
|
DISABLE_MITOGEN=1 subspace provision env
|
39
|
+
|
43
40
|
## Usage
|
44
41
|
|
45
42
|
### `subspace init`
|
46
43
|
|
47
|
-
Initialize the project for subspace. Creates `config/subspace` with all
|
48
|
-
necessary files.
|
44
|
+
Initialize the project for subspace. Creates `config/subspace` with all necessary files.
|
49
45
|
|
50
46
|
Subspace 3 supports terraform. You will need to create an IAM user manually with administrative access to the target AWS environment for terraform.
|
51
47
|
|
48
|
+
#### Other Requirements
|
49
|
+
|
50
|
+
- [JQ](https://formulae.brew.sh/formula/jq)
|
51
|
+
- [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli)
|
52
|
+
- [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html#getting-started-install-instructions)
|
53
|
+
|
54
|
+
#### Setup AWS Profile
|
55
|
+
|
56
|
+
`aws configure --profile profile_name`
|
57
|
+
|
58
|
+
Subspace expects the `profile_name` to be `subspace-{project name}`.
|
59
|
+
|
60
|
+
#### `init` Options
|
61
|
+
|
62
|
+
Check [`cli.rb init`](/lib/subspace/cli.rb#L35) for all available options when initializing a new subspace project.
|
63
|
+
|
64
|
+
##### `--env`
|
65
|
+
The environment will default to `dev` unless you pass in `--env [env name]`
|
66
|
+
|
52
67
|
### `subspace bootstrap <environment>`
|
53
68
|
|
54
69
|
Ensures the $HOME/.ssh directory is present and ensures python is installed.
|
@@ -93,13 +108,13 @@ MUST be turned off manually by running `subspace maintenance_mode <environment>
|
|
93
108
|
|
94
109
|
#### Tagged roles
|
95
110
|
|
96
|
-
Role | Tags
|
97
|
-
---------- |
|
98
|
-
alienvault | alienvault
|
99
|
-
common | upgrade
|
100
|
-
common | authorized\_keys
|
101
|
-
rails | appyml
|
102
|
-
monit | monit
|
111
|
+
| Role | Tags | Comment |
|
112
|
+
| ---------- | ---------------- | -------------------------------------------------------------- |
|
113
|
+
| alienvault | alienvault | All tasks in the alienvault role have been tagged 'alienvault' |
|
114
|
+
| common | upgrade | runs apt-get update and apt-get upgrade |
|
115
|
+
| common | authorized\_keys | updates the authorized\_keys file for the deploy user |
|
116
|
+
| rails | appyml |
|
117
|
+
| monit | monit | All tasks in the monit role have been tagged 'monit' |
|
103
118
|
|
104
119
|
### `subspace secrets <environment> [--edit] [--create]`
|
105
120
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
- name: Install rails apt dependencies
|
3
3
|
apt:
|
4
|
-
name: ['git', 'libffi-dev', 'libgmp3-dev', 'libpq-dev', 'libxslt-dev', '
|
4
|
+
name: ['git', 'libffi-dev', 'libgmp3-dev', 'libpq-dev', 'libxslt-dev', 'zlib1g-dev']
|
5
5
|
become: true
|
6
6
|
when: ('Ubuntu' in ansible_distribution)
|
7
7
|
tags:
|
@@ -39,8 +39,14 @@
|
|
39
39
|
regexp: '^protected-mode yes'
|
40
40
|
line: 'protected-mode no'
|
41
41
|
|
42
|
-
- name:
|
42
|
+
- name: enable redis
|
43
43
|
become: true
|
44
44
|
systemd:
|
45
45
|
name: redis
|
46
|
+
enabled: yes
|
47
|
+
|
48
|
+
- name: restart redis
|
49
|
+
become: true
|
50
|
+
systemd:
|
51
|
+
name: redis-server
|
46
52
|
state: restarted
|
@@ -25,5 +25,5 @@
|
|
25
25
|
|
26
26
|
- name: "Join the tailnet and force reauth"
|
27
27
|
become: true
|
28
|
-
command: tailscale up --ssh --auth-key={{tailscale_auth_key}} --hostname={{project_name}}-{{hostname}} --accept-risk=lose-ssh {{tailscale_options}} --force-reauth
|
28
|
+
command: tailscale up --ssh --auth-key={{tailscale_auth_key}} --hostname={{project_name | regex_replace('_', '')}}-{{hostname}} --accept-risk=lose-ssh {{tailscale_options}} --force-reauth
|
29
29
|
tags: [ 'never', 'tailscale_reauth' ]
|
@@ -57,11 +57,12 @@ class Subspace::Commands::Init < Subspace::Commands::Base
|
|
57
57
|
- ensure the correct roles are present in #{@env}.yml
|
58
58
|
- Check ansible configuration variables in group_vars/#{@env}
|
59
59
|
|
60
|
-
|
60
|
+
5. Provision the new servers with ansible:
|
61
61
|
|
62
62
|
subspace provision #{@env}
|
63
63
|
|
64
|
-
!!MAKE SURE YOU PUT config/subspace/subspace.pem
|
64
|
+
!!MAKE SURE YOU PUT config/subspace/subspace.pem in 1Password!!
|
65
|
+
!!If you added an SSH Key Passphrase during that step, also save it in 1Password!!
|
65
66
|
|
66
67
|
"""
|
67
68
|
|
@@ -137,7 +138,7 @@ class Subspace::Commands::Init < Subspace::Commands::Base
|
|
137
138
|
|
138
139
|
def set_latest_ami
|
139
140
|
@latest_ami = `aws --profile subspace-#{project_name} ec2 describe-images \
|
140
|
-
--filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-
|
141
|
+
--filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64*' \
|
141
142
|
--query 'Images[*].[ImageId,CreationDate]' --output text \
|
142
143
|
| sort -k2 -r \
|
143
144
|
| head -n1 | cut -f1`.chomp
|
data/lib/subspace/version.rb
CHANGED
@@ -33,14 +33,14 @@ provider aws {
|
|
33
33
|
variable database_password { type = string }
|
34
34
|
|
35
35
|
module oxenwagen {
|
36
|
-
source = "github.com/tenforwardconsulting/terraform-subspace-oxenwagen?ref=v2.1
|
36
|
+
source = "github.com/tenforwardconsulting/terraform-subspace-oxenwagen?ref=v2.4.1"
|
37
37
|
project_name = "<%= project_name %>"
|
38
38
|
project_environment = "<%= @env %>"
|
39
39
|
aws_region = ## "us-west-2"
|
40
40
|
lb_health_check_path = "/"
|
41
41
|
subspace_public_key = file("../../subspace.pem.pub")
|
42
42
|
|
43
|
-
# Ubuntu Server
|
43
|
+
# Ubuntu Server 22.04 LTS (HVM), SSD Volume Type
|
44
44
|
instance_ami = "<%= @latest_ami %>"
|
45
45
|
web_instance_type = "t3.small"
|
46
46
|
web_instance_count = 2
|
@@ -28,7 +28,7 @@ module workhorse {
|
|
28
28
|
# zone_id = "ZOJ6811VRVYBT" # 10fw.net
|
29
29
|
# subdomain = "<%= project_name.gsub("_", "-") %>"
|
30
30
|
|
31
|
-
# Ubuntu Server
|
31
|
+
# Ubuntu Server 22.04 LTS (HVM), SSD Volume Type
|
32
32
|
instance_ami = "ami-0f81e6e71078b75b6"
|
33
33
|
instance_user = "ubuntu"
|
34
34
|
instance_type = "t3.medium"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.0.
|
4
|
+
version: 3.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-05-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -313,7 +313,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
313
313
|
- !ruby/object:Gem::Version
|
314
314
|
version: '0'
|
315
315
|
requirements: []
|
316
|
-
rubygems_version: 3.5.
|
316
|
+
rubygems_version: 3.5.9
|
317
317
|
signing_key:
|
318
318
|
specification_version: 4
|
319
319
|
summary: Ansible-based server provisioning for rails projects
|