taperole 1.0.0

data/lib/tape/vagrant_provisioner.rb

@@ -0,0 +1,42 @@
+module TapeBoxer
+  class VagrantProvisioner < ExecutionModule
+    TapeBoxer.register_module :vagrant, self
+
+    action :create,
+      proc {create_box}
+      'Create a new vargant box with given name'
+    action :start,
+      proc {start_box},
+      'Starts the vagrant box with given name'
+    action :stop,
+      proc {stop_box},
+      'Stops the vagrant box with given name'
+    action :ssh,
+      proc {ssh_to_box},
+      'Stops the vagrant box with given name'
+    action :destroy,
+      proc {destroy_box},
+      'Stops the vagrant box with given name'
+
+    protected
+    def create_box
+      Kernel.exec "vagrant up"
+    end
+
+    def stop_box
+      Kernel.exec "vagrant halt #{opts[:name]}"
+    end
+
+    def start_box
+      Kernel.exec "vagrant up #{opts[:name]}"
+    end
+
+    def ssh_to_box
+      Kernel.exec "vagrant ssh #{opts[:name]}"
+    end
+
+    def destroy_box
+      Kernel.exec "vagrant destroy #{opts[:name]}"
+    end
+  end
+end

data/lib/tape.rb

@@ -0,0 +1,76 @@
+require 'erb'
+require 'fileutils'
+
+module TapeBoxer
+  class InvalidAction < StandardError; end
+  class ActionError < StandardError; end
+  class UnspecifiedOption < StandardError; end
+
+  class Action < Struct.new(:name, :proc, :description); end
+  class RegisteredModule < Struct.new(:name, :klass); end
+
+  def self.register_module(name, klass)
+    self.registered_modules[name] = RegisteredModule.new(name, klass)
+  end
+
+  def self.registered_modules
+    @modules ||= Hash.new
+  end
+
+  class ExecutionModule
+    attr_reader :opts
+    def initialize(opts)
+      @opts = opts
+    end
+
+    def self.actions
+      @actions
+    end
+
+    def self.action(name, opts = '', doc = '')
+      @actions ||= Hash.new
+      @actions[name.to_sym] = Action.new(name, opts, doc)
+    end
+
+    # Set or return module_name
+    def self.module_name(name = nil)
+      @module_name = (name || @module_name)
+    end
+
+    def actions
+      self.class.actions
+    end
+
+    def execute_action(action)
+      action = action.to_sym
+      unless actions.include?(action)
+        raise InvalidAction, "#{action} is not a valid action!"
+      end
+
+      unless system("ansible-playbook --version >/dev/null")
+        raise InvalidAction, "ansible-playbook must be on your PATH to use this tool"
+      end
+
+      self.instance_eval &actions[action].proc
+    end
+
+    protected
+
+    def require_opt(name)
+      unless opts[name.to_sym]
+        raise UnspecifiedOption, "Option --#{name} must be specified to do this!"
+      end
+    end
+
+    private
+    def tape_dir
+      File.realpath(File.join(__dir__, '../'))
+    end
+
+    def local_dir
+      Dir.pwd
+    end
+  end
+end
+
+Dir[File.dirname(__FILE__) + "/tape/*.rb"].each {|file| require file }

data/requirements.yml

@@ -0,0 +1,16 @@
+---
+- src: jnv.unattended-upgrades
+  version: v1.0.1
+
+- src: zzet.rbenv
+  version: 2.0.0
+
+- src: lxhunter.apt
+
+- src: https://github.com/ANXS/postgresql
+  name: ANXS.postgresql
+
+- src: leonelgalan.node
+  version: '0.2'
+
+- src: bennojoy.memcached

data/roles/after_deploy/tasks/main.yml

@@ -0,0 +1 @@
+- include: '{{local_dir}}/roles/after_deploy.yml'

data/roles/backend_checkout/tasks/main.yml

@@ -0,0 +1,21 @@
+- name: Check out application
+  remote_user: "{{ deployer_user.name }}"
+  git: dest={{ be_app_path }}
+       repo={{ be_app_repo }}
+       version={{ be_app_branch }}
+       accept_hostkey=true
+  register: app_checkout
+  tags: [be_deploy]
+
+- name: check that secrets is ignored
+  shell: cat {{ be_app_path }}/.gitignore | grep {{ item }}
+  with_items:
+    - config/secrets.yml
+  register: secrets_ignore_check
+  ignore_errors: true
+  tags: [be_deploy]
+
+- name: ignore secrets
+  shell: /bin/bash -c 'echo "config/secrets.yml" > {{ be_app_path }}/.git/info/exclude'
+  when: secrets_ignore_check|failed
+  tags: [be_deploy]

data/roles/backend_config/defaults/main.yml

@@ -0,0 +1 @@
+force_bundle: false

data/roles/backend_config/tasks/main.yml

@@ -0,0 +1,49 @@
+- name: Set up db config
+  template: src=database.yml.j2 dest={{be_app_path}}/config/database.yml
+
+# zzet.rbenv puts all the rbenv stuff in profile for some reason
+# so we gotta use login shells to do this stuff
+- name: Install bundle gems
+  remote_user: "{{ deployer_user.name }}"
+  command: chdir={{ be_app_path }}
+           bash -lc "RAILS_ENV={{be_app_env}} bundle install
+             --without test development contests_development --deployment"
+  tags: [be_deploy, bundle]
+
+- name: Ensure env_config.yml file present
+  stat: path={{ be_app_path }}/config/env_config.yml
+  register: env_config_file
+  tags: [be_deploy]
+
+- name: Ask for env_config.yml
+  debug: msg="You've got to upload env_config.yml to {{be_app_path}}/config to continue"
+  when: env_config_file.stat.exists != true
+  tags: [be_deploy]
+
+- name: Wait one day for env_config.yml to get put on the server
+  wait_for: path={{be_app_path}}/config/env_config.yml state=present timeout=86400
+  when: env_config_file.stat.exists != true
+  tags: [be_deploy]
+
+- name: Ensure secrets.yml file present
+  stat: path={{ be_app_path }}/config/secrets.yml
+  register: secrets_file
+  tags: [be_deploy]
+
+- name: Ask for secrets.yml
+  debug: msg="You've got to upload secrets.yml to {{be_app_path}}/config to continue"
+  when: secrets_file.stat.exists != true
+  tags: [be_deploy]
+
+- name: Wait one day for secrets.yml to get put on the server
+  wait_for: path={{be_app_path}}/config/secrets.yml state=present timeout=86400
+  when: secrets_file.stat.exists != true
+
+- name: Precompile Assets
+  remote_user: "{{ deployer_user.name }}"
+  command: chdir={{ be_app_path }}
+           bash -lc "bundle exec rake assets:precompile RAILS_ENV={{be_app_env}}"
+  tags: [precompile_assets,be_deploy]
+  when: precompile_assets
+
+  tags: [be_deploy]

data/roles/backend_config/templates/database.yml.j2

@@ -0,0 +1,8 @@
+{{ be_app_env }}:
+  adapter: postgresql
+  encoding: unicode
+  database: {{ app_name }}_{{ be_app_env }}
+  username: deployer
+  password: {{ database_password }}
+  pool: 5
+  host: localhost

data/roles/backend_config/templates/env_config.yml.j2

@@ -0,0 +1,2 @@
+{{ be_app_env }}:
+  host: {{ inventory_hostname }}

data/roles/backend_install_essentials/meta/main.yml

@@ -0,0 +1,5 @@
+---
+dependencies:
+  - role: bennojoy.memcached
+  - role: zzet.rbenv
+  - role: leonelgalan.node

data/roles/backend_install_essentials/tasks/main.yml

@@ -0,0 +1,24 @@
+- name: Install imagemagick
+  apt: name={{ item }} state=present
+  with_items:
+    - imagemagick
+    - libmagickcore-dev
+    - libmagickwand-dev
+
+- name: Register monit memcached config files
+  template: src=memcached.j2
+            dest=/etc/monit/conf.d/memcached
+            mode=u=rw,g=r,o=r
+  register: memcached_monit_config
+
+- name: Reload Monit
+  command: bash -lc "monit reload"
+  when: memcached_monit_config.changed
+
+# zzet.rbenv puts all the rbenv stuff in profile for some reason
+# so we gotta use login shells to do this stuff
+- name: Install bundler
+  shell: bash -lc "gem install bundler"
+
+- name: Rbenv rehash
+  shell: bash -lc "rbenv rehash"

data/roles/backend_install_essentials/templates/memcached.j2

@@ -0,0 +1,7 @@
+check process memcached with pidfile /var/run/memcached.pid
+    start program = "/etc/init.d/memcached start"
+    stop program = "/etc/init.d/memcached stop"
+    if failed host 127.0.0.1 port 11211 then restart
+    if cpu > 70% for 2 cycles then alert
+    if cpu > 98% for 5 cycles then restart
+    if 2 restarts within 3 cycles then timeout

data/roles/database_load/defaults/main.yml

@@ -0,0 +1,3 @@
+rake:
+  force_seed: false
+  force_migrate: false

data/roles/database_load/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: unicorn_install

data/roles/database_load/tasks/db_reset.yml

@@ -0,0 +1,14 @@
+- name: stop unicorns
+  service: name=unicorn_{{app_name}} state=stopped
+
+- name: Reset DB
+  command: chdir={{ be_app_path }}
+           bash -lc "bundle exec rake db:drop db:create RAILS_ENV={{be_app_env}}"
+  register: db_reset
+
+- name: DB Reset Failed
+  fail: msg="{{db_reset.stderr}}"
+  when: db_reset.stderr
+
+- name: start unicorns
+  service: name=unicorn_{{app_name}} state=started

data/roles/database_load/tasks/main.yml

@@ -0,0 +1,21 @@
+- include: db_reset.yml
+  when: force_db_reset is defined and force_db_reset
+  tags: [db_reset]
+
+- name: Migrate DB
+  remote_user: "{{ deployer_user.name }}"
+  command: chdir={{ be_app_path }}
+           bash -lc "bundle exec rake db:migrate RAILS_ENV={{be_app_env}}"
+  tags: [be_deploy,migrate,db_reset]
+  when: (app_checkout is defined and app_checkout.changed)
+        or rake.force_migrate 
+        or (db_reset is defined and db_reset.changed)
+
+- name: Seed DB
+  remote_user: "{{ deployer_user.name }}"
+  command: chdir={{ be_app_path }}
+           bash -lc "bundle exec rake db:seed RAILS_ENV={{be_app_env}}"
+  tags: [be_deploy,seed,db_reset]
+  when: (app_checkout is defined and app_checkout.changed)
+        or rake.force_seed
+        or (db_reset is defined and db_reset.changed)

data/roles/delayed_job/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+force_dj_runner_restart: false

data/roles/delayed_job/library/sudo_upstart

@@ -0,0 +1,101 @@
+#!/bin/sh
+
+# This ansible module runs upstart tasks with sudo.
+# This is necessary when specific jobs are allowed with
+# the sudoers file, as using the ansible service module will
+# attempt to execute the entire service module as root instead
+# of just the /sbin/{start,stop,...} jobs
+#
+# This module also wraps restart and reload, ensuring the service
+# is started
+
+# Ansible provides its module opts in a file that needs to be sourced
+# to get the env we run in
+. $1
+
+# Avoid stalling on password prompts
+sudocmd="echo '' | sudo -S"
+
+# holds the result of our operations for reporting state changes
+res=none
+
+sudoex() { eval "$sudocmd $@ >/dev/null";}
+
+# Failure JSON that ansible expects
+fail() {
+  echo '{"failed": true, "msg": "' $1 '", "status": "'`us_status $name`'"}'
+  exit 1
+}
+
+# Make sure certain vars are set when sourcing $1
+require_opt() {
+  eval val=\$$1
+  if [ ! -n "$val" ]; then
+    fail "Opt: $1 is required!"
+  fi
+}
+
+# All we need for now is name and state
+require_opt name
+require_opt state
+
+if ! status $name; then
+  fail "Invalid service: $name"
+fi
+
+reload() {
+  if sudoex /sbin/reload $name; then
+    res=reloaded
+  else
+    sudoex /sbin/start $name || fail "Could not reload or start! $name"
+    res=started
+  fi
+}
+
+restart() {
+  if sudoex /sbin/restart $name; then
+    res=restarted
+  else
+    sudoex /sbin/start $name || fail "Could not restart or start! $name"
+    res=started
+  fi
+}
+
+stopit() {
+  if [ "`us_status $name`" = "stop/waiting" ]; then
+    res=none
+  else
+    sudoex /sbin/stop $name || fail "Could not stop $name"
+    res=stopped
+  fi
+}
+
+start() {
+  if [ "`us_status $name`" = "start/running" ]; then
+    res=none
+  else
+    sudoex /sbin/start $name || fail "Could not start $name"
+    res=started
+  fi
+}
+
+# Return status string for the given service
+us_status() {
+  status $1 | cut -f 2 -d ' ' | tr -d ','
+}
+
+res=''
+case $state in
+reloaded) reload;;
+restarted) restart;;
+stopped) stopit;;
+started) start;;
+*) fail "Invalid state: $state";;
+esac
+
+# Were there changes applied?
+if [ "$res" = none ]; then
+  echo '{"changed": false}'
+else
+  echo '{"change": "'$res'", "changed": true}'
+fi

data/roles/delayed_job/tasks/main.yml

@@ -0,0 +1,35 @@
+- name: Install upstart job
+  template: src=dj_runner_upstart.j2
+            dest=/etc/init/dj_runner_{{app_name}}.conf
+  tags: [configure_dj_runner]
+  register: dj_runner_installation
+  when: enabled_delayed_job
+
+- name: register unicorn upstart script
+  command: initctl reload-configuration
+  when: dj_runner_installation.changed and
+        enabled_delayed_job
+  tags: [configure_dj_runner]
+
+- name: Give deployer user access to DJ upstart jobs
+  lineinfile: 'dest=/etc/sudoers
+               state=present
+               line="{{ deployer_user.name }} ALL = (root) NOPASSWD: /sbin/{{item}} dj_runner_{{app_name}}"'
+  with_items:
+    - start
+    - stop
+    - restart
+    - status
+    - reload
+  tags: [configure_dj_runner]
+  when: enabled_delayed_job
+
+- name: restart delayed job runner
+  sudo_upstart: name=dj_runner_{{app_name}} state=restarted
+  remote_user: "{{ deployer_user.name }}"
+  when: force_dj_runner_restart or
+        (dj_runner_installation is defined and dj_runner_installation.changed) or
+        force_db_reset or
+        (app_checkout is defined and app_checkout.changed) and
+        enabled_delayed_job
+  tags: [configure_dj_runner, be_deploy, reset_db]

data/roles/delayed_job/templates/dj_runner_upstart.j2

@@ -0,0 +1,17 @@
+description "{{app_name}} delayed job runner daemon"
+
+start on virtual-filesystems
+stop on runlevel [06]
+
+env PATH={{ rbenv_root }}/shims:{{ rbenv_root }}/bin:/usr/bin:/sbin:/bin
+env RAILS_ENV={{be_app_env}}
+setuid {{ deployer_user.name }}
+setgid {{ deployer_user.name }}
+
+chdir {{be_app_path}}
+
+respawn limit 5 5
+
+kill timeout 5
+
+exec bundle exec bin/delayed_job run

data/roles/deployer_user/files/id_rsa_digital_ocean.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDlxLbugDNrEg0fjchsaBG6XYLTOh5u3miY8gYMR0xQXFGsxipsyzYd2HSdSp1SPJyGs6aIXVfbeMsQVvDbWQcJTZYYviO2Rj6olf13gjA094CAlDCyTVgRYddiTrirFZiMCzLJrXfyGKiQcQ50BhpYYcO8QwPkwDo6Fs6AhuVMxlYc7MqHTxUwiuVsiC3xbgVnGszB8fI3v0531KOl7tJAxI1M53uexH3rQrEdpRwNqQAXoH9a8HQTaxvtSip1HrNvUumStt1Pu8tP6b3KwuHPwTnJtc2fXYatLjfbAf9KSCCPFhLfwVdAGTI/De6GU4D9lh39sFt2E63qV7mnSn+f

data/roles/deployer_user/tasks/keys.yml

@@ -0,0 +1,19 @@
+# - name: Ensure key files exist
+#   fail: msg="Key file {{local_dir + '/' + item}} is empty!"
+#   when: lookup('file', local_dir + '/' + item)|default(None) == None
+#   with_items: dev_key_files
+#   tags: [deployer]
+
+- name: Ensure devs keys are present
+  authorized_key: key="{{ lookup('file', local_dir + '/' + item) }}"
+                  manage_dir=yes
+                  state=present
+                  user=deployer
+  with_items: dev_key_files
+
+- name: Ensure DO pubkey is present
+  authorized_key: key="{{ lookup('file', 'id_rsa_digital_ocean.pub') }}"
+                  manage_dir=yes
+                  state=present
+                  user=deployer
+  # tags: [deployer]

data/roles/deployer_user/tasks/main.yml

@@ -0,0 +1,18 @@
+- name: Create deployer groups
+  group: name={{ item }} state=present
+  with_items: deployer_user.groups
+
+- name: Ensure deployer user is present
+  user: name={{ deployer_user.name }} state=present append=yes shell=/bin/bash
+
+- name: Ensure deployer user is in its groups
+  user: name={{ deployer_user.name }} groups={{ item }} state=present append=yes shell=/bin/bash
+  with_items: deployer_user.groups
+
+# It's possible for the deployer's homedir to get created on accident by
+# a deploy script or something getting run before this.  This just ensures
+# the env is sane moving forward
+- name: Ensure deployer user owns his own homedir
+  file: path=/home/deployer state=directory owner=deployer
+
+- include: keys.yml

data/roles/frontend_deploy/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: restart nginx
+  service: name=nginx state=restarted

data/roles/frontend_deploy/tasks/main.yml

@@ -0,0 +1,8 @@
+- name: rsync the FE app
+  remote_user: "{{ deployer_user.name }}"
+  synchronize:
+    src={{ fe_app_local_path }}/
+    dest={{ fe_app_path }}
+  tags: [fe_deploy]
+  register: fe_app_checkout
+  when: fe_app_local_path is defined

data/roles/general/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: jnv.unattended-upgrades

data/roles/general/tasks/basic_packages.yml

@@ -0,0 +1,3 @@
+---
+- name: Install vim
+  apt: name=vim state=present

data/roles/general/tasks/main.yml

@@ -0,0 +1,6 @@
+- name: apt-get udpate upgrade
+  apt: update_cache=yes  upgrade=safe
+  tags: [update, upgrade]
+
+- include: basic_packages.yml
+- include: swapfile.yml

data/roles/general/tasks/swapfile.yml

@@ -0,0 +1,21 @@
+- name: Make zerod swap file
+  command: dd if=/dev/zero of={{ swap_file.path }} bs=1024 count={{swap_file.size_kb}}
+           creates={{ swap_file.path }}
+- name: Set swap permissions
+  file: path={{ swap_file.path }} owner=root group=root mode=0600
+
+- name: Check swap type
+  command: file {{ swap_file.path }}
+  register: swapfile_info
+  changed_when: swapfile_info.stdout.find('swap file') == -1
+
+- name: mkswap on swap file
+  command: mkswap {{ swap_file.path }}
+  when: swapfile_info.stdout.find('swap file') == -1
+
+- name: Put the swap entry into fstab
+  mount: name=none src={{ swap_file.path }} fstype=swap opts=sw passno=0 dump=0 state=present
+
+- name: Swapon swapfile
+  command: swapon {{ swap_file.path }}
+  when: ansible_swaptotal_mb < 1

data/roles/monit_activate/tasks/main.yml

@@ -0,0 +1,2 @@
+- name: Reload Monit
+  command: bash -lc "monit reload"

data/roles/monit_install/tasks/main.yml

@@ -0,0 +1,19 @@
+- name: Install monit
+  apt: name=monit state=present
+
+- name: Register monit config files
+  template: src={{ item }}.j2
+            dest=/etc/monit/conf.d/{{ item }}
+            mode=u=rw,g=r,o=r
+  with_items:
+   - web_interface
+  register: web_interface_monit_config
+
+- name: Reload Monit
+  command: bash -lc "monit reload"
+  when: web_interface_monit_config.changed
+
+- name: Give deployer user access to monit
+  lineinfile: 'dest=/etc/sudoers
+               state=present
+               line="{{ deployer_user.name }} ALL = (ALL) ALL, NOPASSWD: /usr/bin/monit"'

data/roles/monit_install/templates/web_interface.j2

@@ -0,0 +1,2 @@
+set httpd port 2812 and
+  allow admin:monit

data/roles/nginx/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: restart nginx
+  command: bash -lc "sudo monit restart nginx"

data/roles/nginx/tasks/main.yml

@@ -0,0 +1,30 @@
+- name: Enable nginx PPA
+  apt_repository: repo=ppa:nginx/stable
+  tags: [nginx]
+
+- name: Install nginx
+  apt: name=nginx state=present
+  tags: [nginx]
+
+- name: Ditch default nginx site enabled
+  file: path=/etc/nginx/sites-enabled/default state=absent
+  tags: [nginx]
+
+- name: Configure App nginx
+  template: src=nginx_unicorn.j2 dest=/etc/nginx/sites-enabled/{{ app_name }}
+  notify: restart nginx
+  tags: [nginx]
+
+- name: Install monit nginx config
+  template: src=nginx_monit.j2
+            dest=/etc/monit/conf.d/nginx
+            mode=u=rw,g=r,o=r
+  register: nginx_monit_config
+
+- name: Reload Monit
+  command: bash -lc "monit reload"
+  when: nginx_monit_config.changed
+
+- name: Restart nginx
+  command: bash -lc "sudo monit restart nginx"
+  tags: [restart_nginx]

data/roles/nginx/templates/nginx_monit.j2

@@ -0,0 +1,3 @@
+check process nginx with pidfile /var/run/nginx.pid
+  start program = "/etc/init.d/nginx start"
+  stop program  = "/etc/init.d/nginx stop"