taperole 1.4.3 → 1.5.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (17) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +6 -0
  3. data/Vagrantfile +1 -1
  4. data/bin/tape +5 -0
  5. data/lib/tape/ansible_runner.rb +8 -1
  6. data/roles/backend_checkout/tasks/main.yml +13 -0
  7. data/roles/deployer_user/tasks/keys.yml +2 -8
  8. data/roles/deployer_user/tasks/main.yml +1 -1
  9. data/roles/frontend_deploy/tasks/main.yml +13 -0
  10. data/roles/nginx/tasks/main.yml +16 -0
  11. data/roles/nginx/templates/nginx_unicorn.j2 +26 -1
  12. data/taperole.gemspec +1 -1
  13. data/templates/base/deploy.example.yml +0 -4
  14. data/templates/static_html/deploy.example.yml +0 -4
  15. data/vars/defaults.yml +5 -0
  16. metadata +2 -3
  17. data/roles/deployer_user/files/id_rsa_digital_ocean.pub +0 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 52571d14e976b6967ecd19947b5da42e6f440f3f
4
- data.tar.gz: 225873fdc0a01cc94a31e530d4f27db88afca460
3
+ metadata.gz: 1372e1110daa93edadf03db73b31b30ff6b462d9
4
+ data.tar.gz: 8f81436b6a573bb255cc5da1f9c5279a63b2f60a
5
5
  SHA512:
6
- metadata.gz: 55efbdb575e225cb4c9154fe35d902d63e7249f028c238eb1b559f2f415b199d175f184f0f0b22a187832e961f0bd09a65d6e553e6588c85144f7c9d72f6b21c
7
- data.tar.gz: 7ba362c159e23f8a1c167ec31f4bfc9e16ea5653d5d0208eefa0baa595c20ff4ab8fc5a633304d31f3b6512a32392fe416ce74d8dc4834a488fda7ca2c7ef0de
6
+ metadata.gz: 4d1a4b5893e8ff6d5d7bb8bb3399239ba7acb8241ebcac35365a84f3b0af249ea55e329381270327cb279577f0b7939a7ef38c86bbad9faaa68b28d9a74bc6d1
7
+ data.tar.gz: 3dbc60ec192fed213447511417a05e57517b2c21fabfb0d00459353a44733260ec4788c77ece0b289fcf9ffd09a4c81fbcc310fdf4d44f28b0f897779f064c47
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ ### 1.5.0
2
+ * Self-signed SSL is now on by default
3
+ * Port 80 redirects to 443
4
+ * You can now build custom playbooks with then `tape ansible playbook -b playbook.yml` command
5
+ * Dev Keys folder is working again!
6
+
1
7
  ### 1.4.3
2
8
  * Update nodesource ansible galaxy role
3
9
  * Install latest version of node 4.x
data/Vagrantfile CHANGED
@@ -11,7 +11,7 @@ Vagrant.configure 2 do |config|
11
11
  # config.vm.network(:private_network, :ip => private_ip)
12
12
 
13
13
  # TODO free me from the bonds of this ip
14
- config.vm.network 'forwarded_port', guest: 80, host: 8080
14
+ config.vm.network 'forwarded_port', guest: 443, host: 8080
15
15
  config.vm.network 'private_network', type: 'dhcp'
16
16
 
17
17
  config.ssh.insert_key = false
data/bin/tape CHANGED
@@ -27,6 +27,11 @@ opt_parser = OptionParser.new do |opts|
27
27
  options.port = p
28
28
  end
29
29
 
30
+ opts.on('-bBOOK', "--book=PLAYBOOK",
31
+ String, "A custom playbook to run") do |p|
32
+ options.book = p
33
+ end
34
+
30
35
  opts.on("-h", "--help", "Show this help") do
31
36
  STDERR.puts opts
32
37
  exit 0
data/lib/tape/ansible_runner.rb CHANGED
@@ -23,7 +23,7 @@ class AnsibleRunner < ExecutionModule
23
23
  "Restarts Nginx"
24
24
  action :configure_deployer_user,
25
25
  proc { ansible '-t deployer' },
26
- "Ensures the deployer user is present and configures his SSH keys"
26
+ "Ensures the deployer user is present and configures its SSH keys"
27
27
  action :reset_db,
28
28
  proc { ansible '-t db_reset -e force_db_reset=true' },
29
29
  "wipes and re-seeds the DB"
@@ -43,6 +43,9 @@ class AnsibleRunner < ExecutionModule
43
43
  action :everything,
44
44
  proc { valid_preconfigs ? ansible : puts("Not a Rails or JS app") },
45
45
  "This does it all."
46
+ action :playbook,
47
+ proc { ansible_custom_playbook },
48
+ "Run a custom playbook"
46
49
 
47
50
  def initialize(*args)
48
51
  super
@@ -83,6 +86,10 @@ class AnsibleRunner < ExecutionModule
83
86
  exec_ansible("#{tapefiles_dir}/deploy.yml", cmd_str)
84
87
  end
85
88
 
89
+ def ansible_custom_playbook(cmd_str = '')
90
+ exec_ansible("#{tapefiles_dir}/#{opts.book}", cmd_str)
91
+ end
92
+
86
93
  def exec_ansible(playbook, args)
87
94
  enforce_roles_path!
88
95
  cmd = "ANSIBLE_CONFIG=#{local_dir}/.tape/ansible.cfg ansible-playbook -i #{inventory_file} #{playbook} #{args} #{hosts_flag} -e tape_dir=#{tape_dir}"
data/roles/backend_checkout/tasks/main.yml CHANGED
@@ -1,3 +1,16 @@
1
+ - name: Check if there are commited changes on {{ be_app_branch }}
2
+ remote_user: "{{ deployer_user.name }}"
3
+ command: bash -lc "git fetch origin && git diff --name-only origin/{{ be_app_branch }}"
4
+ args:
5
+ chdir: "{{be_app_path}}"
6
+ register: changes_on_remote
7
+ tags: [be_deploy]
8
+
9
+ - name: Inform User if there are no changes
10
+ debug: msg={{no_changes_found_error.split('\n')}}
11
+ when: changes_on_remote.stdout_lines == []
12
+ tags: [be_deploy]
13
+
1
14
  - name: Check out application
2
15
  remote_user: "{{ deployer_user.name }}"
3
16
  git: dest={{ be_app_path }}
data/roles/deployer_user/tasks/keys.yml CHANGED
@@ -9,15 +9,9 @@
9
9
  command: "cp /root/.ssh/authorized_keys /home/{{ deployer_user.name }}/.ssh/authorized_keys"
10
10
 
11
11
  - name: Ensure devs keys are present
12
- authorized_key: key=
12
+ authorized_key: key={{ lookup('file', item) }}
13
13
  manage_dir=yes
14
14
  state=present
15
15
  user=deployer
16
16
  with_fileglob:
17
- - "{{tapefiles_dir}}/dev_keys/*"
18
-
19
- - name: Ensure DO pubkey is present
20
- authorized_key: key="{{ lookup('file', 'id_rsa_digital_ocean.pub') }}"
21
- manage_dir=yes
22
- state=present
23
- user=deployer
17
+ - "./dev_keys/*"
data/roles/deployer_user/tasks/main.yml CHANGED
@@ -12,7 +12,7 @@
12
12
  # It's possible for the deployer's homedir to get created on accident by
13
13
  # a deploy script or something getting run before this. This just ensures
14
14
  # the env is sane moving forward
15
- - name: Ensure deployer user owns his own homedir
15
+ - name: Ensure deployer user owns its own homedir
16
16
  file: path=/home/deployer state=directory owner=deployer
17
17
 
18
18
  - include: keys.yml
data/roles/frontend_deploy/tasks/main.yml CHANGED
@@ -1,3 +1,16 @@
1
+ - name: Check if there are commited changes on {{ fe_app_branch }}
2
+ remote_user: "{{ deployer_user.name }}"
3
+ command: bash -lc "git fetch origin && git diff --name-only origin/{{ fe_app_branch }}"
4
+ args:
5
+ chdir: "{{fe_app_path}}"
6
+ register: changes_on_remote
7
+ tags: [fe_deploy]
8
+
9
+ - name: Inform User if there are no changes
10
+ debug: msg={{no_changes_found_error.split('\n')}}
11
+ when: changes_on_remote.stdout_lines == []
12
+ tags: [fe_deploy]
13
+
1
14
  - name: clone the FE app
2
15
  when: fe_app_repo is defined
3
16
  remote_user: "{{ deployer_user.name }}"
data/roles/nginx/tasks/main.yml CHANGED
@@ -10,6 +10,22 @@
10
10
  file: path=/etc/nginx/sites-enabled/default state=absent
11
11
  tags: [nginx]
12
12
 
13
+ - name: Create /etc/nginx/ssl
14
+ file: path=/etc/nginx/ssl state=directory
15
+ tags: [nginx]
16
+
17
+ - name: Create self signed SSL cert/key
18
+ command: bash -lc "openssl req -x509 -sha256 -nodes -newkey rsa:2048 -keyout self-signed.key -out self-signed.crt -subj '/CN=localhost'"
19
+ args:
20
+ chdir: /etc/nginx/ssl
21
+ tags: [nginx]
22
+
23
+ - name: Create Diffie Hellman Ephemeral Parameters (this will take some time)
24
+ command: bash -lc "openssl dhparam -out dhparam.pem 2048"
25
+ args:
26
+ chdir: /etc/nginx/ssl
27
+ tags: [nginx]
28
+
13
29
  - name: Configure App nginx
14
30
  template: src=nginx_unicorn.j2 dest=/etc/nginx/sites-enabled/{{ app_name }}
15
31
  tags: [nginx]
data/roles/nginx/templates/nginx_unicorn.j2 CHANGED
@@ -3,12 +3,37 @@ upstream unicorn {
3
3
  server unix:{{unicorn_sockfile}} fail_timeout=0;
4
4
  }
5
5
  {% endif %}
6
+ server {
7
+ listen 80;
8
+ return 301 https://$host$request_uri;
9
+ }
10
+
6
11
 
7
12
  server {
8
- listen 80 default deferred;
13
+ listen 443 default deferred;
9
14
 
10
15
  # server_name example.com;
11
16
 
17
+ ssl on;
18
+ ssl_certificate /etc/nginx/ssl/self-signed.crt;
19
+ ssl_certificate_key /etc/nginx/ssl/self-signed.key;
20
+ ssl_dhparam /etc/nginx/ssl/dhparam.pem;
21
+
22
+ ssl_prefer_server_ciphers on;
23
+ ssl_session_cache shared:SSL:10m;
24
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
25
+
26
+ ssl_stapling on;
27
+ ssl_stapling_verify on;
28
+ resolver 8.8.8.8 8.8.4.4 valid=300s;
29
+ resolver_timeout 5s;
30
+
31
+ ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
32
+
33
+ add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
34
+ add_header X-Frame-Options "DENY";
35
+ add_header Public-Key-Pins 'pin-sha256="klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; pin-sha256="633lt352PKRXbOwf4xSEa1M517scpD3l5f79xMD9r9Q="; max-age=2592000; includeSubDomains';
36
+
12
37
  {% if fe_app_repo is defined%}
13
38
  root {{ fe_app_path }}/dist;
14
39
  {% else %}
data/taperole.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |spec|
2
2
  spec.name = "taperole"
3
- spec.version = '1.4.3'
3
+ spec.version = '1.5.0'
4
4
  spec.authors = ['Jack Forrest', 'Smashing Boxes', 'Brandon Mathis']
5
5
  spec.description = "General purpose server provisioning and application deployment toolkit"
6
6
  spec.email = ['jack@smashingboxes.com', 'brandon@sbox.es']
data/templates/base/deploy.example.yml CHANGED
@@ -1,10 +1,6 @@
1
1
  ---
2
2
  - hosts: omnibox
3
3
 
4
- tags:
5
- - be_deploy
6
- - fe_deploy
7
-
8
4
  vars_files:
9
5
  - "{{tape_dir}}/vars/defaults.yml"
10
6
  - tape_vars.yml
data/templates/static_html/deploy.example.yml CHANGED
@@ -1,10 +1,6 @@
1
1
  ---
2
2
  - hosts: omnibox
3
3
 
4
- tags:
5
- - be_deploy
6
- - fe_deploy
7
-
8
4
  vars_files:
9
5
  - "{{tape_dir}}/vars/defaults.yml"
10
6
  - tape_vars.yml
data/vars/defaults.yml CHANGED
@@ -36,3 +36,8 @@ fe_build_command: gulp build
36
36
  allowed_ports:
37
37
  - 80
38
38
  - 443
39
+
40
+ no_changes_found_error: |
41
+ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️
42
+ No Changes detected on remote branch proceeding with deploy anyway
43
+ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️ ‼️
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: taperole
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.4.3
4
+ version: 1.5.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jack Forrest
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2016-02-12 00:00:00.000000000 Z
13
+ date: 2016-03-08 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: slack-notifier
@@ -69,7 +69,6 @@ files:
69
69
  - roles/delayed_job/tasks/main.yml
70
70
  - roles/delayed_job/templates/dj_monit_config.j2
71
71
  - roles/delayed_job/templates/dj_monit_runner.j2
72
- - roles/deployer_user/files/id_rsa_digital_ocean.pub
73
72
  - roles/deployer_user/tasks/keys.yml
74
73
  - roles/deployer_user/tasks/main.yml
75
74
  - roles/frontend_deploy/handlers/main.yml
data/roles/deployer_user/files/id_rsa_digital_ocean.pub DELETED
@@ -1 +0,0 @@
1
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDlxLbugDNrEg0fjchsaBG6XYLTOh5u3miY8gYMR0xQXFGsxipsyzYd2HSdSp1SPJyGs6aIXVfbeMsQVvDbWQcJTZYYviO2Rj6olf13gjA094CAlDCyTVgRYddiTrirFZiMCzLJrXfyGKiQcQ50BhpYYcO8QwPkwDo6Fs6AhuVMxlYc7MqHTxUwiuVsiC3xbgVnGszB8fI3v0531KOl7tJAxI1M53uexH3rQrEdpRwNqQAXoH9a8HQTaxvtSip1HrNvUumStt1Pu8tP6b3KwuHPwTnJtc2fXYatLjfbAf9KSCCPFhLfwVdAGTI/De6GU4D9lh39sFt2E63qV7mnSn+f