taperole 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 82c0a82eb80be81e11f2b2db205d80fdd40d6200
-  data.tar.gz: 5c2d11343fdf6c22a69b6e463cffcf21506e091a
+  metadata.gz: 83b21a958fbe42d78a79e6b657a19cf12102a481
+  data.tar.gz: c058812fc04a8c08572e145d115bf2e1809eb246
 SHA512:
-  metadata.gz: 68efdeb3ead8f15b062ec668913a914eb542273d9bc0718cf841f145f2808b147d73cf6659f482ed2fc9b49fa9bb133f2df5136f8bf754e78491ac78c7c60577
-  data.tar.gz: 07eb11f3f75dafd885402ca764134cc2e074e54c2a4372fee4d56246a8b0565b9185ab157b4dbf0ff181445931964c898c3ef5d4e7d0467140d7b6825e1b4781
+  metadata.gz: 91c4f02dc834d98cdf7a495abc30d4ddffaf6ae1f976048259ae78a4dcaef56bad97cd1ccc0801c3df20a9e936958aced72c332ff2643b4cc41d999681345dce
+  data.tar.gz: 15c9cd1a743eeac4b9a2433d1f448f75bccd6c10fe3045d560042981def4ab895ddab458c3334702f8e0efc8d8beb487aaccff0c5322eca12942ffbf293444d7

data/CHANGELOG.md

@@ -4,6 +4,7 @@
 * Supports Rails 5
 * Use letsencrypt for HTTPS configuration
 * `tape ansible everything` is now `tape ansible deploy`
+* Configure NGINX to use GZip
 
 ### 1.8.2 (also 1.8.1)
 * Updates ANXS PG Galaxy role

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    taperole (1.8.2)
+    taperole (2.0.0)
       colorize (~> 0.8.1)
       slack-notifier (~> 1.5)
       thor (~> 0.19.1)

data/README.md

@@ -44,7 +44,7 @@ tape installer install
 All default configurations found in `vars/defaults.yml` can be overridden in your local `taperole/tape_vars.yml` file
 
 **Default Node Version**: 4.2.x
-**Default Ruby Version** 2.3.0
+**Default Ruby Version** 2.4.0
 
 ### Backups
 Backups are handled via [duply](http://duply.net/) and are configured via the [Stouts.backup](https://github.com/Stouts/Stouts.backup) ansible galaxy role. Bacups occur every night at 4am under the root user. You can configure your backup schedule and target where you want your backups stored at within your `taperole/tape_vars.yml` file.
@@ -100,6 +100,27 @@ Then use the `-l` option to specify the stage/environment
 tape ansible deploy -l staging
 ```
 
+### Configure LetsEncrypt
+As of 2.0, Tape can automatically configure HTTPS with LetsEncrypt
+You will need to set the following configs:
+
+In your `hosts` file add a hostname variable
+```
+[production]
+0.0.0.0 be_app_env=production be_app_branch=SOME_BRANCH hostname=project-production.example.com
+
+[staging]
+0.0.0.0 be_app_env=staging be_app_branch=SOME_BRANCH hostname=project-staging.example.com
+```
+
+In your `tape_vars.yml`
+```
+letsencrypt:
+  enabled: true
+  hostname: "{{hostname}}"
+  email: some_email@example.com
+```
+
 ## Testing
 ### With vagrant
 

data/lib/taperole/version.rb

@@ -1,3 +1,3 @@
 module Taperole
-  VERSION = '2.0.0'.freeze
+  VERSION = '2.0.1'.freeze
 end

data/roles/letsencrypt/tasks/main.yml

@@ -1,9 +1,11 @@
 - name: Install letsencrypt
-  apt: name=letsencrypt state=present
+  command: bash -lc "git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt"
+  args:
+    creates: /opt/letsencrypt
   when: letsencrypt.enabled == true
 
 - name: Get letsencrypt cert
-  command: bash -lc "letsencrypt certonly --standalone --rsa-key-size 4096 --force-renew --agree-tos --email {{ letsencrypt.email }} --text --non-interactive -d {{ letsencrypt.hostname }}"
+  command: bash -lc "/opt/letsencrypt/letsencrypt-auto certonly --standalone --rsa-key-size 4096 --force-renew --agree-tos --email {{ letsencrypt.email }} --text --non-interactive -d {{ letsencrypt.hostname }}"
   args:
     creates: "/etc/letsencrypt/live/{{ letsencrypt.hostname }}/privkey.pem"
   when: letsencrypt.enabled == true
@@ -14,6 +16,6 @@
     weekday: 1
     hour: 2
     minute: 30
-    job: /usr/bin/letsencrypt renew --rsa-key-size 4096 >> /var/log/le-renew.log
+    job: /opt/letsencrypt/letsencrypt-auto renew --rsa-key-size 4096 --renew-hook "/usr/bin/monit restart nginx" >> /var/log/le-renew.log
     user: root
   when: letsencrypt.enabled == true

data/roles/nginx/templates/nginx_puma.j2

@@ -81,6 +81,7 @@ server {
   try_files $uri/index.html $uri @puma;
   location @puma {
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header Host $http_host;
     proxy_redirect off;
     proxy_pass http://puma;

data/roles/puma_install/tasks/main.yml

@@ -2,8 +2,8 @@
   file: path={{be_app_path}}/log state=directory owner=deployer
 
 - name: Install Puma config
-  template: src=puma.rb.j2
-            dest={{be_app_path}}/config/puma.rb
+  template: src=puma.production.rb.j2
+            dest={{be_app_path}}/config/puma.production.rb
 
 - name: Set up Puma pids dir
   file:

data/roles/puma_install/templates/puma_init.j2

@@ -6,7 +6,7 @@
 RAILS_ENV={{ be_app_env }}
 USER={{ deployer_user.name }}
 APP_DIR={{ be_app_path }}
-PUMA_CONFIG_FILE=$APP_DIR/config/puma.rb
+PUMA_CONFIG_FILE=$APP_DIR/config/puma.production.rb
 PUMA_PID_FILE={{ puma_pidfile }}
 PUMA_SOCKET={{ puma_sockfile }}
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: taperole
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Jack Forrest
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-17 00:00:00.000000000 Z
+date: 2017-04-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: slack-notifier
@@ -173,7 +173,7 @@ files:
 - roles/postgres/meta/main.yml
 - roles/puma_activate/tasks/main.yml
 - roles/puma_install/tasks/main.yml
-- roles/puma_install/templates/puma.rb.j2
+- roles/puma_install/templates/puma.production.rb.j2
 - roles/puma_install/templates/puma_init.j2
 - roles/puma_install/templates/puma_monit.j2
 - roles/redis/meta/main.yml
@@ -364,7 +364,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.2
+rubygems_version: 2.6.4
 signing_key: 
 specification_version: 4
 summary: A tool for provisioning and deploying boxes for hosting Rails apps