taperole 1.4.0 → 1.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c4a93985dca52ee78fa0fdd9bcc84bea2ce5beb5
-  data.tar.gz: ba390dc0fce3501d57123da645e0534f23ecb565
+  metadata.gz: c0e0bcf6668d7e661536285b40436befdde49a38
+  data.tar.gz: 2071e81ab01d82f0dd5e023cccfac59a926df8f5
 SHA512:
-  metadata.gz: 61ed8c51dedf91f4dcb90cfb4ca9a5653bbf3a3cdcb4fbef5bf4eef71ed1bea67697e4752f38217b427f97556b73a4483e9cf19478c40613ba8612b4ba6f5c8c
-  data.tar.gz: eaa98d35c96e2472ca303a43b52b00feb32356a62503c07e0ff58fa486c5f69151adb92c94da5c2487f8fab176d7767d57a0b4362099a00293fcfdac01c39b6c
+  metadata.gz: b4b569c4e75be0afcf66558442f566131ea3e3487c7d231fec75c2508030781b5597cf0dd5f314bafb96dfd8b261f04166799cf6c154992f2460f546a4eec5cc
+  data.tar.gz: 3197d3051733f7ddcf9e3deca61c8948bb0c25bcfdf23b6a56f94d30f261393de4573235a7ebc3bcea55414a138603240125be63517a56116fa9ac5884354728

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+### 1.4.1
+* Blocks all ports on your server except 22, 80, 443
+* Installs node via nodesource
+
 ### 1.4.0
 * Install nvm which installed node
 * Update postgres role

data/lib/tape/info.rb

@@ -0,0 +1,9 @@
+module TapeBoxer
+  class Version < ExecutionModule
+    TapeBoxer.register_module :version, self
+
+    action :number,
+      proc { STDOUT.puts Gem::Specification::load("taperole.gemspec").version },
+      "Tape Version Number"
+  end
+end

data/requirements.yml

@@ -17,3 +17,5 @@
 - src: jnv.mosh
 
 - src: tersmitten.htop
+
+- src: nodesource.node

data/roles/backend_install_essentials/meta/main.yml

@@ -2,4 +2,4 @@
 dependencies:
   - role: geerlingguy.memcached
   - role: zzet.rbenv
-  - role: node
+  - role: nodesource.node

data/roles/frontend_deploy/tasks/main.yml

@@ -8,18 +8,32 @@
        force=yes
   tags: [fe_deploy]
 
+- name: Detect package.json
+  command: chdir={{ fe_app_path }}
+    bash -lc 'test -e package.json'
+  register: npm_result
+  ignore_errors: true
+  tags: [fe_deploy]
+
 - name: NPM install
-  when: fe_app_repo is defined
+  when: fe_app_repo is defined and npm_result|success
   remote_user: "{{ deployer_user.name }}"
   command: chdir={{ fe_app_path }}
-    bash -lc 'test -e package.json && npm install ; return 0'
+    bash -lc 'npm install'
+  tags: [fe_deploy]
+
+- name: Detect bower.json
+  command: chdir={{ fe_app_path }}
+    bash -lc 'test -e bower.json'
+  register: bower_result
+  ignore_errors: true
   tags: [fe_deploy]
 
 - name: Bower install
-  when: fe_app_repo is defined
+  when: fe_app_repo is defined and bower_result|success
   remote_user: "{{ deployer_user.name }}"
-  command: chdir={{ fe_app_path }}
-    bash -lc 'test -e bower.json && bower install'
+  command: chdir={{ fe_app_path }} 
+    bash -lc 'bower install'
   tags: [fe_deploy]
 
 - name: Build FE

data/roles/frontend_install_essentials/meta/main.yml

@@ -1,3 +1,3 @@
 ---
 dependencies:
-  - role: node
+  - role: nodesource.node

data/roles/ufw/tasks/main.yml

@@ -0,0 +1,12 @@
+- name: Install ufw
+  apt: name=ufw
+
+- name: Allow ssh through firewall
+  ufw: proto=tcp port=22 rule=allow
+
+- name: Set ufw policy
+  ufw: state=enabled direction=incoming policy=deny
+
+- name: Allow ports
+  ufw: proto=tcp port={{ item }} rule=allow
+  with_items: "{{ allowed_ports }}"

data/taperole.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name = "taperole"
-  spec.version = '1.4.0'
+  spec.version = '1.4.1'
   spec.authors = ['Jack Forrest', 'Smashing Boxes', 'Brandon Mathis']
   spec.description = "General purpose server provisioning and application deployment toolkit"
   spec.email = ['jack@smashingboxes.com', 'brandon@sbox.es']

data/templates/base/omnibox.example.yml

@@ -8,6 +8,7 @@
 
   roles:
     - general
+    - ufw
     - deployer_user
     - monit_install
     - postgres

data/templates/static_html/omnibox.example.yml

@@ -8,6 +8,7 @@
 
   roles:
     - general
+    - ufw
     - deployer_user
     - frontend_install_essentials
     - monit_install

data/vars/defaults.yml

@@ -5,9 +5,6 @@ fe_app_path: "/home/{{ deployer_user.name }}/{{ fe_app_name }}"
 
 tapefiles_dir: "./taperole"
 
-rbenv:
-  ruby_version: 2.3.0
-
 deployer_user:
   name: deployer
   groups:
@@ -35,3 +32,8 @@ precompile_assets: true
 app_url: false
 
 fe_build_command: gulp build
+node_version: 4.2
+
+allowed_ports:
+  - 80
+  - 443

data/vendor/nodesource.node/Dockerfile

@@ -0,0 +1,17 @@
+FROM ubuntu:trusty
+MAINTAINER Mark Wolfe <mark@wolfe.id.au>
+
+# http://docs.ansible.com/ansible/intro_installation.html#latest-releases-via-apt-ubuntu
+RUN apt-get install software-properties-common -y --force-yes
+RUN apt-add-repository ppa:ansible/ansible
+RUN apt-get update
+RUN apt-get install ansible -y --force-yes
+
+
+ENV WORKDIR /build/ansible-nodejs
+ADD . /build/ansible-nodejs
+ADD . /etc/ansible/roles/ansible-nodejs-role
+ADD ./tests/localhosts /etc/ansible/hosts
+
+RUN ansible-playbook $WORKDIR/role.yml -c local
+RUN node -v

data/vendor/nodesource.node/LICENSE.md

@@ -0,0 +1,11 @@
+The MIT License (MIT)
+=====================
+
+Copyright (c) 2014 NodeSource and Mark Wolfe
+--------------------------------------------
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/vendor/nodesource.node/README.md

@@ -0,0 +1,44 @@
+# ansible-nodejs-role
+
+This is an Ansible role which adds the the NodeSource APT repository and installs Node.js.
+
+Currently this role supports the following operating systems and releases.
+
+* **Ubuntu 12.04 LTS** (Precise Pangolin)
+* **Ubuntu 14.04 LTS** (Trusty Tahr)
+
+## Usage
+
+Install the playbook via Ansible Galaxy:
+
+```text
+$ ansible-galaxy install nodesource.node
+```
+
+Then configure it as follows:
+
+```yaml
+- hosts: servers
+  roles:
+     - nodesource.node
+```
+
+## Role Variables
+
+- `nodejs_nodesource_pin_priority`: Pin-Priority of the NodeSource repository (default: `500`).
+
+## Testing
+
+To test this role using Docker:
+
+```
+$ docker build .
+```
+
+## Author
+
+Mark Wolfe <mark@wolfe.id.au>
+
+## License
+
+This code is Copyright (c) 2014 NodeSource and Mark Wolfe and licenced under the MIT licence. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE.md file for more details.

data/vendor/nodesource.node/defaults/main.yml

@@ -0,0 +1,6 @@
+---
+# Pin-Priority of NodeSource repository
+nodejs_nodesource_pin_priority: 500
+
+# 0.10 or 0.12 or 4.x
+nodejs_version: "4.2"

data/vendor/nodesource.node/handlers/main.yml

@@ -0,0 +1,2 @@
+---
+# handlers file for nodejs

data/vendor/nodesource.node/meta/.galaxy_install_info

@@ -0,0 +1 @@
+{install_date: 'Thu Jan 28 19:12:58 2016', version: master}

data/vendor/nodesource.node/meta/main.yml

@@ -0,0 +1,18 @@
+---
+galaxy_info:
+  author: Mark Wolfe
+  description: Installs the NodeSource Node.js binary packages
+  company: NodeSource
+  license: MIT
+  min_ansible_version: 1.2
+  platforms:
+   - name: Ubuntu
+     versions:
+       - precise
+       - trusty
+  categories:
+   - development
+   - networking
+   - packaging
+   - web
+dependencies: []

data/vendor/nodesource.node/role.yml

@@ -0,0 +1,6 @@
+---
+- name: Test the Node.js role
+  hosts: all
+  sudo: yes
+  roles:
+    - role: "ansible-nodejs-role"

data/vendor/nodesource.node/tasks/main.yml

@@ -0,0 +1,39 @@
+# Install Node.js using packages crafted by NodeSource
+---
+- name: Ensure the system can use the HTTPS transport for APT
+  stat:
+    path: /usr/lib/apt/methods/https
+  register: apt_https_transport
+
+- name: Install HTTPS transport for APT
+  apt: 
+    pkg: apt-transport-https
+    state: installed
+  when: not apt_https_transport.stat.exists
+
+- name: Import the NodeSource GPG key into apt
+  apt_key:
+    url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key
+    state: present
+
+- name: Add NodeSource deb repository
+  apt_repository:
+    repo: 'deb https://deb.nodesource.com/node_{{ debian_repo_version }} {{ ansible_distribution_release }} main'
+    state: present
+
+- name: Add NodeSource deb-src repository
+  apt_repository:
+    repo: 'deb-src https://deb.nodesource.com/node_{{ debian_repo_version }} {{ ansible_distribution_release }} main'
+    state: present
+
+- name: Add NodeSource repository preferences
+  template:
+    src: etc/apt/preferences.d/deb_nodesource_com_node.pref.2
+    dest: /etc/apt/preferences.d/deb_nodesource_com_node.pref
+
+- name: Install Node.js
+  apt:
+    pkg:
+      - nodejs={{ nodejs_version }}*
+    state: installed
+    update_cache: yes

data/vendor/nodesource.node/templates/etc/apt/preferences.d/deb_nodesource_com_node.pref.2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+Package: *
+Pin: release o=Node Source
+Pin-Priority: {{ nodejs_nodesource_pin_priority }}

data/vendor/nodesource.node/tests/localhosts

@@ -0,0 +1,2 @@
+[local]
+localhost

data/vendor/nodesource.node/vars/main.yml

@@ -0,0 +1,3 @@
+---
+# vars file for nodejs
+debian_repo_version: "{{ nodejs_version if '4' not in nodejs_version else '4.x' }}"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: taperole
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.4.1
 platform: ruby
 authors:
 - Jack Forrest
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-20 00:00:00.000000000 Z
+date: 2016-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: slack-notifier
@@ -48,6 +48,7 @@ files:
 - id_rsa_sb_basebox
 - lib/tape.rb
 - lib/tape/ansible_runner.rb
+- lib/tape/info.rb
 - lib/tape/installer.rb
 - lib/tape/notifiers/slack.rb
 - lib/tape/qemu_provisioner.rb
@@ -86,8 +87,6 @@ files:
 - roles/nginx/tasks/main.yml
 - roles/nginx/templates/nginx_monit.j2
 - roles/nginx/templates/nginx_unicorn.j2
-- roles/node/tasks/main.yml
-- roles/node/templates/nvm.sh
 - roles/postgres/meta/main.yml
 - roles/redis/tasks/main.yml
 - roles/redis/templates/redis.j2
@@ -95,6 +94,7 @@ files:
 - roles/sidekiq/meta/main.yml
 - roles/sidekiq/tasks/main.yml
 - roles/sidekiq/templates/sidekiq.j2
+- roles/ufw/tasks/main.yml
 - roles/unicorn_activate/defaults/main.yml
 - roles/unicorn_activate/tasks/main.yml
 - roles/unicorn_install/tasks/main.yml
@@ -198,6 +198,18 @@ files:
 - vendor/lxhunter.apt/test.yml
 - vendor/lxhunter.apt/test/integration/default/bats/simple.bats
 - vendor/lxhunter.apt/test/integration/default/default.yml
+- vendor/nodesource.node/Dockerfile
+- vendor/nodesource.node/LICENSE.md
+- vendor/nodesource.node/README.md
+- vendor/nodesource.node/defaults/main.yml
+- vendor/nodesource.node/handlers/main.yml
+- vendor/nodesource.node/meta/.galaxy_install_info
+- vendor/nodesource.node/meta/main.yml
+- vendor/nodesource.node/role.yml
+- vendor/nodesource.node/tasks/main.yml
+- vendor/nodesource.node/templates/etc/apt/preferences.d/deb_nodesource_com_node.pref.2
+- vendor/nodesource.node/tests/localhosts
+- vendor/nodesource.node/vars/main.yml
 - vendor/tersmitten.htop/.gitignore
 - vendor/tersmitten.htop/.travis.yml
 - vendor/tersmitten.htop/LICENSE.txt

data/roles/node/tasks/main.yml

@@ -1,35 +0,0 @@
----
-- name: Install dependencies
-  sudo: yes
-  apt: pkg={{ item }} update_cache=yes cache_valid_time=3600
-  with_items:
-    - git
-    - curl
-    - build-essential
-    - libssl-dev
-
-- name: Detect nvm
-  command: bash -lc "nvm --version"
-  register: nvm_version
-  ignore_errors: yes
-
-- name: Clone NVM
-  git: repo=https://github.com/creationix/nvm.git dest=/opt/nvm
-  when: nvm_version|failed
-
-- name: Create node dir for all users
-  file:
-    dest=/usr/local/node
-    state=directory
-
-- name: Enable nvm for all users
-  template: src=nvm.sh dest=/etc/profile.d/nvm.sh mode=755
-
-- name: Detect node
-  command: bash -lc "node -v"
-  register: node_version
-  ignore_errors: yes
-
-- name: Install node 4.2 LTS and make it default node
-  command: bash -lc "nvm install 4.2 && nvm alias default 4.2"
-  when: node_version|failed

data/roles/node/templates/nvm.sh

@@ -1,5 +0,0 @@
-export NVM_DIR=/usr/local/nvm
-source /opt/nvm/nvm.sh
-
-export NPM_CONFIG_PREFIX=/usr/local/node
-export PATH="/usr/local/node/bin:$PATH"