From ef3e370c8206d7734713b77280ebea5040ef6e27 Mon Sep 17 00:00:00 2001 From: Brian Samson Date: Tue, 10 Jan 2023 14:23:15 -0600 Subject: [PATCH 1/3] 3.0.0 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b83c695..87a7107 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,7 @@ This project attempts to follow [semantic versioning](https://semver.org/). ## Unreleased -## 3.0.0.rc2 +## 3.0.0 * Install redis from vendor repos (BREAKING, see README) * Removed outdated awscli role * Added `subspace secrets rekey` to generate and rekey ansible-vault secrets From bb36eae21973b397a78652233d150dae909b491a Mon Sep 17 00:00:00 2001 From: Brian Samson Date: Mon, 20 Mar 2023 13:43:33 -0500 Subject: [PATCH 2/3] updates for arm servers, attempts to fix wildcard letsencrypt --- ansible/roles/letsencrypt/tasks/main.yml | 11 +++++++- .../subspace-letsencrypt-authenticator.sh | 11 ++++++++ ansible/roles/newrelic-infra/tasks/main.yml | 2 +- ansible/roles/newrelic/handlers/main.yml | 5 ---- ansible/roles/newrelic/tasks/main.yml | 25 +------------------ ansible/roles/redis/tasks/main.yml | 3 ++- lib/subspace/commands/terraform.rb | 2 +- .../terraform/template/main-oxenwagen.tf.erb | 4 +++ 8 files changed, 30 insertions(+), 33 deletions(-) create mode 100644 ansible/roles/letsencrypt/templates/subspace-letsencrypt-authenticator.sh delete mode 100644 ansible/roles/newrelic/handlers/main.yml diff --git a/ansible/roles/letsencrypt/tasks/main.yml b/ansible/roles/letsencrypt/tasks/main.yml index 3aadf43..f1b132d 100644 --- a/ansible/roles/letsencrypt/tasks/main.yml +++ b/ansible/roles/letsencrypt/tasks/main.yml @@ -41,6 +41,14 @@ delay: 1 state: stopped + - name: "Copy manual auth script" + become: true + template: + src: /templates/subspace-letsencrypt-authenticator.sh + dest: /tmp/subspace-letsencrypt-authenticator.sh + owner: root + mode: '0700' + - name: Generate SSL Certificate become: true command: @@ -56,7 +64,8 @@ - "--cert-name" - "{{ le_ssl_cert.cert_name }}" - "--{{ le_ssl_cert.plugin }}" - - "--manual-auth-hook=/bin/yes" + - "--manual-auth-hook=/tmp/subspace-letsencrypt-authenticator.sh" + - "--manual-public-ip-logging-ok" - "--agree-tos" - "--expand" - "--non-interactive" diff --git a/ansible/roles/letsencrypt/templates/subspace-letsencrypt-authenticator.sh b/ansible/roles/letsencrypt/templates/subspace-letsencrypt-authenticator.sh new file mode 100644 index 0000000..392437c --- /dev/null +++ b/ansible/roles/letsencrypt/templates/subspace-letsencrypt-authenticator.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +echo CERTBOT_VALIDATION=$CERTBOT_VALIDATION +echo CERTBOT_DOMAIN=$CERTBOT_DOMAIN +echo CERTBOT_TOKEN=$CERTBOT_TOKEN +echo CERTBOT_ALL_DOMAINS=$CERTBOT_ALL_DOMAINS + + +echo "for dns you need to set:" +echo "IN TXT _acme_challenge.$CERTBOT_DOMAIN \"$CERTBOT_VALIDATION\"" + diff --git a/ansible/roles/newrelic-infra/tasks/main.yml b/ansible/roles/newrelic-infra/tasks/main.yml index 4188d1d..53ca75c 100644 --- a/ansible/roles/newrelic-infra/tasks/main.yml +++ b/ansible/roles/newrelic-infra/tasks/main.yml @@ -13,7 +13,7 @@ - name: Add New Relic apt repo apt_repository: - repo: deb [arch=amd64] https://download.newrelic.com/infrastructure_agent/linux/apt focal main + repo: deb https://download.newrelic.com/infrastructure_agent/linux/apt {{ansible_distribution_release}} main state: present become: true diff --git a/ansible/roles/newrelic/handlers/main.yml b/ansible/roles/newrelic/handlers/main.yml deleted file mode 100644 index 6df3954..0000000 --- a/ansible/roles/newrelic/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - - name: start newrelic agent - service: - name: newrelic-sysmond - state: restarted \ No newline at end of file diff --git a/ansible/roles/newrelic/tasks/main.yml b/ansible/roles/newrelic/tasks/main.yml index 6e34017..3b29197 100644 --- a/ansible/roles/newrelic/tasks/main.yml +++ b/ansible/roles/newrelic/tasks/main.yml @@ -1,27 +1,4 @@ --- - name: "Deprecation notice" ansible.builtin.debug: - msg: The 'newrelic' role in subspace is deprecated. Please migration to Newrelic One and the 'newrelic-infra' role - - - name: Add New Relic apt repo - apt_repository: - repo: deb http://apt.newrelic.com/debian/ newrelic non-free - state: present - become: true - - - name: Add New Relic apt key - apt_key: - url: https://download.newrelic.com/548C16BF.gpg - state: present - become: true - - - name: Install New Relic server agent - apt: - pkg: newrelic-sysmond - state: present - update_cache: true - become: true - - - shell: "nrsysmond-config --set license_key={{newrelic_licence}}" - become: true - notify: start newrelic agent + msg: The 'newrelic' role in subspace is deprecated. Please migrate to Newrelic One and the 'newrelic-infra' role diff --git a/ansible/roles/redis/tasks/main.yml b/ansible/roles/redis/tasks/main.yml index 7be0588..45289c1 100644 --- a/ansible/roles/redis/tasks/main.yml +++ b/ansible/roles/redis/tasks/main.yml @@ -35,5 +35,6 @@ - name: restart redis become: true systemd: - name: redis + name: redis-server + enabled: true state: restarted diff --git a/lib/subspace/commands/terraform.rb b/lib/subspace/commands/terraform.rb index 671d2eb..1ff5193 100644 --- a/lib/subspace/commands/terraform.rb +++ b/lib/subspace/commands/terraform.rb @@ -73,7 +73,7 @@ def update_terraformrc def update_inventory puts "Apply succeeded, updating inventory." Dir.chdir "config/subspace/terraform/#{@env}" do - @output = JSON.parse `terraform output -json inventory` + @output = JSON.parse `terraform output "-json" inventory` end inventory.merge(@output) inventory.write diff --git a/template/subspace/terraform/template/main-oxenwagen.tf.erb b/template/subspace/terraform/template/main-oxenwagen.tf.erb index d3dd900..db22b60 100644 --- a/template/subspace/terraform/template/main-oxenwagen.tf.erb +++ b/template/subspace/terraform/template/main-oxenwagen.tf.erb @@ -64,6 +64,10 @@ module oxenwagen { } output "inventory" { + value = module.oxenwagen.inventory +} + +output "oxenwagen" { value = module.oxenwagen } From 1b4163e18b54f1a266e8b058f45281571fcc2a91 Mon Sep 17 00:00:00 2001 From: Brian Samson Date: Thu, 27 Jul 2023 08:58:14 -0500 Subject: [PATCH 3/3] found code from march in july --- ansible/roles/letsencrypt/tasks/main.yml | 2 +- lib/subspace/commands/base.rb | 2 +- lib/subspace/commands/init.rb | 2 +- lib/subspace/commands/secrets.rb | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/roles/letsencrypt/tasks/main.yml b/ansible/roles/letsencrypt/tasks/main.yml index f1b132d..e87f02e 100644 --- a/ansible/roles/letsencrypt/tasks/main.yml +++ b/ansible/roles/letsencrypt/tasks/main.yml @@ -44,7 +44,7 @@ - name: "Copy manual auth script" become: true template: - src: /templates/subspace-letsencrypt-authenticator.sh + src: templates/subspace-letsencrypt-authenticator.sh dest: /tmp/subspace-letsencrypt-authenticator.sh owner: root mode: '0700' diff --git a/lib/subspace/commands/base.rb b/lib/subspace/commands/base.rb index d05422f..6c7d341 100644 --- a/lib/subspace/commands/base.rb +++ b/lib/subspace/commands/base.rb @@ -59,7 +59,7 @@ def copy(src, dest = nil) end def confirm_overwrite(file_path) - return true unless File.exists? file_path + return true unless File.exist? file_path answer = ask "#{file_path} already exists. Reply 'y' to overwrite: [no] " return answer.downcase.start_with? "y" end diff --git a/lib/subspace/commands/init.rb b/lib/subspace/commands/init.rb index f44bdec..d9a0c95 100644 --- a/lib/subspace/commands/init.rb +++ b/lib/subspace/commands/init.rb @@ -25,7 +25,7 @@ def initialize(args, options) end def run - if File.exists? dest_dir + if File.exist? dest_dir answer = ask "Subspace appears to be initialized. Reply 'yes' to continue anyway: [no] " abort unless answer.chomp == "yes" else diff --git a/lib/subspace/commands/secrets.rb b/lib/subspace/commands/secrets.rb index 2220401..7d76412 100644 --- a/lib/subspace/commands/secrets.rb +++ b/lib/subspace/commands/secrets.rb @@ -29,7 +29,7 @@ def run end def create_local - if File.exists? File.join(project_path, "config/application.yml") + if File.exist? File.join(project_path, "config/application.yml") answer = ask "config/application.yml already exists. Reply 'yes' to overwrite: [no] " abort unless answer == "yes" end