140 lines
3.6 KiB
Ruby
140 lines
3.6 KiB
Ruby
#
|
|
# Cookbook:: liquor_cabinet
|
|
# Recipe:: default
|
|
#
|
|
|
|
app_name = "liquor-cabinet"
|
|
deploy_user = "deploy"
|
|
deploy_group = "deploy"
|
|
deploy_path = "/opt/#{app_name}"
|
|
credentials = Chef::EncryptedDataBagItem.load('credentials', app_name)
|
|
|
|
ruby_version = node[app_name]['ruby']['version']
|
|
ruby_path = "/opt/ruby_build/builds/#{ruby_version}"
|
|
bundle_path = "#{ruby_path}/bin/bundle"
|
|
rack_env = node.chef_environment == "production" ? "production" : "development"
|
|
|
|
ruby_build_install 'v20231225'
|
|
ruby_build_definition ruby_version do
|
|
prefix_path ruby_path
|
|
end
|
|
|
|
group deploy_group
|
|
|
|
user deploy_user do
|
|
group deploy_group
|
|
manage_home true
|
|
shell "/bin/bash"
|
|
end
|
|
|
|
directory deploy_path do
|
|
owner deploy_user
|
|
group deploy_group
|
|
mode '0750'
|
|
end
|
|
|
|
redis_server_role = node[app_name]['redis_server_role']
|
|
redis_host = search(:node, "role:#{redis_server_role}").first['knife_zero']['host'] rescue nil
|
|
if redis_host.nil?
|
|
Chef::Log.warn("No node found with '#{redis_server_role}' role. Stopping here.")
|
|
return
|
|
end
|
|
|
|
git deploy_path do
|
|
repository node[app_name]['repo']
|
|
revision node[app_name]['revision']
|
|
user deploy_user
|
|
group deploy_group
|
|
notifies :restart, "service[#{app_name}]", :delayed
|
|
end
|
|
|
|
directory "#{deploy_path}/tmp" do
|
|
owner deploy_user
|
|
group deploy_group
|
|
mode 0750
|
|
end
|
|
|
|
execute "bundle install" do
|
|
user deploy_user
|
|
cwd deploy_path
|
|
command "#{bundle_path} install --without development,test --deployment"
|
|
end
|
|
|
|
template "#{deploy_path}/config.yml.erb" do
|
|
source 'config.yml.erb'
|
|
owner deploy_user
|
|
group deploy_group
|
|
mode '0600'
|
|
sensitive true
|
|
variables environment: rack_env,
|
|
redis_host: redis_host,
|
|
redis_port: node[app_name]['redis_port'],
|
|
redis_db: node[app_name]['redis_db'],
|
|
s3_endpoint: node[app_name]['s3_endpoint'],
|
|
s3_region: node[app_name]['s3_region'],
|
|
s3_bucket: node[app_name]['s3_bucket'],
|
|
s3_access_key: credentials['s3_access_key'],
|
|
s3_secret_key: credentials['s3_secret_key'],
|
|
maintenance_mode_enabled: node[app_name]['maintenance_mode_enabled']
|
|
# TODO sentry_dsn: credentials['sentry_dsn']
|
|
notifies :restart, "service[#{app_name}]", :delayed
|
|
end
|
|
|
|
directory '/etc/rainbows' do
|
|
owner deploy_user
|
|
group deploy_group
|
|
mode '0750'
|
|
end
|
|
|
|
template "/etc/rainbows/#{app_name}.rb" do
|
|
source 'rainbows.rb.erb'
|
|
owner deploy_user
|
|
group deploy_group
|
|
mode '0640'
|
|
variables user: deploy_user,
|
|
group: deploy_group,
|
|
app_name: app_name,
|
|
working_directory: deploy_path,
|
|
config: node[app_name]['rainbows']
|
|
notifies :restart, "service[#{app_name}]", :delayed
|
|
end
|
|
|
|
systemd_unit "#{app_name}.service" do
|
|
content({
|
|
Unit: {
|
|
Description: "Liquor Cabinet remoteStorage HTTP API",
|
|
Documentation: ["https://gitea.kosmos.org/5apps/liquor-cabinet"],
|
|
After: "syslog.target network.target"
|
|
},
|
|
Service: {
|
|
Type: "simple",
|
|
User: deploy_user,
|
|
WorkingDirectory: deploy_path,
|
|
Environment: "RACK_ENV=#{rack_env}",
|
|
ExecStart: "#{bundle_path} exec rainbows -c /etc/rainbows/#{app_name}.rb -E #{rack_env}",
|
|
PIDFile: "#{deploy_path}/tmp/rainbows.pid",
|
|
TimeoutSec: "10",
|
|
Restart: "on-failure",
|
|
},
|
|
Install: {
|
|
WantedBy: "multi-user.target"
|
|
}
|
|
})
|
|
verify false
|
|
triggers_reload true
|
|
action [:create, :enable]
|
|
end
|
|
|
|
service app_name do
|
|
action [:enable, :start]
|
|
end
|
|
|
|
if node[app_name]['ufw_source_allowed']
|
|
firewall_rule app_name do
|
|
command :allow
|
|
protocol :tcp
|
|
port node[app_name]['rainbows']['port']
|
|
source node[app_name]['ufw_source_allowed']
|
|
end
|
|
end
|