From 95181f13407d6dd5c39ac0365928725b0e071902 Mon Sep 17 00:00:00 2001 From: Robert Guthrie Date: Wed, 26 Apr 2023 18:41:21 +1200 Subject: [PATCH] add rails health check, update deploy.yml --- config/crontab | 1 + config/deploy.yml | 190 +++++++++++++++++++++++++++++++--------------- config/routes.rb | 2 + 3 files changed, 131 insertions(+), 62 deletions(-) create mode 100644 config/crontab diff --git a/config/crontab b/config/crontab new file mode 100644 index 00000000000..b9f8d8f599f --- /dev/null +++ b/config/crontab @@ -0,0 +1 @@ +0 * * * * /snap/bin/docker exec loomio-worker bundle exec rake loomio:hourly_tasks > ~/rake.log 2>&1 \ No newline at end of file diff --git a/config/deploy.yml b/config/deploy.yml index 1bccdbe3d72..ee6046b52e2 100644 --- a/config/deploy.yml +++ b/config/deploy.yml @@ -1,78 +1,144 @@ -# Name of your application. Used to uniquely configure containers. service: loomio +image: loomio/loomio_com -# Name of the container image. -image: loomio/latest - -# Deploy to these servers. servers: - - 192.168.0.1 + web: + - 165.227.76.125 + job: + hosts: + - 159.89.42.168 + cmd: bundle exec sidekiq -# Credentials for your image host. -registry: - # Specify the registry server, if you're not using Docker Hub - # server: registry.digitalocean.com / ghcr.io / ... - username: my-user + # cron: + # hosts: + # - 159.89.42.168 + # cmd: + # bash -c "cat config/crontab | crontab - && cron -f" - # Always use an access token rather than real password when possible. +registry: + server: ghcr.io + username: robguthrie password: - - MRSK_REGISTRY_PASSWORD + - GH_PAT -# Inject ENV variables into containers (secrets come from .env). -# env: -# clear: -# DB_HOST: 192.168.0.2 -# secret: -# - RAILS_MASTER_KEY +env: + # secret: + # - RAILS_MASTER_KEY + clear: + CANONICAL_HOST: loomiotest.org + SITE_NAME: Loomio-next + REPLY_HOSTNAME: reply.loomiotest.org + CHANNELS_URI: wss://channels.loomiotest.org + SMTP_DOMAIN: loomiotest.org + SMTP_SERVER: email-smtp.us-west-2.amazonaws.com + SMTP_PORT: 587 + SMTP_USERNAME: AKIA2UKBBQNLQ3ED2W6B + SMTP_PASSWORD: BHuTeHNhHLLE07aWAunV6PLGXUy6r+rZ6OhuW4S1jliU + PUMA_WORKERS: 2 + MIN_THREADS: 12 + MAX_THREADS: 12 + FORCE_SSL: 1 + USE_RACK_ATTACK: 1 + RACK_ATTACK_RATE_MULTPLIER: 5 + RACK_ATTACK_TIME_MULTPLIER: 1 + DATABASE_URL: postgresql://doadmin:AVNS_y-OdAEIPfReTSpRtNgK@db-loomio-com-do-user-727646-0.b.db.ondigitalocean.com:25060/defaultdb?sslmode=require + REDIS_URL: redis://redis:6379/0 + ACTIVE_STORAGE_SERVICE: digitalocean + DO_ENDPOINT: https://syd1.digitaloceanspaces.com + DO_ACCESS_KEY_ID: DO00RQPRGZPUW3PAHD9P + DO_SECRET_ACCESS_KEY: CMJ8meE6E4awHuoqi4e5yjtZYNF2ifAu6Mz29jHx7/8 + DO_BUCKET: loomiotest + SENTRY_PUBLIC_DSN: https://ecf9c5d9879d4fc5a72cfb60ebd075f5@bugs.loomio.io/7 + ALLOW_ROBOTS: 1 + CHARGIFY_API_KEY: zpd8P5LU57DjGWXwgk3p + CHARGIFY_APP_NAME: loomio + CHARGIFY_SITE_KEY: dP5UcDX5LTPyq98LSpv + DEVISE_SECRET: jei9dkfrus12k111222333ee4r4r4r44poocarrot + ERROR_PAGE_URL: https://help.loomio.com/en/error + MAINTENANCE_PAGE_URL: https://help.loomio.com/en/maintenance + EXPLORE_MIN_MEMBERS: 4 + EXPLORE_MIN_THREADS: 2 + EXPLORE_REQUIRE_SUBSCRIPTION: 1 + FB_APP_ID_META: 457851034283863 + FEATURES_DEMO_GROUPS: 1 + FEATURES_SHOW_CONTACT: 1 + FEATURES_SHOW_CONTACT_CONSENT: 1 + FEATURES_SUBSCRIPTIONS: 1 + FEATURES_TRIALS: 1 + GOOGLE_APP_KEY: 354171176268.apps.googleusercontent.com + GOOGLE_APP_SECRET: 2LTFjpPqYnGcE-xE0k3ISsau + GOOGLE_CLOUD_KEY: AIzaSyCXXwWrKlB6GY6w0mpFJRrlyG3ayj_556k + HELPER_BOT_EMAIL: contact@loomio.com + NEWSLETTER_ENABLED: 1 + OLD_REPLY_HOSTNAME: reply.loomio.org + PAID_INVITATIONS_RATE_LIMIT: 50000 + PRIVACY_URL: https://help.loomio.com/en/policy/privacy + RACK_ATTACK_RATE_MULTPLIER: 3 + RACK_TIMEOUT_SERVICE_TIMEOUT: 40 + RAILS_ENV: production + RECAPTCHA_APP_KEY: 6Lff0VoUAAAAAO7_jvINGkPucgNYRlZ72SdFQOSe + RECAPTCHA_SECRET_KEY: 6Lff0VoUAAAAAMk4c2HsfXAZIwMOFILoxWPoRLZr + REDIRECT_TO_CANONICAL_HOST: 1 + REDIS_CACHE_URL: redis://default:8iyjoJy0AUt1ByKmVsiJ70VQewZDoeo3@redis-14929.c10.us-east-1-2.ec2.cloud.redislabs.com:14929 + REDIS_QUEUE_URL: redis://default:PdeKf5tkvxRlrFRUmAWrLv1BwIFRpl9b@redis-11380.c74.us-east-1-4.ec2.cloud.redislabs.com:11380 + REPLY_HOSTNAME: reply.loomio.com + SECRET_COOKIE_TOKEN: e25c9a6592be3bacf55e36fa818a891ce6d46170e72677b062e21252e35c39c873fcb5721ac184e8837944fe7cfdab7570dc5f8ff0a5fb12ce7f20c85bbdb708 + SECRET_KEY_BASE: e25c9a6592be3bacf55e36fa818a891ce6d46170e72677b062e21252e35c39c873fcb5721ac184e8837944fe7cfdab7570dc5f8ff0a5fb12ce7f20c85bbdb708 + SENTRY_PUBLIC_DSN: https://69a6622bed364b8199f20d64863b1537@bugs.loomio.io/2 + SENTRY_SAMPLE_RATE: 0.1 + SPAM_REGEX: (flipssl\.com|zoofood\.org|w3boats\.com|revutap\.com|slowimo\.com|relumyx\.com|fineoak\.org|diide\.com|gusronk\.com|appnox\.com|akxpert\.com|patmui\.com|xhypm\.com|5y5u\.com|boldhut\.com|botfed\.com|fineloans\.org|netjook\.com|aramidth\.com|kindbest\.com|bsmitao\.com|astarmax\.com|irahada\.com|naymeo\.com|ichkoch\.com|onzmail\.com|seacob\.com|fineloans\.org|bombaya\.com|astarmax\.com|asfalio\.com|wifimaple\.com|whyflkj\.com|ddwfzp\.com|sejkt\.com) + SUPPORT_EMAIL: contact@loomio.com + TERMS_URL: https://help.loomio.com/en/policy/terms + TRANSLATE_CREDENTIALS: { "type": "service_account", "project_id": "loomio-production", "private_key_id": "936b16190c74966245409e828c9f7d1baa262279", "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCn9ahzeFUF1Oo1\nUvjWBwWvaHDroGM+KYdM5Ab8zyPAB3pJmBVoaRoJmbKQb2Sz+3bhGdBWeDH8b8WA\nAqkGWPybu3JmwqTOT7zegAoIGjJqI3DelaGYBH+Y4aDYIuQY4J4DuT71c0/OlG3B\nuZAuyC0mgqQ0+X1AN4IWChzIzIwZDCMyr9kSB8IjXQU7WAdEm32L5CB+icTYKni7\nc25qpmDjMJF5xbkrYu+GnUc+zcQNV9bWbbgIwtQipQcQ3tC8DlhFu+0HDn6YzVkO\nNYUc/fDb6YV6aM50LPeu8ZAaTUqaGc4rAXL0/4aOOkyfiYqNcsiQytbkEktaM0ED\nvCHbXw69AgMBAAECggEADrn1I0FdjGLZhtkNCfsDTm4PrzaDV8EdZKpToIPq7wcu\nJi4S+8dx/yh+Ow1r8h9DZ5jd/E7n7GnCZ9G+jy4V4UkDTquUoVA6z57ArRWFmRUd\nbC6zb0LptcuxUMdnt3SuS3Dzv7f0uzimvPHFCLeyxGnM9aYbC2/dKeCIxeRas5wJ\nR69rtFskeb69ZxOlZyMBdAT/xXW4Skuxldgszl/OA1DpqpVuWSoLGPAGO04L/Vtz\nIBDOIkRjLMLxj/X1q41VLU3HdNPr8YsmJcSL++MJp6mHB/K6YfpWUYHJGWqVS81a\nxnlvqQyrTLWYORoVa1dui7MC0C+trlL+1oNC8AxVowKBgQDWN9z83yVJzu4ZOmoA\nkemu84u6yvNZNDXQ7IAfbWnFt5qRzcW8Ryn6JbYEO7rJ11dOio0oASeok9VlM7HP\nhryP5sSBJpKZoOxXecL0vxdvnDlfpzKBS3zJTdGC7TjBbZEaQGjK+ce0XIyOWk1g\nwSJZQVVMiM+uI7GghYCdzXKIgwKBgQDIuA3s6Hfhe9CI8bpoJEZtNkKPwKJVkmsB\nGF/b3bgV4b7HZ0/oo3yVV2D4AJ5q7ixKRc5zdEQiUleRCuoPcwm15fd76wabqvi6\njcGSdrMinNRf0x5v0XYnkeltOjjhXl93jKSLn/3hl4zeBuEISK3Cn4fIoW/AKdS+\nyadVIL/nvwKBgQDA3gj0DwBmhI1wX1xi6PxJTPMoGWOhk9VEJjpwkTTjE5xx259F\nFZlgo6VOCGzzHxN3Hl1agDexmnBNro5PtxJ8SRvw38ar1OwVEgaKDqZOEYzCZymc\nqVdPcuXICEbKOBilVwpCfULlS1ItNHZoP1rqm1zuDFtXgMGDMc+LxBZzewKBgQCN\n8WsXoIY2lSKx1ZBnWU/cp8SGeEnUjgjR63TOvYsTHmOWDD98WzEdQ3+1omplYC0+\nEQOgrhYI14ZJchh3+HhjhE9x+JDhwRTIiLrdYsfnsFSXt2sM1GnkLdGPht72sZB9\nsJ4kh244/L2HvgGhpBQNUFfr0A6BLJPgoCaPkutjbQKBgExY4+7L3pzf/smMBCm2\nwlz7YJQprkKgaxnvj+NTQ3mCeF3o2p2uDgKLlcGEUUeVo4GbeA8844fMZaHut1a8\nbneY5jAyrU9iHKyUTFuOiNFZYmvhQYRCm1iWJgoBLhMsrgxi4bkreaWLhCZjygfI\n8vH7y/L0bEkjXmy3syUgZQ2r\n-----END PRIVATE KEY-----\n", "client_email": "loomio-production@appspot.gserviceaccount.com", "client_id": "", "auth_uri": "https://accounts.google.com/o/oauth2/auth", "token_uri": "https://oauth2.googleapis.com/token", "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/loomio-production%40appspot.gserviceaccount.com" } + TRIAL_DAYS: 7 + TRIAL_INVITATIONS_RATE_LIMIT: 150 + USE_RACK_ATTACK: 1 + # PLAUSIBLE_SITE: loomio.org,all.loomio.com + # PLAUSIBLE_SRC: https://measure.loomio.com/js/script.js + # SENTRY_SECRET_DSN: https://69a6622bed364b8199f20d64863b1537:b2152e7a55654e1db615e9dffc5ef631@bugs.loomio.io/2 + # SMTP_AUTH: plain + # SMTP_DOMAIN: loomio.com + # SMTP_PASSWORD: BI3j4JuFO0UizZ1Rv/gmXpCyn2ioGXXDA+SoidH6UXxJ + # SMTP_PORT: 587 + # SMTP_SERVER: email-smtp.us-east-1.amazonaws.com + # SMTP_USERNAME: AKIA2UKBBQNL7NECRC7E + # AWS_ACCESS_KEY_ID: AKIAJG73WYGWOUHX4B7A + # AWS_BUCKET: loomio-uploads + # AWS_REGION: us-east-1 + # AWS_SECRET_ACCESS_KEY: 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 + # CANONICAL_HOST: www.loomio.com + # CHANNELS_URI: wss://channels.loomio.com + # PUMA_WORKERS: 12 + # MAX_THREADS: 30 + # MIN_THREADS: 30 -# Call a broadcast command on deploys. -# audit_broadcast_cmd: -# bin/broadcast_to_bc +accessories: + # websockets: + # image: loomio/loomio_channel_server + # host: 165.22.32.232 + # env: + # APP_URL: https://www.loomiotest.org -# Use a different ssh user than root -# ssh: -# user: app + # redis-cache: + # image: redis:5.0 + # host: 10.132.53.193 + # port: 6379 + # directories: + # - data:/data + # cmd: + # redis-server --save 60 1 --loglevel warning --maxmemory-policy allkeys-lru --maxmemory 512mb --protected-mode no -# Configure builder setup. -# builder: -# args: -# RUBY_VERSION: 3.2.0 -# secrets: -# - GITHUB_TOKEN -# remote: -# arch: amd64 -# host: ssh://app@192.168.0.1 - -# Use accessory services (secrets come from .env). -# accessories: -# db: -# image: mysql:8.0 -# host: 192.168.0.2 -# port: 3306 -# env: -# clear: -# MYSQL_ROOT_HOST: '%' -# secret: -# - MYSQL_ROOT_PASSWORD -# files: -# - config/mysql/production.cnf:/etc/mysql/my.cnf -# - db/production.sql.erb:/docker-entrypoint-initdb.d/setup.sql -# directories: -# - data:/var/lib/mysql -# redis: -# image: redis:7.0 -# host: 192.168.0.2 -# port: 6379 -# directories: -# - data:/data + # redis-queue: + # image: redis:5.0 + # host: 104.236.65.131 + # port: 6379 + # directories: + # - data:/data + # cmd: + # redis-server --save 60 1 --loglevel warning --maxmemory-policy allkeys-lru --maxmemory 512mb --protected-mode no # Configure custom arguments for Traefik # traefik: # args: # accesslog: true # accesslog.format: json - -# Configure a custom healthcheck (default is /up on port 3000) -# healthcheck: -# path: /healthz -# port: 4000 diff --git a/config/routes.rb b/config/routes.rb index 6cd9ebb67fa..84bc7958fa8 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -11,6 +11,8 @@ def dev_routes_for(namespace) require 'sidekiq/web' Rails.application.routes.draw do + get "/up", to: proc { [200, {}, ["ok"]] }, as: :rails_health_check + authenticate :user, lambda { |u| u.is_admin? } do mount Sidekiq::Web => '/admin/sidekiq' mount Blazer::Engine, at: "/admin/blazer"