Skip to content

Commit 758e725

Browse files
soedirgosoedirgo
authored
chore: prepare Realtime for Marketplaces (#49)
* chore: update Packer & Ansible files Update Packer & Ansible settings to prepare for AWS/DO Marketplaces * chore: set aws.json's `source_ami` to be user var `source_ami`'s default is set to x64 Ubuntu 18.04 EBS HVM in ap-southeast-1 (Singpore), but ami codes change between regions, so this should be a user variable along with `region`. * fix: get SECRET_KEY_BASE from env * chore: proper cleanup of Ansible tmp files * docs: better error messages for SECRET_KEY_BASE * ci: fix artifact naming of release assets
1 parent cb111d8 commit 758e725

17 files changed

+860
-117
lines changed

.github/workflows/release.yml

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ name: Release
33
on:
44
push:
55
tags:
6-
- '*'
6+
- "[0-9]+.[0-9]+.[0-9]+*"
77

88
jobs:
99
release:
@@ -22,12 +22,16 @@ jobs:
2222
elixir-version: 1.10.x
2323
otp-version: 22.x
2424

25+
- name: Get the version
26+
id: get_version
27+
run: echo ::set-output name=version::${GITHUB_REF#refs/tags/}
28+
2529
- name: Prepare release
2630
run: |
2731
mix deps.get
2832
mix compile
2933
mix release
30-
tar -czvf realtime-ubuntu-latest.tar.gz -C ./_build/prod/rel/realtime/bin realtime
34+
tar -czf realtime-${{ steps.get_version.outputs.version }}-x86_64-linux-gnu.tar.gz -C ./_build/prod/rel realtime
3135
env:
3236
MIX_ENV: prod
3337

@@ -39,8 +43,6 @@ jobs:
3943
with:
4044
tag_name: ${{ github.ref }}
4145
release_name: ${{ github.ref }}
42-
draft: false
43-
prerelease: false
4446

4547
- name: Upload release assets
4648
id: upload-release-asset
@@ -49,8 +51,8 @@ jobs:
4951
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
5052
with:
5153
upload_url: ${{ steps.create_release.outputs.upload_url }}
52-
asset_path: ./server/realtime-ubuntu-latest.tar.gz
53-
asset_name: realtime-ubuntu-latest.tar.gz
54+
asset_path: ./server/realtime-${{ steps.get_version.outputs.version }}-x86_64-linux-gnu.tar.gz
55+
asset_name: realtime-${{ steps.get_version.outputs.version }}-x86_64-linux-gnu.tar.gz
5456
asset_content_type: application/gzip
5557

5658
- name: Upload build to Docker Hub

ansible/files/apt_periodic

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
APT::Periodic::Update-Package-Lists "1";
2+
APT::Periodic::Download-Upgradeable-Packages "1";
3+
APT::Periodic::AutocleanInterval "7";
4+
APT::Periodic::Unattended-Upgrade "1";

ansible/files/realtime.env

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
HOSTNAME=0.0.0.0
22
PORT=4000
33
DB_USER=postgres
4-
DB_HOST=localhost
4+
DB_HOST=
55
DB_PORT=5432
66
DB_NAME=postgres
7-
DB_PASSWORD=postgres
8-
SECRET_KEY_BASE=SOMETHING_SUPER_SECRET
7+
DB_PASSWORD=
8+
SECRET_KEY_BASE=

ansible/files/realtime.service.j2

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,13 @@ Description=Supabase Realtime server
33

44
[Service]
55
Type=simple
6-
ExecStart=/opt/realtime/server/_build/prod/rel/realtime/bin/realtime start
6+
ExecStart=/opt/realtime/bin/realtime start
77
Restart=always
88
RestartSec=3
99

1010
# User for the build, and service
1111
User=realtime
12-
EnvironmentFile=/etc/realtime.env
12+
EnvironmentFile=/etc/realtime/realtime.env
1313

1414
# Not specified in the supabase server docs but startup will fail if the HOME environmental
1515
# variable is not set.

ansible/playbook.yml

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,15 +3,13 @@
33
become: true
44

55
vars:
6-
supabase_commit: 951ef2350465d42eb6f741f4659ed5b6fda4cd7b
7-
supabase_commit_checksum: sha1:eaf75edba248db39c881dc0dce5b129296afaecb
8-
9-
erlang_solutions_deb: erlang-solutions_2.0_all.deb
10-
erlang_solutions_deb_checksum: sha1:1968ec2ae81a5e1f56d2f173144926ec90a5e7c7
6+
realtime_version: 0.7.4
7+
realtime_checksum: sha1:9971212a8d39ada4385b97b44486e30230223116
118

129
tasks:
1310
- include_tasks: tasks/setup-system.yml
1411

15-
- include_tasks: tasks/setup-elixir.yml
16-
1712
- include_tasks: tasks/setup-realtime.yml
13+
14+
- name: Remove temp dir at $HOME
15+
shell: rm -rf ~/.ansible

ansible/tasks/setup-elixir.yml

Lines changed: 0 additions & 48 deletions
This file was deleted.

ansible/tasks/setup-realtime.yml

Lines changed: 19 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -2,38 +2,29 @@
22
- name: System user
33
user: name=realtime
44

5-
- name: Install hex dependecy
6-
shell: mix local.hex --force
7-
become_user: realtime
8-
args:
9-
chdir: /opt/realtime/server
10-
11-
- name: Install rebar dependency
12-
shell: mix local.rebar --force
13-
become_user: realtime
14-
args:
15-
chdir: /opt/realtime/server
16-
17-
- name: Install other dependencies
18-
shell: mix deps.get
19-
become_user: realtime
20-
args:
21-
chdir: /opt/realtime/server
5+
- name: Download release
6+
get_url:
7+
url: "https://github.com/supabase/realtime/releases/download/{{ realtime_version }}/realtime-{{ realtime_version }}-x86_64-linux-gnu.tar.gz"
8+
dest: /tmp/realtime.tar.gz
9+
checksum: "{{ realtime_checksum }}"
10+
11+
- name: Unpack archive to /opt/realtime
12+
unarchive:
13+
remote_src: yes
14+
src: /tmp/realtime.tar.gz
15+
dest: /opt
16+
owner: realtime
2217

23-
- name: Build release
24-
# IF A BUILD EXISTS the following message is shown
25-
# Release realtime-0.7.1 already exists. Overwrite? [Yn]
26-
#
27-
# There is no flag to stop if an existing build is available, thus we pipe 'n' to stop
28-
shell: echo n | MIX_ENV=prod mix release
29-
become_user: realtime
30-
args:
31-
chdir: /opt/realtime/server
18+
- name: Create /etc/realtime
19+
file:
20+
path: /etc/realtime
21+
state: directory
22+
owner: realtime
3223

33-
- name: Create /etc/realtime.env
24+
- name: Dump /etc/realtime/realtime.env
3425
copy:
3526
src: files/realtime.env
36-
dest: /etc/realtime.env
27+
dest: /etc/realtime/realtime.env
3728
owner: realtime
3829

3930
- name: Create service file
@@ -46,6 +37,3 @@
4637
daemon_reload: yes
4738
name: realtime
4839
enabled: yes
49-
50-
- name: Restart service
51-
service: name=realtime state=restarted

ansible/tasks/setup-system.yml

Lines changed: 45 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,28 @@
11
# DigitalOcean's ubuntu droplet isn't up to date with installed packages, and on
22
# a fresh install I see 71 security upgrades available.
33
- name: System - apt update and apt upgrade
4-
apt: update_cache=yes upgrade=yes # SEE http://archive.vn/DKJjs#parameter-upgrade
4+
apt:
5+
update_cache=yes upgrade=yes
6+
# SEE http://archive.vn/DKJjs#parameter-upgrade
7+
8+
- name: add universe repository for bionic
9+
apt_repository:
10+
repo: deb http://archive.ubuntu.com/ubuntu bionic universe
11+
state: present
12+
13+
- name: Install essentials
14+
apt:
15+
pkg:
16+
- ufw
17+
- fail2ban
18+
- unattended-upgrades
19+
update_cache: yes
20+
cache_valid_time: 3600
21+
22+
- name: Adjust APT update intervals
23+
copy:
24+
src: files/apt_periodic
25+
dest: /etc/apt/apt.conf.d/10periodic
526

627
- name: System - Create services.slice
728
template:
@@ -10,3 +31,26 @@
1031

1132
- name: System - systemd reload
1233
systemd: daemon_reload=yes
34+
35+
- name: UFW - Deny incoming traffics by default
36+
ufw:
37+
state: enabled
38+
default: deny
39+
direction: incoming
40+
41+
- name: UFW - Allow SSH
42+
ufw:
43+
rule: allow
44+
name: OpenSSH
45+
46+
- name: UFW - Allow Postgres
47+
ufw:
48+
rule: allow
49+
port: "5432"
50+
proto: tcp
51+
52+
- name: UFW - Allow realtime
53+
ufw:
54+
rule: allow
55+
port: "4000"
56+
proto: tcp

aws.json

Lines changed: 21 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,32 +1,40 @@
11
{
22
"variables": {
33
"aws_access_key": "{{env `AWS_ACCESS_KEY`}}",
4-
"aws_secret_key": "{{env `AWS_SECRET_KEY`}}"
4+
"aws_secret_key": "{{env `AWS_SECRET_KEY`}}",
5+
"region": "ap-southeast-1",
6+
"source_ami": "ami-0e763a959ec839f5e",
7+
"instance_type": "t2.micro"
58
},
69
"builders": [
710
{
811
"type": "amazon-ebs",
912
"access_key": "{{user `aws_access_key`}}",
1013
"secret_key": "{{user `aws_secret_key`}}",
11-
"region": "ap-southeast-1",
12-
"source_ami_filter": {
13-
"filters": {
14-
"virtualization-type": "hvm",
15-
"name": "ubuntu/images/*ubuntu-bionic-18.04-amd64-server-*",
16-
"root-device-type": "ebs"
17-
},
18-
"owners": ["099720109477"],
19-
"most_recent": true
20-
},
21-
"instance_type": "t2.micro",
14+
"region": "{{user `region`}}",
15+
"source_ami": "{{user `source_ami`}}",
16+
"instance_type": "{{user `instance_type`}}",
2217
"ssh_username": "ubuntu",
2318
"ami_name": "supabase-realtime-0.7.4"
2419
}
2520
],
2621
"provisioners": [
2722
{
2823
"type": "ansible",
29-
"playbook_file": "ansible/playbook.yml"
24+
"playbook_file": "ansible/playbook.yml",
25+
"ansible_env_vars": ["ANSIBLE_SSH_ARGS='-o IdentitiesOnly=yes'"],
26+
"user": "ubuntu"
27+
},
28+
{
29+
"execute_command": "echo 'packer' | sudo -S sh -c '{{ .Vars }} {{ .Path }}'",
30+
"type": "shell",
31+
"scripts": [
32+
"scripts/01-test",
33+
"scripts/02-credentials_cleanup.sh",
34+
"scripts/90-cleanup.sh",
35+
"scripts/91-log_cleanup.sh",
36+
"scripts/99-img_check.sh"
37+
]
3038
}
3139
]
3240
}

do.json

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,16 @@
11
{
22
"variables": {
3-
"do_api_token": "{{env `DO_API_TOKEN`}}"
3+
"do_api_token": "{{env `DO_API_TOKEN`}}",
4+
"region": "sgp1",
5+
"size": "512mb"
46
},
57
"builders": [
68
{
79
"type": "digitalocean",
810
"api_token": "{{user `do_api_token`}}",
911
"image": "ubuntu-18-04-x64",
10-
"region": "sgp1",
11-
"size": "512mb",
12+
"region": "{{user `region`}}",
13+
"size": "{{user `size`}}",
1214
"ssh_username": "root",
1315
"snapshot_name": "supabase-realtime-0.7.4"
1416
}
@@ -17,7 +19,17 @@
1719
{
1820
"type": "ansible",
1921
"playbook_file": "ansible/playbook.yml",
20-
"ansible_env_vars": ["ANSIBLE_SSH_ARGS='-o IdentitiesOnly=yes'"]
22+
"ansible_env_vars": ["ANSIBLE_SSH_ARGS='-o IdentitiesOnly=yes'"],
23+
"user": "root"
24+
},
25+
{
26+
"type": "shell",
27+
"scripts": [
28+
"scripts/01-test",
29+
"scripts/90-cleanup.sh",
30+
"scripts/91-log_cleanup.sh",
31+
"scripts/99-img_check.sh"
32+
]
2133
}
2234
]
2335
}

0 commit comments

Comments
 (0)