From 239b6aed51c4d8a58b573927d67bd66690698017 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Tue, 8 Dec 2020 20:00:31 +0100 Subject: [PATCH] Add API permissions for akkounts VMs Using the zerotier IP, which is the same as the knife-zero host. --- site-cookbooks/kosmos-ejabberd/recipes/default.rb | 8 +++++++- site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb | 8 ++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb index 0cde474..9533351 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -169,6 +169,11 @@ hosts.each do |host| end end +akkounts_ip_addresses = [] +search(:node, "role:akkounts").each do |node| + akkounts_ip_addresses << node["knife_zero"]["host"] +end + template "/opt/ejabberd/conf/ejabberd.yml" do source "ejabberd.yml.erb" mode 0640 @@ -178,7 +183,8 @@ template "/opt/ejabberd/conf/ejabberd.yml" do stun_auth_realm: "kosmos.org", turn_ip_address: node['ipaddress'], turn_min_port: node["kosmos-ejabberd"]["turn_min_port"], - turn_max_port: node["kosmos-ejabberd"]["turn_max_port"] + turn_max_port: node["kosmos-ejabberd"]["turn_max_port"], + akkounts_ip_addresses: akkounts_ip_addresses notifies :run, "execute[ejabberdctl reload_config]", :delayed end diff --git a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb index 32db826..e1dca82 100644 --- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb +++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb @@ -174,6 +174,14 @@ api_permissions: what: - "status" - "connected_users_number" + "akkounts": + who: +<% @akkounts_ip_addresses.each do |ip| -%> + - ip: "<%= ip %>/8" +<% end -%> + what: + - "add_rosteritem" + - "delete_rosteritem" language: "en"