Add PostgreSQL primary support to the kosmos-ejabberd cookbook

* Move the PostgreSQL user and database creation to a pg_db recipe * Generate access rights for the ejabberd servers in the pg_db recipe * Connect to the PostgreSQL primary instead of localhost Refs #180
2020-06-10 18:38:40 +02:00 · 2020-06-10 18:38:40 +02:00 · 2c21d6255b
commit 2c21d6255b
parent 091a46e972
3 changed files with 83 additions and 23 deletions
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@ -28,11 +28,6 @@ include_recipe "kosmos-postgresql"

 ejabberd_credentials = data_bag_item("credentials", "ejabberd")

-cookbook_file "#{Chef::Config[:file_cache_path]}/pg.sql" do
-  source "pg.sql"
-  mode "0664"
-end
-
 ejabberd_version = node["kosmos-ejabberd"]["version"]
 package_checksum = node["kosmos-ejabberd"]["checksum"]
 package_path = "#{Chef::Config['file_cache_path']}/ejabberd_#{ejabberd_version}-0_amd64.deb"
@ -52,11 +47,6 @@ end

 postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')

-postgresql_user 'ejabberd' do
-  action :create
-  password postgresql_data_bag_item['ejabberd_user_password']
-end
-
 hosts = [
  {
    name: "kosmos.org",
@ -111,21 +101,14 @@ ldap_base = "cn=users,dc=kosmos,dc=org"

 admin_users = ejabberd_credentials['admins']

+postgresql_primary_node = postgresql_primary
+postgresql_server = postgresql_primary_node[:ipaddress]
+# PostgreSQL is on the same server, connect through localhost
+postgresql_server = "localhost" if postgresql_primary_node[:hostname] == node[:hostname]
+
 hosts.each do |host|
  ldap_rootdn = "uid=xmpp,ou=#{host[:name]},cn=applications,dc=kosmos,dc=org"

-  postgresql_database host[:sql_database] do
-    owner 'ejabberd'
-    action :create
-    notifies :run, "execute[create db schema #{host[:sql_database]}]", :delayed
-  end
-
-  execute "create db schema #{host[:sql_database]}" do
-    user "ejabberd"
-    command "psql #{host[:sql_database]} < #{Chef::Config[:file_cache_path]}/pg.sql"
-    action :nothing
-  end
-
  template "/opt/ejabberd/conf/#{host[:name]}.yml" do
    source    "vhost.yml.erb"
    mode      0640
@ -133,6 +116,7 @@ hosts.each do |host|
    group     'ejabberd'
    sensitive true
    variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'],
+              sql_server: postgresql_server,
              host: host,
              ldap_base: ldap_base,
              ldap_server: ldap_domain,
--- a/site-cookbooks/kosmos-ejabberd/recipes/pg_db.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/pg_db.rb
@ -0,0 +1,76 @@
+#
+# Cookbook:: kosmos-ejabberd
+# Recipe:: pg_db
+#
+# The MIT License (MIT)
+#
+# Copyright:: 2020, Kosmos Developers
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#
+
+postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
+
+postgresql_service = "service[#{postgresql_service_name}]"
+
+service postgresql_service do
+  supports restart: true, status: true, reload: true
+end
+
+postgresql_user 'ejabberd' do
+  action :create
+  password postgresql_data_bag_item['ejabberd_user_password']
+end
+
+databases = ["ejabberd", "ejabberd_5apps"]
+
+ejabberd_servers = search(:node, "role:ejabberd AND chef_environment:#{node.chef_environment}")
+
+databases.each do |database|
+  postgresql_database database do
+    owner 'ejabberd'
+    action :create
+    notifies :run, "execute[create db schema #{database}]", :delayed
+  end
+
+  cookbook_file "#{Chef::Config[:file_cache_path]}/pg.sql" do
+    source "pg.sql"
+    mode "0664"
+  end
+
+  execute "create db schema #{database}" do
+    user "postgres"
+    command "psql #{database} < #{Chef::Config[:file_cache_path]}/pg.sql"
+    action :nothing
+  end
+
+  ejabberd_servers.each do |ejabberd_server|
+    ip = ip_for(ejabberd_server)
+    hostname = ejabberd_server[:hostname]
+
+    postgresql_access "ejabberd #{hostname}" do
+      access_type "host"
+      access_db "ejabberd"
+      access_user "ejabberd"
+      access_addr "#{ip}/32"
+      access_method "md5"
+      notifies :reload, postgresql_service, :delayed
+    end
+  end
+end
--- a/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb
@ -7,7 +7,7 @@ certfiles:
 host_config:
  "<%= @host[:name] %>":
    sql_type: pgsql
-    sql_server: "localhost"
+    sql_server: "<%= @sql_server %>"
    sql_database: "<%= @host[:sql_database] %>"
    sql_username: "ejabberd"
    sql_password: "<%= @pgsql_password %>"