Create a discourse cookbook that can be wrapped
It makes it possible to serve multiple Discord instances to different hosts from a single nginx load balancer Right now we run one for Kosmos and one for remoteStorage
This commit is contained in:
parent
e90b265f7e
commit
378fee85ec
|
@ -1,5 +0,0 @@
|
|||
name "discourse"
|
||||
|
||||
run_list %w(
|
||||
kosmos_discourse::default
|
||||
)
|
|
@ -0,0 +1,6 @@
|
|||
name "kosmos_discourse"
|
||||
|
||||
run_list %w(
|
||||
kosmos-dirsrv::hostsfile
|
||||
kosmos_discourse::default
|
||||
)
|
|
@ -8,6 +8,7 @@ default_run_list = %w(
|
|||
kosmos_website::default
|
||||
kosmos-ejabberd::nginx
|
||||
kosmos-akkounts::nginx_api
|
||||
remotestorage_discourse::nginx
|
||||
)
|
||||
|
||||
env_run_lists(
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
name "remotestorage_discourse"
|
||||
|
||||
run_list %w(
|
||||
remotestorage_discourse::default
|
||||
)
|
|
@ -0,0 +1,22 @@
|
|||
.vagrant
|
||||
*~
|
||||
*#
|
||||
.#*
|
||||
\#*#
|
||||
.*.sw[a-z]
|
||||
*.un~
|
||||
|
||||
# Bundler
|
||||
Gemfile.lock
|
||||
gems.locked
|
||||
bin/*
|
||||
.bundle/*
|
||||
|
||||
# test kitchen
|
||||
.kitchen/
|
||||
kitchen.local.yml
|
||||
|
||||
# Chef
|
||||
Berksfile.lock
|
||||
.zero-knife.rb
|
||||
Policyfile.lock.json
|
|
@ -0,0 +1,5 @@
|
|||
# discourse CHANGELOG
|
||||
|
||||
# 0.1.0
|
||||
|
||||
Initial release.
|
|
@ -0,0 +1,21 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2020 Kosmos Developers
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
|
@ -0,0 +1,4 @@
|
|||
# kosmos_discourse
|
||||
|
||||
TODO: Enter the cookbook description here.
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# Set it in the wrapper cookbook
|
||||
# node['discourse']['domain'] = "community.example.com"
|
||||
# Override it in the wrapper cookbook
|
||||
node.default['discourse']['role'] = "discourse"
|
||||
node.default['discourse']['port'] = 3001
|
|
@ -0,0 +1,110 @@
|
|||
# Put files/directories that should be ignored in this file when uploading
|
||||
# to a Chef Infra Server or Supermarket.
|
||||
# Lines that start with '# ' are comments.
|
||||
|
||||
# OS generated files #
|
||||
######################
|
||||
.DS_Store
|
||||
ehthumbs.db
|
||||
Icon?
|
||||
nohup.out
|
||||
Thumbs.db
|
||||
|
||||
# SASS #
|
||||
########
|
||||
.sass-cache
|
||||
|
||||
# EDITORS #
|
||||
###########
|
||||
.#*
|
||||
.project
|
||||
.settings
|
||||
*_flymake
|
||||
*_flymake.*
|
||||
*.bak
|
||||
*.sw[a-z]
|
||||
*.tmproj
|
||||
*~
|
||||
\#*
|
||||
mkmf.log
|
||||
REVISION
|
||||
TAGS*
|
||||
tmtags
|
||||
|
||||
## COMPILED ##
|
||||
##############
|
||||
*.class
|
||||
*.com
|
||||
*.dll
|
||||
*.exe
|
||||
*.o
|
||||
*.pyc
|
||||
*.so
|
||||
*/rdoc/
|
||||
a.out
|
||||
|
||||
# Testing #
|
||||
###########
|
||||
.circleci/*
|
||||
.codeclimate.yml
|
||||
.foodcritic
|
||||
.kitchen*
|
||||
.rspec
|
||||
.rubocop.yml
|
||||
.travis.yml
|
||||
.watchr
|
||||
azure-pipelines.yml
|
||||
examples/*
|
||||
features/*
|
||||
Guardfile
|
||||
kitchen.yml*
|
||||
Procfile
|
||||
Rakefile
|
||||
spec/*
|
||||
spec/*
|
||||
spec/fixtures/*
|
||||
test/*
|
||||
|
||||
# SCM #
|
||||
#######
|
||||
.git
|
||||
.gitattributes
|
||||
.gitconfig
|
||||
.github/*
|
||||
.gitignore
|
||||
.gitmodules
|
||||
.svn
|
||||
*/.bzr/*
|
||||
*/.git
|
||||
*/.hg/*
|
||||
*/.svn/*
|
||||
|
||||
# Berkshelf #
|
||||
#############
|
||||
Berksfile
|
||||
Berksfile.lock
|
||||
cookbooks/*
|
||||
tmp
|
||||
|
||||
# Bundler #
|
||||
###########
|
||||
vendor/*
|
||||
Gemfile
|
||||
Gemfile.lock
|
||||
|
||||
# Policyfile #
|
||||
##############
|
||||
Policyfile.rb
|
||||
Policyfile.lock.json
|
||||
|
||||
# Cookbooks #
|
||||
#############
|
||||
CHANGELOG*
|
||||
CONTRIBUTING*
|
||||
TESTING*
|
||||
CODE_OF_CONDUCT*
|
||||
|
||||
# Vagrant #
|
||||
###########
|
||||
.vagrant
|
||||
Vagrantfile
|
|
@ -0,0 +1,11 @@
|
|||
name 'discourse'
|
||||
maintainer 'Kosmos Developers'
|
||||
maintainer_email 'mail@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Installs/Configures discourse'
|
||||
long_description 'Installs/Configures discourse'
|
||||
version '0.1.0'
|
||||
chef_version '>= 14.0'
|
||||
|
||||
depends 'kosmos-nginx'
|
||||
depends 'firewall'
|
|
@ -0,0 +1,43 @@
|
|||
#
|
||||
# Cookbook:: kosmos_discourse
|
||||
# Recipe:: default
|
||||
#
|
||||
|
||||
package "docker-compose"
|
||||
deploy_path = "/opt/discourse"
|
||||
|
||||
repo = "https://github.com/discourse/discourse_docker"
|
||||
|
||||
git deploy_path do
|
||||
repository repo
|
||||
revision "main"
|
||||
end
|
||||
|
||||
systemd_unit "discourse.service" do
|
||||
content({Unit: {
|
||||
Description: "discourse service with docker compose",
|
||||
Requires: "docker.service",
|
||||
After: "docker.service",
|
||||
},
|
||||
Service: {
|
||||
Type: "oneshot",
|
||||
RemainAfterExit: "true",
|
||||
WorkingDirectory: deploy_path,
|
||||
Environment: "SUPERVISED=true",
|
||||
ExecStart: "#{deploy_path}/launcher start app",
|
||||
ExecStop: "#{deploy_path}/launcher stop app",
|
||||
},
|
||||
Install: {
|
||||
WantedBy: "multi-user.target"
|
||||
}})
|
||||
action [:create, :enable]
|
||||
end
|
||||
|
||||
include_recipe 'firewall'
|
||||
|
||||
firewall_rule 'discourse' do
|
||||
port [node['discourse']['port']]
|
||||
source "10.1.1.0/24"
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
|
@ -0,0 +1,39 @@
|
|||
#
|
||||
# Cookbook:: discourse
|
||||
# Recipe:: nginx
|
||||
#
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
domain = node['discourse']['domain']
|
||||
discourse_role = node['discourse']['role']
|
||||
|
||||
upstream_ip_addresses = []
|
||||
search(:node, "role:#{discourse_role}").each do |n|
|
||||
upstream_ip_addresses << n["knife_zero"]["host"]
|
||||
end
|
||||
# No Discourse host, stop here
|
||||
if upstream_ip_addresses.empty?
|
||||
Chef::Log.warn("No server with '#{discourse_role}' role. Stopping here.")
|
||||
return
|
||||
end
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
||||
source "nginx_conf.erb"
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables server_name: domain,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
|
||||
upstream_port: node['discourse']['port'],
|
||||
upstream_name: discourse_role,
|
||||
upstream_ip_addresses: upstream_ip_addresses
|
||||
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
|
@ -0,0 +1,36 @@
|
|||
# Generated by Chef
|
||||
upstream _<%= @upstream_name %> {
|
||||
<% @upstream_ip_addresses.each do |upstream_ip_address| -%>
|
||||
server <%= upstream_ip_address %>:<%= @upstream_port %>;
|
||||
<% end -%>
|
||||
}
|
||||
|
||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
server {
|
||||
server_name <%= @server_name %>;
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
|
||||
# Send real IP to the Docker container
|
||||
set_real_ip_from 127.0.0.1;
|
||||
real_ip_header X-Forwarded-For;
|
||||
|
||||
client_max_body_size 20M;
|
||||
|
||||
location / {
|
||||
# Increase number of buffers. Default is 8
|
||||
proxy_buffers 1024 8k;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
|
||||
proxy_pass http://_<%= @upstream_name %>;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
}
|
||||
<% end -%>
|
|
@ -1,7 +1,5 @@
|
|||
# kosmos_discourse CHANGELOG
|
||||
|
||||
This file is used to list changes made in each version of the kosmos_discourse cookbook.
|
||||
|
||||
# 0.1.0
|
||||
|
||||
Initial release.
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
# kosmos_discourse
|
||||
|
||||
TODO: Enter the cookbook description here.
|
||||
|
||||
Wrapper cookbook based on discourse
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
node.override['discourse']['domain'] = "community.kosmos.org"
|
||||
node.override['discourse']['role'] = "kosmos_discourse"
|
|
@ -1,12 +1,10 @@
|
|||
name 'kosmos_discourse'
|
||||
maintainer 'Kosmos Developers'
|
||||
maintainer_email 'you@example.com'
|
||||
maintainer_email 'mail@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Installs/Configures kosmos_discourse'
|
||||
long_description 'Installs/Configures kosmos_discourse'
|
||||
description 'Installs/Configures discourse'
|
||||
long_description 'Installs/Configures discourse'
|
||||
version '0.1.0'
|
||||
chef_version '>= 14.0'
|
||||
|
||||
depends 'kosmos-nginx'
|
||||
depends 'firewall'
|
||||
depends 'kosmos-dirsrv'
|
||||
depends 'discourse'
|
||||
|
|
|
@ -3,43 +3,4 @@
|
|||
# Recipe:: default
|
||||
#
|
||||
|
||||
include_recipe "kosmos-dirsrv::hostsfile"
|
||||
|
||||
package "docker-compose"
|
||||
deploy_path = "/opt/discourse"
|
||||
|
||||
repo = "https://github.com/discourse/discourse_docker"
|
||||
|
||||
git deploy_path do
|
||||
repository repo
|
||||
revision "main"
|
||||
end
|
||||
|
||||
systemd_unit "discourse.service" do
|
||||
content({Unit: {
|
||||
Description: "discourse service with docker compose",
|
||||
Requires: "docker.service",
|
||||
After: "docker.service",
|
||||
},
|
||||
Service: {
|
||||
Type: "oneshot",
|
||||
RemainAfterExit: "true",
|
||||
WorkingDirectory: deploy_path,
|
||||
Environment: "SUPERVISED=true",
|
||||
ExecStart: "#{deploy_path}/launcher start app",
|
||||
ExecStop: "#{deploy_path}/launcher stop app",
|
||||
},
|
||||
Install: {
|
||||
WantedBy: "multi-user.target"
|
||||
}})
|
||||
action [:create, :enable]
|
||||
end
|
||||
|
||||
include_recipe 'firewall'
|
||||
|
||||
firewall_rule 'discourse' do
|
||||
port [3001]
|
||||
source "10.1.1.0/24"
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
include_recipe 'discourse'
|
||||
|
|
|
@ -3,32 +3,4 @@
|
|||
# Recipe:: nginx
|
||||
#
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
domain = "community.kosmos.org"
|
||||
|
||||
upstream_ip_addresses = []
|
||||
search(:node, "role:discourse").each do |n|
|
||||
upstream_ip_addresses << n["knife_zero"]["host"]
|
||||
end
|
||||
# No Discourse host, stop here
|
||||
return if upstream_ip_addresses.empty?
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
||||
source "nginx_conf.erb"
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables server_name: domain,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
|
||||
upstream_port: 3001,
|
||||
upstream_ip_addresses: upstream_ip_addresses
|
||||
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
||||
include_recipe "discourse::nginx"
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
.vagrant
|
||||
*~
|
||||
*#
|
||||
.#*
|
||||
\#*#
|
||||
.*.sw[a-z]
|
||||
*.un~
|
||||
|
||||
# Bundler
|
||||
Gemfile.lock
|
||||
gems.locked
|
||||
bin/*
|
||||
.bundle/*
|
||||
|
||||
# test kitchen
|
||||
.kitchen/
|
||||
kitchen.local.yml
|
||||
|
||||
# Chef
|
||||
Berksfile.lock
|
||||
.zero-knife.rb
|
||||
Policyfile.lock.json
|
|
@ -0,0 +1,5 @@
|
|||
# remotestorage_discourse CHANGELOG
|
||||
|
||||
# 0.1.0
|
||||
|
||||
Initial release.
|
|
@ -0,0 +1,21 @@
|
|||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2020 Kosmos Developers
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
|
@ -0,0 +1,3 @@
|
|||
# remotestorage_discourse
|
||||
|
||||
Wrapper cookbook based on discourse
|
|
@ -0,0 +1,2 @@
|
|||
node.override['discourse']['domain'] = "community.remotestorage.io"
|
||||
node.override['discourse']['role'] = "remotestorage_discourse"
|
|
@ -0,0 +1,110 @@
|
|||
# Put files/directories that should be ignored in this file when uploading
|
||||
# to a Chef Infra Server or Supermarket.
|
||||
# Lines that start with '# ' are comments.
|
||||
|
||||
# OS generated files #
|
||||
######################
|
||||
.DS_Store
|
||||
ehthumbs.db
|
||||
Icon?
|
||||
nohup.out
|
||||
Thumbs.db
|
||||
|
||||
# SASS #
|
||||
########
|
||||
.sass-cache
|
||||
|
||||
# EDITORS #
|
||||
###########
|
||||
.#*
|
||||
.project
|
||||
.settings
|
||||
*_flymake
|
||||
*_flymake.*
|
||||
*.bak
|
||||
*.sw[a-z]
|
||||
*.tmproj
|
||||
*~
|
||||
\#*
|
||||
mkmf.log
|
||||
REVISION
|
||||
TAGS*
|
||||
tmtags
|
||||
|
||||
## COMPILED ##
|
||||
##############
|
||||
*.class
|
||||
*.com
|
||||
*.dll
|
||||
*.exe
|
||||
*.o
|
||||
*.pyc
|
||||
*.so
|
||||
*/rdoc/
|
||||
a.out
|
||||
|
||||
# Testing #
|
||||
###########
|
||||
.circleci/*
|
||||
.codeclimate.yml
|
||||
.foodcritic
|
||||
.kitchen*
|
||||
.rspec
|
||||
.rubocop.yml
|
||||
.travis.yml
|
||||
.watchr
|
||||
azure-pipelines.yml
|
||||
examples/*
|
||||
features/*
|
||||
Guardfile
|
||||
kitchen.yml*
|
||||
Procfile
|
||||
Rakefile
|
||||
spec/*
|
||||
spec/*
|
||||
spec/fixtures/*
|
||||
test/*
|
||||
|
||||
# SCM #
|
||||
#######
|
||||
.git
|
||||
.gitattributes
|
||||
.gitconfig
|
||||
.github/*
|
||||
.gitignore
|
||||
.gitmodules
|
||||
.svn
|
||||
*/.bzr/*
|
||||
*/.git
|
||||
*/.hg/*
|
||||
*/.svn/*
|
||||
|
||||
# Berkshelf #
|
||||
#############
|
||||
Berksfile
|
||||
Berksfile.lock
|
||||
cookbooks/*
|
||||
tmp
|
||||
|
||||
# Bundler #
|
||||
###########
|
||||
vendor/*
|
||||
Gemfile
|
||||
Gemfile.lock
|
||||
|
||||
# Policyfile #
|
||||
##############
|
||||
Policyfile.rb
|
||||
Policyfile.lock.json
|
||||
|
||||
# Cookbooks #
|
||||
#############
|
||||
CHANGELOG*
|
||||
CONTRIBUTING*
|
||||
TESTING*
|
||||
CODE_OF_CONDUCT*
|
||||
|
||||
# Vagrant #
|
||||
###########
|
||||
.vagrant
|
||||
Vagrantfile
|
|
@ -0,0 +1,10 @@
|
|||
name 'remotestorage_discourse'
|
||||
maintainer 'Kosmos Developers'
|
||||
maintainer_email 'mail@kosmos.org'
|
||||
license 'MIT'
|
||||
description 'Installs/Configures discourse'
|
||||
long_description 'Installs/Configures discourse'
|
||||
version '0.1.0'
|
||||
chef_version '>= 14.0'
|
||||
|
||||
depends 'discourse'
|
|
@ -0,0 +1,6 @@
|
|||
#
|
||||
# Cookbook:: remotestorage_discourse
|
||||
# Recipe:: default
|
||||
#
|
||||
|
||||
include_recipe 'discourse'
|
|
@ -0,0 +1,6 @@
|
|||
#
|
||||
# Cookbook:: remotestorage_discourse
|
||||
# Recipe:: nginx
|
||||
#
|
||||
|
||||
include_recipe "discourse::nginx"
|
|
@ -0,0 +1,35 @@
|
|||
# Generated by Chef
|
||||
upstream _discourse {
|
||||
<% @upstream_ip_addresses.each do |upstream_ip_address| -%>
|
||||
server <%= upstream_ip_address %>:<%= @upstream_port %>;
|
||||
<% end -%>
|
||||
}
|
||||
|
||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
server {
|
||||
server_name <%= @server_name %>;
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
|
||||
# Send real IP to the Docker container
|
||||
set_real_ip_from 127.0.0.1;
|
||||
real_ip_header X-Forwarded-For;
|
||||
|
||||
client_max_body_size 20M;
|
||||
|
||||
location / {
|
||||
# Increase number of buffers. Default is 8
|
||||
proxy_buffers 1024 8k;
|
||||
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_pass http://_discourse;
|
||||
proxy_http_version 1.1;
|
||||
}
|
||||
}
|
||||
<% end -%>
|
Loading…
Reference in New Issue