Move each vhost to its own config file

2020-02-17 13:20:54 +01:00 · 2020-02-17 13:20:54 +01:00 · 38f39af2a4
parent 463664448c
commit 38f39af2a4
3 changed files with 51 additions and 43 deletions
--- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb
+++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb
@ -104,6 +104,12 @@ modules:
  }
 ]

+ldap_domain = node['kosmos-dirsrv']['master_hostname']
+ldap_encryption_type = node.chef_environment == "development" ? "none" : "tls"
+ldap_base = "cn=users,dc=kosmos,dc=org"
+
+admin_users = ejabberd_credentials['admins']
+
 hosts.each do |host|
  postgresql_database host[:sql_database] do
    owner 'ejabberd'
@ -116,14 +122,21 @@ hosts.each do |host|
    command "psql #{host[:sql_database]}} < #{Chef::Config[:file_cache_path]}/pg.sql"
    action :nothing
  end
+
+  template "/opt/ejabberd/conf/#{host[:name]}.yml" do
+    source    "vhost.yml.erb"
+    mode      0640
+    owner     'ejabberd'
+    group     'ejabberd'
+    sensitive true
+    variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'],
+              host: host,
+              ldap_base: ldap_base,
+              ldap_server: ldap_domain,
+              ldap_encryption_type: ldap_encryption_type
+  end
 end

-ldap_domain = node['kosmos-dirsrv']['master_hostname']
-ldap_encryption_type = node.chef_environment == "development" ? "none" : "tls"
-ldap_base = "cn=users,dc=kosmos,dc=org"
-
-admin_users = ejabberd_credentials['admins']
-
 template "/opt/ejabberd/conf/ejabberd.yml" do
  source    "ejabberd.yml.erb"
  mode      0640
--- a/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/ejabberd.yml.erb
@ -6,40 +6,10 @@ log_rotate_count: 1

 log_rate_limit: 100

-hosts:
 <% @hosts.each do |host| -%>
-  - "<%= host[:name] %>"
+include_config_file: "/opt/ejabberd/conf/<%= host[:name] %>.yml"
 <% end -%>

-host_config:
-<% @hosts.each do |host| -%>
-  "<%= host[:name] %>":
-    sql_type: pgsql
-    sql_server: "localhost"
-    sql_database: "<%= host[:sql_database] %>"
-    sql_username: "ejabberd"
-    sql_password: "<%= @pgsql_password %>"
-  <% if host[:ldap_enabled] -%>
-    auth_method: ldap
-    ldap_servers: ["<%= @ldap_server %>"]
-    ldap_rootdn: "cn=xmpp,ou=<%= host[:name] %>,<%= @ldap_base %>"
-    ldap_password: "<%= host[:ldap_password] %>"
-    ldap_encrypt: <%= @ldap_encryption_type %>
-    ldap_tls_verify: hard # when TLS is enabled, don't proceed if a cert is invalid
-    ldap_base: "ou=<%= host[:name] %>,<%= @ldap_base %>"
-    ldap_filter: "(nsRole=cn=xmpp_role,ou=<%= host[:name] %>,<%= @ldap_base %>)"
-  <% end -%>
-<% end -%>
-
-<% if @hosts.any? { |host| File.exist?("/opt/ejabberd/conf/#{host[:name]}.crt") && File.exist?("/opt/ejabberd/conf/#{host[:name]}.key") } -%>
-certfiles:
-<% @hosts.each do |host| -%>
-  <% if File.exist?("/opt/ejabberd/conf/#{host[:name]}.crt") && File.exist?("/opt/ejabberd/conf/#{host[:name]}.key") -%>
-  - "/opt/ejabberd/conf/<%= host[:name] %>.crt"
-  - "/opt/ejabberd/conf/<%= host[:name] %>.key"
-  <% end -%>
-<% end -%>
-<% end -%>
 ca_file: "/opt/ejabberd/conf/cacert.pem"

 define_macro:
@ -248,12 +218,6 @@ modules:
  mod_s2s_dialback: {}
  mod_http_api: {}

-append_host_config:
-<% @hosts.each do |host| -%>
-  "<%= host[:name] %>":
-    <%= host[:append_host_config].chomp %>
-<% end -%>
-
 allow_contrib_modules: true

 ### Local Variables:
--- a/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb
+++ b/site-cookbooks/kosmos-ejabberd/templates/vhost.yml.erb
@ -0,0 +1,31 @@
+# Generated by Chef for <%= @host[:name] %>
+hosts:
+  - "<%= @host[:name] %>"
+
+<% if File.exist?("/opt/ejabberd/conf/#{@host[:name]}.crt") && File.exist?("/opt/ejabberd/conf/#{@host[:name]}.key") -%>
+certfiles:
+  - "/opt/ejabberd/conf/<%= @host[:name] %>.crt"
+  - "/opt/ejabberd/conf/<%= @host[:name] %>.key"
+<% end -%>
+host_config:
+  "<%= @host[:name] %>":
+    sql_type: pgsql
+    sql_server: "localhost"
+    sql_database: "<%= @host[:sql_database] %>"
+    sql_username: "ejabberd"
+    sql_password: "<%= @pgsql_password %>"
+  <% if @host[:ldap_enabled] -%>
+    auth_method: ldap
+    ldap_servers: ["<%= @ldap_server %>"]
+    ldap_rootdn: "cn=xmpp,ou=<%= @host[:name] %>,<%= @ldap_base %>"
+    ldap_password: "<%= @host[:ldap_password] %>"
+    ldap_encrypt: <%= @ldap_encryption_type %>
+    ldap_tls_verify: hard # when TLS is enabled, don't proceed if a cert is invalid
+    ldap_base: "ou=<%= @host[:name] %>,<%= @ldap_base %>"
+    ldap_filter: "(nsRole=cn=xmpp_role,ou=<%= @host[:name] %>,<%= @ldap_base %>)"
+  <% end -%>
+
+append_host_config:
+  "<%= @host[:name] %>":
+    <%= @host[:append_host_config].chomp %>
+