Move each vhost to its own config file
This commit is contained in:
parent
463664448c
commit
38f39af2a4
|
@ -104,6 +104,12 @@ modules:
|
|||
}
|
||||
]
|
||||
|
||||
ldap_domain = node['kosmos-dirsrv']['master_hostname']
|
||||
ldap_encryption_type = node.chef_environment == "development" ? "none" : "tls"
|
||||
ldap_base = "cn=users,dc=kosmos,dc=org"
|
||||
|
||||
admin_users = ejabberd_credentials['admins']
|
||||
|
||||
hosts.each do |host|
|
||||
postgresql_database host[:sql_database] do
|
||||
owner 'ejabberd'
|
||||
|
@ -116,14 +122,21 @@ hosts.each do |host|
|
|||
command "psql #{host[:sql_database]}} < #{Chef::Config[:file_cache_path]}/pg.sql"
|
||||
action :nothing
|
||||
end
|
||||
|
||||
template "/opt/ejabberd/conf/#{host[:name]}.yml" do
|
||||
source "vhost.yml.erb"
|
||||
mode 0640
|
||||
owner 'ejabberd'
|
||||
group 'ejabberd'
|
||||
sensitive true
|
||||
variables pgsql_password: postgresql_data_bag_item['ejabberd_user_password'],
|
||||
host: host,
|
||||
ldap_base: ldap_base,
|
||||
ldap_server: ldap_domain,
|
||||
ldap_encryption_type: ldap_encryption_type
|
||||
end
|
||||
end
|
||||
|
||||
ldap_domain = node['kosmos-dirsrv']['master_hostname']
|
||||
ldap_encryption_type = node.chef_environment == "development" ? "none" : "tls"
|
||||
ldap_base = "cn=users,dc=kosmos,dc=org"
|
||||
|
||||
admin_users = ejabberd_credentials['admins']
|
||||
|
||||
template "/opt/ejabberd/conf/ejabberd.yml" do
|
||||
source "ejabberd.yml.erb"
|
||||
mode 0640
|
||||
|
|
|
@ -6,40 +6,10 @@ log_rotate_count: 1
|
|||
|
||||
log_rate_limit: 100
|
||||
|
||||
hosts:
|
||||
<% @hosts.each do |host| -%>
|
||||
- "<%= host[:name] %>"
|
||||
include_config_file: "/opt/ejabberd/conf/<%= host[:name] %>.yml"
|
||||
<% end -%>
|
||||
|
||||
host_config:
|
||||
<% @hosts.each do |host| -%>
|
||||
"<%= host[:name] %>":
|
||||
sql_type: pgsql
|
||||
sql_server: "localhost"
|
||||
sql_database: "<%= host[:sql_database] %>"
|
||||
sql_username: "ejabberd"
|
||||
sql_password: "<%= @pgsql_password %>"
|
||||
<% if host[:ldap_enabled] -%>
|
||||
auth_method: ldap
|
||||
ldap_servers: ["<%= @ldap_server %>"]
|
||||
ldap_rootdn: "cn=xmpp,ou=<%= host[:name] %>,<%= @ldap_base %>"
|
||||
ldap_password: "<%= host[:ldap_password] %>"
|
||||
ldap_encrypt: <%= @ldap_encryption_type %>
|
||||
ldap_tls_verify: hard # when TLS is enabled, don't proceed if a cert is invalid
|
||||
ldap_base: "ou=<%= host[:name] %>,<%= @ldap_base %>"
|
||||
ldap_filter: "(nsRole=cn=xmpp_role,ou=<%= host[:name] %>,<%= @ldap_base %>)"
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
|
||||
<% if @hosts.any? { |host| File.exist?("/opt/ejabberd/conf/#{host[:name]}.crt") && File.exist?("/opt/ejabberd/conf/#{host[:name]}.key") } -%>
|
||||
certfiles:
|
||||
<% @hosts.each do |host| -%>
|
||||
<% if File.exist?("/opt/ejabberd/conf/#{host[:name]}.crt") && File.exist?("/opt/ejabberd/conf/#{host[:name]}.key") -%>
|
||||
- "/opt/ejabberd/conf/<%= host[:name] %>.crt"
|
||||
- "/opt/ejabberd/conf/<%= host[:name] %>.key"
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
ca_file: "/opt/ejabberd/conf/cacert.pem"
|
||||
|
||||
define_macro:
|
||||
|
@ -248,12 +218,6 @@ modules:
|
|||
mod_s2s_dialback: {}
|
||||
mod_http_api: {}
|
||||
|
||||
append_host_config:
|
||||
<% @hosts.each do |host| -%>
|
||||
"<%= host[:name] %>":
|
||||
<%= host[:append_host_config].chomp %>
|
||||
<% end -%>
|
||||
|
||||
allow_contrib_modules: true
|
||||
|
||||
### Local Variables:
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
# Generated by Chef for <%= @host[:name] %>
|
||||
hosts:
|
||||
- "<%= @host[:name] %>"
|
||||
|
||||
<% if File.exist?("/opt/ejabberd/conf/#{@host[:name]}.crt") && File.exist?("/opt/ejabberd/conf/#{@host[:name]}.key") -%>
|
||||
certfiles:
|
||||
- "/opt/ejabberd/conf/<%= @host[:name] %>.crt"
|
||||
- "/opt/ejabberd/conf/<%= @host[:name] %>.key"
|
||||
<% end -%>
|
||||
host_config:
|
||||
"<%= @host[:name] %>":
|
||||
sql_type: pgsql
|
||||
sql_server: "localhost"
|
||||
sql_database: "<%= @host[:sql_database] %>"
|
||||
sql_username: "ejabberd"
|
||||
sql_password: "<%= @pgsql_password %>"
|
||||
<% if @host[:ldap_enabled] -%>
|
||||
auth_method: ldap
|
||||
ldap_servers: ["<%= @ldap_server %>"]
|
||||
ldap_rootdn: "cn=xmpp,ou=<%= @host[:name] %>,<%= @ldap_base %>"
|
||||
ldap_password: "<%= @host[:ldap_password] %>"
|
||||
ldap_encrypt: <%= @ldap_encryption_type %>
|
||||
ldap_tls_verify: hard # when TLS is enabled, don't proceed if a cert is invalid
|
||||
ldap_base: "ou=<%= @host[:name] %>,<%= @ldap_base %>"
|
||||
ldap_filter: "(nsRole=cn=xmpp_role,ou=<%= @host[:name] %>,<%= @ldap_base %>)"
|
||||
<% end -%>
|
||||
|
||||
append_host_config:
|
||||
"<%= @host[:name] %>":
|
||||
<%= @host[:append_host_config].chomp %>
|
||||
|
Loading…
Reference in New Issue