Migrate ejabberd UDP streams to openresty

And remove the other streams in the process, in favor of running haproxy
on all LBs.

nodes/draco.kosmos.org.json

@@ -45,6 +45,7 @@
       "kosmos_assets::nginx_site",
       "kosmos_discourse::nginx",
       "kosmos_drone::nginx",
+      "kosmos-ejabberd::nginx",
       "kosmos_garage::nginx_web",
       "kosmos_gitea::nginx",
       "kosmos_gitea::nginx_ssh",

roles/openresty_proxy.rb

@@ -20,7 +20,6 @@ development_run_list = %w(
 
 default_run_list = %w(
   role[openresty]
-  kosmos-ejabberd::nginx
 )
 
 production_run_list = %w(
@@ -29,6 +28,7 @@ production_run_list = %w(
   kosmos_assets::nginx_site
   kosmos_discourse::nginx
   kosmos_drone::nginx
+  kosmos-ejabberd::nginx
   kosmos_garage::nginx_web
   kosmos_gitea::nginx
   kosmos_gitea::nginx_ssh

site-cookbooks/kosmos-ejabberd/recipes/nginx.rb

@@ -17,28 +17,15 @@ rescue IPAddr::InvalidAddressError
   next
 end
 
-template "#{node['nginx']['dir']}/streams-available/ejabberd" do
+openresty_stream "ejabberd" do
-  source "nginx_conf_streams.erb"
+  template "nginx_conf_streams.erb"
-  owner 'www-data'
-  mode 0640
-  # variables ejabberd_hosts: ejabberd_hosts
   variables ejabberd_hosts: ["10.1.1.113"],
             stun_turn_port: node["kosmos-ejabberd"]["stun_turn_port"],
             turn_min_port: node["kosmos-ejabberd"]["turn_min_port"],
             turn_max_port: node["kosmos-ejabberd"]["turn_max_port"]
-  notifies :reload, 'service[nginx]', :delayed
-end
-
-nginx_stream "ejabberd" do
   action :enable
 end
 
-firewall_rule "ejabberd" do
-  port     [5222, 5223, 5269, 5443]
-  protocol :tcp
-  command  :allow
-end
-
 firewall_rule 'ejabberd_stun_turn' do
   port     node["kosmos-ejabberd"]["stun_turn_port"]
   protocol :udp

site-cookbooks/kosmos-ejabberd/templates/nginx_conf_streams.erb

@@ -5,34 +5,6 @@ log_format proxy '$remote_addr [$time_local] '
 
 access_log /var/log/nginx/streams.log proxy buffer=32k flush=1m;
 
-upstream ejabberd_c2s {
-  hash   $remote_addr consistent;
-<% @ejabberd_hosts.each do |ip_address| %>
-  server <%= ip_address %>:5222;
-<% end %>
-}
-
-upstream ejabberd_c2s_tls {
-  hash   $remote_addr consistent;
-<% @ejabberd_hosts.each do |ip_address| %>
-  server <%= ip_address %>:5223;
-<% end %>
-}
-
-upstream ejabberd_s2s {
-  hash   $remote_addr consistent;
-<% @ejabberd_hosts.each do |ip_address| %>
-  server <%= ip_address %>:5269;
-<% end %>
-}
-
-upstream ejabberd_https {
-  hash   $remote_addr consistent;
-<% @ejabberd_hosts.each do |ip_address| %>
-  server <%= ip_address %>:5443;
-<% end %>
-}
-
 upstream ejabberd_stun_turn {
   hash   $remote_addr consistent;
 <% @ejabberd_hosts.each do |ip_address| %>
@@ -50,36 +22,12 @@ upstream ejabberd_turn {
 }
 
 server {
-  listen     5222;
+  listen <%= @stun_turn_port %> udp;
-  proxy_protocol on;
-  proxy_pass ejabberd_c2s;
-}
-
-server {
-  listen     5223;
-  proxy_protocol on;
-  proxy_pass ejabberd_c2s;
-}
-
-server {
-  listen     5269;
-  proxy_protocol on;
-  proxy_pass ejabberd_s2s;
-}
-
-server {
-  listen     5443;
-  proxy_protocol on;
-  proxy_pass ejabberd_https;
-}
-
-server {
-  listen     <%= @stun_turn_port %> udp;
   proxy_pass ejabberd_stun_turn;
 }
 
 server {
-  listen     <%= "#{@turn_min_port}-#{@turn_max_port}" %> udp;
+  listen <%= "#{@turn_min_port}-#{@turn_max_port}" %> udp;
   proxy_pass 10.1.1.113:$server_port;
   #proxy_pass ejabberd_turn;
 }