From 8ae7cdfafdc8662d79c7486da2b17f8c8cff525f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Fri, 17 Mar 2023 19:13:04 +0700 Subject: [PATCH] Switch Discourse uploads and backups to Garage/S3 --- data_bags/credentials/discourse_kosmos.json | 17 ++++++++++++++++ environments/production.json | 3 ++- nodes/discourse-2.json | 20 ++++++++++++------- site-cookbooks/kosmos_discourse/metadata.rb | 1 + .../kosmos_discourse/recipes/default.rb | 7 +++++++ .../kosmos_garage/recipes/nginx_web.rb | 11 ++++++++++ .../templates/nginx_conf_web.erb | 7 ------- 7 files changed, 51 insertions(+), 15 deletions(-) create mode 100644 data_bags/credentials/discourse_kosmos.json diff --git a/data_bags/credentials/discourse_kosmos.json b/data_bags/credentials/discourse_kosmos.json new file mode 100644 index 0000000..85d906d --- /dev/null +++ b/data_bags/credentials/discourse_kosmos.json @@ -0,0 +1,17 @@ +{ + "id": "discourse_kosmos", + "s3_key_id": { + "encrypted_data": "tkJ2IuYaF1FmKEJx3DMeKFxgBRXQU1Im3DViKPVrrPLlXKURoRiFNL/RxhhU\n", + "iv": "awSu91lqD/MRX4di\n", + "auth_tag": "vuQtXlhsI2Vml4v4kQkYkg==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "s3_secret_key": { + "encrypted_data": "Vk33ZkDTo8ELqJ+mBcDnS2VAXLWNSFgoZ9dZBw8KbIzVoe1rdcdA5/DYDRVN\nuHFZM/E62W01JdvLN/lK9R5wQobJmmp6LCnGz1WOC/OyPuxj3xk=\n", + "iv": "EnXlejoKW4dcJGqy\n", + "auth_tag": "mSVxA4H4aLyJU3xcmetFAQ==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file diff --git a/environments/production.json b/environments/production.json index ea28097..6c44e15 100644 --- a/environments/production.json +++ b/environments/production.json @@ -12,7 +12,8 @@ "s3_api_root_domain": ".s3.garage.kosmos.org", "s3_web_root_domain": ".web.garage.kosmos.org", "s3_web_domains": [ - "s3.kosmos.social" + "s3.kosmos.social", + "s3.community.kosmos.org" ] }, "gitea": { diff --git a/nodes/discourse-2.json b/nodes/discourse-2.json index 5f16686..b47c77d 100644 --- a/nodes/discourse-2.json +++ b/nodes/discourse-2.json @@ -1,5 +1,6 @@ { "name": "discourse-2", + "chef_environment": "production", "normal": { "knife_zero": { "host": "10.1.1.35" @@ -8,20 +9,24 @@ "automatic": { "fqdn": "discourse-2", "os": "linux", - "os_version": "5.4.0-1058-kvm", + "os_version": "5.4.0-1087-kvm", "hostname": "discourse-2", "ipaddress": "192.168.122.104", "roles": [ - "kosmos_discourse", - "kvm_guest" + "kvm_guest", + "garage_gateway", + "kosmos_discourse" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_kvm::guest", + "kosmos_garage", + "kosmos_garage::default", + "kosmos_garage::firewall_rpc", "kosmos-dirsrv::hostsfile", "kosmos_discourse", "kosmos_discourse::default", - "kosmos_kvm::guest", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -36,9 +41,9 @@ "postfix::_attributes", "postfix::sasl_auth", "hostname::default", - "discourse::default", "firewall::default", - "chef-sugar::default" + "chef-sugar::default", + "discourse::default" ], "platform": "ubuntu", "platform_version": "20.04", @@ -58,6 +63,7 @@ "run_list": [ "recipe[kosmos-base]", "role[kvm_guest]", + "role[garage_gateway]", "role[kosmos_discourse]" ] -} +} \ No newline at end of file diff --git a/site-cookbooks/kosmos_discourse/metadata.rb b/site-cookbooks/kosmos_discourse/metadata.rb index bf5ce1b..1a3b1c6 100644 --- a/site-cookbooks/kosmos_discourse/metadata.rb +++ b/site-cookbooks/kosmos_discourse/metadata.rb @@ -8,3 +8,4 @@ version '0.1.0' chef_version '>= 14.0' depends 'discourse' +depends 'firewall' diff --git a/site-cookbooks/kosmos_discourse/recipes/default.rb b/site-cookbooks/kosmos_discourse/recipes/default.rb index 99da6d1..ce348fd 100644 --- a/site-cookbooks/kosmos_discourse/recipes/default.rb +++ b/site-cookbooks/kosmos_discourse/recipes/default.rb @@ -4,3 +4,10 @@ # include_recipe 'discourse' + +firewall_rule "garage_docker" do + command :allow + port node['garage']['s3_api_port'] + protocol :tcp + source "172.17.0.1/24" +end diff --git a/site-cookbooks/kosmos_garage/recipes/nginx_web.rb b/site-cookbooks/kosmos_garage/recipes/nginx_web.rb index 83e6399..9da8ab9 100644 --- a/site-cookbooks/kosmos_garage/recipes/nginx_web.rb +++ b/site-cookbooks/kosmos_garage/recipes/nginx_web.rb @@ -5,6 +5,17 @@ include_recipe "kosmos-nginx" +file "/etc/nginx/conf.d/garage.conf" do + content <<-EOF +upstream garage_web { + server localhost:3902; +} + +proxy_cache_path /var/cache/nginx/garage levels=1:2 keys_zone=garage_cache:10m + max_size=1g inactive=60m use_temp_path=off; +EOF +end + domains = node['garage']['s3_web_domains'] domains.each do |server_name| diff --git a/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb b/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb index 566980f..c925887 100644 --- a/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb +++ b/site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb @@ -1,10 +1,3 @@ -upstream garage_web { - server localhost:3902; -} - -proxy_cache_path /var/cache/nginx/garage levels=1:2 keys_zone=garage_cache:10m - max_size=1g inactive=60m use_temp_path=off; - server { listen 443 http2 ssl; listen [::]:443 http2 ssl;