Switch Discourse uploads and backups to Garage/S3

data_bags/credentials/discourse_kosmos.json

@@ -0,0 +1,17 @@
+{
+  "id": "discourse_kosmos",
+  "s3_key_id": {
+    "encrypted_data": "tkJ2IuYaF1FmKEJx3DMeKFxgBRXQU1Im3DViKPVrrPLlXKURoRiFNL/RxhhU\n",
+    "iv": "awSu91lqD/MRX4di\n",
+    "auth_tag": "vuQtXlhsI2Vml4v4kQkYkg==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "s3_secret_key": {
+    "encrypted_data": "Vk33ZkDTo8ELqJ+mBcDnS2VAXLWNSFgoZ9dZBw8KbIzVoe1rdcdA5/DYDRVN\nuHFZM/E62W01JdvLN/lK9R5wQobJmmp6LCnGz1WOC/OyPuxj3xk=\n",
+    "iv": "EnXlejoKW4dcJGqy\n",
+    "auth_tag": "mSVxA4H4aLyJU3xcmetFAQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  }
+}

environments/production.json

@@ -12,7 +12,8 @@
       "s3_api_root_domain": ".s3.garage.kosmos.org",
       "s3_web_root_domain": ".web.garage.kosmos.org",
       "s3_web_domains": [
-        "s3.kosmos.social"
+        "s3.kosmos.social",
+        "s3.community.kosmos.org"
       ]
     },
     "gitea": {

nodes/discourse-2.json

@@ -1,5 +1,6 @@
 {
   "name": "discourse-2",
+  "chef_environment": "production",
   "normal": {
     "knife_zero": {
       "host": "10.1.1.35"
@@ -8,20 +9,24 @@
   "automatic": {
     "fqdn": "discourse-2",
     "os": "linux",
-    "os_version": "5.4.0-1058-kvm",
+    "os_version": "5.4.0-1087-kvm",
     "hostname": "discourse-2",
     "ipaddress": "192.168.122.104",
     "roles": [
-      "kosmos_discourse",
-      "kvm_guest"
+      "kvm_guest",
+      "garage_gateway",
+      "kosmos_discourse"
     ],
     "recipes": [
       "kosmos-base",
       "kosmos-base::default",
+      "kosmos_kvm::guest",
+      "kosmos_garage",
+      "kosmos_garage::default",
+      "kosmos_garage::firewall_rpc",
       "kosmos-dirsrv::hostsfile",
       "kosmos_discourse",
       "kosmos_discourse::default",
-      "kosmos_kvm::guest",
       "apt::default",
       "timezone_iii::default",
       "timezone_iii::debian",
@@ -36,9 +41,9 @@
       "postfix::_attributes",
       "postfix::sasl_auth",
       "hostname::default",
-      "discourse::default",
       "firewall::default",
-      "chef-sugar::default"
+      "chef-sugar::default",
+      "discourse::default"
     ],
     "platform": "ubuntu",
     "platform_version": "20.04",
@@ -58,6 +63,7 @@
   "run_list": [
     "recipe[kosmos-base]",
     "role[kvm_guest]",
+    "role[garage_gateway]",
     "role[kosmos_discourse]"
   ]
 }

site-cookbooks/kosmos_discourse/metadata.rb

@@ -8,3 +8,4 @@ version '0.1.0'
 chef_version '>= 14.0'
 
 depends 'discourse'
+depends 'firewall'

site-cookbooks/kosmos_discourse/recipes/default.rb

@@ -4,3 +4,10 @@
 #
 
 include_recipe 'discourse'
+
+firewall_rule "garage_docker" do
+  command  :allow
+  port     node['garage']['s3_api_port']
+  protocol :tcp
+  source   "172.17.0.1/24"
+end

site-cookbooks/kosmos_garage/recipes/nginx_web.rb

@@ -5,6 +5,17 @@
 
 include_recipe "kosmos-nginx"
 
+file "/etc/nginx/conf.d/garage.conf" do
+  content <<-EOF
+upstream garage_web {
+  server localhost:3902;
+}
+
+proxy_cache_path /var/cache/nginx/garage levels=1:2 keys_zone=garage_cache:10m
+                 max_size=1g inactive=60m use_temp_path=off;
+EOF
+end
+
 domains = node['garage']['s3_web_domains']
 
 domains.each do |server_name|

site-cookbooks/kosmos_garage/templates/nginx_conf_web.erb

@@ -1,10 +1,3 @@
-upstream garage_web {
-  server localhost:3902;
-}
-
-proxy_cache_path /var/cache/nginx/garage levels=1:2 keys_zone=garage_cache:10m
-                 max_size=1g inactive=60m use_temp_path=off;
-
 server {
   listen 443 http2 ssl;
   listen [::]:443 http2 ssl;