kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Merge pull request 'Fix Sockethub being offline due to missing HAProxy and UFW configs' (#392) from bugfix/sockethub_firewall into master

Browse Source 
Reviewed-on: #392
This commit is contained in:
Râu Cao 2022-03-02 15:57:05 +00:00
commit 8d7dacffd5
6 changed files with 23 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
nodes/draco.kosmos.org.json
View File

@ -12,16 +12,13 @@
"hostname": "draco", "hostname": "draco",
"ipaddress": "148.251.237.73", "ipaddress": "148.251.237.73",
"roles": [ "roles": [
"postgresql_primary"
], ],
"recipes": [ "recipes": [
"kosmos-base", "kosmos-base",
"kosmos-base::default", "kosmos-base::default",
"kosmos_encfs", "kosmos_encfs",
"kosmos_encfs::default", "kosmos_encfs::default",
"kosmos-postgresql",
"kosmos-postgresql::default",
"kosmos-postgresql::firewall_replicas",
"kosmos_kvm::host", "kosmos_kvm::host",
"kosmos-ejabberd::firewall", "kosmos-ejabberd::firewall",
"kosmos-ipfs::firewall_swarm", "kosmos-ipfs::firewall_swarm",
@ -29,10 +26,12 @@
"kosmos-bitcoin::firewall", "kosmos-bitcoin::firewall",
"kosmos_zerotier::firewall", "kosmos_zerotier::firewall",
"kosmos-nginx::firewall", "kosmos-nginx::firewall",
"sockethub::firewall",
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
@ -43,8 +42,7 @@
"postfix::sasl_auth", "postfix::sasl_auth",
"hostname::default", "hostname::default",
"firewall::default", "firewall::default",
"chef-sugar::default", "chef-sugar::default"
"build-essential::default"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "20.04", "platform_version": "20.04",
@ -69,6 +67,7 @@
"recipe[kosmos-ipfs::firewall_public_gateway]", "recipe[kosmos-ipfs::firewall_public_gateway]",
"recipe[kosmos-bitcoin::firewall]", "recipe[kosmos-bitcoin::firewall]",
"recipe[kosmos_zerotier::firewall]", "recipe[kosmos_zerotier::firewall]",
"recipe[kosmos-nginx::firewall]" "recipe[kosmos-nginx::firewall]",
"recipe[sockethub::firewall]"
] ]
} }

2
nodes/nodejs-3.json
View File

@ -61,7 +61,7 @@
"kosmos-nginx::firewall", "kosmos-nginx::firewall",
"nodejs::npm", "nodejs::npm",
"nodejs::install", "nodejs::install",
"sockethub::_firewall" "sockethub::firewall"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "20.04", "platform_version": "20.04",

36
site-cookbooks/sockethub/recipes/_firewall.rb
View File

@ -1,36 +0,0 @@
#
# Cookbook Name:: sockethub
# Recipe:: _firewall
#
# The MIT License (MIT)
#
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
unless node.chef_environment == "development"
include_recipe "kosmos-base::firewall"
firewall_rule 'sockethub' do
port node['sockethub']['external_port'].to_i
protocol :tcp
command :allow
end
end

21
site-cookbooks/sockethub/recipes/default.rb
View File

@ -2,27 +2,6 @@
# Cookbook Name:: sockethub # Cookbook Name:: sockethub
# Recipe:: default # Recipe:: default
# #
# The MIT License (MIT)
#
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
include_recipe 'kosmos-nodejs' include_recipe 'kosmos-nodejs'
include_recipe 'kosmos-redis' include_recipe 'kosmos-redis'

14
site-cookbooks/sockethub/recipes/firewall.rb Normal file
View File

@ -0,0 +1,14 @@
#
# Cookbook Name:: sockethub
# Recipe:: firewall
#
unless node.chef_environment == "development"
include_recipe "kosmos-base::firewall"
firewall_rule 'sockethub' do
port node['sockethub']['external_port'].to_i
protocol :tcp
command :allow
end
end

23
site-cookbooks/sockethub/recipes/proxy.rb
View File

@ -2,29 +2,8 @@
# Cookbook Name:: sockethub # Cookbook Name:: sockethub
# Recipe:: proxy # Recipe:: proxy
# #
# The MIT License (MIT)
#
# Copyright:: 2019, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
include_recipe 'sockethub::_firewall' include_recipe 'sockethub::firewall'
include_recipe 'kosmos-nginx' include_recipe 'kosmos-nginx'
include_recipe "kosmos-base::letsencrypt" include_recipe "kosmos-base::letsencrypt"