Merge pull request 'Set up live backups for all VMs' (#433) from feature/qemu_snapshots into master
Reviewed-on: #433
This commit is contained in:
commit
945283738a
|
@ -25,6 +25,9 @@ knife[:automatic_attribute_whitelist] = %w[
|
|||
cloud_v2
|
||||
chef_packages
|
||||
]
|
||||
|
||||
knife[:default_attribute_whitelist] = []
|
||||
knife[:normal_attribute_whitelist] = ['knife_zero','kosmos-ejabberd']
|
||||
knife[:normal_attribute_whitelist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd']
|
||||
knife[:override_attribute_whitelist] = []
|
||||
|
||||
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd']
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"name": "jitsi-meet-1",
|
||||
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNMD7N7s+JZM6PLlcrKN\n4jnr0jB5kU+Gr8EHtdpaBDGN5x8BahAkMuXcWfMQj4xIvUhTY4tTvDDYgcJGbrY4\ncmmt/YLX4t/OR6g2JxzIRWDBITTTlX7h5QUg10irjfPsyaU9O7lChDk4M3j5J4c2\nZFlZAar1+CeC5nwcEtNg4nL36I6bxUL5e/rEeeUGCGuqn3tAQ+GXj1G4uJYI18JQ\nhv43nIqbF+oVe5iRy58rXILd+zmbOq87cnF8O2ode44jRwtH4K0+uHTmq+83Q8Ld\n3wBZTnrQEnUDm6IuFuWfYhvNGlXAJrcmoH/wA1B5IAcuF3vhw9JY9axy+GDFszOX\nxwIDAQAB\n-----END PUBLIC KEY-----\n"
|
||||
}
|
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
"id": "borg",
|
||||
"ssh_key": {
|
||||
"encrypted_data": "znPXuD/hMY4+1eihuSx1sB/QKohd92B8/TkZd5g+J+uH1yedbeKosc+q7fJT\njlFy0ebySS5URB1O5ij4/YbulnhcNhYb5/ozf6GnhBl2VlmQD0fdE+NlSlGf\nB6nM+qbvtR9V2sAtaVaugILHy4jD/y1jBnh3VyoKtiLG9WrPe1Q5gwTxEDLi\nn7qpcamZt1D5QB+6kMpVqAmL4oV0oFervfrRcf1QyR0vriwdAMz2+iuQ6/Cq\nyRSDkuaGChrX3W8hd+WkaQaU3ak6A2Ih9iO8MIa9j75FpzCDnBl0A1WLvzeC\ngILDFT0J1eSnDhAZfpOPZxCkaGB6ueop1BwWGhtmDZns1IdKccKRhK56i7BC\nGaJv8nDYxmSq90RYZdhnmbVPCyNrbcj+Pkun+N/us7WE2mYZZTXXy0CE1WMC\n0xglisNS06ODTToD8dmv3wLqeS4yk0Ws9JypWxjUS0NGc9k/uGa5MGIBxJfm\nsi4X0ZaoxMPHmNnOCMMIC0MQE82tBtA3tM2mxd6rohgtdtpo9cxsKWW2Pu3O\nW6Wq/A3d4X/9+LbjQKe48gqCeuZXanJxniBtdm2Z08Yi30/lQRwhauGXP1FT\nyot2FVZLLdTHaDHdcaUjU8A/NJsS+DRPWT8xAk1w1jVPytQMZUrPUYbjPXTu\nhqj24Qyyxb836y23hVCNrrRJg35Mb/mHy8LEbxJ1cxoekAR8d5r+yR5UF72j\nDLg+7fEqzIoSqjFB5Ho2hemTzajxwD2d+FATxQN7C+T1LBenDE/cw0HTKV/H\nnjPvb+bLfhCVb0xdkTlFlnF4WUn32tEQhTGrXefQcSV94Go75MoegIflwNo4\nnOsEOeD9VSwRKqsJ82pjRFaGr7HovakeqE/itruvEKGKn+53Sc9xVRgnyve7\nsQ0vdbVSsH6dBQJYDgSUdNNU9PXbqRqbk3CqFpQAEaxoy6mE9oPK89Mdx9mF\no9B8G291d1GvaOSvJjvlzlWmqUCYhQLR+HTeHf+5gp1dSJRlL3b55m1x7PCC\nB4Ma6XLo9gdF/XXGfZE98vg/MJ5w0JjLYouU/v8BaHNWdrxo5MEoky246LmL\ntLY57TbfGu8HTmvScir43hevIC4JqDHJhUQrz3vmd1yFcUBgWIqEYv6guU8K\nW9cYS+LBwbKDg7uXOx93P5pgPzMZbS0aBPt0QCwIwGmhQTPba+WWh6rPwNkl\nV4HRG0TgFJ8skgKWLhEMOYC02KRT/ve+OJ1LawqIK5BsMK81KoX2Drf7Oyba\nOkekMHsA9T6woSjIBTouKIz8r09vkJe9W/0pN7Y/NtE+y+FuZlKC1peafc3x\nE4ZhNotHtyAydsB6NgxpjkBNxUsVe+DlTyGCzEis/pG2XREUniiqd5DhbPKM\nH9EkXiRrtvrmD792ca8lGfMYTNOcoLD1vRlzFmHCjE7NOKAZ4lEwZWEGnxwp\nIEJFCScdPmDxK0uqMw2DaEjlAVblg1EOcs1xG4JwOcY/aWkuslp2MrmOIh7a\nSUdlr+SBi7faEMIslG24s3noDD4DFU5CQSb0ErH6j02VsUi90QYrm9XCkfEl\n2OcbvC9KICmKEj1mxvTQLBALtyTJGXIOzPbxp/Dw2a9o/WnsWDaXhTcLGqdu\nNn3ghESEb1G+pYHJa7lJ62RSQTpRp19gpdUS8SRhqwUkceFCnuuFST3SmspU\ngpjY8xsRZ3h9fzI/ob1nan5pXnzZCf76X7bGL3DqNlpq1SkdGI5NaN7ko42u\nkPafYy6MiAU6lYvg4G4pobJu8qnGcX9Wuf4K2Jl7niOQTUDIwjyrd+1uI9S2\nn5rLmwhQFxPrT/FuLg3nYAohrnAuMDXFQ13XO0q9smaSZDXPheGdTxT4HRTE\nkN1oAvvmhtVbBqNbKBY09Dn1khiUa3mIineJ6wuKS1buiTDlLGiSPAXhaJRB\naplbJLGjtBXSGiAuxHEb2l/G/kIa71R7Vc7h2fYzAXFbPhApllEof43cZVtM\n9kN1m2bshbAG2boD51jb9P4C9H73ICJXGDAUVvScgYAIs4YnCVFIPdmU6dP+\nd4yZTM9bxuezUI2sj6cpWcq8H9+skZjRY+J2vKH/twAaWcnxLUxKfLuUAWNy\nH63iRIAhaWfl3k6dhPbYFnsxrrch99NuMTAEyE5vykiCMg8WlCmittteGyIq\nfOs9eFaoNRkf4Qh5IrOUoPhXO/8Jw7eY3aK2bQvGuutlfxOYsFJWjK3qT7RQ\nAeyv639jDn1W3vvOlFX5+Xx8R5IZLVdElAe39y6rgw27pMZT+IJew/j5EF2j\nsinxUvARi98wW+NP8WXV5CMFXh2JnmxfTLvdsWHJlB/XyktIiJE4KaHlNIaV\nxLdKmarS3hS31DQmpB2LDGPp8QFyV9kY0gvE282A1Fs0w01pByKDcMmvr3pD\nHh40DfYt4ZTJGnLP69IKt3328KEeMlHqns22zZuAidMus1o6k4YkF1WNpZn2\nSdXVG0hcdnvRC4qKdVv+TBFuPSy68cdwPeHs612hcezoHi2pbTkM2YKDJ75m\nvqaBzdpSDcuKVovuwBt3/guHoLD2ipRM0EfZ208aKiuOuYXwGD3PPm5WKUvd\nBSiZw7p37QY6zYh0/bTN2FumftYWz7mrZL4pFIcd8m/tSlU537+TnCbPm1KT\nWFVFBonxsyhHnZC4X0YQQTZ0V9TKCGWdVUgRxZwwQ/0acxFe1j1bqVnDBxR6\nH98xnEPvEh6bHpHujwcdCKTN4AbIJcFVKuCyvl/OtzMBjUXVKOAZcRS42TvY\nkhzQXiOOKqoE29aNDtQ/VRC8s1aN6L6xCorlCcBBurMcmDdJy+r4YUrNqmEA\nZQwFecRXxwzguk6GR3m8RzY1iDRSqm+yCMqjWKx6eycV91izjXbueT45g3Hn\nSqw2cw6rowGZUEcP3vRdHyxsJSEG2kPvU9JLzgkCwUovtlbdHee2JkV9TdkF\nzEMxjA9B5mxPp5lMFj8jhHhzDmZRxpW/EUBZCkZh5SVbGeg6qTFKRS6zZPYC\nkfv0XICx154cOj0TsW4QHxTHLOV9r93HIPihZDHg2udN7JhYfwsO4RbwDQEv\nxumaM3NTGrXOBxV2vtYSoGSQOmCd8X+gXKxKtTeaV4rCm2aIGVsdfeYQTNSD\nrBxetCJdGB0DrEAr/9bJ5RS2CB9JmEa4ktMHEFTmvTqhWu4Ye2TJBC+H/yqP\nNrYQ4+5lYnZ4BuvxKBvhbH52UURqG27NwQXmFd/h3NlI5GVi5tveRO1+3F1j\ncMTgj49UCB2SNndcJDkK9z7kSBdnmtNo3m3/K9wucw9NxH7sM0yrgeQupbrU\nlgsobzoGluvBijJlp6A7qy4AoOsDGoo4gevK23CR8XN+droGY2RGWThWGuPZ\np7hsG/0f6ICQmU8ARsj/Civ9EbGe/2ZnlHafBtRhmfpZp2/Y7UxX6pmcNARB\nj8Gmr9DWiUXKUBtIkiBSTr7keRF8GuaXSc4pz1phKuAhngy7rYuMhqQr7Sw0\nJCk7cwdvZdq/erjtIh/AHJOPboUCalsLfTdMJguuocUuQr+SEg==\n",
|
||||
"iv": "3uagVTqoXUcWvs9W\n",
|
||||
"auth_tag": "s3wlsnLRHCI2NjC6/ZwbiQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"passphrase": {
|
||||
"encrypted_data": "wzSJQ+VfZuXmqrL3xW/LxiUvF/B6EYHAQtmhrJjt2oMT1G2OEgp5\n",
|
||||
"iv": "BqTyfQwKKCTOn3q3\n",
|
||||
"auth_tag": "sh1e8UuQSrq1o5G0O5fXCA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"repository": {
|
||||
"encrypted_data": "Ezc5YMp0VM82dlq0+ikk2xZeqNHi+XETlsc2cDlFG/NxY408JO3ErPDEa9d9\nzud+jcCt/01GKqPdslGhP3jsUUb/f3kWMkTWqGkyWXV1121E0uHwyrva62NT\n5A==\n",
|
||||
"iv": "QtNBUjJ5NrQS0JD7\n",
|
||||
"auth_tag": "ZQImzlvHWwX1OsxMZK1jGA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
}
|
|
@ -12,12 +12,14 @@
|
|||
"hostname": "akkounts-1",
|
||||
"ipaddress": "192.168.122.160",
|
||||
"roles": [
|
||||
"kvm_guest",
|
||||
"akkounts",
|
||||
"postgresql_client"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos_postgresql::hostsfile",
|
||||
"kosmos-akkounts",
|
||||
"kosmos-akkounts::default",
|
||||
|
@ -77,6 +79,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[akkounts]"
|
||||
]
|
||||
}
|
|
@ -12,12 +12,14 @@
|
|||
"hostname": "bitcoin-2",
|
||||
"ipaddress": "192.168.122.148",
|
||||
"roles": [
|
||||
"kvm_guest",
|
||||
"btcpay",
|
||||
"postgresql_client"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"tor-full",
|
||||
"tor-full::default",
|
||||
"kosmos-bitcoin::source",
|
||||
|
@ -94,6 +96,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"recipe[tor-full]",
|
||||
"recipe[kosmos-bitcoin::source]",
|
||||
"recipe[kosmos-bitcoin::c-lightning]",
|
||||
|
|
|
@ -12,13 +12,16 @@
|
|||
"hostname": "discourse-2",
|
||||
"ipaddress": "192.168.122.104",
|
||||
"roles": [
|
||||
"discourse"
|
||||
"kosmos_discourse",
|
||||
"kvm_guest"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos-dirsrv::hostsfile",
|
||||
"kosmos_discourse",
|
||||
"kosmos_discourse::default",
|
||||
"kosmos_kvm::guest",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
@ -33,7 +36,7 @@
|
|||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default",
|
||||
"kosmos-dirsrv::hostsfile",
|
||||
"discourse::default",
|
||||
"firewall::default",
|
||||
"chef-sugar::default"
|
||||
],
|
||||
|
@ -54,6 +57,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[kosmos_discourse]"
|
||||
]
|
||||
}
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.167"
|
||||
},
|
||||
"kosmos_kvm": {
|
||||
"backup": {
|
||||
"schedule": "0/3:45"
|
||||
}
|
||||
}
|
||||
},
|
||||
"automatic": {
|
||||
|
@ -10,7 +15,7 @@
|
|||
"os": "linux",
|
||||
"os_version": "5.4.0-54-generic",
|
||||
"hostname": "draco",
|
||||
"ipaddress": "148.251.237.73",
|
||||
"ipaddress": "148.251.237.111",
|
||||
"roles": [
|
||||
|
||||
],
|
||||
|
@ -20,6 +25,7 @@
|
|||
"kosmos_encfs",
|
||||
"kosmos_encfs::default",
|
||||
"kosmos_kvm::host",
|
||||
"kosmos_kvm::backup",
|
||||
"kosmos-ejabberd::firewall",
|
||||
"kosmos-ipfs::firewall_swarm",
|
||||
"kosmos-ipfs::firewall_public_gateway",
|
||||
|
@ -49,12 +55,12 @@
|
|||
"cloud": null,
|
||||
"chef_packages": {
|
||||
"ohai": {
|
||||
"version": "15.9.1",
|
||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.9.1/lib/ohai"
|
||||
"version": "15.12.0",
|
||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
|
||||
},
|
||||
"chef": {
|
||||
"version": "15.11.8",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.11.8/lib"
|
||||
"version": "15.17.4",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.17.4/lib"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
@ -62,6 +68,7 @@
|
|||
"recipe[kosmos-base]",
|
||||
"recipe[kosmos_encfs]",
|
||||
"recipe[kosmos_kvm::host]",
|
||||
"recipe[kosmos_kvm::backup]",
|
||||
"recipe[kosmos-ejabberd::firewall]",
|
||||
"recipe[kosmos-ipfs::firewall_swarm]",
|
||||
"recipe[kosmos-ipfs::firewall_public_gateway]",
|
||||
|
|
|
@ -13,7 +13,8 @@
|
|||
"ipaddress": "192.168.122.200",
|
||||
"roles": [
|
||||
"drone",
|
||||
"postgresql_client"
|
||||
"postgresql_client",
|
||||
"kvm_guest"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
|
@ -21,6 +22,7 @@
|
|||
"kosmos_postgresql::hostsfile",
|
||||
"kosmos_drone",
|
||||
"kosmos_drone::default",
|
||||
"kosmos_kvm::guest",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
@ -53,6 +55,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[drone]"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,16 +8,18 @@
|
|||
"automatic": {
|
||||
"fqdn": "ejabberd-4",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1051-kvm",
|
||||
"os_version": "5.4.0-1073-kvm",
|
||||
"hostname": "ejabberd-4",
|
||||
"ipaddress": "192.168.122.39",
|
||||
"roles": [
|
||||
"kvm_guest",
|
||||
"ejabberd",
|
||||
"postgresql_client"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos_postgresql::hostsfile",
|
||||
"kosmos-ejabberd::letsencrypt",
|
||||
"kosmos-ejabberd",
|
||||
|
@ -58,6 +60,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[ejabberd]"
|
||||
]
|
||||
}
|
|
@ -58,6 +58,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[ejabberd]"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.147"
|
||||
},
|
||||
"kosmos_kvm": {
|
||||
"backup": {
|
||||
"schedule": "0/3:00"
|
||||
}
|
||||
}
|
||||
},
|
||||
"automatic": {
|
||||
|
@ -19,6 +24,7 @@
|
|||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::host",
|
||||
"kosmos_kvm::backup",
|
||||
"kosmos_assets::nginx_site",
|
||||
"kosmos_discourse::nginx",
|
||||
"kosmos_drone::nginx",
|
||||
|
@ -69,14 +75,15 @@
|
|||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
|
||||
},
|
||||
"chef": {
|
||||
"version": "15.14.0",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib"
|
||||
"version": "15.17.4",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.17.4/lib"
|
||||
}
|
||||
}
|
||||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"recipe[kosmos_kvm::host]",
|
||||
"recipe[kosmos_kvm::backup]",
|
||||
"role[nginx_proxy]",
|
||||
"role[zerotier_controller]"
|
||||
]
|
||||
|
|
|
@ -13,7 +13,8 @@
|
|||
"ipaddress": "192.168.122.189",
|
||||
"roles": [
|
||||
"gitea",
|
||||
"postgresql_client"
|
||||
"postgresql_client",
|
||||
"kvm_guest"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
|
@ -22,6 +23,7 @@
|
|||
"kosmos_gitea",
|
||||
"kosmos_gitea::default",
|
||||
"kosmos_gitea::backup",
|
||||
"kosmos_kvm::guest",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
@ -57,6 +59,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[gitea]"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,15 +8,16 @@
|
|||
"automatic": {
|
||||
"fqdn": "ipfs-1",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-54-generic",
|
||||
"os_version": "5.4.0-110-generic",
|
||||
"hostname": "ipfs-1",
|
||||
"ipaddress": "192.168.122.195",
|
||||
"roles": [
|
||||
|
||||
"kvm_guest"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos-ipfs",
|
||||
"kosmos-ipfs::default",
|
||||
"kosmos-ipfs::public_gateway",
|
||||
|
@ -72,6 +73,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"recipe[kosmos-ipfs]",
|
||||
"recipe[kosmos-ipfs::public_gateway]"
|
||||
]
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
{
|
||||
"name": "jitsi-meet-1",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.20"
|
||||
}
|
||||
},
|
||||
"automatic": {
|
||||
"fqdn": "jitsi-meet-1",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1073-kvm",
|
||||
"hostname": "jitsi-meet-1",
|
||||
"ipaddress": "192.168.122.188",
|
||||
"roles": [
|
||||
"kvm_guest"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
"ntp::default",
|
||||
"ntp::apparmor",
|
||||
"kosmos-base::systemd_emails",
|
||||
"apt::unattended-upgrades",
|
||||
"kosmos-base::firewall",
|
||||
"kosmos-postfix::default",
|
||||
"postfix::default",
|
||||
"postfix::_common",
|
||||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
"cloud": null,
|
||||
"chef_packages": {
|
||||
"chef": {
|
||||
"version": "17.10.3",
|
||||
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.10.3/lib",
|
||||
"chef_effortless": null
|
||||
},
|
||||
"ohai": {
|
||||
"version": "17.9.0",
|
||||
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
|
||||
}
|
||||
}
|
||||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]"
|
||||
]
|
||||
}
|
|
@ -8,12 +8,13 @@
|
|||
"automatic": {
|
||||
"fqdn": "mastodon-3",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1058-kvm",
|
||||
"os_version": "5.4.0-1071-kvm",
|
||||
"hostname": "mastodon-3",
|
||||
"ipaddress": "192.168.122.161",
|
||||
"roles": [
|
||||
"mastodon",
|
||||
"postgresql_client"
|
||||
"postgresql_client",
|
||||
"kvm_guest"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
|
@ -22,6 +23,7 @@
|
|||
"kosmos-mastodon",
|
||||
"kosmos-mastodon::default",
|
||||
"kosmos-mastodon::nginx",
|
||||
"kosmos_kvm::guest",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
@ -65,7 +67,6 @@
|
|||
"nginx::commons_conf",
|
||||
"kosmos-nginx::firewall",
|
||||
"tor-full::default",
|
||||
"poise-git::default",
|
||||
"git::default",
|
||||
"git::package",
|
||||
"kosmos-base::letsencrypt"
|
||||
|
@ -86,6 +87,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[mastodon]"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -12,12 +12,14 @@
|
|||
"hostname": "nodejs-4",
|
||||
"ipaddress": "192.168.122.106",
|
||||
"roles": [
|
||||
"kvm_guest",
|
||||
"kredits_github",
|
||||
"sockethub"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos-hubot::botka_irc-libera-chat",
|
||||
"kredits-github",
|
||||
"kredits-github::default",
|
||||
|
@ -81,6 +83,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"recipe[kosmos-hubot::botka_irc-libera-chat]",
|
||||
"role[kredits_github]",
|
||||
"role[sockethub]"
|
||||
|
|
|
@ -12,11 +12,13 @@
|
|||
"hostname": "postgres-2",
|
||||
"ipaddress": "192.168.122.244",
|
||||
"roles": [
|
||||
"kvm_guest",
|
||||
"postgresql_primary"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos_postgresql::primary",
|
||||
"kosmos_postgresql::firewall",
|
||||
"kosmos_gitea::pg_db",
|
||||
|
@ -52,6 +54,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[postgresql_primary]"
|
||||
]
|
||||
}
|
|
@ -12,11 +12,13 @@
|
|||
"hostname": "postgres-4",
|
||||
"ipaddress": "192.168.122.3",
|
||||
"roles": [
|
||||
"kvm_guest",
|
||||
"postgresql_replica"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos_postgresql::hostsfile",
|
||||
"kosmos_postgresql::replica",
|
||||
"kosmos_postgresql::firewall",
|
||||
|
@ -52,6 +54,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[postgresql_replica]"
|
||||
]
|
||||
}
|
|
@ -8,17 +8,19 @@
|
|||
"automatic": {
|
||||
"fqdn": "rs-discourse-1",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1073-kvm",
|
||||
"os_version": "5.4.0-1076-kvm",
|
||||
"hostname": "rs-discourse-1",
|
||||
"ipaddress": "192.168.122.30",
|
||||
"roles": [
|
||||
"remotestorage_discourse"
|
||||
"remotestorage_discourse",
|
||||
"kvm_guest"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"remotestorage_discourse",
|
||||
"remotestorage_discourse::default",
|
||||
"kosmos_kvm::guest",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
@ -54,6 +56,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[remotestorage_discourse]"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,17 +8,19 @@
|
|||
"automatic": {
|
||||
"fqdn": "rsk-mainnet-2",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1058-kvm",
|
||||
"os_version": "5.4.0-1075-kvm",
|
||||
"hostname": "rsk-mainnet-2",
|
||||
"ipaddress": "192.168.122.208",
|
||||
"roles": [
|
||||
"rskj_mainnet"
|
||||
"rskj_mainnet",
|
||||
"kvm_guest"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_rsk::rskj",
|
||||
"kosmos_rsk::nginx",
|
||||
"kosmos_kvm::guest",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
@ -65,6 +67,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[rskj_mainnet]"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,17 +8,19 @@
|
|||
"automatic": {
|
||||
"fqdn": "rsk-testnet-3",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1058-kvm",
|
||||
"os_version": "5.4.0-1075-kvm",
|
||||
"hostname": "rsk-testnet-3",
|
||||
"ipaddress": "192.168.122.231",
|
||||
"roles": [
|
||||
"rskj_testnet"
|
||||
"rskj_testnet",
|
||||
"kvm_guest"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_rsk::rskj",
|
||||
"kosmos_rsk::nginx",
|
||||
"kosmos_kvm::guest",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
@ -65,6 +67,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"role[rskj_testnet]"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,15 +8,16 @@
|
|||
"automatic": {
|
||||
"fqdn": "uploads-1",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-54-generic",
|
||||
"os_version": "5.4.0-128-generic",
|
||||
"hostname": "uploads-1",
|
||||
"ipaddress": "192.168.122.230",
|
||||
"roles": [
|
||||
|
||||
"kvm_guest"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos-ejabberd::upload_service",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
|
@ -60,6 +61,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"recipe[kosmos-ejabberd::upload_service]"
|
||||
]
|
||||
}
|
|
@ -12,11 +12,12 @@
|
|||
"hostname": "wiki-1",
|
||||
"ipaddress": "192.168.122.26",
|
||||
"roles": [
|
||||
|
||||
"kvm_guest"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos-mediawiki",
|
||||
"kosmos-mediawiki::default",
|
||||
"apt::default",
|
||||
|
@ -74,6 +75,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[kvm_guest]",
|
||||
"recipe[kosmos-mediawiki]"
|
||||
]
|
||||
}
|
|
@ -48,9 +48,13 @@ node.default['lnd']['public_ip'] = '148.251.237.111'
|
|||
node.default['lnd']['public_port'] = '9735'
|
||||
node.default['lnd']['port'] = '9736'
|
||||
node.default['lnd']['minchansize'] = '1000000'
|
||||
node.default['lnd']['basefee'] = '1000'
|
||||
node.default['lnd']['feerate'] = '50'
|
||||
node.default['lnd']['basefee'] = '100'
|
||||
node.default['lnd']['feerate'] = '10'
|
||||
node.default['lnd']['auto_unlock'] = true # requires credentials/lnd data bag item
|
||||
node.default['lnd']['tor'] = {
|
||||
'streamisolation' => 'false',
|
||||
'skip-proxy-for-clearnet-targets' => 'true'
|
||||
}
|
||||
|
||||
node.default['boltz']['repo'] = 'https://github.com/BoltzExchange/boltz-lnd.git'
|
||||
node.default['boltz']['revision'] = 'v1.2.6'
|
||||
|
|
|
@ -61,6 +61,7 @@ template "#{lnd_dir}/lnd.conf" do
|
|||
lnd_basefee: node['lnd']['basefee'],
|
||||
lnd_feerate: node['lnd']['feerate'],
|
||||
lnd_dir: lnd_dir,
|
||||
lnd_tor: node['lnd']['tor'],
|
||||
auto_unlock: node['lnd']['auto_unlock'],
|
||||
tor_enabled: node['bitcoin']['tor_enabled'],
|
||||
bitcoin_datadir: node['bitcoin']['datadir'],
|
||||
|
|
|
@ -30,6 +30,6 @@ bitcoind.zmqpubrawtx=<%= @bitcoin_zmqpubrawtx %>
|
|||
[tor]
|
||||
tor.active=true
|
||||
tor.v3=true
|
||||
tor.streamisolation=false
|
||||
tor.skip-proxy-for-clearnet-targets=true
|
||||
tor.streamisolation=<%= @lnd_tor['streamisolation'] %>
|
||||
tor.skip-proxy-for-clearnet-targets=<%= @lnd_tor['skip-proxy-for-clearnet-targets'] %>
|
||||
<% end %>
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
node.normal['ipfs']['version'] = "0.16.0"
|
||||
node.normal['ipfs']['checksum'] = "40f7fc4f987fb548ccac0f27cdb2b8a9beacd67dfff9367e315dc0a7ced7115c"
|
||||
|
||||
node.default['kosmos-ipfs']['ipfs']['config'] = {
|
||||
# The default gateway is already used by kosmos' hubot (8080)
|
||||
"Addresses.Gateway" => "/ip4/127.0.0.1/tcp/9090",
|
||||
|
@ -6,7 +9,7 @@ node.default['kosmos-ipfs']['ipfs']['config'] = {
|
|||
# usage.
|
||||
'Swarm.DisableBandwidthMetrics' => true,
|
||||
# Disable the p2p-circuit relay transport
|
||||
'Swarm.DisableRelay' => true,
|
||||
'Swarm.Transports.Network.Relay' => false,
|
||||
# Number of connections that, when exceeded, will trigger a connection GC
|
||||
# operation
|
||||
'Swarm.ConnMgr.HighWater' => 40,
|
||||
|
|
|
@ -165,6 +165,8 @@ end
|
|||
|
||||
ruby_block "configuration" do
|
||||
block do
|
||||
# FIXME This is internal Chef API and should not be used from recipes, as
|
||||
# it is unsupported for that
|
||||
file = Chef::Util::FileEdit.new("#{node['mediawiki']['webdir']}/LocalSettings.php")
|
||||
file.search_file_replace_line(%r{\$wgLogo\ =\ \"\$wgResourceBasePath\/resources\/assets\/wiki.png\";},
|
||||
"$wgLogo = \"$wgResourceBasePath/skins/common/images/kosmos.png\";")
|
||||
|
|
|
@ -5,3 +5,6 @@ node.default["kosmos_kvm"]["host"]["qemu_base_image"] = {
|
|||
"checksum" => "6db74917f85146569cb6ae89e1d163ac6d1e488a7f32bc74761ec6d1869c714f",
|
||||
"path" => "/var/lib/libvirt/images/base/ubuntu-20.04-server-cloudimg-amd64-disk-kvm-#{ubuntu_server_cloud_image_release}.qcow2"
|
||||
}
|
||||
|
||||
# A systemd.timer OnCalendar config value
|
||||
node.default["kosmos_kvm"]["backup"]["schedule"] = "daily"
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
#!/bin/bash
|
||||
# GENERATED BY CHEF
|
||||
# DO NOT EDIT
|
||||
set -e
|
||||
|
||||
REPOSITORY=$BORG_REPO
|
||||
|
||||
echo "Starting backup of VM: $1"
|
||||
|
||||
echo "Dumping domain XML to /root/backups/vm_meta/$1.xml"
|
||||
virsh dumpxml --migratable $1 > /root/backups/vm_meta/$1.xml
|
||||
|
||||
virsh snapshot-create-as --domain $1 \
|
||||
--name hotswap.qcow2 \
|
||||
--no-metadata \
|
||||
--atomic \
|
||||
--quiesce \
|
||||
--disk-only \
|
||||
--diskspec vda,snapshot=external
|
||||
|
||||
borg create -v $REPOSITORY::$1_$(date +%F_%H-%M) \
|
||||
/var/lib/libvirt/images/$1.qcow2 \
|
||||
/root/backups/vm_meta/$1.xml
|
||||
|
||||
echo "Pivoting base image back to original"
|
||||
virsh blockcommit $1 vda --pivot --base=/var/lib/libvirt/images/$1.qcow2
|
||||
|
||||
echo "Removing snapshot image"
|
||||
rm /var/lib/libvirt/images/$1.hotswap.qcow2
|
|
@ -0,0 +1,92 @@
|
|||
#
|
||||
# Cookbook:: kosmos_kvm
|
||||
# Recipe:: backup
|
||||
#
|
||||
|
||||
apt_package "borgbackup"
|
||||
|
||||
borg_credentials = data_bag_item("credentials", "borg")
|
||||
|
||||
file "/root/.ssh/borg_rsa" do
|
||||
content borg_credentials["ssh_key"]
|
||||
mode '0600'
|
||||
end
|
||||
|
||||
file "/root/.borg_credentials.env" do
|
||||
content <<-EOF
|
||||
BORG_RSH='ssh -i /root/.ssh/borg_rsa'
|
||||
BORG_PASSPHRASE=#{borg_credentials["passphrase"]}
|
||||
BORG_REPO='#{borg_credentials["repository"]}'
|
||||
EOF
|
||||
end
|
||||
|
||||
bash "Load borg credentials in console sessions" do
|
||||
code <<-EOF
|
||||
cat >>/root/.bashrc <<EOL
|
||||
|
||||
# GENERATED BY CHEF
|
||||
set -o allexport
|
||||
source ~/.borg_credentials.env
|
||||
set +o allexport
|
||||
EOF
|
||||
not_if "grep -q borg_credentials /root/.bashrc"
|
||||
end
|
||||
|
||||
directory "/root/backups" do
|
||||
mode "0750"
|
||||
end
|
||||
|
||||
directory "/root/backups/vm_meta" do
|
||||
mode "0750"
|
||||
end
|
||||
|
||||
cookbook_file "/root/backups/backup_vm.sh" do
|
||||
source "backup_vm.sh"
|
||||
mode "0750"
|
||||
end
|
||||
|
||||
# Search all guests and filter by presence on current host
|
||||
vm_domains = search(:node, "role:kvm_guest").map{|n| n["hostname"] } \
|
||||
& `virsh list --name`.strip.chomp.split("\n")
|
||||
|
||||
template "/root/backups/backup_all_vms.sh" do
|
||||
source "backup_all_vms.sh.erb"
|
||||
mode '0750'
|
||||
variables vm_domains: vm_domains
|
||||
end
|
||||
|
||||
systemd_unit "backup-libvirt-guests.service" do
|
||||
content({
|
||||
Unit: {
|
||||
Description: "Back up libvirt guest images and metadata",
|
||||
Wants: "network.target"
|
||||
},
|
||||
Service: {
|
||||
Type: "oneshot",
|
||||
EnvironmentFile: "/root/.borg_credentials.env",
|
||||
ExecStart: "/root/backups/backup_all_vms.sh",
|
||||
SyslogIdentifier: "backup-libvirt-guests",
|
||||
Restart: "no"
|
||||
}
|
||||
})
|
||||
verify false
|
||||
triggers_reload true
|
||||
action [:create]
|
||||
end
|
||||
|
||||
systemd_unit "backup-libvirt-guests.timer" do
|
||||
content({
|
||||
Unit: {
|
||||
Description: "Back up libvirt guest images and metadata",
|
||||
},
|
||||
Timer: {
|
||||
OnCalendar: node["kosmos_kvm"]["backup"]["schedule"]
|
||||
},
|
||||
Install: {
|
||||
WantedBy: "timers.target"
|
||||
}
|
||||
})
|
||||
verify false
|
||||
triggers_reload true
|
||||
action [:create, :enable, :start]
|
||||
end
|
|
@ -32,3 +32,18 @@ firewall_rule 'ssh-alt-port' do
|
|||
protocol :tcp
|
||||
command :allow
|
||||
end
|
||||
|
||||
%w{
|
||||
10.0.0.0/8
|
||||
172.16.0.0/12
|
||||
192.168.0.0/16
|
||||
100.64.0.0/10
|
||||
}.each do |ip|
|
||||
firewall_rule "unauthorized-private-network-#{ip}" do
|
||||
interface "enp35s0"
|
||||
destination ip
|
||||
direction :out
|
||||
protocol :none
|
||||
command :deny
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/bash
|
||||
# GENERATED BY CHEF
|
||||
# DO NOT EDIT
|
||||
set -e
|
||||
|
||||
echo "Backing up all VMs with kvm_guest chef role..."
|
||||
|
||||
for domain in <%= @vm_domains.join(" ") %>
|
||||
do
|
||||
/root/backups/backup_vm.sh $domain
|
||||
done
|
|
@ -86,6 +86,6 @@ virt-install \
|
|||
--graphics none \
|
||||
--serial pty \
|
||||
--console pty \
|
||||
--channel unix,mode=bind,path=/var/lib/libvirt/qemu/guest01.agent,target_type=virtio,name=org.qemu.guest_agent.0 \
|
||||
--channel unix,mode=bind,path=/var/lib/libvirt/qemu/$VMNAME.guest_agent.0,target_type=virtio,name=org.qemu.guest_agent.0 \
|
||||
--autostart \
|
||||
--import
|
||||
|
|
Loading…
Reference in New Issue