diff --git a/nodes/rsk-mainnet-1.json b/nodes/rsk-mainnet-1.json index efc92a3..1509a4c 100644 --- a/nodes/rsk-mainnet-1.json +++ b/nodes/rsk-mainnet-1.json @@ -12,12 +12,13 @@ "hostname": "rsk-mainnet-1", "ipaddress": "192.168.122.233", "roles": [ - "rsk_mainnet" + "rskj_mainnet" ], "recipes": [ "kosmos-base", "kosmos-base::default", "kosmos_rsk::rskj", + "kosmos_rsk::nginx", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -32,8 +33,20 @@ "postfix::_attributes", "postfix::sasl_auth", "hostname::default", + "kosmos_rsk::firewall", "firewall::default", - "chef-sugar::default" + "chef-sugar::default", + "kosmos-nginx::default", + "nginx::default", + "nginx::package", + "nginx::ohai_plugin", + "nginx::repo", + "nginx::commons", + "nginx::commons_dir", + "nginx::commons_script", + "nginx::commons_conf", + "kosmos-nginx::firewall", + "kosmos-base::letsencrypt" ], "platform": "ubuntu", "platform_version": "20.04", @@ -52,6 +65,6 @@ }, "run_list": [ "recipe[kosmos-base]", - "role[rsk_mainnet]" + "role[rskj_mainnet]" ] } \ No newline at end of file diff --git a/nodes/rsk-testnet-1.json b/nodes/rsk-testnet-1.json deleted file mode 100644 index dddf579..0000000 --- a/nodes/rsk-testnet-1.json +++ /dev/null @@ -1,53 +0,0 @@ -{ - "name": "rsk-testnet-1", - "normal": { - "knife_zero": { - "host": "10.1.1.136" - } - }, - "automatic": { - "fqdn": "rsk-testnet-1", - "os": "linux", - "os_version": "5.4.0-1026-kvm", - "hostname": "rsk-testnet-1", - "ipaddress": "192.168.122.196", - "roles": [ - - ], - "recipes": [ - "kosmos-base", - "kosmos-base::default", - "apt::default", - "timezone_iii::default", - "timezone_iii::debian", - "ntp::default", - "ntp::apparmor", - "kosmos-base::systemd_emails", - "apt::unattended-upgrades", - "kosmos-base::firewall", - "kosmos-postfix::default", - "postfix::default", - "postfix::_common", - "postfix::_attributes", - "postfix::sasl_auth", - "hostname::default" - ], - "platform": "ubuntu", - "platform_version": "20.04", - "cloud": null, - "chef_packages": { - "ohai": { - "version": "16.13.0", - "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.7.0/gems/ohai-16.13.0/lib/ohai" - }, - "chef": { - "version": "16.13.16", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.7.0/gems/chef-16.13.16/lib", - "chef_effortless": null - } - } - }, - "run_list": [ - "recipe[kosmos-base]" - ] -} \ No newline at end of file diff --git a/nodes/rsk-testnet-2.json b/nodes/rsk-testnet-2.json index 5735317..4258baf 100644 --- a/nodes/rsk-testnet-2.json +++ b/nodes/rsk-testnet-2.json @@ -12,12 +12,13 @@ "hostname": "rsk-testnet-2", "ipaddress": "192.168.122.29", "roles": [ - "rsk_testnet" + "rskj_testnet" ], "recipes": [ "kosmos-base", "kosmos-base::default", "kosmos_rsk::rskj", + "kosmos_rsk::nginx", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -32,8 +33,20 @@ "postfix::_attributes", "postfix::sasl_auth", "hostname::default", + "kosmos_rsk::firewall", "firewall::default", - "chef-sugar::default" + "chef-sugar::default", + "kosmos-nginx::default", + "nginx::default", + "nginx::package", + "nginx::ohai_plugin", + "nginx::repo", + "nginx::commons", + "nginx::commons_dir", + "nginx::commons_script", + "nginx::commons_conf", + "kosmos-nginx::firewall", + "kosmos-base::letsencrypt" ], "platform": "ubuntu", "platform_version": "20.04", @@ -52,6 +65,6 @@ }, "run_list": [ "recipe[kosmos-base]", - "role[rsk_testnet]" + "role[rskj_testnet]" ] } \ No newline at end of file diff --git a/roles/rsk_mainnet.rb b/roles/rsk_mainnet.rb deleted file mode 100644 index cfa58c1..0000000 --- a/roles/rsk_mainnet.rb +++ /dev/null @@ -1,11 +0,0 @@ -name "rsk_mainnet" - -run_list %w( - kosmos_rsk::rskj -) - -override_attributes( - :rskj => { - :network => "mainnet" - } -) diff --git a/roles/rsk_testnet.rb b/roles/rsk_testnet.rb deleted file mode 100644 index 281b45d..0000000 --- a/roles/rsk_testnet.rb +++ /dev/null @@ -1,5 +0,0 @@ -name "rsk_testnet" - -run_list %w( - kosmos_rsk::rskj -) diff --git a/roles/rskj_mainnet.rb b/roles/rskj_mainnet.rb new file mode 100644 index 0000000..0a0d9e1 --- /dev/null +++ b/roles/rskj_mainnet.rb @@ -0,0 +1,19 @@ +name 'rskj_mainnet' + +default_attributes 'rskj' => { + 'network' => 'mainnet', + 'nginx' => { + 'domain' => 'rsk.kosmos.org' + } +} + +default_run_list = %w( + kosmos_rsk::rskj + kosmos_rsk::nginx +) + +env_run_lists( + '_default' => default_run_list, + 'development' => default_run_list, + 'production' => default_run_list +) diff --git a/roles/rskj_testnet.rb b/roles/rskj_testnet.rb new file mode 100644 index 0000000..665f137 --- /dev/null +++ b/roles/rskj_testnet.rb @@ -0,0 +1,19 @@ +name 'rskj_testnet' + +default_attributes 'rskj' => { + 'network' => 'testnet', + 'nginx' => { + 'domain' => 'rsk-testnet.kosmos.org' + } +} + +default_run_list = %w( + kosmos_rsk::rskj + kosmos_rsk::nginx +) + +env_run_lists( + '_default' => default_run_list, + 'development' => default_run_list, + 'production' => default_run_list +) diff --git a/site-cookbooks/kosmos_rsk/CHANGELOG.md b/site-cookbooks/kosmos_rsk/CHANGELOG.md index 8f3ba6e..6c75b43 100644 --- a/site-cookbooks/kosmos_rsk/CHANGELOG.md +++ b/site-cookbooks/kosmos_rsk/CHANGELOG.md @@ -2,6 +2,10 @@ This file is used to list changes made in each version of the kosmos_rsk cookbook. +## 0.2.0 + +Add nginx recipe to configure public API access. + ## 0.1.0 Initial release. diff --git a/site-cookbooks/kosmos_rsk/metadata.rb b/site-cookbooks/kosmos_rsk/metadata.rb index b5cd6c7..23e7d33 100644 --- a/site-cookbooks/kosmos_rsk/metadata.rb +++ b/site-cookbooks/kosmos_rsk/metadata.rb @@ -3,9 +3,10 @@ maintainer 'Kosmos Developers' maintainer_email 'ops@kosmos.org' license 'MIT' description 'Installs/configures RSK and related software' -version '0.1.0' +version '0.2.0' chef_version '>= 15.0' issues_url 'https://gitea.kosmos.org/kosmos/chef/issues' source_url 'https://gitea.kosmos.org/kosmos/chef' depends 'firewall' +depends 'kosmos-nginx' diff --git a/site-cookbooks/kosmos_rsk/recipes/nginx.rb b/site-cookbooks/kosmos_rsk/recipes/nginx.rb new file mode 100644 index 0000000..242d72f --- /dev/null +++ b/site-cookbooks/kosmos_rsk/recipes/nginx.rb @@ -0,0 +1,27 @@ +# +# Cookbook Name:: kosmos_rsk +# Recipe:: nginx +# + +include_recipe "kosmos-nginx" + +app_name = "rskj" +domain = node[app_name]["nginx"]["domain"] + +nginx_certbot_site domain + +template "#{node['nginx']['dir']}/sites-available/#{domain}" do + source "nginx_conf_#{app_name}.erb" + owner 'www-data' + mode 0640 + variables app_name: app_name, + domain: domain, + port: "4444", + ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem" + notifies :reload, 'service[nginx]', :delayed +end + +nginx_site domain do + action :enable +end diff --git a/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb b/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb new file mode 100644 index 0000000..0c18d52 --- /dev/null +++ b/site-cookbooks/kosmos_rsk/templates/nginx_conf_rskj.erb @@ -0,0 +1,22 @@ +# Generated by Chef +<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> +server { + listen 443 ssl http2; + add_header Strict-Transport-Security "max-age=15768000"; + + ssl_certificate <%= @ssl_cert %>; + ssl_certificate_key <%= @ssl_key %>; + + server_name <%= @domain %>; + + access_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.access.log json; + error_log <%= node[:nginx][:log_dir] %>/<%= @domain %>.error.log warn; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_redirect off; + proxy_pass http://localhost:<%= @port %>; + } +} +<% end -%>