Merge branch 'master' into feature/535-liquor_cabinet
This commit is contained in:
commit
b5020efdd5
|
@ -1,37 +1,51 @@
|
|||
{
|
||||
"id": "akkounts",
|
||||
"postgresql_username": {
|
||||
"encrypted_data": "W+Ia820+uYCAED9LRkQ1ZVe//56GRS5u0HrG\n",
|
||||
"iv": "NpuVENC7C5FCjsEz\n",
|
||||
"auth_tag": "KbqVv27nTc4qm7kzRWcjUQ==\n",
|
||||
"encrypted_data": "/Idxzq83imf6o6pbmFAk7bgxg69N7/1KNhgj\n",
|
||||
"iv": "34BrmVmlxzuA7IJG\n",
|
||||
"auth_tag": "VyLpWDshrOd417ZiY3432w==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"postgresql_password": {
|
||||
"encrypted_data": "gPzUikJ3vBhjEzor0ie2341VPLRHNIvGvuD+HBwldw==\n",
|
||||
"iv": "Jsnldm8Bx9IzXMNy\n",
|
||||
"auth_tag": "63YXFGVxHn23X+/11qwTSA==\n",
|
||||
"encrypted_data": "XqEmt+yu7mB6vBOUCT/5AtIptdUamfniz+PrFYCP0A==\n",
|
||||
"iv": "2XdVUHkeeS1LHzMx\n",
|
||||
"auth_tag": "mq0v9ikHD7pxTUrGO+VF9A==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"sentry_dsn": {
|
||||
"encrypted_data": "3aC1Nc+WiJIn+jc4HY4Rb1WAqCqEurbOLXhbah4zSIbVIaNGEKzaoC+IA+qi\nV1jAVxbE0A1w91MrGE6HNa+oMjiTMurYx7JzVBIpCm01rgo=\n",
|
||||
"iv": "SxEbTBYY2Pa5BzAF\n",
|
||||
"auth_tag": "zGkIpM/aeyuNm2F0I3VAcA==\n",
|
||||
"encrypted_data": "u82JsPq5HvQRE2eWIbVp73LdqffyuTTylbURtM7XRJ6AXyKp1WD/iwVhNnL7\n/NKSWR24/u63WJCP4rXpW7293ZRU5UW/W3GwlOjNtbdxcaQ=\n",
|
||||
"iv": "0GIV8v92dh4+Ma/Z\n",
|
||||
"auth_tag": "XbuxPIZ5VxuMjw/f+usCgA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"rails_master_key": {
|
||||
"encrypted_data": "cWOeQYNzOjgDNi7ZpkMC/jN7nSPyODYRhA6EIhhihzPxkEDt+/4HGNAhLHGK\nlJiQeRD/\n",
|
||||
"iv": "Svsvx9gsO9OQs9RV\n",
|
||||
"auth_tag": "mXVNNo13F6FddhWnri1yHQ==\n",
|
||||
"encrypted_data": "31N79um4TTD0tuDurrZVztoSv0sxZ70paV7AhD8P4+lX8kUkfhiugCbdhst0\n12YP5v/8\n",
|
||||
"iv": "l4qanaerdou8AApw\n",
|
||||
"auth_tag": "yvkcM4on1EMm1LhmmZ+O+g==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"discourse_connect_secret": {
|
||||
"encrypted_data": "BQcE5fUkiqJyuOR1dR9vNyxWzgWGX1Wl1WINJDGJ1sJiajrgAspPgDt0dX5L\nhxG8CQ==\n",
|
||||
"iv": "UKpt0F1FODuosQ9u\n",
|
||||
"auth_tag": "MLgv0jR9MhWGmQNUkA8GUQ==\n",
|
||||
"encrypted_data": "Ebs8KVEA0r4nFxYNjxxZFUWndxwoKes/9ihEgqgKLN76t6yzCUONeJZBMl0G\nXLdI8A==\n",
|
||||
"iv": "ob8KBWeoHXFlZ7Nk\n",
|
||||
"auth_tag": "motppQbVEhg6qyKRYpqctA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"lndhub_admin_token": {
|
||||
"encrypted_data": "I2hSF6X9L3OWbet5QWzrCyA3XyGFhFBgHh/uFr5dQ3RB\n",
|
||||
"iv": "Kr8u2j5napFSamYc\n",
|
||||
"auth_tag": "t93UNWomf+6WaZF7VVzTeQ==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"btcpay_auth_token": {
|
||||
"encrypted_data": "0qesJ5KMvU2DlKdz7lExJWq0X9XYjpsqw61kLXWw4UNYwpNxPyFJSjbR9yKh\ntu0zMdtMB9Vur9izWBY=\n",
|
||||
"iv": "gw2oAyeF2Kuvb3Em\n",
|
||||
"auth_tag": "zMtos/E3e3XXeTlAY7o0lg==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
|
|
|
@ -2,6 +2,9 @@
|
|||
"name": "production",
|
||||
"override_attributes": {
|
||||
"akkounts": {
|
||||
"btcpay": {
|
||||
"store_id": "FNJVVsrVkKaduPDAkRVchdegjwzsNhpceAdonCaXAwBX"
|
||||
},
|
||||
"ejabberd": {
|
||||
"admin_url": "https://xmpp.kosmos.org:5443/admin"
|
||||
},
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{
|
||||
"name": "redis-1",
|
||||
"chef_environment": "production",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.225"
|
||||
|
@ -8,7 +9,7 @@
|
|||
"automatic": {
|
||||
"fqdn": "redis-1",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1090-kvm",
|
||||
"os_version": "5.4.0-1104-kvm",
|
||||
"hostname": "redis-1",
|
||||
"ipaddress": "192.168.122.83",
|
||||
"roles": [
|
||||
|
@ -22,6 +23,8 @@
|
|||
"kosmos_kvm::guest",
|
||||
"kosmos_redis",
|
||||
"kosmos_redis::default",
|
||||
"kosmos_redis::firewall",
|
||||
"kosmos_redis::backup",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
@ -43,7 +46,6 @@
|
|||
"redisio::disable_os_default",
|
||||
"redisio::configure",
|
||||
"redisio::enable",
|
||||
"kosmos_redis::firewall",
|
||||
"backup::default",
|
||||
"logrotate::default"
|
||||
],
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{
|
||||
"name": "redis-2",
|
||||
"chef_environment": "production",
|
||||
"normal": {
|
||||
"knife_zero": {
|
||||
"host": "10.1.1.208"
|
||||
|
@ -8,17 +9,20 @@
|
|||
"automatic": {
|
||||
"fqdn": "redis-2",
|
||||
"os": "linux",
|
||||
"os_version": "5.4.0-1090-kvm",
|
||||
"os_version": "5.4.0-1104-kvm",
|
||||
"hostname": "redis-2",
|
||||
"ipaddress": "192.168.122.98",
|
||||
"roles": [
|
||||
"base",
|
||||
"kvm_guest"
|
||||
"kvm_guest",
|
||||
"redis_replica"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos_redis::replica",
|
||||
"kosmos_redis::firewall",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
@ -32,7 +36,14 @@
|
|||
"postfix::_common",
|
||||
"postfix::_attributes",
|
||||
"postfix::sasl_auth",
|
||||
"hostname::default"
|
||||
"hostname::default",
|
||||
"redisio::default",
|
||||
"redisio::_install_prereqs",
|
||||
"redisio::install",
|
||||
"redisio::ulimit",
|
||||
"redisio::disable_os_default",
|
||||
"redisio::configure",
|
||||
"redisio::enable"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
|
@ -51,6 +62,7 @@
|
|||
},
|
||||
"run_list": [
|
||||
"role[base]",
|
||||
"role[kvm_guest]"
|
||||
"role[kvm_guest]",
|
||||
"role[redis_replica]"
|
||||
]
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
name "redis_replica"
|
||||
|
||||
run_list %w(
|
||||
kosmos_redis::replica
|
||||
kosmos_redis::firewall
|
||||
)
|
||||
|
||||
default_attributes({
|
||||
'redisio' => {
|
||||
'default_settings' => {
|
||||
'slaveservestaledata' => 'yes',
|
||||
'slavereadonly' => 'yes'
|
||||
}
|
||||
}
|
||||
})
|
|
@ -7,6 +7,7 @@ default_run_list = %w(
|
|||
production_run_list = %w(
|
||||
kosmos_redis::default
|
||||
kosmos_redis::firewall
|
||||
kosmos_redis::backup
|
||||
)
|
||||
|
||||
env_run_lists(
|
||||
|
@ -14,5 +15,3 @@ env_run_lists(
|
|||
'development' => default_run_list,
|
||||
'production' => production_run_list
|
||||
)
|
||||
|
||||
default_attributes({})
|
||||
|
|
|
@ -11,6 +11,8 @@ node.default['akkounts']['smtp']['domain'] = 'kosmos.org'
|
|||
node.default['akkounts']['smtp']['auth_method'] = 'plain'
|
||||
node.default['akkounts']['smtp']['enable_starttls'] = 'auto'
|
||||
|
||||
node.default['akkounts']['btcpay']['store_id'] = nil
|
||||
|
||||
node.default['akkounts']['ejabberd']['admin_url'] = nil
|
||||
|
||||
node.default['akkounts']['lndhub']['api_url'] = nil
|
||||
|
|
|
@ -20,6 +20,7 @@ user deploy_user do
|
|||
end
|
||||
|
||||
package "libpq-dev"
|
||||
package "libvips"
|
||||
|
||||
include_recipe 'redisio::default'
|
||||
include_recipe 'redisio::enable'
|
||||
|
@ -70,6 +71,8 @@ end
|
|||
|
||||
if btcpay_host
|
||||
env[:btcpay_api_url] = "http://#{btcpay_host}:23001/api/v1"
|
||||
env[:btcpay_store_id] = node['akkounts']['btcpay']['store_id']
|
||||
env[:btcpay_auth_token] = credentials["btcpay_auth_token"]
|
||||
end
|
||||
|
||||
env[:discourse_public_url] = "https://#{node['discourse']['domain']}"
|
||||
|
@ -104,6 +107,7 @@ if lndhub_host
|
|||
node.override["akkounts"]["lndhub"]["api_url"] = "http://#{lndhub_host}:3026"
|
||||
env[:lndhub_legacy_api_url] = node["akkounts"]["lndhub"]["api_url"]
|
||||
env[:lndhub_api_url] = node["akkounts"]["lndhub"]["api_url"]
|
||||
env[:lndhub_admin_token] = credentials["lndhub_admin_token"]
|
||||
env[:lndhub_public_url] = node["akkounts"]["lndhub"]["public_url"]
|
||||
env[:lndhub_public_key] = node["akkounts"]["lndhub"]["public_key"]
|
||||
if postgres_readonly_host
|
||||
|
|
|
@ -18,7 +18,7 @@ server {
|
|||
access_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.access.log json;
|
||||
error_log <%= node[:openresty][:log_dir] %>/<%= @domain %>.error.log warn;
|
||||
|
||||
location /kredits/ {
|
||||
location / {
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
|
||||
|
@ -31,6 +31,6 @@ server {
|
|||
proxy_buffers 1024 8k;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
proxy_pass http://_akkounts_api/api/kredits/;
|
||||
proxy_pass http://_akkounts_api/api/;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
#
|
||||
# Cookbook Name:: kosmos_redis
|
||||
# Recipe:: backup
|
||||
#
|
||||
|
||||
databases = node['redisio']['servers'].map do |server, _|
|
||||
"dump-#{server['port']}"
|
||||
end
|
||||
node.override["backup"]["redis"]["databases"] = databases
|
||||
|
||||
include_recipe "backup"
|
|
@ -3,16 +3,10 @@
|
|||
# Recipe:: default
|
||||
#
|
||||
|
||||
node.normal['redisio']['servers'] = [{
|
||||
'port' => '6379',
|
||||
'protected_mode' => 'no'
|
||||
}]
|
||||
|
||||
include_recipe 'redisio::default'
|
||||
include_recipe 'redisio::enable'
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
include_recipe "kosmos_redis::firewall"
|
||||
|
||||
# Backup the databases to S3
|
||||
databases = node['redisio']['servers'].map do |server, _|
|
||||
"dump-#{server['port']}"
|
||||
end
|
||||
node.override["backup"]["redis"]["databases"] = databases
|
||||
include_recipe "backup"
|
||||
end
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
#
|
||||
# Cookbook Name:: kosmos_redis
|
||||
# Recipe:: replica
|
||||
#
|
||||
|
||||
primary_host = search(:node, 'role:redis_server').first['knife_zero']['host'] rescue nil
|
||||
|
||||
if primary_host.nil?
|
||||
Chef::Log.warn("No node found with 'redis_server' role. Stopping here.")
|
||||
return
|
||||
end
|
||||
|
||||
node.normal['redisio']['servers'] = [{
|
||||
'port' => '6379',
|
||||
'replicaof' => { 'address' => primary_host, 'port' => '6379' }
|
||||
}]
|
||||
|
||||
include_recipe 'redisio::default'
|
||||
include_recipe 'redisio::enable'
|
Loading…
Reference in New Issue