From e8f46db49ce50622846da13910833b67a773579b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 18 Feb 2022 18:14:33 +0100 Subject: [PATCH] Extract the nginx config for discourse to a recipe Get the upstream servers automatically from Chef nodes --- .../kosmos_discourse/recipes/default.rb | 40 ------------------- .../kosmos_discourse/recipes/nginx.rb | 32 +++++++++++++++ .../kosmos_discourse/templates/nginx_conf.erb | 4 +- 3 files changed, 35 insertions(+), 41 deletions(-) create mode 100644 site-cookbooks/kosmos_discourse/recipes/nginx.rb diff --git a/site-cookbooks/kosmos_discourse/recipes/default.rb b/site-cookbooks/kosmos_discourse/recipes/default.rb index 5e65960..de204a8 100644 --- a/site-cookbooks/kosmos_discourse/recipes/default.rb +++ b/site-cookbooks/kosmos_discourse/recipes/default.rb @@ -2,30 +2,8 @@ # Cookbook:: kosmos_discourse # Recipe:: default # -# The MIT License (MIT) -# -# Copyright:: 2020, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. package "docker-compose" -domain = "community.kosmos.org" deploy_path = "/opt/discourse" repo = "https://github.com/discourse/discourse_docker" @@ -54,21 +32,3 @@ systemd_unit "discourse.service" do }}) action [:create, :enable] end - -template "#{node['nginx']['dir']}/sites-available/#{domain}" do - source "nginx_conf.erb" - owner 'www-data' - mode 0640 - variables server_name: domain, - ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", - ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem", - upstream_port: 3001 - - notifies :reload, 'service[nginx]', :delayed -end - -nginx_site domain do - action :enable -end - -nginx_certbot_site domain diff --git a/site-cookbooks/kosmos_discourse/recipes/nginx.rb b/site-cookbooks/kosmos_discourse/recipes/nginx.rb new file mode 100644 index 0000000..9621fa6 --- /dev/null +++ b/site-cookbooks/kosmos_discourse/recipes/nginx.rb @@ -0,0 +1,32 @@ +# +# Cookbook:: kosmos_discourse +# Recipe:: nginx +# + +domain = "community.kosmos.org" + +upstream_ip_addresses = [] +search(:node, "role:discourse").each do |n| + upstream_ip_addresses << n["knife_zero"]["host"] +end +# No Discourse host, stop here +return if upstream_ip_addresses.empty? + +template "#{node['nginx']['dir']}/sites-available/#{domain}" do + source "nginx_conf.erb" + owner 'www-data' + mode 0640 + variables server_name: domain, + ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem", + ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem", + upstream_port: 3001, + upstream_ip_addresses: upstream_ip_addresses + + notifies :reload, 'service[nginx]', :delayed +end + +nginx_site domain do + action :enable +end + +nginx_certbot_site domain diff --git a/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb b/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb index a1d639c..6d7427d 100644 --- a/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb +++ b/site-cookbooks/kosmos_discourse/templates/nginx_conf.erb @@ -1,6 +1,8 @@ # Generated by Chef upstream _discourse { - server localhost:<%= @upstream_port %>; + <% @upstream_ip_addresses.each do |upstream_ip_address| -%> + server <%= upstream_ip_address %>:<%= @upstream_port %>; + <% end -%> } <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>