Greg
51d4d88568
Initial kosmos_gitea cookbook
...
The default recipe deploys the gitea binary, generates a config file and
our custom Kosmos label set. The service runs as a Systemd unit.
The pg_db recipe needs to run on the primary PostgreSQL (currently
andromeda).
The backup recipe is empty for now
Refs #147
2020-05-18 19:39:43 +02:00
Greg
20cbc678bc
Add a method that returns the PostgreSQL service
2020-05-18 19:38:37 +02:00
Greg
82f1e9863b
Merge branch 'bugfix/160-cookbook_fixes' of kosmos/chef into master
2020-05-16 08:53:24 +00:00
Greg
d0daa9cee7
Add the encryption password for encfs to the data bag
2020-05-15 18:46:24 +02:00
Greg
d79cdf087b
Move the PGPASS environment variable to the execute resource
...
That way it does not appear in the list of running processes while the
command is running
2020-05-15 18:45:12 +02:00
Greg
31dc14e88c
Fix the firewall rules for PostgreSQL
...
I got the source and destination mixed up.
2020-05-15 18:44:42 +02:00
Greg
55b1cbc1d7
Encrypt the Postgresql data dir on the replica (centaurus)
...
encfs always runs a configuration assistant when creating a new
volume, so this needs to be done manually:
systemctl stop postgresql@12-main
mv /var/lib/postgresql /var/lib/postgresql.old
encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public
Pick p (paranoia mode) and enter the password from the data bag twice
mv /var/lib/postgresql/* /var/lib/postgresql/
systemctl start postgresql@12-main
This is running on centaurus and is mounted automatically on boot by a
system unit
Refs #129
2020-05-15 18:41:31 +02:00
Greg
4475af9204
Merge branch 'bugfix/enable_dirsrv' of kosmos/chef into master
2020-05-15 15:24:42 +00:00
Greg
57f46c6c61
Merge branch 'master' into bugfix/enable_dirsrv
2020-05-15 17:24:04 +02:00
Greg
d900ca352c
Merge branch 'bugfix/dirsrv_acis_really_fix' of kosmos/chef into master
2020-05-15 15:22:04 +00:00
Greg
b4209fa294
Fix the invalid ACIs on initial creation (for real)
...
Follow-up to #156
I found another issue with the initial ACI creation, while creating a
fresh VM. I thought I had fixed it in #156 but I was wrong. This time
the ACIs are really set and the code runs successfully.
The ACIs are set on the suffix, so modifying it is needed
This won't be executed on a server that is already running, this is only
done on the initial setup
2020-05-15 14:05:35 +02:00
Greg
10f0460fd5
Fix startup of the dirsrv@master Systemd unit on boot
...
The symlink created by Chef's service resource was wrong. Creating the
correct symlink fixes the automatic startup on boot
2020-05-15 13:54:34 +02:00
Greg
bf60f9fca8
Add the Chef client public keys for andromeda and barnard
2020-05-14 15:34:10 +02:00
Basti
773aa3ddee
Update node configs
2020-05-14 15:29:25 +02:00
Râu Cao
3c905dd51e
Merge branch 'feature/160-postgres_replication' of kosmos/chef into master
2020-05-14 13:10:34 +00:00
Greg
da278822f6
Use the new postgresql_primary role on andromeda
2020-05-14 15:09:33 +02:00
Greg
18973fe4f6
Remove the deleted tls property from the resources
2020-05-14 15:09:15 +02:00
Greg
fbf610a643
Merge branch 'master' into feature/160-postgres_replication
2020-05-14 15:06:00 +02:00
Greg
069090bf44
Remove TODOs
...
Access rules will not be part of this cookbook, they need to be added to
the cookbooks that use a PostgreSQL database
2020-05-14 13:15:47 +02:00
Greg
dd92d6cdb7
Remove deploying the root cert to clients from the README
...
We do not want to verify the root cert so this is not needed
2020-05-14 13:14:42 +02:00
Greg
124ee5e6f3
Update the README
2020-05-14 12:36:20 +02:00
Greg
0063776297
Remove unused dependencies
2020-05-13 19:11:00 +02:00
Greg
8d2ab785fc
Use a self-signed TLS certificate for PostgreSQL
2020-05-13 19:10:14 +02:00
Greg
84cb3de4a0
Remove outdated comment
...
This was the case when the code lived inside of the custom resource
2020-05-13 19:04:12 +02:00
Greg
f3f8e47cce
Add replication_password to the postgresql credentials
2020-05-13 15:35:34 +02:00
Greg
51b23c2f47
Add postgresql roles
2020-05-13 15:35:15 +02:00
Greg
eb98aa1bac
Clarify the firewall and client authentication rules
2020-05-12 16:04:58 +02:00
Greg
0180da1aa6
Fix a typo in the README
2020-05-12 15:59:55 +02:00
Greg
254f9020ae
Enable firewall rules to allow primary/replica to connect
2020-05-12 12:10:10 +02:00
Greg
80c7263a72
Upgrade PostgreSQL from 10 to 12
...
Refs #160
2020-05-11 18:26:57 +02:00
Greg
b22a7e3c0f
Update the postgresql upstream cookbook
2020-05-11 18:26:35 +02:00
Greg
21119fff08
Add a custom resource to set up PostgreSQL 12
...
Supports both primary and replica. The access rules and firewall have to
be set up outside of the custom resource, so they are part of the
recipes instead
Refs #160
2020-05-11 18:23:11 +02:00
Greg
0aae86b545
Merge branch 'feature/turn_ip_config' of kosmos/chef into master
2020-05-02 12:43:38 +00:00
Basti
4448ec2173
Configure TURN properly
...
Was missing a couple of necessary properties, and is now using an
explicit port range for TURN, and opening those ports in UFW.
2020-05-02 14:07:14 +02:00
Basti
0bcb2597e8
Update node info
2020-05-02 12:41:30 +02:00
Râu Cao
136fc84c4f
Merge branch 'feature/159-ejabberd_stun_turn' of kosmos/chef into master
2020-05-02 10:01:15 +00:00
Basti
ef2fa2da72
Configure STUN/TURN
...
Configures built-in STUN/TURN support, and adds the new service discovery
module for it.
2020-05-01 16:25:38 +02:00
Basti
35a56aa221
Update version to 20.04
2020-05-01 14:55:13 +02:00
Greg
53d53f2375
Merge branch 'bugfix/152-remove_encryption_keys_tls' of kosmos/chef into master
2020-04-30 15:50:26 +00:00
Greg
ee13c3cbe9
Merge branch 'bugfix/153-update_ejabberd_20.03' of kosmos/chef into master
2020-04-21 13:38:53 +00:00
Greg
4c1879b84e
Merge branch 'bugfix/ldap_invalid_aci' of kosmos/chef into master
2020-04-21 11:22:50 +00:00
Greg
1c920a8cb2
Remove the encryption keys after TLS cert renewal
...
This is done with awk, this was the best way I found to perform the
multi-line deletion. It deletes both the AES AND 3DES sections
The keys will be recreated on service restart
https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/ssl-and-attr-encryption
Closes #152
2020-04-20 19:11:34 +02:00
Greg
5e3c8066f9
Add the missing certbot command to generate the LDAP TLS cert
...
This had been done manually on barnard. This will not be executed on
barnard again since the cert exists
2020-04-20 19:10:15 +02:00
Greg
d01c9a4d0a
Fix the name of the deploy certbot hook
2020-04-20 19:09:43 +02:00
Greg
3ca8ab45da
Fix the invalid ACIs on initial creation
...
This is only executed on initial creation of the instance, the
production one is using these fixed ACIs, this was only an issue with
the setup
The issue was the ACI was set at the wrong level
2020-04-20 19:00:28 +02:00
Greg
db8bb44c8b
Update ejabberd to 20.03
...
The download URL has changed, they removed a prefix
Closes #153
2020-04-20 14:53:08 +02:00
Greg
f5dd2c7de9
Fix the command importing the schema on db creation
...
It had an extra }, but this only fails when creating the databases
2020-04-20 14:52:11 +02:00
Greg
f5bdc3e892
Merge branch 'doc/ldap' of kosmos/chef into master
2020-04-20 09:29:34 +00:00
Basti
73e87f8f45
Improve LDAP example command
...
We should not log passwords in bash history files. This change will
prompt the user for the password instead.
2020-04-19 13:01:39 +02:00
Râu Cao
4f1bf768ee
Merge branch 'feature/hal8000_zoom' of kosmos/chef into master
2020-04-16 20:19:30 +00:00