kosmos/chef
kosmos
/
chef
8
3
Fork 0
Code Issues 34 Pull Requests 2 Projects 1 Activity
1,850 Commits 16 Branches 0 Tags 14 MiB
Commit Graph

1850 Commits

Author SHA1 Message Date
Greg 51d4d88568 Initial kosmos_gitea cookbook 
The default recipe deploys the gitea binary, generates a config file and
our custom Kosmos label set. The service runs as a Systemd unit.

The pg_db recipe needs to run on the primary PostgreSQL (currently
andromeda).

The backup recipe is empty for now

Refs #147
 2020-05-18 19:39:43 +02:00
Greg 20cbc678bc Add a method that returns the PostgreSQL service 2020-05-18 19:38:37 +02:00
Greg 82f1e9863b Merge branch 'bugfix/160-cookbook_fixes' of kosmos/chef into master 2020-05-16 08:53:24 +00:00
Greg d0daa9cee7 Add the encryption password for encfs to the data bag 2020-05-15 18:46:24 +02:00
Greg d79cdf087b Move the PGPASS environment variable to the execute resource 
That way it does not appear in the list of running processes while the
command is running
 2020-05-15 18:45:12 +02:00
Greg 31dc14e88c Fix the firewall rules for PostgreSQL 
I got the source and destination mixed up.
 2020-05-15 18:44:42 +02:00
Greg 55b1cbc1d7 Encrypt the Postgresql data dir on the replica (centaurus) 
encfs always runs a configuration assistant when creating a new
volume, so this needs to be done manually:

   systemctl stop postgresql@12-main
   mv /var/lib/postgresql /var/lib/postgresql.old
   encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public
Pick p (paranoia mode) and enter the password from the data bag twice

   mv /var/lib/postgresql/* /var/lib/postgresql/
   systemctl start postgresql@12-main

This is running on centaurus and is mounted automatically on boot by a
system unit

Refs #129
 2020-05-15 18:41:31 +02:00
Greg 4475af9204 Merge branch 'bugfix/enable_dirsrv' of kosmos/chef into master 2020-05-15 15:24:42 +00:00
Greg 57f46c6c61 Merge branch 'master' into bugfix/enable_dirsrv 2020-05-15 17:24:04 +02:00
Greg d900ca352c Merge branch 'bugfix/dirsrv_acis_really_fix' of kosmos/chef into master 2020-05-15 15:22:04 +00:00
Greg b4209fa294 Fix the invalid ACIs on initial creation (for real) 
Follow-up to #156

I found another issue with the initial ACI creation, while creating a
fresh VM. I thought I had fixed it in #156 but I was wrong. This time
the ACIs are really set and the code runs successfully.

The ACIs are set on the suffix, so modifying it is needed

This won't be executed on a server that is already running, this is only
done on the initial setup
 2020-05-15 14:05:35 +02:00
Greg 10f0460fd5 Fix startup of the dirsrv@master Systemd unit on boot 
The symlink created by Chef's service resource was wrong. Creating the
correct symlink fixes the automatic startup on boot
 2020-05-15 13:54:34 +02:00
Greg bf60f9fca8 Add the Chef client public keys for andromeda and barnard 2020-05-14 15:34:10 +02:00
Basti 773aa3ddee
Update node configs 2020-05-14 15:29:25 +02:00
Râu Cao 3c905dd51e Merge branch 'feature/160-postgres_replication' of kosmos/chef into master 2020-05-14 13:10:34 +00:00
Greg da278822f6 Use the new postgresql_primary role on andromeda 2020-05-14 15:09:33 +02:00
Greg 18973fe4f6 Remove the deleted tls property from the resources 2020-05-14 15:09:15 +02:00
Greg fbf610a643 Merge branch 'master' into feature/160-postgres_replication 2020-05-14 15:06:00 +02:00
Greg 069090bf44 Remove TODOs 
Access rules will not be part of this cookbook, they need to be added to
the cookbooks that use a PostgreSQL database
 2020-05-14 13:15:47 +02:00
Greg dd92d6cdb7 Remove deploying the root cert to clients from the README 
We do not want to verify the root cert so this is not needed
 2020-05-14 13:14:42 +02:00
Greg 124ee5e6f3 Update the README 2020-05-14 12:36:20 +02:00
Greg 0063776297 Remove unused dependencies 2020-05-13 19:11:00 +02:00
Greg 8d2ab785fc Use a self-signed TLS certificate for PostgreSQL 2020-05-13 19:10:14 +02:00
Greg 84cb3de4a0 Remove outdated comment 
This was the case when the code lived inside of the custom resource
 2020-05-13 19:04:12 +02:00
Greg f3f8e47cce Add replication_password to the postgresql credentials 2020-05-13 15:35:34 +02:00
Greg 51b23c2f47 Add postgresql roles 2020-05-13 15:35:15 +02:00
Greg eb98aa1bac Clarify the firewall and client authentication rules 2020-05-12 16:04:58 +02:00
Greg 0180da1aa6 Fix a typo in the README 2020-05-12 15:59:55 +02:00
Greg 254f9020ae Enable firewall rules to allow primary/replica to connect 2020-05-12 12:10:10 +02:00
Greg 80c7263a72 Upgrade PostgreSQL from 10 to 12 
Refs #160
 2020-05-11 18:26:57 +02:00
Greg b22a7e3c0f Update the postgresql upstream cookbook 2020-05-11 18:26:35 +02:00
Greg 21119fff08 Add a custom resource to set up PostgreSQL 12 
Supports both primary and replica. The access rules and firewall have to
be set up outside of the custom resource, so they are part of the
recipes instead

Refs #160
 2020-05-11 18:23:11 +02:00
Greg 0aae86b545 Merge branch 'feature/turn_ip_config' of kosmos/chef into master 2020-05-02 12:43:38 +00:00
Basti 4448ec2173
Configure TURN properly 
Was missing a couple of necessary properties, and is now using an
explicit port range for TURN, and opening those ports in UFW.
 2020-05-02 14:07:14 +02:00
Basti 0bcb2597e8
Update node info 2020-05-02 12:41:30 +02:00
Râu Cao 136fc84c4f Merge branch 'feature/159-ejabberd_stun_turn' of kosmos/chef into master 2020-05-02 10:01:15 +00:00
Basti ef2fa2da72
Configure STUN/TURN 
Configures built-in STUN/TURN support, and adds the new service discovery
module for it.
 2020-05-01 16:25:38 +02:00
Basti 35a56aa221
Update version to 20.04 2020-05-01 14:55:13 +02:00
Greg 53d53f2375 Merge branch 'bugfix/152-remove_encryption_keys_tls' of kosmos/chef into master 2020-04-30 15:50:26 +00:00
Greg ee13c3cbe9 Merge branch 'bugfix/153-update_ejabberd_20.03' of kosmos/chef into master 2020-04-21 13:38:53 +00:00
Greg 4c1879b84e Merge branch 'bugfix/ldap_invalid_aci' of kosmos/chef into master 2020-04-21 11:22:50 +00:00
Greg 1c920a8cb2 Remove the encryption keys after TLS cert renewal 
This is done with awk, this was the best way I found to perform the
multi-line deletion. It deletes both the AES AND 3DES sections

The keys will be recreated on service restart

https://access.redhat.com/documentation/en-us/red_hat_directory_server/9.0/html/administration_guide/ssl-and-attr-encryption

Closes #152
 2020-04-20 19:11:34 +02:00
Greg 5e3c8066f9 Add the missing certbot command to generate the LDAP TLS cert 
This had been done manually on barnard. This will not be executed on
barnard again since the cert exists
 2020-04-20 19:10:15 +02:00
Greg d01c9a4d0a Fix the name of the deploy certbot hook 2020-04-20 19:09:43 +02:00
Greg 3ca8ab45da Fix the invalid ACIs on initial creation 
This is only executed on initial creation of the instance, the
production one is using these fixed ACIs, this was only an issue with
the setup

The issue was the ACI was set at the wrong level
 2020-04-20 19:00:28 +02:00
Greg db8bb44c8b Update ejabberd to 20.03 
The download URL has changed, they removed a prefix

Closes #153
 2020-04-20 14:53:08 +02:00
Greg f5dd2c7de9 Fix the command importing the schema on db creation 
It had an extra }, but this only fails when creating the databases
 2020-04-20 14:52:11 +02:00
Greg f5bdc3e892 Merge branch 'doc/ldap' of kosmos/chef into master 2020-04-20 09:29:34 +00:00
Basti 73e87f8f45
Improve LDAP example command 
We should not log passwords in bash history files. This change will
prompt the user for the password instead.
 2020-04-19 13:01:39 +02:00
Râu Cao 4f1bf768ee Merge branch 'feature/hal8000_zoom' of kosmos/chef into master 2020-04-16 20:19:30 +00:00