kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
1,480 Commits 7 Branches 0 Tags
Commit Graph

1480 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Râu Cao
991458208d
Use a role for configuring LDAP hostname on clients 
This way it's also easy to converge all LDAP clients at once.
 2022-11-26 16:45:45 +01:00
Râu Cao
8d4db7290e
Rename dirsrv_primary role 
The term used in 389 docs is "supplier" instead (ex "master")
 2022-11-26 16:44:05 +01:00
Râu Cao
e0fb84e56c
Store Gitea data (avatars, attachments, etc.) in Garage/S3 
Also adds a new garage gateway role, which only allows RPC (inter-node)
traffic to Garage.
 2022-11-26 13:05:07 +01:00
Râu Cao
9a89af0fe3 Add basic Garage doc 2022-11-25 10:56:22 +00:00
Râu Cao
20e6bdb7f9 Add production environment, replication for garage 
Also deploy a third node in a different data center
 2022-11-25 10:56:22 +00:00
Râu Cao
b5ff60214c Install/configure Garage 
Add a garage cookbook that installs the garage binary distribution and
creates the necessary configuration and system service.

Also deploy two new VMs to act as storage nodes.

refs #428
 2022-11-25 10:56:22 +00:00
greg
34bd187e3e Merge pull request 'Set up fail2ban for nginx, move IPFS gateway to proxy role' (#449) from feature/fail2ban_nginx into master 
Reviewed-on: #449
 2022-11-24 15:09:05 +00:00
Râu Cao
d06f5d7723
Set up fail2ban for nginx, move IPFS gateway to proxy role 2022-11-24 14:02:43 +01:00
Râu Cao
7f545404b1
Update node info 2022-11-22 21:23:39 +01:00
raucao
9dc2b387d1 Merge pull request 'Upgrade kosmos.social to Mastodon 3.5.3' (#448) from chore/upgrade_mastodon into master 
Reviewed-on: #448
 2022-11-22 20:19:52 +00:00
Greg Karékinian
5a5f8425af Add missing postgresql-client package for backup gem 2022-11-07 16:30:45 +01:00
Greg Karékinian
97fe328312 Add missing pg_db recipe on postgresql_primary role 2022-11-07 16:30:02 +01:00
Greg Karékinian
ed04753318 Update mastodon-3 node after chef run 2022-11-07 16:28:09 +01:00
Greg Karékinian
4bfb7d5f5d Extract mastodon db backup to its own recipe 2022-11-07 16:22:15 +01:00
Râu Cao
4188b2976b
Use Ruby 3.0.3, skip post-deployment migrations 2022-11-07 14:53:52 +01:00
Râu Cao
3620a43190
Upgrade Elasticsearch from 6.x to latest 7.x 2022-11-06 13:56:15 +01:00
greg
5a94050555 Merge pull request 'Prune VM backups after every run' (#447) from feature/439-prune_backups into master 
Reviewed-on: #447
 2022-11-05 20:42:31 +00:00
Râu Cao
28454c0849
Change VM backup schedule for draco 2022-11-05 17:43:53 +01:00
Râu Cao
6df168f32f
Prune VM backups after every run 2022-11-05 17:43:48 +01:00
greg
9c0764a2eb Merge pull request 'Migrate hal8000 to new kredits and nodejs VM' (#445) from feature/migrate_hal8000 into master 
Reviewed-on: #445
 2022-11-04 18:14:17 +00:00
Râu Cao
65933bef4b Move hubot nginx sites to proxy role, deploy to fornax 2022-11-04 14:41:21 +01:00
Râu Cao
6cce1d9df8 Upgrade hal8000 setup for new hubot-kredits 2022-11-04 14:41:12 +01:00
Râu Cao
534f23eebc Remove obsolete recipes 2022-11-04 14:38:51 +01:00
Râu Cao
37710be28b
Bundle main IPFS node recipes in a role 
So we can find the VM/IP
 2022-11-04 14:37:23 +01:00
raucao
1c17906a41 Merge pull request 'Deploy new kredits ipfs-pinner' (#444) from feature/deploy_new_kredits_pinner into master 
Reviewed-on: #444
 2022-11-03 13:17:47 +00:00
Râu Cao
76fd629e40
Deploy new kredits ipfs-pinner 
refs kredits/meta#10
 2022-11-03 14:16:37 +01:00
raucao
88fa0f12dd Merge pull request 'Upgrade LND to 0.15.4' (#443) from chore/upgrade_lnd into master 
Reviewed-on: #443
 2022-11-03 10:04:05 +00:00
Râu Cao
0297298ce0
Upgrade LND to 0.15.4 
Fixes a critical issue that prevents block sync in production
 2022-11-03 11:02:52 +01:00
raucao
08bcdcc395 Merge pull request 'Fix IPFS node connectivity from the outside as well as the private network' (#442) from bugfix/ipfs_connectivity into master 
Reviewed-on: #442
 2022-11-02 18:32:44 +00:00
Râu Cao
90b62e3fc1
Remove ufw logging for ipfs 2022-11-02 19:27:09 +01:00
greg
c9a0310511 Merge branch 'master' into bugfix/ipfs_connectivity 2022-11-02 17:13:55 +00:00
greg
b8d6ba4c89 Merge pull request 'Move block data to CIFS share, other data to VM's own storage' (#438) from feature/bitcoin_data_directories into master 
Reviewed-on: #438
 2022-11-02 17:13:37 +00:00
Râu Cao
b1922d26f6
Allow IPFS connections on private network 
(HAProxy is now also using the private network.)

This fixes IPFS connections to Kosmos nodes from outside the network, as
well as in between nodes on the private network.
 2022-11-02 14:06:07 +01:00
Râu Cao
f7ff1248fe
Enable Web UI on private network 2022-11-02 14:05:43 +01:00
Râu Cao
bc11301782
Move bitcoind datadir from host to VM storage 2022-10-27 11:52:05 +02:00
Râu Cao
756382ec9f
Move block data files to CIFS share 
This is the vast majority of disk space used on the host currently.
 2022-10-26 15:49:03 +02:00
Râu Cao
458558fb26
Deploy different content on kosmos.org for now 2022-10-24 15:13:18 +02:00
raucao
446148b28a Merge pull request 'Downgrade go-ipfs to 0.15' (#437) from chore/downgrade_ipfs into master 
Reviewed-on: #437
 2022-10-24 12:19:25 +00:00
Râu Cao
67f6e1b34a
Downgrade go-ipfs to 0.15 
Fixes #435
 2022-10-24 14:18:19 +02:00
greg
945283738a Merge pull request 'Set up live backups for all VMs' (#433) from feature/qemu_snapshots into master 
Reviewed-on: #433
 2022-10-22 11:52:26 +00:00
greg
33ae6befaa Merge pull request 'Block outgoing traffic to local networks by default' (#434) from feature/block_outoing_local_traffic into feature/qemu_snapshots 
Reviewed-on: #434
 2022-10-22 11:50:28 +00:00
Râu Cao
58e6e7de03
Remove ufw logs 
Just added them to check the blocking for a while
 2022-10-22 13:03:16 +02:00
Râu Cao
1afc3a5de5
Block outgoing traffic to local networks by default 
Some software, e.g. go-ipfs, is rather aggressive in scanning local
networks for peers, which can trigger abuse reports and IP locks in the
data center.
 2022-10-21 13:37:38 +02:00
Râu Cao
61710aa4a4 Set up systemd service and timer for backups 2022-10-21 10:50:04 +02:00
Râu Cao
95941c830f Remove verbose stats outout from backup script 2022-10-21 10:49:30 +02:00
Râu Cao
a5b2eb5f97 Move borg credentials to a separate file 
To be used from a service
 2022-10-21 10:49:02 +02:00
Râu Cao
374654f8fd
Update chef/ohai on hosts 2022-10-21 10:47:46 +02:00
Râu Cao
7051cc9da8 Update draco's main IP address 2022-10-21 10:47:17 +02:00
Râu Cao
51163ca3a3
Whitelist Chef attributes for newer client versions 2022-10-21 10:46:16 +02:00
Râu Cao
927bb63535
Add kvm_guest role to nodes 2022-10-19 16:28:07 +02:00