43 Commits

Author SHA1 Message Date
raucao f2ebda4a1a Update node configs 2026-07-04 16:30:15 +02:00
raucao 67f62ebd6c Scrape garage metrics 2026-07-04 16:14:36 +02:00
raucao 7dc4895da3 Remove old garage nodes 2026-07-04 15:51:39 +02:00
raucao 153b1e77c5 Add all nodes with base role as node exporter targets 2026-07-04 15:46:41 +02:00
raucao ea69c7cec6 Add prometheus node exporter to base role 2026-07-04 15:45:57 +02:00
raucao 5813a45987 Use base role instead of recipe in all runlists 2026-07-04 15:45:23 +02:00
raucao 63534e1cf5 Remove upstream prometheus cookbook, migrate to our own 2026-07-04 15:27:18 +02:00
raucao 2d835335b5 Re-add global config, change values 2026-07-04 14:15:55 +02:00
raucao e21797b402 Apply changed configs to prometheus and alertmanager 2026-07-04 14:15:38 +02:00
raucao 7396af5ca4 WIP Add node exporter 2026-07-04 14:15:33 +02:00
raucao df8c8d1742 Remove obsolete CLI option
Was left over from trying to overwrite the defaults before
2026-07-04 13:31:20 +02:00
Greg Karekinian 765d0b080e WIP Initial kosmos_prometheus wrapper cookbook 2026-07-03 17:47:13 +02:00
Greg Karekinian 4cd6c41254 Add community prometheus cookbook 2026-07-03 17:46:18 +02:00
raucao ec73dd5b57 Set Chef environment for node 2026-07-03 15:52:46 +02:00
raucao 850db344b7 Add prometheus node 2026-07-03 15:50:15 +02:00
raucao 99e8259696 Merge pull request 'Update Gitea to 1.26.4, Gitea Runner to 2.0.0' (#631) from chore/upgrade_gitea_and_runner into master
Reviewed-on: #631
2026-07-01 12:30:57 +00:00
Greg Karekinian 7810f9f373 Update Gitea to 1.26.4, Gitea Runner to 2.0.0
Two avatar configs were moved to the admin settings.
2026-07-01 14:28:31 +02:00
Greg Karekinian c167c1861f Update knife-zero 2026-07-01 14:11:09 +02:00
raucao 96bab62af1 Merge pull request 'Set up Blossom server on blossom.kosmos.org' (#630) from feature/blossom_server into master
Reviewed-on: #630
Reviewed-by: Greg <greg@kosmos.org>
2026-05-26 12:49:54 +00:00
raucao 2169e7904c Add LDAP support for blossom-server
Only available in our feature branch atm
2026-05-19 16:32:03 +02:00
raucao 5a4905aa97 Upgrade deno 2026-05-14 07:52:45 +02:00
raucao 21e31440a7 Update node config 2026-05-14 07:52:12 +02:00
raucao 894ae3f77e Add new garage node 2026-05-14 07:51:53 +02:00
raucao 8afe2ad05d Update blossom whitelist 2026-05-14 07:51:23 +02:00
raucao ef6e4e3319 Upgrade blossom-server 2026-05-14 07:50:48 +02:00
raucao f8ce544452 Set up Blossom server on blossom.kosmos.org 2026-04-18 16:37:00 +04:00
greg 36e9ea8a01 Merge pull request 'Upgrade .NET and BTCPay Server' (#629) from chore/upgrade_btcpay into master
Reviewed-on: #629
Reviewed-by: Greg <greg@kosmos.org>
2026-04-17 15:02:40 +00:00
raucao 2c2780a9f0 Update node info 2026-04-17 18:57:32 +04:00
raucao 6bcdd3f4d6 Upgrade .NET and BTCPay 2026-04-17 18:56:54 +04:00
raucao abc3f7a0cd Update node info 2026-04-17 15:47:10 +04:00
raucao 6d35c0a415 Update node info 2026-04-14 10:36:48 +04:00
raucao be0d7105d3 Merge pull request 'Migrate PostgreSQL cluster to PG14' (#625) from feature/postgresql_migration into master
Reviewed-on: #625
Reviewed-by: Greg <greg@kosmos.org>
2026-04-12 14:16:22 +00:00
raucao b24a6107d2 Merge branch 'master' into feature/postgresql_migration 2026-04-12 18:15:01 +04:00
greg ba361ad09f Merge pull request 'Create new VMs with Ubuntu 24.04' (#628) from feature/ubuntu_noble into master
Reviewed-on: #628
Reviewed-by: Greg <greg@kosmos.org>
2026-04-12 11:32:49 +00:00
greg 94be0a3543 Merge pull request 'Upgrade rskj to v9.0.1 and Ubuntu 24.04' (#627) from chore/upgrade_rskj into master
Reviewed-on: #627
Reviewed-by: Greg <greg@kosmos.org>
2026-04-12 11:31:26 +00:00
raucao 29fb3ae9c9 Automatically determine OS package name
Co-authored-by: Greg Karékinian <greg@karekinian.com>
2026-04-12 10:32:53 +00:00
raucao 3a1c3e20b8 Add new RSK testnet VM 2026-04-12 10:32:53 +00:00
raucao d7782ba41e Upgrade rskj to v9.0.1 and Ubuntu 24.04 2026-04-12 10:32:53 +00:00
raucao 22d459b558 Create new VMs with Ubuntu 24.04 2026-04-12 08:54:47 +04:00
raucao 5ed5af6d50 Use hardware clock sync on Ubuntu 24.04+ VMs 2026-04-12 08:53:50 +04:00
greg 9bf21e8317 Merge pull request 'Slow down Gitea 404s to mess with scrapers/bots' (#626) from chore/gitea_scraping into master
Reviewed-on: #626
Reviewed-by: Greg <greg@kosmos.org>
2026-04-11 17:08:16 +00:00
raucao aaed9a56d1 Slow down Gitea 404s to mess with scrapers/bots
Seems to have helped quite a lot for dealing with AI scrapers using
up all available server resources
2026-04-11 15:37:38 +04:00
raucao 41e6b29b97 Add AGENTS.md 2026-04-11 15:36:54 +04:00
76 changed files with 1237 additions and 397 deletions
+3
View File
@@ -10,3 +10,6 @@
[submodule "site-cookbooks/deno"]
path = site-cookbooks/deno
url = git@gitea.kosmos.org:kosmos/deno-cookbook.git
[submodule "site-cookbooks/blossom"]
path = site-cookbooks/blossom
url = git@gitea.kosmos.org:kosmos/blossom-cookbook.git
+41
View File
@@ -0,0 +1,41 @@
# AGENTS.md
Welcome, AI Agent! This file contains essential context and rules for interacting with the Kosmos Chef repository. Read this carefully before planning or executing any changes.
## 🏢 Project Overview
This repository contains the infrastructure automation code used by Kosmos to provision and configure bare metal servers (KVM hosts) and Ubuntu virtual machines (KVM guests).
We use **Chef Infra**, managed locally via **Knife Zero** (agentless Chef), and **Berkshelf** for dependency management.
## 📂 Directory Structure & Rules
* **`site-cookbooks/`**: 🟢 **EDITABLE.** This directory contains all custom, internal cookbooks written specifically for Kosmos services (e.g., `kosmos-postgresql`, `kosmos_gitea`, `kosmos-mastodon`). *Active development happens here.*
* **`cookbooks/`**: 🔴 **DO NOT EDIT.** This directory contains third-party/community cookbooks that are vendored. These are managed by Berkshelf. Modifying them directly will result in lost changes.
* **`roles/`**: 🟢 **EDITABLE.** Contains Chef roles written in Ruby (e.g., `base.rb`, `kvm_guest.rb`, `postgresql_primary.rb`). These define run-lists and role-specific default attributes for servers.
* **`environments/`**: Contains Chef environment definitions (like `production.rb`).
* **`data_bags/`**: Contains data bag configurations, often encrypted. Be cautious and do not expose secrets. (Note: Agents should not manage data bag secrets directly unless provided the `.chef/encrypted_data_bag_secret`).
* **`nodes/`**: Contains JSON state files for bootstrapped nodes. *Agents typically do not edit these directly unless cleaning up a deleted node.*
* **`Berksfile`**: Defines community cookbook dependencies.
* **`Vagrantfile` / `.kitchen/`**: Used for local virtualization and integration testing.
## 🛠️ Tooling & Workflows
1. **Dependency Management (Berkshelf)**
If a new community cookbook is required:
- Add it to the `Berksfile` at the root.
- Instruct the user to run `berks install` and `berks vendor cookbooks/ --delete` (or run it via the `bash` tool if permitted).
2. **Provisioning (Knife Zero)**
- Bootstrapping and converging nodes is done using `knife zero`.
- *Example:* `knife zero converge name:server-name.kosmos.org`
3. **Code Style & Conventions**
- Chef recipes, resources, and roles are written in **Ruby**.
- Follow standard Chef and Ruby (RuboCop) idioms. Look at neighboring files in `site-cookbooks/` or `roles/` to match formatting and naming conventions.
## 🚨 Core Directives for AI Agents
1. **Infrastructure as Code**: Manual server configurations are highly discouraged. All changes must be codified in a cookbook or role.
2. **Test Safety Nets**: Look for `.kitchen.yml` within specific `site-cookbooks/<name>` to understand if local integration tests are available.
3. **No Assumptions**: Do not assume standard test commands. Check `README.md` and repository config files first.
4. **Secret Handling**: Avoid hardcoding passwords or API keys in recipes or roles. Assume sensitive information is managed via Chef `data_bags`.
+1 -1
View File
@@ -1,3 +1,3 @@
source 'https://rubygems.org'
gem 'knife-zero', '>= 2.4.2'
gem 'knife-zero', '~> 2.6.0'
+306 -182
View File
@@ -1,264 +1,399 @@
GEM
remote: https://rubygems.org/
specs:
addressable (2.8.0)
public_suffix (>= 2.0.2, < 5.0)
aws-eventstream (1.2.0)
aws-partitions (1.551.0)
aws-sdk-core (3.125.6)
aws-eventstream (~> 1, >= 1.0.2)
aws-partitions (~> 1, >= 1.525.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1.0)
aws-sdk-kms (1.53.0)
aws-sdk-core (~> 3, >= 3.125.0)
aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.111.3)
aws-sdk-core (~> 3, >= 3.125.0)
abbrev (0.1.2)
addressable (2.9.0)
public_suffix (>= 2.0.2, < 8.0)
ast (2.4.3)
aws-eventstream (1.4.0)
aws-partitions (1.1263.0)
aws-sdk-core (3.252.0)
aws-eventstream (~> 1, >= 1.3.0)
aws-partitions (~> 1, >= 1.992.0)
aws-sigv4 (~> 1.9)
base64
bigdecimal
jmespath (~> 1, >= 1.6.1)
logger
aws-sdk-kms (1.129.0)
aws-sdk-core (~> 3, >= 3.248.0)
aws-sigv4 (~> 1.5)
aws-sdk-s3 (1.226.0)
aws-sdk-core (~> 3, >= 3.248.0)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.4)
aws-sdk-secretsmanager (1.56.0)
aws-sdk-core (~> 3, >= 3.125.0)
aws-sigv4 (~> 1.1)
aws-sigv4 (1.4.0)
aws-sigv4 (~> 1.5)
aws-sdk-secretsmanager (1.133.0)
aws-sdk-core (~> 3, >= 3.248.0)
aws-sigv4 (~> 1.5)
aws-sigv4 (1.12.1)
aws-eventstream (~> 1, >= 1.0.2)
bcrypt_pbkdf (1.1.0)
builder (3.2.4)
chef (17.9.42)
base64 (0.3.0)
bcrypt_pbkdf (1.1.2)
bcrypt_pbkdf (1.1.2-arm64-darwin)
bcrypt_pbkdf (1.1.2-x86_64-darwin)
benchmark (0.5.0)
bigdecimal (4.1.2)
builder (3.3.0)
chef (19.3.15)
addressable
aws-sdk-s3 (~> 1.91)
aws-sdk-secretsmanager (~> 1.46)
chef-config (= 17.9.42)
chef-utils (= 17.9.42)
bcrypt_pbkdf (~> 1.0)
chef-config (= 19.3.15)
chef-licensing (~> 1.3)
chef-utils (= 19.3.15)
chef-vault
chef-zero (>= 14.0.11)
chef-zero (~> 15.1.0)
corefoundation (~> 0.3.4)
diff-lcs (>= 1.2.4, < 1.4.0)
csv (~> 3.3.5)
diff-lcs (~> 1.6.0)
ed25519 (~> 1.2)
erubis (~> 2.7)
ffi (>= 1.5.0)
ffi (>= 1.15.5, < 1.18.0)
ffi-libarchive (~> 1.0, >= 1.0.3)
ffi-yajl (~> 2.2)
ffi-yajl (>= 2.2, < 4.0)
iniparse (~> 1.4)
inspec-core (~> 4.23)
inspec-core (~> 7.0.107)
license-acceptance (>= 1.0.5, < 3)
mixlib-archive (>= 0.4, < 2.0)
mixlib-authentication (>= 2.1, < 4)
mixlib-cli (>= 2.1.1, < 3.0)
mixlib-log (>= 2.0.3, < 4.0)
mixlib-shellout (>= 3.1.1, < 4.0)
net-sftp (>= 2.1.2, < 4.0)
ohai (~> 17.0)
mixlib-shellout (>= 3.3.8, < 3.5.0)
net-ftp
net-sftp (>= 2.1.2, < 5.0)
ohai (~> 19.0)
plist (~> 3.2)
proxifier (~> 1.0)
proxifier2 (~> 1.1)
syslog
syslog-logger (~> 1.6)
train-core (~> 3.2, >= 3.2.28)
train-winrm (>= 0.2.5)
uuidtools (>= 2.1.5, < 3.0)
vault (~> 0.16)
chef-config (17.9.42)
train-core (~> 3.13, >= 3.13.4)
train-rest (>= 0.4.1)
train-winrm (>= 0.2.17)
unf_ext (~> 0.0.9.1)
uri (>= 1.0.4, < 1.2.0)
vault (>= 0.18.2, < 0.21.0)
chef-config (19.3.15)
addressable
chef-utils (= 17.9.42)
chef-utils (= 19.3.15)
fuzzyurl
mixlib-config (>= 2.2.12, < 4.0)
mixlib-shellout (>= 2.0, < 4.0)
tomlrb (~> 1.2)
racc
tomlrb (>= 1.2, < 3.0)
chef-gyoku (1.5.0)
builder (>= 2.1.2)
rexml (~> 3.4)
chef-licensing (1.4.1)
chef-config (>= 15)
faraday (>= 1, < 3)
faraday-http-cache
mixlib-log (~> 3.0)
ostruct (~> 0.6.0)
pstore (~> 0.1.1)
tty-prompt (~> 0.23)
tty-spinner (~> 0.9.3)
chef-telemetry (1.1.1)
chef-config
concurrent-ruby (~> 1.0)
chef-utils (17.9.42)
chef-utils (19.3.15)
concurrent-ruby
chef-vault (4.1.5)
chef-zero (15.0.11)
ffi-yajl (~> 2.2)
hashie (>= 2.0, < 5.0)
chef-vault (4.2.12)
syslog (~> 0.3)
chef-winrm (2.5.0)
builder (>= 2.1.2)
chef-gyoku (~> 1.5)
erubi (~> 1.8)
gssapi (~> 1.2)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.7)
rexml (>= 3.4.2, < 4.0)
rubyntlm (~> 0.6.0, >= 0.6.3)
chef-winrm-elevated (1.2.5)
chef-winrm (>= 2.3.11)
chef-winrm-fs (>= 1.3.7)
erubi (~> 1.8)
chef-winrm-fs (1.4.2)
benchmark (~> 0.5.0)
chef-winrm (~> 2.4)
csv (~> 3.3)
erubi (>= 1.7)
logging (>= 1.6.1, < 3.0)
rubyzip (~> 2.0)
chef-zero (15.1.11)
ffi-yajl (>= 2.2, < 4.0)
hashie (>= 2.0, < 6.0)
mixlib-log (>= 2.0, < 4.0)
rack (~> 2.0, >= 2.0.6)
uuidtools (~> 2.1)
rack (~> 3.2, >= 3.2.6)
rackup (~> 2.3, >= 2.3.1)
uuidtools (>= 2.1, < 4.0)
webrick
coderay (1.1.3)
concurrent-ruby (1.1.9)
corefoundation (0.3.10)
concurrent-ruby (1.3.7)
connection_pool (2.5.5)
cookstyle (8.7.6)
rubocop (= 1.86.1)
corefoundation (0.3.19)
ffi (>= 1.15.0)
diff-lcs (1.3)
erubi (1.10.0)
csv (3.3.5)
date (3.5.1)
diff-lcs (1.6.2)
domain_name (0.6.20240107)
ed25519 (1.4.0)
erubi (1.13.1)
erubis (2.7.0)
faraday (1.4.3)
faraday-em_http (~> 1.0)
faraday-em_synchrony (~> 1.0)
faraday-excon (~> 1.1)
faraday-net_http (~> 1.0)
faraday-net_http_persistent (~> 1.1)
multipart-post (>= 1.2, < 3)
ruby2_keywords (>= 0.0.4)
faraday-em_http (1.0.0)
faraday-em_synchrony (1.0.0)
faraday-excon (1.1.0)
faraday-net_http (1.0.1)
faraday-net_http_persistent (1.2.0)
faraday_middleware (1.2.0)
faraday (~> 1.0)
ffi (1.15.5)
ffi-libarchive (1.1.3)
faraday (2.14.3)
faraday-net_http (>= 2.0, < 3.5)
json
logger
faraday-follow_redirects (0.5.0)
faraday (>= 1, < 3)
faraday-http-cache (2.5.1)
faraday (>= 0.8)
faraday-net_http (3.4.4)
net-http (~> 0.5)
ffi (1.17.4-arm64-darwin)
ffi (1.17.4-x86_64-darwin)
ffi (1.17.4-x86_64-linux-gnu)
ffi-libarchive (1.1.14)
ffi (~> 1.0)
ffi-yajl (2.4.0)
libyajl2 (>= 1.2)
ffi-yajl (2.7.11)
libyajl2 (>= 2.1)
fuzzyurl (0.9.0)
gssapi (1.3.1)
ffi (>= 1.0.1)
gyoku (1.3.1)
builder (>= 2.1.2)
hashie (4.1.0)
highline (2.0.3)
httpclient (2.8.3)
hashie (5.1.0)
logger
highline (3.1.2)
reline
http-accept (1.7.0)
http-cookie (1.1.6)
domain_name (~> 0.5)
httpclient (2.9.0)
mutex_m
iniparse (1.5.0)
inspec-core (4.52.9)
inspec-core (7.0.107)
addressable (~> 2.4)
chef-licensing (>= 1.2.0)
chef-telemetry (~> 1.0, >= 1.0.8)
faraday (>= 0.9.0, < 1.5)
faraday_middleware (~> 1.0)
hashie (>= 3.4, < 5.0)
cookstyle
csv (~> 3.0)
faraday (>= 1, < 3)
faraday-follow_redirects (~> 0.3)
hashie (>= 3.4, < 6.0)
license-acceptance (>= 0.2.13, < 3.0)
method_source (>= 0.8, < 2.0)
mixlib-log (~> 3.0)
multipart-post (~> 2.0)
ostruct (>= 0.1, < 0.7)
parallel (~> 1.9)
parslet (>= 1.5, < 2.0)
parslet (>= 1.5, < 3.0)
pry (~> 0.13)
rspec (>= 3.9, < 3.11)
rspec-its (~> 1.2)
rubyzip (>= 1.2.2, < 3.0)
rspec (>= 3.9, <= 3.14)
rspec-its (>= 1.2, < 3.0)
rubyzip (>= 1.2.2, < 4.0)
semverse (~> 3.0)
sslshake (~> 1.2)
thor (>= 0.20, < 2.0)
tomlrb (>= 1.2, < 2.1)
train-core (~> 3.0)
syslog (~> 0.1)
thor (>= 0.20, < 1.5.0)
tomlrb (>= 1.3, < 2.1)
train-core (~> 3.16, >= 3.16.1)
tty-prompt (~> 0.17)
tty-table (~> 0.10)
io-console (0.8.2)
ipaddress (0.8.3)
jmespath (1.5.0)
json (2.6.1)
knife (17.9.26)
jmespath (1.6.2)
json (2.20.0)
knife (19.0.134)
abbrev
bcrypt_pbkdf (~> 1.1)
chef (>= 17)
chef-config (>= 17)
chef-utils (>= 17)
chef-licensing (~> 1.2)
chef-vault
ed25519 (>= 1.2, < 2.0)
erubis (~> 2.7)
ffi (>= 1.15)
ffi-yajl (~> 2.2)
highline (>= 1.6.9, < 3)
ffi (>= 1.15, < 1.18.0)
ffi-yajl (>= 2.2, < 3.0)
highline (>= 1.6.9, < 4)
license-acceptance (>= 1.0.5, < 3)
mixlib-archive (>= 0.4, < 2.0)
mixlib-cli (>= 2.1.1, < 3.0)
net-ssh (>= 5.1, < 7)
net-ssh (>= 5.1, < 8)
net-ssh-multi (~> 1.2, >= 1.2.1)
ohai (~> 17.0)
pastel
train-core (~> 3.2, >= 3.2.28)
train-winrm (>= 0.2.5)
proxifier2 (~> 1.1)
train-core (~> 3.13, >= 3.13.4)
train-winrm (>= 0.2.17)
tty-prompt (~> 0.21)
tty-screen (~> 0.6)
tty-table (~> 0.11)
knife-zero (2.4.2)
chef (>= 15.0)
knife-zero (2.6.0)
chef (>= 16.6)
knife (>= 17.0)
language_server-protocol (3.17.0.5)
libyajl2 (2.1.0)
license-acceptance (2.1.13)
pastel (~> 0.7)
tomlrb (>= 1.2, < 3.0)
tty-box (~> 0.6)
tty-prompt (~> 0.20)
lint_roller (1.1.0)
little-plugger (1.1.4)
logging (2.3.0)
logger (1.7.0)
logging (2.4.0)
little-plugger (~> 1.1)
multi_json (~> 1.14)
method_source (1.0.0)
mixlib-archive (1.1.7)
method_source (1.1.0)
mime-types (3.7.0)
logger
mime-types-data (~> 3.2025, >= 3.2025.0507)
mime-types-data (3.2026.0701)
mixlib-archive (1.3.3)
mixlib-log
mixlib-authentication (3.0.10)
mixlib-cli (2.1.8)
mixlib-config (3.0.9)
mixlib-config (3.0.27)
tomlrb
mixlib-log (3.0.9)
mixlib-shellout (3.2.5)
mixlib-log (3.2.3)
ffi (>= 1.15.5)
mixlib-shellout (3.4.10)
chef-utils
multi_json (1.15.0)
multipart-post (2.1.1)
net-scp (3.0.0)
net-ssh (>= 2.6.5, < 7.0.0)
net-sftp (3.0.0)
net-ssh (>= 5.0.0, < 7.0.0)
net-ssh (6.1.0)
multi_json (1.19.1)
multipart-post (2.4.1)
mutex_m (0.3.0)
net-ftp (0.3.9)
net-protocol
time
net-http (0.9.1)
uri (>= 0.11.1)
net-http-persistent (4.0.8)
connection_pool (>= 2.2.4, < 4)
net-protocol (0.2.2)
timeout
net-scp (4.1.0)
net-ssh (>= 2.6.5, < 8.0.0)
net-sftp (4.0.0)
net-ssh (>= 5.0.0, < 8.0.0)
net-ssh (7.3.3)
net-ssh-gateway (2.0.0)
net-ssh (>= 4.0.0)
net-ssh-multi (1.2.1)
net-ssh (>= 2.6.5)
net-ssh-gateway (>= 1.2.0)
nori (2.6.0)
ohai (17.9.0)
chef-config (>= 14.12, < 18)
chef-utils (>= 16.0, < 18)
ffi (~> 1.9)
ffi-yajl (~> 2.2)
netrc (0.11.0)
nori (2.7.1)
bigdecimal
ohai (19.1.40)
base64
chef-config (>= 14.12, < 20)
chef-utils (>= 16.0, < 20)
ffi (>= 1.15.5)
ffi-yajl (>= 2.2, < 3.0)
ipaddress
mixlib-cli (>= 1.7.0)
mixlib-config (>= 2.0, < 4.0)
mixlib-log (>= 2.0.1, < 4.0)
mixlib-shellout (~> 3.2, >= 3.2.5)
mixlib-shellout (>= 3.3.6, < 3.5.0)
plist (~> 3.1)
train-core
wmi-lite (~> 1.0)
parallel (1.21.0)
parslet (1.8.2)
ostruct (0.6.3)
parallel (1.28.0)
parser (3.3.11.1)
ast (~> 2.4.1)
racc
parslet (2.0.0)
pastel (0.8.0)
tty-color (~> 0.5)
plist (3.6.0)
proxifier (1.0.3)
pry (0.14.1)
plist (3.7.2)
prism (1.9.0)
proxifier2 (1.1.0)
pry (0.16.0)
coderay (~> 1.1)
method_source (~> 1.0)
public_suffix (4.0.6)
rack (2.2.3)
rspec (3.10.0)
rspec-core (~> 3.10.0)
rspec-expectations (~> 3.10.0)
rspec-mocks (~> 3.10.0)
rspec-core (3.10.2)
rspec-support (~> 3.10.0)
rspec-expectations (3.10.2)
reline (>= 0.6.0)
pstore (0.1.4)
public_suffix (6.0.2)
racc (1.8.1)
rack (3.2.6)
rackup (2.3.1)
rack (>= 3)
rainbow (3.1.1)
regexp_parser (2.12.0)
reline (0.6.3)
io-console (~> 0.5)
rest-client (2.1.0)
http-accept (>= 1.7.0, < 2.0)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0)
netrc (~> 0.8)
rexml (3.4.4)
rspec (3.13.2)
rspec-core (~> 3.13.0)
rspec-expectations (~> 3.13.0)
rspec-mocks (~> 3.13.0)
rspec-core (3.13.6)
rspec-support (~> 3.13.0)
rspec-expectations (3.13.5)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.10.0)
rspec-its (1.3.0)
rspec-core (>= 3.0.0)
rspec-expectations (>= 3.0.0)
rspec-mocks (3.10.3)
rspec-support (~> 3.13.0)
rspec-its (2.0.0)
rspec-core (>= 3.13.0)
rspec-expectations (>= 3.13.0)
rspec-mocks (3.13.8)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.10.0)
rspec-support (3.10.3)
ruby2_keywords (0.0.5)
rubyntlm (0.6.3)
rubyzip (2.3.2)
semverse (3.0.0)
rspec-support (~> 3.13.0)
rspec-support (3.13.7)
rubocop (1.86.1)
json (~> 2.3)
language_server-protocol (~> 3.17.0.2)
lint_roller (~> 1.1.0)
parallel (>= 1.10)
parser (>= 3.3.0.2)
rainbow (>= 2.2.2, < 4.0)
regexp_parser (>= 2.9.3, < 3.0)
rubocop-ast (>= 1.49.0, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 4.0)
rubocop-ast (1.49.1)
parser (>= 3.3.7.2)
prism (~> 1.7)
ruby-progressbar (1.13.0)
rubyntlm (0.6.5)
base64
rubyzip (2.4.1)
semverse (3.0.2)
socksify (1.8.1)
sslshake (1.3.1)
strings (0.2.1)
strings-ansi (~> 0.2)
unicode-display_width (>= 1.5, < 3.0)
unicode_utils (~> 1.4)
strings-ansi (0.2.0)
syslog (0.4.0)
logger
syslog-logger (1.6.8)
thor (1.2.1)
tomlrb (1.3.0)
train-core (3.8.7)
thor (1.4.0)
time (0.4.2)
date
timeout (0.6.1)
tomlrb (2.0.4)
train-core (3.16.5)
addressable (~> 2.5)
ffi (!= 1.13.0)
json (>= 1.8, < 3.0)
ffi (>= 1.16.0, < 1.18)
json (>= 2.19.2, < 3.0)
mixlib-shellout (>= 2.0, < 4.0)
net-scp (>= 1.2, < 4.0)
net-ssh (>= 2.9, < 7.0)
train-winrm (0.2.12)
winrm (>= 2.3.6, < 3.0)
winrm-elevated (~> 1.2.2)
winrm-fs (~> 1.0)
net-scp (>= 1.2, < 5.0)
net-ssh (>= 2.9, < 8.0)
train-rest (0.5.0)
aws-sigv4 (~> 1.5)
rest-client (~> 2.1)
train-core (~> 3.0)
train-winrm (0.4.3)
chef-winrm (>= 2.4.4, < 3.0)
chef-winrm-elevated (>= 1.2.5, < 2.0)
chef-winrm-fs (>= 1.4.1, < 2.0)
socksify (~> 1.8)
tty-box (0.7.0)
pastel (~> 0.8)
strings (~> 0.2.0)
@@ -272,45 +407,34 @@ GEM
tty-cursor (~> 0.7)
tty-screen (~> 0.8)
wisper (~> 2.0)
tty-screen (0.8.1)
tty-screen (0.8.2)
tty-spinner (0.9.3)
tty-cursor (~> 0.7)
tty-table (0.12.0)
pastel (~> 0.8)
strings (~> 0.2.0)
tty-screen (~> 0.8)
unicode-display_width (2.1.0)
unf_ext (0.0.9.1)
unicode-display_width (2.6.0)
unicode_utils (1.4.0)
uuidtools (2.2.0)
vault (0.16.0)
uri (1.1.1)
uuidtools (3.0.0)
vault (0.20.1)
aws-sigv4
webrick (1.7.0)
winrm (2.3.6)
builder (>= 2.1.2)
erubi (~> 1.8)
gssapi (~> 1.2)
gyoku (~> 1.0)
httpclient (~> 2.2, >= 2.2.0.2)
logging (>= 1.6.1, < 3.0)
nori (~> 2.0)
rubyntlm (~> 0.6.0, >= 0.6.3)
winrm-elevated (1.2.3)
erubi (~> 1.8)
winrm (~> 2.0)
winrm-fs (~> 1.0)
winrm-fs (1.3.5)
erubi (~> 1.8)
logging (>= 1.6.1, < 3.0)
rubyzip (~> 2.0)
winrm (~> 2.0)
base64
net-http-persistent (~> 4.0, >= 4.0.2)
webrick (1.9.2)
wisper (2.0.1)
wmi-lite (1.0.5)
wmi-lite (1.0.7)
PLATFORMS
arm64-darwin-22
x86_64-darwin-18
x86_64-darwin-19
x86_64-linux
DEPENDENCIES
knife-zero (>= 2.4.2)
knife-zero (~> 2.6.0)
BUNDLED WITH
2.2.15
-4
View File
@@ -1,4 +0,0 @@
{
"name": "garage-10",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2+3Wo+KkXVJCOX1SxT9\nSdwKXgPbCDM3EI9uwoxhMxQfRyN53dxIsBDsQUVOIe1Z8yqm4FenMQlNmeDR+QLE\nvNFf1fisinW+D9VVRm+CjcJy96i/Dyt786Z6YRrDlB860HxCbfTL2Zv5BRtbyIKg\nhz5gO+9PMEpPVR2ij9iue4K6jbM1AAL2ia/P6zDWLJqeIzUocCeHV5N0Z3jXH6qr\nf444v78x35MMJ+3tg5h95SU1/PDCpdSTct4uHEuKIosiN7p4DlYMoM5iSyvVoujr\nflRQPEpGzS9qEt3rDo/F4ltzYMx6bf1tB/0QaBKD+zwPZWTTwf61tSBo5/NkGvJc\nFQIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "garage-12",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9GtHHi298BjiIqpZ3WkT\nkYAPfWD60hFe/8icYcq/F/6cHLYKZQ4chek9X/hDCMq4tHEN6Oh58T5x/nuNdPrK\nIAMGyVAGk6ekWlmD4jwdEf6TGb/J3ffJTRDvwX/I8xD/DW3wtXsN+X24T59ByGTm\nrnwRmmmwHF3otRx9wnCsIgDQ0AjiUujsfNNv1FcLXD/WJLys9lEeU5aJ4XtHTwDv\ntJM8YyVEFhEnuvgdKmzn5+F5k9VGdUwForlFOBfvzbCnTZMDMmDVeiUtAUv/7xWQ\nQl2mLUGCtgWuYJYXsQacAJ6pa3h+7cQyshC6w3dwUG+1fS9lNO0Yp1GGX1AGYKpp\nPQIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "garage-13",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbqWc6OwRxgHfsQuTNL4\naxeVvNen5d9srYpZSHjuBB/k9NHB+9P6vU5qF37XHkw1lVUGeYbPHzhYsx3O0/kZ\nH5f4+4SMy/P9jc6SE7AJF4qtYKgJ88koZdqCww07c6K9g+BnEGFFZui/h3hUBxWj\nTfhBHEWPyQ2bl/lr9sIJwsEz+EN0isGn/eIXkmw9J6LdLJ5Q0LLks33K28FNOU7q\nfeAN4MiBVMUtgCGyT2Voe6WrOXwQLSDXQONOp3sfSfFExsIJ1s24xdd7AMD7/9a7\n4sFDZ4swhqAWgWmW2giR7Kb8wTvGQLO/O/uUbmKz3DZXgkOKXHdHCEB/PZx1mRNM\nEwIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "garage-16",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYCUN4WNP05pjbxVJd1/\nvmDZU6XRrVVZS5piSSRzs+uxrcUQZew9oe8YwnB9Acf7nl1igS1Fa3e3TyVdrdrM\n+zKLIszJfZw8qH0BhUHYhIm5o+NXeUDR6zor5/4msq9yyXxMFM3FY6HSnz1IBY6P\n43GdArRqAhccGZTBzvowHZvVTkG553oYF1ETxlUWn+9l142YZufNK+B2JGUGSnf3\nS0A2vlQi7DGHBcUaPPqCLeaXB1cQ4Q6SqMvnExpi0xTdY2QXLlSIBJvJVowLtQKs\npS5qHxwCabMY/uHVoEKxgmMcGvjp4L0PoaXRcev5I2sDfbLuz1VxYfatjgI/1psg\ntwIDAQAB\n-----END PUBLIC KEY-----\n"
}
-4
View File
@@ -1,4 +0,0 @@
{
"name": "garage-9",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMHzKE8JBrsQkmRDeMjX\n71mBzvRzNM90cwA8xtvIkXesdTyGqohX9k/PJbCY5ySGK9PpMaYDPVAnwnUP8LFQ\n3G98aSbLxUjqU/PBzRsnWpihehr05uz9zYcNFzr4LTNvGQZsq47nN9Tk+LG3zHP7\nAZViv2mJ4ZRnukXf6KHlyoVvhuTu+tiBM8QzjTF97iP/aguNPzYHmrecy9Uf5bSA\nZrbNZT+ayxtgswC2OclhRucx7XLSuHXtpwFqsQzSAhiX1aQ3wwCyH9WJtVwpfUsE\nlxTjcQiSM9aPZ8iSC0shpBaKD1j3iF/2K2Jk+88++zMhJJPLermvaJxzsdePgvyk\nKQIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "prometheus-1",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7T/OBo/TZm3YqnN4+ok\nHwcJ0kW9w2rl9UfrOlWUvoPHBd2LrqpEv3Az3a150IylQ1H/UozmQA7DtjIoTA7d\nV3oLY970vYrYiURcojOo8qAZBy8EH7dfAHxuZryUeELr+3vdcHF5WrrfSt2FdFVX\nPTY95ikafAnOO0Nt8jvnlPoDn7REV8TOE6KOiUzcHKa2xGlfaIe0oRC21LD86uQm\nR09xY1YaJkVgZfeN/opoRjZawkU3FFs3jlUEVBF8k153oOw9W3bgsFFjSOtRtRRg\nDwyQ7oDeMH83kXnaCdpkNZd59wjzPcpxYAL4LRN52ZXA4Btr4DTi+GxHz98Dr0kU\nUQIDAQAB\n-----END PUBLIC KEY-----\n"
}
+4
View File
@@ -0,0 +1,4 @@
{
"name": "rsk-testnet-6",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1p4+F536/peA4XWMJtm\njggPl6yJb42V5bg3kDa8SHoIoQgXn59d3BclZ1Oz2+JhFd3Rrn4FN3Z1wzGpP+gA\nnxQOfgRG1ucahh7Nxaw3IdoHm7r/EdEOc9FrxvGJ+09YnmLfzn4iVQpsUiOiNVS7\n0LXtMXYtsjD+o6BTbOhGU8FMmGhMhQfXFVgoDdTiM/Q62zPw8Vtpa3yFpFJAu+dA\n+mm5h5W6FnaWJXM2arn3PxDOt+JQSWp5PYG4goU1FFreU9iFuoeGEfLy8unlbbXt\ne96QhNuCkOA15xqta0Z3oL7IlXWns7dLgZYlpZT9zaExIs3AEDaQcleacQPzXKSG\nswIDAQAB\n-----END PUBLIC KEY-----\n"
}
+24
View File
@@ -0,0 +1,24 @@
{
"id": "blossom",
"admin_password": {
"encrypted_data": "Gd6AzFmySL0p+xo1PnRn9p4Fwge1m3CQj+NRLIUD8P9u1C8=\n",
"iv": "l6KVzF9xEEBRRAmh\n",
"auth_tag": "P791KMh9TxuHiWJpDKxWQA==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"s3_access_key": {
"encrypted_data": "S8jB2LDQOxI/p5ugggW1Sk50TS9TJe9sLv04O/VD9/v22SSM7J6ETomTA+Hd\n",
"iv": "dUIIZbdAT9q72ioX\n",
"auth_tag": "+5fCNOuTE/+FqdV6rDNbkw==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"s3_secret_key": {
"encrypted_data": "soT63l2frBJDNmHetXmEPvNYBsTpvTyR95FA2rxuZXvVE7hMj21La8/0Amk7\nv+mHOBUMaGG9BTLN0tVFkL0+lGPXdZJTbtDHgluk5l6lLPyc8KY=\n",
"iv": "RuXs2pL9C/wpwJ/w\n",
"auth_tag": "nu7dE2udTkxaUZCR42h09w==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}
+10
View File
@@ -18,6 +18,16 @@
"relay_url": "wss://nostr.kosmos.org"
}
},
"blossom": {
"domain": "blossom.kosmos.org",
"storage": {
"s3": {
"endpoint": "s3.kosmos.org",
"region": "garage",
"bucket": "blossom"
}
}
},
"discourse": {
"domain": "community.kosmos.org"
},
+4 -4
View File
@@ -67,13 +67,13 @@
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.2.7",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib",
"version": "18.10.17",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.1.4",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
"version": "18.2.13",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
}
}
},
+1 -1
View File
@@ -8,7 +8,7 @@
"automatic": {
"fqdn": "bitcoin-2",
"os": "linux",
"os_version": "5.4.0-163-generic",
"os_version": "5.4.0-216-generic",
"hostname": "bitcoin-2",
"ipaddress": "192.168.122.148",
"roles": [
+1 -1
View File
@@ -61,7 +61,7 @@
}
},
"run_list": [
"recipe[kosmos-base]",
"role[base]",
"role[kvm_guest]",
"role[garage_gateway]",
"role[kosmos_discourse]"
+5 -4
View File
@@ -46,6 +46,7 @@
"kosmos_garage::default",
"kosmos_garage::firewall_rpc",
"kosmos_assets::nginx_site",
"kosmos_blossom::nginx",
"kosmos_discourse::nginx",
"kosmos_drone::nginx",
"kosmos_garage::nginx_web",
@@ -112,13 +113,13 @@
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.2.7",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib",
"version": "18.10.17",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.1.4",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
"version": "18.2.13",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
}
}
},
+1 -1
View File
@@ -55,7 +55,7 @@
}
},
"run_list": [
"recipe[kosmos-base]",
"role[base]",
"role[kvm_guest]",
"role[drone]"
]
+5 -4
View File
@@ -39,6 +39,7 @@
"kosmos_garage::default",
"kosmos_garage::firewall_rpc",
"kosmos_assets::nginx_site",
"kosmos_blossom::nginx",
"kosmos_discourse::nginx",
"kosmos_drone::nginx",
"kosmos_garage::nginx_web",
@@ -105,13 +106,13 @@
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.2.7",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib",
"version": "18.10.17",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.1.4",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
"version": "18.2.13",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
}
}
},
-64
View File
@@ -1,64 +0,0 @@
{
"name": "garage-10",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.27"
}
},
"automatic": {
"fqdn": "garage-10",
"os": "linux",
"os_version": "5.4.0-1090-kvm",
"hostname": "garage-10",
"ipaddress": "192.168.122.70",
"roles": [
"base",
"kvm_guest",
"garage_node"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_garage",
"kosmos_garage::default",
"kosmos_garage::firewall_rpc",
"kosmos_garage::firewall_apis",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"firewall::default"
],
"platform": "ubuntu",
"platform_version": "20.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[garage_node]"
]
}
+2
View File
@@ -20,6 +20,7 @@
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest",
"kosmos_garage",
"kosmos_garage::default",
@@ -30,6 +31,7 @@
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
+1
View File
@@ -20,6 +20,7 @@
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest",
"kosmos_garage",
"kosmos_garage::default",
+1
View File
@@ -20,6 +20,7 @@
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest",
"kosmos_garage",
"kosmos_garage::default",
+12 -13
View File
@@ -1,17 +1,17 @@
{
"name": "garage-12",
"name": "garage-16",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.224"
"host": "10.1.1.153"
}
},
"automatic": {
"fqdn": "garage-12",
"fqdn": "garage-16",
"os": "linux",
"os_version": "5.15.0-1059-kvm",
"hostname": "garage-12",
"ipaddress": "192.168.122.173",
"os_version": "6.8.0-106-generic",
"hostname": "garage-16",
"ipaddress": "192.168.122.182",
"roles": [
"base",
"kvm_guest",
@@ -20,6 +20,7 @@
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest",
"kosmos_garage",
"kosmos_garage::default",
@@ -28,8 +29,6 @@
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
@@ -43,17 +42,17 @@
"firewall::default"
],
"platform": "ubuntu",
"platform_version": "22.04",
"platform_version": "24.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.7.10",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
"version": "18.10.17",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.2.5",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
"version": "18.2.13",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
}
}
},
+2
View File
@@ -20,6 +20,7 @@
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest",
"kosmos_garage",
"kosmos_garage::default",
@@ -30,6 +31,7 @@
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
+2
View File
@@ -20,6 +20,7 @@
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest",
"kosmos_garage",
"kosmos_garage::default",
@@ -30,6 +31,7 @@
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
+1 -1
View File
@@ -33,7 +33,7 @@
"kosmos_gitea",
"kosmos_gitea::default",
"kosmos_gitea::backup",
"kosmos_gitea::act_runner",
"kosmos_gitea::runner",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
+1 -1
View File
@@ -60,7 +60,7 @@
}
},
"run_list": [
"recipe[kosmos-base]",
"role[base]",
"role[kvm_guest]",
"role[ipfs_gateway]"
]
+1 -1
View File
@@ -57,7 +57,7 @@
}
},
"run_list": [
"recipe[kosmos-base]",
"role[base]",
"role[kvm_guest]",
"role[dirsrv_supplier]"
]
+1 -1
View File
@@ -8,7 +8,7 @@
"automatic": {
"fqdn": "leo",
"os": "linux",
"os_version": "5.15.0-164-generic",
"os_version": "5.15.0-173-generic",
"hostname": "leo",
"ipaddress": "5.9.81.116",
"roles": [
+1
View File
@@ -30,6 +30,7 @@
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
+1 -1
View File
@@ -83,7 +83,7 @@
}
},
"run_list": [
"recipe[kosmos-base]",
"role[base]",
"role[kvm_guest]",
"role[ldap_client]",
"role[garage_gateway]",
@@ -1,35 +1,32 @@
{
"name": "garage-13",
"name": "prometheus-1",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.179"
"host": "10.1.1.146"
}
},
"automatic": {
"fqdn": "garage-13",
"fqdn": "prometheus-1",
"os": "linux",
"os_version": "5.15.0-1059-kvm",
"hostname": "garage-13",
"ipaddress": "192.168.122.27",
"os_version": "6.8.0-134-generic",
"hostname": "prometheus-1",
"ipaddress": "192.168.122.166",
"roles": [
"base",
"kvm_guest",
"garage_node"
"prometheus_server"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_prometheus::node_exporter",
"kosmos_kvm::guest",
"kosmos_garage",
"kosmos_garage::default",
"kosmos_garage::firewall_rpc",
"kosmos_garage::firewall_apis",
"kosmos_prometheus::server",
"kosmos_prometheus::alertmanager",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
@@ -43,23 +40,23 @@
"firewall::default"
],
"platform": "ubuntu",
"platform_version": "22.04",
"platform_version": "24.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.7.10",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.7.10/lib",
"version": "18.10.17",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.2.5",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.5/lib/ohai"
"version": "18.2.13",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[garage_node]"
"role[prometheus_server]"
]
}
+1 -1
View File
@@ -55,7 +55,7 @@
}
},
"run_list": [
"recipe[kosmos-base]",
"role[base]",
"role[kvm_guest]",
"role[remotestorage_discourse]"
]
@@ -1,35 +1,30 @@
{
"name": "garage-9",
"chef_environment": "production",
"name": "rsk-testnet-6",
"normal": {
"knife_zero": {
"host": "10.1.1.223"
"host": "10.1.1.20"
}
},
"automatic": {
"fqdn": "garage-9",
"fqdn": "rsk-testnet-6",
"os": "linux",
"os_version": "5.4.0-1090-kvm",
"hostname": "garage-9",
"ipaddress": "192.168.122.21",
"os_version": "6.8.0-107-generic",
"hostname": "rsk-testnet-6",
"ipaddress": "192.168.122.231",
"roles": [
"base",
"kvm_guest",
"garage_node"
"rskj_testnet"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_garage",
"kosmos_garage::default",
"kosmos_garage::firewall_rpc",
"kosmos_garage::firewall_apis",
"kosmos_rsk::rskj",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
@@ -39,26 +34,27 @@
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"kosmos_rsk::firewall",
"firewall::default"
],
"platform": "ubuntu",
"platform_version": "20.04",
"platform_version": "24.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"version": "18.10.17",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
"version": "18.2.13",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[garage_node]"
"role[rskj_testnet]"
]
}
+8 -3
View File
@@ -16,7 +16,8 @@
"base",
"kvm_guest",
"strfry",
"ldap_client"
"ldap_client",
"blossom"
],
"recipes": [
"kosmos-base",
@@ -28,6 +29,8 @@
"kosmos_strfry::policies",
"kosmos_strfry::firewall",
"kosmos_strfry::substr",
"kosmos_blossom",
"kosmos_blossom::default",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
@@ -43,7 +46,8 @@
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"deno::default"
"deno::default",
"blossom::default"
],
"platform": "ubuntu",
"platform_version": "22.04",
@@ -63,6 +67,7 @@
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[strfry]"
"role[strfry]",
"role[blossom]"
]
}
+1 -1
View File
@@ -60,7 +60,7 @@
}
},
"run_list": [
"recipe[kosmos-base]",
"role[base]",
"role[kvm_guest]",
"recipe[kosmos-ejabberd::upload_service]"
]
+1
View File
@@ -2,4 +2,5 @@ name "base"
run_list %w(
kosmos-base::default
kosmos_prometheus::node_exporter
)
+16
View File
@@ -0,0 +1,16 @@
name "blossom"
override_attributes(
"blossom" => {
"allowed_pubkeys" => [
# "b3e1b7c0ef48294bd856203bfd460625de95d3afb894e5f09b14cd1f0e7097cf",
# "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3",
# "898a73f2c1f9a9f42d9ef4ac363622f92fdd4290c8f190340a0862d8e0f70046"
]
},
)
run_list %w(
role[ldap_client]
kosmos_blossom::default
)
+1 -1
View File
@@ -1,5 +1,5 @@
name "gitea_actions_runner"
run_list %w(
kosmos_gitea::act_runner
kosmos_gitea::runner
)
+1
View File
@@ -19,6 +19,7 @@ production_run_list = %w(
role[openresty]
role[garage_gateway]
kosmos_assets::nginx_site
kosmos_blossom::nginx
kosmos_discourse::nginx
kosmos_drone::nginx
kosmos_garage::nginx_web
+12
View File
@@ -0,0 +1,12 @@
name "prometheus_server"
default_run_list = [
"kosmos_prometheus::server",
"kosmos_prometheus::alertmanager"
]
env_run_lists(
"_default" => default_run_list,
"development" => default_run_list,
"production" => default_run_list
)
@@ -86,9 +86,6 @@ node.default['lndhub-go']['branding'] = {
'footer' => 'about=https://kosmos.org'
}
node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer'
node.default['nbxplorer']['revision'] = 'v2.5.26'
node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer'
@@ -98,7 +95,7 @@ node.default['nbxplorer']['postgres']['database'] = 'nbxplorer'
node.default['nbxplorer']['postgres']['user'] = 'nbxplorer'
node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver'
node.default['btcpay']['revision'] = 'v2.1.1'
node.default['btcpay']['revision'] = 'v2.3.7'
node.default['btcpay']['source_dir'] = '/opt/btcpay'
node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config"
node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log"
@@ -5,29 +5,16 @@
build_essential
apt_repository 'universe' do
uri 'http://archive.ubuntu.com/ubuntu/'
distribution 'focal'
components ['universe']
remote_file "/opt/dotnet-install.sh" do
source "https://dot.net/v1/dotnet-install.sh"
mode "0755"
end
apt_package 'apt-transport-https'
remote_file '/opt/packages-microsoft-prod.deb' do
source node['dotnet']['ms_packages_src_url']
checksum node['dotnet']['ms_packages_src_checksum']
action :create_if_missing
execute "install_dotnet_10" do
command "/opt/dotnet-install.sh -c 10.0 --install-dir /usr/share/dotnet"
not_if '/usr/share/dotnet/dotnet --version | grep -q "^10\."'
end
dpkg_package 'packages-microsoft-prod' do
source '/opt/packages-microsoft-prod.deb'
action :install
notifies :run, 'execute[apt_update]'
link "/usr/bin/dotnet" do
to "/usr/share/dotnet/dotnet"
end
execute 'apt_update' do
command 'apt update'
action :nothing
end
apt_package 'dotnet-sdk-8.0'
@@ -0,0 +1 @@
# No attributes here, use the blossom cookbook's attributes
@@ -0,0 +1,6 @@
name 'kosmos_blossom'
description 'Configures Blossom server for Kosmos infrastructure'
version '0.1.0'
depends 'blossom'
depends 'kosmos-base'
depends 'kosmos_openresty'
@@ -0,0 +1,38 @@
#
# Cookbook Name:: kosmos_blossom
# Recipe:: default
#
credentials = Chef::EncryptedDataBagItem.load('credentials', 'blossom')
ldap_credentials = Chef::EncryptedDataBagItem.load('credentials', 'dirsrv')
node.default['blossom']['repo_url'] = 'https://github.com/67P/blossom-server.git'
node.default['blossom']['revision'] = 'feature/ldap'
node.default['blossom']['storage']['backend'] = 's3'
node.default['blossom']['storage']['s3']['access_key'] = credentials['s3_access_key']
node.default['blossom']['storage']['s3']['secret_key'] = credentials['s3_secret_key']
node.default['blossom']['allow_anonymous_uploads'] = false
node.default['blossom']['ldap']['enabled'] = true
node.default['blossom']['ldap']['url'] = 'ldap://ldap.kosmos.local:389'
node.default['blossom']['ldap']['bind_dn'] = ldap_credentials["service_dn"]
node.default['blossom']['ldap']['password'] = ldap_credentials["service_password"]
node.default['blossom']['ldap']['search_dn'] = "ou=kosmos.org,cn=users,dc=kosmos,dc=org"
node.default['blossom']['ldap']['search_filter'] = "(nostrKey={pubkey})"
node.default['blossom']['dashboard']['enabled'] = true
node.default['blossom']['dashboard']['username'] = credentials['admin_username'] || 'admin'
node.default['blossom']['dashboard']['password'] = credentials['admin_password']
node.default['blossom']['landing']['title'] = 'Kosmos Blossom Server'
include_recipe 'blossom::default'
firewall_rule 'blossom' do
port node['blossom']['port']
source '10.1.1.0/24'
protocol :tcp
command :allow
end
@@ -0,0 +1,28 @@
#
# Cookbook Name:: kosmos_blossom
# Recipe:: nginx
#
domain = node['blossom']['domain']
blossom_node = search(:node, 'role:blossom').first
if blossom_node.nil?
Chef::Log.warn("No node found with 'blossom' role. Not configuring nginx site.")
return
end
tls_cert_for domain do
auth 'gandi_dns'
action :create
end
openresty_site domain do
template 'nginx_conf_blossom.erb'
variables domain: domain,
upstream_host: blossom_node['knife_zero']['host'],
upstream_port: node['blossom']['port'],
max_size_mb: node['blossom']['max_size'] / 1024 / 1024,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem"
end
@@ -0,0 +1,26 @@
upstream _blossom {
server <%= @upstream_host %>:<%= @upstream_port %>;
}
server {
server_name <%= @domain %>;
listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
listen <%= "[#{node['openresty']['listen_ipv6']}]" %>:443 ssl http2;
access_log "/var/log/nginx/<%= @domain %>.access.log";
error_log "/var/log/nginx/<%= @domain %>.error.log";
client_max_body_size <%= @max_size_mb %>M;
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://_blossom;
proxy_http_version 1.1;
}
}
@@ -1,5 +1,5 @@
node.default["gitea"]["version"] = "1.25.4"
node.default["gitea"]["checksum"] = "a3031853e67c53714728ef705642c9046a11fb0ea356aff592e23efe6114607d"
node.default["gitea"]["version"] = "1.26.4"
node.default["gitea"]["checksum"] = "0faa36d151918f8f7d6e0f3ae67597d1c338583d695add146ac393109d0fc44a"
node.default["gitea"]["repo"] = nil
node.default["gitea"]["revision"] = nil
node.default["gitea"]["working_directory"] = "/var/lib/gitea"
@@ -23,5 +23,5 @@ node.default["gitea"]["config"] = {
}
}
node.default["gitea"]["act_runner"]["version"] = "0.2.13"
node.default["gitea"]["act_runner"]["checksum"] = "3acac8b506ac8cadc88a55155b5d6378f0fab0b8f62d1e0c0450f4ccd69733e2"
node.default["gitea"]["runner"]["version"] = "2.0.0"
node.default["gitea"]["runner"]["checksum"] = "447156b33407ee045409f5552bd4a188a315cdd4085b4b498d8d4a9ad26c9f73"
@@ -1,10 +1,10 @@
#
# Cookbook:: kosmos_gitea
# Recipe:: act_runner
# Recipe:: runner
#
version = node["gitea"]["act_runner"]["version"]
download_url = "https://dl.gitea.com/act_runner/#{version}/act_runner-#{version}-linux-amd64"
version = node["gitea"]["runner"]["version"]
download_url = "https://dl.gitea.com/gitea-runner/#{version}/gitea-runner-#{version}-linux-amd64"
working_directory = node["gitea"]["working_directory"]
gitea_credentials = data_bag_item("credentials", "gitea")
runners = gitea_credentials["runners"]
@@ -25,9 +25,9 @@ end
package apt_pkg
end
remote_file "/usr/local/bin/act_runner" do
remote_file "/usr/local/bin/gitea_runner" do
source download_url
checksum node["gitea"]["act_runner"]["checksum"]
checksum node["gitea"]["runner"]["checksum"]
mode "0750"
end
@@ -46,7 +46,7 @@ runners.each do |runner|
bash "register_#{runner["org"]}_runner" do
cwd runner_dir
code <<-EOF
act_runner register \
gitea_runner register \
--no-interactive \
--instance #{gitea_host} \
--name #{runner_name} \
@@ -59,7 +59,7 @@ act_runner register \
content({
Unit: {
Description: "Gitea Actions Runner for '#{runner["org"]}' org",
Documentation: ["https://gitea.com/gitea/act_runner"],
Documentation: ["https://gitea.com/gitea/runner"],
Requires: "gitea.service",
After: "syslog.target network.target"
},
@@ -67,7 +67,7 @@ act_runner register \
Type: "simple",
WorkingDirectory: runner_dir,
Environment: "HOME=/root",
ExecStart: "/usr/local/bin/act_runner daemon",
ExecStart: "/usr/local/bin/gitea_runner daemon",
ExecStartPre: "/bin/sleep 3", # Wait for Gitea's API to be up when restarting at the same time
Restart: "always",
},
@@ -75,10 +75,6 @@ DEFAULT_ALLOW_CREATE_ORGANIZATION = false
DEFAULT_ENABLE_TIMETRACKING = false
NO_REPLY_ADDRESS = noreply.kosmos.org
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = true
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false
@@ -18,6 +18,8 @@ server {
client_max_body_size 121M;
proxy_intercept_errors on;
location ~ ^/(avatars|repo-avatars)/.*$ {
proxy_buffers 1024 8k;
proxy_pass http://_gitea_web;
@@ -52,5 +54,18 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
error_page 404 = @slow_404;
}
# Slow down 404 responses to make scraping random URLs less attractive
location @slow_404 {
internal;
default_type text/plain;
content_by_lua_block {
ngx.sleep(10)
ngx.status = 404
ngx.say("Not Found")
ngx.exit(ngx.HTTP_NOT_FOUND)
}
}
}
@@ -1,9 +1,9 @@
release = "20260320"
img_filename = "ubuntu-22.04-server-cloudimg-amd64-disk-kvm"
release = "20260321"
img_filename = "ubuntu-24.04-server-cloudimg-amd64"
node.default["kosmos_kvm"]["host"]["qemu_base_image"] = {
"url" => "https://cloud-images.ubuntu.com/releases/jammy/release-#{release}/#{img_filename}.img",
"checksum" => "f7173eb7137b4f0ebeaea8fffe68ecdab1e3c787bde1fd8dfdf27103554332b3",
"url" => "https://cloud-images.ubuntu.com/releases/noble/release-#{release}/#{img_filename}.img",
"checksum" => "5c3ddb00f60bc455dac0862fabe9d8bacec46c33ac1751143c5c3683404b110d",
"path" => "/var/lib/libvirt/images/base/#{img_filename}-#{release}.qcow2"
}
@@ -70,7 +70,7 @@ virt-install \
--vcpus "$CPUS" \
--cpu host \
--arch x86_64 \
--osinfo detect=on,name=ubuntujammy \
--osinfo detect=on,name=ubuntu24.04 \
--hvm \
--virt-type kvm \
--disk "$IMAGE_PATH" \
@@ -0,0 +1,25 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
kitchen.local.yml
# Chef Infra
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json
.idea/
@@ -0,0 +1,7 @@
# kosmos_prometheus CHANGELOG
This file is used to list changes made in each version of the kosmos_prometheus cookbook.
## 0.1.0
Initial release.
+20
View File
@@ -0,0 +1,20 @@
Copyright (c) 2019 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,4 @@
# kosmos_prometheus
TODO: Enter the cookbook description here.
@@ -0,0 +1,19 @@
node.default["kosmos_prometheus"]["version"] = "3.13.0"
node.default["kosmos_prometheus"]["checksum"] = "744d93324cc024d82089921737bd797474d7f1e5dbbfd1c6b387bad258538cb9"
node.default["kosmos_prometheus"]["alertmanager"]["version"] = "0.33.0"
node.default["kosmos_prometheus"]["alertmanager"]["checksum"] = "8ce11c42e8a6dfbbf93a59c0b193cb1329210b36d0c7ef3df7b745608675a1d1"
node.default["kosmos_prometheus"]["node_exporter"]["version"] = "1.11.1"
node.default["kosmos_prometheus"]["node_exporter"]["checksum"] = "9f5ea48e5bc7b656f8a91a32e7d7deb89f70f73dabd0d974418aca15f37d6810"
node.default["kosmos_prometheus"]["global"] = {
"scrape_interval" => "30s",
"evaluation_interval" => "30s",
}
node.default["kosmos_prometheus"]["jobs"] = {
"prometheus" => { "targets" => ["localhost:9090"] },
}
node.default["kosmos_prometheus"]["rule_files"] = []
+115
View File
@@ -0,0 +1,115 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
.envrc
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
REVISION
TAGS*
tmtags
.vscode
.editorconfig
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
mkmf.log
# Testing #
###########
.circleci/*
.codeclimate.yml
.delivery/*
.foodcritic
.kitchen*
.mdlrc
.overcommit.yml
.rspec
.rubocop.yml
.travis.yml
.watchr
.yamllint
azure-pipelines.yml
Dangerfile
examples/*
features/*
Guardfile
kitchen.yml*
mlc_config.json
Procfile
Rakefile
spec/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitkeep
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Documentation #
#############
CODE_OF_CONDUCT*
CONTRIBUTING*
documentation/*
TESTING*
UPGRADING*
# Vagrant #
###########
.vagrant
Vagrantfile
@@ -0,0 +1,21 @@
name 'kosmos_prometheus'
maintainer 'Kosmos Developers'
maintainer_email 'mail@kosmos.org'
license 'MIT'
description 'Installs/Configures prometheus'
version '0.1.0'
chef_version '>= 16.0'
depends "firewall"
# The `issues_url` points to the location where issues for this cookbook are
# tracked. A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/kosmos_prometheus/issues'
# The `source_url` points to the development repository for this cookbook. A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/kosmos_prometheus'
@@ -0,0 +1,97 @@
#
# Cookbook:: kosmos_prometheus
# Recipe:: alertmanager
#
include_recipe "firewall"
version = node["kosmos_prometheus"]["alertmanager"]["version"]
checksum = node["kosmos_prometheus"]["alertmanager"]["checksum"]
tarball = "#{Chef::Config[:file_cache_path]}/alertmanager-#{version}.linux-amd64.tar.gz"
binary_url = "https://github.com/prometheus/alertmanager/releases/download/v#{version}/alertmanager-#{version}.linux-amd64.tar.gz"
group "alertmanager"
user "alertmanager" do
gid "alertmanager"
system true
shell "/bin/false"
home "/nonexistent"
end
directory "/var/lib/alertmanager" do
owner "alertmanager"
group "alertmanager"
mode "0755"
recursive true
end
directory "/etc/prometheus" do
owner "root"
group "root"
mode "0755"
recursive true
end
package %w(tar bzip2)
remote_file tarball do
source binary_url
checksum checksum
action :create
notifies :run, "execute[install_alertmanager]", :immediately
end
execute "install_alertmanager" do
command "tar -xzf #{tarball} -C /usr/local/bin --strip-components=1 alertmanager-#{version}.linux-amd64/alertmanager"
action :nothing
notifies :restart, "service[alertmanager]", :delayed
end
file "/usr/local/bin/alertmanager" do
owner "root"
group "root"
mode "0755"
notifies :restart, "service[alertmanager]", :delayed
end
template "/etc/prometheus/alertmanager.yml" do
source "alertmanager.yml.erb"
owner "root"
group "alertmanager"
mode "0644"
notifies :restart, "service[alertmanager]", :delayed
end
systemd_unit "alertmanager.service" do
content({
Unit: {
Description: "Prometheus Alertmanager",
After: "network.target",
},
Service: {
Type: "simple",
User: "alertmanager",
Group: "alertmanager",
ExecStart: "/usr/local/bin/alertmanager --config.file=/etc/prometheus/alertmanager.yml --storage.path=/var/lib/alertmanager --web.listen-address=:9093",
Restart: "on-failure",
RestartSec: "5",
},
Install: {
WantedBy: "multi-user.target",
},
})
triggers_reload true
action :create
end
service "alertmanager" do
action [:enable, :start]
end
firewall_rule "prometheus alertmanager" do
port 9093
source "10.1.1.0/24"
protocol :tcp
command :allow
end
@@ -0,0 +1,85 @@
#
# Cookbook:: kosmos_prometheus
# Recipe:: node_exporter
#
include_recipe "firewall"
version = node["kosmos_prometheus"]["node_exporter"]["version"]
checksum = node["kosmos_prometheus"]["node_exporter"]["checksum"]
tarball = "#{Chef::Config[:file_cache_path]}/node_exporter-#{version}.linux-amd64.tar.gz"
binary_url = "https://github.com/prometheus/node_exporter/releases/download/v#{version}/node_exporter-#{version}.linux-amd64.tar.gz"
group "node_exporter"
user "node_exporter" do
gid "node_exporter"
system true
shell "/bin/false"
home "/nonexistent"
end
directory "/var/lib/node_exporter/textfile" do
owner "node_exporter"
group "node_exporter"
mode "0755"
recursive true
end
package %w(tar bzip2)
remote_file tarball do
source binary_url
checksum checksum
action :create
notifies :run, "execute[install_node_exporter]", :immediately
end
execute "install_node_exporter" do
command "tar -xzf #{tarball} -C /usr/local/bin --strip-components=1 node_exporter-#{version}.linux-amd64/node_exporter"
action :nothing
notifies :restart, "service[node_exporter]", :delayed
end
file "/usr/local/bin/node_exporter" do
owner "root"
group "root"
mode "0755"
notifies :restart, "service[node_exporter]", :delayed
end
systemd_unit "node_exporter.service" do
content({
Unit: {
Description: "Prometheus node exporter",
Documentation: ["https://github.com/prometheus/node_exporter"],
},
Service: {
Type: "simple",
User: "node_exporter",
Group: "node_exporter",
ExecStart: "/usr/local/bin/node_exporter --web.listen-address=:9100 --collector.textfile.directory=/var/lib/node_exporter/textfile",
Restart: "on-failure",
RestartSec: "5",
NoNewPrivileges: "yes",
ProtectSystem: "full",
ProtectHome: "yes",
},
Install: {
WantedBy: "multi-user.target",
},
})
triggers_reload true
action :create
end
service "node_exporter" do
action [:enable, :start]
end
firewall_rule "node_exporter" do
port 9100
source "10.1.1.0/24"
protocol :tcp
command :allow
end
@@ -0,0 +1,125 @@
#
# Cookbook:: kosmos_prometheus
# Recipe:: server
#
include_recipe "firewall"
version = node["kosmos_prometheus"]["version"]
checksum = node["kosmos_prometheus"]["checksum"]
tarball = "#{Chef::Config[:file_cache_path]}/prometheus-#{version}.linux-amd64.tar.gz"
binary_url = "https://github.com/prometheus/prometheus/releases/download/v#{version}/prometheus-#{version}.linux-amd64.tar.gz"
group "prometheus"
user "prometheus" do
gid "prometheus"
system true
shell "/bin/false"
home "/nonexistent"
end
directory "/var/lib/prometheus" do
owner "prometheus"
group "prometheus"
mode "0755"
recursive true
end
directory "/etc/prometheus" do
owner "root"
group "root"
mode "0755"
recursive true
end
directory "/etc/prometheus/rules" do
owner "root"
group "root"
mode "0755"
recursive true
end
package %w(tar bzip2)
remote_file tarball do
source binary_url
checksum checksum
action :create
notifies :run, "execute[install_prometheus]", :immediately
end
execute "install_prometheus" do
command "tar -xzf #{tarball} -C /usr/local/bin --strip-components=1 prometheus-#{version}.linux-amd64/prometheus"
action :nothing
notifies :restart, "service[prometheus]", :delayed
end
file "/usr/local/bin/prometheus" do
owner "root"
group "root"
mode "0755"
notifies :restart, "service[prometheus]", :delayed
end
node_targets = search(:node, "role:base").map { |n| n["knife_zero"]["host"] }
.compact
.sort_by { |ip| ip.split(".").map(&:to_i) }
.map { |ip| "#{ip}:9100" }
garage_targets = search(:node, "role:garage_node").map { |n| n["knife_zero"]["host"] }
.compact
.sort_by { |ip| ip.split(".").map(&:to_i) }
.map { |ip| "#{ip}:3903" }
jobs = node["kosmos_prometheus"]["jobs"].merge(
"node" => { "targets" => node_targets },
"garage" => { "targets" => garage_targets }
)
template "/etc/prometheus/prometheus.yml" do
source "prometheus.yml.erb"
owner "root"
group "prometheus"
mode "0644"
variables(
global_config: node["kosmos_prometheus"]["global"],
jobs: jobs,
rule_files: node["kosmos_prometheus"]["rule_files"]
)
notifies :reload, "service[prometheus]", :delayed
end
systemd_unit "prometheus.service" do
content({
Unit: {
Description: "Prometheus",
After: "network.target",
},
Service: {
Type: "simple",
User: "prometheus",
Group: "prometheus",
ExecStart: "/usr/local/bin/prometheus --config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/var/lib/prometheus --storage.tsdb.retention.time=15d --web.listen-address=:9090 --web.enable-lifecycle",
ExecReload: "/bin/kill -HUP $MAINPID",
Restart: "on-failure",
RestartSec: "5",
},
Install: {
WantedBy: "multi-user.target",
},
})
triggers_reload true
action :create
end
service "prometheus" do
action [:enable, :start]
end
firewall_rule "prometheus web" do
port 9090
source "10.1.1.0/24"
protocol :tcp
command :allow
end
@@ -0,0 +1,12 @@
global:
resolve_timeout: 5m
route:
receiver: default
group_by: ['alertname']
group_wait: 30s
group_interval: 5m
repeat_interval: 3h
receivers:
- name: default
@@ -0,0 +1,31 @@
global:
<% @global_config.each do |k, v| %>
<%= k %>: "<%= v %>"
<% end %>
scrape_configs:
<% @jobs.each do |name, job| %>
- job_name: "<%= name %>"
<% if job['scrape_interval'] %>
scrape_interval: "<%= job['scrape_interval'] %>"
<% end %>
<% if job['scrape_timeout'] %>
scrape_timeout: "<%= job['scrape_timeout'] %>"
<% end %>
metrics_path: "<%= job.fetch('metrics_path', '/metrics') %>"
static_configs:
- targets: <%= Array(job['targets']) %>
<% if job['labels'] %>
labels:
<% job['labels'].each do |label, label_config| %>
<%= label %>: <%= label_config %>
<% end %>
<% end %>
<% end %>
<% if @rule_files && !@rule_files.empty? %>
rule_files:
<% @rule_files.each do |filename| %>
- <%= filename %>
<% end %>
<% end %>
+4 -1
View File
@@ -1,5 +1,8 @@
source 'https://supermarket.chef.io'
cookbook 'kosmos-nginx', path: '../../site-cookbooks/kosmos-nginx'
cookbook 'kosmos_openresty', path: '../../site-cookbooks/kosmos_openresty'
cookbook 'kosmos-base', path: '../../site-cookbooks/kosmos-base'
cookbook 'openresty', path: '../../site-cookbooks/openresty'
cookbook 'kosmos-postfix', path: '../../site-cookbooks/kosmos-postfix'
metadata
@@ -1,4 +1,4 @@
node.default['rskj']['version'] = '7.0.0~jammy'
node.default['rskj']['version'] = "9.0.1~#{node['lsb']['codename']}"
node.default['rskj']['network'] = 'testnet'
node.default['rskj']['nginx']['domain'] = nil
+2 -2
View File
@@ -34,9 +34,9 @@ verifier:
name: inspec
platforms:
- name: ubuntu-22.04
- name: ubuntu-24.04
driver:
image: dokken/ubuntu-22.04
image: dokken/ubuntu-24.04
privileged: true
pid_one_command: /usr/lib/systemd/systemd
intermediate_instructions:
+1 -1
View File
@@ -3,7 +3,7 @@ maintainer 'Kosmos Developers'
maintainer_email 'ops@kosmos.org'
license 'MIT'
description 'Installs/configures RSKj and related software'
version '0.4.0'
version '0.5.0'
chef_version '>= 18.2'
issues_url 'https://gitea.kosmos.org/kosmos/chef/issues'
source_url 'https://gitea.kosmos.org/kosmos/chef'
+11 -2
View File
@@ -20,10 +20,19 @@ apt_repository 'rskj' do
end
apt_package 'openjdk-17-jdk'
apt_package 'debconf-utils'
execute 'preseed-rskj-license' do
command 'echo "rskj shared/accepted-rsk-license-v1-1 boolean true" | debconf-set-selections'
not_if 'debconf-get-selections | grep -q "shared/accepted-rsk-license-v1-1.*true"'
end
execute 'preseed-rskj-config' do
command "echo \"rskj shared/config select #{node['rskj']['network']}\" | debconf-set-selections"
not_if "debconf-get-selections | grep -q \"shared/config.*#{node['rskj']['network']}\""
end
apt_package 'rskj' do
response_file 'rskj-preseed.cfg.erb'
response_file_variables network: node['rskj']['network']
options '--assume-yes'
version node['rskj']['version']
end
@@ -1,6 +1,6 @@
#_preseed_V1
# Do you agree to the terms of the applicable licenses?
rskj shared/accepted-rsk-license-v1-1 select true
rskj shared/accepted-rsk-license-v1-1 boolean true
# Choose a configuration environment to run your node.
# Choices: mainnet, testnet, regtest
rskj shared/config select <%= @network %>
@@ -9,7 +9,7 @@ end
describe package('rskj') do
it { should be_installed }
its('version') { should eq '7.0.0~jammy' }
its('version') { should eq '9.0.1~noble' }
end
describe service('rsk') do