kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Compare commits

base: kosmos:61accc05c2eae65be1bc75873b08291915ab9644
Branches Tags
kosmos:master kosmos:feature/237-gitea_ssh_signing kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish
...
compare: kosmos:8a6b81485acdd4c6d4f69040f2cb93725b7c1fa6
Branches Tags
kosmos:feature/237-gitea_ssh_signing kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg kosmos:jammy_jellyfish

9 Commits
61accc05c2 ... 8a6b81485a

Author SHA1 Message Date
greg
8a6b81485a Merge branch 'master' into feature/btcpay_server 2020-12-31 10:20:28 +00:00
greg
c71d243c40 Merge pull request 'Add a firewall rule to allow PostgreSQL clients to connect' (#269) from bugfix/postgresql_client_firewall into master 
Reviewed-on: #269
 2020-12-22 22:15:06 +00:00
greg
7d0490f3da Merge branch 'master' into bugfix/postgresql_client_firewall 2020-12-22 17:16:49 +00:00
raucao
bb4b919548 Merge pull request 'Always set the promote trigger file config' (#267) from bugfix/pg_promote_trigger_file into master 
Reviewed-on: #267
 2020-12-18 21:23:11 +00:00
Greg Karékinian
87388ac69d Add the postgresql_client role to the mastodon role 
This will add the firewall rule and pg_hba access rule on the PostgreSQL
servers
 2020-12-18 17:54:31 +01:00
Greg Karékinian
c700f98976 Add a firewall rule to allow clients to connect 
Previously it was not an issue because services that connected to the
PostgreSQL primary were also on the same server as a standby server.
 2020-12-18 17:53:28 +01:00
Greg Karékinian
f75aeaf9b5 Always set the promote trigger file config 
Only setting it for standby servers isn't useful, as we need to be able
to touch this file to trigger the promotion of a new primary server
after running Chef on it.
 2020-12-18 17:02:13 +01:00
galfert
4be542670b Merge pull request 'Add new Zoom meeting ID to hubot-kredits whitelist' (#266) from chore/zoom_meeting_id into master 
Reviewed-on: #266
 2020-12-17 16:40:24 +00:00
Sebastian Kippe
db51f1f332 Add new Zoom meeting ID to whitelist 2020-12-17 14:09:41 +01:00
5 changed files with 12 additions and 7 deletions
Expand all files Collapse all files

5
nodes/andromeda.kosmos.org.json
View File

@@ -24,9 +24,9 @@
"ipaddress": "46.4.18.160",
"roles": [
"base",
"postgresql_primary",
"mastodon",
"ejabberd"
"ejabberd",
"postgresql_client"
],
"recipes": [
"kosmos-base",
@@ -130,7 +130,6 @@
"recipe[kosmos-base::andromeda_firewall]",
"recipe[kosmos-ipfs]",
"recipe[kosmos-ipfs::public_gateway]",
"role[postgresql_primary]",
"recipe[kosmos-btcpayserver::proxy]",
"role[mastodon]",
"role[ejabberd]",

1
roles/mastodon.rb
View File

@@ -3,4 +3,5 @@ name "mastodon"
run_list %w(
kosmos-mastodon
kosmos-mastodon::nginx
role[postgresql_client]
)

2
site-cookbooks/kosmos-hubot/recipes/hal8000_xmpp.rb
View File

@@ -121,7 +121,7 @@ application app_path do
"KREDITS_GITHUB_KEY" => data_bag['kredits_github_key'],
"KREDITS_GITHUB_SECRET" => data_bag['kredits_github_secret'],
"KREDITS_ZOOM_JWT" => data_bag['kredits_zoom_jwt'],
"KREDITS_ZOOM_MEETING_WHITELIST" => "414901303"
"KREDITS_ZOOM_MEETING_WHITELIST" => "414901303,82557072771"
}
)
notifies :run, "execute[systemctl daemon-reload]", :delayed

7
site-cookbooks/kosmos-postgresql/recipes/default.rb
View File

@@ -64,6 +64,13 @@ postgresql_clients.each do |client|
access_method "md5"
notifies :reload, "service[#{postgresql_service}]", :immediately
end
firewall_rule "postgresql #{hostname}" do
port 5432
protocol :tcp
command :allow
source ip
end
end
postgresql_replicas.each do |replica|

4
site-cookbooks/kosmos-postgresql/resources/server.rb
View File

@@ -67,9 +67,7 @@ action :create do
listen_addresses: "0.0.0.0"
}
if new_resource.role == "replica"
additional_config[:promote_trigger_file] = "#{postgresql_data_dir}/failover.trigger"
end
additional_config[:promote_trigger_file] = "#{postgresql_data_dir}/failover.trigger"
ssl_cert = postgresql_data_bag_item['ssl_cert']
ssl_cert_path = "#{postgresql_data_dir}/server.crt"