9 Commits

Author SHA1 Message Date
greg 8a6b81485a Merge branch 'master' into feature/btcpay_server 2020-12-31 10:20:28 +00:00
greg c71d243c40 Merge pull request 'Add a firewall rule to allow PostgreSQL clients to connect' (#269) from bugfix/postgresql_client_firewall into master
Reviewed-on: #269
2020-12-22 22:15:06 +00:00
greg 7d0490f3da Merge branch 'master' into bugfix/postgresql_client_firewall 2020-12-22 17:16:49 +00:00
raucao bb4b919548 Merge pull request 'Always set the promote trigger file config' (#267) from bugfix/pg_promote_trigger_file into master
Reviewed-on: #267
2020-12-18 21:23:11 +00:00
Greg Karékinian 87388ac69d Add the postgresql_client role to the mastodon role
This will add the firewall rule and pg_hba access rule on the PostgreSQL
servers
2020-12-18 17:54:31 +01:00
Greg Karékinian c700f98976 Add a firewall rule to allow clients to connect
Previously it was not an issue because services that connected to the
PostgreSQL primary were also on the same server as a standby server.
2020-12-18 17:53:28 +01:00
Greg Karékinian f75aeaf9b5 Always set the promote trigger file config
Only setting it for standby servers isn't useful, as we need to be able
to touch this file to trigger the promotion of a new primary server
after running Chef on it.
2020-12-18 17:02:13 +01:00
galfert 4be542670b Merge pull request 'Add new Zoom meeting ID to hubot-kredits whitelist' (#266) from chore/zoom_meeting_id into master
Reviewed-on: #266
2020-12-17 16:40:24 +00:00
basti db51f1f332 Add new Zoom meeting ID to whitelist 2020-12-17 14:09:41 +01:00
5 changed files with 12 additions and 7 deletions
+2 -3
View File
@@ -24,9 +24,9 @@
"ipaddress": "46.4.18.160", "ipaddress": "46.4.18.160",
"roles": [ "roles": [
"base", "base",
"postgresql_primary",
"mastodon", "mastodon",
"ejabberd" "ejabberd",
"postgresql_client"
], ],
"recipes": [ "recipes": [
"kosmos-base", "kosmos-base",
@@ -130,7 +130,6 @@
"recipe[kosmos-base::andromeda_firewall]", "recipe[kosmos-base::andromeda_firewall]",
"recipe[kosmos-ipfs]", "recipe[kosmos-ipfs]",
"recipe[kosmos-ipfs::public_gateway]", "recipe[kosmos-ipfs::public_gateway]",
"role[postgresql_primary]",
"recipe[kosmos-btcpayserver::proxy]", "recipe[kosmos-btcpayserver::proxy]",
"role[mastodon]", "role[mastodon]",
"role[ejabberd]", "role[ejabberd]",
+1
View File
@@ -3,4 +3,5 @@ name "mastodon"
run_list %w( run_list %w(
kosmos-mastodon kosmos-mastodon
kosmos-mastodon::nginx kosmos-mastodon::nginx
role[postgresql_client]
) )
@@ -121,7 +121,7 @@ application app_path do
"KREDITS_GITHUB_KEY" => data_bag['kredits_github_key'], "KREDITS_GITHUB_KEY" => data_bag['kredits_github_key'],
"KREDITS_GITHUB_SECRET" => data_bag['kredits_github_secret'], "KREDITS_GITHUB_SECRET" => data_bag['kredits_github_secret'],
"KREDITS_ZOOM_JWT" => data_bag['kredits_zoom_jwt'], "KREDITS_ZOOM_JWT" => data_bag['kredits_zoom_jwt'],
"KREDITS_ZOOM_MEETING_WHITELIST" => "414901303" "KREDITS_ZOOM_MEETING_WHITELIST" => "414901303,82557072771"
} }
) )
notifies :run, "execute[systemctl daemon-reload]", :delayed notifies :run, "execute[systemctl daemon-reload]", :delayed
@@ -64,6 +64,13 @@ postgresql_clients.each do |client|
access_method "md5" access_method "md5"
notifies :reload, "service[#{postgresql_service}]", :immediately notifies :reload, "service[#{postgresql_service}]", :immediately
end end
firewall_rule "postgresql #{hostname}" do
port 5432
protocol :tcp
command :allow
source ip
end
end end
postgresql_replicas.each do |replica| postgresql_replicas.each do |replica|
@@ -67,9 +67,7 @@ action :create do
listen_addresses: "0.0.0.0" listen_addresses: "0.0.0.0"
} }
if new_resource.role == "replica"
additional_config[:promote_trigger_file] = "#{postgresql_data_dir}/failover.trigger" additional_config[:promote_trigger_file] = "#{postgresql_data_dir}/failover.trigger"
end
ssl_cert = postgresql_data_bag_item['ssl_cert'] ssl_cert = postgresql_data_bag_item['ssl_cert']
ssl_cert_path = "#{postgresql_data_dir}/server.crt" ssl_cert_path = "#{postgresql_data_dir}/server.crt"