kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 28 Pull Requests 4 Projects 2 Activity

Compare commits

base: kosmos:84ffb46ed5e115705b8f2a8f69269e7b1475b55b
Branches Tags
kosmos:master
kosmos:bugfix/499-unattended_upgrades
kosmos:feature/500-chef_upgrade_mediawiki
kosmos:notes/ejabberd_ldap_photo
kosmos:feature/akaunting
kosmos:chore/ejabberd_service_avatar
kosmos:feature/237-gitea_gpg
kosmos:jammy_jellyfish
...
compare: kosmos:27b466f30de6b61bc9d51e38c33c5c0ccf5161c1
Branches Tags
kosmos:master
kosmos:bugfix/499-unattended_upgrades
kosmos:feature/500-chef_upgrade_mediawiki
kosmos:notes/ejabberd_ldap_photo
kosmos:feature/akaunting
kosmos:chore/ejabberd_service_avatar
kosmos:feature/237-gitea_gpg
kosmos:jammy_jellyfish

11 Commits
84ffb46ed5 ... 27b466f30d

Author SHA1 Message Date
Greg Karékinian
27b466f30d Add new architecture to Gemfile.lock 2023-07-17 18:09:55 +02:00
Greg Karékinian
1a19fa012d Deploy openresty proxy on draco 
Also update Chef to 18.2.7
 2023-07-17 18:09:13 +02:00
Greg Karékinian
7b0313fbd4 Add access and error logs for the assets vhost 2023-07-17 18:08:32 +02:00
Greg Karékinian
1183f6a621 Add missing dependency on git to deploy the assets 2023-07-17 18:08:21 +02:00
Greg Karékinian
05daff9029 Install certbot when using the tls_cert_for resource 2023-07-17 18:07:50 +02:00
Greg Karékinian
307ccbd561 Set a production run list for the openresty_proxy role 
It only contains the assets for now
 2023-07-17 18:06:58 +02:00
Greg Karékinian
cc91aab155 Use the new way of setting attribute whitelists 2023-07-17 18:06:23 +02:00
Greg Karékinian
bf72367cf2 Add a firewall rule to the kosmos_openresty cookbook 
It is part of the run list in production
 2023-07-17 18:05:34 +02:00
Greg Karékinian
4e0bd191c3 Move the Hello World lua app to its own recipe 
Use it in the development environment
 2023-07-17 18:04:35 +02:00
Greg Karékinian
96f45b1f63 Set the required Chef version to 18 2023-07-17 18:03:02 +02:00
Greg Karékinian
030dbc3584 Update the openresty cookbook submodule 2023-07-17 18:00:38 +02:00
13 changed files with 82 additions and 27 deletions
Show Stats Expand all files Collapse all files

7
.chef/config.rb
View File

@ -26,8 +26,7 @@ knife[:automatic_attribute_whitelist] = %w[
chef_packages
]
knife[:default_attribute_whitelist] = []
knife[:normal_attribute_whitelist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
knife[:override_attribute_whitelist] = []
# Added to /etc/chef/client.rb on node bootstrap
# https://docs.chef.io/attribute_persistence/
knife[:normal_attribute_allowlist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']

1
Gemfile.lock
View File

@ -306,6 +306,7 @@ GEM
PLATFORMS
x86_64-darwin-18
x86_64-darwin-19
x86_64-linux
DEPENDENCIES

39
nodes/draco.kosmos.org.json
View File

@ -1,5 +1,6 @@
{
"name": "draco.kosmos.org",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.167"
@ -8,6 +9,9 @@
"backup": {
"schedule": "0/3:55"
}
},
"openresty": {
"listen_ip": "148.251.237.111"
}
},
"automatic": {
@ -17,7 +21,8 @@
"hostname": "draco",
"ipaddress": "148.251.237.73",
"roles": [
"openresty_proxy",
"openresty"
],
"recipes": [
"kosmos-base",
@ -30,7 +35,10 @@
"kosmos-ipfs::firewall_swarm",
"kosmos-bitcoin::firewall",
"kosmos_zerotier::firewall",
"kosmos-nginx::firewall",
"kosmos_openresty",
"kosmos_openresty::default",
"kosmos_openresty::firewall",
"kosmos_assets::nginx_site",
"sockethub::firewall",
"apt::default",
"timezone_iii::default",
@ -47,19 +55,30 @@
"postfix::sasl_auth",
"hostname::default",
"firewall::default",
"chef-sugar::default"
"openresty::apt_package",
"openresty::ohai_plugin",
"openresty::commons_user",
"openresty::commons_dir",
"openresty::commons_script",
"openresty::commons_conf",
"logrotate::default",
"openresty::luarocks",
"git::default",
"git::package",
"kosmos-base::letsencrypt"
],
"platform": "ubuntu",
"platform_version": "20.04",
"cloud": null,
"chef_packages": {
"ohai": {
"version": "15.12.0",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai"
},
"chef": {
"version": "15.17.4",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.17.4/lib"
"version": "18.2.7",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.2.7/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.1.4",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.4/lib/ohai"
}
}
},
@ -72,7 +91,7 @@
"recipe[kosmos-ipfs::firewall_swarm]",
"recipe[kosmos-bitcoin::firewall]",
"recipe[kosmos_zerotier::firewall]",
"recipe[kosmos-nginx::firewall]",
"role[openresty_proxy]",
"recipe[sockethub::firewall]"
]
}

8
roles/openresty.rb
View File

@ -1,11 +1,17 @@
name "openresty"
development_run_list = %w(
kosmos_openresty::default
kosmos_openresty::hello_world
)
default_run_list = %w(
kosmos_openresty::default
kosmos_openresty::firewall
)
env_run_lists(
'_default' => default_run_list,
'development' => default_run_list,
'development' => development_run_list,
'production' => default_run_list
)

10
roles/openresty_proxy.rb
View File

@ -14,9 +14,12 @@ override_attributes(
)
development_run_list = %w(
role[openresty]
kosmos_assets::nginx_site
)
default_run_list = %w(
role[openresty]
tor-full
kosmos_assets::nginx_site
kosmos_discourse::nginx
@ -39,8 +42,13 @@ default_run_list = %w(
remotestorage_discourse::nginx
)
production_run_list = %w(
role[openresty]
kosmos_assets::nginx_site
)
env_run_lists(
'_default' => default_run_list,
'development' => development_run_list,
'production' => default_run_list
'production' => production_run_list
)

8
site-cookbooks/kosmos-base/resources/tls_cert_for.rb
View File

@ -6,9 +6,13 @@ property :auth, [String, NilClass], default: nil
default_action :create
action :create do
include_recipe 'kosmos-base::letsencrypt'
def initialize(*args)
super
@run_context.include_recipe 'kosmos-base::letsencrypt'
end
action :create do
domains = Array(new_resource.domain)
case new_resource.auth

1
site-cookbooks/kosmos_assets/recipes/nginx_site.rb
View File

@ -3,6 +3,7 @@
# Recipe:: openresty_site
#
include_recipe "git"
include_recipe "kosmos_openresty"
domain = node["kosmos_assets"]["domain"]

3
site-cookbooks/kosmos_assets/templates/nginx_conf_assets.erb
View File

@ -8,7 +8,8 @@ server {
root /var/www/<%= @domain %>/site;
access_log off;
access_log <%= node['openresty']['log_dir'] %>/<%= @domain %>.access.log;
error_log <%= node['openresty']['log_dir'] %>/<%= @domain %>.error.log;
gzip_static on;
gzip_comp_level 5;

5
site-cookbooks/kosmos_openresty/metadata.rb
View File

@ -2,8 +2,9 @@ name 'kosmos_openresty'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'MIT'
description 'Installs/Configures kosmos_openresty'
description 'Installs/Configures openresty'
version '0.1.0'
chef_version '>= 16.0'
chef_version '>= 18.0'
depends 'kosmos-base'
depends 'openresty'

5
site-cookbooks/kosmos_openresty/recipes/default.rb
View File

@ -5,8 +5,3 @@
# Install openresty from official packages
include_recipe 'openresty::apt_package'
openresty_site 'hello_world' do
template 'hello_world.conf.erb'
action :enable
end

11
site-cookbooks/kosmos_openresty/recipes/firewall.rb Normal file
View File

@ -0,0 +1,11 @@
#
# Cookbook Name:: kosmos_openresty
# Recipe:: firewall
include_recipe "kosmos-base::firewall"
firewall_rule "http/https" do
port [80, 443]
protocol :tcp
command :allow
end

9
site-cookbooks/kosmos_openresty/recipes/hello_world.rb Normal file
View File

@ -0,0 +1,9 @@
#
# Cookbook:: kosmos_openresty
# Recipe:: hello_world
#
openresty_site 'hello_world' do
template 'hello_world.conf.erb'
action :enable
end

2
site-cookbooks/openresty

@ -1 +1 @@
Subproject commit f48675c7f6aa03498dcd966a21f38d8f8f25f9f4
Subproject commit 867046cbd1e120f7b2cb842114dcc725cdf0c2b2