kosmos/chef
8
3
Fork 0
Code Issues 32 Pull Requests Projects 2 Activity

Compare commits

base: kosmos:fddcd4899ecc8a0840e4e2a31adb9889a205c24b
Branches Tags
kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg
..
compare: kosmos:ac4fb0c9ca0ba13abd4a2f1d5d0310a9cc69e2c1
Branches Tags
kosmos:master kosmos:bugfix/substr_url_matching kosmos:notes/ejabberd_ldap_photo kosmos:feature/akaunting kosmos:chore/ejabberd_service_avatar kosmos:feature/237-gitea_gpg

8 Commits
fddcd4899e ... ac4fb0c9ca

Author SHA1 Message Date
Râu Cao
ac4fb0c9ca Fix Java/Homebrew cookbook resource failing with recent Chef 
Required by our Mastodon cookbook
 2026-04-11 15:23:30 +04:00
Râu Cao
d5e3d62522 Add new postgres cluster, remove old one 2026-04-11 15:22:34 +04:00
Râu Cao
061880536b Fix akkounts systemd unit stop command 
Typo (not using pumactl), but we don't need to specify it to do the
right thing anyway. systemd can just send sigterm on its own.
 2026-04-11 14:56:15 +04:00
Râu Cao
9de37cde96 Update doc 2026-04-11 14:55:32 +04:00
Râu Cao
64d5d34d85 Update postgres roles 
Reset to normal/final
 2026-04-11 14:55:02 +04:00
Râu Cao
db9177c9c6 Improve RAM usage allowance 
Queries can spawn more processed and then use more RAM than
`shared_buffers`
 2026-04-11 14:53:28 +04:00
Râu Cao
c92f9157a5 Fix method undefined in heredoc 2026-04-11 14:52:53 +04:00
Râu Cao
a89db454d0 Improve postgres management scripts 2026-04-11 14:51:51 +04:00
17 changed files with 74 additions and 177 deletions
Expand all files Collapse all files

1
Berksfile
View File

@@ -24,6 +24,7 @@ cookbook 'composer', '~> 2.7.0'
cookbook 'fail2ban', '~> 7.0.4' cookbook 'fail2ban', '~> 7.0.4'
cookbook 'git', '~> 10.0.0' cookbook 'git', '~> 10.0.0'
cookbook 'golang', '~> 5.3.1' cookbook 'golang', '~> 5.3.1'
cookbook 'homebrew', '>= 6.0.0'
cookbook 'hostname', '= 0.4.2' cookbook 'hostname', '= 0.4.2'
cookbook 'hostsfile', '~> 3.0.1' cookbook 'hostsfile', '~> 3.0.1'
cookbook 'java', '~> 4.3.0' cookbook 'java', '~> 4.3.0'

3
Berksfile.lock
View File

@@ -8,6 +8,7 @@ DEPENDENCIES
firewall (~> 6.2.16) firewall (~> 6.2.16)
git (~> 10.0.0) git (~> 10.0.0)
golang (~> 5.3.1) golang (~> 5.3.1)
homebrew (>= 6.0.0)
hostname (= 0.4.2) hostname (= 0.4.2)
hostsfile (~> 3.0.1) hostsfile (~> 3.0.1)
ipfs ipfs
@@ -62,7 +63,7 @@ GRAPH
git (10.0.0) git (10.0.0)
golang (5.3.1) golang (5.3.1)
ark (>= 6.0) ark (>= 6.0)
homebrew (5.4.1) homebrew (6.0.2)
hostname (0.4.2) hostname (0.4.2)
hostsfile (>= 0.0.0) hostsfile (>= 0.0.0)
hostsfile (3.0.1) hostsfile (3.0.1)

4
clients/postgres-11.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "postgres-11",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1foYpuubS2ovlg3uHO12\nQ/ROZ8MpG+LkCAM46uVfPaoWwfY0vdfMsBOanHDgm9DGUCEBJZ6LPrvCvGXbpPy6\n9GSswK75zVWODblNjvvV4ueGFq4bBFwRuZNjyMlqgyzeU+srZL0ivelu5XEuGuoD\nPYCBKWYqGMz85/eMC7/tinTJtKPyOtXe/G8meji+r7gh3j+ypj/EWeKfcRDa4aGe\n/DmMCurIjjPAXFLMAA6fIqPWVfcPw4APNPE60Z92yPGsTbPu7bL54M5f7udmmu7H\nOgk1HjMAmXCuLDzTkfaxqHP+57yELg/YpXR1E93VmBeQuIBsyOFEk6AmUmA1Ib6e\nnQIDAQAB\n-----END PUBLIC KEY-----\n"
}

4
clients/postgres-12.json Normal file
View File

@@ -0,0 +1,4 @@
{
"name": "postgres-12",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mYGrYB8keUKmXA8dhWc\ncCLzp50xR0ajSw+bWYydyRqD5wuEVKjiJu4+G9QmTVXkVgJ+AYI0Y9/WZYpDqVH6\nvLUo6BSNQaWx20q93qIdOGLy8YG3Qyznezk4l8T9u9vWZDyDpKw6gCxzikMkrXxb\n0cqOYtyud8+PtSEEMogSjOKhRURVHlVrlVH3SQO7Whke9rkiFcbXzubsK9yjkUtF\nxZafSoGorOlDsPvFTfYnkepVB+GHcgiribRYSrO+73GypC2kqMhCpWrb6a0VWsP/\nh53+q3JL3vBvdvjcv51Wpf4n6JdnXnQGn2/MdXEzw+NXgjU4/IdYtbORSbaI8F5t\nowIDAQAB\n-----END PUBLIC KEY-----\n"
}

2
doc/postgres/migration.md
View File

@@ -246,7 +246,7 @@ sudo -u postgres pg_fix_sequences [db_name]
```bash ```bash
export NEW_PG_PRIMARY=[private_ip] export NEW_PG_PRIMARY=[private_ip]
bundle exec knife ssh roles:ejabberd -a knife_zero.host "sudo sed -r \"s/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\s(pg.kosmos.local)/$NEW_PG_PRIMARY\t\1/\" -i /etc/hosts" knife ssh roles:ejabberd -a knife_zero.host "sudo sed -r \"s/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\s(pg.kosmos.local)/$NEW_PG_PRIMARY\t\1/\" -i /etc/hosts"
``` ```
Or override node attribute(s) if necessary and/or approporiate. Or override node attribute(s) if necessary and/or approporiate.

27
nodes/postgres-6.json → nodes/postgres-11.json
View File

@@ -1,16 +1,17 @@
{ {
"name": "postgres-6", "name": "postgres-11",
"chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.196" "host": "10.1.1.91"
} }
}, },
"automatic": { "automatic": {
"fqdn": "postgres-6", "fqdn": "postgres-11",
"os": "linux", "os": "linux",
"os_version": "5.4.0-173-generic", "os_version": "5.15.0-1095-kvm",
"hostname": "postgres-6", "hostname": "postgres-11",
"ipaddress": "192.168.122.60", "ipaddress": "192.168.122.142",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
@@ -21,18 +22,20 @@
"kosmos-base::default", "kosmos-base::default",
"kosmos_kvm::guest", "kosmos_kvm::guest",
"kosmos_postgresql::primary", "kosmos_postgresql::primary",
"kosmos_postgresql::firewall",
"kosmos-akkounts::pg_db", "kosmos-akkounts::pg_db",
"kosmos-bitcoin::lndhub-go_pg_db", "kosmos-bitcoin::lndhub-go_pg_db",
"kosmos-bitcoin::nbxplorer_pg_db", "kosmos-bitcoin::nbxplorer_pg_db",
"kosmos_drone::pg_db", "kosmos_drone::pg_db",
"kosmos_gitea::pg_db", "kosmos_gitea::pg_db",
"kosmos-mastodon::pg_db", "kosmos-mastodon::pg_db",
"kosmos_postgresql::firewall",
"kosmos_postgresql::management_scripts",
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",
"ntp::default", "ntp::default",
"ntp::apparmor", "ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails", "kosmos-base::systemd_emails",
"apt::unattended-upgrades", "apt::unattended-upgrades",
"kosmos-base::firewall", "kosmos-base::firewall",
@@ -44,17 +47,17 @@
"hostname::default" "hostname::default"
], ],
"platform": "ubuntu", "platform": "ubuntu",
"platform_version": "20.04", "platform_version": "22.04",
"cloud": null, "cloud": null,
"chef_packages": { "chef_packages": {
"chef": { "chef": {
"version": "18.4.2", "version": "18.10.17",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.4.2/lib", "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
"chef_effortless": null "chef_effortless": null
}, },
"ohai": { "ohai": {
"version": "18.1.11", "version": "18.2.13",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai" "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
} }
} }
}, },

13
nodes/postgres-10.json → nodes/postgres-12.json
View File

@@ -1,17 +1,17 @@
{ {
"name": "postgres-10", "name": "postgres-12",
"chef_environment": "production", "chef_environment": "production",
"normal": { "normal": {
"knife_zero": { "knife_zero": {
"host": "10.1.1.176" "host": "10.1.1.134"
} }
}, },
"automatic": { "automatic": {
"fqdn": "postgres-10", "fqdn": "postgres-12",
"os": "linux", "os": "linux",
"os_version": "5.15.0-1095-kvm", "os_version": "5.15.0-1096-kvm",
"hostname": "postgres-10", "hostname": "postgres-12",
"ipaddress": "192.168.122.41", "ipaddress": "192.168.122.139",
"roles": [ "roles": [
"base", "base",
"kvm_guest", "kvm_guest",
@@ -24,6 +24,7 @@
"kosmos_postgresql::hostsfile", "kosmos_postgresql::hostsfile",
"kosmos_postgresql::replica", "kosmos_postgresql::replica",
"kosmos_postgresql::firewall", "kosmos_postgresql::firewall",
"kosmos_postgresql::management_scripts",
"apt::default", "apt::default",
"timezone_iii::default", "timezone_iii::default",
"timezone_iii::debian", "timezone_iii::debian",

62
nodes/postgres-8.json
View File

@@ -1,62 +0,0 @@
{
"name": "postgres-8",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.99"
}
},
"automatic": {
"fqdn": "postgres-8",
"os": "linux",
"os_version": "5.15.0-1059-kvm",
"hostname": "postgres-8",
"ipaddress": "192.168.122.100",
"roles": [
"base",
"kvm_guest",
"postgresql_replica"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_postgresql::hostsfile",
"kosmos_postgresql::replica",
"kosmos_postgresql::firewall",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default"
],
"platform": "ubuntu",
"platform_version": "22.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.5.0",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.5.0/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.1.11",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.1.11/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[postgresql_replica]"
]
}

63
nodes/postgres-9.json
View File

@@ -1,63 +0,0 @@
{
"name": "postgres-9",
"chef_environment": "production",
"normal": {
"knife_zero": {
"host": "10.1.1.3"
}
},
"automatic": {
"fqdn": "postgres-9",
"os": "linux",
"os_version": "5.15.0-1059-kvm",
"hostname": "postgres-9",
"ipaddress": "192.168.122.64",
"roles": [
"base",
"kvm_guest",
"postgresql_replica"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_postgresql::hostsfile",
"kosmos_postgresql::replica",
"kosmos_postgresql::firewall",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::journald_conf",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default"
],
"platform": "ubuntu",
"platform_version": "22.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "18.8.54",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.8.54/lib",
"chef_effortless": null
},
"ohai": {
"version": "18.2.8",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.8/lib/ohai"
}
}
},
"run_list": [
"role[base]",
"role[kvm_guest]",
"role[postgresql_replica]"
]
}

21
roles/postgresql_primary.rb
View File

@@ -1,12 +1,13 @@
name "postgresql_primary" name "postgresql_primary"
run_list %w( run_list [
kosmos_postgresql::primary "kosmos_postgresql::primary",
kosmos_postgresql::firewall "kosmos-akkounts::pg_db",
kosmos-akkounts::pg_db "kosmos-bitcoin::lndhub-go_pg_db",
kosmos-bitcoin::lndhub-go_pg_db "kosmos-bitcoin::nbxplorer_pg_db",
kosmos-bitcoin::nbxplorer_pg_db "kosmos_drone::pg_db",
kosmos_drone::pg_db "kosmos_gitea::pg_db",
kosmos_gitea::pg_db "kosmos-mastodon::pg_db",
kosmos-mastodon::pg_db "kosmos_postgresql::firewall",
) "kosmos_postgresql::management_scripts"
]

11
roles/postgresql_replica.rb
View File

@@ -1,7 +1,8 @@
name "postgresql_replica" name "postgresql_replica"
run_list %w( run_list [
kosmos_postgresql::hostsfile "kosmos_postgresql::hostsfile",
kosmos_postgresql::replica "kosmos_postgresql::replica",
kosmos_postgresql::firewall "kosmos_postgresql::firewall",
) "kosmos_postgresql::management_scripts"
]

1
site-cookbooks/kosmos-akkounts/recipes/default.rb
View File

@@ -230,7 +230,6 @@ systemd_unit "akkounts.service" do
WorkingDirectory: deploy_path, WorkingDirectory: deploy_path,
Environment: "RAILS_ENV=#{rails_env} SOLID_QUEUE_IN_PUMA=true", Environment: "RAILS_ENV=#{rails_env} SOLID_QUEUE_IN_PUMA=true",
ExecStart: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid", ExecStart: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid",
ExecStop: "#{bundle_path} exec puma -C config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid stop",
ExecReload: "#{bundle_path} exec pumactl -F config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid phased-restart", ExecReload: "#{bundle_path} exec pumactl -F config/puma.rb --pidfile #{deploy_path}/tmp/puma.pid phased-restart",
PIDFile: "#{deploy_path}/tmp/puma.pid", PIDFile: "#{deploy_path}/tmp/puma.pid",
TimeoutSec: "10", TimeoutSec: "10",

2
site-cookbooks/kosmos_postgresql/files/dump_all_databases.sh
View File

@@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
cd /tmp && \ cd /tmp && \
(pg_dumpall --globals-only > globals.sql) && \ (pg_dumpall --globals-only > globals.sql) && \
psql -Atqc "SELECT datname FROM pg_database WHERE datallowconn AND datname NOT IN (''template0'',''postgres'')" | \ psql -Atqc "SELECT datname FROM pg_database WHERE datallowconn AND datname NOT IN (''template1'',''postgres'')" | \
xargs -I{} -P4 sh -c " xargs -I{} -P4 sh -c "
pg_dump -Fd -j 4 -d \"{}\" -f dump_{} && pg_dump -Fd -j 4 -d \"{}\" -f dump_{} &&
tar -cf - dump_{} | zstd -19 -T0 > dump_{}.tar.zst && tar -cf - dump_{} | zstd -19 -T0 > dump_{}.tar.zst &&

17
site-cookbooks/kosmos_postgresql/files/list_subscriptions.sh
View File

@@ -1,5 +1,16 @@
#!/bin/bash #!/bin/bash
for db in $(psql -Atqc "SELECT datname FROM pg_database WHERE datallowconn AND datname NOT IN ('template1','postgres')"); do set -euo pipefail
echo "==== DB: $db ===="
psql -d "$db" -c "SELECT * FROM pg_stat_subscription;" psql -Atqc "
SELECT datname
FROM pg_database
WHERE datallowconn
AND datname NOT IN ('template1','postgres')
" | while read -r db; do
result=$(psql -X -At -d "$db" -c "SELECT * FROM pg_stat_subscription;" 2>/dev/null || true)
if [[ -n "$result" ]]; then
echo "==== DB: $db ===="
echo "$result"
fi
done done

8
site-cookbooks/kosmos_postgresql/libraries/helpers.rb
View File

@@ -39,13 +39,5 @@ class Chef
def postgresql_version def postgresql_version
node['kosmos_postgresql']['postgresql_version'] node['kosmos_postgresql']['postgresql_version']
end end
def postgresql_service
"postgresql@#{postgresql_version}-main"
end
def postgresql_data_dir
"/var/lib/postgresql/#{postgresql_version}/main"
end
end end
end end

7
site-cookbooks/kosmos_postgresql/recipes/replica.rb
View File

@@ -16,16 +16,19 @@ if primary.nil?
return return
end end
postgresql_service_name = "postgresql@#{postgresql_version}-main"
postgresql_data_dir = "/var/lib/postgresql/#{postgresql_version}/main"
# TODO Replace pg.kosmos.local with private IP once available # TODO Replace pg.kosmos.local with private IP once available
# via proper node attribute # via proper node attribute
# https://gitea.kosmos.org/kosmos/chef/issues/263 # https://gitea.kosmos.org/kosmos/chef/issues/263
execute "set up replication" do execute "set up replication" do
command <<-EOF command <<-EOF
systemctl stop #{postgresql_service} systemctl stop #{postgresql_service_name}
mv #{postgresql_data_dir} #{postgresql_data_dir}.old mv #{postgresql_data_dir} #{postgresql_data_dir}.old
pg_basebackup -h pg.kosmos.local -U replication -D #{postgresql_data_dir} -R pg_basebackup -h pg.kosmos.local -U replication -D #{postgresql_data_dir} -R
chown -R postgres:postgres #{postgresql_data_dir} chown -R postgres:postgres #{postgresql_data_dir}
systemctl start #{postgresql_service} systemctl start #{postgresql_service_name}
EOF EOF
environment 'PGPASSWORD' => postgresql_data_bag_item['replication_password'] environment 'PGPASSWORD' => postgresql_data_bag_item['replication_password']
sensitive true sensitive true

5
site-cookbooks/kosmos_postgresql/resources/server.rb
View File

@@ -44,13 +44,14 @@ action :create do
shared_buffers = if node['memory']['total'].to_i / 1024 < 1024 # < 1GB RAM shared_buffers = if node['memory']['total'].to_i / 1024 < 1024 # < 1GB RAM
"128MB" "128MB"
else # >= 1GB RAM, use 50% of total RAM else # >= 1GB RAM, use 25% of total RAM
"#{node['memory']['total'].to_i / 1024 / 2}MB" "#{node['memory']['total'].to_i / 1024 / 4}MB"
end end
additional_config = { additional_config = {
max_connections: 200, # default max_connections: 200, # default
shared_buffers: shared_buffers, shared_buffers: shared_buffers,
work_mem: "4MB",
unix_socket_directories: "/var/run/postgresql", unix_socket_directories: "/var/run/postgresql",
dynamic_shared_memory_type: "posix", dynamic_shared_memory_type: "posix",
timezone: "UTC", # default is GMT timezone: "UTC", # default is GMT