diff --git a/clients/ejabberd-1.json b/clients/ejabberd-1.json deleted file mode 100644 index 1d6a89b..0000000 --- a/clients/ejabberd-1.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "name": "ejabberd-1", - "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoVmQAEmmAWjjzi5X8Ia\n9sl2aH8Lh0AsckM0aE3hvw9lGfbNCPpYWrr0uh7R6/+13Z0OghrT3yDAZ+XfH39Y\nuGomazTzSMMOEofjepo+nXSgq4meFfX5vobYG7rpBdz1EsIT1bElHduItA2zsw9J\nFpXtGd4BjumMq1VykSTA+QaEE8byes/+groQTtXPqXf5gJMxyGlh4SU0MzmkGHaW\n8c9BPCQrV0CMiuGOGJ5mZ28HajbvSg3+bpgwThh3M5uQaQ6on1N2pvJuBypUySS6\nyc4TauocUcUsULYXq9wM8/rqDYsUah0PR0WSiOi90m5thGeBchFAmhdCvrS34FlR\nVQIDAQAB\n-----END PUBLIC KEY-----\n" -} \ No newline at end of file diff --git a/clients/ejabberd-2.json b/clients/ejabberd-2.json deleted file mode 100644 index 1d3e5f3..0000000 --- a/clients/ejabberd-2.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "name": "ejabberd-2", - "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudueTsPYnRXRu/rmMGZe\nI7LdyrWKdY9FJaRhkXR5J9Yb8QnIcDS7ZXDJsVhyQW8pZ2DuaIs5dmGYvRtmx0ol\nqHTEel01Q3/xI1blJoq4uRm639PB5M9dSJ0w+s6P5zj7rbFKpvMBYxBSK6z+gXIc\n/L1ayJ6JOssX5/tEvcvx/d4GIxof/Q+puACAXawx7W88Wl7yYWdBQ78uTPHzuMyB\n8BRYz24tki/O1fa9JijW32d3EELD0EccI3iJ+/CR4BFEEM2QdDczY/Q6Ny7h7inH\n/TdU246nvtJIx7bAZHmDIDva8YPtL27RIOQ3JqBBe7prQP5Q9MBGPyCXWAglj99a\n6QIDAQAB\n-----END PUBLIC KEY-----\n" -} \ No newline at end of file diff --git a/clients/ejabberd-3.json b/clients/ejabberd-3.json new file mode 100644 index 0000000..061b8d6 --- /dev/null +++ b/clients/ejabberd-3.json @@ -0,0 +1,4 @@ +{ + "name": "ejabberd-3", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14PSaCOKMDIIBbSZcmRw\nvVx95IYJ7kZGUwo8xsVJyf4o1+oKKGfvsjVBacP4DxMJ/+g58Sc/j9risD2d5Ke9\nJ93BIaspPB3bQf+w84AVDJIqvRAhbmcYEqCq1vnddXiSw5ZWplTX4dAVV8P2c++i\nb0Ork2cj1x1r/FdAgHnhuSh4HMtWyo6Zo7Uh63kX9Ag4CTAV+OPF5ZSxyQTVdL2E\n/5gomouxgxME6bnE6PmS1Abls10UARe7btT5eykW/weEIe/mJ4MLEGyqWe5bmZt2\nF4aaYdCsCNA3f6hehcCegeMkPxuG/2oSyk2TKT2c3UuAELA15rGM353Dr1hxbZoe\nRQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/clients/ejabberd-4.json b/clients/ejabberd-4.json new file mode 100644 index 0000000..14b1eaa --- /dev/null +++ b/clients/ejabberd-4.json @@ -0,0 +1,4 @@ +{ + "name": "ejabberd-4", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6FuI13W2sft83OIWe59/\nYTfpTfKcYTCq5zAQEu87OYHHQeBAYo0W/g/qICh3qw0ie2QMPyggAezoeR5VQdLt\nkJq1X9AHqyX59YThzj7dLCCEKq+mAdriuKzNGu8eml4DRM3m+xw7jFzcwwrD8ECZ\nY+Kn7bcOtozx0mXpEm+cO2cOKmRQn0VJwAQSe6eW301iGmpR9et4hDqMjhiUiwaU\nWAqpsmP/JQMLAX2gLzwilD63VCQlcQCDq/D1m/N6bWb1L47zNAzwOCSYV92bGNDe\nRe+4gCVVLpfGWKbkjQFDraCmME7+O50WpbfowylF8gOzgl3AvnpC/LOSzT8VtMPr\nZQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/ejabberd-1.json b/nodes/ejabberd-3.json similarity index 58% rename from nodes/ejabberd-1.json rename to nodes/ejabberd-3.json index ade9b42..bb9b387 100644 --- a/nodes/ejabberd-1.json +++ b/nodes/ejabberd-3.json @@ -1,31 +1,22 @@ { - "name": "ejabberd-1", + "name": "ejabberd-3", "normal": { "knife_zero": { - "host": "10.1.1.166" - }, - "kosmos-ejabberd": { - "erlang_node": "ejabberd@draco.kosmos.org" + "host": "10.1.1.212" } }, "automatic": { - "fqdn": "ejabberd-1", + "fqdn": "ejabberd-3", "os": "linux", - "os_version": "5.4.0-54-generic", - "hostname": "ejabberd-1", - "ipaddress": "192.168.122.62", + "os_version": "5.4.0-1026-kvm", + "hostname": "ejabberd-3", + "ipaddress": "192.168.122.93", "roles": [ - "ejabberd", - "postgresql_client" + ], "recipes": [ "kosmos-base", "kosmos-base::default", - "kosmos-postgresql::hostsfile", - "kosmos-ejabberd", - "kosmos-ejabberd::default", - "kosmos-ejabberd::letsencrypt", - "kosmos-ejabberd::backup", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -39,24 +30,19 @@ "postfix::_common", "postfix::_attributes", "postfix::sasl_auth", - "hostname::default", - "kosmos-ejabberd::firewall", - "tor-full::default", - "kosmos-base::letsencrypt", - "backup::default", - "logrotate::default" + "hostname::default" ], "platform": "ubuntu", "platform_version": "20.04", "cloud": null, "chef_packages": { - "chef": { - "version": "15.14.0", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib" - }, "ohai": { "version": "15.12.0", "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" + }, + "chef": { + "version": "15.15.1", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.15.1/lib" } } }, diff --git a/nodes/ejabberd-2.json b/nodes/ejabberd-4.json similarity index 58% rename from nodes/ejabberd-2.json rename to nodes/ejabberd-4.json index cbb250b..bf8362e 100644 --- a/nodes/ejabberd-2.json +++ b/nodes/ejabberd-4.json @@ -1,31 +1,22 @@ { - "name": "ejabberd-2", + "name": "ejabberd-4", "normal": { "knife_zero": { - "host": "10.1.1.44" - }, - "kosmos-ejabberd": { - "erlang_node": "ejabberd@centaurus.kosmos.org" + "host": "10.1.1.113" } }, "automatic": { - "fqdn": "ejabberd-2", + "fqdn": "ejabberd-4", "os": "linux", - "os_version": "5.4.0-54-generic", - "hostname": "ejabberd-2", - "ipaddress": "192.168.122.5", + "os_version": "5.4.0-1026-kvm", + "hostname": "ejabberd-4", + "ipaddress": "192.168.122.39", "roles": [ - "ejabberd", - "postgresql_client" + ], "recipes": [ "kosmos-base", "kosmos-base::default", - "kosmos-postgresql::hostsfile", - "kosmos-ejabberd", - "kosmos-ejabberd::default", - "kosmos-ejabberd::letsencrypt", - "kosmos-ejabberd::backup", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -39,24 +30,19 @@ "postfix::_common", "postfix::_attributes", "postfix::sasl_auth", - "hostname::default", - "kosmos-ejabberd::firewall", - "tor-full::default", - "kosmos-base::letsencrypt", - "backup::default", - "logrotate::default" + "hostname::default" ], "platform": "ubuntu", "platform_version": "20.04", "cloud": null, "chef_packages": { - "chef": { - "version": "15.14.0", - "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.14.0/lib" - }, "ohai": { "version": "15.12.0", "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/ohai-15.12.0/lib/ohai" + }, + "chef": { + "version": "15.15.1", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.6.0/gems/chef-15.15.1/lib" } } }, diff --git a/site-cookbooks/kosmos-ejabberd/metadata.rb b/site-cookbooks/kosmos-ejabberd/metadata.rb index 0131259..a47ac07 100644 --- a/site-cookbooks/kosmos-ejabberd/metadata.rb +++ b/site-cookbooks/kosmos-ejabberd/metadata.rb @@ -26,3 +26,4 @@ depends "kosmos_postgresql" depends "backup" depends "firewall" depends "tor-full" +depends "hostsfile" diff --git a/site-cookbooks/kosmos-ejabberd/recipes/default.rb b/site-cookbooks/kosmos-ejabberd/recipes/default.rb index 20181b6..525e1c6 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/default.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/default.rb @@ -2,27 +2,6 @@ # Cookbook:: kosmos-ejabberd # Recipe:: default # -# The MIT License (MIT) -# -# Copyright:: 2019, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. ejabberd_credentials = data_bag_item("credentials", "ejabberd") @@ -50,15 +29,25 @@ file "/opt/ejabberd/.erlang.cookie" do content ejabberd_credentials['erlang_cookie'] end +ejabberd_nodes = search(:node, "role:ejabberd") + +ejabberd_nodes.each do |n| + ip_address = n["knife_zero"]["host"] + IPAddr.new ip_address + hostsfile_entry ip_address do + hostname n["hostname"] + action :create + end +rescue IPAddr::InvalidAddressError + next +end + +ejabberd_hostnames = ejabberd_nodes.map { |n| n["hostname"] } file "/opt/ejabberd/.hosts.erlang" do mode "0644" owner "ejabberd" group "ejabberd" - content <<-EOF -"andromeda.kosmos.org". -"centaurus.kosmos.org". -"draco.kosmos.org". - EOF + content ejabberd_hostnames.join(".\n") end ruby_block "configure ERLANG_NODE" do @@ -66,7 +55,7 @@ ruby_block "configure ERLANG_NODE" do file = Chef::Util::FileEdit.new("/opt/ejabberd/conf/ejabberdctl.cfg") file.search_file_replace_line( %r{#ERLANG_NODE=ejabberd@localhost}, - "ERLAND_NODE=#{node['kosmos-ejabberd']['erlang_node']}" + "ERLANG_NODE=ejabberd@#{node['name']}" ) file.write_file end @@ -178,7 +167,8 @@ template "/opt/ejabberd/conf/ejabberd.yml" do end execute "ejabberdctl reload_config" do - command "/opt/ejabberd-#{ejabberd_version}/bin/ejabberdctl reload_config" + # command "/opt/ejabberd-#{ejabberd_version}/bin/ejabberdctl reload_config" + command "" action :nothing end @@ -191,7 +181,7 @@ file "/lib/systemd/system/ejabberd.service" do content lazy { IO.read("/opt/ejabberd-#{ejabberd_version}/bin/ejabberd.service") } action :nothing notifies :run, "execute[systemctl daemon-reload]", :immediately - notifies :restart, "service[ejabberd]", :delayed + # notifies :restart, "service[ejabberd]", :delayed end execute "systemctl daemon-reload" do @@ -210,7 +200,8 @@ end end service "ejabberd" do - action [:enable, :start] + action [:enable] + # action [:enable, :start] end unless node.chef_environment == "development" diff --git a/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb b/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb index 5d2ac3a..968da9b 100644 --- a/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb +++ b/site-cookbooks/kosmos-ejabberd/recipes/firewall.rb @@ -2,28 +2,6 @@ # Cookbook:: kosmos-ejabberd # Recipe:: firewall # -# The MIT License (MIT) -# -# Copyright:: 2020, Kosmos Developers -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -# THE SOFTWARE. - include_recipe "kosmos-base::firewall" firewall_rule "ejabberd" do @@ -34,12 +12,14 @@ end firewall_rule 'ejabberd_cluster' do port [4369] + source "10.1.1.0/24" protocol :tcp command :allow end firewall_rule 'erlang_cluster' do port [4200..4210] + source "10.1.1.0/24" protocol :tcp command :allow end