kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 26 Pull Requests 2 Projects 2 Activity

Deploy a Discourse instance for remoteStorage #430

Merged
raucao merged 3 commits from feature/discourse_wrappers into master 2022-10-11 16:08:52 +00:00
Conversation 0 Commits 3 Files Changed 34 +604 -86
34 changed files with 604 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
clients/rs-discourse-1.json Normal file
View File

@ -0,0 +1,4 @@
{
"name": "rs-discourse-1",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJquhCuRRN/O3rh2QShw\nYxGkEIoBImpVv8uF+VmdPLGQ3fYCO20OSr3y+yk1zGN1aQTEgD7LeCd+U2vBUPAh\nwr2uNkZotIsemkWZIMAPLb9d/2uv/GxBqku0L8JRAxGleHVO5eKsi6w1XdwO00dw\nwgEJa+mju86Vz6hzRzW+KzkdpkcfowH2+BVUV+zuzaR9/mPUiuQXZwSnR+Li4S6j\nR4x/AkRsN/43gzgiBwZz1UdAy6r6ZbUBPm4lZT/QKbURJ+x15swbFHKvR34GvdbT\n2mI15VFvLxr+h4bH5CCswcV4eThzISHGbiN3LZQVpneoWP8BjerFVqx0NfbKDu9t\nsQIDAQAB\n-----END PUBLIC KEY-----\n"
}

2
nodes/discourse-2.json
View File

@ -54,6 +54,6 @@
}, },
"run_list": [ "run_list": [
"recipe[kosmos-base]", "recipe[kosmos-base]",
"role[discourse]" "role[kosmos_discourse]"
] ]
} }

2
nodes/fornax.kosmos.org.json
View File

@ -27,6 +27,7 @@
"kosmos_website::default", "kosmos_website::default",
"kosmos-ejabberd::nginx", "kosmos-ejabberd::nginx",
"kosmos-akkounts::nginx_api", "kosmos-akkounts::nginx_api",
"remotestorage_discourse::nginx",
"kosmos_zerotier::controller", "kosmos_zerotier::controller",
"kosmos_zerotier::firewall", "kosmos_zerotier::firewall",
"kosmos_zerotier::zncui", "kosmos_zerotier::zncui",
@ -54,6 +55,7 @@
"nginx::commons_script", "nginx::commons_script",
"nginx::commons_conf", "nginx::commons_conf",
"kosmos-nginx::firewall", "kosmos-nginx::firewall",
"discourse::nginx",
"git::default", "git::default",
"git::package", "git::package",
"kosmos-base::letsencrypt" "kosmos-base::letsencrypt"

59
nodes/rs-discourse-1.json Normal file
View File

@ -0,0 +1,59 @@
{
"name": "rs-discourse-1",
"normal": {
"knife_zero": {
"host": "10.1.1.187"
}
},
"automatic": {
"fqdn": "rs-discourse-1",
"os": "linux",
"os_version": "5.4.0-1073-kvm",
"hostname": "rs-discourse-1",
"ipaddress": "192.168.122.30",
"roles": [
"remotestorage_discourse"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"remotestorage_discourse",
"remotestorage_discourse::default",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",
"ntp::default",
"ntp::apparmor",
"kosmos-base::systemd_emails",
"apt::unattended-upgrades",
"kosmos-base::firewall",
"kosmos-postfix::default",
"postfix::default",
"postfix::_common",
"postfix::_attributes",
"postfix::sasl_auth",
"hostname::default",
"discourse::default",
"firewall::default",
"chef-sugar::default"
],
"platform": "ubuntu",
"platform_version": "20.04",
"cloud": null,
"chef_packages": {
"chef": {
"version": "17.10.3",
"chef_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/chef-17.10.3/lib",
"chef_effortless": null
},
"ohai": {
"version": "17.9.0",
"ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.0.0/gems/ohai-17.9.0/lib/ohai"
}
}
},
"run_list": [
"recipe[kosmos-base]",
"role[remotestorage_discourse]"
]
}

5
roles/discourse.rb
View File

@ -1,5 +0,0 @@
name "discourse"
run_list %w(
kosmos_discourse::default
)

6
roles/kosmos_discourse.rb Normal file
View File

@ -0,0 +1,6 @@
name "kosmos_discourse"
run_list %w(
kosmos-dirsrv::hostsfile
kosmos_discourse::default
)

1
roles/nginx_proxy.rb
View File

@ -8,6 +8,7 @@ default_run_list = %w(
kosmos_website::default kosmos_website::default
kosmos-ejabberd::nginx kosmos-ejabberd::nginx
kosmos-akkounts::nginx_api kosmos-akkounts::nginx_api
remotestorage_discourse::nginx
) )
env_run_lists( env_run_lists(

5
roles/remotestorage_discourse.rb Normal file
View File

@ -0,0 +1,5 @@
name "remotestorage_discourse"
run_list %w(
remotestorage_discourse::default
)

22
site-cookbooks/discourse/.gitignore vendored Normal file
View File

@ -0,0 +1,22 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
kitchen.local.yml
# Chef
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json

5
site-cookbooks/discourse/CHANGELOG.md Normal file
View File

@ -0,0 +1,5 @@
# discourse CHANGELOG
# 0.1.0
Initial release.

21
site-cookbooks/discourse/LICENSE Normal file
View File

@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2020 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

4
site-cookbooks/discourse/README.md Normal file
View File

@ -0,0 +1,4 @@
# kosmos_discourse
TODO: Enter the cookbook description here.

5
site-cookbooks/discourse/attributes/default.rb Normal file
View File

@ -0,0 +1,5 @@
# Set it in the wrapper cookbook
# node['discourse']['domain'] = "community.example.com"
# Override it in the wrapper cookbook
node.default['discourse']['role'] = "discourse"
node.default['discourse']['port'] = 3001

110
site-cookbooks/discourse/chefignore Normal file
View File

@ -0,0 +1,110 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
mkmf.log
REVISION
TAGS*
tmtags
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
# Testing #
###########
.circleci/*
.codeclimate.yml
.foodcritic
.kitchen*
.rspec
.rubocop.yml
.travis.yml
.watchr
azure-pipelines.yml
examples/*
features/*
Guardfile
kitchen.yml*
Procfile
Rakefile
spec/*
spec/*
spec/fixtures/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Cookbooks #
#############
CHANGELOG*
CONTRIBUTING*
TESTING*
CODE_OF_CONDUCT*
# Vagrant #
###########
.vagrant
Vagrantfile

11
site-cookbooks/discourse/metadata.rb Normal file
View File

@ -0,0 +1,11 @@
name 'discourse'
maintainer 'Kosmos Developers'
maintainer_email 'mail@kosmos.org'
license 'MIT'
description 'Installs/Configures discourse'
long_description 'Installs/Configures discourse'
version '0.1.0'
chef_version '>= 14.0'
depends 'kosmos-nginx'
depends 'firewall'

43
site-cookbooks/discourse/recipes/default.rb Normal file
View File

@ -0,0 +1,43 @@
#
# Cookbook:: kosmos_discourse
# Recipe:: default
#
package "docker-compose"
deploy_path = "/opt/discourse"
repo = "https://github.com/discourse/discourse_docker"
git deploy_path do
repository repo
revision "main"
end
systemd_unit "discourse.service" do
content({Unit: {
Description: "discourse service with docker compose",
Requires: "docker.service",
After: "docker.service",
},
Service: {
Type: "oneshot",
RemainAfterExit: "true",
WorkingDirectory: deploy_path,
Environment: "SUPERVISED=true",
ExecStart: "#{deploy_path}/launcher start app",
ExecStop: "#{deploy_path}/launcher stop app",
},
Install: {
WantedBy: "multi-user.target"
}})
action [:create, :enable]
end
include_recipe 'firewall'
firewall_rule 'discourse' do
port [node['discourse']['port']]
source "10.1.1.0/24"
protocol :tcp
command :allow
end

39
site-cookbooks/discourse/recipes/nginx.rb Normal file
View File

@ -0,0 +1,39 @@
#
# Cookbook:: discourse
# Recipe:: nginx
#
include_recipe "kosmos-nginx"
domain = node['discourse']['domain']
discourse_role = node['discourse']['role']
upstream_ip_addresses = []
search(:node, "role:#{discourse_role}").each do |n|
upstream_ip_addresses << n["knife_zero"]["host"]
end
# No Discourse host, stop here
if upstream_ip_addresses.empty?
Chef::Log.warn("No server with '#{discourse_role}' role. Stopping here.")
return
end
nginx_certbot_site domain
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source "nginx_conf.erb"
owner 'www-data'
mode 0640
variables server_name: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
upstream_port: node['discourse']['port'],
upstream_name: discourse_role,
upstream_ip_addresses: upstream_ip_addresses
notifies :reload, 'service[nginx]', :delayed
end
nginx_site domain do
action :enable
end

36
site-cookbooks/discourse/templates/nginx_conf.erb Normal file
View File

@ -0,0 +1,36 @@
# Generated by Chef
upstream _<%= @upstream_name %> {
<% @upstream_ip_addresses.each do |upstream_ip_address| -%>
server <%= upstream_ip_address %>:<%= @upstream_port %>;
<% end -%>
}
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server {
server_name <%= @server_name %>;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
add_header Strict-Transport-Security "max-age=31536000";
# Send real IP to the Docker container
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
client_max_body_size 20M;
location / {
# Increase number of buffers. Default is 8
proxy_buffers 1024 8k;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://_<%= @upstream_name %>;
proxy_http_version 1.1;
}
}
<% end -%>

2
site-cookbooks/kosmos_discourse/CHANGELOG.md
View File

@ -1,7 +1,5 @@
# kosmos_discourse CHANGELOG # kosmos_discourse CHANGELOG
This file is used to list changes made in each version of the kosmos_discourse cookbook.
# 0.1.0 # 0.1.0
Initial release. Initial release.

3
site-cookbooks/kosmos_discourse/README.md
View File

@ -1,4 +1,3 @@
# kosmos_discourse # kosmos_discourse
TODO: Enter the cookbook description here. Wrapper cookbook based on discourse

2
site-cookbooks/kosmos_discourse/attributes/default.rb Normal file
View File

@ -0,0 +1,2 @@
node.override['discourse']['domain'] = "community.kosmos.org"
node.override['discourse']['role'] = "kosmos_discourse"

10
site-cookbooks/kosmos_discourse/metadata.rb
View File

@ -1,12 +1,10 @@
name 'kosmos_discourse' name 'kosmos_discourse'
maintainer 'Kosmos Developers' maintainer 'Kosmos Developers'
maintainer_email 'you@example.com' maintainer_email 'mail@kosmos.org'
license 'MIT' license 'MIT'
description 'Installs/Configures kosmos_discourse' description 'Installs/Configures discourse'
long_description 'Installs/Configures kosmos_discourse' long_description 'Installs/Configures discourse'
version '0.1.0' version '0.1.0'
chef_version '>= 14.0' chef_version '>= 14.0'
depends 'kosmos-nginx' depends 'discourse'
depends 'firewall'
depends 'kosmos-dirsrv'

41
site-cookbooks/kosmos_discourse/recipes/default.rb
View File

@ -3,43 +3,4 @@
# Recipe:: default # Recipe:: default
# #
include_recipe "kosmos-dirsrv::hostsfile" include_recipe 'discourse'
package "docker-compose"
deploy_path = "/opt/discourse"
repo = "https://github.com/discourse/discourse_docker"
git deploy_path do
repository repo
revision "main"
end
systemd_unit "discourse.service" do
content({Unit: {
Description: "discourse service with docker compose",
Requires: "docker.service",
After: "docker.service",
},
Service: {
Type: "oneshot",
RemainAfterExit: "true",
WorkingDirectory: deploy_path,
Environment: "SUPERVISED=true",
ExecStart: "#{deploy_path}/launcher start app",
ExecStop: "#{deploy_path}/launcher stop app",
},
Install: {
WantedBy: "multi-user.target"
}})
action [:create, :enable]
end
include_recipe 'firewall'
firewall_rule 'discourse' do
port [3001]
source "10.1.1.0/24"
protocol :tcp
command :allow
end

30
site-cookbooks/kosmos_discourse/recipes/nginx.rb
View File

@ -3,32 +3,4 @@
# Recipe:: nginx # Recipe:: nginx
# #
include_recipe "kosmos-nginx" include_recipe "discourse::nginx"
domain = "community.kosmos.org"
upstream_ip_addresses = []
search(:node, "role:discourse").each do |n|
upstream_ip_addresses << n["knife_zero"]["host"]
end
# No Discourse host, stop here
return if upstream_ip_addresses.empty?
nginx_certbot_site domain
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
source "nginx_conf.erb"
owner 'www-data'
mode 0640
variables server_name: domain,
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
upstream_port: 3001,
upstream_ip_addresses: upstream_ip_addresses
notifies :reload, 'service[nginx]', :delayed
end
nginx_site domain do
action :enable
end

22
site-cookbooks/remotestorage_discourse/.gitignore vendored Normal file
View File

@ -0,0 +1,22 @@
.vagrant
*~
*#
.#*
\#*#
.*.sw[a-z]
*.un~
# Bundler
Gemfile.lock
gems.locked
bin/*
.bundle/*
# test kitchen
.kitchen/
kitchen.local.yml
# Chef
Berksfile.lock
.zero-knife.rb
Policyfile.lock.json

5
site-cookbooks/remotestorage_discourse/CHANGELOG.md Normal file
View File

@ -0,0 +1,5 @@
# remotestorage_discourse CHANGELOG
# 0.1.0
Initial release.

21
site-cookbooks/remotestorage_discourse/LICENSE Normal file
View File

@ -0,0 +1,21 @@
The MIT License (MIT)
Copyright (c) 2020 Kosmos Developers
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

3
site-cookbooks/remotestorage_discourse/README.md Normal file
View File

@ -0,0 +1,3 @@
# remotestorage_discourse
Wrapper cookbook based on discourse

2
site-cookbooks/remotestorage_discourse/attributes/default.rb Normal file
View File

@ -0,0 +1,2 @@
node.override['discourse']['domain'] = "community.remotestorage.io"
node.override['discourse']['role'] = "remotestorage_discourse"

110
site-cookbooks/remotestorage_discourse/chefignore Normal file
View File

@ -0,0 +1,110 @@
# Put files/directories that should be ignored in this file when uploading
# to a Chef Infra Server or Supermarket.
# Lines that start with '# ' are comments.
# OS generated files #
######################
.DS_Store
ehthumbs.db
Icon?
nohup.out
Thumbs.db
# SASS #
########
.sass-cache
# EDITORS #
###########
.#*
.project
.settings
*_flymake
*_flymake.*
*.bak
*.sw[a-z]
*.tmproj
*~
\#*
mkmf.log
REVISION
TAGS*
tmtags
## COMPILED ##
##############
*.class
*.com
*.dll
*.exe
*.o
*.pyc
*.so
*/rdoc/
a.out
# Testing #
###########
.circleci/*
.codeclimate.yml
.foodcritic
.kitchen*
.rspec
.rubocop.yml
.travis.yml
.watchr
azure-pipelines.yml
examples/*
features/*
Guardfile
kitchen.yml*
Procfile
Rakefile
spec/*
spec/*
spec/fixtures/*
test/*
# SCM #
#######
.git
.gitattributes
.gitconfig
.github/*
.gitignore
.gitmodules
.svn
*/.bzr/*
*/.git
*/.hg/*
*/.svn/*
# Berkshelf #
#############
Berksfile
Berksfile.lock
cookbooks/*
tmp
# Bundler #
###########
vendor/*
Gemfile
Gemfile.lock
# Policyfile #
##############
Policyfile.rb
Policyfile.lock.json
# Cookbooks #
#############
CHANGELOG*
CONTRIBUTING*
TESTING*
CODE_OF_CONDUCT*
# Vagrant #
###########
.vagrant
Vagrantfile

10
site-cookbooks/remotestorage_discourse/metadata.rb Normal file
View File

@ -0,0 +1,10 @@
name 'remotestorage_discourse'
maintainer 'Kosmos Developers'
maintainer_email 'mail@kosmos.org'
license 'MIT'
description 'Installs/Configures discourse'
long_description 'Installs/Configures discourse'
version '0.1.0'
chef_version '>= 14.0'
depends 'discourse'

6
site-cookbooks/remotestorage_discourse/recipes/default.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: remotestorage_discourse
# Recipe:: default
#
include_recipe 'discourse'

6
site-cookbooks/remotestorage_discourse/recipes/nginx.rb Normal file
View File

@ -0,0 +1,6 @@
#
# Cookbook:: remotestorage_discourse
# Recipe:: nginx
#
include_recipe "discourse::nginx"

35
site-cookbooks/remotestorage_discourse/templates/nginx_conf.erb Normal file
View File

@ -0,0 +1,35 @@
# Generated by Chef
upstream _discourse {
<% @upstream_ip_addresses.each do |upstream_ip_address| -%>
server <%= upstream_ip_address %>:<%= @upstream_port %>;
<% end -%>
}
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server {
server_name <%= @server_name %>;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
add_header Strict-Transport-Security "max-age=31536000";
# Send real IP to the Docker container
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
client_max_body_size 20M;
location / {
# Increase number of buffers. Default is 8
proxy_buffers 1024 8k;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://_discourse;
proxy_http_version 1.1;
}
}
<% end -%>