kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 28 Pull Requests 3 Projects 2 Activity
742 Commits 7 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Greg Karékinian 55b1cbc1d7 Encrypt the Postgresql data dir on the replica (centaurus) 
encfs always runs a configuration assistant when creating a new
volume, so this needs to be done manually:

   systemctl stop postgresql@12-main
   mv /var/lib/postgresql /var/lib/postgresql.old
   encfs /var/lib/postgresql_encrypted /var/lib/postgresql --public
Pick p (paranoia mode) and enter the password from the data bag twice

   mv /var/lib/postgresql/* /var/lib/postgresql/
   systemctl start postgresql@12-main

This is running on centaurus and is mounted automatically on boot by a
system unit

Refs #129
2020-05-15 18:41:31 +02:00
.chef
Move the generate options to config.rb at the root of the repo
2019-12-27 11:33:05 +01:00
clients
Add the Chef client public keys for andromeda and barnard
2020-05-14 15:34:10 +02:00
cookbooks
Update the postgresql upstream cookbook
2020-05-11 18:26:35 +02:00
data_bags
Use a self-signed TLS certificate for PostgreSQL
2020-05-13 19:10:14 +02:00
doc
Improve LDAP example command
2020-04-19 13:01:39 +02:00
environments
Enable LDAP support on mediawiki
2020-01-24 13:45:17 +01:00
nodes
Update node configs
2020-05-14 15:29:25 +02:00
roles
Add postgresql roles
2020-05-13 15:35:15 +02:00
site-cookbooks
Encrypt the Postgresql data dir on the replica (centaurus)
2020-05-15 18:41:31 +02:00
.gitignore
Set up an instance of Mastodon for Kosmos
2017-04-06 21:20:51 +02:00
Berksfile
Update the postgresql upstream cookbook
2020-05-11 18:26:35 +02:00
Berksfile.lock
Update the postgresql upstream cookbook
2020-05-11 18:26:35 +02:00
Gemfile
Update Chef to 15.3.14
2019-10-08 18:17:34 +02:00
Gemfile.lock
Update Chef to 15.3.14
2019-10-08 18:17:34 +02:00
README.md
Add the command to update Chef Client
2019-10-10 12:43:47 +02:00
Vagrantfile
Add commented recipes to the run list
2019-10-08 18:22:51 +02:00

README.md

Install dependencies

bundle install

Run Chef Solo

knife zero converge name:dev.kosmos.org

Update Chef Client on a server:

knife zero converge name:dev.kosmos.org --client-version 15.3.14

Bootstrap a new server

knife zero bootstrap root@dev.kosmos.org --run-list "recipe[kosmos-base],..." -j '{"example_cookbook":{"memory_max":"256M"}}' --secret-file .chef/encrypted_data_bag_secret

Managing cookbooks

Cookbooks are managed via Berkshelf. Run berks --help for command help.

Install cookbooks listed in Berksfile:

berks install

Vendor installed cookbooks to the cookbooks/ dir:

berks vendor cookbooks/ --delete
Description
Infrastructure configs and automation for Kosmos servers
chefdevopslinuxopsrubyubuntu
Readme 15 MiB
Languages
Ruby 60.5%
HTML 35.5%
C 2%
PowerShell 1%
Shell 0.9%