Task server names, postgres replication, storing grafana.

2025-09-18 21:50:56 +00:00 · 2024-01-28 17:58:18 -05:00 · 2024-01-28 17:58:18 -05:00 · a6e3bfdb09
commit a6e3bfdb09
parent 3b3e8969a5
7 changed files with 4274 additions and 3211 deletions
--- a/ansible/playbooks/restart_server.yml
+++ b/ansible/playbooks/restart_server.yml
@ -0,0 +1,6 @@
+---
+- hosts: all
+  become: yes
+  tasks:
+    - name: Restart the server
+      ansible.builtin.reboot:
--- a/ansible/playbooks/setup_task.yml
+++ b/ansible/playbooks/setup_task.yml
@ -8,7 +8,7 @@
    - motd_role: task
  roles:
    - {role: 'base', tags: 'base'}
-    - {role: 'ufw', tags: 'ufw'}
+    # - {role: 'ufw', tags: 'ufw'}
    - {role: 'docker', tags: 'docker'}
    - {role: 'repo', tags: ['repo', 'pull']}
    - {role: 'dnsmasq', tags: 'dnsmasq'}
--- a/ansible/roles/base/templates/zshrc.txt.j2
+++ b/ansible/roles/base/templates/zshrc.txt.j2
@ -43,7 +43,7 @@ alias cd..='cd ..'

 alias smtp='python -m smtpd -n -c DebuggingServer 127.0.0.1:1025'
 alias tlnb='echo "----------------\n"; tail -f /srv/newsblur/logs/newsblur.log'
-alias sp='sudo docker exec -it {% if 'task' in inventory_hostname %}{{  inventory_hostname|regex_replace('\d+', '') }}{% else %}newsblur_web{% endif %} python manage.py shell_plus'
+alias sp='sudo docker exec -it {% if 'task' in inventory_hostname %}{{  inventory_hostname|regex_replace('\-?\d+', '')|regex_replace('htask', 'task')|regex_replace('happ', 'app') }}{% else %}newsblur_web{% endif %} python manage.py shell_plus'
 alias dps='sudo docker ps -a'
 alias cdnb='cd /srv/newsblur'
 alias sshdo=/srv/newsblur/utils/ssh.sh
--- a/ansible/roles/celery_task/templates/consul_service.json
+++ b/ansible/roles/celery_task/templates/consul_service.json
@ -1,6 +1,6 @@
 {
    "service": {
-        "name": "{{ inventory_hostname|regex_replace('\d+', '') }}",
+        "name": "{{ inventory_hostname|regex_replace('\-?\d+', '')|regex_replace('htask', 'task') }}",
        "id": "{{ inventory_hostname }}",
        "tags": [
            "celery_task"
--- a/ansible/roles/consul-client/templates/consul_client.json.j2
+++ b/ansible/roles/consul-client/templates/consul_client.json.j2
@ -9,7 +9,7 @@
  "log_file": "/var/log/consul/consul.log",
  "enable_syslog": true,
  "retry_join": [{{ consul_manager_ip.stdout|trim }}],
-  {% if inventory_hostname.startswith("h") %}
+  {% if inventory_hostname.startswith("hdb") %}
  "advertise_addr": "{% raw %}{{ GetAllInterfaces | include \"name\" \"^enp\" | include \"flags\" \"forwardable|up\" | attr \"address\" }}{% endraw %}",
  {% else %}
  "advertise_addr": "{% raw %}{{ GetAllInterfaces | include \"name\" \"^eth\" | include \"flags\" \"forwardable|up\" | attr \"address\" }}{% endraw %}",
--- a/ansible/roles/postgres/tasks/main.yml
+++ b/ansible/roles/postgres/tasks/main.yml
@ -6,13 +6,23 @@
  notify: reload postgres
  register: updated_config

+- name: Ensure postgres user and group exist
+  become: yes
+  user:
+    name: postgres
+    uid: 999
+    group: postgres
+    gid: 999
+    system: yes
+    create_home: yes
+
 - name: Create Postgres docker volumes with correct permissions
  file:
    path: "{{ item  }}"
    state: directory
    recurse: yes
-    owner: "{{ ansible_effective_user_id|int }}"
-    group: "{{ ansible_effective_group_id|int }}"
+    owner: postgres
+    group: postgres
  with_items:
    - /srv/newsblur/docker/volumes/postgres/archive
    - /srv/newsblur/docker/volumes/postgres/backups
@ -22,24 +32,24 @@
  file:
    path: /srv/newsblur/docker/volumes/postgres/data/standby.signal
    state: file
-    owner: "{{ ansible_effective_user_id|int }}"
-    group: "{{ ansible_effective_group_id|int }}"
+    owner: postgres
+    group: postgres
  when: (inventory_hostname | regex_replace('\-?[0-9]+', '')) in ['db-postgres-secondary', 'hdb-postgres']

 - name: Copy SSH private key
  copy:
    src: /srv/secrets-newsblur/keys/postgres.key
    dest: /home/nb/.ssh/id_rsa
-    owner: "{{ ansible_effective_user_id|int }}"
-    group: "{{ ansible_effective_group_id|int }}"
+    owner: postgres
+    group: postgres
    mode: "0600"

 - name: Copy SSH public key
  copy:
    src: /srv/secrets-newsblur/keys/postgres.key.pub
    dest: /home/nb/.ssh/id_rsa.pub
-    owner: "{{ ansible_effective_user_id|int }}"
-    group: "{{ ansible_effective_group_id|int }}"
+    owner: postgres
+    group: postgres
    mode: "0600"

 - name: Add SSH public key to authorized keys
@ -75,6 +85,8 @@
      - name: newsblurnet
        aliases:
          - postgres
+    user: postgres
+    group: postgres
    ports:
      - 5432:5432
    volumes:
@ -156,8 +168,8 @@
    path: /var/log/postgres_backup.log
    state: touch
    mode: 0777
-    owner: "{{ ansible_effective_user_id|int }}"
-    group: "{{ ansible_effective_group_id|int }}"
+    owner: postgres
+    group: postgres

 - name: Add postgres backup
  cron:
--- a/docker/grafana/dashboards/newsblur_dashboard.json
+++ b/docker/grafana/dashboards/newsblur_dashboard.json