aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoransible_admin <capsul@cyberia.club>2020-10-05 03:19:53 +0000
committeransible_admin <capsul@cyberia.club>2020-10-05 03:19:53 +0000
commit009f935a03ae6df6622a4fb369f4ae67002f0826 (patch)
tree13db002bb52103fb8ec4d3d94aaadb69bcb89ca2
parent7e37f83100a1f90e7a740a8a4255563b4beb4e84 (diff)
downloadops-handbook-009f935a03ae6df6622a4fb369f4ae67002f0826.tar.gz
ops-handbook-009f935a03ae6df6622a4fb369f4ae67002f0826.tar.bz2
Everything worked, rename role
-rw-r--r--ansible/group_vars/dbservers3
-rw-r--r--ansible/roles/redis-tls-tunnel/tasks/main.yml (renamed from ansible/roles/unix-socket-tls-tunnel/tasks/main.yml)4
-rw-r--r--ansible/roles/redis/tasks/main.yml2
-rw-r--r--ansible/roles/uacme/templates/cyberia-certs-post.j210
-rw-r--r--ansible/site.yml2
5 files changed, 12 insertions, 9 deletions
diff --git a/ansible/group_vars/dbservers b/ansible/group_vars/dbservers
index 63cfa7b..06aaff8 100644
--- a/ansible/group_vars/dbservers
+++ b/ansible/group_vars/dbservers
@@ -1,5 +1,4 @@
---
-
tls_certs:
- postgres.cyberia.club
- redis.cyberia.club
@@ -8,7 +7,7 @@ psql_allow_from:
# baikal (capsul)
- 69.61.2.163
-unix_socket_tls_tunnel_allow_from:
+redis_tls_tunnel_allow_from:
# witch house
- 198.74.4.4
# rosewater (forge runner service)
diff --git a/ansible/roles/unix-socket-tls-tunnel/tasks/main.yml b/ansible/roles/redis-tls-tunnel/tasks/main.yml
index 7601d58..4c96c60 100644
--- a/ansible/roles/unix-socket-tls-tunnel/tasks/main.yml
+++ b/ansible/roles/redis-tls-tunnel/tasks/main.yml
@@ -6,6 +6,6 @@
chain: INPUT
protocol: tcp
source: "{{ item }}"
- destination_port: '16397'
+ destination_port: '16379'
jump: ACCEPT
- with_items: "{{ unix_socket_tls_tunnel_allow_from | default([]) }}"
+ with_items: "{{ redis_tls_tunnel_allow_from | default([]) }}"
diff --git a/ansible/roles/redis/tasks/main.yml b/ansible/roles/redis/tasks/main.yml
index 9a3cd32..ff406c8 100644
--- a/ansible/roles/redis/tasks/main.yml
+++ b/ansible/roles/redis/tasks/main.yml
@@ -4,7 +4,7 @@
name: redis
state: present
-# Redis listens on a unix socket in /var/run/redis/redis.sock by default
+# Redis listens on a unix socket in /run/redis/redis.sock by default
- name: Start redis
service:
name: redis
diff --git a/ansible/roles/uacme/templates/cyberia-certs-post.j2 b/ansible/roles/uacme/templates/cyberia-certs-post.j2
index f6d1f31..8685ab4 100644
--- a/ansible/roles/uacme/templates/cyberia-certs-post.j2
+++ b/ansible/roles/uacme/templates/cyberia-certs-post.j2
@@ -14,8 +14,12 @@ reload_postgres() {
chmod 0400 $pgkey
}
-reload_unix_socket_tls_tunnel() {
- service unix-socket-tls-tunnel restart
+reload_redis() {
+ rediscert="/etc/redis-tls-tunnel/cert.pem"
+ rediskey="/etc/redis-tls-tunnel/key.pem"
+ cp "$cert" "$rediscert"
+ cp "$key" "$rediskey"
+ service redis-tls-tunnel restart
}
reload_smtpd() {
@@ -49,7 +53,7 @@ case "$certname" in
reload_postgres
;;
redis.cyberia.club)
- reload_unix_socket_tls_tunnel
+ reload_redis
;;
forge.cyberia.club)
reload_smtpd
diff --git a/ansible/site.yml b/ansible/site.yml
index 3c6e949..8d91bf3 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -15,7 +15,7 @@
roles:
- postgresql
- redis
- - unix-socket-tls-tunnel
+ - redis-tls-tunnel
- name: setup monitoring system
hosts: monitoringservers