diff --git a/bubble-server/src/main/resources/ansible/roles/algo/tasks/main.yml b/bubble-server/src/main/resources/ansible/roles/algo/tasks/main.yml index 103069b5..3bcec49b 100644 --- a/bubble-server/src/main/resources/ansible/roles/algo/tasks/main.yml +++ b/bubble-server/src/main/resources/ansible/roles/algo/tasks/main.yml @@ -10,7 +10,9 @@ mode: 0500 - name: Stop algo monitors just in case - shell: bash -c "supervisorctl stop algo_refresh_users_monitor && supervisorctl stop wg_monitor_connections" + shell: | + supervisorctl stop algo_refresh_users_monitor || echo "[algo::main] WARNING: error stopping algo_refresh_users_monitor" >> /var/log/bubble/ansible.log + supervisorctl stop wg_monitor_connections || echo "[algo::main] WARNING: error stopping wg_monitor_connections" >> /var/log/bubble/ansible.log # Don't setup algo when in restore mode, bubble_restore_monitor.sh will set it up after the CA key has been restored - name: Run algo playbook to install algo diff --git a/bubble-server/src/main/resources/ansible/roles/algo/templates/install_algo.sh.j2 b/bubble-server/src/main/resources/ansible/roles/algo/templates/install_algo.sh.j2 index 0b98585a..3fa09e62 100644 --- a/bubble-server/src/main/resources/ansible/roles/algo/templates/install_algo.sh.j2 +++ b/bubble-server/src/main/resources/ansible/roles/algo/templates/install_algo.sh.j2 @@ -72,7 +72,10 @@ wireguard_network_ipv6 = '${WG_IP6}' fi # Restart algo_refresh_users_monitor and wg_monitor_connections -supervisorctl reload && sleep 3s && supervisorctl restart algo_refresh_users_monitor && supervisorctl restart wg_monitor_connections +supervisorctl reload || echo "[install_algo.sh] WARNING: Error calling 'supervisorctl reload'" +sleep 3s +supervisorctl restart algo_refresh_users_monitor || echo "[install_algo.sh] WARNING: Error restarting algo_refresh_users_monitor" +supervisorctl restart wg_monitor_connections || echo "[install_algo.sh] WARNING: Error restarting algo_refresh_users_monitor" # Restart dnscrypt-proxy service dnscrypt-proxy restart diff --git a/bubble-server/src/main/resources/ansible/roles/finalizer/tasks/main.yml b/bubble-server/src/main/resources/ansible/roles/finalizer/tasks/main.yml index 3a925c15..044f69e9 100644 --- a/bubble-server/src/main/resources/ansible/roles/finalizer/tasks/main.yml +++ b/bubble-server/src/main/resources/ansible/roles/finalizer/tasks/main.yml @@ -12,14 +12,6 @@ shell: su - bubble bash -c "echo -n restore > /home/bubble/first_time_marker" when: restore_key is defined -- name: Install mitmproxy CA cert in local CA store - shell: install_cert.sh /home/mitmproxy/.mitmproxy/{{ cert_name }}-ca-cert.pem 600 - when: install_type == 'node' - -- name: Install mitmproxy public certs in bubble dir - shell: /usr/local/bin/copy_certs_to_bubble.sh {{ cert_name }} - when: install_type == 'node' - - name: Install bubble supervisor conf file template: src: "supervisor_bubble.conf.j2" @@ -28,7 +20,7 @@ # Save 1% of memory, every bit counts on small nodes - name: Disable peer manager on small nodes shell: | - supervisorctl stop bubble_peer_manager || echo 'Warning: error stopping bubble_peer_manager' + supervisorctl stop bubble_peer_manager || echo '[finalizer::main] WARNING: error stopping bubble_peer_manager' >> /var/log/bubble/ansible.log rm -f /etc/supervisor/conf.d/bubble_peer_manager.conf when: total_memory < 2048 @@ -75,10 +67,17 @@ - name: Ensure authorized SSH keys are up-to-date shell: su - bubble bash -c "touch /home/bubble/.refresh_ssh_keys" -# We cannot receive notifications until nginx is running, so start bubble API as the very last step - name: reload supervisord shell: | supervisorctl reload \ - || echo "WARNING: supervisorctl reload exited with $?" | tee -a /var/log/bubble/ansible.log \ + || echo "[finalizer::main] WARNING: supervisorctl reload exited with $?" | tee -a /var/log/bubble/ansible.log \ && sleep 10s && supervisorctl reload \ - || echo "WARNING: supervisorctl reload exited AGAIN with $?" | tee -a /var/log/bubble/ansible.log + || echo "[finalizer::main] WARNING: supervisorctl reload exited AGAIN with $?" | tee -a /var/log/bubble/ansible.log + +- name: Install mitmproxy CA cert in local CA store + shell: install_cert.sh /home/mitmproxy/.mitmproxy/{{ cert_name }}-ca-cert.pem 600 + when: install_type == 'node' + +- name: Install mitmproxy public certs in bubble dir + shell: /usr/local/bin/copy_certs_to_bubble.sh {{ cert_name }} + when: install_type == 'node' diff --git a/bubble-server/src/main/resources/ansible/roles/mitmproxy/tasks/main.yml b/bubble-server/src/main/resources/ansible/roles/mitmproxy/tasks/main.yml index f37289dc..ed2c7484 100644 --- a/bubble-server/src/main/resources/ansible/roles/mitmproxy/tasks/main.yml +++ b/bubble-server/src/main/resources/ansible/roles/mitmproxy/tasks/main.yml @@ -67,5 +67,6 @@ - 9999 - name: reload supervisord - shell: supervisorctl reload + shell: | + supervisorctl reload || echo "[mitmproxy::main] WARNING: error reloading " tags: always diff --git a/bubble-server/src/main/resources/packer/roles/nginx/files/server_names_hash_bucket_size.conf b/bubble-server/src/main/resources/packer/roles/nginx/files/server_names_hash_bucket_size.conf new file mode 100644 index 00000000..e81e7c17 --- /dev/null +++ b/bubble-server/src/main/resources/packer/roles/nginx/files/server_names_hash_bucket_size.conf @@ -0,0 +1 @@ +server_names_hash_bucket_size 128; diff --git a/bubble-server/src/main/resources/packer/roles/nginx/tasks/main.yml b/bubble-server/src/main/resources/packer/roles/nginx/tasks/main.yml index c0be4f58..37276647 100644 --- a/bubble-server/src/main/resources/packer/roles/nginx/tasks/main.yml +++ b/bubble-server/src/main/resources/packer/roles/nginx/tasks/main.yml @@ -60,6 +60,12 @@ mode: 0755 when: enable_nginx +- name: Create server_names_hash_bucket_size nginx conf + copy: + src: server_names_hash_bucket_size.conf + dest: /etc/nginx/conf.d/server_names_hash_bucket_size.conf + when: enable_nginx + - name: Install init_dhparams supervisor conf file copy: src: supervisor_init_dhparams.conf