clean up supervisor handling, add nginx config

před 3 roky · d900539447
--- a/bubble-server/src/main/resources/ansible/roles/algo/tasks/main.yml
+++ b/bubble-server/src/main/resources/ansible/roles/algo/tasks/main.yml
@@ -10,7 +10,9 @@
    mode: 0500

 - name: Stop algo monitors just in case
  shell: bash -c "supervisorctl stop algo_refresh_users_monitor && supervisorctl stop wg_monitor_connections"
  shell: |
    supervisorctl stop algo_refresh_users_monitor || echo "[algo::main] WARNING: error stopping algo_refresh_users_monitor" >> /var/log/bubble/ansible.log
    supervisorctl stop wg_monitor_connections || echo "[algo::main] WARNING: error stopping wg_monitor_connections" >> /var/log/bubble/ansible.log

 # Don't setup algo when in restore mode, bubble_restore_monitor.sh will set it up after the CA key has been restored
 - name: Run algo playbook to install algo
--- a/bubble-server/src/main/resources/ansible/roles/algo/templates/install_algo.sh.j2
+++ b/bubble-server/src/main/resources/ansible/roles/algo/templates/install_algo.sh.j2
@@ -72,7 +72,10 @@ wireguard_network_ipv6 = '${WG_IP6}'
 fi

 # Restart algo_refresh_users_monitor and wg_monitor_connections
 supervisorctl reload && sleep 3s && supervisorctl restart algo_refresh_users_monitor && supervisorctl restart wg_monitor_connections
 supervisorctl reload || echo "[install_algo.sh] WARNING: Error calling 'supervisorctl reload'"
 sleep 3s
 supervisorctl restart algo_refresh_users_monitor || echo "[install_algo.sh] WARNING: Error restarting algo_refresh_users_monitor"
 supervisorctl restart wg_monitor_connections || echo "[install_algo.sh] WARNING: Error restarting algo_refresh_users_monitor"

 # Restart dnscrypt-proxy
 service dnscrypt-proxy restart
--- a/bubble-server/src/main/resources/ansible/roles/finalizer/tasks/main.yml
+++ b/bubble-server/src/main/resources/ansible/roles/finalizer/tasks/main.yml
@@ -12,14 +12,6 @@
  shell: su - bubble bash -c "echo -n restore > /home/bubble/first_time_marker"
  when: restore_key is defined

 - name: Install mitmproxy CA cert in local CA store
  shell: install_cert.sh /home/mitmproxy/.mitmproxy/{{ cert_name }}-ca-cert.pem 600
  when: install_type == 'node'

 - name: Install mitmproxy public certs in bubble dir
  shell: /usr/local/bin/copy_certs_to_bubble.sh {{ cert_name }}
  when: install_type == 'node'

 - name: Install bubble supervisor conf file
  template:
    src: "supervisor_bubble.conf.j2"
@@ -28,7 +20,7 @@
 # Save 1% of memory, every bit counts on small nodes
 - name: Disable peer manager on small nodes
  shell: |
    supervisorctl stop bubble_peer_manager || echo 'Warning: error stopping bubble_peer_manager'
    supervisorctl stop bubble_peer_manager || echo '[finalizer::main] WARNING: error stopping bubble_peer_manager' >> /var/log/bubble/ansible.log
    rm -f /etc/supervisor/conf.d/bubble_peer_manager.conf
  when: total_memory < 2048

@@ -75,10 +67,17 @@
 - name: Ensure authorized SSH keys are up-to-date
  shell: su - bubble bash -c "touch /home/bubble/.refresh_ssh_keys"

 # We cannot receive notifications until nginx is running, so start bubble API as the very last step
 - name: reload supervisord
  shell: |
    supervisorctl reload \
      || echo "WARNING: supervisorctl reload exited with $?" | tee -a /var/log/bubble/ansible.log \
      || echo "[finalizer::main] WARNING: supervisorctl reload exited with $?" | tee -a /var/log/bubble/ansible.log \
      && sleep 10s && supervisorctl reload \
        || echo "WARNING: supervisorctl reload exited AGAIN with $?" | tee -a /var/log/bubble/ansible.log
        || echo "[finalizer::main] WARNING: supervisorctl reload exited AGAIN with $?" | tee -a /var/log/bubble/ansible.log

 - name: Install mitmproxy CA cert in local CA store
  shell: install_cert.sh /home/mitmproxy/.mitmproxy/{{ cert_name }}-ca-cert.pem 600
  when: install_type == 'node'

 - name: Install mitmproxy public certs in bubble dir
  shell: /usr/local/bin/copy_certs_to_bubble.sh {{ cert_name }}
  when: install_type == 'node'
--- a/bubble-server/src/main/resources/ansible/roles/mitmproxy/tasks/main.yml
+++ b/bubble-server/src/main/resources/ansible/roles/mitmproxy/tasks/main.yml
@@ -67,5 +67,6 @@
    - 9999

 - name: reload supervisord
  shell: supervisorctl reload
  shell: |
    supervisorctl reload || echo "[mitmproxy::main] WARNING: error reloading "
  tags: always
--- a/bubble-server/src/main/resources/packer/roles/nginx/files/server_names_hash_bucket_size.conf
+++ b/bubble-server/src/main/resources/packer/roles/nginx/files/server_names_hash_bucket_size.conf
@@ -0,0 +1 @@
 server_names_hash_bucket_size  128;
--- a/bubble-server/src/main/resources/packer/roles/nginx/tasks/main.yml
+++ b/bubble-server/src/main/resources/packer/roles/nginx/tasks/main.yml
@@ -60,6 +60,12 @@
    mode: 0755
  when: enable_nginx

 - name: Create server_names_hash_bucket_size nginx conf
  copy:
    src: server_names_hash_bucket_size.conf
    dest: /etc/nginx/conf.d/server_names_hash_bucket_size.conf
  when: enable_nginx

 - name: Install init_dhparams supervisor conf file
  copy:
    src: supervisor_init_dhparams.conf