tile: use osm2pgsql-replication promethus

[chef.git] / cookbooks / networking / recipes / default.rb

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 2383af7d70da01a5619a36d63e5968fd1cedb6da..2f60280f06172dec3ba73f8f80c6fae6abcecfaa 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -23,6 +23,8 @@
 require "ipaddr"
 require "yaml"
 
+include_recipe "ruby"
+
 keys = data_bag_item("networking", "keys")
 
 file "/etc/netplan/00-installer-config.yaml" do
@@ -41,6 +43,10 @@ file "/etc/netplan/99-chef.yaml" do
   action :delete
 end
 
+package "ifupdown" do
+  action :purge
+end
+
 package "netplan.io" do
   action :purge
 end
@@ -69,19 +75,19 @@ node[:networking][:interfaces].each do |name, interface|
   next unless interface[:role] && (role = node[:networking][:roles][interface[:role]])
 
   if interface[:inet] && role[:inet]
-    node.default[:networking][:interfaces][name][:inet][:prefix] = role[:inet][:prefix]
-    node.default[:networking][:interfaces][name][:inet][:gateway] = role[:inet][:gateway]
-    node.default[:networking][:interfaces][name][:inet][:routes] = role[:inet][:routes]
+    node.default_unless[:networking][:interfaces][name][:inet][:prefix] = role[:inet][:prefix]
+    node.default_unless[:networking][:interfaces][name][:inet][:gateway] = role[:inet][:gateway]
+    node.default_unless[:networking][:interfaces][name][:inet][:routes] = role[:inet][:routes]
   end
 
   if interface[:inet6] && role[:inet6]
-    node.default[:networking][:interfaces][name][:inet6][:prefix] = role[:inet6][:prefix]
-    node.default[:networking][:interfaces][name][:inet6][:gateway] = role[:inet6][:gateway]
-    node.default[:networking][:interfaces][name][:inet6][:routes] = role[:inet6][:routes]
+    node.default_unless[:networking][:interfaces][name][:inet6][:prefix] = role[:inet6][:prefix]
+    node.default_unless[:networking][:interfaces][name][:inet6][:gateway] = role[:inet6][:gateway]
+    node.default_unless[:networking][:interfaces][name][:inet6][:routes] = role[:inet6][:routes]
   end
 
-  node.default[:networking][:interfaces][name][:metric] = role[:metric]
-  node.default[:networking][:interfaces][name][:zone] = role[:zone]
+  node.default_unless[:networking][:interfaces][name][:metric] = role[:metric]
+  node.default_unless[:networking][:interfaces][name][:zone] = role[:zone]
 end
 
 node[:networking][:interfaces].each do |_, interface|
@@ -126,6 +132,11 @@ node[:networking][:interfaces].each do |_, interface|
   end
 end
 
+package "systemd-resolved" do
+  action :install
+  only_if { platform?("ubuntu") && node[:lsb][:release].to_f > 22.04 || platform?("debian") && node[:lsb][:release].to_f > 11.0 }
+end
+
 service "systemd-networkd" do
   action [:enable, :start]
 end
@@ -257,6 +268,16 @@ if node[:networking][:wireguard][:enabled]
   end
 end
 
+# Setup dokken network in systemd-networkd to avoid systemd-networkd-wait-online delay
+template "/etc/systemd/network/dokken.network" do
+  source "dokken.network.erb"
+  owner "root"
+  group "root"
+  mode "644"
+  notifies :run, "execute[networkctl-reload]", :immediately
+  only_if { kitchen? }
+end
+
 notify_group "networkctl-reload"
 
 execute "networkctl-reload" do
@@ -312,6 +333,16 @@ link "/etc/resolv.conf" do
   to "../run/systemd/resolve/stub-resolv.conf"
 end
 
+gem_package "dbus-systemd" do
+  gem_binary node[:ruby][:gem]
+end
+
+prometheus_exporter "resolved" do
+  port 10028
+  user "systemd-resolve"
+  restrict_address_families "AF_UNIX"
+end
+
 hosts = { :inet => [], :inet6 => [] }
 
 search(:node, "networking:interfaces").collect do |n|
@@ -390,6 +421,14 @@ if node[:networking][:wireguard][:enabled]
   end
 end
 
+firewall_rule "accept-http-osm" do
+  action :accept
+  context :incoming
+  protocol :tcp
+  source :osm
+  dest_ports %w[http https]
+end
+
 firewall_rule "accept-http" do
   action :accept
   context :incoming