passwords = data_bag_item("community", "passwords")
license_keys = data_bag_item("geoipupdate", "license-keys") unless kitchen?
+prometheus_servers = search(:node, "recipes:prometheus\\:\\:server").map do |server|
+ server.ipaddresses(:role => :external)
+end.flatten
+
# Disable any default installed apache2 service. Web server is embedded within the discourse docker container
service "apache2" do
action [:disable, :stop]
owner "root"
group "root"
mode "640"
- variables :license_keys => license_keys, :passwords => passwords
+ variables :license_keys => license_keys, :passwords => passwords,
+ :prometheus_servers => prometheus_servers
notifies :run, "notify_group[discourse_container_new_web_only]"
end
DISCOURSE_MAXMIND_LICENSE_KEY: '<%= @license_keys[node[:geoipupdate][:account]] %>'
<% end -%>
- # FIXME: hardcoded IPs should be replaced by chef node search
- DISCOURSE_PROMETHEUS_TRUSTED_IP_ALLOWLIST_REGEX: '^(140\.211\.167\.99|2605:bc80:3010:700::8cd3:a763)$'
+ # Allow list for prometheus metric collection
+ DISCOURSE_PROMETHEUS_TRUSTED_IP_ALLOWLIST_REGEX: '^<%= @prometheus_servers.map { |a| Regexp.escape(a) }.join("|") %>$'
# Increase base SIDEKIQ memory limit to 1GB
UNICORN_SIDEKIQ_MAX_RSS: 1000
projects / chef.git / commitdiff