sunet-cdn/cdn-ops
2
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
436 commits 1 branch 203 tags 1.4 MiB
Commit graph

19 commits

Author SHA1 Message Date
Patrik Lundin c386349271
cdn db init: secure schema usage 
Trying to run goose for creating database contents failed:
```
2024/11/14 11:59:13 goose run: failed to ensure DB version: ERROR: permission denied for schema public (SQLSTATE 42501)
```

This seems to be because PostgreSQL 15 removed the default CREATE
permission in the public schema for users other than the database owner.

Instead we create a user-specific schema owned by that same user and
leave the public schema unused.
 2024-11-14 13:01:06 +01:00
Patrik Lundin dc7bf71dd9
No need to escape single quites in here-doc 2024-11-13 16:04:17 +01:00
Patrik Lundin 206e450c99
Add init script for setting up cdn database 2024-11-13 14:52:17 +01:00
Patrik Lundin 9a73d8bdfe
Improve comment 2024-11-07 12:41:43 +01:00
Patrik Lundin 1164b59747
Install tool for managing ACME provisioner 2024-11-07 12:41:14 +01:00
Patrik Lundin 8cd801bd64
Replace cp+chown with install 2024-11-05 14:45:37 +01:00
Patrik Lundin 0461a8f0b8
mqtt: fix certfile usage 
Use fullchain.pem instead of cert.pem which fixes "certificate signed by
unknown authority" problems.
Also point cafile to correct root cert.
 2024-11-05 14:39:13 +01:00
Patrik Lundin e2d550bf29
Start managing bird2 
Also give dummy-interface support to sunet-l4lb-namespace tool, used
to hold IPv4/IPv6 service addresses that should be announced via BGP.
 2024-10-25 15:19:21 +02:00
Patrik Lundin d632aaca5c
Update script to use new conf path 2024-10-22 17:12:56 +02:00
Patrik Lundin f588078b75
Add namespace management files 2024-10-22 17:06:29 +02:00
Patrik Lundin 254a3f107e
Quote some variables to make shellcheck happy 2024-10-10 10:38:45 +02:00
Patrik Lundin 7001a3fab6
Remove trailing "/" in dir path 2024-10-10 10:36:00 +02:00
Patrik Lundin 65fc0590b4
Add certbot deploy script for mosquitto 2024-10-10 10:13:04 +02:00
Patrik Lundin ab3c08c5e1
Add class for setting up trust of internal CA 2024-10-09 11:46:28 +02:00
Patrik Lundin d1b0694e44
Also set --admin-provisioner=admin 
Without this the commands will hang for input to select a provisioner.
This is needed now that we have enabled a second (the ACME) provisioner
on init.
 2024-10-08 21:45:17 +02:00
Patrik Lundin fe04d862e3
Move script to correct location 2024-10-08 14:12:48 +02:00
Patrik Lundin 8d4d1841c4
Bootstrap step client 2024-10-08 14:09:44 +02:00
Patrik Lundin aca8dd1b22
Add file to correct location 2024-10-08 13:12:54 +02:00
Patrik Lundin d9db9fee72
Add init script for setting provisioner file 
This is to deal with the problem that it makes sense to have a separate
passsword for encryption keys and the admin provisioner. It is currently
not possible to control this via the docker env flags so add this
workaround for now.
 2024-10-08 12:35:41 +02:00