From 4ea9492ca33527e2d02ab750d1d7981f9c48a41d Mon Sep 17 00:00:00 2001 From: Ruakij Date: Tue, 10 Jan 2023 09:46:01 +0100 Subject: [PATCH 1/2] Change hos group-name --- netmaker_server/tasks/netmaker.yml | 4 ++-- netmaker_server/templates/docker-compose.yml.template | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/netmaker_server/tasks/netmaker.yml b/netmaker_server/tasks/netmaker.yml index fe4f3e4..56eed6f 100644 --- a/netmaker_server/tasks/netmaker.yml +++ b/netmaker_server/tasks/netmaker.yml @@ -30,7 +30,7 @@ headers: Authorization: 'Bearer {{ netmaker_creds.master_key }}' Content-Type: application/json - when: "inventory_hostname == groups['netmaker'][0]" + when: "inventory_hostname == groups['netmaker_server'][0]" register: default_mesh until: "default_mesh is not failed" retries: 2 @@ -50,7 +50,7 @@ headers: Authorization: 'Bearer {{ netmaker_creds.master_key }}' Content-Type: application/json - when: "inventory_hostname == groups['netmaker'][0]" + when: "inventory_hostname == groups['netmaker_server'][0]" register: default_mesh_key until: "default_mesh_key is not failed" retries: 2 diff --git a/netmaker_server/templates/docker-compose.yml.template b/netmaker_server/templates/docker-compose.yml.template index 5a242eb..f01005c 100644 --- a/netmaker_server/templates/docker-compose.yml.template +++ b/netmaker_server/templates/docker-compose.yml.template @@ -33,9 +33,9 @@ services: -auth /config.json -{% if inventory_hostname != groups['netmaker'][0] %} +{% if inventory_hostname != groups['netmaker_server'][0] %} -join-as netmaker - -join https://{{ netmaker_rqlite.http_host }}.{{ groups['netmaker'][0] }}:{{ netmaker_nginx.advertise_port }} + -join https://{{ netmaker_rqlite.http_host }}.{{ groups['netmaker_server'][0] }}:{{ netmaker_nginx.advertise_port }} {% endif %} " # FIXME: /\ \/ Change http -> https From 109a09052d37e16bcbb59c3375d6d4245ad2a432 Mon Sep 17 00:00:00 2001 From: Ruakij Date: Tue, 10 Jan 2023 09:46:55 +0100 Subject: [PATCH 2/2] Update to 0.17.1 This also sets up tls-termination for mosquitto --- .../opt/netmaker_server/mosquitto/config/mosquitto.conf | 4 ++-- netmaker_server/templates/docker-compose.yml.template | 5 ++--- netmaker_server/templates/nginx/passthrough.conf.template | 2 +- netmaker_server/templates/nginx/proxy.conf.template | 4 +++- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/netmaker_server/files/opt/netmaker_server/mosquitto/config/mosquitto.conf b/netmaker_server/files/opt/netmaker_server/mosquitto/config/mosquitto.conf index 39ff237..c1e2b3b 100644 --- a/netmaker_server/files/opt/netmaker_server/mosquitto/config/mosquitto.conf +++ b/netmaker_server/files/opt/netmaker_server/mosquitto/config/mosquitto.conf @@ -1,11 +1,11 @@ per_listener_settings false listener 8883 +protocol websockets allow_anonymous false -certfile /certs/node.crt -keyfile /certs/node.key listener 1883 +protocol websockets allow_anonymous false plugin /usr/lib/mosquitto_dynamic_security.so diff --git a/netmaker_server/templates/docker-compose.yml.template b/netmaker_server/templates/docker-compose.yml.template index f01005c..7b8c998 100644 --- a/netmaker_server/templates/docker-compose.yml.template +++ b/netmaker_server/templates/docker-compose.yml.template @@ -41,7 +41,7 @@ services: # FIXME: /\ \/ Change http -> https netmaker: # The Primary Server for running Netmaker - image: gravitl/netmaker:v0.16.1 + image: gravitl/netmaker:v0.17.1 depends_on: - rqlite cap_add: @@ -104,7 +104,7 @@ services: - "51821-51830:51821-51830/udp" # wireguard ports netmaker-ui: # The Netmaker UI Component - image: gravitl/netmaker-ui:v0.16.1 + image: gravitl/netmaker-ui:v0.17.1 depends_on: - netmaker links: @@ -120,7 +120,6 @@ services: - ./mosquitto/config:/mosquitto/config - ./mosquitto/data:/mosquitto/data - ./mosquitto/logs:/mosquitto/log - - "./certs:/certs:ro" depends_on: - netmaker command: ["/mosquitto/config/wait.sh"] diff --git a/netmaker_server/templates/nginx/passthrough.conf.template b/netmaker_server/templates/nginx/passthrough.conf.template index 5ae1882..481330a 100644 --- a/netmaker_server/templates/nginx/passthrough.conf.template +++ b/netmaker_server/templates/nginx/passthrough.conf.template @@ -6,7 +6,7 @@ stream{ {{ netmaker_ui.host }}.{{ netmaker_base_domain }} 127.0.0.1:8443; {{ netmaker_api.host }}.{{ netmaker_base_domain }} 127.0.0.1:8443; - {{ netmaker_broker.tls_host }}.{{ netmaker_base_domain }} mosquitto:8883; # todo: tls-terminate? + {{ netmaker_broker.tls_host }}.{{ netmaker_base_domain }} 127.0.0.1:8443; {{ netmaker_rqlite.http_host }}.{{ ansible_facts.nodename }} 127.0.0.1:8443; {{ netmaker_rqlite.cluster_host }}.{{ ansible_facts.nodename }} rqlite:4002; diff --git a/netmaker_server/templates/nginx/proxy.conf.template b/netmaker_server/templates/nginx/proxy.conf.template index 4ce74a3..6008c39 100644 --- a/netmaker_server/templates/nginx/proxy.conf.template +++ b/netmaker_server/templates/nginx/proxy.conf.template @@ -3,7 +3,9 @@ map $host $proxy_name { {{ netmaker_ui.host }}.{{ netmaker_base_domain }} netmaker-ui:80; {{ netmaker_api.host }}.{{ netmaker_base_domain }} netmaker:8081; - + + {{ netmaker_broker.tls_host }}.{{ netmaker_base_domain }} mosquitto:8883; + {{ netmaker_rqlite.http_host }}.{{ ansible_facts.nodename }} rqlite:4001; default 444;