The previous .n39.eu domain is meant to be used within the space only.
Change to the external domain, as the registry is running on our external
server.
Unsure why this differs from the previous value, but this is the
organization name actually used by the running database. Output from
the container:
2023-01-11T19:22:41Z E! [outputs.influxdb_v2] Failed to write metric to system_metrics (will be dropped: 404 Not Found): not found: organization name "Netz39" not found
Execution of the playbook failed like this before:
TASK [lespocky.telegraf_docker_in_docker : Copy telegraf docker_input_agent conf] ************************************************************************************************
fatal: [unicorn.n39.eu]: FAILED! => changed=false
checksum: 3230d394872351730e265778639936912c9f1030
msg: Destination directory /etc/telegraf does not exist
fatal: [krypton.n39.eu]: FAILED! => changed=false
checksum: 3230d394872351730e265778639936912c9f1030
msg: Destination directory /etc/telegraf does not exist
fatal: [radon.n39.eu]: FAILED! => changed=false
checksum: 3230d394872351730e265778639936912c9f1030
msg: Destination directory /etc/telegraf does not exist
fatal: [pottwal.n39.eu]: FAILED! => changed=false
checksum: 3230d394872351730e265778639936912c9f1030
msg: Destination directory /etc/telegraf does not exist
That was a bug in the role, which was fixed with release v0.2.1.
Link: https://github.com/LeSpocky/ansible-role-telegraf-docker-in-docker/issues/15
The key difference between these groups is not that one needs a jump
host and the other does not, but that all hosts of one group run on
machines located in the Netz39 rooms in Magdeburg, while the other group
contains only hosts hosted anywhere in the public internet. We'll need
this distinction for more things than SSH in the future, e.g. PR !132.
(This is also better, because technically there could be a third group
requiring a jump host which is not ssh.n39.eu … 😉 )
Acked-by: Stefan Haun <tux@netz39.de>
Acked-by: David Kilias <dkdent@netz39.de>
prosody runs as unpriviledged user inside of its docker container with
this uid/gid:
root@676f7272aaa6:/etc/prosody# id prosody
uid=101(prosody) gid=102(prosody) groups=102(prosody),101(ssl-cert)
The certs dir has 0750 permissions and thus the process can not access
it and finds no certs, leading to stream errors for s2s and c2s
connections. We can not use group name, because the same group has a
different gid on the host. Numerical is fine (even if ansible needs
this as a string, `chown` seems to know how to handle this).
References: !119
Signed-off-by: Alexander Dahl <alex@netz39.de>
The previous configuration was copied over from helium.n39.eu for
prosody v0.9 and did only work more or less by accident. The new
configuration was done based on the upstream example configuration.
Some modules we used for 0.9 were replaced, some are not necessary
anymore, some modules are new for 0.11. The list was reviewed carefully
on a test host, and proved to work for several months there.
The VirtualHost 'localhost' is kept, but moved from a separate
configuration file to the main configuration, because it's only one line
and it's part of the example config anyways.
To install docker on a host you have to put it into that group in
inventory now, instead of adding the role to each host playbook. Idea
is to extend the group docker_host playbook by more docker related
things as for example metrics and monitoring.
