adding adminapi access to envoy and version bump

supaPatrick · supaPatrick · commit 3049b2cfcaae · 2023-08-30T21:05:30.000-04:00
diff --git a/ansible/files/adminapi.sudoers.conf b/ansible/files/adminapi.sudoers.conf
@@ -2,6 +2,7 @@ Cmnd_Alias KONG = /bin/systemctl start kong.service, /bin/systemctl stop kong.se
 Cmnd_Alias POSTGREST = /bin/systemctl start postgrest.service, /bin/systemctl stop postgrest.service, /bin/systemctl restart postgrest.service, /bin/systemctl disable postgrest.service, /bin/systemctl enable postgrest.service
 Cmnd_Alias GOTRUE = /bin/systemctl start gotrue.service, /bin/systemctl stop gotrue.service, /bin/systemctl restart gotrue.service, /bin/systemctl disable gotrue.service, /bin/systemctl enable gotrue.service
 Cmnd_Alias PGBOUNCER = /bin/systemctl start pgbouncer.service, /bin/systemctl stop pgbouncer.service, /bin/systemctl restart pgbouncer.service, /bin/systemctl disable pgbouncer.service, /bin/systemctl enable pgbouncer.service, /bin/systemctl reload pgbouncer.service
+Cmnd_Alias ENVOY = /bin/systemctl start envoy.service, /bin/systemctl stop envoy.service, /bin/systemctl restart envoy.service, /bin/systemctl disable envoy.service, /bin/systemctl enable envoy.service, /bin/systemctl reload envoy.service
 
 %adminapi ALL= NOPASSWD: /root/grow_fs.sh
 %adminapi ALL= NOPASSWD: /root/manage_readonly_mode.sh
@@ -24,3 +25,4 @@ Cmnd_Alias PGBOUNCER = /bin/systemctl start pgbouncer.service, /bin/systemctl st
 %adminapi ALL= NOPASSWD: POSTGREST
 %adminapi ALL= NOPASSWD: GOTRUE
 %adminapi ALL= NOPASSWD: PGBOUNCER
+%adminapi ALL= NOPASSWD: ENVOY
diff --git a/ansible/tasks/internal/admin-api.yml b/ansible/tasks/internal/admin-api.yml
@@ -1,7 +1,7 @@
 - name: adminapi - system user
   user:
     name: adminapi
-    groups: root,admin,kong,pgbouncer,postgres,postgrest,systemd-journal,wal-g
+    groups: root,admin,kong,envoy,pgbouncer,postgres,postgrest,systemd-journal,wal-g
     append: yes
 
 - name: Move shell scripts to /root dir
diff --git a/ansible/tasks/setup-envoy.yml b/ansible/tasks/setup-envoy.yml
@@ -1,10 +1,17 @@
 - name: Envoy - system user
   user: name=envoy
 
-- name: Kong - download binary
+- name: envoy - create /opt/envoy
+  file:
+    path: /opt/envoy
+    state: directory
+    owner: envoy
+    mode: 0775
+
+- name: Envoy - download binary
   get_url:
     url: "https://github.com/envoyproxy/envoy/releases/download/v{{ envoy_release }}/envoy-{{ envoy_release }}-linux-aarch_64"
-    dest: /tmp/envoy.app
+    dest: /opt/envoy/envoy
     checksum: "{{ envoy_release_checksum }}"
 
 # [warn] ulimit is currently set to "1024". For better performance set it to at least
diff --git a/common.vars.pkr.hcl b/common.vars.pkr.hcl
@@ -1 +1 @@
-postgres-version = "15.1.0.115-envoy"
+postgres-version = "15.1.0.115-envoy-rc2"

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-postgres-version = "15.1.0.115-envoy"`
	`1`	`+postgres-version = "15.1.0.115-envoy-rc2"`