Merge pull request #234 from cityofaustin/airflow-changes-from-move

In situ changes from server migration for airflow
cityofaustin · Jun 17, 2024 · d66f171 · d66f171
2 parents 27abb5d + cf84c02
commit d66f171
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 6 deletions.
diff --git a/haproxy/haproxy-production.cfg b/haproxy/haproxy-production.cfg
@@ -7,6 +7,7 @@ global
   user haproxy
   group haproxy
   daemon
+  maxconn 4096
 
   # Default SSL material locations
   ca-base /etc/ssl/certs

diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg
@@ -7,6 +7,7 @@ global
   user haproxy
   group haproxy
   daemon
+  maxconn 4096
 
   # Default SSL material locations
   ca-base /etc/ssl/certs

diff --git a/toolbox/certbot/cron_entry b/toolbox/certbot/cron_entry
@@ -1 +1,2 @@
-0 */12 * * * root /usr/airflow/atd-airflow/toolbox/certbot/renew.sh >> /var/log/airflow_cert_renewal.log 2>&1
+0 */12 * * * root /srv/atd-airflow/toolbox/certbot/renew.sh >> /var/log/airflow_cert_renewal.log 2>&1
+
diff --git a/toolbox/certbot/renew.sh b/toolbox/certbot/renew.sh
@@ -5,10 +5,10 @@ echo "$(date '+%Y-%m-%d %H:%M:%S')"
 echo "Renewing the certificates for the Airflow stack"
 
 
-/usr/airflow/atd-airflow/toolbox/certbot/renew_domain_with_certbot.sh airflow.austinmobility.io
-/usr/airflow/atd-airflow/toolbox/certbot/renew_domain_with_certbot.sh airflow-workers.austinmobility.io
+/srv/atd-airflow/toolbox/certbot/renew_domain_with_certbot.sh airflow.austinmobility.io
+/srv/atd-airflow/toolbox/certbot/renew_domain_with_certbot.sh airflow-workers.austinmobility.io
 
-cd /usr/airflow/atd-airflow
+cd /srv/atd-airflow
 
 # Restart the HAProxy stack to use renewed certificates
 BUILDKIT_PROGRESS=plain docker compose restart haproxy
diff --git a/toolbox/certbot/renew_domain_with_certbot.sh b/toolbox/certbot/renew_domain_with_certbot.sh
@@ -4,7 +4,7 @@
 DOMAIN=$1
 
 echo "Renewing certificate for $DOMAIN"
-export ATD_AIRFLOW_HOMEDIR="/usr/airflow/atd-airflow";
+export ATD_AIRFLOW_HOMEDIR="/srv/atd-airflow";
 
 # Load the same environment variables as the Airflow stack
 source $ATD_AIRFLOW_HOMEDIR/.env
@@ -24,7 +24,7 @@ AWS_SECRET_ACCESS_KEY=$(docker run --rm --name op \
 1password/op:2 op read op://$OP_VAULT_ID/Certbot\ IAM\ Access\ Key\ and\ Secret/accessSecret)
 
 # Now, remove the old concatenated certificates, renew the certificate, and replace with the new concatenated certificates
-CERT_PATH="/usr/airflow/atd-airflow/haproxy/ssl"
+CERT_PATH="/srv/atd-airflow/haproxy/ssl"
 cd $CERT_PATH
 rm $DOMAIN.pem
 
@@ -40,3 +40,5 @@ certbot/dns-route53 certonly -n --dns-route53 -d $DOMAIN
 cat /etc/letsencrypt/live/$DOMAIN/cert.pem > $ATD_AIRFLOW_HOMEDIR/haproxy/ssl/$DOMAIN.pem
 
 cat /etc/letsencrypt/live/$DOMAIN/privkey.pem >> $ATD_AIRFLOW_HOMEDIR/haproxy/ssl/$DOMAIN.pem
+
+chmod a+r $ATD_AIRFLOW_HOMEDIR/haproxy/ssl/$DOMAIN.pem
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		0 /12 * * root /usr/airflow/atd-airflow/toolbox/certbot/renew.sh >> /var/log/airflow_cert_renewal.log 2>&1
		0 /12 * * root /srv/atd-airflow/toolbox/certbot/renew.sh >> /var/log/airflow_cert_renewal.log 2>&1