Install strfry-policies with the basic starter template policy.
This commit is contained in:
parent
b529402a87
commit
3fcfbf7a03
@ -10,7 +10,6 @@ strfry_data_path: /var/lib/strfry
|
|||||||
strfry_db: "./strfry-db/" # Becomes /var/lib/strfry/strfry-db
|
strfry_db: "./strfry-db/" # Becomes /var/lib/strfry/strfry-db
|
||||||
|
|
||||||
strfry_policies_enabled: true
|
strfry_policies_enabled: true
|
||||||
strfry_policies_path: "{{ strfry_data_path }}/strfry-policy.ts"
|
|
||||||
|
|
||||||
strfry_dbParams:
|
strfry_dbParams:
|
||||||
# Maximum number of threads/processes that can simultaneously have LMDB transactions open (restart required)
|
# Maximum number of threads/processes that can simultaneously have LMDB transactions open (restart required)
|
||||||
@ -65,30 +64,30 @@ strfry_relay:
|
|||||||
|
|
||||||
writePolicy:
|
writePolicy:
|
||||||
# If non-empty, path to an executable script that implements the writePolicy plugin logic
|
# If non-empty, path to an executable script that implements the writePolicy plugin logic
|
||||||
plugin: ""
|
plugin: "{{ strfry_data_path }}/strfry-policy.ts"
|
||||||
|
|
||||||
# Number of seconds to search backwards for lookback events when starting the writePolicy plugin (0 for no lookback)
|
# Number of seconds to search backwards for lookback events when starting the writePolicy plugin (0 for no lookback)
|
||||||
lookbackSeconds: 0
|
lookbackSeconds: 0
|
||||||
|
|
||||||
compression:
|
compression:
|
||||||
# Use permessage-deflate compression if supported by client. Reduces bandwidth, but slight increase in CPU (restart required)
|
# Use permessage-deflate compression if supported by client. Reduces bandwidth, but slight increase in CPU (restart required)
|
||||||
enabled: "true"
|
enabled: yes
|
||||||
|
|
||||||
# Maintain a sliding window buffer for each connection. Improves compression, but uses more memory (restart required)
|
# Maintain a sliding window buffer for each connection. Improves compression, but uses more memory (restart required)
|
||||||
slidingWindow: "true"
|
slidingWindow: yes
|
||||||
|
|
||||||
logging:
|
logging:
|
||||||
# Dump all incoming messages
|
# Dump all incoming messages
|
||||||
dumpInAll: "false"
|
dumpInAll: no
|
||||||
|
|
||||||
# Dump all incoming EVENT messages
|
# Dump all incoming EVENT messages
|
||||||
dumpInEvents: "false"
|
dumpInEvents: no
|
||||||
|
|
||||||
# Dump all incoming REQ/CLOSE messages
|
# Dump all incoming REQ/CLOSE messages
|
||||||
dumpInReqs: "false"
|
dumpInReqs: no
|
||||||
|
|
||||||
# Log performance metrics for initial REQ database scans
|
# Log performance metrics for initial REQ database scans
|
||||||
dbScanPerf: "false"
|
dbScanPerf: no
|
||||||
|
|
||||||
numThreads:
|
numThreads:
|
||||||
# Ingester threads: route incoming requests, validate events/sigs (restart required)
|
# Ingester threads: route incoming requests, validate events/sigs (restart required)
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
//bin/true; exec deno run "$0" "$@"
|
//bin/true; exec deno run -A "$0" "$@"
|
||||||
import {
|
import {
|
||||||
antiDuplicationPolicy,
|
antiDuplicationPolicy,
|
||||||
hellthreadPolicy,
|
hellthreadPolicy,
|
||||||
@ -11,7 +11,7 @@ import {
|
|||||||
|
|
||||||
for await (const msg of readStdin()) {
|
for await (const msg of readStdin()) {
|
||||||
const result = await pipeline(msg, [
|
const result = await pipeline(msg, [
|
||||||
[hellthreadPolicy, { limit: 100 }],
|
[hellthreadPolicy, { limit: 10 }],
|
||||||
[antiDuplicationPolicy, { ttl: 60000, minLength: 50 }],
|
[antiDuplicationPolicy, { ttl: 60000, minLength: 50 }],
|
||||||
[rateLimitPolicy, { whitelist: ['127.0.0.1'] }],
|
[rateLimitPolicy, { whitelist: ['127.0.0.1'] }],
|
||||||
]);
|
]);
|
||||||
@ -10,18 +10,18 @@
|
|||||||
path: /etc/ansible/facts.d
|
path: /etc/ansible/facts.d
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: 'Detect the latest {{ app_name }} version'
|
- name: 'Detect the latest Deno version'
|
||||||
ansible.builtin.uri:
|
ansible.builtin.uri:
|
||||||
url: https://api.github.com/repos/denoland/deno/releases/latest
|
url: https://api.github.com/repos/denoland/deno/releases/latest
|
||||||
register: deno_latest_release_tag
|
register: deno_latest_release_tag
|
||||||
|
|
||||||
- name: 'Determine whether or not the latest version of {{ app_name }} is already installed'
|
- name: 'Determine whether or not the latest version of Deno is already installed'
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
install_deno: "{{ (ansible_local.deno is not defined) or \
|
install_deno: "{{ (ansible_local.deno is not defined) or \
|
||||||
((ansible_local.deno is defined) and \
|
((ansible_local.deno is defined) and \
|
||||||
(ansible_local['deno']['settings']['version'] != deno_latest_release_tag.json.tag_name | replace('v',''))) }}"
|
(ansible_local['deno']['settings']['version'] != deno_latest_release_tag.json.tag_name | replace('v',''))) }}"
|
||||||
|
|
||||||
- name: 'Ensure {{ app_name }} is installed'
|
- name: 'Ensure Deno is installed'
|
||||||
unarchive:
|
unarchive:
|
||||||
src: 'https://github.com/denoland/deno/releases/download/{{ deno_latest_release_tag.json.tag_name }}/deno-x86_64-unknown-linux-gnu.zip'
|
src: 'https://github.com/denoland/deno/releases/download/{{ deno_latest_release_tag.json.tag_name }}/deno-x86_64-unknown-linux-gnu.zip'
|
||||||
dest: /usr/local/bin
|
dest: /usr/local/bin
|
||||||
@ -31,7 +31,7 @@
|
|||||||
- -j
|
- -j
|
||||||
when: install_deno
|
when: install_deno
|
||||||
|
|
||||||
- name: 'Save meta information about the version of {{ app_name }} that was installed'
|
- name: 'Save meta information about the version of Deno that was installed'
|
||||||
community.general.ini_file:
|
community.general.ini_file:
|
||||||
path: /etc/ansible/facts.d/deno.fact
|
path: /etc/ansible/facts.d/deno.fact
|
||||||
mode: 0644
|
mode: 0644
|
||||||
|
|||||||
@ -28,14 +28,15 @@
|
|||||||
tags: config
|
tags: config
|
||||||
notify: restart strfry
|
notify: restart strfry
|
||||||
|
|
||||||
- name: Configure basic strfry-policies only if a configuration does not already exist
|
- name: Install the strfry-policy template
|
||||||
ansible.builtin.template:
|
ansible.builtin.copy:
|
||||||
src: strfry-policy.ts
|
src: strfry-policy.ts
|
||||||
dest: "{{ strfry_policies_path }}"
|
dest: "{{ strfry_relay.writePolicy.plugin }}"
|
||||||
owner: "{{ strfry_system_user }}"
|
owner: "{{ strfry_system_user }}"
|
||||||
group: "{{ strfry_system_group }}"
|
group: "{{ strfry_system_group }}"
|
||||||
when: not strfry_skip_config
|
# force: false # Never overwrite, this is just a starter policy
|
||||||
tags: config
|
mode: '0755'
|
||||||
|
when: strfry_policies_enabled
|
||||||
notify: restart strfry
|
notify: restart strfry
|
||||||
|
|
||||||
- name: Ensure the configured database directory exists.
|
- name: Ensure the configured database directory exists.
|
||||||
@ -52,4 +53,4 @@
|
|||||||
state: directory
|
state: directory
|
||||||
owner: "{{ strfry_system_user }}"
|
owner: "{{ strfry_system_user }}"
|
||||||
group: "{{ strfry_system_group }}"
|
group: "{{ strfry_system_group }}"
|
||||||
when: not strfry_db.startswith('/')
|
when: not strfry_db.startswith('/')
|
||||||
|
|||||||
@ -49,7 +49,7 @@ relay {
|
|||||||
autoPingSeconds = {{ strfry_relay.autoPingSeconds }}
|
autoPingSeconds = {{ strfry_relay.autoPingSeconds }}
|
||||||
|
|
||||||
# If TCP keep-alive should be enabled (detect dropped connections to upstream reverse proxy)
|
# If TCP keep-alive should be enabled (detect dropped connections to upstream reverse proxy)
|
||||||
enableTcpKeepalive = {{ strfry_relay.enableTcpKeepalive }}
|
enableTcpKeepalive = {{ "true" if strfry_relay.enableTcpKeepalive else "false" }}
|
||||||
|
|
||||||
# How much uninterrupted CPU time a REQ query should get during its DB scan
|
# How much uninterrupted CPU time a REQ query should get during its DB scan
|
||||||
queryTimesliceBudgetMicroseconds = {{ strfry_relay.queryTimesliceBudgetMicroseconds }}
|
queryTimesliceBudgetMicroseconds = {{ strfry_relay.queryTimesliceBudgetMicroseconds }}
|
||||||
@ -70,24 +70,24 @@ relay {
|
|||||||
|
|
||||||
compression {
|
compression {
|
||||||
# Use permessage-deflate compression if supported by client. Reduces bandwidth, but slight increase in CPU (restart required)
|
# Use permessage-deflate compression if supported by client. Reduces bandwidth, but slight increase in CPU (restart required)
|
||||||
enabled = {{ strfry_relay.compression.enabled }}
|
enabled = {{ "true" if strfry_relay.compression.enabled else "false" }}
|
||||||
|
|
||||||
# Maintain a sliding window buffer for each connection. Improves compression, but uses more memory (restart required)
|
# Maintain a sliding window buffer for each connection. Improves compression, but uses more memory (restart required)
|
||||||
slidingWindow = {{ strfry_relay.compression.slidingWindow }}
|
slidingWindow = {{ "true" if strfry_relay.compression.slidingWindow else "false"}}
|
||||||
}
|
}
|
||||||
|
|
||||||
logging {
|
logging {
|
||||||
# Dump all incoming messages
|
# Dump all incoming messages
|
||||||
dumpInAll = {{ strfry_relay.logging.dumpInAll }}
|
dumpInAll = {{ "true" if strfry_relay.logging.dumpInAll else "false" }}
|
||||||
|
|
||||||
# Dump all incoming EVENT messages
|
# Dump all incoming EVENT messages
|
||||||
dumpInEvents = {{ strfry_relay.logging.dumpInEvents }}
|
dumpInEvents = {{ "true" if strfry_relay.logging.dumpInEvents else "false" }}
|
||||||
|
|
||||||
# Dump all incoming REQ/CLOSE messages
|
# Dump all incoming REQ/CLOSE messages
|
||||||
dumpInReqs = {{ strfry_relay.logging.dumpInReqs }}
|
dumpInReqs = {{ "true" if strfry_relay.logging.dumpInReqs else "false" }}
|
||||||
|
|
||||||
# Log performance metrics for initial REQ database scans
|
# Log performance metrics for initial REQ database scans
|
||||||
dbScanPerf = {{ strfry_relay.logging.dbScanPerf }}
|
dbScanPerf = {{ "true" if strfry_relay.logging.dbScanPerf else "false" }}
|
||||||
}
|
}
|
||||||
|
|
||||||
numThreads {
|
numThreads {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user