]> git.openstreetmap.org Git - chef.git/blob - cookbooks/web/resources/rails_port.rb
Add OSUOSL machines to backup allow list
[chef.git] / cookbooks / web / resources / rails_port.rb
1 #
2 # Cookbook Name:: web
3 # Resource:: rails_port
4 #
5 # Copyright 2012, OpenStreetMap Foundation
6 #
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
10 #
11 #     https://www.apache.org/licenses/LICENSE-2.0
12 #
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
18 #
19
20 require "yaml"
21
22 resource_name :rails_port
23
24 default_action :create
25
26 property :site, String, :name_attribute => true
27 property :ruby, String, :default => "2.3"
28 property :directory, String
29 property :user, String
30 property :group, String
31 property :repository, String, :default => "https://git.openstreetmap.org/public/rails.git"
32 property :revision, String, :default => "live"
33 property :run_migrations, [TrueClass, FalseClass], :default => false
34 property :email_from, String, :default => "OpenStreetMap <support@openstreetmap.org>"
35 property :status, String, :default => "online"
36 property :database_host, String
37 property :database_port, String
38 property :database_name, String
39 property :database_username, String
40 property :database_password, String
41 property :email_from, String
42 property :messages_domain, String
43 property :gpx_dir, String
44 property :attachments_dir, String
45 property :log_path, String
46 property :logstash_path, String
47 property :memcache_servers, Array
48 property :potlatch2_key, String
49 property :id_key, String
50 property :oauth_key, String
51 property :nominatim_url, String
52 property :osrm_url, String
53 property :google_auth_id, String
54 property :google_auth_secret, String
55 property :google_openid_realm, String
56 property :facebook_auth_id, String
57 property :facebook_auth_secret, String
58 property :windowslive_auth_id, String
59 property :windowslive_auth_secret, String
60 property :github_auth_id, String
61 property :github_auth_secret, String
62 property :wikipedia_auth_id, String
63 property :wikipedia_auth_secret, String
64 property :mapquest_key, String
65 property :mapzen_valhalla_key, String
66 property :thunderforest_key, String
67 property :totp_key, String
68 property :csp_enforce, [TrueClass, FalseClass], :default => false
69 property :csp_report_url, String
70 property :piwik_configuration, Hash
71
72 action :create do
73   package %W[
74     ruby#{new_resource.ruby}
75     ruby#{new_resource.ruby}-dev
76     imagemagick
77     nodejs
78     geoip-database
79   ]
80
81   package %w[
82     g++
83     pkg-config
84     libpq-dev
85     libsasl2-dev
86     libxml2-dev
87     libxslt1-dev
88     libmemcached-dev
89     libffi-dev
90   ]
91
92   package %w[
93     pngcrush
94     advancecomp
95     optipng
96     pngquant
97     jhead
98     jpegoptim
99     gifsicle
100     libjpeg-turbo-progs
101   ]
102
103   gem_package "bundler#{new_resource.ruby}" do
104     package_name "bundler"
105     version "1.16.2"
106     gem_binary "gem#{new_resource.ruby}"
107     options "--format-executable"
108   end
109
110   gem_package "bundler#{new_resource.ruby}" do
111     package_name "pkg-config"
112     gem_binary "gem#{new_resource.ruby}"
113   end
114
115   declare_resource :directory, rails_directory do
116     owner new_resource.user
117     group new_resource.group
118     mode 0o2775
119   end
120
121   git rails_directory do
122     action :sync
123     repository new_resource.repository
124     revision new_resource.revision
125     user new_resource.user
126     group new_resource.group
127     notifies :run, "execute[#{rails_directory}/Gemfile]"
128     notifies :run, "execute[#{rails_directory}/public/assets]"
129     notifies :delete, "file[#{rails_directory}/public/export/embed.html]"
130     notifies :restart, "passenger_application[#{rails_directory}]"
131   end
132
133   declare_resource :directory, "#{rails_directory}/tmp" do
134     owner new_resource.user
135     group new_resource.group
136   end
137
138   file "#{rails_directory}/config/environment.rb" do
139     owner new_resource.user
140     group new_resource.group
141   end
142
143   template "#{rails_directory}/config/database.yml" do
144     cookbook "web"
145     source "database.yml.erb"
146     owner new_resource.user
147     group new_resource.group
148     mode 0o664
149     variables :host => new_resource.database_host,
150               :port => new_resource.database_port,
151               :name => new_resource.database_name,
152               :username => new_resource.database_username,
153               :password => new_resource.database_password
154     notifies :restart, "passenger_application[#{rails_directory}]"
155   end
156
157   application_yml = edit_file "#{rails_directory}/config/example.application.yml" do |line|
158     line.gsub!(/^( *)server_protocol:.*$/, "\\1server_protocol: \"https\"")
159     line.gsub!(/^( *)server_url:.*$/, "\\1server_url: \"#{new_resource.site}\"")
160
161     line.gsub!(/^( *)#publisher_url:.*$/, "\\1publisher_url: \"https://plus.google.com/111953119785824514010\"")
162
163     line.gsub!(/^( *)support_email:.*$/, "\\1support_email: \"support@openstreetmap.org\"")
164
165     if new_resource.email_from
166       line.gsub!(/^( *)email_from:.*$/, "\\1email_from: \"#{new_resource.email_from}\"")
167     end
168
169     line.gsub!(/^( *)email_return_path:.*$/, "\\1email_return_path: \"bounces@openstreetmap.org\"")
170
171     line.gsub!(/^( *)status:.*$/, "\\1status: :#{new_resource.status}")
172
173     if new_resource.messages_domain
174       line.gsub!(/^( *)#messages_domain:.*$/, "\\1messages_domain: \"#{new_resource.messages_domain}\"")
175     end
176
177     line.gsub!(/^( *)#geonames_username:.*$/, "\\1geonames_username: \"openstreetmap\"")
178
179     line.gsub!(/^( *)#geoip_database:.*$/, "\\1geoip_database: \"/usr/share/GeoIP/GeoIPv6.dat\"")
180
181     if new_resource.gpx_dir
182       line.gsub!(/^( *)gpx_trace_dir:.*$/, "\\1gpx_trace_dir: \"#{new_resource.gpx_dir}/traces\"")
183       line.gsub!(/^( *)gpx_image_dir:.*$/, "\\1gpx_image_dir: \"#{new_resource.gpx_dir}/images\"")
184     end
185
186     if new_resource.attachments_dir
187       line.gsub!(/^( *)attachments_dir:.*$/, "\\1attachments_dir: \"#{new_resource.attachments_dir}\"")
188     end
189
190     if new_resource.log_path
191       line.gsub!(/^( *)#log_path:.*$/, "\\1log_path: \"#{new_resource.log_path}\"")
192     end
193
194     if new_resource.logstash_path
195       line.gsub!(/^( *)#logstash_path:.*$/, "\\1logstash_path: \"#{new_resource.logstash_path}\"")
196     end
197
198     if new_resource.memcache_servers
199       line.gsub!(/^( *)#memcache_servers:.*$/, "\\1memcache_servers: [ \"#{new_resource.memcache_servers.join('", "')}\" ]")
200     end
201
202     if new_resource.potlatch2_key
203       line.gsub!(/^( *)#potlatch2_key:.*$/, "\\1potlatch2_key: \"#{new_resource.potlatch2_key}\"")
204     end
205
206     if new_resource.id_key
207       line.gsub!(/^( *)#id_key:.*$/, "\\1id_key: \"#{new_resource.id_key}\"")
208     end
209
210     if new_resource.oauth_key
211       line.gsub!(/^( *)#oauth_key:.*$/, "\\1oauth_key: \"#{new_resource.oauth_key}\"")
212     end
213
214     if new_resource.nominatim_url
215       line.gsub!(/^( *)nominatim_url:.*$/, "\\1nominatim_url: \"#{new_resource.nominatim_url}\"")
216     end
217
218     if new_resource.osrm_url
219       line.gsub!(/^( *)osrm_url:.*$/, "\\1osrm_url: \"#{new_resource.osrm_url}\"")
220     end
221
222     if new_resource.google_auth_id
223       line.gsub!(/^( *)#google_auth_id:.*$/, "\\1google_auth_id: \"#{new_resource.google_auth_id}\"")
224       line.gsub!(/^( *)#google_auth_secret:.*$/, "\\1google_auth_secret: \"#{new_resource.google_auth_secret}\"")
225       line.gsub!(/^( *)#google_openid_realm:.*$/, "\\1google_openid_realm: \"#{new_resource.google_openid_realm}\"")
226     end
227
228     if new_resource.facebook_auth_id
229       line.gsub!(/^( *)#facebook_auth_id:.*$/, "\\1facebook_auth_id: \"#{new_resource.facebook_auth_id}\"")
230       line.gsub!(/^( *)#facebook_auth_secret:.*$/, "\\1facebook_auth_secret: \"#{new_resource.facebook_auth_secret}\"")
231     end
232
233     if new_resource.windowslive_auth_id
234       line.gsub!(/^( *)#windowslive_auth_id:.*$/, "\\1windowslive_auth_id: \"#{new_resource.windowslive_auth_id}\"")
235       line.gsub!(/^( *)#windowslive_auth_secret:.*$/, "\\1windowslive_auth_secret: \"#{new_resource.windowslive_auth_secret}\"")
236     end
237
238     if new_resource.github_auth_id
239       line.gsub!(/^( *)#github_auth_id:.*$/, "\\1github_auth_id: \"#{new_resource.github_auth_id}\"")
240       line.gsub!(/^( *)#github_auth_secret:.*$/, "\\1github_auth_secret: \"#{new_resource.github_auth_secret}\"")
241     end
242
243     if new_resource.wikipedia_auth_id
244       line.gsub!(/^( *)#wikipedia_auth_id:.*$/, "\\1wikipedia_auth_id: \"#{new_resource.wikipedia_auth_id}\"")
245       line.gsub!(/^( *)#wikipedia_auth_secret:.*$/, "\\1wikipedia_auth_secret: \"#{new_resource.wikipedia_auth_secret}\"")
246     end
247
248     if new_resource.mapquest_key
249       line.gsub!(/^( *)#mapquest_key:.*$/, "\\1mapquest_key: \"#{new_resource.mapquest_key}\"")
250     end
251
252     if new_resource.mapzen_valhalla_key
253       line.gsub!(/^( *)#mapzen_valhalla_key:.*$/, "\\1mapzen_valhalla_key: \"#{new_resource.mapzen_valhalla_key}\"")
254     end
255
256     if new_resource.thunderforest_key
257       line.gsub!(/^( *)#thunderforest_key:.*$/, "\\1thunderforest_key: \"#{new_resource.thunderforest_key}\"")
258     end
259
260     if new_resource.totp_key
261       line.gsub!(/^( *)#totp_key:.*$/, "\\1totp_key: \"#{new_resource.totp_key}\"")
262     end
263
264     if new_resource.csp_enforce
265       line.gsub!(/^( *)csp_enforce:.*$/, "\\1csp_enforce: \"#{new_resource.csp_enforce}\"")
266     end
267
268     if new_resource.csp_report_url
269       line.gsub!(/^( *)#csp_report_url:.*$/, "\\1csp_report_url: \"#{new_resource.csp_report_url}\"")
270     end
271
272     line.gsub!(/^( *)require_terms_seen:.*$/, "\\1require_terms_seen: true")
273     line.gsub!(/^( *)require_terms_agreed:.*$/, "\\1require_terms_agreed: true")
274
275     line
276   end
277
278   file "#{rails_directory}/config/application.yml" do
279     owner new_resource.user
280     group new_resource.group
281     mode 0o664
282     content application_yml
283     notifies :run, "execute[#{rails_directory}/public/assets]"
284   end
285
286   if new_resource.piwik_configuration
287     file "#{rails_directory}/config/piwik.yml" do
288       owner new_resource.user
289       group new_resource.group
290       mode 0o664
291       content YAML.dump(new_resource.piwik_configuration)
292       notifies :run, "execute[#{rails_directory}/public/assets]"
293     end
294   else
295     file "#{rails_directory}/config/piwik.yml" do
296       action :delete
297       notifies :run, "execute[#{rails_directory}/public/assets]"
298     end
299   end
300
301   execute "#{rails_directory}/Gemfile" do
302     action :nothing
303     command "bundle#{new_resource.ruby} install"
304     cwd rails_directory
305     user "root"
306     group "root"
307     environment "NOKOGIRI_USE_SYSTEM_LIBRARIES" => "yes"
308     subscribes :run, "gem_package[bundler#{new_resource.ruby}]"
309     notifies :restart, "passenger_application[#{rails_directory}]"
310   end
311
312   execute "#{rails_directory}/db/migrate" do
313     action :nothing
314     command "bundle#{new_resource.ruby} exec rake db:migrate"
315     cwd rails_directory
316     user new_resource.user
317     group new_resource.group
318     subscribes :run, "git[#{rails_directory}]"
319     notifies :restart, "passenger_application[#{rails_directory}]"
320     only_if { new_resource.run_migrations }
321   end
322
323   execute "#{rails_directory}/public/assets" do
324     action :nothing
325     command "bundle#{new_resource.ruby} exec rake assets:precompile"
326     environment "RAILS_ENV" => "production"
327     cwd rails_directory
328     user new_resource.user
329     group new_resource.group
330     notifies :restart, "passenger_application[#{rails_directory}]"
331   end
332
333   file "#{rails_directory}/public/export/embed.html" do
334     action :nothing
335   end
336
337   passenger_application rails_directory
338
339   template "/etc/cron.daily/rails-#{new_resource.site.tr('.', '-')}" do
340     cookbook "web"
341     source "rails.cron.erb"
342     owner "root"
343     group "root"
344     mode 0o755
345     variables :directory => rails_directory
346   end
347 end
348
349 action :restart do
350   passenger_application rails_directory do
351     action :restart
352   end
353 end
354
355 action_class do
356   include Chef::Mixin::EditFile
357
358   def rails_directory
359     new_resource.directory || "/srv/#{new_resource.site}"
360   end
361 end