]> git.openstreetmap.org Git - chef.git/blob - cookbooks/web/definitions/rails_port.rb
Exempt out web server from nominatim fail2ban jail
[chef.git] / cookbooks / web / definitions / rails_port.rb
1 #
2 # Cookbook Name:: web
3 # Definition:: rails_port
4 #
5 # Copyright 2012, OpenStreetMap Foundation
6 #
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
10 #
11 #     http://www.apache.org/licenses/LICENSE-2.0
12 #
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
18 #
19
20 require "yaml"
21
22 define :rails_port, :action => [:create, :enable] do
23   name = params[:name]
24   ruby_version = params[:ruby] || "1.9.1"
25   rails_directory = params[:directory] || "/srv/#{name}"
26   rails_user = params[:user]
27   rails_group = params[:group]
28   rails_repository = params[:repository] || "git://git.openstreetmap.org/rails.git"
29   rails_revision = params[:revision] || "live"
30   run_migrations = params[:run_migrations] || false
31   email_from = params[:email_from] || "OpenStreetMap <support@openstreetmap.org>"
32   status = params[:status] || "online"
33
34   database_params = {
35     :host => params[:database_host],
36     :port => params[:database_port],
37     :name => params[:database_name],
38     :username => params[:database_username],
39     :password => params[:database_password]
40   }
41
42   package "ruby#{ruby_version}"
43   package "ruby#{ruby_version}-dev"
44   package "rubygems#{ruby_version}" if ruby_version.to_f < 1.9
45   package "irb#{ruby_version}" if ruby_version.to_f < 1.9
46   package "imagemagick"
47   package "nodejs"
48   package "geoip-database"
49
50   package "g++"
51   package "pkg-config"
52   package "libpq-dev"
53   package "libsasl2-dev"
54   package "libxml2-dev"
55   package "libxslt1-dev"
56   package "libmemcached-dev"
57
58   gem_package "bundler#{ruby_version}" do
59     package_name "bundler"
60     version "1.3.5"
61     gem_binary "gem#{ruby_version}"
62     options "--format-executable"
63   end
64
65   file "/usr/lib/ruby/1.8/rack.rb" do
66     action :delete
67   end
68
69   directory "/usr/lib/ruby/1.8/rack" do
70     action :delete
71     recursive true
72   end
73
74   directory rails_directory do
75     owner rails_user
76     group rails_group
77     mode 0o2775
78   end
79
80   git rails_directory do
81     action :sync
82     repository rails_repository
83     revision rails_revision
84     user rails_user
85     group rails_group
86     notifies :run, "execute[#{rails_directory}/Gemfile]"
87     notifies :run, "execute[#{rails_directory}/public/assets]"
88     notifies :delete, "file[#{rails_directory}/public/export/embed.html]"
89     notifies :run, "execute[#{rails_directory}]"
90   end
91
92   directory "#{rails_directory}/tmp" do
93     owner rails_user
94     group rails_group
95   end
96
97   file "#{rails_directory}/config/environment.rb" do
98     owner rails_user
99     group rails_group
100   end
101
102   template "#{rails_directory}/config/database.yml" do
103     cookbook "web"
104     source "database.yml.erb"
105     owner rails_user
106     group rails_group
107     mode 0o664
108     variables database_params
109     notifies :run, "execute[#{rails_directory}]"
110   end
111
112   application_yml = edit_file "#{rails_directory}/config/example.application.yml" do |line|
113     line.gsub!(/^( *)server_protocol:.*$/, "\\1server_protocol: \"https\"")
114     line.gsub!(/^( *)server_url:.*$/, "\\1server_url: \"#{name}\"")
115
116     line.gsub!(/^( *)#publisher_url:.*$/, "\\1publisher_url: \"https://plus.google.com/111953119785824514010\"")
117
118     line.gsub!(/^( *)support_email:.*$/, "\\1support_email: \"support@openstreetmap.org\"")
119
120     if params[:email_from]
121       line.gsub!(/^( *)email_from:.*$/, "\\1email_from: \"#{email_from}\"")
122     end
123
124     line.gsub!(/^( *)email_return_path:.*$/, "\\1email_return_path: \"bounces@openstreetmap.org\"")
125
126     line.gsub!(/^( *)status:.*$/, "\\1status: :#{status}")
127
128     if params[:messages_domain]
129       line.gsub!(/^( *)#messages_domain:.*$/, "\\1messages_domain: \"#{params[:messages_domain]}\"")
130     end
131
132     line.gsub!(/^( *)#geonames_username:.*$/, "\\1geonames_username: \"openstreetmap\"")
133
134     line.gsub!(/^( *)#geoip_database:.*$/, "\\1geoip_database: \"/usr/share/GeoIP/GeoIPv6.dat\"")
135
136     if params[:gpx_dir]
137       line.gsub!(/^( *)gpx_trace_dir:.*$/, "\\1gpx_trace_dir: \"#{params[:gpx_dir]}/traces\"")
138       line.gsub!(/^( *)gpx_image_dir:.*$/, "\\1gpx_image_dir: \"#{params[:gpx_dir]}/images\"")
139     end
140
141     if params[:attachments_dir]
142       line.gsub!(/^( *)attachments_dir:.*$/, "\\1attachments_dir: \"#{params[:attachments_dir]}\"")
143     end
144
145     if params[:log_path]
146       line.gsub!(/^( *)#log_path:.*$/, "\\1log_path: \"#{params[:log_path]}\"")
147     end
148
149     if params[:logstash_path]
150       line.gsub!(/^( *)#logstash_path:.*$/, "\\1logstash_path: \"#{params[:logstash_path]}\"")
151     end
152
153     if params[:memcache_servers]
154       line.gsub!(/^( *)#memcache_servers:.*$/, "\\1memcache_servers: [ \"#{params[:memcache_servers].join('", "')}\" ]")
155     end
156
157     if params[:potlatch2_key]
158       line.gsub!(/^( *)#potlatch2_key:.*$/, "\\1potlatch2_key: \"#{params[:potlatch2_key]}\"")
159     end
160
161     if params[:id_key]
162       line.gsub!(/^( *)#id_key:.*$/, "\\1id_key: \"#{params[:id_key]}\"")
163     end
164
165     if params[:oauth_key]
166       line.gsub!(/^( *)#oauth_key:.*$/, "\\1oauth_key: \"#{params[:oauth_key]}\"")
167     end
168
169     if params[:nominatim_url]
170       line.gsub!(/^( *)nominatim_url:.*$/, "\\1nominatim_url: \"#{params[:nominatim_url]}\"")
171     end
172
173     if params[:osrm_url]
174       line.gsub!(/^( *)osrm_url:.*$/, "\\1osrm_url: \"#{params[:osrm_url]}\"")
175     end
176
177     if params[:google_auth_id]
178       line.gsub!(/^( *)#google_auth_id:.*$/, "\\1google_auth_id: \"#{params[:google_auth_id]}\"")
179       line.gsub!(/^( *)#google_auth_secret:.*$/, "\\1google_auth_secret: \"#{params[:google_auth_secret]}\"")
180       line.gsub!(/^( *)#google_openid_realm:.*$/, "\\1google_openid_realm: \"#{params[:google_openid_realm]}\"")
181     end
182
183     if params[:facebook_auth_id]
184       line.gsub!(/^( *)#facebook_auth_id:.*$/, "\\1facebook_auth_id: \"#{params[:facebook_auth_id]}\"")
185       line.gsub!(/^( *)#facebook_auth_secret:.*$/, "\\1facebook_auth_secret: \"#{params[:facebook_auth_secret]}\"")
186     end
187
188     if params[:windowslive_auth_id]
189       line.gsub!(/^( *)#windowslive_auth_id:.*$/, "\\1windowslive_auth_id: \"#{params[:windowslive_auth_id]}\"")
190       line.gsub!(/^( *)#windowslive_auth_secret:.*$/, "\\1windowslive_auth_secret: \"#{params[:windowslive_auth_secret]}\"")
191     end
192
193     if params[:github_auth_id]
194       line.gsub!(/^( *)#github_auth_id:.*$/, "\\1github_auth_id: \"#{params[:github_auth_id]}\"")
195       line.gsub!(/^( *)#github_auth_secret:.*$/, "\\1github_auth_secret: \"#{params[:github_auth_secret]}\"")
196     end
197
198     if params[:wikipedia_auth_id]
199       line.gsub!(/^( *)#wikipedia_auth_id:.*$/, "\\1wikipedia_auth_id: \"#{params[:wikipedia_auth_id]}\"")
200       line.gsub!(/^( *)#wikipedia_auth_secret:.*$/, "\\1wikipedia_auth_secret: \"#{params[:wikipedia_auth_secret]}\"")
201     end
202
203     if params[:mapquest_key]
204       line.gsub!(/^( *)#mapquest_key:.*$/, "\\1mapquest_key: \"#{params[:mapquest_key]}\"")
205     end
206
207     if params[:mapzen_valhalla_key]
208       line.gsub!(/^( *)#mapzen_valhalla_key:.*$/, "\\1mapzen_valhalla_key: \"#{params[:mapzen_valhalla_key]}\"")
209     end
210
211     if params[:thunderforest_key]
212       line.gsub!(/^( *)#thunderforest_key:.*$/, "\\1thunderforest_key: \"#{params[:thunderforest_key]}\"")
213     end
214
215     if params[:totp_key]
216       line.gsub!(/^( *)#totp_key:.*$/, "\\1totp_key: \"#{params[:totp_key]}\"")
217     end
218
219     line.gsub!(/^( *)require_terms_seen:.*$/, "\\1require_terms_seen: true")
220     line.gsub!(/^( *)require_terms_agreed:.*$/, "\\1require_terms_agreed: true")
221
222     line
223   end
224
225   file "#{rails_directory}/config/application.yml" do
226     owner rails_user
227     group rails_group
228     mode 0o664
229     content application_yml
230     notifies :run, "execute[#{rails_directory}/public/assets]"
231   end
232
233   if params[:piwik_configuration]
234     file "#{rails_directory}/config/piwik.yml" do
235       owner rails_user
236       group rails_group
237       mode 0o664
238       content YAML.dump(params[:piwik_configuration])
239       notifies :run, "execute[#{rails_directory}/public/assets]"
240     end
241   else
242     file "#{rails_directory}/config/piwik.yml" do
243       action :delete
244       notifies :run, "execute[#{rails_directory}/public/assets]"
245     end
246   end
247
248   execute "#{rails_directory}/Gemfile" do
249     action :nothing
250     command "bundle#{ruby_version} install"
251     cwd rails_directory
252     user "root"
253     group "root"
254     environment "NOKOGIRI_USE_SYSTEM_LIBRARIES" => "yes"
255     subscribes :run, "gem_package[bundler#{ruby_version}]"
256     notifies :run, "execute[#{rails_directory}]"
257   end
258
259   execute "#{rails_directory}/db/migrate" do
260     action :nothing
261     command "bundle#{ruby_version} exec rake db:migrate"
262     cwd rails_directory
263     user rails_user
264     group rails_group
265     subscribes :run, "git[#{rails_directory}]"
266     notifies :run, "execute[#{rails_directory}]"
267     only_if { run_migrations }
268   end
269
270   execute "#{rails_directory}/public/assets" do
271     action :nothing
272     command "bundle#{ruby_version} exec rake assets:precompile"
273     environment "RAILS_ENV" => "production"
274     cwd rails_directory
275     user rails_user
276     group rails_group
277     notifies :run, "execute[#{rails_directory}]"
278   end
279
280   file "#{rails_directory}/public/export/embed.html" do
281     action :nothing
282   end
283
284   execute "#{rails_directory}/lib/quad_tile/extconf.rb" do
285     command "ruby extconf.rb"
286     cwd "#{rails_directory}/lib/quad_tile"
287     user rails_user
288     group rails_group
289     not_if do
290       File.exist?("#{rails_directory}/lib/quad_tile/quad_tile_so.so") &&
291         File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= File.mtime("#{rails_directory}/lib/quad_tile/extconf.rb") &&
292         File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.c") &&
293         File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.h")
294     end
295     notifies :run, "execute[#{rails_directory}/lib/quad_tile/Makefile]"
296   end
297
298   execute "#{rails_directory}/lib/quad_tile/Makefile" do
299     action :nothing
300     command "make"
301     cwd "#{rails_directory}/lib/quad_tile"
302     user rails_user
303     group rails_group
304     notifies :run, "execute[#{rails_directory}]"
305   end
306
307   execute rails_directory do
308     action :nothing
309     command "passenger-config restart-app --ignore-app-not-running #{rails_directory}"
310     user "root"
311     group "root"
312     only_if { File.exist?("/usr/bin/passenger-config") }
313   end
314
315   template "/etc/cron.daily/rails-#{name.tr('.', '-')}" do
316     cookbook "web"
317     source "rails.cron.erb"
318     owner "root"
319     group "root"
320     mode 0o755
321     variables :directory => rails_directory
322   end
323 end