]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/nominatim/recipes/default.rb
Use fail2ban to block bogus note searches
[chef.git] / cookbooks / nominatim / recipes / default.rb
index 7a5936f32996fbe845e77f6ce184789b4376a1ae..4b96e544d8a1b9f980ea08f2fcef45ca44b0c1d9 100644 (file)
 
 include_recipe "accounts"
 include_recipe "munin"
-include_recipe "php::fpm"
 include_recipe "prometheus"
 
+if node[:nominatim][:api_flavour] == "php"
+  include_recipe "php::fpm"
+end
+
 basedir = data_bag_item("accounts", "nominatim")["home"]
 email_errors = data_bag_item("accounts", "lonvia")["email"]
 
@@ -118,6 +121,9 @@ end
 ## Nominatim backend
 
 include_recipe "git"
+include_recipe "python"
+
+python_directory = "#{basedir}/venv"
 
 package %w[
   build-essential
@@ -133,6 +139,8 @@ package %w[
   libproj-dev
   liblua5.3-dev
   libluajit-5.1-dev
+  libicu-dev
+  nlohmann-json3-dev
   lua5.3
   python3-pyosmium
   python3-psycopg2
@@ -145,14 +153,76 @@ package %w[
   python3-sqlalchemy-ext
   python3-geoalchemy2
   python3-asyncpg
-  php-pgsql
-  php-intl
+  python3-dev
+  pkg-config
   ruby
   ruby-file-tail
   ruby-pg
   ruby-webrick
 ]
 
+if node[:nominatim][:api_flavour] == "php"
+  package %w[
+    php-pgsql
+    php-intl
+  ]
+elsif node[:nominatim][:api_flavour] == "python"
+
+  python_virtualenv python_directory do
+    interpreter "/usr/bin/python3"
+  end
+
+  python_package "SQLAlchemy" do
+    python_virtualenv python_directory
+    version "2.0.23"
+  end
+
+  python_package "PyICU" do
+    python_virtualenv python_directory
+    version "2.12"
+  end
+
+  python_package "psycopg[binary]" do
+    python_virtualenv python_directory
+    version "3.1.13"
+  end
+
+  python_package "psycopg2-binary" do
+    python_virtualenv python_directory
+    version "2.9.9"
+  end
+
+  python_package "python-dotenv" do
+    python_virtualenv python_directory
+    version "0.21.0"
+  end
+
+  python_package "pygments" do
+    python_virtualenv python_directory
+    version "2.17.2"
+  end
+
+  python_package "PyYAML" do
+    python_virtualenv python_directory
+    version "6.0.1"
+  end
+
+  python_package "falcon" do
+    python_virtualenv python_directory
+    version "3.1.1"
+  end
+
+  python_package "uvicorn" do
+    python_virtualenv python_directory
+    version "0.24.0.post1"
+  end
+
+  python_package "gunicorn" do
+    python_virtualenv python_directory
+    version "21.0.1"
+  end
+end
+
 source_directory = "#{basedir}/src/nominatim"
 build_directory = "#{basedir}/src/build"
 project_directory = "#{basedir}/planet-project"
@@ -183,6 +253,17 @@ if node[:nominatim][:flatnode_file]
   end
 end
 
+remote_directory "#{project_directory}/static-website" do
+  source "website"
+  owner "nominatim"
+  group "nominatim"
+  mode "755"
+  files_owner "nominatim"
+  files_group "nominatim"
+  files_mode "644"
+  purge false
+end
+
 # Normally syncing via chef is a bad idea because syncing might involve
 # an update of database functions which should not be done while an update
 # is ongoing. Therefore we sync in between update cycles. There is an
@@ -233,7 +314,10 @@ template "#{project_directory}/.env" do
             :flatnode_file => node[:nominatim][:flatnode_file],
             :log_file => "#{node[:nominatim][:logdir]}/query.log",
             :tokenizer => node[:nominatim][:config][:tokenizer],
-            :forward_dependencies => node[:nominatim][:config][:forward_dependencies]
+            :forward_dependencies => node[:nominatim][:config][:forward_dependencies],
+            :pool_size => node[:nominatim][:api_pool_size],
+            :query_timeout => node[:nominatim][:api_query_timeout],
+            :request_timeout => node[:nominatim][:api_request_timeout]
 end
 
 remote_file "#{project_directory}/wikimedia-importance.sql.gz" do
@@ -265,16 +349,41 @@ end
   end
 end
 
-node[:nominatim][:fpm_pools].each do |name, data|
-  php_fpm name do
-    port data[:port]
-    pm data[:pm]
-    pm_max_children data[:max_children]
-    pm_start_servers 20
-    pm_min_spare_servers 10
-    pm_max_spare_servers 20
-    pm_max_requests 10000
-    prometheus_port data[:prometheus_port]
+if node[:nominatim][:api_flavour] == "php"
+  node[:nominatim][:fpm_pools].each do |name, data|
+    php_fpm name do
+      port data[:port]
+      pm data[:pm]
+      pm_max_children data[:max_children]
+      pm_start_servers 20
+      pm_min_spare_servers 10
+      pm_max_spare_servers 20
+      pm_max_requests 10000
+      prometheus_port data[:prometheus_port]
+    end
+  end
+elsif node[:nominatim][:api_flavour] == "python"
+  systemd_service "nominatim" do
+    description "Nominatim running as a gunicorn application"
+    user "www-data"
+    group "www-data"
+    working_directory project_directory
+    standard_output "append:#{node[:nominatim][:logdir]}/gunicorn.log"
+    standard_error "inherit"
+    exec_start "#{python_directory}/bin/gunicorn --max-requests 200000 -b unix:/run/gunicorn-nominatim.openstreetmap.org.sock -w #{node[:nominatim][:api_workers]} -k uvicorn.workers.UvicornWorker nominatim.server.falcon.server:run_wsgi"
+    exec_reload "/bin/kill -s HUP $MAINPID"
+    environment :PYTHONPATH => "/usr/local/lib/nominatim/lib-python/"
+    kill_mode "mixed"
+    timeout_stop_sec 5
+    private_tmp true
+    requires "nominatim.socket"
+    after "network.target"
+  end
+
+  systemd_socket "nominatim" do
+    description "Gunicorn socket for Nominatim"
+    listen_stream "/run/gunicorn-nominatim.openstreetmap.org.sock"
+    socket_user "www-data"
   end
 end