]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/nominatim/recipes/default.rb
projects / chef.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Exempt out web server from nominatim fail2ban jail
[chef.git] / cookbooks / nominatim / recipes / default.rb
diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 22947a06d94514e3ad2d7745e9b19abffc1799a5..19e48909f9f0bfb4c8f19f537222ac8a0ccbac60 100644 (file)
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -352,6 +352,10 @@ end
 
 include_recipe "fail2ban"
 
+web_servers = search(:node, "recipes:web\\:\\:frontend").collect do |n| # ~FC010
+  n.ipaddresses(:role => :external)
+end.flatten
+
 fail2ban_filter "nominatim" do
   failregex '^<HOST> - - \[\] "[^"]+" (400|429) '
 end
@@ -361,6 +365,7 @@ fail2ban_jail "nominatim" do
   logpath "/var/log/apache2/nominatim.openstreetmap.org-access.log"
   ports [80, 443]
   maxretry 100
+  ignoreips web_servers
 end
 
 munin_plugin_conf "nominatim" do
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.