#
-# Cookbook Name:: web
+# Cookbook:: web
# Resource:: rails_port
#
-# Copyright 2012, OpenStreetMap Foundation
+# Copyright:: 2012, OpenStreetMap Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
require "yaml"
resource_name :rails_port
+provides :rails_port
+
+unified_mode true
default_action :create
-property :site, String, :name_attribute => true
-property :ruby, String, :default => "2.3"
+property :site, String, :name_property => true
property :directory, String
property :user, String
property :group, String
-property :repository, String, :default => "git://git.openstreetmap.org/rails.git"
+property :repository, String, :default => "https://git.openstreetmap.org/public/rails.git"
property :revision, String, :default => "live"
-property :run_migrations, [TrueClass, FalseClass], :default => false
+property :run_migrations, [true, false], :default => false
+property :build_assets, [true, false], :default => true
property :email_from, String, :default => "OpenStreetMap <support@openstreetmap.org>"
property :status, String, :default => "online"
property :database_host, String
property :memcache_servers, Array
property :potlatch2_key, String
property :id_key, String
+property :id_application, String
property :oauth_key, String
+property :oauth_application, String
property :nominatim_url, String
-property :osrm_url, String
+property :overpass_url, String
+property :overpass_credentials, [true, false], :default => false
property :google_auth_id, String
property :google_auth_secret, String
property :google_openid_realm, String
property :facebook_auth_id, String
property :facebook_auth_secret, String
-property :windowslive_auth_id, String
-property :windowslive_auth_secret, String
+property :microsoft_auth_id, String
+property :microsoft_auth_secret, String
property :github_auth_id, String
property :github_auth_secret, String
property :wikipedia_auth_id, String
property :wikipedia_auth_secret, String
-property :mapquest_key, String
-property :mapzen_valhalla_key, String
property :thunderforest_key, String
+property :tracestrack_key, String
property :totp_key, String
+property :csp_enforce, [true, false], :default => false
property :csp_report_url, String
-property :piwik_configuration, Hash
+property :matomo_configuration, Hash
+property :storage_service, String, :default => "local"
+property :storage_url, String
+property :trace_use_job_queue, [true, false], :default => false
+property :diary_feed_delay, Integer
+property :storage_configuration, Hash, :default => {}
+property :avatar_storage, String
+property :trace_file_storage, String
+property :trace_image_storage, String
+property :trace_icon_storage, String
+property :avatar_storage_url, String
+property :trace_image_storage_url, String
+property :trace_icon_storage_url, String
+property :tile_cdn_url, String
+property :imagery_blacklist, Array
+property :signup_ip_per_day, Integer
+property :signup_ip_max_burst, Integer
+property :signup_email_per_day, Integer
+property :signup_email_max_burst, Integer
+property :doorkeeper_signing_key, String
+property :user_account_deletion_delay, Integer
action :create do
package %W[
- ruby#{new_resource.ruby}
- ruby#{new_resource.ruby}-dev
imagemagick
+ libvips42
nodejs
- geoip-database
+ tzdata
]
package %w[
g++
+ make
pkg-config
libpq-dev
libsasl2-dev
libxml2-dev
libxslt1-dev
libmemcached-dev
+ libffi-dev
+ libgd-dev
+ libarchive-dev
+ libbz2-dev
+ libyaml-dev
]
package %w[
libjpeg-turbo-progs
]
- gem_package "bundler#{new_resource.ruby}" do
- package_name "bundler"
- version "1.3.5"
- gem_binary "gem#{new_resource.ruby}"
- options "--format-executable"
- end
-
- file "/usr/lib/ruby/1.8/rack.rb" do
- action :delete
- end
-
- declare_resource :directory, "/usr/lib/ruby/1.8/rack" do
- action :delete
- recursive true
- end
-
declare_resource :directory, rails_directory do
owner new_resource.user
group new_resource.group
- mode 0o2775
+ mode "2775"
end
git rails_directory do
action :sync
repository new_resource.repository
revision new_resource.revision
+ depth 1
user new_resource.user
group new_resource.group
- notifies :run, "execute[#{rails_directory}/Gemfile]"
- notifies :run, "execute[#{rails_directory}/public/assets]"
- notifies :delete, "file[#{rails_directory}/public/export/embed.html]"
- notifies :run, "execute[#{rails_directory}]"
end
declare_resource :directory, "#{rails_directory}/tmp" do
source "database.yml.erb"
owner new_resource.user
group new_resource.group
- mode 0o664
+ mode "664"
variables :host => new_resource.database_host,
:port => new_resource.database_port,
:name => new_resource.database_name,
:username => new_resource.database_username,
:password => new_resource.database_password
- notifies :run, "execute[#{rails_directory}]"
end
application_yml = edit_file "#{rails_directory}/config/example.application.yml" do |line|
line.gsub!(/^( *)server_protocol:.*$/, "\\1server_protocol: \"https\"")
line.gsub!(/^( *)server_url:.*$/, "\\1server_url: \"#{new_resource.site}\"")
- line.gsub!(/^( *)#publisher_url:.*$/, "\\1publisher_url: \"https://plus.google.com/111953119785824514010\"")
-
line.gsub!(/^( *)support_email:.*$/, "\\1support_email: \"support@openstreetmap.org\"")
if new_resource.email_from
line.gsub!(/^( *)#geonames_username:.*$/, "\\1geonames_username: \"openstreetmap\"")
- line.gsub!(/^( *)#geoip_database:.*$/, "\\1geoip_database: \"/usr/share/GeoIP/GeoIPv6.dat\"")
+ line.gsub!(/^( *)#maxmind_database:.*$/, "\\1maxmind_database: \"#{node[:geoipupdate][:directory]}/GeoLite2-Country.mmdb\"")
if new_resource.gpx_dir
line.gsub!(/^( *)gpx_trace_dir:.*$/, "\\1gpx_trace_dir: \"#{new_resource.gpx_dir}/traces\"")
line.gsub!(/^( *)#id_key:.*$/, "\\1id_key: \"#{new_resource.id_key}\"")
end
+ if new_resource.id_application
+ line.gsub!(/^( *)#id_application:.*$/, "\\1id_application: \"#{new_resource.id_application}\"")
+ end
+
if new_resource.oauth_key
line.gsub!(/^( *)#oauth_key:.*$/, "\\1oauth_key: \"#{new_resource.oauth_key}\"")
end
+ if new_resource.oauth_application
+ line.gsub!(/^( *)#oauth_application:.*$/, "\\1oauth_application: \"#{new_resource.oauth_application}\"")
+ end
+
if new_resource.nominatim_url
line.gsub!(/^( *)nominatim_url:.*$/, "\\1nominatim_url: \"#{new_resource.nominatim_url}\"")
end
- if new_resource.osrm_url
- line.gsub!(/^( *)osrm_url:.*$/, "\\1osrm_url: \"#{new_resource.osrm_url}\"")
+ if new_resource.overpass_url
+ line.gsub!(/^( *)overpass_url:.*$/, "\\1overpass_url: \"#{new_resource.overpass_url}\"")
end
if new_resource.google_auth_id
line.gsub!(/^( *)#facebook_auth_secret:.*$/, "\\1facebook_auth_secret: \"#{new_resource.facebook_auth_secret}\"")
end
- if new_resource.windowslive_auth_id
- line.gsub!(/^( *)#windowslive_auth_id:.*$/, "\\1windowslive_auth_id: \"#{new_resource.windowslive_auth_id}\"")
- line.gsub!(/^( *)#windowslive_auth_secret:.*$/, "\\1windowslive_auth_secret: \"#{new_resource.windowslive_auth_secret}\"")
+ if new_resource.microsoft_auth_id
+ line.gsub!(/^( *)#microsoft_auth_id:.*$/, "\\1microsoft_auth_id: \"#{new_resource.microsoft_auth_id}\"")
+ line.gsub!(/^( *)#microsoft_auth_secret:.*$/, "\\1microsoft_auth_secret: \"#{new_resource.microsoft_auth_secret}\"")
end
if new_resource.github_auth_id
line.gsub!(/^( *)#wikipedia_auth_secret:.*$/, "\\1wikipedia_auth_secret: \"#{new_resource.wikipedia_auth_secret}\"")
end
- if new_resource.mapquest_key
- line.gsub!(/^( *)#mapquest_key:.*$/, "\\1mapquest_key: \"#{new_resource.mapquest_key}\"")
- end
-
- if new_resource.mapzen_valhalla_key
- line.gsub!(/^( *)#mapzen_valhalla_key:.*$/, "\\1mapzen_valhalla_key: \"#{new_resource.mapzen_valhalla_key}\"")
- end
-
if new_resource.thunderforest_key
line.gsub!(/^( *)#thunderforest_key:.*$/, "\\1thunderforest_key: \"#{new_resource.thunderforest_key}\"")
end
line.gsub!(/^( *)#totp_key:.*$/, "\\1totp_key: \"#{new_resource.totp_key}\"")
end
+ if new_resource.csp_enforce
+ line.gsub!(/^( *)csp_enforce:.*$/, "\\1csp_enforce: \"#{new_resource.csp_enforce}\"")
+ end
+
if new_resource.csp_report_url
line.gsub!(/^( *)#csp_report_url:.*$/, "\\1csp_report_url: \"#{new_resource.csp_report_url}\"")
end
line.gsub!(/^( *)require_terms_seen:.*$/, "\\1require_terms_seen: true")
line.gsub!(/^( *)require_terms_agreed:.*$/, "\\1require_terms_agreed: true")
+ line.gsub!(/^( *)trace_use_job_queue:.*$/, "\\1trace_use_job_queue: false")
line
end
- file "#{rails_directory}/config/application.yml" do
+ file "create:#{rails_directory}/config/application.yml" do
+ path "#{rails_directory}/config/application.yml"
owner new_resource.user
group new_resource.group
- mode 0o664
+ mode "664"
content application_yml
- notifies :run, "execute[#{rails_directory}/public/assets]"
+ only_if { ::File.exist?("#{rails_directory}/config/example.application.yml") }
end
- if new_resource.piwik_configuration
- file "#{rails_directory}/config/piwik.yml" do
- owner new_resource.user
- group new_resource.group
- mode 0o664
- content YAML.dump(new_resource.piwik_configuration)
- notifies :run, "execute[#{rails_directory}/public/assets]"
- end
- else
- file "#{rails_directory}/config/piwik.yml" do
- action :delete
- notifies :run, "execute[#{rails_directory}/public/assets]"
- end
+ file "delete:#{rails_directory}/config/application.yml" do
+ path "#{rails_directory}/config/application.yml"
+ action :delete
+ not_if { ::File.exist?("#{rails_directory}/config/example.application.yml") }
+ end
+
+ settings = new_resource.to_hash.transform_keys(&:to_s).slice(
+ "email_from",
+ "status",
+ "messages_domain",
+ "attachments_dir",
+ "log_path",
+ "logstash_path",
+ "potlatch2_key",
+ "id_key",
+ "id_application",
+ "oauth_key",
+ "oauth_application",
+ "nominatim_url",
+ "overpass_url",
+ "overpass_credentials",
+ "google_auth_id",
+ "google_auth_secret",
+ "google_openid_realm",
+ "facebook_auth_id",
+ "facebook_auth_secret",
+ "microsoft_auth_id",
+ "microsoft_auth_secret",
+ "github_auth_id",
+ "github_auth_secret",
+ "wikipedia_auth_id",
+ "wikipedia_auth_secret",
+ "thunderforest_key",
+ "tracestrack_key",
+ "totp_key",
+ "csp_enforce",
+ "csp_report_url",
+ "trace_use_job_queue",
+ "diary_feed_delay",
+ "storage_service",
+ "storage_url",
+ "avatar_storage",
+ "trace_file_storage",
+ "trace_image_storage",
+ "trace_icon_storage",
+ "avatar_storage_url",
+ "trace_image_storage_url",
+ "trace_icon_storage_url",
+ "tile_cdn_url",
+ "imagery_blacklist",
+ "signup_ip_per_day",
+ "signup_ip_max_burst",
+ "signup_email_per_day",
+ "signup_email_max_burst",
+ "doorkeeper_signing_key",
+ "user_account_deletion_delay"
+ ).compact.merge(
+ "server_protocol" => "https",
+ "server_url" => new_resource.site,
+ "support_email" => "support@openstreetmap.org",
+ "email_return_path" => "bounces@openstreetmap.org",
+ "geonames_username" => "openstreetmap",
+ "maxmind_database" => "#{node[:geoipupdate][:directory]}/GeoLite2-Country.mmdb",
+ "max_request_area" => node[:web][:max_request_area],
+ "max_number_of_nodes" => node[:web][:max_number_of_nodes],
+ "max_number_of_way_nodes" => node[:web][:max_number_of_way_nodes],
+ "max_number_of_relation_members" => node[:web][:max_number_of_relation_members],
+ "oauth_10_support" => false,
+ "oauth_10_registration" => false
+ )
+
+ if new_resource.memcache_servers
+ settings["memcache_servers"] = new_resource.memcache_servers.to_a
+ end
+
+ if new_resource.gpx_dir
+ settings["gpx_trace_dir"] = "#{new_resource.gpx_dir}/traces"
+ settings["gpx_image_dir"] = "#{new_resource.gpx_dir}/images"
+ end
+
+ if new_resource.matomo_configuration
+ settings["matomo"] = new_resource.matomo_configuration.to_h
end
- execute "#{rails_directory}/Gemfile" do
+ file "#{rails_directory}/config/settings.local.yml" do
+ owner new_resource.user
+ group new_resource.group
+ mode "664"
+ content YAML.dump(settings)
+ only_if { ::File.exist?("#{rails_directory}/config/settings.yml") }
+ end
+
+ storage_configuration = new_resource.storage_configuration.merge(
+ "local" => {
+ "service" => "Disk",
+ "root" => "#{rails_directory}/storage"
+ }
+ )
+
+ file "#{rails_directory}/config/storage.yml" do
+ owner new_resource.user
+ group new_resource.group
+ mode "664"
+ content YAML.dump(storage_configuration)
+ end
+
+ file "#{rails_directory}/config/piwik.yml" do
+ action :delete
+ end
+
+ bundle_install "#{rails_directory}" do
action :nothing
- command "bundle#{new_resource.ruby} install"
- cwd rails_directory
user "root"
group "root"
environment "NOKOGIRI_USE_SYSTEM_LIBRARIES" => "yes"
- subscribes :run, "gem_package[bundler#{new_resource.ruby}]"
- notifies :run, "execute[#{rails_directory}]"
+ subscribes :run, "git[#{rails_directory}]"
end
- execute "#{rails_directory}/db/migrate" do
+ bundle_exec "#{rails_directory}/db/migrate" do
action :nothing
- command "bundle#{new_resource.ruby} exec rake db:migrate"
- cwd rails_directory
+ directory rails_directory
+ command "rails db:migrate"
user new_resource.user
group new_resource.group
subscribes :run, "git[#{rails_directory}]"
- notifies :run, "execute[#{rails_directory}]"
only_if { new_resource.run_migrations }
end
- execute "#{rails_directory}/public/assets" do
+ bundle_exec "#{rails_directory}/package.json" do
action :nothing
- command "bundle#{new_resource.ruby} exec rake assets:precompile"
- environment "RAILS_ENV" => "production"
- cwd rails_directory
+ directory rails_directory
+ command "rails yarn:install"
+ environment "HOME" => rails_directory,
+ "RAILS_ENV" => "production",
+ "SECRET_KEY_BASE_DUMMY" => "1"
user new_resource.user
group new_resource.group
- notifies :run, "execute[#{rails_directory}]"
+ subscribes :run, "git[#{rails_directory}]"
+ only_if { new_resource.build_assets }
end
- file "#{rails_directory}/public/export/embed.html" do
+ bundle_exec "#{rails_directory}/app/assets/javascripts/i18n" do
action :nothing
- end
-
- execute "#{rails_directory}/lib/quad_tile/extconf.rb" do
- command "ruby extconf.rb"
- cwd "#{rails_directory}/lib/quad_tile"
+ directory rails_directory
+ command "rails i18n:js:export"
+ environment "HOME" => rails_directory,
+ "RAILS_ENV" => "production",
+ "SECRET_KEY_BASE_DUMMY" => "1"
user new_resource.user
group new_resource.group
- not_if do
- ::File.exist?("#{rails_directory}/lib/quad_tile/quad_tile_so.so") &&
- ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= ::File.mtime("#{rails_directory}/lib/quad_tile/extconf.rb") &&
- ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.c") &&
- ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.h")
- end
- notifies :run, "execute[#{rails_directory}/lib/quad_tile/Makefile]"
+ subscribes :run, "git[#{rails_directory}]"
+ only_if { new_resource.build_assets }
end
- execute "#{rails_directory}/lib/quad_tile/Makefile" do
+ bundle_exec "#{rails_directory}/public/assets" do
action :nothing
- command "make"
- cwd "#{rails_directory}/lib/quad_tile"
+ directory rails_directory
+ command "rails assets:precompile"
+ environment "HOME" => rails_directory,
+ "RAILS_ENV" => "production",
+ "SECRET_KEY_BASE_DUMMY" => "1"
user new_resource.user
group new_resource.group
- notifies :run, "execute[#{rails_directory}]"
+ subscribes :run, "git[#{rails_directory}]"
+ subscribes :run, "file[create:#{rails_directory}/config/application.yml]"
+ subscribes :run, "file[#{rails_directory}/config/settings.local.yml]"
+ subscribes :run, "file[#{rails_directory}/config/storage.yml]"
+ subscribes :run, "bundle_exec[#{rails_directory}/package.json]"
+ subscribes :run, "bundle_exec[#{rails_directory}/app/assets/javascripts/i18n]"
+ only_if { new_resource.build_assets }
+ end
+
+ file "#{rails_directory}/public/export/embed.html" do
+ action :nothing
+ subscribes :delete, "git[#{rails_directory}]"
+ subscribes :delete, "file[#{rails_directory}/config/settings.local.yml]"
end
- execute rails_directory do
+ passenger_application rails_directory do
action :nothing
- command "passenger-config restart-app --ignore-app-not-running #{rails_directory}"
- user "root"
- group "root"
+ subscribes :restart, "git[#{rails_directory}]"
+ subscribes :restart, "file[#{rails_directory}/config/database.yml]"
+ subscribes :restart, "file[create:#{rails_directory}/config/application.yml]"
+ subscribes :restart, "file[#{rails_directory}/config/settings.local.yml]"
+ subscribes :restart, "file[#{rails_directory}/config/storage.yml]"
+ subscribes :restart, "bundle_installl[#{rails_directory}]"
+ subscribes :restart, "bundle_exec[#{rails_directory}/db/migrate]"
+ subscribes :restart, "bundle_exec[#{rails_directory}/package.json]"
+ subscribes :restart, "bundle_exec[#{rails_directory}/app/assets/javascripts/i18n]"
+ subscribes :restart, "bundle_exec[#{rails_directory}/public/assets]"
only_if { ::File.exist?("/usr/bin/passenger-config") }
end
source "rails.cron.erb"
owner "root"
group "root"
- mode 0o755
+ mode "755"
variables :directory => rails_directory
end
end
action :restart do
- execute rails_directory do
- action :run
- command "passenger-config restart-app --ignore-app-not-running #{rails_directory}"
- user "root"
- group "root"
+ passenger_application rails_directory do
+ action :restart
end
end
action_class do
- include Chef::Mixin::EditFile
+ include OpenStreetMap::Mixin::EditFile
def rails_directory
new_resource.directory || "/srv/#{new_resource.site}"