]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/nominatim/recipes/default.rb
Use fail2ban to block bogus note searches
[chef.git] / cookbooks / nominatim / recipes / default.rb
index 304e6c15611b9508f3119205cdf602647b06b6b8..4b96e544d8a1b9f980ea08f2fcef45ca44b0c1d9 100644 (file)
@@ -121,6 +121,9 @@ end
 ## Nominatim backend
 
 include_recipe "git"
+include_recipe "python"
+
+python_directory = "#{basedir}/venv"
 
 package %w[
   build-essential
@@ -136,6 +139,8 @@ package %w[
   libproj-dev
   liblua5.3-dev
   libluajit-5.1-dev
+  libicu-dev
+  nlohmann-json3-dev
   lua5.3
   python3-pyosmium
   python3-psycopg2
@@ -148,6 +153,8 @@ package %w[
   python3-sqlalchemy-ext
   python3-geoalchemy2
   python3-asyncpg
+  python3-dev
+  pkg-config
   ruby
   ruby-file-tail
   ruby-pg
@@ -160,11 +167,60 @@ if node[:nominatim][:api_flavour] == "php"
     php-intl
   ]
 elsif node[:nominatim][:api_flavour] == "python"
-  package %w[
-    gunicorn
-    uvicorn
-    python3-falcon
-  ]
+
+  python_virtualenv python_directory do
+    interpreter "/usr/bin/python3"
+  end
+
+  python_package "SQLAlchemy" do
+    python_virtualenv python_directory
+    version "2.0.23"
+  end
+
+  python_package "PyICU" do
+    python_virtualenv python_directory
+    version "2.12"
+  end
+
+  python_package "psycopg[binary]" do
+    python_virtualenv python_directory
+    version "3.1.13"
+  end
+
+  python_package "psycopg2-binary" do
+    python_virtualenv python_directory
+    version "2.9.9"
+  end
+
+  python_package "python-dotenv" do
+    python_virtualenv python_directory
+    version "0.21.0"
+  end
+
+  python_package "pygments" do
+    python_virtualenv python_directory
+    version "2.17.2"
+  end
+
+  python_package "PyYAML" do
+    python_virtualenv python_directory
+    version "6.0.1"
+  end
+
+  python_package "falcon" do
+    python_virtualenv python_directory
+    version "3.1.1"
+  end
+
+  python_package "uvicorn" do
+    python_virtualenv python_directory
+    version "0.24.0.post1"
+  end
+
+  python_package "gunicorn" do
+    python_virtualenv python_directory
+    version "21.0.1"
+  end
 end
 
 source_directory = "#{basedir}/src/nominatim"
@@ -259,7 +315,9 @@ template "#{project_directory}/.env" do
             :log_file => "#{node[:nominatim][:logdir]}/query.log",
             :tokenizer => node[:nominatim][:config][:tokenizer],
             :forward_dependencies => node[:nominatim][:config][:forward_dependencies],
-            :pool_size => node[:nominatim][:api_pool_size]
+            :pool_size => node[:nominatim][:api_pool_size],
+            :query_timeout => node[:nominatim][:api_query_timeout],
+            :request_timeout => node[:nominatim][:api_request_timeout]
 end
 
 remote_file "#{project_directory}/wikimedia-importance.sql.gz" do
@@ -312,7 +370,7 @@ elsif node[:nominatim][:api_flavour] == "python"
     working_directory project_directory
     standard_output "append:#{node[:nominatim][:logdir]}/gunicorn.log"
     standard_error "inherit"
-    exec_start "/usr/bin/gunicorn -b unix:/run/gunicorn-nominatim.openstreetmap.org.sock -w #{node[:nominatim][:api_workers]} -k uvicorn.workers.UvicornWorker nominatim.server.falcon.server:run_wsgi"
+    exec_start "#{python_directory}/bin/gunicorn --max-requests 200000 -b unix:/run/gunicorn-nominatim.openstreetmap.org.sock -w #{node[:nominatim][:api_workers]} -k uvicorn.workers.UvicornWorker nominatim.server.falcon.server:run_wsgi"
     exec_reload "/bin/kill -s HUP $MAINPID"
     environment :PYTHONPATH => "/usr/local/lib/nominatim/lib-python/"
     kill_mode "mixed"