# limitations under the License.
#
+node.default[:ssl][:certificates] = node[:ssl][:certificates] | [ "tile.openstreetmap" ]
+
+include_recipe "ssl"
include_recipe "squid"
+include_recipe "nginx"
-expiry_time = 14 * 86400
+tilecaches = search(:node, "roles:tilecache").sort_by { |n| n[:hostname] }
+tilerenders = search(:node, "roles:tile").sort_by { |n| n[:hostname] }
-tilecaches = search(:node, "roles:tilecache").reject { |n| Time.now - Time.at(n[:ohai_time]) > expiry_time }.sort_by { |n| n[:hostname] }.map do |n|
- { :name => n[:hostname], :interface => n.interfaces(:role => :external).first[:interface] }
+tilecaches.each do |cache|
+ cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address|
+ firewall_rule "accept-squid" do
+ action :accept
+ family "inet"
+ source "net:#{address}"
+ dest "fw"
+ proto "tcp:syn"
+ dest_ports "3128"
+ source_ports "1024:"
+ end
+ firewall_rule "accept-squid-icp" do
+ action :accept
+ family "inet"
+ source "net:#{address}"
+ dest "fw"
+ proto "udp"
+ dest_ports "3130"
+ source_ports "1024:"
+ end
+ end
end
squid_fragment "tilecache" do
template "squid.conf.erb"
- variables :caches => tilecaches
+ variables :caches => tilecaches, :renders => tilerenders
+end
+
+template "/etc/logrotate.d/squid" do
+ source "logrotate.squid.erb"
+ owner "root"
+ group "root"
+ mode 0644
+end
+
+nginx_site "default" do
+ action :delete
+end
+
+nginx_site "tile-ssl" do
+ action :create
+ source "nginx_tile_ssl.conf.erb"
end
+
projects / chef.git / blobdiff