:log_file => "#{node[:nominatim][:logdir]}/query.log"
end
+template "#{build_directory}/.env" do
+ source "nominatim.env.erb"
+ owner "nominatim"
+ group "nominatim"
+ mode "664"
+ variables :base_url => node[:nominatim][:state] == "off" ? node[:fqdn] : "nominatim.openstreetmap.org",
+ :dbname => node[:nominatim][:dbname],
+ :flatnode_file => node[:nominatim][:flatnode_file],
+ :log_file => "#{node[:nominatim][:logdir]}/query.log"
+end
+
git ui_directory do
action :sync
repository node[:nominatim][:ui_repository]
end
node[:nominatim][:fpm_pools].each do |name, data|
- php_fpm name.to_s do
+ php_fpm name do
port data[:port]
pm data[:pm]
pm_max_children data[:max_children]
pm_min_spare_servers 10
pm_max_spare_servers 20
pm_max_requests 10000
+ prometheus_port data[:prometheus_port]
end
end
action [:delete]
end
+frontends = search(:node, "recipes:web\\:\\:frontend").sort_by(&:name)
+
nginx_site "nominatim" do
template "nginx.erb"
directory build_directory
variables :pools => node[:nominatim][:fpm_pools],
- :frontends => search(:node, "recipes:web\\:\\:frontend"),
+ :frontends => frontends,
:confdir => "#{basedir}/etc",
:ui_directory => ui_directory
end
include_recipe "fail2ban"
+frontend_addresses = frontends.collect { |f| f.ipaddresses(:role => :external) }
+
fail2ban_jail "nominatim_limit_req" do
filter "nginx-limit-req"
logpath "#{node[:nominatim][:logdir]}/nominatim.openstreetmap.org-error.log"
ports [80, 443]
maxretry 5
+ ignoreips frontend_addresses.flatten.sort
end
projects / chef.git / blobdiff