]> git.openstreetmap.org Git - chef.git/blobdiff - roles/web-frontend.rb
Revert "Switch web site to readonly against karm"
[chef.git] / roles / web-frontend.rb
index 2a316491a07e6cbe1c37a54e90eb8fd3fdecae38..503ad95fa32f8b3032997c883e0e41b5d0b9c4eb 100644 (file)
@@ -4,6 +4,11 @@ description "Role applied to all web/api frontend servers"
 default_attributes(
   :apache => {
     :mpm => "event",
+    :evasive => {
+      :page_count => 100,
+      :site_count => 100,
+      :blocking_period => 30
+    },
     :event => {
       :server_limit => 20,
       :max_request_workers => 1000,
@@ -15,14 +20,19 @@ default_attributes(
   },
   :logstash => {
     :forwarder => {
-      "filebeat.prospectors" => [
-        { "input_type" => "log", "paths" => ["/var/log/apache2/access.log"], "fields" => { "type" => "apache" } },
-        { "input_type" => "log", "paths" => ["/var/log/web/rails-logstash.log"], "fields" => { "type" => "rails" } }
+      "filebeat.inputs" => [
+        { "type" => "filestream", "id" => "apache", "paths" => ["/var/log/apache2/access.log"], "fields" => { "type" => "apache" }, "fields_under_root" => true },
+        { "type" => "filestream", "id" => "rails", "paths" => ["/var/log/web/rails-logstash.log"], "fields" => { "type" => "rails" }, "fields_under_root" => true }
       ]
     }
   },
   :memcached => {
-    :memory_limit => 4096
+    :memory_limit => 8192
+  },
+  :networking => {
+    :firewall => {
+      :http_rate_limit => "s:5/sec:30"
+    }
   },
   :passenger => {
     :max_pool_size => 50
@@ -33,14 +43,13 @@ default_attributes(
       :messages => {
         :comment => "messages.openstreetmap.org",
         :domains => ["messages.openstreetmap.org"],
-        :command => "/usr/local/bin/passenger-ruby /srv/www.openstreetmap.org/rails/script/deliver-message $local_part",
+        :local_parts => ["${lookup{$local_part}lsearch*,ret=key{/etc/exim4/detaint}}"],
+        :command => "/usr/local/bin/deliver-message $local_part_data",
         :user => "rails",
         :group => "rails",
         :home_directory => "/srv/www.openstreetmap.org/rails",
         :path => "/bin:/usr/bin:/usr/local/bin",
-        :environment => {
-          "RAILS_ENV" => "production"
-        }
+        :case_sensitive => true
       }
     }
   }