X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/9802985c84fa828a7a94ac5a7aafbd5b0f6e5a2c..8c985adf9ae56cb9bb8b950c97da6f3ad392fa61:/cookbooks/web/recipes/rails.rb diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb index 79debaa69..e021f1925 100644 --- a/cookbooks/web/recipes/rails.rb +++ b/cookbooks/web/recipes/rails.rb @@ -24,6 +24,7 @@ include_recipe "geoipupdate" include_recipe "munin" include_recipe "nodejs" include_recipe "passenger" +include_recipe "ruby" include_recipe "tools" include_recipe "web::base" @@ -46,16 +47,15 @@ template "/etc/cron.hourly/passenger" do source "passenger.cron.erb" owner "root" group "root" - mode 0o755 + mode "755" end -ruby_version = node[:passenger][:ruby_version] rails_directory = "#{node[:web][:base_directory]}/rails" -piwik = data_bag_item("web", "piwik") +matomo = data_bag_item("web", "matomo") storage = { - "aws" => { + "avatars" => { "service" => "S3", "access_key_id" => "AKIASQUXHPE7AMJQRFOS", "secret_access_key" => web_passwords["aws_key"], @@ -66,34 +66,63 @@ storage = { "acl" => "public-read", "cache_control" => "public, max-age=31536000, immutable" } + }, + "gps_traces" => { + "service" => "S3", + "access_key_id" => "AKIASQUXHPE7AMJQRFOS", + "secret_access_key" => web_passwords["aws_key"], + "region" => "eu-west-1", + "bucket" => "openstreetmap-gps-traces", + "use_dualstack_endpoint" => true, + "upload" => { + "acl" => "public-read", + "cache_control" => "public, max-age=31536000, immutable" + } + }, + "gps_images" => { + "service" => "S3", + "access_key_id" => "AKIASQUXHPE7AMJQRFOS", + "secret_access_key" => web_passwords["aws_key"], + "region" => "eu-west-1", + "bucket" => "openstreetmap-gps-images", + "use_dualstack_endpoint" => true, + "upload" => { + "acl" => "public-read", + "cache_control" => "public, max-age=31536000, immutable" + } } } +db_host = if node[:web][:status] == "database_readonly" + node[:web][:readonly_database_host] + else + node[:web][:database_host] + end + rails_port "www.openstreetmap.org" do - ruby ruby_version directory rails_directory user "rails" group "rails" repository "https://git.openstreetmap.org/public/rails.git" revision "live" - database_host node[:web][:database_host] + database_host db_host database_name "openstreetmap" database_username "rails" database_password db_passwords["rails"] email_from "OpenStreetMap " status node[:web][:status] messages_domain "messages.openstreetmap.org" - gpx_dir "/store/rails/gpx" - attachments_dir "/store/rails/attachments" log_path "#{node[:web][:log_directory]}/rails.log" logstash_path "#{node[:web][:log_directory]}/rails-logstash.log" memcache_servers node[:web][:memcached_servers] potlatch2_key web_passwords["potlatch2_key"] id_key web_passwords["id_key"] + id_application web_passwords["id_application"] oauth_key web_passwords["oauth_key"] - piwik_configuration "location" => piwik[:location], - "site" => piwik[:site], - "goals" => piwik[:goals].to_hash + oauth_application web_passwords["oauth_application"] + matomo_configuration "location" => matomo[:location], + "site" => matomo[:site], + "goals" => matomo[:goals].to_hash google_auth_id "651529786092-6c5ahcu0tpp95emiec8uibg11asmk34t.apps.googleusercontent.com" google_auth_secret web_passwords["google_auth_secret"] google_openid_realm "https://www.openstreetmap.org" @@ -111,18 +140,24 @@ rails_port "www.openstreetmap.org" do trace_use_job_queue true diary_feed_delay 12 storage_configuration storage - storage_service "aws" - storage_url "https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com" + avatar_storage "avatars" + trace_file_storage "gps_traces" + trace_image_storage "gps_images" + trace_icon_storage "gps_images" + avatar_storage_url "https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com" + trace_image_storage_url "https://openstreetmap-gps-images.s3.dualstack.eu-west-1.amazonaws.com" + overpass_url "https://query.openstreetmap.org/query-features" end systemd_service "rails-jobs@" do description "Rails job queue runner" type "simple" - environment "RAILS_ENV" => "production", "QUEUE" => "%I" + environment "RAILS_ENV" => "production", "QUEUE" => "%I", "SLEEP_DELAY" => "60" user "rails" working_directory rails_directory - exec_start "/usr/local/bin/bundle#{ruby_version} exec rake jobs:work" + exec_start "#{node[:ruby][:bundle]} exec rails jobs:work" restart "on-failure" + nice 10 private_tmp true private_devices true protect_system "full" @@ -136,17 +171,22 @@ template "/usr/local/bin/cleanup-rails-assets" do source "cleanup-assets.erb" owner "root" group "root" - mode 0o755 + mode "755" end -gem_package "apachelogregex" -gem_package "file-tail" +gem_package "apachelogregex" do + gem_binary node[:ruby][:gem] +end + +gem_package "file-tail" do + gem_binary node[:ruby][:gem] +end template "/usr/local/bin/api-statistics" do source "api-statistics.erb" owner "root" group "root" - mode 0o755 + mode "755" end systemd_service "api-statistics" do @@ -154,6 +194,7 @@ systemd_service "api-statistics" do user "rails" group "adm" exec_start "/usr/local/bin/api-statistics" + nice 10 private_tmp true private_devices true private_network true @@ -170,7 +211,9 @@ service "api-statistics" do subscribes :restart, "systemd_service[api-statistics]" end -gem_package "hpricot" +gem_package "hpricot" do + gem_binary node[:ruby][:gem] +end munin_plugin "api_calls_status" munin_plugin "api_calls_num"