X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/c5c505d5746539d0b3925b5009a393a5f00cff18..dbf935c8118705a558ee56295b3e24d15b7eb651:/cookbooks/web/resources/rails_port.rb diff --git a/cookbooks/web/resources/rails_port.rb b/cookbooks/web/resources/rails_port.rb index 7eac0df88..3f5078d34 100644 --- a/cookbooks/web/resources/rails_port.rb +++ b/cookbooks/web/resources/rails_port.rb @@ -1,8 +1,8 @@ # -# Cookbook Name:: web +# Cookbook:: web # Resource:: rails_port # -# Copyright 2012, OpenStreetMap Foundation +# Copyright:: 2012, OpenStreetMap Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,17 +20,20 @@ require "yaml" resource_name :rails_port +provides :rails_port + +unified_mode true default_action :create -property :site, String, :name_attribute => true -property :ruby, String, :default => "2.3" +property :site, String, :name_property => true property :directory, String property :user, String property :group, String property :repository, String, :default => "https://git.openstreetmap.org/public/rails.git" property :revision, String, :default => "live" -property :run_migrations, [TrueClass, FalseClass], :default => false +property :run_migrations, [true, false], :default => false +property :build_assets, [true, false], :default => true property :email_from, String, :default => "OpenStreetMap " property :status, String, :default => "online" property :database_host, String @@ -47,42 +50,61 @@ property :logstash_path, String property :memcache_servers, Array property :potlatch2_key, String property :id_key, String +property :id_application, String property :oauth_key, String +property :oauth_application, String property :nominatim_url, String -property :osrm_url, String +property :overpass_url, String +property :overpass_credentials, [true, false], :default => false property :google_auth_id, String property :google_auth_secret, String property :google_openid_realm, String property :facebook_auth_id, String property :facebook_auth_secret, String -property :windowslive_auth_id, String -property :windowslive_auth_secret, String +property :microsoft_auth_id, String +property :microsoft_auth_secret, String property :github_auth_id, String property :github_auth_secret, String property :wikipedia_auth_id, String property :wikipedia_auth_secret, String property :thunderforest_key, String +property :tracestrack_key, String property :totp_key, String -property :csp_enforce, [TrueClass, FalseClass], :default => false +property :csp_enforce, [true, false], :default => false property :csp_report_url, String -property :piwik_configuration, Hash -property :trace_use_job_queue, [TrueClass, FalseClass], :default => false -property :diary_feed_delay, Integer -property :storage_configuration, Hash +property :matomo_configuration, Hash property :storage_service, String, :default => "local" property :storage_url, String +property :trace_use_job_queue, [true, false], :default => false +property :diary_feed_delay, Integer +property :storage_configuration, Hash, :default => {} +property :avatar_storage, String +property :trace_file_storage, String +property :trace_image_storage, String +property :trace_icon_storage, String +property :avatar_storage_url, String +property :trace_image_storage_url, String +property :trace_icon_storage_url, String +property :tile_cdn_url, String +property :imagery_blacklist, Array +property :signup_ip_per_day, Integer +property :signup_ip_max_burst, Integer +property :signup_email_per_day, Integer +property :signup_email_max_burst, Integer +property :doorkeeper_signing_key, String +property :user_account_deletion_delay, Integer action :create do package %W[ - ruby#{new_resource.ruby} - ruby#{new_resource.ruby}-dev imagemagick + libvips42 nodejs - geoip-database + tzdata ] package %w[ g++ + make pkg-config libpq-dev libsasl2-dev @@ -93,6 +115,7 @@ action :create do libgd-dev libarchive-dev libbz2-dev + libyaml-dev ] package %w[ @@ -106,35 +129,19 @@ action :create do libjpeg-turbo-progs ] - gem_package "bundler#{new_resource.ruby}" do - package_name "bundler" - version "1.16.2" - gem_binary "gem#{new_resource.ruby}" - options "--format-executable" - end - - gem_package "bundler#{new_resource.ruby}" do - package_name "pkg-config" - gem_binary "gem#{new_resource.ruby}" - end - declare_resource :directory, rails_directory do owner new_resource.user group new_resource.group - mode 0o2775 + mode "2775" end git rails_directory do action :sync repository new_resource.repository revision new_resource.revision + depth 1 user new_resource.user group new_resource.group - notifies :run, "execute[#{rails_directory}/Gemfile]" - notifies :run, "execute[#{rails_directory}/app/assets/javascripts/i18n]" - notifies :run, "execute[#{rails_directory}/public/assets]" - notifies :delete, "file[#{rails_directory}/public/export/embed.html]" - notifies :restart, "passenger_application[#{rails_directory}]" end declare_resource :directory, "#{rails_directory}/tmp" do @@ -152,21 +159,18 @@ action :create do source "database.yml.erb" owner new_resource.user group new_resource.group - mode 0o664 + mode "664" variables :host => new_resource.database_host, :port => new_resource.database_port, :name => new_resource.database_name, :username => new_resource.database_username, :password => new_resource.database_password - notifies :restart, "passenger_application[#{rails_directory}]" end application_yml = edit_file "#{rails_directory}/config/example.application.yml" do |line| line.gsub!(/^( *)server_protocol:.*$/, "\\1server_protocol: \"https\"") line.gsub!(/^( *)server_url:.*$/, "\\1server_url: \"#{new_resource.site}\"") - line.gsub!(/^( *)#publisher_url:.*$/, "\\1publisher_url: \"https://plus.google.com/111953119785824514010\"") - line.gsub!(/^( *)support_email:.*$/, "\\1support_email: \"support@openstreetmap.org\"") if new_resource.email_from @@ -183,7 +187,7 @@ action :create do line.gsub!(/^( *)#geonames_username:.*$/, "\\1geonames_username: \"openstreetmap\"") - line.gsub!(/^( *)#geoip_database:.*$/, "\\1geoip_database: \"/usr/share/GeoIP/GeoIPv6.dat\"") + line.gsub!(/^( *)#maxmind_database:.*$/, "\\1maxmind_database: \"#{node[:geoipupdate][:directory]}/GeoLite2-Country.mmdb\"") if new_resource.gpx_dir line.gsub!(/^( *)gpx_trace_dir:.*$/, "\\1gpx_trace_dir: \"#{new_resource.gpx_dir}/traces\"") @@ -214,16 +218,24 @@ action :create do line.gsub!(/^( *)#id_key:.*$/, "\\1id_key: \"#{new_resource.id_key}\"") end + if new_resource.id_application + line.gsub!(/^( *)#id_application:.*$/, "\\1id_application: \"#{new_resource.id_application}\"") + end + if new_resource.oauth_key line.gsub!(/^( *)#oauth_key:.*$/, "\\1oauth_key: \"#{new_resource.oauth_key}\"") end + if new_resource.oauth_application + line.gsub!(/^( *)#oauth_application:.*$/, "\\1oauth_application: \"#{new_resource.oauth_application}\"") + end + if new_resource.nominatim_url line.gsub!(/^( *)nominatim_url:.*$/, "\\1nominatim_url: \"#{new_resource.nominatim_url}\"") end - if new_resource.osrm_url - line.gsub!(/^( *)osrm_url:.*$/, "\\1osrm_url: \"#{new_resource.osrm_url}\"") + if new_resource.overpass_url + line.gsub!(/^( *)overpass_url:.*$/, "\\1overpass_url: \"#{new_resource.overpass_url}\"") end if new_resource.google_auth_id @@ -237,9 +249,9 @@ action :create do line.gsub!(/^( *)#facebook_auth_secret:.*$/, "\\1facebook_auth_secret: \"#{new_resource.facebook_auth_secret}\"") end - if new_resource.windowslive_auth_id - line.gsub!(/^( *)#windowslive_auth_id:.*$/, "\\1windowslive_auth_id: \"#{new_resource.windowslive_auth_id}\"") - line.gsub!(/^( *)#windowslive_auth_secret:.*$/, "\\1windowslive_auth_secret: \"#{new_resource.windowslive_auth_secret}\"") + if new_resource.microsoft_auth_id + line.gsub!(/^( *)#microsoft_auth_id:.*$/, "\\1microsoft_auth_id: \"#{new_resource.microsoft_auth_id}\"") + line.gsub!(/^( *)#microsoft_auth_secret:.*$/, "\\1microsoft_auth_secret: \"#{new_resource.microsoft_auth_secret}\"") end if new_resource.github_auth_id @@ -279,9 +291,8 @@ action :create do path "#{rails_directory}/config/application.yml" owner new_resource.user group new_resource.group - mode 0o664 + mode "664" content application_yml - notifies :run, "execute[#{rails_directory}/public/assets]" only_if { ::File.exist?("#{rails_directory}/config/example.application.yml") } end @@ -300,36 +311,60 @@ action :create do "logstash_path", "potlatch2_key", "id_key", + "id_application", "oauth_key", + "oauth_application", "nominatim_url", - "osrm_url", + "overpass_url", + "overpass_credentials", "google_auth_id", "google_auth_secret", "google_openid_realm", "facebook_auth_id", "facebook_auth_secret", - "windowslive_auth_id", - "windowslive_auth_secret", + "microsoft_auth_id", + "microsoft_auth_secret", "github_auth_id", "github_auth_secret", "wikipedia_auth_id", "wikipedia_auth_secret", "thunderforest_key", + "tracestrack_key", "totp_key", "csp_enforce", "csp_report_url", "trace_use_job_queue", "diary_feed_delay", "storage_service", - "storage_url" - ).reject { |_k, v| v.nil? }.merge( + "storage_url", + "avatar_storage", + "trace_file_storage", + "trace_image_storage", + "trace_icon_storage", + "avatar_storage_url", + "trace_image_storage_url", + "trace_icon_storage_url", + "tile_cdn_url", + "imagery_blacklist", + "signup_ip_per_day", + "signup_ip_max_burst", + "signup_email_per_day", + "signup_email_max_burst", + "doorkeeper_signing_key", + "user_account_deletion_delay" + ).compact.merge( "server_protocol" => "https", "server_url" => new_resource.site, - "publisher_url" => "https://plus.google.com/111953119785824514010", "support_email" => "support@openstreetmap.org", "email_return_path" => "bounces@openstreetmap.org", "geonames_username" => "openstreetmap", - "geoip_database" => "/usr/share/GeoIP/GeoIPv6.dat" + "maxmind_database" => "#{node[:geoipupdate][:directory]}/GeoLite2-Country.mmdb", + "max_request_area" => node[:web][:max_request_area], + "max_number_of_nodes" => node[:web][:max_number_of_nodes], + "max_number_of_way_nodes" => node[:web][:max_number_of_way_nodes], + "max_number_of_relation_members" => node[:web][:max_number_of_relation_members], + "oauth_10_support" => false, + "oauth_10_registration" => false ) if new_resource.memcache_servers @@ -341,93 +376,116 @@ action :create do settings["gpx_image_dir"] = "#{new_resource.gpx_dir}/images" end + if new_resource.matomo_configuration + settings["matomo"] = new_resource.matomo_configuration.to_h + end + file "#{rails_directory}/config/settings.local.yml" do owner new_resource.user group new_resource.group - mode 0o664 + mode "664" content YAML.dump(settings) - notifies :run, "execute[#{rails_directory}/public/assets]" only_if { ::File.exist?("#{rails_directory}/config/settings.yml") } end - storage_configuration = new_resource.storage_configuration || { + storage_configuration = new_resource.storage_configuration.merge( "local" => { "service" => "Disk", "root" => "#{rails_directory}/storage" } - } + ) file "#{rails_directory}/config/storage.yml" do owner new_resource.user group new_resource.group - mode 0o664 + mode "664" content YAML.dump(storage_configuration) - notifies :run, "execute[#{rails_directory}/public/assets]" end - if new_resource.piwik_configuration - file "#{rails_directory}/config/piwik.yml" do - owner new_resource.user - group new_resource.group - mode 0o664 - content YAML.dump(new_resource.piwik_configuration) - notifies :run, "execute[#{rails_directory}/public/assets]" - end - else - file "#{rails_directory}/config/piwik.yml" do - action :delete - notifies :run, "execute[#{rails_directory}/public/assets]" - end + file "#{rails_directory}/config/piwik.yml" do + action :delete end - execute "#{rails_directory}/Gemfile" do + bundle_install "#{rails_directory}" do action :nothing - command "bundle#{new_resource.ruby} install" - cwd rails_directory user "root" group "root" environment "NOKOGIRI_USE_SYSTEM_LIBRARIES" => "yes" - subscribes :run, "gem_package[bundler#{new_resource.ruby}]" - notifies :restart, "passenger_application[#{rails_directory}]" + subscribes :run, "git[#{rails_directory}]" end - execute "#{rails_directory}/db/migrate" do + bundle_exec "#{rails_directory}/db/migrate" do action :nothing - command "bundle#{new_resource.ruby} exec rake db:migrate" - cwd rails_directory + directory rails_directory + command "rails db:migrate" user new_resource.user group new_resource.group subscribes :run, "git[#{rails_directory}]" - notifies :restart, "passenger_application[#{rails_directory}]" only_if { new_resource.run_migrations } end - execute "#{rails_directory}/app/assets/javascripts/i18n" do + bundle_exec "#{rails_directory}/package.json" do action :nothing - command "bundle#{new_resource.ruby} exec rake i18n:js:export" - environment "RAILS_ENV" => "production" - cwd rails_directory + directory rails_directory + command "rails yarn:install" + environment "HOME" => rails_directory, + "RAILS_ENV" => "production", + "SECRET_KEY_BASE_DUMMY" => "1" user new_resource.user group new_resource.group - notifies :run, "execute[#{rails_directory}/public/assets]" + subscribes :run, "git[#{rails_directory}]" + only_if { new_resource.build_assets } end - execute "#{rails_directory}/public/assets" do + bundle_exec "#{rails_directory}/app/assets/javascripts/i18n" do action :nothing - command "bundle#{new_resource.ruby} exec rake assets:precompile" - environment "RAILS_ENV" => "production" - cwd rails_directory + directory rails_directory + command "rails i18n:js:export" + environment "HOME" => rails_directory, + "RAILS_ENV" => "production", + "SECRET_KEY_BASE_DUMMY" => "1" user new_resource.user group new_resource.group - notifies :restart, "passenger_application[#{rails_directory}]" + subscribes :run, "git[#{rails_directory}]" + only_if { new_resource.build_assets } + end + + bundle_exec "#{rails_directory}/public/assets" do + action :nothing + directory rails_directory + command "rails assets:precompile" + environment "HOME" => rails_directory, + "RAILS_ENV" => "production", + "SECRET_KEY_BASE_DUMMY" => "1" + user new_resource.user + group new_resource.group + subscribes :run, "git[#{rails_directory}]" + subscribes :run, "file[create:#{rails_directory}/config/application.yml]" + subscribes :run, "file[#{rails_directory}/config/settings.local.yml]" + subscribes :run, "file[#{rails_directory}/config/storage.yml]" + subscribes :run, "bundle_exec[#{rails_directory}/package.json]" + subscribes :run, "bundle_exec[#{rails_directory}/app/assets/javascripts/i18n]" + only_if { new_resource.build_assets } end file "#{rails_directory}/public/export/embed.html" do action :nothing + subscribes :delete, "git[#{rails_directory}]" + subscribes :delete, "file[#{rails_directory}/config/settings.local.yml]" end passenger_application rails_directory do action :nothing + subscribes :restart, "git[#{rails_directory}]" + subscribes :restart, "file[#{rails_directory}/config/database.yml]" + subscribes :restart, "file[create:#{rails_directory}/config/application.yml]" + subscribes :restart, "file[#{rails_directory}/config/settings.local.yml]" + subscribes :restart, "file[#{rails_directory}/config/storage.yml]" + subscribes :restart, "bundle_installl[#{rails_directory}]" + subscribes :restart, "bundle_exec[#{rails_directory}/db/migrate]" + subscribes :restart, "bundle_exec[#{rails_directory}/package.json]" + subscribes :restart, "bundle_exec[#{rails_directory}/app/assets/javascripts/i18n]" + subscribes :restart, "bundle_exec[#{rails_directory}/public/assets]" only_if { ::File.exist?("/usr/bin/passenger-config") } end @@ -436,7 +494,7 @@ action :create do source "rails.cron.erb" owner "root" group "root" - mode 0o755 + mode "755" variables :directory => rails_directory end end @@ -448,7 +506,7 @@ action :restart do end action_class do - include Chef::Mixin::EditFile + include OpenStreetMap::Mixin::EditFile def rails_directory new_resource.directory || "/srv/#{new_resource.site}"