Merge remote-tracking branch 'github/pull/621'

diff --git a/.github/workflows/test-kitchen.yml b/.github/workflows/test-kitchen.yml
index 1e0f4432284ffe3a26e1a100908a0f99cf11cd07..95cbdc8781fee8595f5443d8840e962371778290 100644 (file)
--- a/.github/workflows/test-kitchen.yml
+++ b/.github/workflows/test-kitchen.yml
@@ -84,6 +84,7 @@ jobs:
           - php-apache
           - php-fpm
           - planet
+          - planet-aws
           - planet-current
           - planet-dump
           - planet-notes

diff --git a/.kitchen.yml b/.kitchen.yml
index 3d96745332732d93d53b5721b5e32115160cb581..5795b9c7fda8b38273c0f331c1302b603e94d5e9 100644 (file)
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -298,6 +298,9 @@ suites:
   - name: planet
     run_list:
       - recipe[planet::default]
+  - name: planet-aws
+    run_list:
+      - recipe[planet::aws]
   - name: planet-current
     run_list:
       - recipe[planet::current]

diff --git a/cookbooks/dhcpd/templates/default/dhcpd.conf.erb b/cookbooks/dhcpd/templates/default/dhcpd.conf.erb
index 79f6f029d279757e3732c19c496f132550a82888..79eca18e69e02d5ff0a13f7b57fde57ea17278fd 100644 (file)
--- a/cookbooks/dhcpd/templates/default/dhcpd.conf.erb
+++ b/cookbooks/dhcpd/templates/default/dhcpd.conf.erb
@@ -32,7 +32,7 @@ subnet <%= address.network %> netmask <%= address.netmask %> {
   } elsif option arch = 00:07 {
     filename "netboot.xyz.efi";
   } else {
-    filename "netboot.xyz-undionly.kpxe";
+    filename "netboot.xyz.kpxe";
   }
 }
 <% end -%>

diff --git a/cookbooks/planet/metadata.rb b/cookbooks/planet/metadata.rb
index ef41a06c6ab0f6c87a058b01e0f0ae3ca96cadb8..9d968cc78bbce868a9c0f0762c718e3745c16edd 100644 (file)
--- a/cookbooks/planet/metadata.rb
+++ b/cookbooks/planet/metadata.rb
@@ -9,9 +9,9 @@ supports          "ubuntu"
 depends           "accounts"
 depends           "apache"
 depends           "apt"
+depends           "awscli"
 depends           "git"
 depends           "munin"
 depends           "ruby"
 depends           "osmosis"
 depends           "systemd"
-depends           "awscli"

diff --git a/cookbooks/planet/recipes/aws.rb b/cookbooks/planet/recipes/aws.rb
new file mode 100644 (file)
index 0000000..cd44446
--- /dev/null
+++ b/cookbooks/planet/recipes/aws.rb
@@ -0,0 +1,44 @@
+#
+# Cookbook:: planet
+# Recipe:: aws
+#
+# Copyright:: 2023, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "accounts"
+include_recipe "awscli"
+
+aws_credentials = data_bag_item("planet", "aws")
+
+directory "/home/planet/.aws" do
+  owner "planet"
+  group "planet"
+  mode "0755"
+end
+
+template "/home/planet/.aws/config" do
+  source "aws-config.erb"
+  owner "planet"
+  group "planet"
+  mode "0644"
+end
+
+template "/home/planet/.aws/credentials" do
+  source "aws-credentials.erb"
+  owner "planet"
+  group "planet"
+  mode "0600"
+  variables :credentials => aws_credentials
+end

diff --git a/cookbooks/planet/recipes/default.rb b/cookbooks/planet/recipes/default.rb
index f7e090ac2e6e1dc129def9c63d59feb31d9857bb..412ec7cdb2e6a35ab0b1282578edf3415d041e60 100644 (file)
--- a/cookbooks/planet/recipes/default.rb
+++ b/cookbooks/planet/recipes/default.rb
@@ -19,8 +19,8 @@
 
 include_recipe "accounts"
 include_recipe "apache"
+include_recipe "planet::aws"
 include_recipe "munin"
-include_recipe "awscli"
 
 package %w[
   perl

diff --git a/cookbooks/planet/recipes/dump.rb b/cookbooks/planet/recipes/dump.rb
index 854c0a7c6c174b0bbc1b62df8b9a779f4035ae41..6cc509c62c5bdb979d5fb8e5a9ab421dfc0d43f6 100644 (file)
--- a/cookbooks/planet/recipes/dump.rb
+++ b/cookbooks/planet/recipes/dump.rb
@@ -17,6 +17,7 @@
 # limitations under the License.
 #
 
+include_recipe "accounts"
 include_recipe "git"
 
 package %w[

diff --git a/cookbooks/planet/recipes/notes.rb b/cookbooks/planet/recipes/notes.rb
index 91c03df4b0185eb0b5d1c8ba8606989dd6a55d43..1ca5f323bc09b92fe87b866a1e380d614ca04cfe 100644 (file)
--- a/cookbooks/planet/recipes/notes.rb
+++ b/cookbooks/planet/recipes/notes.rb
@@ -17,8 +17,9 @@
 # limitations under the License.
 #
 
+include_recipe "accounts"
 include_recipe "git"
-include_recipe "awscli"
+include_recipe "planet::aws"
 
 db_passwords = data_bag_item("db", "passwords")
 

diff --git a/cookbooks/planet/recipes/replication.rb b/cookbooks/planet/recipes/replication.rb
index 364e0b814cca2efd53577244f6f665fac1349512..d5a8485d7efade32f704036b92df4c2b72146278 100644 (file)
--- a/cookbooks/planet/recipes/replication.rb
+++ b/cookbooks/planet/recipes/replication.rb
@@ -22,9 +22,9 @@ require "yaml"
 include_recipe "accounts"
 include_recipe "apt"
 include_recipe "osmosis"
+include_recipe "planet::aws"
 include_recipe "ruby"
 include_recipe "tools"
-include_recipe "awscli"
 
 db_passwords = data_bag_item("db", "passwords")
 

diff --git a/cookbooks/planet/templates/default/aws-config.erb b/cookbooks/planet/templates/default/aws-config.erb
new file mode 100644 (file)
index 0000000..d62dcda
--- /dev/null
+++ b/cookbooks/planet/templates/default/aws-config.erb
@@ -0,0 +1,8 @@
+[profile osm-pds]
+region = eu-central-1
+
+[profile osm-pds-upload]
+region = eu-central-1
+s3 =
+    max_bandwidth = 75MB/s
+    max_concurrent_requests = 512

diff --git a/cookbooks/planet/templates/default/aws-credentials.erb b/cookbooks/planet/templates/default/aws-credentials.erb
new file mode 100644 (file)
index 0000000..40ec32c
--- /dev/null
+++ b/cookbooks/planet/templates/default/aws-credentials.erb
@@ -0,0 +1,7 @@
+[osm-pds]
+aws_access_key_id = AKIAZFVRMSDZE2DANIFS
+aws_secret_access_key = <%= @credentials["osm-pds"] %>
+
+[osm-pds-upload]
+role_arn=arn:aws:iam::630658470130:role/osm-pds-upload-role
+source_profile=osm-pds

diff --git a/cookbooks/tilelog/attributes/default.rb b/cookbooks/tilelog/attributes/default.rb
index 9af062fb5cd9afb3399640b7da10402d57c54344..34901632951e93b1a871f4371b7c6b30fa06d9f5 100644 (file)
--- a/cookbooks/tilelog/attributes/default.rb
+++ b/cookbooks/tilelog/attributes/default.rb
@@ -1 +1,3 @@
+default[:accounts][:users][:planet][:status] = :role
+
 default[:tilelog][:output_directory] = "/store/planet/tile_logs"

diff --git a/cookbooks/tilelog/metadata.rb b/cookbooks/tilelog/metadata.rb
index d5dd55bcff9cce08b69b1acc8cbda2c70bc0cfb1..0dba182a6d9b64bf6585f87324a74e87985e58eb 100644 (file)
--- a/cookbooks/tilelog/metadata.rb
+++ b/cookbooks/tilelog/metadata.rb
@@ -6,5 +6,6 @@ description      "Installs and configures tile log analysis"
 
 version          "1.0.0"
 supports         "ubuntu"
+depends          "accounts"
 depends          "python"
 depends          "systemd"

diff --git a/cookbooks/tilelog/recipes/default.rb b/cookbooks/tilelog/recipes/default.rb
index 823e1a3f605e1ece32636f6be362c8b47d7c48c6..2722c4f32f61b6efe762c517a0e1e70a7845cf27 100644 (file)
--- a/cookbooks/tilelog/recipes/default.rb
+++ b/cookbooks/tilelog/recipes/default.rb
@@ -17,6 +17,7 @@
 # limitations under the License.
 #
 
+include_recipe "accounts"
 include_recipe "python"
 
 passwords = data_bag_item("tilelog", "passwords")

diff --git a/test/data_bags/planet/aws.json b/test/data_bags/planet/aws.json
new file mode 100644 (file)
index 0000000..787bf1c
--- /dev/null
+++ b/test/data_bags/planet/aws.json
@@ -0,0 +1,4 @@
+{
+  "id": "aws",
+  "osm-pds": "osm-pds"
+}