Merge remote-tracking branch 'github/pull/513'

diff --git a/.github/workflows/test-kitchen.yml b/.github/workflows/test-kitchen.yml
index 55c525f64d21e7ddbea90e252a780eb1b46add00..5072dbe24c7bf64e427c76c34868160c7bc16d30 100644 (file)
--- a/.github/workflows/test-kitchen.yml
+++ b/.github/workflows/test-kitchen.yml
@@ -24,6 +24,7 @@ jobs:
           - blogs
           - civicrm
           - clamav
+          - community
           - db-backup
           - db-base
           - db-master
@@ -69,6 +70,7 @@ jobs:
           - osmosis
           - osqa
           - otrs
+          - overpass
           - passenger
           - php
           - php-apache

diff --git a/.kitchen.yml b/.kitchen.yml
index b652e12eae8638fd70ef90ddb714b4ace3da0274..6dc0dad227c6a323a2841716223961a127021ea5 100644 (file)
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -2,6 +2,8 @@
 driver:
   name: dokken
   chef_version: 17
+  volumes:
+    - /var/lib/docker
   env:
     - container=dokken
 
@@ -57,6 +59,9 @@ suites:
   - name: clamav
     run_list:
       - recipe[clamav::default]
+  - name: community
+    run_list:
+      - recipe[community::default]
   - name: db-backup
     run_list:
       - recipe[db::backup]
@@ -225,6 +230,9 @@ suites:
   - name: otrs
     run_list:
       - recipe[otrs::default]
+  - name: overpass
+    run_list:
+      - recipe[overpass::default]
   - name: passenger
     run_list:
       - recipe[passenger::default]

diff --git a/cookbooks/community/metadata.rb b/cookbooks/community/metadata.rb
index c0aba99348057401eeb85087e4999a56b767180c..4d159c4ad600ded182bd7a24074758c09b343cd8 100644 (file)
--- a/cookbooks/community/metadata.rb
+++ b/cookbooks/community/metadata.rb
@@ -6,7 +6,8 @@ description       "Installs and configures community site"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "accounts"
 depends           "docker"
+depends           "geoipupdate"
 depends           "git"
 depends           "ssl"
-depends           "geoipupdate"

diff --git a/cookbooks/community/recipes/default.rb b/cookbooks/community/recipes/default.rb
index 2297fa76cb52152dd57a3affdf99629a4a79913d..89743de31c0fb7a7de419922633b6bd61b2ed693 100644 (file)
--- a/cookbooks/community/recipes/default.rb
+++ b/cookbooks/community/recipes/default.rb
@@ -17,13 +17,14 @@
 # limitations under the License.
 #
 
+include_recipe "accounts"
 include_recipe "docker"
+include_recipe "geoipupdate"
 include_recipe "git"
 include_recipe "ssl"
-include_recipe "geoipupdate"
 
 passwords = data_bag_item("community", "passwords")
-license_keys = data_bag_item("geoipupdate", "license-keys")
+license_keys = data_bag_item("geoipupdate", "license-keys") unless kitchen?
 
 directory "/srv/community.openstreetmap.org" do
   owner "root"

diff --git a/cookbooks/community/templates/default/web_only.yml.erb b/cookbooks/community/templates/default/web_only.yml.erb
index 42e734e5dd8536cb71b18d4ee7f0b9e787b27cb8..92579138d4275f384bbc33bde4c6629e81f31ba9 100644 (file)
--- a/cookbooks/community/templates/default/web_only.yml.erb
+++ b/cookbooks/community/templates/default/web_only.yml.erb
@@ -65,7 +65,9 @@ env:
 
   ## The maxmind geolocation IP address key for IP address lookup
   ## see https://meta.discourse.org/t/-/137387/23 for details
+<% if @license_keys -%>
   DISCOURSE_MAXMIND_LICENSE_KEY: '<%= @license_keys[node[:geoipupdate][:account]] %>'
+<% end -%>
 
 volumes:
   - volume:

diff --git a/cookbooks/docker/recipes/default.rb b/cookbooks/docker/recipes/default.rb
index 80fd15b3f6be34ac90b8a3776f50df9d1f984b2b..1dfe9adde7be0a60964551186b867a7e1aa30735 100644 (file)
--- a/cookbooks/docker/recipes/default.rb
+++ b/cookbooks/docker/recipes/default.rb
@@ -41,5 +41,4 @@ end
 service "docker" do
   action [:enable, :start]
   subscribes :restart, "template[/etc/docker/daemon.json]"
-  not_if { kitchen? }
 end

diff --git a/cookbooks/geodns/recipes/default.rb b/cookbooks/geodns/recipes/default.rb
index 73531de012dda60105ac36f1387f5a4572c9ace8..c006ff9dcff4827a40a3322152ce19adf9589c24 100644 (file)
--- a/cookbooks/geodns/recipes/default.rb
+++ b/cookbooks/geodns/recipes/default.rb
@@ -21,6 +21,8 @@ include_recipe "geoipupdate"
 
 servers = search(:node, "roles:geodns").collect(&:name).sort
 
+servers << "dummy.example.com" if servers.empty?
+
 package %w[
   gdnsd
 ]

diff --git a/cookbooks/overpass/attributes/default.rb b/cookbooks/overpass/attributes/default.rb
index ed1d28f970e2cca930289c51520660828212f5dc..5c7cfcaaffdee732fb181a8b15c67c24086f9f17 100644 (file)
--- a/cookbooks/overpass/attributes/default.rb
+++ b/cookbooks/overpass/attributes/default.rb
@@ -1,5 +1,6 @@
 default[:overpass][:fqdn] = "overpass.openstreetmap.org"
 default[:overpass][:version] = "0.7.57"
+default[:overpass][:full_version] = "0.7.57.2"
 # One of: no, meta, attic
 default[:overpass][:meta_mode] = "attic"
 # One of: no, gz, lz4
@@ -12,3 +13,5 @@ default[:overpass][:replication_url] = "https://planet.openstreetmap.org/replica
 default[:overpass][:restricted_api] = true
 
 default[:overpass][:logdir] = "/var/log/overpass"
+
+default[:accounts][:users][:overpass][:status] = :role

diff --git a/cookbooks/overpass/recipes/default.rb b/cookbooks/overpass/recipes/default.rb
index 690a28445102e3c32ababb5731658987ca18d07d..be930135fc24ad9a3470d5118925b8b70d2e19ba 100644 (file)
--- a/cookbooks/overpass/recipes/default.rb
+++ b/cookbooks/overpass/recipes/default.rb
@@ -37,7 +37,7 @@ end
 
 ## Install overpass from source
 
-srcdir = "#{basedir}/src/osm-3s_v#{node[:overpass][:version]}"
+srcdir = "#{basedir}/src/osm-3s_v#{node[:overpass][:full_version]}"
 
 package %w[
   build-essential

diff --git a/cookbooks/subversion/files/default/hooks/post-commit b/cookbooks/subversion/files/default/hooks/post-commit
deleted file mode 100644 (file)
index a8de2af..0000000
--- a/cookbooks/subversion/files/default/hooks/post-commit
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-/usr/bin/sudo -u trac /usr/bin/trac-admin /var/lib/trac changeset added "$1" "$2"

diff --git a/cookbooks/subversion/files/default/hooks/post-revprop-change b/cookbooks/subversion/files/default/hooks/post-revprop-change
deleted file mode 100644 (file)
index 31843a0..0000000
--- a/cookbooks/subversion/files/default/hooks/post-revprop-change
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-/usr/bin/sudo -u trac /usr/bin/trac-admin /var/lib/trac changeset modified "$1" "$2"

diff --git a/cookbooks/subversion/recipes/default.rb b/cookbooks/subversion/recipes/default.rb
index f38efb7b80fafd6a0623797a4b15ea2021baf72c..9804e43e9649f1335a6ba6f2f32630ca14402eb4 100644 (file)
--- a/cookbooks/subversion/recipes/default.rb
+++ b/cookbooks/subversion/recipes/default.rb
@@ -19,36 +19,7 @@
 
 include_recipe "apache"
 
-package "subversion"
-
-repository_directory = "/var/lib/subversion/repos/openstreetmap"
-
-remote_directory "#{repository_directory}/hooks" do
-  source "hooks"
-  owner "www-data"
-  group "www-data"
-  mode "755"
-  files_owner "www-data"
-  files_group "www-data"
-  files_mode "755"
-  purge false
-end
-
-apache_module "dav" do
-  package "apache2"
-end
-
-apache_module "dav_fs" do
-  package "apache2"
-end
-
-apache_module "dav_svn" do
-  package "libapache2-mod-svn"
-end
-
-apache_module "authz_svn" do
-  package "libapache2-mod-svn"
-end
+apache_module "rewrite"
 
 ssl_certificate "svn.openstreetmap.org" do
   domains ["svn.openstreetmap.org", "svn.osm.org"]
@@ -57,13 +28,5 @@ end
 
 apache_site "svn.openstreetmap.org" do
   template "apache.erb"
-  directory repository_directory
-  variables :realm => "Subversion Repository", :password_file => "/etc/apache2/svn.passwd", :aliases => ["svn.osm.org"]
-end
-
-template "/etc/cron.daily/svn-backup" do
-  source "backup.cron.erb"
-  owner "root"
-  group "root"
-  mode "755"
+  variables :aliases => ["svn.osm.org"]
 end

diff --git a/cookbooks/subversion/templates/default/apache.erb b/cookbooks/subversion/templates/default/apache.erb
index cadae8b0892055d4cef99aeaeb41ef24e0f62623..8a729206d47493ea0587e0e5405f7b56e9047f4e 100644 (file)
--- a/cookbooks/subversion/templates/default/apache.erb
+++ b/cookbooks/subversion/templates/default/apache.erb
@@ -4,32 +4,18 @@
   ServerName <%= @name %>
   ServerAdmin webmaster@openstreetmap.org
 
-  Protocols http/1.1
-
   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
   SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
 
   CustomLog /var/log/apache2/<%= @name %>-access.log combined
-  CustomLog /var/log/apache2/<%= @name %>-svn-access.log "%h %t %u %{SVN-ACTION}e" env=SVN-ACTION
   ErrorLog /var/log/apache2/<%= @name %>-error.log
 
-  <Location />
-    DAV svn
-    SVNPath <%= @directory %>
-    SVNIndexXSLT /svnindex.xsl
-
-    LimitXMLRequestBody 0
-    LimitRequestBody 0
+  RedirectPermanent /applications/editors/josm/plugins/cadastre-fr/images/cadastre_small.png https://raw.githubusercontent.com/openstreetmap/svn-archive/main/applications/editors/josm/plugins/cadastre-fr/images/cadastre_small.png
 
-    <Limit GET PROPFIND OPTIONS REPORT>
-      Require all granted
-    </Limit>
+  RewriteEngine on
+  RewriteRule ^/?(.*) https://github.com/openstreetmap/svn-archive [QSD,L,R=permanent]
 
-    <LimitExcept GET PROPFIND OPTIONS REPORT>
-      Require all denied
-    </LimitExcept>
-  </Location>
 </VirtualHost>
 <% unless @aliases.empty? -%>
 

diff --git a/cookbooks/subversion/templates/default/backup.cron.erb b/cookbooks/subversion/templates/default/backup.cron.erb
deleted file mode 100644 (file)
index d82348d..0000000
--- a/cookbooks/subversion/templates/default/backup.cron.erb
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-# DO NOT EDIT - This file is being maintained by Chef
-
-T=$(mktemp -d -t -p /var/tmp svn.XXXXXXXXXX)
-D=$(date +%Y-%m-%d)
-B=svn-$D.tar.gz
-
-nice svnadmin hotcopy /var/lib/subversion/repos/openstreetmap $T/svn-$D > /dev/null
-
-export RSYNC_RSH="ssh -ax"
-
-nice tar --create --directory=$T svn-$D | nice gzip --rsyncable -9 > $T/$B
-nice rsync --preallocate --fuzzy $T/$B backup::backup
-
-rm -rf $T

diff --git a/cookbooks/tile/attributes/default.rb b/cookbooks/tile/attributes/default.rb
index ec7dc38a479466270b3dd2b6e99079d7825b2dbb..a44aa145550091806449ec46a47549446912f583 100644 (file)
--- a/cookbooks/tile/attributes/default.rb
+++ b/cookbooks/tile/attributes/default.rb
@@ -8,7 +8,7 @@ default[:tile][:database][:tag_transform_script] = nil
 
 default[:tile][:mapnik] = "3.1"
 
-default[:tile][:replication][:url] = "https://planet.osm.org/replication/minute/"
+default[:tile][:replication][:url] = "https://planet.openstreetmap.org/replication/minute/"
 
 default[:tile][:data] = {}
 default[:tile][:styles] = {}

diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb
index 097b98c19410244f80985e85756de9b2ab51b5df..4de4200bcdd425192f7677e6469a09edb2fea0ea 100644 (file)
--- a/cookbooks/tile/recipes/default.rb
+++ b/cookbooks/tile/recipes/default.rb
@@ -157,6 +157,7 @@ end
 package %w[
   python3-cairo
   python3-mapnik
+  python3-pyproj
   python3-setuptools
 ]
 

diff --git a/cookbooks/tile/templates/default/export.erb b/cookbooks/tile/templates/default/export.erb
index b8075a17a93e7d9b7eacd0c1fb1e17c897f12489..8fa4672b98f3f716b937576706c1c9e400c7c20e 100644 (file)
--- a/cookbooks/tile/templates/default/export.erb
+++ b/cookbooks/tile/templates/default/export.erb
@@ -7,6 +7,7 @@ import http.cookies
 import mapnik
 import os
 import pyotp
+import pyproj
 import resource
 import shutil
 import signal
@@ -108,7 +109,7 @@ elif "format" not in form:
   output_error("No format specified")
 else:
   # Create projection object
-  prj = mapnik.Projection("+proj=merc +a=6378137 +b=6378137 +lat_ts=0.0 +lon_0=0.0 +x_0=0.0 +y_0=0 +k=1.0 +units=m +nadgrids=@null +no_defs +over");
+  transformer = pyproj.Transformer.from_crs("EPSG:4326", "EPSG:3857", always_xy=True)
 
   # Get the bounds of the area to render
   bbox = [float(x) for x in form.getvalue("bbox").split(",")]
@@ -118,7 +119,8 @@ else:
     output_error("Invalid bounding box")
   else:
     # Project the bounds to the map projection
-    bbox = mapnik.forward_(mapnik.Box2d(*bbox), prj)
+    bbox = mapnik.Box2d(*transformer.transform(bbox[0], bbox[1]),
+                        *transformer.transform(bbox[2], bbox[3]))
 
     # Get the style to use
     style = form.getvalue("style", "default")

diff --git a/cookbooks/trac/files/default/trac-authenticate b/cookbooks/trac/files/default/trac-authenticate
deleted file mode 100755 (executable)
index a255637..0000000
--- a/cookbooks/trac/files/default/trac-authenticate
+++ /dev/null
@@ -1,17 +0,0 @@
-#!/usr/bin/ruby
-
-require "net/http"
-require "uri"
-
-user = gets.chop
-pass = gets.chop
-
-request = Net::HTTP::Get.new("/api/0.6/user/details")
-request.basic_auth user, pass
-
-response = Net::HTTP.start("api.openstreetmap.org", :use_ssl => true) do |http|
-  http.request(request)
-end
-
-exit!(0) if response.is_a?(Net::HTTPSuccess)
-exit!(1)

diff --git a/cookbooks/trac/templates/default/apache.erb b/cookbooks/trac/templates/default/apache.erb
index 199be20d6db99a18271e4a137221a3416575ccb1..079e260da3d575cc8a43edad7031a6dd7218ea8d 100644 (file)
--- a/cookbooks/trac/templates/default/apache.erb
+++ b/cookbooks/trac/templates/default/apache.erb
@@ -47,6 +47,5 @@
   RewriteEngine on
   RewriteMap tickets txt:/srv/trac.openstreetmap.org/tickets.map
   RewriteRule ^/ticket/(\d+)$ https://github.com/openstreetmap/trac-tickets/issues/${tickets:$1}
-
-  RedirectPermanent / https://github.com/openstreetmap/trac-tickets
+  RewriteRule ^/?(.*) https://github.com/openstreetmap/trac-tickets [QSD,L,R=permanent]
 </VirtualHost>

diff --git a/roles/dulcy.rb b/roles/dulcy.rb
index c6f34b1cbb075305bd881b365fb7fa0015e85c4c..00592b8c85055618609716484a1863c46bb2e283 100644 (file)
--- a/roles/dulcy.rb
+++ b/roles/dulcy.rb
@@ -32,13 +32,13 @@ default_attributes(
     :settings => {
       :defaults => {
         :work_mem => "240MB",
-        :fsync => "off",
+        :fsync => "on",
         :effective_io_concurrency => "500"
       }
     }
   },
   :nominatim => {
-    :state => "off",
+    :state => "standalone",
     :dbcluster => "14/main",
     :postgis => "3",
     :flatnode_file => "/ssd/nominatim/nodes.store",

diff --git a/roles/longma.rb b/roles/longma.rb
index f8ff9cd871085fde7af8f407d4c064da88c0a24e..b67537fa5e3e25467eeecbf0e8fbeb5ddb4ca179 100644 (file)
--- a/roles/longma.rb
+++ b/roles/longma.rb
@@ -36,13 +36,13 @@ default_attributes(
       :defaults => {
         :max_connections => "550",
         :work_mem => "240MB",
-        :fsync => "on",
+        :fsync => "off",
         :effective_io_concurrency => "500"
       }
     }
   },
   :nominatim => {
-    :state => "standalone",
+    :state => "off",
     :dbcluster => "14/main",
     :postgis => "3",
     :enable_qa_tiles => true,
@@ -58,5 +58,5 @@ default_attributes(
 
 run_list(
   "role[equinix-dub]",
-  "role[nominatim]"
+  "role[nominatim-v4]"
 )

diff --git a/roles/tile.rb b/roles/tile.rb
index 76ef4b49ce144614452919ba70d6874a2c41be6b..2de49372c92f6cc45384dafabd198561351ff1ad 100644 (file)
--- a/roles/tile.rb
+++ b/roles/tile.rb
@@ -92,7 +92,7 @@ default_attributes(
     :styles => {
       :default => {
         :repository => "https://github.com/gravitystorm/openstreetmap-carto.git",
-        :revision => "v5.5.0",
+        :revision => "v5.5.1",
         :max_zoom => 19
       }
     }

diff --git a/test/data_bags/accounts/community.json b/test/data_bags/accounts/community.json
new file mode 100644 (file)
index 0000000..b4b5fd3
--- /dev/null
+++ b/test/data_bags/accounts/community.json
@@ -0,0 +1,5 @@
+{
+  "id": "community",
+  "uid": "527",
+  "comment": "Community"
+}

diff --git a/test/data_bags/accounts/overpass.json b/test/data_bags/accounts/overpass.json
new file mode 100644 (file)
index 0000000..7aa7c2b
--- /dev/null
+++ b/test/data_bags/accounts/overpass.json
@@ -0,0 +1,6 @@
+{
+  "id": "overpass",
+  "uid": "528",
+  "comment": "query.openstreetmap.org",
+  "home": "/srv/query.openstreetmap.org"
+}

diff --git a/test/data_bags/community/passwords.json b/test/data_bags/community/passwords.json
new file mode 100644 (file)
index 0000000..486dded
--- /dev/null
+++ b/test/data_bags/community/passwords.json
@@ -0,0 +1,7 @@
+{
+  "id": "passwords",
+  "database": "database",
+  "oauth2_client_id": "oauth2_client_id",
+  "oauth2_secret": "oauth2_secret",
+  "mail_receiver_api_key": "mail_receiver_api_key"
+}

diff --git a/test/integration/community/serverspec/docker_spec.rb b/test/integration/community/serverspec/docker_spec.rb
new file mode 100644 (file)
index 0000000..de7c426
--- /dev/null
+++ b/test/integration/community/serverspec/docker_spec.rb
@@ -0,0 +1,13 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("docker-ce") do
+  it { should be_installed }
+end
+
+describe service("docker") do
+  it { should be_enabled }
+  it { should be_running }
+end

diff --git a/test/integration/community/serverspec/http_spec.rb b/test/integration/community/serverspec/http_spec.rb
new file mode 100644 (file)
index 0000000..3f445b0
--- /dev/null
+++ b/test/integration/community/serverspec/http_spec.rb
@@ -0,0 +1,12 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+end
+
+describe port(443) do
+  it { should be_listening.with("tcp") }
+end

diff --git a/test/integration/docker/serverspec/docker_spec.rb b/test/integration/docker/serverspec/docker_spec.rb
new file mode 100644 (file)
index 0000000..de7c426
--- /dev/null
+++ b/test/integration/docker/serverspec/docker_spec.rb
@@ -0,0 +1,13 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("docker-ce") do
+  it { should be_installed }
+end
+
+describe service("docker") do
+  it { should be_enabled }
+  it { should be_running }
+end

diff --git a/test/integration/overpass/serverspec/apache_spec.rb b/test/integration/overpass/serverspec/apache_spec.rb
new file mode 100644 (file)
index 0000000..446d3b9
--- /dev/null
+++ b/test/integration/overpass/serverspec/apache_spec.rb
@@ -0,0 +1,21 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("apache2") do
+  it { should be_installed }
+end
+
+describe service("apache2") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+end
+
+describe port(443) do
+  it { should be_listening.with("tcp") }
+end