Merge remote-tracking branch 'github/pull/748'

author Tom Hughes <tom@compton.nu>

Mon, 3 Mar 2025 07:03:37 +0000 (07:03 +0000)

committer Tom Hughes <tom@compton.nu>

Mon, 3 Mar 2025 07:03:37 +0000 (07:03 +0000)
author Tom Hughes <tom@compton.nu>
Mon, 3 Mar 2025 07:03:37 +0000 (07:03 +0000)
committer Tom Hughes <tom@compton.nu>
Mon, 3 Mar 2025 07:03:37 +0000 (07:03 +0000)
diff --git a/cookbooks/letsencrypt/templates/default/check-certificate.erb b/cookbooks/letsencrypt/templates/default/check-certificate.erb

index 8863e9ae8f32382b01e9fc2a956656eea35feccf..319072b6b0ae8b8903d803600ea3e64890ebaf3e 100644 (file)
--- a/cookbooks/letsencrypt/templates/default/check-certificate.erb
+++ b/cookbooks/letsencrypt/templates/default/check-certificate.erb
@@ -33,6 +33,10 @@ if ssl
      puts "Certificate #{domains.first} on #{host} expires at #{certificate.not_after}"
    end
  
+  unless certificate.public_key.is_a?(OpenSSL::PKey::EC)
+    puts "Certificate #{domains.first} on #{host} does not use ECDSA key type"
+  end
+
    digest = OpenSSL::Digest::SHA1.new
    certificate_id = OpenSSL::OCSP::CertificateId.new(certificate, issuer, digest)
    ocsp_request = OpenSSL::OCSP::Request.new.add_certid(certificate_id)
diff --git a/cookbooks/serverinfo/recipes/default.rb b/cookbooks/serverinfo/recipes/default.rb

index 6302e5a0dfd1c8c00f3f95f2fb6ca9ebb2ca3779..c455ddc120b1a0caaa1f70f5608386727b66d51f 100644 (file)
--- a/cookbooks/serverinfo/recipes/default.rb
+++ b/cookbooks/serverinfo/recipes/default.rb
@@ -55,6 +55,7 @@ file "/srv/hardware.openstreetmap.org/_data/nodes.json" do
    owner "serverinfo"
    group "serverinfo"
    notifies :run, "bundle_exec[/srv/hardware.openstreetmap.org]"
+  sensitive true
  end
  
  file "/srv/hardware.openstreetmap.org/_data/roles.json" do
diff --git a/cookbooks/vectortile/attributes/default.rb b/cookbooks/vectortile/attributes/default.rb

index 1ca1bece444b1088d2789adc2492e477b5818072..f726212138f471ef87c2e184e9cd5f3457f48db9 100644 (file)
--- a/cookbooks/vectortile/attributes/default.rb
+++ b/cookbooks/vectortile/attributes/default.rb
@@ -8,7 +8,7 @@ default[:vectortile][:replication][:enabled] = true
  default[:vectortile][:replication][:tileupdate] = true
  default[:vectortile][:replication][:threads] = node.cpu_cores
  
-default[:vectortile][:tilekiln][:version] = "0.7.0"
+default[:vectortile][:tilekiln][:version] = "0.7.1"
  
  default[:postgresql][:versions] |= [node[:vectortile][:database][:cluster].split("/").first]
  default[:postgresql][:monitor_database] = "tiles"
diff --git a/roles/dulcy.rb b/roles/dulcy.rb

index d9d8fb79f4a1636d973e4ed4cb70c521ddaa1e27..622b44653c105ccc323777254c9cd1584eb5b692 100644 (file)
--- a/roles/dulcy.rb
+++ b/roles/dulcy.rb
@@ -62,7 +62,7 @@ default_attributes(
    :nominatim => {
      :dbcluster => "17/main",
      :flatnode_file => "/srv/nominatim.openstreetmap.org/planet-project/nodes.store",
-    :enable_qa_tiles => true,
+    :enable_qa_tiles => false,
      :api_workers => 14,
      :api_pool_size => 10
    }
author	Tom Hughes <tom@compton.nu>
	Mon, 3 Mar 2025 07:03:37 +0000 (07:03 +0000)
committer	Tom Hughes <tom@compton.nu>
	Mon, 3 Mar 2025 07:03:37 +0000 (07:03 +0000)
cookbooks/letsencrypt/templates/default/check-certificate.erb		patch \| blob \| history
cookbooks/serverinfo/recipes/default.rb		patch \| blob \| history
cookbooks/vectortile/attributes/default.rb		patch \| blob \| history
roles/dulcy.rb		patch \| blob \| history