# Setup a pager
PAGER="less"; export PAGER
-LESS="aceiMs"; export LESS
+LESS="aceiMRs"; export LESS
# Use vi for editing
EDITOR=/usr/bin/vi; export EDITOR
]
%w[event itk prefork worker].each do |mpm|
- if mpm == node[:apache][:mpm]
- apache_module "mpm_#{mpm}" do
- action [:enable]
- end
- else
- apache_module "mpm_#{mpm}" do
- action [:disable]
- end
+ next if mpm == node[:apache][:mpm]
+
+ apache_module "mpm_#{mpm}" do
+ action [:disable]
end
end
+apache_module "mpm_#{node[:apache][:mpm]}" do
+ action [:enable]
+end
+
+if node[:lsb][:release].to_f >= 18.04
+ apache_module "http2"
+end
+
admins = data_bag_item("apache", "admins")
apache_conf "httpd" do
# DO NOT EDIT - This file is being maintained by Chef
+<% if node[:lsb][:release].to_f >= 18.04 -%>
+# Enable HTTP/2 over TLS
+Protocols h2 http/1.1
+
+<% end -%>
# Set the number of seconds before receives and sends time out
Timeout <%= node[:apache][:timeout] %>
package %w[
apt
apt-transport-https
- gnupg-curl
update-notifier-common
]
+if node[:lsb][:release].to_f < 18.04
+ package "gnupg-curl"
+end
+
file "/etc/motd.tail" do
action :delete
end
# DO NOT EDIT - This file is being maintained by Chef
+<% if node[:lsb][:release].to_f >= 16.04 -%>
+deb <%= @url %> xenial/current non-free
+<% else -%>
deb <%= @url %> trusty/current non-free
+<% end -%>
$TTL 604800
@ IN SOA <%= node[:fdqn] %>. root.openstreetmap.org. (
- 2012100902 ; Serial
- 604800 ; Refresh
- 86400 ; Retry
- 2419200 ; Expire
- 604800 ) ; Negative Cache TTL
+ 2018062401 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
@ IN NS <%= node[:fdqn] %>.
7.0.0 IN PTR faffy.ucl.openstreetmap.org.
8.0.0 IN PTR zark.ucl.openstreetmap.org.
9.0.0 IN PTR eustace.ucl.openstreetmap.org.
+10.0.0 IN PTR eddie.ucl.openstreetmap.org.
11.0.0 IN PTR draco.ucl.openstreetmap.org.
12.0.0 IN PTR sarel.ucl.openstreetmap.org.
+13.0.0 IN PTR noquiklos.ucl.openstreetmap.org.
14.0.0 IN PTR errol.ucl.openstreetmap.org.
15.0.0 IN PTR yevaud.ucl.openstreetmap.org.
+17.0.0 IN PTR clifford.ucl.openstreetmap.org.
+19.0.0 IN PTR grindtooth.ucl.openstreetmap.org.
+20.0.0 IN PTR pummelzacken.ucl.openstreetmap.org.
+40.0.0 IN PTR tiamat-00.ucl.openstreetmap.org.
+41.0.0 IN PTR tiamat-01.ucl.openstreetmap.org.
+42.0.0 IN PTR tiamat-02.ucl.openstreetmap.org.
+43.0.0 IN PTR tiamat-03.ucl.openstreetmap.org.
+44.0.0 IN PTR tiamat-10.ucl.openstreetmap.org.
+45.0.0 IN PTR tiamat-11.ucl.openstreetmap.org.
+46.0.0 IN PTR tiamat-12.ucl.openstreetmap.org.
+47.0.0 IN PTR tiamat-13.ucl.openstreetmap.org.
+48.0.0 IN PTR tiamat-20.ucl.openstreetmap.org.
+49.0.0 IN PTR tiamat-21.ucl.openstreetmap.org.
+50.0.0 IN PTR tiamat-22.ucl.openstreetmap.org.
+51.0.0 IN PTR tiamat-23.ucl.openstreetmap.org.
-49.0.0 IN PTR apc1.ucl.openstreetmap.org.
-50.0.0 IN PTR apc2.ucl.openstreetmap.org.
-51.0.0 IN PTR apc3.ucl.openstreetmap.org.
-
+3.1.0 IN PTR ridley.oob.openstreetmap.org.
5.1.0 IN PTR norbert.oob.openstreetmap.org.
6.1.0 IN PTR urmel.oob.openstreetmap.org.
-7.1.0 IN PTR faffy.oob.openstreetmap.org.
-8.1.0 IN PTR soup.oob.openstreetmap.org.
+8.1.0 IN PTR zark.oob.openstreetmap.org.
9.1.0 IN PTR eustace.oob.openstreetmap.org.
+10.1.0 IN PTR eddie.oob.openstreetmap.org.
11.1.0 IN PTR draco.oob.openstreetmap.org.
12.1.0 IN PTR sarel.oob.openstreetmap.org.
+13.1.0 IN PTR noquiklos.oob.openstreetmap.org.
14.1.0 IN PTR errol.oob.openstreetmap.org.
15.1.0 IN PTR yevaud.oob.openstreetmap.org.
+17.1.0 IN PTR clifford.oob.openstreetmap.org.
+19.1.0 IN PTR grindtooth.oob.openstreetmap.org.
+20.1.0 IN PTR pummelzacken.oob.openstreetmap.org.
+40.1.0 IN PTR tiamat-00.oob.openstreetmap.org.
+41.1.0 IN PTR tiamat-01.oob.openstreetmap.org.
+42.1.0 IN PTR tiamat-02.oob.openstreetmap.org.
+43.1.0 IN PTR tiamat-03.oob.openstreetmap.org.
+44.1.0 IN PTR tiamat-10.oob.openstreetmap.org.
+45.1.0 IN PTR tiamat-11.oob.openstreetmap.org.
+46.1.0 IN PTR tiamat-12.oob.openstreetmap.org.
+47.1.0 IN PTR tiamat-13.oob.openstreetmap.org.
+48.1.0 IN PTR tiamat-20.oob.openstreetmap.org.
+49.1.0 IN PTR tiamat-21.oob.openstreetmap.org.
+50.1.0 IN PTR tiamat-22.oob.openstreetmap.org.
+51.1.0 IN PTR tiamat-23.oob.openstreetmap.org.
+
+2.16.0 IN PTR orm.bm.openstreetmap.org.
+3.16.0 IN PTR shenron.bm.openstreetmap.org.
+
+20.32.0 IN PTR grisu.bm.openstreetmap.org.
+21.32.0 IN PTR spike-04.bm.openstreetmap.org.
+22.32.0 IN PTR spike-05.bm.openstreetmap.org.
+40.32.0 IN PTR katla.bm.openstreetmap.org.
+41.32.0 IN PTR thorn-04.bm.openstreetmap.org.
+42.32.0 IN PTR thorn-05.bm.openstreetmap.org.
-251.0.0 IN PTR shenron.internal.openstreetmap.org.
-252.0.0 IN PTR konqi.internal.openstreetmap.org.
+20.33.0 IN PTR grisu.oob.openstreetmap.org.
+21.33.0 IN PTR spike-04.oob.openstreetmap.org.
+22.33.0 IN PTR spike-05.oob.openstreetmap.org.
+40.33.0 IN PTR katla.oob.openstreetmap.org.
+41.33.0 IN PTR thorn-04.oob.openstreetmap.org.
+42.33.0 IN PTR thorn-05.oob.openstreetmap.org.
wordpress_plugin "blog.openstreetmap.org-sitepress-multilingual-cms" do
plugin "sitepress-multilingual-cms"
site "blog.openstreetmap.org"
- repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git"
+ repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
end
wordpress_plugin "blog.openstreetmap.org-wordpress-importer" do
default[:apt][:sources] = node[:apt][:sources] | ["opscode"]
# Set the default server version
-default[:chef][:server][:version] = "12.13.0-1"
+default[:chef][:server][:version] = "12.17.33"
# Set the default client version
-default[:chef][:client][:version] = "13.8.5"
+default[:chef][:client][:version] = "13.9.4"
mode 0o2775
end
-git "/var/lib/chef" do
- action :checkout
- repository node[:chef][:repository]
- revision "master"
- user "chefrepo"
- group "chefrepo"
-end
+%w[public private].each do |repository|
+ repository_directory = node[:chef][:"#{repository}_repository"]
-directory "/var/lib/chef/.chef" do
- owner "chefrepo"
- group "chefrepo"
- mode 0o2775
-end
+ git "/var/lib/chef/#{repository}" do
+ action :checkout
+ repository repository_directory
+ revision "master"
+ user "chefrepo"
+ group "chefrepo"
+ end
-file "/var/lib/chef/.chef/client.pem" do
- content keys["git"].join("\n")
- owner "chefrepo"
- group "chefrepo"
- mode 0o660
-end
+ directory "/var/lib/chef/#{repository}/.chef" do
+ owner "chefrepo"
+ group "chefrepo"
+ mode 0o2775
+ end
-cookbook_file "/var/lib/chef/.chef/knife.rb" do
- source "knife.rb"
- owner "chefrepo"
- group "chefrepo"
- mode 0o660
-end
+ file "/var/lib/chef/#{repository}/.chef/client.pem" do
+ content keys["git"].join("\n")
+ owner "chefrepo"
+ group "chefrepo"
+ mode 0o660
+ end
-template "#{node[:chef][:repository]}/hooks/post-receive" do
- source "post-receive.erb"
- owner "chefrepo"
- group "chefrepo"
- mode 0o750
-end
+ cookbook_file "/var/lib/chef/#{repository}/.chef/knife.rb" do
+ source "knife.rb"
+ owner "chefrepo"
+ group "chefrepo"
+ mode 0o660
+ end
-template "/etc/cron.daily/chef-repository-backup" do
- source "repository-backup.cron.erb"
- owner "root"
- group "root"
- mode 0o755
+ template "#{repository_directory}/hooks/post-receive" do
+ source "post-receive.erb"
+ owner "chefrepo"
+ group "chefrepo"
+ mode 0o750
+ variables :repository => repository
+ end
end
include_recipe "apache"
-# chef_package = "chef-server-core_#{node[:chef][:server][:version]}_amd64.deb"
+# chef_version = node[:chef][:server][:version]
+# chef_package = "chef-server-core_#{chef_version}-1_amd64.deb"
#
# directory "/var/cache/chef" do
# owner "root"
# end
#
# remote_file "/var/cache/chef/#{chef_package}" do
-# source "https://web-dl.packagecloud.io/chef/stable/packages/ubuntu/#{node[:lsb][:codename]}/#{chef_package}"
+# source "https://packages.chef.io/files/stable/chef-server/#{chef_version}/ubuntu/16.04/#{chef_package}"
# owner "root"
# group "root"
# mode 0644
#
# dpkg_package "chef-server-core" do
# source "/var/cache/chef/#{chef_package}"
-# version node[:chef][:server][:version]
+# version "#{chef_version}-1"
# notifies :run, "execute[chef-server-reconfigure]"
# end
SSLCertificateFile /etc/ssl/certs/chef.openstreetmap.org.pem
SSLCertificateKeyFile /etc/ssl/private/chef.openstreetmap.org.key
+ ProxyPassMatch ^/.*\.git/ !
ProxyPass / https://<%= node[:fqdn] %>:4443/
ProxyPreserveHost on
</VirtualHost>
do
if [[ "$refname" = "refs/heads/master" ]]
then
- cd /var/lib/chef
+ cd /var/lib/chef/<%= @repository %>
rm -f cookbooks/*/metadata.json(N)
+++ /dev/null
-#!/bin/sh
-
-T=$(mktemp -d -t -p /var/tmp chef-repository.XXXXXXXXXX)
-D=$(date +%Y-%m-%d)
-B=chef-repository-$D.tar.gz
-
-ln -s /var/lib/git/chef.git $T/chef-repository-$D
-
-export GZIP="--rsyncable -9"
-
-nice tar --create --gzip --dereference --directory=$T --file=$T/$B chef-repository-$D
-nice rsync --preallocate --fuzzy $T/$B backup::backup
-
-rm -rf $T
-default[:civicrm][:version] = "4.7.31"
+default[:civicrm][:version] = "5.2.1"
default[:civicrm][:extensions][:cividiscount][:name] = "org.civicrm.module.cividiscount"
default[:civicrm][:extensions][:cividiscount][:repository] = "git://github.com/dlobo/org.civicrm.module.cividiscount.git"
wordpress_plugin "sitepress-multilingual-cms" do
site "join.osmfoundation.org"
- repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git"
+ repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
end
wordpress_plugin "contact-form-7" do
directory "/srv/www.openstreetmap.org/rails"
user "rails"
group "rails"
- repository "git://git.openstreetmap.org/rails.git"
+ repository "https://git.openstreetmap.org/public/rails.git"
revision "live"
database_host "localhost"
database_name "openstreetmap"
only_if { node[:postgresql][:clusters][node[:db][:cluster]] && node[:postgresql][:clusters][node[:db][:cluster]][:version] >= 9.0 }
end
-template "/etc/cron.daily/rails-db" do
- source "cron.erb"
- owner "root"
- group "root"
- mode 0o755
+file "/etc/cron.daily/rails-db" do
+ action :delete
end
+++ /dev/null
-#!/bin/sh
-
-# Cleanup archive directory - keep 2 weeks of WALs
-find -L /store/postgresql/archive -mtime +14 -print0 | xargs -0r rm
}
<% end -%>
-host apc1.<%= @domain %> {
- hardware ethernet 00:c0:b7:77:f3:d8;
- server-name "apc1.<%= @domain %>";
- fixed-address apc1.<%= @domain %>;
-}
-
-host apc2.<%= @domain %> {
- hardware ethernet 00:c0:b7:52:b7:d2;
- server-name "apc2.<%= @domain %>";
- fixed-address apc2.<%= @domain %>;
-}
-
-host apc3.<%= @domain %> {
- hardware ethernet 00:c0:b7:52:b9:1e;
- server-name "apc3.<%= @domain %>";
- fixed-address apc3.<%= @domain %>;
-}
-
host ascalon.oob.openstreetmap.org {
hardware ethernet 00:19:bb:39:3c:64;
server-name "ascalon.oob.openstreetmap.org";
if [ ! -d .git ]
then
- git clone /var/lib/git/dns.git /var/lib/dns
+ git clone /var/lib/git/public/dns.git /var/lib/dns
fi
git pull -q
php-gd
]
-apache_module "php7.0"
+apache_module "php7.2"
apache_module "headers"
php-apcu
]
-apache_module "php7.0"
+apache_module "php7.2"
apache_module "rewrite"
ssl_certificate "forum.openstreetmap.org" do
default[:git][:directory] = "/var/lib/git"
-default[:git][:user] = "git"
-default[:git][:group] = "git"
+default[:git][:public_user] = "git"
+default[:git][:public_group] = "git"
+default[:git][:private_user] = "git"
+default[:git][:private_group] = "git"
long_description IO.read(File.join(File.dirname(__FILE__), "README.md"))
version "1.0.0"
supports "ubuntu"
-depends "networking"
-depends "xinetd"
depends "apache"
+depends "networking"
# limitations under the License.
#
-package "git-core"
+package "git"
#
include_recipe "networking"
-include_recipe "xinetd"
git_directory = node[:git][:directory]
directory git_directory do
- owner node[:git][:user]
- group node[:git][:group]
+ owner "root"
+ group "root"
+ mode 0o775
+end
+
+directory "#{git_directory}/public" do
+ owner node[:git][:public_user]
+ group node[:git][:public_group]
mode 0o2775
end
-if node[:git][:allowed_nodes]
- search(:node, node[:git][:allowed_nodes]).sort_by { |n| n[:fqdn] }.each do |n|
- n.interfaces(:role => :external).each do |interface|
- firewall_rule "accept-git" do
- action :accept
- family interface[:family]
- source "#{interface[:zone]}:#{interface[:address]}"
- dest "fw"
- proto "tcp:syn"
- dest_ports "git"
- source_ports "1024:"
- end
- end
- end
-else
- firewall_rule "accept-git" do
- action :accept
- source "net"
- dest "fw"
- proto "tcp:syn"
- dest_ports "git"
- source_ports "1024:"
- end
+directory "#{git_directory}/private" do
+ owner node[:git][:private_user]
+ group node[:git][:private_group]
+ mode 0o2775
end
-Dir.new(git_directory).select { |name| name =~ /\.git$/ }.each do |repository|
- template "#{git_directory}/#{repository}/hooks/post-update" do
+Dir.glob("#{git_directory}/*/*.git").each do |repository|
+ template "#{repository}/hooks/post-update" do
source "post-update.erb"
owner "root"
group node[:git][:group]
mode 0o755
end
-
- next unless node[:recipes].include?("trac") && repository != "dns.git" && repository != "chef.git"
-
- template "#{git_directory}/#{repository}/hooks/post-receive" do
- source "post-receive.erb"
- owner "root"
- group node[:git][:group]
- mode 0o755
- variables :repository => "#{git_directory}/#{repository}"
- end
end
template "/etc/cron.daily/git-backup" do
group "root"
mode 0o755
end
-
-template "/etc/xinetd.d/git" do
- source "xinetd.erb"
- owner "root"
- group "root"
- mode 0o644
- notifies :reload, "service[xinetd]"
-end
apache_module "rewrite"
-git_directory = node[:git][:directory]
+git_site = node[:git][:host]
template "/etc/gitweb.conf" do
source "gitweb.conf.erb"
mode 0o644
end
-ssl_certificate node[:git][:host] do
- domains [node[:git][:host]] + Array(node[:git][:aliases])
- notifies :reload, "service[apache2]"
-end
-
-apache_site node[:git][:host] do
- template "apache.erb"
- directory git_directory
- variables :aliases => Array(node[:git][:aliases])
+directory "/srv/#{git_site}" do
+ owner "root"
+ group "root"
+ mode 0o755
end
-template "#{git_directory}/robots.txt" do
+template "/srv/#{git_site}/robots.txt" do
source "robots.txt.erb"
owner "root"
group "root"
mode 0o644
end
+
+ssl_certificate git_site do
+ domains [git_site] + Array(node[:git][:aliases])
+ notifies :reload, "service[apache2]"
+end
+
+private_allowed = search(:node, node[:git][:private_nodes]).collect do |n|
+ n.ipaddresses(:role => :external)
+end.flatten
+
+apache_site git_site do
+ template "apache.erb"
+ directory "/srv/#{git_site}"
+ variables :aliases => Array(node[:git][:aliases]),
+ :private_allowed => private_allowed
+end
CustomLog /var/log/apache2/<%= @name %>-access.log combined
ErrorLog /var/log/apache2/<%= @name %>-error.log
- DocumentRoot <%= @directory %>
- HeaderName HEADER
+ SetEnv GIT_PROJECT_ROOT /var/lib/git
+ SetEnv GIT_HTTP_EXPORT_ALL
+
+ ScriptAlias /public /usr/lib/git-core/git-http-backend/public
+ ScriptAlias /private /usr/lib/git-core/git-http-backend/private
Alias /gitweb /usr/share/gitweb
Alias /git /var/cache/git
- ScriptAlias /gitweb.cgi /usr/lib/cgi-bin/gitweb.cgi
+ ScriptAlias / /usr/lib/cgi-bin/gitweb.cgi/
+
+ <Location />
+ Require all granted
+ </Location>
+
+ <Location /private>
+ Require ip <%= @private_allowed.sort.join(" ") %>
+ </Location>
- RewriteEngine On
- RewriteRule ^/$ /gitweb.cgi%{REQUEST_URI} [L,PT]
- RewriteRule ^/(.*\.git/(?!/?(HEAD|info|objects|refs)).*)?$ /gitweb.cgi%{REQUEST_URI} [L,PT]
+ <Location /private/chef.git>
+ Require all denied
+ </Location>
</VirtualHost>
-<Directory <%= @directory %>>
- Require all granted
+<Directory /usr/lib/git-core>
+ Options ExecCGI
</Directory>
T=$(mktemp -d -t -p /var/tmp git.XXXXXXXXXX)
D=$(date +%Y-%m-%d)
-B=<%= node[:git][:backup] %>-$D.tar.gz
+B=git-$D.tar.gz
ln -s /var/lib/git $T/git-$D
# DO NOT EDIT - This file is being maintained by Chef
# path to git projects (<project>.git)
-$projectroot = "<%= node[:git][:directory] %>";
+$projectroot = "<%= node[:git][:directory] %>/public";
# directory to use for temp files
$git_temp = "/tmp";
$feature{'pathinfo'}{'default'} = [1];
# define roots for cloning
-@git_base_url_list = qw(git://<%= node[:git][:host] %>);
+@git_base_url_list = qw(https://<%= node[:git][:host] %>/public);
+++ /dev/null
-#!/bin/zsh
-
-# DO NOT EDIT - This file is being maintained by Chef
-
-while read oldrev newrev refname
-do
- if [[ "$refname" = "refs/heads/master" ]]
- then
- for rev in $(git rev-list ${oldrev}..${newrev})
- do
- sudo -u trac /usr/bin/trac-admin /var/lib/trac changeset added "<%= @repository %>" "${rev}"
- done
- fi
-done
+++ /dev/null
-# DO NOT EDIT - This file is being maintained by Chef
-
-service git
-{
- disable = no
- socket_type = stream
- wait = no
- user = nobody
- server = /usr/lib/git-core/git-daemon
- server_args = --base-path=<%= node[:git][:directory] %> --export-all --syslog --inetd --verbose
- log_on_failure += USERID
- flags = ipv6
-}
default[:hardware][:grub][:cmdline] = %w[nomodeset]
default[:hardware][:sensors] = {}
-default[:hardware][:mcelog][:enabled] = true
+default[:hardware][:mcelog][:enabled] = node[:lsb][:release].to_f < 18.04
if node[:dmi] && node[:dmi][:system]
case node[:dmi][:system][:manufacturer]
git "/opt/areca" do
action :sync
- repository "git://chef.openstreetmap.org/areca.git"
+ repository "https://git.openstreetmap.org/private/areca.git"
user "root"
group "root"
end
if !intel_ssds.empty? || !intel_nvmes.empty?
package "unzip"
- remote_file "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_3.0.7_Linux.zip" do
- source "https://downloadmirror.intel.com/27144/eng/Intel_SSD_Data_Center_Tool_3.0.7_Linux.zip"
+ remote_file "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_3.0.13_Linux.zip" do
+ source "https://downloadmirror.intel.com/27863/eng/Intel_SSD_Data_Center_Tool_3.0.13_Linux.zip"
end
- execute "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_3.0.7_Linux.zip" do
- command "unzip Intel_SSD_Data_Center_Tool_3.0.7_Linux.zip isdct_3.0.7.401-17_amd64.deb"
+ execute "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_3.0.13_Linux.zip" do
+ command "unzip Intel_SSD_Data_Center_Tool_3.0.13_Linux.zip isdct_3.0.13.400-17_amd64.deb"
cwd Chef::Config[:file_cache_path]
user "root"
group "root"
- not_if { File.exist?("#{Chef::Config[:file_cache_path]}/isdct_3.0.7.401-17_amd64.deb") }
+ not_if { File.exist?("#{Chef::Config[:file_cache_path]}/isdct_3.0.13.400-17_amd64.deb") }
end
dpkg_package "isdct" do
- version "3.0.7.401-17"
- source "#{Chef::Config[:file_cache_path]}/isdct_3.0.7.401-17_amd64.deb"
+ version "3.0.13.400-17"
+ source "#{Chef::Config[:file_cache_path]}/isdct_3.0.13.400-17_amd64.deb"
end
end
<% else -%>
env.smartargs -H
<% end -%>
+env.ignoreexit 4
MAILTO=admins@openstreetmap.org
-00 */12 * * * letsencrypt /srv/acme.openstreetmap.org/bin/renew
-30 */12 * * * letsencrypt /srv/acme.openstreetmap.org/bin/check-certificates
+00 */12 * * * /usr/bin/certbot /srv/acme.openstreetmap.org/bin/renew
+30 */12 * * * /usr/bin/certbot /srv/acme.openstreetmap.org/bin/check-certificates
subscribes :restart, "template[/etc/mediawiki/parsoid/config.yaml]"
end
-apache_module "php7.0"
+php_version = if node[:lsb][:release].to_f >= 18.04
+ "7.2"
+ else
+ "7.0"
+ end
-link "/etc/php/7.0/apache2/conf.d/20-wikidiff2.ini" do
+apache_module "php#{php_version}"
+
+link "/etc/php/#{php_version}/apache2/conf.d/20-wikidiff2.ini" do
to "../../mods-available/wikidiff2.ini"
end
--- /dev/null
+#!/usr/bin/perl -w
+# -*- perl -*-
+
+=head1 NAME
+
+squid_icp - Plugin to graph traffic to the ICP peers
+
+=head1 CONFIGURATION
+
+The following configuration variables are used by this plugin:
+
+ [squid_icp]
+ env.squidhost - host (default "localhost")
+ env.squidport - port (default "3128")
+ env.squiduser - username (default "")
+ env.squidpasswd - password (default "")
+
+=head1 ABOUT
+
+When using squid as a "load balancer" (of sorts), who gets the
+request?
+
+=head1 AUTHORS
+
+Copyright (C) 2004 Jimmy Olsen
+
+=head1 LICENSE
+
+Gnu GPLv2
+
+=begin comment
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 dated June, 1991.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+=end comment
+
+=head1 MAGIC MARKERS
+
+ #%# family=manual
+ #%# capabilities=autoconf
+
+=cut
+
+my $ret = undef;
+
+if (! eval "require IO::Socket;")
+{
+ $ret = "IO::Socket not found";
+}
+if (! eval "require MIME::Base64;")
+{
+ $ret = "MIME::Base64 not found";
+}
+if (! eval "require Net::hostent;")
+{
+ $ret = "Net::hostent not found";
+}
+
+$squid_host = $ENV{squidhost} || "localhost";
+$squid_port = $ENV{squidport} || 3128;
+$user = $ENV{squiduser} || "";
+$passwd = $ENV{squidpasswd} || "";
+
+if($ARGV[0] and $ARGV[0] eq "autoconf") {
+ &autoconf($squid_host, $squid_port, $user, $passwd);
+}
+
+sub autoconf {
+ my ($host, $port, $user, $passwd) = @_;
+
+ if ($ret)
+ {
+ print "no ($ret)\n";
+ exit 0;
+ }
+
+ my $cachemgr = IO::Socket::INET->new(PeerAddr => $host,
+ PeerPort => $port,
+ Proto => 'tcp',
+ Timeout => 5);
+
+ if (!$cachemgr)
+ {
+ print "no (could not connect: $!)\n";
+ exit 0;
+ }
+
+ my $request = "GET cache_object://$host/counters HTTP/1.0\r\n" .
+ "Accept: */*\r\n" .
+ &make_auth_header($user, $passwd) .
+ "\r\n";
+
+ $cachemgr->syswrite($request, length($request));
+ my @lines = $cachemgr->getlines();
+
+ print "yes\n";
+ exit 0;
+}
+
+sub make_auth_header {
+ my ($user, $passwd) = @_;
+
+ if(!defined $passwd || $passwd eq "") {
+ return "";
+ } else {
+ my $auth = MIME::Base64::encode_base64(($user ? $user : "") . ":$passwd", "");
+ return "Authorization: Basic $auth\r\n" .
+ "Proxy-Authorization: Basic $auth\r\n";
+ }
+}
+
+
+sub query_squid {
+ my ($host, $port, $user, $passwd) = @_;
+ my $ret;
+
+ my $cachemgr = IO::Socket::INET->new(PeerAddr => $host,
+ PeerPort => $port,
+ Proto => 'tcp') or die($!);
+
+
+
+ my $request = "GET cache_object://$host/server_list HTTP/1.0\r\n" .
+ "Accept: */*\r\n" .
+ &make_auth_header($user, $passwd) .
+ "\r\n";
+
+ $cachemgr->syswrite($request, length($request));
+ my @lines = $cachemgr->getlines();
+ my $id = "";
+ for(my $i = 0; $i <= $#lines; $i++) {
+ chomp $lines[$i];
+ if($lines[$i] =~ /Host[^:]+:\s*(\S+)\/\d+\/\d+\s*$/) {
+ my $host = $1;
+ $id = $host;
+ $id =~ s/\./_/g;
+
+ unless(exists($ret->{$id})) {
+ $ret->{$id}->{host} = $host;
+ $ret->{$id}->{fetches} = 0;
+ }
+ }
+ elsif($lines[$i] =~ /FETCHES\s*:\s*(\d+)/) {
+ $ret->{$id}->{fetches} += $1;
+ }
+ }
+ return $ret;
+}
+
+my $hosts = &query_squid($squid_host, $squid_port, $user, $passwd);
+
+if($ARGV[0] and $ARGV[0] eq "config") {
+ my $first = 1;
+ print "graph_title Squid relay statistics\n";
+ print "graph_vlabel requests / \${graph_period}\n";
+ print "graph_args -l 0 --base 1000\n";
+ print "graph_total total\n";
+ print "graph_category squid\n";
+ foreach my $i (sort keys %{$hosts}) {
+ print "$i.label ", $hosts->{$i}->{host}, "\n";
+ print "$i.type DERIVE\n";
+ print "$i.max 500000\n";
+ print "$i.min 0\n";
+ if ($first) {
+ print "$i.draw AREA\n";
+ $first = 0;
+ } else {
+ print "$i.draw STACK\n";
+ }
+ }
+ exit 0;
+}
+
+foreach my $i (keys %{$hosts}) {
+ print "$i.value ", $hosts->{$i}->{fetches}, "\n";
+}
+
+# vim:syntax=perl
default[:nominatim][:dbname] = "nominatim"
default[:nominatim][:tablespaces] = []
default[:nominatim][:logdir] = "/var/log/nominatim"
-default[:nominatim][:repository] = "git://git.openstreetmap.org/nominatim.git"
+default[:nominatim][:repository] = "https://git.openstreetmap.org/public/nominatim.git"
default[:nominatim][:revision] = "master"
default[:nominatim][:enable_backup] = false
default[:nominatim][:enable_git_updates] = true
# Vaccum all tables with indices on integer arrays.
# Agressive vacuuming seems to help against index bloat.
psql -q -d <%= @db %> -c 'VACUUM ANALYSE search_name'
-psql -q -d <%= @db %> -c 'VACUUM ANALYSE search_name_country'
for i in `seq 0 250`; do
psql -q -d <%= @db %> -c "VACUUM ANALYSE search_name_${i}"
group "root"
end
-file "/etc/timezone" do
+link "/etc/localtime" do
+ to "/usr/share/zoneinfo/#{node[:tz]}"
owner "root"
group "root"
- mode 0o644
- content "#{node[:tz]}\n"
notifies :run, "execute[dpkg-reconfigure-tzdata]", :immediately
end
end
keys = {
- "rsa" => node[:keys][:ssh][:host_rsa_public], # ~FC039
- "dsa" => node[:keys][:ssh][:host_dsa_public] # ~FC039
+ "ssh-rsa" => node[:keys][:ssh][:host_rsa_public], # ~FC039
+ "ssh-dss" => node[:keys][:ssh][:host_dsa_public] # ~FC039
}
if node[:keys][:ssh][:host_ecdsa_public] # ~FC039
keys[ecdsa_type] = node[:keys][:ssh][:host_ecdsa_public] # ~FC039
end
+ if node[:keys][:ssh][:host_ed25519_public] # ~FC039
+ keys["ssh-ed25519"] = node[:keys][:ssh][:host_ed25519_public] # ~FC039
+ end
+
Hash[
:names => names.sort,
:addresses => node.ipaddresses.sort,
<%= host[:names].join(",") -%>,<%= host[:addresses].join(",") -%> <%= type %> <%= host[:keys][type] %>
<% end -%>
<% end -%>
-apc1,apc1.ucl.openstreetmap.org,10.0.0.49 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYDLYD52vwCagyebWxujdLw5/jnJ4Nln8g+pXFylT6OJU2R6t+U7mndZUKj1ClCt4AkS77/lEncs8Ie9YM3zzZlN0zsMEmhXzT62wO+0WJkr+hGSlTkMp1iL+dqC9Bk+U=
-apc2,apc2.ucl.openstreetmap.org,10.0.0.50 ssh-rsa AAAAB3NzaC1yc2EAAAACAQEAAAEBANYmUWIbP1bVQEcyeIoKZOvW/cyzmWytUA0u/057WGCMB70UKJrgmhRoArtxm3O4sFYS5b5xzhpcJ6YyYPjs3GMa67lkUBv/mOZEOIM20VeP7biRQf5DLrrSF5cS4A3p+ft7TyFPAuIgywxHQwpnRi7ZtBIPNj6MbRukUYivWrBVQML23O2hfWbwyLWQCTpedycgb1OFYbKC86r73PwW6ZP3Kzv0CDinDL2heEBT/hdeUkeXJCbop6tU3A4bA/obMTmKxsVoT2vEhto3v/bXFAFDQyYidBrOo+CBa3Nbbl+0wAZLBbrjkbQC7gz6TtU70ceLHo/cl8zmIQlHKa8c/Ec=
-apc3,apc3.ucl.openstreetmap.org,10.0.0.51 ssh-rsa AAAAB3NzaC1yc2EAAAACAQEAAAEBAM7kqwZuiMNnTQgI2/CpBwNna2vHC2W5kT0AVRFdd41f+Bet+NbXaHpa+/l1eGaMThtuEpXI8TuyyMP/Wna6xhaSBqcTyinbmc+1rqsSxqXTdNKFX+GSKJay/7jQpe/ZA94MAX/l+jHo50g9bjw5GhSv2sG5VeeabYM+eiTDwjSEwoqpsHYtRSbCCwNgM5hK0lTunPZ+wq31vY8tPbnYTZdi8ENxccXI1+wLPEIGg74FoWxy98lKTc8FIa/JaT37hDOwOC0uzDi1koXp5sCzCVAhRDNzHSSKkiIXx8rXp7/2ZPrKo2j++W/rl0b0xe1UO+/KWxhCC2YsCaDIgBXsG7E=
#albi.oob,albi.oob.openstreetmap.org,10.0.1.2 ssh-rsa
#albi.oob,albi.oob.openstreetmap.org,10.0.1.2 ssh-dss
ridley.oob,ridley.oob.openstreetmap.org,10.0.1.3 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC6FtSZo3FZfOyWVdiUX1CSlWLIiB2iCWmtsfiqQ32i+AbNxiOfqBckp9CQazdaAmMp638TnLpCwSfJk9oJNui/J6yY5jq1RKb5U9YVGkhXvFmHH2dG/QpD9z786jWZ8RFdTwtdpHVfJzfm3vFDOORJcJwnvGr+Fe+fnY43aPzTZQ==
eustace.oob,eustace.oob.openstreetmap.org,10.0.1.9 ssh-dss AAAAB3NzaC1kc3MAAACBAM9dCBACQykp7BM/HqbIdTPNSFaC0AAjA95WZP4AfHos+wkUt+zdNeKfO2xgnAj6WyBJFUvSOgcmAiKqCJk6+B1Zl2k+CyQIW9RnQbwBLH3M3AduqXMWB/EfD9SWt6HwyU/dumaiv/HqapGR/ly/84F+sIiNTXVSTZvtweUNuYFPAAAAFQCBQ4QjFUny6+XAL2ucyU9W8ya7rQAAAIAXSQrRSubw9Tli0PbBfWllf5AkR/ybB/rd6UQUUeMTVg5SHLVjc/HwyBYQbeRnSW+bpztauW1bx4cfpGQsqmEPHmJVfxuc36u5MyeYQn1HPLfXDGYILFcjT5aUwRoKqGCuOaCV2YIqBtgtS8nR9ihPJKQfbmtQ4gcAnKMSbMFnvQAAAIEAt4kLYCscN/DkSIxiCNjHVYTYxepsfP2IsZAYi3Cxs8GHWu3kdyP8AvT47t6pI6KxEFhFPozNCtU9w+0kxgCBApb0bALI/DcebNZYCYyk/S939KfLpRCBion53JdCXbFhPgWiYzI40IUQPwWo/cyXREB3Qw/AOLwp8vlKuq8RDtU=
#puff.oob,puff.oob.openstreetmap.org,10.0.1.10 ssh-rsa
#puff.oob,puff.oob.openstreetmap.org,10.0.1.10 ssh-dss
+draco.oob,draco.oob.openstreetmap.org,10.0.1.11 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCl+ue/d4rW+xBja+8Gicp/LDFzURo7fgP3IOnOXM8QMmHaPzfUbWDlKNRGaCaK+xHUUI/6/AfKwikY2pmPSZ8vC/Ss641RELqvAAbfrOUN8M0akeJPs35T04ek6aWIA2d0AYXlWRLojKd/N7KoZOFvp8udkYSH5yNh4BsArNQHhw==
sarel.oob,sarel.oob.openstreetmap.org,10.0.1.12 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCepzpzx1NqbX1uo10ePzF5lUnaHXtzxcgFR7LvXOuZrip+bSOY/4jBqCasZG3kofMcUL6TFh7Q2MrkZ+9Xj7B9AeNwzlZnohAjLNIdJJjHHyjJ5EHiJHnpVeElP+/W6NfLE2S4xq7JF+eOdeznb6X6JdkXnKhaJv5KQcz6JVp50Q==
sarel.oob,sarel.oob.openstreetmap.org,10.0.1.12 ssh-dss AAAAB3NzaC1kc3MAAACBAKPIabHx0CCmG3tl36baYTalPout92RMZkX0RhfiRDOHXc+Mk5bAA/r8ep9BiMNbhB+qstay0yqpwemJLC0+0LxhQAyl4MDEDpHMLAlXmQO4HhEVyKB9hutfyFDMYNI4D1NwzBRO4yPRjhoai0NaEo5jBjI9SiIWMhPBDO2lLyGtAAAAFQCrlNl/cRw43H1BVzO3lhMG8+eTYwAAAIBbTcKalbfzeoWLOPuLSxL7AE57WqyqMB9/gdac6+c3YaO/g/WIsJRO2g5Im1/cCIvOH4nVF0wlQONh9CGZZKzSKdaIJIJ9y0A7kzRxLxEfGz5ZslH+xusdWeU4hx39yVzBinM2+qLiDpc6zgowd6klUiMR2Qv2bXo27gLSAHxLIAAAAIAC1gES35Xj85N+1VGR5rQbRf99ft6Cz5Ml4nq1c936z9OCzYTbCaWG0yrHsuKyC7kHO2drsDLb6kER9H/dx+ryULWIsNOv8JQtLaxr+TRnb8SDNE6pObruCkTpSgKJx9/fng1qAsuYTvZCkEu3vkS/ug+BfrE/1peIzVxTUz/DWA==
errol.oob,errol.oob.openstreetmap.org,10.0.1.14 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1riMj4gWqiovniYhlFNUxMm/AGmV/C2GjcMP+NcJ1ZyP4OdytGeGfhUm5GwVwraimkFQQlfEDcUWY7OX4EG115E8i15cUt6s6Ya2E6AXydigvBbrdp8MNnPOWBifVN3/5Cgi8nrAebmPs88ZZx2KM/Df5qIB2rHYpuHYyl+MpqE=
errol.oob,errol.oob.openstreetmap.org,10.0.1.14 ssh-dss AAAAB3NzaC1kc3MAAACBAKcnhyMz3C4sku0e1/nFailjoPcMwLazXq4H/kUsdlt+f2By73F5KdUWffxoeRNL0UVT7+VCKG6IXmXGkKVfvpTipFjkP1N+b7I4SuJcQ/EUNPTCGAfC3l691K8jUBD6WSlQUqZtKGnpDS1zI/ZIYiNqrQnWu2RTYnP3QvY7JigDAAAAFQDI6aaH6mWx7vTVS9m3tyXQ4GQ08wAAAIAQjAM+q8Hfp1h45UjTeD2jIA74asQl0M+4q+4EcnNPnKXRbEBIg4rCWkHdd06uhayXZ91KzCDcj1b2LSb2zOE4U1MDEpdVnz22PuEl/f6/epKmLOqHoOGu9/9Lud6OoZQSveEPYmcpEEpt1RCN9ZvkVtFdLwtQ8+CSSGXg8yfCxgAAAIEAjQztmG1LN/e7pNRY0MtV148rJY3mR2knJegg0yBOEWHUGtKY91lgboWie1YTGR3RiXckJFFYkOGWAxqEVM//+rW0hatCxEp/mWEt/GWKPpV52fc4BUhJbi9hb8sg+dAvfoHwUL3CzHzqapaRNxxbfest8dfvascAjRDFP7yxU9w=
yevaud.oob,yevaud.oob.openstreetmap.org,10.0.1.15 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuWeUQd5ssUd5VFyTMXgC+U6c7s63mtuEj+cL6x8EU8PqNS12RGwLpeAI5VL8UzM0YLyPjPh/yzdQN2tl9ufK7KZF0apvoSZgp/uwyG+CgdFSf66nTrZN4NA/QP1ikH3kbqcM87LfNjCrMXnqMBJ/OCqz2z+An8t0KGDXS8haxlU=
yevaud.oob,yevaud.oob.openstreetmap.org,10.0.1.15 ssh-dss AAAAB3NzaC1kc3MAAACBAL6RC7IMuQEtD4JIRmBJEownC0a7ZEvfCTw20PV5MjWb6twZlGBK3IA/0yV0oJ+75W6VWizn3cWSBS3y1zD8KktF4fh4+FVyin9WTyFuwME8cYmRPV+kuOa1lF1sLJxqvZJRjKMjweLeNTKnl1mb03049SL2YoGwMOTdVgVBjEyFAAAAFQC7rQIvnfLYbQdX87DwlzfMDALOoQAAAIEAmAu2kK8atEOR1Sc6maxYKSf68MYMHoTpm2MW9q2x5ls982kfEUMJ3h641cbRgOAuCmQU3gHnt73sl5LY3K3oLijIhSQm8+l+GkrXVhdwx7ScLXf+8TJZRWiP6Q98VWM4E3L4wmiJksLbTlxdoew3lv8gGhbpk0XuSyLWIBZIKJAAAACATogkqFXhPFzOMRJAR6G8J4bOqg9Ae2cGtf4aMZ9xdm/Hm7YLSu3kn5IhawwU+DL494VF+ky69T01iY3e4m/kQhYB4emlqsRHzVscblVH+GL6sVEkct0HMzfqzEFcfYWqqMdig9EwTzHwJzkAb4WqZdGnWG3Ln88x3liyDZTpGco=
+clifford.oob,clifford.oob.openstreetmap.org,10.0.1.17 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCsCrNQ+QQg2UUGhBpgjlLAF4gI48VDGmcF9prulYDxduyGJIrqhOjQtKLjNksMr8TEblmJsI4JzPf1lY1rVL3Q/aZWJD5X4Q0DgEtNzfinI9JAy77JASj1osBPU2RfWSvK9C2TnEoXHxuyGKMw9iuuPLppNMjZ103PYprQeAXi1w==
katla.oob,katla.oob.openstreetmap.org,10.0.33.40 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwCIJ+bSxbMsr6wurBXYkeqoznHnJT4zrN7nHtajgs5CJLIiWO+Eq/Lp+egz6Irxwk3v+kbfKW9RUum5fOMfkWFwaQxP41Cz5RbMmu5Jsm4MQKr4PPVxbLbPk75OeVgo+nfkzBupsBuYGMp/GCpjTJ8rusPmYxzWBek4amKL5udfA9Ld
katla.oob,katla.oob.openstreetmap.org,10.0.33.40 ssh-dss AAAAB3NzaC1kc3MAAACBAP4oHi33lAVyP8zjoRZe6kxcZGJi1JOgF1vpZqEsxA97yCaLGVjc2cdxi16namqdJ/DgQaRpGRM+chP6AgGN9FD8Z6Wfskm+2sghPpcGRUkr7u6mM7WlJ0xQehD4LDcxFEpZKxtalf6TlxXn9cO0VaL9NNVrpU34c2Pqxl7wg/QnAAAAFQCB10EQxYDOnsxN2xrSHEbmgA3K0wAAAIAWN0b4KREM6Uc6FVkRtOjkiAR8FWmCg8nNQaqlKIPlM4hsrIcPC5yZfc7BzamQSy4PpHNGZG64CkYr8tn8LGWouHVKKbeFOWEXIBsRBSf1NNaYI7cS7WPnGVOmkt6yHvWwPlDcVO8FpPUL9pA7kf6iCuQNdD/MyOBHdbVoU9LcNAAAAIEAsXBb+3EZhsRAYL9Jm22PsrsW2o/hO7aomMeEXvVGG8Wuy77lqmcIvlyW3zhHBs7ubI9TZz1XDsgLK9giCkmqCyKmUsTXGsu9e4veOq+sgvXdbhoBMVi90IFsPLPUdPN5mfovBDHkwi60VtDwOLAX368pFfBfSA50CZWfhwUu26E=
karm.oob,karm.oob.openstreetmap.org,146.179.159.173 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwC0NwmVi6Fj/55PE+E/60m55gsjY0HaHpSTO2Cr3wuaTrvT4rMCbORaAtIqvp/j70MKZqSS7f1wztnm9fP/54viWWbgslMZ8GaSUHDDkoH07eznggIJ5P3wHcaK/P1sKe6JTj/dbCf/FMvTT2nrA+kIlY5q3UPQ7q1apSYE9lUjF0f3
git "#{directory}/osqa" do
action :sync
- repository "git://git.openstreetmap.org/osqa.git"
+ repository "https://git.openstreetmap.org/public/osqa.git"
revision "live"
user site_user
group site_group
-default[:otrs][:version] = "5.0.27"
+default[:otrs][:version] = "6.0.8"
default[:otrs][:user] = "otrs"
default[:otrs][:group] = nil
default[:otrs][:database_cluster] = "9.5/main"
database_password = passwords[node[:otrs][:database_password]]
site = node[:otrs][:site]
-old_installation = begin
- File.readlink("/opt/otrs")
- rescue StandardError
- nil
- end
-
postgresql_user database_user do
cluster database_cluster
password database_password
content config
end
-link "/opt/otrs-#{version}/Kernel/Config/Files/ZZZAuto.pm" do
- to "#{old_installation}/Kernel/Config/Files/ZZZAuto.pm"
- link_type :hard
-end
-
-link "/opt/otrs-#{version}/var/log/TicketCounter.log" do
- to "#{old_installation}/var/log/TicketCounter.log"
- link_type :hard
-end
-
link "/opt/otrs" do
to "/opt/otrs-#{version}"
end
-default[:passenger][:ruby_version] = "2.3"
+default[:passenger][:ruby_version] = node[:lsb][:release].to_f >= 18.04 ? "2.5" : "2.3"
default[:passenger][:max_pool_size] = 6
default[:passenger][:pool_idle_time] = 300
package "php-mbstring"
package "php-mysql"
package "php-gd"
+package "php-xml"
package "php-apcu"
-package "geoip-database-contrib"
+package "geoipupdate"
-apache_module "php7.0"
-apache_module "geoip"
+apache_module "php7.2"
version = node[:piwik][:version]
mode "0755"
end
+link "/opt/piwik-#{version}/piwik/misc/GeoLite2-ASN.mmdb" do
+ to "/var/lib/GeoIP/GeoLite2-ASN.mmdb"
+end
+
+link "/opt/piwik-#{version}/piwik/misc/GeoLite2-City.mmdb" do
+ to "/var/lib/GeoIP/GeoLite2-City.mmdb"
+end
+
+link "/opt/piwik-#{version}/piwik/misc/GeoLite2-Country.mmdb" do
+ to "/var/lib/GeoIP/GeoLite2-Country.mmdb"
+end
+
link "/srv/piwik.openstreetmap.org" do
to "/opt/piwik-#{version}/piwik"
notifies :restart, "service[apache2]"
your obligations.
</p>
<p>
- You can <a href="https://wiki.openstreetmap.org/wiki/Planet.osm#Processing_the_File">process the file</a>
+ You can <a href="https://wiki.openstreetmap.org/wiki/Planet.osm#Processing_the_file">process the file</a>
or extracts with a variety of tools. <a href="https://wiki.openstreetmap.org/wiki/Osmosis">Osmosis</a>
is a general-purpose command-line tool for converting the data among different formats
and databases, and <a href="https://wiki.openstreetmap.org/wiki/Osm2pgsql">Osm2pgsql</a>
-
+default[:squid][:version] = "2"
default[:squid][:cache_mem] = "256 MB"
default[:squid][:cache_dir] = "ufs /var/spool/squid 256 16 256"
default[:squid][:access_log] = "/var/log/squid/access.log openstreetmap"
# limitations under the License.
#
+if node[:squid][:version] == "3"
+ apt_package "squid" do
+ action :unlock
+ end
+
+ apt_package "squid-common" do
+ action :unlock
+ end
+
+ apt_package "squid" do
+ action :purge
+ only_if "dpkg-query -W squid | fgrep -q 2."
+ end
+
+ apt_package "squid-common" do
+ action :purge
+ only_if "dpkg-query -W squid-common | fgrep -q 2."
+ end
+
+ file "/store/squid/coss-01" do
+ action :delete
+ backup false
+ end
+
+ package "squidclient" do
+ action :upgrade
+ end
+end
+
package "squid"
package "squidclient"
mode 0o644
end
-template "/etc/default/squid" do
- source "squid.erb"
- owner "root"
- group "root"
- mode 0o644
-end
-
directory "/etc/squid/squid.conf.d" do
owner "root"
group "root"
mode 0o755
end
+if node[:squid][:cache_dir] =~ /^coss (\S+) /
+ cache_dir = File.dirname(Regexp.last_match(1))
+elsif node[:squid][:cache_dir] =~ /^\S+ (\S+) /
+ cache_dir = Regexp.last_match(1)
+end
+
+directory cache_dir do
+ owner "proxy"
+ group "proxy"
+ mode 0o750
+ recursive true
+end
+
+systemd_tmpfile "/var/run/squid" do
+ type "d"
+ owner "proxy"
+ group "proxy"
+ mode "0755"
+end
+
systemd_service "squid" do
description "Squid caching proxy"
after ["network.target", "nss-lookup.target"]
+ type "forking"
limit_nofile 65536
- environment "SQUID_ARGS" => "-D"
- environment_file "/etc/default/squid"
- exec_start_pre "/usr/sbin/squid $SQUID_ARGS -z"
- exec_start "/usr/sbin/squid -N $SQUID_ARGS"
+ exec_start_pre "/usr/sbin/squid -N -z"
+ exec_start "/usr/sbin/squid -Y"
exec_reload "/usr/sbin/squid -k reconfigure"
exec_stop "/usr/sbin/squid -k shutdown"
private_tmp true
private_devices true
protect_system "full"
protect_home true
- no_new_privileges true
restart "on-failure"
timeout_sec 0
end
service "squid" do
action [:enable, :start]
subscribes :restart, "systemd_service[squid]"
+ subscribes :restart, "directory[#{cache_dir}]"
subscribes :reload, "template[/etc/squid/squid.conf]"
- subscribes :restart, "template[/etc/default/squid]"
subscribes :reload, "template[/etc/resolv.conf]"
end
munin_plugin "squid_objectsize"
munin_plugin "squid_requests"
munin_plugin "squid_traffic"
-
-Dir.glob("/var/log/squid/zere.log*") do |log|
- File.unlink(log)
-end
log_icp_queries off
#FIXME - configurable
+<% if node[:squid][:version] == "2" -%>
http_port 80 accel defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6 http11
+<% else -%>
+http_port 80 accel no-vhost defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6
+
+#prefer IPv4 until everything is upgraded
+dns_v4_first on
+<% end -%>
cache_effective_user proxy
cache_effective_group proxy
#FIXME - configurable
cache_dir <%= node[:squid][:cache_dir] %>
+<% if node[:squid][:version] == "2" -%>
cache_swap_log /var/spool/squid/%s
+<% end -%>
cache_mgr webmaster@openstreetmap.org
negative_ttl 15 seconds
half_closed_clients off
+<% if node[:squid][:version] == "2" -%>
pipeline_prefetch on
+<% else -%>
+pipeline_prefetch 1
+<% end -%>
read_timeout 90 seconds
request_timeout 90 seconds
client_lifetime 1 hours
collapsed_forwarding on
+<% if node[:squid][:version] == "2" -%>
refresh_stale_hit 300 seconds
+<% end -%>
#Recommended minimum configuration:
#----------------------------------
+<% if node[:squid][:version] == "2" -%>
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
+<% end -%>
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
forwarded_for on
follow_x_forwarded_for allow localhost
+<% if node[:squid][:version] == "2" -%>
logformat openstreetmap %ts.%03tu %tr %>a %Ss/%03Hs %<st %rm %rp %Sh/%<A %mt "%{Referer}>h" "%{User-Agent}>h"
access_log <%= node[:squid][:access_log] %>
+<% else -%>
+logformat openstreetmap %ts.%03tu %tr %>a %Ss/%03>Hs %<st %rm %>rp %Sh/%<A %mt "%{Referer}>h" "%{User-Agent}>h"
+access_log daemon:<%= node[:squid][:access_log] %>
+<% end -%>
cache_log /var/log/squid/cache.log
cache_store_log none
buffered_logs on
client_db off
strip_query_terms off
+<% if node[:squid][:version] == "3" -%>
+# Work around bug in squid 3 that causes log_fqdn to be
+# turned on by some of the (unused by us) default formats:
+# http://lists.squid-cache.org/pipermail/squid-users/2016-February/thread.html#8999
+url_rewrite_extras "%>a %un %>rm myip=%la myport=%lp"
+store_id_extras "%>a %un %>rm myip=%la myport=%lp"
+<% end -%>
digest_generation on
+++ /dev/null
-# DO NOT EDIT - This file is being maintained by Chef
-#
-# /etc/default/squid Configuration settings for the Squid proxy server.
-#
-
-# Max. number of filedescriptors to use. You can increase this on a busy
-# cache to a maximum of (currently) 65536 filedescriptors. Default is 1024.
-SQUID_MAXFD=65536
git "/srv/stateofthemap.org" do
action :sync
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "chooser"
user "root"
group "root"
wordpress_theme "2007.stateofthemap.org-refreshwp-11" do
theme "refreshwp-11"
site "2007.stateofthemap.org"
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "theme-2007"
end
wordpress_theme "2008.stateofthemap.org-refreshwp-11" do
theme "refreshwp-11"
site "2008.stateofthemap.org"
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "theme-2008"
end
git "/srv/2009.stateofthemap.org" do
action :sync
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "resources-2009"
user "wordpress"
group "wordpress"
wordpress_theme "2009.stateofthemap.org-aerodrome" do
theme "aerodrome"
site "2009.stateofthemap.org"
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "theme-2009"
end
git "/srv/2010.stateofthemap.org" do
action :sync
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "resources-2010"
user "wordpress"
group "wordpress"
wordpress_theme "2010.stateofthemap.org-aerodrome" do
theme "aerodrome"
site "2010.stateofthemap.org"
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "theme-2010"
end
wordpress_plugin "2010.stateofthemap.org-sitepress-multilingual-cms" do
plugin "sitepress-multilingual-cms"
site "2010.stateofthemap.org"
- repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git"
+ repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
end
wordpress_plugin "2010.stateofthemap.org-wp-sticky" do
git "/srv/2011.stateofthemap.org" do
action :sync
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "resources-2011"
user "wordpress"
group "wordpress"
wordpress_theme "2011.stateofthemap.org-aerodrome" do
theme "aerodrome"
site "2011.stateofthemap.org"
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "theme-2011"
end
wordpress_plugin "2011.stateofthemap.org-sitepress-multilingual-cms" do
plugin "sitepress-multilingual-cms"
site "2011.stateofthemap.org"
- repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git"
+ repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
end
wordpress_plugin "2011.stateofthemap.org-wp-sticky" do
git "/srv/2012.stateofthemap.org" do
action :sync
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "resources-2012"
user "wordpress"
group "wordpress"
wordpress_theme "2012.stateofthemap.org-aerodrome" do
theme "aerodrome"
site "2012.stateofthemap.org"
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "theme-2012"
end
wordpress_plugin "2012.stateofthemap.org-sitepress-multilingual-cms" do
plugin "sitepress-multilingual-cms"
site "2012.stateofthemap.org"
- repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git"
+ repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
end
wordpress_plugin "2012.stateofthemap.org-wp-sticky" do
%w[2013].each do |year|
git "/srv/#{year}.stateofthemap.org" do
action :sync
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "site-#{year}"
user "root"
group "root"
[osm-website]
short name = osm-website
-url = git://git.openstreetmap.org/rails.git
+url = https://git.openstreetmap.org/public/rails.git
branch = master
commit link = https://git.osm.org/rails.git/commitdiff/%c
channels = #osm-dev
[osm-chef-public]
short name = osm-chef-public
-url = git://git.openstreetmap.org/chef.git
+url = https://git.openstreetmap.org/public/chef.git
branch = master
commit link = https://git.osm.org/chef.git/commitdiff/%c
channels = #osm-dev
[osm-cgimap]
short name = osm-cgimap
-url = git://git.openstreetmap.org/cgimap.git
+url = https://git.openstreetmap.org/public/cgimap.git
branch = master
commit link = https://git.osm.org/cgimap.git/commitdiff/%c
channels = #osm-dev
[osm-dns]
short name = osm-dns
-url = git://git.openstreetmap.org/dns.git
+url = https://git.openstreetmap.org/public/dns.git
branch = master
commit link = https://git.osm.org/dns.git/commitdiff/%c
channels = #osm-dev
[osm-potlatch2]
short name = osm-potlatch2
-url = git://git.openstreetmap.org/potlatch2.git
+url = https://git.openstreetmap.org/public/potlatch2.git
branch = master
commit link = https://git.osm.org/potlatch2.git/commitdiff/%c
channels = #osm-dev
[osm-gpx-import]
short name = osm-gpx-import
-url = git://git.openstreetmap.org/gpx-import.git
+url = https://git.openstreetmap.org/public/gpx-import.git
branch = master
commit link = https://git.osm.org/gpx-import.git/commitdiff/%c
channels = #osm-dev
[osm-nominatim]
short name = osm-nominatim
-url = git://git.openstreetmap.org/nominatim.git
+url = https://git.openstreetmap.org/public/nominatim.git
branch = master
commit link = https://git.osm.org/nominatim.git/commitdiff/%c
channels = #osm-dev
[osm-planetdump]
short name = osm-planetdump
-url = git://git.openstreetmap.org/planetdump.git
+url = https://git.openstreetmap.org/public/planetdump.git
branch = master
commit link = https://git.osm.org/planetdump.git/commitdiff/%c
channels = #osm-dev
wordpress_plugin "switch2osm.org-sitepress-multilingual-cms" do
plugin "sitepress-multilingual-cms"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git"
+ repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
end
wordpress_plugin "switch2osm.org-wpml-cms-nav" do
plugin "wpml-cms-nav"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/wpml-cms-nav.git"
+ repository "https://git.openstreetmap.org/private/wpml-cms-nav.git"
end
wordpress_plugin "switch2osm.org-wpml-sticky-links" do
plugin "wpml-sticky-links"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/wpml-sticky-links.git"
+ repository "https://git.openstreetmap.org/private/wpml-sticky-links.git"
end
wordpress_plugin "switch2osm.org-wpml-string-translation" do
plugin "wpml-string-translation"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/wpml-string-translation.git"
+ repository "https://git.openstreetmap.org/private/wpml-string-translation.git"
end
wordpress_plugin "switch2osm.org-wpml-translation-analytics" do
plugin "wpml-translation-analytics"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/wpml-translation-analytics.git"
+ repository "https://git.openstreetmap.org/private/wpml-translation-analytics.git"
end
wordpress_plugin "switch2osm.org-wpml-translation-management" do
plugin "wpml-translation-management"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/wpml-translation-management.git"
+ repository "https://git.openstreetmap.org/private/wpml-translation-management.git"
end
wordpress_plugin "switch2osm.org-wpml-xliff" do
plugin "wpml-xliff"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/wpml-xliff.git"
+ repository "https://git.openstreetmap.org/private/wpml-xliff.git"
end
template "/etc/cron.daily/switch2osm-backup" do
-default[:osqa][:sites] = []
+default[:taginfo][:sites] = []
libboost-dev
libexpat1-dev
libsparsehash-dev
- libgd2-xpm-dev
+ libgd-dev
libicu-dev
libboost-program-options-dev
cmake
node[:taginfo][:sites].each do |site|
site_name = site[:name]
+ site_aliases = Array(site[:aliases])
directory = site[:directory] || "/srv/#{site_name}"
description = site[:description]
about = site[:about]
end
ssl_certificate site_name do
- domains site_name
+ domains [site_name] + site_aliases
notifies :reload, "service[apache2]"
end
apache_site site_name do
template "apache.erb"
directory "#{directory}/taginfo/web/public"
+ variables :aliases => site_aliases
end
end
Header setifempty Access-Control-Allow-Origin *
</Location>
</VirtualHost>
+<% unless @aliases.empty? -%>
+
+<VirtualHost *:443>
+ ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+ RedirectPermanent / https://<%= @name %>/
+</VirtualHost>
+<% end -%>
<VirtualHost *:80>
ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
ServerAdmin webmaster@openstreetmap.org
CustomLog /var/log/apache2/<%= @name %>-access.log combined
notifies :restart, "service[nginx]"
end
-nginx_site "tile-ssl" do
- template "nginx_tile_ssl.conf.erb"
+nginx_site "tile" do
+ template "nginx_tile.conf.erb"
variables :caches => tilecaches
end
upstream tile_cache_backend {
server 127.0.0.1;
- <% @caches.each do |cache| -%>
- <% if cache[:hostname] != node[:hostname] -%>
- #Server <%= cache[:hostname] %>
- <% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
- server <%= address %> backup;
- <% end -%>
- <% end -%>
- <% end -%>
keepalive 32;
}
proxy_connect_timeout 5s;
+ # Preserve host header.
+ proxy_set_header Host $host;
# Do not pass cookies to backends.
proxy_set_header Cookie '';
# Do not pass Accept-Encoding to backends.
-acl osmtile_sites dstdomain a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tile.openstreetmap.org a.tile.osm.org b.tile.osm.org c.tile.osm.org tile.osm.org
+acl osmtile_thishost dstdomain <%= node[:fqdn] %>
+acl osmtile_sites dstdomain <%= node[:fqdn] %> a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tile.openstreetmap.org a.tile.osm.org b.tile.osm.org c.tile.osm.org tile.osm.org
acl osmtiles_png urlpath_regex .png$
acl osmtileScrapers browser ^$
acl osmtile_nocache_url urlpath_regex \.png/(status|dirty)$
cache deny osmtile_sites osmtile_nocache_url
+<% @caches.each do |cache| -%>
+<% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
+acl tile_caches src <%= address %>
+<% end -%>
+<% end -%>
+
+<% if node[:squid][:version] == "2" -%>
+#Siblings
<% node[:tilecache][:tile_siblings].each do |sibling| -%>
cache_peer <%= sibling %> sibling 3128 3130 weight=1500
<% end -%>
+<% end -%>
+
#Primary Parent
cache_peer <%= node[:tilecache][:tile_parent] %> parent 443 0 no-query originserver name=osmtileAccel login=PASS connect-timeout=120 no-digest weight=1000 ssl ssldomain=render.openstreetmap.org
cache_peer_access osmtileAccel allow osmtile_sites
<% @caches.each do |cache| -%>
<% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
acl pool_unlimited src <%= address %>
-acl tile_caches src <%= address %>
<% end -%>
<% end -%>
usbutils
numactl
xfsprogs
- sysv-rc-conf
iotop
lvm2
rsyslog
]
+if node[:lsb][:release].to_f < 18.04
+ package "sysv-rc-conf"
+end
+
service "rsyslog" do
action [:enable, :start]
supports :status => true, :restart => true, :reload => true
<%= File.basename(repository, ".git") %>.dir = <%= repository %>
<%= File.basename(repository, ".git") %>.description = <%= IO.read("#{repository}/description").strip %>
<%= File.basename(repository, ".git") %>.type = git
-<%= File.basename(repository, ".git") %>.url = git://git.openstreetmap.org/<%= File.basename(repository) %>
+<%= File.basename(repository, ".git") %>.url = https://git.openstreetmap.org/public/<%= File.basename(repository) %>
<% end -%>
.alias = subversion
git gpx_directory do
action :sync
- repository "git://git.openstreetmap.org/gpx-import.git"
+ repository "https://git.openstreetmap.org/public/gpx-import.git"
revision "live"
user "rails"
group "rails"
directory rails_directory
user "rails"
group "rails"
- repository "git://git.openstreetmap.org/rails.git"
+ repository "https://git.openstreetmap.org/public/rails.git"
revision "live"
database_host node[:web][:database_host]
database_name "openstreetmap"
property :directory, String
property :user, String
property :group, String
-property :repository, String, :default => "git://git.openstreetmap.org/rails.git"
+property :repository, String, :default => "https://git.openstreetmap.org/public/rails.git"
property :revision, String, :default => "live"
property :run_migrations, [TrueClass, FalseClass], :default => false
property :email_from, String, :default => "OpenStreetMap <support@openstreetmap.org>"
action :nothing
end
- execute "#{rails_directory}/lib/quad_tile/extconf.rb" do
- command "ruby extconf.rb"
- cwd "#{rails_directory}/lib/quad_tile"
- user new_resource.user
- group new_resource.group
- not_if do
- ::File.exist?("#{rails_directory}/lib/quad_tile/quad_tile_so.so") &&
- ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= ::File.mtime("#{rails_directory}/lib/quad_tile/extconf.rb") &&
- ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.c") &&
- ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.h")
- end
- notifies :run, "execute[#{rails_directory}/lib/quad_tile/Makefile]"
- end
-
- execute "#{rails_directory}/lib/quad_tile/Makefile" do
- action :nothing
- command "make"
- cwd "#{rails_directory}/lib/quad_tile"
- user new_resource.user
- group new_resource.group
- notifies :run, "execute[#{rails_directory}]"
- end
-
execute rails_directory do
action :nothing
command "passenger-config restart-app --ignore-app-not-running #{rails_directory}"
php-mysql
]
-apache_module "php7.0"
+apache_module "php7.2"
apache_module "rewrite"
fail2ban_filter "wordpress" do
+++ /dev/null
-~FC001
-~FC064
-~FC065
-~FC066
-~FC071
+++ /dev/null
-# xinetd cookbook
-
-This cookbook installs and manages the
-[xinetd](https://en.wikipedia.org/wiki/Xinetd) service, which acts as
-an internet daemon.
+++ /dev/null
-name "xinetd"
-maintainer "OpenStreetMap Administrators"
-maintainer_email "admins@openstreetmap.org"
-license "Apache-2.0"
-description "Configures xinetd"
-long_description IO.read(File.join(File.dirname(__FILE__), "README.md"))
-version "1.0.0"
-supports "ubuntu"
+++ /dev/null
-#
-# Cookbook Name:: xinetd
-# Recipe:: default
-#
-# Copyright 2013, OpenStreetMap Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-package "xinetd"
-
-service "xinetd" do
- action [:enable, :start]
- supports :status => true, :reload => true, :restart => true
-end
subversion
libcurl4-gnutls-dev
libgps-dev
- libcurl3
+ libcurl4
buffer
git
cmake
libicu-dev
]
-apache_module "php7.0"
+apache_module "php7.2"
}
},
:squid => {
+ :version => "3",
:cache_mem => "16000 MB",
- :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ :cache_dir => "rock /store/squid/rock-01 128000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144"
},
:tilecache => {
:tile_parent => "montreal.render.openstreetmap.org",
}
},
:chef => {
- :repository => "/var/lib/git/chef.git"
+ :public_repository => "/var/lib/git/public/chef.git",
+ :private_repository => "/var/lib/git/private/chef.git"
}
)
}
},
:squid => {
+ :version => "3",
:cache_mem => "6100 MB",
- :cache_dir => "coss /store/squid/coss-01 80000 block-size=8192 max-size=262144 membufs=80"
+ :cache_dir => "rock /store/squid/rock-01 80000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144"
},
:tilecache => {
:tile_parent => "zaragoza.render.openstreetmap.org",
:dev => {
:rails => {
:master => {
- :repository => "git://git.openstreetmap.org/rails.git",
+ :repository => "https://git.openstreetmap.org/public/rails.git",
:revision => "master",
:aliases => ["api06.dev.openstreetmap.org"]
},
:repository => "git://github.com/ukasiu/openstreetmap-website.git",
:revision => "comments_list"
},
- :moderation => {
- :repository => "git://github.com/gravitystorm/openstreetmap-website.git",
- :revision => "moderation"
- },
:locale => {
:repository => "git://github.com/tomhughes/openstreetmap-website.git",
:revision => "locale"
default_attributes(
:dns => {
- :repository => "/var/lib/git/dns.git"
+ :repository => "/var/lib/git/public/dns.git"
}
)
default_attributes(
:accounts => {
:users => {
+ :bretth => {
+ :status => :user,
+ :shell => "/usr/bin/git-shell"
+ },
:lonvia => {
:status => :user,
:shell => "/usr/bin/git-shell"
},
:git => {
:host => "git.openstreetmap.org",
- :aliases => ["git.osm.org"],
- :backup => "git"
+ :aliases => ["git.osm.org"]
}
)
:members => [:enf, :tomh]
}
}
+ },
+ :apache => {
+ :mpm => "event",
+ :event => {
+ :server_limit => 20,
+ :max_request_workers => 1000,
+ :threads_per_child => 50,
+ :min_spare_threads => 50,
+ :max_spare_threads => 450,
+ :async_request_worker_factor => 4
+ }
}
)
:data => "/store/elasticsearch"
}
},
- :git => {
- :allowed_nodes => "fqdn:*",
- :user => "chefrepo",
- :group => "chefrepo",
- :backup => "chef-git"
- },
:networking => {
:interfaces => {
:internal_ipv4 => {
run_list(
"role[ic]",
"role[gateway]",
- "role[chef-server]",
- "role[chef-repository]",
"role[web-storage]",
"role[supybot]",
"role[backup]",
"role[planet]",
"role[planetdump]",
"role[logstash]",
- "role[letsencrypt]",
"recipe[rsyncd]",
"recipe[openvpn]",
- "recipe[git::server]",
- "recipe[tilelog]",
- "recipe[serverinfo]"
+ "recipe[tilelog]"
)
}
},
:squid => {
- :cache_mem => "400 MB",
- :cache_dir => "coss /store/squid/coss-01 7500 block-size=8192 max-size=262144 membufs=30"
+ :version => 3,
+ :cache_mem => "350 MB",
+ :cache_dir => "rock /store/squid/rock-01 7500 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144"
},
:sysctl => {
:kvm => {
}
},
:squid => {
+ :version => "3",
:cache_mem => "14000 MB",
- :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ :cache_dir => "rock /store/squid/rock-01 128000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144"
},
:tilecache => {
:tile_parent => "aalborg.render.openstreetmap.org",
},
:otrs => {
:site => "otrs.openstreetmap.org",
- :database_cluster => "9.5/main",
+ :database_cluster => "10/main",
:database_name => "otrs",
:database_user => "otrs",
:database_password => "otrs"
},
:postgresql => {
- :versions => ["9.5"]
+ :versions => ["10"]
}
)
}
},
:squid => {
+ :version => "3",
:cache_mem => "5500 MB",
- :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ :cache_dir => "rock /store/squid/rock-01 128000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144"
},
:tilecache => {
:tile_parent => "oslo.render.openstreetmap.org",
description "Master role applied to sarel"
default_attributes(
+ :git => {
+ :private_user => "chefrepo",
+ :private_group => "chefrepo",
+ :private_nodes => "fqdn:*"
+ },
:networking => {
:interfaces => {
:internal_ipv4 => {
run_list(
"role[ucl]",
"role[hp-g5]",
- "role[yournavigation]"
+ "role[yournavigation]",
+ "role[chef-server]",
+ "role[chef-repository]",
+ "role[letsencrypt]",
+ "role[git]",
+ "role[dns]",
+ "recipe[serverinfo]"
)
description "Master role applied to shenron"
default_attributes(
- :accounts => {
- :users => {
- :bretth => {
- :status => :user,
- :shell => "/usr/bin/git-shell"
- }
- }
- },
:apache => {
:mpm => "event",
:event => {
"role[bytemark]",
"role[mail]",
"role[lists]",
- "role[git]",
"role[subversion]",
"role[trac]",
"role[osqa]",
"role[irc]",
- "role[dns]",
"role[geodns]",
- "role[chef-repository]",
"recipe[blogs]",
"recipe[openvpn]"
)
:sites => [
{
:name => "taginfo.openstreetmap.org",
+ :aliases => ["taginfo.osm.org"],
:description => "This is the main taginfo site. It contains OSM data for the whole planet and is updated daily.",
:about => "<p>This site is run by the <a href='https://www.osmfoundation.org/'>OSMF</a> and maintained by <a href='https://www.openstreetmap.org/user/Jochen%20Topf'>Jochen Topf</a> and the <a href='https://wiki.openstreetmap.org/wiki/System_Administrators'>Sysadmin team</a>.</p><p>Several <a class='extlink' href='//wiki.openstreetmap.org/wiki/Taginfo/Sites'>other taginfo sites</a> are operated by different people for different areas of the world.</p>",
:icon => "world",
}
},
:squid => {
+ :version => "3",
:cache_mem => "6400 MB",
- :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ :cache_dir => "rock /store/squid/rock-01 128000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144"
},
:tilecache => {
:tile_parent => "amsterdam.render.openstreetmap.org",
projects / chef.git / commitdiff