- tilelog
- tools
- trac
- - web-backend
- web-cgimap
- web-frontend
- web-rails
- name: trac
run_list:
- recipe[trac::default]
- - name: web-backend
- run_list:
- - recipe[web::backend]
- name: web-cgimap
run_list:
- recipe[web::cgimap]
This cookbook installs and configures the web frontend machines that power
[www.openstreetmap.org](https://www.openstreetmap.org). There are several recipes
-* `web::backend` - sets up the backend servers, used for processing longer-running requests
* `web::base` - sets up common storage configuration between all the machines
* `web::cgimap` - builds and configures [cgimap](https://github.com/openstreetmap/cgimap)
* `web::cleanup` - configures a cleanup script to be run daily
+++ /dev/null
-#
-# Cookbook:: web
-# Recipe:: backend
-#
-# Copyright:: 2011, OpenStreetMap Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-node.default[:memcached][:ip_address] = node.internal_ipaddress
-
-include_recipe "memcached"
-include_recipe "apache"
-include_recipe "web::rails"
-include_recipe "web::cgimap"
-
-web_passwords = data_bag_item("web", "passwords")
-
-apache_module "remoteip"
-apache_module "rewrite"
-apache_module "proxy"
-apache_module "proxy_fcgi"
-apache_module "setenvif"
-
-apache_site "default" do
- action [:disable]
-end
-
-apache_site "www.openstreetmap.org" do
- template "apache.backend.erb"
- variables :status => node[:web][:status],
- :secret_key_base => web_passwords["secret_key_base"]
-end
-
-service "rails-jobs@storage" do
- action [:disable, :stop]
-end
-
-service "rails-jobs@traces" do
- action [:disable, :stop]
-end
+++ /dev/null
-# DO NOT EDIT - This file is being maintained by Chef
-
-<VirtualHost *:443>
- #
- # Basic server configuration
- #
- ServerName <%= node[:fqdn] %>
- ServerAlias api.openstreetmap.org www.openstreetmap.org
- ServerAdmin webmaster@openstreetmap.org
-
- #
- # Enable SSL
- #
- SSLEngine on
- SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem
- SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key
-
- #
- # Setup logging
- #
- LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Dus %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x" combined_with_time
- CustomLog /var/log/apache2/access.log combined_with_time
- ErrorLog /var/log/apache2/error.log
-
- #
- # Turn on the rewrite engine
- #
- RewriteEngine on
-
- #
- # Recover the unique ID from the request headers
- #
- SetEnvIf X-Request-Id ^(.*)$ UNIQUE_ID=$1
-
- #
- # Configure rails
- #
- DocumentRoot <%= node[:web][:base_directory] %>/rails/public
- RailsEnv production
- PassengerMinInstances 3
- PassengerMaxRequests 500
- PassengerPreStart https://www.openstreetmap.org/
- PassengerAppGroupName rails
- SetEnv OPENSTREETMAP_STATUS <%= @status %>
- SetEnv SECRET_KEY_BASE <%= @secret_key_base %>
-
- #
- # Get the real remote IP for requests via a trusted proxy
- #
- RemoteIPHeader X-Forwarded-For
- RemoteIPTrustedProxy 10.0.32.0/24
- RemoteIPTrustedProxy 10.0.48.0/24
-
- #
- # Pass authentication related headers to cgimap
- #
- <Location />
- CGIPassAuth On
- </Location>
-
- #
- # Pass supported calls to cgimap
- #
- RewriteRule ^/api/0\.6/map(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
- RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
- RewriteRule ^/api/0\.6/(node|way|relation|changeset)/[0-9]+(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
- RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/history(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
- RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+/relations(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
- RewriteRule ^/api/0\.6/node/[0-9]+/ways(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
- RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
- RewriteRule ^/api/0\.6/(nodes|ways|relations)(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
- RewriteRule ^/api/0\.6/changeset/[0-9]+/(upload|download)(\.json|\.xml)?$ fcgi://127.0.0.1:8000$0 [P]
-</VirtualHost>
-
-<Directory <%= node[:web][:base_directory] %>/rails/public>
- Require all granted
-</Directory>
+++ /dev/null
-name "web-backend"
-description "Role applied to all web/api backend servers"
-
-default_attributes(
- :apache => {
- :mpm => "event",
- :event => {
- :max_connections_per_child => 10000,
- :async_request_worker_factor => 4
- }
- },
- :logstash => {
- :forwarder => {
- "filebeat.prospectors" => [
- { "input_type" => "log", "paths" => ["/var/log/apache2/access.log"], "fields" => { "type" => "apache" } },
- { "input_type" => "log", "paths" => ["/var/log/web/rails-logstash.log"], "fields" => { "type" => "rails" } }
- ]
- }
- },
- :memcached => {
- :memory_limit => 4096
- },
- :passenger => {
- :max_pool_size => 12
- }
-)
-
-run_list(
- "role[web]",
- "role[logstash-forwarder]",
- "recipe[web::backend]"
-)
+++ /dev/null
-require "serverspec"
-
-# Required by serverspec
-set :backend, :exec
-
-describe package("apache2") do
- it { should be_installed }
-end
-
-describe service("apache2") do
- it { should be_enabled }
- it { should be_running }
-end
-
-describe port(80) do
- it { should be_listening.with("tcp") }
-end
-
-describe port(443) do
- it { should be_listening.with("tcp") }
-end
+++ /dev/null
-require "serverspec"
-
-# Required by serverspec
-set :backend, :exec
-
-describe service("cgimap") do
- it { should be_enabled }
- it { should be_running }
-end
-
-describe port(8000) do
- it { should be_listening.with("tcp") }
-end
+++ /dev/null
-require "serverspec"
-
-# Required by serverspec
-set :backend, :exec
-
-describe service("api-statistics") do
- it { should be_enabled }
- it { should be_running }
-end
projects / chef.git / commitdiff