From: Tom Hughes Date: Mon, 17 Jun 2013 20:38:56 +0000 (+0100) Subject: Add a load more cookbooks to the public repository X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/1c848471a16f9d1ee1fc8a327af110447ea1ef4c Add a load more cookbooks to the public repository --- diff --git a/cookbooks/civicrm/README.rdoc b/cookbooks/civicrm/README.rdoc new file mode 100644 index 000000000..3de2ec7a3 --- /dev/null +++ b/cookbooks/civicrm/README.rdoc @@ -0,0 +1,8 @@ += DESCRIPTION: + += REQUIREMENTS: + += ATTRIBUTES: + += USAGE: + diff --git a/cookbooks/civicrm/attributes/default.rb b/cookbooks/civicrm/attributes/default.rb new file mode 100644 index 000000000..8fefdfcd7 --- /dev/null +++ b/cookbooks/civicrm/attributes/default.rb @@ -0,0 +1 @@ +default[:civicrm][:version] = "4.2.7" diff --git a/cookbooks/civicrm/metadata.rb b/cookbooks/civicrm/metadata.rb new file mode 100644 index 000000000..796cde613 --- /dev/null +++ b/cookbooks/civicrm/metadata.rb @@ -0,0 +1,8 @@ +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache 2.0" +description "Installs and configures CiviCRM" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) +version "1.0.0" +depends "drupal" +depends "mysql" diff --git a/cookbooks/civicrm/recipes/default.rb b/cookbooks/civicrm/recipes/default.rb new file mode 100644 index 000000000..13b05afcf --- /dev/null +++ b/cookbooks/civicrm/recipes/default.rb @@ -0,0 +1,158 @@ +# +# Cookbook Name:: civicrm +# Recipe:: default +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "drupal" +include_recipe "mysql" + +passwords = data_bag_item("civicrm", "passwords") + +database_password = passwords["database"] +admin_password = passwords["admin"] +site_key = passwords["key"] + +mysql_user "civicrm@localhost" do + password database_password +end + +mysql_database "civicrm" do + permissions "civicrm@localhost" => :all +end + +drupal_site "crm.osmfoundation.org" do + title "CiviCRM" + database_name "civicrm" + database_username "civicrm" + database_password database_password + admin_password admin_password +end + +directory "/usr/local/share/civicrm" do + owner "root" + group "root" + mode "0755" +end + +civicrm_version = node[:civicrm][:version] +civicrm_directory = "/usr/local/share/civicrm/#{civicrm_version}" + +subversion civicrm_directory do + action :export + repository "http://svn.civicrm.org/civicrm/tags/tarballs/#{node[:civicrm][:version]}" + user "root" + group "root" +end + +link "/usr/share/drupal7/sites/all/modules/civicrm" do + to "/usr/local/share/civicrm/#{node[:civicrm][:version]}" +end + +directory "/data/crm.osmfoundation.org/civicrm" do + owner "www-data" + group "www-data" + mode "0775" +end + +ruby_block "#{civicrm_directory}/civicrm.settings.php" do + block do + out = File.new("#{civicrm_directory}/civicrm.settings.php", "w") + + File.foreach("#{civicrm_directory}/templates/CRM/common/civicrm.settings.php.tpl") do |line| + line.gsub!(/%%cms%%/, "Drupal") + line.gsub!(/%%CMSdbUser%%/, "civicrm") + line.gsub!(/%%CMSdbPass%%/, database_password) + line.gsub!(/%%CMSdbHost%%/, "localhost") + line.gsub!(/%%CMSdbName%%/, "civicrm") + line.gsub!(/%%dbUser%%/, "civicrm") + line.gsub!(/%%dbPass%%/, database_password) + line.gsub!(/%%dbHost%%/, "localhost") + line.gsub!(/%%dbName%%/, "civicrm") + line.gsub!(/%%crmRoot%%/, "/usr/share/drupal7/sites/all/modules/civicrm") + line.gsub!(/%%templateCompileDir%%/, "/data/crm.osmfoundation.org/civicrm") + line.gsub!(/%%baseURL%%/, "http://crm.osmfoundation.org/") + line.gsub!(/%%siteKey%%/, site_key) + + out.print(line) + end + + out.close + end + + not_if do + File.exist?("#{civicrm_directory}/civicrm.settings.php") and + File.mtime("#{civicrm_directory}/civicrm.settings.php") >= File.mtime("#{civicrm_directory}/templates/CRM/common/civicrm.settings.php.tpl") + end +end + +link "/etc/drupal/7/sites/crm.osmfoundation.org/civicrm.settings.php" do + to "#{civicrm_directory}/civicrm.settings.php" +end + +template "#{civicrm_directory}/settings_location.php" do + source "settings_location.php.erb" + owner "root" + group "root" + mode "0644" +end + +execute "civicrm-load-acl" do + action :nothing + command "mysql --user=civicrm --password=#{database_password} civicrm < sql/civicrm_acl.mysql" + cwd "/usr/share/drupal7/sites/all/modules/civicrm" + user "root" + group "root" +end + +execute "civicrm-load-data" do + action :nothing + command "mysql --user=civicrm --password=#{database_password} civicrm < sql/civicrm_data.mysql" + cwd "/usr/share/drupal7/sites/all/modules/civicrm" + user "root" + group "root" + notifies :run, resources(:execute => "civicrm-load-acl") +end + +execute "civicrm-load" do + action :nothing + command "mysql --user=civicrm --password=#{database_password} civicrm < sql/civicrm.mysql" + cwd "/usr/share/drupal7/sites/all/modules/civicrm" + user "root" + group "root" + notifies :run, resources(:execute => "civicrm-load-data") +end + +execute "civicrm-gencode" do + command "php GenCode.php" + cwd "#{civicrm_directory}/xml" + user "root" + group "root" + creates "#{civicrm_directory}/civicrm-version.php" + notifies :run, resources(:execute => "civicrm-load") +end + +directory "/data/crm.osmfoundation.org/civicrm/en_US" do + owner "www-data" + group "www-data" + mode "0775" +end + +directory "/data/crm.osmfoundation.org/civicrm/en_US/ConfigAndLog" do + owner "www-data" + group "www-data" + mode "0775" +end diff --git a/cookbooks/civicrm/templates/default/settings_location.php.erb b/cookbooks/civicrm/templates/default/settings_location.php.erb new file mode 100644 index 000000000..3e0249dc4 --- /dev/null +++ b/cookbooks/civicrm/templates/default/settings_location.php.erb @@ -0,0 +1,10 @@ + diff --git a/cookbooks/db/README.rdoc b/cookbooks/db/README.rdoc new file mode 100644 index 000000000..3de2ec7a3 --- /dev/null +++ b/cookbooks/db/README.rdoc @@ -0,0 +1,8 @@ += DESCRIPTION: + += REQUIREMENTS: + += ATTRIBUTES: + += USAGE: + diff --git a/cookbooks/db/metadata.rb b/cookbooks/db/metadata.rb new file mode 100644 index 000000000..a979c1d4f --- /dev/null +++ b/cookbooks/db/metadata.rb @@ -0,0 +1,9 @@ +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache 2.0" +description "Installs and configures database servers" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) +version "1.0.0" +depends "postgresql" +depends "web" +depends "git" diff --git a/cookbooks/db/recipes/base.rb b/cookbooks/db/recipes/base.rb new file mode 100644 index 000000000..3f9920487 --- /dev/null +++ b/cookbooks/db/recipes/base.rb @@ -0,0 +1,56 @@ +# +# Cookbook Name:: db +# Recipe:: base +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "postgresql" +include_recipe "git" + +passwords = data_bag_item("db", "passwords") + +postgresql_munin "openstreetmap" do + cluster node[:db][:cluster] + database "openstreetmap" +end + +directory "/srv/www.openstreetmap.org" do + group "rails" + mode 02775 +end + +rails_port "www.openstreetmap.org" do + directory "/srv/www.openstreetmap.org/rails" + user "rails" + group "rails" + repository "git://git.openstreetmap.org/rails.git" + revision "live" + database_host "localhost" + database_name "openstreetmap" + database_username "openstreetmap" + database_password passwords["openstreetmap"] + gpx_dir "/store/rails/gpx" + file_column_root "/store/rails" +end + +execute "/srv/www.openstreetmap.org/rails/db/functions/Makefile" do + action :nothing + command "make" + cwd "/srv/www.openstreetmap.org/rails/db/functions" + user "rails" + group "rails" + subscribes :run, resources(:git => "/srv/www.openstreetmap.org/rails") +end diff --git a/cookbooks/db/recipes/master.rb b/cookbooks/db/recipes/master.rb new file mode 100644 index 000000000..70ae0e673 --- /dev/null +++ b/cookbooks/db/recipes/master.rb @@ -0,0 +1,91 @@ +# +# Cookbook Name:: db +# Recipe:: master +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "db::base" + +passwords = data_bag_item("db", "passwords") + +postgresql_user "tomh" do + cluster node[:db][:cluster] + superuser true +end + +postgresql_user "matt" do + cluster node[:db][:cluster] + superuser true +end + +postgresql_user "openstreetmap" do + cluster node[:db][:cluster] + password passwords["openstreetmap"] +end + +postgresql_user "rails" do + cluster node[:db][:cluster] + password passwords["rails"] +end + +postgresql_user "planetdump" do + cluster node[:db][:cluster] + password passwords["planetdump"] +end + +postgresql_user "planetdiff" do + cluster node[:db][:cluster] + password passwords["planetdiff"] +end + +postgresql_user "backup" do + cluster node[:db][:cluster] + password passwords["backup"] +end + +postgresql_user "gpximport" do + cluster node[:db][:cluster] + password passwords["gpximport"] +end + +postgresql_user "munin" do + cluster node[:db][:cluster] + password passwords["munin"] +end + +postgresql_user "replication" do + cluster node[:db][:cluster] + password passwords["replication"] + replication true +end + +postgresql_database "openstreetmap" do + cluster node[:db][:cluster] + owner "openstreetmap" +end + +postgresql_extension "btree_gist" do + cluster node[:db][:cluster] + database "openstreetmap" + only_if { node[:postgresql][:clusters][node[:db][:cluster]] and node[:postgresql][:clusters][node[:db][:cluster]][:version] >= 9.0 } +end + +template "/etc/cron.daily/rails-db" do + source "cron.erb" + owner "root" + group "root" + mode 0755 +end diff --git a/cookbooks/db/recipes/slave.rb b/cookbooks/db/recipes/slave.rb new file mode 100644 index 000000000..54adff53a --- /dev/null +++ b/cookbooks/db/recipes/slave.rb @@ -0,0 +1,20 @@ +# +# Cookbook Name:: db +# Recipe:: slave +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "db::base" diff --git a/cookbooks/db/templates/default/cron.erb b/cookbooks/db/templates/default/cron.erb new file mode 100644 index 000000000..ec1d2e002 --- /dev/null +++ b/cookbooks/db/templates/default/cron.erb @@ -0,0 +1,4 @@ +#!/bin/sh + +# Cleanup archive directory +find /store/postgresql/system/archive -mtime +10 -print0 | xargs -0r rm diff --git a/cookbooks/dev/README.rdoc b/cookbooks/dev/README.rdoc new file mode 100644 index 000000000..3de2ec7a3 --- /dev/null +++ b/cookbooks/dev/README.rdoc @@ -0,0 +1,8 @@ += DESCRIPTION: + += REQUIREMENTS: + += ATTRIBUTES: + += USAGE: + diff --git a/cookbooks/dev/attributes/default.rb b/cookbooks/dev/attributes/default.rb new file mode 100644 index 000000000..4f16412c4 --- /dev/null +++ b/cookbooks/dev/attributes/default.rb @@ -0,0 +1 @@ +default[:dev][:rails] = {} diff --git a/cookbooks/dev/metadata.rb b/cookbooks/dev/metadata.rb new file mode 100644 index 000000000..2f273b7ce --- /dev/null +++ b/cookbooks/dev/metadata.rb @@ -0,0 +1,37 @@ +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache 2.0" +description "Installs and configures dev services" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) +version "1.0.0" +depends "apache" +depends "git" +depends "mysql" +depends "postgresql" +depends "tools" +depends "web" + +attribute "rails", + :display_name => "Rails Configuration", + :description => "Hash of rails port configuration information", + :type => "hash" + +attribute "rails/sites", + :display_name => "Rails Installations", + :description => "Hash of rails port installations to configure", + :type => "hash" + +attribute "rails/sites/repository", + :display_name => "Repository", + :description => "Git repository to use", + :default => "git://git.openstreetmap.org/rails.git" + +attribute "rails/sites/revision", + :display_name => "Revision", + :description => "Revision to use", + :default => "live" + +attribute "rails/sites/database", + :display_name => "Database", + :description => "Database to use", + :default => nil diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb new file mode 100644 index 000000000..33de91afb --- /dev/null +++ b/cookbooks/dev/recipes/default.rb @@ -0,0 +1,230 @@ +# +# Cookbook Name:: dev +# Recipe:: default +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "yaml" + +include_recipe "apache" +include_recipe "git" +include_recipe "mysql" +include_recipe "postgresql" + +package "php-apc" +package "php-db" +package "php-cgiwrap" +package "php-pear" + +package "php5-cgi" +package "php5-cli" +package "php5-curl" +package "php5-fpm" +package "php5-imagick" +package "php5-mcrypt" +package "php5-mysql" +package "php5-pgsql" +package "php5-sqlite" + +package "python" +package "python-argparse" +package "python-beautifulsoup" +package "python-cheetah" +package "python-dateutil" +package "python-magic" +package "python-psycopg2" + +apache_module "expires" +apache_module "fastcgi-handler" +apache_module "rewrite" +apache_module "expires" +apache_module "wsgi" + +apache_module "passenger" do + conf "passenger.conf.erb" +end + +munin_plugin "passenger_memory" +munin_plugin "passenger_processes" +munin_plugin "passenger_queues" +munin_plugin "passenger_requests" + +gem_package "sqlite3" + +gem_package "rails" do + version "3.0.9" +end + +service "php5-fpm" do + action [ :enable, :start ] + supports :status => true, :restart => true, :reload => true +end + +template "/etc/php5/fpm/pool.d/default.conf" do + source "fpm-default.conf.erb" + owner "root" + group "root" + mode 0644 + notifies :reload, resources(:service => "php5-fpm") +end + +file "/etc/php5/fpm/pool.d/www.conf" do + action :delete + notifies :reload, resources(:service => "php5-fpm") +end + +package "phppgadmin" + +template "/etc/phppgadmin/config.inc.php" do + source "phppgadmin.conf.erb" + owner "root" + group "root" + mode 0644 +end + +link "/etc/apache2/conf.d/phppgadmin" do + action :delete +end + +apache_site "phppgadmin.dev.openstreetmap.org" do + template "apache.phppgadmin.erb" +end + +node[:accounts][:users].each do |name,details| + if ["user","administrator"].include?(details[:status]) + user_home = details[:home] || "#{node[:accounts][:home]}/#{name.to_s}" + + if File.directory?("#{user_home}/public_html") + template "/etc/php5/fpm/pool.d/#{name}.conf" do + source "fpm.conf.erb" + owner "root" + group "root" + mode 0644 + variables :user => name + notifies :reload, resources(:service => "php5-fpm") + end + + apache_site "#{name}.dev.openstreetmap.org" do + template "apache.user.erb" + directory "#{user_home}/public_html" + variables :user => name + end + end + end +end + +if node[:postgresql][:clusters]["9.1/main"] + postgresql_user "apis" do + cluster "9.1/main" + end + + node[:dev][:rails].each do |name,details| + database_name = details[:database] || "apis_#{name}" + site_name = "#{name}.apis.dev.openstreetmap.org" + site_aliases = details[:aliases] || [] + rails_directory = "/srv/#{name}.apis.dev.openstreetmap.org" + + postgresql_database database_name do + cluster "9.1/main" + owner "apis" + end + + postgresql_extension "#{database_name}_btree_gist" do + cluster "9.1/main" + database database_name + extension "btree_gist" + end + + rails_port site_name do + ruby node[:dev][:ruby] + directory rails_directory + user "apis" + group "apis" + repository details[:repository] + revision details[:revision] + database_port node[:postgresql][:clusters]["9.1/main"][:port] + database_name database_name + database_username "apis" + run_migrations true + end + + template "#{rails_directory}/config/initializers/setup.rb" do + source "rails.setup.rb.erb" + owner "apis" + group "apis" + mode 0644 + variables :site => site_name + notifies :touch, resources(:file => "#{rails_directory}/tmp/restart.txt") + end + + apache_site site_name do + template "apache.rails.erb" + variables :name => site_name, :aliases => site_aliases + end + end + + Dir.glob("/srv/*.apis.dev.openstreetmap.org").each do |rails_directory| + name = File.basename(rails_directory, ".apis.dev.openstreetmap.org") + + unless node[:dev][:rails].include?(name) + database_config = YAML.load_file("#{rails_directory}/config/database.yml") + database_name = database_config["production"]["database"] + site_name = "#{name}.apis.dev.openstreetmap.org" + + apache_site site_name do + action [ :delete ] + end + + directory rails_directory do + action :delete + recursive true + end + + file "/etc/cron.daily/rails-#{name}" do + action :delete + end + + postgresql_database database_name do + action :drop + cluster "9.1/main" + end + end + end + + directory "/srv/apis.dev.openstreetmap.org" do + owner "apis" + group "apis" + mode 0755 + end + + template "/srv/apis.dev.openstreetmap.org/index.html" do + source "apis.html.erb" + owner "apis" + group "apis" + mode 0644 + end + + apache_site "apis.dev.openstreetmap.org" do + template "apache.apis.erb" + end + + node[:postgresql][:clusters].each do |name,details| + postgresql_munin name do + cluster name + database "ALL" + end + end +end diff --git a/cookbooks/dev/templates/default/apache.apis.erb b/cookbooks/dev/templates/default/apache.apis.erb new file mode 100644 index 000000000..3e53b00f0 --- /dev/null +++ b/cookbooks/dev/templates/default/apache.apis.erb @@ -0,0 +1,11 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + ServerName apis.dev.openstreetmap.org + ServerAdmin webmaster@openstreetmap.org + + DocumentRoot /srv/apis.dev.openstreetmap.org + + CustomLog /var/log/apache2/apis.dev.openstreetmap.org-access.log combined + ErrorLog /var/log/apache2/apis.dev.openstreetmap.org-error.log + diff --git a/cookbooks/dev/templates/default/apache.phppgadmin.erb b/cookbooks/dev/templates/default/apache.phppgadmin.erb new file mode 100644 index 000000000..e2d8556f7 --- /dev/null +++ b/cookbooks/dev/templates/default/apache.phppgadmin.erb @@ -0,0 +1,20 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + ServerName phppgadmin.dev.openstreetmap.org + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/phppgadmin.dev.openstreetmap.org-access.log combined + ErrorLog /var/log/apache2/phppgadmin.dev.openstreetmap.org-error.log + + DocumentRoot /usr/share/phppgadmin + + + + SetHandler fcgi:/var/run/php5-fpm-default.sock + + + SetHandler fcgi:/var/run/php5-fpm-default.sock + + + diff --git a/cookbooks/dev/templates/default/apache.rails.erb b/cookbooks/dev/templates/default/apache.rails.erb new file mode 100644 index 000000000..7d45abe21 --- /dev/null +++ b/cookbooks/dev/templates/default/apache.rails.erb @@ -0,0 +1,16 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org + + DocumentRoot /srv/<%= @name %>/public + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + RailsEnv production + diff --git a/cookbooks/dev/templates/default/apache.user.erb b/cookbooks/dev/templates/default/apache.user.erb new file mode 100644 index 000000000..9b49158f9 --- /dev/null +++ b/cookbooks/dev/templates/default/apache.user.erb @@ -0,0 +1,52 @@ +# DO NOT EDIT - This file is being maintained by Chef + +WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> inactivity-timeout=600 + + + ServerName <%= @user %>.dev.openstreetmap.org + ServerAdmin webmaster@openstreetmap.org + ServerAlias <%= @user %>.dev.osm.org + + UseCanonicalName Off + DocumentRoot <%= @directory %> + ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + WSGIProcessGroup <%= @user %>.dev.openstreetmap.org + + RewriteEngine on + #RewriteLog /var/log/apache2/rewrite.log + #RewriteLogLevel 4 + + CustomLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-access.log combined + ErrorLog /var/log/apache2/<%= @user %>.dev.openstreetmap.org-error.log + + RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f + RewriteRule ^/cgi-bin/(.*)$ /cgi-bin/cgiwrap/~<%= @user %>/cgi-bin/$1 [PT,L] + + RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f + RewriteRule ^/cgi-bin-d/(.*)$ /cgi-bin/cgiwrapd/~<%= @user %>/cgi-bin/$1 [PT,L] + + + + SetHandler fcgi:/var/run/php5-fpm-<%= @user %>.sock + + + SetHandler fcgi:/var/run/php5-fpm-<%= @user %>.sock + + + + + RewriteCond <%= @directory %>%{REQUEST_FILENAME} -f + RewriteRule ^(.*\.php)$ /cgi-bin/php-cgiwrap/~<%= @user %>/$1 [PT,L] + + + +> + AllowOverride AuthConfig FileInfo Indexes Options=RailsBaseURI + Options SymLinksIfOwnerMatch Indexes Includes + + +/wsgi-bin> + SetHandler wsgi-script + Options ExecCGI SymLinksIfOwnerMatch + diff --git a/cookbooks/dev/templates/default/apis.html.erb b/cookbooks/dev/templates/default/apis.html.erb new file mode 100644 index 000000000..e22635082 --- /dev/null +++ b/cookbooks/dev/templates/default/apis.html.erb @@ -0,0 +1,26 @@ + + +OpenStreetMap Testing APIs + + +

OpenStreetMap Testing APIs

+

This server hosts several versions of the OSM APIs for use by anyone +for testing clients against or as a data sandbox.

+ + + + + + +<% node[:dev][:rails].each do |name,details| -%> + + + + + +<% end -%> +
NameRepositoryRevision
<%= name %><%= details[:repository] %><%= details[:revision] %>
+

These APIs are updated every half hour. The last update was at +<%= Time.now.strftime("%Y-%m-%d %H:%M:%S") %>

+ + diff --git a/cookbooks/dev/templates/default/fpm-default.conf.erb b/cookbooks/dev/templates/default/fpm-default.conf.erb new file mode 100644 index 000000000..68afd01e9 --- /dev/null +++ b/cookbooks/dev/templates/default/fpm-default.conf.erb @@ -0,0 +1,384 @@ +; Start a new pool named 'default'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('default' here) +[default] + +; Per pool prefix +; It only applies on the following directives: +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses on a +; specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php5-fpm-default.sock + +; Set listen(2) backlog. A value of '-1' means unlimited. +; Default Value: 128 (-1 on FreeBSD and OpenBSD) +;listen.backlog = -1 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0666 +listen.owner = www-data +listen.group = www-data +listen.mode = 0660 + +; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 10 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 4 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 2 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 6 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = %R - %u %t "%m %r%Q%q" %s %f %{mili}d %{kilo}M %C%% + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +chdir = / + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/cookbooks/dev/templates/default/fpm.conf.erb b/cookbooks/dev/templates/default/fpm.conf.erb new file mode 100644 index 000000000..afbb1a7e2 --- /dev/null +++ b/cookbooks/dev/templates/default/fpm.conf.erb @@ -0,0 +1,50 @@ +; DO NOT EDIT - This file is being maintained by Chef + +[<%= @user %>] +listen = /var/run/php5-fpm-<%= @user %>.sock + +listen.backlog = 256 + +listen.owner = www-data +listen.group = www-data +listen.mode = 0660 + +user = <%= @user %> +group = <%= @user %> + +pm = dynamic +pm.max_children = 10 +pm.start_servers = 4 +pm.min_spare_servers = 2 +pm.max_spare_servers = 6 +pm.max_requests = 10000 + +request_terminate_timeout = 1800 + +;pm.status_path = /status +;ping.path = /ping +;ping.response = pong + +;request_terminate_timeout = 0 +;request_slowlog_timeout = 0 +;slowlog = /var/log/php5-fpm.log.slow +;rlimit_files = 1024 +;rlimit_core = 0 +;chroot = +;chdir = /var/www +;catch_workers_output = yes + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /tmp +env[TMPDIR] = /tmp +env[TEMP] = /tmp + +php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f <%= @user %>@errol.openstreetmap.org +php_admin_value[open_basedir] = /home/<%= @user %>/:/tmp/:/usr/share/php/ +php_flag[display_errors] = on +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +php_value[max_execution_time] = 300 +php_value[memory_limit] = 128M + diff --git a/cookbooks/dev/templates/default/passenger.conf.erb b/cookbooks/dev/templates/default/passenger.conf.erb new file mode 100644 index 000000000..42639f105 --- /dev/null +++ b/cookbooks/dev/templates/default/passenger.conf.erb @@ -0,0 +1,7 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + PassengerRoot /usr + PassengerRuby /usr/bin/ruby<%= node[:dev][:ruby] %> + PassengerUseGlobalQueue on + diff --git a/cookbooks/dev/templates/default/phppgadmin.conf.erb b/cookbooks/dev/templates/default/phppgadmin.conf.erb new file mode 100644 index 000000000..c7f4a954d --- /dev/null +++ b/cookbooks/dev/templates/default/phppgadmin.conf.erb @@ -0,0 +1,127 @@ + + $conf['servers'][<%= index %>]['desc'] = '<%= cluster[0] %>'; + $conf['servers'][<%= index %>]['host'] = '127.0.0.1'; + $conf['servers'][<%= index %>]['port'] = <%= cluster[1][:port] %>; + $conf['servers'][<%= index %>]['sslmode'] = 'allow'; + $conf['servers'][<%= index %>]['defaultdb'] = 'template1'; + $conf['servers'][<%= index %>]['pg_dump_path'] = '/usr/lib/postgresql/<%= cluster[1][:version] %>/bin/pg_dump'; + $conf['servers'][<%= index %>]['pg_dumpall_path'] = '/usr/lib/postgresql/<%= cluster[1][:version] %>/bin/pg_dumpall'; + $conf['servers'][<%= index %>]['slony_support'] = false; + $conf['servers'][<%= index %>]['slony_sql'] = ''; +<% end -%> + + + // Example of groups definition. + // Groups allow administrators to logicaly group servers together under group nodes in the left browser tree + // + // The group '0' description + //$conf['srv_groups'][0]['desc'] = 'group one'; + // + // Add here servers indexes belonging to the group '0' seperated by comma + //$conf['srv_groups'][0]['servers'] = '0,1,2'; + // + // A server can belong to multi groups + //$conf['srv_groups'][1]['desc'] = 'group two'; + //$conf['srv_groups'][1]['servers'] = '3,1'; + + + // Default language. E.g.: 'english', 'polish', etc. See lang/ directory + // for all possibilities. If you specify 'auto' (the default) it will use + // your browser preference. + $conf['default_lang'] = 'auto'; + + // AutoComplete uses AJAX interaction to list foreign key values + // on insert fields. It currently only works on single column + // foreign keys. You can choose one of the following values: + // 'default on' enables AutoComplete and turns it on by default. + // 'default off' enables AutoComplete but turns it off by default. + // 'disable' disables AutoComplete. + $conf['autocomplete'] = 'default on'; + + // If extra login security is true, then logins via phpPgAdmin with no + // password or certain usernames (pgsql, postgres, root, administrator) + // will be denied. Only set this false once you have read the FAQ and + // understand how to change PostgreSQL's pg_hba.conf to enable + // passworded local connections. + $conf['extra_login_security'] = true; + + // Only show owned databases? + // Note: This will simply hide other databases in the list - this does + // not in any way prevent your users from seeing other database by + // other means. (e.g. Run 'SELECT * FROM pg_database' in the SQL area.) + $conf['owned_only'] = false; + + // Display comments on objects? Comments are a good way of documenting + // a database, but they do take up space in the interface. + $conf['show_comments'] = true; + + // Display "advanced" objects? Setting this to true will show + // aggregates, types, operators, operator classes, conversions, + // languages and casts in phpPgAdmin. These objects are rarely + // administered and can clutter the interface. + $conf['show_advanced'] = false; + + // Display "system" objects? + $conf['show_system'] = false; + + // Display reports feature? For this feature to work, you must + // install the reports database as explained in the INSTALL file. + $conf['show_reports'] = true; + + // Database and table for reports + $conf['reports_db'] = 'phppgadmin'; + $conf['reports_schema'] = 'public'; + $conf['reports_table'] = 'ppa_reports'; + + // Only show owned reports? + // Note: This does not prevent people from accessing other reports by + // other means. + $conf['owned_reports_only'] = false; + + // Minimum length users can set their password to. + $conf['min_password_length'] = 1; + + // Width of the left frame in pixels (object browser) + $conf['left_width'] = 200; + + // Which look & feel theme to use + $conf['theme'] = 'default'; + + // Show OIDs when browsing tables? + $conf['show_oids'] = false; + + // Max rows to show on a page when browsing record sets + $conf['max_rows'] = 30; + + // Max chars of each field to display by default in browse mode + $conf['max_chars'] = 50; + + // Send XHTML strict headers? + $conf['use_xhtml_strict'] = false; + + // Base URL for PostgreSQL documentation. + // '%s', if present, will be replaced with the PostgreSQL version + // (e.g. 8.4 ) + $conf['help_base'] = 'http://www.postgresql.org/docs/%s/interactive/'; + + // Configuration for ajax scripts + // Time in seconds. If set to 0, refreshing data using ajax will be disabled (locks and activity pages) + $conf['ajax_refresh'] = 3; + + /***************************************** + * Don't modify anything below this line * + *****************************************/ + + $conf['version'] = 19; + +?> diff --git a/cookbooks/dev/templates/default/rails.setup.rb.erb b/cookbooks/dev/templates/default/rails.setup.rb.erb new file mode 100644 index 000000000..269ac4355 --- /dev/null +++ b/cookbooks/dev/templates/default/rails.setup.rb.erb @@ -0,0 +1,41 @@ +unless Object.const_defined?(:Rake) or Object.const_defined?(:POTLATCH2_KEY) + OpenStreetMap::Application.config.after_initialize do + unless webmaster = User.find_by_email("webmaster@openstreetmap.org") + webmaster = User.create({ + :display_name => "OpenStreetMap Webmaster", + :email => "webmaster@openstreetmap.org", + :pass_crypt => SecureRandom.hex, + :status => "active" + }, :without_protection => true) + end + + permissions = Hash[ClientApplication.all_permissions.map { |p| [ p, true ] }] + + unless id = webmaster.client_applications.find_by_name("iD") + id = ClientApplication.create(permissions.merge({ + :name => "iD", + :url => "http://<%= @site %>/", + }), :without_protection => true) + end + + ID_KEY = id.key + + unless potlatch = webmaster.client_applications.find_by_name("Potlatch 2") + potlatch = ClientApplication.create(permissions.merge({ + :name => "Potlatch 2", + :url => "http://<%= @site %>/", + }), :without_protection => true) + end + + POTLATCH2_KEY = potlatch.key + + unless website = webmaster.client_applications.find_by_name("Web Site") + website = ClientApplication.create(permissions.merge({ + :name => "Web Site", + :url => "http://<%= @site %>/", + }), :without_protection => true) + end + + OAUTH_KEY = website.key + end +end diff --git a/cookbooks/drupal/README.rdoc b/cookbooks/drupal/README.rdoc new file mode 100644 index 000000000..3de2ec7a3 --- /dev/null +++ b/cookbooks/drupal/README.rdoc @@ -0,0 +1,8 @@ += DESCRIPTION: + += REQUIREMENTS: + += ATTRIBUTES: + += USAGE: + diff --git a/cookbooks/drupal/attributes/default.rb b/cookbooks/drupal/attributes/default.rb new file mode 100644 index 000000000..efa6d7dc4 --- /dev/null +++ b/cookbooks/drupal/attributes/default.rb @@ -0,0 +1 @@ +default[:apt][:sources] |= [ "aw-drupal" ] diff --git a/cookbooks/drupal/definitions/drupal_site.rb b/cookbooks/drupal/definitions/drupal_site.rb new file mode 100644 index 000000000..41e0b73c0 --- /dev/null +++ b/cookbooks/drupal/definitions/drupal_site.rb @@ -0,0 +1,82 @@ +# +# Cookbook Name:: drupal +# Definition:: drupal_site +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :drupal_site, :action => [ :create ], :variables => {} do + site_name = params[:name] + site_action = params[:action] + site_title = params[:title] || site_name + short_name = site_name.sub(/\..*$/, "") + db_name = params[:database_name] || short_name + db_username = params[:database_username] || short_name + db_password = params[:database_password] + db_url = "mysql://#{db_username}:#{db_password}@localhost/#{db_name}" + admin_username = params[:admin_username] || "admin" + admin_password = params[:admin_password] + admin_email = params[:admin_email] || "webmaster@openstreetmap.org" + ssl = params[:ssl] || false + + if site_action.include?(:create) + directory "/data/#{site_name}" do + owner "www-data" + group "www-data" + mode "0775" + recursive true + end + + directory "/data/#{site_name}/files" do + owner "www-data" + group "www-data" + mode "0775" + end + + directory "/data/#{site_name}/private" do + owner "www-data" + group "www-data" + mode "0775" + end + + directory "/etc/drupal/7/sites/#{site_name}" do + owner "root" + group "root" + mode "0555" + end + + link "/etc/drupal/7/sites/#{site_name}/files" do + to "/data/#{site_name}/files" + end + + link "/etc/drupal/7/sites/#{site_name}/private" do + to "/data/#{site_name}/private" + end + + execute "drupal-site-install-#{short_name}" do + command "drush site-install --account-name=#{admin_username} --account-pass=#{admin_password} --account-mail=#{admin_email} --db-url=#{db_url} --site-name=#{site_title} --site-mail=webmaster@openstreetmap.org --sites-subdir=#{site_name} --yes" + cwd "/usr/share/drupal7" + user "root" + group "root" + creates "/etc/drupal/7/sites/#{site_name}/settings.php" + end + + apache_site site_name do + cookbook "drupal" + template ssl ? "apache-ssl.erb" : "apache.erb" + end + elsif site_action.include?(:delete) + end +end diff --git a/cookbooks/drupal/metadata.rb b/cookbooks/drupal/metadata.rb new file mode 100644 index 000000000..d1840df3d --- /dev/null +++ b/cookbooks/drupal/metadata.rb @@ -0,0 +1,7 @@ +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache 2.0" +description "Installs and configures Drupal" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) +version "1.0.0" +depends "apache" diff --git a/cookbooks/drupal/recipes/default.rb b/cookbooks/drupal/recipes/default.rb new file mode 100644 index 000000000..a1294743d --- /dev/null +++ b/cookbooks/drupal/recipes/default.rb @@ -0,0 +1,25 @@ +# +# Cookbook Name:: drupal +# Recipe:: default +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache::ssl" + +package "drupal7" +package "drush" + +apache_module "php5" diff --git a/cookbooks/drupal/templates/default/apache-ssl.erb b/cookbooks/drupal/templates/default/apache-ssl.erb new file mode 100644 index 000000000..03aa5eebe --- /dev/null +++ b/cookbooks/drupal/templates/default/apache-ssl.erb @@ -0,0 +1,23 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + RedirectPermanent / https://<%= @name %>/ + + + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + DocumentRoot /usr/share/drupal7 + + SSLEngine on + diff --git a/cookbooks/drupal/templates/default/apache.erb b/cookbooks/drupal/templates/default/apache.erb new file mode 100644 index 000000000..f1947c49a --- /dev/null +++ b/cookbooks/drupal/templates/default/apache.erb @@ -0,0 +1,11 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + DocumentRoot /usr/share/drupal7 + diff --git a/cookbooks/nominatim/README.rdoc b/cookbooks/nominatim/README.rdoc new file mode 100644 index 000000000..3de2ec7a3 --- /dev/null +++ b/cookbooks/nominatim/README.rdoc @@ -0,0 +1,8 @@ += DESCRIPTION: + += REQUIREMENTS: + += ATTRIBUTES: + += USAGE: + diff --git a/cookbooks/nominatim/metadata.rb b/cookbooks/nominatim/metadata.rb new file mode 100644 index 000000000..2806429bc --- /dev/null +++ b/cookbooks/nominatim/metadata.rb @@ -0,0 +1,8 @@ +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache 2.0" +description "Installs and configures nominatim servers" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) +version "1.0.0" +depends "apache" +depends "postgresql" diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb new file mode 100644 index 000000000..2c24309de --- /dev/null +++ b/cookbooks/nominatim/recipes/default.rb @@ -0,0 +1,59 @@ +# +# Cookbook Name:: nominatim +# Recipe:: default +# +# Copyright 2012, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache" +include_recipe "postgresql" + +package "php5" +package "php5-cli" +package "php5-pgsql" + +package "php-apc" + +apache_module "rewrite" +apache_module "fastcgi-handler" + +service "php5-fpm" do + action [ :enable, :start ] + supports :status => true, :restart => true, :reload => true +end + +postgresql_user "tomh" do + cluster "9.1/main" + superuser true +end + +postgresql_user "lonvia" do + cluster "9.1/main" + superuser true +end + +postgresql_user "twain" do + cluster "9.1/main" + superuser true +end + +postgresql_user "www-data" do + cluster "9.1/main" +end + +postgresql_munin "nominatim" do + cluster "9.1/main" + database "nominatim" +end diff --git a/cookbooks/owl/README.rdoc b/cookbooks/owl/README.rdoc new file mode 100644 index 000000000..3de2ec7a3 --- /dev/null +++ b/cookbooks/owl/README.rdoc @@ -0,0 +1,8 @@ += DESCRIPTION: + += REQUIREMENTS: + += ATTRIBUTES: + += USAGE: + diff --git a/cookbooks/owl/attributes/default.rb b/cookbooks/owl/attributes/default.rb new file mode 100644 index 000000000..adf7f6852 --- /dev/null +++ b/cookbooks/owl/attributes/default.rb @@ -0,0 +1 @@ +default[:owl][:ruby] = "1.9.1" diff --git a/cookbooks/owl/metadata.rb b/cookbooks/owl/metadata.rb new file mode 100644 index 000000000..1aca6a415 --- /dev/null +++ b/cookbooks/owl/metadata.rb @@ -0,0 +1,8 @@ +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache 2.0" +description "Installs and configures OWL servers" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) +version "1.0.0" +depends "apache" +depends "postgresql" diff --git a/cookbooks/owl/recipes/default.rb b/cookbooks/owl/recipes/default.rb new file mode 100644 index 000000000..819abdd78 --- /dev/null +++ b/cookbooks/owl/recipes/default.rb @@ -0,0 +1,134 @@ +# +# Cookbook Name:: owl +# Recipe:: default +# +# Copyright 2012, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache" +include_recipe "postgresql" + +package "python" +package "python-psycopg2" + +package "libxslt-dev" + +package "ruby#{node[:owl][:ruby]}" +package "ruby#{node[:owl][:ruby]}-dev" +package "rubygems#{node[:owl][:ruby]}" +package "irb#{node[:owl][:ruby]}" + +gem_package "bundler#{node[:owl][:ruby]}" do + package_name "bundler" + gem_binary "gem#{node[:owl][:ruby]}" + options "--format-executable" +end + +apache_module "deflate" + +apache_module "passenger" do + conf "passenger.conf.erb" +end + +munin_plugin "passenger_memory" +munin_plugin "passenger_processes" +munin_plugin "passenger_queues" +munin_plugin "passenger_requests" + +postgresql_user "tomh" do + cluster "9.1/main" + superuser true +end + +postgresql_user "matt" do + cluster "9.1/main" + superuser true +end + +postgresql_user "ppawel" do + cluster "9.1/main" + superuser true +end + +postgresql_user "owl" do + cluster "9.1/main" +end + +postgresql_database "owl" do + cluster "9.1/main" + owner "owl" +end + +postgresql_munin "owl" do + cluster "9.1/main" + database "owl" +end + +# grant select on changeset_tiles to owl; +# grant select on geometry_columns to owl; +# grant select on changesets to owl; +# grant select on users to owl; + +directory "/srv/owl.openstreetmap.org" do + owner "owl" + group "owl" + mode 02775 +end + +file "/srv/owl.openstreetmap.org/openstreetmap-watch-list/rails/tmp/restart.txt" do + action :nothing +end + +execute "/srv/owl.openstreetmap.org/openstreetmap-watch-list/rails/Gemfile" do + action :nothing + command "bundle#{node[:owl][:ruby]} install" + cwd "/srv/owl.openstreetmap.org/openstreetmap-watch-list/rails" + user "root" + group "root" + notifies :touch, resources(:file => "/srv/owl.openstreetmap.org/openstreetmap-watch-list/rails/tmp/restart.txt") +end + +git "/srv/owl.openstreetmap.org/openstreetmap-watch-list" do + action :sync + repository "git://github.com/ppawel/openstreetmap-watch-list.git" + revision "owl.osm.org" + user "owl" + group "owl" + notifies :run, resources(:execute => "/srv/owl.openstreetmap.org/openstreetmap-watch-list/rails/Gemfile") +end + +directory "srv/owl.openstreetmap.org/openstreetmap-watch-list/rails/tmp" do + owner "owl" + group "owl" +end + +file "srv/owl.openstreetmap.org/openstreetmap-watch-list/rails/config/environment.rb" do + owner "owl" + group "owl" +end + +template "/srv/owl.openstreetmap.org/openstreetmap-watch-list/rails/config/database.yml" do + source "database.yml.erb" + owner "owl" + group "owl" + mode 0664 + notifies :run, resources(:execute => "/srv/owl.openstreetmap.org/openstreetmap-watch-list/rails/Gemfile") + only_if { node[:postgresql][:clusters]["9.1/main"] } +end + +apache_site "owl.openstreetmap.org" do + template "apache.erb" + variables :aliases => [ "owl.osm.org" ] +end diff --git a/cookbooks/owl/templates/default/apache.erb b/cookbooks/owl/templates/default/apache.erb new file mode 100644 index 000000000..94dbc3ef1 --- /dev/null +++ b/cookbooks/owl/templates/default/apache.erb @@ -0,0 +1,18 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org + + DocumentRoot /srv/<%= @name %>/openstreetmap-watch-list/rails/public + + RailsEnv production + + SetOutputFilter DEFLATE + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + diff --git a/cookbooks/owl/templates/default/database.yml.erb b/cookbooks/owl/templates/default/database.yml.erb new file mode 100644 index 000000000..27db9c042 --- /dev/null +++ b/cookbooks/owl/templates/default/database.yml.erb @@ -0,0 +1,13 @@ +# DO NOT EDIT - This file is being maintained by Chef + +production: + adapter: postgresql + port: <%= node[:postgresql][:clusters]["9.1/main"][:port] %> + database: owl + encoding: utf8 + +development: + adapter: postgresql + port: <%= node[:postgresql][:clusters]["9.1/main"][:port] %> + database: owl + encoding: utf8 diff --git a/cookbooks/owl/templates/default/passenger.conf.erb b/cookbooks/owl/templates/default/passenger.conf.erb new file mode 100644 index 000000000..1bf352cac --- /dev/null +++ b/cookbooks/owl/templates/default/passenger.conf.erb @@ -0,0 +1,7 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + PassengerRoot /usr + PassengerRuby /usr/bin/ruby<%= node[:owl][:ruby] %> + PassengerUseGlobalQueue on + diff --git a/cookbooks/squid/README.rdoc b/cookbooks/squid/README.rdoc new file mode 100644 index 000000000..3de2ec7a3 --- /dev/null +++ b/cookbooks/squid/README.rdoc @@ -0,0 +1,8 @@ += DESCRIPTION: + += REQUIREMENTS: + += ATTRIBUTES: + += USAGE: + diff --git a/cookbooks/squid/attributes/default.rb b/cookbooks/squid/attributes/default.rb new file mode 100644 index 000000000..411e61365 --- /dev/null +++ b/cookbooks/squid/attributes/default.rb @@ -0,0 +1,5 @@ + +default[:squid][:cache_mem] = "256 MB" +default[:squid][:cache_dir] = "ufs /var/spool/squid 256 16 256" +default[:squid][:access_log] = "/var/log/squid/access.log squid" + diff --git a/cookbooks/squid/definitions/squid_fragment.rb b/cookbooks/squid/definitions/squid_fragment.rb new file mode 100644 index 000000000..f64873da7 --- /dev/null +++ b/cookbooks/squid/definitions/squid_fragment.rb @@ -0,0 +1,39 @@ +# +# Cookbook Name:: squid +# Definition:: squid_fragment +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :squid_fragment, :action => [ :create ], :variables => {} do + name = params[:name] + site_action = params[:action] + + if site_action.include?(:create) + template "/etc/squid/squid.conf.d/#{name}.conf" do + source params[:template] + owner "root" + group "root" + mode 0644 + variables params[:variables] + notifies :create, "template[/etc/squid/squid.conf]" + end + elsif site_action.include?(:delete) + template "/etc/squid/squid.conf.d/#{name}.conf" do + action :delete + notifies :create, "template[/etc/squid/squid.conf]" + end + end +end diff --git a/cookbooks/squid/metadata.rb b/cookbooks/squid/metadata.rb new file mode 100644 index 000000000..735b1c0b8 --- /dev/null +++ b/cookbooks/squid/metadata.rb @@ -0,0 +1,6 @@ +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache 2.0" +description "Installs and configures squid" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) +version "1.0.0" diff --git a/cookbooks/squid/recipes/default.rb b/cookbooks/squid/recipes/default.rb new file mode 100644 index 000000000..6452f67af --- /dev/null +++ b/cookbooks/squid/recipes/default.rb @@ -0,0 +1,57 @@ +# +# Cookbook Name:: squid +# Recipe:: default +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package "squid" +package "squidclient" + +template "/etc/squid/squid.conf" do + source "squid.conf.erb" + owner "root" + group "root" + mode 0644 +end + +template "/etc/default/squid" do + source "squid.erb" + owner "root" + group "root" + mode 0644 +end + +directory "/etc/squid/squid.conf.d" do + owner "root" + group "root" + mode 0755 +end + +service "squid" do + action [ :enable, :start ] + supports :status => true, :restart => true, :reload => true + subscribes :reload, resources(:template => "/etc/squid/squid.conf") + subscribes :restart, resources(:template => "/etc/default/squid") + subscribes :reload, resources(:template => "/etc/resolv.conf") +end + +munin_plugin "squid_cache" +munin_plugin "squid_delay_pools" +munin_plugin "squid_times" +munin_plugin "squid_icp" +munin_plugin "squid_objectsize" +munin_plugin "squid_requests" +munin_plugin "squid_traffic" diff --git a/cookbooks/squid/templates/default/squid.conf.erb b/cookbooks/squid/templates/default/squid.conf.erb new file mode 100644 index 000000000..72ff97740 --- /dev/null +++ b/cookbooks/squid/templates/default/squid.conf.erb @@ -0,0 +1,104 @@ +# DO NOT EDIT - This file is being maintained by Chef + +#FIXME - configurable +cache_mem <%= node[:squid][:cache_mem] %> + +max_filedescriptors 65536 + +#used by squidclient / munin +http_port 127.0.0.1:3128 + +#FIXME - configurable +http_port 80 accel defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6 http11 + +cache_effective_user proxy +cache_effective_group proxy + +#FIXME - configurable +cache_dir <%= node[:squid][:cache_dir] %> +cache_swap_log /var/spool/squid/%s + +quick_abort_min 0 KB +quick_abort_max 0 KB + +read_ahead_gap 64 KB + +maximum_object_size 1048576 bytes +maximum_object_size_in_memory 64 KB + +cache_replacement_policy heap LFUDA +memory_replacement_policy heap GDSF + +server_persistent_connections on +persistent_request_timeout 1 minutes + +negative_ttl 15 seconds +half_closed_clients off +pipeline_prefetch on + +read_timeout 90 seconds +request_timeout 90 seconds +connect_timeout 20 seconds +client_lifetime 1 hours + +collapsed_forwarding on +refresh_stale_hit 300 seconds + +#Recommended minimum configuration: +#---------------------------------- +acl all src all +acl manager proto cache_object +acl localhost src 127.0.0.1/32 +acl to_localhost dst 127.0.0.0/8 +acl SSL_ports port 443 +acl Safe_ports port 80 # http +acl Safe_ports port 21 # ftp +acl Safe_ports port 443 # https +acl Safe_ports port 70 # gopher +acl Safe_ports port 210 # wais +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl CONNECT method CONNECT +http_access allow manager localhost + +http_access allow manager + +http_access deny manager +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports +#---------------------------------- + +acl purge_hosts src 127.0.0.0/8 +acl PURGE method purge +http_access allow purge purge_hosts +http_access deny purge + +forwarded_for on + +access_log <%= node[:squid][:access_log] %> +cache_log /var/log/squid/cache.log +cache_store_log none +buffered_logs on +client_db off +strip_query_terms off + +digest_generation off + +refresh_pattern . 0 20% 4320 + +#ZERO required for logrotate to work properly +logfile_rotate 0 + +<% Dir.glob("/etc/squid/squid.conf.d/*.conf") do |file| -%> +<%= File.read(file) %> +<% end -%> + +#MUST BE LAST ACL +#-------------- +http_access deny all +icp_access deny all +#-------------- + diff --git a/cookbooks/squid/templates/default/squid.erb b/cookbooks/squid/templates/default/squid.erb new file mode 100644 index 000000000..f6a346cbf --- /dev/null +++ b/cookbooks/squid/templates/default/squid.erb @@ -0,0 +1,8 @@ +# DO NOT EDIT - This file is being maintained by Chef +# +# /etc/default/squid Configuration settings for the Squid proxy server. +# + +# Max. number of filedescriptors to use. You can increase this on a busy +# cache to a maximum of (currently) 65536 filedescriptors. Default is 1024. +SQUID_MAXFD=65536 diff --git a/cookbooks/subversion/README.rdoc b/cookbooks/subversion/README.rdoc new file mode 100644 index 000000000..3de2ec7a3 --- /dev/null +++ b/cookbooks/subversion/README.rdoc @@ -0,0 +1,8 @@ += DESCRIPTION: + += REQUIREMENTS: + += ATTRIBUTES: + += USAGE: + diff --git a/cookbooks/subversion/files/default/hooks/post-commit b/cookbooks/subversion/files/default/hooks/post-commit new file mode 100644 index 000000000..a8de2af99 --- /dev/null +++ b/cookbooks/subversion/files/default/hooks/post-commit @@ -0,0 +1,3 @@ +#!/bin/sh + +/usr/bin/sudo -u trac /usr/bin/trac-admin /var/lib/trac changeset added "$1" "$2" diff --git a/cookbooks/subversion/files/default/hooks/post-revprop-change b/cookbooks/subversion/files/default/hooks/post-revprop-change new file mode 100644 index 000000000..31843a021 --- /dev/null +++ b/cookbooks/subversion/files/default/hooks/post-revprop-change @@ -0,0 +1,3 @@ +#!/bin/sh + +/usr/bin/sudo -u trac /usr/bin/trac-admin /var/lib/trac changeset modified "$1" "$2" diff --git a/cookbooks/subversion/metadata.rb b/cookbooks/subversion/metadata.rb new file mode 100644 index 000000000..f2c68b79d --- /dev/null +++ b/cookbooks/subversion/metadata.rb @@ -0,0 +1,7 @@ +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache 2.0" +description "Installs and configures subversion servers" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) +version "1.0.0" +depends "apache" diff --git a/cookbooks/subversion/recipes/default.rb b/cookbooks/subversion/recipes/default.rb new file mode 100644 index 000000000..1a52b9f42 --- /dev/null +++ b/cookbooks/subversion/recipes/default.rb @@ -0,0 +1,50 @@ +# +# Cookbook Name:: subversion +# Recipe:: default +# +# Copyright 2012, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache" + +package "subversion" + +site_name = "svn.openstreetmap.org" +repository_directory = "/var/lib/subversion/repos/openstreetmap" + +remote_directory "#{repository_directory}/hooks" do + source "hooks" + owner "www-data" + group "www-data" + mode 0755 + files_owner "www-data" + files_group "www-data" + files_mode 0755 + purge false +end + +apache_module "authz_svn" do + package "libapache2-svn" +end + +apache_module "dav_svn" do + package "libapache2-svn" +end + +apache_site site_name do + template "apache.erb" + directory repository_directory + variables :realm => "Subversion Repository", :password_file => "/etc/apache2/svn.passwd" +end diff --git a/cookbooks/subversion/templates/default/apache.erb b/cookbooks/subversion/templates/default/apache.erb new file mode 100644 index 000000000..90bdd4f27 --- /dev/null +++ b/cookbooks/subversion/templates/default/apache.erb @@ -0,0 +1,26 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + ServerName <%= @name %> + ServerAdmin webmaster@openstreetmap.org + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + CustomLog /var/log/apache2/<%= @name %>-svn-access.log "%h %t %u %{SVN-ACTION}e" env=SVN-ACTION + ErrorLog /var/log/apache2/<%= @name %>-error.log + + + DAV svn + SVNPath <%= @directory %> + + AuthType Basic + AuthName "<%= @realm %>" + AuthUserFile <%= @password_file %> + + LimitXMLRequestBody 0 + LimitRequestBody 0 + + + Require valid-user + + + diff --git a/cookbooks/tilecache/README.rdoc b/cookbooks/tilecache/README.rdoc new file mode 100644 index 000000000..3de2ec7a3 --- /dev/null +++ b/cookbooks/tilecache/README.rdoc @@ -0,0 +1,8 @@ += DESCRIPTION: + += REQUIREMENTS: + += ATTRIBUTES: + += USAGE: + diff --git a/cookbooks/tilecache/attributes/default.rb b/cookbooks/tilecache/attributes/default.rb new file mode 100644 index 000000000..2e8471518 --- /dev/null +++ b/cookbooks/tilecache/attributes/default.rb @@ -0,0 +1,12 @@ + +default[:tilecache][:tile_parent] = "parent.tile.openstreetmap.org" + +#Per IP bucket refill rate +default[:tilecache][:ip_bucket_refill] = "8192" +#Per IP bucket size +default[:tilecache][:ip_bucket_size] = "16777216" +#Per Class C refill rate +default[:tilecache][:net_bucket_refill] = "32768" +#Per Class C bucket size +default[:tilecache][:net_bucket_size] = "33554432" + diff --git a/cookbooks/tilecache/metadata.rb b/cookbooks/tilecache/metadata.rb new file mode 100644 index 000000000..ce9c0e62a --- /dev/null +++ b/cookbooks/tilecache/metadata.rb @@ -0,0 +1,7 @@ +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache 2.0" +description "Installs and configures a tile cache" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) +version "1.0.0" +depends "squid" diff --git a/cookbooks/tilecache/recipes/default.rb b/cookbooks/tilecache/recipes/default.rb new file mode 100644 index 000000000..23edf0155 --- /dev/null +++ b/cookbooks/tilecache/recipes/default.rb @@ -0,0 +1,27 @@ +# +# Cookbook Name:: tilecache +# Recipe:: default +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "squid" + +tilecaches = search(:node, "roles:tilecache") + +squid_fragment "tilecache" do + template "squid.conf.erb" + variables :caches => tilecaches +end diff --git a/cookbooks/tilecache/templates/default/squid.conf.erb b/cookbooks/tilecache/templates/default/squid.conf.erb new file mode 100644 index 000000000..aac9a45bc --- /dev/null +++ b/cookbooks/tilecache/templates/default/squid.conf.erb @@ -0,0 +1,679 @@ +acl osmtile_sites dstdomain a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tile.openstreetmap.org a.tile.osm.org b.tile.osm.org c.tile.osm.org tile.osm.org +acl osmtiles_png urlpath_regex .png$ + +http_access allow osmtile_sites + +acl osmtile_nocache_url urlpath_regex \.png/(status|dirty)$ +cache deny osmtile_sites osmtile_nocache_url + +cache_peer <%= node[:tilecache][:tile_parent] %> parent 80 0 no-query originserver name=osmtileAccel login=PASS connect-timeout=90 no-digest +cache_peer yevaud.openstreetmap.org parent 80 0 no-query originserver name=osmtileFileAccel login=PASS connect-timeout=90 no-delay no-digest max-conn=30 + +cache_peer_access osmtileAccel allow osmtile_sites osmtiles_png +cache_peer_access osmtileAccel deny all + +cache_peer_access osmtileFileAccel allow osmtile_sites !osmtiles_png +cache_peer_access osmtileFileAccel deny all + +#---------------------------------- +#Create an unlimited pool for cache IP addresses +acl pool_unlimited src 127.0.0.1 +<% @caches.each do |cache| -%> +<% cache.ipaddresses(:family => :inet, :role => :external) do |address| -%> + acl pool_unlimited src <%= address %> +<% end -%> +<% end -%> + +acl pool_000 src 0.0.0.0/7 +acl pool_002 src 2.0.0.0/7 +acl pool_004 src 4.0.0.0/7 +acl pool_006 src 6.0.0.0/7 +acl pool_008 src 8.0.0.0/7 +acl pool_010 src 10.0.0.0/7 +acl pool_012 src 12.0.0.0/7 +acl pool_014 src 14.0.0.0/7 +acl pool_016 src 16.0.0.0/7 +acl pool_018 src 18.0.0.0/7 +acl pool_020 src 20.0.0.0/7 +acl pool_022 src 22.0.0.0/7 +acl pool_024 src 24.0.0.0/7 +acl pool_026 src 26.0.0.0/7 +acl pool_028 src 28.0.0.0/7 +acl pool_030 src 30.0.0.0/7 +acl pool_032 src 32.0.0.0/7 +acl pool_034 src 34.0.0.0/7 +acl pool_036 src 36.0.0.0/7 +acl pool_038 src 38.0.0.0/7 +acl pool_040 src 40.0.0.0/7 +acl pool_042 src 42.0.0.0/7 +acl pool_044 src 44.0.0.0/7 +acl pool_046 src 46.0.0.0/7 +acl pool_048 src 48.0.0.0/7 +acl pool_050 src 50.0.0.0/7 +acl pool_052 src 52.0.0.0/7 +acl pool_054 src 54.0.0.0/7 +acl pool_056 src 56.0.0.0/7 +acl pool_058 src 58.0.0.0/7 +acl pool_060 src 60.0.0.0/7 +acl pool_062 src 62.0.0.0/7 +acl pool_064 src 64.0.0.0/7 +acl pool_066 src 66.0.0.0/7 +acl pool_068 src 68.0.0.0/7 +acl pool_070 src 70.0.0.0/7 +acl pool_072 src 72.0.0.0/7 +acl pool_074 src 74.0.0.0/7 +acl pool_076 src 76.0.0.0/7 +acl pool_078 src 78.0.0.0/7 +acl pool_080 src 80.0.0.0/7 +acl pool_082 src 82.0.0.0/7 +acl pool_084 src 84.0.0.0/7 +acl pool_086 src 86.0.0.0/7 +acl pool_088 src 88.0.0.0/7 +acl pool_090 src 90.0.0.0/7 +acl pool_092 src 92.0.0.0/7 +acl pool_094 src 94.0.0.0/7 +acl pool_096 src 96.0.0.0/7 +acl pool_098 src 98.0.0.0/7 +acl pool_100 src 100.0.0.0/7 +acl pool_102 src 102.0.0.0/7 +acl pool_104 src 104.0.0.0/7 +acl pool_106 src 106.0.0.0/7 +acl pool_108 src 108.0.0.0/7 +acl pool_110 src 110.0.0.0/7 +acl pool_112 src 112.0.0.0/7 +acl pool_114 src 114.0.0.0/7 +acl pool_116 src 116.0.0.0/7 +acl pool_118 src 118.0.0.0/7 +acl pool_120 src 120.0.0.0/7 +acl pool_122 src 122.0.0.0/7 +acl pool_124 src 124.0.0.0/7 +acl pool_126 src 126.0.0.0/7 +acl pool_128 src 128.0.0.0/7 +acl pool_130 src 130.0.0.0/7 +acl pool_132 src 132.0.0.0/7 +acl pool_134 src 134.0.0.0/7 +acl pool_136 src 136.0.0.0/7 +acl pool_138 src 138.0.0.0/7 +acl pool_140 src 140.0.0.0/7 +acl pool_142 src 142.0.0.0/7 +acl pool_144 src 144.0.0.0/7 +acl pool_146 src 146.0.0.0/7 +acl pool_148 src 148.0.0.0/7 +acl pool_150 src 150.0.0.0/7 +acl pool_152 src 152.0.0.0/7 +acl pool_154 src 154.0.0.0/7 +acl pool_156 src 156.0.0.0/7 +acl pool_158 src 158.0.0.0/7 +acl pool_160 src 160.0.0.0/7 +acl pool_162 src 162.0.0.0/7 +acl pool_164 src 164.0.0.0/7 +acl pool_166 src 166.0.0.0/7 +acl pool_168 src 168.0.0.0/7 +acl pool_170 src 170.0.0.0/7 +acl pool_172 src 172.0.0.0/7 +acl pool_174 src 174.0.0.0/7 +acl pool_176 src 176.0.0.0/7 +acl pool_178 src 178.0.0.0/7 +acl pool_180 src 180.0.0.0/7 +acl pool_182 src 182.0.0.0/7 +acl pool_184 src 184.0.0.0/7 +acl pool_186 src 186.0.0.0/7 +acl pool_188 src 188.0.0.0/7 +acl pool_190 src 190.0.0.0/7 +acl pool_192 src 192.0.0.0/7 +acl pool_194 src 194.0.0.0/7 +acl pool_196 src 196.0.0.0/7 +acl pool_198 src 198.0.0.0/7 +acl pool_200 src 200.0.0.0/7 +acl pool_202 src 202.0.0.0/7 +acl pool_204 src 204.0.0.0/7 +acl pool_206 src 206.0.0.0/7 +acl pool_208 src 208.0.0.0/7 +acl pool_210 src 210.0.0.0/7 +acl pool_212 src 212.0.0.0/7 +acl pool_214 src 214.0.0.0/7 +acl pool_216 src 216.0.0.0/7 +acl pool_218 src 218.0.0.0/7 +acl pool_220 src 220.0.0.0/7 +acl pool_222 src 222.0.0.0/7 +acl pool_224 src 224.0.0.0/7 +acl pool_226 src 226.0.0.0/7 +acl pool_228 src 228.0.0.0/7 +acl pool_230 src 230.0.0.0/7 +acl pool_232 src 232.0.0.0/7 +acl pool_234 src 234.0.0.0/7 +acl pool_236 src 236.0.0.0/7 +acl pool_238 src 238.0.0.0/7 +acl pool_240 src 240.0.0.0/7 +acl pool_242 src 242.0.0.0/7 +acl pool_244 src 244.0.0.0/7 +acl pool_246 src 246.0.0.0/7 +acl pool_248 src 248.0.0.0/7 +acl pool_250 src 250.0.0.0/7 +acl pool_252 src 252.0.0.0/7 +acl pool_254 src 254.0.0.0/7 + +delay_pools 128 +delay_initial_bucket_level 25 + +delay_class 1 3 +delay_class 2 3 +delay_class 3 3 +delay_class 4 3 +delay_class 5 3 +delay_class 6 3 +delay_class 7 3 +delay_class 8 3 +delay_class 9 3 +delay_class 10 3 +delay_class 11 3 +delay_class 12 3 +delay_class 13 3 +delay_class 14 3 +delay_class 15 3 +delay_class 16 3 +delay_class 17 3 +delay_class 18 3 +delay_class 19 3 +delay_class 20 3 +delay_class 21 3 +delay_class 22 3 +delay_class 23 3 +delay_class 24 3 +delay_class 25 3 +delay_class 26 3 +delay_class 27 3 +delay_class 28 3 +delay_class 29 3 +delay_class 30 3 +delay_class 31 3 +delay_class 32 3 +delay_class 33 3 +delay_class 34 3 +delay_class 35 3 +delay_class 36 3 +delay_class 37 3 +delay_class 38 3 +delay_class 39 3 +delay_class 40 3 +delay_class 41 3 +delay_class 42 3 +delay_class 43 3 +delay_class 44 3 +delay_class 45 3 +delay_class 46 3 +delay_class 47 3 +delay_class 48 3 +delay_class 49 3 +delay_class 50 3 +delay_class 51 3 +delay_class 52 3 +delay_class 53 3 +delay_class 54 3 +delay_class 55 3 +delay_class 56 3 +delay_class 57 3 +delay_class 58 3 +delay_class 59 3 +delay_class 60 3 +delay_class 61 3 +delay_class 62 3 +delay_class 63 3 +delay_class 64 3 +delay_class 65 3 +delay_class 66 3 +delay_class 67 3 +delay_class 68 3 +delay_class 69 3 +delay_class 70 3 +delay_class 71 3 +delay_class 72 3 +delay_class 73 3 +delay_class 74 3 +delay_class 75 3 +delay_class 76 3 +delay_class 77 3 +delay_class 78 3 +delay_class 79 3 +delay_class 80 3 +delay_class 81 3 +delay_class 82 3 +delay_class 83 3 +delay_class 84 3 +delay_class 85 3 +delay_class 86 3 +delay_class 87 3 +delay_class 88 3 +delay_class 89 3 +delay_class 90 3 +delay_class 91 3 +delay_class 92 3 +delay_class 93 3 +delay_class 94 3 +delay_class 95 3 +delay_class 96 3 +delay_class 97 3 +delay_class 98 3 +delay_class 99 3 +delay_class 100 3 +delay_class 101 3 +delay_class 102 3 +delay_class 103 3 +delay_class 104 3 +delay_class 105 3 +delay_class 106 3 +delay_class 107 3 +delay_class 108 3 +delay_class 109 3 +delay_class 110 3 +delay_class 111 3 +delay_class 112 3 +delay_class 113 3 +delay_class 114 3 +delay_class 115 3 +delay_class 116 3 +delay_class 117 3 +delay_class 118 3 +delay_class 119 3 +delay_class 120 3 +delay_class 121 3 +delay_class 122 3 +delay_class 123 3 +delay_class 124 3 +delay_class 125 3 +delay_class 126 3 +delay_class 127 3 +delay_class 128 3 +#bit mask +# xxxxxxx- -------- xxxxxxxx xxxxxxxx + +delay_access 1 allow pool_000 !pool_unlimited osmtile_sites +delay_access 2 allow pool_002 !pool_unlimited osmtile_sites +delay_access 3 allow pool_004 !pool_unlimited osmtile_sites +delay_access 4 allow pool_006 !pool_unlimited osmtile_sites +delay_access 5 allow pool_008 !pool_unlimited osmtile_sites +delay_access 6 allow pool_010 !pool_unlimited osmtile_sites +delay_access 7 allow pool_012 !pool_unlimited osmtile_sites +delay_access 8 allow pool_014 !pool_unlimited osmtile_sites +delay_access 9 allow pool_016 !pool_unlimited osmtile_sites +delay_access 10 allow pool_018 !pool_unlimited osmtile_sites +delay_access 11 allow pool_020 !pool_unlimited osmtile_sites +delay_access 12 allow pool_022 !pool_unlimited osmtile_sites +delay_access 13 allow pool_024 !pool_unlimited osmtile_sites +delay_access 14 allow pool_026 !pool_unlimited osmtile_sites +delay_access 15 allow pool_028 !pool_unlimited osmtile_sites +delay_access 16 allow pool_030 !pool_unlimited osmtile_sites +delay_access 17 allow pool_032 !pool_unlimited osmtile_sites +delay_access 18 allow pool_034 !pool_unlimited osmtile_sites +delay_access 19 allow pool_036 !pool_unlimited osmtile_sites +delay_access 20 allow pool_038 !pool_unlimited osmtile_sites +delay_access 21 allow pool_040 !pool_unlimited osmtile_sites +delay_access 22 allow pool_042 !pool_unlimited osmtile_sites +delay_access 23 allow pool_044 !pool_unlimited osmtile_sites +delay_access 24 allow pool_046 !pool_unlimited osmtile_sites +delay_access 25 allow pool_048 !pool_unlimited osmtile_sites +delay_access 26 allow pool_050 !pool_unlimited osmtile_sites +delay_access 27 allow pool_052 !pool_unlimited osmtile_sites +delay_access 28 allow pool_054 !pool_unlimited osmtile_sites +delay_access 29 allow pool_056 !pool_unlimited osmtile_sites +delay_access 30 allow pool_058 !pool_unlimited osmtile_sites +delay_access 31 allow pool_060 !pool_unlimited osmtile_sites +delay_access 32 allow pool_062 !pool_unlimited osmtile_sites +delay_access 33 allow pool_064 !pool_unlimited osmtile_sites +delay_access 34 allow pool_066 !pool_unlimited osmtile_sites +delay_access 35 allow pool_068 !pool_unlimited osmtile_sites +delay_access 36 allow pool_070 !pool_unlimited osmtile_sites +delay_access 37 allow pool_072 !pool_unlimited osmtile_sites +delay_access 38 allow pool_074 !pool_unlimited osmtile_sites +delay_access 39 allow pool_076 !pool_unlimited osmtile_sites +delay_access 40 allow pool_078 !pool_unlimited osmtile_sites +delay_access 41 allow pool_080 !pool_unlimited osmtile_sites +delay_access 42 allow pool_082 !pool_unlimited osmtile_sites +delay_access 43 allow pool_084 !pool_unlimited osmtile_sites +delay_access 44 allow pool_086 !pool_unlimited osmtile_sites +delay_access 45 allow pool_088 !pool_unlimited osmtile_sites +delay_access 46 allow pool_090 !pool_unlimited osmtile_sites +delay_access 47 allow pool_092 !pool_unlimited osmtile_sites +delay_access 48 allow pool_094 !pool_unlimited osmtile_sites +delay_access 49 allow pool_096 !pool_unlimited osmtile_sites +delay_access 50 allow pool_098 !pool_unlimited osmtile_sites +delay_access 51 allow pool_100 !pool_unlimited osmtile_sites +delay_access 52 allow pool_102 !pool_unlimited osmtile_sites +delay_access 53 allow pool_104 !pool_unlimited osmtile_sites +delay_access 54 allow pool_106 !pool_unlimited osmtile_sites +delay_access 55 allow pool_108 !pool_unlimited osmtile_sites +delay_access 56 allow pool_110 !pool_unlimited osmtile_sites +delay_access 57 allow pool_112 !pool_unlimited osmtile_sites +delay_access 58 allow pool_114 !pool_unlimited osmtile_sites +delay_access 59 allow pool_116 !pool_unlimited osmtile_sites +delay_access 60 allow pool_118 !pool_unlimited osmtile_sites +delay_access 61 allow pool_120 !pool_unlimited osmtile_sites +delay_access 62 allow pool_122 !pool_unlimited osmtile_sites +delay_access 63 allow pool_124 !pool_unlimited osmtile_sites +delay_access 64 allow pool_126 !pool_unlimited osmtile_sites +delay_access 65 allow pool_128 !pool_unlimited osmtile_sites +delay_access 66 allow pool_130 !pool_unlimited osmtile_sites +delay_access 67 allow pool_132 !pool_unlimited osmtile_sites +delay_access 68 allow pool_134 !pool_unlimited osmtile_sites +delay_access 69 allow pool_136 !pool_unlimited osmtile_sites +delay_access 70 allow pool_138 !pool_unlimited osmtile_sites +delay_access 71 allow pool_140 !pool_unlimited osmtile_sites +delay_access 72 allow pool_142 !pool_unlimited osmtile_sites +delay_access 73 allow pool_144 !pool_unlimited osmtile_sites +delay_access 74 allow pool_146 !pool_unlimited osmtile_sites +delay_access 75 allow pool_148 !pool_unlimited osmtile_sites +delay_access 76 allow pool_150 !pool_unlimited osmtile_sites +delay_access 77 allow pool_152 !pool_unlimited osmtile_sites +delay_access 78 allow pool_154 !pool_unlimited osmtile_sites +delay_access 79 allow pool_156 !pool_unlimited osmtile_sites +delay_access 80 allow pool_158 !pool_unlimited osmtile_sites +delay_access 81 allow pool_160 !pool_unlimited osmtile_sites +delay_access 82 allow pool_162 !pool_unlimited osmtile_sites +delay_access 83 allow pool_164 !pool_unlimited osmtile_sites +delay_access 84 allow pool_166 !pool_unlimited osmtile_sites +delay_access 85 allow pool_168 !pool_unlimited osmtile_sites +delay_access 86 allow pool_170 !pool_unlimited osmtile_sites +delay_access 87 allow pool_172 !pool_unlimited osmtile_sites +delay_access 88 allow pool_174 !pool_unlimited osmtile_sites +delay_access 89 allow pool_176 !pool_unlimited osmtile_sites +delay_access 90 allow pool_178 !pool_unlimited osmtile_sites +delay_access 91 allow pool_180 !pool_unlimited osmtile_sites +delay_access 92 allow pool_182 !pool_unlimited osmtile_sites +delay_access 93 allow pool_184 !pool_unlimited osmtile_sites +delay_access 94 allow pool_186 !pool_unlimited osmtile_sites +delay_access 95 allow pool_188 !pool_unlimited osmtile_sites +delay_access 96 allow pool_190 !pool_unlimited osmtile_sites +delay_access 97 allow pool_192 !pool_unlimited osmtile_sites +delay_access 98 allow pool_194 !pool_unlimited osmtile_sites +delay_access 99 allow pool_196 !pool_unlimited osmtile_sites +delay_access 100 allow pool_198 !pool_unlimited osmtile_sites +delay_access 100 allow pool_198 !pool_unlimited osmtile_sites +delay_access 101 allow pool_200 !pool_unlimited osmtile_sites +delay_access 102 allow pool_202 !pool_unlimited osmtile_sites +delay_access 103 allow pool_204 !pool_unlimited osmtile_sites +delay_access 104 allow pool_206 !pool_unlimited osmtile_sites +delay_access 105 allow pool_208 !pool_unlimited osmtile_sites +delay_access 106 allow pool_210 !pool_unlimited osmtile_sites +delay_access 107 allow pool_212 !pool_unlimited osmtile_sites +delay_access 108 allow pool_214 !pool_unlimited osmtile_sites +delay_access 109 allow pool_216 !pool_unlimited osmtile_sites +delay_access 110 allow pool_218 !pool_unlimited osmtile_sites +delay_access 111 allow pool_220 !pool_unlimited osmtile_sites +delay_access 112 allow pool_222 !pool_unlimited osmtile_sites +delay_access 113 allow pool_224 !pool_unlimited osmtile_sites +delay_access 114 allow pool_226 !pool_unlimited osmtile_sites +delay_access 115 allow pool_228 !pool_unlimited osmtile_sites +delay_access 116 allow pool_230 !pool_unlimited osmtile_sites +delay_access 117 allow pool_232 !pool_unlimited osmtile_sites +delay_access 118 allow pool_234 !pool_unlimited osmtile_sites +delay_access 119 allow pool_236 !pool_unlimited osmtile_sites +delay_access 120 allow pool_238 !pool_unlimited osmtile_sites +delay_access 121 allow pool_240 !pool_unlimited osmtile_sites +delay_access 122 allow pool_242 !pool_unlimited osmtile_sites +delay_access 123 allow pool_244 !pool_unlimited osmtile_sites +delay_access 124 allow pool_246 !pool_unlimited osmtile_sites +delay_access 125 allow pool_248 !pool_unlimited osmtile_sites +delay_access 126 allow pool_250 !pool_unlimited osmtile_sites +delay_access 127 allow pool_252 !pool_unlimited osmtile_sites +delay_access 128 allow pool_254 !pool_unlimited osmtile_sites + +delay_access 1 deny all +delay_access 2 deny all +delay_access 3 deny all +delay_access 4 deny all +delay_access 5 deny all +delay_access 6 deny all +delay_access 7 deny all +delay_access 8 deny all +delay_access 9 deny all +delay_access 10 deny all +delay_access 11 deny all +delay_access 12 deny all +delay_access 13 deny all +delay_access 14 deny all +delay_access 15 deny all +delay_access 16 deny all +delay_access 17 deny all +delay_access 18 deny all +delay_access 19 deny all +delay_access 20 deny all +delay_access 21 deny all +delay_access 22 deny all +delay_access 23 deny all +delay_access 24 deny all +delay_access 25 deny all +delay_access 26 deny all +delay_access 27 deny all +delay_access 28 deny all +delay_access 29 deny all +delay_access 30 deny all +delay_access 31 deny all +delay_access 32 deny all +delay_access 33 deny all +delay_access 34 deny all +delay_access 35 deny all +delay_access 36 deny all +delay_access 37 deny all +delay_access 38 deny all +delay_access 39 deny all +delay_access 40 deny all +delay_access 41 deny all +delay_access 42 deny all +delay_access 43 deny all +delay_access 44 deny all +delay_access 45 deny all +delay_access 46 deny all +delay_access 47 deny all +delay_access 48 deny all +delay_access 49 deny all +delay_access 50 deny all +delay_access 51 deny all +delay_access 52 deny all +delay_access 53 deny all +delay_access 54 deny all +delay_access 55 deny all +delay_access 56 deny all +delay_access 57 deny all +delay_access 58 deny all +delay_access 59 deny all +delay_access 60 deny all +delay_access 61 deny all +delay_access 62 deny all +delay_access 63 deny all +delay_access 64 deny all +delay_access 65 deny all +delay_access 66 deny all +delay_access 67 deny all +delay_access 68 deny all +delay_access 69 deny all +delay_access 70 deny all +delay_access 71 deny all +delay_access 72 deny all +delay_access 73 deny all +delay_access 74 deny all +delay_access 75 deny all +delay_access 76 deny all +delay_access 77 deny all +delay_access 78 deny all +delay_access 79 deny all +delay_access 80 deny all +delay_access 81 deny all +delay_access 82 deny all +delay_access 83 deny all +delay_access 84 deny all +delay_access 85 deny all +delay_access 86 deny all +delay_access 87 deny all +delay_access 88 deny all +delay_access 89 deny all +delay_access 90 deny all +delay_access 91 deny all +delay_access 92 deny all +delay_access 93 deny all +delay_access 94 deny all +delay_access 95 deny all +delay_access 96 deny all +delay_access 97 deny all +delay_access 98 deny all +delay_access 99 deny all +delay_access 100 deny all +delay_access 101 deny all +delay_access 102 deny all +delay_access 103 deny all +delay_access 104 deny all +delay_access 105 deny all +delay_access 106 deny all +delay_access 107 deny all +delay_access 108 deny all +delay_access 109 deny all +delay_access 110 deny all +delay_access 111 deny all +delay_access 112 deny all +delay_access 113 deny all +delay_access 114 deny all +delay_access 115 deny all +delay_access 116 deny all +delay_access 117 deny all +delay_access 118 deny all +delay_access 119 deny all +delay_access 120 deny all +delay_access 121 deny all +delay_access 122 deny all +delay_access 123 deny all +delay_access 124 deny all +delay_access 125 deny all +delay_access 126 deny all +delay_access 127 deny all +delay_access 128 deny all + +delay_parameters 1 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 2 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 3 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 4 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 5 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 6 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 7 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 8 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 9 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 10 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 11 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 12 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 13 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 14 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 15 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 16 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 17 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 18 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 19 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 20 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 21 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 22 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 23 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 24 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 25 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 26 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 27 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 28 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 29 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 30 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 31 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 32 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 33 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 34 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 35 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 36 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 37 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 38 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 39 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 40 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 41 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 42 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 43 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 44 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 45 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 46 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 47 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 48 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 49 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 50 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 51 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 52 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 53 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 54 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 55 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 56 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 57 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 58 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 59 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 60 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 61 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 62 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 63 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 64 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 65 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 66 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 67 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 68 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 69 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 70 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 71 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 72 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 73 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 74 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 75 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 76 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 77 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 78 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 79 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 80 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 81 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 82 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 83 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 84 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 85 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 86 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 87 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 88 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 89 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 90 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 91 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 92 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 93 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 94 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 95 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 96 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 97 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 98 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 99 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 100 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 101 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 102 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 103 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 104 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 105 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 106 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 107 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 108 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 109 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 110 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 111 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 112 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 113 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 114 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 115 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 116 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 117 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 118 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 119 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 120 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 121 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 122 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 123 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 124 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 125 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 126 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 127 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> +delay_parameters 128 -1/-1 <%= node[:tilecache][:net_bucket_refill] %>/<%= node[:tilecache][:net_bucket_size] %> <%= node[:tilecache][:ip_bucket_refill] %>/<%= node[:tilecache][:ip_bucket_size] %> + +#---------------------------------- + diff --git a/cookbooks/web/README.rdoc b/cookbooks/web/README.rdoc new file mode 100644 index 000000000..3de2ec7a3 --- /dev/null +++ b/cookbooks/web/README.rdoc @@ -0,0 +1,8 @@ += DESCRIPTION: + += REQUIREMENTS: + += ATTRIBUTES: + += USAGE: + diff --git a/cookbooks/web/attributes/default.rb b/cookbooks/web/attributes/default.rb new file mode 100644 index 000000000..54d692f31 --- /dev/null +++ b/cookbooks/web/attributes/default.rb @@ -0,0 +1,4 @@ +default[:web][:ruby_version] = "1.9.1" +default[:web][:base_directory] = "/srv/www.openstreetmap.org" +default[:web][:pid_directory] = "/var/run/web" +default[:web][:log_directory] = "/var/log/web" diff --git a/cookbooks/web/definitions/rails_port.rb b/cookbooks/web/definitions/rails_port.rb new file mode 100644 index 000000000..48606f7b2 --- /dev/null +++ b/cookbooks/web/definitions/rails_port.rb @@ -0,0 +1,248 @@ +# +# Cookbook Name:: web +# Definition:: rails_port +# +# Copyright 2012, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +define :rails_port, :action => [ :create, :enable ] do + name = params[:name] + ruby_version = params[:ruby] || "1.9.1" + rails_directory = params[:directory] || "/srv/#{name}" + rails_user = params[:user] + rails_group = params[:group] + rails_repository = params[:repository] || "git://git.openstreetmap.org/rails.git" + rails_revision = params[:revision] || "live" + run_migrations = params[:run_migrations] || false + status = params[:status] || "online" + + database_params = { + :host => params[:database_host], + :port => params[:database_port], + :name => params[:database_name], + :username => params[:database_username], + :password => params[:database_password] + } + + package "ruby#{ruby_version}" + package "ruby#{ruby_version}-dev" + package "rubygems#{ruby_version}" + package "irb#{ruby_version}" + package "imagemagick" + + package "g++" + package "libpq-dev" + package "libsasl2-dev" + package "libxml2-dev" + package "libxslt1-dev" + package "libmemcached-dev" + + gem_package "bundler#{ruby_version}" do + package_name "bundler" + gem_binary "gem#{ruby_version}" + options "--format-executable" + end + + file "/usr/lib/ruby/1.8/rack.rb" do + action :delete + end + + directory "/usr/lib/ruby/1.8/rack" do + action :delete + recursive true + end + + file "#{rails_directory}/tmp/restart.txt" do + action :nothing + end + + file "#{rails_directory}/public/export/embed.html" do + action :nothing + end + + execute "#{rails_directory}/public/assets" do + action :nothing + command "rake#{ruby_version} assets:precompile" + cwd rails_directory + user rails_user + group rails_group + notifies :delete, resources(:file => "#{rails_directory}/public/export/embed.html") + notifies :touch, resources(:file => "#{rails_directory}/tmp/restart.txt") + end + + execute "#{rails_directory}/db/migrate" do + action :nothing + command "rake#{ruby_version} db:migrate" + cwd rails_directory + user rails_user + group rails_group + notifies :run, resources(:execute => "#{rails_directory}/public/assets") + end + + execute "#{rails_directory}/Gemfile" do + action :nothing + command "bundle#{ruby_version} install" + cwd rails_directory + user "root" + group "root" + if run_migrations + notifies :run, resources(:execute => "#{rails_directory}/db/migrate") + else + notifies :run, resources(:execute => "#{rails_directory}/public/assets") + end + subscribes :run, resources(:gem_package => "bundler#{ruby_version}") + end + + directory rails_directory do + owner rails_user + group rails_group + mode 02775 + end + + git rails_directory do + action :sync + repository rails_repository + revision rails_revision + user rails_user + group rails_group + notifies :run, resources(:execute => "#{rails_directory}/Gemfile") + end + + directory "#{rails_directory}/tmp" do + owner rails_user + group rails_group + end + + file "#{rails_directory}/config/environment.rb" do + owner rails_user + group rails_group + end + + template "#{rails_directory}/config/database.yml" do + cookbook "web" + source "database.yml.erb" + owner rails_user + group rails_group + mode 0664 + variables database_params + notifies :touch, resources(:file => "#{rails_directory}/tmp/restart.txt") + end + + file "#{rails_directory}/config/application.yml" do + owner rails_user + group rails_group + mode 0664 + content_from_file "#{rails_directory}/config/example.application.yml" do |line| + line.gsub!(/^( *)server_url:.*$/, "\\1server_url: \"#{name}\"") + + if params[:email_from] + line.gsub!(/^( *)email_from:.*$/, "\\1email_from: \"#{params[:email_from]}\"") + end + + line.gsub!(/^( *)status:.*$/, "\\1status: :#{status}") + + if params[:messages_domain] + line.gsub!(/^( *)#messages_domain:.*$/, "\\1messages_domain: \"#{params[:messages_domain]}\"") + end + + line.gsub!(/^( *)#geonames_username:.*$/, "\\1geonames_username: \"openstreetmap\"") + + if params[:quova_username] + line.gsub!(/^( *)#quova_username:.*$/, "\\1quova_username: \"#{params[:quova_username]}\"") + line.gsub!(/^( *)#quova_password:.*$/, "\\1quova_password: \"#{params[:quova_password]}\"") + end + + if params[:soft_memory_limit] + line.gsub!(/^( *)#soft_memory_limit:.*$/, "\\1soft_memory_limit: #{params[:soft_memory_limit]}") + end + + if params[:hard_memory_limit] + line.gsub!(/^( *)#hard_memory_limit:.*$/, "\\1hard_memory_limit: #{params[:hard_memory_limit]}") + end + + if params[:gpx_dir] + line.gsub!(/^( *)gpx_trace_dir:.*$/, "\\1gpx_trace_dir: \"#{params[:gpx_dir]}/traces\"") + line.gsub!(/^( *)gpx_image_dir:.*$/, "\\1gpx_image_dir: \"#{params[:gpx_dir]}/images\"") + end + + if params[:attachments_dir] + line.gsub!(/^( *)attachments_dir:.*$/, "\\1attachments_dir: \"#{params[:attachments_dir]}\"") + end + + if params[:log_path] + line.gsub!(/^( *)#log_path:.*$/, "\\1log_path: \"#{params[:log_path]}\"") + end + + if params[:memcache_servers] + line.gsub!(/^( *)#memcache_servers:.*$/, "\\1memcache_servers: [ \"#{params[:memcache_servers].join("\", \"")}\" ]") + end + + if params[:potlatch2_key] + line.gsub!(/^( *)#potlatch2_key:.*$/, "\\1potlatch2_key: \"#{params[:potlatch2_key]}\"") + end + + if params[:id_key] + line.gsub!(/^( *)#id_key:.*$/, "\\1id_key: \"#{params[:id_key]}\"") + end + + if params[:oauth_key] + line.gsub!(/^( *)#oauth_key:.*$/, "\\1oauth_key: \"#{params[:oauth_key]}\"") + end + + line.gsub!(/^( *)require_terms_seen:.*$/, "\\1require_terms_seen: true") + line.gsub!(/^( *)require_terms_agreed:.*$/, "\\1require_terms_agreed: true") + + if params[:piwik_location] + line.gsub!(/^( *)#piwik_location:.*$/, "\\1piwik_location: \"#{params[:piwik_location]}\"") + line.gsub!(/^( *)#piwik_site:.*$/, "\\1piwik_site: #{params[:piwik_site]}") + line.gsub!(/^( *)#piwik_signup_goal:.*$/, "\\1piwik_signup_goal: #{params[:piwik_signup_goal]}") + end + + line + end + notifies :touch, resources(:file => "#{rails_directory}/tmp/restart.txt") + end + + execute "#{rails_directory}/lib/quad_tile/extconf.rb" do + command "ruby extconf.rb" + cwd "#{rails_directory}/lib/quad_tile" + user rails_user + group rails_group + not_if { File.exist?("#{rails_directory}/lib/quad_tile/Makefile") and File.mtime("#{rails_directory}/lib/quad_tile/Makefile") >= File.mtime("#{rails_directory}/lib/quad_tile/extconf.rb") } + end + + execute "#{rails_directory}/lib/quad_tile/Makefile" do + command "make" + cwd "#{rails_directory}/lib/quad_tile" + user rails_user + group rails_group + not_if do + File.exist?("#{rails_directory}/lib/quad_tile/quad_tile_so.so") and + File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= File.mtime("#{rails_directory}/lib/quad_tile/Makefile") and + File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.c") and + File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.h") + end + notifies :touch, resources(:file => "#{rails_directory}/tmp/restart.txt") + end + + template "/etc/cron.daily/rails-#{name}" do + cookbook "web" + source "rails.cron.erb" + owner "root" + group "root" + mode 0755 + variables :directory => rails_directory + end +end diff --git a/cookbooks/web/metadata.rb b/cookbooks/web/metadata.rb new file mode 100644 index 000000000..c38ae36ec --- /dev/null +++ b/cookbooks/web/metadata.rb @@ -0,0 +1,10 @@ +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache 2.0" +description "Installs and configures www.openstreetmap.org servers" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) +version "1.0.0" +depends "apache" +depends "git" +depends "memcached" +depends "tools" diff --git a/cookbooks/web/recipes/backend.rb b/cookbooks/web/recipes/backend.rb new file mode 100644 index 000000000..fa13948d8 --- /dev/null +++ b/cookbooks/web/recipes/backend.rb @@ -0,0 +1,35 @@ +# +# Cookbook Name:: web +# Recipe:: backend +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "memcached" +include_recipe "web::rails" +include_recipe "web::cgimap" + +apache_module "fastcgi-handler" +apache_module "remoteip" + +apache_site "default" do + action [ :disable ] +end + +apache_site "www.openstreetmap.org" do + template "apache.backend.erb" +end + +node.set[:memcached][:ip_address] = node.internal_ipaddress diff --git a/cookbooks/web/recipes/base.rb b/cookbooks/web/recipes/base.rb new file mode 100644 index 000000000..2258b3f84 --- /dev/null +++ b/cookbooks/web/recipes/base.rb @@ -0,0 +1,42 @@ +# +# Cookbook Name:: web +# Recipe:: base +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +directory node[:web][:base_directory] do + group "rails" + mode 02775 +end + +directory node[:web][:pid_directory] do + owner "rails" + group "rails" + mode 0775 +end + +directory node[:web][:log_directory] do + owner "rails" + group "rails" + mode 0775 +end + +template "/etc/logrotate.d/web" do + source "logrotate.web.erb" + owner "root" + group "root" + mode 0644 +end diff --git a/cookbooks/web/recipes/cgimap.rb b/cookbooks/web/recipes/cgimap.rb new file mode 100644 index 000000000..73114c1e7 --- /dev/null +++ b/cookbooks/web/recipes/cgimap.rb @@ -0,0 +1,124 @@ +# +# Cookbook Name:: web +# Recipe:: cgimap +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "tools" +include_recipe "web::base" + +db_passwords = data_bag_item("db", "passwords") + +package "gcc" +package "make" +package "autoconf" +package "automake" +package "libfcgi-dev" +package "libxml2-dev" +package "libmemcached-dev" +package "libboost-regex-dev" +package "libboost-program-options-dev" +package "libboost-date-time-dev" +package "zlib1g-dev" + +if node[:lsb][:release].to_f < 12.04 + package "libpqxx-dev" +else + package "libpqxx3-dev" +end + +cgimap_directory = "#{node[:web][:base_directory]}/cgimap" +pid_directory = node[:web][:pid_directory] +log_directory = node[:web][:log_directory] + +execute "cgimap-build" do + action :nothing + command "make" + cwd cgimap_directory + user "rails" + group "rails" +end + +execute "cgimap-configure" do + action :nothing + command "./configure --with-fcgi=/usr --with-boost-libdir=/usr/lib" + cwd cgimap_directory + user "rails" + group "rails" + notifies :run, resources(:execute => "cgimap-build"), :immediate +end + +execute "cgimap-autogen" do + action :nothing + command "./autogen.sh" + cwd cgimap_directory + user "rails" + group "rails" + notifies :run, resources(:execute => "cgimap-configure"), :immediate +end + +git cgimap_directory do + action :sync + repository "git://git.openstreetmap.org/cgimap.git" + revision "live" + user "rails" + group "rails" + notifies :run, resources(:execute => "cgimap-autogen"), :immediate +end + +if node[:web][:readonly_database_host] + database_host = node[:web][:readonly_database_host] + database_readonly = true +else + database_host = node[:web][:database_host] + database_readonly = node[:web][:status] == "database_readonly" +end + +file "/etc/init.d/cgimap" do + owner "root" + group "root" + mode 0755 + content_from_file "#{cgimap_directory}/scripts/cgimap.init" do |line| + line.gsub!(/^CGIMAP_HOST=.*;/, "CGIMAP_HOST=#{database_host};") + line.gsub!(/^CGIMAP_DBNAME=.*;/, "CGIMAP_DBNAME=openstreetmap;") + line.gsub!(/^CGIMAP_USERNAME=.*;/, "CGIMAP_USERNAME=rails;") + line.gsub!(/^CGIMAP_PASSWORD=.*;/, "CGIMAP_PASSWORD=#{db_passwords['rails']};") + line.gsub!(/^CGIMAP_PIDFILE=.*;/, "CGIMAP_PIDFILE=#{pid_directory}/cgimap.pid;") + line.gsub!(/^CGIMAP_LOGFILE=.*;/, "CGIMAP_LOGFILE=#{log_directory}/cgimap.log;") + line.gsub!(/^CGIMAP_MEMCACHE=.*;/, "CGIMAP_MEMCACHE=rails1,rails2,rails3;") + + line.gsub!(/\/home\/rails\/bin\/map/, "#{cgimap_directory}/map") + + if database_readonly + line.gsub!(/--daemon/, "--daemon --readonly") + end + + line + end +end + +if ["database_offline", "api_offline"].include?(node[:web][:status]) + service "cgimap" do + action :stop + end +else + service "cgimap" do + action [ :enable, :start ] + supports :restart => true, :reload => true + subscribes :restart, resources(:execute => "cgimap-build") + subscribes :restart, resources(:file => "/etc/init.d/cgimap") + end +end diff --git a/cookbooks/web/recipes/frontend.rb b/cookbooks/web/recipes/frontend.rb new file mode 100644 index 000000000..8ed2db77b --- /dev/null +++ b/cookbooks/web/recipes/frontend.rb @@ -0,0 +1,60 @@ +# +# Cookbook Name:: web +# Recipe:: frontend +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache::ssl" +include_recipe "web::rails" + +apache_module "alias" +apache_module "deflate" +apache_module "expires" +apache_module "headers" +apache_module "proxy_http" +apache_module "proxy_balancer" +apache_module "rewrite" + +apache_site "default" do + action [ :disable ] +end + +apache_site "www.openstreetmap.org" do + template "apache.frontend.erb" +end + +gem_package "hpricot" +gem_package "home_run" +gem_package "apachelogregex" + +template "/etc/logrotate.d/apache2" do + source "logrotate.apache.erb" + owner "root" + group "root" + mode 0644 +end + +munin_plugin "api_calls_num" do + action :delete +end + +munin_plugin "api_calls_#{node[:hostname]}" do + target "api_calls_" +end + +munin_plugin "api_waits_#{node[:hostname]}" do + target "api_waits_" +end diff --git a/cookbooks/web/recipes/gpx.rb b/cookbooks/web/recipes/gpx.rb new file mode 100644 index 000000000..c5d0088f8 --- /dev/null +++ b/cookbooks/web/recipes/gpx.rb @@ -0,0 +1,81 @@ +# +# Cookbook Name:: web +# Recipe:: gpx +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "web::base" + +db_passwords = data_bag_item("db", "passwords") + +package "gcc" +package "make" +package "pkg-config" +package "libarchive-dev" +package "libbz2-dev" +package "libexpat1-dev" +package "libgd2-noxpm-dev" +package "libmemcached-dev" +package "libpq-dev" +package "zlib1g-dev" + +gpx_directory = "#{node[:web][:base_directory]}/gpx-import" +pid_directory = node[:web][:pid_directory] +log_directory = node[:web][:log_directory] + +execute "gpx-import-build" do + action :nothing + command "make DB=postgres" + cwd "#{gpx_directory}/src" + user "rails" + group "rails" +end + +git gpx_directory do + action :sync + repository "git://git.openstreetmap.org/gpx-import.git" + revision "live" + user "rails" + group "rails" + notifies :run, resources(:execute => "gpx-import-build"), :immediate +end + +template "/etc/init.d/gpx-import" do + source "init.gpx.erb" + owner "root" + group "root" + mode 0755 + variables :gpx_directory => gpx_directory, + :pid_directory => pid_directory, + :log_directory => log_directory, + :database_host => node[:web][:database_host], + :database_name => "openstreetmap", + :database_username => "gpximport", + :database_password => db_passwords["gpximport"] +end + +if ["database_offline", "database_readonly", "gpx_offline"].include?(node[:web][:status]) + service "gpx-import" do + action :stop + end +else + service "gpx-import" do + action [ :enable, :start ] + supports :restart => true, :reload => true + subscribes :restart, resources(:execute => "gpx-import-build") + subscribes :restart, resources(:template => "/etc/init.d/gpx-import") + end +end diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb new file mode 100644 index 000000000..cd8bb9b56 --- /dev/null +++ b/cookbooks/web/recipes/rails.rb @@ -0,0 +1,92 @@ +# +# Cookbook Name:: web +# Recipe:: rails +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "tools" +include_recipe "web::base" + +include_recipe "apache" +include_recipe "git" + +web_passwords = data_bag_item("web", "passwords") +db_passwords = data_bag_item("db", "passwords") + +directory "#{node[:web][:base_directory]}/bin" do + owner "root" + group "root" + mode 0755 +end + +template "#{node[:web][:base_directory]}/bin/ruby" do + source "ruby.erb" + owner "root" + group "root" + mode 0755 + notifies :reload, "service[apache2]" +end + +apache_module "passenger" do + conf "passenger.conf.erb" +end + +package "passenger-common#{node[:web][:ruby_version]}" + +munin_plugin "passenger_memory" +munin_plugin "passenger_processes" +munin_plugin "passenger_queues" +munin_plugin "passenger_requests" + +template "/etc/cron.hourly/passenger" do + cookbook "web" + source "passenger.cron.erb" + owner "root" + group "root" + mode 0755 +end + +rails_directory = "#{node[:web][:base_directory]}/rails" + +rails_port "www.openstreetmap.org" do + ruby node[:web][:ruby_version] + directory rails_directory + user "rails" + group "rails" + repository "git://git.openstreetmap.org/rails.git" + revision "live" + database_host node[:web][:database_host] + database_name "openstreetmap" + database_username "rails" + database_password db_passwords["rails"] + email_from "OpenStreetMap " + status node[:web][:status] + messages_domain "messages.openstreetmap.org" + quova_username "ws360602" + quova_password web_passwords["quova"] + soft_memory_limit node[:web][:rails_soft_memory_limit] + hard_memory_limit node[:web][:rails_hard_memory_limit] + gpx_dir "/store/rails/gpx" + attachments_dir "/store/rails/attachments" + log_path "#{node[:web][:log_directory]}/rails.log" + memcache_servers [ "rails1", "rails2", "rails3" ] + potlatch2_key web_passwords["potlatch2_key"] + id_key web_passwords["id_key"] + oauth_key web_passwords["oauth_key"] + piwik_location "piwik.openstreetmap.org" + piwik_site 1 + piwik_signup_goal 1 +end diff --git a/cookbooks/web/recipes/statistics.rb b/cookbooks/web/recipes/statistics.rb new file mode 100644 index 000000000..c7bf9e81a --- /dev/null +++ b/cookbooks/web/recipes/statistics.rb @@ -0,0 +1,37 @@ +# +# Cookbook Name:: web +# Recipe:: statistics +# +# Copyright 2011, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "web::base" + +rails_directory = "#{node[:web][:base_directory]}/rails" + +template "/usr/local/bin/statistics" do + source "statistics.erb" + owner "root" + group "root" + mode 0755 + variables :directory => rails_directory +end + +template "/etc/cron.d/statistics" do + source "statistics.cron.erb" + owner "root" + group "root" + mode 0644 +end diff --git a/cookbooks/web/templates/default/apache.backend.erb b/cookbooks/web/templates/default/apache.backend.erb new file mode 100644 index 000000000..17200cab9 --- /dev/null +++ b/cookbooks/web/templates/default/apache.backend.erb @@ -0,0 +1,39 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + # + # Basic server configuration + # + ServerName <%= node[:fqdn] %> + ServerAlias api.openstreetmap.org www.openstreetmap.org + ServerAdmin webmaster@openstreetmap.org + + # + # Setup logging + # + LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Ts" combined_with_time + CustomLog /var/log/apache2/access.log combined_with_time + ErrorLog /var/log/apache2/error.log + + # + # Configure rails + # + DocumentRoot <%= node[:web][:base_directory] %>/rails/public + RailsEnv production + PassengerMinInstances 3 + PassengerMaxRequests 500 + PassengerPreStart http://www.openstreetmap.org/ + + # + # Get the real remote IP for requests via a trusted proxy + # + RemoteIPHeader X-Forwarded-For + RemoteIPTrustedProxy 146.179.159.160/27 + + # + # Pass map calls to cgimap + # + + SetHandler fcgi:127.0.0.1:8000 + + diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb new file mode 100644 index 000000000..39075857b --- /dev/null +++ b/cookbooks/web/templates/default/apache.frontend.erb @@ -0,0 +1,278 @@ +# DO NOT EDIT - This file is being maintained by Chef + +<% [80, 443].each do |port| -%> +> + # + # Basic server configuration + # + ServerName <%= node[:fqdn] %> + ServerAlias api.openstreetmap.org www.openstreetmap.org + ServerAdmin webmaster@openstreetmap.org +<% if port == 443 -%> + + # + # Enable SSL + # + SSLEngine on +<% end -%> + + # + # Setup logging + # + LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" %Ts" combined_with_time + CustomLog /var/log/apache2/access.log combined_with_time + ErrorLog /var/log/apache2/error.log + + # + # Turn on various features + # + ExpiresActive On + RewriteEngine on + + # + # Block troublesome GPX data scrapping + # + RewriteCond %{REQUEST_METHOD} HEAD + RewriteRule ^/trace/\d+/data - [F,L] + + # + # Block tilesAtHome + # + RewriteCond %{HTTP_USER_AGENT} tilesAtHome + RewriteRule . - [F,L] + + # + # Block requests for the old 404 map tile + # + RewriteRule ^/openlayers/img/404.png$ - [G,L] + + # + # Block attempts to access old API versions + # + RewriteRule ^/api/0.[12345]/ - [G,L] + + # + # Block JOSM revisions 1722-1727 as they have a serious bug that causes + # lat/lon to be swapped (http://josm.openstreetmap.de/ticket/2804) + # + RewriteCond %{HTTP_USER_AGENT} "^JOSM/[0-9]+\.[0-9]+ \(172[234567]\)" + RewriteRule . - [F,L] + + # + # Block a changeset that seems to lock things up + # + RewriteRule ^/api/0.6/changeset/6823497/download$ - [F,L] + + # + # Force special MIME type for crossdomain.xml files + # + + ForceType text/x-cross-domain-policy + + + # + # Set expiry for assets + # + + Header unset Last-Modified + Header unset ETag + FileETag None + + ExpiresDefault "access plus 1 year" + + + # + # Set expiry for attachments + # + + Header unset Last-Modified + Header unset ETag + FileETag None + + ExpiresDefault "access plus 1 year" + + + # + # Set expiry for other static content + # + + ExpiresDefault "access plus 7 days" + + + ExpiresDefault "access plus 10 years" + + + ExpiresDefault "access plus 10 years" + + + ExpiresDefault "access plus 7 days" + + + ExpiresDefault "access plus 10 years" + + + # + # Set expiry for Potlatch 1 + # + + ExpiresDefault "access plus 7 days" + + + # + # Set expiry for Potlatch 2 + # + + ExpiresByType application/x-shockwave-flash "access plus 1 day" + ExpiresByType application/xml "access plus 1 day" + ExpiresByType text/css "access plus 1 day" + ExpiresByType image/png "access plus 7 days" + + + # + # Configure rails + # + DocumentRoot <%= node[:web][:base_directory] %>/rails/public + RailsEnv production + PassengerMinInstances 10 + PassengerMaxRequests 5000 + PassengerPreStart http://www.openstreetmap.org/ + Alias /favicon.ico <%= node[:web][:base_directory] %>/rails/app/assets/images/favicon.ico + Alias /openlayers <%= node[:web][:base_directory] %>/rails/vendor/assets/openlayers + Alias /stats /store/rails/stats + Alias /user/image /store/rails/user/image + Alias /attachments /store/rails/attachments + + # + # Preserve the host name when forwarding to the proxy + # + ProxyPreserveHost on + + # + # Set a long timeout - changeset uploads can take a long time + # + ProxyTimeout 3600 + + # + # Allow all proxy requests + # + + Allow from all + + + # + # Pass other heavy duty API calls to the bulkapi backends via a load balancer + # + ProxyPass /api/0.6/map balancer://bulkapi/api/0.6/map + ProxyPass /api/0.6/tracepoints balancer://bulkapi/api/0.6/tracepoints + ProxyPass /api/0.6/amf/read balancer://bulkapi/api/0.6/amf/read + ProxyPass /api/0.6/swf/trackpoints balancer://bulkapi/api/0.6/swf/trackpoints + ProxyPassMatch ^(/api/0.6/changeset/[0-9]+/(upload|download))$ balancer://bulkapi$1 + ProxyPassMatch ^(/api/0.6/.*/(full|history|search|ways))$ balancer://bulkapi$1 + ProxyPass /api/0.6/nodes balancer://bulkapi/api/0.6/nodes + ProxyPass /api/0.6/ways balancer://bulkapi/api/0.6/ways + ProxyPassMatch ^(/trace/[0-9]+/data(|/|.xml))$ balancer://bulkapi$1 + + # + # Redirect trac and wiki requests to the right places + # + RedirectPermanent /trac/ http://trac.openstreetmap.org/ + RedirectPermanent /wiki/ http://wiki.openstreetmap.org/ + + # + # Redirect requests for various images to the right place + # + RedirectPermanent /images/osm_logo.png http://www.openstreetmap.org/assets/osm_logo.png + RedirectPermanent /images/cc_button.png http://www.openstreetmap.org/assets/cc_button.png + + # + # Define a load balancer for the bulkapi backends + # + + ProxySet lbmethod=bybusyness + BalancerMember http://rails1 + BalancerMember http://rails2 + BalancerMember http://rails3 + +<% if port == 80 -%> + + # + # Redirect requests which should be secure to the SSL site + # + RewriteCond %{REQUEST_URI} ^/login(\.html)?$ [OR] + RewriteCond %{REQUEST_URI} ^/user/(new|create-account\.html)$ [OR] + RewriteCond %{REQUEST_URI} ^/user/terms$ [OR] + RewriteCond %{REQUEST_URI} ^/user/save$ [OR] + RewriteCond %{REQUEST_URI} ^/user/([^/]+)/account$ [OR] + RewriteCond %{REQUEST_URI} ^/user/reset-password$ + RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent] + + # + # Redirect api requests made to www.osm.org to api.osm.org + # +# RewriteCond %{HTTP_HOST} =www.openstreetmap.org +# RewriteRule ^/api/(.*)$ http://api.openstreetmap.org/api/$1 [L,NE,R=permanent] + + # + # Redirect non-api requests made to api.osm.org to www.osm.org + # + RewriteCond %{HTTP_HOST} =api.openstreetmap.org + RewriteCond %{REQUEST_URI} !^/api/ + RewriteRule ^(.*)$ http://www.openstreetmap.org$1 [L,NE,R=permanent] +<% elsif port == 443 -%> + + # + # Redirect api requests to api.osm.org over http + # + RewriteRule ^/api/(.*)$ http://api.openstreetmap.org/api/$1 [L,NE,R=permanent] + + # + # Redirect requests which do not need to be secure over http + # + RewriteCond %{REQUEST_URI} !^/login(.html)?$ + RewriteCond %{REQUEST_URI} !^/user/(new|create-account.html)$ + RewriteCond %{REQUEST_URI} !^/user/terms$ + RewriteCond %{REQUEST_URI} !^/user/save$ + RewriteCond %{REQUEST_URI} !^/user/go_public$ + RewriteCond %{REQUEST_URI} !^/user/([^/]+)/account$ + RewriteCond %{REQUEST_URI} !^/user/reset-password$ + RewriteCond %{REQUEST_URI} !^/preview/ + RewriteCond %{REQUEST_URI} !^/assets/ + RewriteCond %{REQUEST_URI} !^/javascripts/ + RewriteCond %{REQUEST_URI} !^/images/ + RewriteCond %{REQUEST_URI} !^/stylesheets/ + RewriteCond %{REQUEST_URI} !^/openlayers/ + RewriteRule ^(.*)$ http://www.openstreetmap.org$1 [L,NE,R=permanent] +<% end -%> + + +<% end -%> + + ServerName openstreetmap.org + ServerAlias maps.openstreetmap.org mapz.openstreetmap.org + ServerAlias openstreetmap.com www.openstreetmap.com + ServerAlias maps.openstreetmap.com mapz.openstreetmap.com + ServerAlias openstreetmap.net www.openstreetmap.net + ServerAlias maps.openstreetmap.net mapz.openstreetmap.net + ServerAlias openstreetmaps.org www.openstreetmaps.org + ServerAlias maps.openstreetmaps.org mapz.openstreetmaps.org + ServerAlias osm.org www.osm.org + ServerAlias maps.osm.org mapz.osm.org + ServerAlias openmaps.org www.openmaps.org + ServerAlias maps.openmaps.org mapz.openmaps.org + ServerAlias openworldmap.org www.openworldmap.org + ServerAlias maps.openworldmap.org mapz.openworldmap.org + ServerAlias freeosm.org www.freeosm.org + ServerAlias maps.freeosm.org mapz.freeosm.org + + RedirectPermanent / http://www.openstreetmap.org/ + + + + ServerName openstreetmap.org.uk + ServerAlias www.openstreetmap.org.uk + ServerAlias openstreetmap.co.uk + ServerAlias www.openstreetmap.co.uk + + RedirectPermanent /events.ics http://openstreetmap.org.uk/events.ics + RedirectPermanent / http://www.openstreetmap.org/ + diff --git a/cookbooks/web/templates/default/database.yml.erb b/cookbooks/web/templates/default/database.yml.erb new file mode 100644 index 000000000..ab3c9c63b --- /dev/null +++ b/cookbooks/web/templates/default/database.yml.erb @@ -0,0 +1,31 @@ +# DO NOT EDIT - This file is being maintained by Chef + +production: + adapter: postgresql +<% if @host -%> + host: <%= @host %> +<% end -%> +<% if @port -%> + port: <%= @port %> +<% end -%> + database: <%= @name %> + username: <%= @username %> +<% if @password -%> + password: <%= @password %> +<% end -%> + encoding: utf8 + +development: + adapter: postgresql +<% if @host -%> + host: <%= @host %> +<% end -%> +<% if @port -%> + port: <%= @port %> +<% end -%> + database: <%= @name %> + username: <%= @username %> +<% if @password -%> + password: <%= @password %> +<% end -%> + encoding: utf8 diff --git a/cookbooks/web/templates/default/init.gpx.erb b/cookbooks/web/templates/default/init.gpx.erb new file mode 100644 index 000000000..03140275f --- /dev/null +++ b/cookbooks/web/templates/default/init.gpx.erb @@ -0,0 +1,49 @@ +#!/bin/bash + +export GPX_PROGRAM="<%= @gpx_directory %>/src/gpx-import" + +export GPX_SLEEP_TIME="40" + +export GPX_PATH_TRACES="/store/rails/gpx/traces" +export GPX_PATH_IMAGES="/store/rails/gpx/images" +export GPX_PATH_TEMPLATES="<%= @gpx_directory %>/templates/" + +export GPX_PGSQL_HOST="<%= @database_host %>" +export GPX_PGSQL_USER="<%= @database_username %>" +export GPX_PGSQL_PASS="<%= @database_password %>" +export GPX_PGSQL_DB="<%= @database_name %>" + +export GPX_MEMCACHE_SERVERS="rails1,rails2,rails3" + +export GPX_LOG_FILE="<%= @log_directory %>/gpx-import.log" +export GPX_PID_FILE="<%= @pid_directory %>/gpx-import.pid" + +export GPX_MAIL_SENDER="bounces@openstreetmap.org" + +start() { + start-stop-daemon --start --chuid rails --exec $GPX_PROGRAM +} + +stop() { + start-stop-daemon --stop --retry 300 --pidfile $GPX_PID_FILE --exec $GPX_PROGRAM +} + +reload() { + start-stop-daemon --stop --signal HUP --pidfile $GPX_PID_FILE --exec $GPX_PROGRAM +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + reload) + reload + ;; + restart) + stop || exit $? + start + ;; +esac diff --git a/cookbooks/web/templates/default/logrotate.apache.erb b/cookbooks/web/templates/default/logrotate.apache.erb new file mode 100644 index 000000000..6b8a6615e --- /dev/null +++ b/cookbooks/web/templates/default/logrotate.apache.erb @@ -0,0 +1,16 @@ +# DO NOT EDIT - This file is being maintained by Chef + +/var/log/apache2/*.log { + daily + missingok + rotate 28 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /usr/bin/service apache2 reload > /dev/null + /usr/bin/rsync /var/log/apache2/access.log.2.gz horntail::logs/www.openstreetmap.org/<%= node[:hostname] %>-`date -d "-2 days" +%Y-%m-%d`.gz + endscript +} diff --git a/cookbooks/web/templates/default/logrotate.web.erb b/cookbooks/web/templates/default/logrotate.web.erb new file mode 100644 index 000000000..83a675828 --- /dev/null +++ b/cookbooks/web/templates/default/logrotate.web.erb @@ -0,0 +1,23 @@ +# DO NOT EDIT - This file is being maintained by Chef + +<%= node[:web][:log_directory] %>/*.log { + daily + missingok + rotate 7 + compress + delaycompress + notifempty + create 0660 rails rails + sharedscripts + postrotate +<% if File.directory?("#{node[:web][:base_directory]}/rails") -%> + /bin/touch <%= node[:web][:base_directory] %>/rails/tmp/restart.txt +<% end -%> +<% if File.directory?("#{node[:web][:base_directory]}/gpx-import") -%> + /usr/bin/service gpx-import rotated +<% end -%> +<% if File.directory?("#{node[:web][:base_directory]}/cgimap") -%> + /usr/bin/service cgimap reload +<% end -%> + endscript +} diff --git a/cookbooks/web/templates/default/passenger.conf.erb b/cookbooks/web/templates/default/passenger.conf.erb new file mode 100644 index 000000000..678b987ed --- /dev/null +++ b/cookbooks/web/templates/default/passenger.conf.erb @@ -0,0 +1,10 @@ +# DO NOT EDIT - This file is being maintained by Chef + + + PassengerRoot /usr + PassengerRuby <%= node[:web][:base_directory] %>/bin/ruby + PassengerUseGlobalQueue on + PassengerMaxPoolSize <%= node[:web][:rails_daemon_limit] %> + PassengerPoolIdleTime 0 + #PassengerMaxPreloaderIdleTime 0 + diff --git a/cookbooks/web/templates/default/passenger.cron.erb b/cookbooks/web/templates/default/passenger.cron.erb new file mode 100644 index 000000000..b4d78fd96 --- /dev/null +++ b/cookbooks/web/templates/default/passenger.cron.erb @@ -0,0 +1,16 @@ +#!/bin/sh + +# Get a list of rack processes that are running +pgrep -u rails -f Rack | sort > /tmp/rails.actual.$$ + +# Get a list of rack processes we expect to be running +passenger-status | awk '/PID:/ { print $3 }' | sort > /tmp/rails.expected.$$ + +# Get a list of unexpected rack processes +pids=$(comm -23 /tmp/rails.actual.$$ /tmp/rails.expected.$$) + +# Kill any expected rack processes +[ -n "$pids" ] && kill -9 $pids + +# Remove our temporary files +rm -f /tmp/rails.actual.$$ /tmp/rails.expected.$$ diff --git a/cookbooks/web/templates/default/rails.cron.erb b/cookbooks/web/templates/default/rails.cron.erb new file mode 100644 index 000000000..7945c3dea --- /dev/null +++ b/cookbooks/web/templates/default/rails.cron.erb @@ -0,0 +1,4 @@ +#!/bin/sh + +# Cleanup temporary directory +find <%= @directory %>/tmp -mtime +28 -print0 | xargs -0r rm diff --git a/cookbooks/web/templates/default/ruby.erb b/cookbooks/web/templates/default/ruby.erb new file mode 100644 index 000000000..a7c742112 --- /dev/null +++ b/cookbooks/web/templates/default/ruby.erb @@ -0,0 +1,7 @@ +#!/bin/sh + +export RUBY_HEAP_MIN_SLOTS=500000 +export RUBY_HEAP_FREE_MIN=100000 +export RUBY_GC_MALLOC_LIMIT=50000000 + +exec /usr/bin/ruby<%= node[:web][:ruby_version] %> "$@" diff --git a/cookbooks/web/templates/default/statistics.cron.erb b/cookbooks/web/templates/default/statistics.cron.erb new file mode 100644 index 000000000..900856cde --- /dev/null +++ b/cookbooks/web/templates/default/statistics.cron.erb @@ -0,0 +1,2 @@ +# DO NOT EDIT - This file is being maintained by Chef +0 0 * * * rails /usr/local/bin/statistics diff --git a/cookbooks/web/templates/default/statistics.erb b/cookbooks/web/templates/default/statistics.erb new file mode 100644 index 000000000..175f0a9e8 --- /dev/null +++ b/cookbooks/web/templates/default/statistics.erb @@ -0,0 +1,10 @@ +#!/bin/sh + +# Generate new statistics +<%= @directory %>/script/statistics > <%= @directory %>/tmp/data_stats.html + +# Move new statistics into place +mv -f <%= @directory %>/tmp/data_stats.html /store/rails/stats + +# Mail statistics to Blackadder +mail -s "OpenStreetMap Statistics" blackadderajr@gmail.com < /store/rails/stats/data_stats.html diff --git a/cookbooks/yournavigation/README.rdoc b/cookbooks/yournavigation/README.rdoc new file mode 100644 index 000000000..3de2ec7a3 --- /dev/null +++ b/cookbooks/yournavigation/README.rdoc @@ -0,0 +1,8 @@ += DESCRIPTION: + += REQUIREMENTS: + += ATTRIBUTES: + += USAGE: + diff --git a/cookbooks/yournavigation/metadata.rb b/cookbooks/yournavigation/metadata.rb new file mode 100644 index 000000000..3d47c8950 --- /dev/null +++ b/cookbooks/yournavigation/metadata.rb @@ -0,0 +1,7 @@ +maintainer "OpenStreetMap Administrators" +maintainer_email "admins@openstreetmap.org" +license "Apache 2.0" +description "Installs and configures yournavigation servers" +long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) +version "1.0.0" +depends "apache" diff --git a/cookbooks/yournavigation/recipes/default.rb b/cookbooks/yournavigation/recipes/default.rb new file mode 100644 index 000000000..1c9edc4a3 --- /dev/null +++ b/cookbooks/yournavigation/recipes/default.rb @@ -0,0 +1,48 @@ +# +# Cookbook Name:: yournavigation +# Recipe:: default +# +# Copyright 2012, OpenStreetMap Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +include_recipe "apache" + +package "php5" +package "php5-cli" + +package "php-apc" + +#Required for osmosis +package "default-jre-headless" + +#Required for building gosmore +package "build-essential" +package "libxml2-dev" +package "libgtk2.0-dev" +package "subversion" +package "libcurl4-gnutls-dev" +package "libgps-dev" +package "libcurl3" +package "buffer" +package "git" +package "cmake" +package "libqt4-core" +package "libqt4-dev" +package "qt4-dev-tools" +package "qt4-linguist-tools" +package "libicu48" + +apache_module "php5" +