From: Tom Hughes Date: Sat, 16 Jul 2022 10:35:39 +0000 (+0100) Subject: Merge remote-tracking branch 'github/pull/513' X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/7108c794e6ce1a3ea78f3ac6ff8fd7ea3bdc62a3?hp=dda85c0d6ce97c6851ca3006b1179ae8f99d5208 Merge remote-tracking branch 'github/pull/513' --- diff --git a/.github/workflows/test-kitchen.yml b/.github/workflows/test-kitchen.yml index 55c525f64..5072dbe24 100644 --- a/.github/workflows/test-kitchen.yml +++ b/.github/workflows/test-kitchen.yml @@ -24,6 +24,7 @@ jobs: - blogs - civicrm - clamav + - community - db-backup - db-base - db-master @@ -69,6 +70,7 @@ jobs: - osmosis - osqa - otrs + - overpass - passenger - php - php-apache diff --git a/.kitchen.yml b/.kitchen.yml index b652e12ea..6dc0dad22 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -2,6 +2,8 @@ driver: name: dokken chef_version: 17 + volumes: + - /var/lib/docker env: - container=dokken @@ -57,6 +59,9 @@ suites: - name: clamav run_list: - recipe[clamav::default] + - name: community + run_list: + - recipe[community::default] - name: db-backup run_list: - recipe[db::backup] @@ -225,6 +230,9 @@ suites: - name: otrs run_list: - recipe[otrs::default] + - name: overpass + run_list: + - recipe[overpass::default] - name: passenger run_list: - recipe[passenger::default] diff --git a/cookbooks/community/metadata.rb b/cookbooks/community/metadata.rb index c0aba9934..4d159c4ad 100644 --- a/cookbooks/community/metadata.rb +++ b/cookbooks/community/metadata.rb @@ -6,7 +6,8 @@ description "Installs and configures community site" version "1.0.0" supports "ubuntu" +depends "accounts" depends "docker" +depends "geoipupdate" depends "git" depends "ssl" -depends "geoipupdate" diff --git a/cookbooks/community/recipes/default.rb b/cookbooks/community/recipes/default.rb index 2297fa76c..89743de31 100644 --- a/cookbooks/community/recipes/default.rb +++ b/cookbooks/community/recipes/default.rb @@ -17,13 +17,14 @@ # limitations under the License. # +include_recipe "accounts" include_recipe "docker" +include_recipe "geoipupdate" include_recipe "git" include_recipe "ssl" -include_recipe "geoipupdate" passwords = data_bag_item("community", "passwords") -license_keys = data_bag_item("geoipupdate", "license-keys") +license_keys = data_bag_item("geoipupdate", "license-keys") unless kitchen? directory "/srv/community.openstreetmap.org" do owner "root" diff --git a/cookbooks/community/templates/default/web_only.yml.erb b/cookbooks/community/templates/default/web_only.yml.erb index 42e734e5d..92579138d 100644 --- a/cookbooks/community/templates/default/web_only.yml.erb +++ b/cookbooks/community/templates/default/web_only.yml.erb @@ -65,7 +65,9 @@ env: ## The maxmind geolocation IP address key for IP address lookup ## see https://meta.discourse.org/t/-/137387/23 for details +<% if @license_keys -%> DISCOURSE_MAXMIND_LICENSE_KEY: '<%= @license_keys[node[:geoipupdate][:account]] %>' +<% end -%> volumes: - volume: diff --git a/cookbooks/docker/recipes/default.rb b/cookbooks/docker/recipes/default.rb index 80fd15b3f..1dfe9adde 100644 --- a/cookbooks/docker/recipes/default.rb +++ b/cookbooks/docker/recipes/default.rb @@ -41,5 +41,4 @@ end service "docker" do action [:enable, :start] subscribes :restart, "template[/etc/docker/daemon.json]" - not_if { kitchen? } end diff --git a/cookbooks/geodns/recipes/default.rb b/cookbooks/geodns/recipes/default.rb index 73531de01..c006ff9dc 100644 --- a/cookbooks/geodns/recipes/default.rb +++ b/cookbooks/geodns/recipes/default.rb @@ -21,6 +21,8 @@ include_recipe "geoipupdate" servers = search(:node, "roles:geodns").collect(&:name).sort +servers << "dummy.example.com" if servers.empty? + package %w[ gdnsd ] diff --git a/cookbooks/overpass/attributes/default.rb b/cookbooks/overpass/attributes/default.rb index ed1d28f97..5c7cfcaaf 100644 --- a/cookbooks/overpass/attributes/default.rb +++ b/cookbooks/overpass/attributes/default.rb @@ -1,5 +1,6 @@ default[:overpass][:fqdn] = "overpass.openstreetmap.org" default[:overpass][:version] = "0.7.57" +default[:overpass][:full_version] = "0.7.57.2" # One of: no, meta, attic default[:overpass][:meta_mode] = "attic" # One of: no, gz, lz4 @@ -12,3 +13,5 @@ default[:overpass][:replication_url] = "https://planet.openstreetmap.org/replica default[:overpass][:restricted_api] = true default[:overpass][:logdir] = "/var/log/overpass" + +default[:accounts][:users][:overpass][:status] = :role diff --git a/cookbooks/overpass/recipes/default.rb b/cookbooks/overpass/recipes/default.rb index 690a28445..be930135f 100644 --- a/cookbooks/overpass/recipes/default.rb +++ b/cookbooks/overpass/recipes/default.rb @@ -37,7 +37,7 @@ end ## Install overpass from source -srcdir = "#{basedir}/src/osm-3s_v#{node[:overpass][:version]}" +srcdir = "#{basedir}/src/osm-3s_v#{node[:overpass][:full_version]}" package %w[ build-essential diff --git a/cookbooks/subversion/files/default/hooks/post-commit b/cookbooks/subversion/files/default/hooks/post-commit deleted file mode 100644 index a8de2af99..000000000 --- a/cookbooks/subversion/files/default/hooks/post-commit +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -/usr/bin/sudo -u trac /usr/bin/trac-admin /var/lib/trac changeset added "$1" "$2" diff --git a/cookbooks/subversion/files/default/hooks/post-revprop-change b/cookbooks/subversion/files/default/hooks/post-revprop-change deleted file mode 100644 index 31843a021..000000000 --- a/cookbooks/subversion/files/default/hooks/post-revprop-change +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -/usr/bin/sudo -u trac /usr/bin/trac-admin /var/lib/trac changeset modified "$1" "$2" diff --git a/cookbooks/subversion/recipes/default.rb b/cookbooks/subversion/recipes/default.rb index f38efb7b8..9804e43e9 100644 --- a/cookbooks/subversion/recipes/default.rb +++ b/cookbooks/subversion/recipes/default.rb @@ -19,36 +19,7 @@ include_recipe "apache" -package "subversion" - -repository_directory = "/var/lib/subversion/repos/openstreetmap" - -remote_directory "#{repository_directory}/hooks" do - source "hooks" - owner "www-data" - group "www-data" - mode "755" - files_owner "www-data" - files_group "www-data" - files_mode "755" - purge false -end - -apache_module "dav" do - package "apache2" -end - -apache_module "dav_fs" do - package "apache2" -end - -apache_module "dav_svn" do - package "libapache2-mod-svn" -end - -apache_module "authz_svn" do - package "libapache2-mod-svn" -end +apache_module "rewrite" ssl_certificate "svn.openstreetmap.org" do domains ["svn.openstreetmap.org", "svn.osm.org"] @@ -57,13 +28,5 @@ end apache_site "svn.openstreetmap.org" do template "apache.erb" - directory repository_directory - variables :realm => "Subversion Repository", :password_file => "/etc/apache2/svn.passwd", :aliases => ["svn.osm.org"] -end - -template "/etc/cron.daily/svn-backup" do - source "backup.cron.erb" - owner "root" - group "root" - mode "755" + variables :aliases => ["svn.osm.org"] end diff --git a/cookbooks/subversion/templates/default/apache.erb b/cookbooks/subversion/templates/default/apache.erb index cadae8b08..8a729206d 100644 --- a/cookbooks/subversion/templates/default/apache.erb +++ b/cookbooks/subversion/templates/default/apache.erb @@ -4,32 +4,18 @@ ServerName <%= @name %> ServerAdmin webmaster@openstreetmap.org - Protocols http/1.1 - SSLEngine on SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key CustomLog /var/log/apache2/<%= @name %>-access.log combined - CustomLog /var/log/apache2/<%= @name %>-svn-access.log "%h %t %u %{SVN-ACTION}e" env=SVN-ACTION ErrorLog /var/log/apache2/<%= @name %>-error.log - - DAV svn - SVNPath <%= @directory %> - SVNIndexXSLT /svnindex.xsl - - LimitXMLRequestBody 0 - LimitRequestBody 0 + RedirectPermanent /applications/editors/josm/plugins/cadastre-fr/images/cadastre_small.png https://raw.githubusercontent.com/openstreetmap/svn-archive/main/applications/editors/josm/plugins/cadastre-fr/images/cadastre_small.png - - Require all granted - + RewriteEngine on + RewriteRule ^/?(.*) https://github.com/openstreetmap/svn-archive [QSD,L,R=permanent] - - Require all denied - - <% unless @aliases.empty? -%> diff --git a/cookbooks/subversion/templates/default/backup.cron.erb b/cookbooks/subversion/templates/default/backup.cron.erb deleted file mode 100644 index d82348da8..000000000 --- a/cookbooks/subversion/templates/default/backup.cron.erb +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -# DO NOT EDIT - This file is being maintained by Chef - -T=$(mktemp -d -t -p /var/tmp svn.XXXXXXXXXX) -D=$(date +%Y-%m-%d) -B=svn-$D.tar.gz - -nice svnadmin hotcopy /var/lib/subversion/repos/openstreetmap $T/svn-$D > /dev/null - -export RSYNC_RSH="ssh -ax" - -nice tar --create --directory=$T svn-$D | nice gzip --rsyncable -9 > $T/$B -nice rsync --preallocate --fuzzy $T/$B backup::backup - -rm -rf $T diff --git a/cookbooks/tile/attributes/default.rb b/cookbooks/tile/attributes/default.rb index ec7dc38a4..a44aa1455 100644 --- a/cookbooks/tile/attributes/default.rb +++ b/cookbooks/tile/attributes/default.rb @@ -8,7 +8,7 @@ default[:tile][:database][:tag_transform_script] = nil default[:tile][:mapnik] = "3.1" -default[:tile][:replication][:url] = "https://planet.osm.org/replication/minute/" +default[:tile][:replication][:url] = "https://planet.openstreetmap.org/replication/minute/" default[:tile][:data] = {} default[:tile][:styles] = {} diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb index 097b98c19..4de4200bc 100644 --- a/cookbooks/tile/recipes/default.rb +++ b/cookbooks/tile/recipes/default.rb @@ -157,6 +157,7 @@ end package %w[ python3-cairo python3-mapnik + python3-pyproj python3-setuptools ] diff --git a/cookbooks/tile/templates/default/export.erb b/cookbooks/tile/templates/default/export.erb index b8075a17a..8fa4672b9 100644 --- a/cookbooks/tile/templates/default/export.erb +++ b/cookbooks/tile/templates/default/export.erb @@ -7,6 +7,7 @@ import http.cookies import mapnik import os import pyotp +import pyproj import resource import shutil import signal @@ -108,7 +109,7 @@ elif "format" not in form: output_error("No format specified") else: # Create projection object - prj = mapnik.Projection("+proj=merc +a=6378137 +b=6378137 +lat_ts=0.0 +lon_0=0.0 +x_0=0.0 +y_0=0 +k=1.0 +units=m +nadgrids=@null +no_defs +over"); + transformer = pyproj.Transformer.from_crs("EPSG:4326", "EPSG:3857", always_xy=True) # Get the bounds of the area to render bbox = [float(x) for x in form.getvalue("bbox").split(",")] @@ -118,7 +119,8 @@ else: output_error("Invalid bounding box") else: # Project the bounds to the map projection - bbox = mapnik.forward_(mapnik.Box2d(*bbox), prj) + bbox = mapnik.Box2d(*transformer.transform(bbox[0], bbox[1]), + *transformer.transform(bbox[2], bbox[3])) # Get the style to use style = form.getvalue("style", "default") diff --git a/cookbooks/trac/files/default/trac-authenticate b/cookbooks/trac/files/default/trac-authenticate deleted file mode 100755 index a25563736..000000000 --- a/cookbooks/trac/files/default/trac-authenticate +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/ruby - -require "net/http" -require "uri" - -user = gets.chop -pass = gets.chop - -request = Net::HTTP::Get.new("/api/0.6/user/details") -request.basic_auth user, pass - -response = Net::HTTP.start("api.openstreetmap.org", :use_ssl => true) do |http| - http.request(request) -end - -exit!(0) if response.is_a?(Net::HTTPSuccess) -exit!(1) diff --git a/cookbooks/trac/templates/default/apache.erb b/cookbooks/trac/templates/default/apache.erb index 199be20d6..079e260da 100644 --- a/cookbooks/trac/templates/default/apache.erb +++ b/cookbooks/trac/templates/default/apache.erb @@ -47,6 +47,5 @@ RewriteEngine on RewriteMap tickets txt:/srv/trac.openstreetmap.org/tickets.map RewriteRule ^/ticket/(\d+)$ https://github.com/openstreetmap/trac-tickets/issues/${tickets:$1} - - RedirectPermanent / https://github.com/openstreetmap/trac-tickets + RewriteRule ^/?(.*) https://github.com/openstreetmap/trac-tickets [QSD,L,R=permanent] diff --git a/roles/dulcy.rb b/roles/dulcy.rb index c6f34b1cb..00592b8c8 100644 --- a/roles/dulcy.rb +++ b/roles/dulcy.rb @@ -32,13 +32,13 @@ default_attributes( :settings => { :defaults => { :work_mem => "240MB", - :fsync => "off", + :fsync => "on", :effective_io_concurrency => "500" } } }, :nominatim => { - :state => "off", + :state => "standalone", :dbcluster => "14/main", :postgis => "3", :flatnode_file => "/ssd/nominatim/nodes.store", diff --git a/roles/longma.rb b/roles/longma.rb index f8ff9cd87..b67537fa5 100644 --- a/roles/longma.rb +++ b/roles/longma.rb @@ -36,13 +36,13 @@ default_attributes( :defaults => { :max_connections => "550", :work_mem => "240MB", - :fsync => "on", + :fsync => "off", :effective_io_concurrency => "500" } } }, :nominatim => { - :state => "standalone", + :state => "off", :dbcluster => "14/main", :postgis => "3", :enable_qa_tiles => true, @@ -58,5 +58,5 @@ default_attributes( run_list( "role[equinix-dub]", - "role[nominatim]" + "role[nominatim-v4]" ) diff --git a/roles/tile.rb b/roles/tile.rb index 76ef4b49c..2de49372c 100644 --- a/roles/tile.rb +++ b/roles/tile.rb @@ -92,7 +92,7 @@ default_attributes( :styles => { :default => { :repository => "https://github.com/gravitystorm/openstreetmap-carto.git", - :revision => "v5.5.0", + :revision => "v5.5.1", :max_zoom => 19 } } diff --git a/test/data_bags/accounts/community.json b/test/data_bags/accounts/community.json new file mode 100644 index 000000000..b4b5fd3eb --- /dev/null +++ b/test/data_bags/accounts/community.json @@ -0,0 +1,5 @@ +{ + "id": "community", + "uid": "527", + "comment": "Community" +} diff --git a/test/data_bags/accounts/overpass.json b/test/data_bags/accounts/overpass.json new file mode 100644 index 000000000..7aa7c2ba2 --- /dev/null +++ b/test/data_bags/accounts/overpass.json @@ -0,0 +1,6 @@ +{ + "id": "overpass", + "uid": "528", + "comment": "query.openstreetmap.org", + "home": "/srv/query.openstreetmap.org" +} diff --git a/test/data_bags/community/passwords.json b/test/data_bags/community/passwords.json new file mode 100644 index 000000000..486dded9e --- /dev/null +++ b/test/data_bags/community/passwords.json @@ -0,0 +1,7 @@ +{ + "id": "passwords", + "database": "database", + "oauth2_client_id": "oauth2_client_id", + "oauth2_secret": "oauth2_secret", + "mail_receiver_api_key": "mail_receiver_api_key" +} diff --git a/test/integration/community/serverspec/docker_spec.rb b/test/integration/community/serverspec/docker_spec.rb new file mode 100644 index 000000000..de7c426d2 --- /dev/null +++ b/test/integration/community/serverspec/docker_spec.rb @@ -0,0 +1,13 @@ +require "serverspec" + +# Required by serverspec +set :backend, :exec + +describe package("docker-ce") do + it { should be_installed } +end + +describe service("docker") do + it { should be_enabled } + it { should be_running } +end diff --git a/test/integration/community/serverspec/http_spec.rb b/test/integration/community/serverspec/http_spec.rb new file mode 100644 index 000000000..3f445b0ab --- /dev/null +++ b/test/integration/community/serverspec/http_spec.rb @@ -0,0 +1,12 @@ +require "serverspec" + +# Required by serverspec +set :backend, :exec + +describe port(80) do + it { should be_listening.with("tcp") } +end + +describe port(443) do + it { should be_listening.with("tcp") } +end diff --git a/test/integration/docker/serverspec/docker_spec.rb b/test/integration/docker/serverspec/docker_spec.rb new file mode 100644 index 000000000..de7c426d2 --- /dev/null +++ b/test/integration/docker/serverspec/docker_spec.rb @@ -0,0 +1,13 @@ +require "serverspec" + +# Required by serverspec +set :backend, :exec + +describe package("docker-ce") do + it { should be_installed } +end + +describe service("docker") do + it { should be_enabled } + it { should be_running } +end diff --git a/test/integration/overpass/serverspec/apache_spec.rb b/test/integration/overpass/serverspec/apache_spec.rb new file mode 100644 index 000000000..446d3b915 --- /dev/null +++ b/test/integration/overpass/serverspec/apache_spec.rb @@ -0,0 +1,21 @@ +require "serverspec" + +# Required by serverspec +set :backend, :exec + +describe package("apache2") do + it { should be_installed } +end + +describe service("apache2") do + it { should be_enabled } + it { should be_running } +end + +describe port(80) do + it { should be_listening.with("tcp") } +end + +describe port(443) do + it { should be_listening.with("tcp") } +end