From: Tom Hughes <tom@compton.nu>
Date: Sat, 14 Jan 2023 16:43:39 +0000 (+0000)
Subject: Merge remote-tracking branch 'github/pull/561'
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/cf074f83728ffa2fdc43cf10f0dca5a4b443a29e?hp=4323d72b09639e374e04ca0eef29a567226f7d60

Merge remote-tracking branch 'github/pull/561'
---

diff --git a/.github/workflows/test-kitchen.yml b/.github/workflows/test-kitchen.yml
index 76305aaa2..e1ddf7221 100644
--- a/.github/workflows/test-kitchen.yml
+++ b/.github/workflows/test-kitchen.yml
@@ -39,6 +39,11 @@ jobs:
           - exim
           - fail2ban
           - forum
+          - foundation-board
+          - foundation-dwg
+          - foundation-mwg
+          - foundation-owg
+          - foundation-wiki
           - ftp
           - geodns
           - geoipupdate
diff --git a/.kitchen.yml b/.kitchen.yml
index 830cc04c5..476301516 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -127,6 +127,21 @@ suites:
   - name: forum
     run_list:
       - recipe[forum::default]
+  - name: foundation-board
+    run_list:
+      - recipe[foundation::board]
+  - name: foundation-dwg
+    run_list:
+      - recipe[foundation::dwg]
+  - name: foundation-mwg
+    run_list:
+      - recipe[foundation::mwg]
+  - name: foundation-owg
+    run_list:
+      - recipe[foundation::owg]
+  - name: foundation-wiki
+    run_list:
+      - recipe[foundation::wiki]
   - name: ftp
     run_list:
       - recipe[ftp::default]
diff --git a/cookbooks/apt/recipes/grafana.rb b/cookbooks/apt/recipes/grafana.rb
index 5738c23d4..ef6531c1f 100644
--- a/cookbooks/apt/recipes/grafana.rb
+++ b/cookbooks/apt/recipes/grafana.rb
@@ -19,9 +19,15 @@
 
 include_recipe "apt"
 
+remote_file "/etc/apt/trusted.gpg.d/grafana.asc" do
+  source "https://packages.grafana.com/gpg.key"
+  owner "root"
+  group "root"
+  mode "644"
+end
+
 apt_repository "grafana" do
   uri "https://packages.grafana.com/enterprise/deb"
   distribution "stable"
   components ["main"]
-  key "https://packages.grafana.com/gpg.key"
 end
diff --git a/cookbooks/foundation/recipes/board.rb b/cookbooks/foundation/recipes/board.rb
index 5d47c0c51..e26570a8f 100644
--- a/cookbooks/foundation/recipes/board.rb
+++ b/cookbooks/foundation/recipes/board.rb
@@ -35,7 +35,7 @@ mediawiki_site "board.osmfoundation.org" do
   email_sender "webmaster@openstreetmap.org"
   email_sender_name "OSMF Board Wiki"
   private_site true
-  version "1.38"
+  version "1.39"
 end
 
 cookbook_file "/srv/board.osmfoundation.org/Wiki.png" do
diff --git a/cookbooks/foundation/recipes/dwg.rb b/cookbooks/foundation/recipes/dwg.rb
index 83e8846ba..30804082f 100644
--- a/cookbooks/foundation/recipes/dwg.rb
+++ b/cookbooks/foundation/recipes/dwg.rb
@@ -35,7 +35,7 @@ mediawiki_site "dwg.osmfoundation.org" do
   email_sender "webmaster@openstreetmap.org"
   email_sender_name "OSMF Board Wiki"
   private_site true
-  version "1.38"
+  version "1.39"
 end
 
 cookbook_file "/srv/dwg.osmfoundation.org/Wiki.png" do
diff --git a/cookbooks/foundation/recipes/mwg.rb b/cookbooks/foundation/recipes/mwg.rb
index 90791606d..21f464074 100644
--- a/cookbooks/foundation/recipes/mwg.rb
+++ b/cookbooks/foundation/recipes/mwg.rb
@@ -35,7 +35,7 @@ mediawiki_site "mwg.osmfoundation.org" do
   email_sender "webmaster@openstreetmap.org"
   email_sender_name "OSMF Board Wiki"
   private_site true
-  version "1.38"
+  version "1.39"
 end
 
 cookbook_file "/srv/mwg.osmfoundation.org/Wiki.png" do
diff --git a/cookbooks/foundation/recipes/wiki.rb b/cookbooks/foundation/recipes/wiki.rb
index 9764a0934..8096c3016 100644
--- a/cookbooks/foundation/recipes/wiki.rb
+++ b/cookbooks/foundation/recipes/wiki.rb
@@ -42,7 +42,7 @@ mediawiki_site "wiki.osmfoundation.org" do
   email_sender_name "OSMF Wiki"
   private_accounts true
   extra_file_extensions ["mp3"]
-  version "1.38"
+  version "1.39"
 end
 
 mediawiki_skin "osmf" do
diff --git a/cookbooks/mediawiki/resources/extension.rb b/cookbooks/mediawiki/resources/extension.rb
index 4e44f18c2..6240f6e87 100644
--- a/cookbooks/mediawiki/resources/extension.rb
+++ b/cookbooks/mediawiki/resources/extension.rb
@@ -84,17 +84,6 @@ action :create do
       mode "664"
     end
   end
-
-  execute "#{extension_directory}/composer.json" do
-    action :nothing
-    command "composer update --no-dev"
-    cwd mediawiki_directory
-    user node[:mediawiki][:user]
-    group node[:mediawiki][:group]
-    environment "COMPOSER_HOME" => site_directory
-    only_if { ::File.exist?("#{extension_directory}/composer.json") }
-    subscribes :run, "git[#{extension_directory}]"
-  end
 end
 
 action :delete do
@@ -131,12 +120,5 @@ action_class do
 end
 
 def after_created
-  if update_site
-    notifies :update, "mediawiki_site[#{site}]"
-  else
-    site_directory = node[:mediawiki][:sites][site][:directory]
-
-    notifies :create, "template[#{site_directory}/w/LocalSettings.php]"
-    notifies :run, "execute[#{site_directory}/w/maintenance/update.php]"
-  end
+  notifies :update, "mediawiki_site[#{site}]" if update_site
 end
diff --git a/cookbooks/mediawiki/resources/site.rb b/cookbooks/mediawiki/resources/site.rb
index 8be994ee3..f27c150f5 100644
--- a/cookbooks/mediawiki/resources/site.rb
+++ b/cookbooks/mediawiki/resources/site.rb
@@ -59,8 +59,6 @@ action :create do
     :version => new_resource.version
   }
 
-  secret_key = persistent_token("mediawiki", new_resource.site, "wgSecretKey")
-
   mysql_user "#{new_resource.database_user}@localhost" do
     password new_resource.database_password
   end
@@ -71,13 +69,6 @@ action :create do
 
   mediawiki_directory = "#{site_directory}/w"
 
-  ruby_block "rename-installer-localsettings" do
-    action :nothing
-    block do
-      ::File.rename("#{mediawiki_directory}/LocalSettings.php", "#{mediawiki_directory}/LocalSettings-install.php")
-    end
-  end
-
   declare_resource :directory, site_directory do
     owner node[:mediawiki][:user]
     group node[:mediawiki][:group]
@@ -97,9 +88,6 @@ action :create do
     depth 1
     user node[:mediawiki][:user]
     group node[:mediawiki][:group]
-    notifies :run, "execute[#{mediawiki_directory}/composer.json]", :immediately
-    notifies :run, "execute[#{mediawiki_directory}/maintenance/install.php]", :immediately
-    notifies :run, "execute[#{mediawiki_directory}/maintenance/update.php]"
   end
 
   template "#{mediawiki_directory}/composer.local.json" do
@@ -111,44 +99,21 @@ action :create do
   end
 
   execute "#{mediawiki_directory}/composer.json" do
-    action :nothing
     command "composer update --no-dev"
     cwd mediawiki_directory
     user node[:mediawiki][:user]
     group node[:mediawiki][:group]
     environment "COMPOSER_HOME" => site_directory
+    not_if { ::File.exist?("#{mediawiki_directory}/composer.lock") }
   end
 
   execute "#{mediawiki_directory}/maintenance/install.php" do
-    action :nothing
     # Use metanamespace as Site Name to ensure correct set namespace
     command "php maintenance/install.php --server '#{name}' --dbtype 'mysql' --dbname '#{new_resource.database_name}' --dbuser '#{new_resource.database_user}' --dbpass '#{new_resource.database_password}' --dbserver 'localhost' --scriptpath /w --pass '#{new_resource.admin_password}' '#{new_resource.metanamespace}' '#{new_resource.admin_user}'"
     cwd mediawiki_directory
     user node[:mediawiki][:user]
     group node[:mediawiki][:group]
-    not_if do
-      ::File.exist?("#{mediawiki_directory}/LocalSettings-install.php")
-    end
-    notifies :run, "ruby_block[rename-installer-localsettings]", :immediately
-  end
-
-  execute "#{mediawiki_directory}/maintenance/update.php" do
-    action :nothing
-    command "php maintenance/update.php --quick"
-    cwd mediawiki_directory
-    user node[:mediawiki][:user]
-    group node[:mediawiki][:group]
-  end
-
-  # Safety catch if git doesn't update but install.php hasn't run
-  ruby_block "catch-installer-localsettings-run" do
-    action :run
-    block do
-    end
-    not_if do
-      ::File.exist?("#{mediawiki_directory}/LocalSettings-install.php")
-    end
-    notifies :run, "execute[#{mediawiki_directory}/maintenance/install.php]", :immediately
+    not_if { ::File.exist?("#{mediawiki_directory}/LocalSettings.php") }
   end
 
   declare_resource :directory, "#{mediawiki_directory}/images" do
@@ -180,23 +145,26 @@ action :create do
               :database_params => database_params,
               :mediawiki => mediawiki_params,
               :secret_key => secret_key
-    notifies :run, "execute[#{mediawiki_directory}/maintenance/update.php]"
   end
 
   service "mediawiki-sitemap@#{new_resource.site}.timer" do
     action [:enable, :start]
+    only_if { ::File.exist?("#{mediawiki_directory}/LocalSettings.php") }
   end
 
   service "mediawiki-jobs@#{new_resource.site}.timer" do
     action [:enable, :start]
+    only_if { ::File.exist?("#{mediawiki_directory}/LocalSettings.php") }
   end
 
   service "mediawiki-email-jobs@#{new_resource.site}.timer" do
     action [:enable, :start]
+    only_if { ::File.exist?("#{mediawiki_directory}/LocalSettings.php") }
   end
 
   service "mediawiki-refresh-links@#{new_resource.site}.timer" do
     action [:enable, :start]
+    only_if { ::File.exist?("#{mediawiki_directory}/LocalSettings.php") }
   end
 
   template "/etc/cron.daily/mediawiki-#{cron_name}-backup" do
@@ -208,12 +176,14 @@ action :create do
     variables :name => new_resource.site,
               :directory => site_directory,
               :database_params => database_params
+    only_if { ::File.exist?("#{mediawiki_directory}/LocalSettings.php") }
   end
 
   # MobileFrontend extension is required by MinervaNeue skin
   mediawiki_extension "MobileFrontend" do
     site new_resource.site
     template "mw-ext-MobileFrontend.inc.php.erb"
+    update_site false
   end
 
   # MobileFrontend extension is required by MinervaNeue skin
@@ -534,6 +504,14 @@ end
 action :update do
   mediawiki_directory = "#{site_directory}/w"
 
+  execute "#{mediawiki_directory}/composer.json" do
+    command "composer update --no-dev"
+    cwd mediawiki_directory
+    user node[:mediawiki][:user]
+    group node[:mediawiki][:group]
+    environment "COMPOSER_HOME" => site_directory
+  end
+
   template "#{mediawiki_directory}/LocalSettings.php" do
     cookbook "mediawiki"
     source "LocalSettings.php.erb"
@@ -543,8 +521,8 @@ action :update do
     variables :name => new_resource.site,
               :directory => mediawiki_directory,
               :database_params => database_params,
-              :mediawiki => mediawiki_params
-    notifies :run, "execute[#{mediawiki_directory}/maintenance/update.php]"
+              :mediawiki => mediawiki_params,
+              :secret_key => secret_key
   end
 
   execute "#{mediawiki_directory}/maintenance/update.php" do
@@ -624,8 +602,13 @@ action_class do
       :private_site => new_resource.private_site
     }
   end
+
+  def secret_key
+    persistent_token("mediawiki", new_resource.site, "wgSecretKey")
+  end
 end
 
 def after_created
+  notifies :update, "mediawiki_site[#{site}]"
   notifies :reload, "service[apache2]" if reload_apache
 end
diff --git a/cookbooks/mediawiki/resources/skin.rb b/cookbooks/mediawiki/resources/skin.rb
index 3153fa91a..15ab63946 100644
--- a/cookbooks/mediawiki/resources/skin.rb
+++ b/cookbooks/mediawiki/resources/skin.rb
@@ -121,12 +121,5 @@ action_class do
 end
 
 def after_created
-  if update_site
-    notifies :update, "mediawiki_site[#{site}]"
-  else
-    site_directory = node[:mediawiki][:sites][site][:directory]
-
-    notifies :create, "template[#{site_directory}/w/LocalSettings.php]"
-    notifies :run, "execute[#{site_directory}/w/maintenance/update.php]"
-  end
+  notifies :update, "mediawiki_site[#{site}]" if update_site
 end
diff --git a/cookbooks/wiki/recipes/default.rb b/cookbooks/wiki/recipes/default.rb
index 2485932b3..58836b54f 100644
--- a/cookbooks/wiki/recipes/default.rb
+++ b/cookbooks/wiki/recipes/default.rb
@@ -107,6 +107,19 @@ mediawiki_extension "MultiMaps" do
   template "mw-ext-MultiMaps.inc.php.erb"
   template_cookbook "wiki"
   variables :thunderforest_key => passwords["thunderforest"]
+  action :delete
+end
+
+mediawiki_extension "JsonConfig" do
+  site "wiki.openstreetmap.org"
+  template "mw-ext-JsonConfig.inc.php.erb"
+  template_cookbook "wiki"
+end
+
+mediawiki_extension "Kartographer" do
+  site "wiki.openstreetmap.org"
+  template "mw-ext-Kartographer.inc.php.erb"
+  template_cookbook "wiki"
 end
 
 cookbook_file "/srv/wiki.openstreetmap.org/osm_logo_wiki.png" do
diff --git a/cookbooks/wiki/templates/default/mw-ext-JsonConfig.inc.php.erb b/cookbooks/wiki/templates/default/mw-ext-JsonConfig.inc.php.erb
new file mode 100644
index 000000000..b3c666b46
--- /dev/null
+++ b/cookbooks/wiki/templates/default/mw-ext-JsonConfig.inc.php.erb
@@ -0,0 +1,6 @@
+<?php
+# DO NOT EDIT - This file is being maintained by Chef
+
+# JsonConfig is a requirement for Kartographer extension
+wfLoadExtension( 'JsonConfig' );
+
diff --git a/cookbooks/wiki/templates/default/mw-ext-Kartographer.inc.php.erb b/cookbooks/wiki/templates/default/mw-ext-Kartographer.inc.php.erb
new file mode 100644
index 000000000..60cba9a0b
--- /dev/null
+++ b/cookbooks/wiki/templates/default/mw-ext-Kartographer.inc.php.erb
@@ -0,0 +1,8 @@
+<?php
+# DO NOT EDIT - This file is being maintained by Chef
+
+wfLoadExtension( 'Kartographer' );
+$wgKartographerMapServer = 'https://tile.openstreetmap.org';
+$wgKartographerDfltStyle = '';
+$wgKartographerStyles = [];
+
diff --git a/cookbooks/wiki/templates/default/mw-ext-MultiMaps.inc.php.erb b/cookbooks/wiki/templates/default/mw-ext-MultiMaps.inc.php.erb
deleted file mode 100644
index ddcfb62a7..000000000
--- a/cookbooks/wiki/templates/default/mw-ext-MultiMaps.inc.php.erb
+++ /dev/null
@@ -1,37 +0,0 @@
-<?php
-# DO NOT EDIT - This file is being maintained by Chef
-
-require_once "$IP/extensions/MultiMaps/MultiMaps.php";
-
-# Array of String. Array containing all the mapping services that will be made available to the user.
-# First value - default service, which will be used if the service is not in the parameters
-# Values may be a valid name of class based on class BaseMapService or some string and an array if they
-# denote different tiles within a BaseMapService
-$egMultiMaps_MapServices = [
-  'Leaflet',
-  'cyclosm' => [
-    'service' => 'Leaflet',
-    'attribution' => '&copy; <a href="https://osm.org/copyright">OpenStreetMap contributors</a>. Tiles style by <a href="https://www.cyclosm.org/" target="_blank">CyclOSM</a> hosted by <a href="https://openstreetmap.fr/" target="_blank">OpenStreetMap France</a>',
-    'source' => 'https://{s}.tile-cyclosm.openstreetmap.fr/cyclosm/{z}/{x}/{y}.png',
-  ],
-  'cycle' => [
-    'service' => 'Leaflet',
-    'attribution' => '&copy; <a href="https://osm.org/copyright">OpenStreetMap contributors</a>. Tiles courtesy of <a href="https://www.thunderforest.com/" target="_blank">Andy Allan</a>',
-    'source' => 'https://tile.thunderforest.com/cycle/{z}/{x}/{y}.png?apikey=<%= @thunderforest_key %>',
-  ],
-  'transport' => [
-    'service' => 'Leaflet',
-    'attribution' => '&copy; <a href="https://osm.org/copyright">OpenStreetMap contributors</a>. Tiles courtesy of <a href="https://www.thunderforest.com/" target="_blank">Andy Allan</a>',
-    'source' => 'https://tile.thunderforest.com/transport/{z}/{x}/{y}.png?apikey=<%= @thunderforest_key %>',
-  ],
-  'oepnv' => [
-    'service' => 'Leaflet',
-    'attribution' => '&copy; <a href="https://osm.org/copyright">OpenStreetMap contributors</a>. Tiles courtesy of <a href="https://memomaps.de/" target="_blank">MeMoMaps</a>',
-    'source' => 'https://tileserver.memomaps.de/tilegen/{z}/{x}/{y}.png',
-  ],
-  'humanitarian' => [
-    'service' => 'Leaflet',
-    'attribution' => '&copy; <a href="https://osm.org/copyright">OpenStreetMap contributors</a>. Tiles style by <a href="https://www.hotosm.org/" target="_blank">Humanitarian OpenStreetMap team</a> hosted by <a href="https://openstreetmap.fr/" target="_blank">OpenStreetMap France</a>',
-    'source' => 'https://tile.openstreetmap.fr/hot/{z}/{x}/{y}.png'
-  ],
-];
diff --git a/test/data_bags/foundation/passwords.json b/test/data_bags/foundation/passwords.json
new file mode 100644
index 000000000..b8b93caed
--- /dev/null
+++ b/test/data_bags/foundation/passwords.json
@@ -0,0 +1,19 @@
+{
+  "id": "passwords",
+  "wiki": {
+    "database": "database_password",
+    "admin": "admin_password"
+  },
+  "board": {
+    "database": "database_password",
+    "admin": "admin_password"
+  },
+  "dwg": {
+    "database": "database_password",
+    "admin": "admin_password"
+  },
+  "mwg": {
+    "database": "database_password",
+    "admin": "admin_password"
+  }
+}
diff --git a/test/integration/foundation-board/serverspec/apache_spec.rb b/test/integration/foundation-board/serverspec/apache_spec.rb
new file mode 100644
index 000000000..446d3b915
--- /dev/null
+++ b/test/integration/foundation-board/serverspec/apache_spec.rb
@@ -0,0 +1,21 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("apache2") do
+  it { should be_installed }
+end
+
+describe service("apache2") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+end
+
+describe port(443) do
+  it { should be_listening.with("tcp") }
+end
diff --git a/test/integration/foundation-dwg/serverspec/apache_spec.rb b/test/integration/foundation-dwg/serverspec/apache_spec.rb
new file mode 100644
index 000000000..446d3b915
--- /dev/null
+++ b/test/integration/foundation-dwg/serverspec/apache_spec.rb
@@ -0,0 +1,21 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("apache2") do
+  it { should be_installed }
+end
+
+describe service("apache2") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+end
+
+describe port(443) do
+  it { should be_listening.with("tcp") }
+end
diff --git a/test/integration/foundation-mwg/serverspec/apache_spec.rb b/test/integration/foundation-mwg/serverspec/apache_spec.rb
new file mode 100644
index 000000000..446d3b915
--- /dev/null
+++ b/test/integration/foundation-mwg/serverspec/apache_spec.rb
@@ -0,0 +1,21 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("apache2") do
+  it { should be_installed }
+end
+
+describe service("apache2") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+end
+
+describe port(443) do
+  it { should be_listening.with("tcp") }
+end
diff --git a/test/integration/foundation-owg/serverspec/apache_spec.rb b/test/integration/foundation-owg/serverspec/apache_spec.rb
new file mode 100644
index 000000000..446d3b915
--- /dev/null
+++ b/test/integration/foundation-owg/serverspec/apache_spec.rb
@@ -0,0 +1,21 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("apache2") do
+  it { should be_installed }
+end
+
+describe service("apache2") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+end
+
+describe port(443) do
+  it { should be_listening.with("tcp") }
+end
diff --git a/test/integration/foundation-wiki/serverspec/apache_spec.rb b/test/integration/foundation-wiki/serverspec/apache_spec.rb
new file mode 100644
index 000000000..446d3b915
--- /dev/null
+++ b/test/integration/foundation-wiki/serverspec/apache_spec.rb
@@ -0,0 +1,21 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("apache2") do
+  it { should be_installed }
+end
+
+describe service("apache2") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+end
+
+describe port(443) do
+  it { should be_listening.with("tcp") }
+end