From d52ea11424ee345aaa045e84cf4410db3b93694b Mon Sep 17 00:00:00 2001
From: Sarah Hoffmann <lonvia@denofr.de>
Date: Sun, 30 Jul 2023 11:55:53 +0200
Subject: [PATCH] nominatim: add deployment with python frontend

---
 cookbooks/nominatim/attributes/default.rb     |  1 +
 cookbooks/nominatim/recipes/default.rb        | 67 +++++++++++++++----
 .../nominatim/templates/default/nginx.erb     | 22 ++++--
 .../templates/default/nominatim.env.erb       |  2 +
 4 files changed, 74 insertions(+), 18 deletions(-)

diff --git a/cookbooks/nominatim/attributes/default.rb b/cookbooks/nominatim/attributes/default.rb
index c504739d8..6330ac690 100644
--- a/cookbooks/nominatim/attributes/default.rb
+++ b/cookbooks/nominatim/attributes/default.rb
@@ -14,6 +14,7 @@ default[:nominatim][:ui_repository] = "https://git.openstreetmap.org/public/nomi
 default[:nominatim][:ui_revision] = "master"
 default[:nominatim][:qa_repository] = "https://github.com/osm-search/Nominatim-Data-Analyser"
 default[:nominatim][:qa_revision] = "main"
+default[:nominatim][:api_flavour] = "php"
 
 default[:nominatim][:fpm_pools] = {
   "nominatim.openstreetmap.org" => {
diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 44bf649ea..67fce4feb 100644
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -19,9 +19,12 @@
 
 include_recipe "accounts"
 include_recipe "munin"
-include_recipe "php::fpm"
 include_recipe "prometheus"
 
+if node[:nominatim][:api_flavour] == "php"
+  include_recipe "php::fpm"
+end
+
 basedir = data_bag_item("accounts", "nominatim")["home"]
 email_errors = data_bag_item("accounts", "lonvia")["email"]
 
@@ -145,14 +148,25 @@ package %w[
   python3-sqlalchemy-ext
   python3-geoalchemy2
   python3-asyncpg
-  php-pgsql
-  php-intl
   ruby
   ruby-file-tail
   ruby-pg
   ruby-webrick
 ]
 
+if node[:nominatim][:api_flavour] == "php"
+  package %w[
+    php-pgsql
+    php-intl
+  ]
+elsif node[:nominatim][:api_flavour] == "python"
+  package %w[
+    gunicorn
+    uvicorn
+    python3-starlette
+  ]
+end
+
 source_directory = "#{basedir}/src/nominatim"
 build_directory = "#{basedir}/src/build"
 project_directory = "#{basedir}/planet-project"
@@ -183,7 +197,7 @@ if node[:nominatim][:flatnode_file]
   end
 end
 
-remote_directory "#{project_directory}/website" do
+remote_directory "#{project_directory}/static-website" do
   source "website"
   owner "nominatim"
   group "nominatim"
@@ -276,16 +290,41 @@ end
   end
 end
 
-node[:nominatim][:fpm_pools].each do |name, data|
-  php_fpm name do
-    port data[:port]
-    pm data[:pm]
-    pm_max_children data[:max_children]
-    pm_start_servers 20
-    pm_min_spare_servers 10
-    pm_max_spare_servers 20
-    pm_max_requests 10000
-    prometheus_port data[:prometheus_port]
+if node[:nominatim][:api_flavour] == "php"
+  node[:nominatim][:fpm_pools].each do |name, data|
+    php_fpm name do
+      port data[:port]
+      pm data[:pm]
+      pm_max_children data[:max_children]
+      pm_start_servers 20
+      pm_min_spare_servers 10
+      pm_max_spare_servers 20
+      pm_max_requests 10000
+      prometheus_port data[:prometheus_port]
+    end
+  end
+elsif node[:nominatim][:api_flavour] == "python"
+  systemd_service "nominatim" do
+    description "Nominatim running as a gunicorn application"
+    user "www-data"
+    group "www-data"
+    working_directory project_directory
+    standard_output "append:#{node[:nominatim][:logdir]}/gunicorn.log"
+    standard_error "inherit"
+    exec_start "/usr/bin/gunicorn -b unix:/run/gunicorn-nominatim.openstreetmap.org.sock -w 10 -k uvicorn.workers.UvicornWorker nominatim.server.starlette.server:run_wsgi"
+    exec_reload "/bin/kill -s HUP $MAINPID"
+    environment :PYTHONPATH => "/usr/local/lib/nominatim/lib-python/"
+    kill_mode "mixed"
+    timeout_stop_sec 5
+    private_tmp true
+    requires "nominatim.socket"
+    after "network.target"
+  end
+
+  systemd_socket "nominatim" do
+    description "Gunicorn socket for Nominatim"
+    listen_stream "/run/gunicorn-nominatim.openstreetmap.org.sock"
+    socket_user "www-data"
   end
 end
 
diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index 6f355dd11..3d7d0e19c 100644
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -1,5 +1,9 @@
 upstream nominatim_service {
-  server unix:/run/php/php-nominatim.openstreetmap.org-fpm.sock;
+<% if node[:nominatim][:api_flavour] == "php" %>
+  server unix:/run/php/php-nominatim.openstreetmap.org-fpm.sock fail_timeout=0;
+<% elsif node[:nominatim][:api_flavour] == "python"  %>
+  server unix:/run/gunicorn-nominatim.openstreetmap.org.sock fail_timeout=0;
+<% end -%>
 }
 
 map $uri $nominatim_script_name {
@@ -141,7 +145,7 @@ server {
     ssl_certificate /etc/ssl/certs/<%= node[:fqdn] %>.pem;
     ssl_certificate_key /etc/ssl/private/<%= node[:fqdn] %>.key;
 
-    root <%= @directory %>/website;
+    root <%= @directory %>/static-website;
     index search.php;
 
     access_log <%= node[:nominatim][:logdir] %>/nominatim.openstreetmap.org-access.log combined;
@@ -191,16 +195,25 @@ server {
         limit_req zone=tarpit burst=5;
         limit_req zone=reverse burst=5;
         limit_req_status 429;
+<% if node[:nominatim][:api_flavour] == "php" %>
         fastcgi_pass nominatim_service;
         include fastcgi_params;
         fastcgi_param QUERY_STRING    $args;
         fastcgi_param PATH_INFO       "$nominatim_path_info";
-        fastcgi_param SCRIPT_FILENAME  "$document_root/$nominatim_script_name";
+        fastcgi_param SCRIPT_FILENAME  "<%= @directory %>/website/$nominatim_script_name";
+<% elsif node[:nominatim][:api_flavour] == "python" %>
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_redirect off;
+        proxy_pass http://nominatim_service;
+<% end -%>
         if ($forward_to_ui) {
             rewrite ^(/[^/]*) https://$host/ui$1.html redirect;
         }
     }
 
+<% if node[:nominatim][:api_flavour] == "php" %>
     location ~* \.php$ {
         if ($blocked_user_agent ~ ^2$)
         { return 403; }
@@ -216,10 +229,11 @@ server {
         limit_req_status 429;
         fastcgi_pass    nominatim_service;
         include         fastcgi_params;
-        fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+        fastcgi_param   SCRIPT_FILENAME    <%= @directory %>/website/$fastcgi_script_name;
 
         if ($forward_to_ui) {
             rewrite (.*).php https://$host/ui$1.html redirect;
         }
     }
+<% end -%>
 }
diff --git a/cookbooks/nominatim/templates/default/nominatim.env.erb b/cookbooks/nominatim/templates/default/nominatim.env.erb
index 239208500..929f6a0aa 100644
--- a/cookbooks/nominatim/templates/default/nominatim.env.erb
+++ b/cookbooks/nominatim/templates/default/nominatim.env.erb
@@ -7,6 +7,8 @@ NOMINATIM_MAPICON_URL="https://<%= @base_url %>/ui/mapicons"
 NOMINATIM_FLATNODE_FILE="<%= @flatnode_file %>"
 <% end -%>
 
+NOMINATIM_SERVE_LEGACY_URLS=yes
+
 NOMINATIM_IMPORT_STYLE=extratags
 
 NOMINATIM_USE_US_TIGER_DATA=yes
-- 
2.39.5