5 # Copyright:: 2015, OpenStreetMap Foundation
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # https://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
20 include_recipe "accounts"
21 include_recipe "munin"
23 basedir = data_bag_item("accounts", "nominatim")["home"]
24 email_errors = data_bag_item("accounts", "lonvia")["email"]
33 directory node[:nominatim][:logdir] do
40 file "#{node[:nominatim][:logdir]}/query.log" do
41 action :create_if_missing
47 file "#{node[:nominatim][:logdir]}/update.log" do
48 action :create_if_missing
54 # exception granted for a limited time so that they can set up their own server
55 firewall_rule "increase-limits-gnome-proxy" do
58 source "net:8.43.85.23"
62 rate_limit "s:10/sec:30"
67 include_recipe "postgresql"
69 postgresql_version = node[:nominatim][:dbcluster].split("/").first
70 postgis_version = node[:nominatim][:postgis]
72 package "postgresql-#{postgresql_version}-postgis-#{postgis_version}"
74 node[:nominatim][:dbadmins].each do |user|
75 postgresql_user user do
76 cluster node[:nominatim][:dbcluster]
78 only_if { node[:nominatim][:state] != "slave" }
82 postgresql_user "nominatim" do
83 cluster node[:nominatim][:dbcluster]
85 only_if { node[:nominatim][:state] != "slave" }
88 postgresql_user "www-data" do
89 cluster node[:nominatim][:dbcluster]
90 only_if { node[:nominatim][:state] != "slave" }
93 postgresql_munin "nominatim" do
94 cluster node[:nominatim][:dbcluster]
95 database node[:nominatim][:dbname]
98 directory "#{basedir}/tablespaces" do
104 # Note: tablespaces must be exactly in the same location on each
105 # Nominatim instance when replication is in use. Therefore
106 # use symlinks to canonical directory locations.
107 node[:nominatim][:tablespaces].each do |name, location|
108 directory location do
115 link "#{basedir}/tablespaces/#{name}" do
119 postgresql_tablespace name do
120 cluster node[:nominatim][:dbcluster]
121 location "#{basedir}/tablespaces/#{name}"
125 if node[:nominatim][:state] == "master"
126 postgresql_user "replication" do
127 cluster node[:nominatim][:dbcluster]
128 password data_bag_item("nominatim", "passwords")["replication"]
132 directory node[:rsyncd][:modules][:archive][:path] do
138 template "/usr/local/bin/clean-db-nominatim" do
139 source "clean-db-nominatim.erb"
143 variables :archive_dir => node[:rsyncd][:modules][:archive][:path],
144 :update_stop_file => "#{basedir}/status/updates_disabled",
145 :streaming_clients => search(:node, "nominatim_state:slave").map { |slave| slave[:fqdn] }.join(" ")
159 libboost-filesystem-dev
176 source_directory = "#{basedir}/nominatim"
177 build_directory = "#{basedir}/bin"
179 directory build_directory do
186 # Normally syncing via chef is a bad idea because syncing might involve
187 # an update of database functions which should not be done while an update
188 # is ongoing. Therefore we sync in between update cycles. There is an
189 # exception for slaves: they get DB function updates from the master, so
190 # only the source code needs to be updated, which chef may do.
191 git source_directory do
192 action node[:nominatim][:state] == "slave" ? :sync : :checkout
193 repository node[:nominatim][:repository]
194 revision node[:nominatim][:revision]
195 enable_submodules true
198 not_if { node[:nominatim][:state] != "slave" && File.exist?("#{source_directory}/README.md") }
199 notifies :run, "execute[compile_nominatim]", :immediately
202 execute "compile_nominatim" do
206 command "cmake #{source_directory} && make"
209 template "#{source_directory}/.git/hooks/post-merge" do
210 source "git-post-merge-hook.erb"
214 variables :srcdir => source_directory,
215 :builddir => build_directory,
216 :dbname => node[:nominatim][:dbname]
219 template "#{build_directory}/settings/local.php" do
220 source "settings.erb"
224 variables :base_url => node[:nominatim][:state] == "off" ? node[:fqdn] : "nominatim.openstreetmap.org",
225 :dbname => node[:nominatim][:dbname],
226 :flatnode_file => node[:nominatim][:flatnode_file],
227 :log_file => "#{node[:nominatim][:logdir]}/query.log"
230 if node[:nominatim][:flatnode_file]
231 directory File.dirname(node[:nominatim][:flatnode_file]) do
236 template "/etc/logrotate.d/nominatim" do
237 source "logrotate.nominatim.erb"
244 "wikimedia-importance.sql.gz",
245 "gb_postcode_data.sql.gz"
248 external_data.each do |fname|
249 remote_file "#{source_directory}/data/#{fname}" do
250 action :create_if_missing
251 source "https://www.nominatim.org/data/#{fname}"
258 remote_file "#{source_directory}/data/country_osm_grid.sql.gz" do
259 action :create_if_missing
260 source "https://www.nominatim.org/data/country_grid.sql.gz"
266 template "/etc/cron.d/nominatim" do
267 action node[:nominatim][:state] == "off" ? :delete : :create
268 source "nominatim.cron.erb"
272 variables :bin_directory => "#{source_directory}/utils",
273 :mailto => email_errors,
274 :update_maintenance_trigger => "#{basedir}/status/update_maintenance"
277 template "#{source_directory}/utils/nominatim-update" do
282 variables :bindir => build_directory,
283 :srcdir => source_directory,
284 :logfile => "#{node[:nominatim][:logdir]}/update.log",
285 :branch => node[:nominatim][:revision],
286 :update_stop_file => "#{basedir}/status/updates_disabled",
287 :update_maintenance_trigger => "#{basedir}/status/update_maintenance"
290 template "/etc/init.d/nominatim-update" do
291 source "updater.init.erb"
295 variables :source_directory => source_directory
298 %w[backup-nominatim vacuum-db-nominatim].each do |fname|
299 template "/usr/local/bin/#{fname}" do
300 source "#{fname}.erb"
304 variables :db => node[:nominatim][:dbname]
308 ## webserver frontend
310 directory "#{basedir}/etc" do
316 %w[user_agent referrer email].each do |name|
317 file "#{basedir}/etc/nginx_blocked_#{name}.conf" do
318 action :create_if_missing
325 service "php7.2-fpm" do
326 action [:enable, :start]
327 supports :status => true, :restart => true, :reload => true
330 node[:nominatim][:fpm_pools].each do |name, data|
331 template "/etc/php/7.2/fpm/pool.d/#{name}.conf" do
332 source "fpm.conf.erb"
336 variables data.merge(:name => name)
337 notifies :reload, "service[php7.2-fpm]"
341 ssl_certificate node[:fqdn] do
342 domains [node[:fqdn],
343 "nominatim.openstreetmap.org",
345 "nominatim.openstreetmap.com",
346 "nominatim.openstreetmap.net",
347 "nominatim.openstreetmaps.org",
348 "nominatim.openmaps.org"]
349 notifies :reload, "service[nginx]"
356 include_recipe "nginx"
358 nginx_site "default" do
362 nginx_site "nominatim" do
364 directory build_directory
365 variables :pools => node[:nominatim][:fpm_pools],
366 :frontends => search(:node, "recipes:web\\:\\:frontend"),
367 :confdir => "#{basedir}/etc"
370 template "/etc/logrotate.d/nginx" do
371 source "logrotate.nginx.erb"
377 munin_plugin_conf "nominatim" do
379 variables :db => node[:nominatim][:dbname],
380 :querylog => "#{node[:nominatim][:logdir]}/query.log"
383 munin_plugin "nominatim_importlag" do
384 target "#{source_directory}/munin/nominatim_importlag"
387 munin_plugin "nominatim_query_speed" do
388 target "#{source_directory}/munin/nominatim_query_speed_querylog"
391 munin_plugin "nominatim_requests" do
392 target "#{source_directory}/munin/nominatim_requests_querylog"
395 directory "#{basedir}/status" do
401 include_recipe "fail2ban"
403 fail2ban_jail "nominatim_limit_req" do
404 filter "nginx-limit-req"
405 logpath "#{node[:nominatim][:logdir]}/nominatim.openstreetmap.org-error.log"
projects / chef.git / blob