5 # Copyright:: 2011, OpenStreetMap Foundation
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # https://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
21 require "securerandom"
23 include_recipe "apache"
24 include_recipe "passenger"
25 include_recipe "geoipupdate"
27 include_recipe "memcached"
28 include_recipe "mysql"
29 include_recipe "nodejs"
30 include_recipe "php::fpm"
31 include_recipe "podman"
32 include_recipe "postgresql"
33 include_recipe "python"
67 libboost-date-time-dev
69 libboost-filesystem-dev
71 libboost-program-options-dev
75 libbytes-random-secure-perl
159 # Add uk_os_OSTN15_NTv2_OSGBtoETRS.tif used for reprojecting OS data
160 execute "uk_os_OSTN15_NTv2_OSGBtoETRS.tif" do
161 command "projsync --file uk_os_OSTN15_NTv2_OSGBtoETRS.tif --system-directory"
162 not_if { ::File.exist?("/usr/share/proj/uk_os_OSTN15_NTv2_OSGBtoETRS.tif") }
165 nodejs_package "svgo"
168 apache_module "expires"
169 apache_module "headers"
170 apache_module "proxy"
171 apache_module "proxy_fcgi"
172 apache_module "rewrite"
173 apache_module "suexec"
174 apache_module "userdir"
176 apache_module "wsgi" do
177 package "libapache2-mod-wsgi-py3"
180 package "apache2-suexec-pristine"
185 pm_min_spare_servers 2
186 pm_max_spare_servers 6
193 directory "/srv/dev.openstreetmap.org" do
199 template "/srv/dev.openstreetmap.org/index.html" do
200 source "dev.html.erb"
206 ssl_certificate "dev.openstreetmap.org" do
207 domains ["dev.openstreetmap.org", "dev.osm.org"]
208 notifies :reload, "service[apache2]"
211 apache_site "dev.openstreetmap.org" do
212 template "apache.dev.erb"
217 template "/etc/phppgadmin/config.inc.php" do
218 source "phppgadmin.conf.erb"
224 file "/etc/apache2/conf.d/phppgadmin" do
228 ssl_certificate "phppgadmin.dev.openstreetmap.org" do
229 domains ["phppgadmin.dev.openstreetmap.org", "phppgadmin.dev.osm.org"]
230 notifies :reload, "service[apache2]"
233 apache_site "phppgadmin.dev.openstreetmap.org" do
234 template "apache.phppgadmin.erb"
237 search(:accounts, "*:*").each do |account|
239 details = node[:accounts][:users][name] || {}
241 next unless %w[user administrator].include?(details[:status])
243 user_home = details[:home] || account["home"] || "#{node[:accounts][:home]}/#{name}"
245 next unless File.directory?("#{user_home}/public_html")
252 pm_min_spare_servers 2
253 pm_max_spare_servers 6
254 pm_max_requests 10000
255 request_terminate_timeout 1800
256 environment "HOSTNAME" => "$HOSTNAME",
257 "PATH" => "/usr/local/bin:/usr/bin:/bin",
261 php_values "max_execution_time" => "300",
262 "memory_limit" => "128M",
263 "post_max_size" => "32M",
264 "upload_max_filesize" => "32M"
265 php_admin_values "sendmail_path" => "/usr/sbin/sendmail -t -i -f #{name}@dev.openstreetmap.org",
266 "open_basedir" => "/home/#{name}/:/tmp/:/usr/share/php/"
267 php_flags "display_errors" => "on"
270 ssl_certificate "#{name}.dev.openstreetmap.org" do
271 domains ["#{name}.dev.openstreetmap.org", "#{name}.dev.osm.org"]
272 notifies :reload, "service[apache2]"
275 apache_site "#{name}.dev.openstreetmap.org" do
276 template "apache.user.erb"
277 directory "#{user_home}/public_html"
278 variables :user => name
281 template "/etc/sudoers.d/#{name}" do
282 source "sudoers.user.erb"
286 variables :user => name
298 comment "apis.dev.openstreetmap.org"
299 home "/srv/apis.dev.openstreetmap.org"
300 shell "/usr/sbin/nologin"
304 node[:postgresql][:versions].each do |version|
305 package "postgresql-#{version}-postgis-3"
308 rails_cluster = node[:dev][:rails][:postgresql_cluster]
310 if node[:postgresql][:clusters][rails_cluster.to_sym]
311 postgresql_user "apis" do
312 cluster rails_cluster
315 template "/usr/local/bin/cleanup-rails-assets" do
317 source "cleanup-assets.erb"
323 systemd_service "rails-jobs@" do
324 description "Rails job queue runner"
326 environment_file "/etc/default/rails-%i"
328 working_directory "/srv/%i.apis.dev.openstreetmap.org/rails"
329 exec_start "#{node[:ruby][:bundle]} exec rails jobs:work"
332 sandbox :enable_network => true
333 restrict_address_families "AF_UNIX"
334 memory_deny_write_execute false
336 "/srv/%i.apis.dev.openstreetmap.org/logs",
337 "/srv/%i.apis.dev.openstreetmap.org/rails/storage"
341 systemd_service "cgimap@" do
342 description "OpenStreetMap API Server"
344 environment_file "/etc/default/cgimap-%i"
348 exec_start "/srv/%i.apis.dev.openstreetmap.org/cgimap/build/openstreetmap-cgimap --daemon --instances 5"
349 exec_reload "/bin/kill -HUP $MAINPID"
350 runtime_directory "cgimap-%i"
351 sandbox :enable_network => true
352 restrict_address_families "AF_UNIX"
353 read_write_paths ["/srv/%i.apis.dev.openstreetmap.org/logs", "/srv/%i.apis.dev.openstreetmap.org/rails/tmp"]
357 Dir.glob("/srv/*.apis.dev.openstreetmap.org").each do |dir|
358 node.default_unless[:dev][:rails][:sites][File.basename(dir).split(".").first] = {}
361 node[:dev][:rails][:sites].each do |name, details|
362 database_name = details[:database] || "apis_#{name}"
363 site_name = "#{name}.apis.dev.openstreetmap.org"
364 site_directory = "/srv/#{name}.apis.dev.openstreetmap.org"
365 log_directory = "#{site_directory}/logs"
366 rails_directory = "#{site_directory}/rails"
367 cgimap_directory = "#{site_directory}/cgimap"
368 gpx_directory = "#{site_directory}/gpx"
370 if details[:repository]
371 site_aliases = details[:aliases] || ["#{name}.apis.dev.osm.org"]
372 secret_key_base = persistent_token("dev", "rails", name, "secret_key_base")
374 postgresql_database database_name do
375 cluster rails_cluster
379 postgresql_extension "#{database_name}_btree_gist" do
380 cluster rails_cluster
381 database database_name
382 extension "btree_gist"
386 postgresql_extension "#{database_name}_postgis" do
387 cluster rails_cluster
388 database database_name
393 directory site_directory do
399 directory log_directory do
405 directory gpx_directory do
411 directory "#{gpx_directory}/traces" do
417 directory "#{gpx_directory}/images" do
423 openssl_rsa_private_key "#{site_directory}/doorkeeper.key" do
429 rails_port site_name do
430 directory rails_directory
433 repository details[:repository]
434 revision details[:revision]
435 database_port node[:postgresql][:clusters][rails_cluster.to_sym][:port]
436 database_name database_name
437 database_username "apis"
438 email_from "OpenStreetMap <web@noreply.openstreetmap.org>"
439 gpx_dir gpx_directory
440 log_path "#{log_directory}/rails.log"
441 memcache_servers ["127.0.0.1"]
444 trace_use_job_queue true
445 doorkeeper_signing_key lazy { File.read("#{site_directory}/doorkeeper.key") }
448 template "#{rails_directory}/config/initializers/setup.rb" do
449 source "rails.setup.rb.erb"
453 variables :site => site_name
454 notifies :restart, "rails_port[#{site_name}]"
457 template "/etc/default/rails-#{name}" do
458 source "rails.environment.erb"
462 variables :secret_key_base => secret_key_base
465 service "rails-jobs@#{name}" do
466 action [:enable, :start]
467 supports :restart => true
468 subscribes :restart, "rails_port[#{site_name}]"
469 subscribes :restart, "systemd_service[rails-jobs@]"
470 only_if "fgrep -q delayed_job #{rails_directory}/Gemfile.lock"
473 if details[:cgimap_repository]
474 git cgimap_directory do
476 repository details[:cgimap_repository]
477 revision details[:cgimap_revision]
482 execute "#{cgimap_directory}/CMakeLists.txt" do
484 command "cmake -B build"
488 subscribes :run, "git[#{cgimap_directory}]", :immediately
491 execute "#{cgimap_directory}/build/Makefile" do
494 cwd "#{cgimap_directory}/build"
497 subscribes :run, "execute[#{cgimap_directory}/CMakeLists.txt]", :immediately
500 template "/etc/default/cgimap-#{name}" do
501 source "cgimap.environment.erb"
505 variables :cgimap_socket => "/run/cgimap-#{name}/socket",
506 :database_port => node[:postgresql][:clusters][rails_cluster.to_sym][:port],
507 :database_name => database_name,
508 :log_directory => log_directory,
509 :options => details[:cgimap_options]
512 service "cgimap@#{name}" do
513 action [:start, :enable]
514 subscribes :restart, "execute[#{cgimap_directory}/build/Makefile]"
515 subscribes :restart, "template[/etc/default/cgimap-#{name}]"
516 subscribes :restart, "systemd_service[cgimap@]"
520 ssl_certificate site_name do
521 domains [site_name] + site_aliases
522 notifies :reload, "service[apache2]"
525 apache_site site_name do
526 template "apache.rails.erb"
527 variables :application_name => name,
528 :aliases => site_aliases,
529 :secret_key_base => secret_key_base,
530 :cgimap_enabled => details.key?(:cgimap_repository),
531 :cgimap_socket => "/run/cgimap-#{name}/socket"
534 template "/etc/logrotate.d/apis-#{name}" do
535 source "logrotate.apis.erb"
539 variables :name => name,
540 :log_directory => log_directory,
541 :rails_directory => rails_directory
544 file "/etc/logrotate.d/apis-#{name}" do
548 apache_site site_name do
552 service "cgimap@#{name}" do
553 action [:stop, :disable]
556 file "/etc/default/cgimap-#{name}" do
560 service "rails-jobs@#{name}" do
561 action [:stop, :disable]
564 directory site_directory do
569 file "/etc/cron.daily/rails-#{site_name.tr('.', '-')}" do
573 postgresql_database database_name do
575 cluster rails_cluster
580 directory "/srv/apis.dev.openstreetmap.org" do
586 template "/srv/apis.dev.openstreetmap.org/index.html" do
587 source "apis.html.erb"
593 ssl_certificate "apis.dev.openstreetmap.org" do
594 domains ["apis.dev.openstreetmap.org", "apis.dev.osm.org"]
595 notifies :reload, "service[apache2]"
598 apache_site "apis.dev.openstreetmap.org" do
599 template "apache.apis.erb"
603 directory "/srv/ooc.openstreetmap.org" do
609 remote_directory "/srv/ooc.openstreetmap.org/html" do
619 ssl_certificate "ooc.openstreetmap.org" do
620 domains ["ooc.openstreetmap.org",
621 "a.ooc.openstreetmap.org",
622 "b.ooc.openstreetmap.org",
623 "c.ooc.openstreetmap.org",
625 notifies :reload, "service[apache2]"
628 apache_site "ooc.openstreetmap.org" do
629 template "apache.ooc.erb"
632 directory "/etc/systemd/system/user-.slice.d" do
638 template "/etc/systemd/system/user-.slice.d/99-chef.conf" do
639 source "user-slice.conf.erb"
projects / chef.git / blob