Add a per-IP connection limit on planet.osm.org

[chef.git] / roles / planet.rb

diff --git a/roles/planet.rb b/roles/planet.rb
index 4c2045388d620f61f4070b3b01b5e0f9c4050166..8c2870767b62c3be9c45961b762355afcfd5d5b2 100644 (file)
--- a/roles/planet.rb
+++ b/roles/planet.rb
@@ -6,8 +6,8 @@ default_attributes(
     :users => {
       :bretth => { :status => :user },
       :planet => {
-        :status => :role,
-        :members => [ :bretth ]
+        :status => :administrator,
+        :members => [:bretth]
       }
     }
   },
@@ -22,18 +22,23 @@ default_attributes(
         :uid => "nobody",
         :gid => "nogroup",
         :transfer_logging => false,
-        :exclude => [ ".*" ],
+        :exclude => [".*"],
         :max_connections => 10,
         :ignore_errors => true,
         :ignore_nonreadable => true,
         :timeout => 3600,
-        :refuse_options => [ "checksum" ]
+        :refuse_options => ["checksum"]
       }
     }
   },
+  :networking => {
+    :firewall => {
+      :http_connection_limit => 10
+    }
+  },
   :apache => {
     :mpm => "event",
-    :keepalive => false,
+    :keepalive => true,
     :event => {
       :server_limit => 20,
       :max_clients => 1000,
@@ -43,6 +48,7 @@ default_attributes(
 )
 
 run_list(
+  "role[web-db]",
   "recipe[planet]",
   "recipe[planet::replication]",
   "recipe[nfs::server]",