Merge remote-tracking branch 'github/pull/599'

diff --git a/cookbooks/civicrm/recipes/default.rb b/cookbooks/civicrm/recipes/default.rb
index 8858217b7c24049af41f0077ef5a811453f1c2d6..16947c9efd7aeab677c620d564e57a30da77b5b8 100644 (file)
--- a/cookbooks/civicrm/recipes/default.rb
+++ b/cookbooks/civicrm/recipes/default.rb
@@ -47,12 +47,21 @@ mysql_database "civicrm" do
   permissions "civicrm@localhost" => :all
 end
 
+ssl_certificate "join.osmfoundation.org" do
+  domains [ "join.osmfoundation.org", "crm.osmfoundation.org",
+            "supporting.osmfoundation.org", "support.osmfoundation.org",
+            "support.openstreetmap.org", "supporting.osm.org",
+            "support.osm.org"]
+  notifies :reload, "service[apache2]"
+end
+
 apache_site "join.osmfoundation.org" do
-  action :disable
+  template "apache.erb"
 end
 
 wordpress_site "supporting.openstreetmap.org" do
-  aliases ["join.osmfoundation.org", "crm.osmfoundation.org", "supporting.osmfoundation.org", "support.osmfoundation.org", "support.openstreetmap.org", "supporting.osm.org", "support.osm.org"]
+  # Do not add extra aliases as this causes issues with civicrm PHP sessions
+  aliases ["supporting.openstreetmap.org"]
   database_name "civicrm"
   database_user "civicrm"
   database_password database_password

diff --git a/cookbooks/civicrm/templates/default/apache.erb b/cookbooks/civicrm/templates/default/apache.erb
new file mode 100644 (file)
index 0000000..dd6112f
--- /dev/null
+++ b/cookbooks/civicrm/templates/default/apache.erb
@@ -0,0 +1,33 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+<% [80, 443].each do |port| -%>
+<VirtualHost *:<%= port %>>
+
+  ServerName join.osmfoundation.org
+  ServerAlias crm.osmfoundation.org
+  ServerAlias supporting.osmfoundation.org
+  ServerAlias support.osmfoundation.org
+  ServerAlias support.openstreetmap.org
+  ServerAlias supporting.osm.org
+  ServerAlias support.osm.org
+
+  ServerAdmin webmaster@openstreetmap.org
+
+<% if port == 80 -%>
+  RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+  RedirectPermanent / https://supporting.openstreetmap.org/
+<% end -%>
+<% if port == 443 -%>
+  SSLEngine on
+  SSLCertificateFile /etc/ssl/certs/join.osmfoundation.org.pem
+  SSLCertificateKeyFile /etc/ssl/private/join.osmfoundation.org.key
+
+  RedirectMatch . https://supporting.openstreetmap.org/
+  <% end -%>
+
+  CustomLog /var/log/apache2/join.osmfoundation.org-access.log combined
+  ErrorLog /var/log/apache2/join.osmfoundation.org-error.log
+
+</VirtualHost>
+
+<% end -%>

diff --git a/cookbooks/community/templates/default/web_only.yml.erb b/cookbooks/community/templates/default/web_only.yml.erb
index 9db551e24a4584c4b3a23ea50eeba726827f879d..e59c5479996db4891b8e8d9d4d715bb1f0762c2d 100644 (file)
--- a/cookbooks/community/templates/default/web_only.yml.erb
+++ b/cookbooks/community/templates/default/web_only.yml.erb
@@ -102,10 +102,11 @@ hooks:
           - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-oauth2-basic.git
           - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-solved.git
           - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-canned-replies.git
-          - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-reactions.git
+          - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/Firefishy/discourse-reactions.git
           - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-prometheus.git
           - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-translator.git
           - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-saved-searches.git
+          - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-post-voting.git
     - exec:
         # Needs to be copied in else builtin git cleanup fails
         cd: $home

diff --git a/cookbooks/donate/templates/default/apache.erb b/cookbooks/donate/templates/default/apache.erb
index 714438f1867a972f10a4f8cb786957b112a80322..8cb886e91d126eb0beb51f173acb05cd637a5146 100644 (file)
--- a/cookbooks/donate/templates/default/apache.erb
+++ b/cookbooks/donate/templates/default/apache.erb
@@ -12,14 +12,14 @@
 
 <% if port == 80 -%>
   RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
-  RedirectPermanent / https://donate.openstreetmap.org/
+  RedirectPermanent / https://supporting.openstreetmap.org/
 <% end -%>
 <% if port == 443 -%>
   SSLEngine on
   SSLCertificateFile /etc/ssl/certs/donate.openstreetmap.org.pem
   SSLCertificateKeyFile /etc/ssl/private/donate.openstreetmap.org.key
 
-  RedirectMatch . https://supporting.openstreetmap.org/donate/
+  RedirectMatch . https://supporting.openstreetmap.org/
   <% end -%>
 
   CustomLog /var/log/apache2/donate.openstreetmap.org-access.log combined

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index 304e6c15611b9508f3119205cdf602647b06b6b8..ffab40914d34be9304ca607ea2c3685aafbb2576 100644 (file)
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -121,6 +121,9 @@ end
 ## Nominatim backend
 
 include_recipe "git"
+include_recipe "python"
+
+python_directory = "#{basedir}/venv"
 
 package %w[
   build-essential
@@ -136,6 +139,7 @@ package %w[
   libproj-dev
   liblua5.3-dev
   libluajit-5.1-dev
+  libicu-dev
   lua5.3
   python3-pyosmium
   python3-psycopg2
@@ -148,6 +152,8 @@ package %w[
   python3-sqlalchemy-ext
   python3-geoalchemy2
   python3-asyncpg
+  python3-dev
+  pkg-config
   ruby
   ruby-file-tail
   ruby-pg
@@ -160,11 +166,55 @@ if node[:nominatim][:api_flavour] == "php"
     php-intl
   ]
 elsif node[:nominatim][:api_flavour] == "python"
-  package %w[
-    gunicorn
-    uvicorn
-    python3-falcon
-  ]
+
+  python_virtualenv python_directory do
+    interpreter "/usr/bin/python3"
+  end
+
+  python_package "SQLAlchemy" do
+    python_virtualenv python_directory
+    version "2.0.19"
+  end
+
+  python_package "PyICU" do
+    python_virtualenv python_directory
+    version "2.10.2"
+  end
+
+  python_package "psycopg[binary]" do
+    python_virtualenv python_directory
+    version "3.1.10"
+  end
+
+  python_package "psycopg2-binary" do
+    python_virtualenv python_directory
+    version "2.9.7"
+  end
+
+  python_package "python-dotenv" do
+    python_virtualenv python_directory
+    version "0.21.0"
+  end
+
+  python_package "PyYAML" do
+    python_virtualenv python_directory
+    version "6.0.1"
+  end
+
+  python_package "falcon" do
+    python_virtualenv python_directory
+    version "3.1.1"
+  end
+
+  python_package "uvicorn" do
+    python_virtualenv python_directory
+    version "0.23.2"
+  end
+
+  python_package "gunicorn" do
+    python_virtualenv python_directory
+    version "21.0.1"
+  end
 end
 
 source_directory = "#{basedir}/src/nominatim"
@@ -312,7 +362,7 @@ elsif node[:nominatim][:api_flavour] == "python"
     working_directory project_directory
     standard_output "append:#{node[:nominatim][:logdir]}/gunicorn.log"
     standard_error "inherit"
-    exec_start "/usr/bin/gunicorn -b unix:/run/gunicorn-nominatim.openstreetmap.org.sock -w #{node[:nominatim][:api_workers]} -k uvicorn.workers.UvicornWorker nominatim.server.falcon.server:run_wsgi"
+    exec_start "#{python_directory}/bin/gunicorn -b unix:/run/gunicorn-nominatim.openstreetmap.org.sock -w #{node[:nominatim][:api_workers]} -k uvicorn.workers.UvicornWorker nominatim.server.falcon.server:run_wsgi"
     exec_reload "/bin/kill -s HUP $MAINPID"
     environment :PYTHONPATH => "/usr/local/lib/nominatim/lib-python/"
     kill_mode "mixed"

diff --git a/cookbooks/wordpress/resources/plugin.rb b/cookbooks/wordpress/resources/plugin.rb
index 933f63b5e05eefe7cfc9c17b36332c7f71303ba5..078b926f5d2675f1e9b95d25664f456158fbfdcf 100644 (file)
--- a/cookbooks/wordpress/resources/plugin.rb
+++ b/cookbooks/wordpress/resources/plugin.rb
@@ -68,6 +68,7 @@ action :create do
     user "www-data"
     group "www-data"
     not_if "/opt/wp-cli/wp --path='#{site_directory}' plugin is-active '#{new_resource.plugin}'"
+    ignore_failure plugin_repository.start_with?("https://plugins.svn.wordpress.org/")
   end
 end
 

diff --git a/cookbooks/wordpress/resources/site.rb b/cookbooks/wordpress/resources/site.rb
index 52bba4ce5ae9a724f4bdab868e6b140bee303467..e4096614ffcae7e32b4214f2d0558ef83b0152b5 100644 (file)
--- a/cookbooks/wordpress/resources/site.rb
+++ b/cookbooks/wordpress/resources/site.rb
@@ -192,6 +192,7 @@ action :create do
 
   wordpress_plugin "wp-fail2ban" do
     site new_resource.site
+    version "5.1.1"
     reload_apache false
   end
 

diff --git a/roles/equinix-ams.rb b/roles/equinix-ams.rb
index 7eb6cae11e875d06c1cd47634dfc0aed09cf287e..7923e09d46e744837baf0221ae07bf37f14c4df6 100644 (file)
--- a/roles/equinix-ams.rb
+++ b/roles/equinix-ams.rb
@@ -26,6 +26,14 @@ default_attributes(
       }
     }
   },
+  :prometheus => {
+    :metrics => {
+      :host_location => {
+        :help => "Host location",
+        :labels => { :site => "amsterdam" }
+      }
+    }
+  },
   :web => {
     :fileserver => "ironbelly",
     :readonly_database_host => "snap-01.ams.openstreetmap.org",

diff --git a/roles/equinix-dub.rb b/roles/equinix-dub.rb
index fd2a404302211f0e68b3bd2f331dc4ae15cea0fd..e24d71a1f1ece9599ff98c10a377e9c8a1cade91 100644 (file)
--- a/roles/equinix-dub.rb
+++ b/roles/equinix-dub.rb
@@ -35,6 +35,14 @@ default_attributes(
       }
     }
   },
+  :prometheus => {
+    :metrics => {
+      :host_location => {
+        :help => "Host location",
+        :labels => { :site => "dublin" }
+      }
+    }
+  },
   :web => {
     :fileserver => "fafnir",
     :readonly_database_host => "snap-03.dub.openstreetmap.org"