Add planet::aws recipe to configure awscli for planet uploads

diff --git a/.github/workflows/test-kitchen.yml b/.github/workflows/test-kitchen.yml
index 1e0f4432284ffe3a26e1a100908a0f99cf11cd07..95cbdc8781fee8595f5443d8840e962371778290 100644 (file)
--- a/.github/workflows/test-kitchen.yml
+++ b/.github/workflows/test-kitchen.yml
@@ -84,6 +84,7 @@ jobs:
           - php-apache
           - php-fpm
           - planet
+          - planet-aws
           - planet-current
           - planet-dump
           - planet-notes

diff --git a/.kitchen.yml b/.kitchen.yml
index 3d96745332732d93d53b5721b5e32115160cb581..5795b9c7fda8b38273c0f331c1302b603e94d5e9 100644 (file)
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -298,6 +298,9 @@ suites:
   - name: planet
     run_list:
       - recipe[planet::default]
+  - name: planet-aws
+    run_list:
+      - recipe[planet::aws]
   - name: planet-current
     run_list:
       - recipe[planet::current]

diff --git a/cookbooks/planet/recipes/aws.rb b/cookbooks/planet/recipes/aws.rb
new file mode 100644 (file)
index 0000000..cd44446
--- /dev/null
+++ b/cookbooks/planet/recipes/aws.rb
@@ -0,0 +1,44 @@
+#
+# Cookbook:: planet
+# Recipe:: aws
+#
+# Copyright:: 2023, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "accounts"
+include_recipe "awscli"
+
+aws_credentials = data_bag_item("planet", "aws")
+
+directory "/home/planet/.aws" do
+  owner "planet"
+  group "planet"
+  mode "0755"
+end
+
+template "/home/planet/.aws/config" do
+  source "aws-config.erb"
+  owner "planet"
+  group "planet"
+  mode "0644"
+end
+
+template "/home/planet/.aws/credentials" do
+  source "aws-credentials.erb"
+  owner "planet"
+  group "planet"
+  mode "0600"
+  variables :credentials => aws_credentials
+end

diff --git a/cookbooks/planet/recipes/default.rb b/cookbooks/planet/recipes/default.rb
index 23dc7bdbfa158294a9ef22a1274d8b31e451cb26..412ec7cdb2e6a35ab0b1282578edf3415d041e60 100644 (file)
--- a/cookbooks/planet/recipes/default.rb
+++ b/cookbooks/planet/recipes/default.rb
@@ -19,7 +19,7 @@
 
 include_recipe "accounts"
 include_recipe "apache"
-include_recipe "awscli"
+include_recipe "planet::aws"
 include_recipe "munin"
 
 package %w[

diff --git a/cookbooks/planet/recipes/notes.rb b/cookbooks/planet/recipes/notes.rb
index 57682beada5777cbd64373cff9cdaebb9f1c7728..1ca5f323bc09b92fe87b866a1e380d614ca04cfe 100644 (file)
--- a/cookbooks/planet/recipes/notes.rb
+++ b/cookbooks/planet/recipes/notes.rb
@@ -18,8 +18,8 @@
 #
 
 include_recipe "accounts"
-include_recipe "awscli"
 include_recipe "git"
+include_recipe "planet::aws"
 
 db_passwords = data_bag_item("db", "passwords")
 

diff --git a/cookbooks/planet/recipes/replication.rb b/cookbooks/planet/recipes/replication.rb
index 364e0b814cca2efd53577244f6f665fac1349512..d5a8485d7efade32f704036b92df4c2b72146278 100644 (file)
--- a/cookbooks/planet/recipes/replication.rb
+++ b/cookbooks/planet/recipes/replication.rb
@@ -22,9 +22,9 @@ require "yaml"
 include_recipe "accounts"
 include_recipe "apt"
 include_recipe "osmosis"
+include_recipe "planet::aws"
 include_recipe "ruby"
 include_recipe "tools"
-include_recipe "awscli"
 
 db_passwords = data_bag_item("db", "passwords")
 

diff --git a/cookbooks/planet/templates/default/aws-config.erb b/cookbooks/planet/templates/default/aws-config.erb
new file mode 100644 (file)
index 0000000..d62dcda
--- /dev/null
+++ b/cookbooks/planet/templates/default/aws-config.erb
@@ -0,0 +1,8 @@
+[profile osm-pds]
+region = eu-central-1
+
+[profile osm-pds-upload]
+region = eu-central-1
+s3 =
+    max_bandwidth = 75MB/s
+    max_concurrent_requests = 512

diff --git a/cookbooks/planet/templates/default/aws-credentials.erb b/cookbooks/planet/templates/default/aws-credentials.erb
new file mode 100644 (file)
index 0000000..40ec32c
--- /dev/null
+++ b/cookbooks/planet/templates/default/aws-credentials.erb
@@ -0,0 +1,7 @@
+[osm-pds]
+aws_access_key_id = AKIAZFVRMSDZE2DANIFS
+aws_secret_access_key = <%= @credentials["osm-pds"] %>
+
+[osm-pds-upload]
+role_arn=arn:aws:iam::630658470130:role/osm-pds-upload-role
+source_profile=osm-pds

diff --git a/test/data_bags/planet/aws.json b/test/data_bags/planet/aws.json
new file mode 100644 (file)
index 0000000..787bf1c
--- /dev/null
+++ b/test/data_bags/planet/aws.json
@@ -0,0 +1,4 @@
+{
+  "id": "aws",
+  "osm-pds": "osm-pds"
+}