ast (2.4.1)
bcrypt_pbkdf (1.0.1)
builder (3.2.4)
- chef-utils (16.6.14)
- cookstyle (7.2.1)
- rubocop (= 1.3.1)
+ chef-utils (16.7.61)
+ cookstyle (7.3.10)
+ rubocop (= 1.5.0)
diff-lcs (1.4.4)
docker-api (2.0.0)
excon (>= 0.47.0)
multi_json
ed25519 (1.2.4)
- erubi (1.9.0)
+ erubi (1.10.0)
excon (0.78.0)
ffi (1.13.1)
- gssapi (1.3.0)
+ gssapi (1.3.1)
ffi (>= 1.0.1)
gyoku (1.3.1)
builder (>= 2.1.2)
logging (2.3.0)
little-plugger (~> 1.1)
multi_json (~> 1.14)
- mixlib-install (3.12.3)
+ mixlib-install (3.12.5)
mixlib-shellout
mixlib-versioning
thor
- mixlib-shellout (3.1.6)
+ mixlib-shellout (3.2.2)
chef-utils
mixlib-versioning (1.2.12)
multi_json (1.15.0)
net-ssh (>= 4.0.0)
net-telnet (0.1.1)
nori (2.6.0)
- parallel (1.20.0)
+ parallel (1.20.1)
parser (2.7.2.0)
ast (~> 2.4.1)
pastel (0.8.0)
tty-color (~> 0.5)
rainbow (3.0.0)
- regexp_parser (1.8.2)
+ regexp_parser (2.0.0)
rexml (3.2.4)
rspec (3.9.0)
rspec-core (~> 3.9.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.9.0)
rspec-support (3.9.3)
- rubocop (1.3.1)
+ rubocop (1.5.0)
parallel (~> 1.10)
parser (>= 2.7.1.5)
rainbow (>= 2.2.2, < 4.0)
- regexp_parser (>= 1.8)
+ regexp_parser (>= 2.0)
rexml
- rubocop-ast (>= 1.1.1)
+ rubocop-ast (>= 1.2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 2.0)
- rubocop-ast (1.1.1)
+ rubocop-ast (1.3.0)
parser (>= 2.7.1.5)
ruby-progressbar (1.10.1)
rubyntlm (0.6.2)
unicode-display_width (~> 1.5)
unicode_utils (~> 1.4)
strings-ansi (0.2.0)
- test-kitchen (2.7.2)
+ test-kitchen (2.8.0)
bcrypt_pbkdf (~> 1.0)
ed25519 (~> 1.2)
license-acceptance (>= 1.0.11, < 3.0)
pastel (~> 0.8)
strings (~> 0.2.0)
tty-cursor (~> 0.7)
- tty-color (0.5.2)
+ tty-color (0.6.0)
tty-cursor (0.7.1)
tty-prompt (0.22.0)
pastel (~> 0.8)
logging (>= 1.6.1, < 3.0)
nori (~> 2.0)
rubyntlm (~> 0.6.0, >= 0.6.1)
- winrm-elevated (1.2.2)
+ winrm-elevated (1.2.3)
erubi (~> 1.8)
winrm (~> 2.0)
winrm-fs (~> 1.0)
nginx_requests.graph_args --lower-limit 0
<% @tilecaches.each do |tc| -%>
nginx_requests.<%= tc[:name].tr("-", "_") %>.label <%= tc[:name] %>
- nginx_requests.<%= tc[:name].tr("-", "_") %>.cdef <%= tc[:name].tr("-", "_") %>,8,*
nginx_requests.<%= tc[:name].tr("-", "_") %>.draw AREASTACK
nginx_requests.<%= tc[:name].tr("-", "_") %>.min 0
<% end -%>
default[:nominatim][:ui_revision] = "master"
default[:nominatim][:fpm_pools] = {
- :www => {
- :port => 8000,
+ "nominatim.openstreetmap.org" => {
:pm => "dynamic",
- :max_children => 60
+ :max_children => 60,
+ :prometheus_port => 9253
}
}
end
node[:nominatim][:fpm_pools].each do |name, data|
- php_fpm name.to_s do
+ php_fpm name do
port data[:port]
pm data[:pm]
pm_max_children data[:max_children]
pm_min_spare_servers 10
pm_max_spare_servers 20
pm_max_requests 10000
+ prometheus_port data[:prometheus_port]
end
end
upstream nominatim_service {
- server 127.0.0.1:<%= @pools[:www][:port ]%>;
+ server unix:/run/php/nominatim.openstreetmap.org.sock;
}
map $uri $nominatim_script_name {
owner "root"
group "root"
mode "644"
- variables new_resource.to_hash
+ variables new_resource.to_hash.merge(:pool => new_resource.pool)
end
if new_resource.prometheus_port
mode "755"
end
+directory "/store/planet/replication/test/day" do
+ owner "planet"
+ group "planet"
+ mode "755"
+end
+
+directory "/store/planet/replication/test/hour" do
+ owner "planet"
+ group "planet"
+ mode "755"
+end
+
directory "/store/planet/replication/test/minute" do
owner "planet"
group "planet"
mode "750"
end
+directory "/var/lib/replication" do
+ owner "planet"
+ group "planet"
+ mode "755"
+end
+
+directory "/var/lib/replication/test" do
+ owner "planet"
+ group "planet"
+ mode "755"
+end
+
template "/etc/replication/auth.conf" do
source "replication.auth.erb"
user "root"
accuracy_sec 5
end
+directory "/var/lib/replication/test/hour" do
+ owner "planet"
+ group "planet"
+ mode "755"
+end
+
+template "/var/lib/replication/test/hour/configuration.txt" do
+ source "replication.config.erb"
+ owner "planet"
+ group "planet"
+ mode "644"
+ variables :base => "test/minute", :interval => 3600
+end
+
+link "/var/lib/replication/test/hour/data" do
+ to "/store/planet/replication/test/hour"
+end
+
+systemd_service "replication-hourly" do
+ description "Hourly replication"
+ user "planet"
+ exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/test/hour"
+ private_tmp true
+ private_devices true
+ protect_system "full"
+ protect_home true
+ restrict_address_families %w[AF_INET AF_INET6]
+ no_new_privileges true
+end
+
+systemd_timer "replication-hourly" do
+ description "Daily replication"
+ on_calendar "*-*-* *:02/15:00"
+end
+
+directory "/var/lib/replication/test/day" do
+ owner "planet"
+ group "planet"
+ mode "755"
+end
+
+template "/var/lib/replication/test/day/configuration.txt" do
+ source "replication.config.erb"
+ owner "planet"
+ group "planet"
+ mode "644"
+ variables :base => "test/hour", :interval => 86400
+end
+
+link "/var/lib/replication/test/day/data" do
+ to "/store/planet/replication/test/day"
+end
+
+systemd_service "replication-daily" do
+ description "Daily replication"
+ user "planet"
+ exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/test/day"
+ private_tmp true
+ private_devices true
+ protect_system "full"
+ protect_home true
+ restrict_address_families %w[AF_INET AF_INET6]
+ no_new_privileges true
+end
+
+systemd_timer "replication-daily" do
+ description "Daily replication"
+ on_calendar "*-*-* *:02/15:00"
+end
+
template "/etc/replication/changesets.conf" do
source "changesets.conf.erb"
user "root"
variables :password => db_passwords["planetdiff"]
end
-directory "/var/lib/replication" do
- owner "planet"
- group "planet"
- mode "755"
-end
-
directory "/var/lib/replication/minute" do
owner "planet"
group "planet"
action [:enable, :start]
end
+ service "replication-hourly.timer" do
+ action [:enable, :start]
+ end
+
+ service "replication-daily.timer" do
+ action [:enable, :start]
+ end
+
cron_d "replication-minutely" do
user "planet"
command "/usr/local/bin/osmosis -q --replicate-apidb authFile=/etc/replication/auth.conf validateSchemaVersion=false --write-replication workingDirectory=/store/planet/replication/minute"
action [:stop, :disable]
end
+ service "replication-hourly.timer" do
+ action [:stop, :disable]
+ end
+
+ service "replication-daily.timer" do
+ action [:stop, :disable]
+ end
+
cron_d "replication-minutely" do
action :delete
end
default[:postgresql][:clusters] = {}
default[:postgresql][:settings][:defaults][:port] = "5432"
default[:postgresql][:settings][:defaults][:max_connections] = "100"
+default[:postgresql][:settings][:defaults][:ssl] = "true"
default[:postgresql][:settings][:defaults][:shared_buffers] = "32MB"
default[:postgresql][:settings][:defaults][:temp_buffers] = "8MB"
default[:postgresql][:settings][:defaults][:work_mem] = "1MB"
# - Security and Authentication -
-ssl = true
+ssl = <%= @settings[:ssl] || @defaults[:ssl] %>
ssl_renegotiation_limit = 0
#------------------------------------------------------------------------------
# - Sending Server(s) -
max_wal_senders = <%= @settings[:max_wal_senders] || @defaults[:max_wal_senders] %>
+<% if @version.to_f >= 9.4 -%>
max_replication_slots = <%= @settings[:max_replication_slots] || @defaults[:max_replication_slots] %>
+<% end -%>
# - Standby Servers -
skip_verify = true
from_address = admins@openstreetmap.org
from_name = Prometheus
+
+[auth.anonymous]
+enabled = true
+org_name = OpenStreetMap
+org_role = Viewer
'~^https?://[^.]*\.cellmapper\.net/' 1;
}
+map $http_referer $censored_referer {
+ default 0; # Not denied
+ # Blocked on board instructions
+ '~^https?://schiebt-sie-ab\.de/' 1;
+ '~^https?://[^.]*\.schiebt-sie-ab\.de/' 1;
+}
+
+
map $http_referer $osm_referer {
default ''; # False
'~^https:\/\/www\.openstreetmap\.org\/' 'osm'; # True
return 418;
}
+ if ($censored_referer) {
+ set $limit_rate 512;
+ return 451 "Unavailable at OSMF Board request";
+ }
+
# Strip any ?query parameters from urls
set $args '';
}
},
:postgresql => {
- :versions => ["9.1", "12"],
+ :versions => ["12"],
:settings => {
:defaults => {
:shared_buffers => "1GB",
:max_stack_depth => "4MB",
:effective_cache_size => "4GB"
},
- "9.1" => {
- :port => "5433"
- },
"12" => {
:port => "5432",
:wal_level => "logical",
:random_page_cost => "1.5",
:effective_cache_size => "60GB",
:effective_io_concurrency => "256",
- :fsync => "off"
+ :fsync => "on"
}
}
},
}
},
:nominatim => {
- :state => "off",
+ :state => "standalone",
:dbadmins => %w[lonvia tomh],
:dbcluster => "13/main",
:postgis => "3",