SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
-SSLCipherSuite aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5
+SSLCipherSuite <%= node[:ssl][:ciphers] -%>
SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
email_contact "webmaster@openstreetmap.org"
email_sender "webmaster@openstreetmap.org"
email_sender_name "OSMF Wiki"
+ private_accounts true
end
cookbook_file "/srv/wiki.osmfoundation.org/Wiki.png" do
:site_admin_user => "Admin",
:site_admin_pw => params[:admin_password],
:enable_ssl => params[:enable_ssl] || FALSE,
+ :private_accounts => params[:private_accounts] || FALSE,
:private => params[:private] || FALSE
}
#Mediawiki backup
package "xz-utils"
+link "/etc/php5/apache2/conf.d/20-wikidiff2.ini" do
+ to "../../mods-available/wikidiff2.ini"
+end
+
apache_module "php5"
apache_module "rewrite"
$wgGroupPermissions['bureaucrat']['deleterevision'] = true;
$wgGroupPermissions['bureaucrat']['suppressrevision'] = true;
$wgGroupPermissions['bureaucrat']['suppressionlog'] = true;
+
+<% if @mediawiki[:private_accounts] -%>
+#Prevent new user registrations except by existing users
+$wgGroupPermissions['*']['createaccount'] = false;
+$wgGroupPermissions['user']['createaccount'] = true;
+<% end -%>
<% if @mediawiki[:private] -%>
#Disable reading by anonymous users
target "#{source_directory}/munin/nominatim_throttled_ips"
end
+remote_file "#{source_directory}/data/wikipedia_article.sql.bin" do
+ action :create_if_missing
+ source "http://www.nominatim.org/data/wikipedia_article.sql.bin"
+ owner "nominatim"
+ group "nominatim"
+ mode 0644
+end
+
+remote_file "#{source_directory}/data/wikipedia_redirect.sql.bin" do
+ action :create_if_missing
+ source "http://www.nominatim.org/data/wikipedia_redirect.sql.bin"
+ owner "nominatim"
+ group "nominatim"
+ mode 0644
+end
+
+remote_file "#{source_directory}/data/gb_postcode_data.sql.gz" do
+ action :create_if_missing
+ source "http://www.nominatim.org/data/gb_postcode_data.sql.gz"
+ owner "nominatim"
+ group "nominatim"
+ mode 0644
+end
+
template "/usr/local/bin/backup-nominatim" do
source "backup-nominatim.erb"
owner "root"
mode 0755
end
+directory File.dirname(node[:nominatim][:flatnode_file]) do
+ owner "nominatim"
+ group "nominatim"
+ mode 0755
+ recursive true
+end
+
D=`date +%Y-%m-%d`
F=/tmp/nominatim-${D}.dmp
-pg_dump --file=$F -F c -Z 9 -t 'country' -t file -t '*columns' -t 'import_polygon_*' -t import_status -t place_addressline -t placex -t search_name -t 'seq_*' -t word <%= node[:nominatim][:database][:dbname] %>
+pg_dump --file=$F -F c -Z 9 -t file -t '*columns' -t 'import_polygon_*' -t import_status -t place_addressline -t placex -t search_name -t 'seq_*' -t word <%= node[:nominatim][:database][:dbname] %>
export RSYNC_RSH="ssh -ax -c arcfour"
rsync $F backup.openstreetmap.org::backup
@define('CONST_Postgresql_Version', '<%= @postgres_version %>');
@define('CONST_Postgis_Version', '<%= node[:nominatim][:database][:postgis] %>');
+@define('CONST_Osm2pgsql_Flatnode_File', '<%= node[:nominatim][:flatnode_file] %>');
+
+<% node[:nominatim][:tablespaces].each do |part,name| -%>
+@define('CONST_Tablespace_<%= part %>', '<%= name %>');
+<% end -%>
+
@define('CONST_Log_File', '/var/log/nominatim/query.log');
@define('CONST_Log_DB', false);
default[:ssl][:certificates] = []
+default[:ssl][:ciphers] = "aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5"
include_recipe "squid"
include_recipe "nginx"
+package "apache2" do
+ action :remove
+end
+
package "xz-utils"
tilecaches = search(:node, "roles:tilecache").sort_by { |n| n[:hostname] }
ssl_certificate /etc/ssl/certs/<%= @certificate %>.pem;
ssl_certificate_key /etc/ssl/private/<%= @certificate %>.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
- ssl_ciphers aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_ciphers <%= node[:ssl][:ciphers] -%>;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:30m;
ssl_session_timeout 15m;
},
:nominatim => {
:enabled => true,
- :repository => "git://git.openstreetmap.org/nominatim.git"
+ :repository => "git://git.openstreetmap.org/nominatim.git",
+ :tablespaces => {
+ "Osm2pgsql_Data" => "aux",
+ "Osm2pgsql_Index" => "data",
+ "Place_Data" => "ssd2",
+ "Place_Index" => "ssd1",
+ "Address_Data" => "ssd2",
+ "Address_Index" => "ssd1",
+ "Search_Data" => "ssd1",
+ "Search_Index" => "ssd1",
+ "Aux_Data" => "aux",
+ "Aux_Index" => "aux",
+ }
}
)
description "Master role applied to poldi"
default_attributes(
- :apt => {
- :sources => [ "ubuntugis-stable", "ubuntugis-unstable" ]
- },
:devices => {
:areca_ld_tune => {
:comment => "RAID arrays on areca",
}
},
:postgresql => {
- :versions => [ "9.1" ],
+ :versions => [ "9.3" ],
:settings => {
:defaults => {
- :shared_buffers => "24GB",
+ :shared_buffers => "10GB",
:work_mem => "160MB",
- :maintenance_work_mem => "10GB",
+ :maintenance_work_mem => "16GB",
:random_page_cost => "1.5",
- :effective_cache_size => "48GB"
+ :effective_cache_size => "48GB",
+ :fsync => "off"
}
}
},
:nominatim => {
:enabled => false,
+ :flatnode_file => "/ssd-old/nominatim/nodes.store",
:database => {
- :cluster => "9.1/main",
+ :cluster => "9.3/main",
:dbname => "nominatim",
- :postgis => "2.0"
+ :postgis => "2.1"
},
:fpm_pools => {
:www => {
},
:nominatim => {
:enabled => true,
+ :flatnode_file => "/ssd/nominatim/nodes.store",
:database => {
:cluster => "9.3/main",
:dbname => "nominatim",
:address => "140.211.167.105"
}
}
+ },
+ :squid => {
+ :cache_mem => "32000 MB",
+ :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ },
+ :tilecache => {
+ :tile_parent => "corvallis.render.openstreetmap.org",
+ :tile_siblings => [
+ "nadder-01.openstreetmap.org",
+ "nadder-02.openstreetmap.org",
+ "jakelong.openstreetmap.org",
+ "nepomuk.openstreetmap.org",
+ "lurien.openstreetmap.org"
+ ]
}
)
run_list(
"role[osuosl]",
- "role[hp-g6]"
+ "role[hp-g6]",
+ "role[tilecache]"
)