os:
- ubuntu-2004
include:
- - suite: osqa
- os: ubuntu-1804
- suite: trac
os: ubuntu-1804
exclude:
- - suite: osqa
- os: ubuntu-2004
- suite: trac
os: ubuntu-2004
fail-fast: false
ast (2.4.1)
bcrypt_pbkdf (1.0.1)
builder (3.2.4)
- chef-utils (16.5.77)
- cookstyle (6.19.11)
- rubocop (= 0.92.0)
+ chef-utils (16.6.14)
+ cookstyle (7.2.1)
+ rubocop (= 1.3.1)
diff-lcs (1.4.4)
docker-api (2.0.0)
excon (>= 0.47.0)
multi_json
ed25519 (1.2.4)
erubi (1.9.0)
- excon (0.76.0)
+ excon (0.78.0)
ffi (1.13.1)
gssapi (1.3.0)
ffi (>= 1.0.1)
gyoku (1.3.1)
builder (>= 2.1.2)
httpclient (2.8.3)
- kitchen-dokken (2.11.0)
+ kitchen-dokken (2.11.1)
docker-api (>= 1.33, < 3)
lockfile (~> 2.1)
test-kitchen (>= 1.15, < 3)
net-ssh (>= 4.0.0)
net-telnet (0.1.1)
nori (2.6.0)
- parallel (1.19.2)
- parser (2.7.1.5)
+ parallel (1.20.0)
+ parser (2.7.2.0)
ast (~> 2.4.1)
pastel (0.8.0)
tty-color (~> 0.5)
rainbow (3.0.0)
- regexp_parser (1.8.1)
+ regexp_parser (1.8.2)
rexml (3.2.4)
rspec (3.9.0)
rspec-core (~> 3.9.0)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.9.0)
rspec-support (3.9.3)
- rubocop (0.92.0)
+ rubocop (1.3.1)
parallel (~> 1.10)
parser (>= 2.7.1.5)
rainbow (>= 2.2.2, < 4.0)
- regexp_parser (>= 1.7)
+ regexp_parser (>= 1.8)
rexml
- rubocop-ast (>= 0.5.0)
+ rubocop-ast (>= 1.1.1)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 2.0)
- rubocop-ast (0.7.1)
+ rubocop-ast (1.1.1)
parser (>= 2.7.1.5)
ruby-progressbar (1.10.1)
rubyntlm (0.6.2)
tty-screen (0.8.1)
unicode-display_width (1.7.0)
unicode_utils (1.4.0)
- winrm (2.3.4)
+ winrm (2.3.5)
builder (>= 2.1.2)
erubi (~> 1.8)
gssapi (~> 1.2)
// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "<%= node[:apt][:unattended_upgrades][:remove_unused_dependencies] ? 'true' : 'false' %>";
+
+// Don't install recommended packages as we don't want to get
+// new postgres versions automatically
+APT::Install-Recommends "false";
urls "/casts" => "/srv/blog.openstreetmap.org/casts",
"/images" => "/srv/blog.openstreetmap.org/images",
"/static" => "/srv/blog.openstreetmap.org/static"
+ fpm_prometheus_port 11401
end
wordpress_theme "blog.openstreetmap.org-osmblog-wp-theme" do
default[:chef][:server][:version] = "12.17.33"
# Set the default client version
-default[:chef][:client][:version] = "16.5.64"
+default[:chef][:client][:version] = "16.6.14"
-default[:civicrm][:version] = "5.28.2"
+default[:civicrm][:version] = "5.31.0"
default[:civicrm][:extensions][:cividiscount][:name] = "org.civicrm.module.cividiscount"
default[:civicrm][:extensions][:cividiscount][:repository] = "https://github.com/dlobo/org.civicrm.module.cividiscount.git"
-default[:civicrm][:extensions][:cividiscount][:revision] = "3.8.1"
+default[:civicrm][:extensions][:cividiscount][:revision] = "3.8.2"
default[:civicrm][:extensions][:osm][:name] = "de.systopia.osm"
default[:civicrm][:extensions][:osm][:repository] = "https://github.com/systopia/de.systopia.osm.git"
default[:civicrm][:extensions][:civirules][:name] = "org.civicoop.civirules"
default[:civicrm][:extensions][:civirules][:repository] = "https://lab.civicrm.org/extensions/civirules.git"
-default[:civicrm][:extensions][:civirules][:revision] = "2.16"
+default[:civicrm][:extensions][:civirules][:revision] = "2.19"
default[:civicrm][:extensions][:mailchimp][:name] = "uk.co.vedaconsulting.mailchimp"
default[:civicrm][:extensions][:mailchimp][:repository] = "https://github.com/veda-consulting/uk.co.vedaconsulting.mailchimp.git"
default[:civicrm][:extensions][:donotsendreportemail][:name] = "org.civicrm.donotsendreportemail"
default[:civicrm][:extensions][:donotsendreportemail][:repository] = "https://github.com/pradpnayak/org.civicrm.donotsendreportemail.git"
default[:civicrm][:extensions][:donotsendreportemail][:revision] = "3b31c2e0c62183872c7ecd244395fb8dcfbd5dbb"
+
+default[:civicrm][:extensions][:shoreditch][:name] = "org.civicrm.shoreditch"
+default[:civicrm][:extensions][:shoreditch][:repository] = "https://github.com/civicrm/org.civicrm.shoreditch.git"
+default[:civicrm][:extensions][:shoreditch][:revision] = "1.0.0-beta.1"
rsync
unzip
wkhtmltopdf
+ php-bcmath
]
cache_dir = Chef::Config[:file_cache_path]
database_name "civicrm"
database_user "civicrm"
database_password database_password
+ fpm_prometheus_port 11301
end
wordpress_theme "osmblog-wp-theme" do
site "join.osmfoundation.org"
end
+wordpress_plugin "civicrm-admin-utilities" do
+ site "join.osmfoundation.org"
+end
+
civicrm_version = node[:civicrm][:version]
civicrm_directory = "/srv/join.osmfoundation.org/wp-content/plugins/civicrm"
group "root"
end
+package %w[
+ cmake
+ libosmium2-dev
+ libprotozero-dev
+ libboost-filesystem-dev
+ libboost-program-options-dev
+ libbz2-dev
+ zlib1g-dev
+ libexpat1-dev
+ libyaml-cpp-dev
+ libpqxx-dev
+]
+
+git "/opt/osmdbt" do
+ action :sync
+ repository "https://github.com/openstreetmap/osmdbt.git"
+ revision "master"
+ depth 1
+ user "root"
+ group "root"
+end
+
+directory "/opt/osmdbt/build-#{db_version}" do
+ owner "root"
+ group "root"
+ mode "755"
+end
+
+execute "/opt/osmdbt/CMakeLists.txt" do
+ action :nothing
+ command "cmake -DPG_CONFIG=/usr/lib/postgresql/#{db_version}/bin/pg_config .."
+ cwd "/opt/osmdbt/build-#{db_version}"
+ user "root"
+ group "root"
+ subscribes :run, "git[/opt/osmdbt]"
+end
+
+execute "/opt/osmdbt/build-#{db_version}/postgresql-plugin/Makefile" do
+ action :nothing
+ command "make"
+ cwd "/opt/osmdbt/build-#{db_version}/postgresql-plugin"
+ user "root"
+ group "root"
+ subscribes :run, "execute[/opt/osmdbt/CMakeLists.txt]"
+end
+
+link "/usr/lib/postgresql/#{db_version}/lib/osm-logical.so" do
+ to "/opt/osmdbt/build-#{db_version}/postgresql-plugin/osm-logical.so"
+ owner "root"
+ group "root"
+end
+
package "lzop"
python_package "wal-e" do
postgresql_user "planetdiff" do
cluster node[:db][:cluster]
password passwords["planetdiff"]
+ replication true
end
postgresql_user "backup" do
export AWS_SECRET_ACCESS_KEY="<%= @s3_key %>"
export AWS_REGION="eu-west-2"
-exec /usr/local/bin/wal-e "$@"
+exec /usr/local/bin/wal-e "$@" < /dev/null
php_fpm "dmca.openstreetmap.org" do
php_admin_values "open_basedir" => "/srv/dmca.openstreetmap.org/html/:/usr/share/php/:/tmp/",
"disable_functions" => "exec,shell_exec,system,passthru,popen,proc_open"
+ prometheus_port 11201
end
apache_site "dmca.openstreetmap.org" do
remote_file "/usr/local/bin/dnscontrol" do
action :create
- source "https://github.com/StackExchange/dnscontrol/releases/download/v3.3.0/dnscontrol-Linux"
+ source "https://github.com/StackExchange/dnscontrol/releases/download/v3.4.2/dnscontrol-Linux"
owner "root"
group "root"
mode "755"
php_fpm "donate.openstreetmap.org" do
php_admin_values "open_basedir" => "/srv/donate.openstreetmap.org/:/usr/share/php/:/tmp/",
"disable_functions" => "exec,shell_exec,system,passthru,popen,proc_open"
+ prometheus_port 11101
end
apache_site "donate.openstreetmap.org" do
depends "apache"
depends "munin"
depends "networking"
+depends "prometheus"
depends "ssl"
include_recipe "munin"
include_recipe "networking"
+include_recipe "prometheus"
package %w[
exim4
munin_plugin "exim_mailqueue"
munin_plugin "exim_mailstats"
+prometheus_exporter "exim" do
+ port 9636
+end
+
if node[:exim][:smarthost_name]
node[:exim][:daemon_smtp_ports].each do |port|
firewall_rule "accept-inbound-smtp-#{port}" do
sitename "OSMF Board Wiki"
metanamespace "OSMFBoard"
directory "/srv/board.osmfoundation.org"
+ fpm_prometheus_port 11004
database_name "board-wiki"
database_user "board-wikiuser"
database_password passwords["board"]["database"]
private_site true
recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N"
recaptcha_private_key passwords["board"]["recaptcha"]
+ version "1.34"
end
cookbook_file "/srv/board.osmfoundation.org/Wiki.png" do
sitename "OSMF Data Working Group Wiki"
metanamespace "OSMFDWG"
directory "/srv/dwg.osmfoundation.org"
+ fpm_prometheus_port 11002
database_name "dwg-wiki"
database_user "dwg-wikiuser"
database_password passwords["dwg"]["database"]
private_site true
recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N"
recaptcha_private_key passwords["dwg"]["recaptcha"]
+ version "1.34"
end
cookbook_file "/srv/dwg.osmfoundation.org/Wiki.png" do
sitename "OSMF Membership Working Group Wiki"
metanamespace "OSMFMWG"
directory "/srv/mwg.osmfoundation.org"
+ fpm_prometheus_port 11003
database_name "mwg_wiki"
database_user "mwg_wikiuser"
database_password passwords["mwg"]["database"]
private_site true
recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N"
recaptcha_private_key passwords["mwg"]["recaptcha"]
+ version "1.34"
end
cookbook_file "/srv/mwg.osmfoundation.org/Wiki.png" do
"foundation.openstreetmap.org", "foundation.osm.org"]
sitename "OpenStreetMap Foundation"
directory "/srv/wiki.osmfoundation.org"
+ fpm_max_children 20
+ fpm_start_servers 5
+ fpm_min_spare_servers 5
+ fpm_max_spare_servers 10
+ fpm_prometheus_port 11001
database_name "osmf-wiki"
database_user "osmf-wikiuser"
database_password passwords["wiki"]["database"]
recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N"
recaptcha_private_key passwords["wiki"]["recaptcha"]
extra_file_extensions ["mp3"]
+ version "1.34"
end
mediawiki_skin "osmf" do
units = []
-if node[:roles].include?("bytemark") || node[:roles].include?("exonetric")
+if node[:roles].include?("bytemark") || node[:roles].include?("exonetric") || node[:roles].include?("prgmr")
units << "0"
end
action [:enable, :start]
end
-package "ipmitool" if node[:kernel][:modules].include?("ipmi_si")
+if node[:kernel][:modules].include?("ipmi_si")
+ package "ipmitool"
+ package "freeipmi-tools"
+
+ prometheus_exporter "ipmi" do
+ port 9290
+ end
+end
package "irqbalance"
if !intel_ssds.empty? || !intel_nvmes.empty?
package "unzip"
- intel_ssd_tool_version = "3.0.25"
+ intel_ssd_tool_version = "3.0.26"
+ intel_ssd_package_version = "#{intel_ssd_tool_version}.400-1"
remote_file "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux.zip" do
- source "https://downloadmirror.intel.com/29556/eng/Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux.zip"
+ source "https://downloadmirror.intel.com/29720/eng/Intel_SSD_DCT_#{intel_ssd_tool_version}_Linux.zip"
end
execute "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux.zip" do
- command "unzip Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux.zip Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux/isdct_#{intel_ssd_tool_version}-1_amd64.deb"
+ command "unzip Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux.zip isdct_#{intel_ssd_package_version}_amd64.deb"
cwd Chef::Config[:file_cache_path]
user "root"
group "root"
- not_if { ::File.exist?("#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux/isdct_#{intel_ssd_tool_version}-1_amd64.deb") }
+ not_if { ::File.exist?("#{Chef::Config[:file_cache_path]}/isdct_#{intel_ssd_package_version}_amd64.deb") }
end
dpkg_package "isdct" do
- version "#{intel_ssd_tool_version}-1"
- source "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux/isdct_#{intel_ssd_tool_version}-1_amd64.deb"
+ version "#{intel_ssd_package_version}"
+ source "#{Chef::Config[:file_cache_path]}/isdct_#{intel_ssd_package_version}_amd64.deb"
end
end
elsif smart =~ %r{^.*,(\d+)/(\d+)$}
munin = "#{device}-#{Regexp.last_match(1)}:#{Regexp.last_match(2)}"
end
+ elsif disk[:device]
+ device = disk[:device].sub("/dev/", "")
+ smart = disk[:smart_device]
+
+ if smart =~ /^.*,(\d+),(\d+),(\d+)$/
+ munin = "#{device}-#{Regexp.last_match(1)}:#{Regexp.last_match(2)}:#{Regexp.last_match(3)}"
+ end
end
elsif disk[:device] =~ %r{^/dev/(nvme\d+)n\d+$}
device = Regexp.last_match(1)
subscribes :restart, "template[/etc/default/smartmontools]"
end
+ template "/etc/prometheus/collectors/smart.devices" do
+ source "smart.devices.erb"
+ owner "root"
+ group "root"
+ mode "644"
+ variables :disks => disks
+ end
+
+ prometheus_collector "smart" do
+ interval "15m"
+ end
+
# Don't try and do munin monitoring of disks behind
# an Areca controller as they only allow one thing to
# talk to the controller at a time and smartd will
conf_variables :disk => disk
end
end
-
- template "/etc/prometheus/collectors/smart.devices" do
- source "smart.devices.erb"
- owner "root"
- group "root"
- mode "644"
- variables :disks => disks
- end
-
- prometheus_collector "smart" do
- interval "15m"
- end
else
service "smartd" do
action [:stop, :disable]
disk = nil
IO.popen(%w(ssacli controller all show config detail)).each do |line|
- if line =~ /^Smart Array (\S+) /
+ if line =~ /^Smart (?:Array|HBA) (\S+) /
controller = {
:id => devices[:controllers].count,
:model => Regexp.last_match(1),
disk = nil
elsif controller && line =~ /^ (\S.*):\s+(.*)$/
case Regexp.last_match(1)
+ when "Slot" then controller[:slot] = Regexp.last_match(2)
when "Serial Number" then controller[:serial_number] = Regexp.last_match(2)
when "Hardware Revision" then controller[:hardware_version] = Regexp.last_match(2)
when "Firmware Version" then controller[:firmware_version] = Regexp.last_match(2)
controller[:arrays] << array[:id]
disk = nil
- elsif controller && line =~ /^ physicaldrive (\S+) /
- disks << Regexp.last_match(1)
elsif array && line =~ /^ physicaldrive (\S+)$/
disk = {
:id => devices[:disks].count,
:controller => controller[:id],
:arrays => [array[:id]],
- :location => Regexp.last_match(1),
- :smart_device => "cciss,#{disks.find_index(Regexp.last_match(1))}"
+ :location => Regexp.last_match(1)
}
devices[:disks] << disk
end
controllers.each do |controller|
+ slot = controller[:slot]
+
+ IO.popen(%W(ssacli controller slot=#{slot} pd all show status)).each do |line|
+ if line =~ /^ physicaldrive (\S+) /
+ disks << Regexp.last_match(1)
+ end
+ end
+
if device = Dir.glob("/sys/bus/pci/devices/#{controller[:pci_slot]}/cciss*").first
controller[:device] = File.basename(device).sub(/^cciss(\d+)$/, "/dev/cciss/c\\1d0")
elsif device = Dir.glob("/sys/bus/pci/devices/#{controller[:pci_slot]}/host*/target*:3:0/*:3:0:0/scsi_generic/sg*").first
controller[:device] = "/dev/#{File.basename(device)}"
end
end
+
+ devices[:disks].each do |disk|
+ disk[:smart_device] = "cciss,#{disks.find_index(disk[:location])}"
+ end
end
def find_megaraid_disks(devices)
array[:disks].map! do |location|
disk = disks.find { |disk| disk[:location] == location }
+ controller_number = controller[:number] - 1
device_number = disk[:device_number]
- device = Dir.glob("#{host}/device/target*:1:#{device_number}/*:1:#{device_number}:0/scsi_generic/*").first
disk[:device] = "/dev/#{File.basename(device)}"
+ disk[:smart_device] = "aacraid,#{controller_number},0,#{device_number}"
disk[:arrays] << array[:id]
disk[:id]
/usr/bin/certbot renew \
--quiet \
+ --preferred-chain "DST Root CA X3" \
--config-dir /srv/acme.openstreetmap.org/config \
--work-dir /srv/acme.openstreetmap.org/work \
--logs-dir /srv/acme.openstreetmap.org/logs \
command "/srv/acme.openstreetmap.org/bin/check-certificates"
mailto "admins@openstreetmap.org"
end
+
+template "/etc/logrotate.d/letsencrypt" do
+ source "logrotate.erb"
+ owner "root"
+ group "root"
+ mode "644"
+end
--- /dev/null
+# DO NOT EDIT - This file is being maintained by Chef
+
+/srv/acme.openstreetmap.org/logs/*.log {
+ missingok
+ compress
+}
/usr/bin/certbot certonly \
--non-interactive \
+ --preferred-chain "DST Root CA X3" \
--config-dir /srv/acme.openstreetmap.org/config \
--work-dir /srv/acme.openstreetmap.org/work \
--logs-dir /srv/acme.openstreetmap.org/logs \
]
# Mediawiki packages for SyntaxHighight support
-package "python-pygments"
+package "python3-pygments"
file "/etc/mediawiki/parsoid/settings.js" do
action :delete
cwd mediawiki_directory
user node[:mediawiki][:user]
group node[:mediawiki][:group]
+ environment "COMPOSER_HOME" => site_directory
only_if { ::File.exist?("#{extension_directory}/composer.json") }
subscribes :run, "git[#{extension_directory}]"
end
property :site, :kind_of => String, :name_property => true
property :aliases, :kind_of => [String, Array]
property :directory, :kind_of => String
-property :version, :kind_of => String, :default => "1.33"
+property :version, :kind_of => String, :default => "1.35"
property :database_name, :kind_of => String, :required => true
property :database_user, :kind_of => String, :required => [:create, :update]
property :database_password, :kind_of => String, :required => [:create, :update]
property :recaptcha_private_key, :kind_of => String
property :extra_file_extensions, :kind_of => [String, Array], :default => []
property :fpm_max_children, :kind_of => Integer, :default => 5
+property :fpm_start_servers, :kind_of => Integer, :default => 2
+property :fpm_min_spare_servers, :kind_of => Integer, :default => 1
+property :fpm_max_spare_servers, :kind_of => Integer, :default => 3
property :fpm_request_terminate_timeout, :kind_of => Integer, :default => 300
+property :fpm_prometheus_port, :kind_of => Integer
property :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true
action :create do
git mediawiki_directory do
action :sync
- repository "https://gerrit.wikimedia.org/r/p/mediawiki/core.git"
+ repository "https://gerrit.wikimedia.org/r/mediawiki/core.git"
revision mediawiki_reference
depth 1
user node[:mediawiki][:user]
cwd mediawiki_directory
user node[:mediawiki][:user]
group node[:mediawiki][:group]
+ environment "COMPOSER_HOME" => site_directory
end
template "#{mediawiki_directory}/composer.local.json" do
php_fpm new_resource.site do
pm_max_children new_resource.fpm_max_children
+ pm_start_servers new_resource.fpm_start_servers
+ pm_min_spare_servers new_resource.fpm_min_spare_servers
+ pm_max_spare_servers new_resource.fpm_max_spare_servers
request_terminate_timeout new_resource.fpm_request_terminate_timeout
php_admin_values "open_basedir" => "#{site_directory}/:/usr/share/php/:/dev/null:/tmp/"
php_values "memory_limit" => "500M",
"max_execution_time" => "240",
"upload_max_filesize" => "70M",
"post_max_size" => "100M"
+ prometheus_port new_resource.fpm_prometheus_port
end
apache_site new_resource.site do
DocumentRoot <%= @directory %>
+ ProxyTimeout 300
+
RewriteCond %{SERVER_NAME} !=<%= @name %>
RewriteRule ^/(.*)$ https://<%= @name %>/$1 [R=permanent]
<?php
# DO NOT EDIT - This file is being maintained by Chef
-require_once($IP .'/extensions/CirrusSearch/CirrusSearch.php');
+wfLoadExtension( 'CirrusSearch' );
$wgDisableSearchUpdate = false;
$wgSearchType = 'CirrusSearch';
case privilege
when :grant
"GRANT OPTION"
+ when :show_db
+ "SHOW DATABASES"
+ when :repl_slave
+ "REPLICATION SLAVE"
+ when :repl_client
+ "REPLICATION CLIENT"
when :create_tmp_table
"CREATE TEMPORARY TABLES"
else
version "1.0.0"
supports "ubuntu"
+depends "chef"
depends "munin"
+depends "prometheus"
#
include_recipe "munin"
+include_recipe "prometheus"
package "mysql-server"
package "mysql-client"
action :delete
end
end
+
+mysql_password = persistent_token("mysql", "prometheus", "password")
+
+mysql_user "prometheus" do
+ password mysql_password
+ process true
+ repl_client true
+end
+
+prometheus_exporter "mysqld" do
+ port 9104
+ environment "DATA_SOURCE_NAME" => "prometheus:#{mysql_password}@(localhost:3306)/"
+end
default[:networking][:firewall][:mangle] = true
default[:networking][:roles] = {}
default[:networking][:interfaces] = {}
-default[:networking][:nameservers] = []
+default[:networking][:nameservers] = %w[1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001]
default[:networking][:search] = []
default[:networking][:dnssec] = "allow-downgrade"
default[:networking][:hostname] = node.name
end
template "/etc/shorewall/rules" do
- action :nothing
source "shorewall-rules.erb"
owner "root"
group "root"
notifies :restart, "service[shorewall]"
end
-notify_group "shorewall-rules" do
- action :run
- notifies :create, "template[/etc/shorewall/rules]"
-end
-
if node[:networking][:firewall][:enabled]
service "shorewall" do
action [:enable, :start]
end
template "/etc/shorewall6/rules" do
- action :nothing
source "shorewall-rules.erb"
owner "root"
group "root"
notifies :restart, "service[shorewall6]"
end
- notify_group "shorewall6-rules" do
- action :run
- notifies :create, "template[/etc/shorewall6/rules]"
- end
-
if node[:networking][:firewall][:enabled]
service "shorewall6" do
action [:enable, :start]
property :connection_limit, :kind_of => [String, Integer], :default => "-"
property :helper, :kind_of => String, :default => "-"
+property :compile_time, TrueClass, :default => true
+
action :accept do
add_rule :accept
end
mode "700"
end
-# Note: tablespaces must be exactly in the same location on each
+# NOTE: tablespaces must be exactly in the same location on each
# Nominatim instance when replication is in use. Therefore
# use symlinks to canonical directory locations.
node[:nominatim][:tablespaces].each do |name, location|
action [:delete]
end
+frontends = search(:node, "recipes:web\\:\\:frontend").sort_by(&:name)
+
nginx_site "nominatim" do
template "nginx.erb"
directory build_directory
variables :pools => node[:nominatim][:fpm_pools],
- :frontends => search(:node, "recipes:web\\:\\:frontend"),
+ :frontends => frontends,
:confdir => "#{basedir}/etc",
:ui_directory => ui_directory
end
include_recipe "fail2ban"
+frontend_addresses = frontends.collect { |f| f.ipaddresses(:role => :external) }
+
fail2ban_jail "nominatim_limit_req" do
filter "nginx-limit-req"
logpath "#{node[:nominatim][:logdir]}/nominatim.openstreetmap.org-error.log"
ports [80, 443]
maxretry 5
+ ignoreips frontend_addresses.flatten.sort
end
geo $whitelisted {
default 0;
<% @frontends.each do |frontend| -%>
-<% frontend.ipaddresses(:role => :external) do |address| -%>
+<% frontend.ipaddresses(:role => :external).sort.each do |address| -%>
<%= address %> 1;
<% end -%>
<% end -%>
2 $binary_remote_addr;
}
+map $missing_email$missing_referer$http_user_agent $generic_mozilla {
+ default 0;
+ ~^11Mozilla/4.0 1;
+ ~^11Mozilla/5.0 2;
+}
+
+map $whitelisted$generic_mozilla$uri $limit_reverse {
+ default "";
+ ~01/reverse.* $binary_remote_addr;
+ ~02/reverse.* $binary_remote_addr;
+}
+
limit_req_zone $limit_www zone=www:50m rate=2r/s;
limit_req_zone $limit_tarpit zone=tarpit:10m rate=1r/s;
limit_req_zone $binary_remote_addr zone=blocked:10m rate=20r/m;
+limit_req_zone $limit_reverse zone=reverse:10m rate=10r/m;
server {
listen 80 default_server;
limit_req zone=www burst=10;
limit_req zone=tarpit burst=2;
+ limit_req zone=reverse burst=5;
limit_req_status 429;
fastcgi_pass nominatim_service;
include fastcgi_params;
limit_req zone=www burst=10;
limit_req zone=tarpit burst=2;
+ limit_req zone=reverse burst=5;
limit_req_status 429;
fastcgi_pass nominatim_service;
include fastcgi_params;
@define('CONST_Database_DSN', 'pgsql:dbname=<%= @dbname %>');
@define('CONST_Website_BaseURL', 'https://<%= @base_url %>/');
+@define('CONST_MapIcon_URL', 'https://<%= @base_url %>/ui/mapicons/');
<% if @flatnode_file -%>
@define('CONST_Osm2pgsql_Flatnode_File', '<%= @flatnode_file %>');
python_directory = "/opt/osqa-python"
-python_virtualenv python_directory
+python_virtualenv python_directory do
+ interpreter "/usr/bin/python2"
+end
python_package "Django" do
python_virtualenv python_directory
version "1.6.11"
end
-python_package "html5lib" do
- python_virtualenv python_directory
- version "0.999"
-end
-
python_package "Markdown" do
python_virtualenv python_directory
version "2.4"
version "2.2.5"
end
-python_package "MySQL-python" do
- python_virtualenv python_directory
- version "1.2.3"
-end
-
python_package "psycopg2" do
python_virtualenv python_directory
version "2.7.6.1"
version "0.7.6"
end
+python_package "html5lib" do
+ python_virtualenv python_directory
+ version "0.999"
+end
+
apache_module "rewrite"
apache_module "wsgi"
version "1.0.0"
supports "ubuntu"
depends "apache"
+depends "prometheus"
#
include_recipe "php"
+include_recipe "prometheus"
package "php-fpm"
service "php#{node[:php][:version]}-fpm" do
action [:enable, :start]
end
+
property :php_flags, :kind_of => Hash, :default => {}
property :php_admin_flags, :kind_of => Hash, :default => {}
property :reload_fpm, :kind_of => [TrueClass, FalseClass], :default => true
+property :prometheus_port, :kind_of => Integer
action :create do
template conf_file do
mode "644"
variables new_resource.to_hash
end
+
+ if new_resource.prometheus_port
+ prometheus_exporter "phpfpm" do
+ port new_resource.prometheus_port
+ service service_name
+ command "server"
+ options "--phpfpm.scrape-uri=#{scrape_uri}"
+ end
+ else
+ prometheus_exporter "phpfpm" do
+ action :delete
+ service service_name
+ end
+ end
end
action :delete do
file conf_file do
action :delete
end
+
+ prometheus_exporter "phpfpm" do
+ action :delete
+ service service_name
+ end
end
action_class do
def conf_file
"/etc/php/#{php_version}/fpm/pool.d/#{new_resource.pool}.conf"
end
+
+ def service_name
+ "phpfpm-#{new_resource.pool}"
+ end
+
+ def scrape_uri
+ if new_resource.port
+ "tcp://127.0.0.1:#{new_resource.port}/status"
+ else
+ "unix:///run/php/#{new_resource.pool}.sock;/status"
+ end
+ end
end
def after_created
pm.min_spare_servers = <%= @pm_min_spare_servers %>
pm.max_spare_servers = <%= @pm_max_spare_servers %>
pm.max_requests = <%= @pm_max_requests %>
+pm.status_path = /status
request_terminate_timeout = <%= @request_terminate_timeout %>
is a tool for importing the data into a Postgis database for rendering maps.
</p>
<p>
- <a href="https://wiki.openstreetmap.org/wiki/Coastline_error_checker">Processed coastline data</a>
- derived from OSM data is also needed for rendering usable maps, and can be found in a
- <a href="historical-shapefiles/processed_p.tar.bz2">single shapefile</a> (360MB).
+ <a href="https://osmdata.openstreetmap.de/">Processed coastline data</a>
+ derived from OSM data is also needed for rendering usable maps.
</p>
</td>
<td>
mode "755"
end
-remote_file "/var/lib/planet/planet.pbf" do
+remote_file "/var/lib/planet/planet.osh.pbf" do
action :create_if_missing
- source "https://planet.openstreetmap.org/pbf/planet-latest.osm.pbf"
+ source "https://planet.openstreetmap.org/pbf/full-history/history-latest.osm.pbf"
owner "planet"
group "planet"
mode "644"
pbzip2
php-cli
php-curl
+ mktorrent
]
directory "/opt/planet-dump-ng" do
git "/opt/planet-dump-ng" do
action :sync
repository "https://github.com/zerebubuth/planet-dump-ng.git"
- revision "v1.1.8"
+ revision "v1.2.0"
depth 1
user "root"
group "root"
# limitations under the License.
#
+require "yaml"
+
include_recipe "accounts"
include_recipe "osmosis"
db_passwords = data_bag_item("db", "passwords")
-package "postgresql-client"
-
-package "ruby"
-package "ruby-dev"
-package "ruby-libxml"
-
-package "make"
-package "gcc"
-package "libpq-dev"
+package %w[
+ postgresql-client
+ ruby
+ ruby-dev
+ ruby-libxml
+ make
+ gcc
+ libpq-dev
+ osmdbt
+]
gem_package "pg"
files_mode "755"
end
+template "/usr/local/bin/replicate-minute" do
+ source "replicate-minute.erb"
+ owner "root"
+ group "root"
+ mode "755"
+end
+
template "/usr/local/bin/users-agreed" do
source "users-agreed.erb"
owner "root"
mode "755"
end
+directory "/store/planet/replication/test" do
+ owner "planet"
+ group "planet"
+ mode "755"
+end
+
+directory "/store/planet/replication/test/minute" do
+ owner "planet"
+ group "planet"
+ mode "755"
+end
+
+directory "/store/replication" do
+ owner "planet"
+ group "planet"
+ mode "755"
+end
+
+directory "/store/replication/minute" do
+ owner "planet"
+ group "planet"
+ mode "755"
+end
+
+systemd_tmpfile "/run/replication" do
+ type "d"
+ owner "planet"
+ group "planet"
+ mode "755"
+end
+
directory "/etc/replication" do
owner "root"
group "root"
variables :password => db_passwords["planetdiff"]
end
+osmdbt_config = {
+ "database" => {
+ "host" => node[:web][:database_host],
+ "dbname" => "openstreetmap",
+ "user" => "planetdiff",
+ "password" => db_passwords["planetdiff"],
+ "replication_slot" => "osmdbt"
+ },
+ "log_dir" => "/var/lib/replication/minute",
+ "changes_dir" => "/store/planet/replication/test/minute",
+ "tmp_dir" => "/store/replication/minute",
+ "run_dir" => "/run/replication"
+}
+
+file "/etc/replication/osmdbt-config.yaml" do
+ user "root"
+ group "planet"
+ mode "640"
+ content YAML.dump(osmdbt_config)
+end
+
+systemd_service "replication-minutely" do
+ description "Minutely replication"
+ user "planet"
+ working_directory "/etc/replication"
+ exec_start "/usr/local/bin/replicate-minute"
+ private_tmp true
+ private_devices true
+ protect_system "full"
+ protect_home true
+ restrict_address_families %w[AF_INET AF_INET6]
+ no_new_privileges true
+end
+
+systemd_timer "replication-minutely" do
+ description "Minutely replication"
+ on_boot_sec 60
+ on_unit_active_sec 60
+ accuracy_sec 5
+end
+
template "/etc/replication/changesets.conf" do
source "changesets.conf.erb"
user "root"
mode "755"
end
+directory "/var/lib/replication/minute" do
+ owner "planet"
+ group "planet"
+ mode "755"
+end
+
directory "/var/lib/replication/hour" do
owner "planet"
group "planet"
mailto "zerebubuth@gmail.com"
end
+ service "replication-minutely.timer" do
+ action [:enable, :start]
+ end
+
cron_d "replication-minutely" do
user "planet"
command "/usr/local/bin/osmosis -q --replicate-apidb authFile=/etc/replication/auth.conf validateSchemaVersion=false --write-replication workingDirectory=/store/planet/replication/minute"
action :delete
end
+ service "replication-minutely.timer" do
+ action [:stop, :disable]
+ end
+
cron_d "replication-minutely" do
action :delete
end
action :delete
end
end
-
-# directory "/var/lib/replication/streaming" do
-# owner "planet"
-# group "planet"
-# mode 0o755
-# end
-#
-# directory "/var/log/replication" do
-# owner "planet"
-# group "planet"
-# mode 0o755
-# end
-#
-# ["streaming-replicator", "streaming-server"].each do |name|
-# template "/etc/init.d/#{name}" do
-# source "streaming.init.erb"
-# owner "root"
-# group "root"
-# mode 0o755
-# variables :service => name
-# end
-#
-# if node[:planet][:replication] == "enabled"
-# service name do
-# action [:enable, :start]
-# supports :restart => true, :status => true
-# subscribes :restart, "template[/etc/init.d/#{name}]"
-# end
-# else
-# service name do
-# action [:disable, :stop]
-# supports :restart => true, :status => true
-# end
-# end
-# end
# setup
+SUFFIX="osh.pbf"
+
PLANETDIR="/var/lib/planet"
-PLANETPREV="${PLANETDIR}/planet-previous.pbf"
-PLANETCURR="${PLANETDIR}/planet.pbf"
-PLANETNEW="${PLANETDIR}/planet-new.pbf"
-PLANETTMP="${PLANETDIR}/planet-tmp.pbf"
+PLANETPREV="${PLANETDIR}/planet-previous.${SUFFIX}"
+PLANETCURR="${PLANETDIR}/planet.${SUFFIX}"
+PLANETNEW="${PLANETDIR}/planet-new.${SUFFIX}"
+PLANETTMP="${PLANETDIR}/planet-tmp.${SUFFIX}"
pyosmium-up-to-date -v -o "$PLANETNEW" "$PLANETCURR"
retval=$?
-x "planet-${date}.osm.bz2" -X "history-${date}.osm.bz2" \
-p "planet-${date}.osm.pbf" -P "history-${date}.osm.pbf"
+# Function to create bittorrent files
+function mk_torrent {
+ type="$1"
+ format="$2"
+ web_dir="$3"
+ name="${type}-${date}.osm.${format}"
+ web_path="${web_dir}/${name}"
+
+ mktorrent -l 22 ${name} \
+ -a udp://tracker.opentrackr.org:1337 \
+ -a udp://tracker.datacenterlight.ch:6969/announce,http://tracker.datacenterlight.ch:6969/announce \
+ -a udp://tracker.torrent.eu.org:451 \
+ -a udp://tracker-udp.gbitt.info:80/announce,http://tracker.gbitt.info/announce,https://tracker.gbitt.info/announce \
+ -a http://retracker.local/announce \
+ -w https://planet.openstreetmap.org/${web_path} \
+ -w https://ftp5.gwdg.de/pub/misc/openstreetmap/planet.openstreetmap.org/${web_path} \
+ -w https://ftpmirror.your.org/pub/openstreetmap/${web_path} \
+ -w https://mirror.init7.net/openstreetmap/${web_path} \
+ -w https://free.nchc.org.tw/osm.planet/${web_path} \
+ -w https://ftp.fau.de/osm-planet/${web_path} \
+ -w https://ftp.spline.de/pub/openstreetmap/${web_path} \
+ -w https://osm.openarchive.site/${name} \
+ -w https://downloads.opencagedata.com/planet/${name} \
+ -c "OpenStreetMap ${type} data export, licensed under https://opendatacommons.org/licenses/odbl/ by OpenStreetMap contributors" \
+ -o ${name}.torrent
+}
+
# Function to install a dump in place
function install_dump {
type="$1"
md5sum "${name}" > "${name}.md5"
mkdir -p "${dir}/${year}"
+ test -f "${name}.torrent" && mv "${name}.torrent" "${dir}/${year}"
mv "${name}" "${name}.md5" "${dir}/${year}"
ln -sf "${year:-.}/${name}" "${dir}/${latest}"
rm -f "${dir}/${latest}.md5"
sed -e "s/${name}/${latest}/" "${dir}/${year}/${name}.md5" > "${dir}/${latest}.md5"
}
+# Create *.torrent files
+mk_torrent "changesets" "bz2" "planet/${year}"
+mk_torrent "discussions" "bz2" "planet/${year}"
+mk_torrent "planet" "bz2" "planet/${year}"
+mk_torrent "history" "bz2" "planet/full-history/${year}"
+mk_torrent "planet" "pbf" "pbf"
+mk_torrent "history" "pbf" "pbf/full-history"
+
# Move dumps into place
install_dump "changesets" "bz2" "<%= node[:planet][:dump][:xml_directory] %>" "${year}"
install_dump "discussions" "bz2" "<%= node[:planet][:dump][:xml_directory] %>" "${year}"
install_dump "history" "pbf" "<%= node[:planet][:dump][:pbf_history_directory] %>"
# Remove pbf dumps older than 90 days
-find "<%= node[:planet][:dump][:pbf_directory] %>" "<%= node[:planet][:dump][:pbf_history_directory] %>" -maxdepth 1 -mindepth 1 -type f -mtime +90 \( -iname 'planet-*.pbf' -o -iname 'history-*.pbf' -o -iname 'planet-*.pbf.md5' -o -iname 'history-*.pbf.md5' \) -delete
+find "<%= node[:planet][:dump][:pbf_directory] %>" "<%= node[:planet][:dump][:pbf_history_directory] %>" \
+ -maxdepth 1 -mindepth 1 -type f -mtime +90 \
+ \( \
+ -iname 'planet-*.pbf' \
+ -o -iname 'history-*.pbf' \
+ -o -iname 'planet-*.pbf.md5' \
+ -o -iname 'history-*.pbf.md5' \
+ \) \
+ -delete
--- /dev/null
+#!/bin/sh
+
+set -e
+
+cd /etc/replication
+
+osmdbt-catchup --quiet
+osmdbt-get-log --quiet
+osmdbt-catchup --quiet
+osmdbt-create-diff --quiet --max-changes=50000
+++ /dev/null
-#!/bin/bash
-
-# DO NOT EDIT - This file is being maintained by Chef
-
-start() {
- start-stop-daemon --start --chuid planet --background --make-pidfile --pidfile /var/run/<%= @service %>.pid --exec /usr/local/bin/<%= @service %>
-}
-
-stop() {
- start-stop-daemon --stop --retry 300 --pidfile /var/run/<%= @service %>.pid
-}
-
-status() {
- start-stop-daemon --status --pidfile /var/run/<%= @service %>.pid
-}
-
-case "$1" in
- start)
- start
- ;;
- stop)
- stop
- ;;
- restart)
- stop || exit $?
- start
- ;;
- status)
- status
- ;;
-esac
default[:postgresql][:settings][:defaults][:checkpoint_completion_target] = "0.5"
default[:postgresql][:settings][:defaults][:archive_mode] = "off"
default[:postgresql][:settings][:defaults][:max_wal_senders] = "0"
+default[:postgresql][:settings][:defaults][:max_replication_slots] = "0"
default[:postgresql][:settings][:defaults][:hot_standby] = "off"
default[:postgresql][:settings][:defaults][:hot_standby_feedback] = "off"
default[:postgresql][:settings][:defaults][:random_page_cost] = "4.0"
# - Sending Server(s) -
max_wal_senders = <%= @settings[:max_wal_senders] || @defaults[:max_wal_senders] %>
+max_replication_slots = <%= @settings[:max_replication_slots] || @defaults[:max_replication_slots] %>
# - Standby Servers -
include_recipe "git"
include_recipe "networking"
+package "ruby"
+
if node.internal_ipaddress
node.default[:prometheus][:mode] = "internal"
node.default[:prometheus][:address] = node.internal_ipaddress
prometheus_exporter "node" do
port 9100
- options "--collector.ntp --collector.processes --collector.interrupts --collector.tcpstat --collector.textfile.directory=/var/lib/prometheus/node-exporter"
+ options %w[
+ --collector.textfile.directory=/var/lib/prometheus/node-exporter
+ --collector.interrupts
+ --collector.ntp
+ --collector.processes
+ --collector.systemd
+ --collector.tcpstat
+ ]
end
include_recipe "networking"
passwords = data_bag_item("prometheus", "passwords")
+tokens = data_bag_item("prometheus", "tokens")
+
+prometheus_exporter "fastly" do
+ port 8080
+ listen_switch "endpoint"
+ listen_type "url"
+ environment "FASTLY_API_TOKEN" => tokens["fastly"]
+end
package "prometheus"
}
end
- client[:prometheus][:exporters].each do |name, address|
+ client[:prometheus][:exporters].each do |key, exporter|
+ if exporter.is_a?(Hash)
+ name = exporter[:name]
+ address = exporter[:address]
+ else
+ name = key
+ address = exporter
+ end
+
jobs[name] ||= []
jobs[name] << { :address => address, :name => client.name }
end
property :exporter, :kind_of => String, :name_property => true
property :port, :kind_of => Integer, :required => [:create]
property :listen_switch, :kind_of => String, :default => "web.listen-address"
+property :listen_type, :kind_of => String, :default => "address"
property :user, :kind_of => String, :default => "root"
+property :command, :kind_of => String
property :options, :kind_of => [String, Array]
property :environment, :kind_of => Hash, :default => {}
+property :service, :kind_of => String
action :create do
systemd_service service_name do
type "simple"
user new_resource.user
environment new_resource.environment
- exec_start "#{executable_path} #{executable_options}"
+ exec_start "#{executable_path} #{new_resource.command} #{executable_options}"
private_tmp true
protect_system "strict"
protect_home true
only_if { node[:prometheus][:mode] == "external" }
end
- node.default[:prometheus][:exporters][new_resource.exporter] = listen_address
+ node.default[:prometheus][:exporters][new_resource.port] = {
+ :name => new_resource.exporter, :address => listen_address
+ }
end
action :delete do
action_class do
def service_name
- "prometheus-#{new_resource.exporter}-exporter"
+ if new_resource.service
+ "prometheus-#{new_resource.service}-exporter"
+ else
+ "prometheus-#{new_resource.exporter}-exporter"
+ end
end
def executable_path
end
def executable_options
- "--#{new_resource.listen_switch}=#{listen_address} #{Array(new_resource.options).join(' ')}"
+ "--#{new_resource.listen_switch}=#{listen_argument} #{Array(new_resource.options).join(' ')}"
+ end
+
+ def listen_argument
+ case new_resource.listen_type
+ when "address" then listen_address
+ when "url" then "http://#{listen_address}/metrics"
+ end
end
def listen_address
default_action :create
property :virtualenv_directory, :kind_of => String, :name_property => true
+property :interpreter, :kind_of => String, :default => "/usr/bin/python"
action :create do
execute "virtualenv-#{new_resource.virtualenv_directory}" do
- command "virtualenv #{new_resource.virtualenv_directory}"
+ command "virtualenv --python=#{new_resource.interpreter} #{new_resource.virtualenv_directory}"
not_if { ::File.exist?(new_resource.virtualenv_directory) }
end
end
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
-DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
-SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
-GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
-q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
-SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
-Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
-a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
-/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
-AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
-CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
-bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
-c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
-VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
-ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
-MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
-Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
-AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
-uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
-wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
-X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
-PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
-KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
------END CERTIFICATE-----
package "openssl"
package "ssl-cert"
-cookbook_file "/etc/ssl/certs/letsencrypt.pem" do
- owner "root"
- group "root"
- mode "444"
- backup false
-end
-
cookbook_file "/etc/ssl/certs/dhparam.pem" do
owner "root"
group "root"
action :create do
node.default[:letsencrypt][:certificates][new_resource.certificate] = {
- :domains => Array(new_resource.domains)
+ :domains => domains
}
if letsencrypt
force_unlink true
end
else
- alt_names = new_resource.domains.collect { |domain| "DNS:#{domain}" }
+ alt_names = domains.collect { |domain| "DNS:#{domain}" }
openssl_x509_certificate "/etc/ssl/certs/#{new_resource.certificate}.pem" do
key_file "/etc/ssl/private/#{new_resource.certificate}.key"
mode "640"
org "OpenStreetMap"
email "operations@osmfoundation.org"
- common_name new_resource.domains.first
+ common_name domains.first
subject_alt_name alt_names
extensions "keyUsage" => { "values" => %w[digitalSignature keyEncipherment], "critical" => true },
"extendedKeyUsage" => { "values" => %w[serverAuth clientAuth], "critical" => true }
def letsencrypt
@letsencrypt ||= search(:letsencrypt, "id:#{new_resource.certificate}").first
end
+
+ def domains
+ Array(new_resource.domains)
+ end
end
database_user "sotm2007"
database_password passwords["sotm2007"]
database_prefix "wp_sotm_"
+ fpm_prometheus_port 12007
end
wordpress_theme "2007.stateofthemap.org-refreshwp-11" do
database_user "sotm2008"
database_password passwords["sotm2008"]
database_prefix "wp_sotm08_"
+ fpm_prometheus_port 12008
end
wordpress_theme "2008.stateofthemap.org-refreshwp-11" do
urls "/register" => "/srv/2009.stateofthemap.org/register",
"/register-pro-user" => "/srv/2009.stateofthemap.org/register-pro-user",
"/podcasts" => "/srv/2009.stateofthemap.org/podcasts"
+ fpm_prometheus_port 12009
end
wordpress_theme "2009.stateofthemap.org-aerodrome" do
database_user "sotm2010"
database_password passwords["sotm2010"]
urls "/register" => "/srv/2010.stateofthemap.org/register"
+ fpm_prometheus_port 12010
end
wordpress_theme "2010.stateofthemap.org-aerodrome" do
database_user "sotm2011"
database_password passwords["sotm2011"]
urls "/register" => "/srv/2011.stateofthemap.org/register"
+ fpm_prometheus_port 12011
end
wordpress_theme "2011.stateofthemap.org-aerodrome" do
database_user "sotm2012"
database_password passwords["sotm2012"]
urls "/register" => "/srv/2012.stateofthemap.org/register"
+ fpm_prometheus_port 12012
end
wordpress_theme "2012.stateofthemap.org-aerodrome" do
package %w[
sqlite3
+ sqlite3-pcre
osmium-tool
pyosmium
curl
settings["logging"]["directory"] = "/var/log/taginfo/#{site_name}"
settings["opensearch"]["shortname"] = "Taginfo"
settings["opensearch"]["contact"] = "webmaster@openstreetmap.org"
+ settings["paths"]["bin_dir"] = "#{directory}/build/src"
settings["sources"]["download"] = ""
- settings["sources"]["create"] = "db languages projects wiki"
- settings["sources"]["db"]["planetfile"] = "/var/lib/planet/planet.pbf"
- settings["sources"]["db"]["bindir"] = "#{directory}/build/src"
+ settings["sources"]["create"] = "db languages projects wiki chronology"
+ settings["sources"]["db"]["planetfile"] = "/var/lib/planet/planet.osh.pbf"
+ settings["sources"]["chronology"]["osm_history_file"] = "/var/lib/planet/planet.osh.pbf"
settings["tagstats"]["geodistribution"] = "DenseMmapArray"
JSON.pretty_generate(settings)
notifies :reload, "service[apache2]"
end
+remote_file "#{Chef::Config[:file_cache_path]}/fastly-ip-list.json" do
+ source "https://api.fastly.com/public-ip-list"
+ compile_time true
+end
+
tilecaches = search(:node, "roles:tilecache").sort_by { |n| n[:hostname] }
+fastlyips = JSON.parse(IO.read("#{Chef::Config[:file_cache_path]}/fastly-ip-list.json"))
apache_site "default" do
action [:disable]
apache_site "tile.openstreetmap.org" do
template "apache.erb"
- variables :caches => tilecaches
+ variables :caches => tilecaches, :fastly => fastlyips["addresses"]
end
template "/etc/logrotate.d/apache2" do
<% cache.ipaddresses(:role => :external).sort.each do |address| -%>
RemoteIPTrustedProxy <%= address %>
<% end -%>
+<% end -%>
+<% @fastly.sort.each do |address| -%>
+ RemoteIPTrustedProxy <%= address %>
<% end -%>
# Setup logging
package %w[
g++
+ make
pkg-config
libpq-dev
libsasl2-dev
"storage_service",
"storage_url",
"tile_cdn_url"
- ).reject { |_k, v| v.nil? }.merge(
+ ).compact.merge(
"server_protocol" => "https",
"server_url" => new_resource.site,
"support_email" => "support@openstreetmap.org",
"wiki.openstreetmap.pro", "wiki.openstreetmaps.org"]
directory "/srv/wiki.openstreetmap.org"
- fpm_max_children 25
+ fpm_max_children 50
+ fpm_start_servers 10
+ fpm_min_spare_servers 10
+ fpm_max_spare_servers 20
+ fpm_prometheus_port 9253
database_name "wiki"
database_user "wiki-user"
$wgWBRepoSettings['entityNamespaces']['property'] = WB_NS_PROPERTY;
// Make sure we use the same keys on repo and clients, so we can share cached objects.
- $wgWBRepoSettings['sharedCacheKeyPrefix'] = $wgDBname . ':WBL/' . rawurlencode( WBL_VERSION );
+ $wgWBRepoSettings['sharedCacheKeyPrefix'] = $wgDBname;
// Include Wikibase items in the regular search result by default
$wgNamespacesToBeSearchedDefault[WB_NS_ITEM] = true;
// See https://www.mediawiki.org/wiki/Wikibase/Installation/Advanced_configuration#Define_links_for_external_identifiers
$wgWBRepoSettings['formatterUrlProperty'] = 'P8';
-
-// Disable Wikibase searchbox with this hack (hopefully Wikibase will implement support for it soon)
-// See https://phabricator.wikimedia.org/T205560
-// After upgrading to Wikibase 1.33, this line can be deleted. The 'enableEntitySearchUI' above will do the same thing.
-$wgResourceModules['wikibase.ui.entitysearch']['scripts'] = [];
property :database_password, :kind_of => String, :required => [:create]
property :database_prefix, :kind_of => String, :default => "wp_"
property :urls, :kind_of => Hash, :default => {}
+property :fpm_max_children, :kind_of => Integer, :default => 5
+property :fpm_start_servers, :kind_of => Integer, :default => 2
+property :fpm_min_spare_servers, :kind_of => Integer, :default => 1
+property :fpm_max_spare_servers, :kind_of => Integer, :default => 3
+property :fpm_request_terminate_timeout, :kind_of => Integer, :default => 300
+property :fpm_prometheus_port, :kind_of => Integer
property :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true
action :create do
end
php_fpm new_resource.site do
+ pm_max_children new_resource.fpm_max_children
+ pm_start_servers new_resource.fpm_start_servers
+ pm_min_spare_servers new_resource.fpm_min_spare_servers
+ pm_max_spare_servers new_resource.fpm_max_spare_servers
+ request_terminate_timeout new_resource.fpm_request_terminate_timeout
php_admin_values "open_basedir" => "#{site_directory}/:/usr/share/php/:/tmp/",
"disable_functions" => "exec,shell_exec,system,passthru,popen,proc_open"
php_values "upload_max_filesize" => "70M",
"post_max_size" => "100M"
+ prometheus_port new_resource.fpm_prometheus_port
end
apache_site new_resource.site do
},
:hosted_by => "AARNet",
:location => "Carlton, Victoria, Australia",
- :timezone => "Australia/Melbourne",
- :networking => {
- :nameservers => ["202.158.207.1", "202.158.207.2"]
- }
+ :timezone => "Australia/Melbourne"
)
override_attributes(
+ :networking => {
+ :nameservers => ["202.158.207.1", "202.158.207.2"]
+ },
:ntp => {
:servers => ["0.au.pool.ntp.org", "1.au.pool.ntp.org", "oceania.pool.ntp.org"]
}
default_attributes(
:hosted_by => "AltaVoz",
- :location => "Viña del Mar, Chile",
- :networking => {
- :nameservers => [
- "200.91.44.10",
- "200.91.41.10"
- ]
- }
+ :location => "Viña del Mar, Chile"
)
override_attributes(
+ :networking => {
+ :nameservers => ["200.91.44.10", "200.91.41.10"]
+ },
:ntp => {
:servers => ["0.cl.pool.ntp.org", "1.cl.pool.ntp.org", "south-america.pool.ntp.org"]
}
+++ /dev/null
-name "aws"
-description "Role applied to all servers on AWS"
-
-default_attributes(
- :hosted_by => "AWS",
- :location => "Ireland",
- :networking => {
- :nameservers => ["172.31.0.2"],
- :roles => {
- :internal => {
- :inet => {
- :prefix => "20",
- :gateway => "172.31.0.1"
- }
- },
- :external => {
- :inet => {
- :prefix => "32"
- }
- }
- }
- }
-)
-
-override_attributes(
- :ntp => {
- :servers => ["0.ie.pool.ntp.org", "1.ie.pool.ntp.org", "europe.pool.ntp.org"]
- }
-)
-
-run_list(
- "role[ie]"
-)
:parameters => {
"net.core.rmem_max" => "16777216",
"net.core.wmem_max" => "16777216",
- "net.ipv4.tcp_rmem" => "4096\t87380\t16777216",
- "net.ipv4.tcp_wmem" => "4096\t65536\t16777216",
- "net.ipv4.udp_mem" => "3145728\t4194304\t16777216"
+ "net.ipv4.tcp_rmem" => "4096 87380 16777216",
+ "net.ipv4.tcp_wmem" => "4096 65536 16777216",
+ "net.ipv4.udp_mem" => "3145728 4194304 16777216"
}
},
:network_backlog => {
:blixadmin => { :status => :administrator }
}
},
- :hosted_by => "Blix Solutions",
- :networking => {
- :nameservers => ["8.8.8.8", "8.8.4.4"]
- }
+ :hosted_by => "Blix Solutions"
)
:hosted_by => "Bytemark",
:location => "York, England",
:networking => {
- :nameservers => ["10.0.32.20"],
:roles => {
:internal => {
:inet => {
override_attributes(
:networking => {
+ :nameservers => ["10.0.32.20"],
:search => ["bm.openstreetmap.org", "openstreetmap.org"]
},
:ntp => {
},
:hosted_by => "Centro de Computação Científica e Software Livre, Universidade Federal do Paraná",
:location => "Curitiba, Brazil",
- :timezone => "America/Sao_Paulo",
:networking => {
- :nameservers => ["200.17.202.3", "200.236.31.1"],
:wireguard => { :keepalive => 180 }
- }
+ },
+ :timezone => "America/Sao_Paulo"
)
override_attributes(
+ :networking => {
+ :nameservers => ["200.17.202.3", "200.236.31.1"]
+ },
:ntp => {
:servers => ["0.br.pool.ntp.org", "1.br.pool.ntp.org", "south-america.pool.ntp.org"]
}
default_attributes(
:hosted_by => "Catalyst",
- :location => "Hamilton, New Zealand",
- :networking => {
- :nameservers => ["202.78.244.85", "202.78.244.86", "202.78.244.87"]
- }
+ :location => "Hamilton, New Zealand"
)
override_attributes(
+ :networking => {
+ :nameservers => ["202.78.244.85", "202.78.244.86", "202.78.244.87"]
+ },
:ntp => {
:servers => ["0.nz.pool.ntp.org", "1.nz.pool.ntp.org", "oceania.pool.ntp.org"]
}
}
},
:hosted_by => "DataHata",
- :location => "Minsk, Belarus",
- :networking => {
- :nameservers => [
- "31.130.200.2",
- "8.8.8.8",
- "8.8.4.4"
- ]
- }
+ :location => "Minsk, Belarus"
)
override_attributes(
:postgresql => {
:settings => {
:defaults => {
- :wal_level => "hot_standby",
+ :wal_level => "logical",
:archive_mode => "on",
:archive_command => "/usr/local/bin/openstreetmap-wal-e --terse wal-push %p",
:max_wal_senders => "3",
+ :max_replication_slots => "1",
:late_authentication_rules => [
{ :database => "replication", :user => "replication", :address => "10.0.48.49/32" },
{ :database => "replication", :user => "replication", :address => "10.0.48.50/32" },
:hot_standby_feedback => "on",
:standby_mode => "on",
:primary_conninfo => {
- :host => "karm.ams.openstreetmap.org",
+ :host => "snap-01.ams.openstreetmap.org",
:port => "5432",
:user => "replication",
:passwords => { :bag => "db", :item => "passwords" }
+++ /dev/null
-name "delta"
-description "Role applied to all servers at Delta Telecom"
-
-default_attributes(
- :hosted_by => "Delta Telecom",
- :location => "Baku, Azerbaijan",
- :networking => {
- :nameservers => ["94.20.20.20", "8.8.8.8", "8.8.4.4"]
- }
-)
-
-override_attributes(
- :ntp => {
- :servers => ["0.az.pool.ntp.org", "1.az.pool.ntp.org", "europe.pool.ntp.org"]
- }
-)
-
-run_list(
- "role[az]"
-)
},
"12" => {
:port => "5432",
- :wal_level => "logical"
+ :wal_level => "logical",
+ :max_replication_slots => "1"
}
}
},
default_attributes(
:hosted_by => "dotsrc.org",
- :location => "Aalborg, Denmark",
- :networking => {
- :nameservers => [
- "130.226.1.2",
- "130.226.255.53",
- "2001:878:0:100::2"
- ]
- }
+ :location => "Aalborg, Denmark"
)
override_attributes(
:prefix => "64",
:gateway => "fe80::161:53:30:97"
}
- },
- :nameservers => [
- "161.53.30.100",
- "8.8.8.8"
- ]
+ }
},
:squid => {
:version => 4,
:family => :inet,
:address => "10.0.48.9",
:bond => {
- :slaves => %w[p18p1 p18p2]
+ :slaves => %w[ens18f0 ens18f1]
}
},
:external_ipv4 => {
:connection_limit => "-"
}
]
- },
- :nameservers => [
- "8.8.8.8",
- "1.1.1.1"
- ]
+ }
}
)
--- /dev/null
+name "epix"
+description "Role applied to all servers at EPIX"
+
+default_attributes(
+ :hosted_by => "EPIX",
+ :location => "Katowice, Poland"
+)
+
+override_attributes(
+ :ntp => {
+ :servers => ["0.pl.pool.ntp.org", "1.pl.pool.ntp.org", "europe.pool.ntp.org"]
+ }
+)
+
+run_list(
+ "role[pl]"
+)
default_attributes(
:networking => {
- :nameservers => ["66.28.0.45", "66.28.0.61"],
:roles => {
:internal => {
:inet => {
override_attributes(
:networking => {
+ :nameservers => ["66.28.0.45", "66.28.0.61"],
:search => ["ams.openstreetmap.org", "openstreetmap.org"]
},
:ntp => {
+++ /dev/null
-name "euserv"
-description "Role applied to all servers at EUserv"
-
-default_attributes(
- :hosted_by => "EUserv",
- :location => "Jena, Germany",
- :networking => {
- :nameservers => [
- "85.31.184.60", "85.31.184.61", "85.31.185.60", "85.31.185.61"
- ]
- }
-)
-
-override_attributes(
- :ntp => {
- :servers => ["0.de.pool.ntp.org", "1.de.pool.ntp.org", "europe.pool.ntp.org"]
- }
-)
-
-run_list(
- "role[de]"
-)
:hosted_by => "Exonetric",
:location => "London, England",
:networking => {
- :nameservers => ["8.8.8.8", "8.8.4.4"],
:roles => {
:external => {
:inet => {
default_attributes(
:hosted_by => "FAImaison",
- :location => "France",
- :networking => {
- :nameservers => [
- "8.8.8.8",
- "8.8.4.4",
- "1.1.1.1"
- ]
- }
+ :location => "France"
)
override_attributes(
default_attributes(
:hosted_by => "Freifunk Rheinland",
- :location => "Berlin, Germany",
- :networking => {
- :nameservers => [
- "8.8.8.8",
- "8.8.4.4"
- ]
- }
+ :location => "Berlin, Germany"
)
override_attributes(
default_attributes(
:networking => {
- :nameservers => ["8.8.8.8", "8.8.4.4"],
:roles => {
:internal => {
:inet => {
-name "konqi"
-description "Master role applied to konqi"
+name "firnen"
+description "Master role applied to firnen"
default_attributes(
:hardware => {
- :shm_size => "20g"
+ :shm_size => "36g"
},
:networking => {
:interfaces => {
:external_ipv4 => {
- :interface => "eth0",
+ :interface => "enp6s0",
:role => :external,
:family => :inet,
- :address => "81.7.11.83",
- :prefix => "24",
- :gateway => "81.7.11.1"
- },
- :external_ipv6 => {
- :interface => "eth0",
- :role => :external,
- :family => :inet6,
- :address => "2a02:180:1:1::517:b53",
- :prefix => "64",
- :gateway => "2a02:180:1:1::1"
+ :address => "188.241.28.82",
+ :prefix => "29",
+ :gateway => "188.241.28.81"
}
- },
- :wireguard => {
- :enabled => false
}
},
:squid => {
:version => 4,
- :cache_mem => "16384 MB",
+ :cache_mem => "32768 MB",
:cache_dir => [
"rock /store/squid/rock-4096 20000 swap-timeout=200 slot-size=4096 max-size=3996",
"rock /store/squid/rock-8192 25000 swap-timeout=200 slot-size=8192 min-size=3997 max-size=8092",
)
run_list(
- "role[euserv]",
+ "role[epix]",
"role[tilecache]"
)
+++ /dev/null
-name "g5solutions"
-description "Role applied to all servers at G5 Solutions"
-
-default_attributes(
- :accounts => {
- :users => {
- :g5team => { :status => :administrator }
- }
- },
- :hosted_by => "G5 Solutions",
- :location => "Indonesia",
- :networking => {
- :nameservers => [
- "8.8.8.8",
- "8.8.4.4"
- ]
- }
-)
-
-override_attributes(
- :ntp => {
- :servers => ["0.id.pool.ntp.org", "1.id.pool.ntp.org", "asia.pool.ntp.org"]
- }
-)
-
-run_list(
- "role[id]"
-)
]
},
:tilecache => {
- :tile_parent => "bissen.render.openstreetmap.org"
+ :tile_parent => "germany.render.openstreetmap.org"
}
)
default_attributes(
:hosted_by => "Gandi",
- :location => "Bissen, Luxembourg",
- :networking => {
- :nameservers => [
- "217.70.186.194",
- "217.70.186.193",
- "2001:4b98:dc2:49::193"
- ]
- }
+ :location => "Bissen, Luxembourg"
)
override_attributes(
+ :networking => {
+ :nameservers => ["217.70.186.194", "217.70.186.193", "2001:4b98:dc2:49::193"]
+ },
:ntp => {
:servers => ["0.lu.pool.ntp.org", "1.lu.pool.ntp.org", "europe.pool.ntp.org"]
}
}
},
:hosted_by => "greenminihost",
- :location => "Dronten, Netherlands",
- :networking => {
- :nameservers => [
- "45.148.169.130",
- "185.200.102.102",
- "2a0a:aa42:222:2500::2500",
- "2a0a:aa42:321:2000::53"
- ]
- }
+ :location => "Dronten, Netherlands"
)
override_attributes(
+ :networking => {
+ :nameservers => ["45.148.169.130", "185.200.102.102", "2a0a:aa42:222:2500::2500", "2a0a:aa42:321:2000::53"]
+ },
:ntp => {
:servers => ["0.nl.pool.ntp.org", "1.nl.pool.ntp.org", "europe.pool.ntp.org"]
}
:connection_limit => "-"
}
]
- },
- :nameservers => ["2a00:5884::7", "8.8.8.8", "8.8.4.4"]
+ }
}
)
:networking => {
:interfaces => {
:internal_ipv4 => {
- :interface => "em1.2801",
+ :interface => "enp3s0f0.2801",
:role => :internal,
:family => :inet,
:address => "10.0.0.19"
},
:external_ipv4 => {
- :interface => "em1.2800",
+ :interface => "enp3s0f0.2800",
:role => :external,
:family => :inet,
:address => "193.60.236.15"
:family => :inet,
:address => "10.0.32.20",
:bond => {
- :slaves => %w[em1 em2]
+ :slaves => %w[enp2s0f0 enp2s0f1]
}
},
:external_ipv4 => {
}
},
:hosted_by => "GRNET",
- :location => "Athens, Greece",
- :networking => {
- :nameservers => [
- "8.8.8.8",
- "8.8.4.4"
- ]
- }
+ :location => "Athens, Greece"
)
override_attributes(
description "Role applied to all servers at Hetzner"
default_attributes(
- :hosted_by => "Hetzner",
+ :hosted_by => "Hetzner"
+)
+
+override_attributes(
:networking => {
:nameservers => [
"213.133.98.98",
"2a01:4f8:0:a102::add:9999",
"2a01:4f8:0:a0a1::add:1010"
]
- }
-)
-
-override_attributes(
+ },
:ntp => {
:servers => ["0.de.pool.ntp.org", "1.de.pool.ntp.org", "europe.pool.ntp.org"]
}
},
:hosted_by => "HostedIn.NZ",
:location => "Wellington, New Zealand",
- :networking => {
- :nameservers => ["8.8.8.8", "8.8.4.4"]
- },
:snmpd => {
:clients => ["103.106.66.28"],
:community => "hostedinnz",
default_attributes(
:hosted_by => "INX-ZA",
- :location => "Cape Town, South Africa",
- :networking => {
- :nameservers => [
- "196.10.52.52",
- "196.10.54.54",
- "196.10.55.55"
- ]
- }
+ :location => "Cape Town, South Africa"
)
override_attributes(
+ :networking => {
+ :nameservers => ["196.10.52.52", "196.10.54.54", "196.10.55.55"]
+ },
:ntp => {
:servers => ["0.za.pool.ntp.org", "1.za.pool.ntp.org", "africa.pool.ntp.org"]
}
:connection_limit => "-"
}
]
- },
- :nameservers => ["2001:8e0:ffff:ac1::1", "8.8.8.8", "8.8.4.4"]
+ }
}
)
default_attributes(
:hosted_by => "Jump Networks",
- :location => "London, England",
- :networking => {
- :nameservers => [
- "185.73.44.3",
- "2001:ba8:0:2c02::",
- "2001:ba8:0:2c03::",
- "2001:ba8:0:2c04::"
- ]
- }
+ :location => "London, England"
)
override_attributes(
+ :networking => {
+ :nameservers => ["185.73.44.3", "2001:ba8:0:2c02::", "2001:ba8:0:2c03::", "2001:ba8:0:2c04::"]
+ },
:ntp => {
:servers => ["0.uk.pool.ntp.org", "1.uk.pool.ntp.org", "europe.pool.ntp.org"]
}
run_list(
"role[equinix]",
- "role[db-master]",
- "role[db-backup]"
+ "role[db-slave]"
)
default_attributes(
:hosted_by => "LyonIX",
:location => "Lyon, France",
- :networking => {
- :nameservers => ["77.95.64.205", "77.95.64.206", "8.8.8.8", "8.8.4.4"]
- },
:snmpd => {
:clients => ["77.95.64.0/21"],
:clients6 => ["2a03:9180::/32", "2001:7f8:47::/48"],
}
},
:hosted_by => "Lysator",
- :location => "Linköping, Sweden",
- :networking => {
- :nameservers => ["130.236.254.225", "2001:6b0:17:f0a0::e1", "130.236.254.4"]
- }
+ :location => "Linköping, Sweden"
)
override_attributes(
+ :networking => {
+ :nameservers => ["130.236.254.225", "2001:6b0:17:f0a0::e1", "130.236.254.4"]
+ },
:ntp => {
:servers => ["0.se.pool.ntp.org", "1.se.pool.ntp.org", "europe.pool.ntp.org"]
}
}
},
:dkim_selectors => {
- "openstreetmap.org" => "20200301"
+ "openstreetmap.org" => "20200301",
+ "osmfoundation.org" => "20201112"
},
:aliases => {
"abuse" => "root",
:connection_limit => "-"
}
]
- },
- :nameservers => ["130.117.11.11", "2a0b:cbc0:42::42"]
+ }
}
)
:hosted_by => "NCHC",
:location => "Hsinchu, Taiwan",
:networking => {
- :nameservers => ["140.110.16.1", "140.110.4.1"],
:wireguard => { :keepalive => 180 }
}
)
override_attributes(
+ :networking => {
+ :nameservers => ["140.110.16.1", "140.110.4.1"]
+ },
:ntp => {
:servers => ["0.tw.pool.ntp.org", "1.tw.pool.ntp.org", "asia.pool.ntp.org"]
}
default_attributes(
:hosted_by => "NetAlerts",
:location => "Montréal, Canada",
- :timezone => "America/Montreal",
- :networking => {
- :nameservers => [
- "209.172.41.202",
- "209.172.41.200"
- ]
- }
+ :timezone => "America/Montreal"
)
override_attributes(
+ :networking => {
+ :nameservers => ["209.172.41.202", "209.172.41.200"]
+ },
:ntp => {
:servers => ["0.ca.pool.ntp.org", "1.ca.pool.ntp.org", "north-america.pool.ntp.org"]
}
}
)
-override_attributes(
- :networking => {
- :nameservers => ["8.8.8.8", "8.8.4.4"]
- }
-)
-
run_list(
"role[equinix]",
"role[tyan-s7010]"
:location => "Corvallis, Oregon",
:timezone => "PST8PDT",
:networking => {
- :nameservers => ["8.8.8.8", "8.8.4.4"],
:roles => {
:external => {
:inet => {
default_attributes(
:hosted_by => "OVH",
- :location => "Roubaix, France",
- :networking => {
- :nameservers => [
- "213.186.33.99"
- ]
- }
+ :location => "Roubaix, France"
)
override_attributes(
+ :networking => {
+ :nameservers => ["213.186.33.99"]
+ },
:ntp => {
:servers => ["0.fr.pool.ntp.org", "1.fr.pool.ntp.org", "europe.pool.ntp.org"]
}
:location => "Pau, France",
:munin => {
:allow => ["10.64.1.11"]
- },
- :networking => {
- :nameservers => ["10.64.1.42", "194.167.156.13", "10.64.1.3"]
}
)
override_attributes(
+ :networking => {
+ :nameservers => ["10.64.1.42", "194.167.156.13", "10.64.1.3"]
+ },
:ntp => {
:servers => ["cannelle.paulla.asso.fr"]
}
--- /dev/null
+name "pl"
+description "Role applied to all servers located in Poland"
+
+override_attributes(
+ :country => "pl",
+ :timezone => "Europe/Warsaw"
+)
+
+run_list(
+ "role[base]"
+)
default_attributes(
:hosted_by => "prgmr.com",
:location => "San Francisco, California",
- :timezone => "PST8PDT",
- :networking => {
- :nameservers => ["8.8.8.8", "8.8.4.4"]
- }
+ :timezone => "PST8PDT"
)
override_attributes(
:bond => {
:interface => "bond0",
:bond => {
- :slaves => %w[em1 p5p1]
+ :slaves => %w[eno1 enp5s0f0]
}
},
:internal_ipv4 => {
}
},
:postgresql => {
- :versions => ["12"],
+ :versions => ["13"],
:settings => {
:defaults => {
:listen_addresses => "10.0.0.20",
:random_page_cost => "1.5",
:effective_cache_size => "60GB",
:effective_io_concurrency => "256",
- :fsync => "on"
+ :fsync => "off"
}
}
},
}
},
:nominatim => {
- :state => "standalone",
+ :state => "off",
:dbadmins => %w[lonvia tomh],
- :dbcluster => "12/main",
- :postgis => "2.5",
+ :dbcluster => "13/main",
+ :postgis => "3",
:enable_backup => true,
:flatnode_file => "/ssd/nominatim/nodes.store",
:tablespaces => {
:gateway => "10.5.0.1",
:public_address => "161.53.248.77"
}
- },
- :nameservers => [
- "10.5.0.7",
- "8.8.8.8"
- ]
+ }
},
:postgresql => {
:settings => {
default_attributes(
:hosted_by => "Scaleway",
- :location => "Paris, France",
- :networking => {
- :nameservers => [
- "62.210.16.6",
- "62.210.16.7"
- ]
- }
+ :location => "Paris, France"
)
override_attributes(
+ :networking => {
+ :nameservers => ["62.210.16.6", "62.210.16.7"]
+ },
:ntp => {
:servers => ["0.fr.pool.ntp.org", "1.fr.pool.ntp.org", "europe.pool.ntp.org"]
}
:gateway => "fe80::1"
}
},
- :nameservers => ["8.8.8.8", "8.8.4.4"],
+ :nameservers => ["1.1.1.1", "1.0.0.1", "2606:4700:4700::1111", "2606:4700:4700::1001"],
:private_address => "10.0.16.100"
}
)
+++ /dev/null
-name "simurgh"
-description "Master role applied to simurgh"
-
-default_attributes(
- :hardware => {
- :shm_size => "18g"
- },
- :networking => {
- :interfaces => {
- :external_ipv4 => {
- :interface => "ens32",
- :role => :external,
- :family => :inet,
- :address => "94.20.20.55",
- :prefix => "24",
- :gateway => "94.20.20.1"
- }
- },
- :wireguard => {
- :enabled => false
- }
- },
- :squid => {
- :version => 4,
- :cache_mem => "16384 MB",
- :cache_dir => [
- "rock /store/squid/rock-4096 20000 swap-timeout=200 slot-size=4096 max-size=3996",
- "rock /store/squid/rock-8192 25000 swap-timeout=200 slot-size=8192 min-size=3997 max-size=8092",
- "rock /store/squid/rock-16384 35000 swap-timeout=200 slot-size=16384 min-size=8093 max-size=16284",
- "rock /store/squid/rock-32768 45000 swap-timeout=200 slot-size=32768 min-size=16285 max-size=262144"
- ]
- },
- :nginx => {
- :cache => {
- :proxy => {
- :keys_zone => "proxy_cache_zone:64M",
- :max_size => "2048M"
- }
- }
- },
- :tilecache => {
- :tile_parent => "baku.render.openstreetmap.org"
- }
-)
-
-run_list(
- "role[delta]",
- "role[tilecache]"
-)
run_list(
"role[equinix]",
- "role[db-slave]"
+ "role[db-master]",
+ "role[db-backup]"
)
:family => :inet,
:address => "10.0.32.21",
:bond => {
- :slaves => %w[em1 em2]
+ :slaves => %w[enp3s0f0 enp3s0f1]
}
},
:external_ipv4 => {
:family => :inet,
:address => "10.0.32.22",
:bond => {
- :slaves => %w[em1 em2]
+ :slaves => %w[enp3s0f0 enp3s0f1]
}
},
:external_ipv4 => {
default_attributes(
:hosted_by => "Strato",
- :location => "Germany",
- :networking => {
- :nameservers => [
- "85.214.7.22",
- "81.169.163.106"
- ]
- }
+ :location => "Germany"
)
override_attributes(
+ :networking => {
+ :nameservers => ["85.214.7.22", "81.169.163.106"]
+ },
:ntp => {
:servers => ["0.de.pool.ntp.org", "1.de.pool.ntp.org", "europe.pool.ntp.org"]
}
default_attributes(
:hosted_by => "szerverem.hu",
- :location => "Budapest, Hungary",
- :networking => {
- :nameservers => [
- "8.8.8.8",
- "8.8.4.4"
- ]
- }
+ :location => "Budapest, Hungary"
)
override_attributes(
default_attributes(
:hosted_by => "Teleservice Skåne AB",
- :location => "Sjöbo, Sweden",
- :networking => {
- :nameservers => ["8.8.8.8", "8.8.4.4"]
- }
+ :location => "Sjöbo, Sweden"
)
override_attributes(
},
:hosted_by => "TeraSwitch Networks",
:location => "Pittsburgh, Pennsylvania",
- :timezone => "EST5EDT",
- :networking => {
- :nameservers => [
- "1.1.1.1",
- "8.8.8.8"
- ]
- }
+ :timezone => "EST5EDT"
)
override_attributes(
}
},
:hosted_by => "Tetaneutral.net",
- :location => "Toulouse, France",
- :networking => {
- :nameservers => [
- "8.8.8.8",
- "8.8.4.4"
- ]
- }
+ :location => "Toulouse, France"
)
override_attributes(
:family => :inet,
:address => "10.0.32.41",
:bond => {
- :slaves => %w[em1 em2]
+ :slaves => %w[enp3s0f0 enp3s0f1]
}
}
}
:family => :inet,
:address => "10.0.32.42",
:bond => {
- :slaves => %w[em1 em2]
+ :slaves => %w[enp3s0f0 enp3s0f1]
}
}
}
default_attributes(
:hosted_by => "Tuxis",
- :location => "Ede, Netherlands",
- :networking => {
- :nameservers => ["2a03:7900:2:0:31:3:104:61", "2a03:7900:2:0:31:3:104:62"]
- }
+ :location => "Ede, Netherlands"
)
override_attributes(
+ :networking => {
+ :nameservers => ["2a03:7900:2:0:31:3:104:61", "2a03:7900:2:0:31:3:104:62"]
+ },
:ntp => {
:servers => ["0.nl.pool.ntp.org", "1.nl.pool.ntp.org", "europe.pool.ntp.org"]
}
override_attributes(
:networking => {
- :nameservers => ["10.0.0.3", "8.8.8.8", "8.8.4.4"],
+ :nameservers => ["10.0.0.3", "1.1.1.1", "1.0.0.1"],
:search => ["ucl.openstreetmap.org", "openstreetmap.org"]
},
:ntp => {
}
},
:hosted_by => "Academic Computer Club, Umeå University",
- :location => "Umeå, Sweden",
- :networking => {
- :nameservers => ["130.239.18.251", "130.239.18.252", "130.239.1.90"]
- }
+ :location => "Umeå, Sweden"
)
override_attributes(
+ :networking => {
+ :nameservers => ["130.239.18.251", "130.239.18.252", "130.239.1.90"]
+ },
:ntp => {
:servers => ["0.se.pool.ntp.org", "1.se.pool.ntp.org", "europe.pool.ntp.org"]
}
}
},
:hosted_by => "University of Zaragoza",
- :location => "Zaragoza, Spain",
- :networking => {
- :nameservers => ["155.210.12.9", "155.210.3.12"]
- }
+ :location => "Zaragoza, Spain"
)
override_attributes(
default_attributes(
:hosted_by => "Ukrainian Telecommunication Group",
- :location => "Kiev, Ukraine",
- :networking => {
- :nameservers => ["8.8.8.8", "8.8.4.4"]
- }
+ :location => "Kiev, Ukraine"
)
override_attributes(
:prefix => "64",
:gateway => "2001:b68:4cff:3::1"
}
- },
- :nameservers => [
- "8.8.8.8",
- "8.8.4.4",
- "2001:4860:4860::8888",
- "2001:4860:4860::8844"
- ]
+ }
},
:squid => {
:version => 4,
default_attributes(
:hosted_by => "Vodafone",
- :location => "Prague, Czech Republic",
- :networking => {
- :nameservers => ["62.24.64.2", "2a02:8301:0:10::3", "2001:4860:4860::8888"]
- }
+ :location => "Prague, Czech Republic"
)
override_attributes(
+ :networking => {
+ :nameservers => ["62.24.64.2", "2a02:8301:0:10::3"]
+ },
:ntp => {
:servers => ["0.cz.pool.ntp.org", "1.cz.pool.ntp.org", "europe.pool.ntp.org"]
}
default_attributes(
:web => {
- :database_host => "karm.ams.openstreetmap.org"
+ :database_host => "snap-01.ams.openstreetmap.org"
}
)
:innodb_buffer_pool_size => "4G",
:key_buffer_size => "64M",
:max_connections => "200",
- :query_cache_size => "256M",
- :query_cache_type => "1",
:sort_buffer_size => "8M",
:tmp_table_size => "128M"
}
:location => "Moscow, Russia",
:timezone => "Europe/Moscow",
:networking => {
- :nameservers => ["8.8.8.8", "8.8.4.4"],
:wireguard => { :keepalive => 180 }
}
)
default_attributes(
:hosted_by => "University of West Bohemia",
- :location => "Pilsen, Czech Republic",
- :networking => {
- :nameservers => ["147.228.3.3", "147.228.52.11"]
- }
+ :location => "Pilsen, Czech Republic"
)
override_attributes(
+ :networking => {
+ :nameservers => ["147.228.3.3", "147.228.52.11"]
+ },
:ntp => {
:servers => ["0.cz.pool.ntp.org", "1.cz.pool.ntp.org", "europe.pool.ntp.org"]
}