Merge remote-tracking branch 'github/pull/349' into master

diff --git a/.github/workflows/test-kitchen.yml b/.github/workflows/test-kitchen.yml
index 32aa19ba0707d1b4549d55ad6c8ee061247788ad..0fcb574614cabd77c9ea1ef9c2b0b2963fb29dee 100644 (file)
--- a/.github/workflows/test-kitchen.yml
+++ b/.github/workflows/test-kitchen.yml
@@ -104,13 +104,9 @@ jobs:
         os:
           - ubuntu-2004
         include:
-          - suite: osqa
-            os: ubuntu-1804
           - suite: trac
             os: ubuntu-1804
         exclude:
-          - suite: osqa
-            os: ubuntu-2004
           - suite: trac
             os: ubuntu-2004
       fail-fast: false

diff --git a/Gemfile.lock b/Gemfile.lock
index bcf58962a9d03170e60c14af16c858bfe9a30a2c..dceed86bda1b442e34ff9efc52f05e120ef56ba4 100644 (file)
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -4,23 +4,23 @@ GEM
     ast (2.4.1)
     bcrypt_pbkdf (1.0.1)
     builder (3.2.4)
-    chef-utils (16.5.77)
-    cookstyle (6.19.11)
-      rubocop (= 0.92.0)
+    chef-utils (16.6.14)
+    cookstyle (7.2.1)
+      rubocop (= 1.3.1)
     diff-lcs (1.4.4)
     docker-api (2.0.0)
       excon (>= 0.47.0)
       multi_json
     ed25519 (1.2.4)
     erubi (1.9.0)
-    excon (0.76.0)
+    excon (0.78.0)
     ffi (1.13.1)
     gssapi (1.3.0)
       ffi (>= 1.0.1)
     gyoku (1.3.1)
       builder (>= 2.1.2)
     httpclient (2.8.3)
-    kitchen-dokken (2.11.0)
+    kitchen-dokken (2.11.1)
       docker-api (>= 1.33, < 3)
       lockfile (~> 2.1)
       test-kitchen (>= 1.15, < 3)
@@ -49,13 +49,13 @@ GEM
       net-ssh (>= 4.0.0)
     net-telnet (0.1.1)
     nori (2.6.0)
-    parallel (1.19.2)
-    parser (2.7.1.5)
+    parallel (1.20.0)
+    parser (2.7.2.0)
       ast (~> 2.4.1)
     pastel (0.8.0)
       tty-color (~> 0.5)
     rainbow (3.0.0)
-    regexp_parser (1.8.1)
+    regexp_parser (1.8.2)
     rexml (3.2.4)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
@@ -73,16 +73,16 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-support (3.9.3)
-    rubocop (0.92.0)
+    rubocop (1.3.1)
       parallel (~> 1.10)
       parser (>= 2.7.1.5)
       rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.7)
+      regexp_parser (>= 1.8)
       rexml
-      rubocop-ast (>= 0.5.0)
+      rubocop-ast (>= 1.1.1)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 2.0)
-    rubocop-ast (0.7.1)
+    rubocop-ast (1.1.1)
       parser (>= 2.7.1.5)
     ruby-progressbar (1.10.1)
     rubyntlm (0.6.2)
@@ -134,7 +134,7 @@ GEM
     tty-screen (0.8.1)
     unicode-display_width (1.7.0)
     unicode_utils (1.4.0)
-    winrm (2.3.4)
+    winrm (2.3.5)
       builder (>= 2.1.2)
       erubi (~> 1.8)
       gssapi (~> 1.2)

diff --git a/cookbooks/apt/templates/default/apt.conf.erb b/cookbooks/apt/templates/default/apt.conf.erb
index b0552bbc1907ebfcdacffde4f7ab9c3dedfe5925..730678e581cfe36b8e41213eaafe3f7fa1b2d59f 100644 (file)
--- a/cookbooks/apt/templates/default/apt.conf.erb
+++ b/cookbooks/apt/templates/default/apt.conf.erb
@@ -3,3 +3,7 @@
 // Do automatic removal of new unused dependencies after the upgrade
 // (equivalent to apt-get autoremove)
 Unattended-Upgrade::Remove-Unused-Dependencies "<%= node[:apt][:unattended_upgrades][:remove_unused_dependencies] ? 'true' : 'false' %>";
+
+// Don't install recommended packages as we don't want to get
+// new postgres versions automatically
+APT::Install-Recommends "false";

diff --git a/cookbooks/blog/recipes/default.rb b/cookbooks/blog/recipes/default.rb
index 2dd9e5f4d5707b2402189a4a647098f06008c53c..2f80e2b13f78aa2437c9ae905650971a4c540a0e 100644 (file)
--- a/cookbooks/blog/recipes/default.rb
+++ b/cookbooks/blog/recipes/default.rb
@@ -38,6 +38,7 @@ wordpress_site "blog.openstreetmap.org" do
   urls "/casts" => "/srv/blog.openstreetmap.org/casts",
        "/images" => "/srv/blog.openstreetmap.org/images",
        "/static" => "/srv/blog.openstreetmap.org/static"
+  fpm_prometheus_port 11401
 end
 
 wordpress_theme "blog.openstreetmap.org-osmblog-wp-theme" do

diff --git a/cookbooks/chef/attributes/default.rb b/cookbooks/chef/attributes/default.rb
index 9be9c17ccc7a0268ba826ac51a23823e79725d1f..d8ef595999581058af9630e5fdb526d4ae9464fa 100644 (file)
--- a/cookbooks/chef/attributes/default.rb
+++ b/cookbooks/chef/attributes/default.rb
@@ -5,4 +5,4 @@ default[:apt][:sources] = node[:apt][:sources] | ["opscode"]
 default[:chef][:server][:version] = "12.17.33"
 
 # Set the default client version
-default[:chef][:client][:version] = "16.5.64"
+default[:chef][:client][:version] = "16.6.14"

diff --git a/cookbooks/civicrm/attributes/default.rb b/cookbooks/civicrm/attributes/default.rb
index f27a0cd96ce222408e634f72394fe735f52beb03..d39879eb06bdfcb81ee2c8b01052122ab2039d57 100644 (file)
--- a/cookbooks/civicrm/attributes/default.rb
+++ b/cookbooks/civicrm/attributes/default.rb
@@ -1,8 +1,8 @@
-default[:civicrm][:version] = "5.28.2"
+default[:civicrm][:version] = "5.31.0"
 
 default[:civicrm][:extensions][:cividiscount][:name] = "org.civicrm.module.cividiscount"
 default[:civicrm][:extensions][:cividiscount][:repository] = "https://github.com/dlobo/org.civicrm.module.cividiscount.git"
-default[:civicrm][:extensions][:cividiscount][:revision] = "3.8.1"
+default[:civicrm][:extensions][:cividiscount][:revision] = "3.8.2"
 
 default[:civicrm][:extensions][:osm][:name] = "de.systopia.osm"
 default[:civicrm][:extensions][:osm][:repository] = "https://github.com/systopia/de.systopia.osm.git"
@@ -18,7 +18,7 @@ default[:civicrm][:extensions][:civiruleshttppost][:revision] = "e2c7de5f0fee319
 
 default[:civicrm][:extensions][:civirules][:name] = "org.civicoop.civirules"
 default[:civicrm][:extensions][:civirules][:repository] = "https://lab.civicrm.org/extensions/civirules.git"
-default[:civicrm][:extensions][:civirules][:revision] = "2.16"
+default[:civicrm][:extensions][:civirules][:revision] = "2.19"
 
 default[:civicrm][:extensions][:mailchimp][:name] = "uk.co.vedaconsulting.mailchimp"
 default[:civicrm][:extensions][:mailchimp][:repository] = "https://github.com/veda-consulting/uk.co.vedaconsulting.mailchimp.git"
@@ -31,3 +31,7 @@ default[:civicrm][:extensions][:username][:revision] = "master"
 default[:civicrm][:extensions][:donotsendreportemail][:name] = "org.civicrm.donotsendreportemail"
 default[:civicrm][:extensions][:donotsendreportemail][:repository] = "https://github.com/pradpnayak/org.civicrm.donotsendreportemail.git"
 default[:civicrm][:extensions][:donotsendreportemail][:revision] = "3b31c2e0c62183872c7ecd244395fb8dcfbd5dbb"
+
+default[:civicrm][:extensions][:shoreditch][:name] = "org.civicrm.shoreditch"
+default[:civicrm][:extensions][:shoreditch][:repository] = "https://github.com/civicrm/org.civicrm.shoreditch.git"
+default[:civicrm][:extensions][:shoreditch][:revision] = "1.0.0-beta.1"

diff --git a/cookbooks/civicrm/recipes/default.rb b/cookbooks/civicrm/recipes/default.rb
index 6943b0f3a32448968d0859771de4321a57e74ed1..a8881fc0d898773faf33a35af7216a4e5eab2ed5 100644 (file)
--- a/cookbooks/civicrm/recipes/default.rb
+++ b/cookbooks/civicrm/recipes/default.rb
@@ -26,6 +26,7 @@ package %w[
   rsync
   unzip
   wkhtmltopdf
+  php-bcmath
 ]
 
 cache_dir = Chef::Config[:file_cache_path]
@@ -48,6 +49,7 @@ wordpress_site "join.osmfoundation.org" do
   database_name "civicrm"
   database_user "civicrm"
   database_password database_password
+  fpm_prometheus_port 11301
 end
 
 wordpress_theme "osmblog-wp-theme" do
@@ -69,6 +71,10 @@ wordpress_plugin "contact-form-7" do
   site "join.osmfoundation.org"
 end
 
+wordpress_plugin "civicrm-admin-utilities" do
+  site "join.osmfoundation.org"
+end
+
 civicrm_version = node[:civicrm][:version]
 civicrm_directory = "/srv/join.osmfoundation.org/wp-content/plugins/civicrm"
 

diff --git a/cookbooks/db/recipes/base.rb b/cookbooks/db/recipes/base.rb
index 84aac376c7e4eec504fbd210911cea0ba0203831..7bdf7cb02fee31a18781ff9116c4a3bc53ec8f29 100644 (file)
--- a/cookbooks/db/recipes/base.rb
+++ b/cookbooks/db/recipes/base.rb
@@ -77,6 +77,58 @@ link "/usr/lib/postgresql/#{db_version}/lib/libpgosm.so" do
   group "root"
 end
 
+package %w[
+  cmake
+  libosmium2-dev
+  libprotozero-dev
+  libboost-filesystem-dev
+  libboost-program-options-dev
+  libbz2-dev
+  zlib1g-dev
+  libexpat1-dev
+  libyaml-cpp-dev
+  libpqxx-dev
+]
+
+git "/opt/osmdbt" do
+  action :sync
+  repository "https://github.com/openstreetmap/osmdbt.git"
+  revision "master"
+  depth 1
+  user "root"
+  group "root"
+end
+
+directory "/opt/osmdbt/build-#{db_version}" do
+  owner "root"
+  group "root"
+  mode "755"
+end
+
+execute "/opt/osmdbt/CMakeLists.txt" do
+  action :nothing
+  command "cmake -DPG_CONFIG=/usr/lib/postgresql/#{db_version}/bin/pg_config .."
+  cwd "/opt/osmdbt/build-#{db_version}"
+  user "root"
+  group "root"
+  subscribes :run, "git[/opt/osmdbt]"
+end
+
+execute "/opt/osmdbt/build-#{db_version}/postgresql-plugin/Makefile" do
+  action :nothing
+  command "make"
+  cwd "/opt/osmdbt/build-#{db_version}/postgresql-plugin"
+  user "root"
+  group "root"
+  subscribes :run, "execute[/opt/osmdbt/CMakeLists.txt]"
+end
+
+link "/usr/lib/postgresql/#{db_version}/lib/osm-logical.so" do
+  to "/opt/osmdbt/build-#{db_version}/postgresql-plugin/osm-logical.so"
+  owner "root"
+  group "root"
+end
+
 package "lzop"
 
 python_package "wal-e" do

diff --git a/cookbooks/db/recipes/master.rb b/cookbooks/db/recipes/master.rb
index 5e51ca030478d2c2552ad796ef605a5a394f2969..f6641fd18fe85ba677d12d571c14024ac9780ab2 100644 (file)
--- a/cookbooks/db/recipes/master.rb
+++ b/cookbooks/db/recipes/master.rb
@@ -49,6 +49,7 @@ end
 postgresql_user "planetdiff" do
   cluster node[:db][:cluster]
   password passwords["planetdiff"]
+  replication true
 end
 
 postgresql_user "backup" do

diff --git a/cookbooks/db/templates/default/wal-e.erb b/cookbooks/db/templates/default/wal-e.erb
index 93f3144983c575a5e405a2a4b89f75215d6a9cc2..b4c13bd1d9f83c941e4bb31b1dc7c5215aaa91df 100644 (file)
--- a/cookbooks/db/templates/default/wal-e.erb
+++ b/cookbooks/db/templates/default/wal-e.erb
@@ -7,4 +7,4 @@ export AWS_ACCESS_KEY_ID="AKIAIQX2LTDOBIW4CZUQ"
 export AWS_SECRET_ACCESS_KEY="<%= @s3_key %>"
 export AWS_REGION="eu-west-2"
 
-exec /usr/local/bin/wal-e "$@"
+exec /usr/local/bin/wal-e "$@" < /dev/null

diff --git a/cookbooks/dmca/recipes/default.rb b/cookbooks/dmca/recipes/default.rb
index 00a3d6c7d1a4b2faa0c0ab644b8a646dc7591fca..f7f9cfadbc59639090115c52c211dc4e8fea663d 100644 (file)
--- a/cookbooks/dmca/recipes/default.rb
+++ b/cookbooks/dmca/recipes/default.rb
@@ -47,6 +47,7 @@ end
 php_fpm "dmca.openstreetmap.org" do
   php_admin_values "open_basedir" => "/srv/dmca.openstreetmap.org/html/:/usr/share/php/:/tmp/",
                    "disable_functions" => "exec,shell_exec,system,passthru,popen,proc_open"
+  prometheus_port 11201
 end
 
 apache_site "dmca.openstreetmap.org" do

diff --git a/cookbooks/dns/recipes/default.rb b/cookbooks/dns/recipes/default.rb
index 06953068e97c86476abc45e242300e3c22c59282..601d50b8b03fcfa3299ad8064bb3ca0420af981e 100644 (file)
--- a/cookbooks/dns/recipes/default.rb
+++ b/cookbooks/dns/recipes/default.rb
@@ -41,7 +41,7 @@ package %w[
 
 remote_file "/usr/local/bin/dnscontrol" do
   action :create
-  source "https://github.com/StackExchange/dnscontrol/releases/download/v3.3.0/dnscontrol-Linux"
+  source "https://github.com/StackExchange/dnscontrol/releases/download/v3.4.2/dnscontrol-Linux"
   owner "root"
   group "root"
   mode "755"

diff --git a/cookbooks/donate/recipes/default.rb b/cookbooks/donate/recipes/default.rb
index daa31fe4c0581cdba6ea18fa750dd5700d175ab9..7389db3cf7297af4a8f78a7c320d2712b7fc8646 100644 (file)
--- a/cookbooks/donate/recipes/default.rb
+++ b/cookbooks/donate/recipes/default.rb
@@ -83,6 +83,7 @@ end
 php_fpm "donate.openstreetmap.org" do
   php_admin_values "open_basedir" => "/srv/donate.openstreetmap.org/:/usr/share/php/:/tmp/",
                    "disable_functions" => "exec,shell_exec,system,passthru,popen,proc_open"
+  prometheus_port 11101
 end
 
 apache_site "donate.openstreetmap.org" do

diff --git a/cookbooks/exim/metadata.rb b/cookbooks/exim/metadata.rb
index 962e483c3fa9d324ba938311e0c6fa747ebcc881..cd9da2c453c5459e25d63507affc55ab69014b12 100644 (file)
--- a/cookbooks/exim/metadata.rb
+++ b/cookbooks/exim/metadata.rb
@@ -10,4 +10,5 @@ depends           "accounts"
 depends           "apache"
 depends           "munin"
 depends           "networking"
+depends           "prometheus"
 depends           "ssl"

diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb
index 994e9454b5caa1d5e093dc4c176927698daef855..f1c9ddf22bb2269e7806531f299eab238027756a 100644 (file)
--- a/cookbooks/exim/recipes/default.rb
+++ b/cookbooks/exim/recipes/default.rb
@@ -19,6 +19,7 @@
 
 include_recipe "munin"
 include_recipe "networking"
+include_recipe "prometheus"
 
 package %w[
   exim4
@@ -210,6 +211,10 @@ end
 munin_plugin "exim_mailqueue"
 munin_plugin "exim_mailstats"
 
+prometheus_exporter "exim" do
+  port 9636
+end
+
 if node[:exim][:smarthost_name]
   node[:exim][:daemon_smtp_ports].each do |port|
     firewall_rule "accept-inbound-smtp-#{port}" do

diff --git a/cookbooks/foundation/recipes/board.rb b/cookbooks/foundation/recipes/board.rb
index dae3ca476a219a9e5ce664152d5c4b6f14604f81..84d6b24b18b24fb53e38d0eee8809aa7f9a4e1cc 100644 (file)
--- a/cookbooks/foundation/recipes/board.rb
+++ b/cookbooks/foundation/recipes/board.rb
@@ -25,6 +25,7 @@ mediawiki_site "board.osmfoundation.org" do
   sitename "OSMF Board Wiki"
   metanamespace "OSMFBoard"
   directory "/srv/board.osmfoundation.org"
+  fpm_prometheus_port 11004
   database_name "board-wiki"
   database_user "board-wikiuser"
   database_password passwords["board"]["database"]
@@ -36,6 +37,7 @@ mediawiki_site "board.osmfoundation.org" do
   private_site true
   recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N"
   recaptcha_private_key passwords["board"]["recaptcha"]
+  version "1.34"
 end
 
 cookbook_file "/srv/board.osmfoundation.org/Wiki.png" do

diff --git a/cookbooks/foundation/recipes/dwg.rb b/cookbooks/foundation/recipes/dwg.rb
index 5624cbb6af41069fe1fd3658b2c2080d8961c865..2eff0db56596f9e4cf9f371f1f13c493046c9f77 100644 (file)
--- a/cookbooks/foundation/recipes/dwg.rb
+++ b/cookbooks/foundation/recipes/dwg.rb
@@ -25,6 +25,7 @@ mediawiki_site "dwg.osmfoundation.org" do
   sitename "OSMF Data Working Group Wiki"
   metanamespace "OSMFDWG"
   directory "/srv/dwg.osmfoundation.org"
+  fpm_prometheus_port 11002
   database_name "dwg-wiki"
   database_user "dwg-wikiuser"
   database_password passwords["dwg"]["database"]
@@ -36,6 +37,7 @@ mediawiki_site "dwg.osmfoundation.org" do
   private_site true
   recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N"
   recaptcha_private_key passwords["dwg"]["recaptcha"]
+  version "1.34"
 end
 
 cookbook_file "/srv/dwg.osmfoundation.org/Wiki.png" do

diff --git a/cookbooks/foundation/recipes/mwg.rb b/cookbooks/foundation/recipes/mwg.rb
index 9fa47457e4fd2fbaf2970dd3fc1edcccfb989a12..60bb76fd9a5ef0d8842b74bb7328af5e9abe6df6 100644 (file)
--- a/cookbooks/foundation/recipes/mwg.rb
+++ b/cookbooks/foundation/recipes/mwg.rb
@@ -25,6 +25,7 @@ mediawiki_site "mwg.osmfoundation.org" do
   sitename "OSMF Membership Working Group Wiki"
   metanamespace "OSMFMWG"
   directory "/srv/mwg.osmfoundation.org"
+  fpm_prometheus_port 11003
   database_name "mwg_wiki"
   database_user "mwg_wikiuser"
   database_password passwords["mwg"]["database"]
@@ -36,6 +37,7 @@ mediawiki_site "mwg.osmfoundation.org" do
   private_site true
   recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N"
   recaptcha_private_key passwords["mwg"]["recaptcha"]
+  version "1.34"
 end
 
 cookbook_file "/srv/mwg.osmfoundation.org/Wiki.png" do

diff --git a/cookbooks/foundation/recipes/wiki.rb b/cookbooks/foundation/recipes/wiki.rb
index 8fbbaf8c7499c8e13dd9ab2adaad5fbae2c0f86f..e635b536a971c78c6f8316f77661e219cb348168 100644 (file)
--- a/cookbooks/foundation/recipes/wiki.rb
+++ b/cookbooks/foundation/recipes/wiki.rb
@@ -26,6 +26,11 @@ mediawiki_site "wiki.osmfoundation.org" do
            "foundation.openstreetmap.org", "foundation.osm.org"]
   sitename "OpenStreetMap Foundation"
   directory "/srv/wiki.osmfoundation.org"
+  fpm_max_children 20
+  fpm_start_servers 5
+  fpm_min_spare_servers 5
+  fpm_max_spare_servers 10
+  fpm_prometheus_port 11001
   database_name "osmf-wiki"
   database_user "osmf-wikiuser"
   database_password passwords["wiki"]["database"]
@@ -39,6 +44,7 @@ mediawiki_site "wiki.osmfoundation.org" do
   recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N"
   recaptcha_private_key passwords["wiki"]["recaptcha"]
   extra_file_extensions ["mp3"]
+  version "1.34"
 end
 
 mediawiki_skin "osmf" do

diff --git a/cookbooks/hardware/recipes/default.rb b/cookbooks/hardware/recipes/default.rb
index 711fa45712420f6a8d0302671f3d32dcc5acfbda..188042514f4ba0fbc368699f2d4cc8e10cffb702 100644 (file)
--- a/cookbooks/hardware/recipes/default.rb
+++ b/cookbooks/hardware/recipes/default.rb
@@ -51,7 +51,7 @@ end
 
 units = []
 
-if node[:roles].include?("bytemark") || node[:roles].include?("exonetric")
+if node[:roles].include?("bytemark") || node[:roles].include?("exonetric") || node[:roles].include?("prgmr")
   units << "0"
 end
 
@@ -174,7 +174,14 @@ service "haveged" do
   action [:enable, :start]
 end
 
-package "ipmitool" if node[:kernel][:modules].include?("ipmi_si")
+if node[:kernel][:modules].include?("ipmi_si")
+  package "ipmitool"
+  package "freeipmi-tools"
+
+  prometheus_exporter "ipmi" do
+    port 9290
+  end
+end
 
 package "irqbalance"
 
@@ -342,23 +349,24 @@ intel_nvmes = nvmes.select { |pci| pci[:vendor_name] == "Intel Corporation" }
 if !intel_ssds.empty? || !intel_nvmes.empty?
   package "unzip"
 
-  intel_ssd_tool_version = "3.0.25"
+  intel_ssd_tool_version = "3.0.26"
+  intel_ssd_package_version = "#{intel_ssd_tool_version}.400-1"
 
   remote_file "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux.zip" do
-    source "https://downloadmirror.intel.com/29556/eng/Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux.zip"
+    source "https://downloadmirror.intel.com/29720/eng/Intel_SSD_DCT_#{intel_ssd_tool_version}_Linux.zip"
   end
 
   execute "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux.zip" do
-    command "unzip Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux.zip Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux/isdct_#{intel_ssd_tool_version}-1_amd64.deb"
+    command "unzip Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux.zip isdct_#{intel_ssd_package_version}_amd64.deb"
     cwd Chef::Config[:file_cache_path]
     user "root"
     group "root"
-    not_if { ::File.exist?("#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux/isdct_#{intel_ssd_tool_version}-1_amd64.deb") }
+    not_if { ::File.exist?("#{Chef::Config[:file_cache_path]}/isdct_#{intel_ssd_package_version}_amd64.deb") }
   end
 
   dpkg_package "isdct" do
-    version "#{intel_ssd_tool_version}-1"
-    source "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_#{intel_ssd_tool_version}_Linux/isdct_#{intel_ssd_tool_version}-1_amd64.deb"
+    version "#{intel_ssd_package_version}"
+    source "#{Chef::Config[:file_cache_path]}/isdct_#{intel_ssd_package_version}_amd64.deb"
   end
 end
 
@@ -380,6 +388,13 @@ disks = disks.map do |disk|
       elsif smart =~ %r{^.*,(\d+)/(\d+)$}
         munin = "#{device}-#{Regexp.last_match(1)}:#{Regexp.last_match(2)}"
       end
+    elsif disk[:device]
+      device = disk[:device].sub("/dev/", "")
+      smart = disk[:smart_device]
+
+      if smart =~ /^.*,(\d+),(\d+),(\d+)$/
+        munin = "#{device}-#{Regexp.last_match(1)}:#{Regexp.last_match(2)}:#{Regexp.last_match(3)}"
+      end
     end
   elsif disk[:device] =~ %r{^/dev/(nvme\d+)n\d+$}
     device = Regexp.last_match(1)
@@ -439,6 +454,18 @@ if disks.count.positive?
     subscribes :restart, "template[/etc/default/smartmontools]"
   end
 
+  template "/etc/prometheus/collectors/smart.devices" do
+    source "smart.devices.erb"
+    owner "root"
+    group "root"
+    mode "644"
+    variables :disks => disks
+  end
+
+  prometheus_collector "smart" do
+    interval "15m"
+  end
+
   # Don't try and do munin monitoring of disks behind
   # an Areca controller as they only allow one thing to
   # talk to the controller at a time and smartd will
@@ -452,18 +479,6 @@ if disks.count.positive?
       conf_variables :disk => disk
     end
   end
-
-  template "/etc/prometheus/collectors/smart.devices" do
-    source "smart.devices.erb"
-    owner "root"
-    group "root"
-    mode "644"
-    variables :disks => disks
-  end
-
-  prometheus_collector "smart" do
-    interval "15m"
-  end
 else
   service "smartd" do
     action [:stop, :disable]

diff --git a/cookbooks/hardware/templates/default/ohai.rb.erb b/cookbooks/hardware/templates/default/ohai.rb.erb
index 82194acf29769c5cbd7405c81c4d8107505e5898..c3308eb8cda835dee2faa652409126fc1ed4fd23 100644 (file)
--- a/cookbooks/hardware/templates/default/ohai.rb.erb
+++ b/cookbooks/hardware/templates/default/ohai.rb.erb
@@ -287,7 +287,7 @@ Ohai.plugin(:Hardware) do
     disk = nil
 
     IO.popen(%w(ssacli controller all show config detail)).each do |line|
-      if line =~ /^Smart Array (\S+) /
+      if line =~ /^Smart (?:Array|HBA) (\S+) /
         controller = {
           :id => devices[:controllers].count,
           :model => Regexp.last_match(1),
@@ -303,6 +303,7 @@ Ohai.plugin(:Hardware) do
         disk = nil
       elsif controller && line =~ /^   (\S.*):\s+(.*)$/
         case Regexp.last_match(1)
+        when "Slot" then controller[:slot] = Regexp.last_match(2)
         when "Serial Number" then controller[:serial_number] = Regexp.last_match(2)
         when "Hardware Revision" then controller[:hardware_version] = Regexp.last_match(2)
         when "Firmware Version" then controller[:firmware_version] = Regexp.last_match(2)
@@ -320,15 +321,12 @@ Ohai.plugin(:Hardware) do
         controller[:arrays] << array[:id]
 
         disk = nil
-      elsif controller && line =~ /^      physicaldrive (\S+) /
-        disks << Regexp.last_match(1)
       elsif array && line =~ /^      physicaldrive (\S+)$/
         disk = {
           :id => devices[:disks].count,
           :controller => controller[:id],
           :arrays => [array[:id]],
-          :location => Regexp.last_match(1),
-          :smart_device => "cciss,#{disks.find_index(Regexp.last_match(1))}"
+          :location => Regexp.last_match(1)
         }
 
         devices[:disks] << disk
@@ -355,6 +353,14 @@ Ohai.plugin(:Hardware) do
     end
 
     controllers.each do |controller|
+      slot = controller[:slot]
+
+      IO.popen(%W(ssacli controller slot=#{slot} pd all show status)).each do |line|
+        if line =~ /^   physicaldrive (\S+) /
+          disks << Regexp.last_match(1)
+        end
+      end
+
       if device = Dir.glob("/sys/bus/pci/devices/#{controller[:pci_slot]}/cciss*").first
         controller[:device] = File.basename(device).sub(/^cciss(\d+)$/, "/dev/cciss/c\\1d0")
       elsif device = Dir.glob("/sys/bus/pci/devices/#{controller[:pci_slot]}/host*/target*:3:0/*:3:0:0/scsi_generic/sg*").first
@@ -363,6 +369,10 @@ Ohai.plugin(:Hardware) do
         controller[:device] = "/dev/#{File.basename(device)}"
       end
     end
+
+    devices[:disks].each do |disk|
+     disk[:smart_device] = "cciss,#{disks.find_index(disk[:location])}"
+    end
   end
 
   def find_megaraid_disks(devices)
@@ -766,10 +776,11 @@ Ohai.plugin(:Hardware) do
         array[:disks].map! do |location|
           disk = disks.find { |disk| disk[:location] == location }
 
+          controller_number = controller[:number] - 1
           device_number = disk[:device_number]
-          device = Dir.glob("#{host}/device/target*:1:#{device_number}/*:1:#{device_number}:0/scsi_generic/*").first
 
           disk[:device] = "/dev/#{File.basename(device)}"
+          disk[:smart_device] = "aacraid,#{controller_number},0,#{device_number}"
 
           disk[:arrays] << array[:id]
           disk[:id]

diff --git a/cookbooks/letsencrypt/files/default/bin/renew b/cookbooks/letsencrypt/files/default/bin/renew
index 6a04821852ed1f195cb509dcc6440e9ca1bc11ed..2b7e6b4a8278c77eaa9ddb7bef35141a90853e24 100755 (executable)
--- a/cookbooks/letsencrypt/files/default/bin/renew
+++ b/cookbooks/letsencrypt/files/default/bin/renew
@@ -4,6 +4,7 @@ cd /srv/acme.openstreetmap.org
 
 /usr/bin/certbot renew \
     --quiet \
+    --preferred-chain "DST Root CA X3" \
     --config-dir /srv/acme.openstreetmap.org/config \
     --work-dir /srv/acme.openstreetmap.org/work \
     --logs-dir /srv/acme.openstreetmap.org/logs \

diff --git a/cookbooks/letsencrypt/recipes/default.rb b/cookbooks/letsencrypt/recipes/default.rb
index 3590fc94d106b7f2160687c5068d52dffad62f98..c41732cf64bf28db7815c6a16b1cee68703aa325 100644 (file)
--- a/cookbooks/letsencrypt/recipes/default.rb
+++ b/cookbooks/letsencrypt/recipes/default.rb
@@ -190,3 +190,10 @@ cron_d "letencrypt-check" do
   command "/srv/acme.openstreetmap.org/bin/check-certificates"
   mailto "admins@openstreetmap.org"
 end
+
+template "/etc/logrotate.d/letsencrypt" do
+  source "logrotate.erb"
+  owner "root"
+  group "root"
+  mode "644"
+end

diff --git a/cookbooks/letsencrypt/templates/default/logrotate.erb b/cookbooks/letsencrypt/templates/default/logrotate.erb
new file mode 100644 (file)
index 0000000..57fe6d6
--- /dev/null
+++ b/cookbooks/letsencrypt/templates/default/logrotate.erb
@@ -0,0 +1,6 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+/srv/acme.openstreetmap.org/logs/*.log {
+    missingok
+    compress
+}

diff --git a/cookbooks/letsencrypt/templates/default/request.erb b/cookbooks/letsencrypt/templates/default/request.erb
index eaefa5bbe1bf08ef1816aed5440ba453ababd882..365b315a7cfe52cd926c4a3030dd7324d86207e6 100644 (file)
--- a/cookbooks/letsencrypt/templates/default/request.erb
+++ b/cookbooks/letsencrypt/templates/default/request.erb
@@ -4,6 +4,7 @@
 
 /usr/bin/certbot certonly \
     --non-interactive \
+    --preferred-chain "DST Root CA X3" \
     --config-dir /srv/acme.openstreetmap.org/config \
     --work-dir /srv/acme.openstreetmap.org/work \
     --logs-dir /srv/acme.openstreetmap.org/logs \

diff --git a/cookbooks/mediawiki/recipes/default.rb b/cookbooks/mediawiki/recipes/default.rb
index 642d6be5e5b624529cb4353fb026e653f6d24ef1..e3f45231f99c77da3b5b8111c48102de5d6be229 100644 (file)
--- a/cookbooks/mediawiki/recipes/default.rb
+++ b/cookbooks/mediawiki/recipes/default.rb
@@ -66,7 +66,7 @@ package %w[
 ]
 
 # Mediawiki packages for SyntaxHighight support
-package "python-pygments"
+package "python3-pygments"
 
 file "/etc/mediawiki/parsoid/settings.js" do
   action :delete

diff --git a/cookbooks/mediawiki/resources/extension.rb b/cookbooks/mediawiki/resources/extension.rb
index 8e7fbaa4be4e68a6103552e172970ef582ac655b..9f477a53f695a66c8423f1c6d563f2263d3c1d43 100644 (file)
--- a/cookbooks/mediawiki/resources/extension.rb
+++ b/cookbooks/mediawiki/resources/extension.rb
@@ -89,6 +89,7 @@ action :create do
     cwd mediawiki_directory
     user node[:mediawiki][:user]
     group node[:mediawiki][:group]
+    environment "COMPOSER_HOME" => site_directory
     only_if { ::File.exist?("#{extension_directory}/composer.json") }
     subscribes :run, "git[#{extension_directory}]"
   end

diff --git a/cookbooks/mediawiki/resources/site.rb b/cookbooks/mediawiki/resources/site.rb
index 797b59409602f2ee0d0beab8cf5d884ef51fcfbf..2fc1ed115f37d1836df85b41d43a0496908f496f 100644 (file)
--- a/cookbooks/mediawiki/resources/site.rb
+++ b/cookbooks/mediawiki/resources/site.rb
@@ -22,7 +22,7 @@ default_action :create
 property :site, :kind_of => String, :name_property => true
 property :aliases, :kind_of => [String, Array]
 property :directory, :kind_of => String
-property :version, :kind_of => String, :default => "1.33"
+property :version, :kind_of => String, :default => "1.35"
 property :database_name, :kind_of => String, :required => true
 property :database_user, :kind_of => String, :required => [:create, :update]
 property :database_password, :kind_of => String, :required => [:create, :update]
@@ -44,7 +44,11 @@ property :recaptcha_public_key, :kind_of => String
 property :recaptcha_private_key, :kind_of => String
 property :extra_file_extensions, :kind_of => [String, Array], :default => []
 property :fpm_max_children, :kind_of => Integer, :default => 5
+property :fpm_start_servers, :kind_of => Integer, :default => 2
+property :fpm_min_spare_servers, :kind_of => Integer, :default => 1
+property :fpm_max_spare_servers, :kind_of => Integer, :default => 3
 property :fpm_request_terminate_timeout, :kind_of => Integer, :default => 300
+property :fpm_prometheus_port, :kind_of => Integer
 property :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true
 
 action :create do
@@ -109,7 +113,7 @@ action :create do
 
   git mediawiki_directory do
     action :sync
-    repository "https://gerrit.wikimedia.org/r/p/mediawiki/core.git"
+    repository "https://gerrit.wikimedia.org/r/mediawiki/core.git"
     revision mediawiki_reference
     depth 1
     user node[:mediawiki][:user]
@@ -125,6 +129,7 @@ action :create do
     cwd mediawiki_directory
     user node[:mediawiki][:user]
     group node[:mediawiki][:group]
+    environment "COMPOSER_HOME" => site_directory
   end
 
   template "#{mediawiki_directory}/composer.local.json" do
@@ -520,12 +525,16 @@ action :create do
 
   php_fpm new_resource.site do
     pm_max_children new_resource.fpm_max_children
+    pm_start_servers new_resource.fpm_start_servers
+    pm_min_spare_servers new_resource.fpm_min_spare_servers
+    pm_max_spare_servers new_resource.fpm_max_spare_servers
     request_terminate_timeout new_resource.fpm_request_terminate_timeout
     php_admin_values "open_basedir" => "#{site_directory}/:/usr/share/php/:/dev/null:/tmp/"
     php_values "memory_limit" => "500M",
                "max_execution_time" => "240",
                "upload_max_filesize" => "70M",
                "post_max_size" => "100M"
+    prometheus_port new_resource.fpm_prometheus_port
   end
 
   apache_site new_resource.site do

diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb
index 8c5224a4ace969a0c2a6aa41b19439788c65f698..3182f8d587840c42391fec91afebe1f2d14cada9 100644 (file)
--- a/cookbooks/mediawiki/templates/default/apache.erb
+++ b/cookbooks/mediawiki/templates/default/apache.erb
@@ -32,6 +32,8 @@
 
   DocumentRoot <%= @directory %>
 
+  ProxyTimeout 300
+
   RewriteCond %{SERVER_NAME} !=<%= @name %>
   RewriteRule ^/(.*)$ https://<%= @name %>/$1 [R=permanent]
 

diff --git a/cookbooks/mediawiki/templates/default/mw-ext-CirrusSearch.inc.php.erb b/cookbooks/mediawiki/templates/default/mw-ext-CirrusSearch.inc.php.erb
index 12fe10e5bab7e334ce38e209a1ee0501bdd6c89c..ddb87f166eb3d755f92d597498c95ee347204b6a 100644 (file)
--- a/cookbooks/mediawiki/templates/default/mw-ext-CirrusSearch.inc.php.erb
+++ b/cookbooks/mediawiki/templates/default/mw-ext-CirrusSearch.inc.php.erb
@@ -1,5 +1,5 @@
 <?php
 # DO NOT EDIT - This file is being maintained by Chef
-require_once($IP .'/extensions/CirrusSearch/CirrusSearch.php');
+wfLoadExtension( 'CirrusSearch' );
 $wgDisableSearchUpdate = false;
 $wgSearchType = 'CirrusSearch';

diff --git a/cookbooks/mysql/libraries/mysql.rb b/cookbooks/mysql/libraries/mysql.rb
index a40161be0bbfe52a6b572921c59106f41b4f0e98..ec9743c946b964574cf8f8754c45435c7eed7b20 100644 (file)
--- a/cookbooks/mysql/libraries/mysql.rb
+++ b/cookbooks/mysql/libraries/mysql.rb
@@ -133,6 +133,12 @@ module OpenStreetMap
       case privilege
       when :grant
         "GRANT OPTION"
+      when :show_db
+        "SHOW DATABASES"
+      when :repl_slave
+        "REPLICATION SLAVE"
+      when :repl_client
+        "REPLICATION CLIENT"
       when :create_tmp_table
         "CREATE TEMPORARY TABLES"
       else

diff --git a/cookbooks/mysql/metadata.rb b/cookbooks/mysql/metadata.rb
index 6dd2041bb304b602595ec0c3b00cacefebd82a76..4f94d6099054ac24e890392ace88f89cdb53229f 100644 (file)
--- a/cookbooks/mysql/metadata.rb
+++ b/cookbooks/mysql/metadata.rb
@@ -6,4 +6,6 @@ description       "Installs and configures mysql"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "chef"
 depends           "munin"
+depends           "prometheus"

diff --git a/cookbooks/mysql/recipes/default.rb b/cookbooks/mysql/recipes/default.rb
index 99c086519a2ae8f3d031f73a724b1b25f1092a3a..d0d7b1679230c2448f0d7278c9207913923cf7ea 100644 (file)
--- a/cookbooks/mysql/recipes/default.rb
+++ b/cookbooks/mysql/recipes/default.rb
@@ -18,6 +18,7 @@
 #
 
 include_recipe "munin"
+include_recipe "prometheus"
 
 package "mysql-server"
 package "mysql-client"
@@ -59,3 +60,16 @@ end
     action :delete
   end
 end
+
+mysql_password = persistent_token("mysql", "prometheus", "password")
+
+mysql_user "prometheus" do
+  password mysql_password
+  process true
+  repl_client true
+end
+
+prometheus_exporter "mysqld" do
+  port 9104
+  environment "DATA_SOURCE_NAME" => "prometheus:#{mysql_password}@(localhost:3306)/"
+end

diff --git a/cookbooks/networking/attributes/default.rb b/cookbooks/networking/attributes/default.rb
index 23cd15eb0652a2470f35168cb174bff402640ae4..8d369de4b55e2533188ebb6d0020b62618a85e29 100644 (file)
--- a/cookbooks/networking/attributes/default.rb
+++ b/cookbooks/networking/attributes/default.rb
@@ -9,7 +9,7 @@ default[:networking][:firewall][:raw] = true
 default[:networking][:firewall][:mangle] = true
 default[:networking][:roles] = {}
 default[:networking][:interfaces] = {}
-default[:networking][:nameservers] = []
+default[:networking][:nameservers] = %w[1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001]
 default[:networking][:search] = []
 default[:networking][:dnssec] = "allow-downgrade"
 default[:networking][:hostname] = node.name

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index eba2208f5cf4f631ccd59fd13eada9b9ca9f55fb..8eed59556e415b854d03e7dcc8d3d77079e1d6cb 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -428,7 +428,6 @@ template "/etc/shorewall/policy" do
 end
 
 template "/etc/shorewall/rules" do
-  action :nothing
   source "shorewall-rules.erb"
   owner "root"
   group "root"
@@ -437,11 +436,6 @@ template "/etc/shorewall/rules" do
   notifies :restart, "service[shorewall]"
 end
 
-notify_group "shorewall-rules" do
-  action :run
-  notifies :create, "template[/etc/shorewall/rules]"
-end
-
 if node[:networking][:firewall][:enabled]
   service "shorewall" do
     action [:enable, :start]
@@ -571,7 +565,6 @@ unless node.interfaces(:family => :inet6).empty?
   end
 
   template "/etc/shorewall6/rules" do
-    action :nothing
     source "shorewall-rules.erb"
     owner "root"
     group "root"
@@ -580,11 +573,6 @@ unless node.interfaces(:family => :inet6).empty?
     notifies :restart, "service[shorewall6]"
   end
 
-  notify_group "shorewall6-rules" do
-    action :run
-    notifies :create, "template[/etc/shorewall6/rules]"
-  end
-
   if node[:networking][:firewall][:enabled]
     service "shorewall6" do
       action [:enable, :start]

diff --git a/cookbooks/networking/resources/firewall_rule.rb b/cookbooks/networking/resources/firewall_rule.rb
index 7cac9f86e4c94ffccdc7a05b42fae8103acfb93e..e92681ec7601fc08364a6e3fd66f96459f47aed8 100644 (file)
--- a/cookbooks/networking/resources/firewall_rule.rb
+++ b/cookbooks/networking/resources/firewall_rule.rb
@@ -33,6 +33,8 @@ property :rate_limit, :kind_of => String, :default => "-"
 property :connection_limit, :kind_of => [String, Integer], :default => "-"
 property :helper, :kind_of => String, :default => "-"
 
+property :compile_time, TrueClass, :default => true
+
 action :accept do
   add_rule :accept
 end

diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb
index fd7f495734f6d5ba9960f2baa6d994e7b9adb791..285d795f1c1212c5b885e7e5ba4eb6e2b66a079a 100644 (file)
--- a/cookbooks/nominatim/recipes/default.rb
+++ b/cookbooks/nominatim/recipes/default.rb
@@ -102,7 +102,7 @@ directory "#{basedir}/tablespaces" do
   mode "700"
 end
 
-# Note: tablespaces must be exactly in the same location on each
+# NOTE: tablespaces must be exactly in the same location on each
 #       Nominatim instance when replication is in use. Therefore
 #       use symlinks to canonical directory locations.
 node[:nominatim][:tablespaces].each do |name, location|
@@ -412,11 +412,13 @@ nginx_site "default" do
   action [:delete]
 end
 
+frontends = search(:node, "recipes:web\\:\\:frontend").sort_by(&:name)
+
 nginx_site "nominatim" do
   template "nginx.erb"
   directory build_directory
   variables :pools => node[:nominatim][:fpm_pools],
-            :frontends => search(:node, "recipes:web\\:\\:frontend"),
+            :frontends => frontends,
             :confdir => "#{basedir}/etc",
             :ui_directory => ui_directory
 end
@@ -454,9 +456,12 @@ end
 
 include_recipe "fail2ban"
 
+frontend_addresses = frontends.collect { |f| f.ipaddresses(:role => :external) }
+
 fail2ban_jail "nominatim_limit_req" do
   filter "nginx-limit-req"
   logpath "#{node[:nominatim][:logdir]}/nominatim.openstreetmap.org-error.log"
   ports [80, 443]
   maxretry 5
+  ignoreips frontend_addresses.flatten.sort
 end

diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index d56d99c8a13b52fdae1fadfb8542fe34ed80da4a..88bd3c90993e2962fb7107325444d933222b115d 100644 (file)
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -49,7 +49,7 @@ map $http_referer $missing_referer {
 geo $whitelisted {
     default 0;
 <% @frontends.each do |frontend| -%>
-<% frontend.ipaddresses(:role => :external) do |address| -%>
+<% frontend.ipaddresses(:role => :external).sort.each do |address| -%>
     <%= address %> 1;
 <% end -%>
 <% end -%>
@@ -86,9 +86,22 @@ map $blocked_user_agent $limit_tarpit {
     2 $binary_remote_addr;
 }
 
+map $missing_email$missing_referer$http_user_agent $generic_mozilla {
+    default 0;
+    ~^11Mozilla/4.0 1;
+    ~^11Mozilla/5.0 2;
+}
+
+map $whitelisted$generic_mozilla$uri $limit_reverse {
+    default "";
+    ~01/reverse.*  $binary_remote_addr;
+    ~02/reverse.*  $binary_remote_addr;
+}
+
 limit_req_zone $limit_www zone=www:50m rate=2r/s;
 limit_req_zone $limit_tarpit zone=tarpit:10m rate=1r/s;
 limit_req_zone $binary_remote_addr zone=blocked:10m rate=20r/m;
+limit_req_zone $limit_reverse zone=reverse:10m rate=10r/m;
 
 server {
     listen 80 default_server;
@@ -166,6 +179,7 @@ server {
 
         limit_req zone=www burst=10;
         limit_req zone=tarpit burst=2;
+        limit_req zone=reverse burst=5;
         limit_req_status 429;
         fastcgi_pass nominatim_service;
         include fastcgi_params;
@@ -188,6 +202,7 @@ server {
 
         limit_req zone=www burst=10;
         limit_req zone=tarpit burst=2;
+        limit_req zone=reverse burst=5;
         limit_req_status 429;
         fastcgi_pass    nominatim_service;
         include         fastcgi_params;

diff --git a/cookbooks/nominatim/templates/default/settings.erb b/cookbooks/nominatim/templates/default/settings.erb
index 1a60ef30fb83c5cce67110c6f3207364959646f7..3d042dfc190b1acf540c57f390486df591e133e5 100644 (file)
--- a/cookbooks/nominatim/templates/default/settings.erb
+++ b/cookbooks/nominatim/templates/default/settings.erb
@@ -3,6 +3,7 @@
 
 @define('CONST_Database_DSN', 'pgsql:dbname=<%= @dbname %>');
 @define('CONST_Website_BaseURL', 'https://<%= @base_url %>/');
+@define('CONST_MapIcon_URL', 'https://<%= @base_url %>/ui/mapicons/');
 
 <% if @flatnode_file -%>
 @define('CONST_Osm2pgsql_Flatnode_File', '<%= @flatnode_file %>');

diff --git a/cookbooks/osqa/recipes/default.rb b/cookbooks/osqa/recipes/default.rb
index c56a2a9b6e05caa50f8aa136c556f3be94ba3f6a..3a229531f3d1408d79eca5fb295854a31b459ed4 100644 (file)
--- a/cookbooks/osqa/recipes/default.rb
+++ b/cookbooks/osqa/recipes/default.rb
@@ -29,18 +29,15 @@ package "libpq-dev"
 
 python_directory = "/opt/osqa-python"
 
-python_virtualenv python_directory
+python_virtualenv python_directory do
+  interpreter "/usr/bin/python2"
+end
 
 python_package "Django" do
   python_virtualenv python_directory
   version "1.6.11"
 end
 
-python_package "html5lib" do
-  python_virtualenv python_directory
-  version "0.999"
-end
-
 python_package "Markdown" do
   python_virtualenv python_directory
   version "2.4"
@@ -56,11 +53,6 @@ python_package "python-openid" do
   version "2.2.5"
 end
 
-python_package "MySQL-python" do
-  python_virtualenv python_directory
-  version "1.2.3"
-end
-
 python_package "psycopg2" do
   python_virtualenv python_directory
   version "2.7.6.1"
@@ -71,6 +63,11 @@ python_package "South" do
   version "0.7.6"
 end
 
+python_package "html5lib" do
+  python_virtualenv python_directory
+  version "0.999"
+end
+
 apache_module "rewrite"
 apache_module "wsgi"
 

diff --git a/cookbooks/php/metadata.rb b/cookbooks/php/metadata.rb
index cd084e851588add96eb00b9134784e957e47e734..db4cfc27a6f0f3eb50f6397810b784be1c88f40c 100644 (file)
--- a/cookbooks/php/metadata.rb
+++ b/cookbooks/php/metadata.rb
@@ -7,3 +7,4 @@ description       "Installs and configures PHP"
 version           "1.0.0"
 supports          "ubuntu"
 depends           "apache"
+depends           "prometheus"

diff --git a/cookbooks/php/recipes/fpm.rb b/cookbooks/php/recipes/fpm.rb
index ecda9640cefb750fd0ae9f1c93beb18adbf6c21a..4fbbc881a5945857acf40155a641e18da3ab2611 100644 (file)
--- a/cookbooks/php/recipes/fpm.rb
+++ b/cookbooks/php/recipes/fpm.rb
@@ -18,6 +18,7 @@
 #
 
 include_recipe "php"
+include_recipe "prometheus"
 
 package "php-fpm"
 
@@ -32,3 +33,4 @@ end
 service "php#{node[:php][:version]}-fpm" do
   action [:enable, :start]
 end
+

diff --git a/cookbooks/php/resources/fpm.rb b/cookbooks/php/resources/fpm.rb
index d70efe53c44476ec2edfdfd491283a2d0e1aa22c..c461cf679c065b189df7ccb7ae330e7651e1e94f 100644 (file)
--- a/cookbooks/php/resources/fpm.rb
+++ b/cookbooks/php/resources/fpm.rb
@@ -36,6 +36,7 @@ property :php_admin_values, :kind_of => Hash, :default => {}
 property :php_flags, :kind_of => Hash, :default => {}
 property :php_admin_flags, :kind_of => Hash, :default => {}
 property :reload_fpm, :kind_of => [TrueClass, FalseClass], :default => true
+property :prometheus_port, :kind_of => Integer
 
 action :create do
   template conf_file do
@@ -46,12 +47,31 @@ action :create do
     mode "644"
     variables new_resource.to_hash
   end
+
+  if new_resource.prometheus_port
+    prometheus_exporter "phpfpm" do
+      port new_resource.prometheus_port
+      service service_name
+      command "server"
+      options "--phpfpm.scrape-uri=#{scrape_uri}"
+    end
+  else
+    prometheus_exporter "phpfpm" do
+      action :delete
+      service service_name
+    end
+  end
 end
 
 action :delete do
   file conf_file do
     action :delete
   end
+
+  prometheus_exporter "phpfpm" do
+    action :delete
+    service service_name
+  end
 end
 
 action_class do
@@ -62,6 +82,18 @@ action_class do
   def conf_file
     "/etc/php/#{php_version}/fpm/pool.d/#{new_resource.pool}.conf"
   end
+
+  def service_name
+    "phpfpm-#{new_resource.pool}"
+  end
+
+  def scrape_uri
+    if new_resource.port
+      "tcp://127.0.0.1:#{new_resource.port}/status"
+    else
+      "unix:///run/php/#{new_resource.pool}.sock;/status"
+    end
+  end
 end
 
 def after_created

diff --git a/cookbooks/php/templates/default/pool.conf.erb b/cookbooks/php/templates/default/pool.conf.erb
index ad6894c9a75d4e37bb2095b6dca726c66a373579..1877b7bef246615ba3116d79f10b947bed854c2f 100644 (file)
--- a/cookbooks/php/templates/default/pool.conf.erb
+++ b/cookbooks/php/templates/default/pool.conf.erb
@@ -19,6 +19,7 @@ pm.start_servers = <%= @pm_start_servers %>
 pm.min_spare_servers = <%= @pm_min_spare_servers %>
 pm.max_spare_servers = <%= @pm_max_spare_servers %>
 pm.max_requests = <%= @pm_max_requests %>
+pm.status_path = /status
 
 request_terminate_timeout = <%= @request_terminate_timeout %>
 

diff --git a/cookbooks/planet/files/default/cgi/HEADER.cgi b/cookbooks/planet/files/default/cgi/HEADER.cgi
index 30bf73307d457378a16c4c0aba437f1875422cd0..81dc70230607f3985c4be76b3a57da2d9e355ec2 100644 (file)
--- a/cookbooks/planet/files/default/cgi/HEADER.cgi
+++ b/cookbooks/planet/files/default/cgi/HEADER.cgi
@@ -113,9 +113,8 @@ database, and those published before the 12 September 2012 are distributed under
         is a tool for importing the data into a Postgis database for rendering maps.
         </p>
         <p>
-        <a href="https://wiki.openstreetmap.org/wiki/Coastline_error_checker">Processed coastline data</a>
-        derived from OSM data is also needed for rendering usable maps, and can be found in a
-        <a href="historical-shapefiles/processed_p.tar.bz2">single shapefile</a> (360MB).
+        <a href="https://osmdata.openstreetmap.de/">Processed coastline data</a>
+        derived from OSM data is also needed for rendering usable maps.
         </p>
     </td>
     <td>

diff --git a/cookbooks/planet/recipes/current.rb b/cookbooks/planet/recipes/current.rb
index c7a4a8f50d1cb807191d03b47cd9829252c84646..fefcaaad7d48433d310175ba1ab7464d1f8a5726 100644 (file)
--- a/cookbooks/planet/recipes/current.rb
+++ b/cookbooks/planet/recipes/current.rb
@@ -43,9 +43,9 @@ directory "/var/lib/planet" do
   mode "755"
 end
 
-remote_file "/var/lib/planet/planet.pbf" do
+remote_file "/var/lib/planet/planet.osh.pbf" do
   action :create_if_missing
-  source "https://planet.openstreetmap.org/pbf/planet-latest.osm.pbf"
+  source "https://planet.openstreetmap.org/pbf/full-history/history-latest.osm.pbf"
   owner "planet"
   group "planet"
   mode "644"

diff --git a/cookbooks/planet/recipes/dump.rb b/cookbooks/planet/recipes/dump.rb
index dcefd4552fc31395d950d79eec4d31245f2ad545..409d100b1eb8189a1f96fcf9632e08be91f30bfe 100644 (file)
--- a/cookbooks/planet/recipes/dump.rb
+++ b/cookbooks/planet/recipes/dump.rb
@@ -47,6 +47,7 @@ package %w[
   pbzip2
   php-cli
   php-curl
+  mktorrent
 ]
 
 directory "/opt/planet-dump-ng" do
@@ -58,7 +59,7 @@ end
 git "/opt/planet-dump-ng" do
   action :sync
   repository "https://github.com/zerebubuth/planet-dump-ng.git"
-  revision "v1.1.8"
+  revision "v1.2.0"
   depth 1
   user "root"
   group "root"

diff --git a/cookbooks/planet/recipes/replication.rb b/cookbooks/planet/recipes/replication.rb
index 76b0148678df5d66a21366f158c24a4e263b72ca..2a3e65cb2127dc5389ce3d78fee85168b389cd1b 100644 (file)
--- a/cookbooks/planet/recipes/replication.rb
+++ b/cookbooks/planet/recipes/replication.rb
@@ -17,20 +17,23 @@
 # limitations under the License.
 #
 
+require "yaml"
+
 include_recipe "accounts"
 include_recipe "osmosis"
 
 db_passwords = data_bag_item("db", "passwords")
 
-package "postgresql-client"
-
-package "ruby"
-package "ruby-dev"
-package "ruby-libxml"
-
-package "make"
-package "gcc"
-package "libpq-dev"
+package %w[
+  postgresql-client
+  ruby
+  ruby-dev
+  ruby-libxml
+  make
+  gcc
+  libpq-dev
+  osmdbt
+]
 
 gem_package "pg"
 
@@ -63,6 +66,13 @@ remote_directory "/usr/local/bin" do
   files_mode "755"
 end
 
+template "/usr/local/bin/replicate-minute" do
+  source "replicate-minute.erb"
+  owner "root"
+  group "root"
+  mode "755"
+end
+
 template "/usr/local/bin/users-agreed" do
   source "users-agreed.erb"
   owner "root"
@@ -121,6 +131,37 @@ directory "/store/planet/replication/minute" do
   mode "755"
 end
 
+directory "/store/planet/replication/test" do
+  owner "planet"
+  group "planet"
+  mode "755"
+end
+
+directory "/store/planet/replication/test/minute" do
+  owner "planet"
+  group "planet"
+  mode "755"
+end
+
+directory "/store/replication" do
+  owner "planet"
+  group "planet"
+  mode "755"
+end
+
+directory "/store/replication/minute" do
+  owner "planet"
+  group "planet"
+  mode "755"
+end
+
+systemd_tmpfile "/run/replication" do
+  type "d"
+  owner "planet"
+  group "planet"
+  mode "755"
+end
+
 directory "/etc/replication" do
   owner "root"
   group "root"
@@ -141,6 +182,47 @@ template "/etc/replication/auth.conf" do
   variables :password => db_passwords["planetdiff"]
 end
 
+osmdbt_config = {
+  "database" => {
+    "host" => node[:web][:database_host],
+    "dbname" => "openstreetmap",
+    "user" => "planetdiff",
+    "password" => db_passwords["planetdiff"],
+    "replication_slot" => "osmdbt"
+  },
+  "log_dir" => "/var/lib/replication/minute",
+  "changes_dir" => "/store/planet/replication/test/minute",
+  "tmp_dir" => "/store/replication/minute",
+  "run_dir" => "/run/replication"
+}
+
+file "/etc/replication/osmdbt-config.yaml" do
+  user "root"
+  group "planet"
+  mode "640"
+  content YAML.dump(osmdbt_config)
+end
+
+systemd_service "replication-minutely" do
+  description "Minutely replication"
+  user "planet"
+  working_directory "/etc/replication"
+  exec_start "/usr/local/bin/replicate-minute"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  restrict_address_families %w[AF_INET AF_INET6]
+  no_new_privileges true
+end
+
+systemd_timer "replication-minutely" do
+  description "Minutely replication"
+  on_boot_sec 60
+  on_unit_active_sec 60
+  accuracy_sec 5
+end
+
 template "/etc/replication/changesets.conf" do
   source "changesets.conf.erb"
   user "root"
@@ -163,6 +245,12 @@ directory "/var/lib/replication" do
   mode "755"
 end
 
+directory "/var/lib/replication/minute" do
+  owner "planet"
+  group "planet"
+  mode "755"
+end
+
 directory "/var/lib/replication/hour" do
   owner "planet"
   group "planet"
@@ -222,6 +310,10 @@ if node[:planet][:replication] == "enabled"
     mailto "zerebubuth@gmail.com"
   end
 
+  service "replication-minutely.timer" do
+    action [:enable, :start]
+  end
+
   cron_d "replication-minutely" do
     user "planet"
     command "/usr/local/bin/osmosis -q --replicate-apidb authFile=/etc/replication/auth.conf validateSchemaVersion=false --write-replication workingDirectory=/store/planet/replication/minute"
@@ -257,6 +349,10 @@ else
     action :delete
   end
 
+  service "replication-minutely.timer" do
+    action [:stop, :disable]
+  end
+
   cron_d "replication-minutely" do
     action :delete
   end
@@ -269,38 +365,3 @@ else
     action :delete
   end
 end
-
-# directory "/var/lib/replication/streaming" do
-#   owner "planet"
-#   group "planet"
-#   mode 0o755
-# end
-#
-# directory "/var/log/replication" do
-#   owner "planet"
-#   group "planet"
-#   mode 0o755
-# end
-#
-# ["streaming-replicator", "streaming-server"].each do |name|
-#   template "/etc/init.d/#{name}" do
-#     source "streaming.init.erb"
-#     owner "root"
-#     group "root"
-#     mode 0o755
-#     variables :service => name
-#   end
-#
-#   if node[:planet][:replication] == "enabled"
-#     service name do
-#       action [:enable, :start]
-#       supports :restart => true, :status => true
-#       subscribes :restart, "template[/etc/init.d/#{name}]"
-#     end
-#   else
-#     service name do
-#       action [:disable, :stop]
-#       supports :restart => true, :status => true
-#     end
-#   end
-# end

diff --git a/cookbooks/planet/templates/default/planet-update-file.erb b/cookbooks/planet/templates/default/planet-update-file.erb
index 36786e23248fc360c9de3c7add158ad42f1b97d5..4b067e6401cf26bd505a381c7f33e89768e61498 100644 (file)
--- a/cookbooks/planet/templates/default/planet-update-file.erb
+++ b/cookbooks/planet/templates/default/planet-update-file.erb
@@ -4,11 +4,13 @@
 
 # setup
 
+SUFFIX="osh.pbf"
+
 PLANETDIR="/var/lib/planet"
-PLANETPREV="${PLANETDIR}/planet-previous.pbf"
-PLANETCURR="${PLANETDIR}/planet.pbf"
-PLANETNEW="${PLANETDIR}/planet-new.pbf"
-PLANETTMP="${PLANETDIR}/planet-tmp.pbf"
+PLANETPREV="${PLANETDIR}/planet-previous.${SUFFIX}"
+PLANETCURR="${PLANETDIR}/planet.${SUFFIX}"
+PLANETNEW="${PLANETDIR}/planet-new.${SUFFIX}"
+PLANETTMP="${PLANETDIR}/planet-tmp.${SUFFIX}"
 
 pyosmium-up-to-date -v -o "$PLANETNEW" "$PLANETCURR"
 retval=$?

diff --git a/cookbooks/planet/templates/default/planetdump.erb b/cookbooks/planet/templates/default/planetdump.erb
index 22214b8ac321f0b764910948d150ef56129f848a..ae6302382040f782704ba364f99dca154d1163cf 100644 (file)
--- a/cookbooks/planet/templates/default/planetdump.erb
+++ b/cookbooks/planet/templates/default/planetdump.erb
@@ -74,6 +74,33 @@ time nice -n 19 /opt/planet-dump-ng/planet-dump-ng \
      -x "planet-${date}.osm.bz2" -X "history-${date}.osm.bz2" \
      -p "planet-${date}.osm.pbf" -P "history-${date}.osm.pbf"
 
+# Function to create bittorrent files
+function mk_torrent {
+  type="$1"
+  format="$2"
+  web_dir="$3"
+  name="${type}-${date}.osm.${format}"
+  web_path="${web_dir}/${name}"
+
+  mktorrent -l 22 ${name} \
+     -a udp://tracker.opentrackr.org:1337 \
+     -a udp://tracker.datacenterlight.ch:6969/announce,http://tracker.datacenterlight.ch:6969/announce \
+     -a udp://tracker.torrent.eu.org:451 \
+     -a udp://tracker-udp.gbitt.info:80/announce,http://tracker.gbitt.info/announce,https://tracker.gbitt.info/announce \
+     -a http://retracker.local/announce \
+     -w https://planet.openstreetmap.org/${web_path} \
+     -w https://ftp5.gwdg.de/pub/misc/openstreetmap/planet.openstreetmap.org/${web_path} \
+     -w https://ftpmirror.your.org/pub/openstreetmap/${web_path} \
+     -w https://mirror.init7.net/openstreetmap/${web_path} \
+     -w https://free.nchc.org.tw/osm.planet/${web_path} \
+     -w https://ftp.fau.de/osm-planet/${web_path} \
+     -w https://ftp.spline.de/pub/openstreetmap/${web_path} \
+     -w https://osm.openarchive.site/${name} \
+     -w https://downloads.opencagedata.com/planet/${name} \
+     -c "OpenStreetMap ${type} data export, licensed under https://opendatacommons.org/licenses/odbl/ by OpenStreetMap contributors" \
+     -o ${name}.torrent
+}
+
 # Function to install a dump in place
 function install_dump {
   type="$1"
@@ -85,12 +112,21 @@ function install_dump {
 
   md5sum "${name}" > "${name}.md5"
   mkdir -p "${dir}/${year}"
+  test -f "${name}.torrent" && mv "${name}.torrent" "${dir}/${year}"
   mv "${name}" "${name}.md5" "${dir}/${year}"
   ln -sf "${year:-.}/${name}" "${dir}/${latest}"
   rm -f "${dir}/${latest}.md5"
   sed -e "s/${name}/${latest}/" "${dir}/${year}/${name}.md5" > "${dir}/${latest}.md5"
 }
 
+# Create *.torrent files
+mk_torrent "changesets" "bz2" "planet/${year}"
+mk_torrent "discussions" "bz2" "planet/${year}"
+mk_torrent "planet" "bz2" "planet/${year}"
+mk_torrent "history" "bz2" "planet/full-history/${year}"
+mk_torrent "planet" "pbf" "pbf"
+mk_torrent "history" "pbf" "pbf/full-history"
+
 # Move dumps into place
 install_dump "changesets" "bz2" "<%= node[:planet][:dump][:xml_directory] %>" "${year}"
 install_dump "discussions" "bz2" "<%= node[:planet][:dump][:xml_directory] %>" "${year}"
@@ -100,4 +136,12 @@ install_dump "planet" "pbf" "<%= node[:planet][:dump][:pbf_directory] %>"
 install_dump "history" "pbf" "<%= node[:planet][:dump][:pbf_history_directory] %>"
 
 # Remove pbf dumps older than 90 days
-find "<%= node[:planet][:dump][:pbf_directory] %>" "<%= node[:planet][:dump][:pbf_history_directory] %>" -maxdepth 1 -mindepth 1 -type f -mtime +90 \( -iname 'planet-*.pbf' -o -iname 'history-*.pbf' -o -iname 'planet-*.pbf.md5' -o -iname 'history-*.pbf.md5' \) -delete
+find "<%= node[:planet][:dump][:pbf_directory] %>" "<%= node[:planet][:dump][:pbf_history_directory] %>" \
+     -maxdepth 1 -mindepth 1 -type f -mtime +90 \
+     \( \
+     -iname 'planet-*.pbf' \
+     -o -iname 'history-*.pbf' \
+     -o -iname 'planet-*.pbf.md5' \
+     -o -iname 'history-*.pbf.md5' \
+     \) \
+     -delete

diff --git a/cookbooks/planet/templates/default/replicate-minute.erb b/cookbooks/planet/templates/default/replicate-minute.erb
new file mode 100644 (file)
index 0000000..a4a07e2
--- /dev/null
+++ b/cookbooks/planet/templates/default/replicate-minute.erb
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+set -e
+
+cd /etc/replication
+
+osmdbt-catchup --quiet
+osmdbt-get-log --quiet
+osmdbt-catchup --quiet
+osmdbt-create-diff --quiet --max-changes=50000

diff --git a/cookbooks/planet/templates/default/streaming.init.erb b/cookbooks/planet/templates/default/streaming.init.erb
deleted file mode 100644 (file)
index 85ed3ef..0000000
--- a/cookbooks/planet/templates/default/streaming.init.erb
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-
-# DO NOT EDIT - This file is being maintained by Chef
-
-start() {
-  start-stop-daemon --start --chuid planet --background --make-pidfile --pidfile /var/run/<%= @service %>.pid --exec /usr/local/bin/<%= @service %>
-}
-
-stop() {
-  start-stop-daemon --stop --retry 300 --pidfile /var/run/<%= @service %>.pid
-}
-
-status() {
-  start-stop-daemon --status --pidfile /var/run/<%= @service %>.pid
-}
-
-case "$1" in
-  start)
-    start
-    ;;
-  stop)
-    stop
-    ;;
-  restart)
-    stop || exit $?
-    start
-    ;;
-  status)
-    status
-    ;;
-esac

diff --git a/cookbooks/postgresql/attributes/default.rb b/cookbooks/postgresql/attributes/default.rb
index 21beec74eb1e1b4a63a7bae1e9c7cf91a6435a79..2d9fc10797f1a9e1e5c23dd1ebc27a60379a52cb 100644 (file)
--- a/cookbooks/postgresql/attributes/default.rb
+++ b/cookbooks/postgresql/attributes/default.rb
@@ -21,6 +21,7 @@ default[:postgresql][:settings][:defaults][:min_wal_size] = "80MB"
 default[:postgresql][:settings][:defaults][:checkpoint_completion_target] = "0.5"
 default[:postgresql][:settings][:defaults][:archive_mode] = "off"
 default[:postgresql][:settings][:defaults][:max_wal_senders] = "0"
+default[:postgresql][:settings][:defaults][:max_replication_slots] = "0"
 default[:postgresql][:settings][:defaults][:hot_standby] = "off"
 default[:postgresql][:settings][:defaults][:hot_standby_feedback] = "off"
 default[:postgresql][:settings][:defaults][:random_page_cost] = "4.0"

diff --git a/cookbooks/postgresql/templates/default/postgresql.conf.erb b/cookbooks/postgresql/templates/default/postgresql.conf.erb
index 6022ea6c5801ae2a57efa69522e6435fa31ea2f3..3c84ec994081343b1085d421228ce726e4bf5ae2 100644 (file)
--- a/cookbooks/postgresql/templates/default/postgresql.conf.erb
+++ b/cookbooks/postgresql/templates/default/postgresql.conf.erb
@@ -86,6 +86,7 @@ archive_command = '<%= @settings[:archive_command] || @defaults[:archive_command
 # - Sending Server(s) -
 
 max_wal_senders = <%= @settings[:max_wal_senders] || @defaults[:max_wal_senders] %>
+max_replication_slots = <%= @settings[:max_replication_slots] || @defaults[:max_replication_slots] %>
 
 # - Standby Servers -
 

diff --git a/cookbooks/prometheus/recipes/default.rb b/cookbooks/prometheus/recipes/default.rb
index 82ac2ba3aead47b33712850f14fb804c3abe2a35..4011e05bde465cc3c9426a70ab6289b468996ea2 100644 (file)
--- a/cookbooks/prometheus/recipes/default.rb
+++ b/cookbooks/prometheus/recipes/default.rb
@@ -20,6 +20,8 @@
 include_recipe "git"
 include_recipe "networking"
 
+package "ruby"
+
 if node.internal_ipaddress
   node.default[:prometheus][:mode] = "internal"
   node.default[:prometheus][:address] = node.internal_ipaddress
@@ -87,5 +89,12 @@ end
 
 prometheus_exporter "node" do
   port 9100
-  options "--collector.ntp --collector.processes --collector.interrupts --collector.tcpstat --collector.textfile.directory=/var/lib/prometheus/node-exporter"
+  options %w[
+    --collector.textfile.directory=/var/lib/prometheus/node-exporter
+    --collector.interrupts
+    --collector.ntp
+    --collector.processes
+    --collector.systemd
+    --collector.tcpstat
+  ]
 end

diff --git a/cookbooks/prometheus/recipes/server.rb b/cookbooks/prometheus/recipes/server.rb
index e10e9e4ceef1eb18ecf08c61f3009dfeda0e4a85..f3ff4d9ca636be1e597cca271a62f87bb35d3d0a 100644 (file)
--- a/cookbooks/prometheus/recipes/server.rb
+++ b/cookbooks/prometheus/recipes/server.rb
@@ -22,6 +22,14 @@ include_recipe "apt"
 include_recipe "networking"
 
 passwords = data_bag_item("prometheus", "passwords")
+tokens = data_bag_item("prometheus", "tokens")
+
+prometheus_exporter "fastly" do
+  port 8080
+  listen_switch "endpoint"
+  listen_type "url"
+  environment "FASTLY_API_TOKEN" => tokens["fastly"]
+end
 
 package "prometheus"
 
@@ -36,7 +44,15 @@ search(:node, "recipes:prometheus\\:\\:default").sort_by(&:name).each do |client
     }
   end
 
-  client[:prometheus][:exporters].each do |name, address|
+  client[:prometheus][:exporters].each do |key, exporter|
+    if exporter.is_a?(Hash)
+      name = exporter[:name]
+      address = exporter[:address]
+    else
+      name = key
+      address = exporter
+    end
+
     jobs[name] ||= []
     jobs[name] << { :address => address, :name => client.name }
   end

diff --git a/cookbooks/prometheus/resources/exporter.rb b/cookbooks/prometheus/resources/exporter.rb
index 22e364f9f42cd1522c5110603b7ea7171edd2336..69cb80e142497d82f926615a9f154653cd2b2b6a 100644 (file)
--- a/cookbooks/prometheus/resources/exporter.rb
+++ b/cookbooks/prometheus/resources/exporter.rb
@@ -22,9 +22,12 @@ default_action :create
 property :exporter, :kind_of => String, :name_property => true
 property :port, :kind_of => Integer, :required => [:create]
 property :listen_switch, :kind_of => String, :default => "web.listen-address"
+property :listen_type, :kind_of => String, :default => "address"
 property :user, :kind_of => String, :default => "root"
+property :command, :kind_of => String
 property :options, :kind_of => [String, Array]
 property :environment, :kind_of => Hash, :default => {}
+property :service, :kind_of => String
 
 action :create do
   systemd_service service_name do
@@ -32,7 +35,7 @@ action :create do
     type "simple"
     user new_resource.user
     environment new_resource.environment
-    exec_start "#{executable_path} #{executable_options}"
+    exec_start "#{executable_path} #{new_resource.command} #{executable_options}"
     private_tmp true
     protect_system "strict"
     protect_home true
@@ -53,7 +56,9 @@ action :create do
     only_if { node[:prometheus][:mode] == "external" }
   end
 
-  node.default[:prometheus][:exporters][new_resource.exporter] = listen_address
+  node.default[:prometheus][:exporters][new_resource.port] = {
+    :name => new_resource.exporter, :address => listen_address
+  }
 end
 
 action :delete do
@@ -74,7 +79,11 @@ end
 
 action_class do
   def service_name
-    "prometheus-#{new_resource.exporter}-exporter"
+    if new_resource.service
+      "prometheus-#{new_resource.service}-exporter"
+    else
+      "prometheus-#{new_resource.exporter}-exporter"
+    end
   end
 
   def executable_path
@@ -82,7 +91,14 @@ action_class do
   end
 
   def executable_options
-    "--#{new_resource.listen_switch}=#{listen_address} #{Array(new_resource.options).join(' ')}"
+    "--#{new_resource.listen_switch}=#{listen_argument} #{Array(new_resource.options).join(' ')}"
+  end
+
+  def listen_argument
+    case new_resource.listen_type
+    when "address" then listen_address
+    when "url" then "http://#{listen_address}/metrics"
+    end
   end
 
   def listen_address

diff --git a/cookbooks/python/resources/virtualenv.rb b/cookbooks/python/resources/virtualenv.rb
index cb372f4c3bb1c1730027d4ae8eed2a1dece99e23..6f07fd895bf69116a18f393e6895be8880bcfa29 100644 (file)
--- a/cookbooks/python/resources/virtualenv.rb
+++ b/cookbooks/python/resources/virtualenv.rb
@@ -20,10 +20,11 @@
 default_action :create
 
 property :virtualenv_directory, :kind_of => String, :name_property => true
+property :interpreter, :kind_of => String, :default => "/usr/bin/python"
 
 action :create do
   execute "virtualenv-#{new_resource.virtualenv_directory}" do
-    command "virtualenv #{new_resource.virtualenv_directory}"
+    command "virtualenv --python=#{new_resource.interpreter} #{new_resource.virtualenv_directory}"
     not_if { ::File.exist?(new_resource.virtualenv_directory) }
   end
 end

diff --git a/cookbooks/ssl/files/default/letsencrypt.pem b/cookbooks/ssl/files/default/letsencrypt.pem
deleted file mode 100644 (file)
index 0002462..0000000
--- a/cookbooks/ssl/files/default/letsencrypt.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
-DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
-SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
-GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
-q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
-SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
-Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
-a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
-/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
-AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
-CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
-bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
-c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
-VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
-ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
-MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
-Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
-AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
-uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
-wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
-X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
-PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
-KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
------END CERTIFICATE-----

diff --git a/cookbooks/ssl/recipes/default.rb b/cookbooks/ssl/recipes/default.rb
index c540b929842c03bd30c4d442148bd4e60e84de55..17bb6339ecf4bf2e4aa5324a6c5c518ee85598da 100644 (file)
--- a/cookbooks/ssl/recipes/default.rb
+++ b/cookbooks/ssl/recipes/default.rb
@@ -20,13 +20,6 @@
 package "openssl"
 package "ssl-cert"
 
-cookbook_file "/etc/ssl/certs/letsencrypt.pem" do
-  owner "root"
-  group "root"
-  mode "444"
-  backup false
-end
-
 cookbook_file "/etc/ssl/certs/dhparam.pem" do
   owner "root"
   group "root"

diff --git a/cookbooks/ssl/resources/certificate.rb b/cookbooks/ssl/resources/certificate.rb
index 116c2bd4da0266a940bb02cd0b4f16dc375b0e5b..5fc33b61be6e8a992b048967fbc86f6c85755ae2 100644 (file)
--- a/cookbooks/ssl/resources/certificate.rb
+++ b/cookbooks/ssl/resources/certificate.rb
@@ -24,7 +24,7 @@ property :domains, [String, Array], :required => [:create]
 
 action :create do
   node.default[:letsencrypt][:certificates][new_resource.certificate] = {
-    :domains => Array(new_resource.domains)
+    :domains => domains
   }
 
   if letsencrypt
@@ -53,7 +53,7 @@ action :create do
       force_unlink true
     end
   else
-    alt_names = new_resource.domains.collect { |domain| "DNS:#{domain}" }
+    alt_names = domains.collect { |domain| "DNS:#{domain}" }
 
     openssl_x509_certificate "/etc/ssl/certs/#{new_resource.certificate}.pem" do
       key_file "/etc/ssl/private/#{new_resource.certificate}.key"
@@ -62,7 +62,7 @@ action :create do
       mode "640"
       org "OpenStreetMap"
       email "operations@osmfoundation.org"
-      common_name new_resource.domains.first
+      common_name domains.first
       subject_alt_name alt_names
       extensions "keyUsage" => { "values" => %w[digitalSignature keyEncipherment], "critical" => true },
                  "extendedKeyUsage" => { "values" => %w[serverAuth clientAuth], "critical" => true }
@@ -84,4 +84,8 @@ action_class do
   def letsencrypt
     @letsencrypt ||= search(:letsencrypt, "id:#{new_resource.certificate}").first
   end
+
+  def domains
+    Array(new_resource.domains)
+  end
 end

diff --git a/cookbooks/stateofthemap/recipes/default.rb b/cookbooks/stateofthemap/recipes/default.rb
index d0bdee0d5a282c081251cac111e9139b45618ae0..39d537eea561e65205499c407a7a1dd5bf6585a9 100644 (file)
--- a/cookbooks/stateofthemap/recipes/default.rb
+++ b/cookbooks/stateofthemap/recipes/default.rb
@@ -55,6 +55,7 @@ wordpress_site "2007.stateofthemap.org" do
   database_user "sotm2007"
   database_password passwords["sotm2007"]
   database_prefix "wp_sotm_"
+  fpm_prometheus_port 12007
 end
 
 wordpress_theme "2007.stateofthemap.org-refreshwp-11" do
@@ -82,6 +83,7 @@ wordpress_site "2008.stateofthemap.org" do
   database_user "sotm2008"
   database_password passwords["sotm2008"]
   database_prefix "wp_sotm08_"
+  fpm_prometheus_port 12008
 end
 
 wordpress_theme "2008.stateofthemap.org-refreshwp-11" do
@@ -120,6 +122,7 @@ wordpress_site "2009.stateofthemap.org" do
   urls "/register" => "/srv/2009.stateofthemap.org/register",
        "/register-pro-user" => "/srv/2009.stateofthemap.org/register-pro-user",
        "/podcasts" => "/srv/2009.stateofthemap.org/podcasts"
+  fpm_prometheus_port 12009
 end
 
 wordpress_theme "2009.stateofthemap.org-aerodrome" do
@@ -156,6 +159,7 @@ wordpress_site "2010.stateofthemap.org" do
   database_user "sotm2010"
   database_password passwords["sotm2010"]
   urls "/register" => "/srv/2010.stateofthemap.org/register"
+  fpm_prometheus_port 12010
 end
 
 wordpress_theme "2010.stateofthemap.org-aerodrome" do
@@ -199,6 +203,7 @@ wordpress_site "2011.stateofthemap.org" do
   database_user "sotm2011"
   database_password passwords["sotm2011"]
   urls "/register" => "/srv/2011.stateofthemap.org/register"
+  fpm_prometheus_port 12011
 end
 
 wordpress_theme "2011.stateofthemap.org-aerodrome" do
@@ -242,6 +247,7 @@ wordpress_site "2012.stateofthemap.org" do
   database_user "sotm2012"
   database_password passwords["sotm2012"]
   urls "/register" => "/srv/2012.stateofthemap.org/register"
+  fpm_prometheus_port 12012
 end
 
 wordpress_theme "2012.stateofthemap.org-aerodrome" do

diff --git a/cookbooks/taginfo/recipes/default.rb b/cookbooks/taginfo/recipes/default.rb
index c63b8707c1f45d2217ea7d65c980be6c71653161..5383415217ea5f543e05dfe7f37e2f436c0628d7 100644 (file)
--- a/cookbooks/taginfo/recipes/default.rb
+++ b/cookbooks/taginfo/recipes/default.rb
@@ -43,6 +43,7 @@ package %w[
 
 package %w[
   sqlite3
+  sqlite3-pcre
   osmium-tool
   pyosmium
   curl
@@ -146,10 +147,11 @@ node[:taginfo][:sites].each do |site|
     settings["logging"]["directory"] = "/var/log/taginfo/#{site_name}"
     settings["opensearch"]["shortname"] = "Taginfo"
     settings["opensearch"]["contact"] = "webmaster@openstreetmap.org"
+    settings["paths"]["bin_dir"] = "#{directory}/build/src"
     settings["sources"]["download"] = ""
-    settings["sources"]["create"] = "db languages projects wiki"
-    settings["sources"]["db"]["planetfile"] = "/var/lib/planet/planet.pbf"
-    settings["sources"]["db"]["bindir"] = "#{directory}/build/src"
+    settings["sources"]["create"] = "db languages projects wiki chronology"
+    settings["sources"]["db"]["planetfile"] = "/var/lib/planet/planet.osh.pbf"
+    settings["sources"]["chronology"]["osm_history_file"] = "/var/lib/planet/planet.osh.pbf"
     settings["tagstats"]["geodistribution"] = "DenseMmapArray"
 
     JSON.pretty_generate(settings)

diff --git a/cookbooks/tile/files/default/html/favicon.ico b/cookbooks/tile/files/default/html/favicon.ico
index 27b042b5cec16967462ab011cf4b47320fbc14c4..975e1cb0d9a56a11d5843a5bc851bd8ed2f6b0ca 100644 (file)
Binary files a/cookbooks/tile/files/default/html/favicon.ico and b/cookbooks/tile/files/default/html/favicon.ico differ

diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb
index 7363e410cd3fe945b20463defa6917330d17ab89..241b73a8e9283d6be225a88cbaf035bd067d35e9 100644 (file)
--- a/cookbooks/tile/recipes/default.rb
+++ b/cookbooks/tile/recipes/default.rb
@@ -46,7 +46,13 @@ ssl_certificate node[:fqdn] do
   notifies :reload, "service[apache2]"
 end
 
+remote_file "#{Chef::Config[:file_cache_path]}/fastly-ip-list.json" do
+  source "https://api.fastly.com/public-ip-list"
+  compile_time true
+end
+
 tilecaches = search(:node, "roles:tilecache").sort_by { |n| n[:hostname] }
+fastlyips = JSON.parse(IO.read("#{Chef::Config[:file_cache_path]}/fastly-ip-list.json"))
 
 apache_site "default" do
   action [:disable]
@@ -54,7 +60,7 @@ end
 
 apache_site "tile.openstreetmap.org" do
   template "apache.erb"
-  variables :caches => tilecaches
+  variables :caches => tilecaches, :fastly => fastlyips["addresses"]
 end
 
 template "/etc/logrotate.d/apache2" do

diff --git a/cookbooks/tile/templates/default/apache.erb b/cookbooks/tile/templates/default/apache.erb
index 0e461b8d60c0d006a6edd6a02e222500e4afb62b..e6f8ade1cbb135d3aa427acdb80e50b134183c06 100644 (file)
--- a/cookbooks/tile/templates/default/apache.erb
+++ b/cookbooks/tile/templates/default/apache.erb
@@ -25,6 +25,9 @@
 <% cache.ipaddresses(:role => :external).sort.each do |address| -%>
   RemoteIPTrustedProxy <%= address %>
 <% end -%>
+<% end -%>
+<% @fastly.sort.each do |address| -%>
+  RemoteIPTrustedProxy <%= address %>
 <% end -%>
 
   # Setup logging

diff --git a/cookbooks/web/resources/rails_port.rb b/cookbooks/web/resources/rails_port.rb
index 2a6528cd11bf3ed399657c82efa9986f44e09aef..978dcb70fb952d4944e50dce69ed1473da68d839 100644 (file)
--- a/cookbooks/web/resources/rails_port.rb
+++ b/cookbooks/web/resources/rails_port.rb
@@ -86,6 +86,7 @@ action :create do
 
   package %w[
     g++
+    make
     pkg-config
     libpq-dev
     libsasl2-dev
@@ -321,7 +322,7 @@ action :create do
     "storage_service",
     "storage_url",
     "tile_cdn_url"
-  ).reject { |_k, v| v.nil? }.merge(
+  ).compact.merge(
     "server_protocol" => "https",
     "server_url" => new_resource.site,
     "support_email" => "support@openstreetmap.org",

diff --git a/cookbooks/wiki/recipes/default.rb b/cookbooks/wiki/recipes/default.rb
index 064f686cf9454de1919eb42b76dbbb5c9846bbaa..72af19cb80ef3fe16f17a10e70660f8515ba2d5e 100644 (file)
--- a/cookbooks/wiki/recipes/default.rb
+++ b/cookbooks/wiki/recipes/default.rb
@@ -33,7 +33,11 @@ mediawiki_site "wiki.openstreetmap.org" do
            "wiki.openstreetmap.pro", "wiki.openstreetmaps.org"]
   directory "/srv/wiki.openstreetmap.org"
 
-  fpm_max_children 25
+  fpm_max_children 50
+  fpm_start_servers 10
+  fpm_min_spare_servers 10
+  fpm_max_spare_servers 20
+  fpm_prometheus_port 9253
 
   database_name "wiki"
   database_user "wiki-user"

diff --git a/cookbooks/wiki/templates/default/mw-ext-Wikibase.inc.php.erb b/cookbooks/wiki/templates/default/mw-ext-Wikibase.inc.php.erb
index 6bbede43fbf55e1d49d91d027f4e9dae0488ab82..da194cad74efeecfbaa749ca045bb6a3fb130168 100644 (file)
--- a/cookbooks/wiki/templates/default/mw-ext-Wikibase.inc.php.erb
+++ b/cookbooks/wiki/templates/default/mw-ext-Wikibase.inc.php.erb
@@ -38,7 +38,7 @@ call_user_func( function() {
     $wgWBRepoSettings['entityNamespaces']['property'] = WB_NS_PROPERTY;
 
     // Make sure we use the same keys on repo and clients, so we can share cached objects.
-    $wgWBRepoSettings['sharedCacheKeyPrefix'] = $wgDBname . ':WBL/' . rawurlencode( WBL_VERSION );
+    $wgWBRepoSettings['sharedCacheKeyPrefix'] = $wgDBname;
 
     // Include Wikibase items in the regular search result by default
     $wgNamespacesToBeSearchedDefault[WB_NS_ITEM] = true;
@@ -91,8 +91,3 @@ $wgGroupPermissions['data-admin']['property-create'] = true;
 
 // See https://www.mediawiki.org/wiki/Wikibase/Installation/Advanced_configuration#Define_links_for_external_identifiers
 $wgWBRepoSettings['formatterUrlProperty'] = 'P8';
-
-// Disable Wikibase searchbox with this hack (hopefully Wikibase will implement support for it soon)
-// See https://phabricator.wikimedia.org/T205560
-// After upgrading to Wikibase 1.33, this line can be deleted. The 'enableEntitySearchUI' above will do the same thing.
-$wgResourceModules['wikibase.ui.entitysearch']['scripts'] = [];

diff --git a/cookbooks/wordpress/resources/site.rb b/cookbooks/wordpress/resources/site.rb
index 1771c2a1bbb7f84b4c6e3ba5eff9c81a945afde5..5570fb7b2e997243d711f6f0fb2c052c9d9ad5a8 100644 (file)
--- a/cookbooks/wordpress/resources/site.rb
+++ b/cookbooks/wordpress/resources/site.rb
@@ -29,6 +29,12 @@ property :database_user, :kind_of => String, :required => [:create]
 property :database_password, :kind_of => String, :required => [:create]
 property :database_prefix, :kind_of => String, :default => "wp_"
 property :urls, :kind_of => Hash, :default => {}
+property :fpm_max_children, :kind_of => Integer, :default => 5
+property :fpm_start_servers, :kind_of => Integer, :default => 2
+property :fpm_min_spare_servers, :kind_of => Integer, :default => 1
+property :fpm_max_spare_servers, :kind_of => Integer, :default => 3
+property :fpm_request_terminate_timeout, :kind_of => Integer, :default => 300
+property :fpm_prometheus_port, :kind_of => Integer
 property :reload_apache, :kind_of => [TrueClass, FalseClass], :default => true
 
 action :create do
@@ -131,10 +137,16 @@ action :create do
   end
 
   php_fpm new_resource.site do
+    pm_max_children new_resource.fpm_max_children
+    pm_start_servers new_resource.fpm_start_servers
+    pm_min_spare_servers new_resource.fpm_min_spare_servers
+    pm_max_spare_servers new_resource.fpm_max_spare_servers
+    request_terminate_timeout new_resource.fpm_request_terminate_timeout
     php_admin_values "open_basedir" => "#{site_directory}/:/usr/share/php/:/tmp/",
                      "disable_functions" => "exec,shell_exec,system,passthru,popen,proc_open"
     php_values "upload_max_filesize" => "70M",
                "post_max_size" => "100M"
+    prometheus_port new_resource.fpm_prometheus_port
   end
 
   apache_site new_resource.site do

diff --git a/roles/aarnet.rb b/roles/aarnet.rb
index 55845b269185da826ba94dae8d9f21798f7efde4..8cab0ea355ed9202539fe48635a22a77c164e0c6 100644 (file)
--- a/roles/aarnet.rb
+++ b/roles/aarnet.rb
@@ -10,13 +10,13 @@ default_attributes(
   },
   :hosted_by => "AARNet",
   :location => "Carlton, Victoria, Australia",
-  :timezone => "Australia/Melbourne",
-  :networking => {
-    :nameservers => ["202.158.207.1", "202.158.207.2"]
-  }
+  :timezone => "Australia/Melbourne"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["202.158.207.1", "202.158.207.2"]
+  },
   :ntp => {
     :servers => ["0.au.pool.ntp.org", "1.au.pool.ntp.org", "oceania.pool.ntp.org"]
   }

diff --git a/roles/altavoz.rb b/roles/altavoz.rb
index 8deb1dfda780879315940c5d127b3be524105c05..ae9d720fc5a2aa9b722a67aa852e70a9cc0434d1 100644 (file)
--- a/roles/altavoz.rb
+++ b/roles/altavoz.rb
@@ -3,16 +3,13 @@ description "Role applied to all servers at AltaVoz"
 
 default_attributes(
   :hosted_by => "AltaVoz",
-  :location => "Viña del Mar, Chile",
-  :networking => {
-    :nameservers => [
-      "200.91.44.10",
-      "200.91.41.10"
-    ]
-  }
+  :location => "Viña del Mar, Chile"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["200.91.44.10", "200.91.41.10"]
+  },
   :ntp => {
     :servers => ["0.cl.pool.ntp.org", "1.cl.pool.ntp.org", "south-america.pool.ntp.org"]
   }

diff --git a/roles/aws.rb b/roles/aws.rb
deleted file mode 100644 (file)
index d4ad3fd..0000000
--- a/roles/aws.rb
+++ /dev/null
@@ -1,33 +0,0 @@
-name "aws"
-description "Role applied to all servers on AWS"
-
-default_attributes(
-  :hosted_by => "AWS",
-  :location => "Ireland",
-  :networking => {
-    :nameservers => ["172.31.0.2"],
-    :roles => {
-      :internal => {
-        :inet => {
-          :prefix => "20",
-          :gateway => "172.31.0.1"
-        }
-      },
-      :external => {
-        :inet => {
-          :prefix => "32"
-        }
-      }
-    }
-  }
-)
-
-override_attributes(
-  :ntp => {
-    :servers => ["0.ie.pool.ntp.org", "1.ie.pool.ntp.org", "europe.pool.ntp.org"]
-  }
-)
-
-run_list(
-  "role[ie]"
-)

diff --git a/roles/base.rb b/roles/base.rb
index 310b2ddf1876e178cac58d5e3ba6e5b1e3eebcdc..4d453e45ce32d779f0dc67fdfd83ecca58387d3c 100644 (file)
--- a/roles/base.rb
+++ b/roles/base.rb
@@ -41,9 +41,9 @@ default_attributes(
       :parameters => {
         "net.core.rmem_max" => "16777216",
         "net.core.wmem_max" => "16777216",
-        "net.ipv4.tcp_rmem" => "4096\t87380\t16777216",
-        "net.ipv4.tcp_wmem" => "4096\t65536\t16777216",
-        "net.ipv4.udp_mem" => "3145728\t4194304\t16777216"
+        "net.ipv4.tcp_rmem" => "4096 87380 16777216",
+        "net.ipv4.tcp_wmem" => "4096 65536 16777216",
+        "net.ipv4.udp_mem" => "3145728 4194304 16777216"
       }
     },
     :network_backlog => {

diff --git a/roles/blix.rb b/roles/blix.rb
index f58d760dc113f1ac6bbf8d55db52fbee56aed479..5d54e192790b055f434040b8ac90a4be22a2651a 100644 (file)
--- a/roles/blix.rb
+++ b/roles/blix.rb
@@ -7,8 +7,5 @@ default_attributes(
       :blixadmin => { :status => :administrator }
     }
   },
-  :hosted_by => "Blix Solutions",
-  :networking => {
-    :nameservers => ["8.8.8.8", "8.8.4.4"]
-  }
+  :hosted_by => "Blix Solutions"
 )

diff --git a/roles/bytemark.rb b/roles/bytemark.rb
index 4e80daa56f7098c42117b95c668ca9159d51bf77..7b06247525ba718d57c0445ac17943cf50424e21 100644 (file)
--- a/roles/bytemark.rb
+++ b/roles/bytemark.rb
@@ -5,7 +5,6 @@ default_attributes(
   :hosted_by => "Bytemark",
   :location => "York, England",
   :networking => {
-    :nameservers => ["10.0.32.20"],
     :roles => {
       :internal => {
         :inet => {
@@ -38,6 +37,7 @@ default_attributes(
 
 override_attributes(
   :networking => {
+    :nameservers => ["10.0.32.20"],
     :search => ["bm.openstreetmap.org", "openstreetmap.org"]
   },
   :ntp => {

diff --git a/roles/c3sl.rb b/roles/c3sl.rb
index de519e7d35c2727420e9ed814e9389e1a5e9f0aa..9b2bcc33f510fb8c8d261fcfe2025091f2bb10f1 100644 (file)
--- a/roles/c3sl.rb
+++ b/roles/c3sl.rb
@@ -9,14 +9,16 @@ default_attributes(
   },
   :hosted_by => "Centro de Computação Científica e Software Livre, Universidade Federal do Paraná",
   :location => "Curitiba, Brazil",
-  :timezone => "America/Sao_Paulo",
   :networking => {
-    :nameservers => ["200.17.202.3", "200.236.31.1"],
     :wireguard => { :keepalive => 180 }
-  }
+  },
+  :timezone => "America/Sao_Paulo"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["200.17.202.3", "200.236.31.1"]
+  },
   :ntp => {
     :servers => ["0.br.pool.ntp.org", "1.br.pool.ntp.org", "south-america.pool.ntp.org"]
   }

diff --git a/roles/catalyst.rb b/roles/catalyst.rb
index 44319813f7f5b0a46f92365b01a25ceb097c1f0a..413be9ed883a2b1f8832454f9a55dcd1de1cb66d 100644 (file)
--- a/roles/catalyst.rb
+++ b/roles/catalyst.rb
@@ -3,13 +3,13 @@ description "Role applied to all servers at Catalyst"
 
 default_attributes(
   :hosted_by => "Catalyst",
-  :location => "Hamilton, New Zealand",
-  :networking => {
-    :nameservers => ["202.78.244.85", "202.78.244.86", "202.78.244.87"]
-  }
+  :location => "Hamilton, New Zealand"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["202.78.244.85", "202.78.244.86", "202.78.244.87"]
+  },
   :ntp => {
     :servers => ["0.nz.pool.ntp.org", "1.nz.pool.ntp.org", "oceania.pool.ntp.org"]
   }

diff --git a/roles/datahata.rb b/roles/datahata.rb
index 42b3d40f7d821bcc442cc879b4202b5fc2e59c06..d257382c6c4885d20922a4afa3bbefd27a7c0f3c 100644 (file)
--- a/roles/datahata.rb
+++ b/roles/datahata.rb
@@ -8,14 +8,7 @@ default_attributes(
     }
   },
   :hosted_by => "DataHata",
-  :location => "Minsk, Belarus",
-  :networking => {
-    :nameservers => [
-      "31.130.200.2",
-      "8.8.8.8",
-      "8.8.4.4"
-    ]
-  }
+  :location => "Minsk, Belarus"
 )
 
 override_attributes(

diff --git a/roles/db-master.rb b/roles/db-master.rb
index d65791e155adc306799876fca5eda33341844071..11080f5ee98672a6d1c98254c6907bb0fcafb819 100644 (file)
--- a/roles/db-master.rb
+++ b/roles/db-master.rb
@@ -5,10 +5,11 @@ default_attributes(
   :postgresql => {
     :settings => {
       :defaults => {
-        :wal_level => "hot_standby",
+        :wal_level => "logical",
         :archive_mode => "on",
         :archive_command => "/usr/local/bin/openstreetmap-wal-e --terse wal-push %p",
         :max_wal_senders => "3",
+        :max_replication_slots => "1",
         :late_authentication_rules => [
           { :database => "replication", :user => "replication", :address => "10.0.48.49/32" },
           { :database => "replication", :user => "replication", :address => "10.0.48.50/32" },

diff --git a/roles/db-slave.rb b/roles/db-slave.rb
index 30c4a79bf1c62619a929c466fb353da737da0351..6fb2fd0b6ab20953c2c82ec599b6d088f9c1e7ee 100644 (file)
--- a/roles/db-slave.rb
+++ b/roles/db-slave.rb
@@ -9,7 +9,7 @@ default_attributes(
         :hot_standby_feedback => "on",
         :standby_mode => "on",
         :primary_conninfo => {
-          :host => "karm.ams.openstreetmap.org",
+          :host => "snap-01.ams.openstreetmap.org",
           :port => "5432",
           :user => "replication",
           :passwords => { :bag => "db", :item => "passwords" }

diff --git a/roles/delta.rb b/roles/delta.rb
deleted file mode 100644 (file)
index bf30752..0000000
--- a/roles/delta.rb
+++ /dev/null
@@ -1,20 +0,0 @@
-name "delta"
-description "Role applied to all servers at Delta Telecom"
-
-default_attributes(
-  :hosted_by => "Delta Telecom",
-  :location => "Baku, Azerbaijan",
-  :networking => {
-    :nameservers => ["94.20.20.20", "8.8.8.8", "8.8.4.4"]
-  }
-)
-
-override_attributes(
-  :ntp => {
-    :servers => ["0.az.pool.ntp.org", "1.az.pool.ntp.org", "europe.pool.ntp.org"]
-  }
-)
-
-run_list(
-  "role[az]"
-)

diff --git a/roles/dev.rb b/roles/dev.rb
index 8c3de8d38181c45e3576c00ddbffec78da187056..565d4b70cc66d12b03a3ae1bf82174a51e0c9d1c 100644 (file)
--- a/roles/dev.rb
+++ b/roles/dev.rb
@@ -145,7 +145,8 @@ default_attributes(
       },
       "12" => {
         :port => "5432",
-        :wal_level => "logical"
+        :wal_level => "logical",
+        :max_replication_slots => "1"
       }
     }
   },

diff --git a/roles/dotsrc.rb b/roles/dotsrc.rb
index 21838b72d6019e7f9a15eca7bb976793378b3d64..bfa09da80561e8bad098ffe67c697d2b2df9dcb7 100644 (file)
--- a/roles/dotsrc.rb
+++ b/roles/dotsrc.rb
@@ -3,14 +3,7 @@ description "Role applied to all servers at dotsrc.org"
 
 default_attributes(
   :hosted_by => "dotsrc.org",
-  :location => "Aalborg, Denmark",
-  :networking => {
-    :nameservers => [
-      "130.226.1.2",
-      "130.226.255.53",
-      "2001:878:0:100::2"
-    ]
-  }
+  :location => "Aalborg, Denmark"
 )
 
 override_attributes(

diff --git a/roles/drogon.rb b/roles/drogon.rb
index 1938270f9de62b15a56d464cced5e7f776b98f20..8e4e50680d89a3d8c3bab5afe9f4f052dd83873c 100644 (file)
--- a/roles/drogon.rb
+++ b/roles/drogon.rb
@@ -29,11 +29,7 @@ default_attributes(
         :prefix => "64",
         :gateway => "fe80::161:53:30:97"
       }
-    },
-    :nameservers => [
-      "161.53.30.100",
-      "8.8.8.8"
-    ]
+    }
   },
   :squid => {
     :version => 4,

diff --git a/roles/dulcy.rb b/roles/dulcy.rb
index 9ba99a7f4e94738a012beeb1af426e8a83bdcffb..f108680204842a551ef45fb7353a1b788643138c 100644 (file)
--- a/roles/dulcy.rb
+++ b/roles/dulcy.rb
@@ -10,7 +10,7 @@ default_attributes(
         :family => :inet,
         :address => "10.0.48.9",
         :bond => {
-          :slaves => %w[p18p1 p18p2]
+          :slaves => %w[ens18f0 ens18f1]
         }
       },
       :external_ipv4 => {

diff --git a/roles/edgeuno.rb b/roles/edgeuno.rb
index c1224f2bab0c14394884082a679553599b286679..d6fb53aefcdb6013f9ff18202ced65043a209c13 100644 (file)
--- a/roles/edgeuno.rb
+++ b/roles/edgeuno.rb
@@ -32,10 +32,6 @@ default_attributes(
           :connection_limit => "-"
         }
       ]
-    },
-    :nameservers => [
-      "8.8.8.8",
-      "1.1.1.1"
-    ]
+    }
   }
 )

diff --git a/roles/epix.rb b/roles/epix.rb
new file mode 100644 (file)
index 0000000..76b6de5
--- /dev/null
+++ b/roles/epix.rb
@@ -0,0 +1,17 @@
+name "epix"
+description "Role applied to all servers at EPIX"
+
+default_attributes(
+  :hosted_by => "EPIX",
+  :location => "Katowice, Poland"
+)
+
+override_attributes(
+  :ntp => {
+    :servers => ["0.pl.pool.ntp.org", "1.pl.pool.ntp.org", "europe.pool.ntp.org"]
+  }
+)
+
+run_list(
+  "role[pl]"
+)

diff --git a/roles/equinix.rb b/roles/equinix.rb
index 625aa8f57d3e78be50170375d6933d4c8854eb90..e04f7fac5b253da09567e58567cda0af6757cf2d 100644 (file)
--- a/roles/equinix.rb
+++ b/roles/equinix.rb
@@ -3,7 +3,6 @@ description "Role applied to all servers at Equinix"
 
 default_attributes(
   :networking => {
-    :nameservers => ["66.28.0.45", "66.28.0.61"],
     :roles => {
       :internal => {
         :inet => {
@@ -42,6 +41,7 @@ default_attributes(
 
 override_attributes(
   :networking => {
+    :nameservers => ["66.28.0.45", "66.28.0.61"],
     :search => ["ams.openstreetmap.org", "openstreetmap.org"]
   },
   :ntp => {

diff --git a/roles/euserv.rb b/roles/euserv.rb
deleted file mode 100644 (file)
index ec354bf..0000000
--- a/roles/euserv.rb
+++ /dev/null
@@ -1,22 +0,0 @@
-name "euserv"
-description "Role applied to all servers at EUserv"
-
-default_attributes(
-  :hosted_by => "EUserv",
-  :location => "Jena, Germany",
-  :networking => {
-    :nameservers => [
-      "85.31.184.60", "85.31.184.61", "85.31.185.60", "85.31.185.61"
-    ]
-  }
-)
-
-override_attributes(
-  :ntp => {
-    :servers => ["0.de.pool.ntp.org", "1.de.pool.ntp.org", "europe.pool.ntp.org"]
-  }
-)
-
-run_list(
-  "role[de]"
-)

diff --git a/roles/exonetric.rb b/roles/exonetric.rb
index b03aa8c7150267432617f926423f1b9f73e15846..93068a76c86a5653034c2d0c865628e1c6c0b454 100644 (file)
--- a/roles/exonetric.rb
+++ b/roles/exonetric.rb
@@ -10,7 +10,6 @@ default_attributes(
   :hosted_by => "Exonetric",
   :location => "London, England",
   :networking => {
-    :nameservers => ["8.8.8.8", "8.8.4.4"],
     :roles => {
       :external => {
         :inet => {

diff --git a/roles/faimaison.rb b/roles/faimaison.rb
index a72fff50bd0722d4b22f0b7182de3db6ed8b7ee1..02ca7f35345cbdbe0d6ecb0c2c67a594736a477a 100644 (file)
--- a/roles/faimaison.rb
+++ b/roles/faimaison.rb
@@ -3,14 +3,7 @@ description "Role applied to all servers at FAImaison"
 
 default_attributes(
   :hosted_by => "FAImaison",
-  :location => "France",
-  :networking => {
-    :nameservers => [
-      "8.8.8.8",
-      "8.8.4.4",
-      "1.1.1.1"
-    ]
-  }
+  :location => "France"
 )
 
 override_attributes(

diff --git a/roles/ffrl.rb b/roles/ffrl.rb
index 35599a01c370a6714f1a229649ca1dacfada8024..96109c4436a4f077b05fc18940e6283740c3c9bd 100644 (file)
--- a/roles/ffrl.rb
+++ b/roles/ffrl.rb
@@ -3,13 +3,7 @@ description "Role applied to all servers at Freifunk Rheinland"
 
 default_attributes(
   :hosted_by => "Freifunk Rheinland",
-  :location => "Berlin, Germany",
-  :networking => {
-    :nameservers => [
-      "8.8.8.8",
-      "8.8.4.4"
-    ]
-  }
+  :location => "Berlin, Germany"
 )
 
 override_attributes(

diff --git a/roles/firefishynet.rb b/roles/firefishynet.rb
index fca212ad858970b96d7899ebe802f26d7c3c19d2..150f62d6fe089ac38531387faa55facabee017ad 100644 (file)
--- a/roles/firefishynet.rb
+++ b/roles/firefishynet.rb
@@ -3,7 +3,6 @@ description "Role applied to all servers at Firefishy"
 
 default_attributes(
   :networking => {
-    :nameservers => ["8.8.8.8", "8.8.4.4"],
     :roles => {
       :internal => {
         :inet => {

diff --git a/roles/konqi.rb b/roles/firnen.rb
similarity index 59%
rename from roles/konqi.rb
rename to roles/firnen.rb
index 6744ee3ceb335a4f80cae41bea98b0957395b418..4bd2aff98ee29f762475c39569a64462967f6073 100644 (file)
--- a/roles/konqi.rb
+++ b/roles/firnen.rb
@@ -1,36 +1,25 @@
-name "konqi"
-description "Master role applied to konqi"
+name "firnen"
+description "Master role applied to firnen"
 
 default_attributes(
   :hardware => {
-    :shm_size => "20g"
+    :shm_size => "36g"
   },
   :networking => {
     :interfaces => {
       :external_ipv4 => {
-        :interface => "eth0",
+        :interface => "enp6s0",
         :role => :external,
         :family => :inet,
-        :address => "81.7.11.83",
-        :prefix => "24",
-        :gateway => "81.7.11.1"
-      },
-      :external_ipv6 => {
-        :interface => "eth0",
-        :role => :external,
-        :family => :inet6,
-        :address => "2a02:180:1:1::517:b53",
-        :prefix => "64",
-        :gateway => "2a02:180:1:1::1"
+        :address => "188.241.28.82",
+        :prefix => "29",
+        :gateway => "188.241.28.81"
       }
-    },
-    :wireguard => {
-      :enabled => false
     }
   },
   :squid => {
     :version => 4,
-    :cache_mem => "16384 MB",
+    :cache_mem => "32768 MB",
     :cache_dir => [
       "rock /store/squid/rock-4096 20000 swap-timeout=200 slot-size=4096 max-size=3996",
       "rock /store/squid/rock-8192 25000 swap-timeout=200 slot-size=8192 min-size=3997 max-size=8092",
@@ -44,6 +33,6 @@ default_attributes(
 )
 
 run_list(
-  "role[euserv]",
+  "role[epix]",
   "role[tilecache]"
 )

diff --git a/roles/g5solutions.rb b/roles/g5solutions.rb
deleted file mode 100644 (file)
index 96aaa88..0000000
--- a/roles/g5solutions.rb
+++ /dev/null
@@ -1,28 +0,0 @@
-name "g5solutions"
-description "Role applied to all servers at G5 Solutions"
-
-default_attributes(
-  :accounts => {
-    :users => {
-      :g5team => { :status => :administrator }
-    }
-  },
-  :hosted_by => "G5 Solutions",
-  :location => "Indonesia",
-  :networking => {
-    :nameservers => [
-      "8.8.8.8",
-      "8.8.4.4"
-    ]
-  }
-)
-
-override_attributes(
-  :ntp => {
-    :servers => ["0.id.pool.ntp.org", "1.id.pool.ntp.org", "asia.pool.ntp.org"]
-  }
-)
-
-run_list(
-  "role[id]"
-)

diff --git a/roles/gackelchen.rb b/roles/gackelchen.rb
index a0c8ef19a76dfe2e17a52653ede00dcba83e1b39..6835406f5fa5d923af4aadeeab6d09f7f711fc95 100644 (file)
--- a/roles/gackelchen.rb
+++ b/roles/gackelchen.rb
@@ -36,7 +36,7 @@ default_attributes(
     ]
   },
   :tilecache => {
-    :tile_parent => "bissen.render.openstreetmap.org"
+    :tile_parent => "germany.render.openstreetmap.org"
   }
 )
 

diff --git a/roles/gandi.rb b/roles/gandi.rb
index d1a332a156ac7b7c3a2c282ae2e540df0e9ad7d8..2fcd1084bbbef5d0e19794b111e2d60771a4e5e6 100644 (file)
--- a/roles/gandi.rb
+++ b/roles/gandi.rb
@@ -3,17 +3,13 @@ description "Role applied to all servers at Gandi"
 
 default_attributes(
   :hosted_by => "Gandi",
-  :location => "Bissen, Luxembourg",
-  :networking => {
-    :nameservers => [
-      "217.70.186.194",
-      "217.70.186.193",
-      "2001:4b98:dc2:49::193"
-    ]
-  }
+  :location => "Bissen, Luxembourg"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["217.70.186.194", "217.70.186.193", "2001:4b98:dc2:49::193"]
+  },
   :ntp => {
     :servers => ["0.lu.pool.ntp.org", "1.lu.pool.ntp.org", "europe.pool.ntp.org"]
   }

diff --git a/roles/greenmini.rb b/roles/greenmini.rb
index 16f7974d5431dea3c26a2669910e373fe2c284c8..2156eb3325199ca3701302c781c4c14de8bc16b1 100644 (file)
--- a/roles/greenmini.rb
+++ b/roles/greenmini.rb
@@ -8,18 +8,13 @@ default_attributes(
     }
   },
   :hosted_by => "greenminihost",
-  :location => "Dronten, Netherlands",
-  :networking => {
-    :nameservers => [
-      "45.148.169.130",
-      "185.200.102.102",
-      "2a0a:aa42:222:2500::2500",
-      "2a0a:aa42:321:2000::53"
-    ]
-  }
+  :location => "Dronten, Netherlands"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["45.148.169.130", "185.200.102.102", "2a0a:aa42:222:2500::2500", "2a0a:aa42:321:2000::53"]
+  },
   :ntp => {
     :servers => ["0.nl.pool.ntp.org", "1.nl.pool.ntp.org", "europe.pool.ntp.org"]
   }

diff --git a/roles/grifon.rb b/roles/grifon.rb
index c9653f93d0aa2346b88419fd08a13dd573ef2bef..e7bf0b295a5e297b12e5ed9a0ad1eb67ed4b9497 100644 (file)
--- a/roles/grifon.rb
+++ b/roles/grifon.rb
@@ -28,8 +28,7 @@ default_attributes(
           :connection_limit => "-"
         }
       ]
-    },
-    :nameservers => ["2a00:5884::7", "8.8.8.8", "8.8.4.4"]
+    }
   }
 )
 

diff --git a/roles/grindtooth.rb b/roles/grindtooth.rb
index 2d78c10b79b6ca43027f9d6000e6ba59b85c18f1..349cc2627caf79c49bf7876cec547f7db75c4620 100644 (file)
--- a/roles/grindtooth.rb
+++ b/roles/grindtooth.rb
@@ -5,13 +5,13 @@ default_attributes(
   :networking => {
     :interfaces => {
       :internal_ipv4 => {
-        :interface => "em1.2801",
+        :interface => "enp3s0f0.2801",
         :role => :internal,
         :family => :inet,
         :address => "10.0.0.19"
       },
       :external_ipv4 => {
-        :interface => "em1.2800",
+        :interface => "enp3s0f0.2800",
         :role => :external,
         :family => :inet,
         :address => "193.60.236.15"

diff --git a/roles/grisu.rb b/roles/grisu.rb
index 9aaa6d67b4ac642df8382678243676542e837d39..b260ff89598a47378c113f16da012ce30e93e48e 100644 (file)
--- a/roles/grisu.rb
+++ b/roles/grisu.rb
@@ -13,7 +13,7 @@ default_attributes(
         :family => :inet,
         :address => "10.0.32.20",
         :bond => {
-          :slaves => %w[em1 em2]
+          :slaves => %w[enp2s0f0 enp2s0f1]
         }
       },
       :external_ipv4 => {

diff --git a/roles/grnet.rb b/roles/grnet.rb
index 1ca197be51c1ab938d015daff3ee059f6354943e..a08d1841d178572a1c1053c7671ee75c9f1a2ce4 100644 (file)
--- a/roles/grnet.rb
+++ b/roles/grnet.rb
@@ -8,13 +8,7 @@ default_attributes(
     }
   },
   :hosted_by => "GRNET",
-  :location => "Athens, Greece",
-  :networking => {
-    :nameservers => [
-      "8.8.8.8",
-      "8.8.4.4"
-    ]
-  }
+  :location => "Athens, Greece"
 )
 
 override_attributes(

diff --git a/roles/hetzner.rb b/roles/hetzner.rb
index 20d855f656ab9fe5c80e59c709f352196ee0c0da..4948c8d6c51d470489be84cf381cbfa8db681d02 100644 (file)
--- a/roles/hetzner.rb
+++ b/roles/hetzner.rb
@@ -2,7 +2,10 @@ name "hetzner"
 description "Role applied to all servers at Hetzner"
 
 default_attributes(
-  :hosted_by => "Hetzner",
+  :hosted_by => "Hetzner"
+)
+
+override_attributes(
   :networking => {
     :nameservers => [
       "213.133.98.98",
@@ -12,10 +15,7 @@ default_attributes(
       "2a01:4f8:0:a102::add:9999",
       "2a01:4f8:0:a0a1::add:1010"
     ]
-  }
-)
-
-override_attributes(
+  },
   :ntp => {
     :servers => ["0.de.pool.ntp.org", "1.de.pool.ntp.org", "europe.pool.ntp.org"]
   }

diff --git a/roles/hostedinnz.rb b/roles/hostedinnz.rb
index 7e0944309c82525cd5331e75d3cf8a5a08bf046c..9bf94140481f228b14f29c6bcb8a5273593b20ff 100644 (file)
--- a/roles/hostedinnz.rb
+++ b/roles/hostedinnz.rb
@@ -9,9 +9,6 @@ default_attributes(
   },
   :hosted_by => "HostedIn.NZ",
   :location => "Wellington, New Zealand",
-  :networking => {
-    :nameservers => ["8.8.8.8", "8.8.4.4"]
-  },
   :snmpd => {
     :clients => ["103.106.66.28"],
     :community => "hostedinnz",

diff --git a/roles/inxza.rb b/roles/inxza.rb
index aa80ea347f8b88c765964f3b2dfbad1920451f34..96dd61a960a9584fd929d78ba91fb03d9cb77922 100644 (file)
--- a/roles/inxza.rb
+++ b/roles/inxza.rb
@@ -3,17 +3,13 @@ description "Role applied to all servers at INX-ZA"
 
 default_attributes(
   :hosted_by => "INX-ZA",
-  :location => "Cape Town, South Africa",
-  :networking => {
-    :nameservers => [
-      "196.10.52.52",
-      "196.10.54.54",
-      "196.10.55.55"
-    ]
-  }
+  :location => "Cape Town, South Africa"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["196.10.52.52", "196.10.54.54", "196.10.55.55"]
+  },
   :ntp => {
     :servers => ["0.za.pool.ntp.org", "1.za.pool.ntp.org", "africa.pool.ntp.org"]
   }

diff --git a/roles/iway.rb b/roles/iway.rb
index 3a4c1b888203001e401855ae611093a91b7eaa45..094f92b0b6b76288bfbec2ddab4966ba071a5514 100644 (file)
--- a/roles/iway.rb
+++ b/roles/iway.rb
@@ -23,8 +23,7 @@ default_attributes(
           :connection_limit => "-"
         }
       ]
-    },
-    :nameservers => ["2001:8e0:ffff:ac1::1", "8.8.8.8", "8.8.4.4"]
+    }
   }
 )
 

diff --git a/roles/jump.rb b/roles/jump.rb
index 4186ecc4cdd7fe97d48bb9f4ac90096f4f1c8c82..eb24ced21e3c60cbd00c91dac8a9780db84316c1 100644 (file)
--- a/roles/jump.rb
+++ b/roles/jump.rb
@@ -3,18 +3,13 @@ description "Role applied to all servers at Jump Networks"
 
 default_attributes(
   :hosted_by => "Jump Networks",
-  :location => "London, England",
-  :networking => {
-    :nameservers => [
-      "185.73.44.3",
-      "2001:ba8:0:2c02::",
-      "2001:ba8:0:2c03::",
-      "2001:ba8:0:2c04::"
-    ]
-  }
+  :location => "London, England"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["185.73.44.3", "2001:ba8:0:2c02::", "2001:ba8:0:2c03::", "2001:ba8:0:2c04::"]
+  },
   :ntp => {
     :servers => ["0.uk.pool.ntp.org", "1.uk.pool.ntp.org", "europe.pool.ntp.org"]
   }

diff --git a/roles/karm.rb b/roles/karm.rb
index 9490d64e9f5d443f1f668f950feb902a4a2a7eed..04b5a925be475beef37f241c1d3c8f714290a23c 100644 (file)
--- a/roles/karm.rb
+++ b/roles/karm.rb
@@ -40,6 +40,5 @@ default_attributes(
 
 run_list(
   "role[equinix]",
-  "role[db-master]",
-  "role[db-backup]"
+  "role[db-slave]"
 )

diff --git a/roles/lyonix.rb b/roles/lyonix.rb
index 3a0c8589a4251c51cb1a6484177cb1ab17ac1275..b44835628a604878f925deac9b6b82ec066cd6a4 100644 (file)
--- a/roles/lyonix.rb
+++ b/roles/lyonix.rb
@@ -4,9 +4,6 @@ description "Role applied to all servers at LyonIX"
 default_attributes(
   :hosted_by => "LyonIX",
   :location => "Lyon, France",
-  :networking => {
-    :nameservers => ["77.95.64.205", "77.95.64.206", "8.8.8.8", "8.8.4.4"]
-  },
   :snmpd => {
     :clients => ["77.95.64.0/21"],
     :clients6 => ["2a03:9180::/32", "2001:7f8:47::/48"],

diff --git a/roles/lysator.rb b/roles/lysator.rb
index 7bf25dc165725959f59a1db4ef315da9f4661904..09c2aaff7e588471b218f4677f44aab6c7216947 100644 (file)
--- a/roles/lysator.rb
+++ b/roles/lysator.rb
@@ -9,13 +9,13 @@ default_attributes(
     }
   },
   :hosted_by => "Lysator",
-  :location => "Linköping, Sweden",
-  :networking => {
-    :nameservers => ["130.236.254.225", "2001:6b0:17:f0a0::e1", "130.236.254.4"]
-  }
+  :location => "Linköping, Sweden"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["130.236.254.225", "2001:6b0:17:f0a0::e1", "130.236.254.4"]
+  },
   :ntp => {
     :servers => ["0.se.pool.ntp.org", "1.se.pool.ntp.org", "europe.pool.ntp.org"]
   }

diff --git a/roles/mail.rb b/roles/mail.rb
index c1c7d307cea2b959d99f05434efba5984859ba88..660bb9f2f195e7466cf75293a12325cdfff8eb45 100644 (file)
--- a/roles/mail.rb
+++ b/roles/mail.rb
@@ -47,7 +47,8 @@ default_attributes(
       }
     },
     :dkim_selectors => {
-      "openstreetmap.org" => "20200301"
+      "openstreetmap.org" => "20200301",
+      "osmfoundation.org" => "20201112"
     },
     :aliases => {
       "abuse" => "root",

diff --git a/roles/milkywan.rb b/roles/milkywan.rb
index 7f75a2edc2298d84d0edba8fcd6224f0a364293e..d353814abdf847902350cc2b1837c3b57920e939 100644 (file)
--- a/roles/milkywan.rb
+++ b/roles/milkywan.rb
@@ -23,8 +23,7 @@ default_attributes(
           :connection_limit => "-"
         }
       ]
-    },
-    :nameservers => ["130.117.11.11", "2a0b:cbc0:42::42"]
+    }
   }
 )
 

diff --git a/roles/nchc.rb b/roles/nchc.rb
index c376eb371123f781d93b2cd9ea9c466578059f6a..1c434df2aac0f53d447b07be04fc96148a795bbc 100644 (file)
--- a/roles/nchc.rb
+++ b/roles/nchc.rb
@@ -11,12 +11,14 @@ default_attributes(
   :hosted_by => "NCHC",
   :location => "Hsinchu, Taiwan",
   :networking => {
-    :nameservers => ["140.110.16.1", "140.110.4.1"],
     :wireguard => { :keepalive => 180 }
   }
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["140.110.16.1", "140.110.4.1"]
+  },
   :ntp => {
     :servers => ["0.tw.pool.ntp.org", "1.tw.pool.ntp.org", "asia.pool.ntp.org"]
   }

diff --git a/roles/netalerts.rb b/roles/netalerts.rb
index 85e6824d4b7b5057c67007b16b6b02ba6fba3181..bbccac112d7d9ea9a1147699b490bd932e426620 100644 (file)
--- a/roles/netalerts.rb
+++ b/roles/netalerts.rb
@@ -4,16 +4,13 @@ description "Role applied to all servers at NetAlerts"
 default_attributes(
   :hosted_by => "NetAlerts",
   :location => "Montréal, Canada",
-  :timezone => "America/Montreal",
-  :networking => {
-    :nameservers => [
-      "209.172.41.202",
-      "209.172.41.200"
-    ]
-  }
+  :timezone => "America/Montreal"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["209.172.41.202", "209.172.41.200"]
+  },
   :ntp => {
     :servers => ["0.ca.pool.ntp.org", "1.ca.pool.ntp.org", "north-america.pool.ntp.org"]
   }

diff --git a/roles/orm.rb b/roles/orm.rb
index 20abc51aae18339c7aedc0aad3136feb6e1bb3aa..860ab8c3d835f494934614b6d24e5c7fb5901df4 100644 (file)
--- a/roles/orm.rb
+++ b/roles/orm.rb
@@ -51,12 +51,6 @@ default_attributes(
   }
 )
 
-override_attributes(
-  :networking => {
-    :nameservers => ["8.8.8.8", "8.8.4.4"]
-  }
-)
-
 run_list(
   "role[equinix]",
   "role[tyan-s7010]"

diff --git a/roles/osuosl.rb b/roles/osuosl.rb
index 489152a0289d50cf9e7343349b1f06c7c77403ae..899176dcbca7fac1579fc1a9f112d0a3532941fe 100644 (file)
--- a/roles/osuosl.rb
+++ b/roles/osuosl.rb
@@ -11,7 +11,6 @@ default_attributes(
   :location => "Corvallis, Oregon",
   :timezone => "PST8PDT",
   :networking => {
-    :nameservers => ["8.8.8.8", "8.8.4.4"],
     :roles => {
       :external => {
         :inet => {

diff --git a/roles/ovh.rb b/roles/ovh.rb
index 9a0e9d561c705f6e130d6177f34668b57801f3e0..f8391a2aa941ae1d535850de69e3743c2d13f2e0 100644 (file)
--- a/roles/ovh.rb
+++ b/roles/ovh.rb
@@ -3,15 +3,13 @@ description "Role applied to all servers at OVH"
 
 default_attributes(
   :hosted_by => "OVH",
-  :location => "Roubaix, France",
-  :networking => {
-    :nameservers => [
-      "213.186.33.99"
-    ]
-  }
+  :location => "Roubaix, France"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["213.186.33.99"]
+  },
   :ntp => {
     :servers => ["0.fr.pool.ntp.org", "1.fr.pool.ntp.org", "europe.pool.ntp.org"]
   }

diff --git a/roles/paulla.rb b/roles/paulla.rb
index 27149d2472763bacb929d59d026e9869f2186f50..516546968c35a112d77e8ae2ef41a2206efeb0bf 100644 (file)
--- a/roles/paulla.rb
+++ b/roles/paulla.rb
@@ -12,13 +12,13 @@ default_attributes(
   :location => "Pau, France",
   :munin => {
     :allow => ["10.64.1.11"]
-  },
-  :networking => {
-    :nameservers => ["10.64.1.42", "194.167.156.13", "10.64.1.3"]
   }
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["10.64.1.42", "194.167.156.13", "10.64.1.3"]
+  },
   :ntp => {
     :servers => ["cannelle.paulla.asso.fr"]
   }

diff --git a/roles/pl.rb b/roles/pl.rb
new file mode 100644 (file)
index 0000000..ad8a61d
--- /dev/null
+++ b/roles/pl.rb
@@ -0,0 +1,11 @@
+name "pl"
+description "Role applied to all servers located in Poland"
+
+override_attributes(
+  :country => "pl",
+  :timezone => "Europe/Warsaw"
+)
+
+run_list(
+  "role[base]"
+)

diff --git a/roles/prgmr.rb b/roles/prgmr.rb
index 918481423daeb1cd0e4e97b4f5ca534ea836da04..de7ecb2e7d84db51a6947951cd8165e3ef0029f5 100644 (file)
--- a/roles/prgmr.rb
+++ b/roles/prgmr.rb
@@ -4,10 +4,7 @@ description "Role applied to all servers at prgmr.com"
 default_attributes(
   :hosted_by => "prgmr.com",
   :location => "San Francisco, California",
-  :timezone => "PST8PDT",
-  :networking => {
-    :nameservers => ["8.8.8.8", "8.8.4.4"]
-  }
+  :timezone => "PST8PDT"
 )
 
 override_attributes(

diff --git a/roles/pummelzacken.rb b/roles/pummelzacken.rb
index 7b346bf6f5f4492712e518d25f75aa31d5915bca..add5249388505e1b29a545098f3c46ac083fa499 100644 (file)
--- a/roles/pummelzacken.rb
+++ b/roles/pummelzacken.rb
@@ -7,7 +7,7 @@ default_attributes(
       :bond => {
         :interface => "bond0",
         :bond => {
-          :slaves => %w[em1 p5p1]
+          :slaves => %w[eno1 enp5s0f0]
         }
       },
       :internal_ipv4 => {
@@ -25,7 +25,7 @@ default_attributes(
     }
   },
   :postgresql => {
-    :versions => ["12"],
+    :versions => ["13"],
     :settings => {
       :defaults => {
         :listen_addresses => "10.0.0.20",
@@ -34,7 +34,7 @@ default_attributes(
         :random_page_cost => "1.5",
         :effective_cache_size => "60GB",
         :effective_io_concurrency => "256",
-        :fsync => "on"
+        :fsync => "off"
       }
     }
   },
@@ -45,10 +45,10 @@ default_attributes(
     }
   },
   :nominatim => {
-    :state => "standalone",
+    :state => "off",
     :dbadmins => %w[lonvia tomh],
-    :dbcluster => "12/main",
-    :postgis => "2.5",
+    :dbcluster => "13/main",
+    :postgis => "3",
     :enable_backup => true,
     :flatnode_file => "/ssd/nominatim/nodes.store",
     :tablespaces => {

diff --git a/roles/rhaegal.rb b/roles/rhaegal.rb
index 2663eb79aae6e3aeed8cbb1de858b6eafd6dc39d..00fce56cf4345c2d21baaadc745700ccc9287abb 100644 (file)
--- a/roles/rhaegal.rb
+++ b/roles/rhaegal.rb
@@ -37,11 +37,7 @@ default_attributes(
         :gateway => "10.5.0.1",
         :public_address => "161.53.248.77"
       }
-    },
-    :nameservers => [
-      "10.5.0.7",
-      "8.8.8.8"
-    ]
+    }
   },
   :postgresql => {
     :settings => {

diff --git a/roles/scaleway.rb b/roles/scaleway.rb
index b7daaa0fb5bea60efe504bdd54eb9aa0da9639c5..26833e17c1d17239ffdbede340885d790967b519 100644 (file)
--- a/roles/scaleway.rb
+++ b/roles/scaleway.rb
@@ -3,16 +3,13 @@ description "Role applied to all servers at Scaleway"
 
 default_attributes(
   :hosted_by => "Scaleway",
-  :location => "Paris, France",
-  :networking => {
-    :nameservers => [
-      "62.210.16.6",
-      "62.210.16.7"
-    ]
-  }
+  :location => "Paris, France"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["62.210.16.6", "62.210.16.7"]
+  },
   :ntp => {
     :servers => ["0.fr.pool.ntp.org", "1.fr.pool.ntp.org", "europe.pool.ntp.org"]
   }

diff --git a/roles/shenron.rb b/roles/shenron.rb
index ee89e0a35d5b1493bb7a5ba3d921bbc8a1d4cfc2..b5cb9d559562b57244d40d23f68fad984e4f3c17 100644 (file)
--- a/roles/shenron.rb
+++ b/roles/shenron.rb
@@ -39,7 +39,7 @@ override_attributes(
         :gateway => "fe80::1"
       }
     },
-    :nameservers => ["8.8.8.8", "8.8.4.4"],
+    :nameservers => ["1.1.1.1", "1.0.0.1", "2606:4700:4700::1111", "2606:4700:4700::1001"],
     :private_address => "10.0.16.100"
   }
 )

diff --git a/roles/simurgh.rb b/roles/simurgh.rb
deleted file mode 100644 (file)
index 011afdc..0000000
--- a/roles/simurgh.rb
+++ /dev/null
@@ -1,49 +0,0 @@
-name "simurgh"
-description "Master role applied to simurgh"
-
-default_attributes(
-  :hardware => {
-    :shm_size => "18g"
-  },
-  :networking => {
-    :interfaces => {
-      :external_ipv4 => {
-        :interface => "ens32",
-        :role => :external,
-        :family => :inet,
-        :address => "94.20.20.55",
-        :prefix => "24",
-        :gateway => "94.20.20.1"
-      }
-    },
-    :wireguard => {
-      :enabled => false
-    }
-  },
-  :squid => {
-    :version => 4,
-    :cache_mem => "16384 MB",
-    :cache_dir => [
-      "rock /store/squid/rock-4096 20000 swap-timeout=200 slot-size=4096 max-size=3996",
-      "rock /store/squid/rock-8192 25000 swap-timeout=200 slot-size=8192 min-size=3997 max-size=8092",
-      "rock /store/squid/rock-16384 35000 swap-timeout=200 slot-size=16384 min-size=8093 max-size=16284",
-      "rock /store/squid/rock-32768 45000 swap-timeout=200 slot-size=32768 min-size=16285 max-size=262144"
-    ]
-  },
-  :nginx => {
-    :cache => {
-      :proxy => {
-        :keys_zone => "proxy_cache_zone:64M",
-        :max_size => "2048M"
-      }
-    }
-  },
-  :tilecache => {
-    :tile_parent => "baku.render.openstreetmap.org"
-  }
-)
-
-run_list(
-  "role[delta]",
-  "role[tilecache]"
-)

diff --git a/roles/snap-01.rb b/roles/snap-01.rb
index c79f141456eae5389a8be562955833dd8b86411b..1935e753d7fe33a73b536ea1afe06e7e73078912 100644 (file)
--- a/roles/snap-01.rb
+++ b/roles/snap-01.rb
@@ -40,5 +40,6 @@ default_attributes(
 
 run_list(
   "role[equinix]",
-  "role[db-slave]"
+  "role[db-master]",
+  "role[db-backup]"
 )

diff --git a/roles/spike-04.rb b/roles/spike-04.rb
index bc2e53f7500aa4f68bf881ae4bb8261a156f87e7..559abc016ee6e2593f1e012f1caa3ad2ac950968 100644 (file)
--- a/roles/spike-04.rb
+++ b/roles/spike-04.rb
@@ -10,7 +10,7 @@ default_attributes(
         :family => :inet,
         :address => "10.0.32.21",
         :bond => {
-          :slaves => %w[em1 em2]
+          :slaves => %w[enp3s0f0 enp3s0f1]
         }
       },
       :external_ipv4 => {

diff --git a/roles/spike-05.rb b/roles/spike-05.rb
index ce41465a875584eda11554fac60638aefc2d8324..c11255de95e27e4f6ea8256a59aca9fdb01213c2 100644 (file)
--- a/roles/spike-05.rb
+++ b/roles/spike-05.rb
@@ -10,7 +10,7 @@ default_attributes(
         :family => :inet,
         :address => "10.0.32.22",
         :bond => {
-          :slaves => %w[em1 em2]
+          :slaves => %w[enp3s0f0 enp3s0f1]
         }
       },
       :external_ipv4 => {

diff --git a/roles/strato.rb b/roles/strato.rb
index 05ed336ccbe11cf4990318eda4468a998445bd49..5cf4445dcf2505798059676e5b855f4154f60a81 100644 (file)
--- a/roles/strato.rb
+++ b/roles/strato.rb
@@ -3,16 +3,13 @@ description "Role applied to all servers at Strato"
 
 default_attributes(
   :hosted_by => "Strato",
-  :location => "Germany",
-  :networking => {
-    :nameservers => [
-      "85.214.7.22",
-      "81.169.163.106"
-    ]
-  }
+  :location => "Germany"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["85.214.7.22", "81.169.163.106"]
+  },
   :ntp => {
     :servers => ["0.de.pool.ntp.org", "1.de.pool.ntp.org", "europe.pool.ntp.org"]
   }

diff --git a/roles/szerverem.rb b/roles/szerverem.rb
index 45ac8108ecf02d4534be5903272491efc244fe26..fc23d22f83f3c39db44b81db87057a8cf6be4477 100644 (file)
--- a/roles/szerverem.rb
+++ b/roles/szerverem.rb
@@ -3,13 +3,7 @@ description "Role applied to all servers at szerverem.hu"
 
 default_attributes(
   :hosted_by => "szerverem.hu",
-  :location => "Budapest, Hungary",
-  :networking => {
-    :nameservers => [
-      "8.8.8.8",
-      "8.8.4.4"
-    ]
-  }
+  :location => "Budapest, Hungary"
 )
 
 override_attributes(

diff --git a/roles/teleservice.rb b/roles/teleservice.rb
index 7602c30c1cf525515b991fb401ffd720df02a3d8..8704fb679200a9065b8a967e8d95d821bdbe120b 100644 (file)
--- a/roles/teleservice.rb
+++ b/roles/teleservice.rb
@@ -3,10 +3,7 @@ description "Role applied to all servers at Teleservice"
 
 default_attributes(
   :hosted_by => "Teleservice Skåne AB",
-  :location => "Sjöbo, Sweden",
-  :networking => {
-    :nameservers => ["8.8.8.8", "8.8.4.4"]
-  }
+  :location => "Sjöbo, Sweden"
 )
 
 override_attributes(

diff --git a/roles/teraswitch.rb b/roles/teraswitch.rb
index 1c24a529b68f267880bb7894a015fdb672620e0e..cbdab5d460c94701e2884939770da8caffff0347 100644 (file)
--- a/roles/teraswitch.rb
+++ b/roles/teraswitch.rb
@@ -9,13 +9,7 @@ default_attributes(
   },
   :hosted_by => "TeraSwitch Networks",
   :location => "Pittsburgh, Pennsylvania",
-  :timezone => "EST5EDT",
-  :networking => {
-    :nameservers => [
-      "1.1.1.1",
-      "8.8.8.8"
-    ]
-  }
+  :timezone => "EST5EDT"
 )
 
 override_attributes(

diff --git a/roles/tetaneutral.rb b/roles/tetaneutral.rb
index 2459652ba34c8ec45052e1a1b26de4642a08b057..a156330236e60fb12c257d091425e4be77e3974a 100644 (file)
--- a/roles/tetaneutral.rb
+++ b/roles/tetaneutral.rb
@@ -8,13 +8,7 @@ default_attributes(
     }
   },
   :hosted_by => "Tetaneutral.net",
-  :location => "Toulouse, France",
-  :networking => {
-    :nameservers => [
-      "8.8.8.8",
-      "8.8.4.4"
-    ]
-  }
+  :location => "Toulouse, France"
 )
 
 override_attributes(

diff --git a/roles/thorn-04.rb b/roles/thorn-04.rb
index 74e31f7daf092a4757dc1c525e5df63890ca373e..baf14f7f8c523f9fb6159277e05c9da7fee35d7e 100644 (file)
--- a/roles/thorn-04.rb
+++ b/roles/thorn-04.rb
@@ -10,7 +10,7 @@ default_attributes(
         :family => :inet,
         :address => "10.0.32.41",
         :bond => {
-          :slaves => %w[em1 em2]
+          :slaves => %w[enp3s0f0 enp3s0f1]
         }
       }
     }

diff --git a/roles/thorn-05.rb b/roles/thorn-05.rb
index 87a5acdb1cce4aaa199a3253ba7286687ded72dd..b628591111bf2a7b6476cbed41af18adaa1594f2 100644 (file)
--- a/roles/thorn-05.rb
+++ b/roles/thorn-05.rb
@@ -10,7 +10,7 @@ default_attributes(
         :family => :inet,
         :address => "10.0.32.42",
         :bond => {
-          :slaves => %w[em1 em2]
+          :slaves => %w[enp3s0f0 enp3s0f1]
         }
       }
     }

diff --git a/roles/tuxis.rb b/roles/tuxis.rb
index 3b4a8acbe2fab9725fec07ec401b2efd71d8d449..540879da734c0c6ffa529c50c588f85cc1ab9ccf 100644 (file)
--- a/roles/tuxis.rb
+++ b/roles/tuxis.rb
@@ -3,13 +3,13 @@ description "Role applied to all servers at Tuxis"
 
 default_attributes(
   :hosted_by => "Tuxis",
-  :location => "Ede, Netherlands",
-  :networking => {
-    :nameservers => ["2a03:7900:2:0:31:3:104:61", "2a03:7900:2:0:31:3:104:62"]
-  }
+  :location => "Ede, Netherlands"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["2a03:7900:2:0:31:3:104:61", "2a03:7900:2:0:31:3:104:62"]
+  },
   :ntp => {
     :servers => ["0.nl.pool.ntp.org", "1.nl.pool.ntp.org", "europe.pool.ntp.org"]
   }

diff --git a/roles/ucl.rb b/roles/ucl.rb
index 516c925d39f5e81073d242ca1d7a88425287596a..a0f5331f4a6c3c49ef44059e8481bd23b5cb2c2c 100644 (file)
--- a/roles/ucl.rb
+++ b/roles/ucl.rb
@@ -30,7 +30,7 @@ default_attributes(
 
 override_attributes(
   :networking => {
-    :nameservers => ["10.0.0.3", "8.8.8.8", "8.8.4.4"],
+    :nameservers => ["10.0.0.3", "1.1.1.1", "1.0.0.1"],
     :search => ["ucl.openstreetmap.org", "openstreetmap.org"]
   },
   :ntp => {

diff --git a/roles/umu.rb b/roles/umu.rb
index 33caf6148fdbce296068ead39ca1aa7b161b8d7a..9e783264dfb98f059d29a63a0a71ee3c59f78c3b 100644 (file)
--- a/roles/umu.rb
+++ b/roles/umu.rb
@@ -8,13 +8,13 @@ default_attributes(
     }
   },
   :hosted_by => "Academic Computer Club, Umeå University",
-  :location => "Umeå, Sweden",
-  :networking => {
-    :nameservers => ["130.239.18.251", "130.239.18.252", "130.239.1.90"]
-  }
+  :location => "Umeå, Sweden"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["130.239.18.251", "130.239.18.252", "130.239.1.90"]
+  },
   :ntp => {
     :servers => ["0.se.pool.ntp.org", "1.se.pool.ntp.org", "europe.pool.ntp.org"]
   }

diff --git a/roles/unizar.rb b/roles/unizar.rb
index 746edaf8889f4cfac1801c42c294b82d96dad98f..3f5f6819b8497760f95cb0499efd4c5a5533a9ed 100644 (file)
--- a/roles/unizar.rb
+++ b/roles/unizar.rb
@@ -8,10 +8,7 @@ default_attributes(
     }
   },
   :hosted_by => "University of Zaragoza",
-  :location => "Zaragoza, Spain",
-  :networking => {
-    :nameservers => ["155.210.12.9", "155.210.3.12"]
-  }
+  :location => "Zaragoza, Spain"
 )
 
 override_attributes(

diff --git a/roles/utelecom.rb b/roles/utelecom.rb
index 7f613872ecdadca7ec6cc27ddab5eb952a11b7ad..3d0eab25c053e3208d016550b9c80f01cb636a04 100644 (file)
--- a/roles/utelecom.rb
+++ b/roles/utelecom.rb
@@ -3,10 +3,7 @@ description "Role applied to all servers at Ukrainian Telecommunication Group"
 
 default_attributes(
   :hosted_by => "Ukrainian Telecommunication Group",
-  :location => "Kiev, Ukraine",
-  :networking => {
-    :nameservers => ["8.8.8.8", "8.8.4.4"]
-  }
+  :location => "Kiev, Ukraine"
 )
 
 override_attributes(

diff --git a/roles/viserion.rb b/roles/viserion.rb
index 33675f1aa80334a964cd53909112119de8ad2c4d..03bbc3c05055f8b91036a33c0d3ecf9249856720 100644 (file)
--- a/roles/viserion.rb
+++ b/roles/viserion.rb
@@ -32,13 +32,7 @@ default_attributes(
         :prefix => "64",
         :gateway => "2001:b68:4cff:3::1"
       }
-    },
-    :nameservers => [
-      "8.8.8.8",
-      "8.8.4.4",
-      "2001:4860:4860::8888",
-      "2001:4860:4860::8844"
-    ]
+    }
   },
   :squid => {
     :version => 4,

diff --git a/roles/vodafone-cz.rb b/roles/vodafone-cz.rb
index d23ab154f371eb2ad2f8c9ce3f7f000998b56e5a..fa7c1fdfd93bb6650b29481783cd0fe18cb2bac3 100644 (file)
--- a/roles/vodafone-cz.rb
+++ b/roles/vodafone-cz.rb
@@ -3,13 +3,13 @@ description "Role applied to all servers at Vodafone CZ"
 
 default_attributes(
   :hosted_by => "Vodafone",
-  :location => "Prague, Czech Republic",
-  :networking => {
-    :nameservers => ["62.24.64.2", "2a02:8301:0:10::3", "2001:4860:4860::8888"]
-  }
+  :location => "Prague, Czech Republic"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["62.24.64.2", "2a02:8301:0:10::3"]
+  },
   :ntp => {
     :servers => ["0.cz.pool.ntp.org", "1.cz.pool.ntp.org", "europe.pool.ntp.org"]
   }

diff --git a/roles/web-db.rb b/roles/web-db.rb
index 3db0cc4a787d0d816d4c9086de923d7cab52dfac..c03da5277b620a825a52d96a7b4213957a92401e 100644 (file)
--- a/roles/web-db.rb
+++ b/roles/web-db.rb
@@ -3,6 +3,6 @@ description "Role applied to all servers needing to find the main database"
 
 default_attributes(
   :web => {
-    :database_host => "karm.ams.openstreetmap.org"
+    :database_host => "snap-01.ams.openstreetmap.org"
   }
 )

diff --git a/roles/wiki.rb b/roles/wiki.rb
index be9510f7003fe6f4ee730bc718af5752ae4139da..21f6ea8a49d49452743140d31a9131d810cd21f2 100644 (file)
--- a/roles/wiki.rb
+++ b/roles/wiki.rb
@@ -48,8 +48,6 @@ default_attributes(
         :innodb_buffer_pool_size => "4G",
         :key_buffer_size => "64M",
         :max_connections => "200",
-        :query_cache_size => "256M",
-        :query_cache_type => "1",
         :sort_buffer_size => "8M",
         :tmp_table_size => "128M"
       }

diff --git a/roles/yandex.rb b/roles/yandex.rb
index b6c42e88a8ad6011b75f12e52cb24a1244bfede0..9acde36c12daded02e1a2bb1137a443bc1101bdd 100644 (file)
--- a/roles/yandex.rb
+++ b/roles/yandex.rb
@@ -6,7 +6,6 @@ default_attributes(
   :location => "Moscow, Russia",
   :timezone => "Europe/Moscow",
   :networking => {
-    :nameservers => ["8.8.8.8", "8.8.4.4"],
     :wireguard => { :keepalive => 180 }
   }
 )

diff --git a/roles/zcu.rb b/roles/zcu.rb
index cfa1f63fc73a2c7979be2fad61ff5c6500856861..8420c54d91bd1fef2c39c22039cdf26f603982f3 100644 (file)
--- a/roles/zcu.rb
+++ b/roles/zcu.rb
@@ -3,13 +3,13 @@ description "Role applied to all servers at University of West Bohemia"
 
 default_attributes(
   :hosted_by => "University of West Bohemia",
-  :location => "Pilsen, Czech Republic",
-  :networking => {
-    :nameservers => ["147.228.3.3", "147.228.52.11"]
-  }
+  :location => "Pilsen, Czech Republic"
 )
 
 override_attributes(
+  :networking => {
+    :nameservers => ["147.228.3.3", "147.228.52.11"]
+  },
   :ntp => {
     :servers => ["0.cz.pool.ntp.org", "1.cz.pool.ntp.org", "europe.pool.ntp.org"]
   }