From: Tom Hughes <tom@compton.nu>
Date: Thu, 16 Jan 2025 20:44:19 +0000 (+0000)
Subject: Merge remote-tracking branch 'github/pull/727'
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/007a4d09a952d5fe9b4d90a6b6c9a97d1e72a9d2?hp=5e68410e7abe074cf4ce78fcf154d6b036d9d443

Merge remote-tracking branch 'github/pull/727'
---

diff --git a/cookbooks/community/recipes/default.rb b/cookbooks/community/recipes/default.rb
index 000a57a7e..a09762470 100644
--- a/cookbooks/community/recipes/default.rb
+++ b/cookbooks/community/recipes/default.rb
@@ -62,8 +62,8 @@ end
 git "/srv/community.openstreetmap.org/docker" do
   action :sync
   repository "https://github.com/discourse/discourse_docker.git"
-  # Revision pin not possible as launch wrapper automatically updates git repo.
-  revision "main"
+  # DANGER launch wrapper automatically updates git repo if rebuild method used: https://github.com/discourse/discourse_docker/blob/107ffb40fe8b1ea40e00814468db974a4f3f8e8f/launcher#L799
+  revision "b345430a822d6275573f3d82f1ad2e2b5fa1e0b1"
   depth 1
   user "root"
   group "root"
@@ -122,18 +122,24 @@ notify_group "discourse_container_new_web_only" do
   notifies :run, "execute[discourse_container_data_start]", :immediately # noop if site up
   notifies :run, "execute[discourse_container_web_only_bootstrap]", :immediately # site up but runs in parallel. Slow
   notifies :run, "execute[discourse_container_web_only_destroy]", :immediately # site down
-  notifies :run, "execute[discourse_container_data_rebuild]", :immediately # site down
+  notifies :run, "execute[discourse_container_data_destroy]", :immediately # site down
+  notifies :run, "execute[discourse_container_data_bootstrap]", :immediately # site down
+  notifies :run, "execute[discourse_container_data_start]", :immediately # site down
   notifies :run, "execute[discourse_container_web_only_start]", :immediately # site restore
 end
 
 notify_group "discourse_container_new_data" do
   notifies :run, "execute[discourse_container_web_only_destroy]", :immediately # site down
-  notifies :run, "execute[discourse_container_data_rebuild]", :immediately # site down
+  notifies :run, "execute[discourse_container_data_destroy]", :immediately # site down
+  notifies :run, "execute[discourse_container_data_bootstrap]", :immediately # site down
+  notifies :run, "execute[discourse_container_data_start]", :immediately # site down
   notifies :run, "execute[discourse_container_web_only_start]", :immediately # site restore
 end
 
 notify_group "discourse_container_new_mail_receiver" do
-  notifies :run, "execute[discourse_container_mail_receiver_rebuild]", :immediately
+  notifies :run, "execute[discourse_container_mail_receiver_destroy]", :immediately
+  notifies :run, "execute[discourse_container_mail_receiver_bootstrap]", :immediately
+  notifies :run, "execute[discourse_container_mail_receiver_start]", :immediately
 end
 
 # Attempt at a failsafe to ensure all containers are running
@@ -144,17 +150,25 @@ notify_group "discourse_container_ensure_all_running" do
   notifies :run, "execute[discourse_container_mail_receiver_start]", :delayed
 end
 
-execute "discourse_container_data_start" do
+execute "discourse_container_data_bootstrap" do
   action :nothing
-  command "./launcher start data"
+  command "./launcher bootstrap data"
+  cwd "/srv/community.openstreetmap.org/docker/"
+  user "root"
+  group "root"
+end
+
+execute "discourse_container_data_destroy" do
+  action :nothing
+  command "./launcher destroy data"
   cwd "/srv/community.openstreetmap.org/docker/"
   user "root"
   group "root"
 end
 
-execute "discourse_container_data_rebuild" do
+execute "discourse_container_data_start" do
   action :nothing
-  command "./launcher rebuild data"
+  command "./launcher start data"
   cwd "/srv/community.openstreetmap.org/docker/"
   user "root"
   group "root"
@@ -184,10 +198,17 @@ execute "discourse_container_web_only_start" do
   group "root"
 end
 
-# Rebuild: Stop Destroy Bootstap Start
-execute "discourse_container_mail_receiver_rebuild" do
+execute "discourse_container_mail_receiver_bootstrap" do
+  action :nothing
+  command "./launcher bootstrap mail-receiver"
+  cwd "/srv/community.openstreetmap.org/docker/"
+  user "root"
+  group "root"
+end
+
+execute "discourse_container_mail_receiver_destroy" do
   action :nothing
-  command "./launcher rebuild mail-receiver"
+  command "./launcher destroy mail-receiver"
   cwd "/srv/community.openstreetmap.org/docker/"
   user "root"
   group "root"
diff --git a/cookbooks/dev/recipes/default.rb b/cookbooks/dev/recipes/default.rb
index 073bb3e13..0d6790f46 100644
--- a/cookbooks/dev/recipes/default.rb
+++ b/cookbooks/dev/recipes/default.rb
@@ -61,6 +61,7 @@ package %w[
   gnuplot-nox
   golang
   graphviz
+  htop
   irssi
   jq
   libargon2-dev
@@ -95,6 +96,7 @@ package %w[
   lzip
   lzop
   mailutils
+  moreutils
   make
   nano
   ncftp
@@ -103,7 +105,6 @@ package %w[
   osmium-tool
   osmosis
   pandoc
-  pandoc
   pbzip2
   php-apcu
   php-cgi
@@ -149,6 +150,7 @@ package %w[
   unrar
   unzip
   whois
+  xxd
   zip
   zlib1g-dev
 ]
diff --git a/cookbooks/imagery/recipes/tiler.rb b/cookbooks/imagery/recipes/tiler.rb
index ec7daa835..319cb5794 100644
--- a/cookbooks/imagery/recipes/tiler.rb
+++ b/cookbooks/imagery/recipes/tiler.rb
@@ -39,9 +39,7 @@ podman_service "titiler" do
   image container_image
   volume :"/store/imagery"       => "/store/imagery",
          :"/srv/imagery/sockets" => "/sockets"
-  environment :BIND                                => "unix:/sockets/titiler.sock",
-              :WORKERS_PER_CORE                    => 1,
-              :GDAL_CACHEMAX                       => 200,
+  environment :GDAL_CACHEMAX                       => 200,
               :GDAL_BAND_BLOCK_CACHE               => "HASHSET",
               :GDAL_DISABLE_READDIR_ON_OPEN        => "EMPTY_DIR",
               :GDAL_INGESTED_BYTES_AT_OPEN         => 32768,
@@ -52,6 +50,7 @@ podman_service "titiler" do
               :VSI_CACHE_SIZE                      => 5000000,
               :TITILER_API_ROOT_PATH               => "/api/v1/titiler",
               :FORWARDED_ALLOW_IPS                 => "*" # https://docs.gunicorn.org/en/latest/settings.html#forwarded-allow-ips
+  command "gunicorn -k uvicorn.workers.UvicornWorker titiler.application.main:app --bind unix:/sockets/titiler.sock --workers #{node.cpu_cores}"
 end
 
 systemd_service "titiler-restart" do
diff --git a/cookbooks/podman/resources/service.rb b/cookbooks/podman/resources/service.rb
index 5ef0b5885..d9a328192 100644
--- a/cookbooks/podman/resources/service.rb
+++ b/cookbooks/podman/resources/service.rb
@@ -27,6 +27,7 @@ property :image, String, :required => true
 property :ports, Hash, :default => {}
 property :environment, Hash, :default => {}
 property :volume, Hash, :default => {}
+property :command, String, :default => ""
 
 action :create do
   systemd_service new_resource.service do
@@ -35,7 +36,11 @@ action :create do
     notify_access "all"
     environment "PODMAN_SYSTEMD_UNIT" => "%n"
     exec_start_pre "/bin/rm --force %t/%n.ctr-id"
-    exec_start "/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --userns=auto --label=io.containers.autoupdate=registry --pids-limit=-1 #{publish_options} #{environment_options} #{volume_options} --rm --sdnotify=conmon --detach --replace --name=%N #{new_resource.image}"
+    exec_start "/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon "\
+               "--userns=auto --label=io.containers.autoupdate=registry "\
+               "--pids-limit=-1 #{publish_options} #{environment_options} "\
+               "#{volume_options} --rm --sdnotify=conmon --detach --replace "\
+               "--name=%N #{new_resource.image} #{new_resource.command}"
     exec_stop "/usr/bin/podman stop --ignore --time=10 --cidfile=%t/%n.ctr-id"
     exec_stop_post "/usr/bin/podman rm --force --ignore --cidfile=%t/%n.ctr-id"
     timeout_start_sec 180