From: Tom Hughes Date: Sun, 20 Aug 2023 07:38:25 +0000 (+0100) Subject: Merge remote-tracking branch 'github/pull/604' X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/2dfe1ce611aa91fafd4e68ea69056a604cde0f44?hp=a2d5fb5394045b0eacbd3ed24a3c1281a5a931f7 Merge remote-tracking branch 'github/pull/604' --- diff --git a/.github/workflows/test-kitchen.yml b/.github/workflows/test-kitchen.yml index 63b741695..33af67104 100644 --- a/.github/workflows/test-kitchen.yml +++ b/.github/workflows/test-kitchen.yml @@ -34,7 +34,6 @@ jobs: - dmca - dns - docker - - donate - elasticsearch - exim - fail2ban diff --git a/.kitchen.yml b/.kitchen.yml index 6d37be49f..dd9466903 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -138,9 +138,6 @@ suites: - name: docker run_list: - recipe[docker::default] - - name: donate - run_list: - - recipe[donate::default] - name: elasticsearch run_list: - recipe[elasticsearch::default] diff --git a/Gemfile.lock b/Gemfile.lock index 8b175d973..2a6423a9f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - activesupport (7.0.6) + activesupport (7.0.7) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) @@ -10,7 +10,7 @@ GEM public_suffix (>= 2.0.2, < 6.0) ast (2.4.2) aws-eventstream (1.2.0) - aws-partitions (1.800.0) + aws-partitions (1.807.0) aws-sdk-account (1.17.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) @@ -53,10 +53,10 @@ GEM aws-sdk-cloudhsmv2 (1.49.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) - aws-sdk-cloudtrail (1.66.0) + aws-sdk-cloudtrail (1.67.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) - aws-sdk-cloudwatch (1.78.0) + aws-sdk-cloudwatch (1.79.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) aws-sdk-cloudwatchevents (1.62.0) @@ -65,7 +65,7 @@ GEM aws-sdk-cloudwatchlogs (1.69.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) - aws-sdk-codecommit (1.58.0) + aws-sdk-codecommit (1.59.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) aws-sdk-codedeploy (1.57.0) @@ -80,10 +80,10 @@ GEM aws-sdk-cognitoidentityprovider (1.76.0) aws-sdk-core (~> 3, >= 3.176.0) aws-sigv4 (~> 1.1) - aws-sdk-configservice (1.96.0) + aws-sdk-configservice (1.97.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) - aws-sdk-core (3.180.2) + aws-sdk-core (3.180.3) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.5) @@ -97,7 +97,7 @@ GEM aws-sdk-dynamodb (1.93.1) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) - aws-sdk-ec2 (1.396.0) + aws-sdk-ec2 (1.399.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) aws-sdk-ecr (1.63.0) @@ -124,7 +124,7 @@ GEM aws-sdk-elasticloadbalancing (1.47.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) - aws-sdk-elasticloadbalancingv2 (1.89.0) + aws-sdk-elasticloadbalancingv2 (1.90.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) aws-sdk-elasticsearchservice (1.76.0) @@ -142,7 +142,7 @@ GEM aws-sdk-glue (1.145.0) aws-sdk-core (~> 3, >= 3.176.0) aws-sigv4 (~> 1.1) - aws-sdk-guardduty (1.76.0) + aws-sdk-guardduty (1.77.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) aws-sdk-iam (1.86.0) @@ -184,13 +184,13 @@ GEM aws-sdk-route53 (1.78.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) - aws-sdk-route53domains (1.49.0) + aws-sdk-route53domains (1.50.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) aws-sdk-route53resolver (1.47.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.132.0) + aws-sdk-s3 (1.132.1) aws-sdk-core (~> 3, >= 3.179.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.6) @@ -200,7 +200,7 @@ GEM aws-sdk-secretsmanager (1.46.0) aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-securityhub (1.90.0) + aws-sdk-securityhub (1.91.0) aws-sdk-core (~> 3, >= 3.177.0) aws-sigv4 (~> 1.1) aws-sdk-servicecatalog (1.60.0) @@ -281,31 +281,6 @@ GEM multi_json domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - dry-configurable (0.13.0) - concurrent-ruby (~> 1.0) - dry-core (~> 0.6) - dry-container (0.11.0) - concurrent-ruby (~> 1.0) - dry-core (0.9.1) - concurrent-ruby (~> 1.0) - zeitwerk (~> 2.6) - dry-inflector (0.3.0) - dry-logic (1.3.0) - concurrent-ruby (~> 1.0) - dry-core (~> 0.9, >= 0.9) - zeitwerk (~> 2.6) - dry-struct (1.5.2) - dry-core (~> 0.9, >= 0.9) - dry-types (~> 1.6) - ice_nine (~> 0.11) - zeitwerk (~> 2.6) - dry-types (1.6.1) - concurrent-ruby (~> 1.0) - dry-container (~> 0.3) - dry-core (~> 0.9, >= 0.9) - dry-inflector (~> 0.1, >= 0.1.2) - dry-logic (~> 1.3, >= 1.3) - zeitwerk (~> 2.6) ed25519 (1.3.0) erubi (1.12.0) excon (0.100.0) @@ -362,7 +337,6 @@ GEM gyoku (1.4.0) builder (>= 2.1.2) rexml (~> 3.0) - hashdiff (1.0.1) hashie (4.1.0) highline (2.1.0) http-cookie (1.0.5) @@ -370,21 +344,19 @@ GEM httpclient (2.8.3) i18n (1.14.1) concurrent-ruby (~> 1.0) - ice_nine (0.11.2) inifile (3.0.0) - inspec (5.22.3) + inspec (5.21.29) cookstyle faraday_middleware (>= 0.12.2, < 1.1) - inspec-core (= 5.22.3) + inspec-core (= 5.21.29) mongo (= 2.13.2) progress_bar (~> 1.3.3) rake train (~> 3.10) train-aws (~> 0.2) train-habitat (~> 0.1) - train-kubernetes (~> 0.1) train-winrm (~> 0.2) - inspec-core (5.22.3) + inspec-core (5.21.29) addressable (~> 2.4) chef-telemetry (~> 1.0, >= 1.0.8) faraday (>= 1, < 3) @@ -409,20 +381,7 @@ GEM tty-table (~> 0.10) jmespath (1.6.2) json (2.6.3) - jsonpath (0.9.9) - multi_json - to_regexp (~> 0.2.1) jwt (2.7.1) - k8s-ruby (0.14.0) - dry-configurable (~> 0.13.0) - dry-struct (<= 1.6.0) - dry-types (<= 1.7.0) - excon (~> 0.71) - hashdiff (~> 1.0.0) - jsonpath (~> 0.9.5) - recursive-open-struct (~> 1.1.3) - yajl-ruby (~> 1.4.0) - yaml-safe_load_stream3 kitchen-dokken (2.19.1) docker-api (>= 1.33, < 3) lockfile (~> 2.1) @@ -493,7 +452,6 @@ GEM racc (1.7.1) rainbow (3.1.1) rake (13.0.6) - recursive-open-struct (1.1.3) regexp_parser (2.8.1) representable (3.2.0) declarative (< 0.1.0) @@ -560,7 +518,6 @@ GEM winrm-fs (~> 1.1) thor (1.2.2) timeliness (0.3.10) - to_regexp (0.2.1) tomlrb (1.3.0) trailblazer-option (0.1.2) train (3.10.8) @@ -661,9 +618,6 @@ GEM net-scp (>= 1.2, < 5.0) net-ssh (>= 2.9, < 8.0) train-habitat (0.2.22) - train-kubernetes (0.1.12) - k8s-ruby (~> 0.14.0) - train (~> 3.0) train-winrm (0.2.13) winrm (>= 2.3.6, < 3.0) winrm-elevated (~> 1.2.2) @@ -713,9 +667,6 @@ GEM rubyzip (~> 2.0) winrm (~> 2.0) wisper (2.0.1) - yajl-ruby (1.4.3) - yaml-safe_load_stream3 (0.1.2) - zeitwerk (2.6.11) PLATFORMS ruby diff --git a/cookbooks/backup/templates/default/expire.cron.erb b/cookbooks/backup/templates/default/expire.cron.erb index bcdc6aaa2..c43c6f917 100644 --- a/cookbooks/backup/templates/default/expire.cron.erb +++ b/cookbooks/backup/templates/default/expire.cron.erb @@ -2,7 +2,7 @@ # DO NOT EDIT - This file is being maintained by Chef -for prefix in blogs chef-server chef-repository chef-git community forum git lists munin osm-blog osm-donate osmf-crm osmf-ledgersmb wiki-wiki.osmfoundation.org osqa otrs prometheus sotm svn switch2osm trac wiki-board.osmfoundation.org wiki-dwg.osmfoundation.org wiki-mwg.osmfoundation.org wiki-wiki.openstreetmap.org +for prefix in blogs chef-server chef-repository chef-git community forum git lists munin osm-blog osmf-crm osmf-ledgersmb wiki-wiki.osmfoundation.org osqa otrs prometheus sotm svn switch2osm trac wiki-board.osmfoundation.org wiki-dwg.osmfoundation.org wiki-mwg.osmfoundation.org wiki-wiki.openstreetmap.org do /usr/local/bin/expire-backups --days=3 --weeks=3 --months=3 /store/backup $prefix done diff --git a/cookbooks/civicrm/recipes/default.rb b/cookbooks/civicrm/recipes/default.rb index c153c373f..557e8b736 100644 --- a/cookbooks/civicrm/recipes/default.rb +++ b/cookbooks/civicrm/recipes/default.rb @@ -49,21 +49,20 @@ mysql_database "civicrm" do permissions "civicrm@localhost" => :all end -ssl_certificate "join.osmfoundation.org" do - domains [ "join.osmfoundation.org", "crm.osmfoundation.org", - "supporting.osmfoundation.org", "support.osmfoundation.org", - "support.openstreetmap.org", "supporting.osm.org", - "support.osm.org"] - notifies :reload, "service[apache2]" -end - -apache_site "join.osmfoundation.org" do - template "apache.erb" -end - wordpress_site "supporting.openstreetmap.org" do - # Do not add aliases these can causes issues with civicrm PHP sessions - # Use redirects instead + aliases %w[ + crm.osmfoundation.org + donate.openstreetmap.org + donate.openstreetmap.com + donate.openstreetmap.net + donate.osm.org + join.osmfoundation.org + supporting.osmfoundation.org + support.osmfoundation.org + support.openstreetmap.org + supporting.osm.org + support.osm.org + ] database_name "civicrm" database_user "civicrm" database_password database_password diff --git a/cookbooks/donate/README.md b/cookbooks/donate/README.md deleted file mode 100644 index fbe8e605b..000000000 --- a/cookbooks/donate/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Donate Cookbook - -This cookbook installs the donate.openstreetmap.org site diff --git a/cookbooks/donate/attributes/default.rb b/cookbooks/donate/attributes/default.rb deleted file mode 100644 index c6c3785d6..000000000 --- a/cookbooks/donate/attributes/default.rb +++ /dev/null @@ -1,2 +0,0 @@ -# Enable the "donate" role -default[:accounts][:users][:donate][:status] = :role diff --git a/cookbooks/donate/metadata.rb b/cookbooks/donate/metadata.rb deleted file mode 100644 index b5a2967ff..000000000 --- a/cookbooks/donate/metadata.rb +++ /dev/null @@ -1,14 +0,0 @@ -name "donate" -maintainer "OpenStreetMap Administrators" -maintainer_email "admins@openstreetmap.org" -license "Apache-2.0" -description "Installs and configures Donate Site" - -version "1.0.0" -supports "ubuntu" -depends "accounts" -depends "apache" -depends "git" -depends "mysql" -depends "php" -depends "systemd" diff --git a/cookbooks/donate/recipes/default.rb b/cookbooks/donate/recipes/default.rb deleted file mode 100644 index 49e46d78f..000000000 --- a/cookbooks/donate/recipes/default.rb +++ /dev/null @@ -1,50 +0,0 @@ -# -# Cookbook:: donate -# Recipe:: default -# -# Copyright:: 2016, OpenStreetMap Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -include_recipe "accounts" -include_recipe "apache" -include_recipe "php::fpm" - -apache_module "headers" - -ssl_certificate "donate.openstreetmap.org" do - domains ["donate.openstreetmap.org", "donate.openstreetmap.com", - "donate.openstreetmap.net", "donate.osm.org"] - notifies :reload, "service[apache2]" -end - -php_fpm "donate.openstreetmap.org" do - action :delete -end - -apache_site "donate.openstreetmap.org" do - template "apache.erb" -end - -service "osmf-donate.timer" do - action [:stop, :disable] -end - -systemd_service "osmf-donate" do - action :delete -end - -file "/etc/cron.daily/osmf-donate-backup" do - action :delete -end diff --git a/cookbooks/donate/templates/default/apache.erb b/cookbooks/donate/templates/default/apache.erb deleted file mode 100644 index 8cb886e91..000000000 --- a/cookbooks/donate/templates/default/apache.erb +++ /dev/null @@ -1,30 +0,0 @@ -# DO NOT EDIT - This file is being maintained by Chef - -<% [80, 443].each do |port| -%> -> - - ServerName donate.openstreetmap.org - ServerAlias donate.openstreetmap.com - ServerAlias donate.openstreetmap.net - ServerAlias donate.osm.org - - ServerAdmin webmaster@openstreetmap.org - -<% if port == 80 -%> - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://supporting.openstreetmap.org/ -<% end -%> -<% if port == 443 -%> - SSLEngine on - SSLCertificateFile /etc/ssl/certs/donate.openstreetmap.org.pem - SSLCertificateKeyFile /etc/ssl/private/donate.openstreetmap.org.key - - RedirectMatch . https://supporting.openstreetmap.org/ - <% end -%> - - CustomLog /var/log/apache2/donate.openstreetmap.org-access.log combined - ErrorLog /var/log/apache2/donate.openstreetmap.org-error.log - - - -<% end -%> diff --git a/cookbooks/tilelog/recipes/default.rb b/cookbooks/tilelog/recipes/default.rb index 96aa8dafc..89b37dde8 100644 --- a/cookbooks/tilelog/recipes/default.rb +++ b/cookbooks/tilelog/recipes/default.rb @@ -31,7 +31,7 @@ end python_package "tilelog" do python_virtualenv tilelog_directory python_version "3" - version "1.6.0" + version "1.6.1" end directory tilelog_output_directory do diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb index c1a87bdad..d2362a4a5 100644 --- a/cookbooks/wordpress/templates/default/apache.erb +++ b/cookbooks/wordpress/templates/default/apache.erb @@ -14,10 +14,11 @@ RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ RedirectPermanent / https://<%= @name %>/ +<% unless @aliases.empty? -%> - ServerName <%= @name %> -<% @aliases.each do |alias_name| -%> + ServerName <%= @aliases.first %> +<% @aliases.drop(1).each do |alias_name| -%> ServerAlias <%= alias_name %> <% end -%> @@ -30,6 +31,22 @@ CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log + RedirectPermanent / https://<%= @name %>/ + +<% end -%> + + + ServerName <%= @name %> + + ServerAdmin webmaster@openstreetmap.org + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + DocumentRoot <%= @directory %> <% @urls.each do |url,directory| -%> Alias <%= url %> <%= directory %> @@ -100,5 +117,4 @@ Require all denied - diff --git a/roles/donate.rb b/roles/donate.rb deleted file mode 100644 index a40547878..000000000 --- a/roles/donate.rb +++ /dev/null @@ -1,6 +0,0 @@ -name "donate" -description "Role applied to all donate servers" - -run_list( - "recipe[donate]" -) diff --git a/roles/dribble.rb b/roles/dribble.rb index 1f23fa195..ce6da2fac 100644 --- a/roles/dribble.rb +++ b/roles/dribble.rb @@ -37,5 +37,6 @@ default_attributes( ) run_list( - "role[equinix-ams]" + "role[equinix-ams]", + "role[taginfo]" ) diff --git a/roles/ridley.rb b/roles/ridley.rb index 7a653f422..b1b1e1e13 100644 --- a/roles/ridley.rb +++ b/roles/ridley.rb @@ -44,7 +44,6 @@ run_list( "role[stateofthemap]", "role[blog]", "role[otrs]", - "role[donate]", "recipe[dmca]", "recipe[dhcpd]" ) diff --git a/test/data_bags/accounts/donate.json b/test/data_bags/accounts/donate.json deleted file mode 100644 index a0fdfcc02..000000000 --- a/test/data_bags/accounts/donate.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "id": "donate", - "uid": "524", - "comment": "OSMF Donations" -} diff --git a/test/integration/donate/inspec/apache_spec.rb b/test/integration/donate/inspec/apache_spec.rb deleted file mode 100644 index 8006330b4..000000000 --- a/test/integration/donate/inspec/apache_spec.rb +++ /dev/null @@ -1,18 +0,0 @@ -describe package("apache2") do - it { should be_installed } -end - -describe service("apache2") do - it { should be_enabled } - it { should be_running } -end - -describe port(80) do - it { should be_listening } - its("protocols") { should cmp "tcp" } -end - -describe port(443) do - it { should be_listening } - its("protocols") { should cmp "tcp" } -end