From: Tom Hughes Date: Tue, 20 Jun 2023 17:39:51 +0000 (+0100) Subject: Merge remote-tracking branch 'github/pull/590' X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/7b5fc0affb1c94be3340f8f65ed6afd94c8ce4c4?hp=1f0986c518e3b54d9f6b53992e18b2c693cd2015 Merge remote-tracking branch 'github/pull/590' --- diff --git a/.kitchen.yml b/.kitchen.yml index 0a18ae086..87b4dfdda 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -37,9 +37,9 @@ platforms: pid_one_command: /bin/systemd intermediate_instructions: - RUN /usr/bin/apt-get update -y - - name: debian-11 + - name: debian-12 driver: - image: dokken/debian-11 + image: dokken/debian-12 privileged: true pid_one_command: /bin/systemd intermediate_instructions: diff --git a/cookbooks/apt/templates/default/apt.conf.erb b/cookbooks/apt/templates/default/apt.conf.erb index 730678e58..8943458e9 100644 --- a/cookbooks/apt/templates/default/apt.conf.erb +++ b/cookbooks/apt/templates/default/apt.conf.erb @@ -7,3 +7,7 @@ Unattended-Upgrade::Remove-Unused-Dependencies "<%= node[:apt][:unattended_upgra // Don't install recommended packages as we don't want to get // new postgres versions automatically APT::Install-Recommends "false"; + +// Briefly wait for lock on dpkg/apt +// to avoid concurrent issues with unattended-upgrades and apt daily +DPkg::lock::timeout 90; diff --git a/cookbooks/hardware/recipes/default.rb b/cookbooks/hardware/recipes/default.rb index 119176cd6..5e4899476 100644 --- a/cookbooks/hardware/recipes/default.rb +++ b/cookbooks/hardware/recipes/default.rb @@ -28,11 +28,13 @@ ohai_plugin "hardware" do template "ohai.rb.erb" end -case node[:cpu][:"0"][:vendor_id] -when "GenuineIntel" - package "intel-microcode" -when "AuthenticAMD" - package "amd64-microcode" +if node[:cpu] && node[:cpu][:"0"] && node[:cpu][:"0"][:vendor_id] + case node[:cpu][:"0"][:vendor_id] + when "GenuineIntel" + package "intel-microcode" + when "AuthenticAMD" + package "amd64-microcode" + end end if node[:dmi] && node[:dmi][:system] @@ -204,9 +206,20 @@ template "/etc/initramfs-tools/conf.d/mdadm" do notifies :run, "execute[update-initramfs]" end -package "haveged" -service "haveged" do - action [:enable, :start] +# haveged is only required on older kernels +# /dev/random is not blocking anymore in 5.15+ +if Chef::Util.compare_versions(node[:kernel][:release], [5, 15]).negative? + package "haveged" + service "haveged" do + action [:enable, :start] + end +else + service "haveged" do + action [:stop, :disable] + end + package "haveged" do + action :remove + end end if node[:kernel][:modules].include?("ipmi_si") diff --git a/cookbooks/imagery/recipes/lu_lidar_hillshade.rb b/cookbooks/imagery/recipes/lu_lidar_hillshade.rb index c80742946..a6a277bc3 100644 --- a/cookbooks/imagery/recipes/lu_lidar_hillshade.rb +++ b/cookbooks/imagery/recipes/lu_lidar_hillshade.rb @@ -33,11 +33,7 @@ end imagery_layer "mappers_delight_lidar_dem_2019" do site "lidar-hillshade-2019.openstreetmap.lu" - projection "EPSG:3857" - source "/data/imagery/lu/lidar-hillshade/dem-3857.tif" - max_zoom 20 - title "OpenStreetMap.lu Mapper's Delight 2019 Lidar DEM" - copyright 'Lidar data 2019 Administration du Cadastre et de la Topographie Luxembourg, DEM Guillaume Rischard, CC0' + action :delete end imagery_layer "mappers_delight_lidar_hillshade_2019_reprojected" do diff --git a/cookbooks/imagery/recipes/lu_ngl_dtm.rb b/cookbooks/imagery/recipes/lu_ngl_dtm.rb index 528c408e0..e3133bf9f 100644 --- a/cookbooks/imagery/recipes/lu_ngl_dtm.rb +++ b/cookbooks/imagery/recipes/lu_ngl_dtm.rb @@ -26,20 +26,12 @@ end imagery_layer "ana_dtm_2017" do site "ana-dtm-2017.openstreetmap.lu" - projection "EPSG:3857" - source "/data/imagery/lu/LUREF_NGL/lu_color_relief-epsg3857-compress.tif" - max_zoom 21 - title "DTM" - copyright '© 2017 Administration de la Navigation Aérienne Luxembourg, CC0' + action :delete end imagery_layer "ana_dtm_2017_hillshading" do site "ana-dtm-2017.openstreetmap.lu" - projection "EPSG:3857" - source "/data/imagery/lu/LUREF_NGL/lu_hillshade_2017-epsg-3857-compress.tif" - max_zoom 21 - title "DTM Hillshading (single light source)" - copyright '© 2017 Administration de la Navigation Aérienne Luxembourg, CC0' + action :delete end imagery_layer "ana_dtm_2017_hillshading_multi" do diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb index 11c75daec..60f3be444 100644 --- a/cookbooks/networking/recipes/default.rb +++ b/cookbooks/networking/recipes/default.rb @@ -126,6 +126,11 @@ node[:networking][:interfaces].each do |_, interface| end end +package "systemd-resolved" do + action :install + only_if { platform?("ubuntu") && node[:lsb][:release].to_f > 22.04 || platform?("debian") && node[:lsb][:release].to_f > 11.0 } +end + service "systemd-networkd" do action [:enable, :start] end diff --git a/cookbooks/prometheus/templates/default/alert_rules.yml.erb b/cookbooks/prometheus/templates/default/alert_rules.yml.erb index 8956104a8..396de8de4 100644 --- a/cookbooks/prometheus/templates/default/alert_rules.yml.erb +++ b/cookbooks/prometheus/templates/default/alert_rules.yml.erb @@ -3,6 +3,13 @@ groups: - name: amsterdam rules: + - alert: uplink + expr: ifOperStatus{site="amsterdam",ifName=~"ge-[01]/2/2"} != 1 + for: 6m + labels: + alertgroup: "amsterdam" + annotations: + status: "{{ $value }}" - alert: pdu current draw expr: rPDU2PhaseStatusCurrent{site="amsterdam",rPDU2PhaseStatusIndex="1"} / 10 > 28 for: 6m @@ -109,6 +116,13 @@ groups: failure_rate: "{{ $value }} jobs/s" - name: dublin rules: + - alert: uplink + expr: ifOperStatus{site="dublin",ifName=~"ge-[01]/2/2"} != 1 + for: 6m + labels: + alertgroup: "dublin" + annotations: + status: "{{ $value }}" - alert: pdu current draw expr: rPDU2PhaseStatusCurrent{site="dublin",rPDU2PhaseStatusIndex="1"} / 10 > 28 for: 6m