From: Tom Hughes Date: Fri, 11 Aug 2023 17:13:38 +0000 (+0100) Subject: Merge remote-tracking branch 'github/pull/599' X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/866381f348da00422aefef07df57f8cee449d4a6?hp=22bf736efc9c971696fbc42a910b84c9f3895260 Merge remote-tracking branch 'github/pull/599' --- diff --git a/cookbooks/civicrm/recipes/default.rb b/cookbooks/civicrm/recipes/default.rb index 8858217b7..16947c9ef 100644 --- a/cookbooks/civicrm/recipes/default.rb +++ b/cookbooks/civicrm/recipes/default.rb @@ -47,12 +47,21 @@ mysql_database "civicrm" do permissions "civicrm@localhost" => :all end +ssl_certificate "join.osmfoundation.org" do + domains [ "join.osmfoundation.org", "crm.osmfoundation.org", + "supporting.osmfoundation.org", "support.osmfoundation.org", + "support.openstreetmap.org", "supporting.osm.org", + "support.osm.org"] + notifies :reload, "service[apache2]" +end + apache_site "join.osmfoundation.org" do - action :disable + template "apache.erb" end wordpress_site "supporting.openstreetmap.org" do - aliases ["join.osmfoundation.org", "crm.osmfoundation.org", "supporting.osmfoundation.org", "support.osmfoundation.org", "support.openstreetmap.org", "supporting.osm.org", "support.osm.org"] + # Do not add extra aliases as this causes issues with civicrm PHP sessions + aliases ["supporting.openstreetmap.org"] database_name "civicrm" database_user "civicrm" database_password database_password diff --git a/cookbooks/civicrm/templates/default/apache.erb b/cookbooks/civicrm/templates/default/apache.erb new file mode 100644 index 000000000..dd6112f12 --- /dev/null +++ b/cookbooks/civicrm/templates/default/apache.erb @@ -0,0 +1,33 @@ +# DO NOT EDIT - This file is being maintained by Chef + +<% [80, 443].each do |port| -%> +> + + ServerName join.osmfoundation.org + ServerAlias crm.osmfoundation.org + ServerAlias supporting.osmfoundation.org + ServerAlias support.osmfoundation.org + ServerAlias support.openstreetmap.org + ServerAlias supporting.osm.org + ServerAlias support.osm.org + + ServerAdmin webmaster@openstreetmap.org + +<% if port == 80 -%> + RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ + RedirectPermanent / https://supporting.openstreetmap.org/ +<% end -%> +<% if port == 443 -%> + SSLEngine on + SSLCertificateFile /etc/ssl/certs/join.osmfoundation.org.pem + SSLCertificateKeyFile /etc/ssl/private/join.osmfoundation.org.key + + RedirectMatch . https://supporting.openstreetmap.org/ + <% end -%> + + CustomLog /var/log/apache2/join.osmfoundation.org-access.log combined + ErrorLog /var/log/apache2/join.osmfoundation.org-error.log + + + +<% end -%> diff --git a/cookbooks/community/templates/default/web_only.yml.erb b/cookbooks/community/templates/default/web_only.yml.erb index 9db551e24..e59c54799 100644 --- a/cookbooks/community/templates/default/web_only.yml.erb +++ b/cookbooks/community/templates/default/web_only.yml.erb @@ -102,10 +102,11 @@ hooks: - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-oauth2-basic.git - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-solved.git - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-canned-replies.git - - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-reactions.git + - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/Firefishy/discourse-reactions.git - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-prometheus.git - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-translator.git - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-saved-searches.git + - sudo -H -E -u discourse git clone --depth 1 --branch main https://github.com/discourse/discourse-post-voting.git - exec: # Needs to be copied in else builtin git cleanup fails cd: $home diff --git a/cookbooks/donate/templates/default/apache.erb b/cookbooks/donate/templates/default/apache.erb index 714438f18..8cb886e91 100644 --- a/cookbooks/donate/templates/default/apache.erb +++ b/cookbooks/donate/templates/default/apache.erb @@ -12,14 +12,14 @@ <% if port == 80 -%> RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://donate.openstreetmap.org/ + RedirectPermanent / https://supporting.openstreetmap.org/ <% end -%> <% if port == 443 -%> SSLEngine on SSLCertificateFile /etc/ssl/certs/donate.openstreetmap.org.pem SSLCertificateKeyFile /etc/ssl/private/donate.openstreetmap.org.key - RedirectMatch . https://supporting.openstreetmap.org/donate/ + RedirectMatch . https://supporting.openstreetmap.org/ <% end -%> CustomLog /var/log/apache2/donate.openstreetmap.org-access.log combined diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb index 304e6c156..ffab40914 100644 --- a/cookbooks/nominatim/recipes/default.rb +++ b/cookbooks/nominatim/recipes/default.rb @@ -121,6 +121,9 @@ end ## Nominatim backend include_recipe "git" +include_recipe "python" + +python_directory = "#{basedir}/venv" package %w[ build-essential @@ -136,6 +139,7 @@ package %w[ libproj-dev liblua5.3-dev libluajit-5.1-dev + libicu-dev lua5.3 python3-pyosmium python3-psycopg2 @@ -148,6 +152,8 @@ package %w[ python3-sqlalchemy-ext python3-geoalchemy2 python3-asyncpg + python3-dev + pkg-config ruby ruby-file-tail ruby-pg @@ -160,11 +166,55 @@ if node[:nominatim][:api_flavour] == "php" php-intl ] elsif node[:nominatim][:api_flavour] == "python" - package %w[ - gunicorn - uvicorn - python3-falcon - ] + + python_virtualenv python_directory do + interpreter "/usr/bin/python3" + end + + python_package "SQLAlchemy" do + python_virtualenv python_directory + version "2.0.19" + end + + python_package "PyICU" do + python_virtualenv python_directory + version "2.10.2" + end + + python_package "psycopg[binary]" do + python_virtualenv python_directory + version "3.1.10" + end + + python_package "psycopg2-binary" do + python_virtualenv python_directory + version "2.9.7" + end + + python_package "python-dotenv" do + python_virtualenv python_directory + version "0.21.0" + end + + python_package "PyYAML" do + python_virtualenv python_directory + version "6.0.1" + end + + python_package "falcon" do + python_virtualenv python_directory + version "3.1.1" + end + + python_package "uvicorn" do + python_virtualenv python_directory + version "0.23.2" + end + + python_package "gunicorn" do + python_virtualenv python_directory + version "21.0.1" + end end source_directory = "#{basedir}/src/nominatim" @@ -312,7 +362,7 @@ elsif node[:nominatim][:api_flavour] == "python" working_directory project_directory standard_output "append:#{node[:nominatim][:logdir]}/gunicorn.log" standard_error "inherit" - exec_start "/usr/bin/gunicorn -b unix:/run/gunicorn-nominatim.openstreetmap.org.sock -w #{node[:nominatim][:api_workers]} -k uvicorn.workers.UvicornWorker nominatim.server.falcon.server:run_wsgi" + exec_start "#{python_directory}/bin/gunicorn -b unix:/run/gunicorn-nominatim.openstreetmap.org.sock -w #{node[:nominatim][:api_workers]} -k uvicorn.workers.UvicornWorker nominatim.server.falcon.server:run_wsgi" exec_reload "/bin/kill -s HUP $MAINPID" environment :PYTHONPATH => "/usr/local/lib/nominatim/lib-python/" kill_mode "mixed" diff --git a/cookbooks/wordpress/resources/plugin.rb b/cookbooks/wordpress/resources/plugin.rb index 933f63b5e..078b926f5 100644 --- a/cookbooks/wordpress/resources/plugin.rb +++ b/cookbooks/wordpress/resources/plugin.rb @@ -68,6 +68,7 @@ action :create do user "www-data" group "www-data" not_if "/opt/wp-cli/wp --path='#{site_directory}' plugin is-active '#{new_resource.plugin}'" + ignore_failure plugin_repository.start_with?("https://plugins.svn.wordpress.org/") end end diff --git a/cookbooks/wordpress/resources/site.rb b/cookbooks/wordpress/resources/site.rb index 52bba4ce5..e4096614f 100644 --- a/cookbooks/wordpress/resources/site.rb +++ b/cookbooks/wordpress/resources/site.rb @@ -192,6 +192,7 @@ action :create do wordpress_plugin "wp-fail2ban" do site new_resource.site + version "5.1.1" reload_apache false end diff --git a/roles/equinix-ams.rb b/roles/equinix-ams.rb index 7eb6cae11..7923e09d4 100644 --- a/roles/equinix-ams.rb +++ b/roles/equinix-ams.rb @@ -26,6 +26,14 @@ default_attributes( } } }, + :prometheus => { + :metrics => { + :host_location => { + :help => "Host location", + :labels => { :site => "amsterdam" } + } + } + }, :web => { :fileserver => "ironbelly", :readonly_database_host => "snap-01.ams.openstreetmap.org", diff --git a/roles/equinix-dub.rb b/roles/equinix-dub.rb index fd2a40430..e24d71a1f 100644 --- a/roles/equinix-dub.rb +++ b/roles/equinix-dub.rb @@ -35,6 +35,14 @@ default_attributes( } } }, + :prometheus => { + :metrics => { + :host_location => { + :help => "Host location", + :labels => { :site => "dublin" } + } + } + }, :web => { :fileserver => "fafnir", :readonly_database_host => "snap-03.dub.openstreetmap.org"