From: Tom Hughes Date: Mon, 25 Jun 2018 14:20:51 +0000 (+0100) Subject: Merge remote-tracking branch 'github/pull/165' X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/93c098cdc4f22b1fe69ecd88b3ac2d2b211780ff?hp=3feb33419e23d647bec027ce1b632416e1194b52 Merge remote-tracking branch 'github/pull/165' --- diff --git a/cookbooks/accounts/files/default/tomh/.zshrc b/cookbooks/accounts/files/default/tomh/.zshrc index 965787999..20211c3c8 100644 --- a/cookbooks/accounts/files/default/tomh/.zshrc +++ b/cookbooks/accounts/files/default/tomh/.zshrc @@ -53,7 +53,7 @@ PATH=".:${HOME}/bin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin" # Setup a pager PAGER="less"; export PAGER -LESS="aceiMs"; export LESS +LESS="aceiMRs"; export LESS # Use vi for editing EDITOR=/usr/bin/vi; export EDITOR diff --git a/cookbooks/apache/recipes/default.rb b/cookbooks/apache/recipes/default.rb index bbd15a9d3..bc0410fd3 100644 --- a/cookbooks/apache/recipes/default.rb +++ b/cookbooks/apache/recipes/default.rb @@ -25,17 +25,21 @@ package %w[ ] %w[event itk prefork worker].each do |mpm| - if mpm == node[:apache][:mpm] - apache_module "mpm_#{mpm}" do - action [:enable] - end - else - apache_module "mpm_#{mpm}" do - action [:disable] - end + next if mpm == node[:apache][:mpm] + + apache_module "mpm_#{mpm}" do + action [:disable] end end +apache_module "mpm_#{node[:apache][:mpm]}" do + action [:enable] +end + +if node[:lsb][:release].to_f >= 18.04 + apache_module "http2" +end + admins = data_bag_item("apache", "admins") apache_conf "httpd" do diff --git a/cookbooks/apache/templates/default/httpd.conf.erb b/cookbooks/apache/templates/default/httpd.conf.erb index add175aa2..ded019d93 100644 --- a/cookbooks/apache/templates/default/httpd.conf.erb +++ b/cookbooks/apache/templates/default/httpd.conf.erb @@ -1,5 +1,10 @@ # DO NOT EDIT - This file is being maintained by Chef +<% if node[:lsb][:release].to_f >= 18.04 -%> +# Enable HTTP/2 over TLS +Protocols h2 http/1.1 + +<% end -%> # Set the number of seconds before receives and sends time out Timeout <%= node[:apache][:timeout] %> diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb index 3cc26880e..24b425e8a 100644 --- a/cookbooks/apt/recipes/default.rb +++ b/cookbooks/apt/recipes/default.rb @@ -20,10 +20,13 @@ package %w[ apt apt-transport-https - gnupg-curl update-notifier-common ] +if node[:lsb][:release].to_f < 18.04 + package "gnupg-curl" +end + file "/etc/motd.tail" do action :delete end diff --git a/cookbooks/apt/templates/default/hp.list.erb b/cookbooks/apt/templates/default/hp.list.erb index 42f7a037f..f76d66efb 100644 --- a/cookbooks/apt/templates/default/hp.list.erb +++ b/cookbooks/apt/templates/default/hp.list.erb @@ -1,3 +1,7 @@ # DO NOT EDIT - This file is being maintained by Chef +<% if node[:lsb][:release].to_f >= 16.04 -%> +deb <%= @url %> xenial/current non-free +<% else -%> deb <%= @url %> trusty/current non-free +<% end -%> diff --git a/cookbooks/bind/templates/default/db.10.erb b/cookbooks/bind/templates/default/db.10.erb index 98eef8af5..2c1e5e5d9 100644 --- a/cookbooks/bind/templates/default/db.10.erb +++ b/cookbooks/bind/templates/default/db.10.erb @@ -2,11 +2,11 @@ $TTL 604800 @ IN SOA <%= node[:fdqn] %>. root.openstreetmap.org. ( - 2012100902 ; Serial - 604800 ; Refresh - 86400 ; Retry - 2419200 ; Expire - 604800 ) ; Negative Cache TTL + 2018062401 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL @ IN NS <%= node[:fdqn] %>. @@ -16,24 +16,68 @@ $TTL 604800 7.0.0 IN PTR faffy.ucl.openstreetmap.org. 8.0.0 IN PTR zark.ucl.openstreetmap.org. 9.0.0 IN PTR eustace.ucl.openstreetmap.org. +10.0.0 IN PTR eddie.ucl.openstreetmap.org. 11.0.0 IN PTR draco.ucl.openstreetmap.org. 12.0.0 IN PTR sarel.ucl.openstreetmap.org. +13.0.0 IN PTR noquiklos.ucl.openstreetmap.org. 14.0.0 IN PTR errol.ucl.openstreetmap.org. 15.0.0 IN PTR yevaud.ucl.openstreetmap.org. +17.0.0 IN PTR clifford.ucl.openstreetmap.org. +19.0.0 IN PTR grindtooth.ucl.openstreetmap.org. +20.0.0 IN PTR pummelzacken.ucl.openstreetmap.org. +40.0.0 IN PTR tiamat-00.ucl.openstreetmap.org. +41.0.0 IN PTR tiamat-01.ucl.openstreetmap.org. +42.0.0 IN PTR tiamat-02.ucl.openstreetmap.org. +43.0.0 IN PTR tiamat-03.ucl.openstreetmap.org. +44.0.0 IN PTR tiamat-10.ucl.openstreetmap.org. +45.0.0 IN PTR tiamat-11.ucl.openstreetmap.org. +46.0.0 IN PTR tiamat-12.ucl.openstreetmap.org. +47.0.0 IN PTR tiamat-13.ucl.openstreetmap.org. +48.0.0 IN PTR tiamat-20.ucl.openstreetmap.org. +49.0.0 IN PTR tiamat-21.ucl.openstreetmap.org. +50.0.0 IN PTR tiamat-22.ucl.openstreetmap.org. +51.0.0 IN PTR tiamat-23.ucl.openstreetmap.org. -49.0.0 IN PTR apc1.ucl.openstreetmap.org. -50.0.0 IN PTR apc2.ucl.openstreetmap.org. -51.0.0 IN PTR apc3.ucl.openstreetmap.org. - +3.1.0 IN PTR ridley.oob.openstreetmap.org. 5.1.0 IN PTR norbert.oob.openstreetmap.org. 6.1.0 IN PTR urmel.oob.openstreetmap.org. -7.1.0 IN PTR faffy.oob.openstreetmap.org. -8.1.0 IN PTR soup.oob.openstreetmap.org. +8.1.0 IN PTR zark.oob.openstreetmap.org. 9.1.0 IN PTR eustace.oob.openstreetmap.org. +10.1.0 IN PTR eddie.oob.openstreetmap.org. 11.1.0 IN PTR draco.oob.openstreetmap.org. 12.1.0 IN PTR sarel.oob.openstreetmap.org. +13.1.0 IN PTR noquiklos.oob.openstreetmap.org. 14.1.0 IN PTR errol.oob.openstreetmap.org. 15.1.0 IN PTR yevaud.oob.openstreetmap.org. +17.1.0 IN PTR clifford.oob.openstreetmap.org. +19.1.0 IN PTR grindtooth.oob.openstreetmap.org. +20.1.0 IN PTR pummelzacken.oob.openstreetmap.org. +40.1.0 IN PTR tiamat-00.oob.openstreetmap.org. +41.1.0 IN PTR tiamat-01.oob.openstreetmap.org. +42.1.0 IN PTR tiamat-02.oob.openstreetmap.org. +43.1.0 IN PTR tiamat-03.oob.openstreetmap.org. +44.1.0 IN PTR tiamat-10.oob.openstreetmap.org. +45.1.0 IN PTR tiamat-11.oob.openstreetmap.org. +46.1.0 IN PTR tiamat-12.oob.openstreetmap.org. +47.1.0 IN PTR tiamat-13.oob.openstreetmap.org. +48.1.0 IN PTR tiamat-20.oob.openstreetmap.org. +49.1.0 IN PTR tiamat-21.oob.openstreetmap.org. +50.1.0 IN PTR tiamat-22.oob.openstreetmap.org. +51.1.0 IN PTR tiamat-23.oob.openstreetmap.org. + +2.16.0 IN PTR orm.bm.openstreetmap.org. +3.16.0 IN PTR shenron.bm.openstreetmap.org. + +20.32.0 IN PTR grisu.bm.openstreetmap.org. +21.32.0 IN PTR spike-04.bm.openstreetmap.org. +22.32.0 IN PTR spike-05.bm.openstreetmap.org. +40.32.0 IN PTR katla.bm.openstreetmap.org. +41.32.0 IN PTR thorn-04.bm.openstreetmap.org. +42.32.0 IN PTR thorn-05.bm.openstreetmap.org. -251.0.0 IN PTR shenron.internal.openstreetmap.org. -252.0.0 IN PTR konqi.internal.openstreetmap.org. +20.33.0 IN PTR grisu.oob.openstreetmap.org. +21.33.0 IN PTR spike-04.oob.openstreetmap.org. +22.33.0 IN PTR spike-05.oob.openstreetmap.org. +40.33.0 IN PTR katla.oob.openstreetmap.org. +41.33.0 IN PTR thorn-04.oob.openstreetmap.org. +42.33.0 IN PTR thorn-05.oob.openstreetmap.org. diff --git a/cookbooks/blog/recipes/default.rb b/cookbooks/blog/recipes/default.rb index 8c65a36af..8827bdbd3 100644 --- a/cookbooks/blog/recipes/default.rb +++ b/cookbooks/blog/recipes/default.rb @@ -64,7 +64,7 @@ end wordpress_plugin "blog.openstreetmap.org-sitepress-multilingual-cms" do plugin "sitepress-multilingual-cms" site "blog.openstreetmap.org" - repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git" + repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git" end wordpress_plugin "blog.openstreetmap.org-wordpress-importer" do diff --git a/cookbooks/chef/attributes/default.rb b/cookbooks/chef/attributes/default.rb index d071da000..4291f2a9c 100644 --- a/cookbooks/chef/attributes/default.rb +++ b/cookbooks/chef/attributes/default.rb @@ -2,7 +2,7 @@ default[:apt][:sources] = node[:apt][:sources] | ["opscode"] # Set the default server version -default[:chef][:server][:version] = "12.13.0-1" +default[:chef][:server][:version] = "12.17.33" # Set the default client version -default[:chef][:client][:version] = "13.8.5" +default[:chef][:client][:version] = "13.9.4" diff --git a/cookbooks/chef/recipes/repository.rb b/cookbooks/chef/recipes/repository.rb index 02dc09365..a358e78e2 100644 --- a/cookbooks/chef/recipes/repository.rb +++ b/cookbooks/chef/recipes/repository.rb @@ -27,44 +27,42 @@ directory "/var/lib/chef" do mode 0o2775 end -git "/var/lib/chef" do - action :checkout - repository node[:chef][:repository] - revision "master" - user "chefrepo" - group "chefrepo" -end +%w[public private].each do |repository| + repository_directory = node[:chef][:"#{repository}_repository"] -directory "/var/lib/chef/.chef" do - owner "chefrepo" - group "chefrepo" - mode 0o2775 -end + git "/var/lib/chef/#{repository}" do + action :checkout + repository repository_directory + revision "master" + user "chefrepo" + group "chefrepo" + end -file "/var/lib/chef/.chef/client.pem" do - content keys["git"].join("\n") - owner "chefrepo" - group "chefrepo" - mode 0o660 -end + directory "/var/lib/chef/#{repository}/.chef" do + owner "chefrepo" + group "chefrepo" + mode 0o2775 + end -cookbook_file "/var/lib/chef/.chef/knife.rb" do - source "knife.rb" - owner "chefrepo" - group "chefrepo" - mode 0o660 -end + file "/var/lib/chef/#{repository}/.chef/client.pem" do + content keys["git"].join("\n") + owner "chefrepo" + group "chefrepo" + mode 0o660 + end -template "#{node[:chef][:repository]}/hooks/post-receive" do - source "post-receive.erb" - owner "chefrepo" - group "chefrepo" - mode 0o750 -end + cookbook_file "/var/lib/chef/#{repository}/.chef/knife.rb" do + source "knife.rb" + owner "chefrepo" + group "chefrepo" + mode 0o660 + end -template "/etc/cron.daily/chef-repository-backup" do - source "repository-backup.cron.erb" - owner "root" - group "root" - mode 0o755 + template "#{repository_directory}/hooks/post-receive" do + source "post-receive.erb" + owner "chefrepo" + group "chefrepo" + mode 0o750 + variables :repository => repository + end end diff --git a/cookbooks/chef/recipes/server.rb b/cookbooks/chef/recipes/server.rb index 549123916..12c43840a 100644 --- a/cookbooks/chef/recipes/server.rb +++ b/cookbooks/chef/recipes/server.rb @@ -19,7 +19,8 @@ include_recipe "apache" -# chef_package = "chef-server-core_#{node[:chef][:server][:version]}_amd64.deb" +# chef_version = node[:chef][:server][:version] +# chef_package = "chef-server-core_#{chef_version}-1_amd64.deb" # # directory "/var/cache/chef" do # owner "root" @@ -37,7 +38,7 @@ include_recipe "apache" # end # # remote_file "/var/cache/chef/#{chef_package}" do -# source "https://web-dl.packagecloud.io/chef/stable/packages/ubuntu/#{node[:lsb][:codename]}/#{chef_package}" +# source "https://packages.chef.io/files/stable/chef-server/#{chef_version}/ubuntu/16.04/#{chef_package}" # owner "root" # group "root" # mode 0644 @@ -46,7 +47,7 @@ include_recipe "apache" # # dpkg_package "chef-server-core" do # source "/var/cache/chef/#{chef_package}" -# version node[:chef][:server][:version] +# version "#{chef_version}-1" # notifies :run, "execute[chef-server-reconfigure]" # end diff --git a/cookbooks/chef/templates/default/apache.erb b/cookbooks/chef/templates/default/apache.erb index 88684b82c..9d86d910e 100644 --- a/cookbooks/chef/templates/default/apache.erb +++ b/cookbooks/chef/templates/default/apache.erb @@ -24,6 +24,7 @@ SSLCertificateFile /etc/ssl/certs/chef.openstreetmap.org.pem SSLCertificateKeyFile /etc/ssl/private/chef.openstreetmap.org.key + ProxyPassMatch ^/.*\.git/ ! ProxyPass / https://<%= node[:fqdn] %>:4443/ ProxyPreserveHost on diff --git a/cookbooks/chef/templates/default/post-receive.erb b/cookbooks/chef/templates/default/post-receive.erb index 58646ff1a..b402265c1 100644 --- a/cookbooks/chef/templates/default/post-receive.erb +++ b/cookbooks/chef/templates/default/post-receive.erb @@ -9,7 +9,7 @@ while read oldrev newrev refname do if [[ "$refname" = "refs/heads/master" ]] then - cd /var/lib/chef + cd /var/lib/chef/<%= @repository %> rm -f cookbooks/*/metadata.json(N) diff --git a/cookbooks/chef/templates/default/repository-backup.cron.erb b/cookbooks/chef/templates/default/repository-backup.cron.erb deleted file mode 100644 index f82e7b227..000000000 --- a/cookbooks/chef/templates/default/repository-backup.cron.erb +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh - -T=$(mktemp -d -t -p /var/tmp chef-repository.XXXXXXXXXX) -D=$(date +%Y-%m-%d) -B=chef-repository-$D.tar.gz - -ln -s /var/lib/git/chef.git $T/chef-repository-$D - -export GZIP="--rsyncable -9" - -nice tar --create --gzip --dereference --directory=$T --file=$T/$B chef-repository-$D -nice rsync --preallocate --fuzzy $T/$B backup::backup - -rm -rf $T diff --git a/cookbooks/civicrm/attributes/default.rb b/cookbooks/civicrm/attributes/default.rb index c9adbab68..1424e240f 100644 --- a/cookbooks/civicrm/attributes/default.rb +++ b/cookbooks/civicrm/attributes/default.rb @@ -1,4 +1,4 @@ -default[:civicrm][:version] = "4.7.31" +default[:civicrm][:version] = "5.2.1" default[:civicrm][:extensions][:cividiscount][:name] = "org.civicrm.module.cividiscount" default[:civicrm][:extensions][:cividiscount][:repository] = "git://github.com/dlobo/org.civicrm.module.cividiscount.git" diff --git a/cookbooks/civicrm/recipes/default.rb b/cookbooks/civicrm/recipes/default.rb index 1cfc733da..ed8f51f42 100644 --- a/cookbooks/civicrm/recipes/default.rb +++ b/cookbooks/civicrm/recipes/default.rb @@ -53,7 +53,7 @@ end wordpress_plugin "sitepress-multilingual-cms" do site "join.osmfoundation.org" - repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git" + repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git" end wordpress_plugin "contact-form-7" do diff --git a/cookbooks/db/recipes/base.rb b/cookbooks/db/recipes/base.rb index e91875819..2a509f130 100644 --- a/cookbooks/db/recipes/base.rb +++ b/cookbooks/db/recipes/base.rb @@ -39,7 +39,7 @@ rails_port "www.openstreetmap.org" do directory "/srv/www.openstreetmap.org/rails" user "rails" group "rails" - repository "git://git.openstreetmap.org/rails.git" + repository "https://git.openstreetmap.org/public/rails.git" revision "live" database_host "localhost" database_name "openstreetmap" diff --git a/cookbooks/db/recipes/master.rb b/cookbooks/db/recipes/master.rb index 9b5a0ab5f..3fcdd7f15 100644 --- a/cookbooks/db/recipes/master.rb +++ b/cookbooks/db/recipes/master.rb @@ -83,9 +83,6 @@ postgresql_extension "btree_gist" do only_if { node[:postgresql][:clusters][node[:db][:cluster]] && node[:postgresql][:clusters][node[:db][:cluster]][:version] >= 9.0 } end -template "/etc/cron.daily/rails-db" do - source "cron.erb" - owner "root" - group "root" - mode 0o755 +file "/etc/cron.daily/rails-db" do + action :delete end diff --git a/cookbooks/db/templates/default/cron.erb b/cookbooks/db/templates/default/cron.erb deleted file mode 100644 index 7ff61cff3..000000000 --- a/cookbooks/db/templates/default/cron.erb +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh - -# Cleanup archive directory - keep 2 weeks of WALs -find -L /store/postgresql/archive -mtime +14 -print0 | xargs -0r rm diff --git a/cookbooks/dhcpd/templates/default/dhcpd.conf.erb b/cookbooks/dhcpd/templates/default/dhcpd.conf.erb index d57fd109d..53b568672 100644 --- a/cookbooks/dhcpd/templates/default/dhcpd.conf.erb +++ b/cookbooks/dhcpd/templates/default/dhcpd.conf.erb @@ -14,24 +14,6 @@ subnet <%= interface[:network] %> netmask <%= interface[:netmask] %> { } <% end -%> -host apc1.<%= @domain %> { - hardware ethernet 00:c0:b7:77:f3:d8; - server-name "apc1.<%= @domain %>"; - fixed-address apc1.<%= @domain %>; -} - -host apc2.<%= @domain %> { - hardware ethernet 00:c0:b7:52:b7:d2; - server-name "apc2.<%= @domain %>"; - fixed-address apc2.<%= @domain %>; -} - -host apc3.<%= @domain %> { - hardware ethernet 00:c0:b7:52:b9:1e; - server-name "apc3.<%= @domain %>"; - fixed-address apc3.<%= @domain %>; -} - host ascalon.oob.openstreetmap.org { hardware ethernet 00:19:bb:39:3c:64; server-name "ascalon.oob.openstreetmap.org"; diff --git a/cookbooks/dns/templates/default/dns-update.erb b/cookbooks/dns/templates/default/dns-update.erb index 162e7875e..93d2e1ee3 100755 --- a/cookbooks/dns/templates/default/dns-update.erb +++ b/cookbooks/dns/templates/default/dns-update.erb @@ -14,7 +14,7 @@ cd /var/lib/dns if [ ! -d .git ] then - git clone /var/lib/git/dns.git /var/lib/dns + git clone /var/lib/git/public/dns.git /var/lib/dns fi git pull -q diff --git a/cookbooks/donate/recipes/default.rb b/cookbooks/donate/recipes/default.rb index 1ed524762..b84b198c9 100644 --- a/cookbooks/donate/recipes/default.rb +++ b/cookbooks/donate/recipes/default.rb @@ -29,7 +29,7 @@ package %w[ php-gd ] -apache_module "php7.0" +apache_module "php7.2" apache_module "headers" diff --git a/cookbooks/forum/recipes/default.rb b/cookbooks/forum/recipes/default.rb index 395f2ce39..3e2b97d8e 100644 --- a/cookbooks/forum/recipes/default.rb +++ b/cookbooks/forum/recipes/default.rb @@ -30,7 +30,7 @@ package %w[ php-apcu ] -apache_module "php7.0" +apache_module "php7.2" apache_module "rewrite" ssl_certificate "forum.openstreetmap.org" do diff --git a/cookbooks/git/attributes/default.rb b/cookbooks/git/attributes/default.rb index ebb2bd736..2d89a83de 100644 --- a/cookbooks/git/attributes/default.rb +++ b/cookbooks/git/attributes/default.rb @@ -1,3 +1,5 @@ default[:git][:directory] = "/var/lib/git" -default[:git][:user] = "git" -default[:git][:group] = "git" +default[:git][:public_user] = "git" +default[:git][:public_group] = "git" +default[:git][:private_user] = "git" +default[:git][:private_group] = "git" diff --git a/cookbooks/git/metadata.rb b/cookbooks/git/metadata.rb index 704f32750..8cf7f9a48 100644 --- a/cookbooks/git/metadata.rb +++ b/cookbooks/git/metadata.rb @@ -6,6 +6,5 @@ description "Installs and configures git" long_description IO.read(File.join(File.dirname(__FILE__), "README.md")) version "1.0.0" supports "ubuntu" -depends "networking" -depends "xinetd" depends "apache" +depends "networking" diff --git a/cookbooks/git/recipes/default.rb b/cookbooks/git/recipes/default.rb index 7d9cd1921..b2ea55526 100644 --- a/cookbooks/git/recipes/default.rb +++ b/cookbooks/git/recipes/default.rb @@ -17,4 +17,4 @@ # limitations under the License. # -package "git-core" +package "git" diff --git a/cookbooks/git/recipes/server.rb b/cookbooks/git/recipes/server.rb index 1d308bf29..81b16952f 100644 --- a/cookbooks/git/recipes/server.rb +++ b/cookbooks/git/recipes/server.rb @@ -18,58 +18,34 @@ # include_recipe "networking" -include_recipe "xinetd" git_directory = node[:git][:directory] directory git_directory do - owner node[:git][:user] - group node[:git][:group] + owner "root" + group "root" + mode 0o775 +end + +directory "#{git_directory}/public" do + owner node[:git][:public_user] + group node[:git][:public_group] mode 0o2775 end -if node[:git][:allowed_nodes] - search(:node, node[:git][:allowed_nodes]).sort_by { |n| n[:fqdn] }.each do |n| - n.interfaces(:role => :external).each do |interface| - firewall_rule "accept-git" do - action :accept - family interface[:family] - source "#{interface[:zone]}:#{interface[:address]}" - dest "fw" - proto "tcp:syn" - dest_ports "git" - source_ports "1024:" - end - end - end -else - firewall_rule "accept-git" do - action :accept - source "net" - dest "fw" - proto "tcp:syn" - dest_ports "git" - source_ports "1024:" - end +directory "#{git_directory}/private" do + owner node[:git][:private_user] + group node[:git][:private_group] + mode 0o2775 end -Dir.new(git_directory).select { |name| name =~ /\.git$/ }.each do |repository| - template "#{git_directory}/#{repository}/hooks/post-update" do +Dir.glob("#{git_directory}/*/*.git").each do |repository| + template "#{repository}/hooks/post-update" do source "post-update.erb" owner "root" group node[:git][:group] mode 0o755 end - - next unless node[:recipes].include?("trac") && repository != "dns.git" && repository != "chef.git" - - template "#{git_directory}/#{repository}/hooks/post-receive" do - source "post-receive.erb" - owner "root" - group node[:git][:group] - mode 0o755 - variables :repository => "#{git_directory}/#{repository}" - end end template "/etc/cron.daily/git-backup" do @@ -78,11 +54,3 @@ template "/etc/cron.daily/git-backup" do group "root" mode 0o755 end - -template "/etc/xinetd.d/git" do - source "xinetd.erb" - owner "root" - group "root" - mode 0o644 - notifies :reload, "service[xinetd]" -end diff --git a/cookbooks/git/recipes/web.rb b/cookbooks/git/recipes/web.rb index 0d840bbbd..65333eff0 100644 --- a/cookbooks/git/recipes/web.rb +++ b/cookbooks/git/recipes/web.rb @@ -23,7 +23,7 @@ package "gitweb" apache_module "rewrite" -git_directory = node[:git][:directory] +git_site = node[:git][:host] template "/etc/gitweb.conf" do source "gitweb.conf.erb" @@ -32,20 +32,31 @@ template "/etc/gitweb.conf" do mode 0o644 end -ssl_certificate node[:git][:host] do - domains [node[:git][:host]] + Array(node[:git][:aliases]) - notifies :reload, "service[apache2]" -end - -apache_site node[:git][:host] do - template "apache.erb" - directory git_directory - variables :aliases => Array(node[:git][:aliases]) +directory "/srv/#{git_site}" do + owner "root" + group "root" + mode 0o755 end -template "#{git_directory}/robots.txt" do +template "/srv/#{git_site}/robots.txt" do source "robots.txt.erb" owner "root" group "root" mode 0o644 end + +ssl_certificate git_site do + domains [git_site] + Array(node[:git][:aliases]) + notifies :reload, "service[apache2]" +end + +private_allowed = search(:node, node[:git][:private_nodes]).collect do |n| + n.ipaddresses(:role => :external) +end.flatten + +apache_site git_site do + template "apache.erb" + directory "/srv/#{git_site}" + variables :aliases => Array(node[:git][:aliases]), + :private_allowed => private_allowed +end diff --git a/cookbooks/git/templates/default/apache.erb b/cookbooks/git/templates/default/apache.erb index c7f85c821..9ec36f7d8 100644 --- a/cookbooks/git/templates/default/apache.erb +++ b/cookbooks/git/templates/default/apache.erb @@ -44,17 +44,28 @@ CustomLog /var/log/apache2/<%= @name %>-access.log combined ErrorLog /var/log/apache2/<%= @name %>-error.log - DocumentRoot <%= @directory %> - HeaderName HEADER + SetEnv GIT_PROJECT_ROOT /var/lib/git + SetEnv GIT_HTTP_EXPORT_ALL + + ScriptAlias /public /usr/lib/git-core/git-http-backend/public + ScriptAlias /private /usr/lib/git-core/git-http-backend/private Alias /gitweb /usr/share/gitweb Alias /git /var/cache/git - ScriptAlias /gitweb.cgi /usr/lib/cgi-bin/gitweb.cgi + ScriptAlias / /usr/lib/cgi-bin/gitweb.cgi/ + + + Require all granted + + + + Require ip <%= @private_allowed.sort.join(" ") %> + - RewriteEngine On - RewriteRule ^/$ /gitweb.cgi%{REQUEST_URI} [L,PT] - RewriteRule ^/(.*\.git/(?!/?(HEAD|info|objects|refs)).*)?$ /gitweb.cgi%{REQUEST_URI} [L,PT] + + Require all denied + -> - Require all granted + + Options ExecCGI diff --git a/cookbooks/git/templates/default/backup.cron.erb b/cookbooks/git/templates/default/backup.cron.erb index ac2167b8c..5a9d01284 100644 --- a/cookbooks/git/templates/default/backup.cron.erb +++ b/cookbooks/git/templates/default/backup.cron.erb @@ -4,7 +4,7 @@ T=$(mktemp -d -t -p /var/tmp git.XXXXXXXXXX) D=$(date +%Y-%m-%d) -B=<%= node[:git][:backup] %>-$D.tar.gz +B=git-$D.tar.gz ln -s /var/lib/git $T/git-$D diff --git a/cookbooks/git/templates/default/gitweb.conf.erb b/cookbooks/git/templates/default/gitweb.conf.erb index b98c15ae5..5d2eb7469 100644 --- a/cookbooks/git/templates/default/gitweb.conf.erb +++ b/cookbooks/git/templates/default/gitweb.conf.erb @@ -1,7 +1,7 @@ # DO NOT EDIT - This file is being maintained by Chef # path to git projects (.git) -$projectroot = "<%= node[:git][:directory] %>"; +$projectroot = "<%= node[:git][:directory] %>/public"; # directory to use for temp files $git_temp = "/tmp"; @@ -31,4 +31,4 @@ our $javascript = "/gitweb/static/gitweb.js"; $feature{'pathinfo'}{'default'} = [1]; # define roots for cloning -@git_base_url_list = qw(git://<%= node[:git][:host] %>); +@git_base_url_list = qw(https://<%= node[:git][:host] %>/public); diff --git a/cookbooks/git/templates/default/post-receive.erb b/cookbooks/git/templates/default/post-receive.erb deleted file mode 100644 index 30ade2719..000000000 --- a/cookbooks/git/templates/default/post-receive.erb +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/zsh - -# DO NOT EDIT - This file is being maintained by Chef - -while read oldrev newrev refname -do - if [[ "$refname" = "refs/heads/master" ]] - then - for rev in $(git rev-list ${oldrev}..${newrev}) - do - sudo -u trac /usr/bin/trac-admin /var/lib/trac changeset added "<%= @repository %>" "${rev}" - done - fi -done diff --git a/cookbooks/git/templates/default/xinetd.erb b/cookbooks/git/templates/default/xinetd.erb deleted file mode 100644 index 403c7926b..000000000 --- a/cookbooks/git/templates/default/xinetd.erb +++ /dev/null @@ -1,13 +0,0 @@ -# DO NOT EDIT - This file is being maintained by Chef - -service git -{ - disable = no - socket_type = stream - wait = no - user = nobody - server = /usr/lib/git-core/git-daemon - server_args = --base-path=<%= node[:git][:directory] %> --export-all --syslog --inetd --verbose - log_on_failure += USERID - flags = ipv6 -} diff --git a/cookbooks/hardware/attributes/default.rb b/cookbooks/hardware/attributes/default.rb index fb19506f4..f27074082 100644 --- a/cookbooks/hardware/attributes/default.rb +++ b/cookbooks/hardware/attributes/default.rb @@ -7,7 +7,7 @@ default[:hardware][:modules] = if node[:lsb][:release].to_f >= 16.04 default[:hardware][:grub][:cmdline] = %w[nomodeset] default[:hardware][:sensors] = {} -default[:hardware][:mcelog][:enabled] = true +default[:hardware][:mcelog][:enabled] = node[:lsb][:release].to_f < 18.04 if node[:dmi] && node[:dmi][:system] case node[:dmi][:system][:manufacturer] diff --git a/cookbooks/hardware/recipes/default.rb b/cookbooks/hardware/recipes/default.rb index 17382e916..837c8ce23 100644 --- a/cookbooks/hardware/recipes/default.rb +++ b/cookbooks/hardware/recipes/default.rb @@ -277,7 +277,7 @@ if tools_packages.include?("areca") git "/opt/areca" do action :sync - repository "git://chef.openstreetmap.org/areca.git" + repository "https://git.openstreetmap.org/private/areca.git" user "root" group "root" end @@ -335,21 +335,21 @@ intel_nvmes = nvmes.select { |pci| pci[:vendor_name] == "Intel Corporation" } if !intel_ssds.empty? || !intel_nvmes.empty? package "unzip" - remote_file "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_3.0.7_Linux.zip" do - source "https://downloadmirror.intel.com/27144/eng/Intel_SSD_Data_Center_Tool_3.0.7_Linux.zip" + remote_file "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_3.0.13_Linux.zip" do + source "https://downloadmirror.intel.com/27863/eng/Intel_SSD_Data_Center_Tool_3.0.13_Linux.zip" end - execute "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_3.0.7_Linux.zip" do - command "unzip Intel_SSD_Data_Center_Tool_3.0.7_Linux.zip isdct_3.0.7.401-17_amd64.deb" + execute "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_3.0.13_Linux.zip" do + command "unzip Intel_SSD_Data_Center_Tool_3.0.13_Linux.zip isdct_3.0.13.400-17_amd64.deb" cwd Chef::Config[:file_cache_path] user "root" group "root" - not_if { File.exist?("#{Chef::Config[:file_cache_path]}/isdct_3.0.7.401-17_amd64.deb") } + not_if { File.exist?("#{Chef::Config[:file_cache_path]}/isdct_3.0.13.400-17_amd64.deb") } end dpkg_package "isdct" do - version "3.0.7.401-17" - source "#{Chef::Config[:file_cache_path]}/isdct_3.0.7.401-17_amd64.deb" + version "3.0.13.400-17" + source "#{Chef::Config[:file_cache_path]}/isdct_3.0.13.400-17_amd64.deb" end end diff --git a/cookbooks/hardware/templates/default/munin.smart.erb b/cookbooks/hardware/templates/default/munin.smart.erb index e1a98501a..1908f8e93 100644 --- a/cookbooks/hardware/templates/default/munin.smart.erb +++ b/cookbooks/hardware/templates/default/munin.smart.erb @@ -6,3 +6,4 @@ env.smartargs -H -d <%= @disk[:smart] %> <% else -%> env.smartargs -H <% end -%> +env.ignoreexit 4 diff --git a/cookbooks/letsencrypt/templates/default/cron.erb b/cookbooks/letsencrypt/templates/default/cron.erb index 74a8ee0a2..768e69d5a 100644 --- a/cookbooks/letsencrypt/templates/default/cron.erb +++ b/cookbooks/letsencrypt/templates/default/cron.erb @@ -2,5 +2,5 @@ MAILTO=admins@openstreetmap.org -00 */12 * * * letsencrypt /srv/acme.openstreetmap.org/bin/renew -30 */12 * * * letsencrypt /srv/acme.openstreetmap.org/bin/check-certificates +00 */12 * * * /usr/bin/certbot /srv/acme.openstreetmap.org/bin/renew +30 */12 * * * /usr/bin/certbot /srv/acme.openstreetmap.org/bin/check-certificates diff --git a/cookbooks/mediawiki/recipes/default.rb b/cookbooks/mediawiki/recipes/default.rb index 63c9d53db..b7654f3e8 100644 --- a/cookbooks/mediawiki/recipes/default.rb +++ b/cookbooks/mediawiki/recipes/default.rb @@ -82,9 +82,15 @@ service "parsoid" do subscribes :restart, "template[/etc/mediawiki/parsoid/config.yaml]" end -apache_module "php7.0" +php_version = if node[:lsb][:release].to_f >= 18.04 + "7.2" + else + "7.0" + end -link "/etc/php/7.0/apache2/conf.d/20-wikidiff2.ini" do +apache_module "php#{php_version}" + +link "/etc/php/#{php_version}/apache2/conf.d/20-wikidiff2.ini" do to "../../mods-available/wikidiff2.ini" end diff --git a/cookbooks/munin/files/default/plugins/squid_icp b/cookbooks/munin/files/default/plugins/squid_icp new file mode 100755 index 000000000..e960d2b39 --- /dev/null +++ b/cookbooks/munin/files/default/plugins/squid_icp @@ -0,0 +1,190 @@ +#!/usr/bin/perl -w +# -*- perl -*- + +=head1 NAME + +squid_icp - Plugin to graph traffic to the ICP peers + +=head1 CONFIGURATION + +The following configuration variables are used by this plugin: + + [squid_icp] + env.squidhost - host (default "localhost") + env.squidport - port (default "3128") + env.squiduser - username (default "") + env.squidpasswd - password (default "") + +=head1 ABOUT + +When using squid as a "load balancer" (of sorts), who gets the +request? + +=head1 AUTHORS + +Copyright (C) 2004 Jimmy Olsen + +=head1 LICENSE + +Gnu GPLv2 + +=begin comment + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; version 2 dated June, 1991. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +=end comment + +=head1 MAGIC MARKERS + + #%# family=manual + #%# capabilities=autoconf + +=cut + +my $ret = undef; + +if (! eval "require IO::Socket;") +{ + $ret = "IO::Socket not found"; +} +if (! eval "require MIME::Base64;") +{ + $ret = "MIME::Base64 not found"; +} +if (! eval "require Net::hostent;") +{ + $ret = "Net::hostent not found"; +} + +$squid_host = $ENV{squidhost} || "localhost"; +$squid_port = $ENV{squidport} || 3128; +$user = $ENV{squiduser} || ""; +$passwd = $ENV{squidpasswd} || ""; + +if($ARGV[0] and $ARGV[0] eq "autoconf") { + &autoconf($squid_host, $squid_port, $user, $passwd); +} + +sub autoconf { + my ($host, $port, $user, $passwd) = @_; + + if ($ret) + { + print "no ($ret)\n"; + exit 0; + } + + my $cachemgr = IO::Socket::INET->new(PeerAddr => $host, + PeerPort => $port, + Proto => 'tcp', + Timeout => 5); + + if (!$cachemgr) + { + print "no (could not connect: $!)\n"; + exit 0; + } + + my $request = "GET cache_object://$host/counters HTTP/1.0\r\n" . + "Accept: */*\r\n" . + &make_auth_header($user, $passwd) . + "\r\n"; + + $cachemgr->syswrite($request, length($request)); + my @lines = $cachemgr->getlines(); + + print "yes\n"; + exit 0; +} + +sub make_auth_header { + my ($user, $passwd) = @_; + + if(!defined $passwd || $passwd eq "") { + return ""; + } else { + my $auth = MIME::Base64::encode_base64(($user ? $user : "") . ":$passwd", ""); + return "Authorization: Basic $auth\r\n" . + "Proxy-Authorization: Basic $auth\r\n"; + } +} + + +sub query_squid { + my ($host, $port, $user, $passwd) = @_; + my $ret; + + my $cachemgr = IO::Socket::INET->new(PeerAddr => $host, + PeerPort => $port, + Proto => 'tcp') or die($!); + + + + my $request = "GET cache_object://$host/server_list HTTP/1.0\r\n" . + "Accept: */*\r\n" . + &make_auth_header($user, $passwd) . + "\r\n"; + + $cachemgr->syswrite($request, length($request)); + my @lines = $cachemgr->getlines(); + my $id = ""; + for(my $i = 0; $i <= $#lines; $i++) { + chomp $lines[$i]; + if($lines[$i] =~ /Host[^:]+:\s*(\S+)\/\d+\/\d+\s*$/) { + my $host = $1; + $id = $host; + $id =~ s/\./_/g; + + unless(exists($ret->{$id})) { + $ret->{$id}->{host} = $host; + $ret->{$id}->{fetches} = 0; + } + } + elsif($lines[$i] =~ /FETCHES\s*:\s*(\d+)/) { + $ret->{$id}->{fetches} += $1; + } + } + return $ret; +} + +my $hosts = &query_squid($squid_host, $squid_port, $user, $passwd); + +if($ARGV[0] and $ARGV[0] eq "config") { + my $first = 1; + print "graph_title Squid relay statistics\n"; + print "graph_vlabel requests / \${graph_period}\n"; + print "graph_args -l 0 --base 1000\n"; + print "graph_total total\n"; + print "graph_category squid\n"; + foreach my $i (sort keys %{$hosts}) { + print "$i.label ", $hosts->{$i}->{host}, "\n"; + print "$i.type DERIVE\n"; + print "$i.max 500000\n"; + print "$i.min 0\n"; + if ($first) { + print "$i.draw AREA\n"; + $first = 0; + } else { + print "$i.draw STACK\n"; + } + } + exit 0; +} + +foreach my $i (keys %{$hosts}) { + print "$i.value ", $hosts->{$i}->{fetches}, "\n"; +} + +# vim:syntax=perl diff --git a/cookbooks/nominatim/attributes/default.rb b/cookbooks/nominatim/attributes/default.rb index 2805a8606..67708f9a1 100644 --- a/cookbooks/nominatim/attributes/default.rb +++ b/cookbooks/nominatim/attributes/default.rb @@ -3,7 +3,7 @@ default[:nominatim][:dbadmins] = [] default[:nominatim][:dbname] = "nominatim" default[:nominatim][:tablespaces] = [] default[:nominatim][:logdir] = "/var/log/nominatim" -default[:nominatim][:repository] = "git://git.openstreetmap.org/nominatim.git" +default[:nominatim][:repository] = "https://git.openstreetmap.org/public/nominatim.git" default[:nominatim][:revision] = "master" default[:nominatim][:enable_backup] = false default[:nominatim][:enable_git_updates] = true diff --git a/cookbooks/nominatim/templates/default/vacuum-db-nominatim.erb b/cookbooks/nominatim/templates/default/vacuum-db-nominatim.erb index 112159717..e1be595e9 100644 --- a/cookbooks/nominatim/templates/default/vacuum-db-nominatim.erb +++ b/cookbooks/nominatim/templates/default/vacuum-db-nominatim.erb @@ -6,7 +6,6 @@ # Vaccum all tables with indices on integer arrays. # Agressive vacuuming seems to help against index bloat. psql -q -d <%= @db %> -c 'VACUUM ANALYSE search_name' -psql -q -d <%= @db %> -c 'VACUUM ANALYSE search_name_country' for i in `seq 0 250`; do psql -q -d <%= @db %> -c "VACUUM ANALYSE search_name_${i}" diff --git a/cookbooks/ntp/recipes/default.rb b/cookbooks/ntp/recipes/default.rb index 3cefe3c46..7be4ab437 100644 --- a/cookbooks/ntp/recipes/default.rb +++ b/cookbooks/ntp/recipes/default.rb @@ -32,11 +32,10 @@ execute "dpkg-reconfigure-tzdata" do group "root" end -file "/etc/timezone" do +link "/etc/localtime" do + to "/usr/share/zoneinfo/#{node[:tz]}" owner "root" group "root" - mode 0o644 - content "#{node[:tz]}\n" notifies :run, "execute[dpkg-reconfigure-tzdata]", :immediately end diff --git a/cookbooks/openssh/recipes/default.rb b/cookbooks/openssh/recipes/default.rb index 3d5f4a460..08d1aded8 100644 --- a/cookbooks/openssh/recipes/default.rb +++ b/cookbooks/openssh/recipes/default.rb @@ -41,8 +41,8 @@ hosts = search(:node, "networking:interfaces").sort_by { |n| n[:hostname] }.coll end keys = { - "rsa" => node[:keys][:ssh][:host_rsa_public], # ~FC039 - "dsa" => node[:keys][:ssh][:host_dsa_public] # ~FC039 + "ssh-rsa" => node[:keys][:ssh][:host_rsa_public], # ~FC039 + "ssh-dss" => node[:keys][:ssh][:host_dsa_public] # ~FC039 } if node[:keys][:ssh][:host_ecdsa_public] # ~FC039 @@ -51,6 +51,10 @@ hosts = search(:node, "networking:interfaces").sort_by { |n| n[:hostname] }.coll keys[ecdsa_type] = node[:keys][:ssh][:host_ecdsa_public] # ~FC039 end + if node[:keys][:ssh][:host_ed25519_public] # ~FC039 + keys["ssh-ed25519"] = node[:keys][:ssh][:host_ed25519_public] # ~FC039 + end + Hash[ :names => names.sort, :addresses => node.ipaddresses.sort, diff --git a/cookbooks/openssh/templates/default/ssh_known_hosts.erb b/cookbooks/openssh/templates/default/ssh_known_hosts.erb index 3ee614679..3e0d9f59f 100644 --- a/cookbooks/openssh/templates/default/ssh_known_hosts.erb +++ b/cookbooks/openssh/templates/default/ssh_known_hosts.erb @@ -5,9 +5,6 @@ <%= host[:names].join(",") -%>,<%= host[:addresses].join(",") -%> <%= type %> <%= host[:keys][type] %> <% end -%> <% end -%> -apc1,apc1.ucl.openstreetmap.org,10.0.0.49 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYDLYD52vwCagyebWxujdLw5/jnJ4Nln8g+pXFylT6OJU2R6t+U7mndZUKj1ClCt4AkS77/lEncs8Ie9YM3zzZlN0zsMEmhXzT62wO+0WJkr+hGSlTkMp1iL+dqC9Bk+U= -apc2,apc2.ucl.openstreetmap.org,10.0.0.50 ssh-rsa AAAAB3NzaC1yc2EAAAACAQEAAAEBANYmUWIbP1bVQEcyeIoKZOvW/cyzmWytUA0u/057WGCMB70UKJrgmhRoArtxm3O4sFYS5b5xzhpcJ6YyYPjs3GMa67lkUBv/mOZEOIM20VeP7biRQf5DLrrSF5cS4A3p+ft7TyFPAuIgywxHQwpnRi7ZtBIPNj6MbRukUYivWrBVQML23O2hfWbwyLWQCTpedycgb1OFYbKC86r73PwW6ZP3Kzv0CDinDL2heEBT/hdeUkeXJCbop6tU3A4bA/obMTmKxsVoT2vEhto3v/bXFAFDQyYidBrOo+CBa3Nbbl+0wAZLBbrjkbQC7gz6TtU70ceLHo/cl8zmIQlHKa8c/Ec= -apc3,apc3.ucl.openstreetmap.org,10.0.0.51 ssh-rsa AAAAB3NzaC1yc2EAAAACAQEAAAEBAM7kqwZuiMNnTQgI2/CpBwNna2vHC2W5kT0AVRFdd41f+Bet+NbXaHpa+/l1eGaMThtuEpXI8TuyyMP/Wna6xhaSBqcTyinbmc+1rqsSxqXTdNKFX+GSKJay/7jQpe/ZA94MAX/l+jHo50g9bjw5GhSv2sG5VeeabYM+eiTDwjSEwoqpsHYtRSbCCwNgM5hK0lTunPZ+wq31vY8tPbnYTZdi8ENxccXI1+wLPEIGg74FoWxy98lKTc8FIa/JaT37hDOwOC0uzDi1koXp5sCzCVAhRDNzHSSKkiIXx8rXp7/2ZPrKo2j++W/rl0b0xe1UO+/KWxhCC2YsCaDIgBXsG7E= #albi.oob,albi.oob.openstreetmap.org,10.0.1.2 ssh-rsa #albi.oob,albi.oob.openstreetmap.org,10.0.1.2 ssh-dss ridley.oob,ridley.oob.openstreetmap.org,10.0.1.3 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC6FtSZo3FZfOyWVdiUX1CSlWLIiB2iCWmtsfiqQ32i+AbNxiOfqBckp9CQazdaAmMp638TnLpCwSfJk9oJNui/J6yY5jq1RKb5U9YVGkhXvFmHH2dG/QpD9z786jWZ8RFdTwtdpHVfJzfm3vFDOORJcJwnvGr+Fe+fnY43aPzTZQ== @@ -26,12 +23,14 @@ eustace.oob,eustace.oob.openstreetmap.org,10.0.1.9 ssh-rsa AAAAB3NzaC1yc2EAAAADA eustace.oob,eustace.oob.openstreetmap.org,10.0.1.9 ssh-dss AAAAB3NzaC1kc3MAAACBAM9dCBACQykp7BM/HqbIdTPNSFaC0AAjA95WZP4AfHos+wkUt+zdNeKfO2xgnAj6WyBJFUvSOgcmAiKqCJk6+B1Zl2k+CyQIW9RnQbwBLH3M3AduqXMWB/EfD9SWt6HwyU/dumaiv/HqapGR/ly/84F+sIiNTXVSTZvtweUNuYFPAAAAFQCBQ4QjFUny6+XAL2ucyU9W8ya7rQAAAIAXSQrRSubw9Tli0PbBfWllf5AkR/ybB/rd6UQUUeMTVg5SHLVjc/HwyBYQbeRnSW+bpztauW1bx4cfpGQsqmEPHmJVfxuc36u5MyeYQn1HPLfXDGYILFcjT5aUwRoKqGCuOaCV2YIqBtgtS8nR9ihPJKQfbmtQ4gcAnKMSbMFnvQAAAIEAt4kLYCscN/DkSIxiCNjHVYTYxepsfP2IsZAYi3Cxs8GHWu3kdyP8AvT47t6pI6KxEFhFPozNCtU9w+0kxgCBApb0bALI/DcebNZYCYyk/S939KfLpRCBion53JdCXbFhPgWiYzI40IUQPwWo/cyXREB3Qw/AOLwp8vlKuq8RDtU= #puff.oob,puff.oob.openstreetmap.org,10.0.1.10 ssh-rsa #puff.oob,puff.oob.openstreetmap.org,10.0.1.10 ssh-dss +draco.oob,draco.oob.openstreetmap.org,10.0.1.11 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCl+ue/d4rW+xBja+8Gicp/LDFzURo7fgP3IOnOXM8QMmHaPzfUbWDlKNRGaCaK+xHUUI/6/AfKwikY2pmPSZ8vC/Ss641RELqvAAbfrOUN8M0akeJPs35T04ek6aWIA2d0AYXlWRLojKd/N7KoZOFvp8udkYSH5yNh4BsArNQHhw== sarel.oob,sarel.oob.openstreetmap.org,10.0.1.12 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCepzpzx1NqbX1uo10ePzF5lUnaHXtzxcgFR7LvXOuZrip+bSOY/4jBqCasZG3kofMcUL6TFh7Q2MrkZ+9Xj7B9AeNwzlZnohAjLNIdJJjHHyjJ5EHiJHnpVeElP+/W6NfLE2S4xq7JF+eOdeznb6X6JdkXnKhaJv5KQcz6JVp50Q== sarel.oob,sarel.oob.openstreetmap.org,10.0.1.12 ssh-dss AAAAB3NzaC1kc3MAAACBAKPIabHx0CCmG3tl36baYTalPout92RMZkX0RhfiRDOHXc+Mk5bAA/r8ep9BiMNbhB+qstay0yqpwemJLC0+0LxhQAyl4MDEDpHMLAlXmQO4HhEVyKB9hutfyFDMYNI4D1NwzBRO4yPRjhoai0NaEo5jBjI9SiIWMhPBDO2lLyGtAAAAFQCrlNl/cRw43H1BVzO3lhMG8+eTYwAAAIBbTcKalbfzeoWLOPuLSxL7AE57WqyqMB9/gdac6+c3YaO/g/WIsJRO2g5Im1/cCIvOH4nVF0wlQONh9CGZZKzSKdaIJIJ9y0A7kzRxLxEfGz5ZslH+xusdWeU4hx39yVzBinM2+qLiDpc6zgowd6klUiMR2Qv2bXo27gLSAHxLIAAAAIAC1gES35Xj85N+1VGR5rQbRf99ft6Cz5Ml4nq1c936z9OCzYTbCaWG0yrHsuKyC7kHO2drsDLb6kER9H/dx+ryULWIsNOv8JQtLaxr+TRnb8SDNE6pObruCkTpSgKJx9/fng1qAsuYTvZCkEu3vkS/ug+BfrE/1peIzVxTUz/DWA== errol.oob,errol.oob.openstreetmap.org,10.0.1.14 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1riMj4gWqiovniYhlFNUxMm/AGmV/C2GjcMP+NcJ1ZyP4OdytGeGfhUm5GwVwraimkFQQlfEDcUWY7OX4EG115E8i15cUt6s6Ya2E6AXydigvBbrdp8MNnPOWBifVN3/5Cgi8nrAebmPs88ZZx2KM/Df5qIB2rHYpuHYyl+MpqE= errol.oob,errol.oob.openstreetmap.org,10.0.1.14 ssh-dss AAAAB3NzaC1kc3MAAACBAKcnhyMz3C4sku0e1/nFailjoPcMwLazXq4H/kUsdlt+f2By73F5KdUWffxoeRNL0UVT7+VCKG6IXmXGkKVfvpTipFjkP1N+b7I4SuJcQ/EUNPTCGAfC3l691K8jUBD6WSlQUqZtKGnpDS1zI/ZIYiNqrQnWu2RTYnP3QvY7JigDAAAAFQDI6aaH6mWx7vTVS9m3tyXQ4GQ08wAAAIAQjAM+q8Hfp1h45UjTeD2jIA74asQl0M+4q+4EcnNPnKXRbEBIg4rCWkHdd06uhayXZ91KzCDcj1b2LSb2zOE4U1MDEpdVnz22PuEl/f6/epKmLOqHoOGu9/9Lud6OoZQSveEPYmcpEEpt1RCN9ZvkVtFdLwtQ8+CSSGXg8yfCxgAAAIEAjQztmG1LN/e7pNRY0MtV148rJY3mR2knJegg0yBOEWHUGtKY91lgboWie1YTGR3RiXckJFFYkOGWAxqEVM//+rW0hatCxEp/mWEt/GWKPpV52fc4BUhJbi9hb8sg+dAvfoHwUL3CzHzqapaRNxxbfest8dfvascAjRDFP7yxU9w= yevaud.oob,yevaud.oob.openstreetmap.org,10.0.1.15 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuWeUQd5ssUd5VFyTMXgC+U6c7s63mtuEj+cL6x8EU8PqNS12RGwLpeAI5VL8UzM0YLyPjPh/yzdQN2tl9ufK7KZF0apvoSZgp/uwyG+CgdFSf66nTrZN4NA/QP1ikH3kbqcM87LfNjCrMXnqMBJ/OCqz2z+An8t0KGDXS8haxlU= yevaud.oob,yevaud.oob.openstreetmap.org,10.0.1.15 ssh-dss AAAAB3NzaC1kc3MAAACBAL6RC7IMuQEtD4JIRmBJEownC0a7ZEvfCTw20PV5MjWb6twZlGBK3IA/0yV0oJ+75W6VWizn3cWSBS3y1zD8KktF4fh4+FVyin9WTyFuwME8cYmRPV+kuOa1lF1sLJxqvZJRjKMjweLeNTKnl1mb03049SL2YoGwMOTdVgVBjEyFAAAAFQC7rQIvnfLYbQdX87DwlzfMDALOoQAAAIEAmAu2kK8atEOR1Sc6maxYKSf68MYMHoTpm2MW9q2x5ls982kfEUMJ3h641cbRgOAuCmQU3gHnt73sl5LY3K3oLijIhSQm8+l+GkrXVhdwx7ScLXf+8TJZRWiP6Q98VWM4E3L4wmiJksLbTlxdoew3lv8gGhbpk0XuSyLWIBZIKJAAAACATogkqFXhPFzOMRJAR6G8J4bOqg9Ae2cGtf4aMZ9xdm/Hm7YLSu3kn5IhawwU+DL494VF+ky69T01iY3e4m/kQhYB4emlqsRHzVscblVH+GL6sVEkct0HMzfqzEFcfYWqqMdig9EwTzHwJzkAb4WqZdGnWG3Ln88x3liyDZTpGco= +clifford.oob,clifford.oob.openstreetmap.org,10.0.1.17 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCsCrNQ+QQg2UUGhBpgjlLAF4gI48VDGmcF9prulYDxduyGJIrqhOjQtKLjNksMr8TEblmJsI4JzPf1lY1rVL3Q/aZWJD5X4Q0DgEtNzfinI9JAy77JASj1osBPU2RfWSvK9C2TnEoXHxuyGKMw9iuuPLppNMjZ103PYprQeAXi1w== katla.oob,katla.oob.openstreetmap.org,10.0.33.40 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwCIJ+bSxbMsr6wurBXYkeqoznHnJT4zrN7nHtajgs5CJLIiWO+Eq/Lp+egz6Irxwk3v+kbfKW9RUum5fOMfkWFwaQxP41Cz5RbMmu5Jsm4MQKr4PPVxbLbPk75OeVgo+nfkzBupsBuYGMp/GCpjTJ8rusPmYxzWBek4amKL5udfA9Ld katla.oob,katla.oob.openstreetmap.org,10.0.33.40 ssh-dss AAAAB3NzaC1kc3MAAACBAP4oHi33lAVyP8zjoRZe6kxcZGJi1JOgF1vpZqEsxA97yCaLGVjc2cdxi16namqdJ/DgQaRpGRM+chP6AgGN9FD8Z6Wfskm+2sghPpcGRUkr7u6mM7WlJ0xQehD4LDcxFEpZKxtalf6TlxXn9cO0VaL9NNVrpU34c2Pqxl7wg/QnAAAAFQCB10EQxYDOnsxN2xrSHEbmgA3K0wAAAIAWN0b4KREM6Uc6FVkRtOjkiAR8FWmCg8nNQaqlKIPlM4hsrIcPC5yZfc7BzamQSy4PpHNGZG64CkYr8tn8LGWouHVKKbeFOWEXIBsRBSf1NNaYI7cS7WPnGVOmkt6yHvWwPlDcVO8FpPUL9pA7kf6iCuQNdD/MyOBHdbVoU9LcNAAAAIEAsXBb+3EZhsRAYL9Jm22PsrsW2o/hO7aomMeEXvVGG8Wuy77lqmcIvlyW3zhHBs7ubI9TZz1XDsgLK9giCkmqCyKmUsTXGsu9e4veOq+sgvXdbhoBMVi90IFsPLPUdPN5mfovBDHkwi60VtDwOLAX368pFfBfSA50CZWfhwUu26E= karm.oob,karm.oob.openstreetmap.org,146.179.159.173 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwC0NwmVi6Fj/55PE+E/60m55gsjY0HaHpSTO2Cr3wuaTrvT4rMCbORaAtIqvp/j70MKZqSS7f1wztnm9fP/54viWWbgslMZ8GaSUHDDkoH07eznggIJ5P3wHcaK/P1sKe6JTj/dbCf/FMvTT2nrA+kIlY5q3UPQ7q1apSYE9lUjF0f3 diff --git a/cookbooks/osqa/recipes/default.rb b/cookbooks/osqa/recipes/default.rb index 047cc3892..a886fe6f4 100644 --- a/cookbooks/osqa/recipes/default.rb +++ b/cookbooks/osqa/recipes/default.rb @@ -76,7 +76,7 @@ node[:osqa][:sites].each do |site| git "#{directory}/osqa" do action :sync - repository "git://git.openstreetmap.org/osqa.git" + repository "https://git.openstreetmap.org/public/osqa.git" revision "live" user site_user group site_group diff --git a/cookbooks/otrs/attributes/default.rb b/cookbooks/otrs/attributes/default.rb index 2ca23b364..fff2dc008 100644 --- a/cookbooks/otrs/attributes/default.rb +++ b/cookbooks/otrs/attributes/default.rb @@ -1,4 +1,4 @@ -default[:otrs][:version] = "5.0.27" +default[:otrs][:version] = "6.0.8" default[:otrs][:user] = "otrs" default[:otrs][:group] = nil default[:otrs][:database_cluster] = "9.5/main" diff --git a/cookbooks/otrs/recipes/default.rb b/cookbooks/otrs/recipes/default.rb index 77ac3912d..c71c920c6 100644 --- a/cookbooks/otrs/recipes/default.rb +++ b/cookbooks/otrs/recipes/default.rb @@ -48,12 +48,6 @@ database_user = node[:otrs][:database_user] database_password = passwords[node[:otrs][:database_password]] site = node[:otrs][:site] -old_installation = begin - File.readlink("/opt/otrs") - rescue StandardError - nil - end - postgresql_user database_user do cluster database_cluster password database_password @@ -96,16 +90,6 @@ file "/opt/otrs-#{version}/Kernel/Config.pm" do content config end -link "/opt/otrs-#{version}/Kernel/Config/Files/ZZZAuto.pm" do - to "#{old_installation}/Kernel/Config/Files/ZZZAuto.pm" - link_type :hard -end - -link "/opt/otrs-#{version}/var/log/TicketCounter.log" do - to "#{old_installation}/var/log/TicketCounter.log" - link_type :hard -end - link "/opt/otrs" do to "/opt/otrs-#{version}" end diff --git a/cookbooks/passenger/attributes/default.rb b/cookbooks/passenger/attributes/default.rb index e21f96269..adb0edc08 100644 --- a/cookbooks/passenger/attributes/default.rb +++ b/cookbooks/passenger/attributes/default.rb @@ -1,4 +1,4 @@ -default[:passenger][:ruby_version] = "2.3" +default[:passenger][:ruby_version] = node[:lsb][:release].to_f >= 18.04 ? "2.5" : "2.3" default[:passenger][:max_pool_size] = 6 default[:passenger][:pool_idle_time] = 300 diff --git a/cookbooks/piwik/recipes/default.rb b/cookbooks/piwik/recipes/default.rb index ecc6e2023..9064522bf 100644 --- a/cookbooks/piwik/recipes/default.rb +++ b/cookbooks/piwik/recipes/default.rb @@ -28,12 +28,12 @@ package "php-curl" package "php-mbstring" package "php-mysql" package "php-gd" +package "php-xml" package "php-apcu" -package "geoip-database-contrib" +package "geoipupdate" -apache_module "php7.0" -apache_module "geoip" +apache_module "php7.2" version = node[:piwik][:version] @@ -78,6 +78,18 @@ directory "/opt/piwik-#{version}/piwik/tmp" do mode "0755" end +link "/opt/piwik-#{version}/piwik/misc/GeoLite2-ASN.mmdb" do + to "/var/lib/GeoIP/GeoLite2-ASN.mmdb" +end + +link "/opt/piwik-#{version}/piwik/misc/GeoLite2-City.mmdb" do + to "/var/lib/GeoIP/GeoLite2-City.mmdb" +end + +link "/opt/piwik-#{version}/piwik/misc/GeoLite2-Country.mmdb" do + to "/var/lib/GeoIP/GeoLite2-Country.mmdb" +end + link "/srv/piwik.openstreetmap.org" do to "/opt/piwik-#{version}/piwik" notifies :restart, "service[apache2]" diff --git a/cookbooks/planet/files/default/cgi/HEADER.cgi b/cookbooks/planet/files/default/cgi/HEADER.cgi index f32409a3b..da7004ca1 100644 --- a/cookbooks/planet/files/default/cgi/HEADER.cgi +++ b/cookbooks/planet/files/default/cgi/HEADER.cgi @@ -106,7 +106,7 @@ database, and those published before the 12 September 2012 are distributed under your obligations.

- You can process the file + You can process the file or extracts with a variety of tools. Osmosis is a general-purpose command-line tool for converting the data among different formats and databases, and Osm2pgsql diff --git a/cookbooks/squid/attributes/default.rb b/cookbooks/squid/attributes/default.rb index f26853fa8..6a7c649d3 100644 --- a/cookbooks/squid/attributes/default.rb +++ b/cookbooks/squid/attributes/default.rb @@ -1,4 +1,4 @@ - +default[:squid][:version] = "2" default[:squid][:cache_mem] = "256 MB" default[:squid][:cache_dir] = "ufs /var/spool/squid 256 16 256" default[:squid][:access_log] = "/var/log/squid/access.log openstreetmap" diff --git a/cookbooks/squid/recipes/default.rb b/cookbooks/squid/recipes/default.rb index c0e240190..5e07a4bdf 100644 --- a/cookbooks/squid/recipes/default.rb +++ b/cookbooks/squid/recipes/default.rb @@ -17,6 +17,35 @@ # limitations under the License. # +if node[:squid][:version] == "3" + apt_package "squid" do + action :unlock + end + + apt_package "squid-common" do + action :unlock + end + + apt_package "squid" do + action :purge + only_if "dpkg-query -W squid | fgrep -q 2." + end + + apt_package "squid-common" do + action :purge + only_if "dpkg-query -W squid-common | fgrep -q 2." + end + + file "/store/squid/coss-01" do + action :delete + backup false + end + + package "squidclient" do + action :upgrade + end +end + package "squid" package "squidclient" @@ -27,34 +56,45 @@ template "/etc/squid/squid.conf" do mode 0o644 end -template "/etc/default/squid" do - source "squid.erb" - owner "root" - group "root" - mode 0o644 -end - directory "/etc/squid/squid.conf.d" do owner "root" group "root" mode 0o755 end +if node[:squid][:cache_dir] =~ /^coss (\S+) / + cache_dir = File.dirname(Regexp.last_match(1)) +elsif node[:squid][:cache_dir] =~ /^\S+ (\S+) / + cache_dir = Regexp.last_match(1) +end + +directory cache_dir do + owner "proxy" + group "proxy" + mode 0o750 + recursive true +end + +systemd_tmpfile "/var/run/squid" do + type "d" + owner "proxy" + group "proxy" + mode "0755" +end + systemd_service "squid" do description "Squid caching proxy" after ["network.target", "nss-lookup.target"] + type "forking" limit_nofile 65536 - environment "SQUID_ARGS" => "-D" - environment_file "/etc/default/squid" - exec_start_pre "/usr/sbin/squid $SQUID_ARGS -z" - exec_start "/usr/sbin/squid -N $SQUID_ARGS" + exec_start_pre "/usr/sbin/squid -N -z" + exec_start "/usr/sbin/squid -Y" exec_reload "/usr/sbin/squid -k reconfigure" exec_stop "/usr/sbin/squid -k shutdown" private_tmp true private_devices true protect_system "full" protect_home true - no_new_privileges true restart "on-failure" timeout_sec 0 end @@ -62,8 +102,8 @@ end service "squid" do action [:enable, :start] subscribes :restart, "systemd_service[squid]" + subscribes :restart, "directory[#{cache_dir}]" subscribes :reload, "template[/etc/squid/squid.conf]" - subscribes :restart, "template[/etc/default/squid]" subscribes :reload, "template[/etc/resolv.conf]" end @@ -85,7 +125,3 @@ munin_plugin "squid_icp" munin_plugin "squid_objectsize" munin_plugin "squid_requests" munin_plugin "squid_traffic" - -Dir.glob("/var/log/squid/zere.log*") do |log| - File.unlink(log) -end diff --git a/cookbooks/squid/templates/default/squid.conf.erb b/cookbooks/squid/templates/default/squid.conf.erb index f290f730d..659b3c8cb 100644 --- a/cookbooks/squid/templates/default/squid.conf.erb +++ b/cookbooks/squid/templates/default/squid.conf.erb @@ -12,14 +12,23 @@ icp_port 3130 log_icp_queries off #FIXME - configurable +<% if node[:squid][:version] == "2" -%> http_port 80 accel defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6 http11 +<% else -%> +http_port 80 accel no-vhost defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6 + +#prefer IPv4 until everything is upgraded +dns_v4_first on +<% end -%> cache_effective_user proxy cache_effective_group proxy #FIXME - configurable cache_dir <%= node[:squid][:cache_dir] %> +<% if node[:squid][:version] == "2" -%> cache_swap_log /var/spool/squid/%s +<% end -%> cache_mgr webmaster@openstreetmap.org @@ -39,7 +48,11 @@ persistent_request_timeout 1 minutes negative_ttl 15 seconds half_closed_clients off +<% if node[:squid][:version] == "2" -%> pipeline_prefetch on +<% else -%> +pipeline_prefetch 1 +<% end -%> read_timeout 90 seconds request_timeout 90 seconds @@ -47,14 +60,18 @@ connect_timeout 20 seconds client_lifetime 1 hours collapsed_forwarding on +<% if node[:squid][:version] == "2" -%> refresh_stale_hit 300 seconds +<% end -%> #Recommended minimum configuration: #---------------------------------- +<% if node[:squid][:version] == "2" -%> acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 +<% end -%> acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp @@ -84,13 +101,25 @@ http_access deny purge forwarded_for on follow_x_forwarded_for allow localhost +<% if node[:squid][:version] == "2" -%> logformat openstreetmap %ts.%03tu %tr %>a %Ss/%03Hs %h" "%{User-Agent}>h" access_log <%= node[:squid][:access_log] %> +<% else -%> +logformat openstreetmap %ts.%03tu %tr %>a %Ss/%03>Hs %rp %Sh/%h" "%{User-Agent}>h" +access_log daemon:<%= node[:squid][:access_log] %> +<% end -%> cache_log /var/log/squid/cache.log cache_store_log none buffered_logs on client_db off strip_query_terms off +<% if node[:squid][:version] == "3" -%> +# Work around bug in squid 3 that causes log_fqdn to be +# turned on by some of the (unused by us) default formats: +# http://lists.squid-cache.org/pipermail/squid-users/2016-February/thread.html#8999 +url_rewrite_extras "%>a %un %>rm myip=%la myport=%lp" +store_id_extras "%>a %un %>rm myip=%la myport=%lp" +<% end -%> digest_generation on diff --git a/cookbooks/squid/templates/default/squid.erb b/cookbooks/squid/templates/default/squid.erb deleted file mode 100644 index f6a346cbf..000000000 --- a/cookbooks/squid/templates/default/squid.erb +++ /dev/null @@ -1,8 +0,0 @@ -# DO NOT EDIT - This file is being maintained by Chef -# -# /etc/default/squid Configuration settings for the Squid proxy server. -# - -# Max. number of filedescriptors to use. You can increase this on a busy -# cache to a maximum of (currently) 65536 filedescriptors. Default is 1024. -SQUID_MAXFD=65536 diff --git a/cookbooks/stateofthemap/recipes/default.rb b/cookbooks/stateofthemap/recipes/default.rb index e697ae88c..89fbbab34 100644 --- a/cookbooks/stateofthemap/recipes/default.rb +++ b/cookbooks/stateofthemap/recipes/default.rb @@ -23,7 +23,7 @@ passwords = data_bag_item("stateofthemap", "passwords") git "/srv/stateofthemap.org" do action :sync - repository "git://git.openstreetmap.org/stateofthemap.git" + repository "https://git.openstreetmap.org/public/stateofthemap.git" revision "chooser" user "root" group "root" @@ -59,7 +59,7 @@ end wordpress_theme "2007.stateofthemap.org-refreshwp-11" do theme "refreshwp-11" site "2007.stateofthemap.org" - repository "git://git.openstreetmap.org/stateofthemap.git" + repository "https://git.openstreetmap.org/public/stateofthemap.git" revision "theme-2007" end @@ -86,7 +86,7 @@ end wordpress_theme "2008.stateofthemap.org-refreshwp-11" do theme "refreshwp-11" site "2008.stateofthemap.org" - repository "git://git.openstreetmap.org/stateofthemap.git" + repository "https://git.openstreetmap.org/public/stateofthemap.git" revision "theme-2008" end @@ -103,7 +103,7 @@ end git "/srv/2009.stateofthemap.org" do action :sync - repository "git://git.openstreetmap.org/stateofthemap.git" + repository "https://git.openstreetmap.org/public/stateofthemap.git" revision "resources-2009" user "wordpress" group "wordpress" @@ -123,7 +123,7 @@ end wordpress_theme "2009.stateofthemap.org-aerodrome" do theme "aerodrome" site "2009.stateofthemap.org" - repository "git://git.openstreetmap.org/stateofthemap.git" + repository "https://git.openstreetmap.org/public/stateofthemap.git" revision "theme-2009" end @@ -140,7 +140,7 @@ end git "/srv/2010.stateofthemap.org" do action :sync - repository "git://git.openstreetmap.org/stateofthemap.git" + repository "https://git.openstreetmap.org/public/stateofthemap.git" revision "resources-2010" user "wordpress" group "wordpress" @@ -158,14 +158,14 @@ end wordpress_theme "2010.stateofthemap.org-aerodrome" do theme "aerodrome" site "2010.stateofthemap.org" - repository "git://git.openstreetmap.org/stateofthemap.git" + repository "https://git.openstreetmap.org/public/stateofthemap.git" revision "theme-2010" end wordpress_plugin "2010.stateofthemap.org-sitepress-multilingual-cms" do plugin "sitepress-multilingual-cms" site "2010.stateofthemap.org" - repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git" + repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git" end wordpress_plugin "2010.stateofthemap.org-wp-sticky" do @@ -181,7 +181,7 @@ end git "/srv/2011.stateofthemap.org" do action :sync - repository "git://git.openstreetmap.org/stateofthemap.git" + repository "https://git.openstreetmap.org/public/stateofthemap.git" revision "resources-2011" user "wordpress" group "wordpress" @@ -199,14 +199,14 @@ end wordpress_theme "2011.stateofthemap.org-aerodrome" do theme "aerodrome" site "2011.stateofthemap.org" - repository "git://git.openstreetmap.org/stateofthemap.git" + repository "https://git.openstreetmap.org/public/stateofthemap.git" revision "theme-2011" end wordpress_plugin "2011.stateofthemap.org-sitepress-multilingual-cms" do plugin "sitepress-multilingual-cms" site "2011.stateofthemap.org" - repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git" + repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git" end wordpress_plugin "2011.stateofthemap.org-wp-sticky" do @@ -222,7 +222,7 @@ end git "/srv/2012.stateofthemap.org" do action :sync - repository "git://git.openstreetmap.org/stateofthemap.git" + repository "https://git.openstreetmap.org/public/stateofthemap.git" revision "resources-2012" user "wordpress" group "wordpress" @@ -240,7 +240,7 @@ end wordpress_theme "2012.stateofthemap.org-aerodrome" do theme "aerodrome" site "2012.stateofthemap.org" - repository "git://git.openstreetmap.org/stateofthemap.git" + repository "https://git.openstreetmap.org/public/stateofthemap.git" revision "theme-2012" end @@ -252,7 +252,7 @@ end wordpress_plugin "2012.stateofthemap.org-sitepress-multilingual-cms" do plugin "sitepress-multilingual-cms" site "2012.stateofthemap.org" - repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git" + repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git" end wordpress_plugin "2012.stateofthemap.org-wp-sticky" do @@ -263,7 +263,7 @@ end %w[2013].each do |year| git "/srv/#{year}.stateofthemap.org" do action :sync - repository "git://git.openstreetmap.org/stateofthemap.git" + repository "https://git.openstreetmap.org/public/stateofthemap.git" revision "site-#{year}" user "root" group "root" diff --git a/cookbooks/supybot/templates/default/git.conf.erb b/cookbooks/supybot/templates/default/git.conf.erb index 0b89223de..67b4afb82 100644 --- a/cookbooks/supybot/templates/default/git.conf.erb +++ b/cookbooks/supybot/templates/default/git.conf.erb @@ -3,7 +3,7 @@ [osm-website] short name = osm-website -url = git://git.openstreetmap.org/rails.git +url = https://git.openstreetmap.org/public/rails.git branch = master commit link = https://git.osm.org/rails.git/commitdiff/%c channels = #osm-dev @@ -17,7 +17,7 @@ channels = #osm-dev [osm-chef-public] short name = osm-chef-public -url = git://git.openstreetmap.org/chef.git +url = https://git.openstreetmap.org/public/chef.git branch = master commit link = https://git.osm.org/chef.git/commitdiff/%c channels = #osm-dev @@ -25,7 +25,7 @@ commit message = [%s|%b|%a] %m %l [osm-cgimap] short name = osm-cgimap -url = git://git.openstreetmap.org/cgimap.git +url = https://git.openstreetmap.org/public/cgimap.git branch = master commit link = https://git.osm.org/cgimap.git/commitdiff/%c channels = #osm-dev @@ -33,7 +33,7 @@ commit message = [%s|%b|%a] %m %l [osm-dns] short name = osm-dns -url = git://git.openstreetmap.org/dns.git +url = https://git.openstreetmap.org/public/dns.git branch = master commit link = https://git.osm.org/dns.git/commitdiff/%c channels = #osm-dev @@ -41,7 +41,7 @@ commit message = [%s|%b|%a] %m %l [osm-potlatch2] short name = osm-potlatch2 -url = git://git.openstreetmap.org/potlatch2.git +url = https://git.openstreetmap.org/public/potlatch2.git branch = master commit link = https://git.osm.org/potlatch2.git/commitdiff/%c channels = #osm-dev @@ -49,7 +49,7 @@ commit message = [%s|%b|%a] %m %l [osm-gpx-import] short name = osm-gpx-import -url = git://git.openstreetmap.org/gpx-import.git +url = https://git.openstreetmap.org/public/gpx-import.git branch = master commit link = https://git.osm.org/gpx-import.git/commitdiff/%c channels = #osm-dev @@ -57,7 +57,7 @@ commit message = [%s|%b|%a] %m %l [osm-nominatim] short name = osm-nominatim -url = git://git.openstreetmap.org/nominatim.git +url = https://git.openstreetmap.org/public/nominatim.git branch = master commit link = https://git.osm.org/nominatim.git/commitdiff/%c channels = #osm-dev @@ -65,7 +65,7 @@ commit message = [%s|%b|%a] %m %l [osm-planetdump] short name = osm-planetdump -url = git://git.openstreetmap.org/planetdump.git +url = https://git.openstreetmap.org/public/planetdump.git branch = master commit link = https://git.osm.org/planetdump.git/commitdiff/%c channels = #osm-dev diff --git a/cookbooks/switch2osm/recipes/default.rb b/cookbooks/switch2osm/recipes/default.rb index 5e2234f73..bb8eedd9b 100644 --- a/cookbooks/switch2osm/recipes/default.rb +++ b/cookbooks/switch2osm/recipes/default.rb @@ -39,43 +39,43 @@ end wordpress_plugin "switch2osm.org-sitepress-multilingual-cms" do plugin "sitepress-multilingual-cms" site "switch2osm.org" - repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git" + repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git" end wordpress_plugin "switch2osm.org-wpml-cms-nav" do plugin "wpml-cms-nav" site "switch2osm.org" - repository "git://chef.openstreetmap.org/wpml-cms-nav.git" + repository "https://git.openstreetmap.org/private/wpml-cms-nav.git" end wordpress_plugin "switch2osm.org-wpml-sticky-links" do plugin "wpml-sticky-links" site "switch2osm.org" - repository "git://chef.openstreetmap.org/wpml-sticky-links.git" + repository "https://git.openstreetmap.org/private/wpml-sticky-links.git" end wordpress_plugin "switch2osm.org-wpml-string-translation" do plugin "wpml-string-translation" site "switch2osm.org" - repository "git://chef.openstreetmap.org/wpml-string-translation.git" + repository "https://git.openstreetmap.org/private/wpml-string-translation.git" end wordpress_plugin "switch2osm.org-wpml-translation-analytics" do plugin "wpml-translation-analytics" site "switch2osm.org" - repository "git://chef.openstreetmap.org/wpml-translation-analytics.git" + repository "https://git.openstreetmap.org/private/wpml-translation-analytics.git" end wordpress_plugin "switch2osm.org-wpml-translation-management" do plugin "wpml-translation-management" site "switch2osm.org" - repository "git://chef.openstreetmap.org/wpml-translation-management.git" + repository "https://git.openstreetmap.org/private/wpml-translation-management.git" end wordpress_plugin "switch2osm.org-wpml-xliff" do plugin "wpml-xliff" site "switch2osm.org" - repository "git://chef.openstreetmap.org/wpml-xliff.git" + repository "https://git.openstreetmap.org/private/wpml-xliff.git" end template "/etc/cron.daily/switch2osm-backup" do diff --git a/cookbooks/taginfo/attributes/default.rb b/cookbooks/taginfo/attributes/default.rb index 487e6d378..c7098b77b 100644 --- a/cookbooks/taginfo/attributes/default.rb +++ b/cookbooks/taginfo/attributes/default.rb @@ -1 +1 @@ -default[:osqa][:sites] = [] +default[:taginfo][:sites] = [] diff --git a/cookbooks/taginfo/recipes/default.rb b/cookbooks/taginfo/recipes/default.rb index 2fbbc96af..98a45e378 100644 --- a/cookbooks/taginfo/recipes/default.rb +++ b/cookbooks/taginfo/recipes/default.rb @@ -30,7 +30,7 @@ package %w[ libboost-dev libexpat1-dev libsparsehash-dev - libgd2-xpm-dev + libgd-dev libicu-dev libboost-program-options-dev cmake @@ -85,6 +85,7 @@ end node[:taginfo][:sites].each do |site| site_name = site[:name] + site_aliases = Array(site[:aliases]) directory = site[:directory] || "/srv/#{site_name}" description = site[:description] about = site[:about] @@ -238,12 +239,13 @@ node[:taginfo][:sites].each do |site| end ssl_certificate site_name do - domains site_name + domains [site_name] + site_aliases notifies :reload, "service[apache2]" end apache_site site_name do template "apache.erb" directory "#{directory}/taginfo/web/public" + variables :aliases => site_aliases end end diff --git a/cookbooks/taginfo/templates/default/apache.erb b/cookbooks/taginfo/templates/default/apache.erb index 3ae9fed71..82fef8b37 100644 --- a/cookbooks/taginfo/templates/default/apache.erb +++ b/cookbooks/taginfo/templates/default/apache.erb @@ -24,9 +24,31 @@ Header setifempty Access-Control-Allow-Origin * +<% unless @aliases.empty? -%> + + + ServerName <%= @aliases.first %> +<% @aliases.drop(1).each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> + ServerAdmin webmaster@openstreetmap.org + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key + + CustomLog /var/log/apache2/<%= @name %>-access.log combined + ErrorLog /var/log/apache2/<%= @name %>-error.log + + RedirectPermanent / https://<%= @name %>/ + +<% end -%> ServerName <%= @name %> +<% @aliases.each do |alias_name| -%> + ServerAlias <%= alias_name %> +<% end -%> ServerAdmin webmaster@openstreetmap.org CustomLog /var/log/apache2/<%= @name %>-access.log combined diff --git a/cookbooks/tilecache/recipes/default.rb b/cookbooks/tilecache/recipes/default.rb index 0d94bcfd2..5c1cdba3c 100644 --- a/cookbooks/tilecache/recipes/default.rb +++ b/cookbooks/tilecache/recipes/default.rb @@ -117,8 +117,8 @@ ssl_certificate "tile.openstreetmap.org" do notifies :restart, "service[nginx]" end -nginx_site "tile-ssl" do - template "nginx_tile_ssl.conf.erb" +nginx_site "tile" do + template "nginx_tile.conf.erb" variables :caches => tilecaches end diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb similarity index 90% rename from cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb rename to cookbooks/tilecache/templates/default/nginx_tile.conf.erb index ac62a3775..95d7b8b8c 100644 --- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb +++ b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb @@ -2,14 +2,6 @@ upstream tile_cache_backend { server 127.0.0.1; - <% @caches.each do |cache| -%> - <% if cache[:hostname] != node[:hostname] -%> - #Server <%= cache[:hostname] %> - <% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%> - server <%= address %> backup; - <% end -%> - <% end -%> - <% end -%> keepalive 32; } @@ -61,6 +53,8 @@ server { proxy_connect_timeout 5s; + # Preserve host header. + proxy_set_header Host $host; # Do not pass cookies to backends. proxy_set_header Cookie ''; # Do not pass Accept-Encoding to backends. diff --git a/cookbooks/tilecache/templates/default/squid.conf.erb b/cookbooks/tilecache/templates/default/squid.conf.erb index 8c2adc7c1..6c03797d1 100644 --- a/cookbooks/tilecache/templates/default/squid.conf.erb +++ b/cookbooks/tilecache/templates/default/squid.conf.erb @@ -1,4 +1,5 @@ -acl osmtile_sites dstdomain a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tile.openstreetmap.org a.tile.osm.org b.tile.osm.org c.tile.osm.org tile.osm.org +acl osmtile_thishost dstdomain <%= node[:fqdn] %> +acl osmtile_sites dstdomain <%= node[:fqdn] %> a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tile.openstreetmap.org a.tile.osm.org b.tile.osm.org c.tile.osm.org tile.osm.org acl osmtiles_png urlpath_regex .png$ acl osmtileScrapers browser ^$ @@ -98,9 +99,19 @@ http_access allow osmtile_sites requestMethodGet acl osmtile_nocache_url urlpath_regex \.png/(status|dirty)$ cache deny osmtile_sites osmtile_nocache_url +<% @caches.each do |cache| -%> +<% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%> +acl tile_caches src <%= address %> +<% end -%> +<% end -%> + +<% if node[:squid][:version] == "2" -%> +#Siblings <% node[:tilecache][:tile_siblings].each do |sibling| -%> cache_peer <%= sibling %> sibling 3128 3130 weight=1500 <% end -%> +<% end -%> + #Primary Parent cache_peer <%= node[:tilecache][:tile_parent] %> parent 443 0 no-query originserver name=osmtileAccel login=PASS connect-timeout=120 no-digest weight=1000 ssl ssldomain=render.openstreetmap.org cache_peer_access osmtileAccel allow osmtile_sites @@ -117,7 +128,6 @@ acl pool_unlimited src 127.0.0.1 <% @caches.each do |cache| -%> <% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%> acl pool_unlimited src <%= address %> -acl tile_caches src <%= address %> <% end -%> <% end -%> diff --git a/cookbooks/tools/recipes/default.rb b/cookbooks/tools/recipes/default.rb index b0dc2bb9c..a8afec012 100644 --- a/cookbooks/tools/recipes/default.rb +++ b/cookbooks/tools/recipes/default.rb @@ -32,12 +32,15 @@ package %w[ usbutils numactl xfsprogs - sysv-rc-conf iotop lvm2 rsyslog ] +if node[:lsb][:release].to_f < 18.04 + package "sysv-rc-conf" +end + service "rsyslog" do action [:enable, :start] supports :status => true, :restart => true, :reload => true diff --git a/cookbooks/trac/templates/default/trac.ini.erb b/cookbooks/trac/templates/default/trac.ini.erb index f2831e297..3cff049be 100644 --- a/cookbooks/trac/templates/default/trac.ini.erb +++ b/cookbooks/trac/templates/default/trac.ini.erb @@ -120,7 +120,7 @@ subversion.hidden = true <%= File.basename(repository, ".git") %>.dir = <%= repository %> <%= File.basename(repository, ".git") %>.description = <%= IO.read("#{repository}/description").strip %> <%= File.basename(repository, ".git") %>.type = git -<%= File.basename(repository, ".git") %>.url = git://git.openstreetmap.org/<%= File.basename(repository) %> +<%= File.basename(repository, ".git") %>.url = https://git.openstreetmap.org/public/<%= File.basename(repository) %> <% end -%> .alias = subversion diff --git a/cookbooks/web/recipes/gpx.rb b/cookbooks/web/recipes/gpx.rb index 4c1b87cb6..42011ee0a 100644 --- a/cookbooks/web/recipes/gpx.rb +++ b/cookbooks/web/recipes/gpx.rb @@ -48,7 +48,7 @@ end git gpx_directory do action :sync - repository "git://git.openstreetmap.org/gpx-import.git" + repository "https://git.openstreetmap.org/public/gpx-import.git" revision "live" user "rails" group "rails" diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb index ab6c4e7f2..ea9a58c4e 100644 --- a/cookbooks/web/recipes/rails.rb +++ b/cookbooks/web/recipes/rails.rb @@ -56,7 +56,7 @@ rails_port "www.openstreetmap.org" do directory rails_directory user "rails" group "rails" - repository "git://git.openstreetmap.org/rails.git" + repository "https://git.openstreetmap.org/public/rails.git" revision "live" database_host node[:web][:database_host] database_name "openstreetmap" diff --git a/cookbooks/web/resources/rails_port.rb b/cookbooks/web/resources/rails_port.rb index 1c95dd8dc..3c57a98d3 100644 --- a/cookbooks/web/resources/rails_port.rb +++ b/cookbooks/web/resources/rails_port.rb @@ -28,7 +28,7 @@ property :ruby, String, :default => "2.3" property :directory, String property :user, String property :group, String -property :repository, String, :default => "git://git.openstreetmap.org/rails.git" +property :repository, String, :default => "https://git.openstreetmap.org/public/rails.git" property :revision, String, :default => "live" property :run_migrations, [TrueClass, FalseClass], :default => false property :email_from, String, :default => "OpenStreetMap " @@ -338,29 +338,6 @@ action :create do action :nothing end - execute "#{rails_directory}/lib/quad_tile/extconf.rb" do - command "ruby extconf.rb" - cwd "#{rails_directory}/lib/quad_tile" - user new_resource.user - group new_resource.group - not_if do - ::File.exist?("#{rails_directory}/lib/quad_tile/quad_tile_so.so") && - ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= ::File.mtime("#{rails_directory}/lib/quad_tile/extconf.rb") && - ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.c") && - ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.h") - end - notifies :run, "execute[#{rails_directory}/lib/quad_tile/Makefile]" - end - - execute "#{rails_directory}/lib/quad_tile/Makefile" do - action :nothing - command "make" - cwd "#{rails_directory}/lib/quad_tile" - user new_resource.user - group new_resource.group - notifies :run, "execute[#{rails_directory}]" - end - execute rails_directory do action :nothing command "passenger-config restart-app --ignore-app-not-running #{rails_directory}" diff --git a/cookbooks/wordpress/recipes/default.rb b/cookbooks/wordpress/recipes/default.rb index 83082aa93..8a48e8863 100644 --- a/cookbooks/wordpress/recipes/default.rb +++ b/cookbooks/wordpress/recipes/default.rb @@ -26,7 +26,7 @@ package %w[ php-mysql ] -apache_module "php7.0" +apache_module "php7.2" apache_module "rewrite" fail2ban_filter "wordpress" do diff --git a/cookbooks/xinetd/.foodcritic b/cookbooks/xinetd/.foodcritic deleted file mode 100644 index 0c118ec61..000000000 --- a/cookbooks/xinetd/.foodcritic +++ /dev/null @@ -1,5 +0,0 @@ -~FC001 -~FC064 -~FC065 -~FC066 -~FC071 diff --git a/cookbooks/xinetd/README.md b/cookbooks/xinetd/README.md deleted file mode 100644 index f2dfdc58c..000000000 --- a/cookbooks/xinetd/README.md +++ /dev/null @@ -1,5 +0,0 @@ -# xinetd cookbook - -This cookbook installs and manages the -[xinetd](https://en.wikipedia.org/wiki/Xinetd) service, which acts as -an internet daemon. diff --git a/cookbooks/xinetd/metadata.rb b/cookbooks/xinetd/metadata.rb deleted file mode 100644 index 2b1e6e440..000000000 --- a/cookbooks/xinetd/metadata.rb +++ /dev/null @@ -1,8 +0,0 @@ -name "xinetd" -maintainer "OpenStreetMap Administrators" -maintainer_email "admins@openstreetmap.org" -license "Apache-2.0" -description "Configures xinetd" -long_description IO.read(File.join(File.dirname(__FILE__), "README.md")) -version "1.0.0" -supports "ubuntu" diff --git a/cookbooks/xinetd/recipes/default.rb b/cookbooks/xinetd/recipes/default.rb deleted file mode 100644 index 5926fd90c..000000000 --- a/cookbooks/xinetd/recipes/default.rb +++ /dev/null @@ -1,25 +0,0 @@ -# -# Cookbook Name:: xinetd -# Recipe:: default -# -# Copyright 2013, OpenStreetMap Foundation -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -package "xinetd" - -service "xinetd" do - action [:enable, :start] - supports :status => true, :reload => true, :restart => true -end diff --git a/cookbooks/yournavigation/recipes/default.rb b/cookbooks/yournavigation/recipes/default.rb index 3dcf3d005..c3b249a5e 100644 --- a/cookbooks/yournavigation/recipes/default.rb +++ b/cookbooks/yournavigation/recipes/default.rb @@ -36,7 +36,7 @@ package %w[ subversion libcurl4-gnutls-dev libgps-dev - libcurl3 + libcurl4 buffer git cmake @@ -46,4 +46,4 @@ package %w[ libicu-dev ] -apache_module "php7.0" +apache_module "php7.2" diff --git a/roles/ascalon.rb b/roles/ascalon.rb index 073bdcb2f..8bb55527c 100644 --- a/roles/ascalon.rb +++ b/roles/ascalon.rb @@ -15,8 +15,9 @@ default_attributes( } }, :squid => { + :version => "3", :cache_mem => "16000 MB", - :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + :cache_dir => "rock /store/squid/rock-01 128000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144" }, :tilecache => { :tile_parent => "montreal.render.openstreetmap.org", diff --git a/roles/chef-repository.rb b/roles/chef-repository.rb index d551353d0..511291426 100644 --- a/roles/chef-repository.rb +++ b/roles/chef-repository.rb @@ -25,7 +25,8 @@ default_attributes( } }, :chef => { - :repository => "/var/lib/git/chef.git" + :public_repository => "/var/lib/git/public/chef.git", + :private_repository => "/var/lib/git/private/chef.git" } ) diff --git a/roles/culebre.rb b/roles/culebre.rb index 954adeb78..99039aeb2 100644 --- a/roles/culebre.rb +++ b/roles/culebre.rb @@ -22,8 +22,9 @@ default_attributes( } }, :squid => { + :version => "3", :cache_mem => "6100 MB", - :cache_dir => "coss /store/squid/coss-01 80000 block-size=8192 max-size=262144 membufs=80" + :cache_dir => "rock /store/squid/rock-01 80000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144" }, :tilecache => { :tile_parent => "zaragoza.render.openstreetmap.org", diff --git a/roles/dev.rb b/roles/dev.rb index 2f09630ab..b66308426 100644 --- a/roles/dev.rb +++ b/roles/dev.rb @@ -101,7 +101,7 @@ default_attributes( :dev => { :rails => { :master => { - :repository => "git://git.openstreetmap.org/rails.git", + :repository => "https://git.openstreetmap.org/public/rails.git", :revision => "master", :aliases => ["api06.dev.openstreetmap.org"] }, @@ -117,10 +117,6 @@ default_attributes( :repository => "git://github.com/ukasiu/openstreetmap-website.git", :revision => "comments_list" }, - :moderation => { - :repository => "git://github.com/gravitystorm/openstreetmap-website.git", - :revision => "moderation" - }, :locale => { :repository => "git://github.com/tomhughes/openstreetmap-website.git", :revision => "locale" diff --git a/roles/dns.rb b/roles/dns.rb index 7a5e5a46a..25ac17f00 100644 --- a/roles/dns.rb +++ b/roles/dns.rb @@ -3,7 +3,7 @@ description "Role applied to DNS management servers" default_attributes( :dns => { - :repository => "/var/lib/git/dns.git" + :repository => "/var/lib/git/public/dns.git" } ) diff --git a/roles/git.rb b/roles/git.rb index 09b95cbf1..31ad54036 100644 --- a/roles/git.rb +++ b/roles/git.rb @@ -4,6 +4,10 @@ description "Role applied to all git servers" default_attributes( :accounts => { :users => { + :bretth => { + :status => :user, + :shell => "/usr/bin/git-shell" + }, :lonvia => { :status => :user, :shell => "/usr/bin/git-shell" @@ -20,8 +24,7 @@ default_attributes( }, :git => { :host => "git.openstreetmap.org", - :aliases => ["git.osm.org"], - :backup => "git" + :aliases => ["git.osm.org"] } ) diff --git a/roles/gps-tile.rb b/roles/gps-tile.rb index c699693ef..285d461de 100644 --- a/roles/gps-tile.rb +++ b/roles/gps-tile.rb @@ -10,6 +10,17 @@ default_attributes( :members => [:enf, :tomh] } } + }, + :apache => { + :mpm => "event", + :event => { + :server_limit => 20, + :max_request_workers => 1000, + :threads_per_child => 50, + :min_spare_threads => 50, + :max_spare_threads => 450, + :async_request_worker_factor => 4 + } } ) diff --git a/roles/ironbelly.rb b/roles/ironbelly.rb index ab306c6a2..38bc9edb8 100644 --- a/roles/ironbelly.rb +++ b/roles/ironbelly.rb @@ -22,12 +22,6 @@ default_attributes( :data => "/store/elasticsearch" } }, - :git => { - :allowed_nodes => "fqdn:*", - :user => "chefrepo", - :group => "chefrepo", - :backup => "chef-git" - }, :networking => { :interfaces => { :internal_ipv4 => { @@ -126,8 +120,6 @@ default_attributes( run_list( "role[ic]", "role[gateway]", - "role[chef-server]", - "role[chef-repository]", "role[web-storage]", "role[supybot]", "role[backup]", @@ -135,10 +127,7 @@ run_list( "role[planet]", "role[planetdump]", "role[logstash]", - "role[letsencrypt]", "recipe[rsyncd]", "recipe[openvpn]", - "recipe[git::server]", - "recipe[tilelog]", - "recipe[serverinfo]" + "recipe[tilelog]" ) diff --git a/roles/jakelong.rb b/roles/jakelong.rb index abe8d31bb..91dd691b7 100644 --- a/roles/jakelong.rb +++ b/roles/jakelong.rb @@ -23,8 +23,9 @@ default_attributes( } }, :squid => { - :cache_mem => "400 MB", - :cache_dir => "coss /store/squid/coss-01 7500 block-size=8192 max-size=262144 membufs=30" + :version => 3, + :cache_mem => "350 MB", + :cache_dir => "rock /store/squid/rock-01 7500 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144" }, :sysctl => { :kvm => { diff --git a/roles/odin.rb b/roles/odin.rb index aa5700e32..ef9b02cd4 100644 --- a/roles/odin.rb +++ b/roles/odin.rb @@ -30,8 +30,9 @@ default_attributes( } }, :squid => { + :version => "3", :cache_mem => "14000 MB", - :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + :cache_dir => "rock /store/squid/rock-01 128000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144" }, :tilecache => { :tile_parent => "aalborg.render.openstreetmap.org", diff --git a/roles/otrs.rb b/roles/otrs.rb index 5e24b4df3..19d630771 100644 --- a/roles/otrs.rb +++ b/roles/otrs.rb @@ -46,13 +46,13 @@ default_attributes( }, :otrs => { :site => "otrs.openstreetmap.org", - :database_cluster => "9.5/main", + :database_cluster => "10/main", :database_name => "otrs", :database_user => "otrs", :database_password => "otrs" }, :postgresql => { - :versions => ["9.5"] + :versions => ["10"] } ) diff --git a/roles/ridgeback.rb b/roles/ridgeback.rb index a19f77c07..5074bafdd 100644 --- a/roles/ridgeback.rb +++ b/roles/ridgeback.rb @@ -46,8 +46,9 @@ default_attributes( } }, :squid => { + :version => "3", :cache_mem => "5500 MB", - :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + :cache_dir => "rock /store/squid/rock-01 128000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144" }, :tilecache => { :tile_parent => "oslo.render.openstreetmap.org", diff --git a/roles/sarel.rb b/roles/sarel.rb index aab567bd8..b535374d7 100644 --- a/roles/sarel.rb +++ b/roles/sarel.rb @@ -2,6 +2,11 @@ name "sarel" description "Master role applied to sarel" default_attributes( + :git => { + :private_user => "chefrepo", + :private_group => "chefrepo", + :private_nodes => "fqdn:*" + }, :networking => { :interfaces => { :internal_ipv4 => { @@ -23,5 +28,11 @@ default_attributes( run_list( "role[ucl]", "role[hp-g5]", - "role[yournavigation]" + "role[yournavigation]", + "role[chef-server]", + "role[chef-repository]", + "role[letsencrypt]", + "role[git]", + "role[dns]", + "recipe[serverinfo]" ) diff --git a/roles/shenron.rb b/roles/shenron.rb index 42d25d9d0..9009c0824 100644 --- a/roles/shenron.rb +++ b/roles/shenron.rb @@ -2,14 +2,6 @@ name "shenron" description "Master role applied to shenron" default_attributes( - :accounts => { - :users => { - :bretth => { - :status => :user, - :shell => "/usr/bin/git-shell" - } - } - }, :apache => { :mpm => "event", :event => { @@ -69,14 +61,11 @@ run_list( "role[bytemark]", "role[mail]", "role[lists]", - "role[git]", "role[subversion]", "role[trac]", "role[osqa]", "role[irc]", - "role[dns]", "role[geodns]", - "role[chef-repository]", "recipe[blogs]", "recipe[openvpn]" ) diff --git a/roles/taginfo.rb b/roles/taginfo.rb index 5697e2df5..d5ba812a9 100644 --- a/roles/taginfo.rb +++ b/roles/taginfo.rb @@ -28,6 +28,7 @@ default_attributes( :sites => [ { :name => "taginfo.openstreetmap.org", + :aliases => ["taginfo.osm.org"], :description => "This is the main taginfo site. It contains OSM data for the whole planet and is updated daily.", :about => "

This site is run by the OSMF and maintained by Jochen Topf and the Sysadmin team.

Several other taginfo sites are operated by different people for different areas of the world.

", :icon => "world", diff --git a/roles/trogdor.rb b/roles/trogdor.rb index 8119fc03c..f4fd327d1 100644 --- a/roles/trogdor.rb +++ b/roles/trogdor.rb @@ -26,8 +26,9 @@ default_attributes( } }, :squid => { + :version => "3", :cache_mem => "6400 MB", - :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + :cache_dir => "rock /store/squid/rock-01 128000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144" }, :tilecache => { :tile_parent => "amsterdam.render.openstreetmap.org",