From: Tom Hughes
Date: Mon, 25 Jun 2018 14:20:51 +0000 (+0100)
Subject: Merge remote-tracking branch 'github/pull/165'
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/93c098cdc4f22b1fe69ecd88b3ac2d2b211780ff?hp=3feb33419e23d647bec027ce1b632416e1194b52
Merge remote-tracking branch 'github/pull/165'
---
diff --git a/cookbooks/accounts/files/default/tomh/.zshrc b/cookbooks/accounts/files/default/tomh/.zshrc
index 965787999..20211c3c8 100644
--- a/cookbooks/accounts/files/default/tomh/.zshrc
+++ b/cookbooks/accounts/files/default/tomh/.zshrc
@@ -53,7 +53,7 @@ PATH=".:${HOME}/bin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin"
# Setup a pager
PAGER="less"; export PAGER
-LESS="aceiMs"; export LESS
+LESS="aceiMRs"; export LESS
# Use vi for editing
EDITOR=/usr/bin/vi; export EDITOR
diff --git a/cookbooks/apache/recipes/default.rb b/cookbooks/apache/recipes/default.rb
index bbd15a9d3..bc0410fd3 100644
--- a/cookbooks/apache/recipes/default.rb
+++ b/cookbooks/apache/recipes/default.rb
@@ -25,17 +25,21 @@ package %w[
]
%w[event itk prefork worker].each do |mpm|
- if mpm == node[:apache][:mpm]
- apache_module "mpm_#{mpm}" do
- action [:enable]
- end
- else
- apache_module "mpm_#{mpm}" do
- action [:disable]
- end
+ next if mpm == node[:apache][:mpm]
+
+ apache_module "mpm_#{mpm}" do
+ action [:disable]
end
end
+apache_module "mpm_#{node[:apache][:mpm]}" do
+ action [:enable]
+end
+
+if node[:lsb][:release].to_f >= 18.04
+ apache_module "http2"
+end
+
admins = data_bag_item("apache", "admins")
apache_conf "httpd" do
diff --git a/cookbooks/apache/templates/default/httpd.conf.erb b/cookbooks/apache/templates/default/httpd.conf.erb
index add175aa2..ded019d93 100644
--- a/cookbooks/apache/templates/default/httpd.conf.erb
+++ b/cookbooks/apache/templates/default/httpd.conf.erb
@@ -1,5 +1,10 @@
# DO NOT EDIT - This file is being maintained by Chef
+<% if node[:lsb][:release].to_f >= 18.04 -%>
+# Enable HTTP/2 over TLS
+Protocols h2 http/1.1
+
+<% end -%>
# Set the number of seconds before receives and sends time out
Timeout <%= node[:apache][:timeout] %>
diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb
index 3cc26880e..24b425e8a 100644
--- a/cookbooks/apt/recipes/default.rb
+++ b/cookbooks/apt/recipes/default.rb
@@ -20,10 +20,13 @@
package %w[
apt
apt-transport-https
- gnupg-curl
update-notifier-common
]
+if node[:lsb][:release].to_f < 18.04
+ package "gnupg-curl"
+end
+
file "/etc/motd.tail" do
action :delete
end
diff --git a/cookbooks/apt/templates/default/hp.list.erb b/cookbooks/apt/templates/default/hp.list.erb
index 42f7a037f..f76d66efb 100644
--- a/cookbooks/apt/templates/default/hp.list.erb
+++ b/cookbooks/apt/templates/default/hp.list.erb
@@ -1,3 +1,7 @@
# DO NOT EDIT - This file is being maintained by Chef
+<% if node[:lsb][:release].to_f >= 16.04 -%>
+deb <%= @url %> xenial/current non-free
+<% else -%>
deb <%= @url %> trusty/current non-free
+<% end -%>
diff --git a/cookbooks/bind/templates/default/db.10.erb b/cookbooks/bind/templates/default/db.10.erb
index 98eef8af5..2c1e5e5d9 100644
--- a/cookbooks/bind/templates/default/db.10.erb
+++ b/cookbooks/bind/templates/default/db.10.erb
@@ -2,11 +2,11 @@
$TTL 604800
@ IN SOA <%= node[:fdqn] %>. root.openstreetmap.org. (
- 2012100902 ; Serial
- 604800 ; Refresh
- 86400 ; Retry
- 2419200 ; Expire
- 604800 ) ; Negative Cache TTL
+ 2018062401 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Negative Cache TTL
@ IN NS <%= node[:fdqn] %>.
@@ -16,24 +16,68 @@ $TTL 604800
7.0.0 IN PTR faffy.ucl.openstreetmap.org.
8.0.0 IN PTR zark.ucl.openstreetmap.org.
9.0.0 IN PTR eustace.ucl.openstreetmap.org.
+10.0.0 IN PTR eddie.ucl.openstreetmap.org.
11.0.0 IN PTR draco.ucl.openstreetmap.org.
12.0.0 IN PTR sarel.ucl.openstreetmap.org.
+13.0.0 IN PTR noquiklos.ucl.openstreetmap.org.
14.0.0 IN PTR errol.ucl.openstreetmap.org.
15.0.0 IN PTR yevaud.ucl.openstreetmap.org.
+17.0.0 IN PTR clifford.ucl.openstreetmap.org.
+19.0.0 IN PTR grindtooth.ucl.openstreetmap.org.
+20.0.0 IN PTR pummelzacken.ucl.openstreetmap.org.
+40.0.0 IN PTR tiamat-00.ucl.openstreetmap.org.
+41.0.0 IN PTR tiamat-01.ucl.openstreetmap.org.
+42.0.0 IN PTR tiamat-02.ucl.openstreetmap.org.
+43.0.0 IN PTR tiamat-03.ucl.openstreetmap.org.
+44.0.0 IN PTR tiamat-10.ucl.openstreetmap.org.
+45.0.0 IN PTR tiamat-11.ucl.openstreetmap.org.
+46.0.0 IN PTR tiamat-12.ucl.openstreetmap.org.
+47.0.0 IN PTR tiamat-13.ucl.openstreetmap.org.
+48.0.0 IN PTR tiamat-20.ucl.openstreetmap.org.
+49.0.0 IN PTR tiamat-21.ucl.openstreetmap.org.
+50.0.0 IN PTR tiamat-22.ucl.openstreetmap.org.
+51.0.0 IN PTR tiamat-23.ucl.openstreetmap.org.
-49.0.0 IN PTR apc1.ucl.openstreetmap.org.
-50.0.0 IN PTR apc2.ucl.openstreetmap.org.
-51.0.0 IN PTR apc3.ucl.openstreetmap.org.
-
+3.1.0 IN PTR ridley.oob.openstreetmap.org.
5.1.0 IN PTR norbert.oob.openstreetmap.org.
6.1.0 IN PTR urmel.oob.openstreetmap.org.
-7.1.0 IN PTR faffy.oob.openstreetmap.org.
-8.1.0 IN PTR soup.oob.openstreetmap.org.
+8.1.0 IN PTR zark.oob.openstreetmap.org.
9.1.0 IN PTR eustace.oob.openstreetmap.org.
+10.1.0 IN PTR eddie.oob.openstreetmap.org.
11.1.0 IN PTR draco.oob.openstreetmap.org.
12.1.0 IN PTR sarel.oob.openstreetmap.org.
+13.1.0 IN PTR noquiklos.oob.openstreetmap.org.
14.1.0 IN PTR errol.oob.openstreetmap.org.
15.1.0 IN PTR yevaud.oob.openstreetmap.org.
+17.1.0 IN PTR clifford.oob.openstreetmap.org.
+19.1.0 IN PTR grindtooth.oob.openstreetmap.org.
+20.1.0 IN PTR pummelzacken.oob.openstreetmap.org.
+40.1.0 IN PTR tiamat-00.oob.openstreetmap.org.
+41.1.0 IN PTR tiamat-01.oob.openstreetmap.org.
+42.1.0 IN PTR tiamat-02.oob.openstreetmap.org.
+43.1.0 IN PTR tiamat-03.oob.openstreetmap.org.
+44.1.0 IN PTR tiamat-10.oob.openstreetmap.org.
+45.1.0 IN PTR tiamat-11.oob.openstreetmap.org.
+46.1.0 IN PTR tiamat-12.oob.openstreetmap.org.
+47.1.0 IN PTR tiamat-13.oob.openstreetmap.org.
+48.1.0 IN PTR tiamat-20.oob.openstreetmap.org.
+49.1.0 IN PTR tiamat-21.oob.openstreetmap.org.
+50.1.0 IN PTR tiamat-22.oob.openstreetmap.org.
+51.1.0 IN PTR tiamat-23.oob.openstreetmap.org.
+
+2.16.0 IN PTR orm.bm.openstreetmap.org.
+3.16.0 IN PTR shenron.bm.openstreetmap.org.
+
+20.32.0 IN PTR grisu.bm.openstreetmap.org.
+21.32.0 IN PTR spike-04.bm.openstreetmap.org.
+22.32.0 IN PTR spike-05.bm.openstreetmap.org.
+40.32.0 IN PTR katla.bm.openstreetmap.org.
+41.32.0 IN PTR thorn-04.bm.openstreetmap.org.
+42.32.0 IN PTR thorn-05.bm.openstreetmap.org.
-251.0.0 IN PTR shenron.internal.openstreetmap.org.
-252.0.0 IN PTR konqi.internal.openstreetmap.org.
+20.33.0 IN PTR grisu.oob.openstreetmap.org.
+21.33.0 IN PTR spike-04.oob.openstreetmap.org.
+22.33.0 IN PTR spike-05.oob.openstreetmap.org.
+40.33.0 IN PTR katla.oob.openstreetmap.org.
+41.33.0 IN PTR thorn-04.oob.openstreetmap.org.
+42.33.0 IN PTR thorn-05.oob.openstreetmap.org.
diff --git a/cookbooks/blog/recipes/default.rb b/cookbooks/blog/recipes/default.rb
index 8c65a36af..8827bdbd3 100644
--- a/cookbooks/blog/recipes/default.rb
+++ b/cookbooks/blog/recipes/default.rb
@@ -64,7 +64,7 @@ end
wordpress_plugin "blog.openstreetmap.org-sitepress-multilingual-cms" do
plugin "sitepress-multilingual-cms"
site "blog.openstreetmap.org"
- repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git"
+ repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
end
wordpress_plugin "blog.openstreetmap.org-wordpress-importer" do
diff --git a/cookbooks/chef/attributes/default.rb b/cookbooks/chef/attributes/default.rb
index d071da000..4291f2a9c 100644
--- a/cookbooks/chef/attributes/default.rb
+++ b/cookbooks/chef/attributes/default.rb
@@ -2,7 +2,7 @@
default[:apt][:sources] = node[:apt][:sources] | ["opscode"]
# Set the default server version
-default[:chef][:server][:version] = "12.13.0-1"
+default[:chef][:server][:version] = "12.17.33"
# Set the default client version
-default[:chef][:client][:version] = "13.8.5"
+default[:chef][:client][:version] = "13.9.4"
diff --git a/cookbooks/chef/recipes/repository.rb b/cookbooks/chef/recipes/repository.rb
index 02dc09365..a358e78e2 100644
--- a/cookbooks/chef/recipes/repository.rb
+++ b/cookbooks/chef/recipes/repository.rb
@@ -27,44 +27,42 @@ directory "/var/lib/chef" do
mode 0o2775
end
-git "/var/lib/chef" do
- action :checkout
- repository node[:chef][:repository]
- revision "master"
- user "chefrepo"
- group "chefrepo"
-end
+%w[public private].each do |repository|
+ repository_directory = node[:chef][:"#{repository}_repository"]
-directory "/var/lib/chef/.chef" do
- owner "chefrepo"
- group "chefrepo"
- mode 0o2775
-end
+ git "/var/lib/chef/#{repository}" do
+ action :checkout
+ repository repository_directory
+ revision "master"
+ user "chefrepo"
+ group "chefrepo"
+ end
-file "/var/lib/chef/.chef/client.pem" do
- content keys["git"].join("\n")
- owner "chefrepo"
- group "chefrepo"
- mode 0o660
-end
+ directory "/var/lib/chef/#{repository}/.chef" do
+ owner "chefrepo"
+ group "chefrepo"
+ mode 0o2775
+ end
-cookbook_file "/var/lib/chef/.chef/knife.rb" do
- source "knife.rb"
- owner "chefrepo"
- group "chefrepo"
- mode 0o660
-end
+ file "/var/lib/chef/#{repository}/.chef/client.pem" do
+ content keys["git"].join("\n")
+ owner "chefrepo"
+ group "chefrepo"
+ mode 0o660
+ end
-template "#{node[:chef][:repository]}/hooks/post-receive" do
- source "post-receive.erb"
- owner "chefrepo"
- group "chefrepo"
- mode 0o750
-end
+ cookbook_file "/var/lib/chef/#{repository}/.chef/knife.rb" do
+ source "knife.rb"
+ owner "chefrepo"
+ group "chefrepo"
+ mode 0o660
+ end
-template "/etc/cron.daily/chef-repository-backup" do
- source "repository-backup.cron.erb"
- owner "root"
- group "root"
- mode 0o755
+ template "#{repository_directory}/hooks/post-receive" do
+ source "post-receive.erb"
+ owner "chefrepo"
+ group "chefrepo"
+ mode 0o750
+ variables :repository => repository
+ end
end
diff --git a/cookbooks/chef/recipes/server.rb b/cookbooks/chef/recipes/server.rb
index 549123916..12c43840a 100644
--- a/cookbooks/chef/recipes/server.rb
+++ b/cookbooks/chef/recipes/server.rb
@@ -19,7 +19,8 @@
include_recipe "apache"
-# chef_package = "chef-server-core_#{node[:chef][:server][:version]}_amd64.deb"
+# chef_version = node[:chef][:server][:version]
+# chef_package = "chef-server-core_#{chef_version}-1_amd64.deb"
#
# directory "/var/cache/chef" do
# owner "root"
@@ -37,7 +38,7 @@ include_recipe "apache"
# end
#
# remote_file "/var/cache/chef/#{chef_package}" do
-# source "https://web-dl.packagecloud.io/chef/stable/packages/ubuntu/#{node[:lsb][:codename]}/#{chef_package}"
+# source "https://packages.chef.io/files/stable/chef-server/#{chef_version}/ubuntu/16.04/#{chef_package}"
# owner "root"
# group "root"
# mode 0644
@@ -46,7 +47,7 @@ include_recipe "apache"
#
# dpkg_package "chef-server-core" do
# source "/var/cache/chef/#{chef_package}"
-# version node[:chef][:server][:version]
+# version "#{chef_version}-1"
# notifies :run, "execute[chef-server-reconfigure]"
# end
diff --git a/cookbooks/chef/templates/default/apache.erb b/cookbooks/chef/templates/default/apache.erb
index 88684b82c..9d86d910e 100644
--- a/cookbooks/chef/templates/default/apache.erb
+++ b/cookbooks/chef/templates/default/apache.erb
@@ -24,6 +24,7 @@
SSLCertificateFile /etc/ssl/certs/chef.openstreetmap.org.pem
SSLCertificateKeyFile /etc/ssl/private/chef.openstreetmap.org.key
+ ProxyPassMatch ^/.*\.git/ !
ProxyPass / https://<%= node[:fqdn] %>:4443/
ProxyPreserveHost on
diff --git a/cookbooks/chef/templates/default/post-receive.erb b/cookbooks/chef/templates/default/post-receive.erb
index 58646ff1a..b402265c1 100644
--- a/cookbooks/chef/templates/default/post-receive.erb
+++ b/cookbooks/chef/templates/default/post-receive.erb
@@ -9,7 +9,7 @@ while read oldrev newrev refname
do
if [[ "$refname" = "refs/heads/master" ]]
then
- cd /var/lib/chef
+ cd /var/lib/chef/<%= @repository %>
rm -f cookbooks/*/metadata.json(N)
diff --git a/cookbooks/chef/templates/default/repository-backup.cron.erb b/cookbooks/chef/templates/default/repository-backup.cron.erb
deleted file mode 100644
index f82e7b227..000000000
--- a/cookbooks/chef/templates/default/repository-backup.cron.erb
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-
-T=$(mktemp -d -t -p /var/tmp chef-repository.XXXXXXXXXX)
-D=$(date +%Y-%m-%d)
-B=chef-repository-$D.tar.gz
-
-ln -s /var/lib/git/chef.git $T/chef-repository-$D
-
-export GZIP="--rsyncable -9"
-
-nice tar --create --gzip --dereference --directory=$T --file=$T/$B chef-repository-$D
-nice rsync --preallocate --fuzzy $T/$B backup::backup
-
-rm -rf $T
diff --git a/cookbooks/civicrm/attributes/default.rb b/cookbooks/civicrm/attributes/default.rb
index c9adbab68..1424e240f 100644
--- a/cookbooks/civicrm/attributes/default.rb
+++ b/cookbooks/civicrm/attributes/default.rb
@@ -1,4 +1,4 @@
-default[:civicrm][:version] = "4.7.31"
+default[:civicrm][:version] = "5.2.1"
default[:civicrm][:extensions][:cividiscount][:name] = "org.civicrm.module.cividiscount"
default[:civicrm][:extensions][:cividiscount][:repository] = "git://github.com/dlobo/org.civicrm.module.cividiscount.git"
diff --git a/cookbooks/civicrm/recipes/default.rb b/cookbooks/civicrm/recipes/default.rb
index 1cfc733da..ed8f51f42 100644
--- a/cookbooks/civicrm/recipes/default.rb
+++ b/cookbooks/civicrm/recipes/default.rb
@@ -53,7 +53,7 @@ end
wordpress_plugin "sitepress-multilingual-cms" do
site "join.osmfoundation.org"
- repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git"
+ repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
end
wordpress_plugin "contact-form-7" do
diff --git a/cookbooks/db/recipes/base.rb b/cookbooks/db/recipes/base.rb
index e91875819..2a509f130 100644
--- a/cookbooks/db/recipes/base.rb
+++ b/cookbooks/db/recipes/base.rb
@@ -39,7 +39,7 @@ rails_port "www.openstreetmap.org" do
directory "/srv/www.openstreetmap.org/rails"
user "rails"
group "rails"
- repository "git://git.openstreetmap.org/rails.git"
+ repository "https://git.openstreetmap.org/public/rails.git"
revision "live"
database_host "localhost"
database_name "openstreetmap"
diff --git a/cookbooks/db/recipes/master.rb b/cookbooks/db/recipes/master.rb
index 9b5a0ab5f..3fcdd7f15 100644
--- a/cookbooks/db/recipes/master.rb
+++ b/cookbooks/db/recipes/master.rb
@@ -83,9 +83,6 @@ postgresql_extension "btree_gist" do
only_if { node[:postgresql][:clusters][node[:db][:cluster]] && node[:postgresql][:clusters][node[:db][:cluster]][:version] >= 9.0 }
end
-template "/etc/cron.daily/rails-db" do
- source "cron.erb"
- owner "root"
- group "root"
- mode 0o755
+file "/etc/cron.daily/rails-db" do
+ action :delete
end
diff --git a/cookbooks/db/templates/default/cron.erb b/cookbooks/db/templates/default/cron.erb
deleted file mode 100644
index 7ff61cff3..000000000
--- a/cookbooks/db/templates/default/cron.erb
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-
-# Cleanup archive directory - keep 2 weeks of WALs
-find -L /store/postgresql/archive -mtime +14 -print0 | xargs -0r rm
diff --git a/cookbooks/dhcpd/templates/default/dhcpd.conf.erb b/cookbooks/dhcpd/templates/default/dhcpd.conf.erb
index d57fd109d..53b568672 100644
--- a/cookbooks/dhcpd/templates/default/dhcpd.conf.erb
+++ b/cookbooks/dhcpd/templates/default/dhcpd.conf.erb
@@ -14,24 +14,6 @@ subnet <%= interface[:network] %> netmask <%= interface[:netmask] %> {
}
<% end -%>
-host apc1.<%= @domain %> {
- hardware ethernet 00:c0:b7:77:f3:d8;
- server-name "apc1.<%= @domain %>";
- fixed-address apc1.<%= @domain %>;
-}
-
-host apc2.<%= @domain %> {
- hardware ethernet 00:c0:b7:52:b7:d2;
- server-name "apc2.<%= @domain %>";
- fixed-address apc2.<%= @domain %>;
-}
-
-host apc3.<%= @domain %> {
- hardware ethernet 00:c0:b7:52:b9:1e;
- server-name "apc3.<%= @domain %>";
- fixed-address apc3.<%= @domain %>;
-}
-
host ascalon.oob.openstreetmap.org {
hardware ethernet 00:19:bb:39:3c:64;
server-name "ascalon.oob.openstreetmap.org";
diff --git a/cookbooks/dns/templates/default/dns-update.erb b/cookbooks/dns/templates/default/dns-update.erb
index 162e7875e..93d2e1ee3 100755
--- a/cookbooks/dns/templates/default/dns-update.erb
+++ b/cookbooks/dns/templates/default/dns-update.erb
@@ -14,7 +14,7 @@ cd /var/lib/dns
if [ ! -d .git ]
then
- git clone /var/lib/git/dns.git /var/lib/dns
+ git clone /var/lib/git/public/dns.git /var/lib/dns
fi
git pull -q
diff --git a/cookbooks/donate/recipes/default.rb b/cookbooks/donate/recipes/default.rb
index 1ed524762..b84b198c9 100644
--- a/cookbooks/donate/recipes/default.rb
+++ b/cookbooks/donate/recipes/default.rb
@@ -29,7 +29,7 @@ package %w[
php-gd
]
-apache_module "php7.0"
+apache_module "php7.2"
apache_module "headers"
diff --git a/cookbooks/forum/recipes/default.rb b/cookbooks/forum/recipes/default.rb
index 395f2ce39..3e2b97d8e 100644
--- a/cookbooks/forum/recipes/default.rb
+++ b/cookbooks/forum/recipes/default.rb
@@ -30,7 +30,7 @@ package %w[
php-apcu
]
-apache_module "php7.0"
+apache_module "php7.2"
apache_module "rewrite"
ssl_certificate "forum.openstreetmap.org" do
diff --git a/cookbooks/git/attributes/default.rb b/cookbooks/git/attributes/default.rb
index ebb2bd736..2d89a83de 100644
--- a/cookbooks/git/attributes/default.rb
+++ b/cookbooks/git/attributes/default.rb
@@ -1,3 +1,5 @@
default[:git][:directory] = "/var/lib/git"
-default[:git][:user] = "git"
-default[:git][:group] = "git"
+default[:git][:public_user] = "git"
+default[:git][:public_group] = "git"
+default[:git][:private_user] = "git"
+default[:git][:private_group] = "git"
diff --git a/cookbooks/git/metadata.rb b/cookbooks/git/metadata.rb
index 704f32750..8cf7f9a48 100644
--- a/cookbooks/git/metadata.rb
+++ b/cookbooks/git/metadata.rb
@@ -6,6 +6,5 @@ description "Installs and configures git"
long_description IO.read(File.join(File.dirname(__FILE__), "README.md"))
version "1.0.0"
supports "ubuntu"
-depends "networking"
-depends "xinetd"
depends "apache"
+depends "networking"
diff --git a/cookbooks/git/recipes/default.rb b/cookbooks/git/recipes/default.rb
index 7d9cd1921..b2ea55526 100644
--- a/cookbooks/git/recipes/default.rb
+++ b/cookbooks/git/recipes/default.rb
@@ -17,4 +17,4 @@
# limitations under the License.
#
-package "git-core"
+package "git"
diff --git a/cookbooks/git/recipes/server.rb b/cookbooks/git/recipes/server.rb
index 1d308bf29..81b16952f 100644
--- a/cookbooks/git/recipes/server.rb
+++ b/cookbooks/git/recipes/server.rb
@@ -18,58 +18,34 @@
#
include_recipe "networking"
-include_recipe "xinetd"
git_directory = node[:git][:directory]
directory git_directory do
- owner node[:git][:user]
- group node[:git][:group]
+ owner "root"
+ group "root"
+ mode 0o775
+end
+
+directory "#{git_directory}/public" do
+ owner node[:git][:public_user]
+ group node[:git][:public_group]
mode 0o2775
end
-if node[:git][:allowed_nodes]
- search(:node, node[:git][:allowed_nodes]).sort_by { |n| n[:fqdn] }.each do |n|
- n.interfaces(:role => :external).each do |interface|
- firewall_rule "accept-git" do
- action :accept
- family interface[:family]
- source "#{interface[:zone]}:#{interface[:address]}"
- dest "fw"
- proto "tcp:syn"
- dest_ports "git"
- source_ports "1024:"
- end
- end
- end
-else
- firewall_rule "accept-git" do
- action :accept
- source "net"
- dest "fw"
- proto "tcp:syn"
- dest_ports "git"
- source_ports "1024:"
- end
+directory "#{git_directory}/private" do
+ owner node[:git][:private_user]
+ group node[:git][:private_group]
+ mode 0o2775
end
-Dir.new(git_directory).select { |name| name =~ /\.git$/ }.each do |repository|
- template "#{git_directory}/#{repository}/hooks/post-update" do
+Dir.glob("#{git_directory}/*/*.git").each do |repository|
+ template "#{repository}/hooks/post-update" do
source "post-update.erb"
owner "root"
group node[:git][:group]
mode 0o755
end
-
- next unless node[:recipes].include?("trac") && repository != "dns.git" && repository != "chef.git"
-
- template "#{git_directory}/#{repository}/hooks/post-receive" do
- source "post-receive.erb"
- owner "root"
- group node[:git][:group]
- mode 0o755
- variables :repository => "#{git_directory}/#{repository}"
- end
end
template "/etc/cron.daily/git-backup" do
@@ -78,11 +54,3 @@ template "/etc/cron.daily/git-backup" do
group "root"
mode 0o755
end
-
-template "/etc/xinetd.d/git" do
- source "xinetd.erb"
- owner "root"
- group "root"
- mode 0o644
- notifies :reload, "service[xinetd]"
-end
diff --git a/cookbooks/git/recipes/web.rb b/cookbooks/git/recipes/web.rb
index 0d840bbbd..65333eff0 100644
--- a/cookbooks/git/recipes/web.rb
+++ b/cookbooks/git/recipes/web.rb
@@ -23,7 +23,7 @@ package "gitweb"
apache_module "rewrite"
-git_directory = node[:git][:directory]
+git_site = node[:git][:host]
template "/etc/gitweb.conf" do
source "gitweb.conf.erb"
@@ -32,20 +32,31 @@ template "/etc/gitweb.conf" do
mode 0o644
end
-ssl_certificate node[:git][:host] do
- domains [node[:git][:host]] + Array(node[:git][:aliases])
- notifies :reload, "service[apache2]"
-end
-
-apache_site node[:git][:host] do
- template "apache.erb"
- directory git_directory
- variables :aliases => Array(node[:git][:aliases])
+directory "/srv/#{git_site}" do
+ owner "root"
+ group "root"
+ mode 0o755
end
-template "#{git_directory}/robots.txt" do
+template "/srv/#{git_site}/robots.txt" do
source "robots.txt.erb"
owner "root"
group "root"
mode 0o644
end
+
+ssl_certificate git_site do
+ domains [git_site] + Array(node[:git][:aliases])
+ notifies :reload, "service[apache2]"
+end
+
+private_allowed = search(:node, node[:git][:private_nodes]).collect do |n|
+ n.ipaddresses(:role => :external)
+end.flatten
+
+apache_site git_site do
+ template "apache.erb"
+ directory "/srv/#{git_site}"
+ variables :aliases => Array(node[:git][:aliases]),
+ :private_allowed => private_allowed
+end
diff --git a/cookbooks/git/templates/default/apache.erb b/cookbooks/git/templates/default/apache.erb
index c7f85c821..9ec36f7d8 100644
--- a/cookbooks/git/templates/default/apache.erb
+++ b/cookbooks/git/templates/default/apache.erb
@@ -44,17 +44,28 @@
CustomLog /var/log/apache2/<%= @name %>-access.log combined
ErrorLog /var/log/apache2/<%= @name %>-error.log
- DocumentRoot <%= @directory %>
- HeaderName HEADER
+ SetEnv GIT_PROJECT_ROOT /var/lib/git
+ SetEnv GIT_HTTP_EXPORT_ALL
+
+ ScriptAlias /public /usr/lib/git-core/git-http-backend/public
+ ScriptAlias /private /usr/lib/git-core/git-http-backend/private
Alias /gitweb /usr/share/gitweb
Alias /git /var/cache/git
- ScriptAlias /gitweb.cgi /usr/lib/cgi-bin/gitweb.cgi
+ ScriptAlias / /usr/lib/cgi-bin/gitweb.cgi/
+
+
+ Require all granted
+
+
+
+ Require ip <%= @private_allowed.sort.join(" ") %>
+
- RewriteEngine On
- RewriteRule ^/$ /gitweb.cgi%{REQUEST_URI} [L,PT]
- RewriteRule ^/(.*\.git/(?!/?(HEAD|info|objects|refs)).*)?$ /gitweb.cgi%{REQUEST_URI} [L,PT]
+
+ Require all denied
+
->
- Require all granted
+
+ Options ExecCGI
diff --git a/cookbooks/git/templates/default/backup.cron.erb b/cookbooks/git/templates/default/backup.cron.erb
index ac2167b8c..5a9d01284 100644
--- a/cookbooks/git/templates/default/backup.cron.erb
+++ b/cookbooks/git/templates/default/backup.cron.erb
@@ -4,7 +4,7 @@
T=$(mktemp -d -t -p /var/tmp git.XXXXXXXXXX)
D=$(date +%Y-%m-%d)
-B=<%= node[:git][:backup] %>-$D.tar.gz
+B=git-$D.tar.gz
ln -s /var/lib/git $T/git-$D
diff --git a/cookbooks/git/templates/default/gitweb.conf.erb b/cookbooks/git/templates/default/gitweb.conf.erb
index b98c15ae5..5d2eb7469 100644
--- a/cookbooks/git/templates/default/gitweb.conf.erb
+++ b/cookbooks/git/templates/default/gitweb.conf.erb
@@ -1,7 +1,7 @@
# DO NOT EDIT - This file is being maintained by Chef
# path to git projects (.git)
-$projectroot = "<%= node[:git][:directory] %>";
+$projectroot = "<%= node[:git][:directory] %>/public";
# directory to use for temp files
$git_temp = "/tmp";
@@ -31,4 +31,4 @@ our $javascript = "/gitweb/static/gitweb.js";
$feature{'pathinfo'}{'default'} = [1];
# define roots for cloning
-@git_base_url_list = qw(git://<%= node[:git][:host] %>);
+@git_base_url_list = qw(https://<%= node[:git][:host] %>/public);
diff --git a/cookbooks/git/templates/default/post-receive.erb b/cookbooks/git/templates/default/post-receive.erb
deleted file mode 100644
index 30ade2719..000000000
--- a/cookbooks/git/templates/default/post-receive.erb
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/zsh
-
-# DO NOT EDIT - This file is being maintained by Chef
-
-while read oldrev newrev refname
-do
- if [[ "$refname" = "refs/heads/master" ]]
- then
- for rev in $(git rev-list ${oldrev}..${newrev})
- do
- sudo -u trac /usr/bin/trac-admin /var/lib/trac changeset added "<%= @repository %>" "${rev}"
- done
- fi
-done
diff --git a/cookbooks/git/templates/default/xinetd.erb b/cookbooks/git/templates/default/xinetd.erb
deleted file mode 100644
index 403c7926b..000000000
--- a/cookbooks/git/templates/default/xinetd.erb
+++ /dev/null
@@ -1,13 +0,0 @@
-# DO NOT EDIT - This file is being maintained by Chef
-
-service git
-{
- disable = no
- socket_type = stream
- wait = no
- user = nobody
- server = /usr/lib/git-core/git-daemon
- server_args = --base-path=<%= node[:git][:directory] %> --export-all --syslog --inetd --verbose
- log_on_failure += USERID
- flags = ipv6
-}
diff --git a/cookbooks/hardware/attributes/default.rb b/cookbooks/hardware/attributes/default.rb
index fb19506f4..f27074082 100644
--- a/cookbooks/hardware/attributes/default.rb
+++ b/cookbooks/hardware/attributes/default.rb
@@ -7,7 +7,7 @@ default[:hardware][:modules] = if node[:lsb][:release].to_f >= 16.04
default[:hardware][:grub][:cmdline] = %w[nomodeset]
default[:hardware][:sensors] = {}
-default[:hardware][:mcelog][:enabled] = true
+default[:hardware][:mcelog][:enabled] = node[:lsb][:release].to_f < 18.04
if node[:dmi] && node[:dmi][:system]
case node[:dmi][:system][:manufacturer]
diff --git a/cookbooks/hardware/recipes/default.rb b/cookbooks/hardware/recipes/default.rb
index 17382e916..837c8ce23 100644
--- a/cookbooks/hardware/recipes/default.rb
+++ b/cookbooks/hardware/recipes/default.rb
@@ -277,7 +277,7 @@ if tools_packages.include?("areca")
git "/opt/areca" do
action :sync
- repository "git://chef.openstreetmap.org/areca.git"
+ repository "https://git.openstreetmap.org/private/areca.git"
user "root"
group "root"
end
@@ -335,21 +335,21 @@ intel_nvmes = nvmes.select { |pci| pci[:vendor_name] == "Intel Corporation" }
if !intel_ssds.empty? || !intel_nvmes.empty?
package "unzip"
- remote_file "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_3.0.7_Linux.zip" do
- source "https://downloadmirror.intel.com/27144/eng/Intel_SSD_Data_Center_Tool_3.0.7_Linux.zip"
+ remote_file "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_3.0.13_Linux.zip" do
+ source "https://downloadmirror.intel.com/27863/eng/Intel_SSD_Data_Center_Tool_3.0.13_Linux.zip"
end
- execute "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_3.0.7_Linux.zip" do
- command "unzip Intel_SSD_Data_Center_Tool_3.0.7_Linux.zip isdct_3.0.7.401-17_amd64.deb"
+ execute "#{Chef::Config[:file_cache_path]}/Intel_SSD_Data_Center_Tool_3.0.13_Linux.zip" do
+ command "unzip Intel_SSD_Data_Center_Tool_3.0.13_Linux.zip isdct_3.0.13.400-17_amd64.deb"
cwd Chef::Config[:file_cache_path]
user "root"
group "root"
- not_if { File.exist?("#{Chef::Config[:file_cache_path]}/isdct_3.0.7.401-17_amd64.deb") }
+ not_if { File.exist?("#{Chef::Config[:file_cache_path]}/isdct_3.0.13.400-17_amd64.deb") }
end
dpkg_package "isdct" do
- version "3.0.7.401-17"
- source "#{Chef::Config[:file_cache_path]}/isdct_3.0.7.401-17_amd64.deb"
+ version "3.0.13.400-17"
+ source "#{Chef::Config[:file_cache_path]}/isdct_3.0.13.400-17_amd64.deb"
end
end
diff --git a/cookbooks/hardware/templates/default/munin.smart.erb b/cookbooks/hardware/templates/default/munin.smart.erb
index e1a98501a..1908f8e93 100644
--- a/cookbooks/hardware/templates/default/munin.smart.erb
+++ b/cookbooks/hardware/templates/default/munin.smart.erb
@@ -6,3 +6,4 @@ env.smartargs -H -d <%= @disk[:smart] %>
<% else -%>
env.smartargs -H
<% end -%>
+env.ignoreexit 4
diff --git a/cookbooks/letsencrypt/templates/default/cron.erb b/cookbooks/letsencrypt/templates/default/cron.erb
index 74a8ee0a2..768e69d5a 100644
--- a/cookbooks/letsencrypt/templates/default/cron.erb
+++ b/cookbooks/letsencrypt/templates/default/cron.erb
@@ -2,5 +2,5 @@
MAILTO=admins@openstreetmap.org
-00 */12 * * * letsencrypt /srv/acme.openstreetmap.org/bin/renew
-30 */12 * * * letsencrypt /srv/acme.openstreetmap.org/bin/check-certificates
+00 */12 * * * /usr/bin/certbot /srv/acme.openstreetmap.org/bin/renew
+30 */12 * * * /usr/bin/certbot /srv/acme.openstreetmap.org/bin/check-certificates
diff --git a/cookbooks/mediawiki/recipes/default.rb b/cookbooks/mediawiki/recipes/default.rb
index 63c9d53db..b7654f3e8 100644
--- a/cookbooks/mediawiki/recipes/default.rb
+++ b/cookbooks/mediawiki/recipes/default.rb
@@ -82,9 +82,15 @@ service "parsoid" do
subscribes :restart, "template[/etc/mediawiki/parsoid/config.yaml]"
end
-apache_module "php7.0"
+php_version = if node[:lsb][:release].to_f >= 18.04
+ "7.2"
+ else
+ "7.0"
+ end
-link "/etc/php/7.0/apache2/conf.d/20-wikidiff2.ini" do
+apache_module "php#{php_version}"
+
+link "/etc/php/#{php_version}/apache2/conf.d/20-wikidiff2.ini" do
to "../../mods-available/wikidiff2.ini"
end
diff --git a/cookbooks/munin/files/default/plugins/squid_icp b/cookbooks/munin/files/default/plugins/squid_icp
new file mode 100755
index 000000000..e960d2b39
--- /dev/null
+++ b/cookbooks/munin/files/default/plugins/squid_icp
@@ -0,0 +1,190 @@
+#!/usr/bin/perl -w
+# -*- perl -*-
+
+=head1 NAME
+
+squid_icp - Plugin to graph traffic to the ICP peers
+
+=head1 CONFIGURATION
+
+The following configuration variables are used by this plugin:
+
+ [squid_icp]
+ env.squidhost - host (default "localhost")
+ env.squidport - port (default "3128")
+ env.squiduser - username (default "")
+ env.squidpasswd - password (default "")
+
+=head1 ABOUT
+
+When using squid as a "load balancer" (of sorts), who gets the
+request?
+
+=head1 AUTHORS
+
+Copyright (C) 2004 Jimmy Olsen
+
+=head1 LICENSE
+
+Gnu GPLv2
+
+=begin comment
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 dated June, 1991.
+
+This program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+=end comment
+
+=head1 MAGIC MARKERS
+
+ #%# family=manual
+ #%# capabilities=autoconf
+
+=cut
+
+my $ret = undef;
+
+if (! eval "require IO::Socket;")
+{
+ $ret = "IO::Socket not found";
+}
+if (! eval "require MIME::Base64;")
+{
+ $ret = "MIME::Base64 not found";
+}
+if (! eval "require Net::hostent;")
+{
+ $ret = "Net::hostent not found";
+}
+
+$squid_host = $ENV{squidhost} || "localhost";
+$squid_port = $ENV{squidport} || 3128;
+$user = $ENV{squiduser} || "";
+$passwd = $ENV{squidpasswd} || "";
+
+if($ARGV[0] and $ARGV[0] eq "autoconf") {
+ &autoconf($squid_host, $squid_port, $user, $passwd);
+}
+
+sub autoconf {
+ my ($host, $port, $user, $passwd) = @_;
+
+ if ($ret)
+ {
+ print "no ($ret)\n";
+ exit 0;
+ }
+
+ my $cachemgr = IO::Socket::INET->new(PeerAddr => $host,
+ PeerPort => $port,
+ Proto => 'tcp',
+ Timeout => 5);
+
+ if (!$cachemgr)
+ {
+ print "no (could not connect: $!)\n";
+ exit 0;
+ }
+
+ my $request = "GET cache_object://$host/counters HTTP/1.0\r\n" .
+ "Accept: */*\r\n" .
+ &make_auth_header($user, $passwd) .
+ "\r\n";
+
+ $cachemgr->syswrite($request, length($request));
+ my @lines = $cachemgr->getlines();
+
+ print "yes\n";
+ exit 0;
+}
+
+sub make_auth_header {
+ my ($user, $passwd) = @_;
+
+ if(!defined $passwd || $passwd eq "") {
+ return "";
+ } else {
+ my $auth = MIME::Base64::encode_base64(($user ? $user : "") . ":$passwd", "");
+ return "Authorization: Basic $auth\r\n" .
+ "Proxy-Authorization: Basic $auth\r\n";
+ }
+}
+
+
+sub query_squid {
+ my ($host, $port, $user, $passwd) = @_;
+ my $ret;
+
+ my $cachemgr = IO::Socket::INET->new(PeerAddr => $host,
+ PeerPort => $port,
+ Proto => 'tcp') or die($!);
+
+
+
+ my $request = "GET cache_object://$host/server_list HTTP/1.0\r\n" .
+ "Accept: */*\r\n" .
+ &make_auth_header($user, $passwd) .
+ "\r\n";
+
+ $cachemgr->syswrite($request, length($request));
+ my @lines = $cachemgr->getlines();
+ my $id = "";
+ for(my $i = 0; $i <= $#lines; $i++) {
+ chomp $lines[$i];
+ if($lines[$i] =~ /Host[^:]+:\s*(\S+)\/\d+\/\d+\s*$/) {
+ my $host = $1;
+ $id = $host;
+ $id =~ s/\./_/g;
+
+ unless(exists($ret->{$id})) {
+ $ret->{$id}->{host} = $host;
+ $ret->{$id}->{fetches} = 0;
+ }
+ }
+ elsif($lines[$i] =~ /FETCHES\s*:\s*(\d+)/) {
+ $ret->{$id}->{fetches} += $1;
+ }
+ }
+ return $ret;
+}
+
+my $hosts = &query_squid($squid_host, $squid_port, $user, $passwd);
+
+if($ARGV[0] and $ARGV[0] eq "config") {
+ my $first = 1;
+ print "graph_title Squid relay statistics\n";
+ print "graph_vlabel requests / \${graph_period}\n";
+ print "graph_args -l 0 --base 1000\n";
+ print "graph_total total\n";
+ print "graph_category squid\n";
+ foreach my $i (sort keys %{$hosts}) {
+ print "$i.label ", $hosts->{$i}->{host}, "\n";
+ print "$i.type DERIVE\n";
+ print "$i.max 500000\n";
+ print "$i.min 0\n";
+ if ($first) {
+ print "$i.draw AREA\n";
+ $first = 0;
+ } else {
+ print "$i.draw STACK\n";
+ }
+ }
+ exit 0;
+}
+
+foreach my $i (keys %{$hosts}) {
+ print "$i.value ", $hosts->{$i}->{fetches}, "\n";
+}
+
+# vim:syntax=perl
diff --git a/cookbooks/nominatim/attributes/default.rb b/cookbooks/nominatim/attributes/default.rb
index 2805a8606..67708f9a1 100644
--- a/cookbooks/nominatim/attributes/default.rb
+++ b/cookbooks/nominatim/attributes/default.rb
@@ -3,7 +3,7 @@ default[:nominatim][:dbadmins] = []
default[:nominatim][:dbname] = "nominatim"
default[:nominatim][:tablespaces] = []
default[:nominatim][:logdir] = "/var/log/nominatim"
-default[:nominatim][:repository] = "git://git.openstreetmap.org/nominatim.git"
+default[:nominatim][:repository] = "https://git.openstreetmap.org/public/nominatim.git"
default[:nominatim][:revision] = "master"
default[:nominatim][:enable_backup] = false
default[:nominatim][:enable_git_updates] = true
diff --git a/cookbooks/nominatim/templates/default/vacuum-db-nominatim.erb b/cookbooks/nominatim/templates/default/vacuum-db-nominatim.erb
index 112159717..e1be595e9 100644
--- a/cookbooks/nominatim/templates/default/vacuum-db-nominatim.erb
+++ b/cookbooks/nominatim/templates/default/vacuum-db-nominatim.erb
@@ -6,7 +6,6 @@
# Vaccum all tables with indices on integer arrays.
# Agressive vacuuming seems to help against index bloat.
psql -q -d <%= @db %> -c 'VACUUM ANALYSE search_name'
-psql -q -d <%= @db %> -c 'VACUUM ANALYSE search_name_country'
for i in `seq 0 250`; do
psql -q -d <%= @db %> -c "VACUUM ANALYSE search_name_${i}"
diff --git a/cookbooks/ntp/recipes/default.rb b/cookbooks/ntp/recipes/default.rb
index 3cefe3c46..7be4ab437 100644
--- a/cookbooks/ntp/recipes/default.rb
+++ b/cookbooks/ntp/recipes/default.rb
@@ -32,11 +32,10 @@ execute "dpkg-reconfigure-tzdata" do
group "root"
end
-file "/etc/timezone" do
+link "/etc/localtime" do
+ to "/usr/share/zoneinfo/#{node[:tz]}"
owner "root"
group "root"
- mode 0o644
- content "#{node[:tz]}\n"
notifies :run, "execute[dpkg-reconfigure-tzdata]", :immediately
end
diff --git a/cookbooks/openssh/recipes/default.rb b/cookbooks/openssh/recipes/default.rb
index 3d5f4a460..08d1aded8 100644
--- a/cookbooks/openssh/recipes/default.rb
+++ b/cookbooks/openssh/recipes/default.rb
@@ -41,8 +41,8 @@ hosts = search(:node, "networking:interfaces").sort_by { |n| n[:hostname] }.coll
end
keys = {
- "rsa" => node[:keys][:ssh][:host_rsa_public], # ~FC039
- "dsa" => node[:keys][:ssh][:host_dsa_public] # ~FC039
+ "ssh-rsa" => node[:keys][:ssh][:host_rsa_public], # ~FC039
+ "ssh-dss" => node[:keys][:ssh][:host_dsa_public] # ~FC039
}
if node[:keys][:ssh][:host_ecdsa_public] # ~FC039
@@ -51,6 +51,10 @@ hosts = search(:node, "networking:interfaces").sort_by { |n| n[:hostname] }.coll
keys[ecdsa_type] = node[:keys][:ssh][:host_ecdsa_public] # ~FC039
end
+ if node[:keys][:ssh][:host_ed25519_public] # ~FC039
+ keys["ssh-ed25519"] = node[:keys][:ssh][:host_ed25519_public] # ~FC039
+ end
+
Hash[
:names => names.sort,
:addresses => node.ipaddresses.sort,
diff --git a/cookbooks/openssh/templates/default/ssh_known_hosts.erb b/cookbooks/openssh/templates/default/ssh_known_hosts.erb
index 3ee614679..3e0d9f59f 100644
--- a/cookbooks/openssh/templates/default/ssh_known_hosts.erb
+++ b/cookbooks/openssh/templates/default/ssh_known_hosts.erb
@@ -5,9 +5,6 @@
<%= host[:names].join(",") -%>,<%= host[:addresses].join(",") -%> <%= type %> <%= host[:keys][type] %>
<% end -%>
<% end -%>
-apc1,apc1.ucl.openstreetmap.org,10.0.0.49 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAYQDYDLYD52vwCagyebWxujdLw5/jnJ4Nln8g+pXFylT6OJU2R6t+U7mndZUKj1ClCt4AkS77/lEncs8Ie9YM3zzZlN0zsMEmhXzT62wO+0WJkr+hGSlTkMp1iL+dqC9Bk+U=
-apc2,apc2.ucl.openstreetmap.org,10.0.0.50 ssh-rsa AAAAB3NzaC1yc2EAAAACAQEAAAEBANYmUWIbP1bVQEcyeIoKZOvW/cyzmWytUA0u/057WGCMB70UKJrgmhRoArtxm3O4sFYS5b5xzhpcJ6YyYPjs3GMa67lkUBv/mOZEOIM20VeP7biRQf5DLrrSF5cS4A3p+ft7TyFPAuIgywxHQwpnRi7ZtBIPNj6MbRukUYivWrBVQML23O2hfWbwyLWQCTpedycgb1OFYbKC86r73PwW6ZP3Kzv0CDinDL2heEBT/hdeUkeXJCbop6tU3A4bA/obMTmKxsVoT2vEhto3v/bXFAFDQyYidBrOo+CBa3Nbbl+0wAZLBbrjkbQC7gz6TtU70ceLHo/cl8zmIQlHKa8c/Ec=
-apc3,apc3.ucl.openstreetmap.org,10.0.0.51 ssh-rsa AAAAB3NzaC1yc2EAAAACAQEAAAEBAM7kqwZuiMNnTQgI2/CpBwNna2vHC2W5kT0AVRFdd41f+Bet+NbXaHpa+/l1eGaMThtuEpXI8TuyyMP/Wna6xhaSBqcTyinbmc+1rqsSxqXTdNKFX+GSKJay/7jQpe/ZA94MAX/l+jHo50g9bjw5GhSv2sG5VeeabYM+eiTDwjSEwoqpsHYtRSbCCwNgM5hK0lTunPZ+wq31vY8tPbnYTZdi8ENxccXI1+wLPEIGg74FoWxy98lKTc8FIa/JaT37hDOwOC0uzDi1koXp5sCzCVAhRDNzHSSKkiIXx8rXp7/2ZPrKo2j++W/rl0b0xe1UO+/KWxhCC2YsCaDIgBXsG7E=
#albi.oob,albi.oob.openstreetmap.org,10.0.1.2 ssh-rsa
#albi.oob,albi.oob.openstreetmap.org,10.0.1.2 ssh-dss
ridley.oob,ridley.oob.openstreetmap.org,10.0.1.3 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC6FtSZo3FZfOyWVdiUX1CSlWLIiB2iCWmtsfiqQ32i+AbNxiOfqBckp9CQazdaAmMp638TnLpCwSfJk9oJNui/J6yY5jq1RKb5U9YVGkhXvFmHH2dG/QpD9z786jWZ8RFdTwtdpHVfJzfm3vFDOORJcJwnvGr+Fe+fnY43aPzTZQ==
@@ -26,12 +23,14 @@ eustace.oob,eustace.oob.openstreetmap.org,10.0.1.9 ssh-rsa AAAAB3NzaC1yc2EAAAADA
eustace.oob,eustace.oob.openstreetmap.org,10.0.1.9 ssh-dss AAAAB3NzaC1kc3MAAACBAM9dCBACQykp7BM/HqbIdTPNSFaC0AAjA95WZP4AfHos+wkUt+zdNeKfO2xgnAj6WyBJFUvSOgcmAiKqCJk6+B1Zl2k+CyQIW9RnQbwBLH3M3AduqXMWB/EfD9SWt6HwyU/dumaiv/HqapGR/ly/84F+sIiNTXVSTZvtweUNuYFPAAAAFQCBQ4QjFUny6+XAL2ucyU9W8ya7rQAAAIAXSQrRSubw9Tli0PbBfWllf5AkR/ybB/rd6UQUUeMTVg5SHLVjc/HwyBYQbeRnSW+bpztauW1bx4cfpGQsqmEPHmJVfxuc36u5MyeYQn1HPLfXDGYILFcjT5aUwRoKqGCuOaCV2YIqBtgtS8nR9ihPJKQfbmtQ4gcAnKMSbMFnvQAAAIEAt4kLYCscN/DkSIxiCNjHVYTYxepsfP2IsZAYi3Cxs8GHWu3kdyP8AvT47t6pI6KxEFhFPozNCtU9w+0kxgCBApb0bALI/DcebNZYCYyk/S939KfLpRCBion53JdCXbFhPgWiYzI40IUQPwWo/cyXREB3Qw/AOLwp8vlKuq8RDtU=
#puff.oob,puff.oob.openstreetmap.org,10.0.1.10 ssh-rsa
#puff.oob,puff.oob.openstreetmap.org,10.0.1.10 ssh-dss
+draco.oob,draco.oob.openstreetmap.org,10.0.1.11 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCl+ue/d4rW+xBja+8Gicp/LDFzURo7fgP3IOnOXM8QMmHaPzfUbWDlKNRGaCaK+xHUUI/6/AfKwikY2pmPSZ8vC/Ss641RELqvAAbfrOUN8M0akeJPs35T04ek6aWIA2d0AYXlWRLojKd/N7KoZOFvp8udkYSH5yNh4BsArNQHhw==
sarel.oob,sarel.oob.openstreetmap.org,10.0.1.12 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCepzpzx1NqbX1uo10ePzF5lUnaHXtzxcgFR7LvXOuZrip+bSOY/4jBqCasZG3kofMcUL6TFh7Q2MrkZ+9Xj7B9AeNwzlZnohAjLNIdJJjHHyjJ5EHiJHnpVeElP+/W6NfLE2S4xq7JF+eOdeznb6X6JdkXnKhaJv5KQcz6JVp50Q==
sarel.oob,sarel.oob.openstreetmap.org,10.0.1.12 ssh-dss AAAAB3NzaC1kc3MAAACBAKPIabHx0CCmG3tl36baYTalPout92RMZkX0RhfiRDOHXc+Mk5bAA/r8ep9BiMNbhB+qstay0yqpwemJLC0+0LxhQAyl4MDEDpHMLAlXmQO4HhEVyKB9hutfyFDMYNI4D1NwzBRO4yPRjhoai0NaEo5jBjI9SiIWMhPBDO2lLyGtAAAAFQCrlNl/cRw43H1BVzO3lhMG8+eTYwAAAIBbTcKalbfzeoWLOPuLSxL7AE57WqyqMB9/gdac6+c3YaO/g/WIsJRO2g5Im1/cCIvOH4nVF0wlQONh9CGZZKzSKdaIJIJ9y0A7kzRxLxEfGz5ZslH+xusdWeU4hx39yVzBinM2+qLiDpc6zgowd6klUiMR2Qv2bXo27gLSAHxLIAAAAIAC1gES35Xj85N+1VGR5rQbRf99ft6Cz5Ml4nq1c936z9OCzYTbCaWG0yrHsuKyC7kHO2drsDLb6kER9H/dx+ryULWIsNOv8JQtLaxr+TRnb8SDNE6pObruCkTpSgKJx9/fng1qAsuYTvZCkEu3vkS/ug+BfrE/1peIzVxTUz/DWA==
errol.oob,errol.oob.openstreetmap.org,10.0.1.14 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA1riMj4gWqiovniYhlFNUxMm/AGmV/C2GjcMP+NcJ1ZyP4OdytGeGfhUm5GwVwraimkFQQlfEDcUWY7OX4EG115E8i15cUt6s6Ya2E6AXydigvBbrdp8MNnPOWBifVN3/5Cgi8nrAebmPs88ZZx2KM/Df5qIB2rHYpuHYyl+MpqE=
errol.oob,errol.oob.openstreetmap.org,10.0.1.14 ssh-dss AAAAB3NzaC1kc3MAAACBAKcnhyMz3C4sku0e1/nFailjoPcMwLazXq4H/kUsdlt+f2By73F5KdUWffxoeRNL0UVT7+VCKG6IXmXGkKVfvpTipFjkP1N+b7I4SuJcQ/EUNPTCGAfC3l691K8jUBD6WSlQUqZtKGnpDS1zI/ZIYiNqrQnWu2RTYnP3QvY7JigDAAAAFQDI6aaH6mWx7vTVS9m3tyXQ4GQ08wAAAIAQjAM+q8Hfp1h45UjTeD2jIA74asQl0M+4q+4EcnNPnKXRbEBIg4rCWkHdd06uhayXZ91KzCDcj1b2LSb2zOE4U1MDEpdVnz22PuEl/f6/epKmLOqHoOGu9/9Lud6OoZQSveEPYmcpEEpt1RCN9ZvkVtFdLwtQ8+CSSGXg8yfCxgAAAIEAjQztmG1LN/e7pNRY0MtV148rJY3mR2knJegg0yBOEWHUGtKY91lgboWie1YTGR3RiXckJFFYkOGWAxqEVM//+rW0hatCxEp/mWEt/GWKPpV52fc4BUhJbi9hb8sg+dAvfoHwUL3CzHzqapaRNxxbfest8dfvascAjRDFP7yxU9w=
yevaud.oob,yevaud.oob.openstreetmap.org,10.0.1.15 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuWeUQd5ssUd5VFyTMXgC+U6c7s63mtuEj+cL6x8EU8PqNS12RGwLpeAI5VL8UzM0YLyPjPh/yzdQN2tl9ufK7KZF0apvoSZgp/uwyG+CgdFSf66nTrZN4NA/QP1ikH3kbqcM87LfNjCrMXnqMBJ/OCqz2z+An8t0KGDXS8haxlU=
yevaud.oob,yevaud.oob.openstreetmap.org,10.0.1.15 ssh-dss AAAAB3NzaC1kc3MAAACBAL6RC7IMuQEtD4JIRmBJEownC0a7ZEvfCTw20PV5MjWb6twZlGBK3IA/0yV0oJ+75W6VWizn3cWSBS3y1zD8KktF4fh4+FVyin9WTyFuwME8cYmRPV+kuOa1lF1sLJxqvZJRjKMjweLeNTKnl1mb03049SL2YoGwMOTdVgVBjEyFAAAAFQC7rQIvnfLYbQdX87DwlzfMDALOoQAAAIEAmAu2kK8atEOR1Sc6maxYKSf68MYMHoTpm2MW9q2x5ls982kfEUMJ3h641cbRgOAuCmQU3gHnt73sl5LY3K3oLijIhSQm8+l+GkrXVhdwx7ScLXf+8TJZRWiP6Q98VWM4E3L4wmiJksLbTlxdoew3lv8gGhbpk0XuSyLWIBZIKJAAAACATogkqFXhPFzOMRJAR6G8J4bOqg9Ae2cGtf4aMZ9xdm/Hm7YLSu3kn5IhawwU+DL494VF+ky69T01iY3e4m/kQhYB4emlqsRHzVscblVH+GL6sVEkct0HMzfqzEFcfYWqqMdig9EwTzHwJzkAb4WqZdGnWG3Ln88x3liyDZTpGco=
+clifford.oob,clifford.oob.openstreetmap.org,10.0.1.17 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCsCrNQ+QQg2UUGhBpgjlLAF4gI48VDGmcF9prulYDxduyGJIrqhOjQtKLjNksMr8TEblmJsI4JzPf1lY1rVL3Q/aZWJD5X4Q0DgEtNzfinI9JAy77JASj1osBPU2RfWSvK9C2TnEoXHxuyGKMw9iuuPLppNMjZ103PYprQeAXi1w==
katla.oob,katla.oob.openstreetmap.org,10.0.33.40 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwCIJ+bSxbMsr6wurBXYkeqoznHnJT4zrN7nHtajgs5CJLIiWO+Eq/Lp+egz6Irxwk3v+kbfKW9RUum5fOMfkWFwaQxP41Cz5RbMmu5Jsm4MQKr4PPVxbLbPk75OeVgo+nfkzBupsBuYGMp/GCpjTJ8rusPmYxzWBek4amKL5udfA9Ld
katla.oob,katla.oob.openstreetmap.org,10.0.33.40 ssh-dss AAAAB3NzaC1kc3MAAACBAP4oHi33lAVyP8zjoRZe6kxcZGJi1JOgF1vpZqEsxA97yCaLGVjc2cdxi16namqdJ/DgQaRpGRM+chP6AgGN9FD8Z6Wfskm+2sghPpcGRUkr7u6mM7WlJ0xQehD4LDcxFEpZKxtalf6TlxXn9cO0VaL9NNVrpU34c2Pqxl7wg/QnAAAAFQCB10EQxYDOnsxN2xrSHEbmgA3K0wAAAIAWN0b4KREM6Uc6FVkRtOjkiAR8FWmCg8nNQaqlKIPlM4hsrIcPC5yZfc7BzamQSy4PpHNGZG64CkYr8tn8LGWouHVKKbeFOWEXIBsRBSf1NNaYI7cS7WPnGVOmkt6yHvWwPlDcVO8FpPUL9pA7kf6iCuQNdD/MyOBHdbVoU9LcNAAAAIEAsXBb+3EZhsRAYL9Jm22PsrsW2o/hO7aomMeEXvVGG8Wuy77lqmcIvlyW3zhHBs7ubI9TZz1XDsgLK9giCkmqCyKmUsTXGsu9e4veOq+sgvXdbhoBMVi90IFsPLPUdPN5mfovBDHkwi60VtDwOLAX368pFfBfSA50CZWfhwUu26E=
karm.oob,karm.oob.openstreetmap.org,146.179.159.173 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgwC0NwmVi6Fj/55PE+E/60m55gsjY0HaHpSTO2Cr3wuaTrvT4rMCbORaAtIqvp/j70MKZqSS7f1wztnm9fP/54viWWbgslMZ8GaSUHDDkoH07eznggIJ5P3wHcaK/P1sKe6JTj/dbCf/FMvTT2nrA+kIlY5q3UPQ7q1apSYE9lUjF0f3
diff --git a/cookbooks/osqa/recipes/default.rb b/cookbooks/osqa/recipes/default.rb
index 047cc3892..a886fe6f4 100644
--- a/cookbooks/osqa/recipes/default.rb
+++ b/cookbooks/osqa/recipes/default.rb
@@ -76,7 +76,7 @@ node[:osqa][:sites].each do |site|
git "#{directory}/osqa" do
action :sync
- repository "git://git.openstreetmap.org/osqa.git"
+ repository "https://git.openstreetmap.org/public/osqa.git"
revision "live"
user site_user
group site_group
diff --git a/cookbooks/otrs/attributes/default.rb b/cookbooks/otrs/attributes/default.rb
index 2ca23b364..fff2dc008 100644
--- a/cookbooks/otrs/attributes/default.rb
+++ b/cookbooks/otrs/attributes/default.rb
@@ -1,4 +1,4 @@
-default[:otrs][:version] = "5.0.27"
+default[:otrs][:version] = "6.0.8"
default[:otrs][:user] = "otrs"
default[:otrs][:group] = nil
default[:otrs][:database_cluster] = "9.5/main"
diff --git a/cookbooks/otrs/recipes/default.rb b/cookbooks/otrs/recipes/default.rb
index 77ac3912d..c71c920c6 100644
--- a/cookbooks/otrs/recipes/default.rb
+++ b/cookbooks/otrs/recipes/default.rb
@@ -48,12 +48,6 @@ database_user = node[:otrs][:database_user]
database_password = passwords[node[:otrs][:database_password]]
site = node[:otrs][:site]
-old_installation = begin
- File.readlink("/opt/otrs")
- rescue StandardError
- nil
- end
-
postgresql_user database_user do
cluster database_cluster
password database_password
@@ -96,16 +90,6 @@ file "/opt/otrs-#{version}/Kernel/Config.pm" do
content config
end
-link "/opt/otrs-#{version}/Kernel/Config/Files/ZZZAuto.pm" do
- to "#{old_installation}/Kernel/Config/Files/ZZZAuto.pm"
- link_type :hard
-end
-
-link "/opt/otrs-#{version}/var/log/TicketCounter.log" do
- to "#{old_installation}/var/log/TicketCounter.log"
- link_type :hard
-end
-
link "/opt/otrs" do
to "/opt/otrs-#{version}"
end
diff --git a/cookbooks/passenger/attributes/default.rb b/cookbooks/passenger/attributes/default.rb
index e21f96269..adb0edc08 100644
--- a/cookbooks/passenger/attributes/default.rb
+++ b/cookbooks/passenger/attributes/default.rb
@@ -1,4 +1,4 @@
-default[:passenger][:ruby_version] = "2.3"
+default[:passenger][:ruby_version] = node[:lsb][:release].to_f >= 18.04 ? "2.5" : "2.3"
default[:passenger][:max_pool_size] = 6
default[:passenger][:pool_idle_time] = 300
diff --git a/cookbooks/piwik/recipes/default.rb b/cookbooks/piwik/recipes/default.rb
index ecc6e2023..9064522bf 100644
--- a/cookbooks/piwik/recipes/default.rb
+++ b/cookbooks/piwik/recipes/default.rb
@@ -28,12 +28,12 @@ package "php-curl"
package "php-mbstring"
package "php-mysql"
package "php-gd"
+package "php-xml"
package "php-apcu"
-package "geoip-database-contrib"
+package "geoipupdate"
-apache_module "php7.0"
-apache_module "geoip"
+apache_module "php7.2"
version = node[:piwik][:version]
@@ -78,6 +78,18 @@ directory "/opt/piwik-#{version}/piwik/tmp" do
mode "0755"
end
+link "/opt/piwik-#{version}/piwik/misc/GeoLite2-ASN.mmdb" do
+ to "/var/lib/GeoIP/GeoLite2-ASN.mmdb"
+end
+
+link "/opt/piwik-#{version}/piwik/misc/GeoLite2-City.mmdb" do
+ to "/var/lib/GeoIP/GeoLite2-City.mmdb"
+end
+
+link "/opt/piwik-#{version}/piwik/misc/GeoLite2-Country.mmdb" do
+ to "/var/lib/GeoIP/GeoLite2-Country.mmdb"
+end
+
link "/srv/piwik.openstreetmap.org" do
to "/opt/piwik-#{version}/piwik"
notifies :restart, "service[apache2]"
diff --git a/cookbooks/planet/files/default/cgi/HEADER.cgi b/cookbooks/planet/files/default/cgi/HEADER.cgi
index f32409a3b..da7004ca1 100644
--- a/cookbooks/planet/files/default/cgi/HEADER.cgi
+++ b/cookbooks/planet/files/default/cgi/HEADER.cgi
@@ -106,7 +106,7 @@ database, and those published before the 12 September 2012 are distributed under
your obligations.
- You can process the file
+ You can process the file
or extracts with a variety of tools. Osmosis
is a general-purpose command-line tool for converting the data among different formats
and databases, and Osm2pgsql
diff --git a/cookbooks/squid/attributes/default.rb b/cookbooks/squid/attributes/default.rb
index f26853fa8..6a7c649d3 100644
--- a/cookbooks/squid/attributes/default.rb
+++ b/cookbooks/squid/attributes/default.rb
@@ -1,4 +1,4 @@
-
+default[:squid][:version] = "2"
default[:squid][:cache_mem] = "256 MB"
default[:squid][:cache_dir] = "ufs /var/spool/squid 256 16 256"
default[:squid][:access_log] = "/var/log/squid/access.log openstreetmap"
diff --git a/cookbooks/squid/recipes/default.rb b/cookbooks/squid/recipes/default.rb
index c0e240190..5e07a4bdf 100644
--- a/cookbooks/squid/recipes/default.rb
+++ b/cookbooks/squid/recipes/default.rb
@@ -17,6 +17,35 @@
# limitations under the License.
#
+if node[:squid][:version] == "3"
+ apt_package "squid" do
+ action :unlock
+ end
+
+ apt_package "squid-common" do
+ action :unlock
+ end
+
+ apt_package "squid" do
+ action :purge
+ only_if "dpkg-query -W squid | fgrep -q 2."
+ end
+
+ apt_package "squid-common" do
+ action :purge
+ only_if "dpkg-query -W squid-common | fgrep -q 2."
+ end
+
+ file "/store/squid/coss-01" do
+ action :delete
+ backup false
+ end
+
+ package "squidclient" do
+ action :upgrade
+ end
+end
+
package "squid"
package "squidclient"
@@ -27,34 +56,45 @@ template "/etc/squid/squid.conf" do
mode 0o644
end
-template "/etc/default/squid" do
- source "squid.erb"
- owner "root"
- group "root"
- mode 0o644
-end
-
directory "/etc/squid/squid.conf.d" do
owner "root"
group "root"
mode 0o755
end
+if node[:squid][:cache_dir] =~ /^coss (\S+) /
+ cache_dir = File.dirname(Regexp.last_match(1))
+elsif node[:squid][:cache_dir] =~ /^\S+ (\S+) /
+ cache_dir = Regexp.last_match(1)
+end
+
+directory cache_dir do
+ owner "proxy"
+ group "proxy"
+ mode 0o750
+ recursive true
+end
+
+systemd_tmpfile "/var/run/squid" do
+ type "d"
+ owner "proxy"
+ group "proxy"
+ mode "0755"
+end
+
systemd_service "squid" do
description "Squid caching proxy"
after ["network.target", "nss-lookup.target"]
+ type "forking"
limit_nofile 65536
- environment "SQUID_ARGS" => "-D"
- environment_file "/etc/default/squid"
- exec_start_pre "/usr/sbin/squid $SQUID_ARGS -z"
- exec_start "/usr/sbin/squid -N $SQUID_ARGS"
+ exec_start_pre "/usr/sbin/squid -N -z"
+ exec_start "/usr/sbin/squid -Y"
exec_reload "/usr/sbin/squid -k reconfigure"
exec_stop "/usr/sbin/squid -k shutdown"
private_tmp true
private_devices true
protect_system "full"
protect_home true
- no_new_privileges true
restart "on-failure"
timeout_sec 0
end
@@ -62,8 +102,8 @@ end
service "squid" do
action [:enable, :start]
subscribes :restart, "systemd_service[squid]"
+ subscribes :restart, "directory[#{cache_dir}]"
subscribes :reload, "template[/etc/squid/squid.conf]"
- subscribes :restart, "template[/etc/default/squid]"
subscribes :reload, "template[/etc/resolv.conf]"
end
@@ -85,7 +125,3 @@ munin_plugin "squid_icp"
munin_plugin "squid_objectsize"
munin_plugin "squid_requests"
munin_plugin "squid_traffic"
-
-Dir.glob("/var/log/squid/zere.log*") do |log|
- File.unlink(log)
-end
diff --git a/cookbooks/squid/templates/default/squid.conf.erb b/cookbooks/squid/templates/default/squid.conf.erb
index f290f730d..659b3c8cb 100644
--- a/cookbooks/squid/templates/default/squid.conf.erb
+++ b/cookbooks/squid/templates/default/squid.conf.erb
@@ -12,14 +12,23 @@ icp_port 3130
log_icp_queries off
#FIXME - configurable
+<% if node[:squid][:version] == "2" -%>
http_port 80 accel defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6 http11
+<% else -%>
+http_port 80 accel no-vhost defaultsite=tile.openstreetmap.org tcpkeepalive=60,10,6
+
+#prefer IPv4 until everything is upgraded
+dns_v4_first on
+<% end -%>
cache_effective_user proxy
cache_effective_group proxy
#FIXME - configurable
cache_dir <%= node[:squid][:cache_dir] %>
+<% if node[:squid][:version] == "2" -%>
cache_swap_log /var/spool/squid/%s
+<% end -%>
cache_mgr webmaster@openstreetmap.org
@@ -39,7 +48,11 @@ persistent_request_timeout 1 minutes
negative_ttl 15 seconds
half_closed_clients off
+<% if node[:squid][:version] == "2" -%>
pipeline_prefetch on
+<% else -%>
+pipeline_prefetch 1
+<% end -%>
read_timeout 90 seconds
request_timeout 90 seconds
@@ -47,14 +60,18 @@ connect_timeout 20 seconds
client_lifetime 1 hours
collapsed_forwarding on
+<% if node[:squid][:version] == "2" -%>
refresh_stale_hit 300 seconds
+<% end -%>
#Recommended minimum configuration:
#----------------------------------
+<% if node[:squid][:version] == "2" -%>
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
+<% end -%>
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
@@ -84,13 +101,25 @@ http_access deny purge
forwarded_for on
follow_x_forwarded_for allow localhost
+<% if node[:squid][:version] == "2" -%>
logformat openstreetmap %ts.%03tu %tr %>a %Ss/%03Hs %h" "%{User-Agent}>h"
access_log <%= node[:squid][:access_log] %>
+<% else -%>
+logformat openstreetmap %ts.%03tu %tr %>a %Ss/%03>Hs %rp %Sh/%h" "%{User-Agent}>h"
+access_log daemon:<%= node[:squid][:access_log] %>
+<% end -%>
cache_log /var/log/squid/cache.log
cache_store_log none
buffered_logs on
client_db off
strip_query_terms off
+<% if node[:squid][:version] == "3" -%>
+# Work around bug in squid 3 that causes log_fqdn to be
+# turned on by some of the (unused by us) default formats:
+# http://lists.squid-cache.org/pipermail/squid-users/2016-February/thread.html#8999
+url_rewrite_extras "%>a %un %>rm myip=%la myport=%lp"
+store_id_extras "%>a %un %>rm myip=%la myport=%lp"
+<% end -%>
digest_generation on
diff --git a/cookbooks/squid/templates/default/squid.erb b/cookbooks/squid/templates/default/squid.erb
deleted file mode 100644
index f6a346cbf..000000000
--- a/cookbooks/squid/templates/default/squid.erb
+++ /dev/null
@@ -1,8 +0,0 @@
-# DO NOT EDIT - This file is being maintained by Chef
-#
-# /etc/default/squid Configuration settings for the Squid proxy server.
-#
-
-# Max. number of filedescriptors to use. You can increase this on a busy
-# cache to a maximum of (currently) 65536 filedescriptors. Default is 1024.
-SQUID_MAXFD=65536
diff --git a/cookbooks/stateofthemap/recipes/default.rb b/cookbooks/stateofthemap/recipes/default.rb
index e697ae88c..89fbbab34 100644
--- a/cookbooks/stateofthemap/recipes/default.rb
+++ b/cookbooks/stateofthemap/recipes/default.rb
@@ -23,7 +23,7 @@ passwords = data_bag_item("stateofthemap", "passwords")
git "/srv/stateofthemap.org" do
action :sync
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "chooser"
user "root"
group "root"
@@ -59,7 +59,7 @@ end
wordpress_theme "2007.stateofthemap.org-refreshwp-11" do
theme "refreshwp-11"
site "2007.stateofthemap.org"
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "theme-2007"
end
@@ -86,7 +86,7 @@ end
wordpress_theme "2008.stateofthemap.org-refreshwp-11" do
theme "refreshwp-11"
site "2008.stateofthemap.org"
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "theme-2008"
end
@@ -103,7 +103,7 @@ end
git "/srv/2009.stateofthemap.org" do
action :sync
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "resources-2009"
user "wordpress"
group "wordpress"
@@ -123,7 +123,7 @@ end
wordpress_theme "2009.stateofthemap.org-aerodrome" do
theme "aerodrome"
site "2009.stateofthemap.org"
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "theme-2009"
end
@@ -140,7 +140,7 @@ end
git "/srv/2010.stateofthemap.org" do
action :sync
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "resources-2010"
user "wordpress"
group "wordpress"
@@ -158,14 +158,14 @@ end
wordpress_theme "2010.stateofthemap.org-aerodrome" do
theme "aerodrome"
site "2010.stateofthemap.org"
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "theme-2010"
end
wordpress_plugin "2010.stateofthemap.org-sitepress-multilingual-cms" do
plugin "sitepress-multilingual-cms"
site "2010.stateofthemap.org"
- repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git"
+ repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
end
wordpress_plugin "2010.stateofthemap.org-wp-sticky" do
@@ -181,7 +181,7 @@ end
git "/srv/2011.stateofthemap.org" do
action :sync
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "resources-2011"
user "wordpress"
group "wordpress"
@@ -199,14 +199,14 @@ end
wordpress_theme "2011.stateofthemap.org-aerodrome" do
theme "aerodrome"
site "2011.stateofthemap.org"
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "theme-2011"
end
wordpress_plugin "2011.stateofthemap.org-sitepress-multilingual-cms" do
plugin "sitepress-multilingual-cms"
site "2011.stateofthemap.org"
- repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git"
+ repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
end
wordpress_plugin "2011.stateofthemap.org-wp-sticky" do
@@ -222,7 +222,7 @@ end
git "/srv/2012.stateofthemap.org" do
action :sync
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "resources-2012"
user "wordpress"
group "wordpress"
@@ -240,7 +240,7 @@ end
wordpress_theme "2012.stateofthemap.org-aerodrome" do
theme "aerodrome"
site "2012.stateofthemap.org"
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "theme-2012"
end
@@ -252,7 +252,7 @@ end
wordpress_plugin "2012.stateofthemap.org-sitepress-multilingual-cms" do
plugin "sitepress-multilingual-cms"
site "2012.stateofthemap.org"
- repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git"
+ repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
end
wordpress_plugin "2012.stateofthemap.org-wp-sticky" do
@@ -263,7 +263,7 @@ end
%w[2013].each do |year|
git "/srv/#{year}.stateofthemap.org" do
action :sync
- repository "git://git.openstreetmap.org/stateofthemap.git"
+ repository "https://git.openstreetmap.org/public/stateofthemap.git"
revision "site-#{year}"
user "root"
group "root"
diff --git a/cookbooks/supybot/templates/default/git.conf.erb b/cookbooks/supybot/templates/default/git.conf.erb
index 0b89223de..67b4afb82 100644
--- a/cookbooks/supybot/templates/default/git.conf.erb
+++ b/cookbooks/supybot/templates/default/git.conf.erb
@@ -3,7 +3,7 @@
[osm-website]
short name = osm-website
-url = git://git.openstreetmap.org/rails.git
+url = https://git.openstreetmap.org/public/rails.git
branch = master
commit link = https://git.osm.org/rails.git/commitdiff/%c
channels = #osm-dev
@@ -17,7 +17,7 @@ channels = #osm-dev
[osm-chef-public]
short name = osm-chef-public
-url = git://git.openstreetmap.org/chef.git
+url = https://git.openstreetmap.org/public/chef.git
branch = master
commit link = https://git.osm.org/chef.git/commitdiff/%c
channels = #osm-dev
@@ -25,7 +25,7 @@ commit message = [%s|%b|%a] %m %l
[osm-cgimap]
short name = osm-cgimap
-url = git://git.openstreetmap.org/cgimap.git
+url = https://git.openstreetmap.org/public/cgimap.git
branch = master
commit link = https://git.osm.org/cgimap.git/commitdiff/%c
channels = #osm-dev
@@ -33,7 +33,7 @@ commit message = [%s|%b|%a] %m %l
[osm-dns]
short name = osm-dns
-url = git://git.openstreetmap.org/dns.git
+url = https://git.openstreetmap.org/public/dns.git
branch = master
commit link = https://git.osm.org/dns.git/commitdiff/%c
channels = #osm-dev
@@ -41,7 +41,7 @@ commit message = [%s|%b|%a] %m %l
[osm-potlatch2]
short name = osm-potlatch2
-url = git://git.openstreetmap.org/potlatch2.git
+url = https://git.openstreetmap.org/public/potlatch2.git
branch = master
commit link = https://git.osm.org/potlatch2.git/commitdiff/%c
channels = #osm-dev
@@ -49,7 +49,7 @@ commit message = [%s|%b|%a] %m %l
[osm-gpx-import]
short name = osm-gpx-import
-url = git://git.openstreetmap.org/gpx-import.git
+url = https://git.openstreetmap.org/public/gpx-import.git
branch = master
commit link = https://git.osm.org/gpx-import.git/commitdiff/%c
channels = #osm-dev
@@ -57,7 +57,7 @@ commit message = [%s|%b|%a] %m %l
[osm-nominatim]
short name = osm-nominatim
-url = git://git.openstreetmap.org/nominatim.git
+url = https://git.openstreetmap.org/public/nominatim.git
branch = master
commit link = https://git.osm.org/nominatim.git/commitdiff/%c
channels = #osm-dev
@@ -65,7 +65,7 @@ commit message = [%s|%b|%a] %m %l
[osm-planetdump]
short name = osm-planetdump
-url = git://git.openstreetmap.org/planetdump.git
+url = https://git.openstreetmap.org/public/planetdump.git
branch = master
commit link = https://git.osm.org/planetdump.git/commitdiff/%c
channels = #osm-dev
diff --git a/cookbooks/switch2osm/recipes/default.rb b/cookbooks/switch2osm/recipes/default.rb
index 5e2234f73..bb8eedd9b 100644
--- a/cookbooks/switch2osm/recipes/default.rb
+++ b/cookbooks/switch2osm/recipes/default.rb
@@ -39,43 +39,43 @@ end
wordpress_plugin "switch2osm.org-sitepress-multilingual-cms" do
plugin "sitepress-multilingual-cms"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/sitepress-multilingual-cms.git"
+ repository "https://git.openstreetmap.org/private/sitepress-multilingual-cms.git"
end
wordpress_plugin "switch2osm.org-wpml-cms-nav" do
plugin "wpml-cms-nav"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/wpml-cms-nav.git"
+ repository "https://git.openstreetmap.org/private/wpml-cms-nav.git"
end
wordpress_plugin "switch2osm.org-wpml-sticky-links" do
plugin "wpml-sticky-links"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/wpml-sticky-links.git"
+ repository "https://git.openstreetmap.org/private/wpml-sticky-links.git"
end
wordpress_plugin "switch2osm.org-wpml-string-translation" do
plugin "wpml-string-translation"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/wpml-string-translation.git"
+ repository "https://git.openstreetmap.org/private/wpml-string-translation.git"
end
wordpress_plugin "switch2osm.org-wpml-translation-analytics" do
plugin "wpml-translation-analytics"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/wpml-translation-analytics.git"
+ repository "https://git.openstreetmap.org/private/wpml-translation-analytics.git"
end
wordpress_plugin "switch2osm.org-wpml-translation-management" do
plugin "wpml-translation-management"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/wpml-translation-management.git"
+ repository "https://git.openstreetmap.org/private/wpml-translation-management.git"
end
wordpress_plugin "switch2osm.org-wpml-xliff" do
plugin "wpml-xliff"
site "switch2osm.org"
- repository "git://chef.openstreetmap.org/wpml-xliff.git"
+ repository "https://git.openstreetmap.org/private/wpml-xliff.git"
end
template "/etc/cron.daily/switch2osm-backup" do
diff --git a/cookbooks/taginfo/attributes/default.rb b/cookbooks/taginfo/attributes/default.rb
index 487e6d378..c7098b77b 100644
--- a/cookbooks/taginfo/attributes/default.rb
+++ b/cookbooks/taginfo/attributes/default.rb
@@ -1 +1 @@
-default[:osqa][:sites] = []
+default[:taginfo][:sites] = []
diff --git a/cookbooks/taginfo/recipes/default.rb b/cookbooks/taginfo/recipes/default.rb
index 2fbbc96af..98a45e378 100644
--- a/cookbooks/taginfo/recipes/default.rb
+++ b/cookbooks/taginfo/recipes/default.rb
@@ -30,7 +30,7 @@ package %w[
libboost-dev
libexpat1-dev
libsparsehash-dev
- libgd2-xpm-dev
+ libgd-dev
libicu-dev
libboost-program-options-dev
cmake
@@ -85,6 +85,7 @@ end
node[:taginfo][:sites].each do |site|
site_name = site[:name]
+ site_aliases = Array(site[:aliases])
directory = site[:directory] || "/srv/#{site_name}"
description = site[:description]
about = site[:about]
@@ -238,12 +239,13 @@ node[:taginfo][:sites].each do |site|
end
ssl_certificate site_name do
- domains site_name
+ domains [site_name] + site_aliases
notifies :reload, "service[apache2]"
end
apache_site site_name do
template "apache.erb"
directory "#{directory}/taginfo/web/public"
+ variables :aliases => site_aliases
end
end
diff --git a/cookbooks/taginfo/templates/default/apache.erb b/cookbooks/taginfo/templates/default/apache.erb
index 3ae9fed71..82fef8b37 100644
--- a/cookbooks/taginfo/templates/default/apache.erb
+++ b/cookbooks/taginfo/templates/default/apache.erb
@@ -24,9 +24,31 @@
Header setifempty Access-Control-Allow-Origin *
+<% unless @aliases.empty? -%>
+
+
+ ServerName <%= @aliases.first %>
+<% @aliases.drop(1).each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
+ ServerAdmin webmaster@openstreetmap.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+ CustomLog /var/log/apache2/<%= @name %>-access.log combined
+ ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+ RedirectPermanent / https://<%= @name %>/
+
+<% end -%>
ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+ ServerAlias <%= alias_name %>
+<% end -%>
ServerAdmin webmaster@openstreetmap.org
CustomLog /var/log/apache2/<%= @name %>-access.log combined
diff --git a/cookbooks/tilecache/recipes/default.rb b/cookbooks/tilecache/recipes/default.rb
index 0d94bcfd2..5c1cdba3c 100644
--- a/cookbooks/tilecache/recipes/default.rb
+++ b/cookbooks/tilecache/recipes/default.rb
@@ -117,8 +117,8 @@ ssl_certificate "tile.openstreetmap.org" do
notifies :restart, "service[nginx]"
end
-nginx_site "tile-ssl" do
- template "nginx_tile_ssl.conf.erb"
+nginx_site "tile" do
+ template "nginx_tile.conf.erb"
variables :caches => tilecaches
end
diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
similarity index 90%
rename from cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
rename to cookbooks/tilecache/templates/default/nginx_tile.conf.erb
index ac62a3775..95d7b8b8c 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
@@ -2,14 +2,6 @@
upstream tile_cache_backend {
server 127.0.0.1;
- <% @caches.each do |cache| -%>
- <% if cache[:hostname] != node[:hostname] -%>
- #Server <%= cache[:hostname] %>
- <% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
- server <%= address %> backup;
- <% end -%>
- <% end -%>
- <% end -%>
keepalive 32;
}
@@ -61,6 +53,8 @@ server {
proxy_connect_timeout 5s;
+ # Preserve host header.
+ proxy_set_header Host $host;
# Do not pass cookies to backends.
proxy_set_header Cookie '';
# Do not pass Accept-Encoding to backends.
diff --git a/cookbooks/tilecache/templates/default/squid.conf.erb b/cookbooks/tilecache/templates/default/squid.conf.erb
index 8c2adc7c1..6c03797d1 100644
--- a/cookbooks/tilecache/templates/default/squid.conf.erb
+++ b/cookbooks/tilecache/templates/default/squid.conf.erb
@@ -1,4 +1,5 @@
-acl osmtile_sites dstdomain a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tile.openstreetmap.org a.tile.osm.org b.tile.osm.org c.tile.osm.org tile.osm.org
+acl osmtile_thishost dstdomain <%= node[:fqdn] %>
+acl osmtile_sites dstdomain <%= node[:fqdn] %> a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tile.openstreetmap.org a.tile.osm.org b.tile.osm.org c.tile.osm.org tile.osm.org
acl osmtiles_png urlpath_regex .png$
acl osmtileScrapers browser ^$
@@ -98,9 +99,19 @@ http_access allow osmtile_sites requestMethodGet
acl osmtile_nocache_url urlpath_regex \.png/(status|dirty)$
cache deny osmtile_sites osmtile_nocache_url
+<% @caches.each do |cache| -%>
+<% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
+acl tile_caches src <%= address %>
+<% end -%>
+<% end -%>
+
+<% if node[:squid][:version] == "2" -%>
+#Siblings
<% node[:tilecache][:tile_siblings].each do |sibling| -%>
cache_peer <%= sibling %> sibling 3128 3130 weight=1500
<% end -%>
+<% end -%>
+
#Primary Parent
cache_peer <%= node[:tilecache][:tile_parent] %> parent 443 0 no-query originserver name=osmtileAccel login=PASS connect-timeout=120 no-digest weight=1000 ssl ssldomain=render.openstreetmap.org
cache_peer_access osmtileAccel allow osmtile_sites
@@ -117,7 +128,6 @@ acl pool_unlimited src 127.0.0.1
<% @caches.each do |cache| -%>
<% cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address| -%>
acl pool_unlimited src <%= address %>
-acl tile_caches src <%= address %>
<% end -%>
<% end -%>
diff --git a/cookbooks/tools/recipes/default.rb b/cookbooks/tools/recipes/default.rb
index b0dc2bb9c..a8afec012 100644
--- a/cookbooks/tools/recipes/default.rb
+++ b/cookbooks/tools/recipes/default.rb
@@ -32,12 +32,15 @@ package %w[
usbutils
numactl
xfsprogs
- sysv-rc-conf
iotop
lvm2
rsyslog
]
+if node[:lsb][:release].to_f < 18.04
+ package "sysv-rc-conf"
+end
+
service "rsyslog" do
action [:enable, :start]
supports :status => true, :restart => true, :reload => true
diff --git a/cookbooks/trac/templates/default/trac.ini.erb b/cookbooks/trac/templates/default/trac.ini.erb
index f2831e297..3cff049be 100644
--- a/cookbooks/trac/templates/default/trac.ini.erb
+++ b/cookbooks/trac/templates/default/trac.ini.erb
@@ -120,7 +120,7 @@ subversion.hidden = true
<%= File.basename(repository, ".git") %>.dir = <%= repository %>
<%= File.basename(repository, ".git") %>.description = <%= IO.read("#{repository}/description").strip %>
<%= File.basename(repository, ".git") %>.type = git
-<%= File.basename(repository, ".git") %>.url = git://git.openstreetmap.org/<%= File.basename(repository) %>
+<%= File.basename(repository, ".git") %>.url = https://git.openstreetmap.org/public/<%= File.basename(repository) %>
<% end -%>
.alias = subversion
diff --git a/cookbooks/web/recipes/gpx.rb b/cookbooks/web/recipes/gpx.rb
index 4c1b87cb6..42011ee0a 100644
--- a/cookbooks/web/recipes/gpx.rb
+++ b/cookbooks/web/recipes/gpx.rb
@@ -48,7 +48,7 @@ end
git gpx_directory do
action :sync
- repository "git://git.openstreetmap.org/gpx-import.git"
+ repository "https://git.openstreetmap.org/public/gpx-import.git"
revision "live"
user "rails"
group "rails"
diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb
index ab6c4e7f2..ea9a58c4e 100644
--- a/cookbooks/web/recipes/rails.rb
+++ b/cookbooks/web/recipes/rails.rb
@@ -56,7 +56,7 @@ rails_port "www.openstreetmap.org" do
directory rails_directory
user "rails"
group "rails"
- repository "git://git.openstreetmap.org/rails.git"
+ repository "https://git.openstreetmap.org/public/rails.git"
revision "live"
database_host node[:web][:database_host]
database_name "openstreetmap"
diff --git a/cookbooks/web/resources/rails_port.rb b/cookbooks/web/resources/rails_port.rb
index 1c95dd8dc..3c57a98d3 100644
--- a/cookbooks/web/resources/rails_port.rb
+++ b/cookbooks/web/resources/rails_port.rb
@@ -28,7 +28,7 @@ property :ruby, String, :default => "2.3"
property :directory, String
property :user, String
property :group, String
-property :repository, String, :default => "git://git.openstreetmap.org/rails.git"
+property :repository, String, :default => "https://git.openstreetmap.org/public/rails.git"
property :revision, String, :default => "live"
property :run_migrations, [TrueClass, FalseClass], :default => false
property :email_from, String, :default => "OpenStreetMap "
@@ -338,29 +338,6 @@ action :create do
action :nothing
end
- execute "#{rails_directory}/lib/quad_tile/extconf.rb" do
- command "ruby extconf.rb"
- cwd "#{rails_directory}/lib/quad_tile"
- user new_resource.user
- group new_resource.group
- not_if do
- ::File.exist?("#{rails_directory}/lib/quad_tile/quad_tile_so.so") &&
- ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= ::File.mtime("#{rails_directory}/lib/quad_tile/extconf.rb") &&
- ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.c") &&
- ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile_so.so") >= ::File.mtime("#{rails_directory}/lib/quad_tile/quad_tile.h")
- end
- notifies :run, "execute[#{rails_directory}/lib/quad_tile/Makefile]"
- end
-
- execute "#{rails_directory}/lib/quad_tile/Makefile" do
- action :nothing
- command "make"
- cwd "#{rails_directory}/lib/quad_tile"
- user new_resource.user
- group new_resource.group
- notifies :run, "execute[#{rails_directory}]"
- end
-
execute rails_directory do
action :nothing
command "passenger-config restart-app --ignore-app-not-running #{rails_directory}"
diff --git a/cookbooks/wordpress/recipes/default.rb b/cookbooks/wordpress/recipes/default.rb
index 83082aa93..8a48e8863 100644
--- a/cookbooks/wordpress/recipes/default.rb
+++ b/cookbooks/wordpress/recipes/default.rb
@@ -26,7 +26,7 @@ package %w[
php-mysql
]
-apache_module "php7.0"
+apache_module "php7.2"
apache_module "rewrite"
fail2ban_filter "wordpress" do
diff --git a/cookbooks/xinetd/.foodcritic b/cookbooks/xinetd/.foodcritic
deleted file mode 100644
index 0c118ec61..000000000
--- a/cookbooks/xinetd/.foodcritic
+++ /dev/null
@@ -1,5 +0,0 @@
-~FC001
-~FC064
-~FC065
-~FC066
-~FC071
diff --git a/cookbooks/xinetd/README.md b/cookbooks/xinetd/README.md
deleted file mode 100644
index f2dfdc58c..000000000
--- a/cookbooks/xinetd/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# xinetd cookbook
-
-This cookbook installs and manages the
-[xinetd](https://en.wikipedia.org/wiki/Xinetd) service, which acts as
-an internet daemon.
diff --git a/cookbooks/xinetd/metadata.rb b/cookbooks/xinetd/metadata.rb
deleted file mode 100644
index 2b1e6e440..000000000
--- a/cookbooks/xinetd/metadata.rb
+++ /dev/null
@@ -1,8 +0,0 @@
-name "xinetd"
-maintainer "OpenStreetMap Administrators"
-maintainer_email "admins@openstreetmap.org"
-license "Apache-2.0"
-description "Configures xinetd"
-long_description IO.read(File.join(File.dirname(__FILE__), "README.md"))
-version "1.0.0"
-supports "ubuntu"
diff --git a/cookbooks/xinetd/recipes/default.rb b/cookbooks/xinetd/recipes/default.rb
deleted file mode 100644
index 5926fd90c..000000000
--- a/cookbooks/xinetd/recipes/default.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-#
-# Cookbook Name:: xinetd
-# Recipe:: default
-#
-# Copyright 2013, OpenStreetMap Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-package "xinetd"
-
-service "xinetd" do
- action [:enable, :start]
- supports :status => true, :reload => true, :restart => true
-end
diff --git a/cookbooks/yournavigation/recipes/default.rb b/cookbooks/yournavigation/recipes/default.rb
index 3dcf3d005..c3b249a5e 100644
--- a/cookbooks/yournavigation/recipes/default.rb
+++ b/cookbooks/yournavigation/recipes/default.rb
@@ -36,7 +36,7 @@ package %w[
subversion
libcurl4-gnutls-dev
libgps-dev
- libcurl3
+ libcurl4
buffer
git
cmake
@@ -46,4 +46,4 @@ package %w[
libicu-dev
]
-apache_module "php7.0"
+apache_module "php7.2"
diff --git a/roles/ascalon.rb b/roles/ascalon.rb
index 073bdcb2f..8bb55527c 100644
--- a/roles/ascalon.rb
+++ b/roles/ascalon.rb
@@ -15,8 +15,9 @@ default_attributes(
}
},
:squid => {
+ :version => "3",
:cache_mem => "16000 MB",
- :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ :cache_dir => "rock /store/squid/rock-01 128000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144"
},
:tilecache => {
:tile_parent => "montreal.render.openstreetmap.org",
diff --git a/roles/chef-repository.rb b/roles/chef-repository.rb
index d551353d0..511291426 100644
--- a/roles/chef-repository.rb
+++ b/roles/chef-repository.rb
@@ -25,7 +25,8 @@ default_attributes(
}
},
:chef => {
- :repository => "/var/lib/git/chef.git"
+ :public_repository => "/var/lib/git/public/chef.git",
+ :private_repository => "/var/lib/git/private/chef.git"
}
)
diff --git a/roles/culebre.rb b/roles/culebre.rb
index 954adeb78..99039aeb2 100644
--- a/roles/culebre.rb
+++ b/roles/culebre.rb
@@ -22,8 +22,9 @@ default_attributes(
}
},
:squid => {
+ :version => "3",
:cache_mem => "6100 MB",
- :cache_dir => "coss /store/squid/coss-01 80000 block-size=8192 max-size=262144 membufs=80"
+ :cache_dir => "rock /store/squid/rock-01 80000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144"
},
:tilecache => {
:tile_parent => "zaragoza.render.openstreetmap.org",
diff --git a/roles/dev.rb b/roles/dev.rb
index 2f09630ab..b66308426 100644
--- a/roles/dev.rb
+++ b/roles/dev.rb
@@ -101,7 +101,7 @@ default_attributes(
:dev => {
:rails => {
:master => {
- :repository => "git://git.openstreetmap.org/rails.git",
+ :repository => "https://git.openstreetmap.org/public/rails.git",
:revision => "master",
:aliases => ["api06.dev.openstreetmap.org"]
},
@@ -117,10 +117,6 @@ default_attributes(
:repository => "git://github.com/ukasiu/openstreetmap-website.git",
:revision => "comments_list"
},
- :moderation => {
- :repository => "git://github.com/gravitystorm/openstreetmap-website.git",
- :revision => "moderation"
- },
:locale => {
:repository => "git://github.com/tomhughes/openstreetmap-website.git",
:revision => "locale"
diff --git a/roles/dns.rb b/roles/dns.rb
index 7a5e5a46a..25ac17f00 100644
--- a/roles/dns.rb
+++ b/roles/dns.rb
@@ -3,7 +3,7 @@ description "Role applied to DNS management servers"
default_attributes(
:dns => {
- :repository => "/var/lib/git/dns.git"
+ :repository => "/var/lib/git/public/dns.git"
}
)
diff --git a/roles/git.rb b/roles/git.rb
index 09b95cbf1..31ad54036 100644
--- a/roles/git.rb
+++ b/roles/git.rb
@@ -4,6 +4,10 @@ description "Role applied to all git servers"
default_attributes(
:accounts => {
:users => {
+ :bretth => {
+ :status => :user,
+ :shell => "/usr/bin/git-shell"
+ },
:lonvia => {
:status => :user,
:shell => "/usr/bin/git-shell"
@@ -20,8 +24,7 @@ default_attributes(
},
:git => {
:host => "git.openstreetmap.org",
- :aliases => ["git.osm.org"],
- :backup => "git"
+ :aliases => ["git.osm.org"]
}
)
diff --git a/roles/gps-tile.rb b/roles/gps-tile.rb
index c699693ef..285d461de 100644
--- a/roles/gps-tile.rb
+++ b/roles/gps-tile.rb
@@ -10,6 +10,17 @@ default_attributes(
:members => [:enf, :tomh]
}
}
+ },
+ :apache => {
+ :mpm => "event",
+ :event => {
+ :server_limit => 20,
+ :max_request_workers => 1000,
+ :threads_per_child => 50,
+ :min_spare_threads => 50,
+ :max_spare_threads => 450,
+ :async_request_worker_factor => 4
+ }
}
)
diff --git a/roles/ironbelly.rb b/roles/ironbelly.rb
index ab306c6a2..38bc9edb8 100644
--- a/roles/ironbelly.rb
+++ b/roles/ironbelly.rb
@@ -22,12 +22,6 @@ default_attributes(
:data => "/store/elasticsearch"
}
},
- :git => {
- :allowed_nodes => "fqdn:*",
- :user => "chefrepo",
- :group => "chefrepo",
- :backup => "chef-git"
- },
:networking => {
:interfaces => {
:internal_ipv4 => {
@@ -126,8 +120,6 @@ default_attributes(
run_list(
"role[ic]",
"role[gateway]",
- "role[chef-server]",
- "role[chef-repository]",
"role[web-storage]",
"role[supybot]",
"role[backup]",
@@ -135,10 +127,7 @@ run_list(
"role[planet]",
"role[planetdump]",
"role[logstash]",
- "role[letsencrypt]",
"recipe[rsyncd]",
"recipe[openvpn]",
- "recipe[git::server]",
- "recipe[tilelog]",
- "recipe[serverinfo]"
+ "recipe[tilelog]"
)
diff --git a/roles/jakelong.rb b/roles/jakelong.rb
index abe8d31bb..91dd691b7 100644
--- a/roles/jakelong.rb
+++ b/roles/jakelong.rb
@@ -23,8 +23,9 @@ default_attributes(
}
},
:squid => {
- :cache_mem => "400 MB",
- :cache_dir => "coss /store/squid/coss-01 7500 block-size=8192 max-size=262144 membufs=30"
+ :version => 3,
+ :cache_mem => "350 MB",
+ :cache_dir => "rock /store/squid/rock-01 7500 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144"
},
:sysctl => {
:kvm => {
diff --git a/roles/odin.rb b/roles/odin.rb
index aa5700e32..ef9b02cd4 100644
--- a/roles/odin.rb
+++ b/roles/odin.rb
@@ -30,8 +30,9 @@ default_attributes(
}
},
:squid => {
+ :version => "3",
:cache_mem => "14000 MB",
- :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ :cache_dir => "rock /store/squid/rock-01 128000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144"
},
:tilecache => {
:tile_parent => "aalborg.render.openstreetmap.org",
diff --git a/roles/otrs.rb b/roles/otrs.rb
index 5e24b4df3..19d630771 100644
--- a/roles/otrs.rb
+++ b/roles/otrs.rb
@@ -46,13 +46,13 @@ default_attributes(
},
:otrs => {
:site => "otrs.openstreetmap.org",
- :database_cluster => "9.5/main",
+ :database_cluster => "10/main",
:database_name => "otrs",
:database_user => "otrs",
:database_password => "otrs"
},
:postgresql => {
- :versions => ["9.5"]
+ :versions => ["10"]
}
)
diff --git a/roles/ridgeback.rb b/roles/ridgeback.rb
index a19f77c07..5074bafdd 100644
--- a/roles/ridgeback.rb
+++ b/roles/ridgeback.rb
@@ -46,8 +46,9 @@ default_attributes(
}
},
:squid => {
+ :version => "3",
:cache_mem => "5500 MB",
- :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ :cache_dir => "rock /store/squid/rock-01 128000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144"
},
:tilecache => {
:tile_parent => "oslo.render.openstreetmap.org",
diff --git a/roles/sarel.rb b/roles/sarel.rb
index aab567bd8..b535374d7 100644
--- a/roles/sarel.rb
+++ b/roles/sarel.rb
@@ -2,6 +2,11 @@ name "sarel"
description "Master role applied to sarel"
default_attributes(
+ :git => {
+ :private_user => "chefrepo",
+ :private_group => "chefrepo",
+ :private_nodes => "fqdn:*"
+ },
:networking => {
:interfaces => {
:internal_ipv4 => {
@@ -23,5 +28,11 @@ default_attributes(
run_list(
"role[ucl]",
"role[hp-g5]",
- "role[yournavigation]"
+ "role[yournavigation]",
+ "role[chef-server]",
+ "role[chef-repository]",
+ "role[letsencrypt]",
+ "role[git]",
+ "role[dns]",
+ "recipe[serverinfo]"
)
diff --git a/roles/shenron.rb b/roles/shenron.rb
index 42d25d9d0..9009c0824 100644
--- a/roles/shenron.rb
+++ b/roles/shenron.rb
@@ -2,14 +2,6 @@ name "shenron"
description "Master role applied to shenron"
default_attributes(
- :accounts => {
- :users => {
- :bretth => {
- :status => :user,
- :shell => "/usr/bin/git-shell"
- }
- }
- },
:apache => {
:mpm => "event",
:event => {
@@ -69,14 +61,11 @@ run_list(
"role[bytemark]",
"role[mail]",
"role[lists]",
- "role[git]",
"role[subversion]",
"role[trac]",
"role[osqa]",
"role[irc]",
- "role[dns]",
"role[geodns]",
- "role[chef-repository]",
"recipe[blogs]",
"recipe[openvpn]"
)
diff --git a/roles/taginfo.rb b/roles/taginfo.rb
index 5697e2df5..d5ba812a9 100644
--- a/roles/taginfo.rb
+++ b/roles/taginfo.rb
@@ -28,6 +28,7 @@ default_attributes(
:sites => [
{
:name => "taginfo.openstreetmap.org",
+ :aliases => ["taginfo.osm.org"],
:description => "This is the main taginfo site. It contains OSM data for the whole planet and is updated daily.",
:about => "This site is run by the OSMF and maintained by Jochen Topf and the Sysadmin team.
Several other taginfo sites are operated by different people for different areas of the world.
",
:icon => "world",
diff --git a/roles/trogdor.rb b/roles/trogdor.rb
index 8119fc03c..f4fd327d1 100644
--- a/roles/trogdor.rb
+++ b/roles/trogdor.rb
@@ -26,8 +26,9 @@ default_attributes(
}
},
:squid => {
+ :version => "3",
:cache_mem => "6400 MB",
- :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80"
+ :cache_dir => "rock /store/squid/rock-01 128000 swap-timeout=300 max-swap-rate=50 slot-size=4096 max-size=262144"
},
:tilecache => {
:tile_parent => "amsterdam.render.openstreetmap.org",