From: Tom Hughes Date: Mon, 22 Dec 2014 14:38:59 +0000 (+0000) Subject: Merge branch 'planetdump-ng' X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/e9d337c2a49d120a8dcb508879d74f6bab5b84d9?hp=13486318d6eb1e632227cd01cf1f8df49a6743d7 Merge branch 'planetdump-ng' --- diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb index 1124f66d8..f7cbb2712 100644 --- a/cookbooks/apache/templates/default/ssl.erb +++ b/cookbooks/apache/templates/default/ssl.erb @@ -3,7 +3,7 @@ SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On -SSLCipherSuite aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5 +SSLCipherSuite <%= node[:ssl][:ciphers] -%> SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key diff --git a/cookbooks/foundation/recipes/wiki.rb b/cookbooks/foundation/recipes/wiki.rb index d732df807..f5347ee42 100644 --- a/cookbooks/foundation/recipes/wiki.rb +++ b/cookbooks/foundation/recipes/wiki.rb @@ -32,6 +32,7 @@ mediawiki_site "wiki.osmfoundation.org" do email_contact "webmaster@openstreetmap.org" email_sender "webmaster@openstreetmap.org" email_sender_name "OSMF Wiki" + private_accounts true end cookbook_file "/srv/wiki.osmfoundation.org/Wiki.png" do diff --git a/cookbooks/mediawiki/definitions/mediawiki_site.rb b/cookbooks/mediawiki/definitions/mediawiki_site.rb index e74c3ca26..3e427b249 100644 --- a/cookbooks/mediawiki/definitions/mediawiki_site.rb +++ b/cookbooks/mediawiki/definitions/mediawiki_site.rb @@ -54,6 +54,7 @@ define :mediawiki_site, :action => [ :create, :enable ] do :site_admin_user => "Admin", :site_admin_pw => params[:admin_password], :enable_ssl => params[:enable_ssl] || FALSE, + :private_accounts => params[:private_accounts] || FALSE, :private => params[:private] || FALSE } diff --git a/cookbooks/mediawiki/recipes/default.rb b/cookbooks/mediawiki/recipes/default.rb index d6d90caa1..5bc5b6ac1 100644 --- a/cookbooks/mediawiki/recipes/default.rb +++ b/cookbooks/mediawiki/recipes/default.rb @@ -45,5 +45,9 @@ package "poppler-utils" #Mediawiki backup package "xz-utils" +link "/etc/php5/apache2/conf.d/20-wikidiff2.ini" do + to "../../mods-available/wikidiff2.ini" +end + apache_module "php5" apache_module "rewrite" diff --git a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb index d03b78cf9..9f6ecb217 100644 --- a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb +++ b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb @@ -167,6 +167,12 @@ $wgGroupPermissions['bureaucrat']['deletelogentry'] = true; $wgGroupPermissions['bureaucrat']['deleterevision'] = true; $wgGroupPermissions['bureaucrat']['suppressrevision'] = true; $wgGroupPermissions['bureaucrat']['suppressionlog'] = true; + +<% if @mediawiki[:private_accounts] -%> +#Prevent new user registrations except by existing users +$wgGroupPermissions['*']['createaccount'] = false; +$wgGroupPermissions['user']['createaccount'] = true; +<% end -%> <% if @mediawiki[:private] -%> #Disable reading by anonymous users diff --git a/cookbooks/nominatim/recipes/default.rb b/cookbooks/nominatim/recipes/default.rb index 2f1f7463a..3490d91e1 100644 --- a/cookbooks/nominatim/recipes/default.rb +++ b/cookbooks/nominatim/recipes/default.rb @@ -254,6 +254,30 @@ munin_plugin "nominatim_throttled_ips" do target "#{source_directory}/munin/nominatim_throttled_ips" end +remote_file "#{source_directory}/data/wikipedia_article.sql.bin" do + action :create_if_missing + source "http://www.nominatim.org/data/wikipedia_article.sql.bin" + owner "nominatim" + group "nominatim" + mode 0644 +end + +remote_file "#{source_directory}/data/wikipedia_redirect.sql.bin" do + action :create_if_missing + source "http://www.nominatim.org/data/wikipedia_redirect.sql.bin" + owner "nominatim" + group "nominatim" + mode 0644 +end + +remote_file "#{source_directory}/data/gb_postcode_data.sql.gz" do + action :create_if_missing + source "http://www.nominatim.org/data/gb_postcode_data.sql.gz" + owner "nominatim" + group "nominatim" + mode 0644 +end + template "/usr/local/bin/backup-nominatim" do source "backup-nominatim.erb" owner "root" @@ -261,3 +285,10 @@ template "/usr/local/bin/backup-nominatim" do mode 0755 end +directory File.dirname(node[:nominatim][:flatnode_file]) do + owner "nominatim" + group "nominatim" + mode 0755 + recursive true +end + diff --git a/cookbooks/nominatim/templates/default/backup-nominatim.erb b/cookbooks/nominatim/templates/default/backup-nominatim.erb index 418195074..2e008ba42 100644 --- a/cookbooks/nominatim/templates/default/backup-nominatim.erb +++ b/cookbooks/nominatim/templates/default/backup-nominatim.erb @@ -12,7 +12,7 @@ D=`date +%Y-%m-%d` F=/tmp/nominatim-${D}.dmp -pg_dump --file=$F -F c -Z 9 -t 'country' -t file -t '*columns' -t 'import_polygon_*' -t import_status -t place_addressline -t placex -t search_name -t 'seq_*' -t word <%= node[:nominatim][:database][:dbname] %> +pg_dump --file=$F -F c -Z 9 -t file -t '*columns' -t 'import_polygon_*' -t import_status -t place_addressline -t placex -t search_name -t 'seq_*' -t word <%= node[:nominatim][:database][:dbname] %> export RSYNC_RSH="ssh -ax -c arcfour" rsync $F backup.openstreetmap.org::backup diff --git a/cookbooks/nominatim/templates/default/nominatim.erb b/cookbooks/nominatim/templates/default/nominatim.erb index 2aa56437f..57821994c 100644 --- a/cookbooks/nominatim/templates/default/nominatim.erb +++ b/cookbooks/nominatim/templates/default/nominatim.erb @@ -10,5 +10,11 @@ else @define('CONST_Postgresql_Version', '<%= @postgres_version %>'); @define('CONST_Postgis_Version', '<%= node[:nominatim][:database][:postgis] %>'); +@define('CONST_Osm2pgsql_Flatnode_File', '<%= node[:nominatim][:flatnode_file] %>'); + +<% node[:nominatim][:tablespaces].each do |part,name| -%> +@define('CONST_Tablespace_<%= part %>', '<%= name %>'); +<% end -%> + @define('CONST_Log_File', '/var/log/nominatim/query.log'); @define('CONST_Log_DB', false); diff --git a/cookbooks/ssl/attributes/default.rb b/cookbooks/ssl/attributes/default.rb index d7a4147a0..2804f6ea5 100644 --- a/cookbooks/ssl/attributes/default.rb +++ b/cookbooks/ssl/attributes/default.rb @@ -1 +1,2 @@ default[:ssl][:certificates] = [] +default[:ssl][:ciphers] = "aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5" diff --git a/cookbooks/tilecache/recipes/default.rb b/cookbooks/tilecache/recipes/default.rb index 37d10295f..1aad4b9ff 100644 --- a/cookbooks/tilecache/recipes/default.rb +++ b/cookbooks/tilecache/recipes/default.rb @@ -26,6 +26,10 @@ include_recipe "ssl" include_recipe "squid" include_recipe "nginx" +package "apache2" do + action :remove +end + package "xz-utils" tilecaches = search(:node, "roles:tilecache").sort_by { |n| n[:hostname] } diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb index 60059837b..20f94dcd7 100644 --- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb +++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb @@ -7,8 +7,8 @@ server { ssl_certificate /etc/ssl/certs/<%= @certificate %>.pem; ssl_certificate_key /etc/ssl/private/<%= @certificate %>.key; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3; - ssl_ciphers aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers <%= node[:ssl][:ciphers] -%>; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:30m; ssl_session_timeout 15m; diff --git a/roles/nominatim.rb b/roles/nominatim.rb index a98fd9f25..5ab242997 100644 --- a/roles/nominatim.rb +++ b/roles/nominatim.rb @@ -58,7 +58,19 @@ default_attributes( }, :nominatim => { :enabled => true, - :repository => "git://git.openstreetmap.org/nominatim.git" + :repository => "git://git.openstreetmap.org/nominatim.git", + :tablespaces => { + "Osm2pgsql_Data" => "aux", + "Osm2pgsql_Index" => "data", + "Place_Data" => "ssd2", + "Place_Index" => "ssd1", + "Address_Data" => "ssd2", + "Address_Index" => "ssd1", + "Search_Data" => "ssd1", + "Search_Index" => "ssd1", + "Aux_Data" => "aux", + "Aux_Index" => "aux", + } } ) diff --git a/roles/poldi.rb b/roles/poldi.rb index 94b2ea683..6b0b0100f 100644 --- a/roles/poldi.rb +++ b/roles/poldi.rb @@ -2,9 +2,6 @@ name "poldi" description "Master role applied to poldi" default_attributes( - :apt => { - :sources => [ "ubuntugis-stable", "ubuntugis-unstable" ] - }, :devices => { :areca_ld_tune => { :comment => "RAID arrays on areca", @@ -54,23 +51,25 @@ default_attributes( } }, :postgresql => { - :versions => [ "9.1" ], + :versions => [ "9.3" ], :settings => { :defaults => { - :shared_buffers => "24GB", + :shared_buffers => "10GB", :work_mem => "160MB", - :maintenance_work_mem => "10GB", + :maintenance_work_mem => "16GB", :random_page_cost => "1.5", - :effective_cache_size => "48GB" + :effective_cache_size => "48GB", + :fsync => "off" } } }, :nominatim => { :enabled => false, + :flatnode_file => "/ssd-old/nominatim/nodes.store", :database => { - :cluster => "9.1/main", + :cluster => "9.3/main", :dbname => "nominatim", - :postgis => "2.0" + :postgis => "2.1" }, :fpm_pools => { :www => { diff --git a/roles/pummelzacken.rb b/roles/pummelzacken.rb index ec99539cd..c63696e1d 100644 --- a/roles/pummelzacken.rb +++ b/roles/pummelzacken.rb @@ -33,6 +33,7 @@ default_attributes( }, :nominatim => { :enabled => true, + :flatnode_file => "/ssd/nominatim/nodes.store", :database => { :cluster => "9.3/main", :dbname => "nominatim", diff --git a/roles/stormfly-02.rb b/roles/stormfly-02.rb index c27b1d06a..9e97b4a67 100644 --- a/roles/stormfly-02.rb +++ b/roles/stormfly-02.rb @@ -11,10 +11,25 @@ default_attributes( :address => "140.211.167.105" } } + }, + :squid => { + :cache_mem => "32000 MB", + :cache_dir => "coss /store/squid/coss-01 128000 block-size=8192 max-size=262144 membufs=80" + }, + :tilecache => { + :tile_parent => "corvallis.render.openstreetmap.org", + :tile_siblings => [ + "nadder-01.openstreetmap.org", + "nadder-02.openstreetmap.org", + "jakelong.openstreetmap.org", + "nepomuk.openstreetmap.org", + "lurien.openstreetmap.org" + ] } ) run_list( "role[osuosl]", - "role[hp-g6]" + "role[hp-g6]", + "role[tilecache]" )