From 4ea8957b0d3d55ed594aeab87faf25adffa05f2a Mon Sep 17 00:00:00 2001 From: Grant Slater Date: Tue, 10 Jun 2025 19:02:08 +0100 Subject: [PATCH] osqa: move to container on naga --- cookbooks/osqa/attributes/default.rb | 11 -- cookbooks/osqa/metadata.rb | 7 +- cookbooks/osqa/recipes/default.rb | 162 +----------------- cookbooks/osqa/templates/default/apache.erb | 97 ----------- .../osqa/templates/default/backup.cron.erb | 21 --- .../osqa/templates/default/osqa.wsgi.erb | 11 -- roles/naga.rb | 3 +- roles/osqa.rb | 10 -- roles/shenron.rb | 3 +- 9 files changed, 8 insertions(+), 317 deletions(-) delete mode 100644 cookbooks/osqa/templates/default/apache.erb delete mode 100644 cookbooks/osqa/templates/default/backup.cron.erb delete mode 100644 cookbooks/osqa/templates/default/osqa.wsgi.erb diff --git a/cookbooks/osqa/attributes/default.rb b/cookbooks/osqa/attributes/default.rb index 394ac7085..e69de29bb 100644 --- a/cookbooks/osqa/attributes/default.rb +++ b/cookbooks/osqa/attributes/default.rb @@ -1,11 +0,0 @@ -default[:osqa][:user] = "osqa" -default[:osqa][:group] = nil -default[:osqa][:database_cluster] = "15/main" -default[:osqa][:database_name] = "osqa" -default[:osqa][:database_user] = "osqa" -default[:osqa][:database_password] = "" -default[:osqa][:sites] = [] - -default[:postgresql][:versions] |= ["15"] - -default[:accounts][:users][:osqa][:status] = :role diff --git a/cookbooks/osqa/metadata.rb b/cookbooks/osqa/metadata.rb index 6f47c773c..c4f05a0f8 100644 --- a/cookbooks/osqa/metadata.rb +++ b/cookbooks/osqa/metadata.rb @@ -6,9 +6,4 @@ description "Installs and configures OSQA" version "1.0.0" supports "ubuntu" -depends "accounts" -depends "apache" -depends "memcached" -depends "postgresql" -depends "python" -depends "tools" +depends "podman" diff --git a/cookbooks/osqa/recipes/default.rb b/cookbooks/osqa/recipes/default.rb index 4cbd677a6..93aaef272 100644 --- a/cookbooks/osqa/recipes/default.rb +++ b/cookbooks/osqa/recipes/default.rb @@ -17,163 +17,9 @@ # limitations under the License. # -include_recipe "accounts" -include_recipe "apache" -include_recipe "memcached" -include_recipe "postgresql" -include_recipe "python" -include_recipe "tools" +include_recipe "podman::apache" -package "python-dev" -package "libmysqlclient-dev" -package "libpq-dev" - -python_directory = "/opt/osqa-python" - -python_virtualenv python_directory do - interpreter "/usr/bin/python2" -end - -python_package "Django" do - python_virtualenv python_directory - version "1.6.11" -end - -python_package "Markdown" do - python_virtualenv python_directory - version "2.4" -end - -python_package "python-memcached" do - python_virtualenv python_directory - version "1.53" -end - -python_package "python-openid" do - python_virtualenv python_directory - version "2.2.5" -end - -python_package "psycopg2" do - python_virtualenv python_directory - version "2.7.6.1" -end - -python_package "South" do - python_virtualenv python_directory - version "0.7.6" -end - -python_package "html5lib" do - python_virtualenv python_directory - version "0.999" -end - -apache_module "rewrite" -apache_module "wsgi" - -node[:osqa][:sites].each do |site| - site_name = site[:name] - site_aliases = site[:aliases] || [] - directory = site[:directory] || "/srv/#{site_name}" - site_user = site[:user] || node[:osqa][:user] - site_user = Etc.getpwuid(site_user).name if site_user.is_a?(Integer) - site_group = site[:group] || node[:osqa][:group] || Etc.getpwnam(site_user).gid - site_group = Etc.getgrgid(site_group).name if site_group.is_a?(Integer) - database_cluster = site[:database_cluster] || node[:osqa][:database_cluster] - database_name = site[:database_name] || node[:osqa][:database_name] - database_user = site[:database_user] || node[:osqa][:database_user] - database_password = site[:database_user] || node[:osqa][:database_password] - backup_name = site[:backup] - - postgresql_user database_user do - cluster database_cluster - password database_password - end - - postgresql_database database_name do - cluster database_cluster - owner database_user - end - - ssl_certificate site_name do - domains [site_name] + site_aliases - notifies :reload, "service[apache2]" - end - - apache_site site_name do - template "apache.erb" - directory directory - variables :user => site_user, :group => site_group, :aliases => site_aliases, :python_home => python_directory - end - - directory directory do - owner site_user - group site_group - mode "755" - end - - execute "osqa-migrate" do - action :nothing - command "python manage.py migrate forum" - cwd "#{directory}/osqa" - user site_user - group site_group - notifies :reload, "service[apache2]" - end - - git "#{directory}/osqa" do - action :sync - repository "https://git.openstreetmap.org/public/osqa.git" - revision "live" - depth 1 - user site_user - group site_group - notifies :run, "execute[osqa-migrate]" - end - - directory "#{directory}/upfiles" do - user site_user - group site_group - mode "755" - end - - template "#{directory}/osqa/osqa.wsgi" do - source "osqa.wsgi.erb" - owner site_user - group site_group - mode "644" - variables :directory => directory - notifies :reload, "service[apache2]" - end - - settings = edit_file "#{directory}/osqa/settings_local.py.dist" do |line| - line.gsub!(/^( *)'ENGINE': '.*',/, "\\1'ENGINE': 'django.db.backends.postgresql_psycopg2',") - line.gsub!(/^( *)'NAME': '.*',/, "\\1'NAME': '#{database_name}',") - line.gsub!(/^( *)'USER': '.*',/, "\\1'USER': '#{database_user}',") - line.gsub!(/^( *)'PASSWORD': '.*',/, "\\1'PASSWORD': '#{database_password}',") - line.gsub!(/^ALLOWED_HOSTS = .*/, "ALLOWED_HOSTS = ('help.openstreetmap.org',)") - line.gsub!(/^CACHE_BACKEND = .*/, "CACHE_BACKEND = 'memcached://127.0.0.1:11211/'") - line.gsub!(%r{^APP_URL = 'http://'}, "APP_URL = 'https://#{site_name}'") - line.gsub!(%r{^TIME_ZONE = 'America/New_York'}, "TIME_ZONE = 'Europe/London'") - line.gsub!(/^DISABLED_MODULES = \[([^\]]+)\]/, "DISABLED_MODULES = [\\1, 'localauth', 'facebookauth', 'oauthauth', 'mysqlfulltext']") - - line - end - - file "#{directory}/osqa/settings_local.py" do - owner site_user - group site_group - mode "644" - content settings - notifies :reload, "service[apache2]" - end - - template "/etc/cron.daily/#{backup_name}-backup" do - source "backup.cron.erb" - owner "root" - group "root" - mode "755" - variables :name => backup_name, :directory => directory, :user => site_user, :database => database_name - end +podman_site "help.openstreetmap.org" do + image "ghcr.io/openstreetmap/help-website:latest" + aliases ["help.osm.org"] end diff --git a/cookbooks/osqa/templates/default/apache.erb b/cookbooks/osqa/templates/default/apache.erb deleted file mode 100644 index b1fe63e91..000000000 --- a/cookbooks/osqa/templates/default/apache.erb +++ /dev/null @@ -1,97 +0,0 @@ -# DO NOT EDIT - This file is being maintained by Chef - -WSGIDaemonProcess <%= @name %> user=<%= @user %> group=<%= @group %> processes=4 threads=8 restart-interval=3600 inactivity-timeout=600 graceful-timeout=60 maximum-requests=2000 python-home=<%= @python_home %> - - - ServerName <%= @name %> -<% @aliases.each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended - ErrorLog /var/log/apache2/<%= @name %>-error.log - - RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/ - RedirectPermanent / https://<%= @name %>/ - -<% unless @aliases.empty? -%> - - - ServerName <%= @aliases.first %> -<% @aliases.drop(1).each do |alias_name| -%> - ServerAlias <%= alias_name %> -<% end -%> - ServerAdmin webmaster@openstreetmap.org - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended - ErrorLog /var/log/apache2/<%= @name %>-error.log - - RedirectPermanent / https://<%= @name %>/ - -<% end -%> - - - ServerName <%= @name %> - ServerAdmin webmaster@openstreetmap.org - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key - - CustomLog /var/log/apache2/<%= @name %>-access.log combined_extended - ErrorLog /var/log/apache2/<%= @name %>-error.log - - DocumentRoot <%= @directory %>/osqa - - # Prevent abuse by an anonymous AI bot - RewriteEngine on - RewriteCond %{REQUEST_METHOD} ^(GET|HEAD)$ - RewriteCond %{REQUEST_URI} ^/questions/ [OR] - RewriteCond %{REQUEST_URI} ^/tags/ [OR] - RewriteCond %{REQUEST_URI} ^/users/ [OR] - RewriteCond %{REQUEST_URI} ^/vote/ - RewriteCond %{HTTP_REFERER} ^-?$ - RewriteCond %{HTTP_USER_AGENT} ((CriOS|Chrome)/[1-9][0-9]?\.0\.|Chrome/100\.0\.|Chrome/122\.0\.0\.0|(Firefox|FxiOS)/[1-6]?[0-9]\.|MSIE\ [5-9]\.0|Opera/[8-9]\.|Windows\ NT\ [3-5]\.|Version/[3-5]\.[0-1]) [NC] - RewriteRule ^ - [R=429,L] - - Alias /m/ <%= @directory %>/osqa/forum/skins/ - Alias /upfiles/ <%= @directory %>/upfiles/ - Alias /admin_media/ /usr/share/pyshared/django/contrib/admin/media/ - WSGIScriptAlias / <%= @directory %>/osqa/osqa.wsgi - - WSGIProcessGroup <%= @name %> - - # Site is now closed. Block access to login page and other pages. - - Require all denied - ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead." - - - Require all denied - ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead." - - - Require all denied - ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead." - - - Require all denied - ErrorDocument 403 "help.openstreetmap.org is closed. Use community.openstreetmap.org instead." - - RewriteEngine on - RewriteCond %{REQUEST_METHOD} POST - RewriteRule ^/questions - [F,NC] - - -/osqa> - Require all granted - - -/upfiles> - Require all granted - diff --git a/cookbooks/osqa/templates/default/backup.cron.erb b/cookbooks/osqa/templates/default/backup.cron.erb deleted file mode 100644 index 0307d6fe8..000000000 --- a/cookbooks/osqa/templates/default/backup.cron.erb +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - -# DO NOT EDIT - This file is being maintained by Chef - -export ZSTD_CLEVEL=11 -export ZSTD_NBTHREADS=0 - -T=$(mktemp -d -t -p /var/tmp osqa.XXXXXXXXXX) -D=$(date +%Y-%m-%d) -B="<%= @name %>-$D.tar.zst" - -mkdir "$T/<%= @name %>-$D" -chown "<%= @user %>" "$T" -chown "<%= @user %>" "$T/osqa-$D" -sudo -u "<%= @user %>" pg_dump --format=custom --file="$T/<%= @name %>-$D/osqa.dmp" "<%= @database %>" -ln -s "<%= @directory %>/upfiles" "$T/<%= @name %>-$D/upfiles" - -nice tar --create --dereference --directory="$T" "<%= @name %>-$D" | nice zstd --quiet --rsyncable -o "$T/$B" -nice rsync --preallocate --fuzzy "$T/$B" backup.openstreetmap.org::backup - -rm -rf "$T" diff --git a/cookbooks/osqa/templates/default/osqa.wsgi.erb b/cookbooks/osqa/templates/default/osqa.wsgi.erb deleted file mode 100644 index 04487d562..000000000 --- a/cookbooks/osqa/templates/default/osqa.wsgi.erb +++ /dev/null @@ -1,11 +0,0 @@ -# DO NOT EDIT - This file is being maintained by Chef - -import os -import sys -import django.core.handlers.wsgi - -sys.path.append('<%= @directory %>') -sys.path.append('<%= @directory %>/osqa') -os.environ['DJANGO_SETTINGS_MODULE'] = 'osqa.settings' - -application = django.core.handlers.wsgi.WSGIHandler() diff --git a/roles/naga.rb b/roles/naga.rb index 1bcf3c176..35cd932cb 100644 --- a/roles/naga.rb +++ b/roles/naga.rb @@ -48,5 +48,6 @@ run_list( "recipe[hot]", "recipe[ideditor]", "recipe[dmca]", - "role[otrs]" + "role[otrs]", + "role[osqa]" ) diff --git a/roles/osqa.rb b/roles/osqa.rb index 45a4cf04c..79af41bcf 100644 --- a/roles/osqa.rb +++ b/roles/osqa.rb @@ -1,16 +1,6 @@ name "osqa" description "Role applied to all OSQA servers" -default_attributes( - :osqa => { - :sites => [ - { :name => "help.openstreetmap.org", - :aliases => ["help.osm.org"], - :backup => "osqa" } - ] - } -) - run_list( "recipe[osqa]" ) diff --git a/roles/shenron.rb b/roles/shenron.rb index 7f9f36a1c..7b1def257 100644 --- a/roles/shenron.rb +++ b/roles/shenron.rb @@ -47,6 +47,5 @@ default_attributes( run_list( "role[bytemark]", - "role[lists]", - "role[osqa]" + "role[lists]" ) -- 2.39.5