From 6cfcfbe0138f1b11e9a62bd8193e729126f617ee Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 9 Mar 2015 19:36:13 +0000
Subject: [PATCH] Revert "Switch to emergency frontend only setup"

This reverts commit ee603acb6bce130b494f41fd79da3a36f79de017.
---
 cookbooks/web/recipes/frontend.rb             | 25 ---------
 cookbooks/web/recipes/rails.rb                |  2 +-
 .../web/templates/default/apache.frontend.erb | 51 ++++++++++++++++---
 roles/db.rb                                   |  3 +-
 roles/spike-01.rb                             |  7 +++
 roles/spike-02.rb                             |  7 +++
 roles/web-frontend.rb                         |  3 --
 7 files changed, 61 insertions(+), 37 deletions(-)

diff --git a/cookbooks/web/recipes/frontend.rb b/cookbooks/web/recipes/frontend.rb
index 4c50df668..f0508f8e8 100644
--- a/cookbooks/web/recipes/frontend.rb
+++ b/cookbooks/web/recipes/frontend.rb
@@ -17,10 +17,8 @@
 # limitations under the License.
 #
 
-include_recipe "memcached"
 include_recipe "apache::ssl"
 include_recipe "web::rails"
-include_recipe "web::cgimap"
 
 web_passwords = data_bag_item("web", "passwords")
 
@@ -28,7 +26,6 @@ apache_module "alias"
 apache_module "deflate"
 apache_module "expires"
 apache_module "headers"
-apache_module "proxy_fcgi"
 apache_module "proxy_http"
 apache_module "proxy_balancer"
 apache_module "lbmethod_byrequests"
@@ -66,25 +63,3 @@ end
 munin_plugin "api_waits_#{node[:hostname]}" do
   target "api_waits_"
 end
-
-node.set[:memcached][:ip_address] = node.external_ipaddress
-
-firewall_rule "accept-memcache-tcp" do
-  action :accept
-  family "inet"
-  source "ic"
-  dest "fw"
-  proto "tcp"
-  dest_ports "11211"
-  source_ports "1024:"
-end
-
-firewall_rule "accept-memcache-udp" do
-  action :accept
-  family "inet"
-  source "ic"
-  dest "fw"
-  proto "udp"
-  dest_ports "11211"
-  source_ports "1024:"
-end
diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb
index 29187b4e4..6616c49f0 100644
--- a/cookbooks/web/recipes/rails.rb
+++ b/cookbooks/web/recipes/rails.rb
@@ -62,7 +62,7 @@ rails_port "www.openstreetmap.org" do
   gpx_dir "/store/rails/gpx"
   attachments_dir "/store/rails/attachments"
   log_path "#{node[:web][:log_directory]}/rails.log"
-  memcache_servers %w(193.63.75.99 193.63.75.100 193.63.75.103)
+  memcache_servers %w(rails1 rails2 rails3)
   potlatch2_key web_passwords["potlatch2_key"]
   id_key web_passwords["id_key"]
   oauth_key web_passwords["oauth_key"]
diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index ff0146325..ef06eeb83 100644
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -145,13 +145,36 @@
   Alias /attachments /store/rails/attachments
 
   #
-  # Pass supported calls to cgimap
+  # Preserve the host name when forwarding to the proxy
   #
-  RewriteRule ^/api/0\.6/map$ fcgi://127.0.0.1:8000$0 [P]
-  RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$
-  RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+$ fcgi://127.0.0.1:8000$0 [P]
-  RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full$ fcgi://127.0.0.1:8000$0 [P]
-  RewriteRule ^/api/0\.6/(nodes|ways|relations)$ fcgi://127.0.0.1:8000$0 [P]
+  ProxyPreserveHost on
+
+  #
+  # Set a long timeout - changeset uploads can take a long time
+  #
+  ProxyTimeout 3600
+
+  #
+  # Allow all proxy requests
+  #
+  <Proxy *>
+    Allow from all
+  </Proxy>
+
+  #
+  # Pass some other API calls to the backends via a load balancer
+  #
+  ProxyPass /api/0.6/map balancer://backend/api/0.6/map
+  ProxyPass /api/0.6/tracepoints balancer://backend/api/0.6/tracepoints
+  ProxyPass /api/0.6/amf/read balancer://backend/api/0.6/amf/read
+  ProxyPass /api/0.6/swf/trackpoints balancer://backend/api/0.6/swf/trackpoints
+  ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/(upload|download))$ balancer://backend$1
+  ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+)$ balancer://backend$1
+  ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+/(full|history|search|ways))$ balancer://backend$1
+  ProxyPass /api/0.6/nodes balancer://backend/api/0.6/nodes
+  ProxyPass /api/0.6/ways balancer://backend/api/0.6/ways
+  ProxyPass /api/0.6/relations balancer://backend/api/0.6/relations
+  ProxyPassMatch ^(/trace/[0-9]+/data(|/|.xml))$ balancer://backend$1
 
   #
   # Redirect trac and wiki requests to the right places
@@ -164,6 +187,22 @@
   #
   RedirectPermanent /images/osm_logo.png http://www.openstreetmap.org/assets/osm_logo.png
   RedirectPermanent /images/cc_button.png http://www.openstreetmap.org/assets/cc_button.png
+
+  #
+  # Define a load balancer for the backends
+  #
+  <Proxy balancer://backend>
+    ProxySet lbmethod=bybusyness
+<% if port == 443 -%>
+    BalancerMember https://rails1 disablereuse=on
+    BalancerMember https://rails2 disablereuse=on
+    BalancerMember https://rails3 disablereuse=on
+<% else -%>
+    BalancerMember http://rails1
+    BalancerMember http://rails2
+    BalancerMember http://rails3
+<% end -%>
+  </Proxy>
 <% if port == 80 -%>
 
   #
diff --git a/roles/db.rb b/roles/db.rb
index e3df5d3d7..6fcb9bd67 100644
--- a/roles/db.rb
+++ b/roles/db.rb
@@ -44,8 +44,7 @@ default_attributes(
         :checkpoint_completion_target => "0.8",
         :cpu_tuple_cost => "0.1",
         :late_authentication_rules => [
-          { :address => "146.179.159.160/27" },
-          { :address => "193.63.75.96/27" }
+          { :address => "146.179.159.160/27" }
         ]
       }
     }
diff --git a/roles/spike-01.rb b/roles/spike-01.rb
index 335a81a6e..3b4622e91 100644
--- a/roles/spike-01.rb
+++ b/roles/spike-01.rb
@@ -4,6 +4,13 @@ description "Master role applied to spike-01"
 default_attributes(
   :networking => {
     :interfaces => {
+      :internal_ipv4 => {
+        :interface => "eth0",
+        :role => :internal,
+        :family => :inet,
+        :address => "146.179.159.162",
+        :hwaddress => "00:1a:4b:a5:0f:ca"
+      },
       :external_ipv4 => {
         :interface => "eth1",
         :role => :external,
diff --git a/roles/spike-02.rb b/roles/spike-02.rb
index 05626dc5f..d741f68be 100644
--- a/roles/spike-02.rb
+++ b/roles/spike-02.rb
@@ -4,6 +4,13 @@ description "Master role applied to spike-02"
 default_attributes(
   :networking => {
     :interfaces => {
+      :internal_ipv4 => {
+        :interface => "eth0",
+        :role => :internal,
+        :family => :inet,
+        :address => "146.179.159.163",
+        :hwaddress => "00:1b:78:04:76:c0"
+      },
       :external_ipv4 => {
         :interface => "eth1",
         :role => :external,
diff --git a/roles/web-frontend.rb b/roles/web-frontend.rb
index c08d7dc0c..eab62f715 100644
--- a/roles/web-frontend.rb
+++ b/roles/web-frontend.rb
@@ -13,9 +13,6 @@ default_attributes(
       :max_requests_per_child => 10000
     }
   },
-  :networking => {
-    :nameservers => ["193.63.75.107"]
-  },
   :passenger => {
     :max_pool_size => 50
   },
-- 
2.43.2