From b8a8aabcb8c98a61b0c712268eb0fc1ef1d56af7 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Wed, 1 Jan 2020 16:13:34 +0000
Subject: [PATCH] Use MaxMind PPA for geoipupdate and configure account
 credentials

---
 .rubocop.yml                                  |  3 ++
 cookbooks/apt/recipes/default.rb              |  5 ++
 cookbooks/geodns/metadata.rb                  |  1 +
 cookbooks/geodns/recipes/default.rb           | 10 +---
 cookbooks/geoipupdate/README.md               |  4 ++
 cookbooks/geoipupdate/attributes/default.rb   |  4 ++
 cookbooks/geoipupdate/metadata.rb             |  9 ++++
 cookbooks/geoipupdate/recipes/default.rb      | 46 +++++++++++++++++++
 .../templates/default/GeoIP.conf.erb          |  5 ++
 cookbooks/piwik/metadata.rb                   |  1 +
 cookbooks/piwik/recipes/default.rb            |  9 ++--
 11 files changed, 84 insertions(+), 13 deletions(-)
 create mode 100644 cookbooks/geoipupdate/README.md
 create mode 100644 cookbooks/geoipupdate/attributes/default.rb
 create mode 100644 cookbooks/geoipupdate/metadata.rb
 create mode 100644 cookbooks/geoipupdate/recipes/default.rb
 create mode 100644 cookbooks/geoipupdate/templates/default/GeoIP.conf.erb

diff --git a/.rubocop.yml b/.rubocop.yml
index 5db1a3104..12d060a1b 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -3,6 +3,9 @@ inherit_from: .rubocop_todo.yml
 AllCops:
   TargetRubyVersion: 2.3
 
+ChefModernize/IncludingAptDefaultRecipe:
+  Enabled: false
+
 Layout/ExtraSpacing:
   AllowForAlignment: true
 
diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb
index 9aa2f7a82..99558f9dd 100644
--- a/cookbooks/apt/recipes/default.rb
+++ b/cookbooks/apt/recipes/default.rb
@@ -73,6 +73,11 @@ apt_repository "ubuntugis-unstable" do
   uri "ppa:ubuntugis/ubuntugis-unstable"
 end
 
+apt_repository "maxmind" do
+  action repository_actions["maxmind"]
+  uri "ppa:maxmind/ppa"
+end
+
 apt_repository "openstreetmap" do
   action repository_actions["openstreetmap"]
   uri "ppa:osmadmins/ppa"
diff --git a/cookbooks/geodns/metadata.rb b/cookbooks/geodns/metadata.rb
index 4ce6925bb..4782ac035 100644
--- a/cookbooks/geodns/metadata.rb
+++ b/cookbooks/geodns/metadata.rb
@@ -6,4 +6,5 @@ description       "Installs and configures a geographic DNS server"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "geoipupdate"
 depends           "systemd"
diff --git a/cookbooks/geodns/recipes/default.rb b/cookbooks/geodns/recipes/default.rb
index f24f1b8de..813ac250c 100644
--- a/cookbooks/geodns/recipes/default.rb
+++ b/cookbooks/geodns/recipes/default.rb
@@ -17,18 +17,12 @@
 # limitations under the License.
 #
 
+include_recipe "geoipupdate"
+
 package %w[
-  geoipupdate
   gdnsd
 ]
 
-execute "geoipdate" do
-  command "geoipupdate"
-  user "root"
-  group "root"
-  not_if { ::File.exist?("/var/lib/GeoIP/GeoLite2-Country.mmdb") }
-end
-
 directory "/etc/gdnsd/config.d" do
   owner "nobody"
   group "nogroup"
diff --git a/cookbooks/geoipupdate/README.md b/cookbooks/geoipupdate/README.md
new file mode 100644
index 000000000..5eb996611
--- /dev/null
+++ b/cookbooks/geoipupdate/README.md
@@ -0,0 +1,4 @@
+# geoipupdate Cookbook
+
+This cookbook installs and configures geoipupdate, a tool to keep MaxMind
+GeoIP databases up to date.
diff --git a/cookbooks/geoipupdate/attributes/default.rb b/cookbooks/geoipupdate/attributes/default.rb
new file mode 100644
index 000000000..3165aa115
--- /dev/null
+++ b/cookbooks/geoipupdate/attributes/default.rb
@@ -0,0 +1,4 @@
+default[:geoipupdate][:account] = "149244"
+default[:geoipupdate][:editions] = %w[GeoLite2-ASN GeoLite2-City GeoLite2-Country]
+
+default[:apt][:sources] |= ["maxmind"]
diff --git a/cookbooks/geoipupdate/metadata.rb b/cookbooks/geoipupdate/metadata.rb
new file mode 100644
index 000000000..78d65c5fa
--- /dev/null
+++ b/cookbooks/geoipupdate/metadata.rb
@@ -0,0 +1,9 @@
+name              "geoipupdate"
+maintainer        "OpenStreetMap Administrators"
+maintainer_email  "admins@openstreetmap.org"
+license           "Apache-2.0"
+description       "Installs and configures geoipupdate"
+
+version           "1.0.0"
+supports          "ubuntu"
+depends           "apt"
diff --git a/cookbooks/geoipupdate/recipes/default.rb b/cookbooks/geoipupdate/recipes/default.rb
new file mode 100644
index 000000000..0c4a84c9c
--- /dev/null
+++ b/cookbooks/geoipupdate/recipes/default.rb
@@ -0,0 +1,46 @@
+#
+# Cookbook:: geoipdate
+# Recipe:: default
+#
+# Copyright:: 2020, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apt"
+
+license_keys = data_bag_item("geoipupdate", "license-keys")
+
+package "geoipupdate" do
+  action [:install, :upgrade]
+end
+
+template "/etc/GeoIP.conf" do
+  source "GeoIP.conf.erb"
+  owner "root"
+  group "root"
+  mode 0o644
+  variables :license_keys => license_keys
+end
+
+execute "geoipdate" do
+  command "geoipupdate"
+  user "root"
+  group "root"
+  not_if { node[:geoipupdate][:editions].all? { |edition| ::File.exist?("/usr/share/GeoIP/#{edition}.mmdb") } }
+end
+
+directory "/var/lib/GeoIP" do
+  action :delete
+  recursive true
+end
diff --git a/cookbooks/geoipupdate/templates/default/GeoIP.conf.erb b/cookbooks/geoipupdate/templates/default/GeoIP.conf.erb
new file mode 100644
index 000000000..9caa330ad
--- /dev/null
+++ b/cookbooks/geoipupdate/templates/default/GeoIP.conf.erb
@@ -0,0 +1,5 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+AccountID <%= node[:geoipupdate][:account] %>
+LicenseKey <%= @license_keys[node[:geoipupdate][:account]] %>
+EditionIDs <%= Array(node[:geoipupdate][:editions]).join(" ") %>
diff --git a/cookbooks/piwik/metadata.rb b/cookbooks/piwik/metadata.rb
index 1644aa90a..b0f20ff08 100644
--- a/cookbooks/piwik/metadata.rb
+++ b/cookbooks/piwik/metadata.rb
@@ -7,4 +7,5 @@ description       "Installs and configures Piwik"
 version           "1.0.0"
 supports          "ubuntu"
 depends           "apache"
+depends           "geoipupdate"
 depends           "mysql"
diff --git a/cookbooks/piwik/recipes/default.rb b/cookbooks/piwik/recipes/default.rb
index 2bd0b97a5..459712a0e 100644
--- a/cookbooks/piwik/recipes/default.rb
+++ b/cookbooks/piwik/recipes/default.rb
@@ -18,6 +18,7 @@
 #
 
 include_recipe "apache"
+include_recipe "geoipupdate"
 include_recipe "mysql"
 
 passwords = data_bag_item("piwik", "passwords")
@@ -31,8 +32,6 @@ package "php-gd"
 package "php-xml"
 package "php-apcu"
 
-package "geoipupdate"
-
 apache_module "expires"
 apache_module "php7.2"
 apache_module "rewrite"
@@ -89,15 +88,15 @@ directory "/opt/piwik-#{version}/piwik/tmp" do
 end
 
 link "/opt/piwik-#{version}/piwik/misc/GeoLite2-ASN.mmdb" do
-  to "/var/lib/GeoIP/GeoLite2-ASN.mmdb"
+  to "/usr/share/GeoIP/GeoLite2-ASN.mmdb"
 end
 
 link "/opt/piwik-#{version}/piwik/misc/GeoLite2-City.mmdb" do
-  to "/var/lib/GeoIP/GeoLite2-City.mmdb"
+  to "/usr/share/GeoIP/GeoLite2-City.mmdb"
 end
 
 link "/opt/piwik-#{version}/piwik/misc/GeoLite2-Country.mmdb" do
-  to "/var/lib/GeoIP/GeoLite2-Country.mmdb"
+  to "/usr/share/GeoIP/GeoLite2-Country.mmdb"
 end
 
 link "/srv/piwik.openstreetmap.org" do
-- 
2.43.2