From ee603acb6bce130b494f41fd79da3a36f79de017 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 9 Mar 2015 18:02:01 +0000 Subject: [PATCH] Switch to emergency frontend only setup --- cookbooks/web/recipes/frontend.rb | 25 +++++++++ cookbooks/web/recipes/rails.rb | 2 +- .../web/templates/default/apache.frontend.erb | 51 +++---------------- roles/db.rb | 3 +- roles/spike-01.rb | 7 --- roles/spike-02.rb | 7 --- roles/web-frontend.rb | 3 ++ 7 files changed, 37 insertions(+), 61 deletions(-) diff --git a/cookbooks/web/recipes/frontend.rb b/cookbooks/web/recipes/frontend.rb index f0508f8e8..4c50df668 100644 --- a/cookbooks/web/recipes/frontend.rb +++ b/cookbooks/web/recipes/frontend.rb @@ -17,8 +17,10 @@ # limitations under the License. # +include_recipe "memcached" include_recipe "apache::ssl" include_recipe "web::rails" +include_recipe "web::cgimap" web_passwords = data_bag_item("web", "passwords") @@ -26,6 +28,7 @@ apache_module "alias" apache_module "deflate" apache_module "expires" apache_module "headers" +apache_module "proxy_fcgi" apache_module "proxy_http" apache_module "proxy_balancer" apache_module "lbmethod_byrequests" @@ -63,3 +66,25 @@ end munin_plugin "api_waits_#{node[:hostname]}" do target "api_waits_" end + +node.set[:memcached][:ip_address] = node.external_ipaddress + +firewall_rule "accept-memcache-tcp" do + action :accept + family "inet" + source "ic" + dest "fw" + proto "tcp" + dest_ports "11211" + source_ports "1024:" +end + +firewall_rule "accept-memcache-udp" do + action :accept + family "inet" + source "ic" + dest "fw" + proto "udp" + dest_ports "11211" + source_ports "1024:" +end diff --git a/cookbooks/web/recipes/rails.rb b/cookbooks/web/recipes/rails.rb index 6616c49f0..29187b4e4 100644 --- a/cookbooks/web/recipes/rails.rb +++ b/cookbooks/web/recipes/rails.rb @@ -62,7 +62,7 @@ rails_port "www.openstreetmap.org" do gpx_dir "/store/rails/gpx" attachments_dir "/store/rails/attachments" log_path "#{node[:web][:log_directory]}/rails.log" - memcache_servers %w(rails1 rails2 rails3) + memcache_servers %w(193.63.75.99 193.63.75.100 193.63.75.103) potlatch2_key web_passwords["potlatch2_key"] id_key web_passwords["id_key"] oauth_key web_passwords["oauth_key"] diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb index ef06eeb83..ff0146325 100644 --- a/cookbooks/web/templates/default/apache.frontend.erb +++ b/cookbooks/web/templates/default/apache.frontend.erb @@ -145,36 +145,13 @@ Alias /attachments /store/rails/attachments # - # Preserve the host name when forwarding to the proxy + # Pass supported calls to cgimap # - ProxyPreserveHost on - - # - # Set a long timeout - changeset uploads can take a long time - # - ProxyTimeout 3600 - - # - # Allow all proxy requests - # - - Allow from all - - - # - # Pass some other API calls to the backends via a load balancer - # - ProxyPass /api/0.6/map balancer://backend/api/0.6/map - ProxyPass /api/0.6/tracepoints balancer://backend/api/0.6/tracepoints - ProxyPass /api/0.6/amf/read balancer://backend/api/0.6/amf/read - ProxyPass /api/0.6/swf/trackpoints balancer://backend/api/0.6/swf/trackpoints - ProxyPassMatch ^(/api/0\.6/changeset/[0-9]+/(upload|download))$ balancer://backend$1 - ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+)$ balancer://backend$1 - ProxyPassMatch ^(/api/0\.6/(node|way|relation)/[0-9]+/(full|history|search|ways))$ balancer://backend$1 - ProxyPass /api/0.6/nodes balancer://backend/api/0.6/nodes - ProxyPass /api/0.6/ways balancer://backend/api/0.6/ways - ProxyPass /api/0.6/relations balancer://backend/api/0.6/relations - ProxyPassMatch ^(/trace/[0-9]+/data(|/|.xml))$ balancer://backend$1 + RewriteRule ^/api/0\.6/map$ fcgi://127.0.0.1:8000$0 [P] + RewriteCond %{REQUEST_METHOD} ^(HEAD|GET)$ + RewriteRule ^/api/0\.6/(node|way|relation)/[0-9]+$ fcgi://127.0.0.1:8000$0 [P] + RewriteRule ^/api/0\.6/(way|relation)/[0-9]+/full$ fcgi://127.0.0.1:8000$0 [P] + RewriteRule ^/api/0\.6/(nodes|ways|relations)$ fcgi://127.0.0.1:8000$0 [P] # # Redirect trac and wiki requests to the right places @@ -187,22 +164,6 @@ # RedirectPermanent /images/osm_logo.png http://www.openstreetmap.org/assets/osm_logo.png RedirectPermanent /images/cc_button.png http://www.openstreetmap.org/assets/cc_button.png - - # - # Define a load balancer for the backends - # - - ProxySet lbmethod=bybusyness -<% if port == 443 -%> - BalancerMember https://rails1 disablereuse=on - BalancerMember https://rails2 disablereuse=on - BalancerMember https://rails3 disablereuse=on -<% else -%> - BalancerMember http://rails1 - BalancerMember http://rails2 - BalancerMember http://rails3 -<% end -%> - <% if port == 80 -%> # diff --git a/roles/db.rb b/roles/db.rb index 6fcb9bd67..e3df5d3d7 100644 --- a/roles/db.rb +++ b/roles/db.rb @@ -44,7 +44,8 @@ default_attributes( :checkpoint_completion_target => "0.8", :cpu_tuple_cost => "0.1", :late_authentication_rules => [ - { :address => "146.179.159.160/27" } + { :address => "146.179.159.160/27" }, + { :address => "193.63.75.96/27" } ] } } diff --git a/roles/spike-01.rb b/roles/spike-01.rb index 3b4622e91..335a81a6e 100644 --- a/roles/spike-01.rb +++ b/roles/spike-01.rb @@ -4,13 +4,6 @@ description "Master role applied to spike-01" default_attributes( :networking => { :interfaces => { - :internal_ipv4 => { - :interface => "eth0", - :role => :internal, - :family => :inet, - :address => "146.179.159.162", - :hwaddress => "00:1a:4b:a5:0f:ca" - }, :external_ipv4 => { :interface => "eth1", :role => :external, diff --git a/roles/spike-02.rb b/roles/spike-02.rb index d741f68be..05626dc5f 100644 --- a/roles/spike-02.rb +++ b/roles/spike-02.rb @@ -4,13 +4,6 @@ description "Master role applied to spike-02" default_attributes( :networking => { :interfaces => { - :internal_ipv4 => { - :interface => "eth0", - :role => :internal, - :family => :inet, - :address => "146.179.159.163", - :hwaddress => "00:1b:78:04:76:c0" - }, :external_ipv4 => { :interface => "eth1", :role => :external, diff --git a/roles/web-frontend.rb b/roles/web-frontend.rb index eab62f715..c08d7dc0c 100644 --- a/roles/web-frontend.rb +++ b/roles/web-frontend.rb @@ -13,6 +13,9 @@ default_attributes( :max_requests_per_child => 10000 } }, + :networking => { + :nameservers => ["193.63.75.107"] + }, :passenger => { :max_pool_size => 50 }, -- 2.43.2