Add docker based welcome.openstreetmap.org

.github/workflows/test-kitchen.yml

@@ -43,6 +43,7 @@ jobs:
           - foundation-dwg
           - foundation-mwg
           - foundation-owg
+          - foundation-welcome
           - foundation-wiki
           - ftp
           - geodns

.kitchen.yml

@@ -139,6 +139,9 @@ suites:
   - name: foundation-owg
     run_list:
       - recipe[foundation::owg]
+  - name: foundation-welcome
+    run_list:
+      - recipe[foundation::welcome]
   - name: foundation-wiki
     run_list:
       - recipe[foundation::wiki]

cookbooks/foundation/metadata.rb

@@ -7,6 +7,7 @@
 version           "1.0.0"
 supports          "ubuntu"
 depends           "apache"
+depends           "docker"
 depends           "git"
 depends           "mediawiki"
 depends           "ruby"

cookbooks/foundation/recipes/welcome.rb

@@ -0,0 +1,66 @@
+#
+# Cookbook:: foundation
+# Recipe:: welcome
+#
+# Copyright:: 2023, OpenStreetMap Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "apache"
+include_recipe "docker"
+
+docker_external_port = 8090
+docker_image = "ghcr.io/osmfoundation/welcome-mat:latest"
+
+systemd_service "docker_welcome-mat" do
+  description "Docker service for welcome.openstreetmap.org"
+  requires "docker.service"
+  # Ensure Container is completely stopped and removed before starting it again
+  exec_start_pre [
+    "-/usr/bin/docker kill welcome-mat",
+    "-/usr/bin/docker rm welcome-mat"
+  ]
+  exec_start "/usr/bin/docker run --rm --name=welcome-mat --user 33:33 -p #{docker_external_port}:8080 #{docker_image}"
+  # Ensure Container is completely stopped and removed
+  exec_stop [
+    "-/usr/bin/docker kill welcome-mat",
+    "-/usr/bin/docker rm welcome-mat"
+  ]
+  restart "always"
+end
+
+# FIXME: this should be a docker_image resource
+# The image pull is handled by the service but container test will fail if the container startup is delayed by slow pull
+execute "docker_pull_welcome_mat" do
+  command "/usr/bin/docker pull #{docker_image}"
+  action :nothing
+  subscribes :run, "systemd_service[docker_welcome-mat]"
+end
+
+service "docker_welcome-mat" do
+  action [:enable, :start]
+  subscribes :restart, "systemd_service[docker_welcome-mat]"
+end
+
+ssl_certificate "welcome.openstreetmap.org" do
+  domains ["welcome.openstreetmap.org", "welcome.osm.org"]
+  notifies :reload, "service[apache2]"
+end
+
+apache_module "proxy_http"
+
+apache_site "welcome.openstreetmap.org" do
+  template "apache.welcome.erb"
+  variables :docker_external_port => docker_external_port, :aliases => ["welcome.osm.org"]
+end

cookbooks/foundation/templates/default/apache.welcome.erb

@@ -0,0 +1,38 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+<VirtualHost *:443>
+   ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+   ServerAlias <%= alias_name %>
+<% end -%>
+   ServerAdmin [email protected]
+
+   CustomLog /var/log/apache2/<%= @name %>-access.log combined
+   ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+   SSLEngine on
+   SSLCertificateFile /etc/ssl/certs/<%= @name %>.pem
+   SSLCertificateKeyFile /etc/ssl/private/<%= @name %>.key
+
+   # Let the backend know we are using HTTPS
+   RequestHeader set X-Forwarded-Proto “https”
+   RequestHeader set X-Forwarded-Port “443”
+
+   ProxyPass / http://localhost:<%= @docker_external_port %>/
+   ProxyPreserveHost on
+
+</VirtualHost>
+
+<VirtualHost *:80>
+   ServerName <%= @name %>
+<% @aliases.each do |alias_name| -%>
+   ServerAlias <%= alias_name %>
+<% end -%>
+   ServerAdmin [email protected]
+
+   CustomLog /var/log/apache2/<%= @name %>-access.log combined
+   ErrorLog /var/log/apache2/<%= @name %>-error.log
+
+   RedirectPermanent /.well-known/acme-challenge/ http://acme.openstreetmap.org/.well-known/acme-challenge/
+   RedirectPermanent / https://<%= @name %>/
+</VirtualHost>

test/integration/foundation-welcome/serverspec/apache_spec.rb

@@ -0,0 +1,21 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("apache2") do
+  it { should be_installed }
+end
+
+describe service("apache2") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+describe port(80) do
+  it { should be_listening.with("tcp") }
+end
+
+describe port(443) do
+  it { should be_listening.with("tcp") }
+end

test/integration/foundation-welcome/serverspec/docker_spec.rb

@@ -0,0 +1,18 @@
+require "serverspec"
+
+# Required by serverspec
+set :backend, :exec
+
+describe package("docker-ce") do
+  it { should be_installed }
+end
+
+describe service("docker") do
+  it { should be_enabled }
+  it { should be_running }
+end
+
+describe docker_container("welcome-mat") do
+  it { should exist }
+  it { should be_running }
+end