]> git.openstreetmap.org Git - chef.git/blob - cookbooks/planet/recipes/replication.rb
palulukon: Allow access to AWS IP metadata NTP service
[chef.git] / cookbooks / planet / recipes / replication.rb
1 #
2 # Cookbook:: planet
3 # Recipe:: dump
4 #
5 # Copyright:: 2013, OpenStreetMap Foundation
6 #
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
10 #
11 #     https://www.apache.org/licenses/LICENSE-2.0
12 #
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
18 #
19
20 require "yaml"
21
22 include_recipe "accounts"
23 include_recipe "apt"
24 include_recipe "osmosis"
25 include_recipe "planet::aws"
26 include_recipe "ruby"
27 include_recipe "tools"
28
29 db_passwords = data_bag_item("db", "passwords")
30
31 ## Install required packages
32
33 package %w[
34   postgresql-client
35   ruby-libxml
36   make
37   gcc
38   libc6-dev
39   libpq-dev
40   osmdbt
41 ]
42
43 gem_package "pg" do
44   gem_binary node[:ruby][:gem]
45 end
46
47 ## Build preload library to flush files
48
49 remote_directory "/opt/flush" do
50   source "flush"
51   owner "root"
52   group "root"
53   mode "755"
54   files_owner "root"
55   files_group "root"
56   files_mode "755"
57 end
58
59 execute "/opt/flush/Makefile" do
60   action :nothing
61   command "make"
62   cwd "/opt/flush"
63   user "root"
64   group "root"
65   subscribes :run, "remote_directory[/opt/flush]"
66 end
67
68 ## Install scripts
69
70 remote_directory "/usr/local/bin" do
71   source "replication-bin"
72   owner "root"
73   group "root"
74   mode "755"
75   files_owner "root"
76   files_group "root"
77   files_mode "755"
78 end
79
80 template "/usr/local/bin/users-agreed" do
81   source "users-agreed.erb"
82   owner "root"
83   group "root"
84   mode "755"
85 end
86
87 template "/usr/local/bin/users-deleted" do
88   source "users-deleted.erb"
89   owner "root"
90   group "root"
91   mode "755"
92 end
93
94 ## Published deleted users directory
95
96 remote_directory "/store/planet/users_deleted" do
97   source "users_deleted"
98   owner "planet"
99   group "planet"
100   mode "755"
101   files_owner "root"
102   files_group "root"
103   files_mode "644"
104 end
105
106 ## Published replication directory
107
108 remote_directory "/store/planet/replication" do
109   source "replication-cgi"
110   owner "root"
111   group "root"
112   mode "755"
113   files_owner "root"
114   files_group "root"
115   files_mode "755"
116 end
117
118 ## Configuration directory
119
120 directory "/etc/replication" do
121   owner "root"
122   group "root"
123   mode "755"
124 end
125
126 ## Transient state directory
127
128 systemd_tmpfile "/run/replication" do
129   type "d"
130   owner "planet"
131   group "planet"
132   mode "755"
133 end
134
135 ## Persistent state directory
136
137 directory "/var/lib/replication" do
138   owner "planet"
139   group "planet"
140   mode "755"
141 end
142
143 ## Temporary directory
144
145 directory "/store/replication" do
146   owner "planet"
147   group "planet"
148   mode "755"
149 end
150
151 ## Users replication
152
153 template "/etc/replication/users-agreed.conf" do
154   source "users-agreed.conf.erb"
155   user "planet"
156   group "planet"
157   mode "600"
158   variables :password => db_passwords["planetdiff"]
159 end
160
161 systemd_service "users-agreed" do
162   description "Update list of users accepting CTs"
163   user "planet"
164   exec_start "/usr/local/bin/users-agreed"
165   nice 10
166   sandbox :enable_network => true
167   read_write_paths "/store/planet/users_agreed"
168 end
169
170 systemd_timer "users-agreed" do
171   description "Update list of users accepting CTs"
172   on_calendar "7:00"
173 end
174
175 systemd_service "users-deleted" do
176   description "Update list of deleted users"
177   user "planet"
178   exec_start "/usr/local/bin/users-deleted"
179   nice 10
180   sandbox :enable_network => true
181   read_write_paths "/store/planet/users_deleted"
182 end
183
184 systemd_timer "users-deleted" do
185   description "Update list of deleted users"
186   on_calendar "17:00"
187 end
188
189 ## Changeset replication
190
191 directory "/store/planet/replication/changesets" do
192   owner "planet"
193   group "planet"
194   mode "755"
195 end
196
197 template "/etc/replication/changesets.conf" do
198   source "changesets.conf.erb"
199   user "root"
200   group "planet"
201   mode "640"
202   variables :password => db_passwords["planetdiff"]
203 end
204
205 systemd_service "replication-changesets" do
206   description "Changesets replication"
207   user "planet"
208   exec_start "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf"
209   sandbox :enable_network => true
210   protect_home "tmpfs"
211   bind_paths "/home/planet"
212   read_write_paths [
213     "/run/replication",
214     "/store/planet/replication/changesets"
215   ]
216 end
217
218 systemd_timer "replication-changesets" do
219   description "Changesets replication"
220   on_boot_sec 60
221   on_unit_active_sec 60
222   accuracy_sec 5
223 end
224
225 ## Minutely replication
226
227 directory "/store/planet/replication/minute" do
228   owner "planet"
229   group "planet"
230   mode "755"
231 end
232
233 directory "/var/lib/replication/minute" do
234   owner "planet"
235   group "planet"
236   mode "755"
237 end
238
239 directory "/store/replication/minute" do
240   owner "planet"
241   group "planet"
242   mode "755"
243 end
244
245 osmdbt_config = {
246   "database" => {
247     "host" => node[:web][:database_host],
248     "dbname" => "openstreetmap",
249     "user" => "planetdiff",
250     "password" => db_passwords["planetdiff"],
251     "replication_slot" => "osmdbt"
252   },
253   "log_dir" => "/var/lib/replication/minute",
254   "changes_dir" => "/store/planet/replication/minute",
255   "tmp_dir" => "/store/replication/minute",
256   "run_dir" => "/run/replication"
257 }
258
259 file "/etc/replication/osmdbt-config.yaml" do
260   user "root"
261   group "planet"
262   mode "640"
263   content YAML.dump(osmdbt_config)
264 end
265
266 systemd_service "replication-minutely" do
267   description "Minutely replication"
268   user "planet"
269   working_directory "/etc/replication"
270   exec_start "/usr/local/bin/replicate-minute"
271   sandbox :enable_network => true
272   protect_home "tmpfs"
273   bind_paths "/home/planet"
274   read_write_paths [
275     "/run/replication",
276     "/store",
277     "/var/lib/replication/minute"
278   ]
279 end
280
281 systemd_timer "replication-minutely" do
282   description "Minutely replication"
283   on_boot_sec 60
284   on_unit_active_sec 60
285   accuracy_sec 5
286 end
287
288 ## Hourly replication
289
290 directory "/store/planet/replication/hour" do
291   owner "planet"
292   group "planet"
293   mode "755"
294 end
295
296 directory "/var/lib/replication/hour" do
297   owner "planet"
298   group "planet"
299   mode "755"
300 end
301
302 link "/var/lib/replication/hour/data" do
303   to "/store/planet/replication/hour"
304 end
305
306 template "/var/lib/replication/hour/configuration.txt" do
307   source "replication.config.erb"
308   owner "planet"
309   group "planet"
310   mode "644"
311   variables :base => "minute", :interval => 3600
312 end
313
314 systemd_service "replication-hourly" do
315   description "Hourly replication"
316   user "planet"
317   exec_start "/usr/local/bin/replicate-hour"
318   environment "LD_PRELOAD" => "/opt/flush/flush.so"
319   sandbox :enable_network => true
320   memory_deny_write_execute false
321   protect_home "tmpfs"
322   bind_paths "/home/planet"
323   read_write_paths [
324     "/store/planet/replication/hour",
325     "/var/lib/replication/hour"
326   ]
327 end
328
329 systemd_timer "replication-hourly" do
330   description "Hourly replication"
331   on_calendar "*-*-* *:02/15:00"
332 end
333
334 ## Daily replication
335
336 directory "/store/planet/replication/day" do
337   owner "planet"
338   group "planet"
339   mode "755"
340 end
341
342 directory "/var/lib/replication/day" do
343   owner "planet"
344   group "planet"
345   mode "755"
346 end
347
348 link "/var/lib/replication/day/data" do
349   to "/store/planet/replication/day"
350 end
351
352 template "/var/lib/replication/day/configuration.txt" do
353   source "replication.config.erb"
354   owner "planet"
355   group "planet"
356   mode "644"
357   variables :base => "hour", :interval => 86400
358 end
359
360 systemd_service "replication-daily" do
361   description "Daily replication"
362   user "planet"
363   exec_start "/usr/local/bin/replicate-day"
364   environment "LD_PRELOAD" => "/opt/flush/flush.so"
365   sandbox :enable_network => true
366   memory_deny_write_execute false
367   protect_home "tmpfs"
368   bind_paths "/home/planet"
369   read_write_paths [
370     "/store/planet/replication/day",
371     "/var/lib/replication/day"
372   ]
373 end
374
375 systemd_timer "replication-daily" do
376   description "Daily replication"
377   on_calendar "*-*-* *:02/15:00"
378 end
379
380 ## Replication cleanup
381
382 systemd_service "replication-cleanup" do
383   description "Cleanup replication"
384   user "planet"
385   exec_start "/usr/local/bin/replicate-cleanup"
386   sandbox true
387   read_write_paths "/var/lib/replication"
388 end
389
390 systemd_timer "replication-cleanup" do
391   description "Cleanup replication"
392   on_boot_sec 60
393   on_unit_active_sec 86400
394   accuracy_sec 1800
395 end
396
397 ## Enable/disable feeds
398
399 if node[:planet][:replication] == "enabled"
400   service "users-agreed.timer" do
401     action [:enable, :start]
402   end
403
404   service "users-deleted.timer" do
405     action [:enable, :start]
406   end
407
408   service "replication-changesets.timer" do
409     action [:enable, :start]
410   end
411
412   service "replication-minutely.timer" do
413     action [:enable, :start]
414   end
415
416   service "replication-hourly.timer" do
417     action [:enable, :start]
418   end
419
420   service "replication-daily.timer" do
421     action [:enable, :start]
422   end
423
424   service "replication-cleanup.timer" do
425     action [:enable, :start]
426   end
427 else
428   service "users-agreed.timer" do
429     action [:stop, :disable]
430   end
431
432   service "users-deleted.timer" do
433     action [:stop, :disable]
434   end
435
436   service "replication-changesets.timer" do
437     action [:stop, :disable]
438   end
439
440   service "replication-minutely.timer" do
441     action [:stop, :disable]
442   end
443
444   service "replication-hourly.timer" do
445     action [:stop, :disable]
446   end
447
448   service "replication-daily.timer" do
449     action [:stop, :disable]
450   end
451
452   service "replication-cleanup.timer" do
453     action [:stop, :disable]
454   end
455 end