5 # Copyright:: 2011, OpenStreetMap Foundation
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # https://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
20 include_recipe "db::base"
22 passwords = data_bag_item("db", "passwords")
24 postgresql_user "tomh" do
25 cluster node[:db][:cluster]
29 postgresql_user "matt" do
30 cluster node[:db][:cluster]
34 postgresql_user "openstreetmap" do
35 cluster node[:db][:cluster]
36 password passwords["openstreetmap"]
39 postgresql_user "rails" do
40 cluster node[:db][:cluster]
41 password passwords["rails"]
44 postgresql_user "cgimap" do
45 cluster node[:db][:cluster]
46 password passwords["cgimap"]
49 postgresql_user "planetdump" do
50 cluster node[:db][:cluster]
51 password passwords["planetdump"]
54 postgresql_user "planetdiff" do
55 cluster node[:db][:cluster]
56 password passwords["planetdiff"]
60 postgresql_user "backup" do
61 cluster node[:db][:cluster]
62 password passwords["backup"]
65 postgresql_user "munin" do
66 cluster node[:db][:cluster]
67 password passwords["munin"]
70 postgresql_user "replication" do
71 cluster node[:db][:cluster]
72 password passwords["replication"]
76 postgresql_database "openstreetmap" do
77 cluster node[:db][:cluster]
81 postgresql_extension "btree_gist" do
82 cluster node[:db][:cluster]
83 database "openstreetmap"
84 only_if { node[:postgresql][:clusters][node[:db][:cluster]] && node[:postgresql][:clusters][node[:db][:cluster]][:version] >= 9.0 }
87 CGIMAP_PERMISSIONS = {
88 "changeset_comments" => [:select],
89 "changeset_tags" => [:select],
90 "changesets" => [:select, :update],
91 "client_applications" => [:select],
92 "current_node_tags" => [:select, :insert, :delete],
93 "current_nodes" => [:select, :insert, :update],
94 "current_nodes_id_seq" => [:update],
95 "current_relation_members" => [:select, :insert, :delete],
96 "current_relation_tags" => [:select, :insert, :delete],
97 "current_relations" => [:select, :insert, :update],
98 "current_relations_id_seq" => [:update],
99 "current_way_nodes" => [:select, :insert, :delete],
100 "current_way_tags" => [:select, :insert, :delete],
101 "current_ways" => [:select, :insert, :update],
102 "current_ways_id_seq" => [:update],
103 "issues" => [:select],
104 "node_tags" => [:select, :insert],
105 "nodes" => [:select, :insert],
106 "oauth_access_grants" => [:select],
107 "oauth_access_tokens" => [:select],
108 "oauth_applications" => [:select],
109 "oauth_nonces" => [:select, :insert],
110 "oauth_nonces_id_seq" => [:update],
111 "oauth_tokens" => [:select],
112 "relation_members" => [:select, :insert],
113 "relation_tags" => [:select, :insert],
114 "relations" => [:select, :insert],
115 "reports" => [:select],
116 "user_blocks" => [:select],
117 "user_roles" => [:select],
118 "users" => [:select],
119 "way_nodes" => [:select, :insert],
120 "way_tags" => [:select, :insert],
121 "ways" => [:select, :insert]
124 PLANETDUMP_PERMISSIONS = {
125 "note_comments" => :select,
130 PLANETDIFF_PERMISSIONS = {
131 "changeset_comments" => :select,
132 "changeset_tags" => :select,
133 "changesets" => :select,
134 "node_tags" => :select,
136 "relation_members" => :select,
137 "relation_tags" => :select,
138 "relations" => :select,
140 "way_nodes" => :select,
141 "way_tags" => :select,
145 PROMETHEUS_PERMISSIONS = {
146 "delayed_jobs" => :select
151 active_storage_attachments
153 active_storage_variant_records
158 changesets_subscribers
162 current_relation_members
163 current_relation_tags
171 diary_entry_subscriptions
188 oauth_openid_requests
206 postgresql_table table do
207 cluster node[:db][:cluster]
208 database "openstreetmap"
209 owner "openstreetmap"
210 permissions "openstreetmap" => [:all],
211 "rails" => [:select, :insert, :update, :delete],
212 "cgimap" => CGIMAP_PERMISSIONS[table],
213 "planetdump" => PLANETDUMP_PERMISSIONS[table],
214 "planetdiff" => PLANETDIFF_PERMISSIONS[table],
215 "prometheus" => PROMETHEUS_PERMISSIONS[table],
216 "backup" => [:select]
222 active_storage_attachments_id_seq
223 active_storage_blobs_id_seq
224 active_storage_variant_records_id_seq
225 changeset_comments_id_seq
227 client_applications_id_seq
229 current_relations_id_seq
232 diary_comments_id_seq
237 issue_comments_id_seq
242 oauth_access_grants_id_seq
243 oauth_access_tokens_id_seq
244 oauth_applications_id_seq
246 oauth_openid_requests_id_seq
256 postgresql_sequence sequence do
257 cluster node[:db][:cluster]
258 database "openstreetmap"
259 owner "openstreetmap"
260 permissions "openstreetmap" => [:all],
262 "cgimap" => CGIMAP_PERMISSIONS[sequence],
263 "backup" => [:select]
267 cookbook_file "/usr/local/share/monthly-reindex.sql" do
273 systemd_service "monthly-reindex" do
274 description "Monthly database reindex"
275 exec_start "/usr/bin/psql -f /usr/local/share/monthly-reindex.sql openstreetmap"
278 restrict_address_families "AF_UNIX"
282 systemd_timer "monthly-reindex" do
283 description "Monthly database reindex"
284 on_calendar "Sun *-*-1..7 02:00"
287 service "monthly-reindex.timer" do
288 action [:enable, :start]
291 cookbook_file "/usr/local/share/yearly-reindex.sql" do
297 systemd_service "yearly-reindex" do
298 description "Yearly database reindex"
299 exec_start "/usr/bin/psql -f /usr/local/share/yearly-reindex.sql openstreetmap"
302 restrict_address_families "AF_UNIX"
306 systemd_timer "yearly-reindex" do
307 description "Yearly database reindex"
308 on_calendar "Thu *-1-8..14 02:00"
311 service "yearly-reindex.timer" do
312 action [:enable, :start]
315 template "/etc/prometheus/exporters/sql_rails.collector.yml" do
316 source "sql_rails.yml.erb"