]> git.openstreetmap.org Git - chef.git/blob - cookbooks/db/recipes/master.rb
dev: Add podman and eatmydata
[chef.git] / cookbooks / db / recipes / master.rb
1 #
2 # Cookbook:: db
3 # Recipe:: master
4 #
5 # Copyright:: 2011, OpenStreetMap Foundation
6 #
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
10 #
11 #     https://www.apache.org/licenses/LICENSE-2.0
12 #
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
18 #
19
20 include_recipe "db::base"
21
22 passwords = data_bag_item("db", "passwords")
23
24 postgresql_user "tomh" do
25   cluster node[:db][:cluster]
26   superuser true
27 end
28
29 postgresql_user "matt" do
30   cluster node[:db][:cluster]
31   superuser true
32 end
33
34 postgresql_user "openstreetmap" do
35   cluster node[:db][:cluster]
36   password passwords["openstreetmap"]
37 end
38
39 postgresql_user "rails" do
40   cluster node[:db][:cluster]
41   password passwords["rails"]
42 end
43
44 postgresql_user "cgimap" do
45   cluster node[:db][:cluster]
46   password passwords["cgimap"]
47 end
48
49 postgresql_user "planetdump" do
50   cluster node[:db][:cluster]
51   password passwords["planetdump"]
52 end
53
54 postgresql_user "planetdiff" do
55   cluster node[:db][:cluster]
56   password passwords["planetdiff"]
57   replication true
58 end
59
60 postgresql_user "backup" do
61   cluster node[:db][:cluster]
62   password passwords["backup"]
63 end
64
65 postgresql_user "replication" do
66   cluster node[:db][:cluster]
67   password passwords["replication"]
68   replication true
69 end
70
71 postgresql_database "openstreetmap" do
72   cluster node[:db][:cluster]
73   owner "openstreetmap"
74 end
75
76 postgresql_extension "btree_gist" do
77   cluster node[:db][:cluster]
78   database "openstreetmap"
79   only_if { node[:postgresql][:clusters][node[:db][:cluster]] && node[:postgresql][:clusters][node[:db][:cluster]][:version] >= 9.0 }
80 end
81
82 CGIMAP_PERMISSIONS = {
83   "changeset_comments" => [:select],
84   "changeset_tags" => [:select],
85   "changesets" => [:select, :update],
86   "current_node_tags" => [:select, :insert, :delete],
87   "current_nodes" => [:select, :insert, :update],
88   "current_nodes_id_seq" => [:update],
89   "current_relation_members" => [:select, :insert, :delete],
90   "current_relation_tags" => [:select, :insert, :delete],
91   "current_relations" => [:select, :insert, :update],
92   "current_relations_id_seq" => [:update],
93   "current_way_nodes" => [:select, :insert, :delete],
94   "current_way_tags" => [:select, :insert, :delete],
95   "current_ways" => [:select, :insert, :update],
96   "current_ways_id_seq" => [:update],
97   "issues" => [:select],
98   "node_tags" => [:select, :insert],
99   "nodes" => [:select, :insert],
100   "oauth_access_grants" => [:select],
101   "oauth_access_tokens" => [:select],
102   "oauth_applications" => [:select],
103   "relation_members" => [:select, :insert],
104   "relation_tags" => [:select, :insert],
105   "relations" => [:select, :insert],
106   "reports" => [:select],
107   "user_blocks" => [:select],
108   "user_roles" => [:select],
109   "users" => [:select],
110   "way_nodes" => [:select, :insert],
111   "way_tags" => [:select, :insert],
112   "ways" => [:select, :insert]
113 }.freeze
114
115 PLANETDUMP_PERMISSIONS = {
116   "note_comments" => :select,
117   "notes" => :select,
118   "users" => :select
119 }.freeze
120
121 PLANETDIFF_PERMISSIONS = {
122   "changeset_comments" => :select,
123   "changeset_tags" => :select,
124   "changesets" => :select,
125   "node_tags" => :select,
126   "nodes" => :select,
127   "relation_members" => :select,
128   "relation_tags" => :select,
129   "relations" => :select,
130   "users" => :select,
131   "way_nodes" => :select,
132   "way_tags" => :select,
133   "ways" => :select
134 }.freeze
135
136 PROMETHEUS_PERMISSIONS = {
137   "delayed_jobs" => :select
138 }.freeze
139
140 %w[
141   acls
142   active_storage_attachments
143   active_storage_blobs
144   active_storage_variant_records
145   ar_internal_metadata
146   changeset_comments
147   changeset_tags
148   changesets
149   changesets_subscribers
150   current_node_tags
151   current_nodes
152   current_relation_members
153   current_relation_tags
154   current_relations
155   current_way_nodes
156   current_way_tags
157   current_ways
158   delayed_jobs
159   diary_comments
160   diary_entries
161   diary_entry_subscriptions
162   friends
163   gps_points
164   gpx_file_tags
165   gpx_files
166   issue_comments
167   issues
168   languages
169   messages
170   node_tags
171   nodes
172   note_comments
173   notes
174   oauth_access_grants
175   oauth_access_tokens
176   oauth_applications
177   oauth_openid_requests
178   redactions
179   relation_members
180   relation_tags
181   relations
182   reports
183   schema_migrations
184   user_blocks
185   user_mutes
186   user_preferences
187   user_roles
188   users
189   way_nodes
190   way_tags
191   ways
192 ].each do |table|
193   postgresql_table table do
194     cluster node[:db][:cluster]
195     database "openstreetmap"
196     owner "openstreetmap"
197     permissions "openstreetmap" => [:all],
198                 "rails" => [:select, :insert, :update, :delete],
199                 "cgimap" => CGIMAP_PERMISSIONS[table],
200                 "planetdump" => PLANETDUMP_PERMISSIONS[table],
201                 "planetdiff" => PLANETDIFF_PERMISSIONS[table],
202                 "prometheus" => PROMETHEUS_PERMISSIONS[table],
203                 "backup" => [:select]
204   end
205 end
206
207 %w[
208   acls_id_seq
209   active_storage_attachments_id_seq
210   active_storage_blobs_id_seq
211   active_storage_variant_records_id_seq
212   changeset_comments_id_seq
213   changesets_id_seq
214   current_nodes_id_seq
215   current_relations_id_seq
216   current_ways_id_seq
217   delayed_jobs_id_seq
218   diary_comments_id_seq
219   diary_entries_id_seq
220   friends_id_seq
221   gpx_file_tags_id_seq
222   gpx_files_id_seq
223   issue_comments_id_seq
224   issues_id_seq
225   messages_id_seq
226   note_comments_id_seq
227   notes_id_seq
228   oauth_access_grants_id_seq
229   oauth_access_tokens_id_seq
230   oauth_applications_id_seq
231   oauth_openid_requests_id_seq
232   redactions_id_seq
233   reports_id_seq
234   user_blocks_id_seq
235   user_mutes_id_seq
236   user_roles_id_seq
237   users_id_seq
238 ].each do |sequence|
239   postgresql_sequence sequence do
240     cluster node[:db][:cluster]
241     database "openstreetmap"
242     owner "openstreetmap"
243     permissions "openstreetmap" => [:all],
244                 "rails" => [:usage],
245                 "cgimap" => CGIMAP_PERMISSIONS[sequence],
246                 "backup" => [:select]
247   end
248 end
249
250 cookbook_file "/usr/local/share/monthly-reindex.sql" do
251   owner "root"
252   group "root"
253   mode "644"
254 end
255
256 systemd_service "monthly-reindex" do
257   description "Monthly database reindex"
258   exec_start "/usr/bin/psql -f /usr/local/share/monthly-reindex.sql openstreetmap"
259   user "postgres"
260   sandbox true
261   restrict_address_families "AF_UNIX"
262   remove_ipc false
263 end
264
265 systemd_timer "monthly-reindex" do
266   description "Monthly database reindex"
267   on_calendar "Sun *-*-1..7 02:00"
268 end
269
270 service "monthly-reindex.timer" do
271   action [:enable, :start]
272 end
273
274 cookbook_file "/usr/local/share/yearly-reindex.sql" do
275   owner "root"
276   group "root"
277   mode "644"
278 end
279
280 systemd_service "yearly-reindex" do
281   description "Yearly database reindex"
282   exec_start "/usr/bin/psql -f /usr/local/share/yearly-reindex.sql openstreetmap"
283   user "postgres"
284   sandbox true
285   restrict_address_families "AF_UNIX"
286   remove_ipc false
287 end
288
289 systemd_timer "yearly-reindex" do
290   description "Yearly database reindex"
291   on_calendar "Thu *-1-8..14 02:00"
292 end
293
294 service "yearly-reindex.timer" do
295   action [:enable, :start]
296 end
297
298 template "/etc/prometheus/exporters/sql_rails.collector.yml" do
299   source "sql_rails.yml.erb"
300   owner "root"
301   group "root"
302   mode "0644"
303 end