]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/overpass/recipes/default.rb
Convert letsencrypt to use systemd timers
[chef.git] / cookbooks / overpass / recipes / default.rb
index d807eab696c0e6e0a68ba6e13a42c3756a04922a..9908e330b65bcd16507a4c4c66786283f78bc85c 100644 (file)
 #
 
 include_recipe "accounts"
-include_recipe "munin"
 include_recipe "apache"
+include_recipe "munin"
+include_recipe "prometheus"
+include_recipe "ruby"
 
 username = "overpass"
 basedir = data_bag_item("accounts", username)["home"]
+web_passwords = data_bag_item("web", "passwords")
 
-%w[bin site diffs db src].each do |dirname|
+%w[bin site diffs db src munin].each do |dirname|
   directory "#{basedir}/#{dirname}" do
     owner username
     group username
@@ -67,10 +70,30 @@ execute "install_overpass" do
   user username
   cwd srcdir
   command "./configure --enable-lz4 --prefix=#{basedir} && make install"
+  notifies :restart, "service[overpass-dispatcher]"
+  notifies :restart, "service[overpass-area-dispatcher]"
 end
 
 ## Setup Apache
 
+gem_package "rotp" do
+  gem_binary node[:ruby][:gem]
+end
+
+directory "#{basedir}/apache" do
+  owner "root"
+  group "root"
+  mode "755"
+end
+
+template "#{basedir}/apache/totp-filter" do
+  source "totp-filter.erb"
+  owner "root"
+  group "root"
+  mode "755"
+  variables :totp_key => web_passwords["totp_key"]
+end
+
 ssl_certificate node[:fqdn] do
   domains [node[:fqdn],
            node[:overpass][:fqdn]]
@@ -79,6 +102,11 @@ end
 
 apache_module "cgi"
 apache_module "headers"
+apache_module "rewrite"
+
+apache_site "default" do
+  action :disable
+end
 
 apache_site "#{node[:overpass][:fqdn]}" do
   template "apache.erb"
@@ -123,6 +151,7 @@ end
 
 systemd_service "overpass-dispatcher" do
   description "Overpass Main Dispatcher"
+  wants ["overpass-area-dispatcher.service"]
   working_directory basedir
   exec_start "#{basedir}/bin/dispatcher --osm-base #{meta_map_short[node[:overpass][:meta_mode]]} --db-dir=#{basedir}/db --rate-limit=#{node[:overpass][:rate_limit]} --space=#{node[:overpass][:dispatcher_space]}"
   exec_stop "#{basedir}/bin/dispatcher --osm-base --terminate"
@@ -136,7 +165,7 @@ end
 
 systemd_service "overpass-area-dispatcher" do
   description "Overpass Area Dispatcher"
-  after ["overpass-dispatcher"]
+  after ["overpass-dispatcher.service"]
   working_directory basedir
   exec_start "#{basedir}/bin/dispatcher --areas #{meta_map_short[node[:overpass][:meta_mode]]} --db-dir=#{basedir}/db"
   exec_stop "#{basedir}/bin/dispatcher --areas --terminate"
@@ -150,41 +179,78 @@ end
 
 systemd_service "overpass-update" do
   description "Overpass Update Application"
-  after ["overpass-dispatcher"]
+  after ["overpass-dispatcher.service"]
+  wants ["overpass-area-processor.service"]
   working_directory basedir
   exec_start "#{basedir}/bin/overpass-update-db"
   standard_output "append:#{logdir}/update.log"
   user username
+  restart "on-success"
 end
 
 if node[:overpass][:meta_mode] == "attic"
   systemd_service "overpass-area-processor" do
     description "Overpass Area Processor"
-    after ["overpass-area-dispatcher"]
+    after ["overpass-area-dispatcher.service", "overpass-update.service"]
     working_directory basedir
     exec_start "#{basedir}/bin/overpass-update-areas"
     standard_output "append:#{logdir}/area-processor.log"
+    restart "on-success"
     nice 19
     user username
   end
 else
   systemd_service "overpass-area-processor" do
     description "Overpass Area Processor"
-    after ["overpass-area-dispatcher"]
+    after ["overpass-area-dispatcher.service", "overpass-update.service"]
     working_directory basedir
     exec_start "#{basedir}/bin/osm3s_query --progress --rules"
     standard_input "file:#{srcdir}/rules/areas.osm3s"
     standard_output "append:#{logdir}/area-processor.log"
+    restart "on-success"
     nice 19
     user username
   end
 end
 
 systemd_timer "overpass-area-processor" do
-  description "Update areas in Overpass"
-  on_calendar "*-*-* *:*:00"
+  action :delete
 end
 
 service "overpass-area-processor" do
-  action [:enable]
+  action [:disable]
+end
+
+template "/etc/logrotate.d/overpass" do
+  source "logrotate.erb"
+  owner "root"
+  group "root"
+  mode "644"
+  variables :logdir => logdir
+end
+
+# Munin scripts
+
+%w[db_lag request_count].each do |name|
+  template "#{basedir}/munin/overpass_#{name}" do
+    source "munin_#{name}.erb"
+    owner username
+    group username
+    mode "755"
+    variables :basedir => basedir
+  end
+
+  munin_plugin "overpass_#{name}" do
+    target "#{basedir}/munin/overpass_#{name}"
+    conf "munin.erb"
+    conf_variables :user => username
+  end
+end
+
+prometheus_exporter "overpass" do
+  port 9898
+  user username
+  options [
+    "--overpass.base-directory=#{basedir}"
+  ]
 end