]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/dev/recipes/default.rb
Restart dev service correctly when they change
[chef.git] / cookbooks / dev / recipes / default.rb
index 9ad37bfc9b30f57732011b0d1afc7162f0e7b9a6..047a70d72115ea0ce1e9f67bd4bfa3b475f249f3 100644 (file)
@@ -290,12 +290,8 @@ if node[:postgresql][:clusters][:"14/main"]
     exec_start "#{node[:ruby][:bundle]} exec rails jobs:work"
     restart "on-failure"
     nice 10
-    private_tmp true
-    private_devices true
-    protect_system "strict"
-    protect_home true
+    sandbox :enable_network => true
     read_write_paths "/srv/%i.apis.dev.openstreetmap.org/logs"
-    no_new_privileges true
   end
 
   systemd_service "cgimap@" do
@@ -305,12 +301,9 @@ if node[:postgresql][:clusters][:"14/main"]
     user "apis"
     exec_start "/srv/%i.apis.dev.openstreetmap.org/cgimap/openstreetmap-cgimap --daemon --port $CGIMAP_PORT --instances 5"
     exec_reload "/bin/kill -HUP $MAINPID"
-    private_tmp true
-    private_devices true
-    protect_system "strict"
-    protect_home true
+    sandbox :enable_network => true
+    restrict_address_families "AF_UNIX"
     read_write_paths ["/srv/%i.apis.dev.openstreetmap.org/logs", "/srv/%i.apis.dev.openstreetmap.org/rails/tmp"]
-    no_new_privileges true
     restart "on-failure"
   end
 
@@ -405,7 +398,7 @@ if node[:postgresql][:clusters][:"14/main"]
         action [:enable, :start]
         supports :restart => true
         subscribes :restart, "rails_port[#{site_name}]"
-        subscribes :restart, "systemd_service[#{name}]"
+        subscribes :restart, "systemd_service[rails-jobs@]"
         only_if "fgrep -q delayed_job #{rails_directory}/Gemfile.lock"
       end
 
@@ -443,7 +436,6 @@ if node[:postgresql][:clusters][:"14/main"]
           user "apis"
           group "apis"
           subscribes :run, "execute[#{cgimap_directory}/configure]", :immediately
-          notifies :restart, "service[cgimap@#{name}]"
         end
 
         template "/etc/default/cgimap-#{name}" do
@@ -455,11 +447,13 @@ if node[:postgresql][:clusters][:"14/main"]
                     :database_port => node[:postgresql][:clusters][:"14/main"][:port],
                     :database_name => database_name,
                     :log_directory => log_directory
-          notifies :restart, "service[cgimap@#{name}]"
         end
 
         service "cgimap@#{name}" do
           action [:start, :enable]
+          subscribes :restart, "execute[#{cgimap_directory}/Makefile]"
+          subscribes :restart, "template[/etc/default/cgimap-#{name}]"
+          subscribes :restart, "systemd_service[cgimap@]"
         end
       end