Disable HTTP2 for OTRS

[chef.git] / cookbooks / db / recipes / master.rb
diff --git a/cookbooks/db/recipes/master.rb b/cookbooks/db/recipes/master.rb

index 6ba23cb50a1fab486cedeafa81b61a905564a578..c2d1da0247dbe65bf12fe79276530a9cd756cc04 100644 (file)
--- a/cookbooks/db/recipes/master.rb
+++ b/cookbooks/db/recipes/master.rb
@@ -62,11 +62,6 @@ postgresql_user "backup" do
    password passwords["backup"]
  end
  
-postgresql_user "munin" do
-  cluster node[:db][:cluster]
-  password passwords["munin"]
-end
-
  postgresql_user "replication" do
    cluster node[:db][:cluster]
    password passwords["replication"]
@@ -100,6 +95,7 @@ CGIMAP_PERMISSIONS = {
    "current_way_tags" => [:select, :insert, :delete],
    "current_ways" => [:select, :insert, :update],
    "current_ways_id_seq" => [:update],
+  "issues" => [:select],
    "node_tags" => [:select, :insert],
    "nodes" => [:select, :insert],
    "oauth_access_grants" => [:select],
@@ -111,19 +107,20 @@ CGIMAP_PERMISSIONS = {
    "relation_members" => [:select, :insert],
    "relation_tags" => [:select, :insert],
    "relations" => [:select, :insert],
+  "reports" => [:select],
    "user_blocks" => [:select],
    "user_roles" => [:select],
    "users" => [:select],
    "way_nodes" => [:select, :insert],
    "way_tags" => [:select, :insert],
    "ways" => [:select, :insert]
-}
+}.freeze
  
  PLANETDUMP_PERMISSIONS = {
    "note_comments" => :select,
    "notes" => :select,
    "users" => :select
-}
+}.freeze
  
  PLANETDIFF_PERMISSIONS = {
    "changeset_comments" => :select,
@@ -138,7 +135,11 @@ PLANETDIFF_PERMISSIONS = {
    "way_nodes" => :select,
    "way_tags" => :select,
    "ways" => :select
-}
+}.freeze
+
+PROMETHEUS_PERMISSIONS = {
+  "delayed_jobs" => :select
+}.freeze
  
  %w[
    acls
@@ -188,9 +189,9 @@ PLANETDIFF_PERMISSIONS = {
    reports
    schema_migrations
    user_blocks
+  user_mutes
    user_preferences
    user_roles
-  user_tokens
    users
    way_nodes
    way_tags
@@ -205,6 +206,7 @@ PLANETDIFF_PERMISSIONS = {
                  "cgimap" => CGIMAP_PERMISSIONS[table],
                  "planetdump" => PLANETDUMP_PERMISSIONS[table],
                  "planetdiff" => PLANETDIFF_PERMISSIONS[table],
+                "prometheus" => PROMETHEUS_PERMISSIONS[table],
                  "backup" => [:select]
    end
  end
@@ -240,8 +242,8 @@ end
    redactions_id_seq
    reports_id_seq
    user_blocks_id_seq
+  user_mutes_id_seq
    user_roles_id_seq
-  user_tokens_id_seq
    users_id_seq
  ].each do |sequence|
    postgresql_sequence sequence do
@@ -267,6 +269,7 @@ systemd_service "monthly-reindex" do
    user "postgres"
    sandbox true
    restrict_address_families "AF_UNIX"
+  remove_ipc false
  end
  
  systemd_timer "monthly-reindex" do
@@ -290,13 +293,21 @@ systemd_service "yearly-reindex" do
    user "postgres"
    sandbox true
    restrict_address_families "AF_UNIX"
+  remove_ipc false
  end
  
  systemd_timer "yearly-reindex" do
    description "Yearly database reindex"
-  on_calendar "Fri *-1-8..14 02:00"
+  on_calendar "Thu *-1-8..14 02:00"
  end
  
  service "yearly-reindex.timer" do
    action [:enable, :start]
  end
+
+template "/etc/prometheus/exporters/sql_rails.collector.yml" do
+  source "sql_rails.yml.erb"
+  owner "root"
+  group "root"
+  mode "0644"
+end