password passwords["rails"]
end
+postgresql_user "cgimap" do
+ cluster node[:db][:cluster]
+ password passwords["cgimap"]
+end
+
postgresql_user "planetdump" do
cluster node[:db][:cluster]
password passwords["planetdump"]
password passwords["backup"]
end
-postgresql_user "gpximport" do
- cluster node[:db][:cluster]
- password passwords["gpximport"]
-end
-
postgresql_user "munin" do
cluster node[:db][:cluster]
password passwords["munin"]
only_if { node[:postgresql][:clusters][node[:db][:cluster]] && node[:postgresql][:clusters][node[:db][:cluster]][:version] >= 9.0 }
end
-file "/etc/cron.daily/rails-db" do
- action :delete
+%w[
+ active_storage_attachments
+ active_storage_blobs
+ active_storage_variant_records
+ ar_internal_metadata
+ delayed_jobs
+ issue_comments
+ issues
+ oauth_openid_requests
+ reports
+].each do |table|
+ postgresql_table table do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:select, :insert, :update, :delete],
+ "backup" => [:select]
+ end
+end
+
+%w[
+ acls
+ changesets_subscribers
+ diary_comments
+ diary_entries
+ diary_entry_subscriptions
+ friends
+ gps_points
+ gpx_file_tags
+ gpx_files
+ languages
+ messages
+ redactions
+ schema_migrations
+ user_preferences
+ user_tokens
+].each do |table|
+ postgresql_table table do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:select, :insert, :update, :delete],
+ "backup" => [:select]
+ end
+end
+
+%w[
+ note_comments
+ notes
+].each do |table|
+ postgresql_table table do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:select, :insert, :update, :delete],
+ "planetdump" => [:select],
+ "backup" => [:select]
+ end
+end
+
+%w[
+ changeset_comments
+ changeset_tags
+].each do |table|
+ postgresql_table table do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:select, :insert, :update, :delete],
+ "cgimap" => [:select],
+ "planetdiff" => [:select],
+ "backup" => [:select]
+ end
+end
+
+%w[
+ users
+].each do |table|
+ postgresql_table table do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:select, :insert, :update, :delete],
+ "cgimap" => [:select],
+ "planetdump" => [:select],
+ "planetdiff" => [:select],
+ "backup" => [:select]
+ end
+end
+
+%w[changesets].each do |table|
+ postgresql_table table do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:select, :insert, :update, :delete],
+ "cgimap" => [:select, :update],
+ "planetdiff" => [:select],
+ "backup" => [:select]
+ end
+end
+
+%w[
+ current_nodes
+ current_relations
+ current_ways
+].each do |table|
+ postgresql_table table do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:select, :insert, :update, :delete],
+ "cgimap" => [:select, :insert, :update],
+ "backup" => [:select]
+ end
+end
+
+%w[
+ current_node_tags
+ current_relation_members
+ current_relation_tags
+ current_way_nodes
+ current_way_tags
+].each do |table|
+ postgresql_table table do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:select, :insert, :update, :delete],
+ "cgimap" => [:select, :insert, :delete],
+ "backup" => [:select]
+ end
+end
+
+%w[
+ node_tags
+ nodes
+ relation_members
+ relation_tags
+ relations
+ way_nodes
+ way_tags
+ ways
+].each do |table|
+ postgresql_table table do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:select, :insert, :update, :delete],
+ "cgimap" => [:select, :insert],
+ "planetdiff" => [:select],
+ "backup" => [:select]
+ end
+end
+
+%w[
+ client_applications
+ oauth_access_grants
+ oauth_access_tokens
+ oauth_applications
+ oauth_tokens
+ user_blocks
+ user_roles
+].each do |table|
+ postgresql_table table do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:select, :insert, :update, :delete],
+ "cgimap" => [:select],
+ "backup" => [:select]
+ end
+end
+
+%w[
+ oauth_nonces
+].each do |table|
+ postgresql_table table do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:select, :insert, :update, :delete],
+ "cgimap" => [:select, :insert],
+ "backup" => [:select]
+ end
+end
+
+%w[
+ acls_id_seq
+ active_storage_attachments_id_seq
+ active_storage_blobs_id_seq
+ active_storage_variant_records_id_seq
+ changeset_comments_id_seq
+ changesets_id_seq
+ client_applications_id_seq
+ delayed_jobs_id_seq
+ diary_comments_id_seq
+ diary_entries_id_seq
+ friends_id_seq
+ gpx_file_tags_id_seq
+ gpx_files_id_seq
+ issue_comments_id_seq
+ issues_id_seq
+ messages_id_seq
+ note_comments_id_seq
+ notes_id_seq
+ oauth_access_grants_id_seq
+ oauth_access_tokens_id_seq
+ oauth_applications_id_seq
+ oauth_openid_requests_id_seq
+ oauth_tokens_id_seq
+ redactions_id_seq
+ reports_id_seq
+ user_blocks_id_seq
+ user_roles_id_seq
+ user_tokens_id_seq
+ users_id_seq
+].each do |sequence|
+ postgresql_sequence sequence do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:usage],
+ "backup" => [:select]
+ end
+end
+
+%w[
+ current_nodes_id_seq
+ current_relations_id_seq
+ current_ways_id_seq
+ oauth_nonces_id_seq
+].each do |sequence|
+ postgresql_sequence sequence do
+ cluster node[:db][:cluster]
+ database "openstreetmap"
+ owner "openstreetmap"
+ permissions "openstreetmap" => [:all],
+ "rails" => [:usage],
+ "cgimap" => [:update],
+ "backup" => [:select]
+ end
+end
+
+cookbook_file "/usr/local/share/monthly-reindex.sql" do
+ owner "root"
+ group "root"
+ mode "644"
+end
+
+systemd_service "monthly-reindex" do
+ description "Monthly database reindex"
+ exec_start "/usr/bin/psql -f /usr/local/share/monthly-reindex.sql openstreetmap"
+ user "postgres"
+ sandbox true
+ restrict_address_families "AF_UNIX"
+end
+
+systemd_timer "monthly-reindex" do
+ description "Monthly database reindex"
+ on_calendar "Sun *-*-1..7 02:00"
+end
+
+service "monthly-reindex.timer" do
+ action [:enable, :start]
+end
+
+cookbook_file "/usr/local/share/yearly-reindex.sql" do
+ owner "root"
+ group "root"
+ mode "644"
+end
+
+systemd_service "yearly-reindex" do
+ description "Yearly database reindex"
+ exec_start "/usr/bin/psql -f /usr/local/share/yearly-reindex.sql openstreetmap"
+ user "postgres"
+ sandbox true
+ restrict_address_families "AF_UNIX"
+end
+
+systemd_timer "yearly-reindex" do
+ description "Yearly database reindex"
+ on_calendar "Fri *-1-8..14 02:00"
+end
+
+service "yearly-reindex.timer" do
+ action [:enable, :start]
end
projects / chef.git / blobdiff