require "yaml"
include_recipe "accounts"
+include_recipe "apt"
include_recipe "osmosis"
+include_recipe "ruby"
+include_recipe "tools"
db_passwords = data_bag_item("db", "passwords")
+## Install required packages
+
package %w[
postgresql-client
- ruby
- ruby-dev
ruby-libxml
make
gcc
+ libc6-dev
libpq-dev
osmdbt
]
-gem_package "pg"
+gem_package "pg" do
+ gem_binary node[:ruby][:gem]
+end
+
+## Build preload library to flush files
remote_directory "/opt/flush" do
source "flush"
subscribes :run, "remote_directory[/opt/flush]"
end
+## Install scripts
+
remote_directory "/usr/local/bin" do
source "replication-bin"
owner "root"
files_mode "755"
end
-template "/usr/local/bin/replicate-minute" do
- source "replicate-minute.erb"
- owner "root"
- group "root"
- mode "755"
-end
-
template "/usr/local/bin/users-agreed" do
source "users-agreed.erb"
owner "root"
mode "755"
end
+## Published deleted users directory
+
remote_directory "/store/planet/users_deleted" do
source "users_deleted"
owner "planet"
files_mode "644"
end
+## Published replication directory
+
remote_directory "/store/planet/replication" do
source "replication-cgi"
owner "root"
files_mode "755"
end
-directory "/store/planet/replication/changesets" do
- owner "planet"
- group "planet"
+## Configuration directory
+
+directory "/etc/replication" do
+ owner "root"
+ group "root"
mode "755"
end
-directory "/store/planet/replication/day" do
+## Transient state directory
+
+systemd_tmpfile "/run/replication" do
+ type "d"
owner "planet"
group "planet"
mode "755"
end
-directory "/store/planet/replication/hour" do
+## Persistent state directory
+
+directory "/var/lib/replication" do
owner "planet"
group "planet"
mode "755"
end
-directory "/store/planet/replication/minute" do
+## Temporary directory
+
+directory "/store/replication" do
owner "planet"
group "planet"
mode "755"
end
-directory "/store/planet/replication/test" do
- owner "planet"
+## Users replication
+
+template "/etc/replication/users-agreed.conf" do
+ source "users-agreed.conf.erb"
+ user "planet"
group "planet"
- mode "755"
+ mode "600"
+ variables :password => db_passwords["planetdiff"]
end
-directory "/store/planet/replication/test/day" do
- owner "planet"
- group "planet"
- mode "755"
+systemd_service "users-agreed" do
+ description "Update list of users accepting CTs"
+ user "planet"
+ exec_start "/usr/local/bin/users-agreed"
+ nice 10
+ private_tmp true
+ private_devices true
+ protect_system "strict"
+ protect_home true
+ read_write_paths "/store/planet/users_agreed"
+ restrict_address_families %w[AF_INET AF_INET6]
+ no_new_privileges true
end
-directory "/store/planet/replication/test/hour" do
- owner "planet"
- group "planet"
- mode "755"
+systemd_timer "users-agreed" do
+ description "Update list of users accepting CTs"
+ on_calendar "7:00"
end
-directory "/store/planet/replication/test/minute" do
- owner "planet"
- group "planet"
- mode "755"
+systemd_service "users-deleted" do
+ description "Update list of deleted users"
+ user "planet"
+ exec_start "/usr/local/bin/users-deleted"
+ nice 10
+ private_tmp true
+ private_devices true
+ protect_system "strict"
+ protect_home true
+ read_write_paths "/store/planet/users_deleted"
+ restrict_address_families %w[AF_INET AF_INET6]
+ no_new_privileges true
end
-directory "/store/replication" do
- owner "planet"
- group "planet"
- mode "755"
+systemd_timer "users-deleted" do
+ description "Update list of deleted users"
+ on_calendar "17:00"
end
-directory "/store/replication/minute" do
+## Changeset replication
+
+directory "/store/planet/replication/changesets" do
owner "planet"
group "planet"
mode "755"
end
-systemd_tmpfile "/run/replication" do
- type "d"
- owner "planet"
+template "/etc/replication/changesets.conf" do
+ source "changesets.conf.erb"
+ user "root"
group "planet"
- mode "755"
+ mode "640"
+ variables :password => db_passwords["planetdiff"]
end
-directory "/etc/replication" do
- owner "root"
- group "root"
- mode "755"
+systemd_service "replication-changesets" do
+ description "Changesets replication"
+ user "planet"
+ exec_start "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf"
+ private_tmp true
+ private_devices true
+ protect_system "strict"
+ protect_home true
+ read_write_paths [
+ "/run/replication",
+ "/store/planet/replication/changesets"
+ ]
+ restrict_address_families %w[AF_INET AF_INET6]
+ no_new_privileges true
end
-directory "/var/run/lock/changeset-replication/" do
- owner "planet"
- group "planet"
- mode "750"
+systemd_timer "replication-changesets" do
+ description "Changesets replication"
+ on_boot_sec 60
+ on_unit_active_sec 60
+ accuracy_sec 5
end
-directory "/var/lib/replication" do
+## Minutely replication
+
+directory "/store/planet/replication/minute" do
owner "planet"
group "planet"
mode "755"
end
-directory "/var/lib/replication/test" do
+directory "/var/lib/replication/minute" do
owner "planet"
group "planet"
mode "755"
end
-template "/etc/replication/auth.conf" do
- source "replication.auth.erb"
- user "root"
+directory "/store/replication/minute" do
+ owner "planet"
group "planet"
- mode "640"
- variables :password => db_passwords["planetdiff"]
+ mode "755"
end
osmdbt_config = {
"replication_slot" => "osmdbt"
},
"log_dir" => "/var/lib/replication/minute",
- "changes_dir" => "/store/planet/replication/test/minute",
+ "changes_dir" => "/store/planet/replication/minute",
"tmp_dir" => "/store/replication/minute",
"run_dir" => "/run/replication"
}
exec_start "/usr/local/bin/replicate-minute"
private_tmp true
private_devices true
- protect_system "full"
+ protect_system "strict"
protect_home true
+ read_write_paths [
+ "/run/replication",
+ "/store/replication/minute",
+ "/store/planet/replication/minute",
+ "/var/lib/replication/minute"
+ ]
restrict_address_families %w[AF_INET AF_INET6]
no_new_privileges true
end
accuracy_sec 5
end
-directory "/var/lib/replication/test/hour" do
+## Hourly replication
+
+directory "/store/planet/replication/hour" do
owner "planet"
group "planet"
mode "755"
end
-template "/var/lib/replication/test/hour/configuration.txt" do
- source "replication.config.erb"
+directory "/var/lib/replication/hour" do
owner "planet"
group "planet"
- mode "644"
- variables :base => "test/minute", :interval => 3600
+ mode "755"
+end
+
+link "/var/lib/replication/hour/data" do
+ to "/store/planet/replication/hour"
end
-link "/var/lib/replication/test/hour/data" do
- to "/store/planet/replication/test/hour"
+template "/var/lib/replication/hour/configuration.txt" do
+ source "replication.config.erb"
+ owner "planet"
+ group "planet"
+ mode "644"
+ variables :base => "minute", :interval => 3600
end
systemd_service "replication-hourly" do
description "Hourly replication"
user "planet"
- exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/test/hour"
+ exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour"
+ environment "LD_PRELOAD" => "/opt/flush/flush.so"
private_tmp true
private_devices true
- protect_system "full"
+ protect_system "strict"
protect_home true
+ read_write_paths [
+ "/store/planet/replication/hour",
+ "/var/lib/replication/hour"
+ ]
restrict_address_families %w[AF_INET AF_INET6]
no_new_privileges true
end
on_calendar "*-*-* *:02/15:00"
end
-directory "/var/lib/replication/test/day" do
+## Daily replication
+
+directory "/store/planet/replication/day" do
owner "planet"
group "planet"
mode "755"
end
-template "/var/lib/replication/test/day/configuration.txt" do
- source "replication.config.erb"
+directory "/var/lib/replication/day" do
owner "planet"
group "planet"
- mode "644"
- variables :base => "test/hour", :interval => 86400
+ mode "755"
end
-link "/var/lib/replication/test/day/data" do
- to "/store/planet/replication/test/day"
+link "/var/lib/replication/day/data" do
+ to "/store/planet/replication/day"
+end
+
+template "/var/lib/replication/day/configuration.txt" do
+ source "replication.config.erb"
+ owner "planet"
+ group "planet"
+ mode "644"
+ variables :base => "hour", :interval => 86400
end
systemd_service "replication-daily" do
description "Daily replication"
user "planet"
- exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/test/day"
+ exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day"
+ environment "LD_PRELOAD" => "/opt/flush/flush.so"
private_tmp true
private_devices true
- protect_system "full"
+ protect_system "strict"
protect_home true
+ read_write_paths [
+ "/store/planet/replication/day",
+ "/var/lib/replication/day"
+ ]
restrict_address_families %w[AF_INET AF_INET6]
no_new_privileges true
end
on_calendar "*-*-* *:02/15:00"
end
-template "/etc/replication/changesets.conf" do
- source "changesets.conf.erb"
- user "root"
- group "planet"
- mode "640"
- variables :password => db_passwords["planetdiff"]
-end
+## Replication cleanup
-template "/etc/replication/users-agreed.conf" do
- source "users-agreed.conf.erb"
+systemd_service "replication-cleanup" do
+ description "Cleanup replication"
user "planet"
- group "planet"
- mode "600"
- variables :password => db_passwords["planetdiff"]
-end
-
-directory "/var/lib/replication/minute" do
- owner "planet"
- group "planet"
- mode "755"
-end
-
-directory "/var/lib/replication/hour" do
- owner "planet"
- group "planet"
- mode "755"
-end
-
-template "/var/lib/replication/hour/configuration.txt" do
- source "replication.config.erb"
- owner "planet"
- group "planet"
- mode "644"
- variables :base => "minute", :interval => 3600
-end
-
-link "/var/lib/replication/hour/data" do
- to "/store/planet/replication/hour"
-end
-
-directory "/var/lib/replication/day" do
- owner "planet"
- group "planet"
- mode "755"
+ exec_start "/usr/local/bin/replicate-cleanup"
+ private_tmp true
+ private_devices true
+ private_network true
+ protect_system "strict"
+ protect_home true
+ read_write_paths "/var/lib/replication"
+ no_new_privileges true
end
-template "/var/lib/replication/day/configuration.txt" do
- source "replication.config.erb"
- owner "planet"
- group "planet"
- mode "644"
- variables :base => "hour", :interval => 86400
+systemd_timer "replication-cleanup" do
+ description "Cleanup replication"
+ on_boot_sec 60
+ on_unit_active_sec 86400
+ accuracy_sec 1800
end
-link "/var/lib/replication/day/data" do
- to "/store/planet/replication/day"
-end
+## Enable/disable feeds
if node[:planet][:replication] == "enabled"
- cron_d "users-agreed" do
- minute "0"
- hour "7"
- user "planet"
- command "/usr/local/bin/users-agreed"
- mailto "zerebubuth@gmail.com"
+ service "users-agreed.timer" do
+ action [:enable, :start]
end
- cron_d "users-deleted" do
- minute "0"
- hour "17"
- user "planet"
- command "/usr/local/bin/users-deleted"
- mailto "zerebubuth@gmail.com"
+ service "users-deleted.timer" do
+ action [:enable, :start]
end
- cron_d "replication-changesets" do
- user "planet"
- command "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf"
- mailto "zerebubuth@gmail.com"
+ service "replication-changesets.timer" do
+ action [:enable, :start]
end
service "replication-minutely.timer" do
action [:enable, :start]
end
- cron_d "replication-minutely" do
- user "planet"
- command "/usr/local/bin/osmosis -q --replicate-apidb authFile=/etc/replication/auth.conf validateSchemaVersion=false --write-replication workingDirectory=/store/planet/replication/minute"
- mailto "brett@bretth.com"
- environment "LD_PRELOAD" => "/opt/flush/flush.so"
- end
-
- cron_d "replication-hourly" do
- minute "2,7,12,17"
- user "planet"
- command "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour"
- mailto "brett@bretth.com"
- environment "LD_PRELOAD" => "/opt/flush/flush.so"
- end
-
- cron_d "replication-daily" do
- minute "5,10,15,20"
- user "planet"
- command "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day"
- mailto "brett@bretth.com"
- environment "LD_PRELOAD" => "/opt/flush/flush.so"
+ service "replication-cleanup.timer" do
+ action [:enable, :start]
end
else
- cron_d "users-agreed" do
- action :delete
+ service "users-agreed.timer" do
+ action [:stop, :disable]
end
- cron_d "users-deleted" do
- action :delete
+ service "users-deleted.timer" do
+ action [:stop, :disable]
end
- cron_d "replication-changesets" do
- action :delete
+ service "replication-changesets.timer" do
+ action [:stop, :disable]
end
service "replication-minutely.timer" do
action [:stop, :disable]
end
- cron_d "replication-minutely" do
- action :delete
- end
-
- cron_d "replication-hourly" do
- action :delete
- end
-
- cron_d "replication-daily" do
- action :delete
+ service "replication-cleanup.timer" do
+ action [:stop, :disable]
end
end