]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/planet/recipes/replication.rb
Tighten timeouts and log request timeouts
[chef.git] / cookbooks / planet / recipes / replication.rb
index b23c00f36bacacdc65ef03b4ec303e247ee56afc..d719d11ae519c33800a36865f501f8f8c61ced1c 100644 (file)
 # limitations under the License.
 #
 
+require "yaml"
+
 include_recipe "accounts"
+include_recipe "apt"
 include_recipe "osmosis"
+include_recipe "planet::aws"
+include_recipe "ruby"
+include_recipe "tools"
 
 db_passwords = data_bag_item("db", "passwords")
 
-package "postgresql-client"
+## Install required packages
 
-package "ruby"
-package "ruby-dev"
-package "ruby-libxml"
+package %w[
+  postgresql-client
+  ruby-libxml
+  make
+  gcc
+  libc6-dev
+  libpq-dev
+  osmdbt
+]
 
-package "make"
-package "gcc"
-package "libpq-dev"
+gem_package "pg" do
+  gem_binary node[:ruby][:gem]
+end
 
-gem_package "pg"
+## Build preload library to flush files
 
 remote_directory "/opt/flush" do
   source "flush"
   owner "root"
   group "root"
-  mode 0o755
+  mode "755"
   files_owner "root"
   files_group "root"
-  files_mode 0o755
+  files_mode "755"
 end
 
 execute "/opt/flush/Makefile" do
@@ -53,190 +65,391 @@ execute "/opt/flush/Makefile" do
   subscribes :run, "remote_directory[/opt/flush]"
 end
 
+## Install scripts
+
 remote_directory "/usr/local/bin" do
   source "replication-bin"
   owner "root"
   group "root"
-  mode 0o755
+  mode "755"
   files_owner "root"
   files_group "root"
-  files_mode 0o755
+  files_mode "755"
 end
 
 template "/usr/local/bin/users-agreed" do
   source "users-agreed.erb"
   owner "root"
   group "root"
-  mode 0o755
+  mode "755"
 end
 
 template "/usr/local/bin/users-deleted" do
   source "users-deleted.erb"
   owner "root"
   group "root"
-  mode 0o755
+  mode "755"
 end
 
+## Published deleted users directory
+
 remote_directory "/store/planet/users_deleted" do
   source "users_deleted"
   owner "planet"
   group "planet"
-  mode 0o755
+  mode "755"
   files_owner "root"
   files_group "root"
-  files_mode 0o644
+  files_mode "644"
 end
 
+## Published replication directory
+
 remote_directory "/store/planet/replication" do
   source "replication-cgi"
   owner "root"
   group "root"
-  mode 0o755
+  mode "755"
   files_owner "root"
   files_group "root"
-  files_mode 0o755
+  files_mode "755"
 end
 
-directory "/store/planet/replication/changesets" do
+## Configuration directory
+
+directory "/etc/replication" do
+  owner "root"
+  group "root"
+  mode "755"
+end
+
+## Transient state directory
+
+systemd_tmpfile "/run/replication" do
+  type "d"
   owner "planet"
   group "planet"
-  mode 0o755
+  mode "755"
 end
 
-directory "/store/planet/replication/day" do
+## Persistent state directory
+
+directory "/var/lib/replication" do
   owner "planet"
   group "planet"
-  mode 0o755
+  mode "755"
 end
 
-directory "/store/planet/replication/hour" do
+## Temporary directory
+
+directory "/store/replication" do
   owner "planet"
   group "planet"
-  mode 0o755
+  mode "755"
 end
 
-directory "/store/planet/replication/minute" do
-  owner "planet"
+## Users replication
+
+template "/etc/replication/users-agreed.conf" do
+  source "users-agreed.conf.erb"
+  user "planet"
   group "planet"
-  mode 0o755
+  mode "600"
+  variables :password => db_passwords["planetdiff"]
 end
 
-directory "/etc/replication" do
-  owner "root"
-  group "root"
-  mode 0o755
+systemd_service "users-agreed" do
+  description "Update list of users accepting CTs"
+  user "planet"
+  exec_start "/usr/local/bin/users-agreed"
+  nice 10
+  sandbox :enable_network => true
+  read_write_paths "/store/planet/users_agreed"
 end
 
-template "/etc/replication/auth.conf" do
-  source "replication.auth.erb"
-  user "root"
+systemd_timer "users-agreed" do
+  description "Update list of users accepting CTs"
+  on_calendar "7:00"
+end
+
+systemd_service "users-deleted" do
+  description "Update list of deleted users"
+  user "planet"
+  exec_start "/usr/local/bin/users-deleted"
+  nice 10
+  sandbox :enable_network => true
+  read_write_paths "/store/planet/users_deleted"
+end
+
+systemd_timer "users-deleted" do
+  description "Update list of deleted users"
+  on_calendar "17:00"
+end
+
+## Changeset replication
+
+directory "/store/planet/replication/changesets" do
+  owner "planet"
   group "planet"
-  mode 0o640
-  variables :password => db_passwords["planetdiff"]
+  mode "755"
 end
 
 template "/etc/replication/changesets.conf" do
   source "changesets.conf.erb"
   user "root"
   group "planet"
-  mode 0o640
+  mode "640"
   variables :password => db_passwords["planetdiff"]
 end
 
-template "/etc/replication/users-agreed.conf" do
-  source "users-agreed.conf.erb"
+systemd_service "replication-changesets" do
+  description "Changesets replication"
   user "planet"
+  exec_start "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf"
+  sandbox :enable_network => true
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
+  read_write_paths [
+    "/run/replication",
+    "/store/planet/replication/changesets"
+  ]
+end
+
+systemd_timer "replication-changesets" do
+  description "Changesets replication"
+  on_boot_sec 60
+  on_unit_active_sec 60
+  accuracy_sec 5
+end
+
+## Minutely replication
+
+directory "/store/planet/replication/minute" do
+  owner "planet"
   group "planet"
-  mode 0o600
-  variables :password => db_passwords["planetdiff"]
+  mode "755"
 end
 
-directory "/var/lib/replication" do
+directory "/var/lib/replication/minute" do
+  owner "planet"
+  group "planet"
+  mode "755"
+end
+
+directory "/store/replication/minute" do
   owner "planet"
   group "planet"
-  mode 0o755
+  mode "755"
+end
+
+osmdbt_config = {
+  "database" => {
+    "host" => node[:web][:database_host],
+    "dbname" => "openstreetmap",
+    "user" => "planetdiff",
+    "password" => db_passwords["planetdiff"],
+    "replication_slot" => "osmdbt"
+  },
+  "log_dir" => "/var/lib/replication/minute",
+  "changes_dir" => "/store/planet/replication/minute",
+  "tmp_dir" => "/store/replication/minute",
+  "run_dir" => "/run/replication"
+}
+
+file "/etc/replication/osmdbt-config.yaml" do
+  user "root"
+  group "planet"
+  mode "640"
+  content YAML.dump(osmdbt_config)
+end
+
+systemd_service "replication-minutely" do
+  description "Minutely replication"
+  user "planet"
+  working_directory "/etc/replication"
+  exec_start "/usr/local/bin/replicate-minute"
+  sandbox :enable_network => true
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
+  read_write_paths [
+    "/run/replication",
+    "/store",
+    "/var/lib/replication/minute"
+  ]
+end
+
+systemd_timer "replication-minutely" do
+  description "Minutely replication"
+  on_boot_sec 60
+  on_unit_active_sec 60
+  accuracy_sec 5
+end
+
+## Hourly replication
+
+directory "/store/planet/replication/hour" do
+  owner "planet"
+  group "planet"
+  mode "755"
 end
 
 directory "/var/lib/replication/hour" do
   owner "planet"
   group "planet"
-  mode 0o755
+  mode "755"
+end
+
+link "/var/lib/replication/hour/data" do
+  to "/store/planet/replication/hour"
 end
 
 template "/var/lib/replication/hour/configuration.txt" do
   source "replication.config.erb"
   owner "planet"
   group "planet"
-  mode 0o644
+  mode "644"
   variables :base => "minute", :interval => 3600
 end
 
-link "/var/lib/replication/hour/data" do
-  to "/store/planet/replication/hour"
+systemd_service "replication-hourly" do
+  description "Hourly replication"
+  user "planet"
+  exec_start "/usr/local/bin/replicate-hour"
+  environment "LD_PRELOAD" => "/opt/flush/flush.so"
+  sandbox :enable_network => true
+  memory_deny_write_execute false
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
+  read_write_paths [
+    "/store/planet/replication/hour",
+    "/var/lib/replication/hour"
+  ]
+end
+
+systemd_timer "replication-hourly" do
+  description "Hourly replication"
+  on_calendar "*-*-* *:02/15:00"
+end
+
+## Daily replication
+
+directory "/store/planet/replication/day" do
+  owner "planet"
+  group "planet"
+  mode "755"
 end
 
 directory "/var/lib/replication/day" do
   owner "planet"
   group "planet"
-  mode 0o755
+  mode "755"
+end
+
+link "/var/lib/replication/day/data" do
+  to "/store/planet/replication/day"
 end
 
 template "/var/lib/replication/day/configuration.txt" do
   source "replication.config.erb"
   owner "planet"
   group "planet"
-  mode 0o644
+  mode "644"
   variables :base => "hour", :interval => 86400
 end
 
-link "/var/lib/replication/day/data" do
-  to "/store/planet/replication/day"
+systemd_service "replication-daily" do
+  description "Daily replication"
+  user "planet"
+  exec_start "/usr/local/bin/replicate-day"
+  environment "LD_PRELOAD" => "/opt/flush/flush.so"
+  sandbox :enable_network => true
+  memory_deny_write_execute false
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
+  read_write_paths [
+    "/store/planet/replication/day",
+    "/var/lib/replication/day"
+  ]
+end
+
+systemd_timer "replication-daily" do
+  description "Daily replication"
+  on_calendar "*-*-* *:02/15:00"
 end
 
+## Replication cleanup
+
+systemd_service "replication-cleanup" do
+  description "Cleanup replication"
+  user "planet"
+  exec_start "/usr/local/bin/replicate-cleanup"
+  sandbox true
+  read_write_paths "/var/lib/replication"
+end
+
+systemd_timer "replication-cleanup" do
+  description "Cleanup replication"
+  on_boot_sec 60
+  on_unit_active_sec 86400
+  accuracy_sec 1800
+end
+
+## Enable/disable feeds
+
 if node[:planet][:replication] == "enabled"
-  template "/etc/cron.d/replication" do
-    source "replication.cron.erb"
-    owner "root"
-    group "root"
-    mode 0o644
+  service "users-agreed.timer" do
+    action [:enable, :start]
+  end
+
+  service "users-deleted.timer" do
+    action [:enable, :start]
+  end
+
+  service "replication-changesets.timer" do
+    action [:enable, :start]
+  end
+
+  service "replication-minutely.timer" do
+    action [:enable, :start]
+  end
+
+  service "replication-hourly.timer" do
+    action [:enable, :start]
+  end
+
+  service "replication-daily.timer" do
+    action [:enable, :start]
+  end
+
+  service "replication-cleanup.timer" do
+    action [:enable, :start]
   end
 else
-  file "/etc/cron.d/replication" do
-    action :delete
+  service "users-agreed.timer" do
+    action [:stop, :disable]
   end
-end
 
-# directory "/var/lib/replication/streaming" do
-#   owner "planet"
-#   group "planet"
-#   mode 0o755
-# end
-#
-# directory "/var/log/replication" do
-#   owner "planet"
-#   group "planet"
-#   mode 0o755
-# end
-#
-# ["streaming-replicator", "streaming-server"].each do |name|
-#   template "/etc/init.d/#{name}" do
-#     source "streaming.init.erb"
-#     owner "root"
-#     group "root"
-#     mode 0o755
-#     variables :service => name
-#   end
-#
-#   if node[:planet][:replication] == "enabled"
-#     service name do
-#       action [:enable, :start]
-#       supports :restart => true, :status => true
-#       subscribes :restart, "template[/etc/init.d/#{name}]"
-#     end
-#   else
-#     service name do
-#       action [:disable, :stop]
-#       supports :restart => true, :status => true
-#     end
-#   end
-# end
+  service "users-deleted.timer" do
+    action [:stop, :disable]
+  end
+
+  service "replication-changesets.timer" do
+    action [:stop, :disable]
+  end
+
+  service "replication-minutely.timer" do
+    action [:stop, :disable]
+  end
+
+  service "replication-hourly.timer" do
+    action [:stop, :disable]
+  end
+
+  service "replication-daily.timer" do
+    action [:stop, :disable]
+  end
+
+  service "replication-cleanup.timer" do
+    action [:stop, :disable]
+  end
+end