Update chef client to 17.10.3

[chef.git] / cookbooks / tile / recipes / default.rb

diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb
index 6aeedaae837e0c2831ca6e95ef884bbc389954c2..f2bfd6a7b0929b39b148217a99cd12cbeabae83b 100644 (file)
--- a/cookbooks/tile/recipes/default.rb
+++ b/cookbooks/tile/recipes/default.rb
@@ -99,13 +99,9 @@ end
 package "renderd"
 
 systemd_service "renderd" do
-  description "Mapnik rendering daemon"
+  dropin "chef"
   after "postgresql.service"
   wants "postgresql.service"
-  user "www-data"
-  exec_start "/usr/bin/renderd -f"
-  runtime_directory "renderd"
-  standard_error "null"
   limit_nofile 4096
   private_tmp true
   private_devices true
@@ -116,6 +112,10 @@ systemd_service "renderd" do
   restart "on-failure"
 end
 
+systemd_service "renderd" do
+  action :delete
+end
+
 service "renderd" do
   action [:enable, :start]
   subscribes :restart, "systemd_service[renderd]"
@@ -337,15 +337,15 @@ node[:tile][:styles].each do |name, details|
 
   details[:tile_directories].each do |directory|
     directory directory[:name] do
-      owner "www-data"
-      group "www-data"
+      owner "_renderd"
+      group "_renderd"
       mode "755"
     end
 
     directory[:min_zoom].upto(directory[:max_zoom]) do |zoom|
       directory "#{directory[:name]}/#{zoom}" do
-        owner "www-data"
-        group "www-data"
+        owner "_renderd"
+        group "_renderd"
         mode "755"
       end
 
@@ -413,6 +413,10 @@ postgresql_user "www-data" do
   cluster node[:tile][:database][:cluster]
 end
 
+postgresql_user "_renderd" do
+  cluster node[:tile][:database][:cluster]
+end
+
 postgresql_database "gis" do
   cluster node[:tile][:database][:cluster]
   owner "tile"
@@ -443,7 +447,7 @@ end
     cluster node[:tile][:database][:cluster]
     database "gis"
     owner "tile"
-    permissions "tile" => :all, "www-data" => :select
+    permissions "tile" => :all, "www-data" => :select, "_renderd" => :select
   end
 end
 
@@ -455,12 +459,21 @@ package %w[
 
 if node[:tile][:database][:external_data_script]
   execute node[:tile][:database][:external_data_script] do
-    command "#{node[:tile][:database][:external_data_script]} -R www-data"
+    command "#{node[:tile][:database][:external_data_script]} -R _renderd"
     cwd "/srv/tile.openstreetmap.org"
     user "tile"
     group "tile"
     ignore_failure true
   end
+
+  Array(node[:tile][:database][:external_data_tables]).each do |table|
+    postgresql_table table do
+      cluster node[:tile][:database][:cluster]
+      database "gis"
+      owner "tile"
+      permissions "tile" => :all, "www-data" => :select, "_renderd" => :select
+    end
+  end
 end
 
 postgresql_munin "gis" do
@@ -477,7 +490,7 @@ end
 
 file node[:tile][:database][:node_file] do
   owner "tile"
-  group "www-data"
+  group "_renderd"
   mode "660"
 end
 
@@ -553,7 +566,7 @@ end
 
 directory "/var/lib/replicate/expire-queue" do
   owner "tile"
-  group "www-data"
+  group "_renderd"
   mode "775"
 end
 
@@ -568,7 +581,7 @@ end
 systemd_service "expire-tiles" do
   description "Tile dirtying service"
   type "simple"
-  user "www-data"
+  user "_renderd"
   exec_start "/usr/local/bin/expire-tiles"
   standard_output "null"
   private_tmp true
@@ -663,7 +676,7 @@ tile_directories.each do |directory|
 
   cron_d "cleanup-tiles#{label}" do
     minute "0"
-    user "www-data"
+    user "_renderd"
     command "ionice -c 3 /usr/local/bin/cleanup-tiles #{directory}"
     mailto "admins@openstreetmap.org"
   end