]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/planet/recipes/replication.rb
Use snap-03 as the readonly database in Dublin
[chef.git] / cookbooks / planet / recipes / replication.rb
index 2a3e65cb2127dc5389ce3d78fee85168b389cd1b..5c07ae2314689a1acb1b13afdffa007a8b92c46d 100644 (file)
 require "yaml"
 
 include_recipe "accounts"
 require "yaml"
 
 include_recipe "accounts"
+include_recipe "apt"
 include_recipe "osmosis"
 
 db_passwords = data_bag_item("db", "passwords")
 
 include_recipe "osmosis"
 
 db_passwords = data_bag_item("db", "passwords")
 
+## Install required packages
+
 package %w[
   postgresql-client
   ruby
 package %w[
   postgresql-client
   ruby
@@ -31,12 +34,15 @@ package %w[
   ruby-libxml
   make
   gcc
   ruby-libxml
   make
   gcc
+  libc6-dev
   libpq-dev
   osmdbt
 ]
 
 gem_package "pg"
 
   libpq-dev
   osmdbt
 ]
 
 gem_package "pg"
 
+## Build preload library to flush files
+
 remote_directory "/opt/flush" do
   source "flush"
   owner "root"
 remote_directory "/opt/flush" do
   source "flush"
   owner "root"
@@ -56,6 +62,8 @@ execute "/opt/flush/Makefile" do
   subscribes :run, "remote_directory[/opt/flush]"
 end
 
   subscribes :run, "remote_directory[/opt/flush]"
 end
 
+## Install scripts
+
 remote_directory "/usr/local/bin" do
   source "replication-bin"
   owner "root"
 remote_directory "/usr/local/bin" do
   source "replication-bin"
   owner "root"
@@ -66,13 +74,6 @@ remote_directory "/usr/local/bin" do
   files_mode "755"
 end
 
   files_mode "755"
 end
 
-template "/usr/local/bin/replicate-minute" do
-  source "replicate-minute.erb"
-  owner "root"
-  group "root"
-  mode "755"
-end
-
 template "/usr/local/bin/users-agreed" do
   source "users-agreed.erb"
   owner "root"
 template "/usr/local/bin/users-agreed" do
   source "users-agreed.erb"
   owner "root"
@@ -87,6 +88,8 @@ template "/usr/local/bin/users-deleted" do
   mode "755"
 end
 
   mode "755"
 end
 
+## Published deleted users directory
+
 remote_directory "/store/planet/users_deleted" do
   source "users_deleted"
   owner "planet"
 remote_directory "/store/planet/users_deleted" do
   source "users_deleted"
   owner "planet"
@@ -97,6 +100,8 @@ remote_directory "/store/planet/users_deleted" do
   files_mode "644"
 end
 
   files_mode "644"
 end
 
+## Published replication directory
+
 remote_directory "/store/planet/replication" do
   source "replication-cgi"
   owner "root"
 remote_directory "/store/planet/replication" do
   source "replication-cgi"
   owner "root"
@@ -107,79 +112,83 @@ remote_directory "/store/planet/replication" do
   files_mode "755"
 end
 
   files_mode "755"
 end
 
-directory "/store/planet/replication/changesets" do
-  owner "planet"
-  group "planet"
+## Configuration directory
+
+directory "/etc/replication" do
+  owner "root"
+  group "root"
   mode "755"
 end
 
   mode "755"
 end
 
-directory "/store/planet/replication/day" do
+## Transient state directory
+
+systemd_tmpfile "/run/replication" do
+  type "d"
   owner "planet"
   group "planet"
   mode "755"
 end
 
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/store/planet/replication/hour" do
+## Persistent state directory
+
+directory "/var/lib/replication" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/store/planet/replication/minute" do
+## Temporary directory
+
+directory "/store/replication" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/store/planet/replication/test" do
-  owner "planet"
+## Users replication
+
+template "/etc/replication/users-agreed.conf" do
+  source "users-agreed.conf.erb"
+  user "planet"
   group "planet"
   group "planet"
-  mode "755"
+  mode "600"
+  variables :password => db_passwords["planetdiff"]
 end
 
 end
 
-directory "/store/planet/replication/test/minute" do
+## Changeset replication
+
+directory "/store/planet/replication/changesets" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/store/replication" do
-  owner "planet"
+template "/etc/replication/changesets.conf" do
+  source "changesets.conf.erb"
+  user "root"
   group "planet"
   group "planet"
-  mode "755"
+  mode "640"
+  variables :password => db_passwords["planetdiff"]
 end
 
 end
 
-directory "/store/replication/minute" do
+## Minutely replication
+
+directory "/store/planet/replication/minute" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
   owner "planet"
   group "planet"
   mode "755"
 end
 
-systemd_tmpfile "/run/replication" do
-  type "d"
+directory "/var/lib/replication/minute" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/etc/replication" do
-  owner "root"
-  group "root"
-  mode "755"
-end
-
-directory "/var/run/lock/changeset-replication/" do
+directory "/store/replication/minute" do
   owner "planet"
   group "planet"
   owner "planet"
   group "planet"
-  mode "750"
-end
-
-template "/etc/replication/auth.conf" do
-  source "replication.auth.erb"
-  user "root"
-  group "planet"
-  mode "640"
-  variables :password => db_passwords["planetdiff"]
+  mode "755"
 end
 
 osmdbt_config = {
 end
 
 osmdbt_config = {
@@ -191,7 +200,7 @@ osmdbt_config = {
     "replication_slot" => "osmdbt"
   },
   "log_dir" => "/var/lib/replication/minute",
     "replication_slot" => "osmdbt"
   },
   "log_dir" => "/var/lib/replication/minute",
-  "changes_dir" => "/store/planet/replication/test/minute",
+  "changes_dir" => "/store/planet/replication/minute",
   "tmp_dir" => "/store/replication/minute",
   "run_dir" => "/run/replication"
 }
   "tmp_dir" => "/store/replication/minute",
   "run_dir" => "/run/replication"
 }
@@ -223,38 +232,22 @@ systemd_timer "replication-minutely" do
   accuracy_sec 5
 end
 
   accuracy_sec 5
 end
 
-template "/etc/replication/changesets.conf" do
-  source "changesets.conf.erb"
-  user "root"
-  group "planet"
-  mode "640"
-  variables :password => db_passwords["planetdiff"]
-end
-
-template "/etc/replication/users-agreed.conf" do
-  source "users-agreed.conf.erb"
-  user "planet"
-  group "planet"
-  mode "600"
-  variables :password => db_passwords["planetdiff"]
-end
+## Hourly replication
 
 
-directory "/var/lib/replication" do
+directory "/store/planet/replication/hour" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/var/lib/replication/minute" do
+directory "/var/lib/replication/hour" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/var/lib/replication/hour" do
-  owner "planet"
-  group "planet"
-  mode "755"
+link "/var/lib/replication/hour/data" do
+  to "/store/planet/replication/hour"
 end
 
 template "/var/lib/replication/hour/configuration.txt" do
 end
 
 template "/var/lib/replication/hour/configuration.txt" do
@@ -265,8 +258,29 @@ template "/var/lib/replication/hour/configuration.txt" do
   variables :base => "minute", :interval => 3600
 end
 
   variables :base => "minute", :interval => 3600
 end
 
-link "/var/lib/replication/hour/data" do
-  to "/store/planet/replication/hour"
+systemd_service "replication-hourly" do
+  description "Hourly replication"
+  user "planet"
+  exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  restrict_address_families %w[AF_INET AF_INET6]
+  no_new_privileges true
+end
+
+systemd_timer "replication-hourly" do
+  description "Daily replication"
+  on_calendar "*-*-* *:02/15:00"
+end
+
+## Daily replication
+
+directory "/store/planet/replication/day" do
+  owner "planet"
+  group "planet"
+  mode "755"
 end
 
 directory "/var/lib/replication/day" do
 end
 
 directory "/var/lib/replication/day" do
@@ -275,6 +289,10 @@ directory "/var/lib/replication/day" do
   mode "755"
 end
 
   mode "755"
 end
 
+link "/var/lib/replication/day/data" do
+  to "/store/planet/replication/day"
+end
+
 template "/var/lib/replication/day/configuration.txt" do
   source "replication.config.erb"
   owner "planet"
 template "/var/lib/replication/day/configuration.txt" do
   source "replication.config.erb"
   owner "planet"
@@ -283,10 +301,46 @@ template "/var/lib/replication/day/configuration.txt" do
   variables :base => "hour", :interval => 86400
 end
 
   variables :base => "hour", :interval => 86400
 end
 
-link "/var/lib/replication/day/data" do
-  to "/store/planet/replication/day"
+systemd_service "replication-daily" do
+  description "Daily replication"
+  user "planet"
+  exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  restrict_address_families %w[AF_INET AF_INET6]
+  no_new_privileges true
 end
 
 end
 
+systemd_timer "replication-daily" do
+  description "Daily replication"
+  on_calendar "*-*-* *:02/15:00"
+end
+
+## Replication cleanup
+
+systemd_service "replication-cleanup" do
+  description "Cleanup replication"
+  user "planet"
+  exec_start "/usr/local/bin/replicate-cleanup"
+  private_tmp true
+  private_devices true
+  private_network true
+  protect_system "full"
+  protect_home true
+  no_new_privileges true
+end
+
+systemd_timer "replication-cleanup" do
+  description "Cleanup replication"
+  on_boot_sec 60
+  on_unit_active_sec 86400
+  accuracy_sec 1800
+end
+
+## Enable/disable feeds
+
 if node[:planet][:replication] == "enabled"
   cron_d "users-agreed" do
     minute "0"
 if node[:planet][:replication] == "enabled"
   cron_d "users-agreed" do
     minute "0"
@@ -314,27 +368,16 @@ if node[:planet][:replication] == "enabled"
     action [:enable, :start]
   end
 
     action [:enable, :start]
   end
 
-  cron_d "replication-minutely" do
-    user "planet"
-    command "/usr/local/bin/osmosis -q --replicate-apidb authFile=/etc/replication/auth.conf validateSchemaVersion=false --write-replication workingDirectory=/store/planet/replication/minute"
-    mailto "brett@bretth.com"
-    environment "LD_PRELOAD" => "/opt/flush/flush.so"
+  service "replication-hourly.timer" do
+    action [:enable, :start]
   end
 
   end
 
-  cron_d "replication-hourly" do
-    minute "2,7,12,17"
-    user "planet"
-    command "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour"
-    mailto "brett@bretth.com"
-    environment "LD_PRELOAD" => "/opt/flush/flush.so"
+  service "replication-daily.timer" do
+    action [:enable, :start]
   end
 
   end
 
-  cron_d "replication-daily" do
-    minute "5,10,15,20"
-    user "planet"
-    command "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day"
-    mailto "brett@bretth.com"
-    environment "LD_PRELOAD" => "/opt/flush/flush.so"
+  service "replication-cleanup.timer" do
+    action [:enable, :start]
   end
 else
   cron_d "users-agreed" do
   end
 else
   cron_d "users-agreed" do
@@ -353,15 +396,15 @@ else
     action [:stop, :disable]
   end
 
     action [:stop, :disable]
   end
 
-  cron_d "replication-minutely" do
-    action :delete
+  service "replication-hourly.timer" do
+    action [:stop, :disable]
   end
 
   end
 
-  cron_d "replication-hourly" do
-    action :delete
+  service "replication-daily.timer" do
+    action [:stop, :disable]
   end
 
   end
 
-  cron_d "replication-daily" do
-    action :delete
+  service "replication-cleanup.timer" do
+    action [:stop, :disable]
   end
 end
   end
 end