]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/planet/recipes/replication.rb
account: update ligfietser ssh key
[chef.git] / cookbooks / planet / recipes / replication.rb
index c3893834daec2affd2b6a7acc3f505dc25aec397..d719d11ae519c33800a36865f501f8f8c61ced1c 100644 (file)
@@ -22,6 +22,7 @@ require "yaml"
 include_recipe "accounts"
 include_recipe "apt"
 include_recipe "osmosis"
 include_recipe "accounts"
 include_recipe "apt"
 include_recipe "osmosis"
+include_recipe "planet::aws"
 include_recipe "ruby"
 include_recipe "tools"
 
 include_recipe "ruby"
 include_recipe "tools"
 
@@ -206,6 +207,8 @@ systemd_service "replication-changesets" do
   user "planet"
   exec_start "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf"
   sandbox :enable_network => true
   user "planet"
   exec_start "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf"
   sandbox :enable_network => true
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
   read_write_paths [
     "/run/replication",
     "/store/planet/replication/changesets"
   read_write_paths [
     "/run/replication",
     "/store/planet/replication/changesets"
@@ -266,6 +269,8 @@ systemd_service "replication-minutely" do
   working_directory "/etc/replication"
   exec_start "/usr/local/bin/replicate-minute"
   sandbox :enable_network => true
   working_directory "/etc/replication"
   exec_start "/usr/local/bin/replicate-minute"
   sandbox :enable_network => true
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
   read_write_paths [
     "/run/replication",
     "/store",
   read_write_paths [
     "/run/replication",
     "/store",
@@ -309,10 +314,12 @@ end
 systemd_service "replication-hourly" do
   description "Hourly replication"
   user "planet"
 systemd_service "replication-hourly" do
   description "Hourly replication"
   user "planet"
-  exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour"
+  exec_start "/usr/local/bin/replicate-hour"
   environment "LD_PRELOAD" => "/opt/flush/flush.so"
   sandbox :enable_network => true
   memory_deny_write_execute false
   environment "LD_PRELOAD" => "/opt/flush/flush.so"
   sandbox :enable_network => true
   memory_deny_write_execute false
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
   read_write_paths [
     "/store/planet/replication/hour",
     "/var/lib/replication/hour"
   read_write_paths [
     "/store/planet/replication/hour",
     "/var/lib/replication/hour"
@@ -353,10 +360,12 @@ end
 systemd_service "replication-daily" do
   description "Daily replication"
   user "planet"
 systemd_service "replication-daily" do
   description "Daily replication"
   user "planet"
-  exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day"
+  exec_start "/usr/local/bin/replicate-day"
   environment "LD_PRELOAD" => "/opt/flush/flush.so"
   sandbox :enable_network => true
   memory_deny_write_execute false
   environment "LD_PRELOAD" => "/opt/flush/flush.so"
   sandbox :enable_network => true
   memory_deny_write_execute false
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
   read_write_paths [
     "/store/planet/replication/day",
     "/var/lib/replication/day"
   read_write_paths [
     "/store/planet/replication/day",
     "/var/lib/replication/day"