]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/planet/recipes/replication.rb
blog: remove opengeodata.org ssl cleanup
[chef.git] / cookbooks / planet / recipes / replication.rb
index 8845f1b70c9122f599515c67ce0d9b45ba8d1070..c3893834daec2affd2b6a7acc3f505dc25aec397 100644 (file)
@@ -22,6 +22,8 @@ require "yaml"
 include_recipe "accounts"
 include_recipe "apt"
 include_recipe "osmosis"
+include_recipe "ruby"
+include_recipe "tools"
 
 db_passwords = data_bag_item("db", "passwords")
 
@@ -29,8 +31,6 @@ db_passwords = data_bag_item("db", "passwords")
 
 package %w[
   postgresql-client
-  ruby
-  ruby-dev
   ruby-libxml
   make
   gcc
@@ -39,7 +39,9 @@ package %w[
   osmdbt
 ]
 
-gem_package "pg"
+gem_package "pg" do
+  gem_binary node[:ruby][:gem]
+end
 
 ## Build preload library to flush files
 
@@ -74,13 +76,6 @@ remote_directory "/usr/local/bin" do
   files_mode "755"
 end
 
-template "/usr/local/bin/replicate-minute" do
-  source "replicate-minute.erb"
-  owner "root"
-  group "root"
-  mode "755"
-end
-
 template "/usr/local/bin/users-agreed" do
   source "users-agreed.erb"
   owner "root"
@@ -119,12 +114,6 @@ remote_directory "/store/planet/replication" do
   files_mode "755"
 end
 
-directory "/store/planet/replication/test" do
-  owner "planet"
-  group "planet"
-  mode "755"
-end
-
 ## Configuration directory
 
 directory "/etc/replication" do
@@ -150,7 +139,9 @@ directory "/var/lib/replication" do
   mode "755"
 end
 
-directory "/var/lib/replication/test" do
+## Temporary directory
+
+directory "/store/replication" do
   owner "planet"
   group "planet"
   mode "755"
@@ -166,105 +157,77 @@ template "/etc/replication/users-agreed.conf" do
   variables :password => db_passwords["planetdiff"]
 end
 
-## Changeset replication
-
-directory "/store/planet/replication/changesets" do
-  owner "planet"
-  group "planet"
-  mode "755"
+systemd_service "users-agreed" do
+  description "Update list of users accepting CTs"
+  user "planet"
+  exec_start "/usr/local/bin/users-agreed"
+  nice 10
+  sandbox :enable_network => true
+  read_write_paths "/store/planet/users_agreed"
 end
 
-template "/etc/replication/changesets.conf" do
-  source "changesets.conf.erb"
-  user "root"
-  group "planet"
-  mode "640"
-  variables :password => db_passwords["planetdiff"]
+systemd_timer "users-agreed" do
+  description "Update list of users accepting CTs"
+  on_calendar "7:00"
 end
 
-## Minutely replication
+systemd_service "users-deleted" do
+  description "Update list of deleted users"
+  user "planet"
+  exec_start "/usr/local/bin/users-deleted"
+  nice 10
+  sandbox :enable_network => true
+  read_write_paths "/store/planet/users_deleted"
+end
 
-directory "/store/planet/replication/minute" do
-  owner "planet"
-  group "planet"
-  mode "755"
+systemd_timer "users-deleted" do
+  description "Update list of deleted users"
+  on_calendar "17:00"
 end
 
-directory "/var/lib/replication/minute" do
+## Changeset replication
+
+directory "/store/planet/replication/changesets" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-template "/etc/replication/auth.conf" do
-  source "replication.auth.erb"
+template "/etc/replication/changesets.conf" do
+  source "changesets.conf.erb"
   user "root"
   group "planet"
   mode "640"
   variables :password => db_passwords["planetdiff"]
 end
 
-## Hourly replication
-
-directory "/store/planet/replication/hour" do
-  owner "planet"
-  group "planet"
-  mode "755"
-end
-
-directory "/var/lib/replication/hour" do
-  owner "planet"
-  group "planet"
-  mode "755"
-end
-
-link "/var/lib/replication/hour/data" do
-  to "/store/planet/replication/hour"
-end
-
-template "/var/lib/replication/hour/configuration.txt" do
-  source "replication.config.erb"
-  owner "planet"
-  group "planet"
-  mode "644"
-  variables :base => "minute", :interval => 3600
-end
-
-## Daily replication
-
-directory "/store/planet/replication/day" do
-  owner "planet"
-  group "planet"
-  mode "755"
-end
-
-directory "/var/lib/replication/day" do
-  owner "planet"
-  group "planet"
-  mode "755"
-end
-
-link "/var/lib/replication/day/data" do
-  to "/store/planet/replication/day"
+systemd_service "replication-changesets" do
+  description "Changesets replication"
+  user "planet"
+  exec_start "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf"
+  sandbox :enable_network => true
+  read_write_paths [
+    "/run/replication",
+    "/store/planet/replication/changesets"
+  ]
 end
 
-template "/var/lib/replication/day/configuration.txt" do
-  source "replication.config.erb"
-  owner "planet"
-  group "planet"
-  mode "644"
-  variables :base => "hour", :interval => 86400
+systemd_timer "replication-changesets" do
+  description "Changesets replication"
+  on_boot_sec 60
+  on_unit_active_sec 60
+  accuracy_sec 5
 end
 
-## Minutely replication (test feed)
+## Minutely replication
 
-directory "/store/planet/replication/test/minute" do
+directory "/store/planet/replication/minute" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/store/replication" do
+directory "/var/lib/replication/minute" do
   owner "planet"
   group "planet"
   mode "755"
@@ -285,7 +248,7 @@ osmdbt_config = {
     "replication_slot" => "osmdbt"
   },
   "log_dir" => "/var/lib/replication/minute",
-  "changes_dir" => "/store/planet/replication/test/minute",
+  "changes_dir" => "/store/planet/replication/minute",
   "tmp_dir" => "/store/replication/minute",
   "run_dir" => "/run/replication"
 }
@@ -302,12 +265,12 @@ systemd_service "replication-minutely" do
   user "planet"
   working_directory "/etc/replication"
   exec_start "/usr/local/bin/replicate-minute"
-  private_tmp true
-  private_devices true
-  protect_system "full"
-  protect_home true
-  restrict_address_families %w[AF_INET AF_INET6]
-  no_new_privileges true
+  sandbox :enable_network => true
+  read_write_paths [
+    "/run/replication",
+    "/store",
+    "/var/lib/replication/minute"
+  ]
 end
 
 systemd_timer "replication-minutely" do
@@ -317,85 +280,87 @@ systemd_timer "replication-minutely" do
   accuracy_sec 5
 end
 
-### Hourly replication (test feed)
+## Hourly replication
 
-directory "/store/planet/replication/test/hour" do
+directory "/store/planet/replication/hour" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/var/lib/replication/test/hour" do
+directory "/var/lib/replication/hour" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-link "/var/lib/replication/test/hour/data" do
-  to "/store/planet/replication/test/hour"
+link "/var/lib/replication/hour/data" do
+  to "/store/planet/replication/hour"
 end
 
-template "/var/lib/replication/test/hour/configuration.txt" do
+template "/var/lib/replication/hour/configuration.txt" do
   source "replication.config.erb"
   owner "planet"
   group "planet"
   mode "644"
-  variables :base => "test/minute", :interval => 3600
+  variables :base => "minute", :interval => 3600
 end
 
 systemd_service "replication-hourly" do
   description "Hourly replication"
   user "planet"
-  exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/test/hour"
-  private_tmp true
-  private_devices true
-  protect_system "full"
-  protect_home true
-  restrict_address_families %w[AF_INET AF_INET6]
-  no_new_privileges true
+  exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour"
+  environment "LD_PRELOAD" => "/opt/flush/flush.so"
+  sandbox :enable_network => true
+  memory_deny_write_execute false
+  read_write_paths [
+    "/store/planet/replication/hour",
+    "/var/lib/replication/hour"
+  ]
 end
 
 systemd_timer "replication-hourly" do
-  description "Daily replication"
+  description "Hourly replication"
   on_calendar "*-*-* *:02/15:00"
 end
 
-## Daily replication (test feed)
+## Daily replication
 
-directory "/store/planet/replication/test/day" do
+directory "/store/planet/replication/day" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/var/lib/replication/test/day" do
+directory "/var/lib/replication/day" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-link "/var/lib/replication/test/day/data" do
-  to "/store/planet/replication/test/day"
+link "/var/lib/replication/day/data" do
+  to "/store/planet/replication/day"
 end
 
-template "/var/lib/replication/test/day/configuration.txt" do
+template "/var/lib/replication/day/configuration.txt" do
   source "replication.config.erb"
   owner "planet"
   group "planet"
   mode "644"
-  variables :base => "test/hour", :interval => 86400
+  variables :base => "hour", :interval => 86400
 end
 
 systemd_service "replication-daily" do
   description "Daily replication"
   user "planet"
-  exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/test/day"
-  private_tmp true
-  private_devices true
-  protect_system "full"
-  protect_home true
-  restrict_address_families %w[AF_INET AF_INET6]
-  no_new_privileges true
+  exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day"
+  environment "LD_PRELOAD" => "/opt/flush/flush.so"
+  sandbox :enable_network => true
+  memory_deny_write_execute false
+  read_write_paths [
+    "/store/planet/replication/day",
+    "/var/lib/replication/day"
+  ]
 end
 
 systemd_timer "replication-daily" do
@@ -403,52 +368,36 @@ systemd_timer "replication-daily" do
   on_calendar "*-*-* *:02/15:00"
 end
 
-## Enable/disable feeds
+## Replication cleanup
 
-if node[:planet][:replication] == "enabled"
-  cron_d "users-agreed" do
-    minute "0"
-    hour "7"
-    user "planet"
-    command "/usr/local/bin/users-agreed"
-    mailto "zerebubuth@gmail.com"
-  end
+systemd_service "replication-cleanup" do
+  description "Cleanup replication"
+  user "planet"
+  exec_start "/usr/local/bin/replicate-cleanup"
+  sandbox true
+  read_write_paths "/var/lib/replication"
+end
 
-  cron_d "users-deleted" do
-    minute "0"
-    hour "17"
-    user "planet"
-    command "/usr/local/bin/users-deleted"
-    mailto "zerebubuth@gmail.com"
-  end
+systemd_timer "replication-cleanup" do
+  description "Cleanup replication"
+  on_boot_sec 60
+  on_unit_active_sec 86400
+  accuracy_sec 1800
+end
 
-  cron_d "replication-changesets" do
-    user "planet"
-    command "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf"
-    mailto "zerebubuth@gmail.com"
-  end
+## Enable/disable feeds
 
-  cron_d "replication-minutely" do
-    user "planet"
-    command "/usr/local/bin/osmosis -q --replicate-apidb authFile=/etc/replication/auth.conf validateSchemaVersion=false --write-replication workingDirectory=/store/planet/replication/minute"
-    mailto "brett@bretth.com"
-    environment "LD_PRELOAD" => "/opt/flush/flush.so"
+if node[:planet][:replication] == "enabled"
+  service "users-agreed.timer" do
+    action [:enable, :start]
   end
 
-  cron_d "replication-hourly" do
-    minute "2,7,12,17"
-    user "planet"
-    command "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour"
-    mailto "brett@bretth.com"
-    environment "LD_PRELOAD" => "/opt/flush/flush.so"
+  service "users-deleted.timer" do
+    action [:enable, :start]
   end
 
-  cron_d "replication-daily" do
-    minute "5,10,15,20"
-    user "planet"
-    command "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day"
-    mailto "brett@bretth.com"
-    environment "LD_PRELOAD" => "/opt/flush/flush.so"
+  service "replication-changesets.timer" do
+    action [:enable, :start]
   end
 
   service "replication-minutely.timer" do
@@ -462,29 +411,21 @@ if node[:planet][:replication] == "enabled"
   service "replication-daily.timer" do
     action [:enable, :start]
   end
-else
-  cron_d "users-agreed" do
-    action :delete
-  end
-
-  cron_d "users-deleted" do
-    action :delete
-  end
 
-  cron_d "replication-changesets" do
-    action :delete
+  service "replication-cleanup.timer" do
+    action [:enable, :start]
   end
-
-  cron_d "replication-minutely" do
-    action :delete
+else
+  service "users-agreed.timer" do
+    action [:stop, :disable]
   end
 
-  cron_d "replication-hourly" do
-    action :delete
+  service "users-deleted.timer" do
+    action [:stop, :disable]
   end
 
-  cron_d "replication-daily" do
-    action :delete
+  service "replication-changesets.timer" do
+    action [:stop, :disable]
   end
 
   service "replication-minutely.timer" do
@@ -498,4 +439,8 @@ else
   service "replication-daily.timer" do
     action [:stop, :disable]
   end
+
+  service "replication-cleanup.timer" do
+    action [:stop, :disable]
+  end
 end