X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/164c98b7d580e6e937210d1c46a7ba5c5b3cbdb3..3b7db03656d2f783af8ad7f9e6c19716773da602:/cookbooks/planet/recipes/dump.rb?ds=inline diff --git a/cookbooks/planet/recipes/dump.rb b/cookbooks/planet/recipes/dump.rb index f7a143181..d386eaa79 100644 --- a/cookbooks/planet/recipes/dump.rb +++ b/cookbooks/planet/recipes/dump.rb @@ -17,6 +17,7 @@ # limitations under the License. # +include_recipe "accounts" include_recipe "git" package %w[ @@ -37,8 +38,6 @@ package %w[ libprotobuf-dev osmpbf-bin pbzip2 - php-cli - php-curl mktorrent xmlstarlet libxml2-utils @@ -88,13 +87,13 @@ execute "/opt/planet-dump-ng/Makefile" do end directory "/store/planetdump" do - owner "www-data" - group "www-data" + owner "planet" + group "planet" mode "755" recursive true end -%w[planetdump planetdump-trigger planet-mirror-redirect-update].each do |program| +%w[planetdump planetdump-trigger].each do |program| template "/usr/local/bin/#{program}" do source "#{program}.erb" owner "root" @@ -105,10 +104,12 @@ end systemd_service "planetdump@" do description "Planet dump for %i" - user "www-data" + user "planet" exec_start "/usr/local/bin/planetdump %i" memory_max "64G" - sandbox true + sandbox :enable_network => true + protect_home "tmpfs" + bind_paths "/home/planet" read_write_paths [ "/store/planetdump", "/store/planet/pbf", @@ -130,22 +131,3 @@ service "planetdump-trigger" do action [:enable, :start] subscribes :restart, "template[/usr/local/bin/planetdump-trigger]" end - -systemd_service "planet-dump-mirror" do - description "Update planet dump mirrors" - exec_start "/usr/local/bin/planet-mirror-redirect-update" - user "www-data" - sandbox :enable_network => true - memory_deny_write_execute false - read_write_paths "/store/planet/.htaccess" -end - -systemd_timer "planet-dump-mirror" do - description "Update planet dump mirrors" - on_boot_sec "10min" - on_unit_inactive_sec "10min" -end - -service "planet-dump-mirror.timer" do - action [:enable, :start] -end