X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/3b563e12600d3519011cde414ee0465698a7814f..7c583c9d2fcb1a0ba3132c8c456d93cfd31598b2:/cookbooks/overpass/recipes/default.rb diff --git a/cookbooks/overpass/recipes/default.rb b/cookbooks/overpass/recipes/default.rb index d807eab69..0cad2a1ab 100644 --- a/cookbooks/overpass/recipes/default.rb +++ b/cookbooks/overpass/recipes/default.rb @@ -18,11 +18,13 @@ # include_recipe "accounts" -include_recipe "munin" include_recipe "apache" +include_recipe "prometheus" +include_recipe "ruby" username = "overpass" basedir = data_bag_item("accounts", username)["home"] +web_passwords = data_bag_item("web", "passwords") %w[bin site diffs db src].each do |dirname| directory "#{basedir}/#{dirname}" do @@ -67,10 +69,30 @@ execute "install_overpass" do user username cwd srcdir command "./configure --enable-lz4 --prefix=#{basedir} && make install" + notifies :restart, "service[overpass-dispatcher]" + notifies :restart, "service[overpass-area-dispatcher]" end ## Setup Apache +gem_package "rotp" do + gem_binary node[:ruby][:gem] +end + +directory "#{basedir}/apache" do + owner "root" + group "root" + mode "755" +end + +template "#{basedir}/apache/totp-filter" do + source "totp-filter.erb" + owner "root" + group "root" + mode "755" + variables :totp_key => web_passwords["totp_key"] +end + ssl_certificate node[:fqdn] do domains [node[:fqdn], node[:overpass][:fqdn]] @@ -79,6 +101,11 @@ end apache_module "cgi" apache_module "headers" +apache_module "rewrite" + +apache_site "default" do + action :disable +end apache_site "#{node[:overpass][:fqdn]}" do template "apache.erb" @@ -123,6 +150,7 @@ end systemd_service "overpass-dispatcher" do description "Overpass Main Dispatcher" + wants ["overpass-area-dispatcher.service"] working_directory basedir exec_start "#{basedir}/bin/dispatcher --osm-base #{meta_map_short[node[:overpass][:meta_mode]]} --db-dir=#{basedir}/db --rate-limit=#{node[:overpass][:rate_limit]} --space=#{node[:overpass][:dispatcher_space]}" exec_stop "#{basedir}/bin/dispatcher --osm-base --terminate" @@ -136,7 +164,7 @@ end systemd_service "overpass-area-dispatcher" do description "Overpass Area Dispatcher" - after ["overpass-dispatcher"] + after ["overpass-dispatcher.service"] working_directory basedir exec_start "#{basedir}/bin/dispatcher --areas #{meta_map_short[node[:overpass][:meta_mode]]} --db-dir=#{basedir}/db" exec_stop "#{basedir}/bin/dispatcher --areas --terminate" @@ -150,41 +178,61 @@ end systemd_service "overpass-update" do description "Overpass Update Application" - after ["overpass-dispatcher"] + after ["overpass-dispatcher.service"] + wants ["overpass-area-processor.service"] working_directory basedir exec_start "#{basedir}/bin/overpass-update-db" standard_output "append:#{logdir}/update.log" user username + restart "on-success" end if node[:overpass][:meta_mode] == "attic" systemd_service "overpass-area-processor" do description "Overpass Area Processor" - after ["overpass-area-dispatcher"] + after ["overpass-area-dispatcher.service", "overpass-update.service"] working_directory basedir exec_start "#{basedir}/bin/overpass-update-areas" standard_output "append:#{logdir}/area-processor.log" + restart "on-success" nice 19 user username end else systemd_service "overpass-area-processor" do description "Overpass Area Processor" - after ["overpass-area-dispatcher"] + after ["overpass-area-dispatcher.service", "overpass-update.service"] working_directory basedir exec_start "#{basedir}/bin/osm3s_query --progress --rules" standard_input "file:#{srcdir}/rules/areas.osm3s" standard_output "append:#{logdir}/area-processor.log" + restart "on-success" nice 19 user username end end systemd_timer "overpass-area-processor" do - description "Update areas in Overpass" - on_calendar "*-*-* *:*:00" + action :delete end service "overpass-area-processor" do - action [:enable] + action [:disable] +end + +template "/etc/logrotate.d/overpass" do + source "logrotate.erb" + owner "root" + group "root" + mode "644" + variables :logdir => logdir +end + +prometheus_exporter "overpass" do + port 9898 + user username + restrict_address_families "AF_UNIX" + options [ + "--overpass.base-directory=#{basedir}" + ] end