X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/415fd31755518c3602e9e42dbe2232b883083df0..21f63bf93d90219a836166bbf0883755e4248989:/cookbooks/planet/recipes/replication.rb diff --git a/cookbooks/planet/recipes/replication.rb b/cookbooks/planet/recipes/replication.rb index b59e0bf0c..fa9649a38 100644 --- a/cookbooks/planet/recipes/replication.rb +++ b/cookbooks/planet/recipes/replication.rb @@ -22,6 +22,8 @@ require "yaml" include_recipe "accounts" include_recipe "apt" include_recipe "osmosis" +include_recipe "ruby" +include_recipe "tools" db_passwords = data_bag_item("db", "passwords") @@ -29,8 +31,6 @@ db_passwords = data_bag_item("db", "passwords") package %w[ postgresql-client - ruby - ruby-dev ruby-libxml make gcc @@ -39,7 +39,9 @@ package %w[ osmdbt ] -gem_package "pg" +gem_package "pg" do + gem_binary node[:ruby][:gem] +end ## Build preload library to flush files @@ -74,20 +76,6 @@ remote_directory "/usr/local/bin" do files_mode "755" end -template "/usr/local/bin/replicate-minute" do - source "replicate-minute.erb" - owner "root" - group "root" - mode "755" -end - -template "/usr/local/bin/replicate-cleanup" do - source "replicate-cleanup.erb" - owner "root" - group "root" - mode "755" -end - template "/usr/local/bin/users-agreed" do source "users-agreed.erb" owner "root" @@ -169,6 +157,34 @@ template "/etc/replication/users-agreed.conf" do variables :password => db_passwords["planetdiff"] end +systemd_service "users-agreed" do + description "Update list of users accepting CTs" + user "planet" + exec_start "/usr/local/bin/users-agreed" + nice 10 + sandbox :enable_network => true + read_write_paths "/store/planet/users_agreed" +end + +systemd_timer "users-agreed" do + description "Update list of users accepting CTs" + on_calendar "7:00" +end + +systemd_service "users-deleted" do + description "Update list of deleted users" + user "planet" + exec_start "/usr/local/bin/users-deleted" + nice 10 + sandbox :enable_network => true + read_write_paths "/store/planet/users_deleted" +end + +systemd_timer "users-deleted" do + description "Update list of deleted users" + on_calendar "17:00" +end + ## Changeset replication directory "/store/planet/replication/changesets" do @@ -185,6 +201,24 @@ template "/etc/replication/changesets.conf" do variables :password => db_passwords["planetdiff"] end +systemd_service "replication-changesets" do + description "Changesets replication" + user "planet" + exec_start "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf" + sandbox :enable_network => true + read_write_paths [ + "/run/replication", + "/store/planet/replication/changesets" + ] +end + +systemd_timer "replication-changesets" do + description "Changesets replication" + on_boot_sec 60 + on_unit_active_sec 60 + accuracy_sec 5 +end + ## Minutely replication directory "/store/planet/replication/minute" do @@ -231,12 +265,12 @@ systemd_service "replication-minutely" do user "planet" working_directory "/etc/replication" exec_start "/usr/local/bin/replicate-minute" - private_tmp true - private_devices true - protect_system "full" - protect_home true - restrict_address_families %w[AF_INET AF_INET6] - no_new_privileges true + sandbox :enable_network => true + read_write_paths [ + "/run/replication", + "/store", + "/var/lib/replication/minute" + ] end systemd_timer "replication-minutely" do @@ -276,12 +310,13 @@ systemd_service "replication-hourly" do description "Hourly replication" user "planet" exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour" - private_tmp true - private_devices true - protect_system "full" - protect_home true - restrict_address_families %w[AF_INET AF_INET6] - no_new_privileges true + environment "LD_PRELOAD" => "/opt/flush/flush.so" + sandbox :enable_network => true + memory_deny_write_execute false + read_write_paths [ + "/store/planet/replication/hour", + "/var/lib/replication/hour" + ] end systemd_timer "replication-hourly" do @@ -319,12 +354,13 @@ systemd_service "replication-daily" do description "Daily replication" user "planet" exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day" - private_tmp true - private_devices true - protect_system "full" - protect_home true - restrict_address_families %w[AF_INET AF_INET6] - no_new_privileges true + environment "LD_PRELOAD" => "/opt/flush/flush.so" + sandbox :enable_network => true + memory_deny_write_execute false + read_write_paths [ + "/store/planet/replication/day", + "/var/lib/replication/day" + ] end systemd_timer "replication-daily" do @@ -338,12 +374,8 @@ systemd_service "replication-cleanup" do description "Cleanup replication" user "planet" exec_start "/usr/local/bin/replicate-cleanup" - private_tmp true - private_devices true - private_network true - protect_system "full" - protect_home true - no_new_privileges true + sandbox true + read_write_paths "/var/lib/replication" end systemd_timer "replication-cleanup" do @@ -356,26 +388,16 @@ end ## Enable/disable feeds if node[:planet][:replication] == "enabled" - cron_d "users-agreed" do - minute "0" - hour "7" - user "planet" - command "/usr/local/bin/users-agreed" - mailto "zerebubuth@gmail.com" + service "users-agreed.timer" do + action [:enable, :start] end - cron_d "users-deleted" do - minute "0" - hour "17" - user "planet" - command "/usr/local/bin/users-deleted" - mailto "zerebubuth@gmail.com" + service "users-deleted.timer" do + action [:enable, :start] end - cron_d "replication-changesets" do - user "planet" - command "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf" - mailto "zerebubuth@gmail.com" + service "replication-changesets.timer" do + action [:enable, :start] end service "replication-minutely.timer" do @@ -394,16 +416,16 @@ if node[:planet][:replication] == "enabled" action [:enable, :start] end else - cron_d "users-agreed" do - action :delete + service "users-agreed.timer" do + action [:stop, :disable] end - cron_d "users-deleted" do - action :delete + service "users-deleted.timer" do + action [:stop, :disable] end - cron_d "replication-changesets" do - action :delete + service "replication-changesets.timer" do + action [:stop, :disable] end service "replication-minutely.timer" do