X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/67c2aceb91955ff583c41807759d203a4478e4b1..41b1edf21c531ee0def59463c5a415af24875d30:/cookbooks/tile/recipes/default.rb?ds=sidebyside diff --git a/cookbooks/tile/recipes/default.rb b/cookbooks/tile/recipes/default.rb index 62f9a8858..7d75087c9 100644 --- a/cookbooks/tile/recipes/default.rb +++ b/cookbooks/tile/recipes/default.rb @@ -76,11 +76,13 @@ systemd_service "renderd" do private_network true protect_system "full" protect_home true + no_new_privileges true restart "on-failure" end service "renderd" do action [:enable, :start] + subscribes :restart, "systemd_service[renderd]" end directory "/srv/tile.openstreetmap.org/tiles" do @@ -237,6 +239,19 @@ end nodejs_package "carto" nodejs_package "millstone" +systemd_service "update-lowzoom@" do + description "Low zoom tile update service for %i layer" + user "tile" + exec_start "/usr/local/bin/update-lowzoom-%i" + private_tmp true + private_devices true + private_network true + protect_system "full" + protect_home true + no_new_privileges true + restart "on-failure" +end + directory "/srv/tile.openstreetmap.org/styles" do owner "tile" group "tile" @@ -255,15 +270,7 @@ node[:tile][:styles].each do |name, details| variables :style => name end - template "/etc/init.d/update-lowzoom-#{name}" do - source "update-lowzoom.init.erb" - owner "root" - group "root" - mode 0o755 - variables :style => name - end - - service "update-lowzoom-#{name}" do + service "update-lowzoom@#{name}" do action :disable supports :restart => true end @@ -325,7 +332,7 @@ node[:tile][:styles].each do |name, details| group "tile" subscribes :run, "git[#{style_directory}]" notifies :restart, "service[renderd]", :immediately - notifies :restart, "service[update-lowzoom-#{name}]" + notifies :restart, "service[update-lowzoom@#{name}]" end end @@ -463,6 +470,7 @@ systemd_service "replicate" do private_devices true protect_system "full" protect_home true + no_new_privileges true restart "on-failure" end