X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/688d76785983dce5093e2eab5fd5244358113a81..11fdeeaa56975b200a46cc3ee7124e529621fba9:/cookbooks/db/recipes/master.rb diff --git a/cookbooks/db/recipes/master.rb b/cookbooks/db/recipes/master.rb index 6ba23cb50..3e57941f7 100644 --- a/cookbooks/db/recipes/master.rb +++ b/cookbooks/db/recipes/master.rb @@ -62,11 +62,6 @@ postgresql_user "backup" do password passwords["backup"] end -postgresql_user "munin" do - cluster node[:db][:cluster] - password passwords["munin"] -end - postgresql_user "replication" do cluster node[:db][:cluster] password passwords["replication"] @@ -88,7 +83,6 @@ CGIMAP_PERMISSIONS = { "changeset_comments" => [:select], "changeset_tags" => [:select], "changesets" => [:select, :update], - "client_applications" => [:select], "current_node_tags" => [:select, :insert, :delete], "current_nodes" => [:select, :insert, :update], "current_nodes_id_seq" => [:update], @@ -100,30 +94,29 @@ CGIMAP_PERMISSIONS = { "current_way_tags" => [:select, :insert, :delete], "current_ways" => [:select, :insert, :update], "current_ways_id_seq" => [:update], + "issues" => [:select], "node_tags" => [:select, :insert], "nodes" => [:select, :insert], "oauth_access_grants" => [:select], "oauth_access_tokens" => [:select], "oauth_applications" => [:select], - "oauth_nonces" => [:select, :insert], - "oauth_nonces_id_seq" => [:update], - "oauth_tokens" => [:select], "relation_members" => [:select, :insert], "relation_tags" => [:select, :insert], "relations" => [:select, :insert], + "reports" => [:select], "user_blocks" => [:select], "user_roles" => [:select], "users" => [:select], "way_nodes" => [:select, :insert], "way_tags" => [:select, :insert], "ways" => [:select, :insert] -} +}.freeze PLANETDUMP_PERMISSIONS = { "note_comments" => :select, "notes" => :select, "users" => :select -} +}.freeze PLANETDIFF_PERMISSIONS = { "changeset_comments" => :select, @@ -138,7 +131,11 @@ PLANETDIFF_PERMISSIONS = { "way_nodes" => :select, "way_tags" => :select, "ways" => :select -} +}.freeze + +PROMETHEUS_PERMISSIONS = { + "delayed_jobs" => :select +}.freeze %w[ acls @@ -150,7 +147,6 @@ PLANETDIFF_PERMISSIONS = { changeset_tags changesets changesets_subscribers - client_applications current_node_tags current_nodes current_relation_members @@ -174,13 +170,12 @@ PLANETDIFF_PERMISSIONS = { node_tags nodes note_comments + note_subscriptions notes oauth_access_grants oauth_access_tokens oauth_applications - oauth_nonces oauth_openid_requests - oauth_tokens redactions relation_members relation_tags @@ -188,9 +183,9 @@ PLANETDIFF_PERMISSIONS = { reports schema_migrations user_blocks + user_mutes user_preferences user_roles - user_tokens users way_nodes way_tags @@ -205,6 +200,7 @@ PLANETDIFF_PERMISSIONS = { "cgimap" => CGIMAP_PERMISSIONS[table], "planetdump" => PLANETDUMP_PERMISSIONS[table], "planetdiff" => PLANETDIFF_PERMISSIONS[table], + "prometheus" => PROMETHEUS_PERMISSIONS[table], "backup" => [:select] end end @@ -216,7 +212,6 @@ end active_storage_variant_records_id_seq changeset_comments_id_seq changesets_id_seq - client_applications_id_seq current_nodes_id_seq current_relations_id_seq current_ways_id_seq @@ -234,14 +229,12 @@ end oauth_access_grants_id_seq oauth_access_tokens_id_seq oauth_applications_id_seq - oauth_nonces_id_seq oauth_openid_requests_id_seq - oauth_tokens_id_seq redactions_id_seq reports_id_seq user_blocks_id_seq + user_mutes_id_seq user_roles_id_seq - user_tokens_id_seq users_id_seq ].each do |sequence| postgresql_sequence sequence do @@ -267,6 +260,7 @@ systemd_service "monthly-reindex" do user "postgres" sandbox true restrict_address_families "AF_UNIX" + remove_ipc false end systemd_timer "monthly-reindex" do @@ -290,13 +284,21 @@ systemd_service "yearly-reindex" do user "postgres" sandbox true restrict_address_families "AF_UNIX" + remove_ipc false end systemd_timer "yearly-reindex" do description "Yearly database reindex" - on_calendar "Fri *-1-8..14 02:00" + on_calendar "Thu *-1-8..14 02:00" end service "yearly-reindex.timer" do action [:enable, :start] end + +template "/etc/prometheus/exporters/sql_rails.collector.yml" do + source "sql_rails.yml.erb" + owner "root" + group "root" + mode "0644" +end