X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/688d76785983dce5093e2eab5fd5244358113a81..f5c510d65c4dd4e530731b927425d2b81286edc5:/cookbooks/db/recipes/master.rb

diff --git a/cookbooks/db/recipes/master.rb b/cookbooks/db/recipes/master.rb
index 6ba23cb50..c2d1da024 100644
--- a/cookbooks/db/recipes/master.rb
+++ b/cookbooks/db/recipes/master.rb
@@ -62,11 +62,6 @@ postgresql_user "backup" do
   password passwords["backup"]
 end
 
-postgresql_user "munin" do
-  cluster node[:db][:cluster]
-  password passwords["munin"]
-end
-
 postgresql_user "replication" do
   cluster node[:db][:cluster]
   password passwords["replication"]
@@ -100,6 +95,7 @@ CGIMAP_PERMISSIONS = {
   "current_way_tags" => [:select, :insert, :delete],
   "current_ways" => [:select, :insert, :update],
   "current_ways_id_seq" => [:update],
+  "issues" => [:select],
   "node_tags" => [:select, :insert],
   "nodes" => [:select, :insert],
   "oauth_access_grants" => [:select],
@@ -111,19 +107,20 @@ CGIMAP_PERMISSIONS = {
   "relation_members" => [:select, :insert],
   "relation_tags" => [:select, :insert],
   "relations" => [:select, :insert],
+  "reports" => [:select],
   "user_blocks" => [:select],
   "user_roles" => [:select],
   "users" => [:select],
   "way_nodes" => [:select, :insert],
   "way_tags" => [:select, :insert],
   "ways" => [:select, :insert]
-}
+}.freeze
 
 PLANETDUMP_PERMISSIONS = {
   "note_comments" => :select,
   "notes" => :select,
   "users" => :select
-}
+}.freeze
 
 PLANETDIFF_PERMISSIONS = {
   "changeset_comments" => :select,
@@ -138,7 +135,11 @@ PLANETDIFF_PERMISSIONS = {
   "way_nodes" => :select,
   "way_tags" => :select,
   "ways" => :select
-}
+}.freeze
+
+PROMETHEUS_PERMISSIONS = {
+  "delayed_jobs" => :select
+}.freeze
 
 %w[
   acls
@@ -188,9 +189,9 @@ PLANETDIFF_PERMISSIONS = {
   reports
   schema_migrations
   user_blocks
+  user_mutes
   user_preferences
   user_roles
-  user_tokens
   users
   way_nodes
   way_tags
@@ -205,6 +206,7 @@ PLANETDIFF_PERMISSIONS = {
                 "cgimap" => CGIMAP_PERMISSIONS[table],
                 "planetdump" => PLANETDUMP_PERMISSIONS[table],
                 "planetdiff" => PLANETDIFF_PERMISSIONS[table],
+                "prometheus" => PROMETHEUS_PERMISSIONS[table],
                 "backup" => [:select]
   end
 end
@@ -240,8 +242,8 @@ end
   redactions_id_seq
   reports_id_seq
   user_blocks_id_seq
+  user_mutes_id_seq
   user_roles_id_seq
-  user_tokens_id_seq
   users_id_seq
 ].each do |sequence|
   postgresql_sequence sequence do
@@ -267,6 +269,7 @@ systemd_service "monthly-reindex" do
   user "postgres"
   sandbox true
   restrict_address_families "AF_UNIX"
+  remove_ipc false
 end
 
 systemd_timer "monthly-reindex" do
@@ -290,13 +293,21 @@ systemd_service "yearly-reindex" do
   user "postgres"
   sandbox true
   restrict_address_families "AF_UNIX"
+  remove_ipc false
 end
 
 systemd_timer "yearly-reindex" do
   description "Yearly database reindex"
-  on_calendar "Fri *-1-8..14 02:00"
+  on_calendar "Thu *-1-8..14 02:00"
 end
 
 service "yearly-reindex.timer" do
   action [:enable, :start]
 end
+
+template "/etc/prometheus/exporters/sql_rails.collector.yml" do
+  source "sql_rails.yml.erb"
+  owner "root"
+  group "root"
+  mode "0644"
+end