X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/70e190d5bcb968129f5984b360d28f7bfefc5a3a..5b4f815f6cd8433be1d66b8376b71452f974b225:/cookbooks/imagery/resources/layer.rb?ds=inline diff --git a/cookbooks/imagery/resources/layer.rb b/cookbooks/imagery/resources/layer.rb index 4e51cbee0..957e46b47 100644 --- a/cookbooks/imagery/resources/layer.rb +++ b/cookbooks/imagery/resources/layer.rb @@ -34,9 +34,9 @@ property :background_colour, String property :resample, String, :default => "average" property :imagemode, String property :extension, String, :default => "png" -property :max_zoom, Fixnum, :default => 18 +property :max_zoom, Integer, :default => 18 property :url_aliases, [String, Array], :default => [] -property :revision, Fixnum, :default => 0 +property :revision, Integer, :default => 0 property :overlay, [TrueClass, FalseClass], :default => false property :default_layer, [TrueClass, FalseClass], :default => false @@ -44,10 +44,10 @@ action :create do file "/srv/imagery/layers/#{site}/#{layer}.yml" do owner "root" group "root" - mode 0644 + mode 0o644 content YAML.dump(:name => layer, :title => title || layer, - :url => "http://{s}.#{site}/layer/#{layer}/{z}/{x}/{y}.png", + :url => "//{s}.#{site}/layer/#{layer}/{z}/{x}/{y}.png", :attribution => copyright, :default => default_layer, :maxZoom => max_zoom, @@ -59,24 +59,29 @@ action :create do source "mapserver.map.erb" owner "root" group "root" - mode 0644 + mode 0o644 variables new_resource.to_hash end systemd_service "mapserv-fcgi-#{layer}" do description "Map server for #{layer} layer" - limit_nofile 16384 environment "MS_MAPFILE" => "/srv/imagery/mapserver/layer-#{layer}.map", "MS_MAP_PATTERN" => "^/srv/imagery/mapserver/", "MS_DEBUGLEVEL" => "0", "MS_ERRORFILE" => "stderr" + limit_nofile 16384 user "imagery" group "imagery" exec_start_pre "/bin/rm -f /run/mapserver-fastcgi/layer-#{layer}.socket" - exec_start "/usr/bin/spawn-fcgi -s /run/mapserver-fastcgi/layer-#{layer}.socket -M 0666 -P /run/mapserver-fastcgi/layer-#{layer}.pid -- /usr/bin/multiwatch -f 6 --signal=TERM -- /usr/lib/cgi-bin/mapserv" - pid_file "/run/mapserver-fastcgi/layer-#{layer}.pid" - type "forking" + exec_start "/usr/bin/spawn-fcgi -n -s /run/mapserver-fastcgi/layer-#{layer}.socket -M 0666 -P /run/mapserver-fastcgi/layer-#{layer}.pid -- /usr/bin/multiwatch -f 6 --signal=TERM -- /usr/lib/cgi-bin/mapserv" + private_tmp true + private_devices true + private_network true + protect_system "full" + protect_home true + no_new_privileges true restart "always" + pid_file "/run/mapserver-fastcgi/layer-#{layer}.pid" end service "mapserv-fcgi-#{layer}" do @@ -90,7 +95,7 @@ action :create do directory "/srv/imagery/nginx/#{site}" do owner "root" group "root" - mode 0755 + mode 0o755 recursive true end @@ -99,12 +104,16 @@ action :create do source "nginx_imagery_layer_fragment.conf.erb" owner "root" group "root" - mode 0644 + mode 0o644 variables new_resource.to_hash end end action :delete do + file "/srv/imagery/layers/#{site}/#{layer}.yml" do + action :delete + end + service "mapserv-fcgi-layer-#{layer}" do action [:stop, :disable] end