X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/74471499e60ed3fd72356eafd63ebc8118e138d7..c761e068f51afa89dcb89cae70461388c15d9815:/cookbooks/db/recipes/master.rb diff --git a/cookbooks/db/recipes/master.rb b/cookbooks/db/recipes/master.rb index 636cd60dc..3e57941f7 100644 --- a/cookbooks/db/recipes/master.rb +++ b/cookbooks/db/recipes/master.rb @@ -62,11 +62,6 @@ postgresql_user "backup" do password passwords["backup"] end -postgresql_user "munin" do - cluster node[:db][:cluster] - password passwords["munin"] -end - postgresql_user "replication" do cluster node[:db][:cluster] password passwords["replication"] @@ -88,7 +83,6 @@ CGIMAP_PERMISSIONS = { "changeset_comments" => [:select], "changeset_tags" => [:select], "changesets" => [:select, :update], - "client_applications" => [:select], "current_node_tags" => [:select, :insert, :delete], "current_nodes" => [:select, :insert, :update], "current_nodes_id_seq" => [:update], @@ -100,17 +94,16 @@ CGIMAP_PERMISSIONS = { "current_way_tags" => [:select, :insert, :delete], "current_ways" => [:select, :insert, :update], "current_ways_id_seq" => [:update], + "issues" => [:select], "node_tags" => [:select, :insert], "nodes" => [:select, :insert], "oauth_access_grants" => [:select], "oauth_access_tokens" => [:select], "oauth_applications" => [:select], - "oauth_nonces" => [:select, :insert], - "oauth_nonces_id_seq" => [:update], - "oauth_tokens" => [:select], "relation_members" => [:select, :insert], "relation_tags" => [:select, :insert], "relations" => [:select, :insert], + "reports" => [:select], "user_blocks" => [:select], "user_roles" => [:select], "users" => [:select], @@ -140,6 +133,10 @@ PLANETDIFF_PERMISSIONS = { "ways" => :select }.freeze +PROMETHEUS_PERMISSIONS = { + "delayed_jobs" => :select +}.freeze + %w[ acls active_storage_attachments @@ -150,7 +147,6 @@ PLANETDIFF_PERMISSIONS = { changeset_tags changesets changesets_subscribers - client_applications current_node_tags current_nodes current_relation_members @@ -174,13 +170,12 @@ PLANETDIFF_PERMISSIONS = { node_tags nodes note_comments + note_subscriptions notes oauth_access_grants oauth_access_tokens oauth_applications - oauth_nonces oauth_openid_requests - oauth_tokens redactions relation_members relation_tags @@ -188,9 +183,9 @@ PLANETDIFF_PERMISSIONS = { reports schema_migrations user_blocks + user_mutes user_preferences user_roles - user_tokens users way_nodes way_tags @@ -205,6 +200,7 @@ PLANETDIFF_PERMISSIONS = { "cgimap" => CGIMAP_PERMISSIONS[table], "planetdump" => PLANETDUMP_PERMISSIONS[table], "planetdiff" => PLANETDIFF_PERMISSIONS[table], + "prometheus" => PROMETHEUS_PERMISSIONS[table], "backup" => [:select] end end @@ -216,7 +212,6 @@ end active_storage_variant_records_id_seq changeset_comments_id_seq changesets_id_seq - client_applications_id_seq current_nodes_id_seq current_relations_id_seq current_ways_id_seq @@ -234,14 +229,12 @@ end oauth_access_grants_id_seq oauth_access_tokens_id_seq oauth_applications_id_seq - oauth_nonces_id_seq oauth_openid_requests_id_seq - oauth_tokens_id_seq redactions_id_seq reports_id_seq user_blocks_id_seq + user_mutes_id_seq user_roles_id_seq - user_tokens_id_seq users_id_seq ].each do |sequence| postgresql_sequence sequence do @@ -267,6 +260,7 @@ systemd_service "monthly-reindex" do user "postgres" sandbox true restrict_address_families "AF_UNIX" + remove_ipc false end systemd_timer "monthly-reindex" do @@ -290,13 +284,21 @@ systemd_service "yearly-reindex" do user "postgres" sandbox true restrict_address_families "AF_UNIX" + remove_ipc false end systemd_timer "yearly-reindex" do description "Yearly database reindex" - on_calendar "Fri *-1-8..14 02:00" + on_calendar "Thu *-1-8..14 02:00" end service "yearly-reindex.timer" do action [:enable, :start] end + +template "/etc/prometheus/exporters/sql_rails.collector.yml" do + source "sql_rails.yml.erb" + owner "root" + group "root" + mode "0644" +end