X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/87567b1b6fd1876f7c0258a1d2737c84808b6916..8e9ca09644140ae2965582dec0db17da55f5e63a:/cookbooks/imagery/resources/site.rb?ds=sidebyside

diff --git a/cookbooks/imagery/resources/site.rb b/cookbooks/imagery/resources/site.rb
index a91f9794c..7151c68c6 100644
--- a/cookbooks/imagery/resources/site.rb
+++ b/cookbooks/imagery/resources/site.rb
@@ -103,21 +103,23 @@ action :create do
 
   systemd_service "mapserv-fcgi-#{new_resource.site}" do
     description "Map server for #{new_resource.site} layer"
-    environment "MS_MAP_PATTERN" => "^/srv/imagery/mapserver/",
-                "MS_DEBUGLEVEL" => "0",
+    environment "MS_DEBUGLEVEL" => "0",
                 "MS_ERRORFILE" => "stderr",
-                "GDAL_CACHEMAX" => "512"
+                "GDAL_CACHEMAX" => "128",
+                "GDAL_HTTP_TCP_KEEPALIVE" => "YES",
+                "GDAL_HTTP_VERSION" => "2TLS",
+                "GDAL_ENABLE_WMS_CACHE" => "NO"
     limit_nofile 16384
-    memory_high "1G"
-    memory_max "4G"
+    memory_high "12G"
+    memory_max "12G"
+    limit_core 0
     user "imagery"
     group "imagery"
     exec_start "/usr/bin/multiwatch -f 8 --signal=TERM -- /usr/lib/cgi-bin/mapserv"
     standard_input "socket"
-    sandbox true
+    sandbox :enable_network => true
     restrict_address_families "AF_UNIX"
-    # Terminate service after 30mins. Service is socket activated
-    runtime_max_sec 1800
+    timeout_stop_sec 60
     not_if { new_resource.uses_tiler }
   end
 
@@ -144,6 +146,28 @@ action :create do
     not_if { new_resource.uses_tiler }
   end
 
+  # mapserver leaks memory, so restart it regularly. It is activated automatically by socket
+  systemd_service "mapserv-fcgi-#{new_resource.site}-stop" do
+    type "simple"
+    user "root"
+    exec_start "/bin/systemctl --quiet stop mapserv-fcgi-#{new_resource.site}.service"
+    sandbox true
+    restrict_address_families "AF_UNIX"
+    not_if { new_resource.uses_tiler }
+  end
+
+  systemd_timer "mapserv-fcgi-#{new_resource.site}-stop" do
+    on_boot_sec "10m"
+    on_unit_inactive_sec "6h"
+    randomized_delay_sec "20m"
+    not_if { new_resource.uses_tiler }
+  end
+
+  service "mapserv-fcgi-#{new_resource.site}-stop.timer" do
+    action [:enable, :start]
+    not_if { new_resource.uses_tiler }
+  end
+
   ssl_certificate new_resource.site do
     domains tile_domains
   end