X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/8d79277292555d96f0ead6e8cfc1c43cb3a7278d..2547a86cf910dd6cad49b905d0a03f53449d34f3:/cookbooks/mediawiki/recipes/default.rb?ds=sidebyside diff --git a/cookbooks/mediawiki/recipes/default.rb b/cookbooks/mediawiki/recipes/default.rb index 30bd612d1..51f19d1b0 100644 --- a/cookbooks/mediawiki/recipes/default.rb +++ b/cookbooks/mediawiki/recipes/default.rb @@ -85,8 +85,9 @@ systemd_service "mediawiki-sitemap@" do exec_start "/usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/generateSitemap.php --server=https://%i --urlpath=https://%i/ --fspath=/srv/%i --quiet --skip-redirects" user node[:mediawiki][:user] nice 10 - sandbox true + sandbox :enable_network => true memory_deny_write_execute false + restrict_address_families "AF_UNIX" read_write_paths "/srv/%i" end @@ -97,11 +98,12 @@ end systemd_service "mediawiki-jobs@" do description "Run mediawiki jobs for %i" - exec_start "/usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/runJobs.php --server=https://%i --maxtime=175 --memory-limit=2048M --procs=8 --nothrottle --quiet" + exec_start "/usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/runJobs.php --server=https://%i --maxtime=175 --memory-limit=2048M --procs=8" user node[:mediawiki][:user] nice 10 - sandbox true + sandbox :enable_network => true memory_deny_write_execute false + restrict_address_families "AF_UNIX" read_write_paths "/srv/%i" end @@ -113,11 +115,13 @@ end systemd_service "mediawiki-email-jobs@" do description "Run mediawiki email jobs for %i" - exec_start "/usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/runJobs.php --server=https://%i --maxtime=55 --type=enotifNotify --memory-limit=2048M --procs=4 --nothrottle --quiet" + exec_start "/usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/runJobs.php --server=https://%i --maxtime=55 --type=enotifNotify --memory-limit=2048M --procs=4" user node[:mediawiki][:user] nice 10 sandbox :enable_network => true memory_deny_write_execute false + restrict_address_families "AF_UNIX" + read_write_paths "/srv/%i" end systemd_timer "mediawiki-email-jobs@" do @@ -128,11 +132,13 @@ end systemd_service "mediawiki-refresh-links@" do description "Refresh mediawiki links for %i" - exec_start "/usr/bin/php -d memory_limit=2048M -d error_reporting=22517 /srv/%i/w/maintenance/refreshLinks.php --server=https://%i --memory-limit=2048M --quiet" + exec_start "/usr/bin/php -d memory_limit=16G -d error_reporting=22517 /srv/%i/w/maintenance/refreshLinks.php --server=https://%i --memory-limit=16G" user node[:mediawiki][:user] nice 10 sandbox :enable_network => true memory_deny_write_execute false + restrict_address_families "AF_UNIX" + read_write_paths "/srv/%i" end systemd_timer "mediawiki-refresh-links@" do