X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/8eee3f5c0467b78c1e3835246867dccc743b4f24..dc88c4068c574ea04d3085c8d8b0b80660688db7:/cookbooks/planet/recipes/replication.rb

diff --git a/cookbooks/planet/recipes/replication.rb b/cookbooks/planet/recipes/replication.rb
index 2a3e65cb2..8845f1b70 100644
--- a/cookbooks/planet/recipes/replication.rb
+++ b/cookbooks/planet/recipes/replication.rb
@@ -20,10 +20,13 @@
 require "yaml"
 
 include_recipe "accounts"
+include_recipe "apt"
 include_recipe "osmosis"
 
 db_passwords = data_bag_item("db", "passwords")
 
+## Install required packages
+
 package %w[
   postgresql-client
   ruby
@@ -31,12 +34,15 @@ package %w[
   ruby-libxml
   make
   gcc
+  libc6-dev
   libpq-dev
   osmdbt
 ]
 
 gem_package "pg"
 
+## Build preload library to flush files
+
 remote_directory "/opt/flush" do
   source "flush"
   owner "root"
@@ -56,6 +62,8 @@ execute "/opt/flush/Makefile" do
   subscribes :run, "remote_directory[/opt/flush]"
 end
 
+## Install scripts
+
 remote_directory "/usr/local/bin" do
   source "replication-bin"
   owner "root"
@@ -87,6 +95,8 @@ template "/usr/local/bin/users-deleted" do
   mode "755"
 end
 
+## Published deleted users directory
+
 remote_directory "/store/planet/users_deleted" do
   source "users_deleted"
   owner "planet"
@@ -97,6 +107,8 @@ remote_directory "/store/planet/users_deleted" do
   files_mode "644"
 end
 
+## Published replication directory
+
 remote_directory "/store/planet/replication" do
   source "replication-cgi"
   owner "root"
@@ -107,79 +119,161 @@ remote_directory "/store/planet/replication" do
   files_mode "755"
 end
 
-directory "/store/planet/replication/changesets" do
+directory "/store/planet/replication/test" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/store/planet/replication/day" do
+## Configuration directory
+
+directory "/etc/replication" do
+  owner "root"
+  group "root"
+  mode "755"
+end
+
+## Transient state directory
+
+systemd_tmpfile "/run/replication" do
+  type "d"
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/store/planet/replication/hour" do
+## Persistent state directory
+
+directory "/var/lib/replication" do
+  owner "planet"
+  group "planet"
+  mode "755"
+end
+
+directory "/var/lib/replication/test" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
+## Users replication
+
+template "/etc/replication/users-agreed.conf" do
+  source "users-agreed.conf.erb"
+  user "planet"
+  group "planet"
+  mode "600"
+  variables :password => db_passwords["planetdiff"]
+end
+
+## Changeset replication
+
+directory "/store/planet/replication/changesets" do
+  owner "planet"
+  group "planet"
+  mode "755"
+end
+
+template "/etc/replication/changesets.conf" do
+  source "changesets.conf.erb"
+  user "root"
+  group "planet"
+  mode "640"
+  variables :password => db_passwords["planetdiff"]
+end
+
+## Minutely replication
+
 directory "/store/planet/replication/minute" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/store/planet/replication/test" do
+directory "/var/lib/replication/minute" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/store/planet/replication/test/minute" do
+template "/etc/replication/auth.conf" do
+  source "replication.auth.erb"
+  user "root"
+  group "planet"
+  mode "640"
+  variables :password => db_passwords["planetdiff"]
+end
+
+## Hourly replication
+
+directory "/store/planet/replication/hour" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/store/replication" do
+directory "/var/lib/replication/hour" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/store/replication/minute" do
+link "/var/lib/replication/hour/data" do
+  to "/store/planet/replication/hour"
+end
+
+template "/var/lib/replication/hour/configuration.txt" do
+  source "replication.config.erb"
+  owner "planet"
+  group "planet"
+  mode "644"
+  variables :base => "minute", :interval => 3600
+end
+
+## Daily replication
+
+directory "/store/planet/replication/day" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-systemd_tmpfile "/run/replication" do
-  type "d"
+directory "/var/lib/replication/day" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/etc/replication" do
-  owner "root"
-  group "root"
+link "/var/lib/replication/day/data" do
+  to "/store/planet/replication/day"
+end
+
+template "/var/lib/replication/day/configuration.txt" do
+  source "replication.config.erb"
+  owner "planet"
+  group "planet"
+  mode "644"
+  variables :base => "hour", :interval => 86400
+end
+
+## Minutely replication (test feed)
+
+directory "/store/planet/replication/test/minute" do
+  owner "planet"
+  group "planet"
   mode "755"
 end
 
-directory "/var/run/lock/changeset-replication/" do
+directory "/store/replication" do
   owner "planet"
   group "planet"
-  mode "750"
+  mode "755"
 end
 
-template "/etc/replication/auth.conf" do
-  source "replication.auth.erb"
-  user "root"
+directory "/store/replication/minute" do
+  owner "planet"
   group "planet"
-  mode "640"
-  variables :password => db_passwords["planetdiff"]
+  mode "755"
 end
 
 osmdbt_config = {
@@ -223,70 +317,94 @@ systemd_timer "replication-minutely" do
   accuracy_sec 5
 end
 
-template "/etc/replication/changesets.conf" do
-  source "changesets.conf.erb"
-  user "root"
-  group "planet"
-  mode "640"
-  variables :password => db_passwords["planetdiff"]
-end
-
-template "/etc/replication/users-agreed.conf" do
-  source "users-agreed.conf.erb"
-  user "planet"
-  group "planet"
-  mode "600"
-  variables :password => db_passwords["planetdiff"]
-end
+### Hourly replication (test feed)
 
-directory "/var/lib/replication" do
+directory "/store/planet/replication/test/hour" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/var/lib/replication/minute" do
+directory "/var/lib/replication/test/hour" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-directory "/var/lib/replication/hour" do
-  owner "planet"
-  group "planet"
-  mode "755"
+link "/var/lib/replication/test/hour/data" do
+  to "/store/planet/replication/test/hour"
 end
 
-template "/var/lib/replication/hour/configuration.txt" do
+template "/var/lib/replication/test/hour/configuration.txt" do
   source "replication.config.erb"
   owner "planet"
   group "planet"
   mode "644"
-  variables :base => "minute", :interval => 3600
+  variables :base => "test/minute", :interval => 3600
 end
 
-link "/var/lib/replication/hour/data" do
-  to "/store/planet/replication/hour"
+systemd_service "replication-hourly" do
+  description "Hourly replication"
+  user "planet"
+  exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/test/hour"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  restrict_address_families %w[AF_INET AF_INET6]
+  no_new_privileges true
 end
 
-directory "/var/lib/replication/day" do
+systemd_timer "replication-hourly" do
+  description "Daily replication"
+  on_calendar "*-*-* *:02/15:00"
+end
+
+## Daily replication (test feed)
+
+directory "/store/planet/replication/test/day" do
   owner "planet"
   group "planet"
   mode "755"
 end
 
-template "/var/lib/replication/day/configuration.txt" do
+directory "/var/lib/replication/test/day" do
+  owner "planet"
+  group "planet"
+  mode "755"
+end
+
+link "/var/lib/replication/test/day/data" do
+  to "/store/planet/replication/test/day"
+end
+
+template "/var/lib/replication/test/day/configuration.txt" do
   source "replication.config.erb"
   owner "planet"
   group "planet"
   mode "644"
-  variables :base => "hour", :interval => 86400
+  variables :base => "test/hour", :interval => 86400
 end
 
-link "/var/lib/replication/day/data" do
-  to "/store/planet/replication/day"
+systemd_service "replication-daily" do
+  description "Daily replication"
+  user "planet"
+  exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/test/day"
+  private_tmp true
+  private_devices true
+  protect_system "full"
+  protect_home true
+  restrict_address_families %w[AF_INET AF_INET6]
+  no_new_privileges true
+end
+
+systemd_timer "replication-daily" do
+  description "Daily replication"
+  on_calendar "*-*-* *:02/15:00"
 end
 
+## Enable/disable feeds
+
 if node[:planet][:replication] == "enabled"
   cron_d "users-agreed" do
     minute "0"
@@ -310,10 +428,6 @@ if node[:planet][:replication] == "enabled"
     mailto "zerebubuth@gmail.com"
   end
 
-  service "replication-minutely.timer" do
-    action [:enable, :start]
-  end
-
   cron_d "replication-minutely" do
     user "planet"
     command "/usr/local/bin/osmosis -q --replicate-apidb authFile=/etc/replication/auth.conf validateSchemaVersion=false --write-replication workingDirectory=/store/planet/replication/minute"
@@ -336,6 +450,18 @@ if node[:planet][:replication] == "enabled"
     mailto "brett@bretth.com"
     environment "LD_PRELOAD" => "/opt/flush/flush.so"
   end
+
+  service "replication-minutely.timer" do
+    action [:enable, :start]
+  end
+
+  service "replication-hourly.timer" do
+    action [:enable, :start]
+  end
+
+  service "replication-daily.timer" do
+    action [:enable, :start]
+  end
 else
   cron_d "users-agreed" do
     action :delete
@@ -349,10 +475,6 @@ else
     action :delete
   end
 
-  service "replication-minutely.timer" do
-    action [:stop, :disable]
-  end
-
   cron_d "replication-minutely" do
     action :delete
   end
@@ -364,4 +486,16 @@ else
   cron_d "replication-daily" do
     action :delete
   end
+
+  service "replication-minutely.timer" do
+    action [:stop, :disable]
+  end
+
+  service "replication-hourly.timer" do
+    action [:stop, :disable]
+  end
+
+  service "replication-daily.timer" do
+    action [:stop, :disable]
+  end
 end