X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/afcb07ba438a01c65d701902dfcb39b04a0719ec..7f55df0811600d62bdb34c65c56b3d1928780d34:/cookbooks/imagery/resources/site.rb diff --git a/cookbooks/imagery/resources/site.rb b/cookbooks/imagery/resources/site.rb index 856159be9..7151c68c6 100644 --- a/cookbooks/imagery/resources/site.rb +++ b/cookbooks/imagery/resources/site.rb @@ -105,14 +105,21 @@ action :create do description "Map server for #{new_resource.site} layer" environment "MS_DEBUGLEVEL" => "0", "MS_ERRORFILE" => "stderr", - "GDAL_CACHEMAX" => "512" + "GDAL_CACHEMAX" => "128", + "GDAL_HTTP_TCP_KEEPALIVE" => "YES", + "GDAL_HTTP_VERSION" => "2TLS", + "GDAL_ENABLE_WMS_CACHE" => "NO" limit_nofile 16384 + memory_high "12G" + memory_max "12G" + limit_core 0 user "imagery" group "imagery" exec_start "/usr/bin/multiwatch -f 8 --signal=TERM -- /usr/lib/cgi-bin/mapserv" standard_input "socket" - sandbox true + sandbox :enable_network => true restrict_address_families "AF_UNIX" + timeout_stop_sec 60 not_if { new_resource.uses_tiler } end @@ -139,6 +146,28 @@ action :create do not_if { new_resource.uses_tiler } end + # mapserver leaks memory, so restart it regularly. It is activated automatically by socket + systemd_service "mapserv-fcgi-#{new_resource.site}-stop" do + type "simple" + user "root" + exec_start "/bin/systemctl --quiet stop mapserv-fcgi-#{new_resource.site}.service" + sandbox true + restrict_address_families "AF_UNIX" + not_if { new_resource.uses_tiler } + end + + systemd_timer "mapserv-fcgi-#{new_resource.site}-stop" do + on_boot_sec "10m" + on_unit_inactive_sec "6h" + randomized_delay_sec "20m" + not_if { new_resource.uses_tiler } + end + + service "mapserv-fcgi-#{new_resource.site}-stop.timer" do + action [:enable, :start] + not_if { new_resource.uses_tiler } + end + ssl_certificate new_resource.site do domains tile_domains end