X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/b68187fc95272d0d940e2fa6eb9ef8c4efd25048..34698e3bb3dbc2c0b6e5301ae2bb51bb824cc452:/cookbooks/planet/recipes/replication.rb

diff --git a/cookbooks/planet/recipes/replication.rb b/cookbooks/planet/recipes/replication.rb
index 0a25ad959..f7552ddf2 100644
--- a/cookbooks/planet/recipes/replication.rb
+++ b/cookbooks/planet/recipes/replication.rb
@@ -32,14 +32,18 @@ db_passwords = data_bag_item("db", "passwords")
 
 package %w[
   postgresql-client
-  ruby-libxml
   make
   gcc
   libc6-dev
   libpq-dev
+  libxml2-dev
   osmdbt
 ]
 
+gem_package "libxml-ruby" do
+  gem_binary node[:ruby][:gem]
+end
+
 gem_package "pg" do
   gem_binary node[:ruby][:gem]
 end
@@ -91,6 +95,13 @@ template "/usr/local/bin/users-deleted" do
   mode "755"
 end
 
+template "/usr/local/bin/replicate-changesets" do
+  source "replicate-changesets.erb"
+  owner "root"
+  group "root"
+  mode "755"
+end
+
 ## Published deleted users directory
 
 remote_directory "/store/planet/users_deleted" do
@@ -207,8 +218,9 @@ systemd_service "replication-changesets" do
   user "planet"
   exec_start "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf"
   sandbox :enable_network => true
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
   read_write_paths [
-    "/home/planet/.aws",
     "/run/replication",
     "/store/planet/replication/changesets"
   ]
@@ -268,6 +280,8 @@ systemd_service "replication-minutely" do
   working_directory "/etc/replication"
   exec_start "/usr/local/bin/replicate-minute"
   sandbox :enable_network => true
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
   read_write_paths [
     "/run/replication",
     "/store",
@@ -311,10 +325,12 @@ end
 systemd_service "replication-hourly" do
   description "Hourly replication"
   user "planet"
-  exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour"
+  exec_start "/usr/local/bin/replicate-hour"
   environment "LD_PRELOAD" => "/opt/flush/flush.so"
   sandbox :enable_network => true
   memory_deny_write_execute false
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
   read_write_paths [
     "/store/planet/replication/hour",
     "/var/lib/replication/hour"
@@ -355,10 +371,12 @@ end
 systemd_service "replication-daily" do
   description "Daily replication"
   user "planet"
-  exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day"
+  exec_start "/usr/local/bin/replicate-day"
   environment "LD_PRELOAD" => "/opt/flush/flush.so"
   sandbox :enable_network => true
   memory_deny_write_execute false
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
   read_write_paths [
     "/store/planet/replication/day",
     "/var/lib/replication/day"