X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/b755d11d4c83d4ccc49845e4d8b2b5c7181b27f4..f62feff0ce0768b74303be8ec0f939277353cd91:/cookbooks/imagery/resources/site.rb

diff --git a/cookbooks/imagery/resources/site.rb b/cookbooks/imagery/resources/site.rb
index 856159be9..7137458b3 100644
--- a/cookbooks/imagery/resources/site.rb
+++ b/cookbooks/imagery/resources/site.rb
@@ -107,12 +107,14 @@ action :create do
                 "MS_ERRORFILE" => "stderr",
                 "GDAL_CACHEMAX" => "512"
     limit_nofile 16384
+    memory_max "8G"
     user "imagery"
     group "imagery"
     exec_start "/usr/bin/multiwatch -f 8 --signal=TERM -- /usr/lib/cgi-bin/mapserv"
     standard_input "socket"
     sandbox true
     restrict_address_families "AF_UNIX"
+    timeout_stop_sec 60
     not_if { new_resource.uses_tiler }
   end
 
@@ -139,6 +141,28 @@ action :create do
     not_if { new_resource.uses_tiler }
   end
 
+  # mapserver leaks memory, so restart it regularly. It is activated automatically by socket
+  systemd_service "mapserv-fcgi-#{new_resource.site}-stop" do
+    type "simple"
+    user "root"
+    exec_start "/bin/systemctl --quiet stop mapserv-fcgi-#{new_resource.site}.service"
+    sandbox true
+    restrict_address_families "AF_UNIX"
+    not_if { new_resource.uses_tiler }
+  end
+
+  systemd_timer "mapserv-fcgi-#{new_resource.site}-stop" do
+    on_boot_sec "10m"
+    on_unit_inactive_sec "30m"
+    randomized_delay_sec "20m"
+    not_if { new_resource.uses_tiler }
+  end
+
+  service "mapserv-fcgi-#{new_resource.site}-stop.timer" do
+    action [:enable, :start]
+    not_if { new_resource.uses_tiler }
+  end
+
   ssl_certificate new_resource.site do
     domains tile_domains
   end