X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/ed5c7d0d587675ea405180db5d58ef9692dea871..5d420a8464d9266d47bdd452ec227c2b631adf1c:/cookbooks/web/recipes/cgimap.rb diff --git a/cookbooks/web/recipes/cgimap.rb b/cookbooks/web/recipes/cgimap.rb index 0662843f3..0875804cd 100644 --- a/cookbooks/web/recipes/cgimap.rb +++ b/cookbooks/web/recipes/cgimap.rb @@ -22,7 +22,9 @@ include_recipe "web::base" db_passwords = data_bag_item("db", "passwords") -package "openstreetmap-cgimap-bin" +package "openstreetmap-cgimap-bin" do + action :upgrade +end if node[:web][:readonly_database_host] database_host = node[:web][:readonly_database_host] @@ -39,16 +41,16 @@ switches = database_readonly ? " --readonly" : "" systemd_service "cgimap" do description "OpenStreetMap API Server" type "forking" - environment "CGIMAP_HOST" => database_host, - "CGIMAP_DBNAME" => "openstreetmap", - "CGIMAP_USERNAME" => "rails", - "CGIMAP_PASSWORD" => db_passwords["rails"], - "CGIMAP_OAUTH_HOST" => node[:web][:database_host], - "CGIMAP_PIDFILE" => "#{node[:web][:pid_directory]}/cgimap.pid", - "CGIMAP_LOGFILE" => "#{node[:web][:log_directory]}/cgimap.log", - "CGIMAP_MEMCACHE" => memcached_servers.join(","), - "CGIMAP_RATELIMIT" => "204800", - "CGIMAP_MAXDEBT" => "250" + environment_file "CGIMAP_HOST" => database_host, + "CGIMAP_DBNAME" => "openstreetmap", + "CGIMAP_USERNAME" => "rails", + "CGIMAP_PASSWORD" => db_passwords["rails"], + "CGIMAP_OAUTH_HOST" => node[:web][:database_host], + "CGIMAP_PIDFILE" => "#{node[:web][:pid_directory]}/cgimap.pid", + "CGIMAP_LOGFILE" => "#{node[:web][:log_directory]}/cgimap.log", + "CGIMAP_MEMCACHE" => memcached_servers.join(","), + "CGIMAP_RATELIMIT" => "204800", + "CGIMAP_MAXDEBT" => "250" user "rails" exec_start "/usr/bin/openstreetmap-cgimap --daemon --port 8000 --instances 30#{switches}" exec_reload "/bin/kill -HUP $MAINPID" @@ -56,6 +58,7 @@ systemd_service "cgimap" do private_devices true protect_system "full" protect_home true + no_new_privileges true restart "on-failure" pid_file "#{node[:web][:pid_directory]}/cgimap.pid" end @@ -68,7 +71,7 @@ else service "cgimap" do action [:enable, :start] supports :restart => true, :reload => true - subscribes :restart, "dpkg_package[openstreetmap-cgimap-bin]" + subscribes :restart, "package[openstreetmap-cgimap-bin]" subscribes :restart, "systemd_service[cgimap]" end end