X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/fcf52fb06a5ddb3e1cbb54164511aae2b135a80e..8273ef2eea66bd68ce328ebc78b1c5f49513e35c:/cookbooks/planet/recipes/replication.rb diff --git a/cookbooks/planet/recipes/replication.rb b/cookbooks/planet/recipes/replication.rb index 8845f1b70..d719d11ae 100644 --- a/cookbooks/planet/recipes/replication.rb +++ b/cookbooks/planet/recipes/replication.rb @@ -22,6 +22,9 @@ require "yaml" include_recipe "accounts" include_recipe "apt" include_recipe "osmosis" +include_recipe "planet::aws" +include_recipe "ruby" +include_recipe "tools" db_passwords = data_bag_item("db", "passwords") @@ -29,8 +32,6 @@ db_passwords = data_bag_item("db", "passwords") package %w[ postgresql-client - ruby - ruby-dev ruby-libxml make gcc @@ -39,7 +40,9 @@ package %w[ osmdbt ] -gem_package "pg" +gem_package "pg" do + gem_binary node[:ruby][:gem] +end ## Build preload library to flush files @@ -74,13 +77,6 @@ remote_directory "/usr/local/bin" do files_mode "755" end -template "/usr/local/bin/replicate-minute" do - source "replicate-minute.erb" - owner "root" - group "root" - mode "755" -end - template "/usr/local/bin/users-agreed" do source "users-agreed.erb" owner "root" @@ -119,12 +115,6 @@ remote_directory "/store/planet/replication" do files_mode "755" end -directory "/store/planet/replication/test" do - owner "planet" - group "planet" - mode "755" -end - ## Configuration directory directory "/etc/replication" do @@ -150,7 +140,9 @@ directory "/var/lib/replication" do mode "755" end -directory "/var/lib/replication/test" do +## Temporary directory + +directory "/store/replication" do owner "planet" group "planet" mode "755" @@ -166,105 +158,79 @@ template "/etc/replication/users-agreed.conf" do variables :password => db_passwords["planetdiff"] end -## Changeset replication - -directory "/store/planet/replication/changesets" do - owner "planet" - group "planet" - mode "755" +systemd_service "users-agreed" do + description "Update list of users accepting CTs" + user "planet" + exec_start "/usr/local/bin/users-agreed" + nice 10 + sandbox :enable_network => true + read_write_paths "/store/planet/users_agreed" end -template "/etc/replication/changesets.conf" do - source "changesets.conf.erb" - user "root" - group "planet" - mode "640" - variables :password => db_passwords["planetdiff"] +systemd_timer "users-agreed" do + description "Update list of users accepting CTs" + on_calendar "7:00" end -## Minutely replication +systemd_service "users-deleted" do + description "Update list of deleted users" + user "planet" + exec_start "/usr/local/bin/users-deleted" + nice 10 + sandbox :enable_network => true + read_write_paths "/store/planet/users_deleted" +end -directory "/store/planet/replication/minute" do - owner "planet" - group "planet" - mode "755" +systemd_timer "users-deleted" do + description "Update list of deleted users" + on_calendar "17:00" end -directory "/var/lib/replication/minute" do +## Changeset replication + +directory "/store/planet/replication/changesets" do owner "planet" group "planet" mode "755" end -template "/etc/replication/auth.conf" do - source "replication.auth.erb" +template "/etc/replication/changesets.conf" do + source "changesets.conf.erb" user "root" group "planet" mode "640" variables :password => db_passwords["planetdiff"] end -## Hourly replication - -directory "/store/planet/replication/hour" do - owner "planet" - group "planet" - mode "755" -end - -directory "/var/lib/replication/hour" do - owner "planet" - group "planet" - mode "755" -end - -link "/var/lib/replication/hour/data" do - to "/store/planet/replication/hour" -end - -template "/var/lib/replication/hour/configuration.txt" do - source "replication.config.erb" - owner "planet" - group "planet" - mode "644" - variables :base => "minute", :interval => 3600 -end - -## Daily replication - -directory "/store/planet/replication/day" do - owner "planet" - group "planet" - mode "755" -end - -directory "/var/lib/replication/day" do - owner "planet" - group "planet" - mode "755" -end - -link "/var/lib/replication/day/data" do - to "/store/planet/replication/day" -end - -template "/var/lib/replication/day/configuration.txt" do - source "replication.config.erb" - owner "planet" - group "planet" - mode "644" - variables :base => "hour", :interval => 86400 +systemd_service "replication-changesets" do + description "Changesets replication" + user "planet" + exec_start "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf" + sandbox :enable_network => true + protect_home "tmpfs" + bind_paths "/home/planet" + read_write_paths [ + "/run/replication", + "/store/planet/replication/changesets" + ] +end + +systemd_timer "replication-changesets" do + description "Changesets replication" + on_boot_sec 60 + on_unit_active_sec 60 + accuracy_sec 5 end -## Minutely replication (test feed) +## Minutely replication -directory "/store/planet/replication/test/minute" do +directory "/store/planet/replication/minute" do owner "planet" group "planet" mode "755" end -directory "/store/replication" do +directory "/var/lib/replication/minute" do owner "planet" group "planet" mode "755" @@ -285,7 +251,7 @@ osmdbt_config = { "replication_slot" => "osmdbt" }, "log_dir" => "/var/lib/replication/minute", - "changes_dir" => "/store/planet/replication/test/minute", + "changes_dir" => "/store/planet/replication/minute", "tmp_dir" => "/store/replication/minute", "run_dir" => "/run/replication" } @@ -302,12 +268,14 @@ systemd_service "replication-minutely" do user "planet" working_directory "/etc/replication" exec_start "/usr/local/bin/replicate-minute" - private_tmp true - private_devices true - protect_system "full" - protect_home true - restrict_address_families %w[AF_INET AF_INET6] - no_new_privileges true + sandbox :enable_network => true + protect_home "tmpfs" + bind_paths "/home/planet" + read_write_paths [ + "/run/replication", + "/store", + "/var/lib/replication/minute" + ] end systemd_timer "replication-minutely" do @@ -317,85 +285,91 @@ systemd_timer "replication-minutely" do accuracy_sec 5 end -### Hourly replication (test feed) +## Hourly replication -directory "/store/planet/replication/test/hour" do +directory "/store/planet/replication/hour" do owner "planet" group "planet" mode "755" end -directory "/var/lib/replication/test/hour" do +directory "/var/lib/replication/hour" do owner "planet" group "planet" mode "755" end -link "/var/lib/replication/test/hour/data" do - to "/store/planet/replication/test/hour" +link "/var/lib/replication/hour/data" do + to "/store/planet/replication/hour" end -template "/var/lib/replication/test/hour/configuration.txt" do +template "/var/lib/replication/hour/configuration.txt" do source "replication.config.erb" owner "planet" group "planet" mode "644" - variables :base => "test/minute", :interval => 3600 + variables :base => "minute", :interval => 3600 end systemd_service "replication-hourly" do description "Hourly replication" user "planet" - exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/test/hour" - private_tmp true - private_devices true - protect_system "full" - protect_home true - restrict_address_families %w[AF_INET AF_INET6] - no_new_privileges true + exec_start "/usr/local/bin/replicate-hour" + environment "LD_PRELOAD" => "/opt/flush/flush.so" + sandbox :enable_network => true + memory_deny_write_execute false + protect_home "tmpfs" + bind_paths "/home/planet" + read_write_paths [ + "/store/planet/replication/hour", + "/var/lib/replication/hour" + ] end systemd_timer "replication-hourly" do - description "Daily replication" + description "Hourly replication" on_calendar "*-*-* *:02/15:00" end -## Daily replication (test feed) +## Daily replication -directory "/store/planet/replication/test/day" do +directory "/store/planet/replication/day" do owner "planet" group "planet" mode "755" end -directory "/var/lib/replication/test/day" do +directory "/var/lib/replication/day" do owner "planet" group "planet" mode "755" end -link "/var/lib/replication/test/day/data" do - to "/store/planet/replication/test/day" +link "/var/lib/replication/day/data" do + to "/store/planet/replication/day" end -template "/var/lib/replication/test/day/configuration.txt" do +template "/var/lib/replication/day/configuration.txt" do source "replication.config.erb" owner "planet" group "planet" mode "644" - variables :base => "test/hour", :interval => 86400 + variables :base => "hour", :interval => 86400 end systemd_service "replication-daily" do description "Daily replication" user "planet" - exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/test/day" - private_tmp true - private_devices true - protect_system "full" - protect_home true - restrict_address_families %w[AF_INET AF_INET6] - no_new_privileges true + exec_start "/usr/local/bin/replicate-day" + environment "LD_PRELOAD" => "/opt/flush/flush.so" + sandbox :enable_network => true + memory_deny_write_execute false + protect_home "tmpfs" + bind_paths "/home/planet" + read_write_paths [ + "/store/planet/replication/day", + "/var/lib/replication/day" + ] end systemd_timer "replication-daily" do @@ -403,52 +377,36 @@ systemd_timer "replication-daily" do on_calendar "*-*-* *:02/15:00" end -## Enable/disable feeds +## Replication cleanup -if node[:planet][:replication] == "enabled" - cron_d "users-agreed" do - minute "0" - hour "7" - user "planet" - command "/usr/local/bin/users-agreed" - mailto "zerebubuth@gmail.com" - end +systemd_service "replication-cleanup" do + description "Cleanup replication" + user "planet" + exec_start "/usr/local/bin/replicate-cleanup" + sandbox true + read_write_paths "/var/lib/replication" +end - cron_d "users-deleted" do - minute "0" - hour "17" - user "planet" - command "/usr/local/bin/users-deleted" - mailto "zerebubuth@gmail.com" - end +systemd_timer "replication-cleanup" do + description "Cleanup replication" + on_boot_sec 60 + on_unit_active_sec 86400 + accuracy_sec 1800 +end - cron_d "replication-changesets" do - user "planet" - command "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf" - mailto "zerebubuth@gmail.com" - end +## Enable/disable feeds - cron_d "replication-minutely" do - user "planet" - command "/usr/local/bin/osmosis -q --replicate-apidb authFile=/etc/replication/auth.conf validateSchemaVersion=false --write-replication workingDirectory=/store/planet/replication/minute" - mailto "brett@bretth.com" - environment "LD_PRELOAD" => "/opt/flush/flush.so" +if node[:planet][:replication] == "enabled" + service "users-agreed.timer" do + action [:enable, :start] end - cron_d "replication-hourly" do - minute "2,7,12,17" - user "planet" - command "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour" - mailto "brett@bretth.com" - environment "LD_PRELOAD" => "/opt/flush/flush.so" + service "users-deleted.timer" do + action [:enable, :start] end - cron_d "replication-daily" do - minute "5,10,15,20" - user "planet" - command "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day" - mailto "brett@bretth.com" - environment "LD_PRELOAD" => "/opt/flush/flush.so" + service "replication-changesets.timer" do + action [:enable, :start] end service "replication-minutely.timer" do @@ -462,29 +420,21 @@ if node[:planet][:replication] == "enabled" service "replication-daily.timer" do action [:enable, :start] end -else - cron_d "users-agreed" do - action :delete - end - - cron_d "users-deleted" do - action :delete - end - cron_d "replication-changesets" do - action :delete + service "replication-cleanup.timer" do + action [:enable, :start] end - - cron_d "replication-minutely" do - action :delete +else + service "users-agreed.timer" do + action [:stop, :disable] end - cron_d "replication-hourly" do - action :delete + service "users-deleted.timer" do + action [:stop, :disable] end - cron_d "replication-daily" do - action :delete + service "replication-changesets.timer" do + action [:stop, :disable] end service "replication-minutely.timer" do @@ -498,4 +448,8 @@ else service "replication-daily.timer" do action [:stop, :disable] end + + service "replication-cleanup.timer" do + action [:stop, :disable] + end end