X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/fedddc7182f1f441b607ab8eb7644ac60924f129..18db4c72edea0d2cd4df5b7d7d9011df618d0ff9:/cookbooks/tilelog/recipes/default.rb

diff --git a/cookbooks/tilelog/recipes/default.rb b/cookbooks/tilelog/recipes/default.rb
index 9660b9d57..937022515 100644
--- a/cookbooks/tilelog/recipes/default.rb
+++ b/cookbooks/tilelog/recipes/default.rb
@@ -2,7 +2,7 @@
 # Cookbook:: tilelog
 # Recipe:: default
 #
-# Copyright:: 2014, OpenStreetMap Foundation
+# Copyright:: 2014-2022, OpenStreetMap Foundation
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,6 +17,8 @@
 # limitations under the License.
 #
 
+include_recipe "accounts"
+include_recipe "planet::aws"
 include_recipe "python"
 
 passwords = data_bag_item("tilelog", "passwords")
@@ -31,11 +33,12 @@ end
 python_package "tilelog" do
   python_virtualenv tilelog_directory
   python_version "3"
+  version "1.7.0"
 end
 
 directory tilelog_output_directory do
-  user "www-data"
-  group "www-data"
+  user "planet"
+  group "planet"
   mode "755"
   recursive true
 end
@@ -51,12 +54,12 @@ end
 
 systemd_service "tilelog" do
   description "Tile log analysis"
-  user "www-data"
+  user "planet"
   exec_start "/usr/local/bin/tilelog"
-  private_tmp true
-  private_devices true
-  protect_system "strict"
-  protect_home true
+  nice 10
+  sandbox :enable_network => true
+  protect_home "tmpfs"
+  bind_paths "/home/planet"
   read_write_paths tilelog_output_directory
 end