mode 0o755
end
-template "/etc/sudoers.d/tile" do
- source "sudoers.erb"
- owner "root"
- group "root"
- mode 0o440
-end
-
directory "/var/lib/replicate" do
owner "tile"
group "tile"
mode 0o755
end
+directory "/var/lib/replicate/expire-queue" do
+ owner "tile"
+ group "www-data"
+ mode 0o775
+end
+
template "/var/lib/replicate/configuration.txt" do
source "replicate.configuration.erb"
owner "tile"
mode 0o755
end
+systemd_service "expire-tiles" do
+ description "Tile dirtying service"
+ type "oneshot"
+ user "www-data"
+ exec_start "/usr/local/bin/expire-tiles"
+ standard_output "null"
+ private_tmp true
+ private_devices true
+ protect_system "full"
+ protect_home true
+ no_new_privileges true
+end
+
+systemd_path "expire-tiles" do
+ description "Tile dirtying trigger"
+ directory_not_empty "/var/lib/replicate/expire-queue"
+end
+
+service "expire-tiles.path" do
+ action [:enable, :start]
+ subscribes :restart, "systemd_path[expire-tiles]"
+end
+
systemd_service "replicate" do
description "Rendering database replication service"
after "postgresql.service"
private_devices true
protect_system "full"
protect_home true
+ no_new_privileges true
restart "on-failure"
end
max_zoom = <%= node[:tile][:styles].collect { |n,d| d[:max_zoom] }.max %>
-ARGV.each do |f|
+Dir.glob("/var/lib/replicate/expire-queue/changes-*.osm.gz").each do |f|
Expire::expire(f, 13, max_zoom, tile_dirs)
+ File::unlink(f)
end
# No need to rollback now
rm state-prev.txt
- # Expire tiles which are touched by the changes
- sudo -u www-data /usr/local/bin/expire-tiles ${file} > /dev/null 2>&1 &
+ # Queue these changes for expiry processing
+ ln ${file} expire-queue/$file
fi
# Delete old downloads
+++ /dev/null
-# DO NOT EDIT - This file is being maintained by Chef
-
-# Allow the replication service to expire tiles
-tile ALL=(www-data) NOPASSWD: /usr/local/bin/expire-tiles
projects / chef.git / commitdiff