Run planetdump as a systemd service with a 64Gb memory limit

diff --git a/cookbooks/planet/metadata.rb b/cookbooks/planet/metadata.rb
index 425fe95f537a100d5eef2e5c6874c5ad61e89058..99c6c4e1cbde4d399d1e9007f6b05c290d3b9220 100644 (file)
--- a/cookbooks/planet/metadata.rb
+++ b/cookbooks/planet/metadata.rb
@@ -12,3 +12,4 @@ depends           "git"
 depends           "incron"
 depends           "munin"
 depends           "osmosis"
+depends           "systemd"

diff --git a/cookbooks/planet/recipes/dump.rb b/cookbooks/planet/recipes/dump.rb
index f7274caa7b2495b1d692182795d8e4aff30a11f4..d873a903652b3999bc11920b1bb6e8a0c7b5a329 100644 (file)
--- a/cookbooks/planet/recipes/dump.rb
+++ b/cookbooks/planet/recipes/dump.rb
@@ -18,10 +18,10 @@
 #
 
 node.default[:incron][:planetdump] = {
-  :user => "www-data",
+  :user => "root",
   :path => "/store/backup",
   :events => %w[IN_CREATE IN_MOVED_TO],
-  :command => "/usr/local/bin/planetdump $#"
+  :command => "/usr/bin/systemctl start planetdump@$#"
 }
 
 include_recipe "git"
@@ -107,6 +107,19 @@ end
   end
 end
 
+systemd_service "planetdump@" do
+  description "Planet dump for %i"
+  user "www-data"
+  exec_start "/usr/local/bin/planetdump %i"
+  memory_max "64G"
+  private_tmp true
+  private_devices true
+  private_network true
+  protect_system "full"
+  protect_home true
+  no_new_privileges true
+end
+
 template "/etc/cron.d/planet-dump-mirror" do
   source "planet-dump-mirror-cron.erb"
   owner "root"