From: Tom Hughes <tom@compton.nu>
Date: Mon, 16 Sep 2024 07:58:09 +0000 (+0100)
Subject: Move log storage to backup server
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/7f33734e863bf7ba1d1e4f1f1db208450b4cbb2b

Move log storage to backup server
---

diff --git a/cookbooks/backup/recipes/default.rb b/cookbooks/backup/recipes/default.rb
index 0999231ef..64e63fdee 100644
--- a/cookbooks/backup/recipes/default.rb
+++ b/cookbooks/backup/recipes/default.rb
@@ -32,6 +32,15 @@ directory "/store/backup" do
   recursive true
 end
 
+%w[planet tile www].each do |service|
+  directory "/store/logs/#{service}.openstreetmap.org" do
+    owner "osmbackup"
+    group "osmbackup"
+    mode "2755"
+    recursive true
+  end
+end
+
 cookbook_file "/usr/local/bin/expire-backups" do
   owner "root"
   group "root"
diff --git a/cookbooks/planet/templates/default/logrotate.apache.erb b/cookbooks/planet/templates/default/logrotate.apache.erb
index f1c5dde56..69ca79ca1 100644
--- a/cookbooks/planet/templates/default/logrotate.apache.erb
+++ b/cookbooks/planet/templates/default/logrotate.apache.erb
@@ -11,7 +11,7 @@
 	sharedscripts
 	postrotate
 		/etc/init.d/apache2 reload > /dev/null
-		rsync --preallocate /var/log/apache2/planet.openstreetmap.org-access.log.2.gz ironbelly::logs/planet.openstreetmap.org/`date -d "-7 days" +%Y-%m-%d`.gz
+		rsync --preallocate /var/log/apache2/planet.openstreetmap.org-access.log.2.gz backup.openstreetmap.org::logs/planet.openstreetmap.org/`date -d "-7 days" +%Y-%m-%d`.gz
 	endscript
 	prerotate
 		if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
diff --git a/cookbooks/web/templates/default/logrotate.apache.erb b/cookbooks/web/templates/default/logrotate.apache.erb
index b4d171be8..e2870c3b9 100644
--- a/cookbooks/web/templates/default/logrotate.apache.erb
+++ b/cookbooks/web/templates/default/logrotate.apache.erb
@@ -11,6 +11,6 @@
   sharedscripts
   postrotate
     /etc/init.d/apache2 reload > /dev/null
-    /usr/bin/rsync --preallocate /var/log/apache2/access.log.2.gz ironbelly::logs/www.openstreetmap.org/<%= node[:hostname] %>-`date -d "-2 days" +%Y-%m-%d`.gz
+    /usr/bin/rsync --preallocate /var/log/apache2/access.log.2.gz backup.openstreetmap.org::logs/www.openstreetmap.org/<%= node[:hostname] %>-`date -d "-2 days" +%Y-%m-%d`.gz
   endscript
 }
diff --git a/cookbooks/web/templates/default/logrotate.web.erb b/cookbooks/web/templates/default/logrotate.web.erb
index 03c3cb08a..82b08c1c0 100644
--- a/cookbooks/web/templates/default/logrotate.web.erb
+++ b/cookbooks/web/templates/default/logrotate.web.erb
@@ -22,7 +22,7 @@
 <% end -%>
 <% if node[:recipes].include?("web::cgimap") -%>
     /bin/systemctl reload cgimap
-    /usr/bin/rsync --preallocate <%= node[:web][:log_directory] %>/cgimap.log.2.gz ironbelly::logs/www.openstreetmap.org/cgimap-<%= node[:hostname] %>-`date -d "-2 days" +%Y-%m-%d`.gz
+    /usr/bin/rsync --preallocate <%= node[:web][:log_directory] %>/cgimap.log.2.gz backup.openstreetmap.org::logs/www.openstreetmap.org/cgimap-<%= node[:hostname] %>-`date -d "-2 days" +%Y-%m-%d`.gz
 <% end -%>
   endscript
 }
diff --git a/roles/backup.rb b/roles/backup.rb
index 339ba54af..00c73fd82 100644
--- a/roles/backup.rb
+++ b/roles/backup.rb
@@ -33,6 +33,30 @@ default_attributes(
           "127.0.0.0/8",                         # localhost
           "::1"                                  # localhost
         ]
+      },
+      :logs => {
+        :comment => "Log files",
+        :path => "/store/logs",
+        :read_only => false,
+        :write_only => true,
+        :list => false,
+        :uid => "osmbackup",
+        :gid => "osmbackup",
+        :transfer_logging => false,
+        :hosts_allow => [
+          "193.60.236.0/24",          # ucl external
+          "10.0.48.0/20",             # amsterdam internal
+          "184.104.179.128/27",       # amsterdam external
+          "2001:470:1:fa1::/64",      # amsterdam external
+          "10.0.64.0/20",             # dublin internal
+          "184.104.226.96/27",        # dublin external
+          "2001:470:1:b3b::/64",      # dublin external
+          "10.0.32.0/20",             # bytemark internal
+          "89.16.162.16/28",          # bytemark external
+          "2001:41c9:2:d6::/64",      # bytemark external
+          "127.0.0.0/8",              # localhost
+          "::1"                       # localhost
+        ]
       }
     }
   }
diff --git a/roles/ironbelly.rb b/roles/ironbelly.rb
index 696ee3f56..95bfe9e39 100644
--- a/roles/ironbelly.rb
+++ b/roles/ironbelly.rb
@@ -75,34 +75,6 @@ default_attributes(
           :max_size => "51200M"
       }
     }
-  },
-  :rsyncd => {
-    :modules => {
-      :logs => {
-        :comment => "Log files",
-        :path => "/store/logs",
-        :read_only => false,
-        :write_only => true,
-        :list => false,
-        :uid => "www-data",
-        :gid => "www-data",
-        :transfer_logging => false,
-        :hosts_allow => [
-          "193.60.236.0/24",          # ucl external
-          "10.0.48.0/20",             # amsterdam internal
-          "184.104.179.128/27",       # amsterdam external
-          "2001:470:1:fa1::/64",      # amsterdam external
-          "10.0.64.0/20",             # dublin internal
-          "184.104.226.96/27",        # dublin external
-          "2001:470:1:b3b::/64",      # dublin external
-          "10.0.32.0/20",             # bytemark internal
-          "89.16.162.16/28",          # bytemark external
-          "2001:41c9:2:d6::/64",      # bytemark external
-          "127.0.0.0/8",              # localhost
-          "::1"                       # localhost
-        ]
-      }
-    }
   }
 )