cookbooks/db/recipes/master.rb

   1 #
   2 # Cookbook:: db
   3 # Recipe:: master
   4 #
   5 # Copyright:: 2011, OpenStreetMap Foundation
   6 #
   7 # Licensed under the Apache License, Version 2.0 (the "License");
   8 # you may not use this file except in compliance with the License.
   9 # You may obtain a copy of the License at
  10 #
  11 #     https://www.apache.org/licenses/LICENSE-2.0
  12 #
  13 # Unless required by applicable law or agreed to in writing, software
  14 # distributed under the License is distributed on an "AS IS" BASIS,
  15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16 # See the License for the specific language governing permissions and
  17 # limitations under the License.
  18 #
  19
  20 include_recipe "db::base"
  21
  22 passwords = data_bag_item("db", "passwords")
  23
  24 postgresql_user "tomh" do
  25   cluster node[:db][:cluster]
  26   superuser true
  27 end
  28
  29 postgresql_user "matt" do
  30   cluster node[:db][:cluster]
  31   superuser true
  32 end
  33
  34 postgresql_user "openstreetmap" do
  35   cluster node[:db][:cluster]
  36   password passwords["openstreetmap"]
  37 end
  38
  39 postgresql_user "rails" do
  40   cluster node[:db][:cluster]
  41   password passwords["rails"]
  42 end
  43
  44 postgresql_user "cgimap" do
  45   cluster node[:db][:cluster]
  46   password passwords["cgimap"]
  47 end
  48
  49 postgresql_user "planetdump" do
  50   cluster node[:db][:cluster]
  51   password passwords["planetdump"]
  52 end
  53
  54 postgresql_user "planetdiff" do
  55   cluster node[:db][:cluster]
  56   password passwords["planetdiff"]
  57   replication true
  58 end
  59
  60 postgresql_user "backup" do
  61   cluster node[:db][:cluster]
  62   password passwords["backup"]
  63 end
  64
  65 postgresql_user "replication" do
  66   cluster node[:db][:cluster]
  67   password passwords["replication"]
  68   replication true
  69 end
  70
  71 postgresql_database "openstreetmap" do
  72   cluster node[:db][:cluster]
  73   owner "openstreetmap"
  74 end
  75
  76 postgresql_extension "btree_gist" do
  77   cluster node[:db][:cluster]
  78   database "openstreetmap"
  79   only_if { node[:postgresql][:clusters][node[:db][:cluster]] && node[:postgresql][:clusters][node[:db][:cluster]][:version] >= 9.0 }
  80 end
  81
  82 CGIMAP_PERMISSIONS = {
  83   "changeset_comments" => [:select],
  84   "changeset_tags" => [:select],
  85   "changesets" => [:select, :update],
  86   "current_node_tags" => [:select, :insert, :delete],
  87   "current_nodes" => [:select, :insert, :update],
  88   "current_nodes_id_seq" => [:update],
  89   "current_relation_members" => [:select, :insert, :delete],
  90   "current_relation_tags" => [:select, :insert, :delete],
  91   "current_relations" => [:select, :insert, :update],
  92   "current_relations_id_seq" => [:update],
  93   "current_way_nodes" => [:select, :insert, :delete],
  94   "current_way_tags" => [:select, :insert, :delete],
  95   "current_ways" => [:select, :insert, :update],
  96   "current_ways_id_seq" => [:update],
  97   "issues" => [:select],
  98   "node_tags" => [:select, :insert],
  99   "nodes" => [:select, :insert],
 100   "oauth_access_grants" => [:select],
 101   "oauth_access_tokens" => [:select],
 102   "oauth_applications" => [:select],
 103   "relation_members" => [:select, :insert],
 104   "relation_tags" => [:select, :insert],
 105   "relations" => [:select, :insert],
 106   "reports" => [:select],
 107   "user_blocks" => [:select],
 108   "user_roles" => [:select],
 109   "users" => [:select],
 110   "way_nodes" => [:select, :insert],
 111   "way_tags" => [:select, :insert],
 112   "ways" => [:select, :insert]
 113 }.freeze
 114
 115 PLANETDUMP_PERMISSIONS = {
 116   "note_comments" => :select,
 117   "notes" => :select,
 118   "users" => :select
 119 }.freeze
 120
 121 PLANETDIFF_PERMISSIONS = {
 122   "changeset_comments" => :select,
 123   "changeset_tags" => :select,
 124   "changesets" => :select,
 125   "node_tags" => :select,
 126   "nodes" => :select,
 127   "relation_members" => :select,
 128   "relation_tags" => :select,
 129   "relations" => :select,
 130   "users" => :select,
 131   "way_nodes" => :select,
 132   "way_tags" => :select,
 133   "ways" => :select
 134 }.freeze
 135
 136 PROMETHEUS_PERMISSIONS = {
 137   "delayed_jobs" => :select
 138 }.freeze
 139
 140 %w[
 141   acls
 142   active_storage_attachments
 143   active_storage_blobs
 144   active_storage_variant_records
 145   ar_internal_metadata
 146   changeset_comments
 147   changeset_tags
 148   changesets
 149   changesets_subscribers
 150   current_node_tags
 151   current_nodes
 152   current_relation_members
 153   current_relation_tags
 154   current_relations
 155   current_way_nodes
 156   current_way_tags
 157   current_ways
 158   delayed_jobs
 159   diary_comments
 160   diary_entries
 161   diary_entry_subscriptions
 162   friends
 163   gps_points
 164   gpx_file_tags
 165   gpx_files
 166   issue_comments
 167   issues
 168   languages
 169   messages
 170   node_tags
 171   nodes
 172   note_comments
 173   note_subscriptions
 174   notes
 175   oauth_access_grants
 176   oauth_access_tokens
 177   oauth_applications
 178   oauth_openid_requests
 179   redactions
 180   relation_members
 181   relation_tags
 182   relations
 183   reports
 184   schema_migrations
 185   user_blocks
 186   user_mutes
 187   user_preferences
 188   user_roles
 189   users
 190   way_nodes
 191   way_tags
 192   ways
 193 ].each do |table|
 194   postgresql_table table do
 195     cluster node[:db][:cluster]
 196     database "openstreetmap"
 197     owner "openstreetmap"
 198     permissions "openstreetmap" => [:all],
 199                 "rails" => [:select, :insert, :update, :delete],
 200                 "cgimap" => CGIMAP_PERMISSIONS[table],
 201                 "planetdump" => PLANETDUMP_PERMISSIONS[table],
 202                 "planetdiff" => PLANETDIFF_PERMISSIONS[table],
 203                 "prometheus" => PROMETHEUS_PERMISSIONS[table],
 204                 "backup" => [:select]
 205   end
 206 end
 207
 208 %w[
 209   acls_id_seq
 210   active_storage_attachments_id_seq
 211   active_storage_blobs_id_seq
 212   active_storage_variant_records_id_seq
 213   changeset_comments_id_seq
 214   changesets_id_seq
 215   current_nodes_id_seq
 216   current_relations_id_seq
 217   current_ways_id_seq
 218   delayed_jobs_id_seq
 219   diary_comments_id_seq
 220   diary_entries_id_seq
 221   friends_id_seq
 222   gpx_file_tags_id_seq
 223   gpx_files_id_seq
 224   issue_comments_id_seq
 225   issues_id_seq
 226   messages_id_seq
 227   note_comments_id_seq
 228   notes_id_seq
 229   oauth_access_grants_id_seq
 230   oauth_access_tokens_id_seq
 231   oauth_applications_id_seq
 232   oauth_openid_requests_id_seq
 233   redactions_id_seq
 234   reports_id_seq
 235   user_blocks_id_seq
 236   user_mutes_id_seq
 237   user_roles_id_seq
 238   users_id_seq
 239 ].each do |sequence|
 240   postgresql_sequence sequence do
 241     cluster node[:db][:cluster]
 242     database "openstreetmap"
 243     owner "openstreetmap"
 244     permissions "openstreetmap" => [:all],
 245                 "rails" => [:usage],
 246                 "cgimap" => CGIMAP_PERMISSIONS[sequence],
 247                 "backup" => [:select]
 248   end
 249 end
 250
 251 cookbook_file "/usr/local/share/monthly-reindex.sql" do
 252   owner "root"
 253   group "root"
 254   mode "644"
 255 end
 256
 257 systemd_service "monthly-reindex" do
 258   description "Monthly database reindex"
 259   exec_start "/usr/bin/psql -f /usr/local/share/monthly-reindex.sql openstreetmap"
 260   user "postgres"
 261   sandbox true
 262   restrict_address_families "AF_UNIX"
 263   remove_ipc false
 264 end
 265
 266 systemd_timer "monthly-reindex" do
 267   description "Monthly database reindex"
 268   on_calendar "Sun *-*-1..7 02:00"
 269 end
 270
 271 service "monthly-reindex.timer" do
 272   action [:enable, :start]
 273 end
 274
 275 cookbook_file "/usr/local/share/yearly-reindex.sql" do
 276   owner "root"
 277   group "root"
 278   mode "644"
 279 end
 280
 281 systemd_service "yearly-reindex" do
 282   description "Yearly database reindex"
 283   exec_start "/usr/bin/psql -f /usr/local/share/yearly-reindex.sql openstreetmap"
 284   user "postgres"
 285   sandbox true
 286   restrict_address_families "AF_UNIX"
 287   remove_ipc false
 288 end
 289
 290 systemd_timer "yearly-reindex" do
 291   description "Yearly database reindex"
 292   on_calendar "Thu *-1-8..14 02:00"
 293 end
 294
 295 service "yearly-reindex.timer" do
 296   action [:enable, :start]
 297 end
 298
 299 template "/etc/prometheus/exporters/sql_rails.collector.yml" do
 300   source "sql_rails.yml.erb"
 301   owner "root"
 302   group "root"
 303   mode "0644"
 304 end