X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/8493613d9ea9b1db22b86d528e0cf231c0d68b6c..e0cd7ddfb11237afe38cf0db8a395f61b9595ea4:/cookbooks/db/recipes/master.rb diff --git a/cookbooks/db/recipes/master.rb b/cookbooks/db/recipes/master.rb index fe9c4cacf..c2450a7a4 100644 --- a/cookbooks/db/recipes/master.rb +++ b/cookbooks/db/recipes/master.rb @@ -41,6 +41,11 @@ postgresql_user "rails" do password passwords["rails"] end +postgresql_user "cgimap" do + cluster node[:db][:cluster] + password passwords["cgimap"] +end + postgresql_user "planetdump" do cluster node[:db][:cluster] password passwords["planetdump"] @@ -57,11 +62,6 @@ postgresql_user "backup" do password passwords["backup"] end -postgresql_user "gpximport" do - cluster node[:db][:cluster] - password passwords["gpximport"] -end - postgresql_user "munin" do cluster node[:db][:cluster] password passwords["munin"] @@ -83,3 +83,305 @@ postgresql_extension "btree_gist" do database "openstreetmap" only_if { node[:postgresql][:clusters][node[:db][:cluster]] && node[:postgresql][:clusters][node[:db][:cluster]][:version] >= 9.0 } end + +%w[ + active_storage_attachments + active_storage_blobs + active_storage_variant_records + ar_internal_metadata + delayed_jobs + issue_comments + issues + oauth_openid_requests + reports +].each do |table| + postgresql_table table do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:select, :insert, :update, :delete], + "backup" => [:select] + end +end + +%w[ + acls + changesets_subscribers + diary_comments + diary_entries + diary_entry_subscriptions + friends + gps_points + gpx_file_tags + gpx_files + languages + messages + redactions + schema_migrations + user_preferences + user_tokens +].each do |table| + postgresql_table table do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:select, :insert, :update, :delete], + "backup" => [:select] + end +end + +%w[ + note_comments + notes +].each do |table| + postgresql_table table do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:select, :insert, :update, :delete], + "planetdump" => [:select], + "backup" => [:select] + end +end + +%w[ + changeset_comments + changeset_tags +].each do |table| + postgresql_table table do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:select, :insert, :update, :delete], + "cgimap" => [:select], + "planetdiff" => [:select], + "backup" => [:select] + end +end + +%w[ + users +].each do |table| + postgresql_table table do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:select, :insert, :update, :delete], + "cgimap" => [:select], + "planetdump" => [:select], + "planetdiff" => [:select], + "backup" => [:select] + end +end + +%w[changesets].each do |table| + postgresql_table table do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:select, :insert, :update, :delete], + "cgimap" => [:select, :update], + "planetdiff" => [:select], + "backup" => [:select] + end +end + +%w[ + current_nodes + current_relations + current_ways +].each do |table| + postgresql_table table do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:select, :insert, :update, :delete], + "cgimap" => [:select, :insert, :update], + "backup" => [:select] + end +end + +%w[ + current_node_tags + current_relation_members + current_relation_tags + current_way_nodes + current_way_tags +].each do |table| + postgresql_table table do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:select, :insert, :update, :delete], + "cgimap" => [:select, :insert, :delete], + "backup" => [:select] + end +end + +%w[ + node_tags + nodes + relation_members + relation_tags + relations + way_nodes + way_tags + ways +].each do |table| + postgresql_table table do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:select, :insert, :update, :delete], + "cgimap" => [:select, :insert], + "planetdiff" => [:select], + "backup" => [:select] + end +end + +%w[ + client_applications + oauth_access_grants + oauth_access_tokens + oauth_applications + oauth_tokens + user_blocks + user_roles +].each do |table| + postgresql_table table do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:select, :insert, :update, :delete], + "cgimap" => [:select], + "backup" => [:select] + end +end + +%w[ + oauth_nonces +].each do |table| + postgresql_table table do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:select, :insert, :update, :delete], + "cgimap" => [:select, :insert], + "backup" => [:select] + end +end + +%w[ + acls_id_seq + active_storage_attachments_id_seq + active_storage_blobs_id_seq + active_storage_variant_records_id_seq + changeset_comments_id_seq + changesets_id_seq + client_applications_id_seq + delayed_jobs_id_seq + diary_comments_id_seq + diary_entries_id_seq + friends_id_seq + gpx_file_tags_id_seq + gpx_files_id_seq + issue_comments_id_seq + issues_id_seq + messages_id_seq + note_comments_id_seq + notes_id_seq + oauth_access_grants_id_seq + oauth_access_tokens_id_seq + oauth_applications_id_seq + oauth_openid_requests_id_seq + oauth_tokens_id_seq + redactions_id_seq + reports_id_seq + user_blocks_id_seq + user_roles_id_seq + user_tokens_id_seq + users_id_seq +].each do |sequence| + postgresql_sequence sequence do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:usage], + "backup" => [:select] + end +end + +%w[ + current_nodes_id_seq + current_relations_id_seq + current_ways_id_seq + oauth_nonces_id_seq +].each do |sequence| + postgresql_sequence sequence do + cluster node[:db][:cluster] + database "openstreetmap" + owner "openstreetmap" + permissions "openstreetmap" => [:all], + "rails" => [:usage], + "cgimap" => [:update], + "backup" => [:select] + end +end + +cookbook_file "/usr/local/share/monthly-reindex.sql" do + owner "root" + group "root" + mode "644" +end + +systemd_service "monthly-reindex" do + description "Monthly database reindex" + exec_start "/usr/bin/psql -f /usr/local/share/monthly-reindex.sql openstreetmap" + user "postgres" + sandbox true + restrict_address_families "AF_UNIX" +end + +systemd_timer "monthly-reindex" do + description "Monthly database reindex" + on_calendar "Sun *-*-1..7 02:00" +end + +service "monthly-reindex.timer" do + action [:enable, :start] +end + +cookbook_file "/usr/local/share/yearly-reindex.sql" do + owner "root" + group "root" + mode "644" +end + +systemd_service "yearly-reindex" do + description "Yearly database reindex" + exec_start "/usr/bin/psql -f /usr/local/share/yearly-reindex.sql openstreetmap" + user "postgres" + sandbox true + restrict_address_families "AF_UNIX" +end + +systemd_timer "yearly-reindex" do + description "Yearly database reindex" + on_calendar "Fri *-1-8..14 02:00" +end + +service "yearly-reindex.timer" do + action [:enable, :start] +end