X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/cc7dc2d10bf3457a9d6a28931bf96539bfac6491..23d8f4f4043479c3cbd43239bc2ab2e20dd87eb8:/cookbooks/planet/recipes/replication.rb?ds=sidebyside diff --git a/cookbooks/planet/recipes/replication.rb b/cookbooks/planet/recipes/replication.rb index 165b9282a..e09bbcbe6 100644 --- a/cookbooks/planet/recipes/replication.rb +++ b/cookbooks/planet/recipes/replication.rb @@ -20,22 +20,30 @@ require "yaml" include_recipe "accounts" +include_recipe "apt" include_recipe "osmosis" +include_recipe "ruby" +include_recipe "tools" db_passwords = data_bag_item("db", "passwords") +## Install required packages + package %w[ postgresql-client - ruby - ruby-dev ruby-libxml make gcc + libc6-dev libpq-dev osmdbt ] -gem_package "pg" +gem_package "pg" do + gem_binary node[:ruby][:gem] +end + +## Build preload library to flush files remote_directory "/opt/flush" do source "flush" @@ -56,6 +64,8 @@ execute "/opt/flush/Makefile" do subscribes :run, "remote_directory[/opt/flush]" end +## Install scripts + remote_directory "/usr/local/bin" do source "replication-bin" owner "root" @@ -66,13 +76,6 @@ remote_directory "/usr/local/bin" do files_mode "755" end -template "/usr/local/bin/replicate-minute" do - source "replicate-minute.erb" - owner "root" - group "root" - mode "755" -end - template "/usr/local/bin/users-agreed" do source "users-agreed.erb" owner "root" @@ -87,6 +90,8 @@ template "/usr/local/bin/users-deleted" do mode "755" end +## Published deleted users directory + remote_directory "/store/planet/users_deleted" do source "users_deleted" owner "planet" @@ -97,6 +102,8 @@ remote_directory "/store/planet/users_deleted" do files_mode "644" end +## Published replication directory + remote_directory "/store/planet/replication" do source "replication-cgi" owner "root" @@ -107,103 +114,144 @@ remote_directory "/store/planet/replication" do files_mode "755" end -directory "/store/planet/replication/changesets" do - owner "planet" - group "planet" +## Configuration directory + +directory "/etc/replication" do + owner "root" + group "root" mode "755" end -directory "/store/planet/replication/day" do +## Transient state directory + +systemd_tmpfile "/run/replication" do + type "d" owner "planet" group "planet" mode "755" end -directory "/store/planet/replication/hour" do +## Persistent state directory + +directory "/var/lib/replication" do owner "planet" group "planet" mode "755" end -directory "/store/planet/replication/minute" do +## Temporary directory + +directory "/store/replication" do owner "planet" group "planet" mode "755" end -directory "/store/planet/replication/test" do - owner "planet" +## Users replication + +template "/etc/replication/users-agreed.conf" do + source "users-agreed.conf.erb" + user "planet" group "planet" - mode "755" + mode "600" + variables :password => db_passwords["planetdiff"] end -directory "/store/planet/replication/test/day" do - owner "planet" - group "planet" - mode "755" +systemd_service "users-agreed" do + description "Update list of users accepting CTs" + user "planet" + exec_start "/usr/local/bin/users-agreed" + nice 10 + private_tmp true + private_devices true + protect_system "strict" + protect_home true + read_write_paths "/store/planet/users_agreed" + restrict_address_families %w[AF_INET AF_INET6] + no_new_privileges true end -directory "/store/planet/replication/test/hour" do - owner "planet" - group "planet" - mode "755" +systemd_timer "users-agreed" do + description "Update list of users accepting CTs" + on_calendar "7:00" end -directory "/store/planet/replication/test/minute" do - owner "planet" - group "planet" - mode "755" +systemd_service "users-deleted" do + description "Update list of deleted users" + user "planet" + exec_start "/usr/local/bin/users-deleted" + nice 10 + private_tmp true + private_devices true + protect_system "strict" + protect_home true + read_write_paths "/store/planet/users_deleted" + restrict_address_families %w[AF_INET AF_INET6] + no_new_privileges true end -directory "/store/replication" do - owner "planet" - group "planet" - mode "755" +systemd_timer "users-deleted" do + description "Update list of deleted users" + on_calendar "17:00" end -directory "/store/replication/minute" do +## Changeset replication + +directory "/store/planet/replication/changesets" do owner "planet" group "planet" mode "755" end -systemd_tmpfile "/run/replication" do - type "d" - owner "planet" +template "/etc/replication/changesets.conf" do + source "changesets.conf.erb" + user "root" group "planet" - mode "755" + mode "640" + variables :password => db_passwords["planetdiff"] end -directory "/etc/replication" do - owner "root" - group "root" - mode "755" +systemd_service "replication-changesets" do + description "Changesets replication" + user "planet" + exec_start "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf" + private_tmp true + private_devices true + protect_system "strict" + protect_home true + read_write_paths [ + "/run/replication", + "/store/planet/replication/changesets" + ] + restrict_address_families %w[AF_INET AF_INET6] + no_new_privileges true end -directory "/var/run/lock/changeset-replication/" do - owner "planet" - group "planet" - mode "750" +systemd_timer "replication-changesets" do + description "Changesets replication" + on_boot_sec 60 + on_unit_active_sec 60 + accuracy_sec 5 end -directory "/var/lib/replication" do +## Minutely replication + +directory "/store/planet/replication/minute" do owner "planet" group "planet" mode "755" end -directory "/var/lib/replication/test" do +directory "/var/lib/replication/minute" do owner "planet" group "planet" mode "755" end -template "/etc/replication/auth.conf" do - source "replication.auth.erb" - user "root" +directory "/store/replication/minute" do + owner "planet" group "planet" - mode "640" - variables :password => db_passwords["planetdiff"] + mode "755" end osmdbt_config = { @@ -215,7 +263,7 @@ osmdbt_config = { "replication_slot" => "osmdbt" }, "log_dir" => "/var/lib/replication/minute", - "changes_dir" => "/store/planet/replication/test/minute", + "changes_dir" => "/store/planet/replication/minute", "tmp_dir" => "/store/replication/minute", "run_dir" => "/run/replication" } @@ -234,8 +282,14 @@ systemd_service "replication-minutely" do exec_start "/usr/local/bin/replicate-minute" private_tmp true private_devices true - protect_system "full" + protect_system "strict" protect_home true + read_write_paths [ + "/run/replication", + "/store/replication/minute", + "/store/planet/replication/minute", + "/var/lib/replication/minute" + ] restrict_address_families %w[AF_INET AF_INET6] no_new_privileges true end @@ -247,32 +301,45 @@ systemd_timer "replication-minutely" do accuracy_sec 5 end -directory "/var/lib/replication/test/hour" do +## Hourly replication + +directory "/store/planet/replication/hour" do owner "planet" group "planet" mode "755" end -template "/var/lib/replication/test/hour/configuration.txt" do - source "replication.config.erb" +directory "/var/lib/replication/hour" do owner "planet" group "planet" - mode "644" - variables :base => "test/minute", :interval => 3600 + mode "755" +end + +link "/var/lib/replication/hour/data" do + to "/store/planet/replication/hour" end -link "/var/lib/replication/test/hour/data" do - to "/store/planet/replication/test/hour" +template "/var/lib/replication/hour/configuration.txt" do + source "replication.config.erb" + owner "planet" + group "planet" + mode "644" + variables :base => "minute", :interval => 3600 end systemd_service "replication-hourly" do description "Hourly replication" user "planet" - exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/test/hour" + exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour" + environment "LD_PRELOAD" => "/opt/flush/flush.so" private_tmp true private_devices true - protect_system "full" + protect_system "strict" protect_home true + read_write_paths [ + "/store/planet/replication/hour", + "/var/lib/replication/hour" + ] restrict_address_families %w[AF_INET AF_INET6] no_new_privileges true end @@ -282,32 +349,45 @@ systemd_timer "replication-hourly" do on_calendar "*-*-* *:02/15:00" end -directory "/var/lib/replication/test/day" do +## Daily replication + +directory "/store/planet/replication/day" do owner "planet" group "planet" mode "755" end -template "/var/lib/replication/test/day/configuration.txt" do - source "replication.config.erb" +directory "/var/lib/replication/day" do owner "planet" group "planet" - mode "644" - variables :base => "test/hour", :interval => 86400 + mode "755" end -link "/var/lib/replication/test/day/data" do - to "/store/planet/replication/test/day" +link "/var/lib/replication/day/data" do + to "/store/planet/replication/day" +end + +template "/var/lib/replication/day/configuration.txt" do + source "replication.config.erb" + owner "planet" + group "planet" + mode "644" + variables :base => "hour", :interval => 86400 end systemd_service "replication-daily" do description "Daily replication" user "planet" - exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/test/day" + exec_start "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day" + environment "LD_PRELOAD" => "/opt/flush/flush.so" private_tmp true private_devices true - protect_system "full" + protect_system "strict" protect_home true + read_write_paths [ + "/store/planet/replication/day", + "/var/lib/replication/day" + ] restrict_address_families %w[AF_INET AF_INET6] no_new_privileges true end @@ -317,85 +397,41 @@ systemd_timer "replication-daily" do on_calendar "*-*-* *:02/15:00" end -template "/etc/replication/changesets.conf" do - source "changesets.conf.erb" - user "root" - group "planet" - mode "640" - variables :password => db_passwords["planetdiff"] -end +## Replication cleanup -template "/etc/replication/users-agreed.conf" do - source "users-agreed.conf.erb" +systemd_service "replication-cleanup" do + description "Cleanup replication" user "planet" - group "planet" - mode "600" - variables :password => db_passwords["planetdiff"] -end - -directory "/var/lib/replication/minute" do - owner "planet" - group "planet" - mode "755" -end - -directory "/var/lib/replication/hour" do - owner "planet" - group "planet" - mode "755" -end - -template "/var/lib/replication/hour/configuration.txt" do - source "replication.config.erb" - owner "planet" - group "planet" - mode "644" - variables :base => "minute", :interval => 3600 -end - -link "/var/lib/replication/hour/data" do - to "/store/planet/replication/hour" -end - -directory "/var/lib/replication/day" do - owner "planet" - group "planet" - mode "755" + exec_start "/usr/local/bin/replicate-cleanup" + private_tmp true + private_devices true + private_network true + protect_system "strict" + protect_home true + read_write_paths "/var/lib/replication" + no_new_privileges true end -template "/var/lib/replication/day/configuration.txt" do - source "replication.config.erb" - owner "planet" - group "planet" - mode "644" - variables :base => "hour", :interval => 86400 +systemd_timer "replication-cleanup" do + description "Cleanup replication" + on_boot_sec 60 + on_unit_active_sec 86400 + accuracy_sec 1800 end -link "/var/lib/replication/day/data" do - to "/store/planet/replication/day" -end +## Enable/disable feeds if node[:planet][:replication] == "enabled" - cron_d "users-agreed" do - minute "0" - hour "7" - user "planet" - command "/usr/local/bin/users-agreed" - mailto "zerebubuth@gmail.com" + service "users-agreed.timer" do + action [:enable, :start] end - cron_d "users-deleted" do - minute "0" - hour "17" - user "planet" - command "/usr/local/bin/users-deleted" - mailto "zerebubuth@gmail.com" + service "users-deleted.timer" do + action [:enable, :start] end - cron_d "replication-changesets" do - user "planet" - command "/usr/local/bin/replicate-changesets /etc/replication/changesets.conf" - mailto "zerebubuth@gmail.com" + service "replication-changesets.timer" do + action [:enable, :start] end service "replication-minutely.timer" do @@ -410,39 +446,20 @@ if node[:planet][:replication] == "enabled" action [:enable, :start] end - cron_d "replication-minutely" do - user "planet" - command "/usr/local/bin/osmosis -q --replicate-apidb authFile=/etc/replication/auth.conf validateSchemaVersion=false --write-replication workingDirectory=/store/planet/replication/minute" - mailto "brett@bretth.com" - environment "LD_PRELOAD" => "/opt/flush/flush.so" - end - - cron_d "replication-hourly" do - minute "2,7,12,17" - user "planet" - command "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/hour" - mailto "brett@bretth.com" - environment "LD_PRELOAD" => "/opt/flush/flush.so" - end - - cron_d "replication-daily" do - minute "5,10,15,20" - user "planet" - command "/usr/local/bin/osmosis -q --merge-replication-files workingDirectory=/var/lib/replication/day" - mailto "brett@bretth.com" - environment "LD_PRELOAD" => "/opt/flush/flush.so" + service "replication-cleanup.timer" do + action [:enable, :start] end else - cron_d "users-agreed" do - action :delete + service "users-agreed.timer" do + action [:stop, :disable] end - cron_d "users-deleted" do - action :delete + service "users-deleted.timer" do + action [:stop, :disable] end - cron_d "replication-changesets" do - action :delete + service "replication-changesets.timer" do + action [:stop, :disable] end service "replication-minutely.timer" do @@ -457,15 +474,7 @@ else action [:stop, :disable] end - cron_d "replication-minutely" do - action :delete - end - - cron_d "replication-hourly" do - action :delete - end - - cron_d "replication-daily" do - action :delete + service "replication-cleanup.timer" do + action [:stop, :disable] end end