]> git.openstreetmap.org Git - chef.git/commitdiff
Disable API writes via cgimap when in readonly mode
authorTom Hughes <tom@compton.nu>
Sun, 31 Jan 2021 19:44:45 +0000 (19:44 +0000)
committerTom Hughes <tom@compton.nu>
Sun, 31 Jan 2021 19:45:49 +0000 (19:45 +0000)
cookbooks/web/recipes/cgimap.rb

index 009b0a6d7548a06d828f1338d4b6c158b25cde75..3936c8500f169e6874b582e2f8193378047c6357 100644 (file)
@@ -31,20 +31,28 @@ database_host = node[:web][:readonly_database_host] || node[:web][:database_host
 
 memcached_servers = node[:web][:memcached_servers] || []
 
+cgimap_options = {
+  "CGIMAP_HOST" => database_host,
+  "CGIMAP_DBNAME" => "openstreetmap",
+  "CGIMAP_USERNAME" => "cgimap",
+  "CGIMAP_PASSWORD" => db_passwords["cgimap"],
+  "CGIMAP_OAUTH_HOST" => node[:web][:database_host],
+  "CGIMAP_UPDATE_HOST" => node[:web][:database_host],
+  "CGIMAP_PIDFILE" => "#{node[:web][:pid_directory]}/cgimap.pid",
+  "CGIMAP_LOGFILE" => "#{node[:web][:log_directory]}/cgimap.log",
+  "CGIMAP_MEMCACHE" => memcached_servers.join(","),
+  "CGIMAP_RATELIMIT" => "204800",
+  "CGIMAP_MAXDEBT" => "250"
+}
+
+if %w[database_readonly api_readonly].include?(node[:web][:status])
+  cgimap_options["CGIMAP_DISABLE_API_WRITE"] = "true"
+end
+
 systemd_service "cgimap" do
   description "OpenStreetMap API Server"
   type "forking"
-  environment_file "CGIMAP_HOST" => database_host,
-                   "CGIMAP_DBNAME" => "openstreetmap",
-                   "CGIMAP_USERNAME" => "cgimap",
-                   "CGIMAP_PASSWORD" => db_passwords["cgimap"],
-                   "CGIMAP_OAUTH_HOST" => node[:web][:database_host],
-                   "CGIMAP_UPDATE_HOST" => node[:web][:database_host],
-                   "CGIMAP_PIDFILE" => "#{node[:web][:pid_directory]}/cgimap.pid",
-                   "CGIMAP_LOGFILE" => "#{node[:web][:log_directory]}/cgimap.log",
-                   "CGIMAP_MEMCACHE" => memcached_servers.join(","),
-                   "CGIMAP_RATELIMIT" => "204800",
-                   "CGIMAP_MAXDEBT" => "250"
+  environment_file cgimap_options
   user "rails"
   exec_start "/usr/bin/openstreetmap-cgimap --daemon --port 8000 --instances 30"
   exec_reload "/bin/kill -HUP $MAINPID"