From: Tom Hughes <tom@compton.nu>
Date: Fri, 17 Jul 2020 16:17:16 +0000 (+0100)
Subject: Run planetdump as a systemd service with a 64Gb memory limit
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/815c71e83db9166d8d696d6ac057c92bc5a910f6

Run planetdump as a systemd service with a 64Gb memory limit
---

diff --git a/cookbooks/planet/metadata.rb b/cookbooks/planet/metadata.rb
index 425fe95f5..99c6c4e1c 100644
--- a/cookbooks/planet/metadata.rb
+++ b/cookbooks/planet/metadata.rb
@@ -12,3 +12,4 @@ depends           "git"
 depends           "incron"
 depends           "munin"
 depends           "osmosis"
+depends           "systemd"
diff --git a/cookbooks/planet/recipes/dump.rb b/cookbooks/planet/recipes/dump.rb
index f7274caa7..d873a9036 100644
--- a/cookbooks/planet/recipes/dump.rb
+++ b/cookbooks/planet/recipes/dump.rb
@@ -18,10 +18,10 @@
 #
 
 node.default[:incron][:planetdump] = {
-  :user => "www-data",
+  :user => "root",
   :path => "/store/backup",
   :events => %w[IN_CREATE IN_MOVED_TO],
-  :command => "/usr/local/bin/planetdump $#"
+  :command => "/usr/bin/systemctl start planetdump@$#"
 }
 
 include_recipe "git"
@@ -107,6 +107,19 @@ end
   end
 end
 
+systemd_service "planetdump@" do
+  description "Planet dump for %i"
+  user "www-data"
+  exec_start "/usr/local/bin/planetdump %i"
+  memory_max "64G"
+  private_tmp true
+  private_devices true
+  private_network true
+  protect_system "full"
+  protect_home true
+  no_new_privileges true
+end
+
 template "/etc/cron.d/planet-dump-mirror" do
   source "planet-dump-mirror-cron.erb"
   owner "root"