Page MenuHomePhabricator

Puppetize Postgres 9.4 + Postgis 2.1 role for Maps Deployment
Closed, ResolvedPublic

Description

For maps deployment, puppetize the latest postgres + postgis role for Debian Jessie.

The role should:

  • install the database
  • give Yuri & Max admin rights for it
  • create a read-only access for tilerator service
  • set up one machine for Master postgres, and 3 readonly slaves

Event Timeline

Yurik raised the priority of this task from to Needs Triage.
Yurik updated the task description. (Show Details)
Yurik added subscribers: Aklapper, MaxSem, Yurik and 2 others.
Yurik set Security to None.

The puppet postgres module that already exists in https://phabricator.wikimedia.org/diffusion/OPUP/browse/production/modules/postgresql/README.md should be used to create the role that performs the installation and configuraton for master/slaves. I 'd rather users/roles were not created by it though. @jcrespo: any thoughts ?

Of course the role will need to be tested in labs. I 'll create a project for that

https://phabricator.wikimedia.org/diffusion/OPUP/browse/production/manifests/role/maps.pp

and various changes in modules/postgresql to support jessie/postgis 2.1 is a rather well working result.

@Yurik, @MaxSem: Can you please define the rights that will be needed on the postgres database ?

Each of two services should have their own uids with their own permissions:

  • kartotherian: SELECT on all tables
  • <whatever is that generator service will be called>: SELECT, INSERT, UPDATE, DELETE on all tables.

Also, me and yurik should be able to sudo as postgres.

(comment was corrected)

The tile generation service should be called "tilerator", and it should also have just the read-only access to Postgress, not what Max wrote.

There also should be a third user, e.g. "osmupdater" - which will use osm2pgsql to import OSM data updates.

So, just to reitarate:

  • tilerator: the vector tile generating service user. Should have SELECT only on all tables. Effectively read/only
  • osmupdater: the user osm2pgsql should be using to update the postgres osm DB. SELECT/INSERT/UPDATE/DELETE.
  • osmimporter. The user used for the initial population and table owner. SELECT/INSERT/UPDATE/DELETE/CREATE TABLE. Probably also the owner of all the tables ?

Updated after talking with Max on IRC
There was the idea of this 3rd user, but since kartotherian only needs cassandra access, we will not be creating this user

  • kartotherian: the PNG rendering service user. Should have SELECT only on all tables. Effectively read/only
fgiunchedi triaged this task as Medium priority.Jul 20 2015, 2:26 PM
fgiunchedi added a subscriber: fgiunchedi.

I think this task was done during Wikimania

Yurik claimed this task.
Yurik moved this task from Stalled/Waiting to Done on the Maps-Sprint board.