Skip to content

Commit

Permalink
Add gunicorn and uwsgi to init files
Browse files Browse the repository at this point in the history
  • Loading branch information
@enykeev
enykeev committed Jan 21, 2016
1 parent d74ee23 commit d8c29d8
Show file tree
Hide file tree
Showing 24 changed files with 65 additions and 54 deletions.
4 changes: 2 additions & 2 deletions packages/st2api/debian/st2api.init
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="st2api"
NAME=st2api
DAEMON=/usr/share/python/st2api/bin/$NAME
DAEMON_ARGS="--config-file /etc/st2/st2.conf"
DAEMON=/usr/share/python/st2api/bin/gunicorn_pecan
DAEMON_ARGS="/usr/share/python/st2api/lib/python2.7/site-packages/st2api/gunicorn_config.py -k eventlet -b unix:/run/st2api.sock --threads 10 --workers 1"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
RUNAS_USER="st2"
Expand Down
3 changes: 1 addition & 2 deletions packages/st2api/debian/st2api.upstart
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,9 @@ kill timeout 60

script
NAME=st2api
DEFAULT_ARGS="--config-file /etc/st2/st2.conf"

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

/usr/share/python/st2api/bin/$NAME ${DEFAULT_ARGS}
/usr/share/python/st2api/bin/gunicorn_pecan /usr/share/python/st2api/lib/python2.7/site-packages/st2api/gunicorn_config.py -k eventlet -b unix:/run/st2api.sock --threads 10 --workers 1
end script
6 changes: 3 additions & 3 deletions packages/st2api/rpm/st2api.init
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@

DESC="st2api"
NAME=st2api
DAEMON=/usr/share/python/st2api/bin/$NAME
DAEMON_ARGS="--config-file /etc/st2/st2.conf"
DAEMON=/usr/share/python/st2api/bin/gunicorn_pecan
DAEMON_ARGS="/usr/share/python/st2api/lib/python2.7/site-packages/st2api/gunicorn_config.py -k eventlet -b unix:/run/st2api.sock --threads 10 --workers 1"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
RUNAS_USER="st2"
Expand Down Expand Up @@ -56,7 +56,7 @@ nohup_start() {
corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0}"
# if they set NICELEVEL in /etc/sysconfig/foo, honor it
[ -n "${NICELEVEL:-}" ] && nice="nice -n $NICELEVEL"

# Echo daemon
[ "${BOOTUP:-}" = "verbose" -a -z "${LSB:-}" ] && echo -n " $base"

Expand Down
5 changes: 3 additions & 2 deletions packages/st2api/rpm/st2api.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,10 @@ After=network.target
Type=simple
User=st2
Group=st2
Environment="DAEMON_ARGS=--config-file /etc/st2/st2.conf"
PermissionsStartOnly=true
EnvironmentFile=-/etc/sysconfig/st2api
ExecStart=/usr/share/python/st2api/bin/st2api $DAEMON_ARGS
ExecPreStart=touch /run/st2api.sock;chown st2:st2 /run/st2api.sock
ExecStart=/usr/share/python/st2api/bin/gunicorn_pecan /usr/share/python/st2api/lib/python2.7/site-packages/st2api/gunicorn_config.py -k eventlet -b unix:/run/st2api.sock --threads 10 --workers 1
TimeoutSec=60
PrivateTmp=true
Restart=on-failure
Expand Down
4 changes: 4 additions & 0 deletions packages/st2auth/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ post_install: bdist_wheel
install conf/logging.conf $(DESTDIR)/etc/st2/logging.auth.conf
install conf/syslog.conf $(DESTDIR)/etc/st2/syslog.auth.conf
sed -i -r "/args\s*=\s*/s%logs%/var/log/st2%g" $(DESTDIR)/etc/st2/logging.*conf
ifeq ($(REDHAT),1)
mkdir -p $(DESTDIR)/var/run
touch $(DESTDIR)/var/run/st2auth.sock
endif

populate_version: .stamp-populate_version
.stamp-populate_version:
Expand Down
9 changes: 9 additions & 0 deletions packages/st2auth/conf/uwsgi/st2auth.ini
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
[uwsgi]
uid = st2
gid = st2
chmod-socket = 644
processes = 1
socket = /run/st2auth.sock
threads = 10
vacuum = true
wsgi-file = /usr/share/python/st2auth/lib/python2.7/site-packages/st2auth/wsgi.py
1 change: 1 addition & 0 deletions packages/st2auth/debian/install
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
conf/uwsgi/st2auth.ini etc/uwsgi.d
8 changes: 3 additions & 5 deletions packages/st2auth/debian/st2auth.init
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,10 @@
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="st2auth"
NAME=st2auth
DAEMON=/usr/share/python/st2auth/bin/$NAME
DAEMON_ARGS="--config-file /etc/st2/st2.conf"
DAEMON=/usr/share/python/st2auth/bin/uwsgi
DAEMON_ARGS="--ini /etc/uwsgi.d/st2auth.ini"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
RUNAS_USER="st2"
RUNAS_GROUP="st2"

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
Expand Down Expand Up @@ -61,7 +59,7 @@ do_start()
# 1 if daemon was already running
# 2 if daemon could not be started
lsb_running || return 1
start-stop-daemon --start --quiet --chuid $RUNAS_USER:$RUNAS_GROUP --background --make-pidfile --pidfile $PIDFILE --exec $DAEMON -- \
start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE --exec $DAEMON -- \
$DAEMON_ARGS \
|| return 2
}
Expand Down
5 changes: 1 addition & 4 deletions packages/st2auth/debian/st2auth.upstart
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,6 @@ author "StackStorm Engineering <opsadmin@stackstorm.com>"
start on filesystem and net-device-up IFACE!=lo
stop on starting rc RUNLEVEL=[016]

setuid st2
setgid st2
respawn
respawn limit 2 5

Expand All @@ -14,10 +12,9 @@ kill timeout 60

script
NAME=st2auth
DEFAULT_ARGS="--config-file /etc/st2/st2.conf"

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

/usr/share/python/st2auth/bin/$NAME ${DEFAULT_ARGS}
/usr/share/python/st2auth/bin/uwsgi --ini /etc/uwsgi.d/st2auth.ini
end script
8 changes: 3 additions & 5 deletions packages/st2auth/rpm/st2auth.init
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,10 @@

DESC="st2auth"
NAME=st2auth
DAEMON=/usr/share/python/st2auth/bin/$NAME
DAEMON_ARGS="--config-file /etc/st2/st2.conf"
DAEMON=/usr/share/python/st2auth/bin/uwsgi
DAEMON_ARGS="--ini /etc/uwsgi.d/st2auth.ini --chown-socket nginx:nginx"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
RUNAS_USER="st2"
RUNAS_GROUP="st2"

lockfile=/var/lock/subsys/$NAME

Expand Down Expand Up @@ -56,7 +54,7 @@ nohup_start() {
corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0}"
# if they set NICELEVEL in /etc/sysconfig/foo, honor it
[ -n "${NICELEVEL:-}" ] && nice="nice -n $NICELEVEL"

# Echo daemon
[ "${BOOTUP:-}" = "verbose" -a -z "${LSB:-}" ] && echo -n " $base"

Expand Down
5 changes: 1 addition & 4 deletions packages/st2auth/rpm/st2auth.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,8 @@ After=network.target

[Service]
Type=simple
User=st2
Group=st2
Environment="DAEMON_ARGS=--config-file /etc/st2/st2.conf"
EnvironmentFile=-/etc/sysconfig/st2auth
ExecStart=/usr/share/python/st2auth/bin/st2auth $DAEMON_ARGS
ExecStart=/usr/share/python/st2auth/bin/uwsgi --ini /etc/uwsgi.d/st2auth.ini --chown-socket nginx:nginx
TimeoutSec=60
PrivateTmp=true
Restart=on-failure
Expand Down
3 changes: 3 additions & 0 deletions packages/st2auth/rpm/st2auth.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ Requires: st2common = %{version}-%{release}
%files
%{_datadir}/python/%{name}
%config(noreplace) %{_sysconfdir}/st2/*
%config(noreplace) %{_sysconfdir}/uwsgi.d/*
%ghost %{_localstatedir}/run/st2auth.sock
%attr(644, nginx, nginx) %{_localstatedir}/run/st2auth.sock
%if 0%{?use_systemd}
%{_unitdir}/%{name}.service
%else
Expand Down
2 changes: 2 additions & 0 deletions packages/st2bundle/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ post_install:
sed -i -r "/args\s*=\s*/s%logs%/var/log/st2%g" $(DESTDIR)/etc/st2/logging.*conf
ifeq ($(REDHAT),1)
if [ `/root/scripts/platform_major_version.py` = 7 ]; then sed -i -r 's/virtualenv_opts\s*=.*/virtualenv_opts =/' $(DESTDIR)/etc/st2/st2.conf; fi
mkdir -p $(DESTDIR)/var/run
touch $(DESTDIR)/var/run/st2auth.sock
endif

populate_version: .stamp-populate_version
Expand Down
10 changes: 10 additions & 0 deletions packages/st2bundle/conf/uwsgi/st2auth.ini
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
[uwsgi]
uid = st2
gid = st2
chmod-socket = 644
chown-socket = www-data:www-data
processes = 1
socket = /run/st2auth.sock
threads = 10
vacuum = true
wsgi-file = /usr/share/python/st2/lib/python2.7/site-packages/st2auth/wsgi.py
1 change: 1 addition & 0 deletions packages/st2bundle/debian/install
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@
../st2exporter/conf/syslog.*.conf etc/st2/
../st2reactor/conf/logging.*.conf etc/st2/
../st2reactor/conf/syslog.*.conf etc/st2/
conf/uwsgi/st2auth.ini etc/uwsgi.d
4 changes: 2 additions & 2 deletions packages/st2bundle/debian/st2bundle.st2api.init
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="st2api"
NAME=st2api
DAEMON=/usr/share/python/st2/bin/$NAME
DAEMON_ARGS="--config-file /etc/st2/st2.conf"
DAEMON=/usr/share/python/st2/bin/gunicorn_pecan
DAEMON_ARGS="/usr/share/python/st2/lib/python2.7/site-packages/st2api/gunicorn_config.py -k eventlet -b unix:/run/st2api.sock --threads 10 --workers 1"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
RUNAS_USER="st2"
Expand Down
3 changes: 1 addition & 2 deletions packages/st2bundle/debian/st2bundle.st2api.upstart
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,9 @@ kill timeout 60

script
NAME=st2api
DEFAULT_ARGS="--config-file /etc/st2/st2.conf"

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

/usr/share/python/st2/bin/$NAME ${DEFAULT_ARGS}
/usr/share/python/st2/bin/gunicorn_pecan /usr/share/python/st2/lib/python2.7/site-packages/st2api/gunicorn_config.py -k eventlet -b unix:/run/st2api.sock --threads 10 --workers 1
end script
8 changes: 3 additions & 5 deletions packages/st2bundle/debian/st2bundle.st2auth.init
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,10 @@
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="st2auth"
NAME=st2auth
DAEMON=/usr/share/python/st2/bin/$NAME
DAEMON_ARGS="--config-file /etc/st2/st2.conf"
DAEMON=/usr/share/python/st2/bin/uwsgi
DAEMON_ARGS="--ini /etc/uwsgi.d/st2auth.ini"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
RUNAS_USER="st2"
RUNAS_GROUP="st2"

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
Expand Down Expand Up @@ -61,7 +59,7 @@ do_start()
# 1 if daemon was already running
# 2 if daemon could not be started
lsb_running || return 1
start-stop-daemon --start --quiet --chuid $RUNAS_USER:$RUNAS_GROUP --background --make-pidfile --pidfile $PIDFILE --exec $DAEMON -- \
start-stop-daemon --start --quiet --background --make-pidfile --pidfile $PIDFILE --exec $DAEMON -- \
$DAEMON_ARGS \
|| return 2
}
Expand Down
5 changes: 1 addition & 4 deletions packages/st2bundle/debian/st2bundle.st2auth.upstart
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,6 @@ author "StackStorm Engineering <opsadmin@stackstorm.com>"
start on filesystem and net-device-up IFACE!=lo
stop on starting rc RUNLEVEL=[016]

setuid st2
setgid st2
respawn
respawn limit 2 5

Expand All @@ -14,10 +12,9 @@ kill timeout 60

script
NAME=st2auth
DEFAULT_ARGS="--config-file /etc/st2/st2.conf"

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

/usr/share/python/st2/bin/$NAME ${DEFAULT_ARGS}
/usr/share/python/st2auth/bin/uwsgi --ini /etc/uwsgi.d/st2auth.ini
end script
6 changes: 3 additions & 3 deletions packages/st2bundle/rpm/st2api.init
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@

DESC="st2api"
NAME=st2api
DAEMON=/usr/share/python/st2/bin/$NAME
DAEMON_ARGS="--config-file /etc/st2/st2.conf"
DAEMON=/usr/share/python/st2/bin/gunicorn_pecan
DAEMON_ARGS="/usr/share/python/st2/lib/python2.7/site-packages/st2api/gunicorn_config.py -k eventlet -b unix:/run/st2api.sock --threads 10 --workers 1"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
RUNAS_USER="st2"
Expand Down Expand Up @@ -56,7 +56,7 @@ nohup_start() {
corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0}"
# if they set NICELEVEL in /etc/sysconfig/foo, honor it
[ -n "${NICELEVEL:-}" ] && nice="nice -n $NICELEVEL"

# Echo daemon
[ "${BOOTUP:-}" = "verbose" -a -z "${LSB:-}" ] && echo -n " $base"

Expand Down
3 changes: 1 addition & 2 deletions packages/st2bundle/rpm/st2api.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,8 @@ After=network.target
Type=simple
User=st2
Group=st2
Environment="DAEMON_ARGS=--config-file /etc/st2/st2.conf"
EnvironmentFile=-/etc/sysconfig/st2api
ExecStart=/usr/share/python/st2/bin/st2api $DAEMON_ARGS
ExecStart=/usr/share/python/st2/bin/gunicorn_pecan /usr/share/python/st2/lib/python2.7/site-packages/st2api/gunicorn_config.py -k eventlet -b unix:/run/st2api.sock --threads 10 --workers 1
TimeoutSec=60
PrivateTmp=true
Restart=on-failure
Expand Down
8 changes: 3 additions & 5 deletions packages/st2bundle/rpm/st2auth.init
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,10 @@

DESC="st2auth"
NAME=st2auth
DAEMON=/usr/share/python/st2/bin/$NAME
DAEMON_ARGS="--config-file /etc/st2/st2.conf"
DAEMON=/usr/share/python/st2auth/bin/uwsgi
DAEMON_ARGS="--ini /etc/uwsgi.d/st2auth.ini --chown-socket nginx:nginx"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
RUNAS_USER="st2"
RUNAS_GROUP="st2"

lockfile=/var/lock/subsys/$NAME

Expand Down Expand Up @@ -56,7 +54,7 @@ nohup_start() {
corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0}"
# if they set NICELEVEL in /etc/sysconfig/foo, honor it
[ -n "${NICELEVEL:-}" ] && nice="nice -n $NICELEVEL"

# Echo daemon
[ "${BOOTUP:-}" = "verbose" -a -z "${LSB:-}" ] && echo -n " $base"

Expand Down
5 changes: 1 addition & 4 deletions packages/st2bundle/rpm/st2auth.service
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,8 @@ After=network.target

[Service]
Type=simple
User=st2
Group=st2
Environment="DAEMON_ARGS=--config-file /etc/st2/st2.conf"
EnvironmentFile=-/etc/sysconfig/st2auth
ExecStart=/usr/share/python/st2/bin/st2auth $DAEMON_ARGS
ExecStart=/usr/share/python/st2auth/bin/uwsgi --ini /etc/uwsgi.d/st2auth.ini --chown-socket nginx:nginx
TimeoutSec=60
PrivateTmp=true
Restart=on-failure
Expand Down
3 changes: 3 additions & 0 deletions packages/st2bundle/rpm/st2bundle.spec
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,9 @@ Conflicts: st2common
/opt/stackstorm/packs/linux
/opt/stackstorm/packs/packs
%attr(755, %{svc_user}, %{svc_user}) /opt/stackstorm/exports
%config(noreplace) %{_sysconfdir}/uwsgi.d/*
%ghost %{_localstatedir}/run/st2auth.sock
%attr(644, nginx, nginx) %{_localstatedir}/run/st2auth.sock
%if 0%{?use_systemd}
%{_unitdir}/st2actionrunner.service
%{_unitdir}/%{worker_name}.service
Expand Down

2 comments on commit d8c29d8

@arm4b
Copy link
Member

@arm4b arm4b commented on d8c29d8 Jan 21, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @enykeev https://stackstorm.slack.com/archives/stackstorm/p1453377793029078 :)

That packaging stuff is really ...
y7k162 1
awesome.

So same for me, once I dig into one thing, I need to read about another thing and then it goes to third thing I need to google/learn as fast as it possible, resulting 50+ opened tabs with no progress really.
The barrier to entry is not low if "doing things right", not doing dirty hacks here and there.

I'll probably need kind of 12 hours non-stop nirvana for several days in a row to dig into details: layer after layer, instead of trying to do something really quick (assuming several hours of time I currently have).

So hm, just 👍 to @dennybaa perseverance for learning all the packaging stuff, doing it right and understanding low-level alchemy.

Working on digging into these things too, tried different ways, sharing some thoughts.

For the moment several arguable & worrying things probably we'll need to resolve:

  • we shouldn't forget about www-data:www-data user verification and creation
  • Assumption nginx:nginx and relying on nginx only is not flexible
  • touch $(DESTDIR)/var/run/st2auth.sock and %attr(644, nginx, nginx) %{_localstatedir}/run/st2auth.sock shouldn't be part of packaging logic, since socket should appear only by and only when service starts. Also, /run and /var/run doesn't persist across reboots.
  • Seems relying on /run and /var/run doesn't looks easy for non-privileged processes, since it's usually directory for root processes. Rather then creating socket as you already do before dropping privileges, - another point would be to save it in "app" directory. For example is /opt/stackstorm an option? Or maybe /var/lib/st2 for sockets, I don't know, thinking about easy/standard solutions.

There is some additional good info I found that helps in understanding the inner details:

@enykeev
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

touch $(DESTDIR)/var/run/st2auth.sock and %attr(644, nginx, nginx) %{_localstatedir}/run/st2auth.sock shouldn't be part of packaging logic, since socket should appear only by and only when service starts. Also, /run and /var/run doesn't persist across reboots.

Doesn't matter, the file is a %ghost. Now that I think about it, we should probably remove %attr since it achieves nothing.

Frankly, at that point I want to make something, anything that works end to end. Then, once we have it, we can tweak it as long as we like. Full disclosure, I have no idea what "standard" means in that context, I'm like this boy from the joke: "I'm not the real welder, just found the mask on construction site".

Please sign in to comment.