Configure NGINX without Ansible #1469
Conversation
Automated comment from CodeApprove ➜⏳ @jotaen4tinypilot please review this Pull Request |
|
@jotaen4tinypilot - Sorry, please hold off on the review. I found an issue. |
Automated comment from CodeApprove ➜👀 @jdeanwallace it's your turn, please take a look |
This reverts commit 376fa4f.
Automated comment from CodeApprove ➜⏳ @jotaen4tinypilot please review this Pull Request |
|
This PR is ready to be reviewed 👍 |
|
@jdeanwallace - Can you share more detail about this part:
Why do we need to restore this file? Are there alternative approaches that don't require a checkpoint release? |
Related #1429 This PR adds `tinypilot_external_port` to our dictionary of default TinyPilot settings. This is needed in order to use `tinypilot_external_port` in TinyPilot's NGINX config template via #1469 Notes: 1. This PR was triggered based on [our discussion](https://codeapprove.com/pr/tiny-pilot/tinypilot/1469#thread-03723286-15ac-4bb6-b466-86223f9b94c0) about user-configurable variables. <a data-ca-tag href="https://codeapprove.com/pr/tiny-pilot/tinypilot/1497"><img src="https://codeapprove.com/external/github-tag-allbg.png" alt="Review on CodeApprove" /></a>
There was a problem hiding this comment.
Automated comment from CodeApprove ➜
Thanks! I've resolved the outstanding comments and updated the PR description.
In: Discussion
Yeah the Pro version of this PR would require some extra work. I'll create some follow-up Pro-only PRs that would merge into the Pro version of this PR (before merging with master).
In: app/update/settings.py:
Thanks, done.
In: debian-pkg/debian/tinypilot.postinst:
Done.
In: debian-pkg/debian/tinypilot.postinst:
> Line 89
# checkpoint release.
Good idea! I've referenced https://github.com/tiny-pilot/tinypilot-pro/issues/978 in all the workarounds.
In: debian-pkg/usr/share/tinypilot/nginx.conf:
Based on your previous comment about differing config parameters, I've maintained the default values set by ansible-role-nginx and added a comment to the top of the nginx.conf file that explains where it came from. Thanks!
In: debian-pkg/usr/share/tinypilot/nginx.conf:
> Line 6
worker_processes auto;
Ah good catch! Thanks I have gone through each directive and preserved the value chosen by ansible-role-nginx to maintain the current config.
worker_processesis nowauto, but it used to be"4"
ansible-role-nginx seemed to be basing its value on the number of CPUs present, which is the same as auto. So I went with auto.
👀 @jotaen4tinypilot, @mtlynch it's your turn please take a look
There was a problem hiding this comment.
Automated comment from CodeApprove ➜
⏳ Approval Pending (3 unresolved comments)
Approval will be granted automatically when all comments are resolved
LGTM, thanks!
In: Discussion
However, it doesn't drop it as a dependency just yet. We'll do so in a follow-up PR. For now, we just skip running the nginx Ansible tasks.
(optional) I'm in favor of just dropping it now. It doesn't seem like there's an advantage to leaving it around as dead code until the follow-up.
In: debian-pkg/debian/tinypilot.postinst:
> Line 82
<<< "${TINYPILOT_NGINX_TEMPLATE}" \
Do we need to read the template into a string? Is it possible to do something like this?
. venv/bin/activate && \
PYTHONPATH=/opt/tinypilot/app \
./scripts/render-template \
< /usr/share/tinypilot/templates/tinypilot.conf.j2 \
> /etc/nginx/conf.d/tinypilot.confIf we're only using the paths once, I'd rather inline them instead of defining variables for them since it's clear enough what the paths mean.
In: debian-pkg/debian/tinypilot.postinst:
> Line 92
install \
If we're not using the permissions/ownership features of install, would it make more sense to use the simpler cp?
👀 @jdeanwallace, @jotaen4tinypilot it's your turn please take a look
Dependent on #1469 This PR purges all use and mention of `ansible-role-nginx`. You can test this PR by running the following command on the device: ```bash sudo /opt/tinypilot/scripts/install-bundle \ https://output.circle-artifacts.com/output/job/65c5a060-7500-4705-8730-60e61981dff6/artifacts/0/bundler/dist/tinypilot-community-20230711T1312Z-1.9.0-83+32c7110.tgz ``` <a data-ca-tag href="https://codeapprove.com/pr/tiny-pilot/tinypilot/1474"><img src="https://codeapprove.com/external/github-tag-allbg.png" alt="Review on CodeApprove" /></a>
This reverts commit 1412aca.
There was a problem hiding this comment.
Automated comment from CodeApprove ➜
In: Discussion
Okay cool, I've merged the follow-up PR into this PR and updated the PR description.
In: debian-pkg/debian/tinypilot.postinst:
Sure, done.
In: debian-pkg/debian/tinypilot.postinst:
Thanks, I'll keep that in mind for next time too.
👀 @jotaen4tinypilot it's your turn please take a look
There was a problem hiding this comment.
Automated comment from CodeApprove ➜
Approved: I have approved this change on CodeApprove and all of my comments have been resolved.
|
@mtlynch - I've hit that codeapprove bug again where the PR approval has been granted but the PR is still blocked. I left a comment on their GitHub issue. Jan is off this week, so can I just dismiss his review and merge? |
Sure |
jdeanwallace
dismissed
jotaen4tinypilot’s stale review
Jan is off this week and we need to unblock the PR
We used to use Ansible to download external Ansible roles. As of #1469, we no longer have external Ansible roles, so we can skip installing Ansible as part of creating the TinyPilot install bundle.
We used to use Ansible to download external Ansible roles. As of #1469, we no longer have external Ansible roles, so we can skip installing Ansible as part of creating the TinyPilot install bundle. I don't think we need to test manually, as the bundles are identical modulo timestamps (which I removed for this comparison): https://gist.github.com/mtlynch/c65d8ad745f750cc6dd1b8ac93955650 This change cuts about 90s from the bundle build workflow. ### Before  ### After  <a data-ca-tag href="https://codeapprove.com/pr/tiny-pilot/tinypilot/1500"><img src="https://codeapprove.com/external/github-tag-allbg.png" alt="Review on CodeApprove" /></a>
Resolves #1429
This PR configures TinyPilot's NGINX server without Ansible and drops
ansible-role-nginxas a dependency.Notes
We moved TinyPilot's inline NGINX config to its own Jinja2 template file that is stored on the device at
/usr/share/tinypilot/templates/tinypilot.conf.j2. Thepostinstscript then populates the template variables and installs TinyPilot's NGINX config to/etc/nginx/conf.d/tinypilot.conf./home/tinypilot/settings.ymland TinyPilot's constants and defaults).tinypilot_dir(i.e.,/opt/tinypilot) and dropped thetinypilot_external_portAnsible variable (because it's no longer used by Ansible)./usr/share/is intended for "Architecture-independent (shared) data".A problem I encountered with the default NGINX config at
/etc/nginx/nginx.confis that previouslyansible-role-nginxhas been modifying this file and splitting TinyPilot's NGINX config across both/etc/nginx/nginx.conf(e.g., to define upstreams) and/etc/nginx/sites-enabled/tinypilot.conf(e.g., to define servers). So in order to restore NGINX's default config without usingansible-role-nginx, we package our own version ofnginx.conf(based on the default values set byansible-role-nginx) and replacing/etc/nginx/nginx.confat install time.Seeing as the TinyPilot systemd service relies on the NGINX service, we now bind the
tinypilot.servicestate to the state ofnginx.service. However, this relationship is only one-way. For example, ifnginxstops thentinypilotwill stop, but iftinypilotstops thennginxwon't necessarily stop.According to
systemddocs:(FYI) According to an interesting Lintian error that came up, we shouldn't use
systemctlin the Debianpostinstscript and instead we should be usingdeb-systemd-invoke. Apparently, this is to accommodate systems that both do and do-not usesystemd.You can test this PR by running the following command on the device:
Useful links: