-
-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configure NGINX without Ansible #1469
Conversation
Automated comment from CodeApprove ➜⏳ @jotaen4tinypilot please review this Pull Request |
@jotaen4tinypilot - Sorry, please hold off on the review. I found an issue. |
Automated comment from CodeApprove ➜👀 @jdeanwallace it's your turn, please take a look |
This reverts commit 376fa4f.
Automated comment from CodeApprove ➜⏳ @jotaen4tinypilot please review this Pull Request |
This PR is ready to be reviewed 👍 |
@jdeanwallace - Can you share more detail about this part:
Why do we need to restore this file? Are there alternative approaches that don't require a checkpoint release? |
Related #1429 This PR adds `tinypilot_external_port` to our dictionary of default TinyPilot settings. This is needed in order to use `tinypilot_external_port` in TinyPilot's NGINX config template via #1469 Notes: 1. This PR was triggered based on [our discussion](https://codeapprove.com/pr/tiny-pilot/tinypilot/1469#thread-03723286-15ac-4bb6-b466-86223f9b94c0) about user-configurable variables. <a data-ca-tag href="https://codeapprove.com/pr/tiny-pilot/tinypilot/1497"><img src="https://codeapprove.com/external/github-tag-allbg.png" alt="Review on CodeApprove" /></a>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Automated comment from CodeApprove ➜
Thanks! I've resolved the outstanding comments and updated the PR description.
In: Discussion
Yeah the Pro version of this PR would require some extra work. I'll create some follow-up Pro-only PRs that would merge into the Pro version of this PR (before merging with master).
In: app/update/settings.py:
Thanks, done.
In: debian-pkg/debian/tinypilot.postinst:
Done.
In: debian-pkg/debian/tinypilot.postinst:
> Line 89
# checkpoint release.
Good idea! I've referenced https://github.com/tiny-pilot/tinypilot-pro/issues/978 in all the workarounds.
In: debian-pkg/usr/share/tinypilot/nginx.conf:
Based on your previous comment about differing config parameters, I've maintained the default values set by ansible-role-nginx
and added a comment to the top of the nginx.conf
file that explains where it came from. Thanks!
In: debian-pkg/usr/share/tinypilot/nginx.conf:
> Line 6
worker_processes auto;
Ah good catch! Thanks I have gone through each directive and preserved the value chosen by ansible-role-nginx
to maintain the current config.
worker_processes
is nowauto
, but it used to be"4"
ansible-role-nginx
seemed to be basing its value on the number of CPUs present, which is the same as auto
. So I went with auto
.
👀 @jotaen4tinypilot, @mtlynch it's your turn please take a look
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Automated comment from CodeApprove ➜
⏳ Approval Pending (3 unresolved comments)
Approval will be granted automatically when all comments are resolved
LGTM, thanks!
In: Discussion
However, it doesn't drop it as a dependency just yet. We'll do so in a follow-up PR. For now, we just skip running the nginx Ansible tasks.
(optional) I'm in favor of just dropping it now. It doesn't seem like there's an advantage to leaving it around as dead code until the follow-up.
In: debian-pkg/debian/tinypilot.postinst:
> Line 82
<<< "${TINYPILOT_NGINX_TEMPLATE}" \
Do we need to read the template into a string? Is it possible to do something like this?
. venv/bin/activate && \
PYTHONPATH=/opt/tinypilot/app \
./scripts/render-template \
< /usr/share/tinypilot/templates/tinypilot.conf.j2 \
> /etc/nginx/conf.d/tinypilot.conf
If we're only using the paths once, I'd rather inline them instead of defining variables for them since it's clear enough what the paths mean.
In: debian-pkg/debian/tinypilot.postinst:
> Line 92
install \
If we're not using the permissions/ownership features of install
, would it make more sense to use the simpler cp
?
👀 @jdeanwallace, @jotaen4tinypilot it's your turn please take a look
Dependent on #1469 This PR purges all use and mention of `ansible-role-nginx`. You can test this PR by running the following command on the device: ```bash sudo /opt/tinypilot/scripts/install-bundle \ https://output.circle-artifacts.com/output/job/65c5a060-7500-4705-8730-60e61981dff6/artifacts/0/bundler/dist/tinypilot-community-20230711T1312Z-1.9.0-83+32c7110.tgz ``` <a data-ca-tag href="https://codeapprove.com/pr/tiny-pilot/tinypilot/1474"><img src="https://codeapprove.com/external/github-tag-allbg.png" alt="Review on CodeApprove" /></a>
This reverts commit 1412aca.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Automated comment from CodeApprove ➜
In: Discussion
Okay cool, I've merged the follow-up PR into this PR and updated the PR description.
In: debian-pkg/debian/tinypilot.postinst:
Sure, done.
In: debian-pkg/debian/tinypilot.postinst:
Thanks, I'll keep that in mind for next time too.
👀 @jotaen4tinypilot it's your turn please take a look
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Automated comment from CodeApprove ➜
Approved: I have approved this change on CodeApprove and all of my comments have been resolved.
@mtlynch - I've hit that codeapprove bug again where the PR approval has been granted but the PR is still blocked. I left a comment on their GitHub issue. Jan is off this week, so can I just dismiss his review and merge? |
Sure |
Jan is off this week and we need to unblock the PR
We used to use Ansible to download external Ansible roles. As of #1469, we no longer have external Ansible roles, so we can skip installing Ansible as part of creating the TinyPilot install bundle.
We used to use Ansible to download external Ansible roles. As of #1469, we no longer have external Ansible roles, so we can skip installing Ansible as part of creating the TinyPilot install bundle. I don't think we need to test manually, as the bundles are identical modulo timestamps (which I removed for this comparison): https://gist.github.com/mtlynch/c65d8ad745f750cc6dd1b8ac93955650 This change cuts about 90s from the bundle build workflow. ### Before ![image](https://github.com/tiny-pilot/tinypilot/assets/7783288/44f7d55d-2036-4b5d-aafe-cdd328273ca7) ### After ![image](https://github.com/tiny-pilot/tinypilot/assets/7783288/213491e6-e5ab-43e7-be52-bf34bf3a47f1) <a data-ca-tag href="https://codeapprove.com/pr/tiny-pilot/tinypilot/1500"><img src="https://codeapprove.com/external/github-tag-allbg.png" alt="Review on CodeApprove" /></a>
Resolves #1429
This PR configures TinyPilot's NGINX server without Ansible and drops
ansible-role-nginx
as a dependency.Notes
We moved TinyPilot's inline NGINX config to its own Jinja2 template file that is stored on the device at
/usr/share/tinypilot/templates/tinypilot.conf.j2
. Thepostinst
script then populates the template variables and installs TinyPilot's NGINX config to/etc/nginx/conf.d/tinypilot.conf
./home/tinypilot/settings.yml
and TinyPilot's constants and defaults).tinypilot_dir
(i.e.,/opt/tinypilot
) and dropped thetinypilot_external_port
Ansible variable (because it's no longer used by Ansible)./usr/share/
is intended for "Architecture-independent (shared) data".A problem I encountered with the default NGINX config at
/etc/nginx/nginx.conf
is that previouslyansible-role-nginx
has been modifying this file and splitting TinyPilot's NGINX config across both/etc/nginx/nginx.conf
(e.g., to define upstreams) and/etc/nginx/sites-enabled/tinypilot.conf
(e.g., to define servers). So in order to restore NGINX's default config without usingansible-role-nginx
, we package our own version ofnginx.conf
(based on the default values set byansible-role-nginx
) and replacing/etc/nginx/nginx.conf
at install time.Seeing as the TinyPilot systemd service relies on the NGINX service, we now bind the
tinypilot.service
state to the state ofnginx.service
. However, this relationship is only one-way. For example, ifnginx
stops thentinypilot
will stop, but iftinypilot
stops thennginx
won't necessarily stop.According to
systemd
docs:(FYI) According to an interesting Lintian error that came up, we shouldn't use
systemctl
in the Debianpostinst
script and instead we should be usingdeb-systemd-invoke
. Apparently, this is to accommodate systems that both do and do-not usesystemd
.You can test this PR by running the following command on the device:
Useful links: