From e04672db679a75881b26480530fcf4a5f55b1e80 Mon Sep 17 00:00:00 2001 From: Laurent GAY Date: Sun, 17 Dec 2023 18:45:44 +0100 Subject: [PATCH] replace systemd by supervisor --- conf/supervisor.conf | 9 ++++++++ conf/systemd.service | 53 -------------------------------------------- manifest.toml | 4 ++-- scripts/backup | 2 +- scripts/change_url | 12 +++++----- scripts/install | 20 +++++++---------- scripts/remove | 13 +++++------ scripts/restore | 15 ++++++------- scripts/upgrade | 17 +++++++------- 9 files changed, 46 insertions(+), 99 deletions(-) create mode 100644 conf/supervisor.conf delete mode 100644 conf/systemd.service diff --git a/conf/supervisor.conf b/conf/supervisor.conf new file mode 100644 index 0000000..4063b8e --- /dev/null +++ b/conf/supervisor.conf @@ -0,0 +1,9 @@ +[program:__APP__] +environment=DJANGO_SETTINGS_MODULE='inst-__APP__.settings' +directory=__INSTALL_DIR__ +command=__INSTALL_DIR__/venv/bin/gunicorn lucterios.framework.wsgi --bind 127.0.0.1:__PORT__ -w 1 --timeout 600 --access-logfile __INSTALL_DIR__/access.log --error-logfile __INSTALL_DIR__/error.log +user=__APP__ +autostart=true +autorestart=true +stdout_logfile=__INSTALL_DIR__/supervisor-__APP__.log +redirect_stderr=true diff --git a/conf/systemd.service b/conf/systemd.service deleted file mode 100644 index b8dbee7..0000000 --- a/conf/systemd.service +++ /dev/null @@ -1,53 +0,0 @@ -[Unit] -Description=Service for Diacamma (__APP__) -After=network.target - -[Service] -Type=simple -User=__APP__ -Group=__APP__ - -Environment="DJANGO_SETTINGS_MODULE=inst-__APP__.settings" -WorkingDirectory=__INSTALL_DIR__/ -ExecStart=__INSTALL_DIR__/venv/bin/gunicorn lucterios.framework.wsgi --bind 127.0.0.1:__PORT__ -w 1 --timeout 600 --access-logfile __INSTALL_DIR__/access.log --error-logfile __INSTALL_DIR__/error.log -StandardOutput=append:/var/log/__APP__/__APP__.log -StandardError=inherit -Restart=on-failure -RestartSec=10 - -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -# PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectClock=yes -ProtectHostname=yes -ProtectProc=invisible -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallArchitectures=native -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - -[Install] -WantedBy=multi-user.target diff --git a/manifest.toml b/manifest.toml index 37b8108..0963b5f 100644 --- a/manifest.toml +++ b/manifest.toml @@ -6,7 +6,7 @@ name = "Diacamma" description.en = "Management application for volunteers (association, condominium)" description.fr = "Application de gestion pour les bénévoles (association, copropriété)" -version = "23.12.17.17~ynh1" +version = "23.12.17.18~ynh1" maintainers = ["Laurent Gay"] @@ -103,7 +103,7 @@ ram.runtime = "50M" admin.allowed = "admins" [resources.apt] - packages = "libxml2-dev,libxslt-dev,libjpeg-dev,libfreetype6,libfreetype6-dev,zlib1g-dev,libpq-dev,python3-pip,python3-dev,python3-tk,python3-pil,python3-venv,build-essential,pkg-config,postgresql,jq" + packages = "libxml2-dev,libxslt-dev,libjpeg-dev,libfreetype6,libfreetype6-dev,zlib1g-dev,libpq-dev,python3-pip,python3-dev,python3-tk,python3-pil,python3-venv,build-essential,pkg-config,postgresql,supervisor,jq" [resources.ports] # This will pick a random port for reverse-proxying and store it as the $port setting diff --git a/scripts/backup b/scripts/backup index 79ebbda..447ec3e 100644 --- a/scripts/backup +++ b/scripts/backup @@ -14,7 +14,7 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/logrotate.d/$app" -ynh_backup --src_path="/etc/systemd/system/$app.service" +ynh_backup --src_path="/etc/supervisor/conf.d/${app}.conf" #================================================= # BACKUP THE DATABASE diff --git a/scripts/change_url b/scripts/change_url index 9031ed1..6efb660 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -14,11 +14,11 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# STOP SYSTEMD SERVICE +# STOP SUPERVISOR SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." +ynh_script_progression --message="Stopping a supervisor service..." -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +supervisorctl stop ${app} #================================================= # MODIFY URL IN NGINX CONF @@ -43,11 +43,11 @@ venv/bin/lucterios_admin.py modif -n inst-${app} -e ''$extra_json'' popd #================================================= -# START SYSTEMD SERVICE +# START SUPERVISOR SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." +ynh_script_progression --message="Starting a supervisor service..." -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +supervisorctl start ${app} #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 9f77371..a542832 100644 --- a/scripts/install +++ b/scripts/install @@ -54,13 +54,12 @@ ynh_add_nginx_config ### `ynh_systemd_config` is used to configure a systemd script for an app, using the conf/systemd.service template -# Create a dedicated systemd config -ynh_add_systemd_config +# Create a dedicated sypervisor config -### `yunohost service add` integrates a service in YunoHost. It then gets -### displayed in the admin interface and through the others `yunohost service` commands. - -yunohost service add ${app} --log="/var/log/${app}/${app}.log" +ynh_add_config --template="../conf/supervisor.conf" --destination="/etc/supervisor/conf.d/${app}.conf" +supervisorctl reread +supervisorctl add ${app} +sleep 2 # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -68,14 +67,11 @@ ynh_use_logrotate #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting app's systemd service..." +ynh_script_progression --message="Starting app's supervisor service..." # Start a systemd service -ynh_systemd_action --service_name=${app} --action="start" --log_path="/var/log/${app}/${app}.log" - - -# FIXME : temporary debug -sleep 10 # Maybe the service needs a few seconds to actually start ... +supervisorctl restart ${app} +sleep 2 # Maybe the service needs a few seconds to actually start ... #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 57b324a..7be48be 100644 --- a/scripts/remove +++ b/scripts/remove @@ -4,17 +4,14 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# REMOVE SYSTEMD SERVICE +# REMOVE SUPERVISOR & SYSTEMD SERVICE #================================================= ynh_script_progression --message="Removing system configurations related to $app..." -if ynh_exec_warn_less yunohost service status $app >/dev/null -then - ynh_script_progression --message="Removing $app service integration..." - yunohost service remove $app -fi - -ynh_remove_systemd_config +supervisorctl stop ${app} +supervisorctl remove ${app} +ynh_secure_remove "/etc/supervisor/conf.d/${app}.conf" +supervisorctl reread ynh_remove_nginx_config diff --git a/scripts/restore b/scripts/restore index 8cd4f90..c95a8c2 100644 --- a/scripts/restore +++ b/scripts/restore @@ -12,7 +12,7 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" #================================================= -# RESTORE SYSTEM CONFIGURATIONS +# RESTORE SUPERVISOR CONFIGURATIONS #================================================= ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 @@ -20,9 +20,7 @@ ynh_script_progression --message="Restoring system configurations related to $ap ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl daemon-reload -systemctl enable $app.service --quiet +ynh_restore_file --origin_path="/etc/supervisor/conf.d/${app}.conf" ynh_restore_file --origin_path="/etc/logrotate.d/$app" @@ -55,13 +53,14 @@ check_params #================================================= ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 -# Typically you only have either $app or php-fpm but not both at the same time... -ynh_systemd_action --service_name=${app} --action="start" --log="/var/log/${app}/${app}.log" +supervisorctl reread +supervisorctl add ${app} +sleep 2 +supervisorctl restart ${app} ynh_systemd_action --service_name=nginx --action=reload -# FIXME : temporary debug -sleep 10 # Maybe the service needs a few seconds to actually start ... +sleep 2 #================================================= # END OF SCRIPT diff --git a/scripts/upgrade b/scripts/upgrade index 13d4c50..2e61de6 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -6,11 +6,11 @@ source /usr/share/yunohost/helpers upgrade_type=$(ynh_check_app_version_changed) #================================================= -# STOP SYSTEMD SERVICE +# STOP SUPERVISOR SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." +ynh_script_progression --message="Stopping a supervisor service..." -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +supervisorctl stop ${app} #================================================= # UPDATE DIACAMMA @@ -32,18 +32,17 @@ ynh_script_progression --message="Upgrading system configurations related to $ap ynh_add_nginx_config -ynh_add_systemd_config - -yunohost service add ${app} --log="/var/log/${app}/${app}.log" +ynh_add_config --template="../conf/supervisor.conf" --destination="/etc/supervisor/conf.d/${app}.conf" +supervisorctl reread ynh_use_logrotate --non-append #================================================= -# START SYSTEMD SERVICE +# START SUPERVISOR SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." +ynh_script_progression --message="Starting a supervisor service..." -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +supervisorctl start ${app} #================================================= # END OF SCRIPT