1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/weblate_ynh.git synced 2024-10-01 13:35:04 +02:00

Improve uwsgi, fix root install, upgrade postgresql

This commit is contained in:
Jean-Baptiste Holcroft 2018-05-20 14:43:15 +02:00
parent 5e08f2dc7f
commit ee27947a0b
8 changed files with 79 additions and 44 deletions

View file

@ -6,6 +6,7 @@ After=syslog.target
ExecStart=/usr/bin/uwsgi \
--ini /etc/uwsgi/apps-available/%i.ini \
--socket /var/run/uwsgi/%i.socket \
--chmod-socket=775 \
--logto /var/log/uwsgi/app/%i
User=%i
Group=www-data
@ -14,3 +15,6 @@ KillSignal=SIGQUIT
Type=notify
StandardError=syslog
NotifyAccess=all
[Install]
WantedBy=multi-user.target

View file

@ -1,11 +0,0 @@
[Unit]
Description=Socket for uWSGI app %i
[Socket]
ListenStream=/var/run/uwsgi/%i.socket
SocketUser=%i
SocketGroup=www-data
SocketMode=0775
[Install]
WantedBy=sockets.target

View file

@ -5,13 +5,7 @@ current_version="2.20"
ynh_check_global_uwsgi_config () {
uwsgi --version || ynh_die "You need to add uwsgi (and appropriate plugin) as a dependency"
if [ -f /etc/systemd/system/uwsgi-app@.service ];
then
echo "Uwsgi generic file is already installed"
else
cp ../conf/uwsgi-app@.socket /etc/systemd/system/uwsgi-app@.socket
cp ../conf/uwsgi-app@.service /etc/systemd/system/uwsgi-app@.service
fi
# make sure the folder for sockets exists and set authorizations
mkdir -p /var/run/uwsgi/
@ -63,12 +57,12 @@ ynh_add_uwsgi_service () {
ynh_store_file_checksum "$finaluwsgiini"
chown root: "$finaluwsgiini"
systemctl enable "uwsgi-app@$app.socket"
systemctl start "uwsgi-app@$app.socket"
systemctl daemon-reload
systemctl enable "uwsgi-app@$app.service"
# Add as a service
yunohost service add "uwsgi-app@$app.socket" --log "/var/log/uwsgi/app/$app"
yunohost service add "uwsgi-app@$app.service" --log "/var/log/uwsgi/app/$app"
}
# Remove the dedicated uwsgi ini file
@ -77,12 +71,11 @@ ynh_add_uwsgi_service () {
ynh_remove_uwsgi_service () {
finaluwsgiini="/etc/uwsgi/apps-available/$app.ini"
if [ -e "$finaluwsgiini" ]; then
systemctl stop "uwsgi-app@$app.socket"
systemctl disable "uwsgi-app@$app.socket"
yunohost service remove "uwsgi-app@$app.socket"
systemctl stop "uwsgi-app@$app.service"
systemctl disable "uwsgi-app@$app.service"
yunohost service remove "uwsgi-app@$app.service"
ynh_secure_remove "$finaluwsgiini"
ynh_secure_remove "/var/run/uwsgi/$app.socket"
ynh_secure_remove "/var/log/uwsgi/app/$app"
fi
}
@ -124,6 +117,18 @@ ynh_check_if_checksum_is_different() {
echo "$check"
}
#=================================================
#
# POSTGRES HELPERS
#
# Point of contact : Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>
#=================================================
# Create a master password and set up global settings
# Please always call this script in install and restore scripts
#
# usage: ynh_psql_test_if_first_run
ynh_psql_test_if_first_run() {
if [ -f /etc/yunohost/psql ];
then
@ -144,8 +149,12 @@ ynh_psql_test_if_first_run() {
fi
systemctl start postgresql
su --command="psql -c\"ALTER user postgres WITH PASSWORD '${pgsql}'\"" postgres
# we can't use peer since YunoHost create users with nologin
sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$pgsql'" postgres
# force all user to connect to local database using passwords
# https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF
# Note: we can't use peer since YunoHost create users with nologin
# See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user
sed -i '/local\s*all\s*all\s*peer/i \
local all all password' "$pg_hba"
systemctl enable postgresql
@ -167,7 +176,6 @@ ynh_psql_connect_as() {
pwd="$2"
db="$3"
sudo --login --user=postgres PGUSER="$user" PGPASSWORD="$pwd" psql "$db"
echo "ynh_psql_connect_as" && pwd && ls -lah $(pwd)
}
# # Execute a command as root user
@ -178,7 +186,6 @@ ynh_psql_connect_as() {
ynh_psql_execute_as_root () {
sql="$1"
sudo --login --user=postgres psql <<< "$sql"
echo "ynh_psql_execute_as_root" && pwd && ls -lah $(pwd)
}
# Execute a command from a file as root user
@ -190,7 +197,6 @@ ynh_psql_execute_file_as_root() {
file="$1"
db="$2"
sudo --login --user=postgres psql "$db" < "$file"
echo "ynh_psql_execute_file_as_root" && pwd && ls -lah $(pwd)
}
# Create a database, an user and its password. Then store the password in the app's config
@ -204,7 +210,6 @@ ynh_psql_execute_file_as_root() {
# | arg: pwd - Password of the database. If not given, a password will be generated
ynh_psql_setup_db () {
db_user="$1"
app="$1"
db_name="$2"
new_db_pwd=$(ynh_string_random) # Generate a random password
# If $3 is not given, use new_db_pwd instead for db_pwd.

View file

@ -61,7 +61,6 @@ ynh_backup "/etc/cron.d/$app"
#=================================================
ynh_backup "/etc/uwsgi/apps-available/$app.ini"
ynh_backup "/etc/systemd/system/uwsgi-app@.socket"
ynh_backup "/etc/systemd/system/uwsgi-app@.service"
#=================================================

View file

@ -85,14 +85,13 @@ ynh_install_app_dependencies libxml2-dev libxslt-dev libfreetype6-dev \
# CREATE A PostgreSQL DATABASE
#=================================================
db_name=$(ynh_sanitize_dbid "$app")
ynh_app_setting_set "$app" db_name "$db_name"
ynh_psql_test_if_first_run
db_name=$(ynh_sanitize_dbid "$app")
db_user_pwd=$(ynh_string_random)
# Initialize database and store postgres password for upgrade
ynh_psql_create_db "$db_name" "$app" "$db_user_pwd"
ynh_app_setting_set "$app" db_name "$db_name"
ynh_app_setting_set "$app" psqlpwd "$db_user_pwd"
ynh_psql_setup_db "$db_name" "$app"
systemctl reload postgresql
@ -176,6 +175,13 @@ EOF
ynh_add_uwsgi_service
# root install doesn't require uwsgi to handle script names
if [ "$path_url" == "/" ]
then
ynh_replace_string "manage-script-name = true" "manage-script-name = false" "$finaluwsgiini"
ynh_store_file_checksum "$finaluwsgiini"
fi
#=================================================
# PIP INSTALLATION
#=================================================
@ -274,6 +280,12 @@ then
ynh_store_file_checksum "$finalnginxconf"
fi
#=================================================
# Start weblate
#=================================================
systemctl start "uwsgi-app@$app.service"
#=================================================
# RELOAD NGINX
#=================================================

View file

@ -14,7 +14,7 @@ source /usr/share/yunohost/helpers
#=================================================
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get "$app" domain)
db_name=$(ynh_app_setting_get "$app" db_name)
#=================================================

View file

@ -84,14 +84,13 @@ ynh_install_app_dependencies libxml2-dev libxslt-dev libfreetype6-dev \
#=================================================
ynh_psql_test_if_first_run
ynh_psql_setup_db "$db_name" "$db_name" "$db_pwd"
ynh_psql_create_db "$db_name" "$db_name" "$db_pwd"
ynh_psql_execute_file_as_root ./db.sql "$db_name"
#=================================================
# RESTORE THE UWSGI MECANICS
#=================================================
ynh_restore_file "/etc/systemd/system/uwsgi-app@.socket"
ynh_restore_file "/etc/systemd/system/uwsgi-app@.service"
# make sure the folder for sockets exists and set authorizations
@ -112,12 +111,11 @@ usermod --append --groups www-data "$app"
ynh_restore_file "/etc/uwsgi/apps-available/$app.ini"
systemctl enable "uwsgi-app@$app.socket"
systemctl start "uwsgi-app@$app.socket"
systemctl daemon-reload
systemctl enable "uwsgi-app@$app.service"
# Add as a service
yunohost service add "uwsgi-app@$app.socket" --log "/var/log/uwsgi/app/$app"
yunohost service add "uwsgi-app@$app.service" --log "/var/log/uwsgi/app/$app"
#=================================================
# RESTORE THE CRON FILE
@ -133,6 +131,12 @@ ynh_restore_file "/usr/bin/hub"
#=================================================
# GENERIC FINALIZATION
#=================================================
# Start weblate
#=================================================
systemctl start "uwsgi-app@$app.service"
#=================================================
# RELOAD NGINX & uwsgi
#=================================================

View file

@ -83,6 +83,15 @@ then
ynh_secure_remove "/etc/systemd/system/$app.service"
fi
# (<2.20) remove your old sockets!
if [ -e "/etc/systemd/system/uwsgi-app@.socket" ]
then
systemctl stop "uwsgi-app@$app.socket"
yunohost service remove "uwsgi-app@$app.socket"
ynh_secure_remove "/etc/systemd/system/uwsgi-app@.socket"
systemctl daemon-reload
fi
# (<2.18) move hub to the correct folder
if [ -e "$final_path/bin/hub" ]
then
@ -145,6 +154,13 @@ ynh_install_app_dependencies libxml2-dev libxslt-dev libfreetype6-dev \
ynh_add_uwsgi_service
# root install doesn't require uwsgi to handle script names
if [ "$path_url" == "/" ]
then
ynh_replace_string "manage-script-name = true" "manage-script-name = false" "$finaluwsgiini"
ynh_store_file_checksum "$finaluwsgiini"
fi
#=================================================
# PIP INSTALLATION
#=================================================
@ -274,6 +290,12 @@ then
ynh_store_file_checksum "$finalnginxconf"
fi
#=================================================
# Restart weblate
#=================================================
systemctl start "uwsgi-app@$app.service"
#=================================================
# RELOAD NGINX
#=================================================