[discourse_docker.git] / templates / web.template.yml

env:
  # You can have redis on a different box
  RAILS_ENV: 'production'
  UNICORN_WORKERS: 3
  UNICORN_SIDEKIQS: 1
  # this gives us very good cache coverage, 96 -> 99
  # in practice it is 1-2% perf improvement
  RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072
  # stop heap doubling in size so aggressively, this conserves memory
  RUBY_GC_HEAP_GROWTH_MAX_SLOTS: 40000
  RUBY_GC_HEAP_INIT_SLOTS: 400000
  RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR: 1.5

  DISCOURSE_DB_SOCKET: /var/run/postgresql
  DISCOURSE_DB_HOST:
  DISCOURSE_DB_PORT:


params:
  # SSH key is required for remote access into the container
  version: tests-passed

  home: /var/www/discourse
  upload_size: 10m

run:
  - exec: thpoff echo "thpoff is installed!"
  - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
  - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
  - exec: chown -R discourse /home/discourse
  # TODO: move to base image (anacron can not be fired up using rc.d)
  - exec: rm -f /etc/cron.d/anacron
  - file:
     path: /etc/cron.d/anacron
     contents: |
        SHELL=/bin/sh
        PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

        30 7    * * *   root	/usr/sbin/anacron -s >/dev/null
  - file:
     path: /etc/runit/1.d/copy-env
     chmod: "+x"
     contents: |
        #!/bin/bash
        env > ~/boot_env
        conf=/var/www/discourse/config/discourse.conf

        # find DISCOURSE_ env vars, strip the leader, lowercase the key
        /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = '\''#{v}'\''" if k =~ /^DISCOURSE_(.*)/}' > $conf

  - file:
     path: /etc/runit/1.d/enable-brotli
     chmod: "+x"
     contents: |
        #!/bin/bash
        [ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/  brotli/" /etc/nginx/conf.d/discourse.conf || sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf

  - file:
     path: /etc/service/unicorn/run
     chmod: "+x"
     contents: |
        #!/bin/bash
        exec 2>&1
        # redis
        # postgres
        cd $home
        chown -R discourse:www-data /shared/log/rails
        LD_PRELOAD=$RUBY_ALLOCATOR HOME=/home/discourse USER=discourse exec thpoff chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb

  - file:
     path: /etc/service/nginx/run
     chmod: "+x"
     contents: |
        #!/bin/sh
        exec 2>&1
        exec /usr/sbin/nginx

  - file:
     path: /etc/runit/3.d/01-nginx
     chmod: "+x"
     contents: |
       #!/bin/bash
       sv stop nginx

  - file:
     path: /etc/runit/3.d/02-unicorn
     chmod: "+x"
     contents: |
       #!/bin/bash
       sv stop unicorn

  - exec:
      cd: $home
      hook: code
      cmd:
        - git reset --hard
        - git clean -f
        - git remote set-branches --add origin master
        - git pull
        - git fetch origin $version
        - git checkout $version
        - mkdir -p tmp/pids
        - mkdir -p tmp/sockets
        - touch tmp/.gitkeep
        - mkdir -p                    /shared/log/rails
        - bash -c "touch -a           /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
        - bash -c "ln    -s           /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
        - bash -c "mkdir -p           /shared/{uploads,backups}"
        - bash -c "ln    -s           /shared/{uploads,backups} $home/public"
        - bash -c "mkdir -p           /shared/tmp/{backups,restores}"
        - bash -c "ln    -s           /shared/tmp/{backups,restores} $home/tmp"
        - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups /shared/tmp

  - exec:
      cmd:
        - "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
        - "rm /etc/nginx/sites-enabled/default"
        - "mkdir -p /var/nginx/cache"

  - replace:
      filename: /etc/nginx/nginx.conf
      from: pid /run/nginx.pid;
      to: daemon off;

  - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /upstream[^\}]+\}/m
      to: "upstream discourse {
        server 127.0.0.1:3000;
      }"

  - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /server_name.+$/
      to: server_name _ ;

  - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /client_max_body_size.+$/
      to: client_max_body_size $upload_size ;

  - exec:
      cmd: echo "done configuring web"
      hook: web_config

  - exec:
      cd: $home
      hook: web
      cmd:
        # ensure we are on latest bundler
        - gem update bundler
        - find $home ! -user discourse -exec chown discourse {} \+

  - exec:
      cd: $home
      hook: bundle_exec
      cmd:
        - su discourse -c 'bundle install --deployment --verbose --without test --without development --retry 3 --jobs 4'
        - su discourse -c 'bundle exec rake db:migrate'
        - su discourse -c 'bundle exec rake assets:precompile'

  - file:
     path: /usr/local/bin/discourse
     chmod: +x
     contents: |
       #!/bin/bash
       (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@")

  - file:
     path: /usr/local/bin/rails
     chmod: +x
     contents: |
       #!/bin/bash
       # If they requested a console, load pry instead
       if [ "$*" == "c" -o "$*" == "console" ]
       then
        (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
       else
        (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@")
       fi

  - file:
     path: /usr/local/bin/rake
     chmod: +x
     contents: |
       #!/bin/bash
       (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")

  - file:
     path: /usr/local/bin/rbtrace
     chmod: +x
     contents: |
       #!/bin/bash
       (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec rbtrace "$@")

  - file:
     path: /usr/local/bin/stackprof
     chmod: +x
     contents: |
       #!/bin/bash
       (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec stackprof "$@")

  - file:
     path: /etc/update-motd.d/10-web
     chmod: +x
     contents: |
       #!/bin/bash
       echo
       echo Use: rails, rake or discourse to execute commands in production
       echo

  - file:
     path: /etc/logrotate.d/rails
     contents: |
        /shared/log/rails/*.log
        {
                rotate 7
                dateext
                daily
                missingok
                delaycompress
                compress
                postrotate
                sv 1 unicorn
                endscript
        }

  - file:
     path: /etc/logrotate.d/nginx
     contents: |
        /var/log/nginx/*.log {
          daily
          missingok
          rotate 7
          compress
          delaycompress
          create 0644 www-data www-data
          sharedscripts
          postrotate
            sv 1 nginx
          endscript
        }

  # move state out of the container this fancy is done to support rapid rebuilds of containers,
  # we store anacron and logrotate state outside the container to ensure its maintained across builds
  # later move this snipped into an intialization script
  # we also ensure all the symlinks we need to /shared are in place in the correct structure
  # this allows us to bootstrap on one machine and then run on another
  - file:
      path: /etc/runit/1.d/00-ensure-links
      chmod: +x
      contents: |
        #!/bin/bash
        if [[ ! -L /var/lib/logrotate ]]; then
          rm -fr /var/lib/logrotate
          mkdir -p /shared/state/logrotate
          ln -s /shared/state/logrotate /var/lib/logrotate
        fi
        if [[ ! -L /var/spool/anacron ]]; then
          rm -fr /var/spool/anacron
          mkdir -p /shared/state/anacron-spool
          ln -s /shared/state/anacron-spool /var/spool/anacron
        fi
        if [[ ! -d /shared/log/rails ]]; then
          mkdir -p /shared/log/rails
          chown -R discourse:www-data /shared/log/rails
        fi
        if [[ ! -d /shared/uploads ]]; then
          mkdir -p /shared/uploads
          chown -R discourse:www-data /shared/uploads
        fi
        if [[ ! -d /shared/backups ]]; then
          mkdir -p /shared/backups
          chown -R discourse:www-data /shared/backups
        fi

        rm -rf /shared/tmp/{backups,restores}
        mkdir -p /shared/tmp/{backups,restores}
        chown -R discourse:www-data /shared/tmp/{backups,restores}

  # change login directory to Discourse home
  - file:
     path: /root/.bash_profile
     chmod: 644
     contents: |
        cd $home
Commit	Line	Data
9fb5f2d3	1	env:
9fb5f2d3	2	# You can have redis on a different box
9fb5f2d3 SS	3	RAILS_ENV: 'production'
9fb5f2d3 SS	4	UNICORN_WORKERS: 3
42b06eef	5	UNICORN_SIDEKIQS: 1
5819e899 S	6	# this gives us very good cache coverage, 96 -> 99
5819e899 S	7	# in practice it is 1-2% perf improvement
54e43936	8	RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072
5d1848f5 S	9	# stop heap doubling in size so aggressively, this conserves memory
	10	RUBY_GC_HEAP_GROWTH_MAX_SLOTS: 40000
	11	RUBY_GC_HEAP_INIT_SLOTS: 400000
	12	RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR: 1.5
9fb5f2d3	13
9be8f5b9	14	DISCOURSE_DB_SOCKET: /var/run/postgresql
c148f4c9 SS	15	DISCOURSE_DB_HOST:
c148f4c9 SS	16	DISCOURSE_DB_PORT:
38000fc6 SS	17
38000fc6 SS	18
9fb5f2d3 SS	19	params:
9fb5f2d3 SS	20	# SSH key is required for remote access into the container
b56a2bd7	21	version: tests-passed
9fb5f2d3 SS	22
9fb5f2d3 SS	23	home: /var/www/discourse
44c59d37	24	upload_size: 10m
9fb5f2d3	25
9fb5f2d3	26	run:
b1572a5e	27	- exec: thpoff echo "thpoff is installed!"
b7f9f4c7	28	- exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
28aa70d0	29	- exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
cc81fc95	30	- exec: chown -R discourse /home/discourse
573617ea S	31	# TODO: move to base image (anacron can not be fired up using rc.d)
	32	- exec: rm -f /etc/cron.d/anacron
	33	- file:
	34	path: /etc/cron.d/anacron
	35	contents: \|
	36	SHELL=/bin/sh
	37	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
	38
	39	30 7 * * * root /usr/sbin/anacron -s >/dev/null
87f8d0b3	40	- file:
089518ef	41	path: /etc/runit/1.d/copy-env
87f8d0b3 SS	42	chmod: "+x"
	43	contents: \|
	44	#!/bin/bash
c4498636	45	env > ~/boot_env
87f8d0b3	46	conf=/var/www/discourse/config/discourse.conf
87f8d0b3	47
1cb802ad	48	# find DISCOURSE_ env vars, strip the leader, lowercase the key
087e1101	49	/usr/local/bin/ruby -e 'ENV.each{\|k,v\| puts "#{$1.downcase} = '\''#{v}'\''" if k =~ /^DISCOURSE_(.*)/}' > $conf
8fc088ab	50
f132a635 S	51	- file:
	52	path: /etc/runit/1.d/enable-brotli
	53	chmod: "+x"
	54	contents: \|
	55	#!/bin/bash
	56	[ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/ brotli/" /etc/nginx/conf.d/discourse.conf \|\| sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf
	57
9fb5f2d3 SS	58	- file:
	59	path: /etc/service/unicorn/run
	60	chmod: "+x"
	61	contents: \|
	62	#!/bin/bash
	63	exec 2>&1
9fb5f2d3 SS	64	# redis
	65	# postgres
	66	cd $home
6d00b2fa	67	chown -R discourse:www-data /shared/log/rails
1404e881	68	LD_PRELOAD=$RUBY_ALLOCATOR HOME=/home/discourse USER=discourse exec thpoff chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
9fb5f2d3	69
9fb5f2d3 SS	70	- file:
	71	path: /etc/service/nginx/run
	72	chmod: "+x"
	73	contents: \|
	74	#!/bin/sh
	75	exec 2>&1
	76	exec /usr/sbin/nginx
	77
074f2b6a S	78	- file:
	79	path: /etc/runit/3.d/01-nginx
	80	chmod: "+x"
	81	contents: \|
	82	#!/bin/bash
	83	sv stop nginx
	84
	85	- file:
	86	path: /etc/runit/3.d/02-unicorn
	87	chmod: "+x"
	88	contents: \|
	89	#!/bin/bash
	90	sv stop unicorn
	91
9fb5f2d3 SS	92	- exec:
	93	cd: $home
	94	hook: code
	95	cmd:
	96	- git reset --hard
	97	- git clean -f
36c6b609	98	- git remote set-branches --add origin master
d9c1b419 S	99	- git pull
d9c1b419 S	100	- git fetch origin $version
9fb5f2d3	101	- git checkout $version
9fb5f2d3 SS	102	- mkdir -p tmp/pids
9fb5f2d3 SS	103	- mkdir -p tmp/sockets
b150cad1	104	- touch tmp/.gitkeep
e56a65f6	105	- mkdir -p /shared/log/rails
b6227eb0	106	- bash -c "touch -a /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
e56a65f6 MB	107	- bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
	108	- bash -c "mkdir -p /shared/{uploads,backups}"
	109	- bash -c "ln -s /shared/{uploads,backups} $home/public"
f390d78f GS	110	- bash -c "mkdir -p /shared/tmp/{backups,restores}"
	111	- bash -c "ln -s /shared/tmp/{backups,restores} $home/tmp"
	112	- chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups /shared/tmp
c4498636	113
9fb5f2d3 SS	114	- exec:
	115	cmd:
	116	- "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
	117	- "rm /etc/nginx/sites-enabled/default"
69c891fd	118	- "mkdir -p /var/nginx/cache"
9fb5f2d3 SS	119
	120	- replace:
	121	filename: /etc/nginx/nginx.conf
	122	from: pid /run/nginx.pid;
	123	to: daemon off;
	124
	125	- replace:
	126	filename: "/etc/nginx/conf.d/discourse.conf"
	127	from: /upstream[^\}]+\}/m
	128	to: "upstream discourse {
	129	server 127.0.0.1:3000;
	130	}"
	131
	132	- replace:
	133	filename: "/etc/nginx/conf.d/discourse.conf"
	134	from: /server_name.+$/
	135	to: server_name _ ;
	136
6e23c775	137	- replace:
	138	filename: "/etc/nginx/conf.d/discourse.conf"
	139	from: /client_max_body_size.+$/
	140	to: client_max_body_size $upload_size ;
	141
9e8e16a8 SS	142	- exec:
	143	cmd: echo "done configuring web"
	144	hook: web_config
	145
9fb5f2d3 SS	146	- exec:
9fb5f2d3 SS	147	cd: $home
62418f96	148	hook: web
9fb5f2d3	149	cmd:
e64b0a0b S	150	# ensure we are on latest bundler
e64b0a0b S	151	- gem update bundler
aef8682f	152	- find $home ! -user discourse -exec chown discourse {} \+
70710fa0 EG	153
	154	- exec:
	155	cd: $home
	156	hook: bundle_exec
	157	cmd:
c3f65e20	158	- su discourse -c 'bundle install --deployment --verbose --without test --without development --retry 3 --jobs 4'
e56a65f6 MB	159	- su discourse -c 'bundle exec rake db:migrate'
e56a65f6 MB	160	- su discourse -c 'bundle exec rake assets:precompile'
9fb5f2d3	161
553a4fc9 S	162	- file:
	163	path: /usr/local/bin/discourse
	164	chmod: +x
	165	contents: \|
	166	#!/bin/bash
8a02b91e	167	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@")
553a4fc9 S	168
	169	- file:
	170	path: /usr/local/bin/rails
	171	chmod: +x
	172	contents: \|
	173	#!/bin/bash
cbfcacda	174	# If they requested a console, load pry instead
d16335a6	175	if [ "$" == "c" -o "$" == "console" ]
cbfcacda	176	then
8a02b91e	177	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
cbfcacda	178	else
8a02b91e	179	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@")
cbfcacda	180	fi
553a4fc9 S	181
	182	- file:
	183	path: /usr/local/bin/rake
	184	chmod: +x
	185	contents: \|
	186	#!/bin/bash
8a02b91e	187	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")
553a4fc9	188
e9505520 S	189	- file:
	190	path: /usr/local/bin/rbtrace
	191	chmod: +x
	192	contents: \|
	193	#!/bin/bash
755fff35	194	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec rbtrace "$@")
e9505520 S	195
	196	- file:
	197	path: /usr/local/bin/stackprof
	198	chmod: +x
	199	contents: \|
	200	#!/bin/bash
755fff35	201	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec stackprof "$@")
e9505520	202
553a4fc9 S	203	- file:
	204	path: /etc/update-motd.d/10-web
	205	chmod: +x
	206	contents: \|
	207	#!/bin/bash
	208	echo
	209	echo Use: rails, rake or discourse to execute commands in production
	210	echo
	211
be82e068 S	212	- file:
	213	path: /etc/logrotate.d/rails
	214	contents: \|
	215	/shared/log/rails/*.log
	216	{
bfe8ac94	217	rotate 7
be82e068 S	218	dateext
	219	daily
	220	missingok
be82e068 S	221	delaycompress
	222	compress
	223	postrotate
	224	sv 1 unicorn
	225	endscript
	226	}
55737024	227
5d256035 S	228	- file:
	229	path: /etc/logrotate.d/nginx
	230	contents: \|
	231	/var/log/nginx/*.log {
	232	daily
	233	missingok
bfe8ac94	234	rotate 7
5d256035 S	235	compress
5d256035 S	236	delaycompress
8fc088ab	237	create 0644 www-data www-data
5d256035 S	238	sharedscripts
	239	postrotate
	240	sv 1 nginx
	241	endscript
	242	}
55737024	243
25a7de18 S	244	# move state out of the container this fancy is done to support rapid rebuilds of containers,
	245	# we store anacron and logrotate state outside the container to ensure its maintained across builds
	246	# later move this snipped into an intialization script
be55cb66 S	247	# we also ensure all the symlinks we need to /shared are in place in the correct structure
	248	# this allows us to bootstrap on one machine and then run on another
	249	- file:
	250	path: /etc/runit/1.d/00-ensure-links
	251	chmod: +x
	252	contents: \|
	253	#!/bin/bash
	254	if [[ ! -L /var/lib/logrotate ]]; then
	255	rm -fr /var/lib/logrotate
	256	mkdir -p /shared/state/logrotate
	257	ln -s /shared/state/logrotate /var/lib/logrotate
	258	fi
	259	if [[ ! -L /var/spool/anacron ]]; then
	260	rm -fr /var/spool/anacron
	261	mkdir -p /shared/state/anacron-spool
	262	ln -s /shared/state/anacron-spool /var/spool/anacron
	263	fi
	264	if [[ ! -d /shared/log/rails ]]; then
	265	mkdir -p /shared/log/rails
	266	chown -R discourse:www-data /shared/log/rails
	267	fi
	268	if [[ ! -d /shared/uploads ]]; then
	269	mkdir -p /shared/uploads
	270	chown -R discourse:www-data /shared/uploads
	271	fi
	272	if [[ ! -d /shared/backups ]]; then
	273	mkdir -p /shared/backups
	274	chown -R discourse:www-data /shared/backups
	275	fi
0c456e8c	276
f390d78f GS	277	rm -rf /shared/tmp/{backups,restores}
	278	mkdir -p /shared/tmp/{backups,restores}
	279	chown -R discourse:www-data /shared/tmp/{backups,restores}
	280
0c456e8c EG	281	# change login directory to Discourse home
	282	- file:
	283	path: /root/.bash_profile
	284	chmod: 644
	285	contents: \|
	286	cd $home