[discourse_docker.git] / templates / web.template.yml

env:
  # You can have redis on a different box
  RAILS_ENV: 'production'
  UNICORN_WORKERS: 3
  UNICORN_SIDEKIQS: 1
  # slightly less aggressive than "recommendation" but works fine with oobgc
  RUBY_GC_MALLOC_LIMIT: 40000000
  # this ensures we have enough heap space to handle a big pile of small reqs
  RUBY_HEAP_MIN_SLOTS: 800000

  DISCOURSE_DB_SOCKET: /var/run/postgresql
  DISCOURSE_DB_HOST:
  DISCOURSE_DB_PORT:


params:
  # SSH key is required for remote access into the container
  version: tests-passed

  home: /var/www/discourse
  upload_size: 10m

run:
  - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
  - file:
     path: /etc/runit/1.d/copy-env
     chmod: "+x"
     contents: |
        #!/bin/bash
        env > ~/boot_env
        conf=/var/www/discourse/config/discourse.conf

        # find DISCOURSE_ env vars, strip the leader, lowercase the key
        /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf

  - file:
      path: /etc/runit/1.d/ensure-web-nginx-read
      chmod: "+x"
      contents: |
        #!/bin/bash
        chgrp -R www-data /var/log/nginx
        chgrp www-data /var/log/nginx
  - file:
     path: /etc/service/unicorn/run
     chmod: "+x"
     contents: |
        #!/bin/bash
        exec 2>&1
        # redis
        # postgres
        cd $home
        chown -R discourse:www-data /shared/log/rails
        LD_PRELOAD=/usr/lib/libjemalloc.so.1 HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb

  - file:
     path: /etc/service/nginx/run
     chmod: "+x"
     contents: |
        #!/bin/sh
        exec 2>&1
        mkdir -p /var/log/nginx
        exec /usr/sbin/nginx

  - file:
     path: /etc/runit/3.d/01-nginx
     chmod: "+x"
     contents: |
       #!/bin/bash
       sv stop nginx

  - file:
     path: /etc/runit/3.d/02-unicorn
     chmod: "+x"
     contents: |
       #!/bin/bash
       sv stop unicorn

  - exec:
      cd: $home
      hook: code
      cmd:
        - git reset --hard
        - git clean -f
        - git remote set-branches --add origin master
        - git pull
        - git fetch origin $version
        - git checkout $version
        - mkdir -p tmp/pids
        - mkdir -p tmp/sockets
        - touch tmp/.gitkeep
        - mkdir -p                    /shared/log/rails
        - bash -c "touch -a           /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
        - bash -c "ln    -s           /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
        - bash -c "mkdir -p           /shared/{uploads,backups}"
        - bash -c "ln    -s           /shared/{uploads,backups} $home/public"
        - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups

  - exec:
      cmd:
        - "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
        - "rm /etc/nginx/sites-enabled/default"
        - "mkdir -p /var/nginx/cache"

  - replace:
      filename: /etc/nginx/nginx.conf
      from: pid /run/nginx.pid;
      to: daemon off;

  - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /upstream[^\}]+\}/m
      to: "upstream discourse {
        server 127.0.0.1:3000;
      }"

  - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /server_name.+$/
      to: server_name _ ;

  - replace:
      filename: "/etc/nginx/conf.d/discourse.conf"
      from: /client_max_body_size.+$/
      to: client_max_body_size $upload_size ;

  - exec:
      cmd: echo "done configuring web"
      hook: web_config

  - exec:
      cd: $home
      hook: web
      cmd:
        # ensure we are on latest bundler
        - gem update bundler
        - chown -R discourse $home

  - exec:
      cd: $home
      hook: bundle_exec
      cmd:
        - su discourse -c 'bundle install --deployment --verbose --without test --without development'
        - su discourse -c 'bundle exec rake db:migrate'
        - su discourse -c 'bundle exec rake assets:precompile'

  - file:
     path: /usr/local/bin/discourse
     chmod: +x
     contents: |
       #!/bin/bash
       (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@")

  - file:
     path: /usr/local/bin/rails
     chmod: +x
     contents: |
       #!/bin/bash
       # If they requested a console, load pry instead
       if [ "$*" == "c" -o "$*" == "console" ]
       then
        (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
       else
        (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@")
       fi

  - file:
     path: /usr/local/bin/rake
     chmod: +x
     contents: |
       #!/bin/bash
       (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")

  - file:
     path: /etc/update-motd.d/10-web
     chmod: +x
     contents: |
       #!/bin/bash
       echo
       echo Use: rails, rake or discourse to execute commands in production
       echo

  - file:
     path: /etc/logrotate.d/rails
     contents: |
        /shared/log/rails/*.log
        {
                rotate 14
                dateext
                daily
                missingok
                notifempty
                delaycompress
                compress
                postrotate
                sv 1 unicorn
                endscript
        }

  - file:
     path: /etc/logrotate.d/nginx
     contents: |
        /var/log/nginx/*.log {
          daily
          missingok
          rotate 14
          compress
          delaycompress
          notifempty
          create 0640 www-data www-data
          sharedscripts
          postrotate
            sv 1 nginx
          endscript
        }

  # move state out of the container this fancy is done to support rapid rebuilds of containers,
  # we store anacron and logrotate state outside the container to ensure its maintained across builds
  # later move this snipped into an intialization script
  # we also ensure all the symlinks we need to /shared are in place in the correct structure
  # this allows us to bootstrap on one machine and then run on another
  - file:
      path: /etc/runit/1.d/00-ensure-links
      chmod: +x
      contents: |
        #!/bin/bash
        if [[ ! -L /var/lib/logrotate ]]; then
          rm -fr /var/lib/logrotate
          mkdir -p /shared/state/logrotate
          ln -s /shared/state/logrotate /var/lib/logrotate
        fi
        if [[ ! -L /var/spool/anacron ]]; then
          rm -fr /var/spool/anacron
          mkdir -p /shared/state/anacron-spool
          ln -s /shared/state/anacron-spool /var/spool/anacron
        fi
        if [[ ! -d /shared/log/rails ]]; then
          mkdir -p /shared/log/rails
          chown -R discourse:www-data /shared/log/rails
        fi
        if [[ ! -d /shared/uploads ]]; then
          mkdir -p /shared/uploads
          chown -R discourse:www-data /shared/uploads
        fi
        if [[ ! -d /shared/backups ]]; then
          mkdir -p /shared/backups
          chown -R discourse:www-data /shared/backups
        fi
Commit	Line	Data
9fb5f2d3	1	env:
9fb5f2d3	2	# You can have redis on a different box
9fb5f2d3 SS	3	RAILS_ENV: 'production'
9fb5f2d3 SS	4	UNICORN_WORKERS: 3
42b06eef	5	UNICORN_SIDEKIQS: 1
9fb5f2d3 SS	6	# slightly less aggressive than "recommendation" but works fine with oobgc
	7	RUBY_GC_MALLOC_LIMIT: 40000000
	8	# this ensures we have enough heap space to handle a big pile of small reqs
	9	RUBY_HEAP_MIN_SLOTS: 800000
	10
9be8f5b9	11	DISCOURSE_DB_SOCKET: /var/run/postgresql
c148f4c9 SS	12	DISCOURSE_DB_HOST:
c148f4c9 SS	13	DISCOURSE_DB_PORT:
38000fc6 SS	14
38000fc6 SS	15
9fb5f2d3 SS	16	params:
9fb5f2d3 SS	17	# SSH key is required for remote access into the container
b56a2bd7	18	version: tests-passed
9fb5f2d3 SS	19
9fb5f2d3 SS	20	home: /var/www/discourse
44c59d37	21	upload_size: 10m
9fb5f2d3	22
9fb5f2d3	23	run:
b7f9f4c7	24	- exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
87f8d0b3	25	- file:
089518ef	26	path: /etc/runit/1.d/copy-env
87f8d0b3 SS	27	chmod: "+x"
	28	contents: \|
	29	#!/bin/bash
c4498636	30	env > ~/boot_env
87f8d0b3	31	conf=/var/www/discourse/config/discourse.conf
87f8d0b3	32
1cb802ad	33	# find DISCOURSE_ env vars, strip the leader, lowercase the key
797864e6	34	/usr/local/bin/ruby -e 'ENV.each{\|k,v\| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf
1cb802ad	35
b3d252a0 S	36	- file:
	37	path: /etc/runit/1.d/ensure-web-nginx-read
	38	chmod: "+x"
	39	contents: \|
	40	#!/bin/bash
	41	chgrp -R www-data /var/log/nginx
	42	chgrp www-data /var/log/nginx
9fb5f2d3 SS	43	- file:
	44	path: /etc/service/unicorn/run
	45	chmod: "+x"
	46	contents: \|
	47	#!/bin/bash
	48	exec 2>&1
9fb5f2d3 SS	49	# redis
	50	# postgres
	51	cd $home
6d00b2fa	52	chown -R discourse:www-data /shared/log/rails
56e5e6c2	53	LD_PRELOAD=/usr/lib/libjemalloc.so.1 HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
9fb5f2d3	54
9fb5f2d3 SS	55	- file:
	56	path: /etc/service/nginx/run
	57	chmod: "+x"
	58	contents: \|
	59	#!/bin/sh
	60	exec 2>&1
4695d446	61	mkdir -p /var/log/nginx
9fb5f2d3 SS	62	exec /usr/sbin/nginx
9fb5f2d3 SS	63
074f2b6a S	64	- file:
	65	path: /etc/runit/3.d/01-nginx
	66	chmod: "+x"
	67	contents: \|
	68	#!/bin/bash
	69	sv stop nginx
	70
	71	- file:
	72	path: /etc/runit/3.d/02-unicorn
	73	chmod: "+x"
	74	contents: \|
	75	#!/bin/bash
	76	sv stop unicorn
	77
9fb5f2d3 SS	78	- exec:
	79	cd: $home
	80	hook: code
	81	cmd:
	82	- git reset --hard
	83	- git clean -f
36c6b609	84	- git remote set-branches --add origin master
d9c1b419 S	85	- git pull
d9c1b419 S	86	- git fetch origin $version
9fb5f2d3	87	- git checkout $version
9fb5f2d3 SS	88	- mkdir -p tmp/pids
9fb5f2d3 SS	89	- mkdir -p tmp/sockets
b150cad1	90	- touch tmp/.gitkeep
e56a65f6	91	- mkdir -p /shared/log/rails
b6227eb0	92	- bash -c "touch -a /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
e56a65f6 MB	93	- bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
	94	- bash -c "mkdir -p /shared/{uploads,backups}"
	95	- bash -c "ln -s /shared/{uploads,backups} $home/public"
	96	- chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups
c4498636	97
9fb5f2d3 SS	98	- exec:
	99	cmd:
	100	- "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
	101	- "rm /etc/nginx/sites-enabled/default"
69c891fd	102	- "mkdir -p /var/nginx/cache"
9fb5f2d3 SS	103
	104	- replace:
	105	filename: /etc/nginx/nginx.conf
	106	from: pid /run/nginx.pid;
	107	to: daemon off;
	108
	109	- replace:
	110	filename: "/etc/nginx/conf.d/discourse.conf"
	111	from: /upstream[^\}]+\}/m
	112	to: "upstream discourse {
	113	server 127.0.0.1:3000;
	114	}"
	115
	116	- replace:
	117	filename: "/etc/nginx/conf.d/discourse.conf"
	118	from: /server_name.+$/
	119	to: server_name _ ;
	120
6e23c775	121	- replace:
	122	filename: "/etc/nginx/conf.d/discourse.conf"
	123	from: /client_max_body_size.+$/
	124	to: client_max_body_size $upload_size ;
	125
9e8e16a8 SS	126	- exec:
	127	cmd: echo "done configuring web"
	128	hook: web_config
	129
9fb5f2d3 SS	130	- exec:
9fb5f2d3 SS	131	cd: $home
62418f96	132	hook: web
9fb5f2d3	133	cmd:
e64b0a0b S	134	# ensure we are on latest bundler
e64b0a0b S	135	- gem update bundler
9fb5f2d3	136	- chown -R discourse $home
70710fa0 EG	137
	138	- exec:
	139	cd: $home
	140	hook: bundle_exec
	141	cmd:
e56a65f6 MB	142	- su discourse -c 'bundle install --deployment --verbose --without test --without development'
	143	- su discourse -c 'bundle exec rake db:migrate'
	144	- su discourse -c 'bundle exec rake assets:precompile'
9fb5f2d3	145
553a4fc9 S	146	- file:
	147	path: /usr/local/bin/discourse
	148	chmod: +x
	149	contents: \|
	150	#!/bin/bash
8a02b91e	151	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@")
553a4fc9 S	152
	153	- file:
	154	path: /usr/local/bin/rails
	155	chmod: +x
	156	contents: \|
	157	#!/bin/bash
cbfcacda	158	# If they requested a console, load pry instead
d16335a6	159	if [ "$" == "c" -o "$" == "console" ]
cbfcacda	160	then
8a02b91e	161	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
cbfcacda	162	else
8a02b91e	163	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@")
cbfcacda	164	fi
553a4fc9 S	165
	166	- file:
	167	path: /usr/local/bin/rake
	168	chmod: +x
	169	contents: \|
	170	#!/bin/bash
8a02b91e	171	(cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")
553a4fc9 S	172
	173	- file:
	174	path: /etc/update-motd.d/10-web
	175	chmod: +x
	176	contents: \|
	177	#!/bin/bash
	178	echo
	179	echo Use: rails, rake or discourse to execute commands in production
	180	echo
	181
be82e068 S	182	- file:
	183	path: /etc/logrotate.d/rails
	184	contents: \|
	185	/shared/log/rails/*.log
	186	{
	187	rotate 14
	188	dateext
	189	daily
	190	missingok
	191	notifempty
	192	delaycompress
	193	compress
	194	postrotate
	195	sv 1 unicorn
	196	endscript
	197	}
55737024	198
5d256035 S	199	- file:
	200	path: /etc/logrotate.d/nginx
	201	contents: \|
	202	/var/log/nginx/*.log {
	203	daily
	204	missingok
	205	rotate 14
	206	compress
	207	delaycompress
	208	notifempty
b3d252a0	209	create 0640 www-data www-data
5d256035 S	210	sharedscripts
	211	postrotate
	212	sv 1 nginx
	213	endscript
	214	}
55737024	215
25a7de18 S	216	# move state out of the container this fancy is done to support rapid rebuilds of containers,
	217	# we store anacron and logrotate state outside the container to ensure its maintained across builds
	218	# later move this snipped into an intialization script
be55cb66 S	219	# we also ensure all the symlinks we need to /shared are in place in the correct structure
	220	# this allows us to bootstrap on one machine and then run on another
	221	- file:
	222	path: /etc/runit/1.d/00-ensure-links
	223	chmod: +x
	224	contents: \|
	225	#!/bin/bash
	226	if [[ ! -L /var/lib/logrotate ]]; then
	227	rm -fr /var/lib/logrotate
	228	mkdir -p /shared/state/logrotate
	229	ln -s /shared/state/logrotate /var/lib/logrotate
	230	fi
	231	if [[ ! -L /var/spool/anacron ]]; then
	232	rm -fr /var/spool/anacron
	233	mkdir -p /shared/state/anacron-spool
	234	ln -s /shared/state/anacron-spool /var/spool/anacron
	235	fi
	236	if [[ ! -d /shared/log/rails ]]; then
	237	mkdir -p /shared/log/rails
	238	chown -R discourse:www-data /shared/log/rails
	239	fi
	240	if [[ ! -d /shared/uploads ]]; then
	241	mkdir -p /shared/uploads
	242	chown -R discourse:www-data /shared/uploads
	243	fi
	244	if [[ ! -d /shared/backups ]]; then
	245	mkdir -p /shared/backups
	246	chown -R discourse:www-data /shared/backups
	247	fi