# You can have redis on a different box
RAILS_ENV: 'production'
UNICORN_WORKERS: 3
- # slightly less aggressive than "recommendation" but works fine with oobgc
- RUBY_GC_MALLOC_LIMIT: 40000000
- # this ensures we have enough heap space to handle a big pile of small reqs
- RUBY_HEAP_MIN_SLOTS: 800000
+ UNICORN_SIDEKIQS: 1
+ # this gives us very good cache coverage, 96 -> 99
+ # in practice it is 1-2% perf improvement
+ RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072
+ # stop heap doubling in size so aggressively, this conserves memory
+ RUBY_GC_HEAP_GROWTH_MAX_SLOTS: 40000
+ RUBY_GC_HEAP_INIT_SLOTS: 400000
+ RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR: 1.5
DISCOURSE_DB_SOCKET: /var/run/postgresql
DISCOURSE_DB_HOST:
params:
# SSH key is required for remote access into the container
- version: HEAD
+ version: tests-passed
home: /var/www/discourse
+ upload_size: 10m
run:
+ - exec: thpoff echo "thpoff is installed!"
+ - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
+ - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
+ - exec: chown -R discourse /home/discourse
+ # TODO: move to base image (anacron can not be fired up using rc.d)
+ - exec: rm -f /etc/cron.d/anacron
- file:
- path: /etc/service/copy_env/run
+ path: /etc/cron.d/anacron
+ contents: |
+ SHELL=/bin/sh
+ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+ 30 7 * * * root /usr/sbin/anacron -s >/dev/null
+ - file:
+ path: /etc/runit/1.d/copy-env
chmod: "+x"
contents: |
#!/bin/bash
+ env > ~/boot_env
conf=/var/www/discourse/config/discourse.conf
- sudo -u discourse echo > $conf
- for x in `env | /usr/bin/awk -F= '{if($1 ~ /DISCOURSE_/) print $1}'`
- do
- c=${x,,}
- c=${c:10}
- echo "$c"=${!x} >> $conf
- done
- # I dunno there may be a cleaner way to handle this
- exec sleep 2147483647
+ # find DISCOURSE_ env vars, strip the leader, lowercase the key
+ /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = '\''#{v}'\''" if k =~ /^DISCOURSE_(.*)/}' > $conf
- file:
- path: /etc/service/unicorn/run
+ path: /etc/runit/1.d/enable-brotli
chmod: "+x"
contents: |
#!/bin/bash
- exec 2>&1
- # redis
- # postgres
- sv start copy_env || exit 1
- cd $home
- exec sudo -E -u discourse LD_PRELOAD=/usr/lib/libjemalloc.so.1 bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
+ [ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/ brotli/" /etc/nginx/conf.d/discourse.conf || sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf
- file:
- path: /etc/service/sidekiq/run
+ path: /etc/service/unicorn/run
chmod: "+x"
contents: |
#!/bin/bash
exec 2>&1
# redis
# postgres
- sv start copy_env || exit 1
cd $home
- exec sudo -E -u discourse LD_PRELOAD=/usr/lib/libjemalloc.so.1 bundle exec sidekiq
+ chown -R discourse:www-data /shared/log/rails
+ LD_PRELOAD=$RUBY_ALLOCATOR HOME=/home/discourse USER=discourse exec thpoff chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
- file:
path: /etc/service/nginx/run
exec 2>&1
exec /usr/sbin/nginx
+ - file:
+ path: /etc/runit/3.d/01-nginx
+ chmod: "+x"
+ contents: |
+ #!/bin/bash
+ sv stop nginx
+
+ - file:
+ path: /etc/runit/3.d/02-unicorn
+ chmod: "+x"
+ contents: |
+ #!/bin/bash
+ sv stop unicorn
+
- exec:
cd: $home
hook: code
cmd:
- git reset --hard
- git clean -f
+ - git remote set-branches --add origin master
- git pull
+ - git fetch origin $version
- git checkout $version
- mkdir -p tmp/pids
- mkdir -p tmp/sockets
- - mkdir -p /shared/log/rails
- - mkdir -p /shared/uploads
- - mkdir -p /shared/backups
- touch tmp/.gitkeep
- - rm -r log
- - ln -s /shared/log/rails $home/log
- - ln -s /shared/uploads $home/public/uploads
- - ln -s /shared/backups $home/public/backups
- - chown -R discourse:www-data /shared/log/rails
- - chown -R discourse:www-data /shared/uploads
- - chown -R discourse:www-data /shared/backups
-
+ - mkdir -p /shared/log/rails
+ - bash -c "touch -a /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
+ - bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
+ - bash -c "mkdir -p /shared/{uploads,backups}"
+ - bash -c "ln -s /shared/{uploads,backups} $home/public"
+ - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups
+
- exec:
cmd:
- "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
- "rm /etc/nginx/sites-enabled/default"
+ - "mkdir -p /var/nginx/cache"
- replace:
filename: /etc/nginx/nginx.conf
from: /server_name.+$/
to: server_name _ ;
+ - replace:
+ filename: "/etc/nginx/conf.d/discourse.conf"
+ from: /client_max_body_size.+$/
+ to: client_max_body_size $upload_size ;
+
- exec:
cmd: echo "done configuring web"
hook: web_config
- exec:
cd: $home
+ hook: web
cmd:
# ensure we are on latest bundler
- gem update bundler
- - mkdir -p /shared/vendor_bundle
- - cp -fr /shared/vendor_bundle/* vendor/bundle || echo "can not copy"
- - chown -R discourse $home
- - sudo -E -u discourse bundle install --deployment --verbose --without test --without development
- - cp -fr vendor/bundle/* /shared/vendor_bundle
- - sudo -E -u discourse bundle exec rake db:migrate
- - sudo -E -u discourse bundle exec rake assets:precompile
+ - find $home ! -user discourse -exec chown discourse {} \+
+
+ - exec:
+ cd: $home
+ hook: bundle_exec
+ cmd:
+ - su discourse -c 'bundle install --deployment --verbose --without test --without development --retry 3 --jobs 4'
+ - su discourse -c 'bundle exec rake db:migrate'
+ - su discourse -c 'bundle exec rake assets:precompile'
+
+ - file:
+ path: /usr/local/bin/discourse
+ chmod: +x
+ contents: |
+ #!/bin/bash
+ (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@")
+ - file:
+ path: /usr/local/bin/rails
+ chmod: +x
+ contents: |
+ #!/bin/bash
+ # If they requested a console, load pry instead
+ if [ "$*" == "c" -o "$*" == "console" ]
+ then
+ (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
+ else
+ (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@")
+ fi
+
+ - file:
+ path: /usr/local/bin/rake
+ chmod: +x
+ contents: |
+ #!/bin/bash
+ (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")
+
+ - file:
+ path: /usr/local/bin/rbtrace
+ chmod: +x
+ contents: |
+ #!/bin/bash
+ (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec rbtrace "$@")
+
+ - file:
+ path: /usr/local/bin/stackprof
+ chmod: +x
+ contents: |
+ #!/bin/bash
+ (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec stackprof "$@")
+
+ - file:
+ path: /etc/update-motd.d/10-web
+ chmod: +x
+ contents: |
+ #!/bin/bash
+ echo
+ echo Use: rails, rake or discourse to execute commands in production
+ echo
+
+ - file:
+ path: /etc/logrotate.d/rails
+ contents: |
+ /shared/log/rails/*.log
+ {
+ rotate 7
+ dateext
+ daily
+ missingok
+ delaycompress
+ compress
+ postrotate
+ sv 1 unicorn
+ endscript
+ }
+
+ - file:
+ path: /etc/logrotate.d/nginx
+ contents: |
+ /var/log/nginx/*.log {
+ daily
+ missingok
+ rotate 7
+ compress
+ delaycompress
+ create 0644 www-data www-data
+ sharedscripts
+ postrotate
+ sv 1 nginx
+ endscript
+ }
+
+ # move state out of the container this fancy is done to support rapid rebuilds of containers,
+ # we store anacron and logrotate state outside the container to ensure its maintained across builds
+ # later move this snipped into an intialization script
+ # we also ensure all the symlinks we need to /shared are in place in the correct structure
+ # this allows us to bootstrap on one machine and then run on another
+ - file:
+ path: /etc/runit/1.d/00-ensure-links
+ chmod: +x
+ contents: |
+ #!/bin/bash
+ if [[ ! -L /var/lib/logrotate ]]; then
+ rm -fr /var/lib/logrotate
+ mkdir -p /shared/state/logrotate
+ ln -s /shared/state/logrotate /var/lib/logrotate
+ fi
+ if [[ ! -L /var/spool/anacron ]]; then
+ rm -fr /var/spool/anacron
+ mkdir -p /shared/state/anacron-spool
+ ln -s /shared/state/anacron-spool /var/spool/anacron
+ fi
+ if [[ ! -d /shared/log/rails ]]; then
+ mkdir -p /shared/log/rails
+ chown -R discourse:www-data /shared/log/rails
+ fi
+ if [[ ! -d /shared/uploads ]]; then
+ mkdir -p /shared/uploads
+ chown -R discourse:www-data /shared/uploads
+ fi
+ if [[ ! -d /shared/backups ]]; then
+ mkdir -p /shared/backups
+ chown -R discourse:www-data /shared/backups
+ fi
+
+ # change login directory to Discourse home
+ - file:
+ path: /root/.bash_profile
+ chmod: 644
+ contents: |
+ cd $home
projects / discourse_docker.git / blobdiff