X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=templates%2Fweb.template.yml;h=aec88394cb4c23d4a74325834e31837e2863d943;hb=34559d028794bb91ca1bb85afcd4ea73a461b3ac;hp=11ef90859b769a07b14172050eb4a28f0ee565ce;hpb=cafe688bff18439a300da6cb48bd74889f4bc50a;p=discourse_docker.git diff --git a/templates/web.template.yml b/templates/web.template.yml index 11ef908..aec8839 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -3,10 +3,9 @@ env: RAILS_ENV: 'production' UNICORN_WORKERS: 3 UNICORN_SIDEKIQS: 1 - # slightly less aggressive than "recommendation" but works fine with oobgc - RUBY_GC_MALLOC_LIMIT: 40000000 - # this ensures we have enough heap space to handle a big pile of small reqs - RUBY_HEAP_MIN_SLOTS: 800000 + # this gives us very good cache coverage, 96 -> 99 + # in practice it is 1-2% perf improvement + RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072 DISCOURSE_DB_SOCKET: /var/run/postgresql DISCOURSE_DB_HOST: @@ -15,28 +14,68 @@ env: params: # SSH key is required for remote access into the container - version: HEAD + version: tests-passed home: /var/www/discourse + upload_size: 10m run: + # see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 + - replace: + filename: /usr/local/etc/ImageMagick-6/policy.xml + from: "" + to: | + + + + + + + + + + + + - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end' + - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end' + - exec: chown -R discourse /home/discourse + # TODO: move to base image (anacron can not be fired up using rc.d) + - exec: rm -f /etc/cron.d/anacron + - file: + path: /etc/cron.d/anacron + contents: | + SHELL=/bin/sh + PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + + 30 7 * * * root /usr/sbin/anacron -s >/dev/null - file: - path: /etc/service/copy_env/run + path: /etc/runit/1.d/copy-env chmod: "+x" contents: | #!/bin/bash env > ~/boot_env conf=/var/www/discourse/config/discourse.conf - sudo -u discourse echo > $conf - for x in `env | /usr/bin/awk -F= '{if($1 ~ /DISCOURSE_/) print $1}'` - do - c=${x,,} - c=${c:10} - echo "$c"=${!x} >> $conf - done - # I dunno there may be a cleaner way to handle this - exec sleep 2147483647 + # find DISCOURSE_ env vars, strip the leader, lowercase the key + /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf + - file: + path: /etc/runit/1.d/00-fix-log-permissions + chmod: "+x" + contents: | + #!/bin/bash + mkdir -p /var/log/nginx + chown -R www-data:www-data /var/log/nginx + chown www-data:www-data /var/log/nginx + chown -f syslog:adm /var/log/syslog* + chown -f syslog:adm /var/log/auth.log* + chown -f syslog:adm /var/log/kern.log* + + - file: + path: /etc/runit/1.d/enable-brotli + chmod: "+x" + contents: | + #!/bin/bash + [ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/ brotli/" /etc/nginx/conf.d/discourse.conf || sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf - file: path: /etc/service/unicorn/run @@ -46,9 +85,9 @@ run: exec 2>&1 # redis # postgres - sv start copy_env || exit 1 cd $home - exec sudo -E -u discourse LD_PRELOAD=/usr/lib/libjemalloc.so.1 bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb + chown -R discourse:www-data /shared/log/rails + LD_PRELOAD=/usr/lib/libjemalloc.so.1 HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb - file: path: /etc/service/nginx/run @@ -58,32 +97,45 @@ run: exec 2>&1 exec /usr/sbin/nginx + - file: + path: /etc/runit/3.d/01-nginx + chmod: "+x" + contents: | + #!/bin/bash + sv stop nginx + + - file: + path: /etc/runit/3.d/02-unicorn + chmod: "+x" + contents: | + #!/bin/bash + sv stop unicorn + - exec: cd: $home hook: code cmd: - git reset --hard - git clean -f + - git remote set-branches --add origin master - git pull + - git fetch origin $version - git checkout $version - mkdir -p tmp/pids - mkdir -p tmp/sockets - - mkdir -p /shared/log/rails - - mkdir -p /shared/uploads - - mkdir -p /shared/backups - touch tmp/.gitkeep - - rm -r log - - ln -s /shared/log/rails $home/log - - ln -s /shared/uploads $home/public/uploads - - ln -s /shared/backups $home/public/backups - - chown -R discourse:www-data /shared/log/rails - - chown -R discourse:www-data /shared/uploads - - chown -R discourse:www-data /shared/backups + - mkdir -p /shared/log/rails + - bash -c "touch -a /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log" + - bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log" + - bash -c "mkdir -p /shared/{uploads,backups}" + - bash -c "ln -s /shared/{uploads,backups} $home/public" + - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups - exec: cmd: - "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf" - "rm /etc/nginx/sites-enabled/default" + - "mkdir -p /var/nginx/cache" - replace: filename: /etc/nginx/nginx.conf @@ -102,6 +154,11 @@ run: from: /server_name.+$/ to: server_name _ ; + - replace: + filename: "/etc/nginx/conf.d/discourse.conf" + from: /client_max_body_size.+$/ + to: client_max_body_size $upload_size ; + - exec: cmd: echo "done configuring web" hook: web_config @@ -112,20 +169,22 @@ run: cmd: # ensure we are on latest bundler - gem update bundler - - mkdir -p /shared/vendor_bundle - - cp -fr /shared/vendor_bundle/* vendor/bundle || echo "can not copy" - chown -R discourse $home - - sudo -E -u discourse bundle install --deployment --verbose --without test --without development - - cp -fr vendor/bundle/* /shared/vendor_bundle - - sudo -E -u discourse bundle exec rake db:migrate - - sudo -E -u discourse bundle exec rake assets:precompile + + - exec: + cd: $home + hook: bundle_exec + cmd: + - su discourse -c 'bundle install --deployment --verbose --without test --without development' + - su discourse -c 'bundle exec rake db:migrate' + - su discourse -c 'bundle exec rake assets:precompile' - file: path: /usr/local/bin/discourse chmod: +x contents: | #!/bin/bash - (cd /var/www/discourse && RAILS_ENV=production sudo -E -u discourse bundle exec script/discourse "$@") + (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@") - file: path: /usr/local/bin/rails @@ -133,11 +192,11 @@ run: contents: | #!/bin/bash # If they requested a console, load pry instead - if [ "$@" == "c" -o "$@" == "console" ] + if [ "$*" == "c" -o "$*" == "console" ] then - (cd /var/www/discourse && RAILS_ENV=production sudo -E -u discourse bundle exec pry -r ./config/environment) + (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment) else - (cd /var/www/discourse && RAILS_ENV=production sudo -E -u discourse bundle exec script/rails "$@") + (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@") fi - file: @@ -145,7 +204,7 @@ run: chmod: +x contents: | #!/bin/bash - (cd /var/www/discourse && RAILS_ENV=production sudo -E -u discourse bundle exec bin/rake "$@") + (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@") - file: path: /etc/update-motd.d/10-web @@ -156,3 +215,76 @@ run: echo Use: rails, rake or discourse to execute commands in production echo + - file: + path: /etc/logrotate.d/rails + contents: | + /shared/log/rails/*.log + { + rotate 14 + dateext + daily + missingok + notifempty + delaycompress + compress + postrotate + sv 1 unicorn + endscript + } + + - file: + path: /etc/logrotate.d/nginx + contents: | + /var/log/nginx/*.log { + daily + missingok + rotate 14 + compress + delaycompress + notifempty + create 0640 www-data www-data + sharedscripts + postrotate + sv 1 nginx + endscript + } + + # move state out of the container this fancy is done to support rapid rebuilds of containers, + # we store anacron and logrotate state outside the container to ensure its maintained across builds + # later move this snipped into an intialization script + # we also ensure all the symlinks we need to /shared are in place in the correct structure + # this allows us to bootstrap on one machine and then run on another + - file: + path: /etc/runit/1.d/00-ensure-links + chmod: +x + contents: | + #!/bin/bash + if [[ ! -L /var/lib/logrotate ]]; then + rm -fr /var/lib/logrotate + mkdir -p /shared/state/logrotate + ln -s /shared/state/logrotate /var/lib/logrotate + fi + if [[ ! -L /var/spool/anacron ]]; then + rm -fr /var/spool/anacron + mkdir -p /shared/state/anacron-spool + ln -s /shared/state/anacron-spool /var/spool/anacron + fi + if [[ ! -d /shared/log/rails ]]; then + mkdir -p /shared/log/rails + chown -R discourse:www-data /shared/log/rails + fi + if [[ ! -d /shared/uploads ]]; then + mkdir -p /shared/uploads + chown -R discourse:www-data /shared/uploads + fi + if [[ ! -d /shared/backups ]]; then + mkdir -p /shared/backups + chown -R discourse:www-data /shared/backups + fi + + # change login directory to Discourse home + - file: + path: /root/.bash_profile + chmod: 644 + contents: | + cd $home