X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=templates%2Fweb.template.yml;h=faacaf84cb9d09339cb65caec21635771bf2ab2a;hb=1a018a1b6639c53977f13cf1dc0c0803ecccda56;hp=ee6ef18f0f79e763f661df21b3b1df1c8c4e31fc;hpb=5702d823ff96d7fef2972ee69de04003a9b2098d;p=discourse_docker.git diff --git a/templates/web.template.yml b/templates/web.template.yml index ee6ef18..faacaf8 100644 --- a/templates/web.template.yml +++ b/templates/web.template.yml @@ -3,10 +3,13 @@ env: RAILS_ENV: 'production' UNICORN_WORKERS: 3 UNICORN_SIDEKIQS: 1 - # slightly less aggressive than "recommendation" but works fine with oobgc - RUBY_GC_MALLOC_LIMIT: 40000000 - # this ensures we have enough heap space to handle a big pile of small reqs - RUBY_HEAP_MIN_SLOTS: 800000 + # this gives us very good cache coverage, 96 -> 99 + # in practice it is 1-2% perf improvement + RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072 + # stop heap doubling in size so aggressively, this conserves memory + RUBY_GC_HEAP_GROWTH_MAX_SLOTS: 40000 + RUBY_GC_HEAP_INIT_SLOTS: 400000 + RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR: 1.5 DISCOURSE_DB_SOCKET: /var/run/postgresql DISCOURSE_DB_HOST: @@ -18,26 +21,65 @@ params: version: tests-passed home: /var/www/discourse - upload_size: 2m + upload_size: 10m run: + # see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588 + - replace: + filename: /usr/local/etc/ImageMagick-6/policy.xml + from: "" + to: | + + + + + + + + + + + + - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end' + - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end' + - exec: chown -R discourse /home/discourse + # TODO: move to base image (anacron can not be fired up using rc.d) + - exec: rm -f /etc/cron.d/anacron + - file: + path: /etc/cron.d/anacron + contents: | + SHELL=/bin/sh + PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + + 30 7 * * * root /usr/sbin/anacron -s >/dev/null - file: - path: /etc/service/copy_env/run + path: /etc/runit/1.d/copy-env chmod: "+x" contents: | #!/bin/bash env > ~/boot_env conf=/var/www/discourse/config/discourse.conf - sudo -u discourse echo > $conf - for x in `env | /usr/bin/awk -F= '{if($1 ~ /DISCOURSE_/) print $1}'` - do - c=${x,,} - c=${c:10} - echo "$c"=${!x} >> $conf - done - # I dunno there may be a cleaner way to handle this - exec sleep 2147483647 + # find DISCOURSE_ env vars, strip the leader, lowercase the key + /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = #{v}" if k =~ /^DISCOURSE_(.*)/}' > $conf + - file: + path: /etc/runit/1.d/00-fix-log-permissions + chmod: "+x" + contents: | + #!/bin/bash + mkdir -p /var/log/nginx + chown -R www-data:www-data /var/log/nginx + chown www-data:www-data /var/log/nginx + chown -f syslog:adm /var/log/syslog* + chown -f syslog:adm /var/log/auth.log* + chown -f syslog:adm /var/log/kern.log* + + - file: + path: /etc/runit/1.d/enable-brotli + chmod: "+x" + contents: | + #!/bin/bash + [ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/ brotli/" /etc/nginx/conf.d/discourse.conf || sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf - file: path: /etc/service/unicorn/run @@ -47,9 +89,9 @@ run: exec 2>&1 # redis # postgres - sv start copy_env || exit 1 cd $home - exec sudo -E -u discourse LD_PRELOAD=/usr/lib/libjemalloc.so.1 bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb + chown -R discourse:www-data /shared/log/rails + LD_PRELOAD=$RUBY_ALLOCATOR HOME=/home/discourse USER=discourse exec chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb - file: path: /etc/service/nginx/run @@ -59,6 +101,20 @@ run: exec 2>&1 exec /usr/sbin/nginx + - file: + path: /etc/runit/3.d/01-nginx + chmod: "+x" + contents: | + #!/bin/bash + sv stop nginx + + - file: + path: /etc/runit/3.d/02-unicorn + chmod: "+x" + contents: | + #!/bin/bash + sv stop unicorn + - exec: cd: $home hook: code @@ -71,17 +127,13 @@ run: - git checkout $version - mkdir -p tmp/pids - mkdir -p tmp/sockets - - mkdir -p /shared/log/rails - - mkdir -p /shared/uploads - - mkdir -p /shared/backups - touch tmp/.gitkeep - - rm -r log - - ln -s /shared/log/rails $home/log - - ln -s /shared/uploads $home/public/uploads - - ln -s /shared/backups $home/public/backups - - chown -R discourse:www-data /shared/log/rails - - chown -R discourse:www-data /shared/uploads - - chown -R discourse:www-data /shared/backups + - mkdir -p /shared/log/rails + - bash -c "touch -a /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log" + - bash -c "ln -s /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log" + - bash -c "mkdir -p /shared/{uploads,backups}" + - bash -c "ln -s /shared/{uploads,backups} $home/public" + - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups - exec: cmd: @@ -122,16 +174,21 @@ run: # ensure we are on latest bundler - gem update bundler - chown -R discourse $home - - sudo -E -u discourse bundle install --deployment --verbose --without test --without development - - sudo -E -u discourse bundle exec rake db:migrate - - sudo -E -u discourse bundle exec rake assets:precompile + + - exec: + cd: $home + hook: bundle_exec + cmd: + - su discourse -c 'bundle install --deployment --verbose --without test --without development' + - su discourse -c 'bundle exec rake db:migrate' + - su discourse -c 'bundle exec rake assets:precompile' - file: path: /usr/local/bin/discourse chmod: +x contents: | #!/bin/bash - (cd /var/www/discourse && RAILS_ENV=production sudo -E -u discourse bundle exec script/discourse "$@") + (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@") - file: path: /usr/local/bin/rails @@ -139,11 +196,11 @@ run: contents: | #!/bin/bash # If they requested a console, load pry instead - if [ "$@" == "c" -o "$@" == "console" ] + if [ "$*" == "c" -o "$*" == "console" ] then - (cd /var/www/discourse && RAILS_ENV=production sudo -E -u discourse bundle exec pry -r ./config/environment) + (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment) else - (cd /var/www/discourse && RAILS_ENV=production sudo -E -u discourse bundle exec script/rails "$@") + (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@") fi - file: @@ -151,7 +208,7 @@ run: chmod: +x contents: | #!/bin/bash - (cd /var/www/discourse && RAILS_ENV=production sudo -E -u discourse bundle exec bin/rake "$@") + (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@") - file: path: /etc/update-motd.d/10-web @@ -162,3 +219,76 @@ run: echo Use: rails, rake or discourse to execute commands in production echo + - file: + path: /etc/logrotate.d/rails + contents: | + /shared/log/rails/*.log + { + rotate 14 + dateext + daily + missingok + notifempty + delaycompress + compress + postrotate + sv 1 unicorn + endscript + } + + - file: + path: /etc/logrotate.d/nginx + contents: | + /var/log/nginx/*.log { + daily + missingok + rotate 14 + compress + delaycompress + notifempty + create 0640 www-data www-data + sharedscripts + postrotate + sv 1 nginx + endscript + } + + # move state out of the container this fancy is done to support rapid rebuilds of containers, + # we store anacron and logrotate state outside the container to ensure its maintained across builds + # later move this snipped into an intialization script + # we also ensure all the symlinks we need to /shared are in place in the correct structure + # this allows us to bootstrap on one machine and then run on another + - file: + path: /etc/runit/1.d/00-ensure-links + chmod: +x + contents: | + #!/bin/bash + if [[ ! -L /var/lib/logrotate ]]; then + rm -fr /var/lib/logrotate + mkdir -p /shared/state/logrotate + ln -s /shared/state/logrotate /var/lib/logrotate + fi + if [[ ! -L /var/spool/anacron ]]; then + rm -fr /var/spool/anacron + mkdir -p /shared/state/anacron-spool + ln -s /shared/state/anacron-spool /var/spool/anacron + fi + if [[ ! -d /shared/log/rails ]]; then + mkdir -p /shared/log/rails + chown -R discourse:www-data /shared/log/rails + fi + if [[ ! -d /shared/uploads ]]; then + mkdir -p /shared/uploads + chown -R discourse:www-data /shared/uploads + fi + if [[ ! -d /shared/backups ]]; then + mkdir -p /shared/backups + chown -R discourse:www-data /shared/backups + fi + + # change login directory to Discourse home + - file: + path: /root/.bash_profile + chmod: 644 + contents: | + cd $home