templates/web.template.yml

   1 env:
   2   # You can have redis on a different box
   3   RAILS_ENV: 'production'
   4   UNICORN_WORKERS: 3
   5   UNICORN_SIDEKIQS: 1
   6   # this gives us very good cache coverage, 96 -> 99
   7   # in practice it is 1-2% perf improvement
   8   RUBY_GLOBAL_METHOD_CACHE_SIZE: 131072
   9   # stop heap doubling in size so aggressively, this conserves memory
  10   RUBY_GC_HEAP_GROWTH_MAX_SLOTS: 40000
  11   RUBY_GC_HEAP_INIT_SLOTS: 400000
  12   RUBY_GC_HEAP_OLDOBJECT_LIMIT_FACTOR: 1.5
  13
  14   DISCOURSE_DB_SOCKET: /var/run/postgresql
  15   DISCOURSE_DB_HOST:
  16   DISCOURSE_DB_PORT:
  17
  18
  19 params:
  20   # SSH key is required for remote access into the container
  21   version: tests-passed
  22
  23   home: /var/www/discourse
  24   upload_size: 10m
  25
  26 run:
  27   - exec: thpoff echo "thpoff is installed!"
  28   - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_SMTP_ADDRESS"] == "smtp.example.com"; puts "Aborting! Mail is not configured!"; exit 1; end'
  29   - exec: /usr/local/bin/ruby -e 'if ENV["DISCOURSE_HOSTNAME"] == "discourse.example.com"; puts "Aborting! Domain is not configured!"; exit 1; end'
  30   - exec: chown -R discourse /home/discourse
  31   # TODO: move to base image (anacron can not be fired up using rc.d)
  32   - exec: rm -f /etc/cron.d/anacron
  33   - file:
  34      path: /etc/cron.d/anacron
  35      contents: |
  36         SHELL=/bin/sh
  37         PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
  38
  39         30 7    * * *   root    /usr/sbin/anacron -s >/dev/null
  40   - file:
  41      path: /etc/runit/1.d/copy-env
  42      chmod: "+x"
  43      contents: |
  44         #!/bin/bash
  45         env > ~/boot_env
  46         conf=/var/www/discourse/config/discourse.conf
  47
  48         # find DISCOURSE_ env vars, strip the leader, lowercase the key
  49         /usr/local/bin/ruby -e 'ENV.each{|k,v| puts "#{$1.downcase} = '\''#{v}'\''" if k =~ /^DISCOURSE_(.*)/}' > $conf
  50
  51   - file:
  52      path: /etc/runit/1.d/enable-brotli
  53      chmod: "+x"
  54      contents: |
  55         #!/bin/bash
  56         [ ! -z "$COMPRESS_BROTLI" ] && sed -i "s/. brotli/  brotli/" /etc/nginx/conf.d/discourse.conf || sed -i "s/. brotli/# brotli/" /etc/nginx/conf.d/discourse.conf
  57
  58   - file:
  59      path: /etc/service/unicorn/run
  60      chmod: "+x"
  61      contents: |
  62         #!/bin/bash
  63         exec 2>&1
  64         # redis
  65         # postgres
  66         cd $home
  67         chown -R discourse:www-data /shared/log/rails
  68         LD_PRELOAD=$RUBY_ALLOCATOR HOME=/home/discourse USER=discourse exec thpoff chpst -u discourse:www-data -U discourse:www-data bundle exec config/unicorn_launcher -E production -c config/unicorn.conf.rb
  69
  70   - file:
  71      path: /etc/service/nginx/run
  72      chmod: "+x"
  73      contents: |
  74         #!/bin/sh
  75         exec 2>&1
  76         exec /usr/sbin/nginx
  77
  78   - file:
  79      path: /etc/runit/3.d/01-nginx
  80      chmod: "+x"
  81      contents: |
  82        #!/bin/bash
  83        sv stop nginx
  84
  85   - file:
  86      path: /etc/runit/3.d/02-unicorn
  87      chmod: "+x"
  88      contents: |
  89        #!/bin/bash
  90        sv stop unicorn
  91
  92   - exec:
  93       cd: $home
  94       hook: code
  95       cmd:
  96         - git reset --hard
  97         - git clean -f
  98         - git remote set-branches --add origin master
  99         - git pull
 100         - git fetch origin $version
 101         - git checkout $version
 102         - mkdir -p tmp/pids
 103         - mkdir -p tmp/sockets
 104         - touch tmp/.gitkeep
 105         - mkdir -p                    /shared/log/rails
 106         - bash -c "touch -a           /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log"
 107         - bash -c "ln    -s           /shared/log/rails/{production,production_errors,unicorn.stdout,unicorn.stderr}.log $home/log"
 108         - bash -c "mkdir -p           /shared/{uploads,backups}"
 109         - bash -c "ln    -s           /shared/{uploads,backups} $home/public"
 110         - chown -R discourse:www-data /shared/log/rails /shared/uploads /shared/backups
 111
 112   - exec:
 113       cmd:
 114         - "cp $home/config/nginx.sample.conf /etc/nginx/conf.d/discourse.conf"
 115         - "rm /etc/nginx/sites-enabled/default"
 116         - "mkdir -p /var/nginx/cache"
 117
 118   - replace:
 119       filename: /etc/nginx/nginx.conf
 120       from: pid /run/nginx.pid;
 121       to: daemon off;
 122
 123   - replace:
 124       filename: "/etc/nginx/conf.d/discourse.conf"
 125       from: /upstream[^\}]+\}/m
 126       to: "upstream discourse {
 127         server 127.0.0.1:3000;
 128       }"
 129
 130   - replace:
 131       filename: "/etc/nginx/conf.d/discourse.conf"
 132       from: /server_name.+$/
 133       to: server_name _ ;
 134
 135   - replace:
 136       filename: "/etc/nginx/conf.d/discourse.conf"
 137       from: /client_max_body_size.+$/
 138       to: client_max_body_size $upload_size ;
 139
 140   - exec:
 141       cmd: echo "done configuring web"
 142       hook: web_config
 143
 144   - exec:
 145       cd: $home
 146       hook: web
 147       cmd:
 148         # ensure we are on latest bundler
 149         - gem update bundler
 150         - find $home ! -user discourse -exec chown discourse {} \+
 151
 152   - exec:
 153       cd: $home
 154       hook: bundle_exec
 155       cmd:
 156         - su discourse -c 'bundle install --deployment --verbose --without test --without development --retry 3 --jobs 4'
 157         - su discourse -c 'bundle exec rake db:migrate'
 158         - su discourse -c 'bundle exec rake assets:precompile'
 159
 160   - file:
 161      path: /usr/local/bin/discourse
 162      chmod: +x
 163      contents: |
 164        #!/bin/bash
 165        (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/discourse "$@")
 166
 167   - file:
 168      path: /usr/local/bin/rails
 169      chmod: +x
 170      contents: |
 171        #!/bin/bash
 172        # If they requested a console, load pry instead
 173        if [ "$*" == "c" -o "$*" == "console" ]
 174        then
 175         (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec pry -r ./config/environment)
 176        else
 177         (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec script/rails "$@")
 178        fi
 179
 180   - file:
 181      path: /usr/local/bin/rake
 182      chmod: +x
 183      contents: |
 184        #!/bin/bash
 185        (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec bin/rake "$@")
 186
 187   - file:
 188      path: /usr/local/bin/rbtrace
 189      chmod: +x
 190      contents: |
 191        #!/bin/bash
 192        (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec rbtrace "$@")
 193
 194   - file:
 195      path: /usr/local/bin/stackprof
 196      chmod: +x
 197      contents: |
 198        #!/bin/bash
 199        (cd /var/www/discourse && RAILS_ENV=production sudo -H -E -u discourse bundle exec stackprof "$@")
 200
 201   - file:
 202      path: /etc/update-motd.d/10-web
 203      chmod: +x
 204      contents: |
 205        #!/bin/bash
 206        echo
 207        echo Use: rails, rake or discourse to execute commands in production
 208        echo
 209
 210   - file:
 211      path: /etc/logrotate.d/rails
 212      contents: |
 213         /shared/log/rails/*.log
 214         {
 215                 rotate 7
 216                 dateext
 217                 daily
 218                 missingok
 219                 delaycompress
 220                 compress
 221                 postrotate
 222                 sv 1 unicorn
 223                 endscript
 224         }
 225
 226   - file:
 227      path: /etc/logrotate.d/nginx
 228      contents: |
 229         /var/log/nginx/*.log {
 230           daily
 231           missingok
 232           rotate 7
 233           compress
 234           delaycompress
 235           create 0644 www-data www-data
 236           sharedscripts
 237           postrotate
 238             sv 1 nginx
 239           endscript
 240         }
 241
 242   # move state out of the container this fancy is done to support rapid rebuilds of containers,
 243   # we store anacron and logrotate state outside the container to ensure its maintained across builds
 244   # later move this snipped into an intialization script
 245   # we also ensure all the symlinks we need to /shared are in place in the correct structure
 246   # this allows us to bootstrap on one machine and then run on another
 247   - file:
 248       path: /etc/runit/1.d/00-ensure-links
 249       chmod: +x
 250       contents: |
 251         #!/bin/bash
 252         if [[ ! -L /var/lib/logrotate ]]; then
 253           rm -fr /var/lib/logrotate
 254           mkdir -p /shared/state/logrotate
 255           ln -s /shared/state/logrotate /var/lib/logrotate
 256         fi
 257         if [[ ! -L /var/spool/anacron ]]; then
 258           rm -fr /var/spool/anacron
 259           mkdir -p /shared/state/anacron-spool
 260           ln -s /shared/state/anacron-spool /var/spool/anacron
 261         fi
 262         if [[ ! -d /shared/log/rails ]]; then
 263           mkdir -p /shared/log/rails
 264           chown -R discourse:www-data /shared/log/rails
 265         fi
 266         if [[ ! -d /shared/uploads ]]; then
 267           mkdir -p /shared/uploads
 268           chown -R discourse:www-data /shared/uploads
 269         fi
 270         if [[ ! -d /shared/backups ]]; then
 271           mkdir -p /shared/backups
 272           chown -R discourse:www-data /shared/backups
 273         fi
 274
 275   # change login directory to Discourse home
 276   - file:
 277      path: /root/.bash_profile
 278      chmod: 644
 279      contents: |
 280         cd $home