Mirror
/
tildes
mirror of https://gitlab.com/tildes/tildes.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Run gunicorn under app user/group 

Previously this was creating a separate gunicorn user/group, but there's
really no need for that, and it makes some of the permissions trickier.
merge-requests/70/head
Deimos 5 years ago
parent
6f52ffd3b1
commit
2c05cde222
5 changed files with 13 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      salt/salt/gunicorn/gunicorn.conf
  2. 2
      salt/salt/gunicorn/gunicorn.conf.jinja2
  3. 6
      salt/salt/gunicorn/gunicorn.service.jinja2
  4. 5
      salt/salt/gunicorn/gunicorn.socket.jinja2
  5. 16
      salt/salt/gunicorn/init.sls

1
salt/salt/gunicorn/gunicorn.conf
View File

@ -1 +0,0 @@
d /run/gunicorn 0755 gunicorn gunicorn -

2
salt/salt/gunicorn/gunicorn.conf.jinja2
View File

@ -0,0 +1,2 @@
{% from 'common.jinja2' import app_username %}
d /run/gunicorn 0755 {{ app_username }} {{ app_username }} -

6
salt/salt/gunicorn/gunicorn.service.jinja2
View File

@ -1,4 +1,4 @@
{% from 'common.jinja2' import app_dir, bin_dir -%}
{% from 'common.jinja2' import app_dir, app_username, bin_dir -%}
[Unit] [Unit]
Description=gunicorn daemon Description=gunicorn daemon
Requires=gunicorn.socket Requires=gunicorn.socket
@ -6,8 +6,8 @@ After=network.target
[Service] [Service]
PIDFile=/run/gunicorn/pid PIDFile=/run/gunicorn/pid
User=gunicorn
Group=gunicorn
User={{ app_username }}
Group={{ app_username }}
RuntimeDirectory=gunicorn RuntimeDirectory=gunicorn
WorkingDirectory={{ app_dir }} WorkingDirectory={{ app_dir }}
ExecStart={{ bin_dir }}/gunicorn --paste {{ pillar['ini_file'] }} --config {{ app_dir }}/gunicorn_config.py ExecStart={{ bin_dir }}/gunicorn --paste {{ pillar['ini_file'] }} --config {{ app_dir }}/gunicorn_config.py

5
salt/salt/gunicorn/gunicorn.socket → salt/salt/gunicorn/gunicorn.socket.jinja2
View File

@ -1,11 +1,12 @@
{% from 'common.jinja2' import app_username -%}
[Unit] [Unit]
Description=gunicorn socket Description=gunicorn socket
PartOf=gunicorn.service PartOf=gunicorn.service
[Socket] [Socket]
ListenStream=/run/gunicorn/socket ListenStream=/run/gunicorn/socket
SocketUser=gunicorn
SocketGroup=gunicorn
SocketUser={{ app_username }}
SocketGroup={{ app_username }}
[Install] [Install]
WantedBy=sockets.target WantedBy=sockets.target

16
salt/salt/gunicorn/init.sls
View File

@ -1,10 +1,4 @@
gunicorn:
group.present:
- name: gunicorn
user.present:
- name: gunicorn
- groups: [gunicorn]
- createhome: False
{% from 'common.jinja2' import app_username %}
/etc/systemd/system/gunicorn.service: /etc/systemd/system/gunicorn.service:
file.managed: file.managed:
@ -18,7 +12,8 @@ gunicorn:
/etc/systemd/system/gunicorn.socket: /etc/systemd/system/gunicorn.socket:
file.managed: file.managed:
- source: salt://gunicorn/gunicorn.socket
- source: salt://gunicorn/gunicorn.socket.jinja2
- template: jinja
- user: root - user: root
- group: root - group: root
- mode: 644 - mode: 644
@ -27,7 +22,8 @@ gunicorn:
/usr/lib/tmpfiles.d/gunicorn.conf: /usr/lib/tmpfiles.d/gunicorn.conf:
file.managed: file.managed:
- source: salt://gunicorn/gunicorn.conf
- source: salt://gunicorn/gunicorn.conf.jinja2
- template: jinja
- user: root - user: root
- group: root - group: root
- mode: 644 - mode: 644
@ -37,5 +33,3 @@ gunicorn:
gunicorn.socket: gunicorn.socket:
service.running: service.running:
- enable: True - enable: True
- require:
- user: gunicorn
Write Preview
Loading…
Cancel
Save