From 6230e155afd8c43c12ee3f03032aac34433db11a Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Sat, 5 Aug 2017 22:32:24 +0100 Subject: gnu: Fix memcached service startup. Memcached changes to the memcached user from root before writing the PID file. This means that it must be able to write the PID file as the memcached user. To make this work, create the /var/run/memcached directory when the service starts, make it owned by memcached, and change memcached to write the PID file to /var/run/memcached/pid. This wasn't picked up by the system test as the "service running" part was too permissive, and only failed on an error. Instead, test the response from calling start-service and check that the PID is a number. * gnu/services/databases.scm (memcached-activation): New variable. (memcached-shepherd-service): Change PID file location. (memcached-service-type): Extend the activation-service-type. * gnu/tests/databases.scm (run-memcached-test)[test]: Change the "service running" test to check the response from the shepherd. --- gnu/services/databases.scm | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm index 3b64d0e075..de1f6b8411 100644 --- a/gnu/services/databases.scm +++ b/gnu/services/databases.scm @@ -216,6 +216,14 @@ and stores the database cluster in @var{data-directory}." (home-directory "/var/empty") (shell (file-append shadow "/sbin/nologin"))))) +(define memcached-activation + #~(begin + (use-modules (guix build utils)) + (let ((user (getpwnam "memcached"))) + (mkdir-p "/var/run/memcached") + (chown "/var/run/memcached" + (passwd:uid user) (passwd:gid user))))) + (define memcached-shepherd-service (match-lambda (($ memcached interfaces tcp-port udp-port @@ -233,11 +241,14 @@ and stores the database cluster in @var{data-directory}." "-p" #$(number->string tcp-port) "-U" #$(number->string udp-port) "--daemon" - "-P" "/var/run/memcached.pid" + ;; Memcached changes to the memcached user prior to + ;; writing the pid file, so write it to a directory + ;; that memcached owns. + "-P" "/var/run/memcached/pid" "-u" "memcached" ,#$@additional-options) #:log-file "/var/log/memcached" - #:pid-file "/var/run/memcached.pid")) + #:pid-file "/var/run/memcached/pid")) (stop #~(make-kill-destructor)))))))) (define memcached-service-type @@ -245,6 +256,8 @@ and stores the database cluster in @var{data-directory}." (extensions (list (service-extension shepherd-root-service-type memcached-shepherd-service) + (service-extension activation-service-type + (const memcached-activation)) (service-extension account-service-type (const %memcached-accounts)))) (default-value (memcached-configuration)))) -- cgit 1.4.1 From c9aa261be48a2463022faf5bea1854503a5ba7d7 Mon Sep 17 00:00:00 2001 From: Andy Wingo Date: Thu, 27 Apr 2017 19:49:02 +0200 Subject: gnu: services: Nginx configs can reference store * gnu/services/web.scm (config-domain-strings, config-index-strings): Emit lists instead of strings. (emit-nginx-location-config, emit-nginx-server-config) (emit-nginx-upstream-config): Rename from nginx-location-config, default-nginx-server-config, and nginx-upstream-config. Emit lists instead of strings. (flatten): New helper. (default-nginx-config): Use flatten helper to write nginx conf. This allows location configs to reference store values. Signed-off-by: Christopher Baines --- gnu/services/web.scm | 154 +++++++++++++++++++++++++-------------------------- 1 file changed, 74 insertions(+), 80 deletions(-) (limited to 'gnu/services') diff --git a/gnu/services/web.scm b/gnu/services/web.scm index c605d76866..97318ecb12 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -114,105 +114,99 @@ (define (config-domain-strings names) "Return a string denoting the nginx config representation of NAMES, a list of domain names." - (string-join - (map (match-lambda + (map (match-lambda ('default "_ ") - ((? string? str) (string-append str " "))) - names))) + ((? string? str) (list str " "))) + names)) (define (config-index-strings names) "Return a string denoting the nginx config representation of NAMES, a list of index files." - (string-join - (map (match-lambda - ((? string? str) (string-append str " "))) - names))) + (map (match-lambda + ((? string? str) (list str " "))) + names)) -(define nginx-location-config +(define emit-nginx-location-config (match-lambda (($ uri body) - (string-append + (list " location " uri " {\n" - " " (string-join body "\n ") "\n" + (map (lambda (x) (list " " x "\n")) body) " }\n")) (($ name body) - (string-append + (list " location @" name " {\n" - " " (string-join body "\n ") "\n" + (map (lambda (x) (list " " x "\n")) body) " }\n")))) -(define (default-nginx-server-config server) - (string-append - " server {\n" - (if (nginx-server-configuration-http-port server) - (string-append " listen " - (number->string (nginx-server-configuration-http-port server)) - ";\n") - "") - (if (nginx-server-configuration-https-port server) - (string-append " listen " - (number->string (nginx-server-configuration-https-port server)) - " ssl;\n") - "") - " server_name " (config-domain-strings - (nginx-server-configuration-server-name server)) - ";\n" - (if (nginx-server-configuration-ssl-certificate server) - (let ((certificate (nginx-server-configuration-ssl-certificate server))) - ;; lstat fails when the certificate file does not exist: it aborts - ;; and lets the user fix their configuration. - (lstat certificate) - (string-append " ssl_certificate " certificate ";\n")) - "") - (if (nginx-server-configuration-ssl-certificate-key server) - (let ((key (nginx-server-configuration-ssl-certificate-key server))) - (lstat key) - (string-append " ssl_certificate_key " key ";\n")) - "") - " root " (nginx-server-configuration-root server) ";\n" - " index " (config-index-strings (nginx-server-configuration-index server)) ";\n" - " server_tokens " (if (nginx-server-configuration-server-tokens? server) - "on" "off") ";\n" - "\n" - (string-join - (map nginx-location-config (nginx-server-configuration-locations server)) - "\n") - " }\n")) +(define (emit-nginx-server-config server) + (let ((http-port (nginx-server-configuration-http-port server)) + (https-port (nginx-server-configuration-https-port server)) + (server-name (nginx-server-configuration-server-name server)) + (ssl-certificate (nginx-server-configuration-ssl-certificate server)) + (ssl-certificate-key + (nginx-server-configuration-ssl-certificate-key server)) + (root (nginx-server-configuration-root server)) + (index (nginx-server-configuration-index server)) + (server-tokens? (nginx-server-configuration-server-tokens? server)) + (locations (nginx-server-configuration-locations server))) + (define-syntax-parameter <> (syntax-rules ())) + (define-syntax-rule (and/l x tail ...) + (let ((x* x)) + (if x* + (syntax-parameterize ((<> (identifier-syntax x*))) + (list tail ...)) + '()))) + (list + " server {\n" + (and/l http-port " listen " (number->string <>) ";\n") + (and/l https-port " listen " (number->string <>) " ssl;\n") + " server_name " (config-domain-strings server-name) ";\n" + (and/l ssl-certificate " ssl_certificate " <> ";\n") + (and/l ssl-certificate-key " ssl_certificate_key " <> ";\n") + " root " root ";\n" + " index " (config-index-strings index) ";\n" + " server_tokens " (if server-tokens? "on" "off") ";\n" + "\n" + (map emit-nginx-location-config locations) + "\n" + " }\n"))) -(define (nginx-upstream-config upstream) - (string-append +(define (emit-nginx-upstream-config upstream) + (list " upstream " (nginx-upstream-configuration-name upstream) " {\n" - (string-concatenate - (map (lambda (server) - (simple-format #f " server ~A;\n" server)) - (nginx-upstream-configuration-servers upstream))) + (map (lambda (server) + (simple-format #f " server ~A;\n" server)) + (nginx-upstream-configuration-servers upstream)) " }\n")) +(define (flatten . lst) + "Return a list that recursively concatenates all sub-lists of LST." + (define (flatten1 head out) + (if (list? head) + (fold-right flatten1 out head) + (cons head out))) + (fold-right flatten1 '() lst)) + (define (default-nginx-config nginx log-directory run-directory server-list upstream-list) - (mixed-text-file "nginx.conf" - "user nginx nginx;\n" - "pid " run-directory "/pid;\n" - "error_log " log-directory "/error.log info;\n" - "http {\n" - " client_body_temp_path " run-directory "/client_body_temp;\n" - " proxy_temp_path " run-directory "/proxy_temp;\n" - " fastcgi_temp_path " run-directory "/fastcgi_temp;\n" - " uwsgi_temp_path " run-directory "/uwsgi_temp;\n" - " scgi_temp_path " run-directory "/scgi_temp;\n" - " access_log " log-directory "/access.log;\n" - " include " nginx "/share/nginx/conf/mime.types;\n" - "\n" - (string-join - (filter (lambda (section) (not (null? section))) - (map nginx-upstream-config upstream-list)) - "\n") - "\n" - (let ((http (map default-nginx-server-config server-list))) - (do ((http http (cdr http)) - (block "" (string-append (car http) "\n" block ))) - ((null? http) block))) - "}\n" - "events {}\n")) + (apply mixed-text-file "nginx.conf" + (flatten + "user nginx nginx;\n" + "pid " run-directory "/pid;\n" + "error_log " log-directory "/error.log info;\n" + "http {\n" + " client_body_temp_path " run-directory "/client_body_temp;\n" + " proxy_temp_path " run-directory "/proxy_temp;\n" + " fastcgi_temp_path " run-directory "/fastcgi_temp;\n" + " uwsgi_temp_path " run-directory "/uwsgi_temp;\n" + " scgi_temp_path " run-directory "/scgi_temp;\n" + " access_log " log-directory "/access.log;\n" + " include " nginx "/share/nginx/conf/mime.types;\n" + "\n" + (map emit-nginx-upstream-config upstream-list) + (map emit-nginx-server-config server-list) + "}\n" + "events {}\n"))) (define %nginx-accounts (list (user-group (name "nginx") (system? #t)) -- cgit 1.4.1 From f2d7a492df759ab7416ff4b244e37896835f04fa Mon Sep 17 00:00:00 2001 From: Christopher Baines Date: Wed, 2 Aug 2017 15:52:36 +0100 Subject: web: Check for the existance of SSL related files. This adds back the previous behaviour of the nginx-service-type, where the service would check at the time when the configuration is generated if the SSL certificate and certificate key file exists. * gnu/services/web.scm (emit-nginx-server-config): Add back check for SSL related files. --- gnu/services/web.scm | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'gnu/services') diff --git a/gnu/services/web.scm b/gnu/services/web.scm index 97318ecb12..cc7adeb5e4 100644 --- a/gnu/services/web.scm +++ b/gnu/services/web.scm @@ -157,6 +157,16 @@ of index files." (syntax-parameterize ((<> (identifier-syntax x*))) (list tail ...)) '()))) + (for-each + (match-lambda + ((record-key . file) + (if (and file (not (file-exists? file))) + (error + (simple-format + #f + "~A in the nginx configuration for the server with name \"~A\" does not exist" record-key server-name))))) + `(("ssl-certificate" . ,ssl-certificate) + ("ssl-certificate-key" . ,ssl-certificate-key))) (list " server {\n" (and/l http-port " listen " (number->string <>) ";\n") -- cgit 1.4.1