From 6531bcc4be158c1dba67ac31f856579e7fea2040 Mon Sep 17 00:00:00 2001 From: Marc Aymerich Date: Thu, 15 Oct 2015 22:31:54 +0000 Subject: [PATCH] Fixes on systemuser backend --- TODO.md | 12 ++++++++++ orchestra/contrib/services/handlers.py | 2 +- orchestra/contrib/systemusers/backends.py | 22 ++++++++++--------- orchestra/contrib/tasks/README.md | 2 +- .../contrib/webapps/backends/__init__.py | 11 +++++----- 5 files changed, 32 insertions(+), 17 deletions(-) diff --git a/TODO.md b/TODO.md index 5d397729..d29b79ee 100644 --- a/TODO.md +++ b/TODO.md @@ -427,3 +427,15 @@ mkhomedir_helper or create ssh homes with bash.rc and such # wordpressmu custom_url: set blog.domain # validate_user on saas.wordpress to detect if username already exists before attempting to create a blog + + +# webapps don't override owner and permissions on every save(), just on create +# webapps php fpm allow pool config to be overriden. template + pool inheriting template? +# get_context signal to overridaconfiguration? best practice: all context on get_context, ever use other context. template rendering as backend generator: proof of concept + + +# DOmain show implicit records +# if not database_ready(): schedule a retry in 60 seconds, otherwise resources and other dynamic content gets fucked, maybe attach some 'signal' when first query goes trough + with database_ready: + shit_happend, otherwise schedule for first query +# Entry.objects.filter()[:1].first() (LIMIT 1) diff --git a/orchestra/contrib/services/handlers.py b/orchestra/contrib/services/handlers.py index b26129f1..b382bd52 100644 --- a/orchestra/contrib/services/handlers.py +++ b/orchestra/contrib/services/handlers.py @@ -127,7 +127,7 @@ class ServiceHandler(plugins.Plugin, metaclass=plugins.PluginMount): try: return eval(self.metric, safe_locals) except Exception as exc: - raise type(exc)("%s on '%s'" %(exc, self.service)) + raise type(exc)("'%s' evaluating metric for '%s' service" % (exc, self.service)) def get_order_description(self, instance): safe_locals = self.get_expression_context(instance) diff --git a/orchestra/contrib/systemusers/backends.py b/orchestra/contrib/systemusers/backends.py index d4052a38..b2df534a 100644 --- a/orchestra/contrib/systemusers/backends.py +++ b/orchestra/contrib/systemusers/backends.py @@ -55,18 +55,12 @@ class UNIXUserBackend(ServiceController): fi mkdir -p %(base_home)s chmod 750 %(base_home)s - ls -A /etc/skel/ | while read line; do - if [[ ! -e %(home)s/${line} ]]; then - cp -a $line %(home)s/${line} && \ - chown -R %(user)s:%(group)s %(home)s/${line} - fi - done - fi""") % context + """) % context ) if context['home'] != context['base_home']: self.append(textwrap.dedent(""" # Set extra permissions: %(user)s home is inside %(mainuser)s home - if mount | grep "^$(df %(home)s|grep '^/')\s" | grep acl > /dev/null; then + if mount | grep "^$(df %(home)s|grep '^/'|cut -d' ' -f1)\s" | grep acl > /dev/null; then # Account group as the owner chown %(mainuser)s:%(mainuser)s %(home)s chmod g+s %(home)s @@ -78,11 +72,19 @@ class UNIXUserBackend(ServiceController): setfacl -m d:u:%(mainuser)s:rwx %(home)s else chmod g+rxw %(home)s - chown %(user)s:%(user)s %(home)s fi""") % context ) else: - self.append("chown %(user)s:%(group)s %(home)s" % context) + self.append(textwrap.dedent("""\ + chown %(user)s:%(group)s %(home)s + ls -A /etc/skel/ | while read line; do + if [[ ! -e %(home)s/${line} ]]; then + cp -a /etc/skel/${line} %(home)s/${line} && \\ + chown -R %(user)s:%(group)s %(home)s/${line} + fi + done + """) % context + ) for member in settings.SYSTEMUSERS_DEFAULT_GROUP_MEMBERS: context['member'] = member self.append('usermod -a -G %(user)s %(member)s || exit_code=$?' % context) diff --git a/orchestra/contrib/tasks/README.md b/orchestra/contrib/tasks/README.md index 7b7689b2..f64f6787 100644 --- a/orchestra/contrib/tasks/README.md +++ b/orchestra/contrib/tasks/README.md @@ -1,6 +1,6 @@ This is a wrapper around djcelery and celery `@task` and `@periodic_task` decorators. It provides transparent support for switching between executing a task on a plain Python thread or the traditional way of pushing the task on a queue (rabbitmq) and wait for a Celery worker to run it. -A queueless threaded execution has the advantage of 0 moving parts instead of the alternative rabbitmq and celery workers. Less dependencies, less memory footprint, less points of failure. +A queueless threaded execution has the advantage of 0 moving parts instead of the alternative rabbitmq and celery workers. Less dependencies, less memory footprint, less points of failure, no process keeping, no independent code reloading for the workers. If your application needs to run thousands or milions of tasks a day, use celery as your backend, if tens or hundreds, then probably the default thread backend will be your best choice. diff --git a/orchestra/contrib/webapps/backends/__init__.py b/orchestra/contrib/webapps/backends/__init__.py index 4680c274..ecc5298a 100644 --- a/orchestra/contrib/webapps/backends/__init__.py +++ b/orchestra/contrib/webapps/backends/__init__.py @@ -18,10 +18,11 @@ class WebAppServiceMixin(object): self.append(textwrap.dedent(""" # Create webapp dir CREATED=0 - [[ ! -e %(app_path)s ]] && CREATED=1 - mkdir -p %(app_path)s - chown %(user)s:%(group)s %(app_path)s\ - """) % context + if [[ ! -e %(app_path)s ]]; then + CREATED=1 + mkdir -p %(app_path)s + chown %(user)s:%(group)s %(app_path)s + fi""") % context ) def set_under_construction(self, context): @@ -34,7 +35,7 @@ class WebAppServiceMixin(object): sleep 2 if [[ ! $(ls -A %(app_path)s | head -n1) ]]; then cp -r %(under_construction_path)s %(app_path)s - chown -R %(user)s:%(group)s %(app_path)s + chown -R %(user)s:%(group)s %(app_path)s/* fi' &> /dev/null & fi""") % context )