From bd281ef2e8213c6e92d68aefff9bfd1a8d8351d6 Mon Sep 17 00:00:00 2001 From: jaseg Date: Wed, 3 Apr 2019 23:53:04 +0900 Subject: gerbolyze fixes, clippy experiments --- bootstrap_arch_container.yml | 6 ++-- clippy-nspawn.service | 36 +++++++++++++++++++++++ clippy.service.j2 | 9 ++++++ playbook.yml | 5 +++- setup_clippy.yml | 69 ++++++++++++++++++++++++++++++++++++++++++++ setup_containers.yml | 8 ----- uwsgi-app@.service | 3 +- uwsgi-gerboweb.ini | 5 +--- 8 files changed, 124 insertions(+), 17 deletions(-) create mode 100644 clippy-nspawn.service create mode 100644 clippy.service.j2 create mode 100644 setup_clippy.yml diff --git a/bootstrap_arch_container.yml b/bootstrap_arch_container.yml index bd534e8..4126bbd 100644 --- a/bootstrap_arch_container.yml +++ b/bootstrap_arch_container.yml @@ -1,9 +1,9 @@ --- - name: Set local path facts set_fact: - image: "/var/cache/containers/{{ container }}.img" - root: "/var/cache/containers/{{ container }}_root" - "{{container}}_root": "/var/cache/containers/{{ container }}_root" + image: "/var/lib/machines/{{ container }}.img" + root: "/var/lib/machines/{{ container }}" + "{{container}}_root": "/var/lib/machines/{{ container }}" - name: Create container image file command: truncate -s 4G "{{image}}" diff --git a/clippy-nspawn.service b/clippy-nspawn.service new file mode 100644 index 0000000..66b8e85 --- /dev/null +++ b/clippy-nspawn.service @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: LGPL-2.1+ +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Clippy container +PartOf=machines.target +Before=machines.target +After=network.target systemd-resolved.service +RequiresMountsFor=/var/lib/machines + +[Service] +ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --ephemeral --boot --network-veth --port=23:2342 -U --settings=override --machine=clippy +KillMode=mixed +Type=notify +RestartForceExitStatus=133 +SuccessExitStatus=133 +WatchdogSec=3min +Slice=machine.slice +Delegate=yes +TasksMax=512 + +# Enforce a strict device policy, similar to the one nspawn configures when it +# allocates its own scope unit. Make sure to keep these policies in sync if you +# change them! +DevicePolicy=closed +DeviceAllow=/dev/net/tun rwm +DeviceAllow=char-pts rw + +[Install] +WantedBy=machines.target diff --git a/clippy.service.j2 b/clippy.service.j2 new file mode 100644 index 0000000..22b3d7d --- /dev/null +++ b/clippy.service.j2 @@ -0,0 +1,9 @@ +[Unit] +Description=Clippy listener daemon + +[Service] +WorkingDirectory=/var/lib/clippy.git +ExecStart=/usr/bin/python3 clippy.py -s -x 60x30 -e + +[Install] +WantedBy=multi-user.target diff --git a/playbook.yml b/playbook.yml index 23544c4..60fe499 100644 --- a/playbook.yml +++ b/playbook.yml @@ -12,7 +12,7 @@ - name: Install host requisites dnf: - name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python + name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python,git state: latest - name: Disable password-based root login @@ -40,3 +40,6 @@ - name: Setup gerboweb include_tasks: setup_gerboweb.yml + + - name: Setup clippy + include_tasks: setup_clippy.yml diff --git a/setup_clippy.yml b/setup_clippy.yml new file mode 100644 index 0000000..e4416e0 --- /dev/null +++ b/setup_clippy.yml @@ -0,0 +1,69 @@ +--- +- name: Clone pixelterm git + git: + repo: https://github.com/jaseg/pixelterm + dest: "{{clippy_root}}/var/lib/pixelterm.git" + +- name: Clone clippy git + git: + repo: https://github.com/jaseg/clippy + dest: "{{clippy_root}}/var/lib/clippy.git" + +- name: Setup required packages for clippy + command: arch-chroot "{{clippy_root}}" pacman -Syu --noconfirm python3 python-pip python-numpy python-pillow + +- name: Setup pixelterm + command: arch-chroot "{{clippy_root}}" sh -c "cd /var/lib/pixelterm.git && python3 setup.py install" + +- name: Setup container clippy systemd service file + template: + src: clippy.service.j2 + dest: "{{clippy_root}}/etc/systemd/system/clippy.service" + owner: root + group: root + mode: 0664 + +- name: Enable systemd machines target + systemd: + name: machines.target + enabled: yes + +- name: Copy over clippy container auto boot service file + copy: + src: clippy-nspawn.service + dest: /etc/systemd/system/clippy-nspawn.service + owner: root + group: root + mode: 0664 + +- name: Enable clippy container auto boot + systemd: + daemon-reload: yes + name: clippy-nspawn.service + enabled: yes + +- name: Restart clippy container + shell: | + systemctl stop clippy-nspawn + sleep 1 + systemctl start clippy-nspawn + for x in $(seq 0 30); do + systemctl -M clippy is-system-running && exit + sleep 1 + done + +- name: Enable clippy systemd service in container + command: systemctl enable -M clippy clippy.service + +- name: Restart clippy systemd service in container + command: systemctl restart -M clippy clippy.service + +#- name: Enable host networkd +# systemd: +# name: systemd-networkd +# enabled: yes +# state: started + +- name: Enable clippy container networkd + command: systemctl enable -M clippy systemd-networkd + diff --git a/setup_containers.yml b/setup_containers.yml index dd0a5ca..4738f1e 100644 --- a/setup_containers.yml +++ b/setup_containers.yml @@ -4,14 +4,6 @@ name: btrfs-progs,arch-install-scripts,systemd-container,libselinux-python state: latest -- name: Create container dir - file: - path: /var/cache/containers - owner: root - group: root - mode: 0775 - state: directory - - name: Create individual containers include_tasks: bootstrap_arch_container.yml with_items: "{{ containers }}" diff --git a/uwsgi-app@.service b/uwsgi-app@.service index 61bf1e4..8398456 100644 --- a/uwsgi-app@.service +++ b/uwsgi-app@.service @@ -5,7 +5,8 @@ After=syslog.target [Service] ExecStart=/usr/sbin/uwsgi \ --ini /etc/uwsgi.d/%i.ini \ - --socket /run/uwsgi/%i.socket + --chmod-socket=660 \ + --socket=/run/uwsgi/%i.socket User=uwsgi-%i Group=uwsgi Restart=on-failure diff --git a/uwsgi-gerboweb.ini b/uwsgi-gerboweb.ini index ec52f90..155d01a 100644 --- a/uwsgi-gerboweb.ini +++ b/uwsgi-gerboweb.ini @@ -1,10 +1,7 @@ [uwsgi] master = True cheap = True -idle = 600 -die-on-idle = True # If app is not used often, it will exit and be launched - # again by systemd requested by users. - +die-on-idle = False manage-script-name = True plugins = python3 chdir = /var/lib/gerboweb -- cgit