Fixes on systemuser backend

This commit is contained in:
Marc Aymerich 2015-10-15 22:31:54 +00:00
parent 835536eb70
commit 6531bcc4be
5 changed files with 32 additions and 17 deletions

12
TODO.md
View file

@ -427,3 +427,15 @@ mkhomedir_helper or create ssh homes with bash.rc and such
# wordpressmu custom_url: set blog.domain # wordpressmu custom_url: set blog.domain
# validate_user on saas.wordpress to detect if username already exists before attempting to create a blog # validate_user on saas.wordpress to detect if username already exists before attempting to create a blog
# webapps don't override owner and permissions on every save(), just on create
# webapps php fpm allow pool config to be overriden. template + pool inheriting template?
# get_context signal to overridaconfiguration? best practice: all context on get_context, ever use other context. template rendering as backend generator: proof of concept
# DOmain show implicit records
# if not database_ready(): schedule a retry in 60 seconds, otherwise resources and other dynamic content gets fucked, maybe attach some 'signal' when first query goes trough
with database_ready:
shit_happend, otherwise schedule for first query
# Entry.objects.filter()[:1].first() (LIMIT 1)

View file

@ -127,7 +127,7 @@ class ServiceHandler(plugins.Plugin, metaclass=plugins.PluginMount):
try: try:
return eval(self.metric, safe_locals) return eval(self.metric, safe_locals)
except Exception as exc: except Exception as exc:
raise type(exc)("%s on '%s'" %(exc, self.service)) raise type(exc)("'%s' evaluating metric for '%s' service" % (exc, self.service))
def get_order_description(self, instance): def get_order_description(self, instance):
safe_locals = self.get_expression_context(instance) safe_locals = self.get_expression_context(instance)

View file

@ -55,18 +55,12 @@ class UNIXUserBackend(ServiceController):
fi fi
mkdir -p %(base_home)s mkdir -p %(base_home)s
chmod 750 %(base_home)s chmod 750 %(base_home)s
ls -A /etc/skel/ | while read line; do """) % context
if [[ ! -e %(home)s/${line} ]]; then
cp -a $line %(home)s/${line} && \
chown -R %(user)s:%(group)s %(home)s/${line}
fi
done
fi""") % context
) )
if context['home'] != context['base_home']: if context['home'] != context['base_home']:
self.append(textwrap.dedent(""" self.append(textwrap.dedent("""
# Set extra permissions: %(user)s home is inside %(mainuser)s home # Set extra permissions: %(user)s home is inside %(mainuser)s home
if mount | grep "^$(df %(home)s|grep '^/')\s" | grep acl > /dev/null; then if mount | grep "^$(df %(home)s|grep '^/'|cut -d' ' -f1)\s" | grep acl > /dev/null; then
# Account group as the owner # Account group as the owner
chown %(mainuser)s:%(mainuser)s %(home)s chown %(mainuser)s:%(mainuser)s %(home)s
chmod g+s %(home)s chmod g+s %(home)s
@ -78,11 +72,19 @@ class UNIXUserBackend(ServiceController):
setfacl -m d:u:%(mainuser)s:rwx %(home)s setfacl -m d:u:%(mainuser)s:rwx %(home)s
else else
chmod g+rxw %(home)s chmod g+rxw %(home)s
chown %(user)s:%(user)s %(home)s
fi""") % context fi""") % context
) )
else: else:
self.append("chown %(user)s:%(group)s %(home)s" % context) self.append(textwrap.dedent("""\
chown %(user)s:%(group)s %(home)s
ls -A /etc/skel/ | while read line; do
if [[ ! -e %(home)s/${line} ]]; then
cp -a /etc/skel/${line} %(home)s/${line} && \\
chown -R %(user)s:%(group)s %(home)s/${line}
fi
done
""") % context
)
for member in settings.SYSTEMUSERS_DEFAULT_GROUP_MEMBERS: for member in settings.SYSTEMUSERS_DEFAULT_GROUP_MEMBERS:
context['member'] = member context['member'] = member
self.append('usermod -a -G %(user)s %(member)s || exit_code=$?' % context) self.append('usermod -a -G %(user)s %(member)s || exit_code=$?' % context)

View file

@ -1,6 +1,6 @@
This is a wrapper around djcelery and celery `@task` and `@periodic_task` decorators. It provides transparent support for switching between executing a task on a plain Python thread or This is a wrapper around djcelery and celery `@task` and `@periodic_task` decorators. It provides transparent support for switching between executing a task on a plain Python thread or
the traditional way of pushing the task on a queue (rabbitmq) and wait for a Celery worker to run it. the traditional way of pushing the task on a queue (rabbitmq) and wait for a Celery worker to run it.
A queueless threaded execution has the advantage of 0 moving parts instead of the alternative rabbitmq and celery workers. Less dependencies, less memory footprint, less points of failure. A queueless threaded execution has the advantage of 0 moving parts instead of the alternative rabbitmq and celery workers. Less dependencies, less memory footprint, less points of failure, no process keeping, no independent code reloading for the workers.
If your application needs to run thousands or milions of tasks a day, use celery as your backend, if tens or hundreds, then probably the default thread backend will be your best choice. If your application needs to run thousands or milions of tasks a day, use celery as your backend, if tens or hundreds, then probably the default thread backend will be your best choice.

View file

@ -18,10 +18,11 @@ class WebAppServiceMixin(object):
self.append(textwrap.dedent(""" self.append(textwrap.dedent("""
# Create webapp dir # Create webapp dir
CREATED=0 CREATED=0
[[ ! -e %(app_path)s ]] && CREATED=1 if [[ ! -e %(app_path)s ]]; then
CREATED=1
mkdir -p %(app_path)s mkdir -p %(app_path)s
chown %(user)s:%(group)s %(app_path)s\ chown %(user)s:%(group)s %(app_path)s
""") % context fi""") % context
) )
def set_under_construction(self, context): def set_under_construction(self, context):
@ -34,7 +35,7 @@ class WebAppServiceMixin(object):
sleep 2 sleep 2
if [[ ! $(ls -A %(app_path)s | head -n1) ]]; then if [[ ! $(ls -A %(app_path)s | head -n1) ]]; then
cp -r %(under_construction_path)s %(app_path)s cp -r %(under_construction_path)s %(app_path)s
chown -R %(user)s:%(group)s %(app_path)s chown -R %(user)s:%(group)s %(app_path)s/*
fi' &> /dev/null & fi' &> /dev/null &
fi""") % context fi""") % context
) )