diff options
author | Bjørn Forsman <bjorn.forsman@gmail.com> | 2014-04-17 15:40:02 +0200 |
---|---|---|
committer | Bjørn Forsman <bjorn.forsman@gmail.com> | 2014-04-17 15:48:39 +0200 |
commit | ffb593f88093760bc0a1d7c925661aad1a5955bc (patch) | |
tree | 185b18171e5bfe15f7574b8f7afe0883269bb434 | |
parent | e572b5c10444b7bb5339260359349e1069df486d (diff) | |
download | nixlib-ffb593f88093760bc0a1d7c925661aad1a5955bc.tar nixlib-ffb593f88093760bc0a1d7c925661aad1a5955bc.tar.gz nixlib-ffb593f88093760bc0a1d7c925661aad1a5955bc.tar.bz2 nixlib-ffb593f88093760bc0a1d7c925661aad1a5955bc.tar.lz nixlib-ffb593f88093760bc0a1d7c925661aad1a5955bc.tar.xz nixlib-ffb593f88093760bc0a1d7c925661aad1a5955bc.tar.zst nixlib-ffb593f88093760bc0a1d7c925661aad1a5955bc.zip |
nixos/graphite-service: fix startup issue
The preStart snippets (graphite, carbon) try to create directories under /var/db/. That currently fails because the code is run as user "graphite". Fix by setting "PermissionsStartOnly = true" so that the preStart stuff is run as 'root'. Further: * graphite-web-0.9.12/bin/build-index.sh needs perl, so add it to PATH. * Now that preStart runs as root, we must wait with "chown graphite" until we're done creating files/directories. * Drop needless check for root (uid 0) before running chown.
-rw-r--r-- | nixos/modules/services/monitoring/graphite.nix | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix index cb67b9d4fcbb..abdaf6ec2968 100644 --- a/nixos/modules/services/monitoring/graphite.nix +++ b/nixos/modules/services/monitoring/graphite.nix @@ -184,6 +184,7 @@ in { ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-cache"}"; User = "graphite"; Group = "graphite"; + PermissionsStartOnly = true; }; restartTriggers = [ pkgs.pythonPackages.carbon @@ -194,7 +195,7 @@ in { ]; preStart = '' mkdir -m 0700 -p ${cfg.dataDir}/whisper - if [ "$(id -u)" = 0 ]; then chown -R graphite:graphite ${cfg.dataDir}; fi + chown -R graphite:graphite ${cfg.dataDir} ''; }; @@ -235,6 +236,7 @@ in { description = "Graphite Web Interface"; wantedBy = [ "multi-user.target" ]; after = [ "network-interfaces.target" ]; + path = [ pkgs.perl ]; environment = { PYTHONPATH = "${pkgs.python27Packages.graphite_web}/lib/python2.7/site-packages"; DJANGO_SETTINGS_MODULE = "graphite.settings"; @@ -248,11 +250,11 @@ in { --call django.core.handlers.wsgi:WSGIHandler''; User = "graphite"; Group = "graphite"; + PermissionsStartOnly = true; }; preStart = '' if ! test -e ${dataDir}/db-created; then mkdir -m 0700 -p ${dataDir}/{whisper/,log/webapp/} - if [ "$(id -u)" = 0 ]; then chown -R graphite:graphite ${cfg.dataDir}; fi # populate database ${pkgs.python27Packages.graphite_web}/bin/manage-graphite.py syncdb --noinput @@ -261,6 +263,8 @@ in { ${pkgs.python27Packages.graphite_web}/bin/build-index.sh touch ${dataDir}/db-created + + chown -R graphite:graphite ${cfg.dataDir} fi ''; restartTriggers = [ |