From ffb593f88093760bc0a1d7c925661aad1a5955bc Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Thu, 17 Apr 2014 15:40:02 +0200 Subject: nixos/graphite-service: fix startup issue The preStart snippets (graphite, carbon) try to create directories under /var/db/. That currently fails because the code is run as user "graphite". Fix by setting "PermissionsStartOnly = true" so that the preStart stuff is run as 'root'. Further: * graphite-web-0.9.12/bin/build-index.sh needs perl, so add it to PATH. * Now that preStart runs as root, we must wait with "chown graphite" until we're done creating files/directories. * Drop needless check for root (uid 0) before running chown. --- nixos/modules/services/monitoring/graphite.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix index cb67b9d4fcbb..abdaf6ec2968 100644 --- a/nixos/modules/services/monitoring/graphite.nix +++ b/nixos/modules/services/monitoring/graphite.nix @@ -184,6 +184,7 @@ in { ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-cache"}"; User = "graphite"; Group = "graphite"; + PermissionsStartOnly = true; }; restartTriggers = [ pkgs.pythonPackages.carbon @@ -194,7 +195,7 @@ in { ]; preStart = '' mkdir -m 0700 -p ${cfg.dataDir}/whisper - if [ "$(id -u)" = 0 ]; then chown -R graphite:graphite ${cfg.dataDir}; fi + chown -R graphite:graphite ${cfg.dataDir} ''; }; @@ -235,6 +236,7 @@ in { description = "Graphite Web Interface"; wantedBy = [ "multi-user.target" ]; after = [ "network-interfaces.target" ]; + path = [ pkgs.perl ]; environment = { PYTHONPATH = "${pkgs.python27Packages.graphite_web}/lib/python2.7/site-packages"; DJANGO_SETTINGS_MODULE = "graphite.settings"; @@ -248,11 +250,11 @@ in { --call django.core.handlers.wsgi:WSGIHandler''; User = "graphite"; Group = "graphite"; + PermissionsStartOnly = true; }; preStart = '' if ! test -e ${dataDir}/db-created; then mkdir -m 0700 -p ${dataDir}/{whisper/,log/webapp/} - if [ "$(id -u)" = 0 ]; then chown -R graphite:graphite ${cfg.dataDir}; fi # populate database ${pkgs.python27Packages.graphite_web}/bin/manage-graphite.py syncdb --noinput @@ -261,6 +263,8 @@ in { ${pkgs.python27Packages.graphite_web}/bin/build-index.sh touch ${dataDir}/db-created + + chown -R graphite:graphite ${cfg.dataDir} fi ''; restartTriggers = [ -- cgit 1.4.1 From 705dd70b32e2764ae8489a286afce896d48ebe93 Mon Sep 17 00:00:00 2001 From: Bjørn Forsman Date: Thu, 17 Apr 2014 15:49:46 +0200 Subject: nixos/grahite-service: mkdir -m => mkdir && chmod mkdir -m will only set the permissions if it *creates* the directory. Existing directories, with possibly wrong permissions, will not be updated. Use explicit chmod so permissions will always be correct. --- nixos/modules/services/monitoring/graphite.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'nixos/modules/services') diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix index abdaf6ec2968..d543d15b34e1 100644 --- a/nixos/modules/services/monitoring/graphite.nix +++ b/nixos/modules/services/monitoring/graphite.nix @@ -194,7 +194,8 @@ in { cfg.carbon.rewriteRules ]; preStart = '' - mkdir -m 0700 -p ${cfg.dataDir}/whisper + mkdir -p ${cfg.dataDir}/whisper + chmod 0700 ${cfg.dataDir}/whisper chown -R graphite:graphite ${cfg.dataDir} ''; }; @@ -254,7 +255,8 @@ in { }; preStart = '' if ! test -e ${dataDir}/db-created; then - mkdir -m 0700 -p ${dataDir}/{whisper/,log/webapp/} + mkdir -p ${dataDir}/{whisper/,log/webapp/} + chmod 0700 ${dataDir}/{whisper/,log/webapp/} # populate database ${pkgs.python27Packages.graphite_web}/bin/manage-graphite.py syncdb --noinput -- cgit 1.4.1