Gem for exporting user-scripts as Upstart scripts
Purpose
It is often neccessary to run some supporting background tasks for rails projects alongside with the webserver. One of the solutions is use of Foreman gem, which allows to export tasks as Upstart scripts. This solution is dangerous,because it requires root priveleges for foreman executable (in order to add scripts to /etc/init), so it the depoloing user to run any code as root (by placing appropriate script into /etc/init).
This gem is an attempt to provide a safe way for installing backround jobs, so that they run under some fixed user wwithout root priveleges.
The only interface to the gem is the script it provides.
Installing
gem install upstart-exporter
Configuration
The export process is configured through the only config, /etc/upstart-exporter.yaml, which is a simple YAML file of the following format:
--- run_user: www # The user under which all installed through upstart-exporter background jobs are run helper_dir: /var/helper_dir # Auxilary directory for scripts incapsulating background jobs upstart_dir: /var/upstart_dir # Directory where upstart scripts should be placed
The config is not installed by default. If this config is absent, the default values are the following:
helper_dir: /var/local/upstart_helpers/ upstart_dir: /etc/init/ run_user: service
To give a user (i.e. deployuser) ability to use this script, one can place
# Commands required for manipulating jobs Cmnd_Alias UPSTART = /sbin/start, /sbin/stop, /sbin/restart Cmnd_Alias UPEXPORT = /usr/local/bin/upstart-export ... # Add gem's binary path to this Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin ... # Allow deploy user to manipulate jobs deployuser ALL=(deployuser) NOPASSWD: ALL, (root) NOPASSWD: UPSTART, UPEXPORT
Usage
After upstart-exporter is installed and configured, one may export background jobs from an arbitrary Procfile-like file of the following format:
cmdlabel1: cmd1 cmdlabel2: cmd2
i.e. a file ./myprocfile containing:
my_tail_cmd: /usr/bin/tail -F /var/log/ my_another_tail_cmd: /usr/bin/tail -F /var/log/
For security purposes, command labels are allowed to contain only letters, digits and underscores.
To export this file one should run
sudo upstart-export -p ./myprocfile -n myapp
-hore myapp is the application name. This name only affects the names of generated files. For security purposes, app name is also allowed to contain only letters, digits and underscores. Assuming that default options are used, the following files and folders will be generated:
in /etc/init/: fb-myapp-myanothertailcmd-real.conf fb-myapp-myanothertailcmd.conf fb-myapp-mytailcmd-real.conf fb-myapp-mytailcmd.conf fb-myapp.conf
in /var/local/upstart_helpers:
fb-myapp-my_another_tail_cmd.sh fb-myapp-my_tail_cmd.sh
Prefix fb- is added to avoid collisions with other upstart jobs. After this my_tail_cmd, for example, will be able to be started as an upstart script:
sudo start fb-myapp-my_tail_cmd .. sudo stop fb-myapp-my_tail_cmd
It's stdout/stderr will be redirected to /var/log/fb-myapp/my_tail_cmd.log.
To start/stop all application commands at once, one can run:
sudo start fb-myapp ... sudo stop fb-myapp
To remove upstart scripts and helpers for a particular application one can run
sudo upstart-export -c -n myapp
The logs will not be cleared.