nginx: Do not use spawn-fcgi for munin-graph
#139
Open
mtrossevin
wants to merge 1 commits from mtrossevin/ansible-roles:nginx-munin-no-spawn-fcgi
into unstable
pull from: mtrossevin/ansible-roles:nginx-munin-no-spawn-fcgi
merge into: evolix:unstable
evolix:T47076
evolix:alert5-minifirewall-restart
evolix:ansible-log
evolix:ansible-managed
evolix:apache-fix-default-vhost
evolix:audit-ftpadmin
evolix:backup/jlecour/nextcloud
evolix:backup/jlecour/ssh-groups
evolix:configurable-swapiness
evolix:courier
evolix:etc-git-status-script
evolix:evoadmin-mail
evolix:evobackup_tags_redux
evolix:evolinux-users
evolix:exclusion_images_evobackup
evolix:fail2ban_ips_tag
evolix:haproxy_munin
evolix:ipsec
evolix:itk-add-EnableCapabilities-off
evolix:kvm-guest
evolix:log2mail-beats
evolix:lpoujol/fpm-php
evolix:lxc-php-buster
evolix:lxc_etc-commit
evolix:lxc_etc-git
evolix:munin-openbsd
evolix:nagios-sudoers
evolix:newkernel
evolix:nextcloud
evolix:openvpn
evolix:packweb-apache-lxc
evolix:projet6062
evolix:rename-backup-server-state
evolix:replace_include
evolix:rotate_elasticsearch_logs
evolix:samba
evolix:simplify-evolinux-users
evolix:spamassassin
evolix:sshd_modular_config
evolix:stable
evolix:ubuntu
evolix:unstable
evolix:uvrrpd
evolix:whitelisting-changes
Reviewers
Request review
No reviewers
No Label
bug
duplicate
enhancement
help wanted
invalid
question
security
wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Assignees
Assign users
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.
No due date set.
Dependencies
This pull request currently doesn't have any dependencies.
Reference in new issue
There is no content yet.
Delete Branch 'mtrossevin/ansible-roles:nginx-munin-no-spawn-fcgi'
Deleting a branch is permanent. It CANNOT be undone. Continue?
No
Yes
systemd provides already provides all the fonctionnalities of spawn-fcgi
with the exception of the possibility to spawn multiple process to a
single socket (it can be done using multiwatch though). So we might as
well use the fonctions provided by systemd instead of needing to install
a new package and add a layer of indirection in how the fastcgi service
is managed.
This make for a somewhat simpler service that can be started as an
unprivileged user.
- name: Systemd unit for Munin-fcgi is started
systemd:
name: spawn-fcgi-munin-graph
name: fcgi-munin-graph.socket
Enabling only the socket mean that the service will be started on the first connexion on said socket instead of being started on boot. That increase the latency for the very first connexion (+ the first after a crash of the service) in exchange of not blocking boot until the service is started.
0b3a7cbc8f
to93084d6ce8
6 months agoStandardError=journal
[Install]
WantedBy=multi-user.target
This allow the service to be started on boot instead of waiting for the first connexion on the socket if wanted.
nginx: Do not use spawn-fcgi for munin-graphto WIP: nginx: Do not use spawn-fcgi for munin-graph 6 months agoWIP: nginx: Do not use spawn-fcgi for munin-graphto nginx: Do not use spawn-fcgi for munin-graph 6 months agoI temporarily enabled this change on selks-dev (units in /run/systemd/system instead of /etc and spawn-fcgi-munin-graph stopped but not disabled so it will completely rollback with a reboot).
That seems to work without any problem.
In fact it works without any problem with this exact service unit:
(mostly checked the sandboxing options to know what exactly it need access to in order to works normally)
Reviewers