From 93084d6ce8ff87775bc358685999a9c1030341de Mon Sep 17 00:00:00 2001 From: Mathieu Trossevin Date: Wed, 17 Nov 2021 13:36:04 +0100 Subject: [PATCH] nginx: Do not use spawn-fcgi for munin-graph systemd provides already provides all the fonctionnalities of spawn-fcgi with the exception of the possibility to spawn multiple process to a single socket (it can be done using multiwatch though). So we might as well use the fonctions provided by systemd instead of needing to install a new package and add a layer of indirection in how the fastcgi service is managed. This make for a somewhat simpler service that can be started as an unprivileged user. --- CHANGELOG.md | 1 + nginx/files/systemd/fcgi-munin-graph.service | 15 +++++++++++++++ nginx/files/systemd/fcgi-munin-graph.socket | 12 ++++++++++++ .../files/systemd/spawn-fcgi-munin-graph.service | 10 ---------- nginx/tasks/munin_vhost.yml | 11 ++++++++--- 5 files changed, 36 insertions(+), 13 deletions(-) create mode 100644 nginx/files/systemd/fcgi-munin-graph.service create mode 100644 nginx/files/systemd/fcgi-munin-graph.socket delete mode 100644 nginx/files/systemd/spawn-fcgi-munin-graph.service diff --git a/CHANGELOG.md b/CHANGELOG.md index 60938983..b2101d1c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported * mongodb: Support version 5.0 (for buster) * mongodb: Allow to specify a mongodb version for buster & bullseye +* nginx: no longer use spawn-fcgi for munin zoom (instead use a systemd socket file + service) ### Fixed diff --git a/nginx/files/systemd/fcgi-munin-graph.service b/nginx/files/systemd/fcgi-munin-graph.service new file mode 100644 index 00000000..1abbcdaa --- /dev/null +++ b/nginx/files/systemd/fcgi-munin-graph.service @@ -0,0 +1,15 @@ +[Unit] +Description=Munin zoom for nginx. +After=network.target +Requires=fcgi-munin-graph.socket + +[Service] +User=munin +Group=munin +ExecStart=/usr/lib/munin/cgi/munin-cgi-graph +StandardInput=socket +StandardOutput=null +StandardError=journal + +[Install] +WantedBy=multi-user.target diff --git a/nginx/files/systemd/fcgi-munin-graph.socket b/nginx/files/systemd/fcgi-munin-graph.socket new file mode 100644 index 00000000..f3f07216 --- /dev/null +++ b/nginx/files/systemd/fcgi-munin-graph.socket @@ -0,0 +1,12 @@ +[Unit] +Description=Socket for Munin zoom + +[Socket] +SocketUser=www-data +SocketGroup=www-data +SocketMode=0600 +ListenStream=/run/munin/spawn-fcgi-munin-graph.sock +Accept=no + +[Install] +WantedBy=sockets.target diff --git a/nginx/files/systemd/spawn-fcgi-munin-graph.service b/nginx/files/systemd/spawn-fcgi-munin-graph.service deleted file mode 100644 index 103d25c5..00000000 --- a/nginx/files/systemd/spawn-fcgi-munin-graph.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Munin zoom for nginx. -After=network.target - -[Service] -ExecStart=/usr/bin/spawn-fcgi -s /var/run/munin/spawn-fcgi-munin-graph.sock -U www-data -u munin -g munin /usr/lib/munin/cgi/munin-cgi-graph -Type=forking - -[Install] -WantedBy=default.target diff --git a/nginx/tasks/munin_vhost.yml b/nginx/tasks/munin_vhost.yml index ff9f8423..5d53f55b 100644 --- a/nginx/tasks/munin_vhost.yml +++ b/nginx/tasks/munin_vhost.yml @@ -28,14 +28,19 @@ args: warn: no +- name: Systemd socket unit for Munin-fcgi is installed + copy: + src: systemd/fcgi-munin-graph.socket + dest: /etc/systemd/system/fcgi-munin-graph.socket + - name: Systemd unit for Munin-fcgi is installed copy: - src: systemd/spawn-fcgi-munin-graph.service - dest: /etc/systemd/system/spawn-fcgi-munin-graph.service + src: systemd/fcgi-munin-graph.service + dest: /etc/systemd/system/fcgi-munin-graph.service - name: Systemd unit for Munin-fcgi is started systemd: - name: spawn-fcgi-munin-graph + name: fcgi-munin-graph.socket daemon_reload: yes enabled: yes state: started -- 2.39.2