Hi,

Quick background - I am moving my local mercruial repo server from base apache+cgi to base nginx with wsgi, on 5.3 release + patches install. Configuring nginx was straightforward - it is the stock conf file with just changes to the example https block as follows:

    server {
        listen       443;
        server_name  hg.blah.com;
        root         /var/hg/www;
        access_log   /var/hg/logs/access.log;
        error_log    /var/hg/logs/error.log;

        location / {
                uwsgi_pass 127.0.0.1:4321;
                uwsgi_param SCRIPT_NAME "";
                include uwsgi_params;
        }

        ssl                  on;
        ssl_certificate      /etc/ssl/hg.crt;
        ssl_certificate_key  /etc/ssl/private/hg.key;

        ssl_session_timeout  5m;

        ssl_protocols  SSLv3 TLSv1;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
    }

I installed the packages for mercurial and py-setuptools, and then easy-install'd uwsgi which gave me version 1.9.13 without any apparent problems.

After some experimentation I can got uswgi working with the following options:

uwsgi --daemonize2 /var/log/uwsgi.log --pidfile /var/run/uwsgi.pid --uid www --master --master-as-root -s 127.0.0.1:4321 --wsgi-file /var/hg/bin/hgweb.wsgi

All the dirs and files related to serving the repos (script, conf file, repos) are owned by www:www from having used apache before hand.

Everything was working nicely so whipped up an rc.d script to have it start automatically on boot:

$ more /etc/rc.d/uwsgi
#!/bin/sh
#

daemon="/usr/local/bin/uwsgi"

. /etc/rc.d/rc.subr

rc_stop() {
        ${daemon} --stop /var/run/uwsgi.pid
}

rc_cmd $1

In rc.conf.local I have:

uwsgi_flags="--daemonize2 /var/log/uwsgi.log --pidfile /var/run/uwsgi.pid --uid www --master --master-as-root -s 127.0.0.1:4321 --wsgi-file /var/hg/bin/hgweb.wsgi"

and uwsgi is the last entry in pkg_scripts.

And uwsgi happily starts on boot - yay. But any access to a repo fails - boo. The log file shows the following traceback:

Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/mercurial/hgweb/hgwebdir_mod.py", line 147, in __call__
    return self.run_wsgi(req)
File "/usr/local/lib/python2.7/site-packages/mercurial/hgweb/hgwebdir_mod.py", line 210, in run_wsgi
    repo = hg.repository(self.ui, real)
File "/usr/local/lib/python2.7/site-packages/mercurial/hg.py", line 111, in repository
    peer = _peerorrepo(ui, path, create)
File "/usr/local/lib/python2.7/site-packages/mercurial/hg.py", line 101, in _peerorrepo
    obj = _peerlookup(path).instance(ui, path, create)
File "/usr/local/lib/python2.7/site-packages/mercurial/localrepo.py", line 2629, in instance
    return localrepository(ui, util.urllocalpath(path), create)
File "/usr/local/lib/python2.7/site-packages/mercurial/localrepo.py", line 129, in __init__
    self.ui = baseui.copy()
File "/usr/local/lib/python2.7/site-packages/mercurial/ui.py", line 49, in copy
    return self.__class__(self)
File "/usr/local/lib/python2.7/site-packages/mercurial/ui.py", line 36, in __init__
    self.fixconfig()
File "/usr/local/lib/python2.7/site-packages/mercurial/ui.py", line 120, in fixconfig
    root = root or os.getcwd()
OSError: [Errno 13] Permission denied

Obviously a permissions problem - nothing to do with mercurial since uwsgi worked with with the same options when started from a command line.

If I remove --uid www from uwsgi_flags then I can access the repos with no problems, but this leave uwsgi running as root which is bad.

Since the problem only seems to happen when started via rc.d I would say that this is due uwsgi being run under the daemon class when starting the daemon, as opposed to the default class when using a command line. I could just use daemon_class="default" but that seems like the wrong thing to do. Reading /etc/login.conf and login.conf(5) doesn't clue me in to what the issue could be so I could be barking up the wrong tree.

Any willing educators with a clue bat to hand?  Will be much appreciated.

--
Mike

Reply via email to