Hi,
Quick background - I am moving my local mercruial repo server from base
apache+cgi to base nginx with wsgi, on 5.3 release + patches install.
Configuring nginx was straightforward - it is the stock conf file with
just changes to the example https block as follows:
server {
listen 443;
server_name hg.blah.com;
root /var/hg/www;
access_log /var/hg/logs/access.log;
error_log /var/hg/logs/error.log;
location / {
uwsgi_pass 127.0.0.1:4321;
uwsgi_param SCRIPT_NAME "";
include uwsgi_params;
}
ssl on;
ssl_certificate /etc/ssl/hg.crt;
ssl_certificate_key /etc/ssl/private/hg.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
I installed the packages for mercurial and py-setuptools, and then
easy-install'd uwsgi which gave me version 1.9.13 without any apparent
problems.
After some experimentation I can got uswgi working with the following
options:
uwsgi --daemonize2 /var/log/uwsgi.log --pidfile /var/run/uwsgi.pid --uid
www --master --master-as-root -s 127.0.0.1:4321 --wsgi-file
/var/hg/bin/hgweb.wsgi
All the dirs and files related to serving the repos (script, conf file,
repos) are owned by www:www from having used apache before hand.
Everything was working nicely so whipped up an rc.d script to have it
start automatically on boot:
$ more /etc/rc.d/uwsgi
#!/bin/sh
#
daemon="/usr/local/bin/uwsgi"
. /etc/rc.d/rc.subr
rc_stop() {
${daemon} --stop /var/run/uwsgi.pid
}
rc_cmd $1
In rc.conf.local I have:
uwsgi_flags="--daemonize2 /var/log/uwsgi.log --pidfile
/var/run/uwsgi.pid --uid www --master --master-as-root -s 127.0.0.1:4321
--wsgi-file /var/hg/bin/hgweb.wsgi"
and uwsgi is the last entry in pkg_scripts.
And uwsgi happily starts on boot - yay. But any access to a repo fails
- boo. The log file shows the following traceback:
Traceback (most recent call last):
File
"/usr/local/lib/python2.7/site-packages/mercurial/hgweb/hgwebdir_mod.py", line
147, in __call__
return self.run_wsgi(req)
File
"/usr/local/lib/python2.7/site-packages/mercurial/hgweb/hgwebdir_mod.py", line
210, in run_wsgi
repo = hg.repository(self.ui, real)
File "/usr/local/lib/python2.7/site-packages/mercurial/hg.py", line
111, in repository
peer = _peerorrepo(ui, path, create)
File "/usr/local/lib/python2.7/site-packages/mercurial/hg.py", line
101, in _peerorrepo
obj = _peerlookup(path).instance(ui, path, create)
File "/usr/local/lib/python2.7/site-packages/mercurial/localrepo.py",
line 2629, in instance
return localrepository(ui, util.urllocalpath(path), create)
File "/usr/local/lib/python2.7/site-packages/mercurial/localrepo.py",
line 129, in __init__
self.ui = baseui.copy()
File "/usr/local/lib/python2.7/site-packages/mercurial/ui.py", line
49, in copy
return self.__class__(self)
File "/usr/local/lib/python2.7/site-packages/mercurial/ui.py", line
36, in __init__
self.fixconfig()
File "/usr/local/lib/python2.7/site-packages/mercurial/ui.py", line
120, in fixconfig
root = root or os.getcwd()
OSError: [Errno 13] Permission denied
Obviously a permissions problem - nothing to do with mercurial since
uwsgi worked with with the same options when started from a command line.
If I remove --uid www from uwsgi_flags then I can access the repos with
no problems, but this leave uwsgi running as root which is bad.
Since the problem only seems to happen when started via rc.d I would say
that this is due uwsgi being run under the daemon class when starting
the daemon, as opposed to the default class when using a command line.
I could just use daemon_class="default" but that seems like the wrong
thing to do. Reading /etc/login.conf and login.conf(5) doesn't clue me
in to what the issue could be so I could be barking up the wrong tree.
Any willing educators with a clue bat to hand? Will be much appreciated.
--
Mike