Hi Chris/Mike,
I updated the fcgi-program section of the manual to reflect the new
fcgi-program parameters and attached the patch.
Thanks,
Roger
On Fri, Oct 23, 2009 at 6:03 PM, Roger Hoover <[email protected]>wrote:
> Hi Chris/Mike,
>
> I found and fixed one other issue and updated the patch. Here's the
> summary:
> - Added support for setting the ownership and permissions for an FCGI
> socket
> - Fixed bug where FCGI socket reference count was not getting decremented
> on spawn error
>
> I updated the unit tests to verify the reference count fix.
>
> Thanks,
>
> Roger
>
>
> On Fri, Oct 23, 2009 at 11:55 AM, Roger Hoover <[email protected]>wrote:
>
>> Thanks, everyone. Attached is the patch with full unit tests.
>>
>> Chris, I need to update the manual as well for the new fcgi-program
>> options, socket_owner and socket_mode. I forget where that is. In another
>> svn repo?
>>
>> Thanks,
>>
>> Roger
>>
>>
>> On Fri, Oct 23, 2009 at 9:57 AM, Chris McDonough <[email protected]>wrote:
>>
>>> Roger Hoover wrote:
>>>
>>>> Hmmm...the more I think about it., socket_owner and socket_mode are
>>>> indeed better names. Chris/Mike, do you want to weigh in on consistency
>>>> vs.
>>>> clarity?
>>>>
>>>
>>> I'd be fine with either.
>>>
>>> - C
>>>
>>>
>>>
>>>> On Fri, Oct 23, 2009 at 9:08 AM, Roger Hoover
>>>> <[email protected]<mailto:
>>>> [email protected]>> wrote:
>>>>
>>>>
>>>>
>>>> On Fri, Oct 23, 2009 at 8:57 AM, Grzegorz Nosek <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>> On Fri, Oct 23, 2009 at 08:33:28AM -0700, Roger Hoover wrote:
>>>> > I'm most of the way there on #2. The issue is that as far as
>>>> I can tell
>>>> > there's no way to find out the umask for a user so I don't
>>>> automatically
>>>> > know what permissions to chmod the FCGI socket with. Now,
>>>> the choices are
>>>> >
>>>> > a) Don't chmod the FCGI socket, just chown it to the uid/gid
>>>> of the user the
>>>> > process will run as
>>>> >
>>>> > b) Add socket_chown, socket_chmod args that only apply to
>>>> unix domain
>>>> > sockets. This allows the most control for the user but the
>>>> fact that the
>>>> > params don't always make sense is a bit awkward.
>>>> >
>>>> > [fcgi-program:test]
>>>> > command=/foo/bar.fcgi
>>>> > socket=unix:///tmp/test.socket
>>>> > socket_chown=rhoover:wheel ; this option would only apply to
>>>> unix domain
>>>> > sockets
>>>> > socket_chmod=0777 ; this option would only apply to unix
>>>> domain sockets
>>>> > user=nobody
>>>> > process_name=foo_%(process_num)s
>>>> > numprocs=2
>>>> >
>>>> > Anyone have an opinion here?
>>>>
>>>> I'm for explicit owner and mode options. Apache-style FastCGI
>>>> wrappers
>>>> are a pain.
>>>>
>>>>
>>>> Thanks. I was leaning this direction.
>>>>
>>>>
>>>> Also, my vote would go to naming these options "socket_owner" and
>>>> "socket_mode" (or "socket_perm(s)"?) as I've heard enough of
>>>> "setting
>>>> chmods" in my day ;)
>>>>
>>>>
>>>> That makes sense but I'm going for consistency with the existing
>>>> unix_http_server section of the config.
>>>> http://supervisord.org/manual/current/configuration.html#unix_http_server
>>>>
>>>>
>>>> Best regards,
>>>> Grzegorz Nosek
>>>>
>>>>
>>>>
>>>>
>>>
>>
>
Index: trunk/chapters/configuration.xml
===================================================================
--- trunk/chapters/configuration.xml (revision 898)
+++ trunk/chapters/configuration.xml (working copy)
@@ -1316,27 +1316,68 @@
</para>
<para>
- <code>[fcgi-program:x]</code> sections have a single key which
+ <code>[fcgi-program:x]</code> sections have a few keys which
<code>[program:x]</code> sections do not have.
</para>
- <variablelist>
- <varlistentry>
- <term>socket</term>
- <listitem>
- <para>
- The FastCGI socket for this program, either TCP or UNIX domain
- socket. For TCP sockets, use this format:
- <code>tcp://localhost:9002</code>. For UNIX domain sockets, use
- <code>unix:///absolute/path/to/file.sock</code>. String
- expressions are evaluated against a dictionary containing the keys
- "program_name" and "here" (the directory of the supervisord config
- file).
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
+ <table>
+ <title><code>[fcgi-program:x]</code> Additional Values</title>
+ <tgroup cols="5">
+ <thead>
+ <row>
+ <entry>Key</entry>
+ <entry>Description</entry>
+ <entry>Default Value</entry>
+ <entry>Required</entry>
+ <entry>Introduced</entry>
+ </row>
+ </thead>
+ <tbody>
+ <row>
+ <entry>socket</entry>
+ <entry>
+ The FastCGI socket for this program, either TCP or UNIX domain
+ socket. For TCP sockets, use this format:
+ <code>tcp://localhost:9002</code>. For UNIX domain sockets, use
+ <code>unix:///absolute/path/to/file.sock</code>. String
+ expressions are evaluated against a dictionary containing the
keys
+ "program_name" and "here" (the directory of the supervisord
config
+ file).
+ </entry>
+ <entry>No default (required)</entry>
+ <entry>Yes</entry>
+ <entry>3.0</entry>
+ </row>
+ <row>
+ <entry>socket_owner</entry>
+ <entry>
+ For UNIX domain sockets only. Sets the ownership for the
+ FastCGI UNIX domain socket. May be a UNIX username (e.g. chrism)
+ or a UNIX username and group separated by a colon
+ (e.g. chrism:wheel).
+ </entry>
+ <entry>Use uid/gid of user the fcgi-program will run as.</entry>
+ <entry>No</entry>
+ <entry>3.0</entry>
+ </row>
+
+ <row>
+ <entry>socket_mode</entry>
+ <entry>
+ For UNIX domain sockets only. Sets the UNIX permission mode bits
on the
+ FastCGI UNIX domain socket.
+ </entry>
+ <entry>
+ 0700
+ </entry>
+ <entry>No</entry>
+ <entry>3.0</entry>
+ </row>
+ </tbody>
+ </tgroup>
+ </table>
+
<para>
Consult <code>[program:x]</code> Section Values for allowable
keys, delta the above constraints and additions.
_______________________________________________
Supervisor-users mailing list
[email protected]
http://lists.supervisord.org/mailman/listinfo/supervisor-users
