Hi,
I'm using uwsgi 2.0.9 on CentOS 7, built from the Fedora 21 2.0.7 packages.
SRPM and RPM are here: http://repo.yo61.net/el/7/
uwsgi is run under systemd in emperor mode. This is the main config I'm
using (/etc/uwsgi.ini):
[uwsgi]
uid = uwsgi
gid = uwsgi
pidfile = /run/uwsgi/uwsgi.pid
emperor = /etc/uwsgi.d
stats = /run/uwsgi/stats.sock
emperor-tyrant = true
emperor-tyrant-initgroups = true
cap = setgid,setuid
I'm running the puppetboard app as a vassal with the following config
(/etc/uwsgi.d/puppetboard.ini):
[uwsgi]
plugins = python
http-socket = :8080
wsgi-file = /var/www/puppetboard/wsgi.py
uid = puppetboard
gid = puppetboard
enable-threads = true
thunder-lock = true
Ownership on puppetboard.ini is puppetboard:puppetboard
The puppetboard user is also a member of the puppet group. This is so
puppetboard can read a cert key from /var/lib/puppet/ssl/private_keys/ as
there are directories in that path that are mode 0750 and with ownership by
puppet:puppet
However, the additional group is not getting set on the puppetboard.ini app
processes - they just get puppetboard:puppetboard and consequently they are
not able to read the puppet certs.
>From top:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
GROUP SUPGRPS
1293 puppetb+ 20 0 333616 5864 1796 S 0.0 0.2 0:00.06 httpd
puppetb+ puppet,puppetboard
1460 puppetb+ 20 0 243400 19352 5112 S 0.0 0.5 0:00.28 uwsgi
puppetb+ -
1467 puppetb+ 20 0 249512 19072 3604 S 0.0 0.5 0:00.12 uwsgi
puppetb+ -
The process that *does* have the correct supplementary groups is the same
app running under apache and mod_wsgi.
Am I configuring this wrongly, or is this a bug?
Cheers,
R.
_______________________________________________
uWSGI mailing list
[email protected]
http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
