Trying to configure ubuntu+nginx+uwsgi+django
upstart script /etc/init/uwsgi.conf
description "uWSGI application server in Emperor mode"
start on runlevel [2345]
stop on runlevel [!2345]
setuid voxa
setgid www-data
exec /usr/local/bin/uwsgi --emperor /etc/uwsgi/sites
uwsgi configuration
[uwsgi]
project = project
base = /home/user
chdir = %(base)/%(project)
home = home/user/Env/project_env
module = %(project).wsgi:application
master = true
processes = 5
socket = %(base)/%(project)/%(project).sock
chmod-socket = 664
vacuum = true
socket = %(base)/%(project)/%(project).sock
chmod-socket = 664
vacuum = true
But after running the command sudo service uwsgi start I get an error
start: Job failed to start
What should I check to handle it?
UPD:
with virtualenv enabled app successfully runs with uwsgi command
uwsgi --http :8000 --module project.wsgi
uWSGI doesn't have permissions to create socket file in specified directory. To solve that, you can run emperor as root and drop privileges in vassal, after creating socket. Simply add to your vassal config:
username = voxa
gropuname = www-data
And remove setuid and setgid from your upstart config file.
If you're worried that someone will abuse that and use other user/group, you can use emperor tyrant mode, by adding --emperor-tyrant to uwsgi start line in upstart config. That will disallow change of username and groupname to other than owner of vassal config file.
Related
I'm getting a little issue with uWSGI and my Django application on production server. I have a FreeBSD jail which has only one Django application. When I made code improvements, I do a touch on settings file in order to take into account modifications.
However, touch kills my uWSGI service each time. So I need to start uWSGI manually else I get a 502 Bad Gateway issue with my browser.
Environment:
Django version : 1.11.20
uWSGI version : 2.0.15
Python version : 3.6.2
uWSGI.ini file:
This is my uwsgi.ini file :
[uwsgi]
pythonpath=/usr/local/www/app/src/web
virtualenv = /usr/local/www/app/venv
module=main.wsgi:application
env = DJANGO_SETTINGS_MODULE=main.settings.prod
env = no_proxy=*.toto.fr
env = LANG=en_US.UTF-8
master=true
processes=2
vaccum=true
chmod-socket=660
chown-socket=www:www
socket=/tmp/uwsgi.sock
socket-timeout = 60
post-buffering = 8192
max-requests = 5000
buffer-size = 32768
offload-threads = 1
uid=www
gid=www
logdate=true
log-maxsize = 20000000
manage-script-name=true
touch-reload = /usr/local/www/app/src/web/main/settings/prod.py
Issue:
When I make a deployment, once it's done, I do :
touch /usr/local/www/app/src/web/main/settings/prod.py
Then I have my uWSGI service out.
This is the last log I have :
Thank you very much !
I've been trying to work out how best to productionise superset, or at least getting it running in a daemon. I created a SystemD service with the following:
[Unit]
Description=Superset
[Service]
Type=simple
WorkingDirectory=/home/XXXX/Documents/superset/venv
ExecStart=/home/XXXX/Documents/superset/venv/bin/superset runserver
[Install]
WantedBy=multi-user.target
And the last error I got to was gunicorn cannot be found. I don't know what else I am missing or is there another way to set it up?
I was able to set it up, after a bunch of searching and trial and error with supervisor, which is a python 2 program, but you can run any command (including other python version in other virtual environments).
I'm running it on an ubuntu 16 VPS. After creating an environment and installing supervisor, you create a configuration file and mine looks like this:
[supervisord]
logfile = %(ENV_HOME)s/sdaprod/supervisor/supervisord.log
logfile_maxbytes = 50MB
logfile_backups=10
loglevel = info
pidfile = %(ENV_HOME)s/sdaprod/supervisor/supervisord.pid
nodaemon = false
minfds = 1024
minprocs = 200
umask = 022
identifier = supervisor
directory = %(ENV_HOME)s/sdaprod/supervisor
nocleanup = true
childlogdir = %(ENV_HOME)s/sdaprod/supervisor
strip_ansi = false
[unix_http_server]
file=/tmp/supervisor.sock
chmod = 0777
[supervisorctl]
serverurl=unix:///tmp/supervisor.sock
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[program:superset]
command = %(ENV_HOME)s/miniconda3/envs/superset/bin/superset runserver
directory = %(ENV_HOME)s/sdaprod
environment = PATH='%(ENV_PATH)s:%(ENV_HOME)s/miniconda3/envs/superset/bin',PYTHONPATH='%(ENV_PYTHONPATH)s:%(ENV_HOME)s/sdacore:%(ENV_HOME)s/sdaprod'
And then you just run supervisord from an environment that has it installed
The %(ENV_<>)s are environment variables. This is my first time doing this, so I absolutely can not vouch for this approach's efficiency, but it does work.
The following code runs successfully in manage.py shell:
from django.contrib.gis.geoip2 import GeoIP2
g = GeoIP2()
If I start the server manually with manage.py runserver
and put the code in my Django view, it also runs fine.
My Django application is hosted with uWSGI and Nginx as reverse proxy.
Both uWSGI and Nginx run with www-data user.
Here is the exception that I get when running on uWSGI:
...
File "/home/myuser/Env/virtenv/myproject/index/views.py" in index
28. g = GeoIP2()
File "/home/myuser/Env/virtenv/local/lib/python2.7/site-packages/django/contrib/gis/geoip2/base.py" in __init__
95. self._city = geoip2.database.Reader(city_db, mode=cache)
File "/home/myuser/Env/virtenv/local/lib/python2.7/site-packages/geoip2/database.py" in __init__
82. self._db_reader = maxminddb.open_database(filename, mode)
File "/home/myuser/Env/virtenv/local/lib/python2.7/site-packages/maxminddb/__init__.py" in open_database
37. return maxminddb.reader.Reader(database, mode)
File "/home/myuser/Env/virtenv/local/lib/python2.7/site-packages/maxminddb/reader.py" in __init__
52. db_file.fileno(), 0, access=mmap.ACCESS_READ)
Exception Type: error at /
Exception Value: [Errno 12] Cannot allocate memory
Local variables are:
Variable Value
database '/home/myuser/Env/virtenv/myproject/geoip/GeoLite2-City.mmdb'
db_file <closed file '/home/myuser/Env/virtenv/myproject/geoip/GeoLite2-City.mmdb', mode 'rb' at 0x7f8c5cf5d390>
mode 0
self <maxminddb.reader.Reader object at 0x7f8c5cf5f550>
I use Virtualbox and my guest OS is Ubuntu 16.04. I have 4GB swap file there.
If I free up some RAM the problem persists.
This shouldn't be a memory issue on OS level, though,
as I can create the GeoIP2 object in the shell and also if I run the server manually.
Next thing I checked is that the geoip directory in my project is owned by www-data and has 775.
Both files inside (GeoLite2-City.mmdb and GeoLite2-Country.mmdb) are also owned by www-data and have 774.
/etc/systemd/system/uwsgi.service contains:
[Unit]
Description=uWSGI Emperor service
[Service]
ExecStartPre=/bin/bash -c 'mkdir -p /run/uwsgi; chown www-data:www-data /run/uwsgi'
ExecStart=/usr/local/bin/uwsgi --emperor /etc/uwsgi/sites
Restart=always
KillSignal=SIGQUIT
Type=notify
NotifyAccess=all
[Install]
WantedBy=multi-user.target
/etc/uwsgi/sites/my_site.ini contains:
[uwsgi]
project = myproject
base = /home/myuser
home = %(base)/Env/virtenv/%(project)
binary-path = /usr/local/bin/uwsgi
chdir = %(home)
chmod-socket = 660
chown-socket = www-data:www-data
#emperor = true
#enable-threads = true
gid = www-data
limit-as = 1024
logto = /tmp/uwsgi.log
master = true
module = myproject.wsgi:application
pidfile = /opt/logs/uwsgi/master.pid
# number of cores on machine
processes = 2
python-path = %(home)
py-autoreload = 2
socket = /run/uwsgi/%(project).sock
uid = www-data
vacuum = true
virtualenv = %(base)/Env/virtenv
vhost = true
workers = 4
env = AWS_KEY=***************
env = AWS_SECRET=***************
env = DJANGO_SETTINGS_MODULE=myproject.settings.local
env = GMAIL_PASS=***************
env = PSQL_PASS=***************
env = SECRET_KEY=*********************************************
I am wondering where the limitation of uWSGI is?
limit-as = 512 in uWSGI's ini file was the culprit. Doubling it to 1024 mb resolves the problem.
From the official uWSGI 2 documentation here:
limit-as
Argument: number
Limit process address space (vsz) (in megabytes).
Limits the address space usage of each uWSGI (worker) process using
POSIX/UNIX setrlimit(). For example, limit-as 256 will disallow uWSGI
processes to grow over 256MB of address space. Address space is the
virtual memory a process has access to. It does not correspond to
physical memory. Read and understand this page before enabling this
option: http://en.wikipedia.org/wiki/Virtual_memory
I'm working with django celery,I have a deamon of celery with supervisor but I have a problem in the django admin I can't see the state of the task,
I can only see the state of my tasks in the django admin, when I typed in console python manage.py celerycam,
How I run a daemon of celerycam.
You can start your celerycam daemon with your app and celery all together with supervisorctl.
Example config file (/etc/supervisor/conf.d/app_name.conf):
# app config
[program:app_name]
user = www-data
directory = /var/www/app_name
command = /var/www/app_name/bin/python /var/www/app_name/bin/gunicorn agora.wsgi_server:application --bind 127.0.0.1:8022 -t 90 --workers 4 --settings='app_name.settings.production'
redirect_stderr = true
autorestart=true
stdout_logfile = /var/log/supervisor/app_name.log
stderr_logfile = /var/log/supervisor/app_name_err.log
stdout_logfile_maxbytes=50MB
stdout_logfile_backups=50
stdout_capture_maxbytes=1MB
stdout_events_enabled=false
loglevel=warn
autostart = true
stopsignal=KILL
environment=LANG="en_US.UTF-8",LC_ALL="en_US.UTF-8",LC_LANG="en_US.UTF-8"
stopasgroup=true
killasgroup=true
# celerycam config
[program:app_name_celerycam]
user = www-data
directory = /var/www/app_name
command = /var/www/app_name/bin/python manage.py celerycam --settings='app_name.settings.production'
redirect_stderr = true
autorestart=true
stdout_logfile = /var/log/supervisor/app_name_celerycam.log
stderr_logfile = /var/log/supervisor/app_name_celerycam_err.log
stdout_logfile_maxbytes=50MB
stdout_logfile_backups=50
stdout_capture_maxbytes=1MB
stdout_events_enabled=false
loglevel=warn
autostart = true
stopwaitsecs=5
# celery config
[program:app_name_celery]
user = www-data
directory = /var/www/app_name
command = /var/www/app_name/bin/python manage.py celeryd -l INFO -E -B --settings='app_name.settings.production' --concurrency=1 --pidfile=/var/run/celery/app_name_celery.pid
redirect_stderr = true
autorestart=true
stdout_logfile = /var/log/supervisor/app_name_celery.log
stderr_logfile = /var/log/supervisor/app_name_celery_err.log
stdout_logfile_maxbytes=50MB
stdout_logfile_backups=50
stdout_capture_maxbytes=1MB
stdout_events_enabled=false
loglevel=warn
autostart=true
stopwaitsecs=5
environment=C_FORCE_ROOT=1
stopasgroup=true
killasgroup=true
# group of our daemons
[group:app_name]
programs=app_name,app_name_celerycam,app_name_celery
priority=999
Reload our configuration:
supervisorctl reread
Now we can manage all daemons of our application with simple commands:
supervisorctl start app_name:*
supervisorctl stop app_name:*
supervisorctl restart app_name:*
supervisorctl status app_name:*
I want to create uWsgi socket in my project folder and not in /tmp/
Here's my uWSGI config
[uwsgi]
socket = /tmp/uwsgi.sock #I want this in any other folder
#say in /home/me/Desktop/myDjangoApp/
chmod-socket = 666
processes = 1
master = true
vhost = true
no-site = true
But whenever I restart uWSGI with the socket created in my folder, it [fails].
Can't I create the uwsgi.sock in other folder?
I use the following uwsgi config (reduced to relevant parts):
[uwsgi]
uid = moin
gid = www-data
socket = /var/run/moin/uwsgi.sock
hook-as-root = exec:mkdir -vp /var/run/moin/; chown -v moin:www-data /var/run/moin/
Note the hook which creates the /var/run/wiki/ directory with user permissions before the server drops privileges. Call the directory whatever you want, moin was the name of my wiki engine.
On newer distros, /var/run points to a tmpfs location so that any manually created directory gets dropped after a reboot. The hook definition in this file keeps your configuration compact, compared to adding/modifying another init script.
Well, I found an alternative solution for the same. I created the socket in localhost
Here is my uwsgi file
[uwsgi]
uid = www-data
gid = www-data
master = 1
workers = 2
plugins = python
socket = 127.0.0.1:3100
enable-threads = true
processes = 2
pythonpath = <>
wsgi-file = <>
chdir = <>
unix sockets must obey to file permission schemes.
In the second config you're seting uid=www-data and gid=www-data.
The socket file must be writable by www-data and nginx must be able to read/write /tmp/uwsgi.sock
On the other hand if you find that difficult, using host:port (tcp sockets) will work too and you've seem to be able to do it like that.