nixos/graphite-service: fix startup issue

The preStart snippets (graphite, carbon) try to create directories under /var/db/. That currently fails because the code is run as user "graphite". Fix by setting "PermissionsStartOnly = true" so that the preStart stuff is run as 'root'. Further: * graphite-web-0.9.12/bin/build-index.sh needs perl, so add it to PATH. * Now that preStart runs as root, we must wait with "chown graphite" until we're done creating files/directories. * Drop needless check for root (uid 0) before running chown.
2024-11-24 07:53:19 +00:00 · 2014-04-17 15:40:02 +02:00 · 2014-04-17 15:40:02 +02:00 · ffb593f880
commit ffb593f880
parent e572b5c104
1 changed files with 6 additions and 2 deletions
--- a/nixos/modules/services/monitoring/graphite.nix
+++ b/nixos/modules/services/monitoring/graphite.nix
@ -184,6 +184,7 @@ in {
        ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-cache"}";
        User = "graphite";
        Group = "graphite";
+        PermissionsStartOnly = true;
      };
      restartTriggers = [
        pkgs.pythonPackages.carbon
@ -194,7 +195,7 @@ in {
      ];
      preStart = ''
        mkdir -m 0700 -p ${cfg.dataDir}/whisper
-        if [ "$(id -u)" = 0 ]; then chown -R graphite:graphite ${cfg.dataDir}; fi
+        chown -R graphite:graphite ${cfg.dataDir}
      '';
    };

@ -235,6 +236,7 @@ in {
      description = "Graphite Web Interface";
      wantedBy = [ "multi-user.target" ];
      after = [ "network-interfaces.target" ];
+      path = [ pkgs.perl ];
      environment = {
        PYTHONPATH = "${pkgs.python27Packages.graphite_web}/lib/python2.7/site-packages";
        DJANGO_SETTINGS_MODULE = "graphite.settings";
@ -248,11 +250,11 @@ in {
          --call django.core.handlers.wsgi:WSGIHandler'';
        User = "graphite";
        Group = "graphite";
+        PermissionsStartOnly = true;
      };
      preStart = ''
        if ! test -e ${dataDir}/db-created; then
          mkdir -m 0700 -p ${dataDir}/{whisper/,log/webapp/}
-          if [ "$(id -u)" = 0 ]; then chown -R graphite:graphite ${cfg.dataDir}; fi

          # populate database
          ${pkgs.python27Packages.graphite_web}/bin/manage-graphite.py syncdb --noinput
@ -261,6 +263,8 @@ in {
          ${pkgs.python27Packages.graphite_web}/bin/build-index.sh

          touch ${dataDir}/db-created
+
+          chown -R graphite:graphite ${cfg.dataDir}
        fi
      '';
      restartTriggers = [