Matthias Stecher
13e97d171b
The Gunicorn type now supports systemd sockets only. With uWSGI, you can choose between it and the native sockets based on the parameters chosen. This is done because it could not be implemented to have multiple protocols with the systemd sockets (so you may choose). The systemd socket unit file is generally available, so both types use the same script to generate the socket unit file.
101 lines
2.9 KiB
Bash
Executable file
101 lines
2.9 KiB
Bash
Executable file
#!/bin/sh -e
|
|
|
|
# control state
|
|
state="$(cat "$__object/parameter/state")"
|
|
|
|
# Set capabilities to aquire privileaged ports as netbox user. Two modes are
|
|
# available to efficiently set capabilites. Assumes libcap-bin is installed as
|
|
# default on debian systems.
|
|
#
|
|
# Arguments:
|
|
# 1: mode to detect if capabilites are required to set ('set' or 'correct')
|
|
set_bind_cap() {
|
|
cap_mode="" # reset variable from the execution before
|
|
|
|
# check if capabilites are required after given mode
|
|
case "$1" in
|
|
# assumes capabilites are not set (cause of new binaries)
|
|
set)
|
|
if [ "$SYSTEMD_SOCKET" != "yes" ]; then
|
|
cap_mode="+ep"
|
|
fi
|
|
;;
|
|
|
|
# check if capabilities have changed
|
|
correct)
|
|
if [ -s "$__object/explorer/bind-capability" ]; then
|
|
# capabilites are set
|
|
if [ "$SYSTEMD_SOCKET" = "yes" ]; then
|
|
cap_mode="-ep" # unset
|
|
fi
|
|
else
|
|
# capabilities are unset
|
|
if [ "$SYSTEMD_SOCKET" != "yes" ]; then
|
|
cap_mode="+ep" # set
|
|
fi
|
|
fi
|
|
;;
|
|
|
|
# faulty mode
|
|
*)
|
|
echo "called set_bind_cap incorrect (\$1 missing)" >&2
|
|
;;
|
|
esac
|
|
|
|
# set capabilities if any
|
|
if [ "$cap_mode" ]; then
|
|
printf "setcap -q CAP_NET_BIND_SERVICE%s /opt/netbox/venv/bin/uwsgi\n" "$cap_mode"
|
|
fi
|
|
}
|
|
SYSTEMD_SOCKET="$(cat "$__object/files/systemd_socket")"
|
|
|
|
|
|
case "$state" in
|
|
# install uwsgi
|
|
enabled|disabled)
|
|
# not installed
|
|
if ! [ -s "$__object/explorer/installed" ]; then
|
|
echo "/opt/netbox/venv/bin/pip3 install -q uwsgi"
|
|
set_bind_cap set
|
|
do_restart=yes
|
|
printf "installed\n" >> "$__messages_out"
|
|
|
|
# updates available
|
|
elif [ -s "$__object/explorer/upgradeable" ]; then
|
|
echo "/opt/netbox/venv/bin/pip3 install -q --upgrade uwsgi"
|
|
set_bind_cap set
|
|
do_restart=yes
|
|
printf "upgraded\n" >> "$__messages_out"
|
|
fi
|
|
|
|
# changed configuration
|
|
if grep -q "^__file/opt/netbox/uwsgi.ini:" "$__messages_in"; then
|
|
do_restart=yes
|
|
printf "configured\n" >> "$__messages_out"
|
|
fi
|
|
|
|
# if no capabilities were set yet, check if any are required
|
|
if [ -z "$cap_mode" ]; then
|
|
set_bind_cap correct
|
|
fi
|
|
|
|
|
|
# restart uwsgi
|
|
if [ "$do_restart" ] && [ "$state" != "disabled" ]; then
|
|
cat << EOF
|
|
# Restart service
|
|
systemctl restart uwsgi-netbox
|
|
EOF
|
|
fi
|
|
;;
|
|
|
|
# uninstall
|
|
absent)
|
|
# check if installed
|
|
if [ -s "$__object/explorer/installed" ]; then
|
|
# service already disabled
|
|
echo "/opt/netbox/venv/bin/pip3 uninstall -qy uwsgi"
|
|
printf "uninstalled\n" >> "$__messages_out"
|
|
fi
|
|
;;
|
|
esac
|