184 lines
6.3 KiB

cdist-type__netbox_uwsgi - Run NetBox with uWSGI
This (singleton) type installs uWSGI into the NetBox `python-venv`. It hosts
the NetBox WSGI application via the WSGI protocol. A further server must be
installed to provide it as HTTP and serve static content. It supports multiple
protocols like uwsgi, fastcgi or HTTP to comunicate with the proxy server. This
application is available via the `uwsgi-netbox` systemd service. It is
controllable via the `netbox` wrapper service, too.
**As uWSGI will be started as netbox user, it does not have privileges to
bind to a privileaged port (all ports below 1024).** Because uWSGI will
drop privileages anyway before binding to a port, solutions are to use
the systemd sockets to activate the ports as root or set linux kernel
capabilites to bind to such a privileaged port.
As systemd sockets (or uwsgi itself) do not allow to distinguish multiple
sockets if different protocols are used for different sockets, this type does
not use systemd sockets if it is requested from the user. Using the
``--bind-to`` and ``--protocol`` parameters, it uses the systemd socket
activation. Else, it set the different sockets and protocols natively to uwsgi
and add kernel capabilities to be able to listen to privileaged ports.
Represents the state of the uWSGI application. Defaults to ``enabled``.
The uWSGI service is enabled and running.
The uWSGI service is installed, but disabled.
The uWSGI service is not installed and all configuration removed.
This type does not guarantee anything about the running state of the
service. To be sure about the service is stopped or not, use the type
:strong:`cdist-type__systemd_service`\ (7) after this execution.
The socket uwsgi should bind to. Must be UNIX/TCP (or anything that
systemd sockets accept as stream). Defaults to ````. Can be
set multiple times. The used protocol is defined by ``--protocol``.
**By setting up the socket via this parameter, it uses systemd sockets to
handle these.** This parameter will be ignored if a more detailed paramter
is given (``--$proto-bind``).
The protocol which should be used for the socket given by the ``--bind-to``
parameter. Possible values are ``uwsgi``, ``http``, ``fastcgi`` and
``scgi``. If nothing given, it defaults to ``uwsgi``.
scgi-bind, uwsgi-bind, http-bind, fastcgi-bind
Bind the application to a specific protocol instead of implicit uwsgi via
``--bind-to``. If such parameter given, ``--bind-to`` will be ignored. Must
be a UNIX/TCP socket. Can be set multiple times.
**By using such parameters instead of ``--bind-to``, no systemd sockets
will be used because it can not handle sockets for multiple protocols.**
Instead, the native socket binding will be used. It will add kernel
capabilites to bind to privileaged ports, too. This allow binds to ports
like 80 as netbox user.
Setup uWSGI to serve the static content, too. This is generally not
recommended for real production setups, as it is the job of the reverse
proxy server, who will thread it as static cachable content. This option
is only recommended for small setups or direct usage of the uWSGI socket
like using it as standalone HTTP server for NetBox.
**Hint**: This parameter does not work in junction with the `__netbox`
parameter ``--basepath``. It is because this type does not know the
parameter value and this case is very unlikly to happen; although an
implementation is not difficult.
The uwsgi service was installed.
The uwsgi service was upgraded.
The uwsgi configuration got updated.
The uWSGI application was removed.
In all cases where the application is still present, it restarts the service to
use the up-to-date version.
.. code-block:: sh
# simple
__netbox $args
require="__netbox" __netbox_uwsgi
# with multiple binds
__netbox $args
require="__netbox" __netbox_uwsgi --bind-to \
# with multiple protocols
# parameter `--bind-to` will be ignored
# avoids systemd sockets, but can handle multiple protocols
__netbox $args
require="__netbox" __netbox_uwsgi --uwsgi-bind \
--http-bind \
# as standalone server
__netbox $args
require="__netbox" __netbox_uwsgi --serve-static --http-bind
# replace gunicorn with uwsgi
__netbox $args
require="__netbox" __netbox_gunicorn --state absent
# it should depend on __netbox_gunicorn if they use the same socket
require="__netbox_gunicorn" __netbox_uwsgi --state enabled
# be sure the service is disabled
__netbox $args
require="__netbox" __netbox_uwsgi --state disabled
require="__netbox_uwsgi" __systemd_service uwsgi-netbox --state stopped
If systemd sockets are used, uwsgi can not be reloaded because it does not
handle the socket correctly. It works by completly restarting uwsgi (because
it is near the same cause of the systemd socket) or tweaking the service unit
with the line ``StandardInput=socket``, which limits you to only one address
to bind to (else, the service will not start).
Maybe someone is interested in enabling log files, because the "log to stdout"
is not the fanciest approach (because it is shown in the journal). See the
`uwsgi documentation <>` for
`uWSGI Documentation <>`_
:strong:`cdist-type__netbox`\ (7)
:strong:`cdist-type__netbox_gunicorn`\ (7)
Matthias Stecher <>
Copyright \(C) 2020 Matthias Stecher. You can redistribute it
and/or modify it under the terms of the GNU General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.