Setting up Unicorn for multi-user Capistrano deployment

时间:2016-04-12 00:49:12

标签: ruby-on-rails ruby deployment capistrano unicorn

I have been having some trouble with migrating a capistrano deployment of our rails app to make it so that multiple users can deploy. Originally we had a the socket for our unicorn server under /tmp owned by the user who would do the deploy. This doesn't work with multiple users because they would not have the permissions to modify the file.

We tried a second approach where we put the socket file under the app in its tmp directory. After each deploy, we reset the ownership of the socket file to a deployer's group which is shared between the users. This would work for the first deploy by a user, but not if the same user made a second deploy in a row. If a different user deploys, it works fine.

Basically we ended up with a deployment system where each person can deploy only once in a row before having to ask another person to deploy once in between. It looks like on the second and further deploys, the unicorn processes are not being restarted properly. On the first deploy the unicorn log for the successful deploy shows this:

INFO -- : Refreshing Gem list
INFO -- : listening on addr=/var/www/dashboard/current/tmp/dashboard.socket fd=11
INFO -- : worker=0 ready
INFO -- : worker=1 ready
INFO -- : worker=2 ready
INFO -- : master process ready
INFO -- : worker=3 ready

On the second deploy the failed log looks like this:

INFO -- : executing ["/var/www/dashboard/shared/bundle/ruby/2.1.0/bin/unicorn", "-c", "/var/www/dashboard/current/config/unicorn/production.rb", "-E      ", "deployment", "-D", {11=>#<Kgio::UNIXServer:/var/www/dashboard/current/tmp/dashboard.socket>}] (in /var/www/dashboard/releases/20160405234438)
INFO -- : forked child re-executing...
INFO -- : inherited addr=/var/www/dashboard/current/tmp/dashboard.socket fd=11
INFO -- : Refreshing Gem list
INFO -- : reaped #<Process::Status: pid 22939 exit 0> worker=0
INFO -- : reaped #<Process::Status: pid 22942 exit 0> worker=1
INFO -- : reaped #<Process::Status: pid 22945 exit 0> worker=2
INFO -- : reaped #<Process::Status: pid 22948 exit 0> worker=3
INFO -- : master complete
INFO -- : worker=0 ready
INFO -- : worker=1 ready
INFO -- : worker=2 ready
INFO -- : master process ready
INFO -- : worker=3 ready

The gem we are using for our unicorn deployment is capistrano-unicorn. We are using ruby 2.1.5, capistrano 2.15.7, and unicorn 5.0.1.

1 个答案:

答案 0 :(得分:1)

您应该在单独的用户下运行独角兽,与www等个别开发者无关。然后,独角兽插座可以在其他地方,例如,在/tmp。使用unicorn_user选项(请参阅gem readme)使Capistrano重新加载或重新启动给定用户下的unicorn服务器。

您还必须为开发人员组设置sudo规则,以便他们可以作为www用户运行命令,而无需提供密码。将此类内容添加到/etc/sudoers文件:

%developers ALL=(www) NOPASSWD: ALL

警告:这允许developers群组中的任何用户以[{1}}用户身份运行任何命令,而无需提供密码!更简洁,更安全的方法是只允许启动独角兽的命令并向其发送重新加载/停止等信号。