Hello everyone
We have successfully used uwsgi 2.0.15 in a rather complex setup with a
main emperor and an additionally emperor for each user. Now we are in
the process of upgrading uwsgi to 2.0.18. The emperor of each user,
among other things, mounts the user's web document root located under
/var/www/user to /var/www and therefore simply hides other users' sites.
However we are facing some strange behavior. The user emperor does not
even start properly. From the logfile we can see that the mounts are
done multiple times, and since the /var/www/user directory does not
exist the second time the mounts are done, it crashes. What are we doing
wrong? We are on Centos 7 boxes with kernel 3.10.0-957.27.2.
The user emperors' log file:
Tue Sep 10 11:02:41 - running "umount -l /proc" (as root)...
Tue Sep 10 11:02:41 - running "mount --no-mtab -t proc -o hidepid=2 none
/proc" (as root)...
Tue Sep 10 11:02:41 - running "mount --no-mtab --bind
/var/lib/root_fs/phphost/etc /etc" (as root)...
Tue Sep 10 11:02:41 - running "mount --no-mtab --bind
/var/www/vhosts/thisuser /var/www" (as root)...
Tue Sep 10 11:02:41 - *** WARNING: you are running uWSGI as root !!!
(use the --uid flag) ***
Tue Sep 10 11:02:41 - your processes number limit is 127949
Tue Sep 10 11:02:41 - your memory page size is 4096 bytes
Tue Sep 10 11:02:41 - detected max file descriptor number: 1024
Tue Sep 10 11:02:41 - lock engine: pthread robust mutexes
Tue Sep 10 11:02:41 - thunder lock: disabled (you can enable it with
--thunder-lock)
Tue Sep 10 11:02:41 - uWSGI running as root, you can use
--uid/--gid/--chroot options
Tue Sep 10 11:02:41 - running "umount -l /proc" (as root)...
Tue Sep 10 11:02:41 - running "mount --no-mtab -t proc -o hidepid=2 none
/proc" (as root)...
Tue Sep 10 11:02:41 - running "mount --no-mtab --bind
/var/lib/root_fs/phphost/etc /etc" (as root)...
Tue Sep 10 11:02:41 - running "mount --no-mtab --bind
/var/www/vhosts/thisuser /var/www" (as root)...
mount: special device /var/www/vhosts/thisuser does not exist
Tue Sep 10 11:02:41 - command "mount --no-mtab --bind
/var/www/vhosts/thisuser /var/www" exited with non-zero code: 32
emperor.ini
[uwsgi]
strict = true
; Set placeholders
set-placeholder = log-dir=/var/log/uwsgi
emperor = /usr/local/etc/uwsgi-2.0.18/users
emperor-use-clone = fs,ipc,pid,uts
gid = www
logto = %(log-dir)/emperor/emperor-2.0.18.log
log-maxsize = 20971520
log-date = %%a %%b %%d %%H:%%M:%%S
no-fd-passing = true
; clear environment on exit
vacuum = true
thisuser.ini
[uwsgi]
strict = true
; set placeholders
set-placeholder = user=thisuser
set-placeholder = run-dir=/run/uwsgi
set-placeholder = log-dir=/var/log/uwsgi
set-placeholder = web-dir=/var/www/vhosts/%(user)
set-placeholder = mount-web-dir=/var/www
set-placeholder = root-fs-dir=/var/lib/root_fs
set-placeholder =
cgroup_base=/sys/fs/cgroup/systemd/system.slice/emperor.uwsgi-2.0.18.service/%(user)
set-placeholder =
cgroup_cpu=/sys/fs/cgroup/cpu/system.slice/emperor.uwsgi-2.0.18.service/%(user)
set-placeholder =
cgroup_mem=/sys/fs/cgroup/memory/system.slice/emperor.uwsgi-2.0.18.service/%(user)
; mount custom directories
; (but only if it is not a reload)
if-not-reload =
; umount /proc and remount to hide processes
; as we are in the 'fs' namespace umounting
; /proc does not interfere with the main one.
exec-as-root = umount -l /proc
exec-as-root = mount --no-mtab -t proc -o hidepid=2 none /proc
exec-as-root = mount --no-mtab --bind %(root-fs-dir)/phphost/etc /etc
exec-as-root = mount --no-mtab --bind %(web-dir) %(mount-web-dir)
endif =
; reloading does not exist for this instance
; (when it is changed we need to destroy the whole container)
exit-on-reload = true
cgroup = %(cgroup_base)
cgroup = %(cgroup_cpu)
cgroup-opt = cpu.shares=256
cgroup = %(cgroup_mem)
cgroup-opt = memory.limit_in_bytes=268435456
logto = %(log-dir)/%(user)/user-2.0.18.log
;rotate logs when filesize is higher than 20 megs
log-maxsize = 20971520
log-date = %%a %%b %%d %%H:%%M:%%S
; enable KSM support
ksm = 100
; clear environment on exit
vacuum = true
--
Reino Wallin
www.oribium.se
www.oribium.net
www.selinuxcomputing.se
_______________________________________________
uWSGI mailing list
uWSGI@lists.unbit.it
http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
