From 3cda7577567631705b2deec9b1e1f52626f42dd5 Mon Sep 17 00:00:00 2001 From: chris fedde Date: Thu, 8 Aug 2013 13:46:47 -0600 Subject: [PATCH 1/6] Added more tutorial content to Ubic::Manual::Intro --- lib/Ubic/Manual/Intro.pod | 59 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/lib/Ubic/Manual/Intro.pod b/lib/Ubic/Manual/Intro.pod index a66c9de..e063067 100644 --- a/lib/Ubic/Manual/Intro.pod +++ b/lib/Ubic/Manual/Intro.pod @@ -35,6 +35,29 @@ Alternatively, if you're using Debian or Ubuntu, you can install ubic .deb packa apt-get update apt-get install ubic +=head1 GENERAL LAYOUT + +After C has successfully finished you will have a +working Ubic deployment ready to use. Two file hierarchies will be present: +I and I. These contain the configuration and state +of monitored processes. The ubic.watchdog daemon will be running +and a cron job will be configured to watch the watchdog. + +Confirm that all is running properly with I. You will see something like the following: + + ubic + ubic.ping off + ubic.update off + ubic.watchdog running (pid 15320) + +This shows a minimal default Ubic configuration. Running I will show the watchdog watching cron job. + + * * * * * /usr/bin/ubic-watchdog ubic.watchdog >>/var/log/ubic/watchdog.log 2>>/var/log/ubic/watchdog.err.log + +With this configiguration no init.d script is needed. There are alternative +ways to deploy described in L. For this discussion +we'll stick with these defaults. + =head1 WRITE YOUR FIRST SERVICE Put this code in your service dir, i.e. in the file I (or if you opted for a home-dir installation, in the I<~/ubic/service/example>): @@ -75,6 +98,42 @@ Now let's see how the watchdog works by killing the process (replace the pid val You don't have to run C manually; it will do its work in background in a minute. +=head1 WRITE YOUR SECOND SERVICE + +Put this config into I your service directory as in example 1 +above: + + module = Ubic::Service::SimpleDaemon + [options] + bin = sleep 15 + user = nobody + +Set up a simple terminal display to watch what is going on: + + watch 'ps -ef | grep sleep | grep -v grep; ubic status; + tail -n 5 /var/log/ubic/watchdog.log' + +In another terminal start the process + + ubic start example2 + +Note that the background process dies every 15 seconds as expected. Also note +that it is restared by the watchdog after it has been idle for about a minute. + +More details about using .ini files can be found in +L. You can also use JSON config. That +alternative is described in L. + +=head1 OTHER SERVICES + +There are two other services deployed as part of the default Ubic setup. +They are off by default and can probably be left that way. +These are I and I. The I service provides +a way to check that services are running via a REST like API. +The I service provides a similar function by port number. +As of this writing they are not particulary useful for basic users of I +service. + =head1 SEE ALSO L allows you to tune other service aspects other than I. Check it out. From 53c480747089da1db4fd457329b7e7d35cc41d06 Mon Sep 17 00:00:00 2001 From: chris fedde Date: Thu, 8 Aug 2013 13:47:22 -0600 Subject: [PATCH 2/6] Deal with umask issues found by cfedde --- lib/Ubic/Admin/Setup.pm | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/lib/Ubic/Admin/Setup.pm b/lib/Ubic/Admin/Setup.pm index 37f9650..ddb3eda 100644 --- a/lib/Ubic/Admin/Setup.pm +++ b/lib/Ubic/Admin/Setup.pm @@ -179,6 +179,7 @@ sub setup { my $opt_sticky_777 = 1; my $opt_install_services = 1; my $opt_crontab = 1; + my $opt_umask = 0002; my $opt_local; # These options are documented in ubic-admin script POD. @@ -195,6 +196,7 @@ sub setup { 'sticky-777!' => \$opt_sticky_777, 'install-services!' => \$opt_install_services, 'crontab!' => \$opt_crontab, + 'crontab=i' => \$opt_umask, ) or die "Getopt failed"; die "Unexpected arguments '@ARGV'" if @ARGV; @@ -289,6 +291,20 @@ sub setup { print_tty "You're using local installation, so default service user will be set to '$default_user'.\n"; } + # muck about with the umask for this process + if (umask != $opt_umask) { + my $s_umask = sprintf ("%04o", umask); + my $t_umask = sprintf ("%04o", $opt_umask); + print_tty "\nUbic configuration typicaly needs to be readable by all users.\n"; + print_tty "So typicaly a generous umask is used so that the state\n"; + print_tty "and configuration are accessable to everyone.\n"; + print_tty "Of course this means that you should not put secrets into\n"; + print_tty "Ubic's configuration files.\n\n"; + print_tty "The current umask is $s_umask\n"; + umask $opt_umask if (prompt_bool("should the permissive $t_umask umask be used?", 1)); + printf ("%04o\n", umask); + } + my $enable_1777; if ($is_root) { print_tty "\nSystem-wide installations usually need to store service-related data\n"; From a57015c6ddc510d3c1af66137b7611eb6327afd3 Mon Sep 17 00:00:00 2001 From: chris fedde Date: Thu, 8 Aug 2013 21:57:15 -0600 Subject: [PATCH 3/6] fix option copy mistake --- lib/Ubic/Admin/Setup.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Ubic/Admin/Setup.pm b/lib/Ubic/Admin/Setup.pm index ddb3eda..58c13a3 100644 --- a/lib/Ubic/Admin/Setup.pm +++ b/lib/Ubic/Admin/Setup.pm @@ -196,7 +196,7 @@ sub setup { 'sticky-777!' => \$opt_sticky_777, 'install-services!' => \$opt_install_services, 'crontab!' => \$opt_crontab, - 'crontab=i' => \$opt_umask, + 'umask=i' => \$opt_umask, ) or die "Getopt failed"; die "Unexpected arguments '@ARGV'" if @ARGV; From 1f19961c77318cc8604d69644535c3a272f4e7f1 Mon Sep 17 00:00:00 2001 From: chris fedde Date: Thu, 8 Aug 2013 22:18:35 -0600 Subject: [PATCH 4/6] typos --- lib/Ubic/Manual/Intro.pod | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/Ubic/Manual/Intro.pod b/lib/Ubic/Manual/Intro.pod index e063067..05bd703 100644 --- a/lib/Ubic/Manual/Intro.pod +++ b/lib/Ubic/Manual/Intro.pod @@ -43,14 +43,14 @@ I and I. These contain the configuration and state of monitored processes. The ubic.watchdog daemon will be running and a cron job will be configured to watch the watchdog. -Confirm that all is running properly with I. You will see something like the following: +Confirm that all is running properly with C. You will see something like the following: ubic ubic.ping off ubic.update off ubic.watchdog running (pid 15320) -This shows a minimal default Ubic configuration. Running I will show the watchdog watching cron job. +This shows a minimal default Ubic configuration. Running C will show the watchdog watching cron job. * * * * * /usr/bin/ubic-watchdog ubic.watchdog >>/var/log/ubic/watchdog.log 2>>/var/log/ubic/watchdog.err.log From 20f20c12ee80d5f14ca5d9240cfcdcd522e19b36 Mon Sep 17 00:00:00 2001 From: chris fedde Date: Fri, 9 Aug 2013 12:55:00 -0600 Subject: [PATCH 5/6] default umask should be less permissive --- lib/Ubic/Admin/Setup.pm | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/Ubic/Admin/Setup.pm b/lib/Ubic/Admin/Setup.pm index 58c13a3..4f8685f 100644 --- a/lib/Ubic/Admin/Setup.pm +++ b/lib/Ubic/Admin/Setup.pm @@ -179,7 +179,7 @@ sub setup { my $opt_sticky_777 = 1; my $opt_install_services = 1; my $opt_crontab = 1; - my $opt_umask = 0002; + my $opt_umask = 0022; my $opt_local; # These options are documented in ubic-admin script POD. @@ -296,13 +296,12 @@ sub setup { my $s_umask = sprintf ("%04o", umask); my $t_umask = sprintf ("%04o", $opt_umask); print_tty "\nUbic configuration typicaly needs to be readable by all users.\n"; - print_tty "So typicaly a generous umask is used so that the state\n"; + print_tty "Typicaly a generous umask is used so that the state\n"; print_tty "and configuration are accessable to everyone.\n"; print_tty "Of course this means that you should not put secrets into\n"; print_tty "Ubic's configuration files.\n\n"; - print_tty "The current umask is $s_umask\n"; - umask $opt_umask if (prompt_bool("should the permissive $t_umask umask be used?", 1)); - printf ("%04o\n", umask); + print_tty "The current umask is $s_umask.\n"; + umask $opt_umask if (prompt_bool("Should the permissive $t_umask umask be used?", 1)); } my $enable_1777; From b5317efe6a3c0aa6631cd133b8832741393c2710 Mon Sep 17 00:00:00 2001 From: chris fedde Date: Fri, 9 Aug 2013 13:02:41 -0600 Subject: [PATCH 6/6] Point to the right manual page for discussion about start up options. --- lib/Ubic/Manual/Intro.pod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Ubic/Manual/Intro.pod b/lib/Ubic/Manual/Intro.pod index 05bd703..c1dbfec 100644 --- a/lib/Ubic/Manual/Intro.pod +++ b/lib/Ubic/Manual/Intro.pod @@ -55,7 +55,7 @@ This shows a minimal default Ubic configuration. Running C will * * * * * /usr/bin/ubic-watchdog ubic.watchdog >>/var/log/ubic/watchdog.log 2>>/var/log/ubic/watchdog.err.log With this configiguration no init.d script is needed. There are alternative -ways to deploy described in L. For this discussion +ways to deploy discussed in L. For this discussion we'll stick with these defaults. =head1 WRITE YOUR FIRST SERVICE