ehmry
/
nix-processmgmt-services
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Create abstraction function for Apache Tomcat providing the DisnixWebService, improve dbus service integration

This commit is contained in:
Sander van der Burg 2021-03-04 21:12:28 +01:00 committed by Sander van der Burg
parent 72a510c26b
commit df31224348
11 changed files with 211 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
example-deployments/disnix/processes-bare.nix
View File

@ -30,7 +30,7 @@ rec {
dbus-daemon = { dbus-daemon = {
pkg = constructors.dbus-daemon { pkg = constructors.dbus-daemon {
packages = [ pkgs.disnix ]; services = [ disnix-service ];
}; };
}; };

2
example-deployments/disnix/processes-with-apache-mysql.nix
View File

@ -30,7 +30,7 @@ rec {
dbus-daemon = { dbus-daemon = {
pkg = constructors.dbus-daemon { pkg = constructors.dbus-daemon {
packages = [ pkgs.disnix ]; services = [ disnix-service ];
}; };
}; };

52
example-deployments/disnix/processes-with-tomcat-mysql.nix Normal file
View File

@ -0,0 +1,52 @@
{ pkgs ? import <nixpkgs> { inherit system; }
, system ? builtins.currentSystem
, stateDir ? "/var"
, runtimeDir ? "${stateDir}/run"
, logDir ? "${stateDir}/log"
, spoolDir ? "${stateDir}/spool"
, cacheDir ? "${stateDir}/cache"
, tmpDir ? (if stateDir == "/var" then "/tmp" else "${stateDir}/tmp")
, forceDisableUserChange ? false
, processManager
}:
let
constructors = import ../../services-agnostic/constructors.nix {
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
};
containerProviderConstructors = import ../../service-containers-agnostic/constructors.nix {
inherit pkgs stateDir runtimeDir logDir tmpDir cacheDir spoolDir forceDisableUserChange processManager;
};
in
rec {
sshd = {
pkg = constructors.sshd {
extraSSHDConfig = ''
UsePAM yes
'';
};
};
dbus-daemon = {
pkg = constructors.dbus-daemon {
services = [ disnix-service ];
};
};
tomcat = containerProviderConstructors.disnixAppservingTomcat {
webapps = [
pkgs.tomcat9.webapps # Include the Tomcat example and management applications
];
};
mysql = containerProviderConstructors.mysql {};
disnix-service = {
pkg = constructors.disnix-service {
inherit dbus-daemon;
containerProviders = [ tomcat mysql ];
authorizedUsers = [ tomcat.name ];
};
};
}

15
service-containers-agnostic/apache-tomcat/disnix-appserving-tomcat.nix Normal file
View File

@ -0,0 +1,15 @@
{tomcatConstructorFun, lib, tomcat, libmatthew_java, dbus_java, DisnixWebService, dysnomia, stateDir}:
args:
import ./simple-appserving-tomcat.nix {
inherit tomcatConstructorFun lib tomcat dysnomia stateDir;
} (args // {
javaOpts = lib.optionalString (args ? javaOpts) "${args.javaOpts} " + "-Djava.library.path=${libmatthew_java}/lib/jni";
sharedLibs = args.sharedLibs or [] ++ [
"${DisnixWebService}/share/java/DisnixConnection.jar"
"${dbus_java}/share/java/dbus.jar"
];
webapps = args.webapps or [ tomcat.webapps ]
++ [ DisnixWebService ];
})

8
service-containers-agnostic/apache-tomcat/simple-appserving-tomcat.nix
View File

@ -1,11 +1,15 @@
{tomcatConstructorFun, lib, dysnomia, stateDir}: {tomcatConstructorFun, lib, tomcat, dysnomia, stateDir}:
{ instanceSuffix ? "" { instanceSuffix ? ""
, instanceName ? "tomcat${instanceSuffix}" , instanceName ? "tomcat${instanceSuffix}"
, containerName ? "tomcat-webapplication${instanceSuffix}" , containerName ? "tomcat-webapplication${instanceSuffix}"
, serverPort ? 8005 , serverPort ? 8005
, httpPort ? 8080, httpsPort ? 8443, ajpPort ? 8009 , httpPort ? 8080, httpsPort ? 8443, ajpPort ? 8009
, javaOpts ? ""
, catalinaOpts ? ""
, commonLibs ? [] , commonLibs ? []
, sharedLibs ? []
, webapps ? [ tomcat.webapps ]
, type ? null , type ? null
, properties ? {} , properties ? {}
}: }:
@ -14,7 +18,7 @@ let
catalinaBaseDir = "${stateDir}/${instanceName}"; catalinaBaseDir = "${stateDir}/${instanceName}";
pkg = tomcatConstructorFun { pkg = tomcatConstructorFun {
inherit instanceName serverPort httpPort httpsPort ajpPort commonLibs; inherit instanceName serverPort httpPort httpsPort ajpPort javaOpts catalinaOpts commonLibs sharedLibs webapps;
postInstall = '' postInstall = ''
# Add Dysnomia container configuration file for a Tomcat web application # Add Dysnomia container configuration file for a Tomcat web application

11
service-containers-agnostic/constructors.nix
View File

@ -28,7 +28,16 @@ in
simpleAppservingTomcat = import ./apache-tomcat/simple-appserving-tomcat.nix { simpleAppservingTomcat = import ./apache-tomcat/simple-appserving-tomcat.nix {
inherit stateDir; inherit stateDir;
inherit (pkgs) lib; inherit (pkgs) lib tomcat;
tomcatConstructorFun = constructors.simpleAppservingTomcat;
dysnomia = pkgs.dysnomia.override (origArgs: {
enableTomcatWebApplication = true;
});
};
disnixAppservingTomcat = import ./apache-tomcat/disnix-appserving-tomcat.nix {
inherit stateDir;
inherit (pkgs) lib tomcat libmatthew_java dbus_java DisnixWebService;
tomcatConstructorFun = constructors.simpleAppservingTomcat; tomcatConstructorFun = constructors.simpleAppservingTomcat;
dysnomia = pkgs.dysnomia.override (origArgs: { dysnomia = pkgs.dysnomia.override (origArgs: {
enableTomcatWebApplication = true; enableTomcatWebApplication = true;

18
services-agnostic/apache-tomcat/default.nix
View File

@ -1,5 +1,13 @@
{createManagedProcess, lib, tomcat, jre, stateDir, runtimeDir, tmpDir, forceDisableUserChange, commonLibs ? []}: {createManagedProcess, lib, tomcat, jre, stateDir, runtimeDir, tmpDir, forceDisableUserChange}:
{instanceSuffix ? "", instanceName ? "tomcat${instanceSuffix}", tomcatConfigFiles, postInstall ? ""}:
{ instanceSuffix ? ""
, instanceName ? "tomcat${instanceSuffix}"
, tomcatConfigFiles
, javaOpts ? ""
, catalinaOpts ? ""
, commonLibs ? []
, postInstall ? ""
}:
let let
baseDir = "${stateDir}/${instanceName}"; baseDir = "${stateDir}/${instanceName}";
@ -15,6 +23,8 @@ createManagedProcess rec {
args = [ "run" ]; args = [ "run" ];
environment = { environment = {
JRE_HOME = jre; JRE_HOME = jre;
JAVA_OPTS = javaOpts;
CATALINA_OPTS = catalinaOpts;
CATALINA_TMPDIR = tmpDir; CATALINA_TMPDIR = tmpDir;
CATALINA_BASE = baseDir; CATALINA_BASE = baseDir;
CATALINA_PID = pidFile; CATALINA_PID = pidFile;
@ -36,7 +46,7 @@ createManagedProcess rec {
if [ -f "$i" ] if [ -f "$i" ]
then then
# If the given web application is a file, symlink it into the common/lib/ directory # If the given web application is a file, symlink it into the common/lib/ directory
ln -sfn $i ${baseDir}/lib/$(basename $i) ln -sfn "$i" ${baseDir}/lib/$(basename "$i")
elif [ -d "$i" ] elif [ -d "$i" ]
then then
# If the given web application is a directory, then iterate over the files # If the given web application is a directory, then iterate over the files
@ -44,7 +54,7 @@ createManagedProcess rec {
for j in $i/lib/* for j in $i/lib/*
do do
ln -sfn $j ${baseDir}/lib/$(basename $j) ln -sfn "$j" ${baseDir}/lib/$(basename "$j")
done done
fi fi
done done

66
services-agnostic/apache-tomcat/simple-appserving-tomcat.nix
View File

@ -1,4 +1,4 @@
{createManagedProcess, stdenv, tomcat, jre, stateDir, runtimeDir, tmpDir, forceDisableUserChange}: {createManagedProcess, stdenv, lib, tomcat, jre, stateDir, runtimeDir, tmpDir, forceDisableUserChange}:
{ instanceSuffix ? "" { instanceSuffix ? ""
, instanceName ? "tomcat${instanceSuffix}" , instanceName ? "tomcat${instanceSuffix}"
@ -6,7 +6,11 @@
, httpPort ? 8080 , httpPort ? 8080
, httpsPort ? 8443 , httpsPort ? 8443
, ajpPort ? 8009 , ajpPort ? 8009
, javaOpts ? ""
, catalinaOpts ? ""
, commonLibs ? [] , commonLibs ? []
, sharedLibs ? []
, webapps ? [ tomcat.webapps ]
, postInstall ? "" , postInstall ? ""
}: }:
@ -17,6 +21,7 @@ let
mkdir -p $out mkdir -p $out
cd $out cd $out
# Generate Tomcat configuration
mkdir conf mkdir conf
cp ${tomcat}/conf/* conf cp ${tomcat}/conf/* conf
sed -i \ sed -i \
@ -26,13 +31,64 @@ let
-e 's|<Connector port="8009" protocol="AJP/1.3"|<Connector port="${toString ajpPort}" protocol="AJP/1.3"|' \ -e 's|<Connector port="8009" protocol="AJP/1.3"|<Connector port="${toString ajpPort}" protocol="AJP/1.3"|' \
conf/server.xml conf/server.xml
mkdir webapps # Create a modified catalina.properties file
cp -av ${tomcat.webapps}/webapps/* webapps # Change all references from CATALINA_HOME to CATALINA_BASE to support loading files from our mutable state directory
# and add support for shared libraries
chmod 644 conf/catalina.properties
sed -i \
-e 's|''${catalina.home}|''${catalina.base}|g' \
-e 's|shared.loader=|shared.loader=''${catalina.base}/shared/lib/*.jar|' \
conf/catalina.properties
# Symlink all shared libraries
${lib.optionalString (sharedLibs != []) ''
mkdir -p shared/lib
for i in ${toString sharedLibs}
do
if [ -f "$i" ]
then
ln -sfn "$i" shared/lib
elif [ -d "$i" ]
then
for j in $i/shared/lib/*
do
ln -sfn $i/shared/lib/$(basename "$j") shared/lib
done
fi
done
''}
# Symlink all configured webapps
mkdir -p webapps
for i in ${toString webapps}
do
if [ -f "$i" ]
then
ln -sfn "$i" webapps
elif [ -d "$i" ]
then
for j in $i/webapps/*
do
ln -sfn $i/webapps/$(basename "$j") webapps
# Also symlink the configuration files if they are included
if [ -d $i/conf/Catalina ]
then
for j in $i/conf/Catalina/*
do
mkdir -p $out/conf/Catalina/localhost
ln -sfn $j $out/conf/Catalina/localhost/`basename $j`
done
fi
done
fi
done
''; '';
}; };
in in
import ./default.nix { import ./default.nix {
inherit createManagedProcess stdenv tomcat jre stateDir runtimeDir tmpDir forceDisableUserChange commonLibs; inherit createManagedProcess lib tomcat jre stateDir runtimeDir tmpDir forceDisableUserChange;
} { } {
inherit tomcatConfigFiles instanceName postInstall; inherit tomcatConfigFiles instanceName javaOpts catalinaOpts commonLibs postInstall;
} }

4
services-agnostic/constructors.nix
View File

@ -41,7 +41,7 @@ in
simpleAppservingTomcat = import ./apache-tomcat/simple-appserving-tomcat.nix { simpleAppservingTomcat = import ./apache-tomcat/simple-appserving-tomcat.nix {
inherit createManagedProcess stateDir runtimeDir tmpDir forceDisableUserChange; inherit createManagedProcess stateDir runtimeDir tmpDir forceDisableUserChange;
inherit (pkgs) stdenv; inherit (pkgs) stdenv lib;
jre = pkgs.jre8; jre = pkgs.jre8;
tomcat = pkgs.tomcat9; tomcat = pkgs.tomcat9;
}; };
@ -53,7 +53,7 @@ in
disnix-service = import ./disnix-service { disnix-service = import ./disnix-service {
inherit createManagedProcess processManager nix-processmgmt; inherit createManagedProcess processManager nix-processmgmt;
inherit (pkgs) stdenv lib writeTextFile nix disnix dysnomia inetutils; inherit (pkgs) stdenv lib writeTextFile nix disnix dysnomia inetutils findutils;
}; };
docker = import ./docker { docker = import ./docker {

18
services-agnostic/dbus-daemon/default.nix
View File

@ -1,5 +1,5 @@
{createManagedProcess, lib, writeTextFile, dbus, stateDir, runtimeDir}: {createManagedProcess, lib, writeTextFile, dbus, stateDir, runtimeDir}:
{extraConfig ? "", packages ? []}: {extraConfig ? "", busType ? "system", services ? []}:
let let
user = "messagebus"; user = "messagebus";
@ -15,7 +15,7 @@ let
<busconfig> <busconfig>
<!-- Our well-known bus type, do not change this --> <!-- Our well-known bus type, do not change this -->
<type>system</type> <type>${busType}</type>
<!-- Run as special user --> <!-- Run as special user -->
<user>${user}</user> <user>${user}</user>
@ -82,11 +82,15 @@ let
</policy> </policy>
<!-- Generate service and include directories for each package --> <!-- Generate service and include directories for each package -->
${lib.concatMapStrings (package: '' ${lib.concatMapStrings (service:
<servicedir>${package}/share/dbus-1/system-services</servicedir> let
<includedir>${package}/etc/dbus-1/system.d</includedir> inherit (service) pkg;
<includedir>${package}/share/dbus-1/system.d</includedir> in
'') packages} ''
<servicedir>${pkg}/share/dbus-1/system-services</servicedir>
<includedir>${pkg}/etc/dbus-1/system.d</includedir>
<includedir>${pkg}/share/dbus-1/system.d</includedir>
'') services}
<!-- Extra configuration options --> <!-- Extra configuration options -->
${extraConfig} ${extraConfig}

40
services-agnostic/disnix-service/default.nix
View File

@ -1,4 +1,4 @@
{createManagedProcess, stdenv, lib, writeTextFile, nix, disnix, dysnomia, inetutils, processManager, nix-processmgmt}: {createManagedProcess, stdenv, lib, writeTextFile, nix, disnix, dysnomia, inetutils, findutils, processManager, nix-processmgmt}:
{ dbus-daemon ? null { dbus-daemon ? null
, dysnomiaProperties ? {} , dysnomiaProperties ? {}
@ -6,6 +6,7 @@
, containerProviders ? [] , containerProviders ? []
, extraDysnomiaContainersPath ? [] , extraDysnomiaContainersPath ? []
, processManagerContainerSettings ? {} , processManagerContainerSettings ? {}
, authorizedUsers ? []
}: }:
let let
@ -21,7 +22,7 @@ in
createManagedProcess { createManagedProcess {
name = "disnix-service"; name = "disnix-service";
process = "${disnix}/bin/disnix-service"; process = "${disnix}/bin/disnix-service";
path = [ nix dysnomiaPkg disnix inetutils ]; path = [ nix dysnomiaPkg disnix inetutils findutils ];
environment = import ./dysnomia-env.nix { environment = import ./dysnomia-env.nix {
inherit stdenv lib writeTextFile nix-processmgmt processManager dysnomiaProperties dysnomiaContainers containerProviders extraDysnomiaContainersPath processManagerContainerSettings; inherit stdenv lib writeTextFile nix-processmgmt processManager dysnomiaProperties dysnomiaContainers containerProviders extraDysnomiaContainersPath processManagerContainerSettings;
}; };
@ -40,4 +41,39 @@ createManagedProcess {
runlevels = [ 2 3 4 5 ]; runlevels = [ 2 3 4 5 ];
}; };
}; };
# Add dbus service configuration file
postInstall = ''
mkdir -p $out/share/dbus-1/system.d
cat > $out/share/dbus-1/system.d/disnix.conf <<EOF
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow own="org.nixos.disnix.Disnix"/>
<allow send_destination="org.nixos.disnix.Disnix"/>
<allow send_interface="org.nixos.disnix.Disnix"/>
</policy>
<policy group="disnix">
<deny own="org.nixos.disnix.Disnix"/>
<allow send_destination="org.nixos.disnix.Disnix"/>
<allow send_interface="org.nixos.disnix.Disnix"/>
</policy>
<policy context="default">
<deny own="org.nixos.disnix.Disnix"/>
<deny send_destination="org.nixos.disnix.Disnix"/>
<deny send_interface="org.nixos.disnix.Disnix"/>
</policy>
${lib.concatMapStrings (authorizedUser: ''
<policy user="${authorizedUser}">
<allow own="org.nixos.disnix.Disnix"/>
<allow send_destination="org.nixos.disnix.Disnix"/>
<allow send_interface="org.nixos.disnix.Disnix"/>
</policy>
'') authorizedUsers}
</busconfig>
EOF
'';
} }