From f778316b5acb93c0b921c6c2608fb0c41fb8a347 Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Fri, 15 Sep 2023 14:35:34 -0400 Subject: [PATCH] uwsgi: Ensure that the master process cannot load the application. The rolling restart configuration of uwsgi attempted to re-chdir the CWD to the new `/home/zulip/deployments/current` before `lazy-apps` loaded the application in the forked child. It successfully did so -- however, the "main" process was still running in the original `/home/zulip/deployments/current`, which somehow (?) tainted the search path of the children processes. Set the parent uwsgi process to start in `/`, so that the old deploy directory cannot taint the load order of later children processes. --- puppet/zulip/templates/uwsgi.ini.template.erb | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/puppet/zulip/templates/uwsgi.ini.template.erb b/puppet/zulip/templates/uwsgi.ini.template.erb index 5e1195b24c..825d578547 100644 --- a/puppet/zulip/templates/uwsgi.ini.template.erb +++ b/puppet/zulip/templates/uwsgi.ini.template.erb @@ -7,8 +7,10 @@ env=LANG=C.UTF-8 uid=zulip gid=zulip -# Where the main application is located -chdir=/home/zulip/deployments/current/ +# We run the main process in /, and chdir to the current "current" +# directory in each forked process +chdir=/ +hook-post-fork=chdir:/home/zulip/deployments/current # lazy-apps means that the application is loaded after forking (and # thus chdir'ing). This lets us do rolling restarts into new @@ -29,7 +31,7 @@ chown-socket=zulip:zulip socket=/home/zulip/deployments/uwsgi-socket listen=<%= @uwsgi_listen_backlog_limit %> -# Create a control socket, allowing fancier runtime control +# Create a control socket, allowing rolling restarts ("chain reloading"). master-fifo=/home/zulip/deployments/uwsgi-control @@ -64,14 +66,6 @@ post-buffering=4096 stats=/home/zulip/deployments/uwsgi-stats -<% if @uwsgi_rolling_restart -%> -# If we are doing a rolling restart, re-chdir to the current "current" -# directory in each forked process -hook-post-fork=chdir:/home/zulip/deployments/current - - - -<% end -%> # Silence warnings from clients closing their connection early ignore-sigpipe = true ignore-write-errors = true