aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJimmy Olgeni <olgeni@FreeBSD.org>2022-03-11 07:22:02 +0000
committerJimmy Olgeni <olgeni@FreeBSD.org>2022-03-11 07:22:43 +0000
commit0b0963234709b713a02afd660465649cb88a6da1 (patch)
tree488576481033873cdcacb81b0a703a565c47798d
parent9b7b7746fac501b001ff1ced3d27448331fcc72d (diff)
downloadports-0b0963234709b713a02afd660465649cb88a6da1.tar.gz
ports-0b0963234709b713a02afd660465649cb88a6da1.zip
net/nats-server: improve rc.d
- Add nats to UIDs and GIDs - Add extra commands for logrotate and 'lame duck mode'. From the docs: In production we recommend that a server is shut down with "lame duck mode" as a graceful way to slowly evict clients. With large deployments this mitigates the "thundering herd" situation that will place CPU pressure on servers as TLS enabled clients reconnect. After entering lame duck mode, the server will stop accepting new connections, wait for a 10 second grace period, then begin to evict clients over a period of time configurable by the configuration option. This period defaults to 2 minutes.
-rw-r--r--GIDs2
-rw-r--r--UIDs2
-rw-r--r--UPDATING8
-rw-r--r--net/nats-server/Makefile3
-rw-r--r--net/nats-server/files/nats.sh.in23
5 files changed, 32 insertions, 6 deletions
diff --git a/GIDs b/GIDs
index eebd84687876..18c8f8438f09 100644
--- a/GIDs
+++ b/GIDs
@@ -244,7 +244,7 @@ openvpn:*:301:
netdata:*:302:
onlyoffice:*:303:www
glewlwyd:*:304:
-# free: 305
+nats:*:305:
# free: 306
# free: 307
# free: 308
diff --git a/UIDs b/UIDs
index afe7e28a40de..acdac4f39461 100644
--- a/UIDs
+++ b/UIDs
@@ -249,7 +249,7 @@ openvpn:*:301:301::0:0:OpenVPN pseudo-user:/nonexistent:/usr/sbin/nologin
netdata:*:302:302::0:0:NetData Daemon:/var/cache/netdata:/usr/sbin/nologin
onlyoffice:*:303:303::0:0:Onlyoffice pseudo-user:/usr/local/www/onlyoffice/documentserver:/usr/sbin/nologin
glewlwyd:*:304:304::0:0:Glewlwyd SSO server:/nonexistent:/usr/sbin/nologin
-# free: 305
+nats:*:305:305::0:0:NATS Daemon:/nonexistent:/usr/sbin/nologin
# free: 306
# free: 307
# free: 308
diff --git a/UPDATING b/UPDATING
index 8144db70b5ef..c8e7bc2e9d04 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,14 @@ they are unavoidable.
You should get into the habit of checking this file for changes each time
you update your ports collection, before attempting any port upgrades.
+20220311:
+ AFFECTS: users of net/nats-server
+ AUTHOR: olgeni@FreeBSD.org
+
+ A dedicated 'nats' user was added, replacing 'nobody' in the startup script.
+ You should check your configuration and assign updated ownership to your data
+ files.
+
20220227:
AFFECTS: users of graphics/bmeps
AUTHOR: takefu@airport.fm
diff --git a/net/nats-server/Makefile b/net/nats-server/Makefile
index 34a7d0b7e46a..22fe5f41e783 100644
--- a/net/nats-server/Makefile
+++ b/net/nats-server/Makefile
@@ -1,6 +1,7 @@
PORTNAME= nats-server
PORTVERSION= 2.7.3
DISTVERSIONPREFIX= v
+PORTREVISION= 1
CATEGORIES= net
MAINTAINER= olgeni@FreeBSD.org
@@ -26,6 +27,8 @@ GH_TUPLE= golang:crypto:5e0467b6c7ce:golang_crypto/vendor/golang.org/x/crypto \
protocolbuffers:protobuf-go:v1.23.0:protocolbuffers_protobuf_go/vendor/google.golang.org/protobuf
USE_RC_SUBR= nats.sh
+USERS= nats
+GROUPS= nats
OPTIONS_DEFINE= DOCS
diff --git a/net/nats-server/files/nats.sh.in b/net/nats-server/files/nats.sh.in
index d78177158c26..f1c4fdc9664d 100644
--- a/net/nats-server/files/nats.sh.in
+++ b/net/nats-server/files/nats.sh.in
@@ -8,7 +8,8 @@
#
# nats_enable (bool): Set it to "YES" to enable nats server.
# Default is "NO".
-# nats_user: User name to run as. default "nobody"
+# nats_user: User name to run as. default "nats"
+# nats_group: Group name to run as. default "nats"
# nats_options: Options to pass nats server
#
@@ -18,12 +19,26 @@ name=nats
rcvar=`set_rcvar`
load_rc_config ${name}
+
: ${nats_enable:=NO}
-: ${nats_user:=nobody}
+: ${nats_user:=nats}
+: ${nats_group:=nats}
: ${nats_options="-c %%PREFIX%%/etc/nats.conf"}
-command=/usr/sbin/daemon
+start_precmd=nats_start_precmd
+
+pidfile="/var/run/${name}.pid"
procname=%%PREFIX%%/bin/nats-server
-command_args="${procname} ${nats_options}"
+command=/usr/sbin/daemon
+command_args="-p ${pidfile} ${procname} ${nats_options}"
+
+extra_commands="logrotate ldm"
+logrotate_cmd="${procname} --signal reopen=${pidfile}"
+ldm_cmd="${procname} --signal ldm=${pidfile}"
+
+nats_start_precmd()
+{
+ install -o ${nats_user} -g ${nats_group} /dev/null ${pidfile}
+}
run_rc_command "$1"