diff options
author | Jimmy Olgeni <olgeni@FreeBSD.org> | 2022-03-11 07:22:02 +0000 |
---|---|---|
committer | Jimmy Olgeni <olgeni@FreeBSD.org> | 2022-03-11 07:22:43 +0000 |
commit | 0b0963234709b713a02afd660465649cb88a6da1 (patch) | |
tree | 488576481033873cdcacb81b0a703a565c47798d | |
parent | 9b7b7746fac501b001ff1ced3d27448331fcc72d (diff) | |
download | ports-0b0963234709b713a02afd660465649cb88a6da1.tar.gz ports-0b0963234709b713a02afd660465649cb88a6da1.zip |
net/nats-server: improve rc.d
- Add nats to UIDs and GIDs
- Add extra commands for logrotate and 'lame duck mode'.
From the docs:
In production we recommend that a server is shut down with "lame duck mode"
as a graceful way to slowly evict clients. With large deployments this
mitigates the "thundering herd" situation that will place CPU pressure on
servers as TLS enabled clients reconnect.
After entering lame duck mode, the server will stop accepting new
connections, wait for a 10 second grace period, then begin to evict clients
over a period of time configurable by the configuration option. This
period defaults to 2 minutes.
-rw-r--r-- | GIDs | 2 | ||||
-rw-r--r-- | UIDs | 2 | ||||
-rw-r--r-- | UPDATING | 8 | ||||
-rw-r--r-- | net/nats-server/Makefile | 3 | ||||
-rw-r--r-- | net/nats-server/files/nats.sh.in | 23 |
5 files changed, 32 insertions, 6 deletions
@@ -244,7 +244,7 @@ openvpn:*:301: netdata:*:302: onlyoffice:*:303:www glewlwyd:*:304: -# free: 305 +nats:*:305: # free: 306 # free: 307 # free: 308 @@ -249,7 +249,7 @@ openvpn:*:301:301::0:0:OpenVPN pseudo-user:/nonexistent:/usr/sbin/nologin netdata:*:302:302::0:0:NetData Daemon:/var/cache/netdata:/usr/sbin/nologin onlyoffice:*:303:303::0:0:Onlyoffice pseudo-user:/usr/local/www/onlyoffice/documentserver:/usr/sbin/nologin glewlwyd:*:304:304::0:0:Glewlwyd SSO server:/nonexistent:/usr/sbin/nologin -# free: 305 +nats:*:305:305::0:0:NATS Daemon:/nonexistent:/usr/sbin/nologin # free: 306 # free: 307 # free: 308 @@ -5,6 +5,14 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20220311: + AFFECTS: users of net/nats-server + AUTHOR: olgeni@FreeBSD.org + + A dedicated 'nats' user was added, replacing 'nobody' in the startup script. + You should check your configuration and assign updated ownership to your data + files. + 20220227: AFFECTS: users of graphics/bmeps AUTHOR: takefu@airport.fm diff --git a/net/nats-server/Makefile b/net/nats-server/Makefile index 34a7d0b7e46a..22fe5f41e783 100644 --- a/net/nats-server/Makefile +++ b/net/nats-server/Makefile @@ -1,6 +1,7 @@ PORTNAME= nats-server PORTVERSION= 2.7.3 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= net MAINTAINER= olgeni@FreeBSD.org @@ -26,6 +27,8 @@ GH_TUPLE= golang:crypto:5e0467b6c7ce:golang_crypto/vendor/golang.org/x/crypto \ protocolbuffers:protobuf-go:v1.23.0:protocolbuffers_protobuf_go/vendor/google.golang.org/protobuf USE_RC_SUBR= nats.sh +USERS= nats +GROUPS= nats OPTIONS_DEFINE= DOCS diff --git a/net/nats-server/files/nats.sh.in b/net/nats-server/files/nats.sh.in index d78177158c26..f1c4fdc9664d 100644 --- a/net/nats-server/files/nats.sh.in +++ b/net/nats-server/files/nats.sh.in @@ -8,7 +8,8 @@ # # nats_enable (bool): Set it to "YES" to enable nats server. # Default is "NO". -# nats_user: User name to run as. default "nobody" +# nats_user: User name to run as. default "nats" +# nats_group: Group name to run as. default "nats" # nats_options: Options to pass nats server # @@ -18,12 +19,26 @@ name=nats rcvar=`set_rcvar` load_rc_config ${name} + : ${nats_enable:=NO} -: ${nats_user:=nobody} +: ${nats_user:=nats} +: ${nats_group:=nats} : ${nats_options="-c %%PREFIX%%/etc/nats.conf"} -command=/usr/sbin/daemon +start_precmd=nats_start_precmd + +pidfile="/var/run/${name}.pid" procname=%%PREFIX%%/bin/nats-server -command_args="${procname} ${nats_options}" +command=/usr/sbin/daemon +command_args="-p ${pidfile} ${procname} ${nats_options}" + +extra_commands="logrotate ldm" +logrotate_cmd="${procname} --signal reopen=${pidfile}" +ldm_cmd="${procname} --signal ldm=${pidfile}" + +nats_start_precmd() +{ + install -o ${nats_user} -g ${nats_group} /dev/null ${pidfile} +} run_rc_command "$1" |