cloudron-box

Author	SHA1	Message	Date
Girish Ramakrishnan	fb6bf50e48	signal redis to backup using SAVE	2015-10-12 13:30:58 -07:00
Girish Ramakrishnan	b686d6e011	use latest docker images	2015-10-11 10:03:42 -07:00
Girish Ramakrishnan	93d210a754	Bump the graphite image	2015-10-10 09:57:07 -07:00
Girish Ramakrishnan	265ee15ac7	fix oldConfig madness There is a crash when: * App is configured. So, oldConfig now has {loc, access, portb } * Cloudron is restored. The restore code path accesses the oldConfig.manifest.addons. oldConfig is basically a messaging passing thing. It's not really a db field. With that spirit, we simply pass an empty message in setup_infra.sh	2015-10-09 11:59:25 -07:00
Girish Ramakrishnan	0e8553d1a7	code path applies to upgraded cloudrons as well	2015-10-09 11:08:54 -07:00
Girish Ramakrishnan	bc7e07f6a6	mail: not required to expose port 25	2015-10-09 09:56:37 -07:00
Girish Ramakrishnan	eb1e4a1aea	mail now runs on port 2500	2015-10-09 09:29:17 -07:00
Girish Ramakrishnan	dc3e8a9cb5	mail now runs on port 2500	2015-10-09 09:13:28 -07:00
Girish Ramakrishnan	6ca040149c	run addons as readonly	2015-10-08 11:07:28 -07:00
Girish Ramakrishnan	e487b9d46b	update mail image	2015-10-08 11:06:29 -07:00
Girish Ramakrishnan	1375e16ad2	mongodb: readonly rootfs	2015-10-08 10:24:15 -07:00
Girish Ramakrishnan	312f1f0085	mysql: readonly rootfs	2015-10-08 09:43:05 -07:00
Girish Ramakrishnan	721900fc47	postgresql: readonly rootfs	2015-10-08 09:20:25 -07:00
Girish Ramakrishnan	2d815a92a3	redis: use readonly rootfs	2015-10-08 09:00:43 -07:00
Girish Ramakrishnan	03d4ae9058	new base image 0.4.0	2015-09-28 19:33:58 -07:00
Girish Ramakrishnan	185b574bdc	Add custom apparmor profile for cloudron apps Docker generates an apparmor profile on the fly under /etc/apparmor.d/docker. This profile gets overwritten on every docker daemon start. This profile allows processes to ptrace themselves. This is required by circus (python process manager) for reasons unknown to me. It floods the logs with audit[7623]: <audit-1400> apparmor="DENIED" operation="ptrace" profile="docker-default" pid=7623 comm="python3.4" requested_mask="trace" denied_mask="trace" peer="docker-default" This is easily tested using: docker run -it cloudron/base:0.3.3 /bin/bash a) now do ps b) journalctl should show error log as above docker run --security-opt=apparmor:docker-cloudron-app -it cloudron/base:0.3.3 /bin/bash a) now do ps b) no error! Note that despite this, the process may not have ability to ptrace since it does not have CAP_PTRACE. Also, security-opt is the profile name (inside the apparmor config file) and not the filename. References: https://groups.google.com/forum/#!topic/docker-user/xvxpaceTCyw https://github.com/docker/docker/issues/7276 https://bugs.launchpad.net/ubuntu/+source/docker.io/+bug/1320869 This is an infra update because we need to recreate containers to get the right profile. Fixes #492	2015-09-21 11:01:44 -07:00
Girish Ramakrishnan	23a5a1f79f	timezone is already determined automatically using activation	2015-09-18 12:02:36 -07:00
Girish Ramakrishnan	8598fb444b	store timezone in config.js (part of provision data)	2015-09-16 15:54:56 -07:00
Girish Ramakrishnan	2719c4240f	Get oauth proxy port from the configs	2015-09-16 10:06:34 -07:00
Girish Ramakrishnan	5fcba59b3e	set memory limits for addons mysql, postgresql, mongodb - 100m each mail, graphite, redis (each instance) - 75m For reference, in yellowtent: mongo - 5m postgresql - 33m mysql - 3.5m mail: 26m graphite - 26m redis - 32m	2015-09-14 13:47:45 -07:00
Girish Ramakrishnan	8aff2b9e74	remove oauthproxy systemd configs	2015-09-14 12:02:38 -07:00
Girish Ramakrishnan	1cd9d07d8c	Merge apphealthtask into box server We used to run this as a separate process but no amount of node/v8 tweaking makes them run as standalone with 50M RSS. Three solutions were considered for the memory issue: 1. Use systemd timer. apphealthtask needs to run quiet frequently (10 sec) for the ui to get the app health update immediately after install. 2. Merge into box server (this commit) 3. Increase memory to 80M. This seems to make apphealthtask run as-is.	2015-09-14 10:52:11 -07:00
Girish Ramakrishnan	f028649582	Rename app.js to box.js	2015-09-14 10:43:47 -07:00
Girish Ramakrishnan	29e05b1caa	make janitor a systemd timer one process lesser	2015-09-11 18:43:51 -07:00
Girish Ramakrishnan	6945a712df	limit node memory usage node needs to be told how much space it can usage, otherwise it keeps allocating and we cannot keep it under 50M. keeping old space to 30M, lets the memory hover around 40M there are many options to v8 but I haven't explored them all: --expose_gc - allows scripts to call gc() --max_old_space_size=30 --max_semi_space_size=2048 (old/new space) node first allocates new objects in new space. if these objects are in use around for some time, it moves them to old space. the idea here is that it runs gc aggressively on new space since new objects die more than old ones. the new space is split into two halves of equal size called semi spaces. --gc_interval=100 --optimize_for_size --max_executable_size=5 --gc_global --stack_size=1024 http://erikcorry.blogspot.com/2012/11/memory-management-flags-in-v8.html http://jayconrod.com/posts/55/a-tour-of-v8-garbage-collection https://code.google.com/p/chromium/issues/detail?id=280984 http://stackoverflow.com/questions/30252905/nodejs-decrease-v8-garbage-collector-memory-usage http://www.appfruits.com/2014/08/running-node-js-on-arduino-yun/ note: this is not part of shebang because linux shebang does not support args! so we cannot pass node args as part of shebang.	2015-09-10 21:24:36 -07:00
Girish Ramakrishnan	03048d7d2f	set memorylimit for crashnotifier as well	2015-09-10 14:19:44 -07:00
Girish Ramakrishnan	26aefadfba	systemd: fix crashnotifier	2015-09-07 21:40:01 -07:00
Girish Ramakrishnan	51a28842cf	systemd: pass the instance name as argument	2015-09-07 21:16:22 -07:00
Girish Ramakrishnan	773c326eb7	systemd: just wait for 5 seconds for box to die	2015-09-07 20:58:14 -07:00
Girish Ramakrishnan	cb2fb026c5	systemd: do not restart crashnotifier	2015-09-07 20:54:58 -07:00
Girish Ramakrishnan	a4731ad054	200m is a more sane memory limit	2015-09-07 20:48:29 -07:00
Girish Ramakrishnan	aa33938fb5	systemd: fix config files	2015-09-07 20:46:32 -07:00
Girish Ramakrishnan	2a4c467ab8	systemd: Fix crashnotifier	2015-09-07 20:14:37 -07:00
Girish Ramakrishnan	6be6092c0e	Add memory limits on services	2015-09-07 19:16:34 -07:00
Girish Ramakrishnan	e76584b0da	Move from supervisor to systemd This removes logrotate as well since we use systemd logging	2015-09-07 14:31:25 -07:00
Johannes Zellner	212d0bd55a	Revert "Add hack for broken app backup tarballs" This reverts commit `9723951bfc`.	2015-08-31 21:44:24 -07:00
Girish Ramakrishnan	712ada940e	Add hack for broken app backup tarballs	2015-08-31 18:58:38 -07:00
Girish Ramakrishnan	291798f574	Pass along aws config for updates	2015-08-27 22:45:04 -07:00
Girish Ramakrishnan	b104843ae1	Add missing quotes to cloudron.conf	2015-08-27 20:15:04 -07:00
Johannes Zellner	ec21105c47	use backupKey from userData	2015-08-25 18:44:52 -07:00
Johannes Zellner	e6fd05c2bd	Support optional aws related userData	2015-08-25 17:52:01 -07:00
Girish Ramakrishnan	a760ef4d22	Rebase addons to use base image 0.3.3	2015-08-24 10:19:18 -07:00
Girish Ramakrishnan	15c9d8682e	Base image is now 0.3.3	2015-08-18 15:43:50 -07:00
Girish Ramakrishnan	9266302c4c	Print graphite container id	2015-08-13 15:57:36 -07:00
Girish Ramakrishnan	755dce7bc4	fix graph issue finally	2015-08-13 15:54:27 -07:00
Girish Ramakrishnan	dd3e38ae55	Use latest graphite	2015-08-13 15:53:36 -07:00
Girish Ramakrishnan	9dfaa2d20f	Create symlink in start.sh (and not container setup)	2015-08-13 15:36:21 -07:00
Girish Ramakrishnan	d6a4ff23e2	restart mysql in start.sh and not container setup	2015-08-13 15:16:01 -07:00
Girish Ramakrishnan	c2ab7e2c1f	restart collectd	2015-08-13 15:04:57 -07:00
Girish Ramakrishnan	b9e4662dbb	fix graphs again	2015-08-13 15:03:44 -07:00

1 2

75 Commits