cadey
/
nim-wiki
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Updated Tutorial: Creating a (micro) service (asciidoc)

This commit is contained in:
Federico Ceratto 2017-05-10 21:22:15 +01:00
parent 665fe8cae9
commit f0318961dc
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Tutorial:-Creating-a-(micro)-service.asciidoc
View File

@ -36,6 +36,8 @@ onSignal(SIGABRT):
# Add handlers for SIGSTOP, SIGQUIT as needed # Add handlers for SIGSTOP, SIGQUIT as needed
let conf = parseFile(config_file_name) let conf = parseFile(config_file_name)
# Traditional logging to file. To use the more featureful journald you might
# use https://github.com/FedericoCeratto/nim-morelogging
let fl = newFileLogger(conf["log_fname"].str, fmtStr = "$datetime $levelname ") let fl = newFileLogger(conf["log_fname"].str, fmtStr = "$datetime $levelname ")
fl.addHandler fl.addHandler
@ -54,7 +56,7 @@ when isMainModule:
=== Example templates === Example templates
Create /var/lib/myservicename/temaplates/base.tmpl Simple HTML templates. Create /var/lib/myservicename/temaplates/base.tmpl
[source,nim] [source,nim]
---- ----
#? stdtmpl | standard #? stdtmpl | standard
@ -98,6 +100,7 @@ Create /lib/systemd/system/myservicename.service file. Configure CapabilityBound
---- ----
[Unit] [Unit]
Description=myservicename Description=myservicename
# Optional documentation hints
Documentation=man:myservicename Documentation=man:myservicename
Documentation=https://github.com/REPLACEME/myservicename Documentation=https://github.com/REPLACEME/myservicename
After=network.target httpd.service squid.service nfs-server.service mysqld.service named.service postfix.service After=network.target httpd.service squid.service nfs-server.service mysqld.service named.service postfix.service
@ -106,8 +109,11 @@ Wants=network-online.target
[Service] [Service]
Type=simple Type=simple
WorkingDirectory=/var/lib/myservicedir/ WorkingDirectory=/var/lib/myservicedir/
# stdbuf buffers the stdout in order not to block your application
ExecStart=/usr/bin/stdbuf -oL /var/lib/myservicedir/myservicename ExecStart=/usr/bin/stdbuf -oL /var/lib/myservicedir/myservicename
# wait 10s when stopping
TimeoutStopSec=10 TimeoutStopSec=10
# SIGTERM the master process and later on SIGKILL any stray process
KillMode=mixed KillMode=mixed
KillSignal=SIGTERM KillSignal=SIGTERM
@ -120,13 +126,17 @@ LimitNOFILE=65536
# Hardening # Hardening
NoNewPrivileges=yes NoNewPrivileges=yes
# Set process capabilities. Fine-tune as needed.
CapabilityBoundingSet=CAP_DAC_READ_SEARCH CapabilityBoundingSet=CAP_DAC_READ_SEARCH
# Create private /dev /tmp /home to isolate the process
PrivateDevices=yes PrivateDevices=yes
PrivateTmp=yes PrivateTmp=yes
ProtectHome=yes ProtectHome=yes
ProtectSystem=full ProtectSystem=full
# Log any stdout/stderr to syslog/journald
StandardOutput=syslog+console StandardOutput=syslog+console
StandardError=syslog+console StandardError=syslog+console
# Allow RW access to some dirs. Add yours as needed.
ReadWriteDirectories=/proc/self ReadWriteDirectories=/proc/self
ReadWriteDirectories=-/var/run ReadWriteDirectories=-/var/run
@ -134,6 +144,7 @@ ReadWriteDirectories=-/var/run
WantedBy=multi-user.target WantedBy=multi-user.target
---- ----
An example variable config file for your application.
Create /var/lib/myservicedir/conf.json Create /var/lib/myservicedir/conf.json
[source,json] [source,json]
---- ----