[prev in list] [next in list] [prev in thread] [next in thread]
List: nix-dev
Subject: Re: [Nix-dev] Why nginx config isn't placed into /etc/nginx/nginx.conf?
From: zimbatm <zimbatm () zimbatm ! com>
Date: 2016-08-09 22:33:03
Message-ID: CANEP-f7X1TkJ-ZTQM2DnPdoPCKmasVJ7QN=EEfr+5druRbjvQw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Just put haproxy in front and then.. oh wait, what if the haproxy
configuration changes? :p
Since systemd already does socket activation it would be nice if it could
also start a new process before sending the SIGTERM to the old one. The old
process would the stop accepting new connection but have a delay to handle
the existing clients connection.
On Tue, 9 Aug 2016, 23:19 Layus, <layus.on@gmail.com> wrote:
> Would you mind expanding on these two reasons ?
>
> If I understand you well, the first is about using reload instead of
> restart.
> I guess it is useful for shorter downtimes, or even to avoid breaking
> existing connections, right ?
> This seems like a valid point to me. We could try to improve this.
>
> But I do not understand your second concern.
>
> Regards,
> -- Layus.
>
>
> On 09/08/16 19:06, Luca Bruno wrote:
>
> So, there are few drawbacks with the read-only nginx config as it is. Of
> course, you can at any time run the nginx with an /etc/nginx config that
> you write imperatively, by creating a brand new systemd service and
> disregarding the existing one. After all nginx is quite a simple service to
> run.
>
> Problems with the current approach:
> 1. Doesn't allow for nginx reload, because the file path changes hence
> nginx needs to be restarted.
> 2. If you are auto-updating the nginx config and reloading it
> automatically after e.g. Consul health checking you are in trouble.
>
> With /etc/nginx you give up nix rollbacks, but you can do it manually with
> git which is faster than a nixos-rebuild.
>
> So if you are going to run production stuff and maximize availability, I'd
> suggest to go for imperative /etc/nginx.
>
> That applies to most of fully declarative services in nixos.
>
> An alternative would be to still be kind of declarative by creating a
> static /etc/nginx path which symlinks to the read-only config. It all
> depends if nginx follows symlinks or not.
> If it works, it's worth changing the nixos systemd definition of nginx for
> all with this approach.
> Still you will have troubles with 3rd orchestration software auto-updating
> the nginx config file.
>
>
>
> _______________________________________________
> nix-dev mailing listnix-dev@lists.science.uu.nlhttp://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
[Attachment #5 (text/html)]
<p dir="ltr">Just put haproxy in front and then.. oh wait, what if the haproxy \
configuration changes? :p</p> <p dir="ltr">Since systemd already does socket \
activation it would be nice if it could also start a new process before sending the \
SIGTERM to the old one. The old process would the stop accepting new connection but \
have a delay to handle the existing clients connection.</p> <br><div \
class="gmail_quote"><div dir="ltr">On Tue, 9 Aug 2016, 23:19 Layus, <<a \
href="mailto:layus.on@gmail.com">layus.on@gmail.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Would you mind expanding on these two
reasons ?<br>
<br>
If I understand you well, the first is about using reload instead
of restart.<br>
I guess it is useful for shorter downtimes, or even to avoid
breaking existing connections, right ?<br>
This seems like a valid point to me. We could try to improve this.<br>
<br>
But I do not understand your second concern.<br>
<br>
Regards,<br>
-- Layus.</div></div><div text="#000000" bgcolor="#FFFFFF"><div><br>
<br>
On 09/08/16 19:06, Luca Bruno wrote:<br>
</div></div><div text="#000000" bgcolor="#FFFFFF">
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>So, there are few drawbacks with the
read-only nginx config as it is. Of course, you
can at any time run the nginx with an /etc/nginx
config that you write imperatively, by creating
a brand new systemd service and disregarding the
existing one. After all nginx is quite a simple
service to run.<br>
<br>
</div>
Problems with the current approach:<br>
</div>
1. Doesn't allow for nginx reload, because the file
path changes hence nginx needs to be restarted.<br>
</div>
2. If you are auto-updating the nginx config and
reloading it automatically after e.g. Consul health
checking you are in trouble.<br>
<br>
</div>
<div>With /etc/nginx you give up nix rollbacks, but you
can do it manually with git which is faster than a
nixos-rebuild.<br>
</div>
<div><br>
</div>
So if you are going to run production stuff and maximize
availability, I'd suggest to go for imperative
/etc/nginx.<br>
<br>
</div>
That applies to most of fully declarative services in
nixos.<br>
<br>
</div>
An alternative would be to still be kind of declarative by
creating a static /etc/nginx path which symlinks to the
read-only config. It all depends if nginx follows symlinks
or not.<br>
</div>
If it works, it's worth changing the nixos systemd definition
of nginx for all with this approach.<br>
</div>
Still you will have troubles with 3rd orchestration software
auto-updating the nginx config file.<br>
<div>
<div>
<div>
<div>
<div class="gmail_extra"><br>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
nix-dev mailing list
<a href="mailto:nix-dev@lists.science.uu.nl" \
target="_blank">nix-dev@lists.science.uu.nl</a> <a \
href="http://lists.science.uu.nl/mailman/listinfo/nix-dev" \
target="_blank">http://lists.science.uu.nl/mailman/listinfo/nix-dev</a> </pre>
</blockquote>
<p><br>
</p>
</div>
_______________________________________________<br>
nix-dev mailing list<br>
<a href="mailto:nix-dev@lists.science.uu.nl" \
target="_blank">nix-dev@lists.science.uu.nl</a><br> <a \
href="http://lists.science.uu.nl/mailman/listinfo/nix-dev" rel="noreferrer" \
target="_blank">http://lists.science.uu.nl/mailman/listinfo/nix-dev</a><br> \
</blockquote></div>
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic