Running Pyramid with Gunicorn as non root user
606 views
Skip to first unread message
Mark Huang
Jul 4, 2012, 11:32:05 PM7/4/12
to pylons-...@googlegroups.com
Hi Everyone,
I currently have 2 servers A and B, both running on Debian. Server A was setup 1 month ago with Gunicorn 1.4.3. I created a new linux user called 'web', with shell access and a home directory. The virutalenv is managed by virtualenvwrapper in the home directory. So what I would do to start my pyramid application would be to login as root and switch to the 'web' user (su - web) and run gunicorn like so:
gunicorn_paster -w 5 -t 80 --log-file=/somewhere/with/logs -D production.ini
This works!
Server B was setup yesterday. It is using Gunicorn 1.4.5. My boss wants me to use the default www-data user and group instead of creating a separate user and group. So I created my virtualenv to run my pyramid application as the 'root' user. All of my code and logs live in the /srv directory and sub-directories. I gave chown-ed the srv directory with www-data:www-data. Now....when I run gunicorn paster, I had to specify a user and group to run as using the '-u' and '-g' flag as stated in their documentation:
gunicorn_paster -w 5 -t 80 --log-file=/somewhere/with/logs -u www-data -g www-data -D production.ini
However, this gave an error. I added the --log-level=debug into it and the error says:
2012-07-05 11:13:35 [29578] [INFO] Worker exiting (pid: 29578)
/paste/deploy/loadwsgi.py", line 296, in loadcontext
File "/root/.virtualenvs/rhino_env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 320, in _loadconfig
File "/root/.virtualenvs/rhino_env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 454, in get_context
File "/root/.virtualenvs/rhino_env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 476, in _context_from_use
File "/root/.virtualenvs/rhino_env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 406, in get_context
File "/root/.virtualenvs/rhino_env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 296, in loadcontext
File "/root/.virtualenvs/rhino_env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 328, in _loadegg
File "/root/.virtualenvs/rhino_env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 620, in get_context
File "/root/.virtualenvs/rhino_env/lib/python2.7/site-packages/PasteDeploy-1.5.0-py2.7.egg/paste/deploy/loadwsgi.py", line 646, in find_egg_entry_point
File "/root/.virtualenvs/rhino_env/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg/pkg_resources.py", line 1954, in load
File "/srv/web/prod/rhino/rhino/__init__.py", line 2, in <module>
from pyramid.config import Configurator
ImportError: No module named pyramid.config
The really weird thing is that, if I open up a python console within my virtualenv, I am able to import that module!! What's going on? I suspect it is permissions related or something and that I am unable to run Gunicorn as a non root user (without shell access).
Regards,
Mark Huang
Mark Huang
Jul 5, 2012, 1:00:47 AM7/5/12
to pylons-...@googlegroups.com
I'd like to add on to this:
If I were to run the command without the -u flag, my pyramid application will get started with no problems at all, just that it will be running as the root user.
Robert Forkel
Jul 5, 2012, 1:02:25 AM7/5/12
to pylons-...@googlegroups.com
The following line (with parameters replaced) in upstarts script block
does work for me
exec /path/to/virtualenv/bin/gunicorn --pid=$pid --name="$name"
--user=$name --group=$name \
--access-logfile=$log_dir/access.log
--error-logfile=$log_dir/error.log $config 2\
>>$log_dir/error.log
The user account I run gunicorn under is not www-data, though, and
does have a shell.
> --
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/pylons-discuss/-/8Tjcpoufp5AJ.
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to
> pylons-discus...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/pylons-discuss?hl=en.
does work for me
exec /path/to/virtualenv/bin/gunicorn --pid=$pid --name="$name"
--user=$name --group=$name \
--access-logfile=$log_dir/access.log
--error-logfile=$log_dir/error.log $config 2\
>>$log_dir/error.log
The user account I run gunicorn under is not www-data, though, and
does have a shell.
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/pylons-discuss/-/8Tjcpoufp5AJ.
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to
> pylons-discus...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/pylons-discuss?hl=en.
Cornelius Kölbel
Jul 5, 2012, 1:22:20 AM7/5/12
to pylons-...@googlegroups.com
Hi Mark,
So probably your user www-data can not find the pyramid.config module.
Try to import the module as user www-data.
Could it be for any reason, that your user www-data either has wrong environment variables set or has no read access to this module?
Kind regards
Cornelius
Mark Huang
Jul 5, 2012, 1:57:22 AM7/5/12
to pylons-...@googlegroups.com
Sorry for a noob question: "How do I import the module as user www-data when the user doesn't even have shell access?" Does this mean I have to give this user a shell like /bin/bash?
"Could it be for any reason, that your user www-data either has wrong environment variables set or has no read access to this module?" Because I am running the virtual environment as the root user, does this mean that when I start gunicorn paster, the www-data user is unable to access the modules in the virtual environment site-packages? Currently the virtual environment, being created by the root user, has root:root permissions.
To post to this group, send email to pylons-discuss@googlegroups.com.
To unsubscribe from this group, send email to pylons-discuss+unsubscribe@googlegroups.com.
Robert Forkel
Jul 5, 2012, 2:30:05 AM7/5/12
to pylons-...@googlegroups.com
sudo -u www-data python -c "import logging; print dir(logging)"
>> To post to this group, send email to pylons-...@googlegroups.com.
>
> To post to this group, send email to pylons-...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> pylons-discus...@googlegroups.com.
> --
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/pylons-discuss/-/MdUWUI3SR94J.
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To view this discussion on the web visit
>
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to
> pylons-discus...@googlegroups.com.
Robert Forkel
Jul 5, 2012, 2:32:16 AM7/5/12
to pylons-...@googlegroups.com
If gunicorn is installed in the environment, using the full path
/path/to/virtualenv/bin/gunicorn should be enough to "activate" the
virtualenv, thus making the packages available.
>> To post to this group, send email to pylons-...@googlegroups.com.
>
> To post to this group, send email to pylons-...@googlegroups.com.
/path/to/virtualenv/bin/gunicorn should be enough to "activate" the
virtualenv, thus making the packages available.
>> To unsubscribe from this group, send email to
>> pylons-discus...@googlegroups.com.
> --
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/pylons-discuss/-/MdUWUI3SR94J.
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To view this discussion on the web visit
>
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to
> pylons-discus...@googlegroups.com.
Randall Leeds
Jul 7, 2012, 12:54:09 PM7/7/12
to pylons-...@googlegroups.com
On Jul 4, 2012 11:32 PM, "Robert Forkel" <xrot...@googlemail.com> wrote:
>
> If gunicorn is installed in the environment, using the full path
> /path/to/virtualenv/bin/gunicorn should be enough to "activate" the
> virtualenv, thus making the packages available.
>
I suspect Robert is right. Is gunicorn is installed outside the virtualenv?
Mark Huang
Jul 8, 2012, 11:15:13 PM7/8/12
to pylons-...@googlegroups.com
Gunicorn in the setup.py of my pyramid app. So after entering the virtualenv using virtualenvwrapper:
On Wednesday, 4 July 2012 22:32:05 UTC-5, Mark Huang wrote:
workon my_env
I do a python setup.py develop.
Won't this add gunicorn to my virtual environment?
On Wednesday, 4 July 2012 22:32:05 UTC-5, Mark Huang wrote:
Randall Leeds
Jul 10, 2012, 9:26:28 PM7/10/12
to pylons-...@googlegroups.com
On Wed, Jul 4, 2012 at 10:57 PM, Mark Huang <zheng...@gmail.com> wrote:
> Sorry for a noob question: "How do I import the module as user www-data
> when the user doesn't even have shell access?" Does this mean I have to
> give this user a shell like /bin/bash?
>
> "Could it be for any reason, that your user www-data either has wrong
> environment variables set or has no read access to this module?" Because I
> am running the virtual environment as the root user, does this mean that
> when I start gunicorn paster, the www-data user is unable to access the
> modules in the virtual environment site-packages? Currently the virtual
> environment, being created by the root user, has root:root permissions.
just saw this. You should be sure the virtualenv is readable by www-data.
> Sorry for a noob question: "How do I import the module as user www-data
> when the user doesn't even have shell access?" Does this mean I have to
> give this user a shell like /bin/bash?
>
> "Could it be for any reason, that your user www-data either has wrong
> environment variables set or has no read access to this module?" Because I
> am running the virtual environment as the root user, does this mean that
> when I start gunicorn paster, the www-data user is unable to access the
> modules in the virtual environment site-packages? Currently the virtual
> environment, being created by the root user, has root:root permissions.
>> To unsubscribe from this group, send email to
>> pylons-discus...@googlegroups.com.
> --
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/pylons-discuss/-/MdUWUI3SR94J.
> You received this message because you are subscribed to the Google Groups
> "pylons-discuss" group.
> To view this discussion on the web visit
>
> To post to this group, send email to pylons-...@googlegroups.com.
> To unsubscribe from this group, send email to
> pylons-discus...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages