git: 0b0963234709 - main - net/nats-server: improve rc.d

From: Jimmy Olgeni <olgeni_at_FreeBSD.org>
Date: Fri, 11 Mar 2022 07:28:36 UTC 
The branch main has been updated by olgeni:

URL: https://cgit.FreeBSD.org/ports/commit/?id=0b0963234709b713a02afd660465649cb88a6da1

commit 0b0963234709b713a02afd660465649cb88a6da1
Author:     Jimmy Olgeni <olgeni@FreeBSD.org>
AuthorDate: 2022-03-11 07:22:02 +0000
Commit:     Jimmy Olgeni <olgeni@FreeBSD.org>
CommitDate: 2022-03-11 07:22:43 +0000

    net/nats-server: improve rc.d
    
    - Add nats to UIDs and GIDs
    - Add extra commands for logrotate and 'lame duck mode'.
    
    From the docs:
    
        In production we recommend that a server is shut down with "lame duck mode"
        as a graceful way to slowly evict clients. With large deployments this
        mitigates the "thundering herd" situation that will place CPU pressure on
        servers as TLS enabled clients reconnect.
    
        After entering lame duck mode, the server will stop accepting new
        connections, wait for a 10 second grace period, then begin to evict clients
        over a period of time configurable by the configuration option. This
        period defaults to 2 minutes.
---
 GIDs                             |  2 +-
 UIDs                             |  2 +-
 UPDATING                         |  8 ++++++++
 net/nats-server/Makefile         |  3 +++
 net/nats-server/files/nats.sh.in | 23 +++++++++++++++++++----
 5 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/GIDs b/GIDs
index eebd84687876..18c8f8438f09 100644
--- a/GIDs
+++ b/GIDs
@@ -244,7 +244,7 @@ openvpn:*:301:
 netdata:*:302:
 onlyoffice:*:303:www
 glewlwyd:*:304:
-# free: 305
+nats:*:305:
 # free: 306
 # free: 307
 # free: 308
diff --git a/UIDs b/UIDs
index afe7e28a40de..acdac4f39461 100644
--- a/UIDs
+++ b/UIDs
@@ -249,7 +249,7 @@ openvpn:*:301:301::0:0:OpenVPN pseudo-user:/nonexistent:/usr/sbin/nologin
 netdata:*:302:302::0:0:NetData Daemon:/var/cache/netdata:/usr/sbin/nologin
 onlyoffice:*:303:303::0:0:Onlyoffice pseudo-user:/usr/local/www/onlyoffice/documentserver:/usr/sbin/nologin
 glewlwyd:*:304:304::0:0:Glewlwyd SSO server:/nonexistent:/usr/sbin/nologin
-# free: 305
+nats:*:305:305::0:0:NATS Daemon:/nonexistent:/usr/sbin/nologin
 # free: 306
 # free: 307
 # free: 308
diff --git a/UPDATING b/UPDATING
index 8144db70b5ef..c8e7bc2e9d04 100644
--- a/UPDATING
+++ b/UPDATING
@@ -5,6 +5,14 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20220311:
+  AFFECTS: users of net/nats-server
+  AUTHOR: olgeni@FreeBSD.org
+
+  A dedicated 'nats' user was added, replacing 'nobody' in the startup script.
+  You should check your configuration and assign updated ownership to your data
+  files.
+
 20220227:
   AFFECTS: users of graphics/bmeps
   AUTHOR: takefu@airport.fm
diff --git a/net/nats-server/Makefile b/net/nats-server/Makefile
index 34a7d0b7e46a..22fe5f41e783 100644
--- a/net/nats-server/Makefile
+++ b/net/nats-server/Makefile
@@ -1,6 +1,7 @@
 PORTNAME=	nats-server
 PORTVERSION=	2.7.3
 DISTVERSIONPREFIX=	v
+PORTREVISION=	1
 CATEGORIES=	net
 
 MAINTAINER=	olgeni@FreeBSD.org
@@ -26,6 +27,8 @@ GH_TUPLE=	golang:crypto:5e0467b6c7ce:golang_crypto/vendor/golang.org/x/crypto \
 		protocolbuffers:protobuf-go:v1.23.0:protocolbuffers_protobuf_go/vendor/google.golang.org/protobuf
 
 USE_RC_SUBR=	nats.sh
+USERS=		nats
+GROUPS=		nats
 
 OPTIONS_DEFINE=	DOCS
 
diff --git a/net/nats-server/files/nats.sh.in b/net/nats-server/files/nats.sh.in
index d78177158c26..f1c4fdc9664d 100644
--- a/net/nats-server/files/nats.sh.in
+++ b/net/nats-server/files/nats.sh.in
@@ -8,7 +8,8 @@
 #
 # nats_enable (bool):		Set it to "YES" to enable nats server.
 #				Default is "NO".
-# nats_user:			User name to run as. default "nobody"
+# nats_user:			User name to run as. default "nats"
+# nats_group:			Group name to run as. default "nats"
 # nats_options:			Options to pass nats server
 #
 
@@ -18,12 +19,26 @@ name=nats
 rcvar=`set_rcvar`
 
 load_rc_config ${name}
+
 : ${nats_enable:=NO}
-: ${nats_user:=nobody}
+: ${nats_user:=nats}
+: ${nats_group:=nats}
 : ${nats_options="-c %%PREFIX%%/etc/nats.conf"}
 
-command=/usr/sbin/daemon
+start_precmd=nats_start_precmd
+
+pidfile="/var/run/${name}.pid"
 procname=%%PREFIX%%/bin/nats-server
-command_args="${procname} ${nats_options}"
+command=/usr/sbin/daemon
+command_args="-p ${pidfile} ${procname} ${nats_options}"
+
+extra_commands="logrotate ldm"
+logrotate_cmd="${procname} --signal reopen=${pidfile}"
+ldm_cmd="${procname} --signal ldm=${pidfile}"
+
+nats_start_precmd()
+{
+    install -o ${nats_user} -g ${nats_group} /dev/null ${pidfile}
+}
 
 run_rc_command "$1"