bugfix for supervisor. Update upgrade notes

ComputeStacks · Jul 7, 2023 · d9daccd · d9daccd
1 parent 7da5db4
commit d9daccd
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 11 deletions.
diff --git a/doc/upgrades/v90/v9 Upgrade.md b/doc/upgrades/v90/v9 Upgrade.md
@@ -14,15 +14,27 @@ docker pull hashicorp/consul:1.16 \
 
 ## Update Node Agent
 
+Newer installations now include a script to update the agent. Please install that script and run it:
+
 ```bash
-cd /tmp && wget https://f.cscdn.cc/file/cstackscdn/packages/cs-agent/cs-agent.tar.gz
+cat << 'EOF' > /usr/local/bin/update-agent
+#!/bin/bash
+
+set -e
+
+AGENT_TAR=$(mktemp)
+curl -sSL --fail -o $AGENT_TAR https://f.cscdn.cc/file/cstackscdn/packages/cs-agent/cs-agent.tar.gz
+tar -xzvf $AGENT_TAR --directory .
+gpg --verify cs-agent.sig cs-agent || exit_code=$?
+if [[ ${exit_code} -ne 0 ]]; then exit ${exit_code}; fi
 systemctl stop cs-agent
-tar -xzvf cs-agent.tar.gz
-rm -f /usr/local/bin/cs-agent
 mv cs-agent /usr/local/bin/
 chown root:root /usr/local/bin/cs-agent && chmod +x /usr/local/bin/cs-agent
-rm -rf /tmp/cs-agent*
-systemctl daemon-reload && systemctl start cs-agent
+rm $AGENT_TAR
+rm cs-agent.sig
+systemctl start cs-agent
+EOF
+chmod +x /usr/local/bin/update-agent
 ```
 
 ---
@@ -38,7 +50,17 @@ In v9.0 we introduced support for single-node installations that utilize linux b
 
 The first step is to define what your new network range will be and what size of network each project will get. In this example, we will define a network of `10.134.0.0/21` for all projects on this node, and tell ComputeStacks to give a `/28` to each project. This will give `14` IPs per project.
 
-On the node, allow access via iptables from that subnet: `iptables -A INPUT -s 10.134.0.0/21 -j ACCEPT`. _Be sure to also add that to `/usr/local/bin/cs-recover_iptables`._
+Add the following to `/usr/local/bin/cs-recover_iptables`:
+
+```
+iptables -N container-inbound
+iptables -A FORWARD -j container-inbound
+iptables -A INPUT -s 10.134.0.0/21 -j ACCEPT
+```
+
+_WHERE `10.134.0.0/21` IS THE SUBNET YOU'RE USING_.
+
+Be sure to also manually run those iptable commands to apply them now.
 
 > You must also ensure that this network does not overlap in your existing environment.
 

diff --git a/lib/build/supervisord.conf b/lib/build/supervisord.conf
@@ -7,7 +7,7 @@ user=root
 
 [program:worker_system]
 directory=/usr/src/app
-command=/usr/local/bundle/bin/bundle exec sidekiq -C config/sidekiq/system.yml.erb
+command=/usr/local/bin/bundle exec sidekiq -C config/sidekiq/system.yml.erb
 autostart=true
 autorestart=true
 priority=1
@@ -22,7 +22,7 @@ killasgroup = true
 
 [program:worker_deployments]
 directory=/usr/src/app
-command=/usr/local/bundle/bin/bundle exec sidekiq -C config/sidekiq/deployments.yml.erb
+command=/usr/local/bin/bundle exec sidekiq -C config/sidekiq/deployments.yml.erb
 autostart=true
 autorestart=true
 priority=5
@@ -37,7 +37,7 @@ killasgroup = true
 
 [program:app]
 directory=/usr/src/app
-command=/usr/local/bundle/bin/bundle exec puma --config config/puma.rb
+command=/usr/local/bin/bundle exec puma --config config/puma.rb
 autostart=true
 autorestart=true
 priority=10
@@ -67,7 +67,7 @@ killasgroup = true
 
 [program:worker_letsencrypt]
 directory=/usr/src/app
-command=/usr/local/bundle/bin/bundle exec sidekiq -C config/sidekiq/lets_encrypt.yml.erb
+command=/usr/local/bin/bundle exec sidekiq -C config/sidekiq/lets_encrypt.yml.erb
 autostart=true
 autorestart=true
 priority=20
@@ -82,7 +82,7 @@ killasgroup = true
 
 [program:clockwork]
 directory=/usr/src/app
-command=/usr/local/bundle/bin/bundle exec clockwork lib/clock.rb
+command=/usr/local/bin/bundle exec clockwork lib/clock.rb
 autostart=true
 autorestart=true
 priority=50