From 815f08dac061088fb42a67f6b9d6a7c5215b6fec Mon Sep 17 00:00:00 2001 From: Yves Gugger Date: Wed, 17 Dec 2025 12:57:36 +0100 Subject: [PATCH] Use systemd restart in deploy.sh + avoid log permission issues --- deploy.sh | 95 ++++++++++++++++++--------------- systemd/pounce-backend.service | 4 +- systemd/pounce-frontend.service | 4 +- 3 files changed, 57 insertions(+), 46 deletions(-) diff --git a/deploy.sh b/deploy.sh index 8fbf9fe..1e5a71b 100755 --- a/deploy.sh +++ b/deploy.sh @@ -146,21 +146,28 @@ if ! $FRONTEND_ONLY; then python -c "from app.database import init_db; import asyncio; asyncio.run(init_db())" echo " ✓ DB migrations applied" - # Restart backend process (production typically runs without --reload) - BACKEND_PID=$(pgrep -f 'uvicorn app.main:app' | awk 'NR==1{print; exit}') - - if [ -n "$BACKEND_PID" ]; then - echo " Restarting backend (PID: $BACKEND_PID)..." - kill "$BACKEND_PID" 2>/dev/null || true - sleep 1 - nohup uvicorn app.main:app --host 0.0.0.0 --port 8000 > backend.log 2>&1 & + # Restart backend via systemd when available (preferred). Fallback to nohup only if the unit is missing. + if systemctl list-unit-files 2>/dev/null | grep -q '^pounce-backend\\.service'; then + echo " Restarting backend via systemd..." + echo "user" | sudo -S systemctl restart pounce-backend sleep 2 - echo " ✓ Backend restarted" + if systemctl is-active --quiet pounce-backend; then + echo " ✓ Backend restarted (systemd)" + else + echo " ⚠ Backend restart failed (systemd). Check: journalctl -u pounce-backend -n 80" + fi else - echo " ⚠ Backend not running, starting..." - nohup uvicorn app.main:app --host 0.0.0.0 --port 8000 > backend.log 2>&1 & + BACKEND_PID=$(pgrep -f 'uvicorn app.main:app' | awk 'NR==1{print; exit}') + if [ -n "$BACKEND_PID" ]; then + echo " Restarting backend (PID: $BACKEND_PID)..." + kill "$BACKEND_PID" 2>/dev/null || true + sleep 1 + else + echo " ⚠ Backend not running, starting..." + fi + nohup uvicorn app.main:app --host 0.0.0.0 --port 8000 > /tmp/pounce-backend-nohup.log 2>&1 & sleep 2 - echo " ✓ Backend started" + echo " ✓ Backend started (nohup fallback)" fi BACKEND_EOF else @@ -205,37 +212,41 @@ if ! $BACKEND_ONLY; then cp -r public .next/standalone/public echo " ✓ Public files copied to standalone" - # Gracefully restart Next.js - NEXT_PID=$(pgrep -af 'node \\.next/standalone/server\\.js|next start|next-server|next-serv' | awk 'NR==1{print $1; exit}') - - if [ -n "$NEXT_PID" ]; then - echo " Restarting Next.js (PID: $NEXT_PID)..." - kill $NEXT_PID 2>/dev/null + # Restart frontend via systemd when available (preferred). Fallback to nohup only if the unit is missing. + if systemctl list-unit-files 2>/dev/null | grep -q '^pounce-frontend\\.service'; then + echo " Restarting frontend via systemd..." + echo "user" | sudo -S systemctl restart pounce-frontend + sleep 2 + if systemctl is-active --quiet pounce-frontend; then + echo " ✓ Frontend restarted (systemd)" + else + echo " ⚠ Frontend restart failed (systemd). Check: journalctl -u pounce-frontend -n 80" + fi + else + # Legacy nohup fallback + NEXT_PID=$(pgrep -af 'node \\.next/standalone/server\\.js|next start|next-server|next-serv' | awk 'NR==1{print $1; exit}') + if [ -n "$NEXT_PID" ]; then + echo " Restarting Next.js (PID: $NEXT_PID)..." + kill $NEXT_PID 2>/dev/null + sleep 1 + fi + lsof -ti:3000 2>/dev/null | xargs -r kill -9 2>/dev/null || true sleep 1 - fi - - # Ensure port is free (avoid EADDRINUSE) - lsof -ti:3000 2>/dev/null | xargs -r kill -9 2>/dev/null || true - sleep 1 - - # Start new instance with internal backend URL - if [ -f ".next/standalone/server.js" ]; then - echo " Starting Next.js (standalone)..." - nohup env NODE_ENV=production HOSTNAME=0.0.0.0 PORT=3000 BACKEND_URL=http://127.0.0.1:8000 node .next/standalone/server.js > frontend.log 2>&1 & - else - echo " Starting Next.js (npm start)..." - nohup env NODE_ENV=production BACKEND_URL=http://127.0.0.1:8000 npm run start > frontend.log 2>&1 & - fi - sleep 2 - - # Verify - NEW_PID=$(pgrep -af 'node \\.next/standalone/server\\.js|next start|next-server|next-serv' | awk 'NR==1{print $1; exit}') - if [ -n "$NEW_PID" ]; then - echo " ✓ Frontend running (PID: $NEW_PID)" - else - echo " ⚠ Frontend may not have started correctly" - echo " Last 80 lines of frontend.log:" - tail -n 80 frontend.log || true + if [ -f ".next/standalone/server.js" ]; then + echo " Starting Next.js (standalone)..." + nohup env NODE_ENV=production HOSTNAME=0.0.0.0 PORT=3000 BACKEND_URL=http://127.0.0.1:8000 node .next/standalone/server.js > /tmp/pounce-frontend-nohup.log 2>&1 & + else + echo " Starting Next.js (npm start)..." + nohup env NODE_ENV=production BACKEND_URL=http://127.0.0.1:8000 npm run start > /tmp/pounce-frontend-nohup.log 2>&1 & + fi + sleep 2 + NEW_PID=$(pgrep -af 'node \\.next/standalone/server\\.js|next start|next-server|next-serv' | awk 'NR==1{print $1; exit}') + if [ -n "$NEW_PID" ]; then + echo " ✓ Frontend running (nohup fallback, PID: $NEW_PID)" + else + echo " ⚠ Frontend may not have started correctly" + tail -n 80 /tmp/pounce-frontend-nohup.log || true + fi fi else echo " ✗ Build failed, keeping old version" diff --git a/systemd/pounce-backend.service b/systemd/pounce-backend.service index 5245c35..92dc51f 100644 --- a/systemd/pounce-backend.service +++ b/systemd/pounce-backend.service @@ -12,8 +12,8 @@ Environment="PATH=/home/user/pounce/backend/venv/bin:/usr/local/bin:/usr/bin:/bi ExecStart=/home/user/pounce/backend/venv/bin/uvicorn app.main:app --host 0.0.0.0 --port 8000 Restart=always RestartSec=5 -StandardOutput=append:/home/user/pounce/backend/backend.log -StandardError=append:/home/user/pounce/backend/backend.log +StandardOutput=journal +StandardError=journal # Hardening NoNewPrivileges=true diff --git a/systemd/pounce-frontend.service b/systemd/pounce-frontend.service index 9690a2b..01c8aad 100644 --- a/systemd/pounce-frontend.service +++ b/systemd/pounce-frontend.service @@ -15,8 +15,8 @@ Environment="BACKEND_URL=http://127.0.0.1:8000" ExecStart=/usr/bin/node /home/user/pounce/frontend/.next/standalone/server.js Restart=always RestartSec=5 -StandardOutput=append:/home/user/pounce/frontend/frontend.log -StandardError=append:/home/user/pounce/frontend/frontend.log +StandardOutput=journal +StandardError=journal # Hardening NoNewPrivileges=true