Set the puma process tag

This allows us to reliably identify the Conjur API server process to restart when reloading the Conjur config.
cyberark · Jun 24, 2021 · 1747480 · 1747480
1 parent 73e5a10
commit 1747480
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 3 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Parsing a Conjur config with invalid YAML content now outputs a more user
  friendly error message without a stack trace.
  [cyberark/conjur#2256](https://github.com/cyberark/conjur/issues/2256)
+- Set the Puma process explicitly to reliably restart the correct process
+ when the Conjur configuration is reloaded.
+ [cyberark/conjur#2291](https://github.com/cyberark/conjur/pull/2291)
 
 ### Security
 - Upgrade bindata to 2.4.10 to resolve Unspecified Issue reported by JFrog Xray

diff --git a/bin/conjur-cli/commands/configuration/apply.rb b/bin/conjur-cli/commands/configuration/apply.rb
@@ -42,9 +42,24 @@ def call
  private
 
  def server_pid
- cmd = "ps -ef | grep puma | grep -v grep | grep -v cluster | " \
- "grep conjur | awk '{print $2}' | tr -d '\n'"
- stdout, _ = @command_runner.capture2(cmd)
+ # We use string concatenation here to allow for comments on each
+ # part of the command.
+ # rubocop:disable Style/StringConcatenation
+ cmd = "ps -ef | " +
+ # Filter to only puma processes
+ "grep puma | " +
+ # Filter to only puma process for the Conjur API Server. This tag
+ # is defined in the `config/puma.rb`.
+ "grep '\\[Conjur API Server\\]' | " +
+ # Filter out the grep processes
+ "grep --invert-match grep | " +
+ # Filter out the cluster worker processes
+ "grep --invert-match cluster | " +
+ # Extract the process ID
+ "awk '{print $2}' | tr --delete '\n'"
+ # rubocop:enable Style/StringConcatenation
+
+ stdout, = @command_runner.capture2(cmd)
  stdout.to_i
  end
  end

diff --git a/config/puma.rb b/config/puma.rb
@@ -4,6 +4,15 @@
 threads_count = Integer(ENV['RAILS_MAX_THREADS'] || 5)
 threads threads_count, threads_count
 
+# The tag is displayed in the Puma process description, for example:
+# ```
+# puma 4.3.8 (tcp://localhost:5000) [Conjur API Server]
+# ```
+# We use this to identify the puma process that should restarted
+# when the Conjur configuration is updated using
+# `conjurctl configuration apply`.
+tag "Conjur API Server"
+
 # [Added Aug 8, 2018]
 # With large policy files, the request can exceed the 1
 # minute default worker timeout. We've increased it to