altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 3 Packages Projects Releases Wiki Activity

chore: run checks using celery UID/GID in container (#4364)

Browse source 
* chore: run checks as celery uid/gid in celery container

* chore: add init flag to suggested beat container config
This commit is contained in:
Jennifer Richards 2022-08-24 15:00:01 -03:00 committed by GitHub
parent 727feabfff
commit a3f2d4bdc0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
dev/celery/docker-init.sh
View file

@ -21,23 +21,20 @@ CELERY_ROLE="${CELERY_ROLE:-worker}"
cd "$WORKSPACEDIR" || exit 255 cd "$WORKSPACEDIR" || exit 255
if [[ -n "${UPDATE_REQUIREMENTS_FROM}" ]]; then if [[ -n "${UPDATE_REQUIREMENTS_FROM}" ]]; then
# Need to run as root in the container for this
reqs_file="${WORKSPACEDIR}/${UPDATE_REQUIREMENTS_FROM}" reqs_file="${WORKSPACEDIR}/${UPDATE_REQUIREMENTS_FROM}"
echo "Updating requirements from ${reqs_file}..." echo "Updating requirements from ${reqs_file}..."
pip install --upgrade -r "${reqs_file}" pip install --upgrade -r "${reqs_file}"
fi fi
if [[ "${CELERY_ROLE}" == "worker" ]]; then
echo "Running initial checks..."
/usr/local/bin/python $WORKSPACEDIR/ietf/manage.py check
fi
CELERY_OPTS=( "${CELERY_ROLE}" ) CELERY_OPTS=( "${CELERY_ROLE}" )
if [[ -n "${CELERY_UID}" ]]; then if [[ -n "${CELERY_UID}" ]]; then
# ensure that some group with the necessary GID exists in container # ensure that a user with the necessary UID exists in container
if ! id "${CELERY_UID}" ; then if ! id "${CELERY_UID}" ; then
adduser --system --uid "${CELERY_UID}" --no-create-home --disabled-login "celery-user-${CELERY_UID}" adduser --system --uid "${CELERY_UID}" --no-create-home --disabled-login "celery-user-${CELERY_UID}"
fi fi
CELERY_OPTS+=("--uid=${CELERY_UID}") CELERY_OPTS+=("--uid=${CELERY_UID}")
CELERY_USERNAME="$(id -nu ${CELERY_UID})"
fi fi
if [[ -n "${CELERY_GID}" ]]; then if [[ -n "${CELERY_GID}" ]]; then
@ -46,8 +43,17 @@ if [[ -n "${CELERY_GID}" ]]; then
addgroup --gid "${CELERY_GID}" "celery-group-${CELERY_GID}" addgroup --gid "${CELERY_GID}" "celery-group-${CELERY_GID}"
fi fi
CELERY_OPTS+=("--gid=${CELERY_GID}") CELERY_OPTS+=("--gid=${CELERY_GID}")
CELERY_GROUP="$(getent group ${CELERY_GID} | awk -F: '{print $1}')"
fi fi
run_as_celery_uid () {
SU_OPTS=()
if [[ -n "${CELERY_GROUP}" ]]; then
SU_OPTS+=("-g" "${CELERY_GROUP}")
fi
su "${SU_OPTS[@]}" "${CELERY_USERNAME:-root}" -s /bin/sh -c "$@"
}
log_term_timing_msgs () { log_term_timing_msgs () {
# output periodic debug message # output periodic debug message
while true; do while true; do
@ -68,6 +74,12 @@ cleanup () {
fi fi
} }
if [[ "${CELERY_ROLE}" == "worker" ]]; then
echo "Running initial checks..."
# Run checks as celery worker if one was specified
run_as_celery_uid /usr/local/bin/python $WORKSPACEDIR/ietf/manage.py check
fi
trap 'trap "" TERM; cleanup' TERM trap 'trap "" TERM; cleanup' TERM
# start celery in the background so we can trap the TERM signal # start celery in the background so we can trap the TERM signal
celery --app="${CELERY_APP:-ietf}" "${CELERY_OPTS[@]}" "$@" & celery --app="${CELERY_APP:-ietf}" "${CELERY_OPTS[@]}" "$@" &

1
docker-compose.yml
View file

@ -85,6 +85,7 @@ services:
# #
# beat: # beat:
# image: ghcr.io/ietf-tools/datatracker-celery:latest # image: ghcr.io/ietf-tools/datatracker-celery:latest
# init: true
# environment: # environment:
# CELERY_APP: ietf # CELERY_APP: ietf
# CELERY_ROLE: beat # CELERY_ROLE: beat