chore: run checks using celery UID/GID in container (#4364)
* chore: run checks as celery uid/gid in celery container * chore: add init flag to suggested beat container config
This commit is contained in:
Jennifer Richards
GitHub
parent
727feabfff
commit
a3f2d4bdc0
|
|
@ -21,23 +21,20 @@ CELERY_ROLE="${CELERY_ROLE:-worker}"
|
|||
cd "$WORKSPACEDIR" || exit 255
|
||||
|
||||
if [[ -n "${UPDATE_REQUIREMENTS_FROM}" ]]; then
|
||||
# Need to run as root in the container for this
|
||||
reqs_file="${WORKSPACEDIR}/${UPDATE_REQUIREMENTS_FROM}"
|
||||
echo "Updating requirements from ${reqs_file}..."
|
||||
pip install --upgrade -r "${reqs_file}"
|
||||
fi
|
||||
|
||||
if [[ "${CELERY_ROLE}" == "worker" ]]; then
|
||||
echo "Running initial checks..."
|
||||
/usr/local/bin/python $WORKSPACEDIR/ietf/manage.py check
|
||||
fi
|
||||
|
||||
CELERY_OPTS=( "${CELERY_ROLE}" )
|
||||
if [[ -n "${CELERY_UID}" ]]; then
|
||||
# ensure that some group with the necessary GID exists in container
|
||||
# ensure that a user with the necessary UID exists in container
|
||||
if ! id "${CELERY_UID}" ; then
|
||||
adduser --system --uid "${CELERY_UID}" --no-create-home --disabled-login "celery-user-${CELERY_UID}"
|
||||
fi
|
||||
CELERY_OPTS+=("--uid=${CELERY_UID}")
|
||||
CELERY_USERNAME="$(id -nu ${CELERY_UID})"
|
||||
fi
|
||||
|
||||
if [[ -n "${CELERY_GID}" ]]; then
|
||||
|
|
@ -46,8 +43,17 @@ if [[ -n "${CELERY_GID}" ]]; then
|
|||
addgroup --gid "${CELERY_GID}" "celery-group-${CELERY_GID}"
|
||||
fi
|
||||
CELERY_OPTS+=("--gid=${CELERY_GID}")
|
||||
CELERY_GROUP="$(getent group ${CELERY_GID} | awk -F: '{print $1}')"
|
||||
fi
|
||||
|
||||
run_as_celery_uid () {
|
||||
SU_OPTS=()
|
||||
if [[ -n "${CELERY_GROUP}" ]]; then
|
||||
SU_OPTS+=("-g" "${CELERY_GROUP}")
|
||||
fi
|
||||
su "${SU_OPTS[@]}" "${CELERY_USERNAME:-root}" -s /bin/sh -c "$@"
|
||||
}
|
||||
|
||||
log_term_timing_msgs () {
|
||||
# output periodic debug message
|
||||
while true; do
|
||||
|
|
@ -68,6 +74,12 @@ cleanup () {
|
|||
fi
|
||||
}
|
||||
|
||||
if [[ "${CELERY_ROLE}" == "worker" ]]; then
|
||||
echo "Running initial checks..."
|
||||
# Run checks as celery worker if one was specified
|
||||
run_as_celery_uid /usr/local/bin/python $WORKSPACEDIR/ietf/manage.py check
|
||||
fi
|
||||
|
||||
trap 'trap "" TERM; cleanup' TERM
|
||||
# start celery in the background so we can trap the TERM signal
|
||||
celery --app="${CELERY_APP:-ietf}" "${CELERY_OPTS[@]}" "$@" &
|
||||
|
|
|
|||
|
|
@ -85,6 +85,7 @@ services:
|
|||
#
|
||||
# beat:
|
||||
# image: ghcr.io/ietf-tools/datatracker-celery:latest
|
||||
# init: true
|
||||
# environment:
|
||||
# CELERY_APP: ietf
|
||||
# CELERY_ROLE: beat
|
||||
|
|
|
|||
Loading…
Reference in a new issue