entrypoint.sh 10.8 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
#!/bin/bash

#
# entrypoint script for webschlocker
#

# handle signals
trap abort SIGHUP SIGINT SIGQUIT SIGTERM SIGSTOP SIGKILL
function abort {
    echo
    echo "* * * ABORTED * * *"
    echo
    exit 0
}

# who to run as
[ -z ${WEBSCHLOCKER_USER+x} ]  && WEBSCHLOCKER_USER="webschlocker"
[ -z ${WEBSCHLOCKER_GROUP+x} ] && WEBSCHLOCKER_GROUP="webschlocker"

Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
20 21 22 23
# bind IP and port
[ -z ${WEBSCHLOCKER_BIND_ADDRESS+x} ] && WEBSCHLOCKER_BIND_ADDRESS="0.0.0.0"
[ -z ${WEBSCHLOCKER_BIND_PORT+x} ] && WEBSCHLOCKER_BIND_PORT="3000"

24
# schleuder-web config
25 26 27 28 29 30 31
[ -z ${WEBSCHLOCKER_CONFIG_HOSTNAME+x} ] && WEBSCHLOCKER_CONFIG_HOSTNAME=$( hostname )
[ -z ${WEBSCHLOCKER_CONFIG_MAILER_FROM+x} ] && WEBSCHLOCKER_CONFIG_MAILER_FROM="noreply@$WEBSCHLOCKER_CONFIG_HOSTNAME"
[ -z ${WEBSCHLOCKER_CONFIG_DELIVERY_METHOD+x} ] && WEBSCHLOCKER_CONFIG_DELIVERY_METHOD="smtp"
[ -z ${WEBSCHLOCKER_CONFIG_SENDMAIL_ARGUMENTS+x} ] && WEBSCHLOCKER_CONFIG_SENDMAIL_ARGUMENTS="-t -i -f"
[ -z ${WEBSCHLOCKER_CONFIG_SMTP_ADDRESS+x} ] && WEBSCHLOCKER_CONFIG_SMTP_ADDRESS="localhost"
[ -z ${WEBSCHLOCKER_CONFIG_SMTP_PORT+x} ] && WEBSCHLOCKER_CONFIG_SMTP_PORT="25"
[ -z ${WEBSCHLOCKER_CONFIG_OPENSSL_VERIFY_MODE+x} ] && WEBSCHLOCKER_CONFIG_OPENSSL_VERIFY_MODE="none"
32
[ -z ${WEBSCHLOCKER_CONFIG_API_HOST+x} ] && WEBSCHLOCKER_CONFIG_API_HOST="localhost"
33
[ -z ${WEBSCHLOCKER_CONFIG_API_PORT+x} ] && WEBSCHLOCKER_CONFIG_API_PORT="4443"
34
[ -z ${WEBSCHLOCKER_CONFIG_API_TLS_FINGERPRINT+x} ] && WEBSCHLOCKER_CONFIG_API_TLS_FINGERPRINT=""
Michał 'rysiek' Woźniak's avatar
bugfix  
Michał 'rysiek' Woźniak committed
35
[ -z ${WEBSCHLOCKER_CONFIG_API_KEY+x} ] && WEBSCHLOCKER_CONFIG_API_KEY=""
36

Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
37 38
# db settings
[ -z ${WEBSCHLOCKER_DB_ADAPTER+x} ]  && WEBSCHLOCKER_DB_ADAPTER="sqlite3"
39
[ -z ${WEBSCHLOCKER_DB_DATABASE+x} ] && WEBSCHLOCKER_DB_DATABASE="/var/schleuder-web/db.sqlite3"
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
40 41 42 43 44 45
# these are unused by default, only useful with mysql/postgresql/etc
[ -z ${WEBSCHLOCKER_DB_ENCODING+x} ] && WEBSCHLOCKER_DB_ENCODING=""
[ -z ${WEBSCHLOCKER_DB_USERNAME+x} ] && WEBSCHLOCKER_DB_USERNAME=""
[ -z ${WEBSCHLOCKER_DB_PASSWORD+x} ] && WEBSCHLOCKER_DB_PASSWORD=""
[ -z ${WEBSCHLOCKER_DB_HOST+x} ]     && WEBSCHLOCKER_DB_HOST=""

46 47 48
# secret key base
[ -z ${WEBSCHLOCKER_SECRET_KEY_BASE+x} ] && WEBSCHLOCKER_SECRET_KEY_BASE="$( echo $RANDOM | sha256sum | sed -r -e 's/\s+-//' )$( echo $RANDOM | sha256sum | sed -r -e 's/\s+-//' )"

Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
49
# only internal use for the time being
50 51 52
WEBSCHLOCKER_CONFIG_DIR="/opt/schleuder-web/config"
WEBSCHLOCKER_LOG_DIR="/opt/schleuder-web/log"
WEBSCHLOCKER_TMP_DIR="/opt/schleuder-web/tmp"
53
WEBSCHLOCKER_PUBLIC_DIR="/opt/schleuder-web/public"
54

55 56 57
#
# inform
echo "+-- working with:"
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
58 59 60 61
echo "    +-- WEBSCHLOCKER_USER         : $WEBSCHLOCKER_USER"
echo "    +-- WEBSCHLOCKER_GROUP        : $WEBSCHLOCKER_GROUP"
echo "    +-- WEBSCHLOCKER_BIND_ADDRESS : $WEBSCHLOCKER_BIND_ADDRESS"
echo "    +-- WEBSCHLOCKER_BIND_PORT    : $WEBSCHLOCKER_BIND_PORT"
62 63 64 65 66 67

#
# root is not what we want as the user to run as
#

# let's make sure we're not running as root, shall we?
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
68
if [ "$WEBSCHLOCKER_UID" == "0" ] || [ "$WEBSCHLOCKER_USER" == "root" ] || [ "$WEBSCHLOCKER_GID" == "0" ] || [ "$WEBSCHLOCKER_GROUP" == "root" ]; then
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144
    echo
    echo "* * * ERROR: trying to run as root -- I cannot let you do that, Dave!"
    echo
    exit 1
fi

# get group data, if any, and check if the group exists
if GROUP_DATA=`getent group "$WEBSCHLOCKER_GROUP"`; then
  # it does! do we have the gid given?
  if [[ "$WEBSCHLOCKER_GID" != "" ]]; then
    # we do! do these match?
    if [[ `echo "$GROUP_DATA" | cut -d ':' -f 3` != "$WEBSCHLOCKER_GID" ]]; then
      # they don't. we have a problem
      echo "ERROR: group $WEBSCHLOCKER_GROUP already exists, but with a different gid (`echo "$GROUP_DATA" | cut -d ':' -f 3`) than provided ($WEBSCHLOCKER_GID)!"
      exit 3
    fi
  fi
  # if no gid given, the existing group satisfies us regardless of the GID

# group does not exist
else
  # do we have the gid given?
  GID_ARGS=""
  if [[ "$WEBSCHLOCKER_GID" != "" ]]; then
    # we do! does a group with a given id exist?
    if getent group "$WEBSCHLOCKER_GID" >/dev/null; then
      echo "ERROR: a group with a given id ($WEBSCHLOCKER_GID) already exists, can't create group $WEBSCHLOCKER_GROUP with this id"
      exit 4
    fi
    # prepare the fragment of the groupadd command
    GID_ARGS="-g $WEBSCHLOCKER_GID"
  fi
  # we either have no GID given (and don't care about it), or have a GID given that does not exist in the system
  # great! let's add the group
  groupadd $GID_ARGS "$WEBSCHLOCKER_GROUP"
fi


# get user data, if any, and check if the user exists
if USER_DATA=`id -u "$WEBSCHLOCKER_USER" 2>/dev/null`; then
  # it does! do we have the uid given?
  if [[ "$WEBSCHLOCKER_UID" != "" ]]; then
    # we do! do these match?
    if [[ "$USER_DATA" != "$WEBSCHLOCKER_UID" ]]; then
      # they don't. we have a problem
      echo "ERROR: user $WEBSCHLOCKER_USER already exists, but with a different uid ("$USER_DATA") than provided ($WEBSCHLOCKER_UID)!"
      exit 5
    fi
  fi
  # if no uid given, the existing user satisfies us regardless of the uid
  # but is he in the right group?
  adduser "$WEBSCHLOCKER_USER" "$WEBSCHLOCKER_GROUP"

# user does not exist
else
  # do we have the uid given?
  UID_ARGS=""
  if [[ "$WEBSCHLOCKER_UID" != "" ]]; then
    # we do! does a group with a given id exist?
    if getent passwd "$WEBSCHLOCKER_UID" >/dev/null; then
      echo "ERROR: a user with a given id ($WEBSCHLOCKER_UID) already exists, can't create user $WEBSCHLOCKER_USER with this id"
      exit 6
    fi
    # prepare the fragment of the useradd command
    UID_ARGS="-u $WEBSCHLOCKER_UID"
  fi
  # we either have no UID given (and don't care about it), or have a UID given that does not exist in the system
  # great! let's add the user
  useradd $UID_ARGS -r -g "$WEBSCHLOCKER_GROUP" "$WEBSCHLOCKER_USER"
fi


#
# config
#

Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
145 146
#
# create the webschlocker config file, if it doesn't exist
147 148 149
# see: https://git.codecoop.org/schleuder/schleuder-web/blob/master/config/schleuder-web.yml
if [ ! -e "$WEBSCHLOCKER_CONFIG_DIR/schleuder-web.yml" ]; then
    echo "+-- no config file found in '$WEBSCHLOCKER_CONFIG_DIR/schleuder-web.yml', creating one..."
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
150 151 152 153
    
    # hopefully the unneeded settings will be ignored ;)
    # For delivery_method, sendmail_settings and smtp_settings see
    # <http://guides.rubyonrails.org/action_mailer_basics.html#action-mailer-configuration>.
154 155
    #
    # yes, the "defaults:" section is required, even though we're not using it.
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
156
    WEBSCHLOCKER_CONFIG="
157 158
defaults: {}

159 160
production:
    web_hostname: $WEBSCHLOCKER_CONFIG_HOSTNAME
161 162 163 164
    api:
        host: $WEBSCHLOCKER_CONFIG_API_HOST
        port: $WEBSCHLOCKER_CONFIG_API_PORT
        tls_fingerprint: $WEBSCHLOCKER_CONFIG_API_TLS_FINGERPRINT
Michał 'rysiek' Woźniak's avatar
bugfix  
Michał 'rysiek' Woźniak committed
165
    api_key: $WEBSCHLOCKER_CONFIG_API_KEY
166 167 168 169 170 171 172 173 174
    mailer_from: $WEBSCHLOCKER_CONFIG_MAILER_FROM
    delivery_method: $WEBSCHLOCKER_CONFIG_DELIVERY_METHOD
    sendmail_settings:
        arguments: $WEBSCHLOCKER_CONFIG_SENDMAIL_ARGUMENTS
    smtp_settings:
        address: $WEBSCHLOCKER_CONFIG_SMTP_ADDRESS
        port: $WEBSCHLOCKER_CONFIG_SMTP_PORT
        #openssl_verify_mode: $WEBSCHLOCKER_CONFIG_OPENSSL_VERIFY_MODE
"
175
    echo -e "$WEBSCHLOCKER_CONFIG" > "$WEBSCHLOCKER_CONFIG_DIR/schleuder-web.yml"
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
176
else
177
    echo "+-- config file found in '$WEBSCHLOCKER_CONFIG_DIR/schleuder-web.yml', ignoring \$WEBSCHLOCKER_CONFIG_* envvars"
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
178 179 180 181 182
fi


#
# create the database config file, if it doesn't exist
183
# see: https://git.codecoop.org/schleuder/schleuder-web/blob/master/config/database.yml
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199

if [ ! -e "$WEBSCHLOCKER_CONFIG_DIR/database.yml" ]; then
    echo "+-- no database config file found in '$WEBSCHLOCKER_CONFIG_DIR/database.yml', creating one..."
    
    # let's hope the unneeded settings get ignored 
    WEBSCHLOCKER_DATABASE="
production:
    pool: 5
    timeout: 5000
    adapter:  $WEBSCHLOCKER_DB_ADAPTER
    database: $WEBSCHLOCKER_DB_DATABASE
    encoding: $WEBSCHLOCKER_DB_ENCODING
    username: $WEBSCHLOCKER_DB_USERNAME
    password: $WEBSCHLOCKER_DB_PASSWORD
    host:     $WEBSCHLOCKER_DB_HOST
"
Michał 'rysiek' Woźniak's avatar
bugfix  
Michał 'rysiek' Woźniak committed
200
    mkdir -p "$WEBSCHLOCKER_CONFIG_DIR"
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
201 202 203
    echo -e "$WEBSCHLOCKER_DATABASE" > "$WEBSCHLOCKER_CONFIG_DIR/database.yml"
    
    # when using sqlite, let's make sure the database directory is accessible/writable for the user
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
204 205 206
    if [ "$WEBSCHLOCKER_DB_ADAPTER" == "sqlite3" ]; then
        mkdir -p "$( dirname "$WEBSCHLOCKER_DB_DATABASE" )"
        chown -R "$WEBSCHLOCKER_USER:$WEBSCHLOCKER_GROUP" "$( dirname "$WEBSCHLOCKER_DB_DATABASE" )"
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
207 208 209 210 211 212 213
    fi
else
    echo "+-- database config file found in '$WEBSCHLOCKER_CONFIG_DIR/database.yml', ignoring \$WEBSCHLOCKER_DB_* envvars"
fi

#
# secrets file
214
# see: https://git.codecoop.org/schleuder/schleuder-web/blob/master/config/secrets.yml
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
215 216
if [ ! -e "$WEBSCHLOCKER_CONFIG_DIR/secrets.yml" ]; then
    echo "+-- no secrets file found in $WEBSCHLOCKER_CONFIG_DIR/secrets.yml, creating one..."
217
    WEBSCHLOCKER_SECRETS="
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
218 219 220 221 222 223 224
production:
    secret_key_base: $WEBSCHLOCKER_SECRET_KEY_BASE
"
    echo -e "$WEBSCHLOCKER_SECRETS" > "$WEBSCHLOCKER_CONFIG_DIR/secrets.yml"
else
    echo "+-- secrets file found in '$WEBSCHLOCKER_CONFIG_DIR/secrets.yml', ignoring \$WEBSCHLOCKER_SECRET_KEY_BASE* envvar"
fi
225

Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
226
#
227
# log directory
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
228 229 230 231
echo "+-- creating and setting permissions on the log directory '$WEBSCHLOCKER_LOG_DIR'"
mkdir -p "$WEBSCHLOCKER_LOG_DIR"
chown -R "$WEBSCHLOCKER_USER:$WEBSCHLOCKER_GROUP" "$WEBSCHLOCKER_LOG_DIR"

232 233 234 235 236 237
#
# tmp directory
echo "+-- creating and setting permissions on the tmp directory '$WEBSCHLOCKER_TMP_DIR'"
mkdir -p "$WEBSCHLOCKER_TMP_DIR"
chown -R "$WEBSCHLOCKER_USER:$WEBSCHLOCKER_GROUP" "$WEBSCHLOCKER_TMP_DIR"

238 239 240 241 242 243
#
# public assets directory
echo "+-- creating and setting permissions on the public assets directory '$WEBSCHLOCKER_PUBLIC_DIR'"
mkdir -p "$WEBSCHLOCKER_PUBLIC_DIR"
chown -R "$WEBSCHLOCKER_USER:$WEBSCHLOCKER_GROUP" "$WEBSCHLOCKER_PUBLIC_DIR"

244 245 246 247 248 249 250 251 252 253
# which version of the db we have?
echo "+-- checking db schema version..."
WEBSCHLEUDER_SCHEMA_VERSION="$( su -p -c "env PATH=\"$PATH\" bundle exec rake db:version RAILS_ENV=production" "$WEBSCHLOCKER_USER" | awk '/^Current version:/ {print $3}' )"
if [[ $WEBSCHLEUDER_SCHEMA_VERSION > 0 ]]; then
    echo "    +-- database schema version found: $WEBSCHLEUDER_SCHEMA_VERSION, no need for set-up"
else
    # prep the database (as the correct user)
    echo "    +-- database schema not found, setting up the database"
    su -p -c "env PATH=\"$PATH\" bundle exec rake db:setup RAILS_ENV=production" "$WEBSCHLOCKER_USER"
fi
254

255 256 257
# precompile assets
su -p -c "env PATH=\"$PATH\" bundle exec rake assets:precompile RAILS_ENV=production" "$WEBSCHLOCKER_USER"

258 259 260
# make sure the envvars are available within su
export WEBSCHLOCKER_BIND_ADDRESS WEBSCHLOCKER_BIND_PORT

261
# inform the user
262
echo "+-- schleuder-web is available on port $WEBSCHLOCKER_BIND_PORT at:"
263 264 265 266 267 268
if [ "$WEBSCHLOCKER_BIND_ADDRESS" == "0.0.0.0" ]; then
    ip -4 addr show scope global | grep inet | sed -r -e 's%inet.? (.+)/[0-9]{2,}.+%\1%'
else
    echo "    $WEBSCHLOCKER_BIND_ADDRESS"
fi

269
# do the magic!
270
echo
Michał 'rysiek' Woźniak's avatar
Michał 'rysiek' Woźniak committed
271 272
echo "+-- executing:"
echo "    $*"
273
exec su -p -c "env PATH=\"$PATH\" $*" "$WEBSCHLOCKER_USER"